From 03100abeb169385a55766c886b60626a6638b442 Mon Sep 17 00:00:00 2001
From: Robb Kidd <rkidd@chef.io>
Date: Wed, 31 Oct 2018 14:10:05 -0400
Subject: [PATCH] upgrade loofah to quiet bundle-audit

loofah < 2.2.3 has a cross-site scriting vulnerability reported.[1]

[1] https://github.com/flavorjones/loofah/issues/154

Supermarket is not vulnerable to this. The library is being updated out
of an abundance of caution and to appease the vulnerability scanner.

Signed-off-by: Robb Kidd <rkidd@chef.io>
---
 src/supermarket/Gemfile.lock               | 2 +-
 src/supermarket/engines/fieri/Gemfile.lock | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/supermarket/Gemfile.lock b/src/supermarket/Gemfile.lock
index 2ce5580cb..2c571a937 100644
--- a/src/supermarket/Gemfile.lock
+++ b/src/supermarket/Gemfile.lock
@@ -278,7 +278,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.12)
diff --git a/src/supermarket/engines/fieri/Gemfile.lock b/src/supermarket/engines/fieri/Gemfile.lock
index 1cfc2edda..92af00508 100644
--- a/src/supermarket/engines/fieri/Gemfile.lock
+++ b/src/supermarket/engines/fieri/Gemfile.lock
@@ -101,7 +101,7 @@ GEM
     i18n (1.1.1)
       concurrent-ruby (~> 1.0)
     libyajl2 (1.2.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)