Resolves gem vulnerability issues

Stems from: A CVE for Nokogiri and all vets-api builds will fail until we upgrade nokogiri: sparklemotion/nokogiri#1892
department-of-veterans-affairs · Apr 22, 2019 · ce1b0bb · ce1b0bb
1 parent b22cb06
commit ce1b0bb
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/Gemfile b/Gemfile
@@ -54,7 +54,7 @@ gem 'mail', '2.6.6'
 gem 'memoist'
 gem 'mini_magick'
 gem 'net-sftp'
-gem 'nokogiri', '1.8.5'
+gem 'nokogiri', '~> 1.10', '>= 1.10.3'
 gem 'octokit'
 gem 'oj' # Amazon Linux `json` gem causes conflicts, but `multi_json` will prefer `oj` if installed
 gem 'olive_branch'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -727,8 +727,8 @@ GEM
       faraday (>= 0.7.4, < 0.10)
       multi_json (~> 1.0)
     builder (3.2.3)
-    bundler-audit (0.5.0)
-      bundler (~> 1.2)
+    bundler-audit (0.6.1)
+      bundler (>= 1.2.0, < 3)
       thor (~> 0.18)
     byebug (8.2.2)
     carrierwave (0.11.2)
@@ -864,7 +864,7 @@ GEM
     mime-types-data (3.2018.0812)
     mimemagic (0.3.2)
     mini_magick (4.7.0)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     multi_json (1.13.1)
     multipart-post (2.0.0)
@@ -873,8 +873,8 @@ GEM
       net-ssh (>= 2.6.5)
     net-ssh (4.1.0)
     nio4r (2.3.1)
-    nokogiri (1.8.5)
-      mini_portile2 (~> 2.3.0)
+    nokogiri (1.10.3)
+      mini_portile2 (~> 2.4.0)
     nori (2.6.0)
     notiffany (0.0.8)
       nenv (~> 0.1)
@@ -1189,7 +1189,7 @@ DEPENDENCIES
   memoist
   mini_magick
   net-sftp
-  nokogiri (= 1.8.5)
+  nokogiri (~> 1.10, >= 1.10.3)
   octokit
   oj
   olive_branch
@@ -1260,4 +1260,4 @@ DEPENDENCIES
   zero_downtime_migrations
 
 BUNDLED WITH
-   1.17.3
+   2.0.1