diff --git a/CampMinder.gemspec b/CampMinder.gemspec
index abb2aa3..544843e 100644
--- a/CampMinder.gemspec
+++ b/CampMinder.gemspec
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "webmock", "~> 1.2"
 
   spec.add_dependency "active_model_serializers", "= 0.9.2"
-  spec.add_dependency "loofah", "~> 2.2.1" # for security - https://github.com/flavorjones/loofah/issues/144
+  spec.add_dependency "loofah", "~> 2.2.3" # for security - https://github.com/flavorjones/loofah/issues/154
   spec.add_dependency "nokogiri", "~> 1.6"
   spec.add_dependency "sprockets", "~> 3.7.2" # for security - https://blog.heroku.com/rails-asset-pipeline-vulnerability
   spec.add_dependency "virtus", "~> 1.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index dd9adb3..f35c8cf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,7 +3,7 @@ PATH
   specs:
     CampMinder (0.0.2)
       active_model_serializers (= 0.9.2)
-      loofah (~> 2.2.1)
+      loofah (~> 2.2.3)
       nokogiri (~> 1.6)
       sprockets (~> 3.7.2)
       virtus (~> 1.0)
@@ -94,7 +94,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.13)
@@ -105,7 +105,7 @@ GEM
     mini_portile2 (2.3.0)
     minitest (5.11.3)
     nenv (0.3.0)
-    nokogiri (1.8.3)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     notiffany (0.1.1)
       nenv (~> 0.1)
@@ -114,7 +114,7 @@ GEM
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     public_suffix (3.0.2)
-    rack (1.6.10)
+    rack (1.6.11)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.10)
@@ -206,4 +206,4 @@ DEPENDENCIES
   webmock (~> 1.2)
 
 BUNDLED WITH
-   1.16.1
+   1.16.5