From e8d2af1fa5ab03fdffbd067ae69477e419ecd876 Mon Sep 17 00:00:00 2001
From: Philip Hallstrom <philip@pjkh.com>
Date: Thu, 15 Aug 2019 09:47:31 -0700
Subject: [PATCH] upgrade nokogiri for CVE-2019-5477

see https://github.com/sparklemotion/nokogiri/issues/1915
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index f249e75a..fc64b247 100644
--- a/Gemfile
+++ b/Gemfile
@@ -34,7 +34,7 @@ gem 'slim-rails'                                                   # slim templa
 gem "sprockets", "~> 3.7.2"                                        # sprockets is a rack-based asset packaging system that concatenates and serves javascript, scss, etc
 gem 'sucker_punch', '~> 2.0'                                       # asynchronous processing library
 gem 'uglifier', '>= 1.3.0'                                         # compressor for javascript assets
-gem 'nokogiri', '~> 1.10.3'                                        # a HTML, XML, SAX, and Reader parser
+gem 'nokogiri', '~> 1.10.4'                                        # a HTML, XML, SAX, and Reader parser
 
 group :development, :test do
   gem 'rspec-rails', '~> 3.7'                                      # testing framework
diff --git a/Gemfile.lock b/Gemfile.lock
index be36c8c2..ca670305 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -113,7 +113,7 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.0.0)
     nio4r (2.3.1)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.0)
       faraday (>= 0.8, < 0.13)
@@ -283,7 +283,7 @@ DEPENDENCIES
   kramdown (~> 2.1.0)
   listen (>= 3.0.5, < 3.2)
   marginalia (~> 1.6.0)
-  nokogiri (~> 1.10.3)
+  nokogiri (~> 1.10.4)
   oj (~> 2.16.1)
   omniauth (= 1.8.1)
   omniauth-slack (= 2.3.0)
@@ -317,4 +317,4 @@ RUBY VERSION
    ruby 2.4.4p296
 
 BUNDLED WITH
-   1.17.1
+   2.0.1