update nokogiri gem due to CVE-2019-11068

Name: nokogiri Version: 1.8.5 Advisory: CVE-2019-11068 Criticality: Unknown URL: sparklemotion/nokogiri#1892 Title: Nokogiri gem, via libxslt, is affected by improper access control vulnerability Solution: upgrade to >= 1.10.3
railslink · Apr 23, 2019 · ef207e2 · ef207e2
1 parent 58c46ba
commit ef207e2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/Gemfile b/Gemfile
@@ -33,7 +33,7 @@ gem 'slim-rails'                                                   # slim templa
 gem "sprockets", "~> 3.7.2"                                        # sprockets is a rack-based asset packaging system that concatenates and serves javascript, scss, etc
 gem 'sucker_punch', '~> 2.0'                                       # asynchronous processing library
 gem 'uglifier', '>= 1.3.0'                                         # compressor for javascript assets
-gem 'nokogiri', '~> 1.8.5'                                         # a HTML, XML, SAX, and Reader parser
+gem 'nokogiri', '~> 1.10.3'                                        # a HTML, XML, SAX, and Reader parser
 
 group :development, :test do
   gem 'rspec-rails', '~> 3.7'                                      # testing framework

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -99,16 +99,16 @@ GEM
       activerecord (>= 2.3)
     method_source (0.9.2)
     mini_mime (1.0.1)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     money (6.11.0)
       i18n (>= 0.6.4, < 1.1)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
     nio4r (2.3.1)
-    nokogiri (1.8.5)
-      mini_portile2 (~> 2.3.0)
+    nokogiri (1.10.3)
+      mini_portile2 (~> 2.4.0)
     oauth2 (1.4.0)
       faraday (>= 0.8, < 0.13)
       jwt (~> 1.0)
@@ -276,7 +276,7 @@ DEPENDENCIES
   kramdown (~> 2.1.0)
   listen (>= 3.0.5, < 3.2)
   marginalia (~> 1.6.0)
-  nokogiri (~> 1.8.5)
+  nokogiri (~> 1.10.3)
   oj (~> 2.16.1)
   omniauth (= 1.8.1)
   omniauth-slack (= 2.3.0)