Upgrade nokogiri gem to 1.8.5 to resolve CVE-2018-14404

see https://circleci.com/gh/railslink/railslink/138 Name: nokogiri Version: 1.8.4 Advisory: CVE-2018-14404 Criticality: Unknown URL: sparklemotion/nokogiri#1785 Title: Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Solution: upgrade to >= 1.8.5
railslink · Oct 7, 2018 · f853dcb · f853dcb
1 parent 4c90351
commit f853dcb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Gemfile b/Gemfile
@@ -31,7 +31,7 @@ gem 'slim-rails'                                                   # slim templa
 gem "sprockets", "~> 3.7.2"                                        # sprockets is a rack-based asset packaging system that concatenates and serves javascript, scss, etc
 gem 'sucker_punch', '~> 2.0'                                       # asynchronous processing library
 gem 'uglifier', '>= 1.3.0'                                         # compressor for javascript assets
-gem 'nokogiri', '~> 1.8.3'                                         # a HTML, XML, SAX, and Reader parser
+gem 'nokogiri', '~> 1.8.5'                                         # a HTML, XML, SAX, and Reader parser
 
 group :development, :test do
   gem 'rspec-rails', '~> 3.7'                                      # testing framework

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -101,7 +101,7 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.0.0)
     nio4r (2.3.0)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     oauth2 (1.4.0)
       faraday (>= 0.8, < 0.13)
@@ -255,7 +255,7 @@ DEPENDENCIES
   ffi (~> 1.9.24)
   listen (>= 3.0.5, < 3.2)
   marginalia (~> 1.6.0)
-  nokogiri (~> 1.8.3)
+  nokogiri (~> 1.8.5)
   oj (~> 2.16.1)
   omniauth (= 1.8.1)
   omniauth-slack (= 2.3.0)