From 2fed19f6c116de329be5920498468413201cebae Mon Sep 17 00:00:00 2001
From: Matt Amos <matt.amos@mapzen.com>
Date: Wed, 29 Nov 2017 09:42:06 +0000
Subject: [PATCH] Bump yajl-ruby version for security reasons.

Make sure to use version 1.3.1 or later to include fix in https://github.com/brianmario/yajl-ruby/pull/178.
---
 Gemfile      | 3 +++
 Gemfile.lock | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Gemfile b/Gemfile
index 42d8cdc..6430a44 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,3 +7,6 @@ gem 'foodcritic'  , '= 4.0.0'
 gem 'rainbow'     , '= 2.0.0'
 gem 'rubocop'     , '= 0.24.0'
 gem 'kitchen-vagrant'
+
+# force upgrade of yajl-ruby to 1.3.1 or later to fix security issue
+gem 'yajl-ruby', '~> 1.3', '>= 1.3.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index 6e62ccb..92e44e2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -213,7 +213,7 @@ GEM
       buff-extensions (~> 1.0)
       hashie (>= 2.0.2, < 4.0.0)
     wmi-lite (1.0.0)
-    yajl-ruby (1.2.1)
+    yajl-ruby (1.3.1)
 
 PLATFORMS
   ruby
@@ -226,6 +226,7 @@ DEPENDENCIES
   rainbow (= 2.0.0)
   rubocop (= 0.24.0)
   test-kitchen
+  yajl-ruby (~> 1.3, >= 1.3.1)
 
 BUNDLED WITH
-   1.11.2
+   1.16.0