From bf842b068bb314764fd466bd7ddc881d21a4ac67 Mon Sep 17 00:00:00 2001 From: Mike Weaver Date: Fri, 20 Oct 2017 15:01:17 -0700 Subject: [PATCH] Update nokogiri to resolve security issue Name: nokogiri Version: 1.8.0 Advisory: CVE-2017-9050 Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/issues/1673 Title: Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Solution: upgrade to >= 1.8.1 --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4c52a36..ee272aa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -144,7 +144,7 @@ GEM mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) - mini_portile2 (2.2.0) + mini_portile2 (2.3.0) minitest (5.10.1) morpher (0.2.6) abstract_type (~> 0.0.7) @@ -175,8 +175,8 @@ GEM mutant-rspec (0.8.11) mutant (~> 0.8.11) rspec-core (>= 3.4.0, < 3.6.0) - nokogiri (1.8.0) - mini_portile2 (~> 2.2.0) + nokogiri (1.8.1) + mini_portile2 (~> 2.3.0) oauth (0.4.7) parallel (1.11.1) parser (2.3.3.1) @@ -351,4 +351,4 @@ DEPENDENCIES webmock BUNDLED WITH - 1.15.1 + 1.15.4