Skip to content

Commit

Permalink
Bump nokogiri to address CVE-2018-8048 and CVE-2018-14404
Browse files Browse the repository at this point in the history
As reported by `bundler-audit`:

    Name: nokogiri
    Version: 1.8.2
    Advisory: CVE-2018-8048
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1746
    Title: Revert libxml2 behavior in Nokogiri gem that could cause XSS
    Solution: upgrade to >= 1.8.3

    Name: nokogiri
    Version: 1.8.2
    Advisory: CVE-2018-14404
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1785
    Title: Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
    Solution: upgrade to >= 1.8.5
  • Loading branch information
Koronen committed Nov 1, 2018
1 parent c8c9144 commit 6c63bab
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ GEM
minitest (5.11.3)
multi_json (1.12.1)
multipart-post (2.0.0)
nokogiri (1.8.2)
nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
parser (2.3.0.6)
ast (~> 2.2)
Expand Down Expand Up @@ -222,4 +222,4 @@ RUBY VERSION
ruby 2.3.3p222

BUNDLED WITH
1.16.1
1.17.1

0 comments on commit 6c63bab

Please sign in to comment.