Skip to content

Commit

Permalink
Update gem nokogiri (1.10.4->1.10.5)
Browse files Browse the repository at this point in the history 
This update is due to CVE-2019-13117,
sparklemotion/nokogiri#1943
"Nokogiri gem, via libxslt, is affected by multiple vulnerabilities".

At first blush it doesn't look like these are exploitable in our
applications, but it's hard to be certain of that.
Much better to just upgrade.

Signed-off-by: David A. Wheeler <[email protected]>
  • Loading branch information
@david-a-wheeler
david-a-wheeler committed Nov 21, 2019
1 parent c8f9bf9 commit f867db0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ GEM
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.3.1)
nokogiri (1.10.4)
nokogiri (1.10.5)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.1)
faraday (>= 0.8, < 0.16.0)
Expand Down

0 comments on commit f867db0

Please sign in to comment.