diff options
author | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 06:40:52 +0300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 06:43:18 +0300 |
commit | 6ebf8bf91b9ae0a28e4c66b033130b4de96a314d (patch) | |
tree | 401cb112fe37e4d2b54bc3fef904fb422396368d | |
parent | 2ca0b52a78b3b48dc51c3992a0b23367bab81f27 (diff) |
Bump nokogiri to 1.10.4
This pulls in fix for CVE-2019-5477, where usage of
Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
-rw-r--r-- | changelogs/unreleased/bump_nokogiri-1-10-4.yml | 5 | ||||
-rw-r--r-- | ruby/Gemfile.lock | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/changelogs/unreleased/bump_nokogiri-1-10-4.yml b/changelogs/unreleased/bump_nokogiri-1-10-4.yml new file mode 100644 index 000000000..3dbacfdd9 --- /dev/null +++ b/changelogs/unreleased/bump_nokogiri-1-10-4.yml @@ -0,0 +1,5 @@ +--- +title: Bump nokogiri to 1.10.4 +merge_request: 1415 +author: +type: security diff --git a/ruby/Gemfile.lock b/ruby/Gemfile.lock index 8c2965643..29b908f39 100644 --- a/ruby/Gemfile.lock +++ b/ruby/Gemfile.lock @@ -112,7 +112,7 @@ GEM msgpack (1.3.0) multi_json (1.13.1) multipart-post (2.0.0) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) nokogumbo (1.5.0) nokogiri |