Bump nokogiri to 1.10.4

This pulls in fix for CVE-2019-5477, where usage of Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
author: Thong Kuah <tkuah@gitlab.com> 2019-08-12 06:40:52 +0300
committer: Thong Kuah <tkuah@gitlab.com> 2019-08-12 06:43:18 +0300
commit: 6ebf8bf91b9ae0a28e4c66b033130b4de96a314d (patch)
tree: 401cb112fe37e4d2b54bc3fef904fb422396368d
parent: 2ca0b52a78b3b48dc51c3992a0b23367bab81f27 (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/changelogs/unreleased/bump_nokogiri-1-10-4.yml b/changelogs/unreleased/bump_nokogiri-1-10-4.yml
new file mode 100644
index 000000000..3dbacfdd9
--- /dev/null
+++ b/changelogs/unreleased/bump_nokogiri-1-10-4.yml
@@ -0,0 +1,5 @@
+---
+title: Bump nokogiri to 1.10.4
+merge_request: 1415
+author:
+type: security
diff --git a/ruby/Gemfile.lock b/ruby/Gemfile.lock
index 8c2965643..29b908f39 100644
--- a/ruby/Gemfile.lock
+++ b/ruby/Gemfile.lock
@@ -112,7 +112,7 @@ GEM
     msgpack (1.3.0)
     multi_json (1.13.1)
     multipart-post (2.0.0)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     nokogumbo (1.5.0)
       nokogiri
author	Thong Kuah <tkuah@gitlab.com>	2019-08-12 06:40:52 +0300
committer	Thong Kuah <tkuah@gitlab.com>	2019-08-12 06:43:18 +0300
commit	6ebf8bf91b9ae0a28e4c66b033130b4de96a314d (patch)
tree	401cb112fe37e4d2b54bc3fef904fb422396368d
parent	2ca0b52a78b3b48dc51c3992a0b23367bab81f27 (diff)