Merge branch 'rs-bump-nokogiri' into 'master'

Explicitly require Nokogiri 1.6.7.1 due to security issue ``` Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1 ``` See merge request !2154
author: Robert Speicher <robert@gitlab.com> 2015-12-22 06:16:08 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2015-12-22 06:24:03 +0300
commit: 9e5ed7ef89a51b9d326e6f24a80f857711e2ad1a (patch)
tree: cbdad461ec21a6d21520932764498125c19a3ae1
parent: 456d3fda5722168b61ec488d3ac5c2e6459efd06 (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/Gemfile b/Gemfile
index 76b4759499e..26cd52e54d2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -101,6 +101,9 @@ gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
 gem 'rouge',         '~> 1.10.1'
 
+# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
+gem 'nokogiri', '1.6.7.1'
+
 # Diffs
 gem 'diffy', '~> 3.0.3'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 88c7a6e3424..c1c01835e4b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -420,7 +420,7 @@ GEM
       grape
       newrelic_rpm
     newrelic_rpm (3.9.4.245)
-    nokogiri (1.6.7)
+    nokogiri (1.6.7.1)
       mini_portile2 (~> 2.0.0.rc2)
     nprogress-rails (0.1.6.7)
     oauth (0.4.7)
@@ -888,6 +888,7 @@ DEPENDENCIES
   net-ssh (~> 3.0.1)
   newrelic-grape
   newrelic_rpm (~> 3.9.4.245)
+  nokogiri (= 1.6.7.1)
   nprogress-rails (~> 0.1.6.7)
   oauth2 (~> 1.0.0)
   octokit (~> 3.7.0)
author	Robert Speicher <robert@gitlab.com>	2015-12-22 06:16:08 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2015-12-22 06:24:03 +0300
commit	9e5ed7ef89a51b9d326e6f24a80f857711e2ad1a (patch)
tree	cbdad461ec21a6d21520932764498125c19a3ae1
parent	456d3fda5722168b61ec488d3ac5c2e6459efd06 (diff)