From 2d58eba11134d2f3013d2ab45d93ae0581893be7 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Mon, 12 Aug 2019 12:18:06 +1200
Subject: [PATCH] Bump nokogiri to 1.10.4

This pulls in fix for CVE-2019-5477, where usage of
Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
---
 Gemfile         | 2 +-
 Gemfile.lock    | 4 ++--
 qa/Gemfile      | 2 +-
 qa/Gemfile.lock | 6 +++---
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 22746f9c5ae..6a8cf2981ca 100644
--- a/Gemfile
+++ b/Gemfile
@@ -137,7 +137,7 @@ gem 'asciidoctor-plantuml', '0.0.9'
 gem 'rouge', '~> 3.7'
 gem 'truncato', '~> 0.7.11'
 gem 'bootstrap_form', '~> 4.2.0'
-gem 'nokogiri', '~> 1.10.3'
+gem 'nokogiri', '~> 1.10.4'
 gem 'escape_utils', '~> 1.1'
 
 # Calendar rendering
diff --git a/Gemfile.lock b/Gemfile.lock
index a74492dadc1..68c40cd19f7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -541,7 +541,7 @@ GEM
     net-ssh (5.2.0)
     netrc (0.11.0)
     nio4r (2.3.1)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     nokogumbo (1.5.0)
       nokogiri
@@ -1148,7 +1148,7 @@ DEPENDENCIES
   nakayoshi_fork (~> 0.0.4)
   net-ldap
   net-ssh (~> 5.2)
-  nokogiri (~> 1.10.3)
+  nokogiri (~> 1.10.4)
   oauth2 (~> 1.4)
   octokit (~> 4.9)
   omniauth (~> 1.8)
diff --git a/qa/Gemfile b/qa/Gemfile
index 53e7cc497e2..6abc0d622ad 100644
--- a/qa/Gemfile
+++ b/qa/Gemfile
@@ -8,7 +8,7 @@ gem 'rake', '~> 12.3.0'
 gem 'rspec', '~> 3.7'
 gem 'selenium-webdriver', '~> 3.12'
 gem 'airborne', '~> 0.2.13'
-gem 'nokogiri', '~> 1.10.3'
+gem 'nokogiri', '~> 1.10.4'
 gem 'rspec-retry', '~> 0.6.1'
 gem 'rspec_junit_formatter', '~> 0.4.1'
 gem 'faker', '~> 1.6', '>= 1.6.6'
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 7d19366f83b..bf051a115b5 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -52,7 +52,7 @@ GEM
     mini_portile2 (2.4.0)
     minitest (5.11.1)
     netrc (0.11.0)
-    nokogiri (1.10.3)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     parallel (1.17.0)
     parallel_tests (2.29.0)
@@ -112,13 +112,13 @@ DEPENDENCIES
   faker (~> 1.6, >= 1.6.6)
   gitlab-qa
   knapsack (~> 1.17)
-  nokogiri (~> 1.10.3)
+  nokogiri (~> 1.10.4)
   parallel_tests (~> 2.29)
   pry-byebug (~> 3.5.1)
   rake (~> 12.3.0)
   rspec (~> 3.7)
   rspec-retry (~> 0.6.1)
-  rspec_junit_formatter (~> 0.4.1) 
+  rspec_junit_formatter (~> 0.4.1)
   selenium-webdriver (~> 3.12)
 
 BUNDLED WITH