Explicitly require Nokogiri 1.6.7.1 due to security issue
Name: nokogiri Version: 1.6.7 Advisory: CVE-2015-5312 Criticality: High URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s Title: Nokogiri gem contains several vulnerabilities in libxml2 Solution: upgrade to >= 1.6.7.1
This commit is contained in:
parent
22e65944ee
commit
e5e4405747
3
Gemfile
3
Gemfile
|
@ -101,6 +101,9 @@ gem 'wikicloth', '0.8.1'
|
|||
gem 'asciidoctor', '~> 1.5.2'
|
||||
gem 'rouge', '~> 1.10.1'
|
||||
|
||||
# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
|
||||
gem 'nokogiri', '1.6.7.1'
|
||||
|
||||
# Diffs
|
||||
gem 'diffy', '~> 3.0.3'
|
||||
|
||||
|
|
|
@ -420,7 +420,7 @@ GEM
|
|||
grape
|
||||
newrelic_rpm
|
||||
newrelic_rpm (3.9.4.245)
|
||||
nokogiri (1.6.7)
|
||||
nokogiri (1.6.7.1)
|
||||
mini_portile2 (~> 2.0.0.rc2)
|
||||
nprogress-rails (0.1.6.7)
|
||||
oauth (0.4.7)
|
||||
|
@ -888,6 +888,7 @@ DEPENDENCIES
|
|||
net-ssh (~> 3.0.1)
|
||||
newrelic-grape
|
||||
newrelic_rpm (~> 3.9.4.245)
|
||||
nokogiri (= 1.6.7.1)
|
||||
nprogress-rails (~> 0.1.6.7)
|
||||
oauth2 (~> 1.0.0)
|
||||
octokit (~> 3.7.0)
|
||||
|
|
Loading…
Reference in New Issue