diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 12:18:06 +1200 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 12:25:15 +1200 |
| commit | 2d58eba11134d2f3013d2ab45d93ae0581893be7 (patch) | |
| tree | cd92bab4c0b0eb1d4c9f37226b24920acaa6ef94 | |
| parent | 7daf1f41bee701b17a2f276b41f2f96a364cf03d (diff) | |
| download | gitlab-ce-bump-nokogiri-1.10.4.tar.gz | |
Bump nokogiri to 1.10.4bump-nokogiri-1.10.4
This pulls in fix for CVE-2019-5477, where usage of
Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 4 | ||||
| -rw-r--r-- | qa/Gemfile | 2 | ||||
| -rw-r--r-- | qa/Gemfile.lock | 6 |
4 files changed, 7 insertions, 7 deletions
@@ -137,7 +137,7 @@ gem 'asciidoctor-plantuml', '0.0.9' gem 'rouge', '~> 3.7' gem 'truncato', '~> 0.7.11' gem 'bootstrap_form', '~> 4.2.0' -gem 'nokogiri', '~> 1.10.3' +gem 'nokogiri', '~> 1.10.4' gem 'escape_utils', '~> 1.1' # Calendar rendering diff --git a/Gemfile.lock b/Gemfile.lock index a74492dadc1..68c40cd19f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -541,7 +541,7 @@ GEM net-ssh (5.2.0) netrc (0.11.0) nio4r (2.3.1) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) nokogumbo (1.5.0) nokogiri @@ -1148,7 +1148,7 @@ DEPENDENCIES nakayoshi_fork (~> 0.0.4) net-ldap net-ssh (~> 5.2) - nokogiri (~> 1.10.3) + nokogiri (~> 1.10.4) oauth2 (~> 1.4) octokit (~> 4.9) omniauth (~> 1.8) diff --git a/qa/Gemfile b/qa/Gemfile index 53e7cc497e2..6abc0d622ad 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -8,7 +8,7 @@ gem 'rake', '~> 12.3.0' gem 'rspec', '~> 3.7' gem 'selenium-webdriver', '~> 3.12' gem 'airborne', '~> 0.2.13' -gem 'nokogiri', '~> 1.10.3' +gem 'nokogiri', '~> 1.10.4' gem 'rspec-retry', '~> 0.6.1' gem 'rspec_junit_formatter', '~> 0.4.1' gem 'faker', '~> 1.6', '>= 1.6.6' diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 7d19366f83b..bf051a115b5 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -52,7 +52,7 @@ GEM mini_portile2 (2.4.0) minitest (5.11.1) netrc (0.11.0) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) parallel (1.17.0) parallel_tests (2.29.0) @@ -112,13 +112,13 @@ DEPENDENCIES faker (~> 1.6, >= 1.6.6) gitlab-qa knapsack (~> 1.17) - nokogiri (~> 1.10.3) + nokogiri (~> 1.10.4) parallel_tests (~> 2.29) pry-byebug (~> 3.5.1) rake (~> 12.3.0) rspec (~> 3.7) rspec-retry (~> 0.6.1) - rspec_junit_formatter (~> 0.4.1) + rspec_junit_formatter (~> 0.4.1) selenium-webdriver (~> 3.12) BUNDLED WITH |