diff options
author | Stan Hu <stanhu@gmail.com> | 2018-03-22 13:41:35 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-03-22 13:51:02 -0700 |
commit | 6e7064dc8a3bc2aff1e166bd171b3ca828c08e38 (patch) | |
tree | bf13292f10d2eb114fafe5da96c4101e3b42a88a | |
parent | 5c36e1b96a7c159a3f8a71528b14cc1c726a8bb9 (diff) | |
download | gitlab-ce-6e7064dc8a3bc2aff1e166bd171b3ca828c08e38.tar.gz |
Bump loofah to 2.2.2 and rails-html-sanitizer to 1.0.4sh-update-loofah
See:
* https://github.com/rails/rails-html-sanitizer/releases
* https://github.com/flavorjones/loofah/releases
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 10 | ||||
-rw-r--r-- | changelogs/unreleased/sh-update-loofah.yml | 5 |
3 files changed, 12 insertions, 5 deletions
@@ -231,7 +231,7 @@ gem 'sanitize', '~> 2.0' gem 'babosa', '~> 1.0.2' # Sanitizes SVG input -gem 'loofah', '~> 2.0.3' +gem 'loofah', '~> 2.2' # Working with license gem 'licensee', '~> 8.9' diff --git a/Gemfile.lock b/Gemfile.lock index aed9f1d6b30..a92843f32d8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -143,6 +143,7 @@ GEM connection_pool (2.2.1) crack (0.4.3) safe_yaml (~> 1.0.0) + crass (1.0.3) creole (0.5.0) css_parser (1.5.0) addressable @@ -485,7 +486,8 @@ GEM actionpack (>= 4, < 5.2) activesupport (>= 4, < 5.2) railties (>= 4, < 5.2) - loofah (2.0.3) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) mini_mime (>= 0.1.1) @@ -679,8 +681,8 @@ GEM activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) rails-i18n (4.0.9) i18n (~> 0.7) railties (~> 4.0) @@ -1093,7 +1095,7 @@ DEPENDENCIES license_finder (~> 3.1) licensee (~> 8.9) lograge (~> 0.5) - loofah (~> 2.0.3) + loofah (~> 2.2) mail_room (~> 0.9.1) method_source (~> 0.8) minitest (~> 5.7.0) diff --git a/changelogs/unreleased/sh-update-loofah.yml b/changelogs/unreleased/sh-update-loofah.yml new file mode 100644 index 00000000000..6aff0f91939 --- /dev/null +++ b/changelogs/unreleased/sh-update-loofah.yml @@ -0,0 +1,5 @@ +--- +title: Bump rails-html-sanitizer to 1.0.4 +merge_request: +author: +type: security |