summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2018-03-23 15:41:00 +0000
committerRobert Speicher <robert@gitlab.com>2018-03-23 15:41:00 +0000
commit79dd74db14ffdac34fa2eff0aa26387b29a16cb5 (patch)
treee6fe9084318b70cae2f2b158a6f1a32805f52dbc
parentb06a44c4ea85b813c0e6497ad801c3367abbf973 (diff)
parent6e7064dc8a3bc2aff1e166bd171b3ca828c08e38 (diff)
downloadgitlab-ce-79dd74db14ffdac34fa2eff0aa26387b29a16cb5.tar.gz
Merge branch 'sh-update-loofah' into 'master'
Bump loofah to 2.2.2 and rails-html-sanitizer to 1.0.4 Closes #44554 See merge request gitlab-org/gitlab-ce!17945
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock10
-rw-r--r--changelogs/unreleased/sh-update-loofah.yml5
3 files changed, 12 insertions, 5 deletions
diff --git a/Gemfile b/Gemfile
index 2bd6acede79..149ae1fac0d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -231,7 +231,7 @@ gem 'sanitize', '~> 2.0'
gem 'babosa', '~> 1.0.2'
# Sanitizes SVG input
-gem 'loofah', '~> 2.0.3'
+gem 'loofah', '~> 2.2'
# Working with license
gem 'licensee', '~> 8.9'
diff --git a/Gemfile.lock b/Gemfile.lock
index aed9f1d6b30..a92843f32d8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -143,6 +143,7 @@ GEM
connection_pool (2.2.1)
crack (0.4.3)
safe_yaml (~> 1.0.0)
+ crass (1.0.3)
creole (0.5.0)
css_parser (1.5.0)
addressable
@@ -485,7 +486,8 @@ GEM
actionpack (>= 4, < 5.2)
activesupport (>= 4, < 5.2)
railties (>= 4, < 5.2)
- loofah (2.0.3)
+ loofah (2.2.2)
+ crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
mini_mime (>= 0.1.1)
@@ -679,8 +681,8 @@ GEM
activesupport (>= 4.2.0, < 5.0)
nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
- rails-html-sanitizer (1.0.3)
- loofah (~> 2.0)
+ rails-html-sanitizer (1.0.4)
+ loofah (~> 2.2, >= 2.2.2)
rails-i18n (4.0.9)
i18n (~> 0.7)
railties (~> 4.0)
@@ -1093,7 +1095,7 @@ DEPENDENCIES
license_finder (~> 3.1)
licensee (~> 8.9)
lograge (~> 0.5)
- loofah (~> 2.0.3)
+ loofah (~> 2.2)
mail_room (~> 0.9.1)
method_source (~> 0.8)
minitest (~> 5.7.0)
diff --git a/changelogs/unreleased/sh-update-loofah.yml b/changelogs/unreleased/sh-update-loofah.yml
new file mode 100644
index 00000000000..6aff0f91939
--- /dev/null
+++ b/changelogs/unreleased/sh-update-loofah.yml
@@ -0,0 +1,5 @@
+---
+title: Bump rails-html-sanitizer to 1.0.4
+merge_request:
+author:
+type: security