diff options
author | Robert Speicher <robert@gitlab.com> | 2015-12-22 03:16:08 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2015-12-22 03:16:08 +0000 |
commit | 36026fb97b4e20a0021fc36ea9915a4883b9b07b (patch) | |
tree | 66df50d2fdbcc2079e5d4d19ab7c9d063f7f5c47 /Gemfile.lock | |
parent | 4156a37aecb83155752d84f44f800dcffb61741e (diff) | |
parent | e5e4405747ec4025d8eefb5652bda2a83c283a13 (diff) | |
download | gitlab-ce-36026fb97b4e20a0021fc36ea9915a4883b9b07b.tar.gz |
Merge branch 'rs-bump-nokogiri' into 'master'
Explicitly require Nokogiri 1.6.7.1 due to security issue
```
Name: nokogiri
Version: 1.6.7
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
```
See merge request !2154
Diffstat (limited to 'Gemfile.lock')
-rw-r--r-- | Gemfile.lock | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 35abd152449..b8517d932a4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -420,7 +420,7 @@ GEM grape newrelic_rpm newrelic_rpm (3.9.4.245) - nokogiri (1.6.7) + nokogiri (1.6.7.1) mini_portile2 (~> 2.0.0.rc2) nprogress-rails (0.1.6.7) oauth (0.4.7) @@ -892,6 +892,7 @@ DEPENDENCIES net-ssh (~> 3.0.1) newrelic-grape newrelic_rpm (~> 3.9.4.245) + nokogiri (= 1.6.7.1) nprogress-rails (~> 0.1.6.7) oauth2 (~> 1.0.0) octokit (~> 3.7.0) |