summaryrefslogtreecommitdiff
path: root/Gemfile.rails5.lock
diff options
context:
space:
mode:
authorAlessio Caiazza <acaiazza@gitlab.com>2018-06-25 16:13:53 +0000
committerAlessio Caiazza <acaiazza@gitlab.com>2018-06-25 16:13:53 +0000
commit70c02bf3bce18d39a4fae85bb927334391cd2a5e (patch)
tree0b0f3426976856f18fb5a9dc0c371b2447178cc8 /Gemfile.rails5.lock
parent4605d27d341d7840cba3453f2b2f23fb992c44b3 (diff)
parent039b0c0dbd956e458000fb4f3f7cf0a638098912 (diff)
downloadgitlab-ce-70c02bf3bce18d39a4fae85bb927334391cd2a5e.tar.gz
Merge branch 'security-fj-bumping-sanitize-gem' into 'master'
[master] Update sanitize gem to 4.6.5 to fix HTML injection vulnerability See merge request gitlab/gitlabhq!2399
Diffstat (limited to 'Gemfile.rails5.lock')
-rw-r--r--Gemfile.rails5.lock12
1 files changed, 8 insertions, 4 deletions
diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock
index 679318b9be5..52388f17c7c 100644
--- a/Gemfile.rails5.lock
+++ b/Gemfile.rails5.lock
@@ -298,13 +298,13 @@ GEM
flowdock (~> 0.7)
gitlab-grit (>= 2.4.1)
multi_json
- gitlab-gollum-lib (4.2.7.4)
+ gitlab-gollum-lib (4.2.7.5)
gemojione (~> 3.2)
github-markup (~> 1.6)
gollum-grit_adapter (~> 1.0)
nokogiri (>= 1.6.1, < 2.0)
rouge (~> 3.1)
- sanitize (~> 2.1)
+ sanitize (~> 4.6.4)
stringex (~> 2.6)
gitlab-gollum-rugged_adapter (0.4.4.1)
mime-types (>= 1.15)
@@ -518,6 +518,8 @@ GEM
nio4r (2.3.1)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
+ nokogumbo (1.5.0)
+ nokogiri
numerizer (0.1.1)
oauth (0.5.4)
oauth2 (1.4.0)
@@ -813,8 +815,10 @@ GEM
et-orbi (~> 1.0)
rugged (0.27.1)
safe_yaml (1.0.4)
- sanitize (2.1.0)
+ sanitize (4.6.5)
+ crass (~> 1.0.2)
nokogiri (>= 1.4.4)
+ nokogumbo (~> 1.4)
sass (3.5.5)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
@@ -1162,7 +1166,7 @@ DEPENDENCIES
ruby_parser (~> 3.8)
rufus-scheduler (~> 3.4)
rugged (~> 0.27)
- sanitize (~> 2.0)
+ sanitize (~> 4.6.5)
sass-rails (~> 5.0.6)
scss_lint (~> 0.56.0)
seed-fu (~> 2.3.7)