diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 12:18:06 +1200 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-08-12 12:25:15 +1200 |
| commit | 2d58eba11134d2f3013d2ab45d93ae0581893be7 (patch) | |
| tree | cd92bab4c0b0eb1d4c9f37226b24920acaa6ef94 /Gemfile | |
| parent | 7daf1f41bee701b17a2f276b41f2f96a364cf03d (diff) | |
| download | gitlab-ce-2d58eba11134d2f3013d2ab45d93ae0581893be7.tar.gz | |
Bump nokogiri to 1.10.4bump-nokogiri-1.10.4
This pulls in fix for CVE-2019-5477, where usage of
Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
Diffstat (limited to 'Gemfile')
| -rw-r--r-- | Gemfile | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -137,7 +137,7 @@ gem 'asciidoctor-plantuml', '0.0.9' gem 'rouge', '~> 3.7' gem 'truncato', '~> 0.7.11' gem 'bootstrap_form', '~> 4.2.0' -gem 'nokogiri', '~> 1.10.3' +gem 'nokogiri', '~> 1.10.4' gem 'escape_utils', '~> 1.1' # Calendar rendering |