summaryrefslogtreecommitdiff
path: root/Gemfile
diff options
context:
space:
mode:
authorThong Kuah <tkuah@gitlab.com>2019-08-12 12:18:06 +1200
committerThong Kuah <tkuah@gitlab.com>2019-08-12 12:25:15 +1200
commit2d58eba11134d2f3013d2ab45d93ae0581893be7 (patch)
treecd92bab4c0b0eb1d4c9f37226b24920acaa6ef94 /Gemfile
parent7daf1f41bee701b17a2f276b41f2f96a364cf03d (diff)
downloadgitlab-ce-2d58eba11134d2f3013d2ab45d93ae0581893be7.tar.gz
Bump nokogiri to 1.10.4bump-nokogiri-1.10.4
This pulls in fix for CVE-2019-5477, where usage of Nokogiri::CSS::Tokenizer#load_file leads to potential command injection.
Diffstat (limited to 'Gemfile')
-rw-r--r--Gemfile2
1 files changed, 1 insertions, 1 deletions
diff --git a/Gemfile b/Gemfile
index 22746f9c5ae..6a8cf2981ca 100644
--- a/Gemfile
+++ b/Gemfile
@@ -137,7 +137,7 @@ gem 'asciidoctor-plantuml', '0.0.9'
gem 'rouge', '~> 3.7'
gem 'truncato', '~> 0.7.11'
gem 'bootstrap_form', '~> 4.2.0'
-gem 'nokogiri', '~> 1.10.3'
+gem 'nokogiri', '~> 1.10.4'
gem 'escape_utils', '~> 1.1'
# Calendar rendering