Bump nokogiri for CVE-2016-4658

https://github.com/sparklemotion/nokogiri/issues/1615 This is required to pass the bundle-audit check in Travis CI Change-Id: Ia34db5b0595b88560fdff36a451df7567907e727 Signed-off-by: Maxime Brugidou <m.brugidou@criteo.com>
author: Maxime Brugidou <m.brugidou@criteo.com> 2017-03-24 10:51:44 +0100
committer: Maxime Brugidou <m.brugidou@criteo.com> 2017-03-24 11:08:07 +0100
commit: 3644e76caf51cd4c57485b0498745c9f87cb6b1a (patch)
tree: 067d397aacc49ce5110c16c8b49cdcb83ea9b986
parent: accb4846106ca4601104a445da0d3544d4c1bf55 (diff)
download: chef-3644e76caf51cd4c57485b0498745c9f87cb6b1a.tar.gz
2 files changed, 5 insertions, 4 deletions
diff --git a/Gemfile b/Gemfile
index 5858df4bb5..416927bf3a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,7 +22,8 @@ gem "cheffish" # required for rspec tests
 group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
-  gem "nokogiri"
+  # CVE-2016-4658 https://github.com/sparklemotion/nokogiri/issues/1615
+  gem "nokogiri", ">= 1.7.1"
 end
 
 group(:omnibus_package, :pry) do
diff --git a/Gemfile.lock b/Gemfile.lock
index 86bc1b371b..34971d9ec3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -377,9 +377,9 @@ GEM
       net-ssh-gateway (>= 1.2.0)
     net-telnet (0.1.1)
     netrc (0.11.0)
-    nokogiri (1.7.0.1)
+    nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
-    nokogiri (1.7.0.1-x86-mingw32)
+    nokogiri (1.7.1-x86-mingw32)
       mini_portile2 (~> 2.1.0)
     nori (2.6.0)
     octokit (4.6.2)
@@ -581,7 +581,7 @@ DEPENDENCIES
   knife-windows
   mixlib-install
   netrc
-  nokogiri
+  nokogiri (>= 1.7.1)
   oc-chef-pedant!
   octokit
   ohai!
author	Maxime Brugidou <m.brugidou@criteo.com>	2017-03-24 10:51:44 +0100
committer	Maxime Brugidou <m.brugidou@criteo.com>	2017-03-24 11:08:07 +0100
commit	3644e76caf51cd4c57485b0498745c9f87cb6b1a (patch)
tree	067d397aacc49ce5110c16c8b49cdcb83ea9b986
parent	accb4846106ca4601104a445da0d3544d4c1bf55 (diff)
download	chef-3644e76caf51cd4c57485b0498745c9f87cb6b1a.tar.gz