Ignoring the nokogiri CVE until we update to 1.6.8

3 files changed, 6 insertions, 5 deletions

diff --git a/.travis.yml b/.travis.yml
index b81c538737..d7c2f7ec4c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -59,7 +59,9 @@ matrix:
   - env:
       AUDIT_CHECK: 1
     rvm: 2.1
-    script: bundle exec bundle-audit check --update
+    # TODO stop ignoring nokogiri CVE when we update to 1.6.8
+    # script: bundle exec bundle-audit check --update
+    script: bundle exec bundle-audit check --update --ignore CVE-2015-8806
     # also remove integration / external tests
     bundler_args: --without changelog development docgen guard integration maintenance omnibus_package tools aix bsd mac_os_x solaris windows --frozen
   #
diff --git a/Gemfile b/Gemfile
index c6b4955ab6..91a49678af 100644
--- a/Gemfile
+++ b/Gemfile
@@ -79,7 +79,7 @@ end
 
 group(:travis) do
   # See `bundler-audit` in .travis.yml
-  gem "bundler-audit", git: "https://github.com/rubysec/bundler-audit.git", ref: "4e32fca"
+  gem "bundler-audit", git: "https://github.com/rubysec/bundler-audit.git"
 end
 
 instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]
diff --git a/Gemfile.lock b/Gemfile.lock
index 62a9a9d76f..c9612a6004 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -8,10 +8,9 @@ GIT
 
 GIT
   remote: https://github.com/rubysec/bundler-audit.git
-  revision: 4e32fca89d75f0e249671431ff38aadc02bfb28b
-  ref: 4e32fca
+  revision: 2c876da51beeee3b535c4524d3eabd0f6a067113
   specs:
-    bundler-audit (0.4.0)
+    bundler-audit (0.5.0)
       bundler (~> 1.2)
       thor (~> 0.18)