Update Nokogiri for a security patch #294
Merged
Commits on Dec 5, 2015
-
Update Nokogiri for a security patch
Problem: Running `bundler-audit` reveals a security vulnerability in Nokogiri, which can be traced back to a libxml2 vulnerability. ``` $ bundle-audit Name: nokogiri Version: 1.6.6.2 Advisory: CVE-2015-1819 Criticality: Unknown URL: sparklemotion/nokogiri#1374 Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4 Vulnerabilities found! ``` Solution: Update nokogiri to `~> 1.6.6.4`, as suggested. Nokogiri is a dependency of capybara, which is a dependency of poltergeist. We only need to specify the nokogiri version for the test bundler group, which already depends on it. References: https://github.com/rubysec/bundler-audit sparklemotion/nokogiri#1374 http://www.ubuntu.com/usn/usn-2812-1/ Only use nokogiri in test bundler group Nokogiri is a dependency of capybara, which is a dependency of poltergeist. We only need to specify nokogiri for bundler groups that already depend on it.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.