Skip to content

Commit

Permalink
Bump nokogiri version
Browse files Browse the repository at this point in the history 
Summary:
We don't use nokogiri directly in our library, but it found its was into our Gemfile.lock. I'm bumping the version in the Gemfile.lock because the version it's calling for has a security vuln: sparklemotion/nokogiri#1915. When I tried setting up this library from a github clone, so I imagine others may be running into this and wasting time on it as well.

Another solution here would just be to remove nokogiri from our Gemfile.lock entirely. I don't think we use it directly anywhere, and was just included in the lock because it happened to be in someone's environment at the time of the lock file creation.

Reviewed By: joetam

Differential Revision: D18046184

fbshipit-source-id: de6263bb24783988545a77cb67ee66c9697820de
  • Loading branch information
@facebook-github-bot
Jeremy Lawrence authored and facebook-github-bot committed Oct 30, 2019
1 parent 0ec9f8f commit 16df6cb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ GEM
nap (1.1.0)
netrc (0.11.0)
no_proxy_fix (0.1.2)
nokogiri (1.10.3)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
Expand Down

0 comments on commit 16df6cb

Please sign in to comment.