From cd6dc4563d60bdde888bfe290c388e7932fd4b45 Mon Sep 17 00:00:00 2001
From: dgt <digitaria@riseup.net>
Date: Wed, 24 Apr 2019 13:45:58 +0200
Subject: [PATCH] Fix: security update for nokogiri

Advisory: CVE-2019-11068
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1892
---
 Gemfile      | 4 ++--
 Gemfile.lock | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 88e91fa1..3e02a9b2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,8 +15,8 @@ end
 gem 'rails', '~> 4.2.11'
 
 # Security updates
-# https://github.com/sparklemotion/nokogiri/issues/1785
-gem 'nokogiri', '~> 1.8.5'
+#https://github.com/sparklemotion/nokogiri/issues/1892
+gem 'nokogiri', '~> 1.10.3'
 
 # Rake is rubys make... performing tasks
 # locking in to latest major to fix API
diff --git a/Gemfile.lock b/Gemfile.lock
index 7d0d11ba..9c62b1b9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -135,11 +135,11 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
     mini_mime (1.0.1)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     mysql2 (0.3.21)
-    nokogiri (1.8.5)
-      mini_portile2 (~> 2.3.0)
+    nokogiri (1.10.3)
+      mini_portile2 (~> 2.4.0)
     phantomjs-binaries (2.1.1.1)
       sys-uname (= 0.9.0)
     poltergeist (1.13.0)
@@ -271,7 +271,7 @@ DEPENDENCIES
   mime-types
   minitest
   mysql2 (~> 0.3.18)
-  nokogiri (~> 1.8.5)
+  nokogiri (~> 1.10.3)
   phantomjs-binaries (~> 2.1.1)
   poltergeist (~> 1.5)
   prototype-rails!