Elgato_dark/IGListKit
1
0
Fork 0
mirror of https://github.com/Instagram/IGListKit synced 2026-05-23 09:18:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bump nokogiri version

Browse source 
Summary:
We don't use nokogiri directly in our library, but it found its was into our Gemfile.lock. I'm bumping the version in the Gemfile.lock because the version it's calling for has a security vuln: https://github.com/sparklemotion/nokogiri/issues/1915. When I tried setting up this library from a github clone, so I imagine others may be running into this and wasting time on it as well.

Another solution here would just be to remove nokogiri from our Gemfile.lock entirely. I don't think we use it directly anywhere, and was just included in the lock because it happened to be in someone's environment at the time of the lock file creation.

Reviewed By: joetam

Differential Revision: D18046184

fbshipit-source-id: de6263bb24783988545a77cb67ee66c9697820de
This commit is contained in:
Jeremy Lawrence 2019-10-30 12:21:26 -07:00 committed by Facebook Github Bot
parent 0ec9f8fff8
commit 16df6cb220
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Gemfile.lock
View file

@ -89,7 +89,7 @@ GEM
nap (1.1.0)
netrc (0.11.0)
no_proxy_fix (0.1.2)
nokogiri (1.10.3)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)