From 16df6cb220b4b5bfa545cbfd822119e5a56bc3e4 Mon Sep 17 00:00:00 2001 From: Jeremy Lawrence Date: Wed, 30 Oct 2019 12:21:26 -0700 Subject: [PATCH] Bump nokogiri version Summary: We don't use nokogiri directly in our library, but it found its was into our Gemfile.lock. I'm bumping the version in the Gemfile.lock because the version it's calling for has a security vuln: https://github.com/sparklemotion/nokogiri/issues/1915. When I tried setting up this library from a github clone, so I imagine others may be running into this and wasting time on it as well. Another solution here would just be to remove nokogiri from our Gemfile.lock entirely. I don't think we use it directly anywhere, and was just included in the lock because it happened to be in someone's environment at the time of the lock file creation. Reviewed By: joetam Differential Revision: D18046184 fbshipit-source-id: de6263bb24783988545a77cb67ee66c9697820de --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index ab6e5e6e..9f8c8936 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -89,7 +89,7 @@ GEM nap (1.1.0) netrc (0.11.0) no_proxy_fix (0.1.2) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) octokit (4.14.0) sawyer (~> 0.8.0, >= 0.5.3)