Update Nokogiri for a security patch (!357) · Merge requests · thoughtbot, inc. / administrate

Merged Administrator requested to merge gw-update-nokogiri into master Dec 21, 2015

Created by: gracewashere

Problem:

Running bundle-audit gives a security warning:

Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
 Already up-to-date.
 ruby-advisory-db: 239 advisories
 Name: nokogiri
 Version: 1.6.7
 Advisory: CVE-2015-5312
 Criticality: High
 URL:
 https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
 Title: Nokogiri gem contains several vulnerabilities in libxml2
 Solution: upgrade to >= 1.6.7.1

Solution:

Update nokogiri to 1.6.7.1 with bundle update nokogiri.