Update Nokogiri for a security patch (!425) · Merge requests · thoughtbot, inc. / administrate

Merged Administrator requested to merge gw-update-nokogiri into master Jan 20, 2016

Created by: gracewashere

Problem:

bundle-audit detected a security vulnerability in Nokogiri:

$ bundle-audit
Name: nokogiri
Version: 1.6.7.1
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Solution: upgrade to >= 1.6.7.2

Vulnerabilities found!

Solution:

Run bundle update nokogiri && appraisal update nokogiri