Bump nokogiri, loofah, and rack gems for security updates

loofah: CVE-2018-16468: https://github.com/flavorjones/loofah/issues/154 nokogiri: CVE-2018-14404 and CVE-2018-14567 https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md rack: CVE-2018-16471 https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd i18n: https://github.com/svenfuchs/i18n/releases concurrent-ruby: https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md

Bump nokogiri, loofah, and rack gems for security updates
loofah: CVE-2018-16468: https://github.com/flavorjones/loofah/issues/154 nokogiri: CVE-2018-14404 and CVE-2018-14567 https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md rack: CVE-2018-16471 https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd i18n: https://github.com/svenfuchs/i18n/releases concurrent-ruby: https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md
eded0815 · Stan Hu · Douglas Barbosa Alexandre · b1321ded · eded0815 · eded0815
Commit eded0815 authored Nov 19, 2018 by Stan Hu Committed by Douglas Barbosa Alexandre Nov 19, 2018
Showing with 21 additions and 16 deletions

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +9 -9

Gemfile.rails4.lock Gemfile.rails4.lock +6 -6

changelogs/unreleased/sh-bump-gems-security.yml changelogs/unreleased/sh-bump-gems-security.yml +5 -0

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -389,7 +389,7 @@ group :test do
  gem 'rails-controller-testing' if rails5? # Rails5 only gem.
  gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0.
  gem 'sham_rack', '~> 1.3.6'
-  gem 'concurrent-ruby', '~> 1.0.5'
+  gem 'concurrent-ruby', '~> 1.1'
  gem 'test-prof', '~> 0.2.5'
  gem 'rspec_junit_formatter'
 end

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -128,9 +128,9 @@ GEM
    concord (0.1.5)
      adamantium (~> 0.2.0)
      equalizer (~> 0.0.9)
-    concurrent-ruby (1.0.5)
-    concurrent-ruby-ext (1.0.5)
-      concurrent-ruby (= 1.0.5)
+    concurrent-ruby (1.1.3)
+    concurrent-ruby-ext (1.1.3)
+      concurrent-ruby (= 1.1.3)
    connection_pool (2.2.2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
@@ -379,7 +379,7 @@ GEM
      json (~> 1.8)
      multi_xml (>= 0.5.2)
    httpclient (2.8.3)
-    i18n (1.1.0)
+    i18n (1.1.1)
      concurrent-ruby (~> 1.0)
    icalendar (2.4.1)
    ice_nine (0.11.2)
@@ -444,7 +444,7 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.0)
@@ -453,7 +453,7 @@ GEM
    memoist (0.16.0)
    memoizable (0.4.2)
      thread_safe (~> 0.3, >= 0.3.1)
-    method_source (0.9.0)
+    method_source (0.9.2)
    mime-types (3.2.2)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2018.0812)
@@ -475,7 +475,7 @@ GEM
    net-ssh (5.0.1)
    netrc (0.11.0)
    nio4r (2.3.1)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
      mini_portile2 (~> 2.3.0)
    nokogumbo (1.5.0)
      nokogiri
@@ -603,7 +603,7 @@ GEM
      get_process_mem (~> 0.2)
      puma (>= 2.7, < 4)
    pyu-ruby-sasl (0.0.3.3)
-    rack (2.0.5)
+    rack (2.0.6)
    rack-accept (0.4.5)
      rack (>= 0.4)
    rack-attack (4.4.1)
@@ -967,7 +967,7 @@ DEPENDENCIES
  chronic (~> 0.10.2)
  chronic_duration (~> 0.10.6)
  commonmarker (~> 0.17)
-  concurrent-ruby (~> 1.0.5)
+  concurrent-ruby (~> 1.1)
  connection_pool (~> 2.0)
  creole (~> 0.5.0)
  database_cleaner (~> 1.5.0)

--- a/Gemfile.rails4.lock
+++ b/Gemfile.rails4.lock
@@ -125,9 +125,9 @@ GEM
    concord (0.1.5)
      adamantium (~> 0.2.0)
      equalizer (~> 0.0.9)
-    concurrent-ruby (1.0.5)
-    concurrent-ruby-ext (1.0.5)
-      concurrent-ruby (= 1.0.5)
+    concurrent-ruby (1.1.3)
+    concurrent-ruby-ext (1.1.3)
+      concurrent-ruby (= 1.1.3)
    connection_pool (2.2.2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
@@ -441,7 +441,7 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.0)
@@ -471,7 +471,7 @@ GEM
    net-ldap (0.16.0)
    net-ssh (5.0.1)
    netrc (0.11.0)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
      mini_portile2 (~> 2.3.0)
    nokogumbo (1.5.0)
      nokogiri
@@ -958,7 +958,7 @@ DEPENDENCIES
  chronic (~> 0.10.2)
  chronic_duration (~> 0.10.6)
  commonmarker (~> 0.17)
-  concurrent-ruby (~> 1.0.5)
+  concurrent-ruby (~> 1.1)
  connection_pool (~> 2.0)
  creole (~> 0.5.0)
  database_cleaner (~> 1.5.0)

--- a/changelogs/unreleased/sh-bump-gems-security.yml
+++ b/changelogs/unreleased/sh-bump-gems-security.yml
+---
+title: Bump nokogiri, loofah, and rack gems for security updates
+merge_request: 23204
+author:
+type: security