Update rails html sanitizer

Known security vulnerability in 1.0.3
SumOfUs · May 1, 2018 · c6b95ee · c6b95ee
1 parent a99751a
commit c6b95ee
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/Gemfile b/Gemfile
@@ -28,6 +28,7 @@ gem 'phony_rails'
 gem 'rack-cors', require: 'rack/cors'
 gem 'rails', '~> 5.1'
 gem 'rails-i18n'
+gem 'rails-html-sanitizer', '~> 1.0.4'
 gem 'readthis'
 gem 'redis', require: ['redis', 'redis/connection/hiredis']
 gem 'slim-rails'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -175,7 +175,7 @@ GEM
       tins (~> 1.6)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.3)
+    crass (1.0.4)
     database_cleaner (1.6.1)
     deep_merge (1.1.1)
     devise (4.3.0)
@@ -389,8 +389,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
     rails-i18n (5.0.4)
       i18n (~> 0.7)
       railties (~> 5.0)
@@ -594,6 +594,7 @@ DEPENDENCIES
   rack-cors
   rails (~> 5.1)
   rails-controller-testing
+  rails-html-sanitizer (~> 1.0.4)
   rails-i18n
   readthis
   redis