🚨 [security] [ruby] Update nokogiri: 1.10.3 → 1.10.4 (patch)

[depfu]

---

🚨 Your version of nokogiri has known security vulnerabilities 🚨

Advisory: CVE-2019-5477
Disclosed: August 11, 2019
URL: https://github.com/sparklemotion/nokogiri/issues/1915

Nokogiri Command Injection Vulnerability

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

↗️ nokogiri (indirect, 1.10.3 → 1.10.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 9 commits:

• version bump to v1.10.4
• Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.x
• update CHANGELOG
• regenerate lexical scanner using rexical 1.0.7
• eliminate `eval` from Builder#initialize
• rufo formatting
• rubocop security scan is run as part of the `test` rake target
• add rubocop as a dev dependency
• adding a temporary pipeline for v1.10.x

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)