From 4818fd72e21737458613bccb0a3a6de0099e2b2d Mon Sep 17 00:00:00 2001 From: Justin Coyne Date: Fri, 25 Jan 2019 07:37:01 -0600 Subject: [PATCH 1/2] Update nokogiri to 1.10.1 This fixes CVE-2018-14404 --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 96dd1aee2..d12c6ecd1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -518,7 +518,7 @@ GEM mimemagic (0.3.2) mini_magick (4.9.2) mini_mime (1.0.0) - mini_portile2 (2.3.0) + mini_portile2 (2.4.0) minitest (5.11.3) mods (2.1.0) iso-639 @@ -536,8 +536,8 @@ GEM noid-rails (3.0.0) actionpack (>= 5.0.0, < 6) noid (~> 0.9) - nokogiri (1.8.3) - mini_portile2 (~> 2.3.0) + nokogiri (1.10.1) + mini_portile2 (~> 2.4.0) nom-xml (0.6.0) activesupport (>= 3.2.18) i18n @@ -961,4 +961,4 @@ DEPENDENCIES zk BUNDLED WITH - 1.16.6 + 1.17.3 From ea8502712ce22e1c75694bd7c9f484a2c2ccde3f Mon Sep 17 00:00:00 2001 From: Julie Allinson Date: Mon, 18 Feb 2019 18:54:08 +0000 Subject: [PATCH 2/2] upgrade mods --- Gemfile | 2 +- Gemfile.lock | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 5efc15387..06d11179d 100644 --- a/Gemfile +++ b/Gemfile @@ -102,7 +102,7 @@ gem 'lograge' gem 'zk' -gem 'mods', '~> 2.1' +gem 'mods', '~> 2.4' gem 'riiif', '~> 1.1' gem 'iiif_manifest', '~> 0.5.0' diff --git a/Gemfile.lock b/Gemfile.lock index d12c6ecd1..fb47882b4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -239,6 +239,8 @@ GEM ebnf (1.1.2) rdf (>= 2.2, < 4.0) sxp (~> 1.0) + edtf (3.0.4) + activesupport (>= 3.0, < 6.0) equivalent-xml (0.6.0) nokogiri (>= 1.4.3) erubi (1.7.1) @@ -520,10 +522,11 @@ GEM mini_mime (1.0.0) mini_portile2 (2.4.0) minitest (5.11.3) - mods (2.1.0) + mods (2.4.1) + edtf iso-639 - nokogiri - nom-xml (~> 0.6.0) + nokogiri (>= 1.6.6) + nom-xml (~> 1.0) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) @@ -538,7 +541,7 @@ GEM noid (~> 0.9) nokogiri (1.10.1) mini_portile2 (~> 2.4.0) - nom-xml (0.6.0) + nom-xml (1.1.0) activesupport (>= 3.2.18) i18n nokogiri @@ -925,7 +928,7 @@ DEPENDENCIES jquery-rails listen (>= 3.0.5, < 3.2) lograge - mods (~> 2.1) + mods (~> 2.4) peek peek-faraday peek-git @@ -961,4 +964,4 @@ DEPENDENCIES zk BUNDLED WITH - 1.17.3 + 1.16.6