Merge branch 'sh-update-loofah' into 'master'

Bump loofah to 2.2.2 and rails-html-sanitizer to 1.0.4 Closes #44554 See merge request gitlab-org/gitlab-ce!17945

Merge branch 'sh-update-loofah' into 'master'
Bump loofah to 2.2.2 and rails-html-sanitizer to 1.0.4 Closes #44554 See merge request gitlab-org/gitlab-ce!17945
79dd74db · Robert Speicher · b06a44c4 · 6e7064dc · 79dd74db · 79dd74db
隐藏空白更改
内联并排

Showing with 12 addition and 5 deletion

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +6 -4

changelogs/unreleased/sh-update-loofah.yml changelogs/unreleased/sh-update-loofah.yml +5 -0

未找到文件。
--- a/Gemfile
+++ b/Gemfile
@@ -231,7 +231,7 @@ gem 'sanitize', '~> 2.0'
 gem 'babosa', '~> 1.0.2'

 # Sanitizes SVG input
-gem 'loofah', '~> 2.0.3'
+gem 'loofah', '~> 2.2'

 # Working with license
 gem 'licensee', '~> 8.9'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -143,6 +143,7 @@ GEM
    connection_pool (2.2.1)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
+    crass (1.0.3)
    creole (0.5.0)
    css_parser (1.5.0)
      addressable
@@ -485,7 +486,8 @@ GEM
      actionpack (>= 4, < 5.2)
      activesupport (>= 4, < 5.2)
      railties (>= 4, < 5.2)
-    loofah (2.0.3)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.0)
      mini_mime (>= 0.1.1)
@@ -679,8 +681,8 @@ GEM
      activesupport (>= 4.2.0, < 5.0)
      nokogiri (~> 1.6)
      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
    rails-i18n (4.0.9)
      i18n (~> 0.7)
      railties (~> 4.0)
@@ -1093,7 +1095,7 @@ DEPENDENCIES
  license_finder (~> 3.1)
  licensee (~> 8.9)
  lograge (~> 0.5)
-  loofah (~> 2.0.3)
+  loofah (~> 2.2)
  mail_room (~> 0.9.1)
  method_source (~> 0.8)
  minitest (~> 5.7.0)

--- a/changelogs/unreleased/sh-update-loofah.yml
+++ b/changelogs/unreleased/sh-update-loofah.yml
+---
+title: Bump rails-html-sanitizer to 1.0.4
+merge_request:
+author:
+type: security