From 5d6d2815f11bc88e299ba47271c67602ed1b1976 Mon Sep 17 00:00:00 2001 From: Rick Carlino Date: Fri, 27 Apr 2018 11:06:50 -0500 Subject: [PATCH] Oh and a security update --- Gemfile | 3 +++ Gemfile.lock | 1 + 2 files changed, 4 insertions(+) diff --git a/Gemfile b/Gemfile index 597c4d6c1..eaa4f20ac 100755 --- a/Gemfile +++ b/Gemfile @@ -30,6 +30,9 @@ gem "thin" gem "tzinfo" # For validation of user selected timezone names gem "valid_url" gem "webpack-rails" +# Probably safe to remove after next rails upgrade. +# https://nvd.nist.gov/vuln/detail/CVE-2018-3741 +gem "rails-html-sanitizer", "~> 1.0.4" group :development, :test do gem "capybara" diff --git a/Gemfile.lock b/Gemfile.lock index c5ce15722..0803ccb2a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -377,6 +377,7 @@ DEPENDENCIES rack-cors rails rails-erd + rails-html-sanitizer (~> 1.0.4) rails_12factor request_store rollbar