[Security] Bump sanitize from 4.6.4 to 5.2.3

Bumps [sanitize](https://github.com/rgrove/sanitize) from 4.6.4 to 5.2.3. **This update includes security fixes.** - [Release notes](https://github.com/rgrove/sanitize/releases) - [Changelog](https://github.com/rgrove/sanitize/blob/master/HISTORY.md) - [Commits](rgrove/sanitize@v4.6.4...v5.2.3) Signed-off-by: dependabot-preview[bot] <[email protected]>
nbudin · Jan 15, 2021 · d18095b · d18095b
1 parent c4d789a
commit d18095b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/Gemfile b/Gemfile
@@ -28,7 +28,7 @@ gem "jquery-rails", '~> 4.3.5'
 gem 'jquery-ui-rails'
 gem "rubyzip", "~> 2.0.0", :require => "zip"
 gem "nokogiri", ">= 1.8.1"
-gem "sanitize", "~> 4.6.3"
+gem "sanitize", "~> 5.2.3"
 gem "heroku_external_db"
 gem "illyan_client", "~> 2.0"
 gem "rollbar"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -296,8 +296,8 @@ GEM
       racc (~> 1.4)
     nokogiri (1.11.0-java)
       racc (~> 1.4)
-    nokogumbo (1.5.0)
-      nokogiri
+    nokogumbo (2.0.4)
+      nokogiri (~> 1.8, >= 1.8.4)
     orm_adapter (0.5.0)
     pg (0.18.3)
     pry (0.10.1)
@@ -359,10 +359,10 @@ GEM
     rubycas-client (2.3.9)
       activesupport
     rubyzip (2.0.0)
-    sanitize (4.6.4)
+    sanitize (5.2.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.4.4)
-      nokogumbo (~> 1.4)
+      nokogiri (>= 1.8.0)
+      nokogumbo (~> 2.0)
     sass (3.7.3)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -465,7 +465,7 @@ DEPENDENCIES
   ruby-graphviz (>= 0.9.2)
   rubypants (>= 0.3.0)!
   rubyzip (~> 2.0.0)
-  sanitize (~> 4.6.3)
+  sanitize (~> 5.2.3)
   sass-rails
   selenium-webdriver
   shoulda-matchers