diff --git a/Gemfile b/Gemfile
index 134b7f3..f32e7aa 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,7 +28,7 @@ gem "jquery-rails", '~> 4.3.5'
 gem 'jquery-ui-rails'
 gem "rubyzip", "~> 2.0.0", :require => "zip"
 gem "nokogiri", ">= 1.8.1"
-gem "sanitize", "~> 4.6.3"
+gem "sanitize", "~> 5.2.3"
 gem "heroku_external_db"
 gem "illyan_client", "~> 2.0"
 gem "rollbar"
diff --git a/Gemfile.lock b/Gemfile.lock
index 8673a8e..5b9f31a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -296,8 +296,8 @@ GEM
       racc (~> 1.4)
     nokogiri (1.11.0-java)
       racc (~> 1.4)
-    nokogumbo (1.5.0)
-      nokogiri
+    nokogumbo (2.0.4)
+      nokogiri (~> 1.8, >= 1.8.4)
     orm_adapter (0.5.0)
     pg (0.18.3)
     pry (0.10.1)
@@ -359,10 +359,10 @@ GEM
     rubycas-client (2.3.9)
       activesupport
     rubyzip (2.0.0)
-    sanitize (4.6.4)
+    sanitize (5.2.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.4.4)
-      nokogumbo (~> 1.4)
+      nokogiri (>= 1.8.0)
+      nokogumbo (~> 2.0)
     sass (3.7.3)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -465,7 +465,7 @@ DEPENDENCIES
   ruby-graphviz (>= 0.9.2)
   rubypants (>= 0.3.0)!
   rubyzip (~> 2.0.0)
-  sanitize (~> 4.6.3)
+  sanitize (~> 5.2.3)
   sass-rails
   selenium-webdriver
   shoulda-matchers