From 12e0db49f0e500c1184044697ac059adcb02d619 Mon Sep 17 00:00:00 2001
From: Grayson Wright <wright.grayson@gmail.com>
Date: Sat, 5 Dec 2015 11:26:17 -0500
Subject: [PATCH] Update Nokogiri for a security patch

Problem:

Running `bundler-audit` reveals a security vulnerability in Nokogiri,
which can be traced back to a libxml2 vulnerability.

```
$ bundle-audit
Name: nokogiri
Version: 1.6.6.2
Advisory: CVE-2015-1819
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

Vulnerabilities found!
```

Solution:

Update nokogiri to `~> 1.6.6.4`, as suggested.

Nokogiri is a dependency of capybara,
which is a dependency of poltergeist.

We only need to specify the nokogiri version for the test bundler group,
which already depends on it.

References:

https://github.com/rubysec/bundler-audit
https://github.com/sparklemotion/nokogiri/issues/1374
http://www.ubuntu.com/usn/usn-2812-1/

Only use nokogiri in test bundler group

Nokogiri is a dependency of capybara,
which is a dependency of poltergeist.
We only need to specify nokogiri for bundler groups that already depend
on it.
---
 Gemfile      | 3 ++-
 Gemfile.lock | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Gemfile b/Gemfile
index 87a39f308b..da2e988fe3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -28,12 +28,13 @@ end
 
 group :test do
   gem "ammeter"
-  gem "poltergeist"
   gem "database_cleaner"
   gem "formulaic"
   gem "fuubar"
   gem "launchy"
+  gem "nokogiri", "~> 1.6.6.4"
   gem "percy-capybara"
+  gem "poltergeist"
   gem "shoulda-matchers", "~> 2.8.0", require: false
   gem "timecop"
   gem "webmock"
diff --git a/Gemfile.lock b/Gemfile.lock
index c7840a12f9..d45a7bb92e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -167,7 +167,7 @@ GEM
     neat (1.7.2)
       bourbon (>= 4.0)
       sass (>= 3.3)
-    nokogiri (1.6.6.2)
+    nokogiri (1.6.6.4)
       mini_portile (~> 0.6.0)
     normalize-rails (3.0.3)
     percy-capybara (1.0.0)
@@ -310,6 +310,7 @@ DEPENDENCIES
   high_voltage
   i18n-tasks
   launchy
+  nokogiri (~> 1.6.6.4)
   percy-capybara
   pg
   poltergeist