Ignoring the nokogiri CVE until we update to 1.6.8

mikedodge04 · Jun 16, 2016 · 51ef976 · 51ef976
1 parent 5581377
commit 51ef976
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -59,7 +59,9 @@ matrix:
   - env:
       AUDIT_CHECK: 1
     rvm: 2.1
-    script: bundle exec bundle-audit check --update
+    # TODO stop ignoring nokogiri CVE when we update to 1.6.8
+    # script: bundle exec bundle-audit check --update
+    script: bundle exec bundle-audit check --update --ignore CVE-2015-8806
     # also remove integration / external tests
     bundler_args: --without changelog development docgen guard integration maintenance omnibus_package tools aix bsd mac_os_x solaris windows --frozen
   #

diff --git a/Gemfile b/Gemfile
@@ -79,7 +79,7 @@ end
 
 group(:travis) do
   # See `bundler-audit` in .travis.yml
-  gem "bundler-audit", git: "https://github.com/rubysec/bundler-audit.git", ref: "4e32fca"
+  gem "bundler-audit", git: "https://github.com/rubysec/bundler-audit.git"
 end
 
 instance_eval(ENV["GEMFILE_MOD"]) if ENV["GEMFILE_MOD"]

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -8,10 +8,9 @@ GIT
 
 GIT
   remote: https://github.com/rubysec/bundler-audit.git
-  revision: 4e32fca89d75f0e249671431ff38aadc02bfb28b
-  ref: 4e32fca
+  revision: 2c876da51beeee3b535c4524d3eabd0f6a067113
   specs:
-    bundler-audit (0.4.0)
+    bundler-audit (0.5.0)
       bundler (~> 1.2)
       thor (~> 0.18)