Nokogiri update to v1.10.4 to resolve vulnerability [CVE-2019-5477](h…

…ttps://nvd.nist.gov/vuln/detail/CVE-2019-5477)

CHANGELOG.md

@@ -1,5 +1,11 @@
 # AEMO Gem Changelog
 
+## 0.3.5 (2019-08-20)
+
+*   Upgrade [nokogiri](https://rubygems.org/gems/nokogiri) to v1.10.4 to resolve
+    vulnerability:
+    *   [CVE-2019-5477](https://nvd.nist.gov/vuln/detail/CVE-2019-5477)
+
 ## 0.3.4 (2019-07-04)
 
 *   Bump [yard](https://github.com/lsegal/yard) from 0.9.16 to 0.9.20

Gemfile.lock

@@ -1,17 +1,17 @@
 PATH
   remote: .
   specs:
-    aemo (0.3.3)
+    aemo (0.3.4)
       activesupport (>= 4.2.6, < 5.2)
       httparty (~> 0.15, >= 0.15.6)
       json (>= 1.7.5, < 3)
       multi_xml (~> 0.6, >= 0.5.0)
-      nokogiri (~> 1.8, >= 1.8.5)
+      nokogiri (~> 1.10, >= 1.10.4)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.1.6)
+    activesupport (5.1.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -21,22 +21,22 @@ GEM
     awesome_print (1.8.0)
     builder (3.2.3)
     coderay (1.1.2)
-    concurrent-ruby (1.1.3)
-    coveralls (0.8.22)
+    concurrent-ruby (1.1.5)
+    coveralls (0.8.23)
       json (>= 1.8, < 3)
       simplecov (~> 0.16.1)
       term-ansicolor (~> 1.3)
-      thor (~> 0.19.4)
+      thor (>= 0.19.4, < 2.0)
       tins (~> 1.6)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     diff-lcs (1.3)
-    docile (1.3.1)
+    docile (1.3.2)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    ffi (1.9.25)
+    ffi (1.11.1)
     formatador (0.2.5)
     git (1.5.0)
     github_api (0.16.0)
@@ -58,12 +58,12 @@ GEM
     guard-yard (2.2.1)
       guard (>= 1.1.0)
       yard (>= 0.7.0)
-    hashdiff (0.3.7)
+    hashdiff (1.0.0)
     hashie (3.6.0)
-    highline (2.0.0)
+    highline (2.0.2)
     httparty (0.16.2)
       multi_xml (>= 0.5.2)
-    i18n (1.1.1)
+    i18n (1.6.0)
       concurrent-ruby (~> 1.0)
     jeweler (2.3.9)
       builder
@@ -76,24 +76,24 @@ GEM
       rake
       rdoc
       semver2
-    json (2.1.0)
-    jwt (2.1.0)
+    json (2.2.0)
+    jwt (2.2.1)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
     lumberjack (1.0.13)
     method_source (0.9.2)
     mime-types (2.99.3)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     multi_json (1.13.1)
     multi_xml (0.6.0)
-    multipart-post (2.0.0)
+    multipart-post (2.1.1)
     nenv (0.3.0)
-    nokogiri (1.8.5)
-      mini_portile2 (~> 2.3.0)
-    notiffany (0.1.1)
+    nokogiri (1.10.4)
+      mini_portile2 (~> 2.4.0)
+    notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
     oauth2 (1.4.1)
@@ -102,64 +102,64 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    parallel (1.12.1)
-    parser (2.5.3.0)
+    parallel (1.17.0)
+    parser (2.6.3.0)
       ast (~> 2.4.0)
     powerpack (0.1.2)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    psych (3.0.3)
-    rack (2.0.6)
+    psych (3.1.0)
+    rack (2.0.7)
     rainbow (3.0.0)
-    rake (12.3.1)
+    rake (12.3.3)
     rb-fsevent (0.10.3)
-    rb-inotify (0.9.10)
-      ffi (>= 0.5.0, < 2)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
     rdoc (5.1.0)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
       rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
+    rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rspec-expectations (3.8.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+    rspec-mocks (3.8.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
+    rspec-support (3.8.2)
     rubocop (0.52.1)
       parallel (~> 1.10)
       parser (>= 2.4.0.2, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.10.0)
+    ruby-progressbar (1.10.1)
     ruby_dep (1.5.0)
-    safe_yaml (1.0.4)
+    safe_yaml (1.0.5)
     semver2 (3.4.2)
     shellany (0.0.1)
     simplecov (0.16.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    term-ansicolor (1.7.0)
+    term-ansicolor (1.7.1)
       tins (~> 1.0)
-    thor (0.19.4)
+    thor (0.20.3)
     thread_safe (0.3.6)
     timecop (0.9.1)
-    tins (1.20.2)
+    tins (1.21.1)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.4.0)
-    webmock (3.4.2)
+    unicode-display_width (1.6.0)
+    webmock (3.6.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
-      hashdiff
+      hashdiff (>= 0.4.0, < 2.0.0)
     yard (0.9.20)
 
 PLATFORMS

aemo.gemspec

@@ -27,8 +27,8 @@ Gem::Specification.new do |s|
   s.add_dependency 'httparty',  '~> 0.15', '>= 0.15.6'
   s.add_dependency 'json', '>= 1.7.5', '< 3'
   s.add_dependency 'multi_xml', '~> 0.6', '>= 0.5.0'
-  s.add_dependency 'nokogiri',  '~> 1.8', '>= 1.8.5'
-
+  s.add_dependency 'nokogiri',  '~> 1.10', '>= 1.10.4'
+  
   # Development Dependencies
   s.add_development_dependency 'awesome_print', '~> 1.8', '>= 1.8.0'
   s.add_development_dependency 'coveralls', '~> 0.8', '>= 0.8.21'

lib/aemo/version.rb

@@ -24,7 +24,7 @@
 # @author Joel Courtney <[email protected]>
 module AEMO
   # aemo version
-  VERSION = '0.3.4'
+  VERSION = '0.3.5'
 
   # aemo version split amongst different revisions
   MAJOR_VERSION, MINOR_VERSION, REVISION = VERSION.split('.').map(&:to_i)