Update Nokogiri & Loofah

[lozette]

Hello,

There are vulnerabilities in Nokogiri GHSA-vr8q-g5c7-m54m and Loofah GHSA-c3gv-9cxf-6f57 which are affecting both ZAS & ZAT. We have forks of both repos which are showing these vulnerabilities.

Are you able to update your gems to address these vulnerabilities? I see you have a dependabot PR for loofah already #290

Thanks!

[robbiepaul]

Hi,

I've been unable to open a pull request with these changes (I think you have community PRs turned off) but we've fixed the outdated dependencies in our fork and also fixed the broken build status by:

• Update to Ruby 2.5.8 (required by the new version of Nokogiri)
• Update Rubocop to 0.52 (this is the first version that supports Ruby 2.5)
• Add explicit rake dependency (the implicit dependency was lost in the Rubocop update)
• Fixes a failing test by stripping the whitespace in the style attribute of the SVG (to match behaviour from Loofah)

We'd be grateful if you could open a PR on our behalf or allow us to submit one.

Our fork is: https://github.com/dxw/zendesk_apps_support