From 2f78facb48be29fca9fe3b7c6eda314cf55d6a4b Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Wed, 25 Jan 2017 14:45:05 -0500
Subject: [PATCH] SECURITY: Prevent large onebox downloads, better timeout
 support

---
 Gemfile.lock | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index fd19febf79e..79fdbde3bc9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -208,13 +208,15 @@ GEM
     omniauth-twitter (1.2.1)
       json (~> 1.3)
       omniauth-oauth (~> 1.1)
-    onebox (1.7.3)
+      rack
+    onebox (1.7.7)
       fast_blank (>= 1.0.0)
       htmlentities (~> 4.3.4)
       moneta (~> 0.8)
       multi_json (~> 1.11)
       mustache
       nokogiri (~> 1.6.6)
+      sanitize
     openid-redis-store (0.0.2)
       redis
       ruby-openid