[ci skip] Please don't send more PRs trying to bump Loofah.

kaspth · kaspth · commit d4d823c617fd · 2018-11-05T17:56:54.000+01:00
diff --git a/rails-html-sanitizer.gemspec b/rails-html-sanitizer.gemspec
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = Dir["test/**/*"]
   spec.require_paths = ["lib"]
 
+  # NOTE: There's no need to update this dependency for Loofah CVEs
+  # in minor releases when users can simply run `bundle update loofah`.
   spec.add_dependency "loofah", "~> 2.2", ">= 2.2.2"
 
   spec.add_development_dependency "bundler", "~> 1.3"
