diff --git a/Gemfile b/Gemfile
index 30def03b30..f3b6d8220d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,8 +9,6 @@ gem 'rails-i18n', '~> 3.0.0'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
-# Patched version. See http://rubysec.com/advisories/CVE-2015-5312/.
-gem 'nokogiri', '>= 1.6.7.1'
 
 gem "catalog", path: "./engines/catalog"
 gem "order_management", path: "./engines/order_management"
diff --git a/Gemfile.lock b/Gemfile.lock
index 9698de0377..a52fb38d06 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -442,7 +442,7 @@ GEM
     method_source (0.9.2)
     mime-types (1.25.1)
     mini_mime (1.0.1)
-    mini_portile2 (2.1.0)
+    mini_portile2 (2.4.0)
     mini_racer (0.2.9)
       libv8 (>= 6.9.411)
     momentjs-rails (2.20.1)
@@ -454,8 +454,8 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     newrelic_rpm (3.18.1.330)
-    nokogiri (1.6.8.1)
-      mini_portile2 (~> 2.1.0)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -737,7 +737,6 @@ DEPENDENCIES
   mini_racer (= 0.2.9)
   momentjs-rails
   newrelic_rpm (~> 3.0)
-  nokogiri (>= 1.6.7.1)
   oauth2 (~> 1.4.4)
   ofn-qz!
   oj