Upgrade nokogiri to fix CVE-2019-5477

[bermannoah]

Gemfile.lock pins nokogiri 1.8.2, which is affected by CVE-2019-5477 — a command injection vulnerability in the Rexical-based CSS tokenizer fixed in 1.10.4.

CSS selectors are actively used against fetched HTML in lib/presentations/cache.rb and lib/presentations/page/speaker_deck.rb. The selectors themselves are hardcoded so direct exploitation is narrow, but the vulnerable code path is exercised on every run.

Fix: upgrade nokogiri to ≥ 1.10.4 (current latest is 1.18.x).