Commit 2cbf4528 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'rs-gem-security' into 'master'

Gem updates for security issues

- sprockets (rails dependency, but we need to specify a version to pull
  in fixes)
- sass-rails (no security issues, but required an update to meet new
  sprockets version requirement)
- rest-client (coveralls dependency)

See merge request !915
parents 9c756f93 3078b13e
......@@ -2,6 +2,10 @@ source "https://rubygems.org"
gem 'rails', '4.1.11'
# Specify a sprockets version due to security issue
# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
gem 'sprockets', '~> 2.12.3'
# Default values for AR models
gem "default_value_for", "~> 3.0.0"
......@@ -181,7 +185,7 @@ gem 'mousetrap-rails'
# Detect and convert string character encoding
gem 'charlock_holmes'
gem "sass-rails", '~> 4.0.2'
gem "sass-rails", '~> 4.0.5'
gem "coffee-rails"
gem "uglifier"
gem 'turbolinks', '~> 2.5.0'
......@@ -234,6 +238,12 @@ group :development, :test do
gem 'rubocop', '0.28.0', require: false
gem 'spinach-rails'
# rest-client is a coveralls dependency and not used directly in GitLab, but
# we specify a version here to pick up some security fixes.
# See https://github.com/rest-client/rest-client/issues/369
# and http://www.osvdb.org/show/osvdb/117461
gem 'rest-client', '~> 1.8.0'
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.3.0'
......
......@@ -113,12 +113,12 @@ GEM
colorize (0.5.8)
columnize (0.9.0)
connection_pool (2.1.0)
coveralls (0.7.0)
multi_json (~> 1.3)
rest-client
simplecov (>= 0.7)
term-ansicolor
thor
coveralls (0.8.2)
json (~> 1.8)
rest-client (>= 1.6.8, < 2)
simplecov (~> 0.10.0)
term-ansicolor (~> 1.3)
thor (~> 0.19.1)
crack (0.4.2)
safe_yaml (~> 1.0.0)
creole (0.3.8)
......@@ -149,6 +149,8 @@ GEM
diff-lcs (1.2.5)
diffy (3.0.3)
docile (1.1.5)
domain_name (0.5.24)
unf (>= 0.0.5, < 1.0.0)
doorkeeper (2.1.3)
railties (>= 3.2)
dotenv (0.9.0)
......@@ -322,6 +324,8 @@ GEM
html-pipeline (1.11.0)
activesupport (>= 2)
nokogiri (~> 1.4)
http-cookie (1.0.2)
domain_name (~> 0.5)
http_parser.rb (0.5.3)
httparty (0.13.3)
json (~> 1.8)
......@@ -377,6 +381,7 @@ GEM
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (2.9.2)
netrc (0.10.3)
newrelic_rpm (3.9.4.245)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
......@@ -525,8 +530,10 @@ GEM
request_store (1.0.5)
rerun (0.10.0)
listen (~> 2.7, >= 2.7.3)
rest-client (1.6.7)
mime-types (>= 1.16)
rest-client (1.8.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rinku (1.7.3)
rotp (1.6.1)
rouge (1.7.7)
......@@ -577,10 +584,10 @@ GEM
sanitize (2.1.0)
nokogiri (>= 1.4.4)
sass (3.2.19)
sass-rails (4.0.3)
sass-rails (4.0.5)
railties (>= 4.0.0, < 5.0)
sass (~> 3.2.0)
sprockets (~> 2.8, <= 2.11.0)
sass (~> 3.2.2)
sprockets (~> 2.8, < 3.0)
sprockets-rails (~> 2.0)
sawyer (0.6.0)
addressable (~> 2.3.5)
......@@ -608,11 +615,11 @@ GEM
ice_cube (= 0.11.1)
sidekiq (>= 3.0.0)
simple_oauth (0.1.9)
simplecov (0.9.0)
simplecov (0.10.0)
docile (~> 1.1.0)
multi_json
simplecov-html (~> 0.8.0)
simplecov-html (0.8.0)
json (~> 1.8)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.0)
sinatra (1.4.4)
rack (~> 1.4)
rack-protection (~> 1.4)
......@@ -637,12 +644,12 @@ GEM
spring (>= 0.9.1)
spring-commands-teaspoon (0.0.2)
spring (>= 0.9.1)
sprockets (2.11.0)
sprockets (2.12.4)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.3.1)
sprockets-rails (2.3.2)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
......@@ -657,8 +664,8 @@ GEM
teaspoon-jasmine (2.2.0)
teaspoon (>= 1.0.0)
temple (0.6.7)
term-ansicolor (1.2.2)
tins (~> 0.8)
term-ansicolor (1.3.2)
tins (~> 1.0)
terminal-table (1.4.5)
test_after_commit (0.2.2)
thin (1.6.1)
......@@ -680,7 +687,7 @@ GEM
mime-types (~> 1.19)
multi_json (~> 1.7)
twitter-stream (~> 0.1)
tins (0.13.1)
tins (1.5.4)
trollop (2.1.2)
turbolinks (2.5.3)
coffee-rails
......@@ -826,12 +833,13 @@ DEPENDENCIES
redis-rails
request_store
rerun (~> 0.10.0)
rest-client (~> 1.8.0)
rqrcode-rails3
rspec-rails (~> 3.3.0)
rubocop (= 0.28.0)
rugments (~> 1.0.0.beta8)
sanitize (~> 2.0)
sass-rails (~> 4.0.2)
sass-rails (~> 4.0.5)
sdoc
seed-fu
select2-rails
......@@ -849,6 +857,7 @@ DEPENDENCIES
spring-commands-rspec (~> 1.0.0)
spring-commands-spinach (~> 1.0.0)
spring-commands-teaspoon (~> 0.0.2)
sprockets (~> 2.12.3)
stamp
state_machine
task_list (= 1.0.2)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment