Merge branch 'rs-gem-security' into 'master'
Gem updates for security issues - sprockets (rails dependency, but we need to specify a version to pull in fixes) - sass-rails (no security issues, but required an update to meet new sprockets version requirement) - rest-client (coveralls dependency) See merge request !915
Showing
... | @@ -2,6 +2,10 @@ source "https://rubygems.org" | ... | @@ -2,6 +2,10 @@ source "https://rubygems.org" |
gem 'rails', '4.1.11' | gem 'rails', '4.1.11' | ||
# Specify a sprockets version due to security issue | |||
# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY | |||
gem 'sprockets', '~> 2.12.3' | |||
# Default values for AR models | # Default values for AR models | ||
gem "default_value_for", "~> 3.0.0" | gem "default_value_for", "~> 3.0.0" | ||
... | @@ -181,7 +185,7 @@ gem 'mousetrap-rails' | ... | @@ -181,7 +185,7 @@ gem 'mousetrap-rails' |
# Detect and convert string character encoding | # Detect and convert string character encoding | ||
gem 'charlock_holmes' | gem 'charlock_holmes' | ||
gem "sass-rails", '~> 4.0.2' | gem "sass-rails", '~> 4.0.5' | ||
gem "coffee-rails" | gem "coffee-rails" | ||
gem "uglifier" | gem "uglifier" | ||
gem 'turbolinks', '~> 2.5.0' | gem 'turbolinks', '~> 2.5.0' | ||
... | @@ -234,6 +238,12 @@ group :development, :test do | ... | @@ -234,6 +238,12 @@ group :development, :test do |
gem 'rubocop', '0.28.0', require: false | gem 'rubocop', '0.28.0', require: false | ||
gem 'spinach-rails' | gem 'spinach-rails' | ||
# rest-client is a coveralls dependency and not used directly in GitLab, but | |||
# we specify a version here to pick up some security fixes. | |||
# See https://github.com/rest-client/rest-client/issues/369 | |||
# and http://www.osvdb.org/show/osvdb/117461 | |||
gem 'rest-client', '~> 1.8.0' | |||
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) | # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) | ||
gem 'minitest', '~> 5.3.0' | gem 'minitest', '~> 5.3.0' | ||
... | ... |
Please register or sign in to comment