Commit 2cbf4528 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'rs-gem-security' into 'master'

Gem updates for security issues

- sprockets (rails dependency, but we need to specify a version to pull
  in fixes)
- sass-rails (no security issues, but required an update to meet new
  sprockets version requirement)
- rest-client (coveralls dependency)

See merge request !915
parents 9c756f93 3078b13e
...@@ -2,6 +2,10 @@ source "https://rubygems.org" ...@@ -2,6 +2,10 @@ source "https://rubygems.org"
gem 'rails', '4.1.11' gem 'rails', '4.1.11'
# Specify a sprockets version due to security issue
# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
gem 'sprockets', '~> 2.12.3'
# Default values for AR models # Default values for AR models
gem "default_value_for", "~> 3.0.0" gem "default_value_for", "~> 3.0.0"
...@@ -181,7 +185,7 @@ gem 'mousetrap-rails' ...@@ -181,7 +185,7 @@ gem 'mousetrap-rails'
# Detect and convert string character encoding # Detect and convert string character encoding
gem 'charlock_holmes' gem 'charlock_holmes'
gem "sass-rails", '~> 4.0.2' gem "sass-rails", '~> 4.0.5'
gem "coffee-rails" gem "coffee-rails"
gem "uglifier" gem "uglifier"
gem 'turbolinks', '~> 2.5.0' gem 'turbolinks', '~> 2.5.0'
...@@ -234,6 +238,12 @@ group :development, :test do ...@@ -234,6 +238,12 @@ group :development, :test do
gem 'rubocop', '0.28.0', require: false gem 'rubocop', '0.28.0', require: false
gem 'spinach-rails' gem 'spinach-rails'
# rest-client is a coveralls dependency and not used directly in GitLab, but
# we specify a version here to pick up some security fixes.
# See https://github.com/rest-client/rest-client/issues/369
# and http://www.osvdb.org/show/osvdb/117461
gem 'rest-client', '~> 1.8.0'
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.3.0' gem 'minitest', '~> 5.3.0'
......
...@@ -113,12 +113,12 @@ GEM ...@@ -113,12 +113,12 @@ GEM
colorize (0.5.8) colorize (0.5.8)
columnize (0.9.0) columnize (0.9.0)
connection_pool (2.1.0) connection_pool (2.1.0)
coveralls (0.7.0) coveralls (0.8.2)
multi_json (~> 1.3) json (~> 1.8)
rest-client rest-client (>= 1.6.8, < 2)
simplecov (>= 0.7) simplecov (~> 0.10.0)
term-ansicolor term-ansicolor (~> 1.3)
thor thor (~> 0.19.1)
crack (0.4.2) crack (0.4.2)
safe_yaml (~> 1.0.0) safe_yaml (~> 1.0.0)
creole (0.3.8) creole (0.3.8)
...@@ -149,6 +149,8 @@ GEM ...@@ -149,6 +149,8 @@ GEM
diff-lcs (1.2.5) diff-lcs (1.2.5)
diffy (3.0.3) diffy (3.0.3)
docile (1.1.5) docile (1.1.5)
domain_name (0.5.24)
unf (>= 0.0.5, < 1.0.0)
doorkeeper (2.1.3) doorkeeper (2.1.3)
railties (>= 3.2) railties (>= 3.2)
dotenv (0.9.0) dotenv (0.9.0)
...@@ -322,6 +324,8 @@ GEM ...@@ -322,6 +324,8 @@ GEM
html-pipeline (1.11.0) html-pipeline (1.11.0)
activesupport (>= 2) activesupport (>= 2)
nokogiri (~> 1.4) nokogiri (~> 1.4)
http-cookie (1.0.2)
domain_name (~> 0.5)
http_parser.rb (0.5.3) http_parser.rb (0.5.3)
httparty (0.13.3) httparty (0.13.3)
json (~> 1.8) json (~> 1.8)
...@@ -377,6 +381,7 @@ GEM ...@@ -377,6 +381,7 @@ GEM
net-scp (1.2.1) net-scp (1.2.1)
net-ssh (>= 2.6.5) net-ssh (>= 2.6.5)
net-ssh (2.9.2) net-ssh (2.9.2)
netrc (0.10.3)
newrelic_rpm (3.9.4.245) newrelic_rpm (3.9.4.245)
nokogiri (1.6.6.2) nokogiri (1.6.6.2)
mini_portile (~> 0.6.0) mini_portile (~> 0.6.0)
...@@ -525,8 +530,10 @@ GEM ...@@ -525,8 +530,10 @@ GEM
request_store (1.0.5) request_store (1.0.5)
rerun (0.10.0) rerun (0.10.0)
listen (~> 2.7, >= 2.7.3) listen (~> 2.7, >= 2.7.3)
rest-client (1.6.7) rest-client (1.8.0)
mime-types (>= 1.16) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rinku (1.7.3) rinku (1.7.3)
rotp (1.6.1) rotp (1.6.1)
rouge (1.7.7) rouge (1.7.7)
...@@ -577,10 +584,10 @@ GEM ...@@ -577,10 +584,10 @@ GEM
sanitize (2.1.0) sanitize (2.1.0)
nokogiri (>= 1.4.4) nokogiri (>= 1.4.4)
sass (3.2.19) sass (3.2.19)
sass-rails (4.0.3) sass-rails (4.0.5)
railties (>= 4.0.0, < 5.0) railties (>= 4.0.0, < 5.0)
sass (~> 3.2.0) sass (~> 3.2.2)
sprockets (~> 2.8, <= 2.11.0) sprockets (~> 2.8, < 3.0)
sprockets-rails (~> 2.0) sprockets-rails (~> 2.0)
sawyer (0.6.0) sawyer (0.6.0)
addressable (~> 2.3.5) addressable (~> 2.3.5)
...@@ -608,11 +615,11 @@ GEM ...@@ -608,11 +615,11 @@ GEM
ice_cube (= 0.11.1) ice_cube (= 0.11.1)
sidekiq (>= 3.0.0) sidekiq (>= 3.0.0)
simple_oauth (0.1.9) simple_oauth (0.1.9)
simplecov (0.9.0) simplecov (0.10.0)
docile (~> 1.1.0) docile (~> 1.1.0)
multi_json json (~> 1.8)
simplecov-html (~> 0.8.0) simplecov-html (~> 0.10.0)
simplecov-html (0.8.0) simplecov-html (0.10.0)
sinatra (1.4.4) sinatra (1.4.4)
rack (~> 1.4) rack (~> 1.4)
rack-protection (~> 1.4) rack-protection (~> 1.4)
...@@ -637,12 +644,12 @@ GEM ...@@ -637,12 +644,12 @@ GEM
spring (>= 0.9.1) spring (>= 0.9.1)
spring-commands-teaspoon (0.0.2) spring-commands-teaspoon (0.0.2)
spring (>= 0.9.1) spring (>= 0.9.1)
sprockets (2.11.0) sprockets (2.12.4)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)
rack (~> 1.0) rack (~> 1.0)
tilt (~> 1.1, != 1.3.0) tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.3.1) sprockets-rails (2.3.2)
actionpack (>= 3.0) actionpack (>= 3.0)
activesupport (>= 3.0) activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0) sprockets (>= 2.8, < 4.0)
...@@ -657,8 +664,8 @@ GEM ...@@ -657,8 +664,8 @@ GEM
teaspoon-jasmine (2.2.0) teaspoon-jasmine (2.2.0)
teaspoon (>= 1.0.0) teaspoon (>= 1.0.0)
temple (0.6.7) temple (0.6.7)
term-ansicolor (1.2.2) term-ansicolor (1.3.2)
tins (~> 0.8) tins (~> 1.0)
terminal-table (1.4.5) terminal-table (1.4.5)
test_after_commit (0.2.2) test_after_commit (0.2.2)
thin (1.6.1) thin (1.6.1)
...@@ -680,7 +687,7 @@ GEM ...@@ -680,7 +687,7 @@ GEM
mime-types (~> 1.19) mime-types (~> 1.19)
multi_json (~> 1.7) multi_json (~> 1.7)
twitter-stream (~> 0.1) twitter-stream (~> 0.1)
tins (0.13.1) tins (1.5.4)
trollop (2.1.2) trollop (2.1.2)
turbolinks (2.5.3) turbolinks (2.5.3)
coffee-rails coffee-rails
...@@ -826,12 +833,13 @@ DEPENDENCIES ...@@ -826,12 +833,13 @@ DEPENDENCIES
redis-rails redis-rails
request_store request_store
rerun (~> 0.10.0) rerun (~> 0.10.0)
rest-client (~> 1.8.0)
rqrcode-rails3 rqrcode-rails3
rspec-rails (~> 3.3.0) rspec-rails (~> 3.3.0)
rubocop (= 0.28.0) rubocop (= 0.28.0)
rugments (~> 1.0.0.beta8) rugments (~> 1.0.0.beta8)
sanitize (~> 2.0) sanitize (~> 2.0)
sass-rails (~> 4.0.2) sass-rails (~> 4.0.5)
sdoc sdoc
seed-fu seed-fu
select2-rails select2-rails
...@@ -849,6 +857,7 @@ DEPENDENCIES ...@@ -849,6 +857,7 @@ DEPENDENCIES
spring-commands-rspec (~> 1.0.0) spring-commands-rspec (~> 1.0.0)
spring-commands-spinach (~> 1.0.0) spring-commands-spinach (~> 1.0.0)
spring-commands-teaspoon (~> 0.0.2) spring-commands-teaspoon (~> 0.0.2)
sprockets (~> 2.12.3)
stamp stamp
state_machine state_machine
task_list (= 1.0.2) task_list (= 1.0.2)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment