summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-10-15 08:21:18 +0000
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-10-15 08:21:18 +0000
commitfb7785628a04f9facb0d05867cb5c4cafb646561 (patch)
tree9198986215365465771f135fc6288ca4470f1d6e
parente2045f5e68b7dfb058f332a07d56ad285ceb6f77 (diff)
parent0fbb544c502a30c751a4a8c8f954f853aece93b2 (diff)
downloadgitlab-ce-fb7785628a04f9facb0d05867cb5c4cafb646561.tar.gz
Merge branch 'rs-update-uglifier' into 'master'
Update uglifier to ~> 2.7.2 Fixes a security vulnerability: - https://github.com/lautis/uglifier/pull/86 - https://github.com/mishoo/UglifyJS2/issues/751 - https://zyan.scripts.mit.edu/blog/backdooring-js/ See merge request !1590
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock4
2 files changed, 3 insertions, 3 deletions
diff --git a/Gemfile b/Gemfile
index 392644dfa86..9b2416ab45f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -196,7 +196,7 @@ gem 'charlock_holmes', '~> 0.6.9.4'
gem "sass-rails", '~> 4.0.5'
gem "coffee-rails", '~> 4.1.0'
-gem "uglifier", '~> 2.3.2'
+gem "uglifier", '~> 2.7.2'
gem 'turbolinks', '~> 2.5.0'
gem 'jquery-turbolinks', '~> 2.0.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7e989aa461b..8cc400aa55c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -741,7 +741,7 @@ GEM
simple_oauth (~> 0.1.4)
tzinfo (1.2.2)
thread_safe (~> 0.1)
- uglifier (2.3.3)
+ uglifier (2.7.2)
execjs (>= 0.3.0)
json (>= 1.8.0)
underscore-rails (1.4.4)
@@ -926,7 +926,7 @@ DEPENDENCIES
thin (~> 1.6.1)
tinder (~> 1.10.0)
turbolinks (~> 2.5.0)
- uglifier (~> 2.3.2)
+ uglifier (~> 2.7.2)
underscore-rails (~> 1.4.4)
unf (~> 0.1.4)
unicorn (~> 4.8.2)