summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2016-01-25 23:22:24 +0000
committerRobert Speicher <rspeicher@gmail.com>2016-01-25 15:26:24 -0800
commitcb664e269ff29da7060fe6f09510465e58f8ac5b (patch)
tree9953127ccc26b5dbdada77086c7817a89da339c6
parentdeee73f9040c4d99a77051c936f215326ada74f2 (diff)
downloadgitlab-ce-cb664e269ff29da7060fe6f09510465e58f8ac5b.tar.gz
Merge branch 'rs-rails-security' into 'master'
Update rails, rails-html-sanitizer, and nokogiri for security fixes See https://dev.gitlab.org/gitlab/gitlabhq/issues/2643 See merge request !2603
-rw-r--r--Gemfile5
-rw-r--r--Gemfile.lock66
-rw-r--r--spec/spec_helper.rb6
3 files changed, 42 insertions, 35 deletions
diff --git a/Gemfile b/Gemfile
index 8448eeb09c1..acd187400a3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
source "https://rubygems.org"
-gem 'rails', '4.2.5'
+gem 'rails', '4.2.5.1'
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Responders respond_to and respond_with
@@ -103,7 +103,8 @@ gem 'asciidoctor', '~> 1.5.2'
gem 'rouge', '~> 1.10.1'
# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
-gem 'nokogiri', '1.6.7.1'
+# and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
+gem 'nokogiri', '1.6.7.2'
# Diffs
gem 'diffy', '~> 3.0.3'
diff --git a/Gemfile.lock b/Gemfile.lock
index 10f418ab8c4..1386e2c45f2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,41 +4,41 @@ GEM
CFPropertyList (2.3.2)
RedCloth (4.2.9)
ace-rails-ap (2.0.1)
- actionmailer (4.2.5)
- actionpack (= 4.2.5)
- actionview (= 4.2.5)
- activejob (= 4.2.5)
+ actionmailer (4.2.5.1)
+ actionpack (= 4.2.5.1)
+ actionview (= 4.2.5.1)
+ activejob (= 4.2.5.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
- actionpack (4.2.5)
- actionview (= 4.2.5)
- activesupport (= 4.2.5)
+ actionpack (4.2.5.1)
+ actionview (= 4.2.5.1)
+ activesupport (= 4.2.5.1)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
- actionview (4.2.5)
- activesupport (= 4.2.5)
+ actionview (4.2.5.1)
+ activesupport (= 4.2.5.1)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
- activejob (4.2.5)
- activesupport (= 4.2.5)
+ activejob (4.2.5.1)
+ activesupport (= 4.2.5.1)
globalid (>= 0.3.0)
- activemodel (4.2.5)
- activesupport (= 4.2.5)
+ activemodel (4.2.5.1)
+ activesupport (= 4.2.5.1)
builder (~> 3.1)
- activerecord (4.2.5)
- activemodel (= 4.2.5)
- activesupport (= 4.2.5)
+ activerecord (4.2.5.1)
+ activemodel (= 4.2.5.1)
+ activesupport (= 4.2.5.1)
arel (~> 6.0)
activerecord-deprecated_finders (1.0.4)
activerecord-session_store (0.1.2)
actionpack (>= 4.0.0, < 5)
activerecord (>= 4.0.0, < 5)
railties (>= 4.0.0, < 5)
- activesupport (4.2.5)
+ activesupport (4.2.5.1)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
@@ -482,7 +482,7 @@ GEM
grape
newrelic_rpm
newrelic_rpm (3.9.4.245)
- nokogiri (1.6.7.1)
+ nokogiri (1.6.7.2)
mini_portile2 (~> 2.0.0.rc2)
nprogress-rails (0.1.6.7)
oauth (0.4.7)
@@ -588,16 +588,16 @@ GEM
rack
rack-test (0.6.3)
rack (>= 1.0)
- rails (4.2.5)
- actionmailer (= 4.2.5)
- actionpack (= 4.2.5)
- actionview (= 4.2.5)
- activejob (= 4.2.5)
- activemodel (= 4.2.5)
- activerecord (= 4.2.5)
- activesupport (= 4.2.5)
+ rails (4.2.5.1)
+ actionmailer (= 4.2.5.1)
+ actionpack (= 4.2.5.1)
+ actionview (= 4.2.5.1)
+ activejob (= 4.2.5.1)
+ activemodel (= 4.2.5.1)
+ activerecord (= 4.2.5.1)
+ activesupport (= 4.2.5.1)
bundler (>= 1.3.0, < 2.0)
- railties (= 4.2.5)
+ railties (= 4.2.5.1)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
@@ -605,11 +605,11 @@ GEM
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1)
- rails-html-sanitizer (1.0.2)
+ rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
- railties (4.2.5)
- actionpack (= 4.2.5)
- activesupport (= 4.2.5)
+ railties (4.2.5.1)
+ actionpack (= 4.2.5.1)
+ activesupport (= 4.2.5.1)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rainbow (2.0.0)
@@ -962,7 +962,7 @@ DEPENDENCIES
net-ssh (~> 3.0.1)
newrelic-grape
newrelic_rpm (~> 3.9.4.245)
- nokogiri (= 1.6.7.1)
+ nokogiri (= 1.6.7.2)
nprogress-rails (~> 0.1.6.7)
oauth2 (~> 1.0.0)
octokit (~> 3.7.0)
@@ -988,7 +988,7 @@ DEPENDENCIES
rack-attack (~> 4.3.1)
rack-cors (~> 0.4.0)
rack-oauth2 (~> 1.2.1)
- rails (= 4.2.5)
+ rails (= 4.2.5.1)
rails-deprecated_sanitizer (~> 1.0.3)
raphael-rails (~> 2.1.2)
rblineprof
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 0225a0ee53f..8f381f46e57 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -48,4 +48,10 @@ FactoryGirl::SyntaxRunner.class_eval do
include RSpec::Mocks::ExampleMethods
end
+# Work around a Rails 4.2.5.1 issue
+# See https://github.com/rspec/rspec-rails/issues/1532
+RSpec::Rails::ViewRendering::EmptyTemplatePathSetDecorator.class_eval do
+ alias_method :find_all_anywhere, :find_all
+end
+
ActiveRecord::Migration.maintain_test_schema!