summaryrefslogtreecommitdiff
path: root/Gemfile
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2015-06-30 21:38:26 -0400
committerRobert Speicher <rspeicher@gmail.com>2015-06-30 21:38:26 -0400
commit3078b13e7248d5f0df1e1093ebfb8f401d234784 (patch)
treea42b28c12d2ddbc89802ead0fad3691c446c7bf0 /Gemfile
parenta7773dd7e57158ac9006c582b999a75f09d1ec21 (diff)
downloadgitlab-ce-3078b13e7248d5f0df1e1093ebfb8f401d234784.tar.gz
Gem updates for security issues
- sprockets (rails dependency, but we need to specify a version to pull in fixes) - sass-rails (no security issues, but required an update to meet new sprockets version requirement) - rest-client (coveralls dependency)
Diffstat (limited to 'Gemfile')
-rw-r--r--Gemfile12
1 files changed, 11 insertions, 1 deletions
diff --git a/Gemfile b/Gemfile
index cebe957965f..368cadc97d7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,6 +2,10 @@ source "https://rubygems.org"
gem 'rails', '4.1.11'
+# Specify a sprockets version due to security issue
+# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
+gem 'sprockets', '~> 2.12.3'
+
# Default values for AR models
gem "default_value_for", "~> 3.0.0"
@@ -181,7 +185,7 @@ gem 'mousetrap-rails'
# Detect and convert string character encoding
gem 'charlock_holmes'
-gem "sass-rails", '~> 4.0.2'
+gem "sass-rails", '~> 4.0.5'
gem "coffee-rails"
gem "uglifier"
gem 'turbolinks', '~> 2.5.0'
@@ -234,6 +238,12 @@ group :development, :test do
gem 'rubocop', '0.28.0', require: false
gem 'spinach-rails'
+ # rest-client is a coveralls dependency and not used directly in GitLab, but
+ # we specify a version here to pick up some security fixes.
+ # See https://github.com/rest-client/rest-client/issues/369
+ # and http://www.osvdb.org/show/osvdb/117461
+ gem 'rest-client', '~> 1.8.0'
+
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.3.0'