diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2015-06-30 21:38:26 -0400 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-06-30 21:38:26 -0400 |
| commit | 3078b13e7248d5f0df1e1093ebfb8f401d234784 (patch) | |
| tree | a42b28c12d2ddbc89802ead0fad3691c446c7bf0 /Gemfile | |
| parent | a7773dd7e57158ac9006c582b999a75f09d1ec21 (diff) | |
| download | gitlab-ce-3078b13e7248d5f0df1e1093ebfb8f401d234784.tar.gz | |
Gem updates for security issues
- sprockets (rails dependency, but we need to specify a version to pull
in fixes)
- sass-rails (no security issues, but required an update to meet new
sprockets version requirement)
- rest-client (coveralls dependency)
Diffstat (limited to 'Gemfile')
| -rw-r--r-- | Gemfile | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -2,6 +2,10 @@ source "https://rubygems.org" gem 'rails', '4.1.11' +# Specify a sprockets version due to security issue +# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY +gem 'sprockets', '~> 2.12.3' + # Default values for AR models gem "default_value_for", "~> 3.0.0" @@ -181,7 +185,7 @@ gem 'mousetrap-rails' # Detect and convert string character encoding gem 'charlock_holmes' -gem "sass-rails", '~> 4.0.2' +gem "sass-rails", '~> 4.0.5' gem "coffee-rails" gem "uglifier" gem 'turbolinks', '~> 2.5.0' @@ -234,6 +238,12 @@ group :development, :test do gem 'rubocop', '0.28.0', require: false gem 'spinach-rails' + # rest-client is a coveralls dependency and not used directly in GitLab, but + # we specify a version here to pick up some security fixes. + # See https://github.com/rest-client/rest-client/issues/369 + # and http://www.osvdb.org/show/osvdb/117461 + gem 'rest-client', '~> 1.8.0' + # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) gem 'minitest', '~> 5.3.0' |