diff options
author | Kamil Trzciński <ayufan@ayufan.eu> | 2015-07-10 08:39:16 +0000 |
---|---|---|
committer | Kamil Trzciński <ayufan@ayufan.eu> | 2015-07-10 08:39:16 +0000 |
commit | 0261c8f1672d75ec5aaf3108476e655cdd93ad3b (patch) | |
tree | dffaf40da9a50f5f4b1c309cccd2f6db551d3178 | |
parent | a14db6d3c063724a3ee76ba9a733ba09a4fdea73 (diff) | |
parent | 9891abd292787e695cf17fa36ef5f699299caad0 (diff) | |
download | gitlab-ci-0261c8f1672d75ec5aaf3108476e655cdd93ad3b.tar.gz |
Merge branch 'rs-issue-214' into 'master'
Gem version updates
### Bump rails, jquery-rails, sprockets, sass-rails versions
Addresses security advisories:
- https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
- https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
---
### Bump coveralls version
Addresses security issues in its rest-client dependencies:
- https://github.com/rest-client/rest-client/issues/369
- http://www.osvdb.org/show/osvdb/117461
Closes #214
See merge request !194
-rw-r--r-- | Gemfile | 12 | ||||
-rw-r--r-- | Gemfile.lock | 122 |
2 files changed, 73 insertions, 61 deletions
@@ -8,11 +8,15 @@ def linux_only(require_as) RUBY_PLATFORM.include?('linux') && require_as end -gem 'rails', '4.1.11' +gem 'rails', '4.1.12' gem 'activerecord-deprecated_finders' gem 'activerecord-session_store' gem "nested_form" +# Specify a sprockets version due to security issue +# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY +gem 'sprockets', '~> 2.12.3' + # tag runners gem 'acts-as-taggable-on', '~> 3.4' @@ -69,10 +73,10 @@ gem 'hipchat', '~> 1.5.0' # Other gem 'rake' gem 'foreman' -gem 'jquery-rails' +gem 'jquery-rails', '~> 3.1.3' gem 'gitlab_ci_meta', '~> 4.0' -gem 'sass-rails', '~> 4.0.0' +gem 'sass-rails', '~> 4.0.5' gem 'coffee-rails', '~> 4.0.0' gem 'uglifier', '>= 1.0.3' @@ -121,7 +125,7 @@ group :development, :test do gem 'rb-inotify', require: linux_only('rb-inotify') gem "simplecov", require: false - gem 'coveralls', require: false + gem 'coveralls', '~> 0.8.2', require: false gem 'rubocop', '0.28.0', require: false end diff --git a/Gemfile.lock b/Gemfile.lock index 51f520f..0c8adab 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,32 +2,32 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (2.3.1) - actionmailer (4.1.11) - actionpack (= 4.1.11) - actionview (= 4.1.11) + actionmailer (4.1.12) + actionpack (= 4.1.12) + actionview (= 4.1.12) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.11) - actionview (= 4.1.11) - activesupport (= 4.1.11) + actionpack (4.1.12) + actionview (= 4.1.12) + activesupport (= 4.1.12) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.11) - activesupport (= 4.1.11) + actionview (4.1.12) + activesupport (= 4.1.12) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.11) - activesupport (= 4.1.11) + activemodel (4.1.12) + activesupport (= 4.1.12) builder (~> 3.1) - activerecord (4.1.11) - activemodel (= 4.1.11) - activesupport (= 4.1.11) + activerecord (4.1.12) + activemodel (= 4.1.12) + activesupport (= 4.1.12) arel (~> 5.0.0) activerecord-deprecated_finders (1.0.3) activerecord-session_store (0.1.0) actionpack (>= 4.0.0, < 5) activerecord (>= 4.0.0, < 5) railties (>= 4.0.0, < 5) - activesupport (4.1.11) + activesupport (4.1.12) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -85,12 +85,12 @@ GEM colored (1.2) columnize (0.9.0) connection_pool (1.2.0) - coveralls (0.7.0) - multi_json (~> 1.3) - rest-client - simplecov (>= 0.7) - term-ansicolor - thor + coveralls (0.8.2) + json (~> 1.8) + rest-client (>= 1.6.8, < 2) + simplecov (~> 0.10.0) + term-ansicolor (~> 1.3) + thor (~> 0.19.1) crack (0.4.1) safe_yaml (~> 0.9.0) database_cleaner (1.3.0) @@ -100,7 +100,9 @@ GEM descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.2.5) - docile (1.1.1) + docile (1.1.5) + domain_name (0.5.24) + unf (>= 0.0.5, < 1.0.0) dotenv (0.9.0) email_spec (1.5.0) launchy (~> 2.1) @@ -219,6 +221,8 @@ GEM hipchat (1.5.0) httparty mimemagic + http-cookie (1.0.2) + domain_name (~> 0.5) httparty (0.11.0) multi_json (~> 1.0) multi_xml (>= 0.5.2) @@ -226,13 +230,13 @@ GEM ice_nine (0.11.0) inflecto (0.0.2) ipaddress (0.8.0) - jquery-rails (3.0.4) + jquery-rails (3.1.3) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) jquery-turbolinks (2.0.1) railties (>= 3.1.0) turbolinks - json (1.8.2) + json (1.8.3) jwt (1.2.0) kaminari (0.15.0) actionpack (>= 3.0.0) @@ -250,11 +254,11 @@ GEM mail (2.6.3) mime-types (>= 1.16, < 3) method_source (0.8.2) - mime-types (2.4.3) + mime-types (2.6.1) mimemagic (0.3.0) mini_portile (0.6.2) - minitest (5.5.1) - multi_json (1.11.0) + minitest (5.7.0) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) mysql2 (0.3.14) @@ -262,6 +266,7 @@ GEM net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (2.9.2) + netrc (0.10.3) nokogiri (1.6.6.2) mini_portile (~> 0.6.0) nprogress-rails (0.1.2.3) @@ -292,7 +297,7 @@ GEM slop (~> 3.4) quiet_assets (1.0.2) railties (>= 3.1, < 5.0) - rack (1.5.2) + rack (1.5.5) rack-accept (0.4.5) rack (>= 0.4) rack-mini-profiler (0.9.0) @@ -303,19 +308,19 @@ GEM rack rack-test (0.6.3) rack (>= 1.0) - rails (4.1.11) - actionmailer (= 4.1.11) - actionpack (= 4.1.11) - actionview (= 4.1.11) - activemodel (= 4.1.11) - activerecord (= 4.1.11) - activesupport (= 4.1.11) + rails (4.1.12) + actionmailer (= 4.1.12) + actionpack (= 4.1.12) + actionview (= 4.1.12) + activemodel (= 4.1.12) + activerecord (= 4.1.12) + activesupport (= 4.1.12) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.11) + railties (= 4.1.12) sprockets-rails (~> 2.0) - railties (4.1.11) - actionpack (= 4.1.11) - activesupport (= 4.1.11) + railties (4.1.12) + actionpack (= 4.1.12) + activesupport (= 4.1.12) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (2.0.0) @@ -331,8 +336,10 @@ GEM redis (3.0.6) redis-namespace (1.4.1) redis (~> 3.0.4) - rest-client (1.6.7) - mime-types (>= 1.16) + rest-client (1.8.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 3.0) + netrc (~> 0.7) rspec (2.14.1) rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) @@ -362,10 +369,10 @@ GEM sexp_processor (~> 4.1) safe_yaml (0.9.7) sass (3.2.19) - sass-rails (4.0.3) + sass-rails (4.0.5) railties (>= 4.0.0, < 5.0) - sass (~> 3.2.0) - sprockets (~> 2.8, <= 2.11.0) + sass (~> 3.2.2) + sprockets (~> 2.8, < 3.0) sprockets-rails (~> 2.0) settingslogic (2.0.9) sexp_processor (4.5.0) @@ -377,11 +384,11 @@ GEM json redis (>= 3.0.4) redis-namespace (>= 1.3.1) - simplecov (0.8.2) + simplecov (0.10.0) docile (~> 1.1.0) - multi_json - simplecov-html (~> 0.8.0) - simplecov-html (0.8.0) + json (~> 1.8) + simplecov-html (~> 0.10.0) + simplecov-html (0.10.0) sinatra (1.4.4) rack (~> 1.4) rack-protection (~> 1.4) @@ -394,26 +401,26 @@ GEM spring (1.3.6) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (2.11.0) + sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) + sprockets-rails (2.3.2) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) stamp (0.5.0) state_machine (1.2.0) temple (0.6.7) - term-ansicolor (1.2.2) - tins (~> 0.8) + term-ansicolor (1.3.2) + tins (~> 1.0) terminal-table (1.4.5) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) timers (1.1.0) - tins (0.13.1) + tins (1.5.4) trollop (2.1.2) turbolinks (2.0.0) coffee-rails @@ -458,7 +465,7 @@ DEPENDENCIES capybara coffee-rails (~> 4.0.0) colored - coveralls + coveralls (~> 0.8.2) database_cleaner default_value_for (~> 3.0.0) email_spec @@ -475,7 +482,7 @@ DEPENDENCIES haml-rails (~> 0.5.3) hipchat (~> 1.5.0) httparty (= 0.11.0) - jquery-rails + jquery-rails (~> 3.1.3) jquery-turbolinks kaminari letter_opener @@ -490,13 +497,13 @@ DEPENDENCIES pry quiet_assets rack-mini-profiler - rails (= 4.1.11) + rails (= 4.1.12) rake rb-fsevent rb-inotify rspec-rails rubocop (= 0.28.0) - sass-rails (~> 4.0.0) + sass-rails (~> 4.0.5) settingslogic shoulda-matchers sidekiq @@ -506,6 +513,7 @@ DEPENDENCIES slim spring (~> 1.3.6) spring-commands-rspec + sprockets (~> 2.12.3) stamp state_machine turbolinks |