Bump rails, jquery-rails, sprockets, sass-rails versions

Addresses security advisories:

- https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
- https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc

2 files changed, 48 insertions, 43 deletions

diff --git a/Gemfile b/Gemfile
index 46384fc..67b28cb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,11 +8,15 @@ def linux_only(require_as)
   RUBY_PLATFORM.include?('linux') && require_as
 end
 
-gem 'rails', '4.1.11'
+gem 'rails', '4.1.12'
 gem 'activerecord-deprecated_finders'
 gem 'activerecord-session_store'
 gem "nested_form"
 
+# Specify a sprockets version due to security issue
+# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
+gem 'sprockets', '~> 2.12.3'
+
 # tag runners
 gem 'acts-as-taggable-on', '~> 3.4'
 
@@ -69,10 +73,10 @@ gem 'hipchat', '~> 1.5.0'
 # Other
 gem 'rake'
 gem 'foreman'
-gem 'jquery-rails'
+gem 'jquery-rails', '~> 3.1.3'
 gem 'gitlab_ci_meta', '~> 4.0'
 
-gem 'sass-rails',   '~> 4.0.0'
+gem 'sass-rails',   '~> 4.0.5'
 gem 'coffee-rails', '~> 4.0.0'
 
 gem 'uglifier', '>= 1.0.3'
diff --git a/Gemfile.lock b/Gemfile.lock
index 51f520f..97b6d98 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,32 +2,32 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.1)
-    actionmailer (4.1.11)
-      actionpack (= 4.1.11)
-      actionview (= 4.1.11)
+    actionmailer (4.1.12)
+      actionpack (= 4.1.12)
+      actionview (= 4.1.12)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.11)
-      actionview (= 4.1.11)
-      activesupport (= 4.1.11)
+    actionpack (4.1.12)
+      actionview (= 4.1.12)
+      activesupport (= 4.1.12)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    actionview (4.1.11)
-      activesupport (= 4.1.11)
+    actionview (4.1.12)
+      activesupport (= 4.1.12)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.11)
-      activesupport (= 4.1.11)
+    activemodel (4.1.12)
+      activesupport (= 4.1.12)
       builder (~> 3.1)
-    activerecord (4.1.11)
-      activemodel (= 4.1.11)
-      activesupport (= 4.1.11)
+    activerecord (4.1.12)
+      activemodel (= 4.1.12)
+      activesupport (= 4.1.12)
       arel (~> 5.0.0)
     activerecord-deprecated_finders (1.0.3)
     activerecord-session_store (0.1.0)
       actionpack (>= 4.0.0, < 5)
       activerecord (>= 4.0.0, < 5)
       railties (>= 4.0.0, < 5)
-    activesupport (4.1.11)
+    activesupport (4.1.12)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -226,13 +226,13 @@ GEM
     ice_nine (0.11.0)
     inflecto (0.0.2)
     ipaddress (0.8.0)
-    jquery-rails (3.0.4)
+    jquery-rails (3.1.3)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
     jquery-turbolinks (2.0.1)
       railties (>= 3.1.0)
       turbolinks
-    json (1.8.2)
+    json (1.8.3)
     jwt (1.2.0)
     kaminari (0.15.0)
       actionpack (>= 3.0.0)
@@ -250,11 +250,11 @@ GEM
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     method_source (0.8.2)
-    mime-types (2.4.3)
+    mime-types (2.6.1)
     mimemagic (0.3.0)
     mini_portile (0.6.2)
-    minitest (5.5.1)
-    multi_json (1.11.0)
+    minitest (5.7.0)
+    multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
     mysql2 (0.3.14)
@@ -292,7 +292,7 @@ GEM
       slop (~> 3.4)
     quiet_assets (1.0.2)
       railties (>= 3.1, < 5.0)
-    rack (1.5.2)
+    rack (1.5.5)
     rack-accept (0.4.5)
       rack (>= 0.4)
     rack-mini-profiler (0.9.0)
@@ -303,19 +303,19 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.1.11)
-      actionmailer (= 4.1.11)
-      actionpack (= 4.1.11)
-      actionview (= 4.1.11)
-      activemodel (= 4.1.11)
-      activerecord (= 4.1.11)
-      activesupport (= 4.1.11)
+    rails (4.1.12)
+      actionmailer (= 4.1.12)
+      actionpack (= 4.1.12)
+      actionview (= 4.1.12)
+      activemodel (= 4.1.12)
+      activerecord (= 4.1.12)
+      activesupport (= 4.1.12)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.11)
+      railties (= 4.1.12)
       sprockets-rails (~> 2.0)
-    railties (4.1.11)
-      actionpack (= 4.1.11)
-      activesupport (= 4.1.11)
+    railties (4.1.12)
+      actionpack (= 4.1.12)
+      activesupport (= 4.1.12)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.0.0)
@@ -362,10 +362,10 @@ GEM
       sexp_processor (~> 4.1)
     safe_yaml (0.9.7)
     sass (3.2.19)
-    sass-rails (4.0.3)
+    sass-rails (4.0.5)
       railties (>= 4.0.0, < 5.0)
-      sass (~> 3.2.0)
-      sprockets (~> 2.8, <= 2.11.0)
+      sass (~> 3.2.2)
+      sprockets (~> 2.8, < 3.0)
       sprockets-rails (~> 2.0)
     settingslogic (2.0.9)
     sexp_processor (4.5.0)
@@ -394,12 +394,12 @@ GEM
     spring (1.3.6)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
-    sprockets (2.11.0)
+    sprockets (2.12.4)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
+    sprockets-rails (2.3.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
@@ -410,7 +410,7 @@ GEM
       tins (~> 0.8)
     terminal-table (1.4.5)
     thor (0.19.1)
-    thread_safe (0.3.4)
+    thread_safe (0.3.5)
     tilt (1.4.1)
     timers (1.1.0)
     tins (0.13.1)
@@ -475,7 +475,7 @@ DEPENDENCIES
   haml-rails (~> 0.5.3)
   hipchat (~> 1.5.0)
   httparty (= 0.11.0)
-  jquery-rails
+  jquery-rails (~> 3.1.3)
   jquery-turbolinks
   kaminari
   letter_opener
@@ -490,13 +490,13 @@ DEPENDENCIES
   pry
   quiet_assets
   rack-mini-profiler
-  rails (= 4.1.11)
+  rails (= 4.1.12)
   rake
   rb-fsevent
   rb-inotify
   rspec-rails
   rubocop (= 0.28.0)
-  sass-rails (~> 4.0.0)
+  sass-rails (~> 4.0.5)
   settingslogic
   shoulda-matchers
   sidekiq
@@ -506,6 +506,7 @@ DEPENDENCIES
   slim
   spring (~> 1.3.6)
   spring-commands-rspec
+  sprockets (~> 2.12.3)
   stamp
   state_machine
   turbolinks