Merge branch 'rs-rails-security' into 'master'
Update rails, rails-html-sanitizer, and nokogiri for security fixes See https://dev.gitlab.org/gitlab/gitlabhq/issues/2643 See merge request !2603
This commit is contained in:
commit
5516d2e4ee
3 changed files with 42 additions and 35 deletions
5
Gemfile
5
Gemfile
|
@ -1,6 +1,6 @@
|
|||
source "https://rubygems.org"
|
||||
|
||||
gem 'rails', '4.2.5'
|
||||
gem 'rails', '4.2.5.1'
|
||||
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
|
||||
|
||||
# Responders respond_to and respond_with
|
||||
|
@ -103,7 +103,8 @@ gem 'asciidoctor', '~> 1.5.2'
|
|||
gem 'rouge', '~> 1.10.1'
|
||||
|
||||
# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
|
||||
gem 'nokogiri', '1.6.7.1'
|
||||
# and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
|
||||
gem 'nokogiri', '1.6.7.2'
|
||||
|
||||
# Diffs
|
||||
gem 'diffy', '~> 3.0.3'
|
||||
|
|
66
Gemfile.lock
66
Gemfile.lock
|
@ -4,41 +4,41 @@ GEM
|
|||
CFPropertyList (2.3.2)
|
||||
RedCloth (4.2.9)
|
||||
ace-rails-ap (2.0.1)
|
||||
actionmailer (4.2.5)
|
||||
actionpack (= 4.2.5)
|
||||
actionview (= 4.2.5)
|
||||
activejob (= 4.2.5)
|
||||
actionmailer (4.2.5.1)
|
||||
actionpack (= 4.2.5.1)
|
||||
actionview (= 4.2.5.1)
|
||||
activejob (= 4.2.5.1)
|
||||
mail (~> 2.5, >= 2.5.4)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
actionpack (4.2.5)
|
||||
actionview (= 4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
actionpack (4.2.5.1)
|
||||
actionview (= 4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
rack (~> 1.6)
|
||||
rack-test (~> 0.6.2)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||
actionview (4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
actionview (4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
builder (~> 3.1)
|
||||
erubis (~> 2.7.0)
|
||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||
activejob (4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
activejob (4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
globalid (>= 0.3.0)
|
||||
activemodel (4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
activemodel (4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
builder (~> 3.1)
|
||||
activerecord (4.2.5)
|
||||
activemodel (= 4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
activerecord (4.2.5.1)
|
||||
activemodel (= 4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
arel (~> 6.0)
|
||||
activerecord-deprecated_finders (1.0.4)
|
||||
activerecord-session_store (0.1.2)
|
||||
actionpack (>= 4.0.0, < 5)
|
||||
activerecord (>= 4.0.0, < 5)
|
||||
railties (>= 4.0.0, < 5)
|
||||
activesupport (4.2.5)
|
||||
activesupport (4.2.5.1)
|
||||
i18n (~> 0.7)
|
||||
json (~> 1.7, >= 1.7.7)
|
||||
minitest (~> 5.1)
|
||||
|
@ -482,7 +482,7 @@ GEM
|
|||
grape
|
||||
newrelic_rpm
|
||||
newrelic_rpm (3.9.4.245)
|
||||
nokogiri (1.6.7.1)
|
||||
nokogiri (1.6.7.2)
|
||||
mini_portile2 (~> 2.0.0.rc2)
|
||||
nprogress-rails (0.1.6.7)
|
||||
oauth (0.4.7)
|
||||
|
@ -588,16 +588,16 @@ GEM
|
|||
rack
|
||||
rack-test (0.6.3)
|
||||
rack (>= 1.0)
|
||||
rails (4.2.5)
|
||||
actionmailer (= 4.2.5)
|
||||
actionpack (= 4.2.5)
|
||||
actionview (= 4.2.5)
|
||||
activejob (= 4.2.5)
|
||||
activemodel (= 4.2.5)
|
||||
activerecord (= 4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
rails (4.2.5.1)
|
||||
actionmailer (= 4.2.5.1)
|
||||
actionpack (= 4.2.5.1)
|
||||
actionview (= 4.2.5.1)
|
||||
activejob (= 4.2.5.1)
|
||||
activemodel (= 4.2.5.1)
|
||||
activerecord (= 4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
bundler (>= 1.3.0, < 2.0)
|
||||
railties (= 4.2.5)
|
||||
railties (= 4.2.5.1)
|
||||
sprockets-rails
|
||||
rails-deprecated_sanitizer (1.0.3)
|
||||
activesupport (>= 4.2.0.alpha)
|
||||
|
@ -605,11 +605,11 @@ GEM
|
|||
activesupport (>= 4.2.0.beta, < 5.0)
|
||||
nokogiri (~> 1.6.0)
|
||||
rails-deprecated_sanitizer (>= 1.0.1)
|
||||
rails-html-sanitizer (1.0.2)
|
||||
rails-html-sanitizer (1.0.3)
|
||||
loofah (~> 2.0)
|
||||
railties (4.2.5)
|
||||
actionpack (= 4.2.5)
|
||||
activesupport (= 4.2.5)
|
||||
railties (4.2.5.1)
|
||||
actionpack (= 4.2.5.1)
|
||||
activesupport (= 4.2.5.1)
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.18.1, < 2.0)
|
||||
rainbow (2.0.0)
|
||||
|
@ -962,7 +962,7 @@ DEPENDENCIES
|
|||
net-ssh (~> 3.0.1)
|
||||
newrelic-grape
|
||||
newrelic_rpm (~> 3.9.4.245)
|
||||
nokogiri (= 1.6.7.1)
|
||||
nokogiri (= 1.6.7.2)
|
||||
nprogress-rails (~> 0.1.6.7)
|
||||
oauth2 (~> 1.0.0)
|
||||
octokit (~> 3.7.0)
|
||||
|
@ -988,7 +988,7 @@ DEPENDENCIES
|
|||
rack-attack (~> 4.3.1)
|
||||
rack-cors (~> 0.4.0)
|
||||
rack-oauth2 (~> 1.2.1)
|
||||
rails (= 4.2.5)
|
||||
rails (= 4.2.5.1)
|
||||
rails-deprecated_sanitizer (~> 1.0.3)
|
||||
raphael-rails (~> 2.1.2)
|
||||
rblineprof
|
||||
|
|
|
@ -48,4 +48,10 @@ FactoryGirl::SyntaxRunner.class_eval do
|
|||
include RSpec::Mocks::ExampleMethods
|
||||
end
|
||||
|
||||
# Work around a Rails 4.2.5.1 issue
|
||||
# See https://github.com/rspec/rspec-rails/issues/1532
|
||||
RSpec::Rails::ViewRendering::EmptyTemplatePathSetDecorator.class_eval do
|
||||
alias_method :find_all_anywhere, :find_all
|
||||
end
|
||||
|
||||
ActiveRecord::Migration.maintain_test_schema!
|
||||
|
|
Loading…
Reference in a new issue