Skip to content

[Snyk] Fix for 3 vulnerabilities #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 3 vulnerabilities #97

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 56 additions & 56 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
source "https://rubygems.org"

gem 'rails', '4.2.6'
gem 'rails', '5.0.0'
gem 'rails-deprecated_sanitizer', '~> 1.0.3'

# Responders respond_to and respond_with
gem 'responders', '~> 2.0'
gem 'responders', '~> 2.1', '>= 2.1.2'

# Specify a sprockets version due to increased performance
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/6069
gem 'sprockets', '~> 3.6.0'
gem 'sprockets', '~> 3.6.1'

# Default values for AR models
gem "default_value_for", "~> 3.0.0"
Expand All @@ -18,32 +18,32 @@ gem "mysql2", '~> 0.3.16', group: :mysql
gem "pg", '~> 0.18.2', group: :postgres

# Authentication libraries
gem 'devise', '~> 3.5.4'
gem 'doorkeeper', '~> 3.1'
gem 'devise-async', '~> 0.9.0'
gem 'omniauth', '~> 1.3.1'
gem 'omniauth-auth0', '~> 1.4.1'
gem 'omniauth-azure-oauth2', '~> 0.0.6'
gem 'devise', '~> 4.0.0'
gem 'doorkeeper', '~> 4.0', '>= 4.0.0'
gem 'devise-async', '~> 1.0.0'
gem 'omniauth', '~> 1.3.2'
gem 'omniauth-auth0', '~> 1.4.2'
gem 'omniauth-azure-oauth2', '~> 0.0.8'
gem 'omniauth-bitbucket', '~> 0.0.2'
gem 'omniauth-cas3', '~> 1.1.2'
gem 'omniauth-facebook', '~> 3.0.0'
gem 'omniauth-github', '~> 1.1.1'
gem 'omniauth-gitlab', '~> 1.0.0'
gem 'omniauth-google-oauth2', '~> 0.2.0'
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
gem 'omniauth-saml', '~> 1.5.0'
gem 'omniauth-shibboleth', '~> 1.2.0'
gem 'omniauth-twitter', '~> 1.2.0'
gem 'omniauth_crowd', '~> 2.2.0'
gem 'rack-oauth2', '~> 1.2.1'
gem 'omniauth-cas3', '~> 1.1.4'
gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-github', '~> 1.2.0'
gem 'omniauth-gitlab', '~> 1.0.2'
gem 'omniauth-google-oauth2', '~> 0.3.0'
gem 'omniauth-kerberos', '~> 0.4.0', group: :kerberos
gem 'omniauth-saml', '~> 1.6.0'
gem 'omniauth-shibboleth', '~> 1.3.0'
gem 'omniauth-twitter', '~> 1.3.0'
gem 'omniauth_crowd', '~> 2.3.0'
gem 'rack-oauth2', '~> 1.2.2'
gem 'jwt'

# Spam and anti-bot protection
gem 'recaptcha', require: 'recaptcha/rails'
gem 'akismet', '~> 2.0'

# Two-factor authentication
gem 'devise-two-factor', '~> 2.0.0'
gem 'devise-two-factor', '~> 3.0.0'
gem 'rqrcode-rails3', '~> 0.1.7'
gem 'attr_encrypted', '~> 1.3.4'

Expand All @@ -57,7 +57,7 @@ gem "gitlab_git", '~> 10.0'
# LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes
# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap"
gem 'gitlab_omniauth-ldap', '~> 2.0.0', require: "omniauth-ldap"

# Git Wiki
# Required manually in config/initializers/gollum.rb to control load order
Expand All @@ -68,21 +68,21 @@ gem 'gollum-rugged_adapter', '~> 0.4.2', require: false
gem "github-linguist", "~> 4.7.0", require: "linguist"

# API
gem 'grape', '~> 0.13.0'
gem 'grape', '~> 0.14.0'
gem 'grape-entity', '~> 0.4.2'
gem 'rack-cors', '~> 0.4.0', require: 'rack/cors'

# Pagination
gem "kaminari", "~> 0.16.3"
gem "kaminari", "~> 0.17.0"

# HAML
gem "haml-rails", '~> 0.9.0'
gem "haml-rails", "~> 1.0.0"

# Files attachments
gem "carrierwave", '~> 0.10.0'

# Drag and Drop UI
gem 'dropzonejs-rails', '~> 0.7.1'
gem 'dropzonejs-rails', '~> 0.7.3'

# for aws storage
gem "fog", "~> 1.36.0"
Expand Down Expand Up @@ -116,8 +116,8 @@ gem 'diffy', '~> 3.0.3'

# Application server
group :unicorn do
gem "unicorn", '~> 4.9.0'
gem 'unicorn-worker-killer', '~> 0.4.2'
gem "unicorn", "~> 5.0.0"
gem 'unicorn-worker-killer', '~> 0.4.5'
end

# State machine
Expand All @@ -129,7 +129,7 @@ gem 'after_commit_queue'
gem 'acts-as-taggable-on', '~> 3.4'

# Background jobs
gem 'sinatra', '~> 1.4.4', require: nil
gem 'sinatra', '~> 2.0.0', require: nil
gem 'sidekiq', '~> 4.0'
gem 'sidekiq-cron', '~> 0.4.0'
gem 'redis-namespace'
Expand All @@ -148,7 +148,7 @@ gem 'settingslogic', '~> 2.0.9'
gem 'version_sorter', '~> 2.0.0'

# Cache
gem "redis-rails", '~> 4.0.0'
gem "redis-rails", "~> 5.0.0"

# Redis
gem 'redis', '~> 3.2'
Expand All @@ -170,13 +170,13 @@ gem "gemnasium-gitlab-service", "~> 0.2"
gem "slack-notifier", "~> 1.2.0"

# Asana integration
gem 'asana', '~> 0.4.0'
gem 'asana', '~> 0.5.0'

# FogBugz integration
gem 'ruby-fogbugz', '~> 0.2.1'

# d3
gem 'd3_rails', '~> 3.5.0'
gem 'd3_rails', '~> 3.5.12'

# underscore-rails
gem "underscore-rails", "~> 1.8.0"
Expand All @@ -192,7 +192,7 @@ gem "loofah", "~> 2.0.3"
gem 'licensee', '~> 8.0.0'

# Protect against bruteforcing
gem "rack-attack", '~> 4.3.1'
gem "rack-attack", "~> 4.4.0"

# Ace editor
gem 'ace-rails-ap', '~> 4.0.2'
Expand All @@ -203,20 +203,20 @@ gem 'mousetrap-rails', '~> 1.4.6'
# Detect and convert string character encoding
gem 'charlock_holmes', '~> 0.7.3'

gem "sass-rails", '~> 5.0.0'
gem "coffee-rails", '~> 4.1.0'
gem "sass-rails", "~> 5.0.5"
gem "coffee-rails", "~> 4.2.0"
gem "uglifier", '~> 2.7.2'
gem 'turbolinks', '~> 2.5.0'
gem 'turbolinks', '~> 2.5.4'
gem 'jquery-turbolinks', '~> 2.1.0'

gem 'addressable', '~> 2.3.8'
gem 'bootstrap-sass', '~> 3.3.0'
gem 'font-awesome-rails', '~> 4.2'
gem 'font-awesome-rails', '~> 4.6', '>= 4.6.0.0'
gem 'gitlab_emoji', '~> 0.3.0'
gem 'gon', '~> 6.0.1'
gem 'gon', '~> 6.1.0'
gem 'jquery-atwho-rails', '~> 1.3.2'
gem 'jquery-rails', '~> 4.1.0'
gem 'jquery-ui-rails', '~> 5.0.0'
gem 'jquery-rails', '~> 4.2.0'
gem 'jquery-ui-rails', '~> 6.0.0'
gem 'raphael-rails', '~> 2.1.2'
gem 'request_store', '~> 1.3.0'
gem 'select2-rails', '~> 3.5.9'
Expand All @@ -227,7 +227,7 @@ gem 'base32', '~> 0.3.0'
# Sentry integration
gem 'sentry-raven', '~> 0.15'

gem 'premailer-rails', '~> 1.9.0'
gem 'premailer-rails', '~> 1.9.3'

# Metrics
group :metrics do
Expand All @@ -240,12 +240,12 @@ group :development do
gem "foreman"
gem 'brakeman', '~> 3.2.0', require: false

gem 'letter_opener_web', '~> 1.3.0'
gem 'quiet_assets', '~> 1.0.2'
gem 'letter_opener_web', '~> 1.3.1'
gem 'quiet_assets', '~> 1.1.0'
gem 'rerun', '~> 0.11.0'
gem 'bullet', require: false
gem 'rblineprof', platform: :mri, require: false
gem 'web-console', '~> 2.0'
gem 'web-console', '~> 3.0', '>= 3.0.0'

# Better errors handler
gem 'better_errors', '~> 1.0.1'
Expand All @@ -255,7 +255,7 @@ group :development do
gem "sdoc", '~> 0.3.20'

# thin instead webrick
gem 'thin', '~> 1.6.1'
gem 'thin', '~> 1.7.0'
end

group :development, :test do
Expand All @@ -266,8 +266,8 @@ group :development, :test do
gem 'fuubar', '~> 2.0.0'

gem 'database_cleaner', '~> 1.4.0'
gem 'factory_girl_rails', '~> 4.6.0'
gem 'rspec-rails', '~> 3.4.0'
gem 'factory_girl_rails', '~> 4.7.0'
gem 'rspec-rails', '~> 3.5.0'
gem 'rspec-retry'
gem 'spinach-rails', '~> 0.2.1'
gem 'spinach-rerun-reporter', '~> 0.0.2'
Expand All @@ -278,12 +278,12 @@ group :development, :test do
# Generate Fake data
gem 'ffaker', '~> 2.0.0'

gem 'capybara', '~> 2.6.2'
gem 'capybara-screenshot', '~> 1.0.0'
gem 'poltergeist', '~> 1.9.0'
gem 'capybara', '~> 2.7.0'
gem 'capybara-screenshot', '~> 1.0.12'
gem 'poltergeist', '~> 1.10.0'

gem 'teaspoon', '~> 1.1.0'
gem 'teaspoon-jasmine', '~> 2.2.0'
gem 'teaspoon', '~> 1.2.0'
gem 'teaspoon-jasmine', '~> 2.3.4'

gem 'spring', '~> 1.7.0'
gem 'spring-commands-rspec', '~> 1.0.4'
Expand All @@ -307,7 +307,7 @@ group :test do
gem 'email_spec', '~> 1.6.0'
gem 'webmock', '~> 1.21.0'
gem 'test_after_commit', '~> 0.4.2'
gem 'sham_rack'
gem 'sham_rack', '>= 1.4.0'
end

group :production do
Expand All @@ -323,14 +323,14 @@ gem "mail_room", "~> 0.7"
gem 'email_reply_parser', '~> 0.5.8'

## CI
gem 'activerecord-session_store', '~> 1.0.0'
gem 'activerecord-session_store', '~> 1.1.0'
gem "nested_form", '~> 0.3.2'

# OAuth
gem 'oauth2', '~> 1.0.0'
gem 'oauth2', '~> 1.1.0'

# Soft deletion
gem "paranoia", "~> 2.0"

# Health check
gem 'health_check', '~> 1.5.1'
gem 'health_check', '~> 1.7.2'