diff --git a/Gemfile b/Gemfile index f03a085..9ecc2ee 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ gem "pg", '~> 0.18.2', group: :postgres gem 'devise', '~> 3.5.4' gem 'devise-async', '~> 0.9.0' gem 'doorkeeper', '~> 2.2.0' -gem 'omniauth', '~> 1.2.2' +gem 'omniauth', '~> 1.3.1' gem 'omniauth-azure-oauth2', '~> 0.0.6' gem 'omniauth-bitbucket', '~> 0.0.2' gem 'omniauth-cas3', '~> 1.1.2' @@ -36,8 +36,9 @@ gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' gem 'rack-oauth2', '~> 1.2.1' -# reCAPTCHA protection +# Spam and anti-bot protection gem 'recaptcha', require: 'recaptcha/rails' +gem 'akismet', '~> 2.0' # Two-factor authentication gem 'devise-two-factor', '~> 2.0.0' @@ -49,7 +50,7 @@ gem "browser", '~> 1.0.0' # Extracting information from a git repository # Provide access to Gitlab::Git library -gem "gitlab_git", '~> 7.2.24' +gem "gitlab_git", '~> 8.2' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes @@ -104,7 +105,7 @@ gem 'rouge', '~> 1.10.1' # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM -gem 'nokogiri', '1.6.7.2' +gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2' # Diffs gem 'diffy', '~> 3.0.3' @@ -179,6 +180,9 @@ gem "underscore-rails", "~> 1.8.0" gem "sanitize", '~> 2.0' gem 'babosa', '~> 1.0.2' +# Sanitizes SVG input +gem "loofah", "~> 2.0.3" + # Protect against bruteforcing gem "rack-attack", '~> 4.3.1' @@ -200,7 +204,7 @@ gem 'jquery-turbolinks', '~> 2.1.0' gem 'addressable', '~> 2.3.8' gem 'bootstrap-sass', '~> 3.3.0' gem 'font-awesome-rails', '~> 4.2' -gem 'gitlab_emoji', '~> 0.2.0' +gem 'gitlab_emoji', '~> 0.3.0' gem 'gon', '~> 6.0.1' gem 'jquery-atwho-rails', '~> 1.3.2' gem 'jquery-rails', '~> 4.0.0' @@ -213,6 +217,9 @@ gem 'select2-rails', '~> 3.5.9' gem 'virtus', '~> 1.0.1' gem 'net-ssh', '~> 3.0.1' +# Sentry integration +gem 'sentry-raven', '~> 0.15' + # Metrics group :metrics do gem 'allocations', '~> 1.0', require: false, platform: :mri @@ -294,15 +301,11 @@ end group :production do gem "gitlab_meta", '7.0' - - # Sentry integration - gem 'sentry-raven' end -gem "newrelic_rpm", '~> 3.9.4.245' -gem 'newrelic-grape' +gem "newrelic_rpm", '~> 3.14' -gem 'octokit', '~> 3.7.0' +gem 'octokit', '~> 3.8.0' gem "mail_room", "~> 0.6.1" diff --git a/Gemfile.lock b/Gemfile.lock index 8ff1471..02f93c8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -49,6 +49,7 @@ GEM addressable (2.3.8) after_commit_queue (1.3.0) activerecord (>= 3.0) + akismet (2.0.0) allocations (1.0.4) annotate (2.6.10) activerecord (>= 3.2, <= 4.3) @@ -101,7 +102,7 @@ GEM bullet (5.0.0) activesupport (>= 3.0.0) uniform_notifier (~> 1.9.0) - bundler-audit (0.4.0) + bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) byebug (8.2.2) @@ -134,7 +135,7 @@ GEM execjs coffee-script-source (1.10.0) colorize (0.7.7) - concurrent-ruby (1.0.0) + concurrent-ruby (1.0.1) connection_pool (2.2.0) coveralls (0.8.9) json (~> 1.8) @@ -174,7 +175,7 @@ GEM diff-lcs (1.2.5) diffy (3.0.7) docile (1.1.5) - domain_name (0.5.20160128) + domain_name (0.5.20160216) unf (>= 0.0.5, < 1.0.0) doorkeeper (2.2.2) railties (>= 3.2) @@ -189,7 +190,7 @@ GEM erubis (2.7.0) escape_utils (1.1.0) eventmachine (1.0.9.1) - excon (0.45.4) + excon (0.46.0) execjs (2.6.0) expression_parser (0.9.0) factory_girl (4.3.0) @@ -354,13 +355,13 @@ GEM diff-lcs (~> 1.1) mime-types (~> 1.15) posix-spawn (~> 0.3) - gitlab_emoji (0.2.1) - gemojione (~> 2.1) - gitlab_git (7.2.24) + gitlab_emoji (0.3.1) + gemojione (~> 2.2, >= 2.2.1) + gitlab_git (8.2.0) activesupport (~> 4.0) charlock_holmes (~> 0.7.3) github-linguist (~> 4.7.0) - rugged (~> 0.23.3) + rugged (~> 0.24.0b13) gitlab_meta (7.0) gitlab_omniauth-ldap (1.2.1) net-ldap (~> 0.9) @@ -407,7 +408,7 @@ GEM hashie (3.4.3) highline (1.7.8) hike (1.2.3) - hipchat (1.5.2) + hipchat (1.5.3) httparty mimemagic html-pipeline (1.11.0) @@ -445,7 +446,7 @@ GEM jquery-ui-rails (5.0.5) railties (>= 3.2.16) json (1.8.3) - jwt (1.5.2) + jwt (1.5.3) kaminari (0.16.3) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -478,10 +479,7 @@ GEM net-ldap (0.14.0) net-ssh (3.0.2) netrc (0.11.0) - newrelic-grape (2.1.0) - grape - newrelic_rpm - newrelic_rpm (3.9.4.245) + newrelic_rpm (3.15.0.314) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) nprogress-rails (0.1.6.7) @@ -492,11 +490,11 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) - octokit (3.7.1) + octokit (3.8.0) sawyer (~> 0.6.0, >= 0.5.3) - omniauth (1.2.2) + omniauth (1.3.1) hashie (>= 1.2, < 4) - rack (~> 1.0) + rack (>= 1.0, < 3) omniauth-azure-oauth2 (0.0.6) jwt (~> 1.0) omniauth (~> 1.0) @@ -705,7 +703,7 @@ GEM rubyntlm (0.6.0) rubypants (0.2.0) rufus-scheduler (3.2.0) - rugged (0.23.3) + rugged (0.24.0b13) safe_yaml (1.0.4) sanitize (2.1.0) nokogiri (>= 1.4.4) @@ -885,6 +883,7 @@ DEPENDENCIES acts-as-taggable-on (~> 3.4) addressable (~> 2.3.8) after_commit_queue + akismet (~> 2.0) allocations (~> 1.0) annotate (~> 2.6.0) asana (~> 0.4.0) @@ -934,8 +933,8 @@ DEPENDENCIES github-linguist (~> 4.7.0) github-markup (~> 1.3.1) gitlab-flowdock-git-hook (~> 1.0.1) - gitlab_emoji (~> 0.2.0) - gitlab_git (~> 7.2.24) + gitlab_emoji (~> 0.3.0) + gitlab_git (~> 8.2) gitlab_meta (= 7.0) gitlab_omniauth-ldap (~> 1.2.1) gollum-lib (~> 4.1.0) @@ -954,6 +953,7 @@ DEPENDENCIES jquery-ui-rails (~> 5.0.0) kaminari (~> 0.16.3) letter_opener (~> 1.1.2) + loofah (~> 2.0.3) mail_room (~> 0.6.1) method_source (~> 0.8) minitest (~> 5.7.0) @@ -961,13 +961,12 @@ DEPENDENCIES mysql2 (~> 0.3.16) nested_form (~> 0.3.2) net-ssh (~> 3.0.1) - newrelic-grape - newrelic_rpm (~> 3.9.4.245) - nokogiri (= 1.6.7.2) + newrelic_rpm (~> 3.14) + nokogiri (~> 1.6.7, >= 1.6.7.2) nprogress-rails (~> 0.1.6.7) oauth2 (~> 1.0.0) - octokit (~> 3.7.0) - omniauth (~> 1.2.2) + octokit (~> 3.8.0) + omniauth (~> 1.3.1) omniauth-azure-oauth2 (~> 0.0.6) omniauth-bitbucket (~> 0.0.2) omniauth-cas3 (~> 1.1.2) @@ -1012,7 +1011,7 @@ DEPENDENCIES sdoc (~> 0.3.20) seed-fu (~> 2.3.5) select2-rails (~> 3.5.9) - sentry-raven + sentry-raven (~> 0.15) settingslogic (~> 2.0.9) sham_rack shoulda-matchers (~> 2.8.0) diff --git a/Makefile b/Makefile index 60c62ac..4a86f64 100644 --- a/Makefile +++ b/Makefile @@ -8,11 +8,11 @@ export MANPATH := /opt/rh/rh-ruby22/root/usr/share/man:$MANPATH export PKG_CONFIG_PATH := /opt/rh/rh-ruby22/root/usr/lib64/pkgconfig${PKG_CONFIG_PATH:+:${PKG_CONFIG_PATH}} export XDG_DATA_DIRS := /opt/rh/rh-ruby22/root/usr/share${XDG_DATA_DIRS:+:${XDG_DATA_DIRS}} -VERSION = 8.4 +VERSION = 8.5 TARBALL = gitlab-deps-$(VERSION).tar.gz PREFIX = /usr WGET = wget -GITLAB_BRANCH = 8-4-stable +GITLAB_BRANCH = 8-5-stable BUNDLE_OPTS = --verbose --without='development test' all: diff --git a/vendor/cache/akismet-2.0.0.gem b/vendor/cache/akismet-2.0.0.gem new file mode 100644 index 0000000..d7d7124 Binary files /dev/null and b/vendor/cache/akismet-2.0.0.gem differ diff --git a/vendor/cache/bundler-audit-0.4.0.gem b/vendor/cache/bundler-audit-0.4.0.gem deleted file mode 100644 index 9a7173c..0000000 Binary files a/vendor/cache/bundler-audit-0.4.0.gem and /dev/null differ diff --git a/vendor/cache/bundler-audit-0.5.0.gem b/vendor/cache/bundler-audit-0.5.0.gem new file mode 100644 index 0000000..2b5dcd3 Binary files /dev/null and b/vendor/cache/bundler-audit-0.5.0.gem differ diff --git a/vendor/cache/concurrent-ruby-1.0.0.gem b/vendor/cache/concurrent-ruby-1.0.0.gem deleted file mode 100644 index d8c91dc..0000000 Binary files a/vendor/cache/concurrent-ruby-1.0.0.gem and /dev/null differ diff --git a/vendor/cache/concurrent-ruby-1.0.1.gem b/vendor/cache/concurrent-ruby-1.0.1.gem new file mode 100644 index 0000000..4b97b7c Binary files /dev/null and b/vendor/cache/concurrent-ruby-1.0.1.gem differ diff --git a/vendor/cache/domain_name-0.5.20160128.gem b/vendor/cache/domain_name-0.5.20160128.gem deleted file mode 100644 index c25aac3..0000000 Binary files a/vendor/cache/domain_name-0.5.20160128.gem and /dev/null differ diff --git a/vendor/cache/domain_name-0.5.20160216.gem b/vendor/cache/domain_name-0.5.20160216.gem new file mode 100644 index 0000000..6369a9e Binary files /dev/null and b/vendor/cache/domain_name-0.5.20160216.gem differ diff --git a/vendor/cache/excon-0.45.4.gem b/vendor/cache/excon-0.45.4.gem deleted file mode 100644 index 135f55a..0000000 Binary files a/vendor/cache/excon-0.45.4.gem and /dev/null differ diff --git a/vendor/cache/excon-0.46.0.gem b/vendor/cache/excon-0.46.0.gem new file mode 100644 index 0000000..4334ef7 Binary files /dev/null and b/vendor/cache/excon-0.46.0.gem differ diff --git a/vendor/cache/gitlab_emoji-0.2.1.gem b/vendor/cache/gitlab_emoji-0.2.1.gem deleted file mode 100644 index f202309..0000000 Binary files a/vendor/cache/gitlab_emoji-0.2.1.gem and /dev/null differ diff --git a/vendor/cache/gitlab_emoji-0.3.1.gem b/vendor/cache/gitlab_emoji-0.3.1.gem new file mode 100644 index 0000000..170a76b Binary files /dev/null and b/vendor/cache/gitlab_emoji-0.3.1.gem differ diff --git a/vendor/cache/gitlab_git-7.2.24.gem b/vendor/cache/gitlab_git-7.2.24.gem deleted file mode 100644 index c177923..0000000 Binary files a/vendor/cache/gitlab_git-7.2.24.gem and /dev/null differ diff --git a/vendor/cache/gitlab_git-8.2.0.gem b/vendor/cache/gitlab_git-8.2.0.gem new file mode 100644 index 0000000..ab0e184 Binary files /dev/null and b/vendor/cache/gitlab_git-8.2.0.gem differ diff --git a/vendor/cache/hipchat-1.5.2.gem b/vendor/cache/hipchat-1.5.2.gem deleted file mode 100644 index 4172e3c..0000000 Binary files a/vendor/cache/hipchat-1.5.2.gem and /dev/null differ diff --git a/vendor/cache/hipchat-1.5.3.gem b/vendor/cache/hipchat-1.5.3.gem new file mode 100644 index 0000000..d612f05 Binary files /dev/null and b/vendor/cache/hipchat-1.5.3.gem differ diff --git a/vendor/cache/jwt-1.5.2.gem b/vendor/cache/jwt-1.5.2.gem deleted file mode 100644 index 0c6ce4b..0000000 Binary files a/vendor/cache/jwt-1.5.2.gem and /dev/null differ diff --git a/vendor/cache/jwt-1.5.3.gem b/vendor/cache/jwt-1.5.3.gem new file mode 100644 index 0000000..ee035bf Binary files /dev/null and b/vendor/cache/jwt-1.5.3.gem differ diff --git a/vendor/cache/newrelic-grape-2.1.0.gem b/vendor/cache/newrelic-grape-2.1.0.gem deleted file mode 100644 index 3fd5e07..0000000 Binary files a/vendor/cache/newrelic-grape-2.1.0.gem and /dev/null differ diff --git a/vendor/cache/newrelic_rpm-3.15.0.314.gem b/vendor/cache/newrelic_rpm-3.15.0.314.gem new file mode 100644 index 0000000..fa8af3b Binary files /dev/null and b/vendor/cache/newrelic_rpm-3.15.0.314.gem differ diff --git a/vendor/cache/newrelic_rpm-3.9.4.245.gem b/vendor/cache/newrelic_rpm-3.9.4.245.gem deleted file mode 100644 index 9e3f7a8..0000000 Binary files a/vendor/cache/newrelic_rpm-3.9.4.245.gem and /dev/null differ diff --git a/vendor/cache/octokit-3.7.1.gem b/vendor/cache/octokit-3.7.1.gem deleted file mode 100644 index 49e47af..0000000 Binary files a/vendor/cache/octokit-3.7.1.gem and /dev/null differ diff --git a/vendor/cache/octokit-3.8.0.gem b/vendor/cache/octokit-3.8.0.gem new file mode 100644 index 0000000..71b0f5f Binary files /dev/null and b/vendor/cache/octokit-3.8.0.gem differ diff --git a/vendor/cache/omniauth-1.2.2.gem b/vendor/cache/omniauth-1.2.2.gem deleted file mode 100644 index b8e4571..0000000 Binary files a/vendor/cache/omniauth-1.2.2.gem and /dev/null differ diff --git a/vendor/cache/omniauth-1.3.1.gem b/vendor/cache/omniauth-1.3.1.gem new file mode 100644 index 0000000..9829342 Binary files /dev/null and b/vendor/cache/omniauth-1.3.1.gem differ diff --git a/vendor/cache/rugged-0.23.3.gem b/vendor/cache/rugged-0.23.3.gem deleted file mode 100644 index c5e527c..0000000 Binary files a/vendor/cache/rugged-0.23.3.gem and /dev/null differ diff --git a/vendor/cache/rugged-0.24.0b13.gem b/vendor/cache/rugged-0.24.0b13.gem new file mode 100644 index 0000000..dee7a28 Binary files /dev/null and b/vendor/cache/rugged-0.24.0b13.gem differ -- libgit2 0.21.2