From 2e8b72a9aca1e83a14a6d1ba71b7c2688996c448 Mon Sep 17 00:00:00 2001
From: Spencer Tom Tafadzwa Chirume <22162-Spence@users.noreply.gitlab.com>
Date: Thu, 14 May 2020 00:47:08 +0000
Subject: [PATCH] fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
---
 Gemfile | 66 ++++++++++++++++++++++++++++-----------------------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/Gemfile b/Gemfile
index e3acf4a15..7308d419a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,12 +8,12 @@ def linux_only(require_as)
   RUBY_PLATFORM.include?('linux') && require_as
 end
 
-gem "rails", "~> 4.0.0"
+gem "rails", "~> 5.0.0"
 
 gem "protected_attributes"
 gem 'rails-observers'
-gem 'actionpack-page_caching'
-gem 'actionpack-action_caching'
+gem 'actionpack-page_caching', '>= 1.1.0'
+gem 'actionpack-action_caching', '>= 1.2.0'
 
 # Default values for AR models
 gem "default_value_for", "~> 3.0.0"
@@ -23,12 +23,12 @@ gem "mysql2", group: :mysql
 gem "pg", group: :postgres
 
 # Auth
-gem "devise", '3.0.4'
-gem "devise-async", '0.8.0'
-gem 'omniauth', "~> 1.1.3"
-gem 'omniauth-google-oauth2'
-gem 'omniauth-twitter'
-gem 'omniauth-github'
+gem "devise", "4.0.0"
+gem "devise-async", "1.0.0"
+gem 'omniauth', '~> 1.1.4'
+gem 'omniauth-google-oauth2', '>= 0.2.1'
+gem 'omniauth-twitter', '>= 1.0.1'
+gem 'omniauth-github', '>= 1.1.1'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
@@ -66,7 +66,7 @@ gem 'enumerize'
 gem "kaminari", "~> 0.15.1"
 
 # HAML
-gem "haml-rails"
+gem "haml-rails", ">= 0.5.3"
 
 # Files attachments
 gem "carrierwave"
@@ -89,19 +89,19 @@ gem  "asciidoctor"
 
 # Application server
 group :unicorn do
-  gem "unicorn", '~> 4.6.3'
-  gem 'unicorn-worker-killer'
+  gem "unicorn", "~> 4.6.3"
+  gem 'unicorn-worker-killer', '>= 0.4.2'
 end
 
 # State machine
 gem "state_machine"
 
 # Issue tags
-gem "acts-as-taggable-on"
+gem "acts-as-taggable-on", ">= 3.1.0"
 
 # Background jobs
 gem 'slim'
-gem 'sinatra', require: nil
+gem 'sinatra', '>= 2.0.0', require: nil
 gem 'sidekiq'
 
 # HTTP requests
@@ -118,7 +118,7 @@ gem "foreman"
 gem 'version_sorter'
 
 # Cache
-gem "redis-rails"
+gem "redis-rails", ">= 5.0.0"
 
 # Campfire integration
 gem 'tinder', '~> 1.9.2'
@@ -133,7 +133,7 @@ gem "gitlab-flowdock-git-hook", "~> 0.4.2"
 gem "gemnasium-gitlab-service", "~> 0.2"
 
 # d3
-gem "d3_rails", "~> 3.1.4"
+gem "d3_rails", "~> 3.1.10"
 
 # underscore-rails
 gem "underscore-rails", "~> 1.4.4"
@@ -142,34 +142,34 @@ gem "underscore-rails", "~> 1.4.4"
 gem "sanitize"
 
 # Protect against bruteforcing
-gem "rack-attack"
+gem "rack-attack", ">= 2.3.0"
 
 # Ace editor
 gem 'ace-rails-ap'
 
-gem "sass-rails"
-gem "coffee-rails"
+gem "sass-rails", ">= 5.0.5"
+gem "coffee-rails", ">= 4.1.1"
 gem "uglifier"
 gem "therubyracer"
-gem 'turbolinks'
-gem 'jquery-turbolinks'
+gem 'turbolinks', '>= 2.0.0'
+gem 'jquery-turbolinks', '>= 2.0.1'
 
 gem 'select2-rails'
 gem 'jquery-atwho-rails', "~> 0.3.3"
-gem "jquery-rails",     "2.1.3"
-gem "jquery-ui-rails",  "2.0.2"
+gem "jquery-rails", "4.0.1"
+gem "jquery-ui-rails", "2.0.2"
 gem "modernizr",        "2.6.2"
 gem "raphael-rails", "~> 2.1.2"
 gem 'bootstrap-sass', '~> 3.0'
-gem "font-awesome-rails", '~> 3.2'
+gem "font-awesome-rails", "~> 4.5", ">= 4.5.0.1"
 gem "gemoji", "~> 1.3.0"
-gem "gon", '~> 5.0.0'
+gem "gon", "~> 5.0.1"
 
 group :development do
   gem "annotate", "~> 2.6.0.beta2"
   gem "letter_opener"
-  gem 'quiet_assets', '~> 1.0.1'
-  gem 'rack-mini-profiler', require: false
+  gem 'quiet_assets', '~> 1.0.2'
+  gem 'rack-mini-profiler', '>= 0.9.0', require: false
 
   # Better errors handler
   gem 'better_errors'
@@ -181,20 +181,20 @@ group :development do
   gem "sdoc"
 
   # thin instead webrick
-  gem 'thin'
+  gem 'thin', '>= 1.6.1'
 end
 
 group :development, :test do
   gem 'coveralls', require: false
   # gem 'rails-dev-tweaks'
-  gem 'spinach-rails'
-  gem "rspec-rails"
-  gem "capybara"
+  gem 'spinach-rails', '>= 0.2.1'
+  gem "rspec-rails", ">= 2.14.0"
+  gem "capybara", ">= 2.1.0"
   gem "pry"
   gem "awesome_print"
   gem "database_cleaner"
   gem "launchy"
-  gem 'factory_girl_rails'
+  gem 'factory_girl_rails', '>= 4.3.0'
 
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
   gem 'minitest', '~> 4.7.0'
@@ -215,7 +215,7 @@ group :development, :test do
   gem 'poltergeist', '~> 1.4.1'
 
   gem 'spork', '~> 1.0rc'
-  gem 'jasmine', '2.0.0.rc5'
+  gem 'jasmine', '2.0.0'
 
   gem "spring", '1.1.1'
   gem "spring-commands-rspec", '1.0.1'
-- 
GitLab