Skip to content

Commit

Permalink
Bump Rails, Rack and jQuery Rails for security fixes
Browse files Browse the repository at this point in the history 
Vulnerabilities addressed:

- CVE-2015-3225
https://groups.google.com/forum/#!topic/rubyonrails-security/gcUbICUmKMc
- CVE-2015-1840
https://groups.google.com/forum/#!topic/rubyonrails-security/XIZPbobuwaY
- CVE-2015-3226
https://groups.google.com/forum/#!topic/rubyonrails-security/7VlB_pck3hU
- CVE-2015-3227
https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk

Notably, this upgrades jQuery from 1.10.x to 1.11.x. Release "notes"
for this:
http://blog.jquery.com/2014/01/24/jquery-1-11-and-2-1-released/
  • Loading branch information
@boffbowsh
boffbowsh committed Jun 17, 2015
1 parent 260f738 commit a043a29
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 46 deletions.
4 changes: 2 additions & 2 deletions Gemfile
View file
@@ -1,6 +1,6 @@
source 'https://rubygems.org'

gem 'rails', '4.2.1'
gem 'rails', '4.2.2'

gem 'sass-rails', '5.0.3'
gem 'uglifier', '2.7.1'
Expand Down Expand Up @@ -29,7 +29,7 @@ gem "statsd-ruby", "1.2.1", require: "statsd"
gem 'logstasher', '0.4.8'
gem 'kaminari', '0.16.3'
gem 'bootstrap-kaminari-views', '0.0.5'
gem 'govuk_admin_template', '2.2.0'
gem 'govuk_admin_template', '2.3.1'
if ENV['API_DEV']
gem "gds-api-adapters", :path => '../gds-api-adapters'
else
Expand Down
88 changes: 44 additions & 44 deletions Gemfile.lock
View file
Expand Up @@ -10,36 +10,36 @@ GEM
remote: https://rubygems.org/
specs:
PriorityQueue (0.1.2)
actionmailer (4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
actionmailer (4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.1)
actionview (= 4.2.1)
activesupport (= 4.2.1)
actionpack (4.2.2)
actionview (= 4.2.2)
activesupport (= 4.2.2)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
actionview (4.2.1)
activesupport (= 4.2.1)
actionview (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
activejob (4.2.1)
activesupport (= 4.2.1)
activejob (4.2.2)
activesupport (= 4.2.2)
globalid (>= 0.3.0)
activemodel (4.2.1)
activesupport (= 4.2.1)
activemodel (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
activerecord (4.2.1)
activemodel (= 4.2.1)
activesupport (= 4.2.1)
activerecord (4.2.2)
activemodel (= 4.2.2)
activesupport (= 4.2.2)
arel (~> 6.0)
activesupport (4.2.1)
activesupport (4.2.2)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
Expand All @@ -50,13 +50,13 @@ GEM
builder
multi_json
arel (6.0.0)
autoprefixer-rails (5.1.11)
autoprefixer-rails (5.2.0.1)
execjs
json
bootstrap-kaminari-views (0.0.5)
kaminari (>= 0.13)
rails (>= 3.1)
bootstrap-sass (3.3.4.1)
bootstrap-sass (3.3.5)
autoprefixer-rails (>= 5.0.0.1)
sass (>= 3.2.19)
builder (3.2.2)
Expand Down Expand Up @@ -107,9 +107,9 @@ GEM
zendesk_api (= 1.8.0)
globalid (0.3.5)
activesupport (>= 4.1.0)
govuk_admin_template (2.2.0)
govuk_admin_template (2.3.1)
bootstrap-sass (~> 3.3.3)
jquery-rails (~> 3.1.1)
jquery-rails (~> 3.1.3)
rails (>= 3.2.0)
gretel (3.0.8)
rails (>= 3.2.0)
Expand All @@ -127,12 +127,12 @@ GEM
jasmine-core (2.3.4)
jc-validates_timeliness (3.1.1)
timeliness (~> 0.3.7)
jquery-rails (3.1.2)
jquery-rails (3.1.3)
railties (>= 3.0, < 5.0)
thor (>= 0.14, < 2.0)
jquery-ui-rails (5.0.1)
railties (>= 3.2.16)
json (1.8.2)
json (1.8.3)
jwt (1.4.1)
kaminari (0.16.3)
actionpack (>= 3.0.0)
Expand All @@ -142,15 +142,15 @@ GEM
logstash-event (1.1.5)
logstasher (0.4.8)
logstash-event (~> 1.1.0)
loofah (2.0.1)
loofah (2.0.2)
nokogiri (>= 1.5.9)
lrucache (0.1.4)
PriorityQueue (~> 0.1.2)
mail (2.6.3)
mime-types (>= 1.16, < 3)
mime-types (2.5)
mime-types (2.6.1)
mini_portile (0.6.2)
minitest (5.6.1)
minitest (5.7.0)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
Expand All @@ -177,23 +177,23 @@ GEM
plek (1.10.0)
quiet_assets (1.1.0)
railties (>= 3.1, < 5.0)
rack (1.6.1)
rack (1.6.2)
rack-accept (0.4.5)
rack (>= 0.4)
rack-cache (1.2)
rack (>= 0.4)
rack-test (0.6.3)
rack (>= 1.0)
rails (4.2.1)
actionmailer (= 4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
activemodel (= 4.2.1)
activerecord (= 4.2.1)
activesupport (= 4.2.1)
rails (4.2.2)
actionmailer (= 4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
activemodel (= 4.2.2)
activerecord (= 4.2.2)
activesupport (= 4.2.2)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.1)
railties (= 4.2.2)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
Expand All @@ -203,9 +203,9 @@ GEM
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.2)
loofah (~> 2.0)
railties (4.2.1)
actionpack (= 4.2.1)
activesupport (= 4.2.1)
railties (4.2.2)
actionpack (= 4.2.2)
activesupport (= 4.2.2)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.13.0)
Expand Down Expand Up @@ -240,7 +240,7 @@ GEM
rspec-support (~> 3.2.0)
rspec-support (3.2.2)
safe_yaml (1.0.4)
sass (3.4.13)
sass (3.4.14)
sass-rails (5.0.3)
railties (>= 4.0.0, < 5.0)
sass (~> 3.1)
Expand All @@ -261,9 +261,9 @@ GEM
json
redis (>= 3.0.6)
redis-namespace (>= 1.3.1)
sprockets (3.0.3)
sprockets (3.2.0)
rack (~> 1.0)
sprockets-rails (2.2.4)
sprockets-rails (2.3.1)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
Expand Down Expand Up @@ -317,7 +317,7 @@ DEPENDENCIES
gds-api-adapters (~> 18.11.0)
gds-sso (= 11.0.0)
gds_zendesk (= 1.0.5)
govuk_admin_template (= 2.2.0)
govuk_admin_template (= 2.3.1)
gretel (= 3.0.8)
jasmine (= 2.3.0)
jc-validates_timeliness (= 3.1.1)
Expand All @@ -326,7 +326,7 @@ DEPENDENCIES
logstasher (= 0.4.8)
plek (= 1.10.0)
quiet_assets (~> 1.1.0)
rails (= 4.2.1)
rails (= 4.2.2)
redis (= 3.2.1)
rspec-collection_matchers (~> 1.1.0)
rspec-its (~> 1.2.0)
Expand Down

0 comments on commit a043a29

Please sign in to comment.