Merge pull request #1495 from ChrisBr/gem_update

Gem update
openSUSE · Feb 2, 2016 · 0b81a7b · 0b81a7b
2 parents c16fc2e + 68b578b
commit 0b81a7b
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 8 deletions.
diff --git a/ReleaseNotes-2.6.8 b/ReleaseNotes-2.6.8
@@ -20,6 +20,9 @@ Bugfixes:
 =========
 
 * [webui] Update rails to version 4.1.14.1 to fix several security issues (CVE-2015-7576, CVE-2016-0751, CVE-2015-7577, CVE-2016-0752, CVE-2016-0753, CVE-2015-7581)
+* [webui] Update rack to version 1.5.5 to fix security issue (CVE-2015-3225)
+* [webui] Update jquery-rails to version 3.1.4 to fix security issue (CVE-2015-1840)
+* [webui] Update sprockets to version 2.11.3 (CVE-2014-7819)
 * [webui] Fix redirect after login for iChain and proxy mode
 
 * [backend] fix local building inside a project on a remote OBS instance

diff --git a/src/api/Gemfile b/src/api/Gemfile
@@ -105,7 +105,7 @@ group :assets do
   # for minifying JavaScript
   gem 'uglifier', '>= 1.2.2'
   # to use sass in the asset pipeline
-  gem 'sass-rails', '~> 4.0.3'
+  gem 'sass-rails', '4.0.5'
   # assets for jQuery DataTables
   gem 'jquery-datatables-rails'
   # assets for the text editor

diff --git a/src/api/Gemfile.lock b/src/api/Gemfile.lock
@@ -87,7 +87,7 @@ GEM
       activerecord (>= 4.1.0)
     jquery-datatables-rails (1.12.2)
       jquery-rails
-    jquery-rails (3.1.1)
+    jquery-rails (3.1.4)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
@@ -125,7 +125,7 @@ GEM
       slop (~> 3.4)
     pundit (0.3.0)
       activesupport (>= 3.0.0)
-    rack (1.5.2)
+    rack (1.5.5)
     rack-mini-profiler (0.9.1)
       rack (>= 1.1.3)
     rack-test (0.6.2)
@@ -161,10 +161,10 @@ GEM
       crass (~> 1.0.2)
       nokogumbo (= 1.4.1)
     sass (3.2.19)
-    sass-rails (4.0.3)
+    sass-rails (4.0.5)
       railties (>= 4.0.0, < 5.0)
-      sass (~> 3.2.0)
-      sprockets (~> 2.8, <= 2.11.0)
+      sass (~> 3.2.2)
+      sprockets (~> 2.8, < 3.0)
       sprockets-rails (~> 2.0)
     sexp_processor (4.4.4)
     simplecov (0.9.1)
@@ -176,7 +176,7 @@ GEM
       rake
     slop (3.6.0)
     sprite-factory (1.6.1)
-    sprockets (2.11.0)
+    sprockets (2.11.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
@@ -259,10 +259,11 @@ DEPENDENCIES
   redcarpet
   ruby-ldap
   sanitize
-  sass-rails (~> 4.0.3)
+  sass-rails (= 4.0.5)
   simplecov
   single_test
   sprite-factory (>= 1.5.2)
+  sprockets (= 2.11.3)
   thinking-sphinx (> 3.1)
   tilt (>= 1.4.1)
   timecop