We should be able to update minor versions of stable libs withough breaking gitlab Gemfile --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source 'https://rubygems.org' gem 'rails', '5.0.7.2' -gem 'rails-deprecated_sanitizer', '~> 1.0.3' +gem 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.3' # Improves copy-on-write performance for MRI gem 'nakayoshi_fork', '~> 0.0.4' @@ -9,7 +9,7 @@ gem 'nakayoshi_fork', '~> 0.0.4' # Responders respond_to and respond_with gem 'responders', '~> 2.0' -gem 'sprockets', '~> 3.7.0' +gem 'sprockets', '~> 3.7' # Default values for AR models gem 'gitlab-default_value_for', '~> 3.1.1', require: 'default_value_for' @@ -28,57 +28,57 @@ gem 'devise', '~> 4.4' gem 'doorkeeper', '~> 4.3' gem 'doorkeeper-openid_connect', '~> 1.5' gem 'omniauth', '~> 1.8' -gem 'omniauth-auth0', '~> 2.0.0' +gem 'omniauth-auth0', '~> 2.0' gem 'omniauth-azure-oauth2', '~> 0.0.9' -gem 'omniauth-cas3', '~> 1.1.4' -gem 'omniauth-facebook', '~> 4.0.0' +gem 'omniauth-cas3', '~> 1.1', '>= 1.1.4' +gem 'omniauth-facebook', '~> 4.0' gem 'omniauth-github', '~> 1.3' -gem 'omniauth-gitlab', '~> 1.0.2' +gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2' gem 'omniauth-google-oauth2', '~> 0.6.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-saml', '~> 1.10' -gem 'omniauth-shibboleth', '~> 1.3.0' +gem 'omniauth-shibboleth', '~> 1.3' gem 'omniauth-twitter', '~> 1.4' -gem 'omniauth_crowd', '~> 2.2.0' +gem 'omniauth_crowd', '~> 2.2' gem 'omniauth-authentiq', '~> 0.3.3' -gem 'rack-oauth2', '~> 1.2.1' -gem 'jwt', '~> 2.1.0' +gem 'rack-oauth2', '~> 1.2', '>= 1.2.1' +gem 'jwt', '~> 2.1' # Spam and anti-bot protection gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' gem 'akismet', '~> 2.0' # Two-factor authentication -gem 'devise-two-factor', '~> 3.0.0' +gem 'devise-two-factor', '~> 3.0' gem 'rqrcode-rails3', '~> 0.1.7' -gem 'attr_encrypted', '~> 3.1.0' +gem 'attr_encrypted', '~> 3.1' gem 'u2f', '~> 0.2.1' # GitLab Pages -gem 'validates_hostname', '~> 1.0.6' -gem 'rubyzip', '~> 1.2.2', require: 'zip' +gem 'validates_hostname', '~> 1.0', '>= 1.0.6' +gem 'rubyzip', '~> 1.2', '>= 1.2.2', require: 'zip' # Browser detection gem 'browser', '~> 2.5' # GPG -gem 'gpgme', '~> 2.0.18' +gem 'gpgme', '~> 2.0', '>= 2.0.18' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master -gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap' +gem 'gitlab_omniauth-ldap', '~> 2.0', '>= 2.0.4', require: 'omniauth-ldap' gem 'net-ldap' # API -gem 'grape', '~> 1.1.0' +gem 'grape', '~> 1.1' gem 'grape-entity', '~> 0.7.1' -gem 'rack-cors', '~> 1.0.0', require: 'rack/cors' +gem 'rack-cors', '~> 1.0', require: 'rack/cors' # GraphQL API -gem 'graphql', '~> 1.8.0' -gem 'graphiql-rails', '~> 1.4.10' +gem 'graphql', '~> 1.8' +gem 'graphiql-rails', '~> 1.4', '>= 1.4.10' # Disable strong_params so that Mash does not respond to :permitted? gem 'hashie-forbidden_attributes' @@ -87,16 +87,16 @@ gem 'hashie-forbidden_attributes' gem 'kaminari', '~> 1.0' # HAML -gem 'hamlit', '~> 2.8.8' +gem 'hamlit', '~> 2.8', '>= 2.8.8' # Files attachments gem 'carrierwave', '~> 1.3' gem 'mini_magick' # for backups -gem 'fog-aws', '~> 2.0.1' +gem 'fog-aws', '~> 2.0', '>= 2.0.1' gem 'fog-core', '~> 1.44' -gem 'fog-google', '~> 1.7.1' +gem 'fog-google', '~> 1.7', '>= 1.7.1' gem 'fog-local', '~> 0.3' gem 'fog-openstack', '~> 0.1' gem 'fog-rackspace', '~> 0.1.1' @@ -109,32 +109,32 @@ gem 'google-api-client', '~> 0.23' gem 'unf', '~> 0.1.4' # Seed data -gem 'seed-fu', '~> 2.3.7' +gem 'seed-fu', '~> 2.3', '>= 2.3.7' # Markdown and HTML processing gem 'html-pipeline', '~> 2.8' -gem 'deckar01-task_list', '2.2.0' -gem 'gitlab-markup', '~> 1.6.5' -gem 'github-markup', '~> 1.7.0', require: 'github/markup' +gem 'deckar01-task_list', '2.0' +gem 'gitlab-markup', '~> 1.6', '>= 1.6.5' +gem 'github-markup', '~> 1.7', require: 'github/markup' gem 'commonmarker', '~> 0.17' -gem 'RedCloth', '~> 4.3.2' +gem 'RedCloth', '~> 4.3', '>= 4.3.2' gem 'rdoc', '~> 6.0' gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' -gem 'asciidoctor', '~> 1.5.8' +gem 'asciidoctor', '~> 1.5', '>= 1.5.8' gem 'asciidoctor-plantuml', '0.0.8' gem 'rouge', '~> 3.1' gem 'truncato', '~> 0.7.11' -gem 'bootstrap_form', '~> 2.7.0' -gem 'nokogiri', '~> 1.10.1' +gem 'bootstrap_form', '~> 2.7' +gem 'nokogiri', '~> 1.10', '>= 1.10.1' gem 'escape_utils', '~> 1.1' # Calendar rendering gem 'icalendar' # Diffs -gem 'diffy', '~> 3.1.0' +gem 'diffy', '~> 3.1' # Application server # The 2.0.6 version of rack requires monkeypatch to be present in @@ -143,7 +143,7 @@ gem 'diffy', '~> 3.1.0' gem 'rack', '2.0.6' group :unicorn do - gem 'unicorn', '~> 5.1.0' + gem 'unicorn', '~> 5.1' gem 'unicorn-worker-killer', '~> 0.4.4' end @@ -159,9 +159,9 @@ gem 'state_machines-activerecord', '~> 0.5.1' gem 'acts-as-taggable-on', '~> 5.0' # Background jobs -gem 'sidekiq', '~> 5.2.1' +gem 'sidekiq', '~> 5.2', '>= 5.2.1' gem 'sidekiq-cron', '~> 1.0' -gem 'redis-namespace', '~> 1.6.0' +gem 'redis-namespace', '~> 1.6' gem 'gitlab-sidekiq-fetcher', '~> 0.4.0', require: 'sidekiq-reliable-fetch' # Cron Parser @@ -177,14 +177,14 @@ gem 'rainbow', '~> 3.0' gem 'ruby-progressbar' # GitLab settings -gem 'settingslogic', '~> 2.0.9' +gem 'settingslogic', '~> 2.0', '>= 2.0.9' # Linear-time regex library for untrusted regular expressions -gem 're2', '~> 1.1.1' +gem 're2', '~> 1.1', '>= 1.1.1' # Misc -gem 'version_sorter', '~> 2.1.0' +gem 'version_sorter', '~> 2.1' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.1' @@ -193,7 +193,7 @@ gem 'js_regex', '~> 3.1' gem 'device_detector' # Cache -gem 'redis-rails', '~> 5.0.2' +gem 'redis-rails', '~> 5.0', '>= 5.0.2' # Redis gem 'redis', '~> 3.2' @@ -203,7 +203,7 @@ gem 'connection_pool', '~> 2.0' gem 'discordrb-webhooks-blackst0ne', '~> 3.3', require: false # HipChat integration -gem 'hipchat', '~> 1.5.0' +gem 'hipchat', '~> 1.5' # JIRA integration gem 'jira-ruby', '~> 1.4' @@ -212,7 +212,7 @@ gem 'jira-ruby', '~> 1.4' gem 'flowdock', '~> 0.7' # Slack integration -gem 'slack-notifier', '~> 1.5.1' +gem 'slack-notifier', '~> 1.5', '>= 1.5.1' # Hangouts Chat integration gem 'hangouts-chat', '~> 0.0.5' @@ -224,11 +224,11 @@ gem 'asana', '~> 0.8.1' gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration -gem 'kubeclient', '~> 4.2.2' +gem 'kubeclient', '~> 4.2', '>= 4.2.2' # Sanitize user input gem 'sanitize', '~> 4.6' -gem 'babosa', '~> 1.0.2' +gem 'babosa', '~> 1.0', '>= 1.0.2 # Sanitizes SVG input gem 'loofah', '~> 2.2' @@ -237,10 +237,10 @@ gem 'loofah', '~> 2.2' gem 'licensee', '~> 8.9' # Protect against bruteforcing -gem 'rack-attack', '~> 4.4.1' +gem 'rack-attack', '~> 4.4', '>= 4.4.1' # Ace editor -gem 'ace-rails-ap', '~> 4.1.0' +gem 'ace-rails-ap', '~> 4.1' # Detect and convert string character encoding gem 'charlock_holmes', '~> 0.7.5' @@ -258,41 +258,41 @@ gem 'chronic_duration', '~> 0.10.6' gem 'webpack-rails', '~> 0.9.10' gem 'rack-proxy', '~> 0.6.0' -gem 'sass-rails', '~> 5.0.6' +gem 'sass-rails', '~> 5.0', '>= 5.0.6' gem 'sass', '~> 3.5' -gem 'uglifier', '~> 2.7.2' +gem 'uglifier', '~> 2.7', '>= 2.7.2' -gem 'addressable', '~> 2.5.2' +gem 'addressable', '~> 2.5', '>= 2.5.2' gem 'font-awesome-rails', '~> 4.7' gem 'gemojione', '~> 3.3' gem 'gon', '~> 6.2' -gem 'jquery-atwho-rails', '~> 1.3.2' +gem 'jquery-atwho-rails', '~> 1.3', '>= 1.3.2' gem 'request_store', '~> 1.3' -gem 'select2-rails', '~> 3.5.9' -gem 'virtus', '~> 1.0.1' +gem 'select2-rails', '~> 3.5', '>= 3.5.9' +gem 'virtus', '~> 1.0', '>= 1.0.1' gem 'base32', '~> 0.3.0' # Sentry integration gem 'sentry-raven', '~> 2.7' -gem 'premailer-rails', '~> 1.9.7' +gem 'premailer-rails', '~> 1.9', '>= 1.9.7' # I18n gem 'ruby_parser', '~> 3.8', require: false gem 'rails-i18n', '~> 5.1' -gem 'gettext_i18n_rails', '~> 1.8.0' +gem 'gettext_i18n_rails', '~> 1.8' gem 'gettext_i18n_rails_js', '~> 1.3' -gem 'gettext', '~> 3.2.2', require: false, group: :development +gem 'gettext', '~> 3.2', '>= 3.2.2', require: false, group: :development -gem 'batch-loader', '~> 1.2.2' +gem 'batch-loader', '~> 1.2', '>= 1.2.2' # Perf bar -gem 'peek', '~> 1.0.1' +gem 'peek', '~> 1.0', '>= 1.0.1' gem 'peek-gc', '~> 0.0.2' -gem 'peek-mysql2', '~> 1.2.0', group: :mysql -gem 'peek-pg', '~> 1.3.0', group: :postgres +gem 'peek-mysql2', '~> 1.2', group: :mysq +gem 'peek-pg', '~> 1.3', group: :postgres gem 'peek-rblineprof', '~> 0.2.0' -gem 'peek-redis', '~> 1.2.0' +gem 'peek-redis', '~> 1.2' # Metrics group :metrics do @@ -318,54 +318,54 @@ group :development do gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false # Better errors handler - gem 'better_errors', '~> 2.5.0' + gem 'better_errors', '~> 2.5' gem 'binding_of_caller', '~> 0.8.0' # thin instead webrick - gem 'thin', '~> 1.7.0' + gem 'thin', '~> 1.7' end group :development, :test do gem 'bootsnap', '~> 1.3' - gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] - gem 'pry-byebug', '~> 3.5.1', platform: :mri + gem 'bullet', '~> 5.5', require: !!ENV['ENABLE_BULLET'] + gem 'pry-byebug', '~> 3.5', '>= 3.5.1', platform: :mri gem 'pry-rails', '~> 0.3.4' gem 'awesome_print', require: false - gem 'fuubar', '~> 2.2.0' + gem 'fuubar', '~> 2.2' - gem 'database_cleaner', '~> 1.7.0' - gem 'factory_bot_rails', '~> 4.8.2' - gem 'rspec-rails', '~> 3.7.0' + gem 'database_cleaner', '~> 1.7' + gem 'factory_bot_rails', '~> 4.8', '>= 4.8.2' + gem 'rspec-rails', '~> 3.7' gem 'rspec-retry', '~> 0.4.5' gem 'rspec_profiling', '~> 0.0.5' gem 'rspec-set', '~> 0.1.3' gem 'rspec-parameterized', require: false # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) - gem 'minitest', '~> 5.11.0' + gem 'minitest', '~> 5.11' # Generate Fake data gem 'ffaker', '~> 2.10' - gem 'capybara', '~> 2.16.1' - gem 'capybara-screenshot', '~> 1.0.18' + gem 'capybara', '~> 2.16', '>= 2.16.1' + gem 'capybara-screenshot', '~> 1.0', '>= 1.0.18' gem 'selenium-webdriver', '~> 3.12' - gem 'spring', '~> 2.0.0' - gem 'spring-commands-rspec', '~> 1.0.4' + gem 'spring', '~> 2.0' + gem 'spring-commands-rspec', '~> 1.0', '>= 1.0.4' gem 'gitlab-styles', '~> 2.4', require: false # Pin these dependencies, otherwise a new rule could break the CI pipelines gem 'rubocop', '~> 0.54.0' - gem 'rubocop-rspec', '~> 1.22.1' + gem 'rubocop-rspec', '~> 1.22', '>= 1.22.1' gem 'scss_lint', '~> 0.56.0', require: false gem 'haml_lint', '~> 0.28.0', require: false gem 'simplecov', '~> 0.14.0', require: false gem 'bundler-audit', '~> 0.5.0', require: false - gem 'benchmark-ips', '~> 2.3.0', require: false + gem 'benchmark-ips', '~> 2.3', require: false gem 'license_finder', '~> 5.4', require: false gem 'knapsack', '~> 1.17' @@ -374,18 +374,18 @@ group :development, :test do gem 'stackprof', '~> 0.2.10', require: false - gem 'simple_po_parser', '~> 1.1.2', require: false + gem 'simple_po_parser', '~> 1.1', '>= 1.1.2', require: false gem 'timecop', '~> 0.8.0' end group :test do - gem 'shoulda-matchers', '~> 3.1.2', require: false - gem 'email_spec', '~> 2.2.0' - gem 'json-schema', '~> 2.8.0' - gem 'webmock', '~> 2.3.2' + gem 'shoulda-matchers', '~> 3.1', '>= 3.1.2', require: false + gem 'email_spec', '~> 2.2' + gem 'json-schema', '~> 2.8' + gem 'webmock', '~> 2.3', '>= 2.3.2' gem 'rails-controller-testing' - gem 'sham_rack', '~> 1.3.6' + gem 'sham_rack', '~> 1.3', '>= 1.3.6' gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.2.5' gem 'rspec_junit_formatter' @@ -405,15 +405,15 @@ gem 'rbtrace', '~> 0.4', require: false gem 'oauth2', '~> 1.4' # Health check -gem 'health_check', '~> 2.6.0' +gem 'health_check', '~> 2.6' # System information -gem 'vmstat', '~> 2.3.0' -gem 'sys-filesystem', '~> 1.1.6' +gem 'vmstat', '~> 2.3' +gem 'sys-filesystem', '~> 1.1', '>= 1.1.6' # SSH host key support gem 'net-ssh', '~> 5.0' -gem 'sshkey', '~> 1.9.0' +gem 'sshkey', '~> 1.9' # Required for ED25519 SSH host key support group :ed25519 do @@ -422,12 +422,12 @@ group :ed25519 do end # Gitaly GRPC client -gem 'gitaly-proto', '~> 1.10.0', require: 'gitaly' -gem 'grpc', '~> 1.15.0' +gem 'gitaly-proto', '~> 1.10', require: 'gitaly' +gem 'grpc', '~> 1.15' gem 'google-protobuf', '~> 3.6' -gem 'toml-rb', '~> 1.0.0', require: false +gem 'toml-rb', '~> 1.0', require: false # Feature toggles gem 'flipper', '~> 0.13.0'