We should be able to update minor versions of stable libs without breaking gitlab Gemfile --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ gem 'rails', '~> 6.0.3.1' -gem 'bootsnap', '~> 1.4.6' +gem 'bootsnap', '~> 1.4', '>= 1.4.6' # Improves copy-on-write performance for MRI gem 'nakayoshi_fork', '~> 0.0.4' @@ -10,10 +10,10 @@ # Responders respond_to and respond_with gem 'responders', '~> 3.0' -gem 'sprockets', '~> 3.7.0' +gem 'sprockets', '~> 3.7' # Default values for AR models -gem 'default_value_for', '~> 3.3.0' +gem 'default_value_for', '~> 3.3' # Supported DBs gem 'pg', '~> 1.1' @@ -22,32 +22,32 @@ gem 'grape-path-helpers', '~> 1.3' gem 'faraday', '~> 1.0' -gem 'marginalia', '~> 1.9.0' +gem 'marginalia', '~> 1.9' # Authentication libraries gem 'devise', '~> 4.6' -gem 'doorkeeper', '~> 5.3.0' +gem 'doorkeeper', '~> 5.3' gem 'doorkeeper-openid_connect', '~> 1.7.4' gem 'omniauth', '~> 1.8' -gem 'omniauth-auth0', '~> 2.0.0' +gem 'omniauth-auth0', '~> 2.0' gem 'omniauth-azure-oauth2', '~> 0.0.9' -gem 'omniauth-cas3', '~> 1.1.4' -gem 'omniauth-facebook', '~> 4.0.0' +gem 'omniauth-cas3', '~> 1.1', '>= 1.1.4' +gem 'omniauth-facebook', '~> 4.0' gem 'omniauth-github', '~> 1.4' -gem 'omniauth-gitlab', '~> 1.0.2' +gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2' gem 'omniauth-google-oauth2', '~> 0.6.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-saml', '~> 1.10' -gem 'omniauth-shibboleth', '~> 1.3.0' +gem 'omniauth-shibboleth', '~> 1.3' gem 'omniauth-twitter', '~> 1.4' -gem 'omniauth_crowd', '~> 2.4.0' +gem 'omniauth_crowd', '~> 2.4' gem 'omniauth-authentiq', '~> 0.3.3' gem 'omniauth_openid_connect', '~> 0.3.5' -gem 'omniauth-salesforce', '~> 1.0.5' +gem 'omniauth-salesforce', '~> 1.0', '>= 1.0.5' gem 'omniauth-atlassian-oauth2', '~> 0.2.0' -gem 'rack-oauth2', '~> 1.9.3' -gem 'jwt', '~> 2.1.0' +gem 'rack-oauth2', '~> 1.9', '>= 1.9.3' +gem 'jwt', '~> 2.1', '>= 2.1.0' # Kerberos authentication. EE-only gem 'gssapi', group: :kerberos @@ -58,14 +58,14 @@ gem 'invisible_captcha', '~> 0.12.1' # Two-factor authentication -gem 'devise-two-factor', '~> 3.1.0' +gem 'devise-two-factor', '~> 3.1' gem 'rqrcode-rails3', '~> 0.1.7' -gem 'attr_encrypted', '~> 3.1.0' +gem 'attr_encrypted', '~> 3.1' gem 'u2f', '~> 0.2.1' # GitLab Pages -gem 'validates_hostname', '~> 1.0.10' -gem 'rubyzip', '~> 2.0.0', require: 'zip' +gem 'validates_hostname', '~> 1.0', '>= 1.0.10' +gem 'rubyzip', '~> 2.0', require: 'zip' # GitLab Pages letsencrypt support gem 'acme-client', '~> 2.0', '>= 2.0.6' @@ -73,12 +73,12 @@ gem 'browser', '~> 4.2' # GPG -gem 'gpgme', '~> 2.0.19' +gem 'gpgme', '~> 2.0', '>= 2.0.19' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master -gem 'gitlab_omniauth-ldap', '~> 2.1.1', require: 'omniauth-ldap' +gem 'gitlab_omniauth-ldap', '~> 2.1', '>= 2.1.1', require: 'omniauth-ldap' gem 'net-ldap' # API @@ -86,16 +86,16 @@ # Remove config/initializers/grape_patch.rb gem 'grape', '= 1.4.0' gem 'grape-entity', '~> 0.7.1' -gem 'rack-cors', '~> 1.0.6', require: 'rack/cors' +gem 'rack-cors', '~> 1.0', '>= 1.0.6', require: 'rack/cors' # GraphQL API -gem 'graphql', '~> 1.11.4' +gem 'graphql', '~> 1.11', '>= 1.11.4' # NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab/issues/31771 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released: # https://gitlab.com/gitlab-org/gitlab/issues/31747 -gem 'graphiql-rails', '~> 1.4.10' +gem 'graphiql-rails', '~> 1.4', '>= 1.4.10' gem 'apollo_upload_server', '~> 2.0.2' -gem 'graphql-docs', '~> 1.6.0', group: [:development, :test] +gem 'graphql-docs', '~> 1.6', group: [:development, :test] # Disable strong_params so that Mash does not respond to :permitted? gem 'hashie-forbidden_attributes' @@ -104,7 +104,7 @@ gem 'kaminari', '~> 1.0' # HAML -gem 'hamlit', '~> 2.11.0' +gem 'hamlit', '~> 2.11' # Files attachments gem 'carrierwave', '~> 1.3' @@ -114,7 +114,7 @@ gem 'fog-aws', '~> 3.5' # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421. # Also see config/initializers/fog_core_patch.rb. -gem 'fog-core', '= 2.1.0' +gem 'fog-core', '= 2.1' gem 'fog-google', '~> 1.10' gem 'fog-local', '~> 0.6' gem 'fog-openstack', '~> 1.0' @@ -129,7 +129,7 @@ gem 'unf', '~> 0.1.4' # Seed data -gem 'seed-fu', '~> 2.3.7' +gem 'seed-fu', '~> 2.3', '>= 2.3.7' # Search gem 'elasticsearch-model', '~> 6.1' @@ -142,23 +142,23 @@ # Markdown and HTML processing gem 'html-pipeline', '~> 2.12' -gem 'deckar01-task_list', '2.3.1' -gem 'gitlab-markup', '~> 1.7.1' -gem 'github-markup', '~> 1.7.0', require: 'github/markup' +gem 'deckar01-task_list', '~> 2.3', '>= 2.3.1' +gem 'gitlab-markup', '~> 1.7', '>= 1.7.1' +gem 'github-markup', '~> 1.7', require: 'github/markup' gem 'commonmarker', '~> 0.20' -gem 'kramdown', '~> 2.3.0' -gem 'RedCloth', '~> 4.3.2' -gem 'rdoc', '~> 6.1.2' +gem 'kramdown', '~> 2.3' +gem 'RedCloth', '~> 4.3', '>= 4.3.2' +gem 'rdoc', '~> 6.1', '>= 6.1.2' gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' -gem 'asciidoctor', '~> 2.0.10' +gem 'asciidoctor', '~> 2.0', '>= 2.0.10' gem 'asciidoctor-include-ext', '~> 0.3.1', require: false gem 'asciidoctor-plantuml', '~> 0.0.12' -gem 'rouge', '~> 3.21.0' +gem 'rouge', '~> 3.21' gem 'truncato', '~> 0.7.11' -gem 'bootstrap_form', '~> 4.2.0' -gem 'nokogiri', '~> 1.10.9' +gem 'bootstrap_form', '~> 4.2' +gem 'nokogiri', '~> 1.10', '>= 1.10.9' gem 'escape_utils', '~> 1.1' # Calendar rendering @@ -169,7 +169,7 @@ gem 'diff_match_patch', '~> 0.1.0' # Application server -gem 'rack', '~> 2.0.9' +gem 'rack', '~> 2.0', '>= 2.0.9' # https://github.com/sharpstone/rack-timeout/blob/master/README.md#rails-apps-manually gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base' @@ -190,13 +190,13 @@ gem 'acts-as-taggable-on', '~> 6.0' # Background jobs -gem 'sidekiq', '~> 5.2.7' +gem 'sidekiq', '~> 5.2', '>= 5.2.7' gem 'sidekiq-cron', '~> 1.0' -gem 'redis-namespace', '~> 1.7.0' +gem 'redis-namespace', '~> 1.7' gem 'gitlab-sidekiq-fetcher', '0.5.2', require: 'sidekiq-reliable-fetch' # Cron Parser -gem 'fugit', '~> 1.2.1' +gem 'fugit', '~> 1.2', '>= 1.2.1' # HTTP requests gem 'httparty', '~> 0.16.4' @@ -208,14 +208,14 @@ gem 'ruby-progressbar' # GitLab settings -gem 'settingslogic', '~> 2.0.9' +gem 'settingslogic', '~> 2.0', '>= 2.0.9' # Linear-time regex library for untrusted regular expressions -gem 're2', '~> 1.2.0' +gem 're2', '~> 1.2' # Misc -gem 'version_sorter', '~> 2.2.4' +gem 'version_sorter', '~> 2.2', '>= 2.2.4' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.4' @@ -228,23 +228,23 @@ gem 'connection_pool', '~> 2.0' # Redis session store -gem 'redis-rails', '~> 5.0.2' +gem 'redis-rails', '~> 5.0', '>= 5.0.2' # Discord integration gem 'discordrb-webhooks-blackst0ne', '~> 3.3', require: false # HipChat integration -gem 'hipchat', '~> 1.5.0' +gem 'hipchat', '~> 1.5' # Jira integration -gem 'jira-ruby', '~> 2.0.0' +gem 'jira-ruby', '~> 2.0' gem 'atlassian-jwt', '~> 0.2.0' # Flowdock integration gem 'flowdock', '~> 0.7' # Slack integration -gem 'slack-messenger', '~> 2.3.3' +gem 'slack-messenger', '~> 2.3', '>= 2.3.3' # Hangouts Chat integration gem 'hangouts-chat', '~> 0.0.5' @@ -256,11 +256,11 @@ gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration -gem 'kubeclient', '~> 4.6.0' +gem 'kubeclient', '~> 4.6' # Sanitize user input gem 'sanitize', '~> 5.2.1' -gem 'babosa', '~> 1.0.2' +gem 'babosa', '~> 1.0', '>= 1.0.2' # Sanitizes SVG input gem 'loofah', '~> 2.2' @@ -269,7 +269,7 @@ gem 'licensee', '~> 8.9' # Ace editor -gem 'ace-rails-ap', '~> 4.1.0' +gem 'ace-rails-ap', '~> 4.1' # Detect and convert string character encoding gem 'charlock_holmes', '~> 0.7.5' @@ -287,8 +287,8 @@ gem 'webpack-rails', '~> 0.9.10' gem 'rack-proxy', '~> 0.6.0' -gem 'sassc-rails', '~> 2.1.0' -gem 'uglifier', '~> 2.7.2' +gem 'sassc-rails', '~> 2.1' +gem 'uglifier', '~> 2.7', '>= 2.7.2' gem 'addressable', '~> 2.7' gem 'font-awesome-rails', '~> 4.7' @@ -300,24 +300,24 @@ gem "gitlab-license", "~> 1.0" # Protect against bruteforcing -gem 'rack-attack', '~> 6.3.0' +gem 'rack-attack', '~> 6.3' # Sentry integration gem 'sentry-raven', '~> 3.0' -gem 'premailer-rails', '~> 1.10.3' +gem 'premailer-rails', '~> 1.10', '>= 1.10.3' # LabKit: Tracing and Correlation -gem 'gitlab-labkit', '0.12.1' +gem 'gitlab-labkit', '~> 0.12.1' # I18n gem 'ruby_parser', '~> 3.8', require: false gem 'rails-i18n', '~> 6.0' -gem 'gettext_i18n_rails', '~> 1.8.0' +gem 'gettext_i18n_rails', '~> 1.8' gem 'gettext_i18n_rails_js', '~> 1.3' gem 'gettext', '~> 3.3', require: false, group: :development -gem 'batch-loader', '~> 1.4.0' +gem 'batch-loader', '~> 1.4' # Perf bar gem 'peek', '~> 1.1' @@ -348,30 +348,30 @@ end group :development, :test do - gem 'bullet', '~> 6.1.0' - gem 'pry-byebug', '~> 3.9.0', platform: :mri + gem 'bullet', '~> 6.1' + gem 'pry-byebug', '~> 3.9', platform: :mri gem 'pry-rails', '~> 0.3.9' gem 'awesome_print', require: false - gem 'database_cleaner', '~> 1.7.0' - gem 'factory_bot_rails', '~> 5.1.0' - gem 'rspec-rails', '~> 4.0.0' + gem 'database_cleaner', '~> 1.7' + gem 'factory_bot_rails', '~> 5.1', '>= 5.1.0' + gem 'rspec-rails', '~> 4.0' # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) - gem 'minitest', '~> 5.11.0' + gem 'minitest', '~> 5.11' # Generate Fake data gem 'ffaker', '~> 2.10' - gem 'spring', '~> 2.0.0' - gem 'spring-commands-rspec', '~> 1.0.4' + gem 'spring', '~> 2.0' + gem 'spring-commands-rspec', '~> 1.0', '>= 1.0.4' - gem 'gitlab-styles', '~> 4.3.0', require: false + gem 'gitlab-styles', '~> 4.3', require: false # Pin these dependencies, otherwise a new rule could break the CI pipelines - gem 'rubocop', '~> 0.82.0' - gem 'rubocop-performance', '~> 1.5.2' - gem 'rubocop-rspec', '~> 1.37.0' + gem 'rubocop', '~> 0.82' + gem 'rubocop-performance', '~> 1.5', '>= 1.5.2' + gem 'rubocop-rspec', '~> 1.37' gem 'scss_lint', '~> 0.56.0', require: false gem 'haml_lint', '~> 0.34.0', require: false @@ -379,11 +379,11 @@ gem 'simplecov-cobertura', '~> 1.3.1', require: false gem 'bundler-audit', '~> 0.6.1', require: false - gem 'benchmark-ips', '~> 2.3.0', require: false + gem 'benchmark-ips', '~> 2.3', require: false gem 'knapsack', '~> 1.17' - gem 'simple_po_parser', '~> 1.1.2', require: false + gem 'simple_po_parser', '~> 1.1', '>= 1.1.2', require: false gem 'timecop', '~> 0.9.1' @@ -400,18 +400,18 @@ end group :test do - gem 'fuubar', '~> 2.2.0' + gem 'fuubar', '~> 2.2' gem 'rspec-retry', '~> 0.6.1' gem 'rspec_profiling', '~> 0.0.5' gem 'rspec-parameterized', require: false - gem 'capybara', '~> 3.33.0' - gem 'capybara-screenshot', '~> 1.0.22' + gem 'capybara', '~> 3.33' + gem 'capybara-screenshot', '~> 1.0', '>= 1.0.22' gem 'selenium-webdriver', '~> 3.142' - gem 'shoulda-matchers', '~> 4.0.1', require: false - gem 'email_spec', '~> 2.2.0' - gem 'webmock', '~> 3.5.1' + gem 'shoulda-matchers', '~> 4.0', '>= 4.0.1', require: false + gem 'email_spec', '~> 2.2' + gem 'webmock', '~> 3.5', '>= 3.5.1' gem 'rails-controller-testing' gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.12.0' @@ -430,7 +430,7 @@ gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' -gem 'ruby-prof', '~> 1.3.0' +gem 'ruby-prof', '~> 1.3' gem 'stackprof', '~> 0.2.15', require: false gem 'rbtrace', '~> 0.4', require: false gem 'memory_profiler', '~> 0.9', require: false @@ -444,8 +444,8 @@ gem 'health_check', '~> 3.0' # System information -gem 'vmstat', '~> 2.3.0' -gem 'sys-filesystem', '~> 1.1.6' +gem 'vmstat', '~> 2.3' +gem 'sys-filesystem', '~> 1.1', '>= 1.1.6' # NTP client gem 'net-ntp' @@ -461,13 +461,13 @@ end # Gitaly GRPC protocol definitions -gem 'gitaly', '~> 13.3.0-rc1' +gem 'gitaly', '~> 13.3' gem 'grpc', '~> 1.30.2' gem 'google-protobuf', '~> 3.12' -gem 'toml-rb', '~> 1.0.0' +gem 'toml-rb', '~> 1.0' # Feature toggles gem 'flipper', '~> 0.17.1' @@ -485,12 +485,12 @@ # Countries list gem 'countries', '~> 3.0' -gem 'retriable', '~> 3.1.2' +gem 'retriable', '~> 3.1', '>= 3.1.2' # LRU cache gem 'lru_redux' -gem 'erubi', '~> 1.9.0' +gem 'erubi', '~> 1.9' # Locked as long as quoted-printable encoding issues are not resolved # Monkey-patched in `config/initializers/mail_encoding_patch.rb` @@ -504,11 +504,11 @@ gem 'valid_email', '~> 0.1' # JSON -gem 'json', '~> 2.3.0' -gem 'json-schema', '~> 2.8.0' +gem 'json', '~> 2.3' +gem 'json-schema', '~> 2.8' gem 'json_schemer', '~> 0.2.12' -gem 'oj', '~> 3.10.6' -gem 'multi_json', '~> 1.14.1' -gem 'yajl-ruby', '~> 1.4.1', require: 'yajl' +gem 'oj', '~> 3.10', '>= 3.10.6' +gem 'multi_json', '~> 1.14', '>= 1.14.1' +gem 'yajl-ruby', '~> 1.4', '>= 1.4.1', require: 'yajl' gem 'webauthn', '~> 2.3'