We should be able to update minor versions of stable libs without breaking gitlab Gemfile --- a/Gemfile +++ b/Gemfile @@ -13,9 +13,9 @@ # NOTE: When incrementing the major or minor version here, also increment activerecord_version # in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve # https://gitlab.com/gitlab-org/gitlab/-/issues/375713 -gem 'rails', '~> 6.1.6.1' +gem 'rails', '~> 6.1.6', '>= 6.1.6.1' -gem 'bootsnap', '~> 1.13.0', require: false +gem 'bootsnap', '~> 1.13', require: false # Pin openssl to match the version bundled with our supported Rubies. # See https://stdgems.org/openssl/#gem-version. @@ -29,55 +29,55 @@ # Responders respond_to and respond_with gem 'responders', '~> 3.0' -gem 'sprockets', '~> 3.7.0' +gem 'sprockets', '~> 3.7' -gem 'view_component', '~> 2.71.0' +gem 'view_component', '~> 2.71' # Default values for AR models -gem 'default_value_for', '~> 3.4.0' +gem 'default_value_for', '~> 3.4' # Supported DBs -gem 'pg', '~> 1.4.3' +gem 'pg', '~> 1.4', '>= 1.4.3' gem 'rugged', '~> 1.2' -gem 'grape-path-helpers', '~> 1.7.1' +gem 'grape-path-helpers', '~> 1.7', '>= 1.7.1' gem 'faraday', '~> 1.0' -gem 'marginalia', '~> 1.11.1' +gem 'marginalia', '~> 1.11', '>= 1.11.1' # Authorization -gem 'declarative_policy', '~> 1.1.0' +gem 'declarative_policy', '~> 1.1' # Authentication libraries -gem 'devise', '~> 4.8.1' +gem 'devise', '~> 4.8', '>= 4.8.1' gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable' gem 'bcrypt', '~> 3.1', '>= 3.1.14' -gem 'doorkeeper', '~> 5.5.0.rc2' -gem 'doorkeeper-openid_connect', '~> 1.7.5' -gem 'rexml', '~> 3.2.5' -gem 'ruby-saml', '~> 1.13.0' -gem 'omniauth', '~> 2.1.0' -gem 'omniauth-auth0', '~> 2.0.0' +gem 'doorkeeper', '~> 5.5' +gem 'doorkeeper-openid_connect', '~> 1.7','>= 1.7.5' +gem 'rexml', '~> 3.2','>= 3.2.5' +gem 'ruby-saml', '~> 1.13' +gem 'omniauth', '~> 2.1' +gem 'omniauth-auth0', '~> 2.0' gem 'omniauth-azure-activedirectory-v2', '~> 2.0' gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md gem 'omniauth-dingtalk-oauth2', '~> 1.0' -gem 'omniauth-alicloud', '~> 2.0.0' -gem 'omniauth-facebook', '~> 4.0.0' -gem 'omniauth-github', '2.0.1' +gem 'omniauth-alicloud', '~> 2.0' +gem 'omniauth-facebook', '~> 4.0' +gem 'omniauth-github', '~> 2.0', '>= 2.0.1' gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md gem 'omniauth-google-oauth2', '~> 1.1' gem 'omniauth-oauth2-generic', '~> 0.2.2' -gem 'omniauth-saml', '~> 2.0.0' -gem 'omniauth-shibboleth', '~> 1.3.0' +gem 'omniauth-saml', '~> 2.0' +gem 'omniauth-shibboleth', '~> 1.3' gem 'omniauth-twitter', '~> 1.4' -gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md +gem 'omniauth_crowd', '~> 2.4', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md gem 'omniauth-authentiq', '~> 0.3.3' gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect' gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md gem 'omniauth-atlassian-oauth2', '~> 0.2.0' -gem 'rack-oauth2', '~> 1.21.3' -gem 'jwt', '~> 2.1.0' +gem 'rack-oauth2', '~> 1.21', '>= 1.21.3' +gem 'jwt', '~> 2.1' # Kerberos authentication. EE-only gem 'gssapi', group: :kerberos @@ -86,17 +86,17 @@ # Spam and anti-bot protection gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails' gem 'akismet', '~> 3.0' -gem 'invisible_captcha', '~> 1.1.0' +gem 'invisible_captcha', '~> 1.1' # Two-factor authentication -gem 'devise-two-factor', '~> 4.0.2' +gem 'devise-two-factor', '~> 4.0', '>= 4.0.2' gem 'rqrcode-rails3', '~> 0.1.7' gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted' gem 'u2f', '~> 0.2.1' # GitLab Pages -gem 'validates_hostname', '~> 1.0.11' -gem 'rubyzip', '~> 2.3.2', require: 'zip' +gem 'validates_hostname', '~> 1.0', '>= 1.0.11' +gem 'rubyzip', '~> 2.0', '>= 2.3.2', require: 'zip' # GitLab Pages letsencrypt support gem 'acme-client', '~> 2.0' @@ -107,25 +107,25 @@ gem 'ohai', '~> 16.10' # GPG -gem 'gpgme', '~> 2.0.19' +gem 'gpgme', '~> 2.0','>= 2.0.19' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master -gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap' +gem 'gitlab_omniauth-ldap', '~> 2.2', require: 'omniauth-ldap' gem 'net-ldap', '~> 0.16.3' # API -gem 'grape', '~> 1.5.2' +gem 'grape', '~> 1.5','>= 1.5.2' gem 'grape-entity', '~> 0.10.0' -gem 'rack-cors', '~> 1.1.1', require: 'rack/cors' +gem 'rack-cors', '~> 1.1', '>= 1.1.1', require: 'rack/cors' gem 'grape-swagger', '~>1.5.0', group: [:development, :test] gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test] # GraphQL API -gem 'graphql', '~> 1.13.12' +gem 'graphql', '~> 1.13', '>= 1.13.12' gem 'graphiql-rails', '~> 1.8' -gem 'apollo_upload_server', '~> 2.1.0' +gem 'apollo_upload_server', '~> 2.1' gem 'graphql-docs', '~> 2.1.0', group: [:development, :test] gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import) @@ -137,23 +137,23 @@ gem 'kaminari', '~> 1.0' # HAML -gem 'hamlit', '~> 2.15.0' +gem 'hamlit', '~> 2.15' # Files attachments gem 'carrierwave', '~> 1.3' -gem 'mini_magick', '~> 4.10.1' +gem 'mini_magick', '~> 4.10','>= 4.10.1' # for backups gem 'fog-aws', '~> 3.14' # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421. # Also see config/initializers/fog_core_patch.rb. -gem 'fog-core', '= 2.1.0' +gem 'fog-core', '= 2.1' gem 'fog-google', '~> 1.15', require: 'fog/google' gem 'fog-local', '~> 0.6' gem 'fog-openstack', '~> 1.0' gem 'fog-rackspace', '~> 0.1.1' gem 'fog-aliyun', '~> 0.3' -gem 'gitlab-fog-azure-rm', '~> 1.3.0', require: 'fog/azurerm' +gem 'gitlab-fog-azure-rm', '~> 1.3', require: 'fog/azurerm' # for Google storage gem 'google-api-client', '~> 0.33' @@ -162,38 +162,38 @@ gem 'unf', '~> 0.1.4' # Seed data -gem 'seed-fu', '~> 2.3.7' +gem 'seed-fu', '~> 2.3','>= 2.3.7' # Search gem 'elasticsearch-model', '~> 7.2' gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' -gem 'elasticsearch-api', '7.13.3' -gem 'aws-sdk-core', '~> 3.159.0' +gem 'elasticsearch-api', '~> 7.13', '>= 7.13.3' +gem 'aws-sdk-core', '~> 3.159' gem 'aws-sdk-cloudformation', '~> 1' -gem 'aws-sdk-s3', '~> 1.114.0' +gem 'aws-sdk-s3', '~> 1.114' gem 'faraday_middleware-aws-sigv4', '~>0.3.0' -gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections +gem 'typhoeus', '~> 1.4' # Used with Elasticsearch to support http keep-alive connections # Markdown and HTML processing -gem 'html-pipeline', '~> 2.13.2' -gem 'deckar01-task_list', '2.3.1' -gem 'gitlab-markup', '~> 1.8.0' -gem 'github-markup', '~> 1.7.0', require: 'github/markup' +gem 'html-pipeline', '~> 2.13','>= 2.13.2' +gem 'deckar01-task_list', '~> 2.3','>= 2.3.1' +gem 'gitlab-markup', '~> 1.8' +gem 'github-markup', '~> 1.7', require: 'github/markup' gem 'commonmarker', '~> 0.23.6' -gem 'kramdown', '~> 2.3.1' -gem 'RedCloth', '~> 4.3.2' -gem 'rdoc', '~> 6.3.2' +gem 'kramdown', '~> 2.3','>= 2.3.1' +gem 'RedCloth', '~> 4.3','>= 4.3.2' +gem 'rdoc', '~> 6.3','>= 6.3.2' gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' -gem 'wikicloth', '0.8.1' -gem 'asciidoctor', '~> 2.0.17' +gem 'wikicloth', '~> 0.8.1' +gem 'asciidoctor', '~> 2.0', '>= 2.0.17' gem 'asciidoctor-include-ext', '~> 0.4.0', require: false gem 'asciidoctor-plantuml', '~> 0.0.16' gem 'asciidoctor-kroki', '~> 0.5.0', require: false -gem 'rouge', '~> 3.30.0' +gem 'rouge', '~> 3.30' gem 'truncato', '~> 0.7.12' -gem 'bootstrap_form', '~> 4.2.0' -gem 'nokogiri', '~> 1.13.8' +gem 'bootstrap_form', '~> 4.2' +gem 'nokogiri', '~> 1.3', '>= 1.13.8' # Calendar rendering gem 'icalendar' @@ -203,12 +203,12 @@ gem 'diff_match_patch', '~> 0.1.0' # Application server -gem 'rack', '~> 2.2.4' +gem 'rack', '~> 2.2', '>= 2.2.4' # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base' group :puma do - gem 'puma', '~> 5.6.5', require: false + gem 'puma', '~> 5.6', '>= 5.6.5', require: false gem 'puma_worker_killer', '~> 0.3.1', require: false gem 'sd_notify', '~> 0.1.0', require: false end @@ -220,13 +220,13 @@ gem 'acts-as-taggable-on', '~> 9.0' # Background jobs -gem 'sidekiq', '~> 6.4.0' -gem 'sidekiq-cron', '~> 1.8.0' -gem 'redis-namespace', '~> 1.9.0' +gem 'sidekiq', '~> 6.4' +gem 'sidekiq-cron', '~> 1.8' +gem 'redis-namespace', '~> 1.9' gem 'gitlab-sidekiq-fetcher', '0.8.0', require: 'sidekiq-reliable-fetch' # Cron Parser -gem 'fugit', '~> 1.2.1' +gem 'fugit', '~> 1.2','>= 1.2.1' # HTTP requests gem 'httparty', '~> 0.16.4' @@ -238,14 +238,14 @@ gem 'ruby-progressbar', '~> 1.10' # GitLab settings -gem 'settingslogic', '~> 2.0.9' +gem 'settingslogic', '~> 2.0', '>= 2.0.9' # Linear-time regex library for untrusted regular expressions -gem 're2', '~> 1.5.0' +gem 're2', '~> 1.5' # Misc -gem 'version_sorter', '~> 2.2.4' +gem 'version_sorter', '~> 2.2', '>= 2.2.4' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.7' @@ -254,24 +254,24 @@ gem 'device_detector' # Redis -gem 'redis', '~> 4.7.0' +gem 'redis', '~> 4.7' gem 'connection_pool', '~> 2.0' # Redis session store -gem 'redis-actionpack', '~> 5.3.0' +gem 'redis-actionpack', '~> 5.3' # Discord integration gem 'discordrb-webhooks', '~> 3.4', require: false # Jira integration -gem 'jira-ruby', '~> 2.1.4' +gem 'jira-ruby', '~> 2.1', '>= 2.1.4' gem 'atlassian-jwt', '~> 0.2.0' # Flowdock integration gem 'flowdock', '~> 0.7' # Slack integration -gem 'slack-messenger', '~> 2.3.4' +gem 'slack-messenger', '~> 2.3', '>= 2.3.4' # Hangouts Chat integration gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat' @@ -283,14 +283,14 @@ gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration -gem 'kubeclient', '~> 4.9.3' +gem 'kubeclient', '~> 4.9','>= 4.9.3' # Sanitize user input gem 'sanitize', '~> 6.0' -gem 'babosa', '~> 1.0.4' +gem 'babosa', '~> 1.0','>= 1.0.4' # Sanitizes SVG input -gem 'loofah', '~> 2.19.0' +gem 'loofah', '~> 2.19' # Working with license # Detects the open source license the repository includes @@ -312,32 +312,32 @@ gem 'rack-proxy', '~> 0.7.4' -gem 'sassc-rails', '~> 2.1.0' -gem 'autoprefixer-rails', '10.2.5.1' -gem 'terser', '1.0.2' +gem 'sassc-rails', '~> 2.1' +gem 'autoprefixer-rails', '~> 10.2', '>= 10.2.5.1' +gem 'terser', '~> 1.0','>= 1.0.2' gem 'addressable', '~> 2.8' gem 'tanuki_emoji', '~> 0.6' -gem 'gon', '~> 6.4.0' +gem 'gon', '~> 6.4' gem 'request_store', '~> 1.5' gem 'base32', '~> 0.3.0' -gem 'gitlab-license', '~> 2.2.1' +gem 'gitlab-license', '~> 2.2','>= 2.2.1' # Protect against bruteforcing -gem 'rack-attack', '~> 6.6.1' +gem 'rack-attack', '~> 6.6','>= 6.6.1' # Sentry integration gem 'sentry-raven', '~> 3.1' -gem 'sentry-ruby', '~> 5.1.1' -gem 'sentry-rails', '~> 5.1.1' -gem 'sentry-sidekiq', '~> 5.1.1' +gem 'sentry-ruby', '~> 5.1', '>= 5.1.1' +gem 'sentry-rails', '~> 5.1', '>= 5.1.1' +gem 'sentry-sidekiq', '~> 5.1', '>= 5.1.1' # PostgreSQL query parsing # -gem 'pg_query', '~> 2.1.4' +gem 'pg_query', '~> 2.1', '>= 2.1.4' -gem 'premailer-rails', '~> 1.10.3' +gem 'premailer-rails', '~> 1.10','>= 1.10.3' # LabKit: Tracing and Correlation gem 'gitlab-labkit', '~> 0.24.0' @@ -346,11 +346,11 @@ # I18n gem 'ruby_parser', '~> 3.15', require: false gem 'rails-i18n', '~> 7.0' -gem 'gettext_i18n_rails', '~> 1.8.0' +gem 'gettext_i18n_rails', '~> 1.8' gem 'gettext_i18n_rails_js', '~> 1.3' gem 'gettext', '~> 3.3', require: false, group: :development -gem 'batch-loader', '~> 2.0.1' +gem 'batch-loader', '~> 2.0', '>= 2.0.1' # Perf bar gem 'peek', '~> 1.1' @@ -359,10 +359,10 @@ gem 'snowplow-tracker', '~> 0.6.1' # Metrics -gem 'webrick', '~> 1.6.1', require: false +gem 'webrick', '~> 1.6', '>= 1.6.1', require: false gem 'prometheus-client-mmap', '~> 0.16', require: 'prometheus/client' -gem 'warning', '~> 1.3.0' +gem 'warning', '~> 1.3' group :development do gem 'lefthook', '~> 1.1.3', require: false @@ -444,24 +444,24 @@ end group :test do - gem 'fuubar', '~> 2.2.0' + gem 'fuubar', '~> 2.2' gem 'rspec-retry', '~> 0.6.1' gem 'rspec_profiling', '~> 0.0.6' gem 'rspec-benchmark', '~> 0.6.0' gem 'rspec-parameterized', require: false - gem 'capybara', '~> 3.35.3' - gem 'capybara-screenshot', '~> 1.0.22' - gem 'selenium-webdriver', '~> 3.142' - - gem 'graphlyte', '~> 1.0.0' - - gem 'shoulda-matchers', '~> 5.1.0', require: false - gem 'email_spec', '~> 2.2.0' - gem 'webmock', '~> 3.9.1' + gem 'capybara', '~> 3.35', '~> 3.35.3' + gem 'capybara-screenshot', '~> 1.0', '>= 1.0.22' + gem 'selenium-webdriver', '~> 3.1','>= 3.142' + + gem 'graphlyte', '~> 1.0' + + gem 'shoulda-matchers', '~> 5.1', require: false + gem 'email_spec', '~> 2.2' + gem 'webmock', '~> 3.9', '>= 3.9.1' gem 'rails-controller-testing' gem 'concurrent-ruby', '~> 1.1' - gem 'test-prof', '~> 1.0.7' + gem 'test-prof', '~> 1.0', '>= 1.0.7' gem 'rspec_junit_formatter' gem 'guard-rspec' @@ -490,8 +490,8 @@ gem 'health_check', '~> 3.0' # System information -gem 'vmstat', '~> 2.3.0' -gem 'sys-filesystem', '~> 1.4.3' +gem 'vmstat', '~> 2.3' +gem 'sys-filesystem', '~> 1.4', '>= 1.4.3' # NTP client gem 'net-ntp' @@ -500,15 +500,15 @@ gem 'ssh_data', '~> 1.3' # Spamcheck GRPC protocol definitions -gem 'spamcheck', '~> 1.0.0' +gem 'spamcheck', '~> 1.0' # Gitaly GRPC protocol definitions -gem 'gitaly', '~> 15.4.0-rc2' +gem 'gitaly', '~> 15.4' # KAS GRPC protocol definitions gem 'kas-grpc', '~> 0.0.2' -gem 'grpc', '~> 1.42.0' +gem 'grpc', '~> 1.42' gem 'google-protobuf', '~> 3.21' @@ -518,7 +518,7 @@ gem 'flipper', '~> 0.25.0' gem 'flipper-active_record', '~> 0.25.0' gem 'flipper-active_support_cache_store', '~> 0.25.0' -gem 'unleash', '~> 3.2.2' +gem 'unleash', '~> 3.2', '>= 3.2.2' gem 'gitlab-experiment', '~> 0.7.1' # Structured logging @@ -551,12 +551,11 @@ gem 'valid_email', '~> 0.1' # JSON -gem 'json', '~> 2.5.1' +gem 'json', '~> 2.5', '>= 2.5.1' gem 'json_schemer', '~> 0.2.18' -gem 'oj', '~> 3.13.21' -gem 'multi_json', '~> 1.14.1' -gem 'yajl-ruby', '~> 1.4.3', require: 'yajl' - +gem 'oj', '~> 3.13', '>= 3.13.20' +gem 'multi_json', '~> 1.14', '>= 1.14.1' +gem 'yajl-ruby', '~> 1.4','>= 1.4.3', require: 'yajl' gem 'webauthn', '~> 2.3' # IPAddress utilities @@ -566,14 +565,14 @@ gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff' -gem 'ed25519', '~> 1.3.0' +gem 'ed25519', '~> 1.3' # Error Tracking OpenAPI client # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature gem 'error_tracking_open_api', path: 'vendor/gems/error_tracking_open_api' # Vulnerability advisories -gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite' +gem 'cvss-suite', '~> 3.0','>= 3.0.1', require: 'cvss_suite' # Work with RPM packages gem 'arr-pm', '~> 0.0.12'