diff --git a/Gemfile b/Gemfile index 0070b6d2303..e3d8996f7a3 100644 --- a/Gemfile +++ b/Gemfile @@ -31,10 +31,10 @@ source 'https://rubygems.org' ruby '2.3.1' gem 'rails', '~> 5.0.0' -gem 'actionpack-xml_parser' -gem 'activemodel-serializers-xml' +gem 'actionpack-xml_parser', '~> 2.0.0' +gem 'activemodel-serializers-xml', '~> 1.0.1' gem 'activerecord-session_store', '~> 1.0.0' -gem 'responders', '~> 2.0' +gem 'responders', '~> 2.3' gem 'coderay', '~> 1.1.0' gem 'rubytree', '~> 0.9.7' @@ -42,7 +42,7 @@ gem 'rdoc', '>= 2.4.2' gem 'globalize', github: 'globalize/globalize', ref: '38443bcd' gem 'omniauth', github: 'oliverguenther/omniauth' -gem 'request_store', '~> 1.3.0' +gem 'request_store', '~> 1.3.1' gem 'gravatar_image_tag', '~> 1.2.0' gem 'warden', '~> 1.2' @@ -88,20 +88,19 @@ gem 'bcrypt', '~> 3.1.6' # This can be removed as soon as said bugfix is integrated into rabl itself. # See: config/initializers/rabl_hack.rb gem 'rabl', '~> 0.13.0' -gem 'multi_json', '~> 1.11.0' +gem 'multi_json', '~> 1.12.1' gem 'oj', '~> 2.17.4' gem 'delayed_job_active_record', '~> 4.1.1' gem 'daemons' -# include custom rack-protection for now until rkh/rack-protection is fixed and released -# (see https://community.openproject.org/work_packages/3029) gem 'rack-protection', '~> 2.0.0.beta2' # Rack::Attack is a rack middleware to protect your web app from bad clients. -# It allows whitelisting, blacklisting, throttling, and tracking based on arbitrary properties of the request. +# It allows whitelisting, blacklisting, throttling, and tracking based +# on arbitrary properties of the request. # https://github.com/kickstarter/rack-attack -gem 'rack-attack' +gem 'rack-attack', '~> 5.0.1' # Patch Rails HTML whitelisting for Angular curly braces gem 'rails-angular-xss', github: 'opf/rails-angular-xss' @@ -113,7 +112,8 @@ gem 'gon', '~> 4.0' # don't require by default, instead load on-demand when actually configured gem 'airbrake', '~> 5.1.0', require: false -gem 'transactional_lock', git: 'https://github.com/finnlabs/transactional_lock.git', branch: 'master' +gem 'transactional_lock', git: 'https://github.com/finnlabs/transactional_lock.git', + branch: 'master' gem 'prawn', '~> 2.1' gem 'prawn-table', '~> 0.2.2' @@ -131,12 +131,12 @@ end gem 'sprockets', '~> 3.7.0' gem 'sass-rails', '~> 5.0.6' gem 'sass', '~> 3.4.12' -gem 'autoprefixer-rails' +gem 'autoprefixer-rails', '~> 6.4.1' gem 'bourbon', '~> 4.2.0' gem 'i18n-js', '>= 3.0.0.rc13' # small wrapper around the command line -gem 'cocaine' +gem 'cocaine', '~> 0.5.8' # required by Procfile, for deployment on heroku or packaging with packager.io. # also, better than thin since we can control worker concurrency. @@ -188,7 +188,7 @@ group :test do gem 'selenium-webdriver', '~> 2.53.4' gem 'poltergeist', '~> 1.10.0' gem 'timecop', '~> 0.8' - gem 'webmock', '~> 1.24.2', require: false + gem 'webmock', '~> 2.1.0', require: false gem 'simplecov', '~> 0.12.0', require: false gem 'shoulda-matchers', '~> 3.1', require: nil @@ -222,7 +222,7 @@ group :development do end # API gems -gem 'grape', '~> 0.14' +gem 'grape', '~> 0.17' gem 'grape-cache_control', '~> 1.0.1' gem 'roar', '~> 1.0.0' @@ -252,7 +252,8 @@ end group :opf_plugins do # TODO: switch to dev branch again after feature/rails5 has been merged in translations - gem 'openproject-translations', git: 'https://github.com/opf/openproject-translations.git', branch: 'feature/rails5' + gem 'openproject-translations', git: 'https://github.com/opf/openproject-translations.git', + branch: 'feature/rails5' end # TODO: Make this group :optional when bundler v10.x @@ -269,7 +270,8 @@ group :docker do end # Load Gemfile.local, Gemfile.plugins, plugins', and custom Gemfiles -gemfiles = Dir.glob File.expand_path('../{Gemfile.local,Gemfile.plugins,lib/plugins/*/Gemfile}', __FILE__) +gemfiles = Dir.glob File.expand_path('../{Gemfile.local,Gemfile.plugins,lib/plugins/*/Gemfile}', + __FILE__) gemfiles << ENV['CUSTOM_PLUGIN_GEMFILE'] unless ENV['CUSTOM_PLUGIN_GEMFILE'].nil? gemfiles.each do |file| next unless File.readable?(file) diff --git a/Gemfile.lock b/Gemfile.lock index c48086cc9fa..ee985b0d00e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -34,17 +34,17 @@ GIT GIT remote: git://github.com/opf/rails-angular-xss.git - revision: 1dfeffe62b40965922c5b46a4b78695086d2d4f4 + revision: 5f5622ec7b592e890e0d8ae8dbf786cf61ea2d24 specs: rails-angular-xss (0.2.0.pre.pre) rails (>= 5.0.0, < 5.1) GIT remote: https://github.com/carrierwaveuploader/carrierwave - revision: b31f7ce006bade550be0ad946d0b993b799358e3 + revision: c45699c318ca895f89fa3304204e48b5f1c411f1 branch: master specs: - carrierwave (0.11.0) + carrierwave (1.0.0.beta) activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) @@ -65,7 +65,7 @@ GIT GIT remote: https://github.com/opf/openproject-translations.git - revision: c0b9604210e7bfb2d3e3ddae0d847c27df593966 + revision: ecfd00e08036dabfc615311dc690a45da9259813 branch: feature/rails5 specs: openproject-translations (6.1.0) @@ -85,7 +85,7 @@ GIT GIT remote: https://github.com/rspec/rspec-activemodel-mocks - revision: 14da7397f4c1f297fa9b8be3519419ba9b881577 + revision: 5cd4c9d552bcc75d60ea4b7dda96e7377197ab8d specs: rspec-activemodel-mocks (1.0.3) activemodel (>= 3.0) @@ -154,9 +154,9 @@ GEM airbrake (5.1.0) airbrake-ruby (~> 1.1) airbrake-ruby (1.2.0) - arel (7.1.1) - ast (2.2.0) - autoprefixer-rails (6.4.1) + arel (7.1.2) + ast (2.3.0) + autoprefixer-rails (6.4.1.1) execjs awesome_nested_set (3.1.1) activerecord (>= 4.0.0, < 5.1) @@ -164,10 +164,10 @@ GEM descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) - bcrypt (3.1.10) + bcrypt (3.1.11) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) - bourbon (4.2.6) + bourbon (4.2.7) sass (~> 3.4) thor (~> 0.19) builder (3.2.2) @@ -183,7 +183,7 @@ GEM capybara-screenshot (1.0.13) capybara (>= 1.0, < 3) launchy - cells (4.1.2) + cells (4.1.3) tilt (>= 1.4, < 3) uber (>= 0.0.9) cells-erb (0.0.8) @@ -229,7 +229,7 @@ GEM nokogiri (~> 1.5) railties (>= 3, < 5.1) cucumber-wire (0.0.1) - daemons (1.2.3) + daemons (1.2.4) dalli (2.7.6) database_cleaner (1.5.3) date_validator (0.9.0) @@ -248,7 +248,6 @@ GEM representable (~> 2.0) uber docile (1.1.5) - unf (>= 0.0.5, < 1.0.0) domain_name (0.5.20160826) unf (>= 0.0.5, < 1.0.0) enumerable-lazy (0.0.1) @@ -258,24 +257,24 @@ GEM erbse (0.0.2) erubis (2.7.0) eventmachine (1.2.0.1) - excon (0.48.0) + excon (0.52.0) execjs (2.7.0) factory_girl (4.7.0) activesupport (>= 3.0.0) factory_girl_rails (4.7.0) factory_girl (~> 4.7.0) railties (>= 3.0.0) - faker (1.6.3) + faker (1.6.6) i18n (~> 0.5) - ffi (1.9.10) - fog-aws (0.9.1) - fog-core (~> 1.27) + ffi (1.9.14) + fog-aws (0.11.0) + fog-core (~> 1.38) fog-json (~> 1.0) fog-xml (~> 0.1) ipaddress (~> 0.8) - fog-core (1.36.0) + fog-core (1.42.0) builder - excon (~> 0.45) + excon (~> 0.49) formatador (~> 0.2) fog-json (1.0.2) fog-core (~> 1.0) @@ -308,18 +307,18 @@ GEM gravatar_image_tag (1.2.0) hashdiff (0.3.0) hashie (3.4.4) - health_check (1.5.1) - rails (>= 2.3.0) + health_check (2.2.1) + rails (>= 4.0) htmldiff (0.0.1) http-cookie (1.0.2) domain_name (~> 0.5) i18n (0.7.0) - i18n-js (3.0.0.rc13) + i18n-js (3.0.0.rc14) i18n (~> 0.6, >= 0.6.6) ice_nine (0.11.2) interception (0.5) ipaddress (0.8.3) - iso8601 (0.9.0) + iso8601 (0.9.1) json (1.8.3) json_spec (1.1.4) multi_json (~> 1.0) @@ -340,12 +339,12 @@ GEM mail (2.6.4) mime-types (>= 1.16, < 4) method_source (0.8.2) - mime-types (2.99.2) + mime-types (2.99.3) mini_portile2 (2.1.0) minisyntax (0.2.5) minitest (5.9.0) mixlib-shellout (2.1.0) - multi_json (1.11.3) + multi_json (1.12.1) multi_test (0.1.2) multi_xml (0.5.5) mustermann19 (0.4.4) @@ -353,18 +352,18 @@ GEM mysql2 (0.4.4) net-ldap (0.14.0) netrc (0.11.0) - newrelic_rpm (3.15.0.314) + newrelic_rpm (3.16.2.321) nio4r (1.2.1) nokogiri (1.6.8) mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) oj (2.17.4) - parallel (1.6.2) + parallel (1.9.0) parallel_tests (2.4.1) parallel - parser (2.3.0.6) + parser (2.3.1.2) ast (~> 2.2) - passenger (5.0.26) + passenger (5.0.30) rack rake (>= 0.8.1) pdf-core (0.6.1) @@ -403,7 +402,7 @@ GEM rack (2.0.1) rack-accept (0.4.5) rack (>= 0.4) - rack-attack (4.4.1) + rack-attack (5.0.1) rack rack-protection (2.0.0.beta2) rack @@ -443,7 +442,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (2.1.0) - raindrops (0.16.0) + raindrops (0.17.0) rake (11.2.2) rdoc (4.2.2) json (~> 1.4) @@ -458,14 +457,14 @@ GEM nokogiri uber (~> 0.0.7) request_store (1.3.1) - responders (2.1.1) + responders (2.3.0) railties (>= 4.2.0, < 5.1) rest-client (1.8.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) - roar (1.0.1) - representable (>= 2.0.1, <= 3.0.0) + roar (1.0.4) + representable (>= 2.0.1, < 2.4.0) rspec (3.5.0) rspec-core (~> 3.5.0) rspec-expectations (~> 3.5.0) @@ -489,8 +488,8 @@ GEM rspec-mocks (~> 3.5.0) rspec-support (~> 3.5.0) rspec-support (3.5.0) - rubocop (0.38.0) - parser (>= 2.3.0.6, < 3.0) + rubocop (0.42.0) + parser (>= 2.3.1.1, < 3.0) powerpack (~> 0.1) rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.7) @@ -499,11 +498,11 @@ GEM activesupport (>= 3.0.0) i18n iso8601 - ruby-progressbar (1.7.5) + ruby-progressbar (1.8.1) rubytree (0.9.7) json (~> 1.8) structured_warnings (~> 0.2) - rubyzip (1.1.7) + rubyzip (1.2.0) safe_yaml (1.0.4) sass (3.4.22) sass-rails (5.0.6) @@ -537,7 +536,7 @@ GEM structured_warnings (0.2.0) svg-graph (2.0.1) syck (1.0.5) - sys-filesystem (1.1.5) + sys-filesystem (1.1.7) ffi thin (1.7.0) daemons (~> 1.0, >= 1.0.9) @@ -546,20 +545,19 @@ GEM thor (0.19.1) thread_safe (0.3.5) tilt (2.0.5) - timecop (0.8.0) + timecop (0.8.1) ttfunk (1.4.0) tzinfo (1.2.2) thread_safe (~> 0.1) - tzinfo-data (1.2016.1) + tzinfo-data (1.2016.6) tzinfo (>= 1.0.0) uber (0.0.15) unf (0.1.4) unf_ext unf_ext (0.0.7.2) - unicode-display_width (1.0.2) - unicorn (5.0.1) + unicode-display_width (1.1.1) + unicorn (5.1.0) kgio (~> 2.6) - rack raindrops (~> 0.7) url (0.3.2) virtus (1.0.5) @@ -571,7 +569,7 @@ GEM rack (>= 1.0) warden-basic_auth (0.2.1) warden (~> 1.2) - webmock (1.24.2) + webmock (2.1.0) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff @@ -588,15 +586,15 @@ PLATFORMS ruby DEPENDENCIES - actionpack-xml_parser - activemodel-serializers-xml + actionpack-xml_parser (~> 2.0.0) + activemodel-serializers-xml (~> 1.0.1) activerecord-jdbcmysql-adapter activerecord-jdbcpostgresql-adapter activerecord-session_store (~> 1.0.0) acts_as_list (~> 0.8.1) acts_as_tree (~> 2.5.1) airbrake (~> 5.1.0) - autoprefixer-rails + autoprefixer-rails (~> 6.4.1) awesome_nested_set (~> 3.1.1) bcrypt (~> 3.1.6) bourbon (~> 4.2.0) @@ -607,7 +605,7 @@ DEPENDENCIES carrierwave! cells-erb (~> 0.0.8) cells-rails (~> 0.0.6) - cocaine + cocaine (~> 0.5.8) codecov (~> 0.1.5) coderay (~> 1.1.0) color-tools (~> 1.3.0) @@ -627,7 +625,7 @@ DEPENDENCIES fuubar (~> 2.2.0) globalize! gon (~> 4.0) - grape (~> 0.14) + grape (~> 0.17) grape-cache_control (~> 1.0.1) gravatar_image_tag (~> 1.2.0) health_check @@ -638,7 +636,7 @@ DEPENDENCIES launchy (~> 2.4.3) letter_opener livingstyleguide (~> 2.0.0) - multi_json (~> 1.11.0) + multi_json (~> 1.12.1) mysql2 (~> 0.4.4) net-ldap (~> 0.14.0) newrelic_rpm @@ -658,7 +656,7 @@ DEPENDENCIES pry-rescue (~> 1.4.4) pry-stack_explorer (~> 0.4.9.2) rabl (~> 0.13.0) - rack-attack + rack-attack (~> 5.0.1) rack-protection (~> 2.0.0.beta2) rack-test (~> 0.6.3) rack_session_access @@ -669,8 +667,8 @@ DEPENDENCIES rails_autolink (~> 1.1.6) rdoc (>= 2.4.2) reform (~> 1.2.6) - request_store (~> 1.3.0) - responders (~> 2.0) + request_store (~> 1.3.1) + responders (~> 2.3) roar (~> 1.0.0) rspec (~> 3.5.0) rspec-activemodel-mocks (~> 1.0.3)! @@ -700,11 +698,11 @@ DEPENDENCIES unicorn warden (~> 1.2) warden-basic_auth (~> 0.2.1) - webmock (~> 1.24.2) + webmock (~> 2.1.0) will_paginate (~> 3.1.0) RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.0 + 1.13.1