From 0633d5f5ea07d239e99a8bfc64ed66b8c892e4db Mon Sep 17 00:00:00 2001 From: Marcel Horlings Date: Fri, 12 Aug 2016 10:57:11 +0200 Subject: [PATCH 1/3] update active record due cve --- .ruby-version | 2 +- .travis.yml | 2 +- Gemfile | 2 +- Gemfile.lock | 77 +++++++++++++++++++++++++++------------------------ 4 files changed, 44 insertions(+), 39 deletions(-) diff --git a/.ruby-version b/.ruby-version index 276cbf9e..2bf1c1cc 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.0 +2.3.1 diff --git a/.travis.yml b/.travis.yml index 3e52abb5..08e649b4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,5 @@ rvm: -- 2.3.0 +- 2.3.1 bundler_args: "--without debug development" cache: bundler before_script: diff --git a/Gemfile b/Gemfile index 2c9194ad..52045dc1 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -ruby "2.3.0" +ruby "2.3.1" gem "airbrake" gem "bourbon" diff --git a/Gemfile.lock b/Gemfile.lock index f2b9d3a7..bfcc1a35 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,36 +2,36 @@ GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ specs: - actionmailer (4.2.5.2) - actionpack (= 4.2.5.2) - actionview (= 4.2.5.2) - activejob (= 4.2.5.2) + actionmailer (4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.5.2) - actionview (= 4.2.5.2) - activesupport (= 4.2.5.2) + actionpack (4.2.7.1) + actionview (= 4.2.7.1) + activesupport (= 4.2.7.1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5.2) - activesupport (= 4.2.5.2) + actionview (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.5.2) - activesupport (= 4.2.5.2) + activejob (4.2.7.1) + activesupport (= 4.2.7.1) globalid (>= 0.3.0) - activemodel (4.2.5.2) - activesupport (= 4.2.5.2) + activemodel (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) - activerecord (4.2.5.2) - activemodel (= 4.2.5.2) - activesupport (= 4.2.5.2) + activerecord (4.2.7.1) + activemodel (= 4.2.7.1) + activesupport (= 4.2.7.1) arel (~> 6.0) - activesupport (4.2.5.2) + activesupport (4.2.7.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -105,7 +105,7 @@ GEM coffee-script-source execjs coffee-script-source (1.7.0) - concurrent-ruby (1.0.1) + concurrent-ruby (1.0.2) crack (0.4.2) safe_yaml (~> 1.0.0) dalli (2.7.0) @@ -150,7 +150,7 @@ GEM foreman (0.74.0) dotenv (~> 0.11.1) thor (~> 0.19.1) - globalid (0.3.6) + globalid (0.3.7) activesupport (>= 4.1.0) gravatar_image_tag (1.2.0) haml (4.0.7) @@ -182,11 +182,13 @@ GEM launchy (~> 2.2) loofah (2.0.3) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.6.4) + mime-types (>= 1.16, < 4) memcachier (0.0.2) method_source (0.8.2) - mime-types (2.99.1) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) mini_portile2 (2.1.0) minitest (5.9.0) momentjs-rails (2.7.0) @@ -220,16 +222,16 @@ GEM rack-test (0.6.3) rack (>= 1.0) rack-timeout (0.0.4) - rails (4.2.5.2) - actionmailer (= 4.2.5.2) - actionpack (= 4.2.5.2) - actionview (= 4.2.5.2) - activejob (= 4.2.5.2) - activemodel (= 4.2.5.2) - activerecord (= 4.2.5.2) - activesupport (= 4.2.5.2) + rails (4.2.7.1) + actionmailer (= 4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) + activemodel (= 4.2.7.1) + activerecord (= 4.2.7.1) + activesupport (= 4.2.7.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.5.2) + railties (= 4.2.7.1) sprockets-rails rails-assets-chartjs (1.0.1) rails-deprecated_sanitizer (1.0.3) @@ -247,9 +249,9 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.2) rails_stdout_logging (0.0.3) - railties (4.2.5.2) - actionpack (= 4.2.5.2) - activesupport (= 4.2.5.2) + railties (4.2.7.1) + actionpack (= 4.2.7.1) + activesupport (= 4.2.7.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.13.0) @@ -309,7 +311,7 @@ GEM spring (1.1.3) spring-commands-rspec (1.0.2) spring (>= 0.9.1) - sprockets (3.5.2) + sprockets (3.7.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -418,5 +420,8 @@ DEPENDENCIES unicorn webmock +RUBY VERSION + ruby 2.3.1p112 + BUNDLED WITH - 1.11.2 + 1.12.5 From 4d964994816b8741eca663a01bd233efd89c5170 Mon Sep 17 00:00:00 2001 From: Marcel Horlings Date: Mon, 15 Aug 2016 22:50:37 +0200 Subject: [PATCH 2/3] update sass-rails to fix deprecation warnings --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index bfcc1a35..52c995e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -285,12 +285,12 @@ GEM sexp_processor (~> 4.1) safe_yaml (1.0.4) sass (3.2.19) - sass-rails (5.0.1) - railties (>= 4.0.0, < 5.0) + sass-rails (5.0.6) + railties (>= 4.0.0, < 6) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) - tilt (~> 1.1) + tilt (>= 1.1, < 3) select2-rails (3.5.9.3) thor (~> 0.14) sexp_processor (4.6.1) @@ -322,7 +322,7 @@ GEM terminal-table (1.5.2) thor (0.19.1) thread_safe (0.3.5) - tilt (1.4.1) + tilt (2.0.5) timecop (0.7.1) title (0.0.5) i18n From ad059026c90fe8b5f751fc3fe147fc2d648c00b3 Mon Sep 17 00:00:00 2001 From: Marcel Horlings Date: Mon, 15 Aug 2016 23:01:07 +0200 Subject: [PATCH 3/3] export env keys in the before script --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 08e649b4..48515434 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,8 +4,8 @@ bundler_args: "--without debug development" cache: bundler before_script: - cp .sample.env .env +- export SECRET_KEY_BASE="$(bundle exec rake secret)" - cp config/database.travis.yml config/database.yml - psql -c 'create database hours_test' -U postgres - export DISPLAY=:99.0 - sh -e /etc/init.d/xvfb start -env: SECRET_KEY_BASE="$(bundle exec rake secret)"