mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-06-05 22:57:05 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,057 Commits 64 Branches 82 Tags
release13
Commit Graph

204 Commits

Author SHA1 Message Date
Daniel O'Connor
3950619877 Update various minor gems even more 2016-07-01 17:42:58 +09:30
Daniel O'Connor
7373fd4aa9 Update various minor gems 2016-07-01 17:34:25 +09:30
Daniel O'Connor
ee604dc2b0 Upgrade activemerchant, fixing rails 5 deprecation warnings 2016-06-10 16:04:00 +09:30
Daniel O'Connor
e3d7bf9a62 Upgrade to rails 4.2.* 2016-06-10 15:43:04 +09:30
Daniel O'Connor
deaf49c18f Update selenium-webdriver 2016-06-10 15:40:56 +09:30
Daniel O'Connor
53543fff4c Update terminal-table 2016-06-10 15:40:29 +09:30
Daniel O'Connor
ea5e710a70 Update codeclimate-test-reporter 2016-06-10 15:38:43 +09:30
Daniel O'Connor
ad5a52ae74 Update tilt 2016-06-10 15:36:07 +09:30
Daniel O'Connor
c0cc5ab085 Update geocoder 2016-06-10 15:35:29 +09:30
Daniel O'Connor
cf784cbedd Update parser to current 2016-06-10 15:20:31 +09:30
Daniel O'Connor
5c68830919 Update guard-rspec 2016-06-10 15:19:57 +09:30
Daniel O'Connor
370aab41c3 Update mime-types 2016-06-10 15:19:28 +09:30
Daniel O'Connor
081f4021bc Upgrade nokogiri 2016-06-10 15:19:03 +09:30
Daniel O'Connor
36f846fabf Merge pull request #982 from CloCkWeRX/update_gibbon 
Upgrade gibbon
 2016-06-10 15:13:18 +09:30
Daniel O'Connor
faa3beddbc Upgrade gibbon 2016-06-10 00:17:28 +09:30
pozorvlak
e419acea6e Install BogusPayPalGateway gem 
We were maintaining a vendor fork of active_merchant because they
refused to merge this feature in; it's now been released as a
separate gem.
 2016-06-07 17:43:35 +00:00
Daniel O'Connor
88a66a705b Update devise to 4.1.X and unpin 2016-06-03 00:23:58 +09:30
Daniel O'Connor
f77fd00931 Remove version pin for rspec-rails 2016-06-03 00:19:49 +09:30
Daniel O'Connor
b5c030905a Upgrade to geocoder current (we shouldn't be affected by the deprecations in 1.2.X or 1.3.X) 2016-06-03 00:16:00 +09:30
Daniel O'Connor
2844e13298 Upgrade factory_girl_rails, factory_girl 2016-06-03 00:10:25 +09:30
Daniel O'Connor
870aa674b0 Upgrade autoprefixer-rails to current 2016-06-03 00:07:28 +09:30
Daniel O'Connor
b1ab319bf7 Update mime-types-data to current 2016-06-03 00:05:46 +09:30
Daniel O'Connor
857422719a Upgrade byebug to current 2016-06-03 00:04:09 +09:30
Daniel O'Connor
235314bc13 Upgrade js-routes to current 2016-06-03 00:03:48 +09:30
Daniel O'Connor
ac1cd88ae1 Upgrade kaminari to current 2016-06-03 00:01:38 +09:30
Daniel O'Connor
f93ea3c0a1 Upgrade httparty to current 2016-06-03 00:00:08 +09:30
Cesy
608a921fce Merge pull request #956 from CloCkWeRX/upgrade_devise4 
Upgrade to devise 4.0.*
 2016-06-02 10:18:29 +01:00
Daniel O'Connor
a74ef7de6b Upgrade to devise 4.0.3 2016-06-02 13:49:13 +09:30
Daniel O'Connor
10064121a6 #953 Swap to geocoder 1.1.9; which is the release just after what we had previously pinned 2016-06-02 13:30:42 +09:30
Mackenzie Morgan
8d982c7e3e Add capybara-screenshot to assist with feature testing 2016-05-26 22:39:58 -04:00
Mackenzie Morgan
736e45aec9 update Gemfile.lock for code climate 2016-05-25 17:35:23 -04:00
Mackenzie Morgan
51a0a33b2a upgrade gems and make API change for ruby-units 2016-05-21 16:33:42 -04:00
Mackenzie Morgan
0df52b3cd8 update paperclip 2016-05-20 11:28:55 +01:00
Mackenzie Morgan
8659ebca2d switch from less to sass 
* dependency hell + bit rot on upstream libraries  prevents installation on OS X
 2016-05-19 15:52:54 -04:00
Daniel O'Connor
02615dc522 $ bundle update selenium-webdriver guard guard-rspec rails factory_girl pg simplecov coveralls newrelic_rpm better_errors minitest 2016-05-17 13:33:12 +09:30
Daniel O'Connor
df952a1779 Bump rspec to fix https://github.com/rspec/rspec-rails/issues/1532 2016-03-29 00:00:07 +10:30
Daniel O'Connor
03ae327e30 Name: uglifier 
Version: 2.5.3
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
 2016-03-28 23:27:15 +10:30
Daniel O'Connor
c1fde41f1f Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:23:56 +10:30
Daniel O'Connor
a10f6e4783 Name: actionpack 
Version: 4.1.11
Advisory: CVE-2015-7581
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
Title: Object leak vulnerability for wildcard controller routes in Action Pack
Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-0751
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Title: Possible Object Leak and Denial of Service attack in Action Pack
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2015-7576
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Title: Timing attack vulnerability in basic authentication in Action Controller.
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-2098
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Title: Possible remote code execution vulnerability in Action Pack
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-2097
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 3.2.22.2, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-0752
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: activemodel
Version: 4.1.11
Advisory: CVE-2016-0753
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
Title: Possible Input Validation Circumvention in Active Model
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: activerecord
Version: 4.1.11
Advisory: CVE-2015-7577
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Title: Nested attributes rejection proc bypass in Active Record
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
 2016-03-28 23:17:55 +10:30
Daniel O'Connor
a76d2a3eb0 Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:16:21 +10:30
Daniel O'Connor
049886459a Name: nokogiri 
Version: 1.6.5
Advisory: CVE-2015-1819
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Solution: upgrade to >= 1.6.7.2

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
 2016-03-28 23:13:31 +10:30
pozorvlak
24dd02a439 Merge pull request #829 from CloCkWeRX/upgrade_db_cleaner 
Upgrade database cleaner gem
 2015-09-23 21:17:14 +01:00
Daniel O'Connor
83929cc8ee Add the ability to run feature tests via selenium if you configure it, or run specs with GROWSTUFF_CAPYBARA_DRIVER=selenium bundle exec rake spec:features/ 2015-09-15 11:28:30 +09:30
Daniel O'Connor
be87d2861a Upgrade database cleaner gem, so that https://github.com/DatabaseCleaner/database_cleaner/pull/364 is available to us. 2015-09-15 10:29:29 +09:30
Daniel O'Connor
cafd49c143 Name: jquery-rails 
Version: 3.1.2
Advisory: CVE-2015-1840
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Title: CSRF Vulnerability in jquery-ujs and jquery-rails
Solution: upgrade to >= 4.0.4, ~> 3.1.3
 2015-08-12 16:59:14 +09:30
Daniel O'Connor
7c7c66348c Name: rest-client 
Version: 1.7.2
Advisory: CVE-2015-3448
Criticality: Unknown
URL: http://www.osvdb.org/show/osvdb/117461
Title: Rest-Client Gem for Ruby logs password information in plaintext
Solution: upgrade to >= 1.7.3

Name: rest-client
Version: 1.7.2
Advisory: CVE-2015-1820
Criticality: Unknown
URL: https://github.com/rest-client/rest-client/issues/369
Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
Solution: upgrade to >= 1.8.0
 2015-08-12 16:57:58 +09:30
Daniel O'Connor
00ae4ed49f Name: paperclip 
Version: 4.2.1
Advisory: CVE-2015-2963
Criticality: Medium
URL: https://robots.thoughtbot.com/paperclip-security-release
Title: Paperclip Gem for Ruby vulnerable to content type spoofing
Solution: upgrade to >= 4.2.2
 2015-08-12 16:23:48 +09:30
Daniel O'Connor
7b30c4237b Name: activesupport 
Version: 4.1.9
Advisory: CVE-2015-3227
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Title: Possible Denial of Service attack in Active Support
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22

Name: activesupport
Version: 4.1.9
Advisory: CVE-2015-3226
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
Title: XSS Vulnerability in ActiveSupport::JSON.encode
Solution: upgrade to >= 4.2.2, ~> 4.1.11
 2015-08-11 10:28:07 +09:30
Anthony Atkinson
bc9a025788 Merge branch 'dev' into notification_pagination 2015-08-01 11:38:01 -04:00
Anthony Atkinson
cbb50df8d0 Resolved #562 - Pagination of notifications. 2015-07-25 13:18:30 -04:00