Age | Commit message (Collapse) | Author |
|
Co-authored-by: Matthew Ford <matt@bitzesty.com>
|
|
|
|
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/
|
|
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
|
|
* Update .ruby-version
* Update Gemfile
* Update Gemfile.lock
* Update Dockerfile
* Update check-i18n.yml
* Update config.yml
* Update config.yml
|
|
Stop using older version of resolv gem as the bug has been fixed.
https://bugs.ruby-lang.org/issues/17781
|
|
Ruby 2.7.3 introduced a new bug with Resolv::DNS, which we heavily use within
Mastodon: https://bugs.ruby-lang.org/issues/17781
Ruby 2.7.3 also included security fixes for two CVEs, but those do not seem
to apply to Mastodon:
https://github.com/tootsuite/mastodon/pull/16004#issuecomment-815125025
|
|
* Upgrade Ruby to 2.7.3
https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows
* Update rexml to 3.2.5
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
|
|
thwait and e2mmap are no longer needed in Gemfile.
Gems properly require those.
|
|
|
|
|
|
|
|
|
|
|
|
* Use Ruby 2.5.2
* Specify 2.5.2p104 as RUBY VERSION
Heorku refers to RUBY VERSION in Gemfile.lock
* Use ruby-2.5.3
|
|
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
> This release includes some bug fixes and some security fixes.
>
> - CVE-2017-17742: HTTP response splitting in WEBrick
> - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
> - CVE-2018-8777: DoS by large request in WEBrick
> - CVE-2018-8778: Buffer under-read in String#unpack
> - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
> - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
> - Multiple vulnerabilities in RubyGems
|
|
|
|
* Bump ruby version to 2.4.2
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
Gemfile.lock is also updated.
TODO
- [ ] Update Dockerfile with Alpine release of ruby-2.4.2
* Revert jwt version
It seems that jwt 2.0.0 fails in some environment.
ref. https://github.com/zaru/webpush/issues/42
* Bump Ruby version on docker image
|
|
* Update rspec-rails to version 3.5.2
* Update addressable to version 2.5.1
* Update autoprefixer-rails to version 6.7.7.1
* Update bullet to version 5.5.1
* Update domain_name to version 0.5.20170404
* Update letter_opener_web to version 1.3.1
* Upate redis-rails to version 5.0.2
* Update active_record_query_trace to version 1.5.4
* Update capistrano-rails to version 1.2.3
* Update dotenv-rails to version 2.2.0
* Update pg to version 0.20.0
* Update tilt to version 2.0.7
* Update warden to version 1.2.7
* Update tins to version 1.13.2
* Update terminal-table to version 1.7.3
* Update oj to version 2.18.5
* Update simplecov to version 0.14.1
* Update uglifier to version 3.1.13
* Update hashdiff to version 0.3.2
* Update webmock to version 2.3.2
* Update devise to version 4.2.1
* Use ruby version 2.4.1
* Update sass to version 3.4.23
* Update puma to version 3.8.2
* Update will_paginate to version 3.1.5
* Update font-awesome-rails to version 4.7.0.1
* Update fuubar to version 2.2.0
* Update pry-rails to version 0.3.6
* Update simple-navigation to version 4.0.5
* Update rubocop to version 0.48.1
* Update doorkeeper to version 4.2.5
* Update faker to version 1.7.3
* Update aws-sdk to version 2.9.5
* Update fabrication to version 2.16.1
* Update hamlit-rails to version 0.2.0
* Update http to version 2.2.1
* Update httplog to version 0.99.2
* Update sidekiq to version 4.2.10
* Update rspec-sidekiq to version 3.0.0
* Update pghero to version 1.6.4
* Update rack-cors to version 0.4.1
* Update i18n-tasks to version 0.9.13
* Update ruby-oembed to version 0.12.0
* Update jquery-rails to version 4.3.1
* Update simple_form to version 3.4.0
* Update react-rails to version 1.11.0
* Update aws-sdk to version 2.9.6
* Update sidekiq-unique-jobs to version 5.0.0
* Update uglifier to version 3.2.0
|
|
|
|
|