From 907a18267bf69677e7dbdc404cc1e8a2c191cbf3 Mon Sep 17 00:00:00 2001 From: joshua stein Date: Wed, 2 Jan 2013 17:18:20 -0600 Subject: [PATCH] update to rails 3.2.10 to fix CVE-2012-5664 --- Gemfile | 2 +- Gemfile.lock | 75 +++++++++++++++++++------------------- spec/support/blueprints.rb | 2 +- 3 files changed, 40 insertions(+), 39 deletions(-) diff --git a/Gemfile b/Gemfile index f4d6cb7..c712498 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "3.2.6" +gem "rails", "3.2.10" # Bundle edge Rails instead: # gem "rails", :git => "git://github.com/rails/rails.git" diff --git a/Gemfile.lock b/Gemfile.lock index 005b853..9f3b3e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,36 +1,36 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.6) - actionpack (= 3.2.6) + actionmailer (3.2.10) + actionpack (= 3.2.10) mail (~> 2.4.4) - actionpack (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) + actionpack (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) builder (~> 3.0.0) erubis (~> 2.7.0) - journey (~> 1.0.1) + journey (~> 1.0.4) rack (~> 1.4.0) rack-cache (~> 1.2) rack-test (~> 0.6.1) - sprockets (~> 2.1.3) - activemodel (3.2.6) - activesupport (= 3.2.6) + sprockets (~> 2.2.1) + activemodel (3.2.10) + activesupport (= 3.2.10) builder (~> 3.0.0) - activerecord (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) + activerecord (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) - activesupport (3.2.6) + activeresource (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) + activesupport (3.2.10) i18n (~> 0.6) multi_json (~> 1.0) arel (3.0.2) bcrypt-ruby (3.0.0) - builder (3.0.0) + builder (3.0.4) diff-lcs (1.1.3) dynamic_form (1.1.4) erubis (2.7.0) @@ -40,12 +40,12 @@ GEM multi_json (~> 1.0) hike (1.2.1) htmlentities (4.3.1) - i18n (0.6.0) + i18n (0.6.1) journey (1.0.4) jquery-rails (2.0.2) railties (>= 3.2.0, < 5.0) thor (~> 0.14) - json (1.7.3) + json (1.7.6) kgio (2.7.4) machinist (2.0) mail (2.4.4) @@ -53,7 +53,7 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) mime-types (1.19) - multi_json (1.3.6) + multi_json (1.5.0) mysql2 (0.3.11) nokogiri (1.5.5) polyglot (0.3.3) @@ -62,25 +62,25 @@ GEM rack (>= 0.4) rack-ssl (1.3.2) rack - rack-test (0.6.1) + rack-test (0.6.2) rack (>= 1.0) - rails (3.2.6) - actionmailer (= 3.2.6) - actionpack (= 3.2.6) - activerecord (= 3.2.6) - activeresource (= 3.2.6) - activesupport (= 3.2.6) + rails (3.2.10) + actionmailer (= 3.2.10) + actionpack (= 3.2.10) + activerecord (= 3.2.10) + activeresource (= 3.2.10) + activesupport (= 3.2.10) bundler (~> 1.0) - railties (= 3.2.6) - railties (3.2.6) - actionpack (= 3.2.6) - activesupport (= 3.2.6) + railties (= 3.2.10) + railties (3.2.10) + actionpack (= 3.2.10) + activesupport (= 3.2.10) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) raindrops (0.10.0) - rake (0.9.2.2) + rake (10.0.3) rdiscount (1.6.8) rdoc (3.12) json (~> 1.4) @@ -98,8 +98,9 @@ GEM activesupport (>= 3.0) railties (>= 3.0) rspec (~> 2.11.0) - sprockets (2.1.3) + sprockets (2.2.2) hike (~> 1.2) + multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.6) @@ -107,12 +108,12 @@ GEM activerecord (>= 3.0.3) builder (>= 2.1.2) riddle (>= 1.5.2) - thor (0.15.4) + thor (0.16.0) tilt (1.3.3) - treetop (1.4.10) + treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.33) + tzinfo (0.3.35) uglifier (1.2.6) execjs (>= 0.3.0) multi_json (~> 1.3) @@ -133,7 +134,7 @@ DEPENDENCIES machinist mysql2 nokogiri - rails (= 3.2.6) + rails (= 3.2.10) rdiscount rspec-rails (~> 2.6) sqlite3 diff --git a/spec/support/blueprints.rb b/spec/support/blueprints.rb index 3fff759..65d50ff 100644 --- a/spec/support/blueprints.rb +++ b/spec/support/blueprints.rb @@ -17,7 +17,7 @@ Tag.make!(:tag => "tag1") Tag.make!(:tag => "tag2") Story.blueprint do - user_id { User.make } + user_id { User.make!.id } title { "story title #{sn}" } url { "http://example.com/#{sn}" } tags_a { [ "tag1", "tag2" ] }