Skip to content

Commit f9d3ce3

Browse files
author
Eric Berry
committed
Security Update: httpclient library to latest version (2.5.1)
This is a security patch. With the latest version of httpclient, if you use this gem in an app already using httpclient, you will still be able to apply the security patch referenced here: nahi/httpclient#202 (comment) Also removed Gemfile.lock and added the file to .gitignore. It is not good to check in Gemfile.lock into version control, since it enforces precision that does not exist in the gem command, which is used to install gems in practice. See http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
1 parent 1328da3 commit f9d3ce3

File tree

4 files changed

+5
-109
lines changed

4 files changed

+5
-109
lines changed

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@
33
coverage
44
pkg/
55
.bundle
6+
Gemfile.lock

Gemfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
source "https://rubygems.org"
22

33
gem "httparty", ">= 0.4.5"
4-
gem "httpclient", ">= 2.1.5.2"
4+
gem "httpclient", ">= 2.5.1"
55
gem "json", ">= 1.1.9"
66
gem "multipart-post", ">= 1.0.1"
77
gem "oauth", ">= 0.4.3"

Gemfile.lock

-105
This file was deleted.

vimeo.gemspec

+3-3
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ Gem::Specification.new do |s|
207207

208208
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
209209
s.add_runtime_dependency(%q<httparty>, [">= 0.4.5"])
210-
s.add_runtime_dependency(%q<httpclient>, [">= 2.1.5.2"])
210+
s.add_runtime_dependency(%q<httpclient>, [">= 2.5.1"])
211211
s.add_runtime_dependency(%q<json>, [">= 1.1.9"])
212212
s.add_runtime_dependency(%q<multipart-post>, [">= 1.0.1"])
213213
s.add_runtime_dependency(%q<oauth>, [">= 0.4.3"])
@@ -220,7 +220,7 @@ Gem::Specification.new do |s|
220220
s.add_development_dependency(%q<ruby-prof>, [">= 0.9.2"])
221221
else
222222
s.add_dependency(%q<httparty>, [">= 0.4.5"])
223-
s.add_dependency(%q<httpclient>, [">= 2.1.5.2"])
223+
s.add_dependency(%q<httpclient>, [">= 2.5.1"])
224224
s.add_dependency(%q<json>, [">= 1.1.9"])
225225
s.add_dependency(%q<multipart-post>, [">= 1.0.1"])
226226
s.add_dependency(%q<oauth>, [">= 0.4.3"])
@@ -234,7 +234,7 @@ Gem::Specification.new do |s|
234234
end
235235
else
236236
s.add_dependency(%q<httparty>, [">= 0.4.5"])
237-
s.add_dependency(%q<httpclient>, [">= 2.1.5.2"])
237+
s.add_dependency(%q<httpclient>, [">= 2.5.1"])
238238
s.add_dependency(%q<json>, [">= 1.1.9"])
239239
s.add_dependency(%q<multipart-post>, [">= 1.0.1"])
240240
s.add_dependency(%q<oauth>, [">= 0.4.3"])

0 commit comments

Comments
 (0)