From f693ef61d3de8b853195d1ed72180334998b5d83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Mon, 10 Sep 2018 12:04:02 +0200
Subject: Update grape to 1.1.0 to address a XSS vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See
https://github.com/ruby-grape/grape/blob/master/CHANGELOG.md#110-842018.

This fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/51299.

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 Gemfile             | 2 +-
 Gemfile.lock        | 6 +++---
 Gemfile.rails5.lock | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index f14e05d43e0..546e24ec4e2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -89,7 +89,7 @@ gem 'gitlab-gollum-rugged_adapter', '~> 0.4.4', require: false
 gem 'github-linguist', '~> 5.3.3', require: 'linguist'
 
 # API
-gem 'grape', '~> 1.0'
+gem 'grape', '~> 1.1'
 gem 'grape-entity', '~> 0.7.1'
 gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 3dce80deb87..8c90f8cd942 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -343,7 +343,7 @@ GEM
       signet (~> 0.7)
     gpgme (2.0.13)
       mini_portile2 (~> 2.1)
-    grape (1.0.3)
+    grape (1.1.0)
       activesupport
       builder
       mustermann-grape (~> 1.0.0)
@@ -501,7 +501,7 @@ GEM
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
-    mustermann (1.0.2)
+    mustermann (1.0.3)
     mustermann-grape (1.0.0)
       mustermann (~> 1.0.0)
     mysql2 (0.4.10)
@@ -1050,7 +1050,7 @@ DEPENDENCIES
   google-api-client (~> 0.23)
   google-protobuf (= 3.5.1)
   gpgme
-  grape (~> 1.0)
+  grape (~> 1.1)
   grape-entity (~> 0.7.1)
   grape-path-helpers (~> 1.0)
   grape_logging (~> 1.7)
diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock
index e1295e1ff9b..f1674934e10 100644
--- a/Gemfile.rails5.lock
+++ b/Gemfile.rails5.lock
@@ -346,7 +346,7 @@ GEM
       signet (~> 0.7)
     gpgme (2.0.13)
       mini_portile2 (~> 2.1)
-    grape (1.0.3)
+    grape (1.1.0)
       activesupport
       builder
       mustermann-grape (~> 1.0.0)
@@ -504,7 +504,7 @@ GEM
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
-    mustermann (1.0.2)
+    mustermann (1.0.3)
     mustermann-grape (1.0.0)
       mustermann (~> 1.0.0)
     mysql2 (0.4.10)
@@ -1059,7 +1059,7 @@ DEPENDENCIES
   google-api-client (~> 0.23)
   google-protobuf (= 3.5.1)
   gpgme
-  grape (~> 1.0)
+  grape (~> 1.1)
   grape-entity (~> 0.7.1)
   grape-path-helpers (~> 1.0)
   grape_logging (~> 1.7)
-- 
cgit v1.2.1