Unable to run old ruby n rails project
Hi I am new to ruby n rails. I was working on this old website. This website is hosted on the heroku server. I fixed the code which was required and it didn't install this website on my system yet. When I tried to push it back to the Heroku using git the security system show error and from that point I am not able to push my changes back to the Heroku. Can you please help?
I am using ruby 2.5.3 and rails 5.2.1.
Following is the gem file of the website.
source 'https://rubygems.org'
#ruby '2.1.2'
gem 'rails', '4.1.5'
gem 'pg'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails', '3.1.2'
gem 'autoprefixer-rails','3.1.0.20140911'
gem 'puma', '2.9.1'
gem 'nokogiri', '~> 1.6.3.1'
gem 'slim-rails', '2.1.5'
gem 'devise', '~> 3.3.0'
gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
gem 'formtastic-bootstrap'
gem 'activeadmin', github: 'activeadmin'
gem 'cancan', '~> 1.6.10'
gem 'fancybox2-rails'
gem 'carrierwave', '~> 0.10.0'
gem "mini_magick"
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'stripe-ruby-mock', '~> 1.10.1.7'
gem "kaminari"
gem 'activeadmin-dragonfly', :git => 'https://github.com/stefanoverna/activeadmin-dragonfly'
gem 'activeadmin-wysihtml5', :git => 'https://github.com/stefanoverna/activeadmin-wysihtml5'
gem 'will_paginate', '~> 3.0.6'
gem 'owlcarousel-rails'
gem 'paypal-sdk-adaptivepayments'
group :production do
gem 'rails_12factor'
gem 'fog', '~> 1.23.0'
end
group :development, :test do
gem 'rspec-autotest'
gem 'autotest-rails'
gem 'rspec-rails', '3.1.0'
gem "dotenv-rails"
end
group :development do
gem 'metric_fu','4.11.1'
gem 'pry-rails', '0.3.2'
gem 'xray-rails', '0.1.14'
gem 'quiet_assets', '1.0.3'
end
group :test do
gem 'factory_girl_rails', '4.4.1'
gem 'simplecov', '0.9.0', require: false
gem 'database_cleaner', '1.3.0'
gem 'capybara'
gem 'shoulda-matchers'
end
This is the error I received:
remote: ! A security vulnerability has been detected in your application.
remote: ! To protect your application you must take action. Your application
remote: ! is currently exposing its credentials via an easy to exploit directory
remote: ! traversal.
remote: !
remote: ! To protect your application you must either upgrade to Sprockets version "2.12.5"
remote: ! or disable dynamic compilation at runtime by setting:
remote: !
remote: ! ```
remote: ! con fig.assets.compile = false #Disables security vulnerability
remote: ! ```
remote: !
remote: ! To read more about this security vulnerability please refer to this blog post:
remote: ! https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote: !
remote: ! Push rejected, failed to compile Ruby app.
remote:
remote: ! Push failed
Recieved this error after adding Sprockets version 2.12.5
To be honest, I am not a ruby developer. I am working on certain fixes on a ruby website. It's hosted on Heroku server.
The changes I have made doesn't involve adding or removing any gem but only functionality changes.
I am not able to push my changes due to the following issues:
remote: ! A security vulnerability has been detected in your application.
remote: ! To protect your application you must take action. Your application
remote: ! is currently exposing its credentials via an easy to exploit directory
remote: ! traversal.
remote: !
remote: ! To protect your application you must either upgrade to Sprockets version "2.12.5"
remote: ! or disable dynamic compilation at runtime by setting:
remote: !
remote: ! ```
remote: ! con fig.assets.compile = false #Disables security vulnerability
remote: ! ```
remote: !
remote: ! To read more about this security vulnerability please refer to this blog post:
remote: ! https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote: !
remote: ! Push rejected, failed to compile Ruby app.
remote:
remote: ! Push failed
Point to be noted, following are the configurations of the website:
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote: Your app was upgraded to bundler 1.15.2.
remote: Previously you had a successful deploy with bundler 1.11.2.
remote:
remote: If you see problems related to the bundler version please refer to:
remote: https://devcenter.heroku.com/articles/bundler-version
remote:
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
This ruby version is too old and not maintained, and I am working on ruby 2.5.3, bundle 1.15.2 (until this error, I had no idea about the bundle or its version)
I tried to install the gem as mentioned (Sprockets version "2.12.5") then tried to push my changes and received this error:
remote:
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote: Your app was upgraded to bundler 1.15.2.
remote: Previously you had a successful deploy with bundler 1.11.2.
remote:
remote: If you see problems related to the bundler version please refer to:
remote: https://devcenter.heroku.com/articles/bundler-version
remote:
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
remote: Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
remote: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote: The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote: You are trying to install in deployment mode after changing
remote: your Gemfile. Run `bundle install` elsewhere and add the
remote: updated Gemfile.lock to version control.
remote:
remote: The dependencies in your gemfile changed
remote:
remote: You have added to the Gemfile:
remote: * sprockets (= 2.12.5)
remote: Bundler Output: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote: The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote: You are trying to install in deployment mode after changing
remote: your Gemfile. Run `bundle install` elsewhere and add the
remote: updated Gemfile.lock to version control.
remote:
remote: The dependencies in your gemfile changed
remote:
remote: You have added to the Gemfile:
remote: * sprockets (= 2.12.5)
remote:
remote: !
remote: ! Failed to install gems via Bundler.
remote: !
remote: ! Push rejected, failed to compile Ruby app.
remote:
remote: ! Push failed
remote: Verifying deploy...
remote:
remote: ! Push rejected to
Please suggest