Hemant

Hi I am new to ruby n rails. I was working on this old website. This website is hosted on the heroku server. I fixed the code which was required and it didn't install this website on my system yet. When I tried to push it back to the Heroku using git the security system show error and from that point I am not able to push my changes back to the Heroku. Can you please help?

I am using ruby 2.5.3 and rails 5.2.1.

Following is the gem file of the website.

source 'https://rubygems.org'

#ruby '2.1.2'
gem 'rails', '4.1.5'
gem 'pg'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails', '3.1.2'
gem 'autoprefixer-rails','3.1.0.20140911'
gem 'puma', '2.9.1'
gem 'nokogiri', '~> 1.6.3.1'
gem 'slim-rails', '2.1.5'
gem 'devise', '~> 3.3.0'
gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
gem 'formtastic-bootstrap'
gem 'activeadmin', github: 'activeadmin'
gem 'cancan', '~> 1.6.10'

gem 'fancybox2-rails'

gem 'carrierwave', '~> 0.10.0'
gem "mini_magick"
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'stripe-ruby-mock', '~> 1.10.1.7'
gem "kaminari"

gem 'activeadmin-dragonfly', :git => 'https://github.com/stefanoverna/activeadmin-dragonfly'
gem 'activeadmin-wysihtml5', :git => 'https://github.com/stefanoverna/activeadmin-wysihtml5'

gem 'will_paginate', '~> 3.0.6'

gem 'owlcarousel-rails'

gem 'paypal-sdk-adaptivepayments'

group :production do
  gem 'rails_12factor'
  gem 'fog', '~> 1.23.0'
end

group :development, :test do
  gem 'rspec-autotest'
  gem 'autotest-rails'
  gem 'rspec-rails', '3.1.0'
  gem "dotenv-rails"
end

group :development do
  gem 'metric_fu','4.11.1'
  gem 'pry-rails', '0.3.2'
  gem 'xray-rails', '0.1.14'
  gem 'quiet_assets', '1.0.3'
end

group :test do
  gem 'factory_girl_rails', '4.4.1'
  gem 'simplecov', '0.9.0', require: false
  gem 'database_cleaner', '1.3.0'
  gem 'capybara'
  gem 'shoulda-matchers'
end

This is the error I received:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed

Recieved this error after adding Sprockets version 2.12.5

To be honest, I am not a ruby developer. I am working on certain fixes on a ruby website. It's hosted on Heroku server.

The changes I have made doesn't involve adding or removing any gem but only functionality changes.

I am not able to push my changes due to the following issues:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
Point to be noted, following are the configurations of the website:

remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
This ruby version is too old and not maintained, and I am working on ruby 2.5.3, bundle 1.15.2 (until this error, I had no idea about the bundle or its version)

I tried to install the gem as mentioned (Sprockets version "2.12.5") then tried to push my changes and received this error:

remote: 
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
remote:        The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote:        Bundler Output: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote: 
remote:  !
remote:  !     Failed to install gems via Bundler.
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !   Push rejected to

Please suggest

Courses

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Apps

Hatchbox.io

Jumpstart Rails SaaS Template

Other

Remote Ruby Podcast

GoRails Open Source

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Activity

Posted in Unable to run old ruby n rails project