无法将最近的更改推送到 Heroku 上的旧 Ruby 网站

无法将最近的更改推送到 Heroku 上的旧 Ruby 网站

说实话,我不是 Ruby 开发人员。我正在对 Ruby 网站进行某些修复。它托管在 Heroku 服务器上。

我所做的更改不涉及添加或删除任何宝石,而仅涉及功能更改。

由于以下问题,我无法推送我的更改:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed

需要注意的是,网站的配置如下:

remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2

这个 ruby​​ 版本太旧了,没有维护,我正在使用 ruby​​ 2.5.3、bundle 1.15.2(直到出现这个错误,我才知道这个 bundle 和它的版本)

我尝试按照所述安装 gem(Sprockets 版本“2.12.5”)然后尝试推送我的更改并收到此错误:

remote: 
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
remote:        The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote:        Bundler Output: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote: 
remote:  !
remote:  !     Failed to install gems via Bundler.
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !   Push rejected to somewebsite.

知道下一步怎么做吗?现在我正在谷歌搜索解决方案,但随后出现了更多错误。我尝试了bundle install,但bundle update最终出现了更多错误:

The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
Fetching git://github.com/seyhunak/twitter-bootstrap-rails.git
Fetching git://github.com/activeadmin/activeadmin.git
Fetching https://github.com/stripe/stripe-ruby
Fetching https://github.com/stefanoverna/activeadmin-dragonfly
Fetching https://github.com/stefanoverna/activeadmin-wysihtml5
Fetching gem metadata from https://rubygems.org/.......
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...

该点以下的一切都呈红色 :(

Bundler could not find compatible versions for gem "actionpack":
  In Gemfile:
    rails (= 4.1.5) was resolved to 4.1.5, which depends on
      actionpack (= 4.1.5)

    twitter-bootstrap-rails was resolved to 4.0.0, which depends on
      actionpack (~> 5.0, >= 5.0.1)

Bundler could not find compatible versions for gem "activesupport":
  In Gemfile:
    carrierwave (~> 0.10.0) was resolved to 0.10.0, which depends on
      activesupport (>= 3.2.0)

    activeadmin-wysihtml5 was resolved to 1.0.0, which depends on
      activeadmin-dragonfly was resolved to 0.0.2, which depends on
        activeadmin was resolved to 2.0.0.alpha, which depends on
          kaminari (>= 1.0.1) was resolved to 1.1.1, which depends on
            activesupport (>= 4.1.0)

    rails (= 4.1.5) was resolved to 4.1.5, which depends on
      activesupport (= 4.1.5)

    rspec-rails (= 3.1.0) was resolved to 3.1.0, which depends on
      activesupport (>= 3.0)

    shoulda-matchers was resolved to 3.1.2, which depends on
      activesupport (>= 4.0.0)

    slim-rails (= 2.1.5) was resolved to 2.1.5, which depends on
      activesupport (>= 3.0, < 4.2)

Bundler could not find compatible versions for gem "coffee-rails":
  In Gemfile:
    coffee-rails (~> 4.0.0)

    xray-rails (= 0.1.14) was resolved to 0.1.14, which depends on
      coffee-rails

Bundler could not find compatible versions for gem "rails":
  In Gemfile:
    rails (= 4.1.5)

    xray-rails (= 0.1.14) was resolved to 0.1.14, which depends on
      rails (>= 3.1.0)

这是我的 gem 文件。我目前有 ruby​​ 2.5.3 和 rails 5.2.1。

source 'https://rubygems.org'

#ruby '2.1.2'
gem 'rails', '4.1.5'
gem 'pg'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails', '3.1.2'
gem 'autoprefixer-rails','3.1.0.20140911'
gem 'puma', '2.9.1'
gem 'nokogiri', '~> 1.6.3.1'
gem 'slim-rails', '2.1.5'
gem 'devise', '~> 3.3.0'
gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
gem 'formtastic-bootstrap'
gem 'activeadmin', github: 'activeadmin'
gem 'cancan', '~> 1.6.10'

gem 'fancybox2-rails'

gem 'carrierwave', '~> 0.10.0'
gem "mini_magick"
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'stripe-ruby-mock', '~> 1.10.1.7'
gem "kaminari"

gem 'activeadmin-dragonfly', :git => 'https://github.com/stefanoverna/activeadmin-dragonfly'
gem 'activeadmin-wysihtml5', :git => 'https://github.com/stefanoverna/activeadmin-wysihtml5'

gem 'will_paginate', '~> 3.0.6'

gem 'owlcarousel-rails'

gem 'paypal-sdk-adaptivepayments'

group :production do
  gem 'rails_12factor'
  gem 'fog', '~> 1.23.0'
end

group :development, :test do
  gem 'rspec-autotest'
  gem 'autotest-rails'
  gem 'rspec-rails', '3.1.0'
  gem "dotenv-rails"
end

group :development do
  gem 'metric_fu','4.11.1'
  gem 'pry-rails', '0.3.2'
  gem 'xray-rails', '0.1.14'
  gem 'quiet_assets', '1.0.3'
end

group :test do
  gem 'factory_girl_rails', '4.4.1'
  gem 'simplecov', '0.9.0', require: false
  gem 'database_cleaner', '1.3.0'
  gem 'capybara'
  gem 'shoulda-matchers'
end

gem 'Sprockets', '2.12.5' # added this line after the security issue I received.

答案1

有没有什么方法可以更新 Rails 网站中的所有宝石?

更新所有依赖项可能无法解决您的问题,但可以尝试一下。删除Gemfile.lock并运行bundle install。检查本指南以供其使用。

您有解决冲突,因此bundle install将继续失败。如果您想更新 sprockets,逐一解决它们是唯一的出路。您也可以像 heroku 建议的那样禁用检查:

为了保护您的应用程序,您必须升级到 Sprockets 版本“2.12.5”或通过设置禁用运行时的动态编译:config.assets.compile = false

相关内容