# frozen_string_literal: true source 'https://rubygems.org' if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental $LOAD_PATH.unshift(File.expand_path("vendor/gems/bundler-checksum/lib", __dir__)) require 'bundler-checksum' BundlerChecksum.patch! end gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', require: false # NOTE: When incrementing the major or minor version here, also increment activerecord_version # in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve # https://gitlab.com/gitlab-org/gitlab/-/issues/375713 gem 'rails', '~> 6.1.7.2' gem 'bootsnap', '~> 1.16.0', require: false # Pin openssl to match the version bundled with our supported Rubies. # See https://stdgems.org/openssl/#gem-version. gem 'openssl', '2.2.2' # This gem was originally bundled with Ruby 2.7, but is unbundled as of Ruby 3. # Since the latest version caused problems with GitLab, we pin this to an older # version for now. # See https://gitlab.com/gitlab-org/gitlab/-/issues/376417 gem 'ipaddr', '1.2.2' # Responders respond_to and respond_with gem 'responders', '~> 3.0' gem 'sprockets', '~> 3.7.0' gem 'view_component', '~> 2.74.1' # Supported DBs gem 'pg', '~> 1.4.5' gem 'rugged', '~> 1.5' gem 'grape-path-helpers', '~> 1.7.1' gem 'faraday', '~> 1.0' gem 'marginalia', '~> 1.11.1' # Authorization gem 'declarative_policy', '~> 1.1.0' # Authentication libraries gem 'devise', '~> 4.8.1' gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable' gem 'bcrypt', '~> 3.1', '>= 3.1.14' gem 'doorkeeper', '~> 5.5' gem 'doorkeeper-openid_connect', '~> 1.8' gem 'rexml', '~> 3.2.5' gem 'ruby-saml', '~> 1.13.0' gem 'omniauth', '~> 2.1.0' gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-azure-activedirectory-v2', '~> 2.0' gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/gems/omniauth-cas3/README.md gem 'omniauth-dingtalk-oauth2', '~> 1.0' gem 'omniauth-alicloud', '~> 2.0.1' gem 'omniauth-facebook', '~> 4.0.0' gem 'omniauth-github', '2.0.1' gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md gem 'omniauth-google-oauth2', '~> 1.1' gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-saml', '~> 2.0.0' gem 'omniauth-twitter', '~> 1.4' gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md gem 'omniauth_openid_connect', '~> 0.6.1' # Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem. # See https://docs.gitlab.com/ee/development/emails.html#rationale. gem 'openid_connect', '= 1.3.0' gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md gem 'omniauth-atlassian-oauth2', '~> 0.2.0' gem 'rack-oauth2', '~> 1.21.3' gem 'jwt', '~> 2.1.0' # Kerberos authentication. EE-only gem 'gssapi', '~> 1.3.1', group: :kerberos gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos # Spam and anti-bot protection gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails' gem 'akismet', '~> 3.0' gem 'invisible_captcha', '~> 2.0.0' # Two-factor authentication gem 'devise-two-factor', '~> 4.0.2' gem 'rqrcode-rails3', '~> 0.1.7' gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted' gem 'u2f', '~> 0.2.1' # GitLab Pages gem 'validates_hostname', '~> 1.0.11' gem 'rubyzip', '~> 2.3.2', require: 'zip' # GitLab Pages letsencrypt support gem 'acme-client', '~> 2.0' # Browser detection gem 'browser', '~> 5.3.1' # OS detection for usage ping gem 'ohai', '~> 16.10' # GPG gem 'gpgme', '~> 2.0.22' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap' gem 'net-ldap', '~> 0.17.1' # API gem 'grape', '~> 1.5.2' gem 'grape-entity', '~> 0.10.0' gem 'rack-cors', '~> 1.1.1', require: 'rack/cors' gem 'grape-swagger', '~>1.5.0', group: [:development, :test] gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test] # GraphQL API gem 'graphql', '~> 1.13.12' gem 'graphiql-rails', '~> 1.8' gem 'apollo_upload_server', '~> 2.1.0' gem 'graphql-docs', '~> 2.1.0', group: [:development, :test] gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import) gem 'hashie', '~> 5.0.0' # Pagination gem 'kaminari', '~> 1.2.2' # HAML gem 'hamlit', '~> 2.15.0' # Files attachments gem 'carrierwave', '~> 1.3' gem 'mini_magick', '~> 4.10.1' # for backups gem 'fog-aws', '~> 3.18' # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421. # Also see config/initializers/fog_core_patch.rb. gem 'fog-core', '= 2.1.0' gem 'fog-google', '~> 1.19', require: 'fog/google' gem 'fog-local', '~> 0.8' # NOTE: # the fog-aliyun gem since v0.4 pulls in aliyun-sdk transitively, which monkey-patches # the rest-client gem to drop the Content-Length header field for chunked transfers, # which may have knock-on effects on other features using `RestClient`. # We may want to update this dependency if this is ever addressed upstream, e.g. via # https://github.com/aliyun/aliyun-oss-ruby-sdk/pull/93 gem 'fog-aliyun', '~> 0.4' gem 'gitlab-fog-azure-rm', '~> 1.7.0', require: 'fog/azurerm' # for Google storage gem 'google-cloud-storage', '~> 1.44.0' gem 'google-apis-core', '~> 0.10.0' gem 'google-apis-compute_v1', '~> 0.57.0' gem 'google-apis-container_v1', '~> 0.43.0' gem 'google-apis-container_v1beta1', '~> 0.43.0' gem 'google-apis-cloudbilling_v1', '~> 0.21.0' gem 'google-apis-cloudresourcemanager_v1', '~> 0.31.0' gem 'google-apis-iam_v1', '~> 0.36.0' gem 'google-apis-serviceusage_v1', '~> 0.28.0' gem 'google-apis-sqladmin_v1beta4', '~> 0.41.0' # for aws storage gem 'unf', '~> 0.1.4' # Seed data gem 'seed-fu', '~> 2.3.7' # Search gem 'elasticsearch-model', '~> 7.2' gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' gem 'elasticsearch-api', '7.13.3' gem 'aws-sdk-core', '~> 3.170.1' gem 'aws-sdk-cloudformation', '~> 1' gem 'aws-sdk-s3', '~> 1.119.1' gem 'faraday_middleware-aws-sigv4', '~>0.3.0' gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections # Markdown and HTML processing gem 'html-pipeline', '~> 2.14.3' gem 'deckar01-task_list', '2.3.2' gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup' gem 'commonmarker', '~> 0.23.6' gem 'kramdown', '~> 2.3.1' gem 'RedCloth', '~> 4.3.2' gem 'rdoc', '~> 6.3.2' gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' gem 'asciidoctor', '~> 2.0.18' gem 'asciidoctor-include-ext', '~> 0.4.0', require: false gem 'asciidoctor-plantuml', '~> 0.0.16' gem 'asciidoctor-kroki', '~> 0.8.0', require: false gem 'rouge', '~> 4.1.0' gem 'truncato', '~> 0.7.12' gem 'nokogiri', '~> 1.14.2' # Calendar rendering gem 'icalendar' # Diffs gem 'diffy', '~> 3.4' gem 'diff_match_patch', '~> 0.1.0' # Application server gem 'rack', '~> 2.2.6', '>= 2.2.6.2' # https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base' group :puma do gem 'puma', '~> 5.6.5', require: false gem 'puma_worker_killer', '~> 0.3.1', require: false gem 'sd_notify', '~> 0.1.0', require: false end # State machine gem 'state_machines-activerecord', '~> 0.8.0' # CI domain tags gem 'acts-as-taggable-on', '~> 9.0' # Background jobs gem 'sidekiq', '~> 6.5.7' gem 'sidekiq-cron', '~> 1.8.0' gem 'redis-namespace', '~> 1.9.0' gem 'gitlab-sidekiq-fetcher', '0.9.0', require: 'sidekiq-reliable-fetch' # Cron Parser gem 'fugit', '~> 1.8.1' # HTTP requests gem 'httparty', '~> 0.20.0' # Colored output to console gem 'rainbow', '~> 3.0' # Progress bar gem 'ruby-progressbar', '~> 1.10' # GitLab settings gem 'settingslogic', '~> 2.0.9' # Linear-time regex library for untrusted regular expressions gem 're2', '~> 1.6.0' # Misc gem 'version_sorter', '~> 2.3' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.8' # User agent parsing gem 'device_detector' # Redis gem 'redis', '~> 4.8.0' gem 'connection_pool', '~> 2.0' # Redis session store gem 'redis-actionpack', '~> 5.3.0' # Discord integration gem 'discordrb-webhooks', '~> 3.4', require: false # Jira integration gem 'jira-ruby', '~> 2.1.4' gem 'atlassian-jwt', '~> 0.2.0' # Slack integration gem 'slack-messenger', '~> 2.3.4' # Hangouts Chat integration gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat' # Asana integration gem 'asana', '~> 0.10.13' # FogBugz integration gem 'ruby-fogbugz', '~> 0.3.0' # Kubernetes integration gem 'kubeclient', '~> 4.11.0' # Sanitize user input gem 'sanitize', '~> 6.0' gem 'babosa', '~> 1.0.4' # Sanitizes SVG input gem 'loofah', '~> 2.19.1' # Working with license # Detects the open source license the repository includes # This version needs to be in sync with gitlab-org/gitaly gem 'licensee', '~> 9.15' # Detect and convert string character encoding gem 'charlock_holmes', '~> 0.7.7' # Detect mime content type from content gem 'ruby-magic', '~> 0.6' # Faster blank gem 'fast_blank' # Parse time & duration gem 'gitlab-chronic', '~> 0.10.5' gem 'gitlab_chronic_duration', '~> 0.10.6.2' gem 'rack-proxy', '~> 0.7.6' gem 'sassc-rails', '~> 2.1.0' gem 'autoprefixer-rails', '10.2.5.1' gem 'terser', '1.0.2' gem 'addressable', '~> 2.8' gem 'tanuki_emoji', '~> 0.6' gem 'gon', '~> 6.4.0' gem 'request_store', '~> 1.5.1' gem 'base32', '~> 0.3.0' gem 'gitlab-license', '~> 2.2.1' # Protect against bruteforcing gem 'rack-attack', '~> 6.6.1' # Sentry integration gem 'sentry-raven', '~> 3.1' gem 'sentry-ruby', '~> 5.1.1' gem 'sentry-rails', '~> 5.1.1' gem 'sentry-sidekiq', '~> 5.1.1' # PostgreSQL query parsing # gem 'pg_query', '~> 2.2', '>= 2.2.1' gem 'premailer-rails', '~> 1.10.3' gem 'gitlab-labkit', '~> 0.31.1' gem 'thrift', '>= 0.16.0' # I18n gem 'ruby_parser', '~> 3.19', require: false gem 'rails-i18n', '~> 7.0' gem 'gettext_i18n_rails', '~> 1.8.0' gem 'gettext_i18n_rails_js', '~> 1.3' gem 'gettext', '~> 3.3', require: false, group: :development gem 'batch-loader', '~> 2.0.1' # Perf bar gem 'peek', '~> 1.1' # Google Cloud Profiler support gem 'cloud_profiler_agent', '~> 0.0.0', path: 'vendor/gems/cloud_profiler_agent', require: false # Snowplow events tracking gem 'snowplow-tracker', '~> 0.8.0' # Metrics gem 'webrick', '~> 1.6.1', require: false gem 'prometheus-client-mmap', '~> 0.19', require: 'prometheus/client' gem 'warning', '~> 1.3.0' group :development do gem 'lefthook', '~> 1.3.3', require: false gem 'rubocop' gem 'solargraph', '~> 0.47.2', require: false gem 'letter_opener_web', '~> 2.0.0' gem 'lookbook', '~> 1.5', '>= 1.5.3' # Better errors handler gem 'better_errors', '~> 2.9.1' gem 'sprite-factory', '~> 1.7' gem "listen", "~> 3.7" end group :development, :test do gem 'deprecation_toolkit', '~> 1.5.1', require: false gem 'bullet', '~> 7.0.2' gem 'pry-byebug' gem 'pry-rails', '~> 0.3.9' gem 'pry-shell', '~> 0.6.1' gem 'awesome_print', require: false gem 'database_cleaner', '~> 1.7.0' gem 'factory_bot_rails', '~> 6.2.0' gem 'rspec-rails', '~> 6.0.1' # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) gem 'minitest', '~> 5.11.0' # Generate Fake data gem 'ffaker', '~> 2.10' gem 'spring', '~> 4.1.0' gem 'spring-commands-rspec', '~> 1.0.4' gem 'gitlab-styles', '~> 10.0.0', require: false gem 'haml_lint', '~> 0.40.0', require: false gem 'bundler-audit', '~> 0.7.0.1', require: false # Benchmarking & profiling gem 'benchmark-ips', '~> 2.11.0', require: false gem 'benchmark-memory', '~> 0.1', require: false gem 'knapsack', '~> 1.21.1' gem 'crystalball', '~> 0.7.0', require: false gem 'simple_po_parser', '~> 1.1.6', require: false gem 'png_quantizator', '~> 0.2.1', require: false gem 'parallel', '~> 1.19', require: false gem 'test_file_finder', '~> 0.1.3' gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup' gem 'pact', '~> 1.63' end group :development, :test, :danger do gem 'gitlab-dangerfiles', '~> 3.8.0', require: false end group :development, :test, :coverage do gem 'simplecov', '~> 0.21', require: false gem 'simplecov-lcov', '~> 0.8.0', require: false gem 'simplecov-cobertura', '~> 1.3.1', require: false gem 'undercover', '~> 0.4.4', require: false end # Gems required in omnibus-gitlab pipeline group :development, :test, :omnibus do gem 'license_finder', '~> 7.0', require: false end group :test do gem 'fuubar', '~> 2.2.0' gem 'rspec-retry', '~> 0.6.1' gem 'rspec_profiling', '~> 0.0.6' gem 'rspec-benchmark', '~> 0.6.0' gem 'rspec-parameterized', '~> 1.0', require: false gem 'capybara', '~> 3.35.3' gem 'capybara-screenshot', '~> 1.0.22' gem 'selenium-webdriver', '~> 3.142' gem 'graphlyte', '~> 1.0.0' gem 'shoulda-matchers', '~> 5.1.0', require: false gem 'email_spec', '~> 2.2.0' gem 'webmock', '~> 3.9.1' gem 'rails-controller-testing' gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 1.0.7' gem 'rspec_junit_formatter' gem 'guard-rspec' gem 'axe-core-rspec' # Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527 gem 'derailed_benchmarks', require: false end gem 'octokit', '~> 4.15' # Updating this gem version here is deprecated. See: # https://docs.gitlab.com/ee/development/emails.html#mailroom-gem-updates gem 'gitlab-mail_room', '~> 0.0.9', require: 'mail_room' gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' gem 'stackprof', '~> 0.2.23', require: false gem 'rbtrace', '~> 0.4', require: false gem 'memory_profiler', '~> 1.0', require: false gem 'activerecord-explain-analyze', '~> 0.1', require: false # OAuth gem 'oauth2', '~> 2.0' # Health check gem 'health_check', '~> 3.0' # System information gem 'vmstat', '~> 2.3.0' gem 'sys-filesystem', '~> 1.4.3' # NTP client gem 'net-ntp' # SSH keys support gem 'ssh_data', '~> 1.3' # Spamcheck GRPC protocol definitions gem 'spamcheck', '~> 1.0.0' # Gitaly GRPC protocol definitions gem 'gitaly', '~> 15.9.0-rc3' # KAS GRPC protocol definitions gem 'kas-grpc', '~> 0.0.2' gem 'grpc', '~> 1.42.0' gem 'google-protobuf', '~> 3.22', '>= 3.22.2' gem 'toml-rb', '~> 2.2.0' # Feature toggles gem 'flipper', '~> 0.25.0' gem 'flipper-active_record', '~> 0.25.0' gem 'flipper-active_support_cache_store', '~> 0.25.0' gem 'unleash', '~> 3.2.2' gem 'gitlab-experiment', '~> 0.7.1' # Structured logging gem 'lograge', '~> 0.5' gem 'grape_logging', '~> 1.8' # DNS Lookup gem 'gitlab-net-dns', '~> 0.9.1' # Countries list gem 'countries', '~> 4.0.0' gem 'retriable', '~> 3.1.2' # LRU cache gem 'lru_redux' # Locked as long as quoted-printable encoding issues are not resolved # Monkey-patched in `config/initializers/mail_encoding_patch.rb` # See https://gitlab.com/gitlab-org/gitlab/issues/197386 gem 'mail', '= 2.7.1' gem 'mail-smtp_pool', '~> 0.1.0', path: 'vendor/gems/mail-smtp_pool', require: false gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'vendor/gems/microsoft_graph_mailer' # File encryption gem 'lockbox', '~> 1.1.1' # Email validation gem 'valid_email', '~> 0.1' # JSON gem 'json', '~> 2.6.3' gem 'json_schemer', '~> 0.2.18' gem 'oj', '~> 3.13.21' gem 'oj-introspect', '~> 0.7' gem 'multi_json', '~> 1.14.1' gem 'yajl-ruby', '~> 1.4.3', require: 'yajl' gem 'webauthn', '~> 3.0' # IPAddress utilities gem 'ipaddress', '~> 0.8.3' gem 'parslet', '~> 1.8' gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff' gem 'ed25519', '~> 1.3.0' # Error Tracking OpenAPI client # See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature gem 'error_tracking_open_api', path: 'vendor/gems/error_tracking_open_api' # Vulnerability advisories gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite' # Work with RPM packages gem 'arr-pm', '~> 0.0.12' # Apple plist parsing gem 'CFPropertyList', '~> 3.0.0' gem 'app_store_connect' # For phone verification gem 'telesignenterprise', '~> 2.2' # Ruby 3 extracts net-protocol into a separate gem, while Ruby 2 has it built-in # This condition installs the gem only for Ruby 3 to avoid warnings on Ruby 2 # Can be removed when support for Ruby 2 is dropped install_if -> { Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.0.0") } do # BufferedIO patch gem 'net-protocol', '~> 0.1.3' end gem 'duo_api', '~> 1.3'