tjh.dev
1# frozen_string_literal: true
2
3source 'https://rubygems.org'
4
5if ENV.fetch('BUNDLER_CHECKSUM_VERIFICATION_OPT_IN', 'false') != 'false' # this verification is still experimental
6 $LOAD_PATH.unshift(File.expand_path("vendor/gems/bundler-checksum/lib", __dir__))
7 require 'bundler-checksum'
8 BundlerChecksum.patch!
9end
10
11gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', require: false
12
13# NOTE: When incrementing the major or minor version here, also increment activerecord_version
14# in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve
15# https://gitlab.com/gitlab-org/gitlab/-/issues/375713
16gem 'rails', '~> 6.1.7.2'
17
18gem 'bootsnap', '~> 1.16.0', require: false
19
20gem 'openssl', '~> 3.0'
21gem 'ipaddr', '~> 1.2.5'
22
23# Responders respond_to and respond_with
24gem 'responders', '~> 3.0'
25
26gem 'sprockets', '~> 3.7.0'
27
28gem 'view_component', '~> 2.82.0'
29
30# Supported DBs
31gem 'pg', '~> 1.5.3'
32
33gem 'neighbor', '~> 0.2.3'
34
35gem 'rugged', '~> 1.5'
36gem 'grape-path-helpers', '~> 1.7.1'
37
38gem 'faraday', '~> 1.0'
39gem 'marginalia', '~> 1.11.1'
40
41# Authorization
42gem 'declarative_policy', '~> 1.1.0'
43
44# Authentication libraries
45gem 'devise', '~> 4.8.1'
46gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable'
47gem 'bcrypt', '~> 3.1', '>= 3.1.14'
48gem 'doorkeeper', '~> 5.6', '>= 5.6.6'
49gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.6'
50gem 'rexml', '~> 3.2.5'
51gem 'ruby-saml', '~> 1.13.0'
52gem 'omniauth', '~> 2.1.0'
53gem 'omniauth-auth0', '~> 3.1'
54gem 'omniauth-azure-activedirectory-v2', '~> 2.0'
55gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
56gem 'omniauth-dingtalk-oauth2', '~> 1.0'
57gem 'omniauth-alicloud', '~> 2.0.1'
58gem 'omniauth-facebook', '~> 4.0.0'
59gem 'omniauth-github', '2.0.1'
60gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
61gem 'omniauth-google-oauth2', '~> 1.1'
62gem 'omniauth-oauth2-generic', '~> 0.2.2'
63gem 'omniauth-saml', '~> 2.1.0'
64gem 'omniauth-twitter', '~> 1.4'
65gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
66gem 'omniauth_openid_connect', '~> 0.6.1'
67# Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.
68# See https://docs.gitlab.com/ee/development/emails.html#rationale.
69gem 'openid_connect', '= 1.3.0'
70gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
71gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
72gem 'rack-oauth2', '~> 1.21.3'
73gem 'jwt', '~> 2.5'
74
75# Kerberos authentication. EE-only
76gem 'gssapi', '~> 1.3.1', group: :kerberos
77gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
78
79# Spam and anti-bot protection
80gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails'
81gem 'akismet', '~> 3.0'
82gem 'invisible_captcha', '~> 2.0.0'
83
84# Two-factor authentication
85gem 'devise-two-factor', '~> 4.0.2'
86gem 'rqrcode-rails3', '~> 0.1.7'
87gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted'
88
89# GitLab Pages
90gem 'validates_hostname', '~> 1.0.11'
91gem 'rubyzip', '~> 2.3.2', require: 'zip'
92# GitLab Pages letsencrypt support
93gem 'acme-client', '~> 2.0'
94
95# Browser detection
96gem 'browser', '~> 5.3.1'
97
98# OS detection for usage ping
99gem 'ohai', '~> 17.9'
100
101# GPG
102gem 'gpgme', '~> 2.0.22'
103
104# LDAP Auth
105# GitLab fork with several improvements to original library. For full list of changes
106# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
107gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap'
108gem 'net-ldap', '~> 0.17.1'
109
110# API
111gem 'grape', '~> 1.5.2'
112gem 'grape-entity', '~> 0.10.0'
113gem 'rack-cors', '~> 1.1.1', require: 'rack/cors'
114gem 'grape-swagger', '~>1.5.0', group: [:development, :test]
115gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test]
116
117# GraphQL API
118gem 'graphql', '~> 1.13.12'
119gem 'graphiql-rails', '~> 1.8'
120gem 'apollo_upload_server', '~> 2.1.0'
121gem 'graphql-docs', '~> 2.1.0', group: [:development, :test]
122gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)
123
124gem 'hashie', '~> 5.0.0'
125
126# Pagination
127gem 'kaminari', '~> 1.2.2'
128
129# HAML
130gem 'hamlit', '~> 2.15.0'
131
132# Files attachments
133gem 'carrierwave', '~> 1.3'
134gem 'mini_magick', '~> 4.10.1'
135
136# for backups
137gem 'fog-aws', '~> 3.18'
138# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
139# Also see config/initializers/fog_core_patch.rb.
140gem 'fog-core', '= 2.1.0'
141gem 'fog-google', '~> 1.19', require: 'fog/google'
142gem 'fog-local', '~> 0.8'
143# NOTE:
144# the fog-aliyun gem since v0.4 pulls in aliyun-sdk transitively, which monkey-patches
145# the rest-client gem to drop the Content-Length header field for chunked transfers,
146# which may have knock-on effects on other features using `RestClient`.
147# We may want to update this dependency if this is ever addressed upstream, e.g. via
148# https://github.com/aliyun/aliyun-oss-ruby-sdk/pull/93
149gem 'fog-aliyun', '~> 0.4'
150gem 'gitlab-fog-azure-rm', '~> 1.7.0', require: 'fog/azurerm'
151
152# for Google storage
153gem 'google-cloud-storage', '~> 1.44.0'
154gem 'google-apis-core', '~> 0.10.0'
155gem 'google-apis-compute_v1', '~> 0.57.0'
156gem 'google-apis-container_v1', '~> 0.43.0'
157gem 'google-apis-container_v1beta1', '~> 0.43.0'
158gem 'google-apis-cloudbilling_v1', '~> 0.21.0'
159gem 'google-apis-cloudresourcemanager_v1', '~> 0.31.0'
160gem 'google-apis-iam_v1', '~> 0.36.0'
161gem 'google-apis-serviceusage_v1', '~> 0.28.0'
162gem 'google-apis-sqladmin_v1beta4', '~> 0.41.0'
163gem 'google-apis-androidpublisher_v3', '~> 0.34.0'
164
165# for aws storage
166gem 'unf', '~> 0.1.4'
167
168# Seed data
169gem 'seed-fu', '~> 2.3.7'
170
171# Search
172gem 'elasticsearch-model', '~> 7.2'
173gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
174gem 'elasticsearch-api', '7.13.3'
175gem 'aws-sdk-core', '~> 3.172.0'
176gem 'aws-sdk-cloudformation', '~> 1'
177gem 'aws-sdk-s3', '~> 1.122.0'
178gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
179gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
180
181# Markdown and HTML processing
182gem 'html-pipeline', '~> 2.14.3'
183gem 'deckar01-task_list', '2.3.2'
184gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup'
185gem 'commonmarker', '~> 0.23.6'
186gem 'kramdown', '~> 2.3.1'
187gem 'RedCloth', '~> 4.3.2'
188gem 'rdoc', '~> 6.3.2'
189gem 'org-ruby', '~> 0.9.12'
190gem 'creole', '~> 0.5.0'
191gem 'wikicloth', '0.8.1'
192gem 'asciidoctor', '~> 2.0.18'
193gem 'asciidoctor-include-ext', '~> 0.4.0', require: false
194gem 'asciidoctor-plantuml', '~> 0.0.16'
195gem 'asciidoctor-kroki', '~> 0.8.0', require: false
196gem 'rouge', '~> 4.1.0'
197gem 'truncato', '~> 0.7.12'
198gem 'nokogiri', '~> 1.14.3'
199
200# Calendar rendering
201gem 'icalendar'
202
203# Diffs
204gem 'diffy', '~> 3.4'
205gem 'diff_match_patch', '~> 0.1.0'
206
207# Application server
208gem 'rack', '~> 2.2.7'
209# https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually
210gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base'
211
212group :puma do
213 gem 'puma', '~> 5.6.5', require: false
214 gem 'puma_worker_killer', '~> 0.3.1', require: false
215 gem 'sd_notify', '~> 0.1.0', require: false
216end
217
218# State machine
219gem 'state_machines-activerecord', '~> 0.8.0'
220
221# CI domain tags
222gem 'acts-as-taggable-on', '~> 9.0'
223
224# Background jobs
225gem 'sidekiq', '~> 6.5.7'
226gem 'sidekiq-cron', '~> 1.8.0'
227gem 'redis-namespace', '~> 1.9.0'
228gem 'gitlab-sidekiq-fetcher', path: 'vendor/gems/sidekiq-reliable-fetch', require: 'sidekiq-reliable-fetch'
229
230# Cron Parser
231gem 'fugit', '~> 1.8.1'
232
233# HTTP requests
234gem 'httparty', '~> 0.20.0'
235
236# Colored output to console
237gem 'rainbow', '~> 3.0'
238
239# Progress bar
240gem 'ruby-progressbar', '~> 1.10'
241
242# Linear-time regex library for untrusted regular expressions
243gem 're2', '~> 1.6.0'
244
245# Misc
246
247gem 'semver_dialects', '~> 1.2.1'
248gem 'version_sorter', '~> 2.3'
249
250# Export Ruby Regex to Javascript
251gem 'js_regex', '~> 3.8'
252
253# User agent parsing
254gem 'device_detector'
255
256# Redis
257gem 'redis', '~> 4.8.0'
258gem 'connection_pool', '~> 2.0'
259
260# Redis session store
261gem 'redis-actionpack', '~> 5.3.0'
262
263# Discord integration
264gem 'discordrb-webhooks', '~> 3.4', require: false
265
266# Jira integration
267gem 'jira-ruby', '~> 2.1.4'
268gem 'atlassian-jwt', '~> 0.2.0'
269
270# Slack integration
271gem 'slack-messenger', '~> 2.3.4'
272
273# Hangouts Chat integration
274gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'
275
276# Asana integration
277gem 'asana', '~> 0.10.13'
278
279# FogBugz integration
280gem 'ruby-fogbugz', '~> 0.3.0'
281
282# Kubernetes integration
283gem 'kubeclient', '~> 4.11.0'
284
285# AI
286gem 'ruby-openai', '~> 3.7'
287gem 'circuitbox', '2.0.0'
288
289# Sanitize user input
290gem 'sanitize', '~> 6.0'
291gem 'babosa', '~> 1.0.4'
292
293# Sanitizes SVG input
294gem 'loofah', '~> 2.21.0'
295
296# Working with license
297# Detects the open source license the repository includes
298# This version needs to be in sync with gitlab-org/gitaly
299gem 'licensee', '~> 9.15'
300
301# Detect and convert string character encoding
302gem 'charlock_holmes', '~> 0.7.7'
303
304# Detect mime content type from content
305gem 'ruby-magic', '~> 0.6'
306
307# Faster blank
308gem 'fast_blank'
309
310# Parse time & duration
311gem 'gitlab-chronic', '~> 0.10.5'
312gem 'gitlab_chronic_duration', '~> 0.10.6.2'
313
314gem 'rack-proxy', '~> 0.7.6'
315
316gem 'sassc-rails', '~> 2.1.0'
317gem 'autoprefixer-rails', '10.2.5.1'
318gem 'terser', '1.0.2'
319
320gem 'addressable', '~> 2.8'
321gem 'tanuki_emoji', '~> 0.6'
322gem 'gon', '~> 6.4.0'
323gem 'request_store', '~> 1.5.1'
324gem 'base32', '~> 0.3.0'
325
326gem 'gitlab-license', '~> 2.2.1'
327
328# Protect against bruteforcing
329gem 'rack-attack', '~> 6.6.1'
330
331# Sentry integration
332gem 'sentry-raven', '~> 3.1'
333gem 'sentry-ruby', '~> 5.8.0'
334gem 'sentry-rails', '~> 5.8.0'
335gem 'sentry-sidekiq', '~> 5.8.0'
336
337# PostgreSQL query parsing
338#
339gem 'pg_query', '~> 2.2', '>= 2.2.1'
340
341gem 'premailer-rails', '~> 1.10.3'
342
343gem 'gitlab-labkit', '~> 0.32.0'
344gem 'thrift', '>= 0.16.0'
345
346# I18n
347gem 'ruby_parser', '~> 3.20', require: false
348gem 'rails-i18n', '~> 7.0'
349gem 'gettext_i18n_rails', '~> 1.8.0'
350gem 'gettext_i18n_rails_js', '~> 1.3'
351gem 'gettext', '~> 3.3', require: false, group: :development
352
353gem 'batch-loader', '~> 2.0.1'
354
355# Perf bar
356gem 'peek', '~> 1.1'
357
358# Google Cloud Profiler support
359gem 'cloud_profiler_agent', '~> 0.0.0', path: 'vendor/gems/cloud_profiler_agent', require: false
360
361# Snowplow events tracking
362gem 'snowplow-tracker', '~> 0.8.0'
363
364# Metrics
365gem 'webrick', '~> 1.8.1', require: false
366gem 'prometheus-client-mmap', '~> 0.23', require: 'prometheus/client'
367
368gem 'warning', '~> 1.3.0'
369
370group :development do
371 gem 'lefthook', '~> 1.3.13', require: false
372 gem 'rubocop'
373 gem 'solargraph', '~> 0.47.2', require: false
374
375 gem 'letter_opener_web', '~> 2.0.0'
376 gem 'lookbook', '~> 2.0', '>= 2.0.1'
377
378 # Better errors handler
379 gem 'better_errors', '~> 2.10.0'
380
381 gem 'sprite-factory', '~> 1.7'
382
383 gem "listen", "~> 3.7"
384end
385
386group :development, :test do
387 gem 'deprecation_toolkit', '~> 1.5.1', require: false
388 gem 'bullet', '~> 7.0.2'
389 gem 'pry-byebug'
390 gem 'pry-rails', '~> 0.3.9'
391 gem 'pry-shell', '~> 0.6.1'
392
393 gem 'awesome_print', require: false
394
395 gem 'database_cleaner', '~> 1.7.0'
396 gem 'factory_bot_rails', '~> 6.2.0'
397 gem 'rspec-rails', '~> 6.0.1'
398
399 # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
400 gem 'minitest', '~> 5.11.0'
401
402 # Generate Fake data
403 gem 'ffaker', '~> 2.10'
404
405 gem 'spring', '~> 4.1.0'
406 gem 'spring-commands-rspec', '~> 1.0.4'
407
408 gem 'gitlab-styles', '~> 10.0.0', require: false
409
410 gem 'haml_lint', '~> 0.40.0', require: false
411 gem 'bundler-audit', '~> 0.7.0.1', require: false
412
413 # Benchmarking & profiling
414 gem 'benchmark-ips', '~> 2.11.0', require: false
415 gem 'benchmark-memory', '~> 0.1', require: false
416
417 gem 'knapsack', '~> 1.21.1'
418 gem 'crystalball', '~> 0.7.0', require: false
419
420 gem 'simple_po_parser', '~> 1.1.6', require: false
421
422 gem 'png_quantizator', '~> 0.2.1', require: false
423
424 gem 'parallel', '~> 1.19', require: false
425
426 gem 'test_file_finder', '~> 0.1.3'
427
428 gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup'
429
430 gem 'pact', '~> 1.63'
431end
432
433group :development, :test, :danger do
434 gem 'gitlab-dangerfiles', '~> 3.10.0', require: false
435end
436
437group :development, :test, :coverage do
438 gem 'simplecov', '~> 0.21', require: false
439 gem 'simplecov-lcov', '~> 0.8.0', require: false
440 gem 'simplecov-cobertura', '~> 1.3.1', require: false
441 gem 'undercover', '~> 0.4.4', require: false
442end
443
444# Gems required in omnibus-gitlab pipeline
445group :development, :test, :omnibus do
446 gem 'license_finder', '~> 7.0', require: false
447end
448
449group :test do
450 gem 'fuubar', '~> 2.2.0'
451 gem 'rspec-retry', '~> 0.6.2'
452 gem 'rspec_profiling', '~> 0.0.6'
453 gem 'rspec-benchmark', '~> 0.6.0'
454 gem 'rspec-parameterized', '~> 1.0', require: false
455
456 gem 'capybara', '~> 3.39'
457 gem 'capybara-screenshot', '~> 1.0.26'
458 # 4.9.1 drops Ruby 2.7 support. We can upgrade further after we drop Ruby 2.7 support.
459 gem 'selenium-webdriver', '= 4.9.0'
460
461 gem 'graphlyte', '~> 1.0.0'
462
463 gem 'shoulda-matchers', '~> 5.1.0', require: false
464 gem 'email_spec', '~> 2.2.0'
465 gem 'webmock', '~> 3.18.1'
466 gem 'rails-controller-testing'
467 gem 'concurrent-ruby', '~> 1.1'
468 gem 'test-prof', '~> 1.2.1'
469 gem 'rspec_junit_formatter'
470 gem 'guard-rspec'
471 gem 'axe-core-rspec'
472
473 # Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
474 gem 'derailed_benchmarks', require: false
475end
476
477gem 'octokit', '~> 4.15'
478
479gem 'gitlab-mail_room', '~> 0.0.23', require: 'mail_room'
480
481gem 'email_reply_trimmer', '~> 0.1'
482gem 'html2text'
483
484gem 'stackprof', '~> 0.2.25', require: false
485gem 'rbtrace', '~> 0.4', require: false
486gem 'memory_profiler', '~> 1.0', require: false
487gem 'activerecord-explain-analyze', '~> 0.1', require: false
488
489# OAuth
490gem 'oauth2', '~> 2.0'
491
492# Health check
493gem 'health_check', '~> 3.0'
494
495# System information
496gem 'vmstat', '~> 2.3.0'
497gem 'sys-filesystem', '~> 1.4.3'
498
499# NTP client
500gem 'net-ntp'
501
502# SSH keys support
503gem 'ssh_data', '~> 1.3'
504
505# Spamcheck GRPC protocol definitions
506gem 'spamcheck', '~> 1.3.0'
507
508# Gitaly GRPC protocol definitions
509gem 'gitaly', '~> 15.9.0-rc3'
510
511# KAS GRPC protocol definitions
512gem 'kas-grpc', '~> 0.1.0'
513
514gem 'grpc', '~> 1.42.0'
515
516gem 'google-protobuf', '~> 3.22', '>= 3.22.3'
517
518gem 'toml-rb', '~> 2.2.0'
519
520# Feature toggles
521gem 'flipper', '~> 0.25.0'
522gem 'flipper-active_record', '~> 0.25.0'
523gem 'flipper-active_support_cache_store', '~> 0.25.0'
524gem 'unleash', '~> 3.2.2'
525gem 'gitlab-experiment', '~> 0.7.1'
526
527# Structured logging
528gem 'lograge', '~> 0.5'
529gem 'grape_logging', '~> 1.8'
530
531# DNS Lookup
532gem 'gitlab-net-dns', '~> 0.9.2'
533
534# Countries list
535gem 'countries', '~> 4.0.0'
536
537gem 'retriable', '~> 3.1.2'
538
539# LRU cache
540gem 'lru_redux'
541
542# Locked as long as quoted-printable encoding issues are not resolved
543# Monkey-patched in `config/initializers/mail_encoding_patch.rb`
544# See https://gitlab.com/gitlab-org/gitlab/issues/197386
545#
546# `config/initializers/mail_starttls_patch.rb` has also been patched to
547# fix STARTTLS handling until https://github.com/mikel/mail/pull/1536 is
548# released.
549gem 'mail', '= 2.8.1'
550gem 'mail-smtp_pool', '~> 0.1.0', path: 'vendor/gems/mail-smtp_pool', require: false
551
552gem 'microsoft_graph_mailer', '~> 0.1.0', path: 'vendor/gems/microsoft_graph_mailer'
553
554# File encryption
555gem 'lockbox', '~> 1.1.1'
556
557# Email validation
558gem 'valid_email', '~> 0.1'
559
560# JSON
561gem 'json', '~> 2.6.3'
562gem 'json_schemer', '~> 0.2.18'
563gem 'oj', '~> 3.13.21'
564gem 'oj-introspect', '~> 0.7'
565gem 'multi_json', '~> 1.14.1'
566gem 'yajl-ruby', '~> 1.4.3', require: 'yajl'
567
568gem 'webauthn', '~> 3.0'
569
570# IPAddress utilities
571gem 'ipaddress', '~> 0.8.3'
572
573gem 'parslet', '~> 1.8'
574
575gem 'ipynbdiff', path: 'vendor/gems/ipynbdiff'
576
577gem 'ed25519', '~> 1.3.0'
578
579# Error Tracking OpenAPI client
580# See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature
581gem 'error_tracking_open_api', path: 'vendor/gems/error_tracking_open_api'
582
583# Vulnerability advisories
584gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite'
585
586# Work with RPM packages
587gem 'arr-pm', '~> 0.0.12'
588
589# Remote Development
590gem 'devfile', '~> 0.0.17.pre.alpha1'
591
592# Apple plist parsing
593gem 'CFPropertyList', '~> 3.0.0'
594gem 'app_store_connect'
595
596# For phone verification
597gem 'telesignenterprise', '~> 2.2'
598
599# BufferedIO patch
600# Updating this version will require updating scripts/allowed_warnings.txt
601gem 'net-protocol', '~> 0.1.3'
602
603gem 'duo_api', '~> 1.3'