Ask A Question

Notifications

You’re not receiving notifications from this thread.

Unable to run old ruby n rails project

Hemant asked in Rails

Hi I am new to ruby n rails. I was working on this old website. This website is hosted on the heroku server. I fixed the code which was required and it didn't install this website on my system yet. When I tried to push it back to the Heroku using git the security system show error and from that point I am not able to push my changes back to the Heroku. Can you please help?

I am using ruby 2.5.3 and rails 5.2.1.

Following is the gem file of the website.

source 'https://rubygems.org'

#ruby '2.1.2'
gem 'rails', '4.1.5'
gem 'pg'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails', '3.1.2'
gem 'autoprefixer-rails','3.1.0.20140911'
gem 'puma', '2.9.1'
gem 'nokogiri', '~> 1.6.3.1'
gem 'slim-rails', '2.1.5'
gem 'devise', '~> 3.3.0'
gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
gem 'formtastic-bootstrap'
gem 'activeadmin', github: 'activeadmin'
gem 'cancan', '~> 1.6.10'

gem 'fancybox2-rails'

gem 'carrierwave', '~> 0.10.0'
gem "mini_magick"
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'stripe-ruby-mock', '~> 1.10.1.7'
gem "kaminari"

gem 'activeadmin-dragonfly', :git => 'https://github.com/stefanoverna/activeadmin-dragonfly'
gem 'activeadmin-wysihtml5', :git => 'https://github.com/stefanoverna/activeadmin-wysihtml5'

gem 'will_paginate', '~> 3.0.6'

gem 'owlcarousel-rails'

gem 'paypal-sdk-adaptivepayments'

group :production do
  gem 'rails_12factor'
  gem 'fog', '~> 1.23.0'
end

group :development, :test do
  gem 'rspec-autotest'
  gem 'autotest-rails'
  gem 'rspec-rails', '3.1.0'
  gem "dotenv-rails"
end

group :development do
  gem 'metric_fu','4.11.1'
  gem 'pry-rails', '0.3.2'
  gem 'xray-rails', '0.1.14'
  gem 'quiet_assets', '1.0.3'
end

group :test do
  gem 'factory_girl_rails', '4.4.1'
  gem 'simplecov', '0.9.0', require: false
  gem 'database_cleaner', '1.3.0'
  gem 'capybara'
  gem 'shoulda-matchers'
end

This is the error I received:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed

Recieved this error after adding Sprockets version 2.12.5

To be honest, I am not a ruby developer. I am working on certain fixes on a ruby website. It's hosted on Heroku server.

The changes I have made doesn't involve adding or removing any gem but only functionality changes.

I am not able to push my changes due to the following issues:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
Point to be noted, following are the configurations of the website:

remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
This ruby version is too old and not maintained, and I am working on ruby 2.5.3, bundle 1.15.2 (until this error, I had no idea about the bundle or its version)

I tried to install the gem as mentioned (Sprockets version "2.12.5") then tried to push my changes and received this error:

remote: 
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
remote:        The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote:        Bundler Output: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote: 
remote:  !
remote:  !     Failed to install gems via Bundler.
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !   Push rejected to

Please suggest

Reply
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 74,071+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2023 GoRails, LLC. All rights reserved.