Ask A Question

Notifications

You’re not receiving notifications from this thread.

Unable to run old ruby n rails project

Hemant asked in Rails

Hi I am new to ruby n rails. I was working on this old website. This website is hosted on the heroku server. I fixed the code which was required and it didn't install this website on my system yet. When I tried to push it back to the Heroku using git the security system show error and from that point I am not able to push my changes back to the Heroku. Can you please help?

I am using ruby 2.5.3 and rails 5.2.1.

Following is the gem file of the website.

source 'https://rubygems.org'

#ruby '2.1.2'
gem 'rails', '4.1.5'
gem 'pg'
gem 'sass-rails', '~> 4.0.3'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.0.0'
gem 'jquery-rails', '3.1.2'
gem 'autoprefixer-rails','3.1.0.20140911'
gem 'puma', '2.9.1'
gem 'nokogiri', '~> 1.6.3.1'
gem 'slim-rails', '2.1.5'
gem 'devise', '~> 3.3.0'
gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
gem 'formtastic-bootstrap'
gem 'activeadmin', github: 'activeadmin'
gem 'cancan', '~> 1.6.10'

gem 'fancybox2-rails'

gem 'carrierwave', '~> 0.10.0'
gem "mini_magick"
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'stripe-ruby-mock', '~> 1.10.1.7'
gem "kaminari"

gem 'activeadmin-dragonfly', :git => 'https://github.com/stefanoverna/activeadmin-dragonfly'
gem 'activeadmin-wysihtml5', :git => 'https://github.com/stefanoverna/activeadmin-wysihtml5'

gem 'will_paginate', '~> 3.0.6'

gem 'owlcarousel-rails'

gem 'paypal-sdk-adaptivepayments'

group :production do
  gem 'rails_12factor'
  gem 'fog', '~> 1.23.0'
end

group :development, :test do
  gem 'rspec-autotest'
  gem 'autotest-rails'
  gem 'rspec-rails', '3.1.0'
  gem "dotenv-rails"
end

group :development do
  gem 'metric_fu','4.11.1'
  gem 'pry-rails', '0.3.2'
  gem 'xray-rails', '0.1.14'
  gem 'quiet_assets', '1.0.3'
end

group :test do
  gem 'factory_girl_rails', '4.4.1'
  gem 'simplecov', '0.9.0', require: false
  gem 'database_cleaner', '1.3.0'
  gem 'capybara'
  gem 'shoulda-matchers'
end

This is the error I received:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed

Recieved this error after adding Sprockets version 2.12.5

To be honest, I am not a ruby developer. I am working on certain fixes on a ruby website. It's hosted on Heroku server.

The changes I have made doesn't involve adding or removing any gem but only functionality changes.

I am not able to push my changes due to the following issues:

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "2.12.5"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     con fig.assets.compile = false #Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
Point to be noted, following are the configurations of the website:

remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
This ruby version is too old and not maintained, and I am working on ruby 2.5.3, bundle 1.15.2 (until this error, I had no idea about the bundle or its version)

I tried to install the gem as mentioned (Sprockets version "2.12.5") then tried to push my changes and received this error:

remote: 
remote: -----> Ruby app detected
remote: -----> Compiling Ruby/Rails
remote:        Your app was upgraded to bundler 1.15.2.
remote:        Previously you had a successful deploy with bundler 1.11.2.
remote:        
remote:        If you see problems related to the bundler version please refer to:
remote:        https://devcenter.heroku.com/articles/bundler-version
remote:        
remote: -----> Using Ruby version: ruby-2.0.0
remote: -----> Installing dependencies using bundler 1.15.2
remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
remote:        The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote:        Bundler Output: The git source `git://github.com/seyhunak/twitter-bootstrap-rails.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        The git source `git://github.com/activeadmin/activeadmin.git` uses the `git` protocol, which transmits data without encryption. Disable this warning with `bundle config git.allow_insecure true`, or switch to the `https` protocol to keep your data secure.
remote:        You are trying to install in deployment mode after changing
remote:        your Gemfile. Run `bundle install` elsewhere and add the
remote:        updated Gemfile.lock to version control.
remote:        
remote:        The dependencies in your gemfile changed
remote:        
remote:        You have added to the Gemfile:
remote:        * sprockets (= 2.12.5)
remote: 
remote:  !
remote:  !     Failed to install gems via Bundler.
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !   Push rejected to

Please suggest

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,651+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.