OpenNeo/impress
OpenNeo/impress
1
0
Fork 1
Code Pull requests Activity
impress/Gemfile
Emi Matchu 359f368d80 Upgrade to sanitize 7.0 
No specific motivation here, no awareness of security issues; this is just an important gem to be unusually on top of, to prevent XSS attacks.

We were previously on 6.1.3, the previous release, and the only changes were Ruby compatibility and additionally supported CSS properties (which we don't use). But this just keeps us more easily plugged into potentially important fixes down the line.
2026-01-17 21:57:45 -08:00

94 lines
2.6 KiB
Ruby
Raw Blame History

source 'https://rubygems.org'
ruby '3.4.5'
gem 'rails', '~> 8.0', '>= 8.0.1'
# The HTTP server running the Rails instance.
gem 'falcon', '~> 0.48.0'
# Our database is MySQL, in both development and production.
gem 'mysql2', '~> 0.5.5'
# For reading the .env file, which you can use in development to more easily
# set environment variables for secret data.
gem 'dotenv-rails', '~> 2.8', '>= 2.8.1'
# For the asset pipeline: templates, CSS, JS, etc.
gem 'sprockets', '~> 4.2'
gem 'haml', '~> 6.1', '>= 6.1.1'
gem 'sass-rails', '~> 6.0'
gem 'terser', '~> 1.1', '>= 1.1.17'
gem 'jsbundling-rails', '~> 1.3'
gem 'turbo-rails', '~> 2.0'
# For authentication.
gem 'devise', '~> 4.9', '>= 4.9.2'
gem 'devise-encryptable', '~> 0.2.0'
gem 'omniauth', '~> 2.1'
gem 'omniauth-rails_csrf_protection', '~> 2.0', '>= 2.0.1'
gem "omniauth_openid_connect", "~> 0.7.1"
# For pagination UI.
gem 'will_paginate', '~> 4.0'
# For translation, both for the site UI and for Neopets data.
gem 'rails-i18n', '~> 8.0', '>= 8.0.1'
gem 'http_accept_language', '~> 2.1', '>= 2.1.1'
# For reading and parsing HTML from Neopets.com, like importing Closet pages.
gem 'nokogiri', '~> 1.15', '>= 1.15.3'
# For safely rendering users' Markdown + HTML on item list pages.
gem 'rdiscount', '~> 2.2', '>= 2.2.7.1'
gem 'sanitize', '~> 7.0'
# For working with Neopets APIs.
# unstable version of RocketAMF interprets info registry as a hash instead of an array
# Vendored version with Ruby 3.4 ARM compatibility fixes (see vendor/gems/README-RocketAMF.md)
gem 'RocketAMF', path: 'vendor/gems/RocketAMF-1.0.0'
# For preventing too many modeling attempts.
gem 'rack-attack', '~> 6.7'
# For testing emails in development.
gem 'letter_opener', '~> 1.8', '>= 1.8.1', group: :development
# For miscellaneous HTTP requests.
gem "addressable", "~> 2.8"
# For advanced batching of many HTTP requests.
gem "async", "~> 2.17", require: false
gem "async-http", "~> 0.89.0", require: false
gem "thread-local", "~> 1.1", require: false
# For image processing (outfit PNG rendering).
gem "ruby-vips", "~> 2.2"
# For debugging.
group :development do
gem 'debug', '~> 1.9.2'
gem 'web-console', '~> 4.2'
end
# Reduces boot times through caching; required in config/boot.rb
gem 'bootsnap', '~> 1.16', require: false
# For investigating performance issues.
gem "rack-mini-profiler", "~> 3.1"
gem "memory_profiler", "~> 1.0"
gem "stackprof", "~> 0.2.25"
# For monitoring errors in production.
gem "sentry-ruby", "~> 5.12"
gem "sentry-rails", "~> 5.12"
# For tasks that use shell commands.
gem "shell", "~> 0.8.1"
# For automated tests.
group :development, :test do
gem "rspec-rails", "~> 7.0"
end
group :test do
gem "webmock", "~> 3.24"
end
View git blame Copy permalink