From e935d2ec9347b6ec65989ae78e3ffad7c26db453 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Mon, 26 Jun 2017 07:52:43 -0700
Subject: [PATCH] Bump premailer-rails gem to 1.9.7 and its dependencies to
 prevent network retrieval of assets

Since asset compilation was disabled in GitLab 9.3, the premailer-rails gem
would fall back to fetching assets via HTTP(s) since the Sidekiq working
directory was not the Rails root. In some instances, SSL verification would
fail, preventing e-mails from being sent.

premailer-rails 1.9.7 has a fix
(https://github.com/fphilipe/premailer-rails/pull/195) that uses an absolute
directory to load assets from the filesystem so that the assets can be fetched
locally instead of over the network.

Closes #34231
---
 Gemfile                                               |  2 +-
 Gemfile.lock                                          | 11 ++++++-----
 .../sh-fix-premailer-gem-for-filesystem.yml           |  5 +++++
 3 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/unreleased/sh-fix-premailer-gem-for-filesystem.yml

diff --git a/Gemfile b/Gemfile
index 6c53bfe6efe69..3cc40eb26a447 100644
--- a/Gemfile
+++ b/Gemfile
@@ -256,7 +256,7 @@ gem 'base32', '~> 0.3.0'
 # Sentry integration
 gem 'sentry-raven', '~> 2.4.0'
 
-gem 'premailer-rails', '~> 1.9.0'
+gem 'premailer-rails', '~> 1.9.7'
 
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 7c9dd0512116e..817a1fd6aa3d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -137,7 +137,7 @@ GEM
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     creole (0.5.0)
-    css_parser (1.4.1)
+    css_parser (1.5.0)
       addressable
     d3_rails (3.5.11)
       railties (>= 3.1.0)
@@ -589,10 +589,11 @@ GEM
       websocket-driver (>= 0.2.0)
     posix-spawn (0.3.11)
     powerpack (0.1.1)
-    premailer (1.8.6)
-      css_parser (>= 1.3.6)
+    premailer (1.10.4)
+      addressable
+      css_parser (>= 1.4.10)
       htmlentities (>= 4.0.0)
-    premailer-rails (1.9.2)
+    premailer-rails (1.9.7)
       actionmailer (>= 3, < 6)
       premailer (~> 1.7, >= 1.7.9)
     prometheus-client-mmap (0.7.0.beta5)
@@ -1045,7 +1046,7 @@ DEPENDENCIES
   peek-sidekiq (~> 1.0.3)
   pg (~> 0.18.2)
   poltergeist (~> 1.9.0)
-  premailer-rails (~> 1.9.0)
+  premailer-rails (~> 1.9.7)
   prometheus-client-mmap (~> 0.7.0.beta5)
   pry-byebug (~> 3.4.1)
   pry-rails (~> 0.3.4)
diff --git a/changelogs/unreleased/sh-fix-premailer-gem-for-filesystem.yml b/changelogs/unreleased/sh-fix-premailer-gem-for-filesystem.yml
new file mode 100644
index 0000000000000..9e3c3e19beae6
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-premailer-gem-for-filesystem.yml
@@ -0,0 +1,5 @@
+---
+title: Bump premailer-rails gem to 1.9.7 and its dependencies to prevent network retrieval
+  of assets
+merge_request:
+author:
-- 
GitLab