Upgrade Rails due to security vulnerabilities (CVE-2016-2097, CVE-2016-2098)

[hubot]

Heaven detected that rails is not >= 5.0, ~> 3.2.22.2, ~> 4.1.14.2, ~> 4.2.5.2

Your Gemfile.lock on the master branch currently is 4.2.8.

Can you folks fix this up? :revolving_hearts:

/cc https://github.com/github/security/issues/1468

[jacobbednarz]

cc @oreoshake - Looks like your security checks for rails are a bit behind.

[oreoshake]

We don't use boxen anymore ¯_(ツ)_/¯

[jacobbednarz]

Oh, I understood that much but there are also newer versions of Rails 4.2.x that have mitigated theses CVEs.

[oreoshake]

Ah, I see. Yeah, it's not perfect :smile: