From f9d3ce39e811bfb97babcffd253a6f780814671a Mon Sep 17 00:00:00 2001
From: Eric Berry <cavneb@gmail.com>
Date: Tue, 21 Oct 2014 09:42:45 -0600
Subject: [PATCH] Security Update: httpclient library to latest version (2.5.1)

This is a security patch. With the latest version of httpclient, if you
use this gem in an app already using httpclient, you will still be able
to apply the security patch referenced here:

https://github.com/nahi/httpclient/issues/202#issuecomment-59154062

Also removed Gemfile.lock and added the file to .gitignore. It is not
good to check in Gemfile.lock into version control, since it enforces
precision that does not exist in the gem command, which is used to
install gems in practice.

See http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
---
 .gitignore    |   1 +
 Gemfile       |   2 +-
 Gemfile.lock  | 105 --------------------------------------------------
 vimeo.gemspec |   6 +--
 4 files changed, 5 insertions(+), 109 deletions(-)
 delete mode 100644 Gemfile.lock

diff --git a/.gitignore b/.gitignore
index f42148e..bd4cf02 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 coverage
 pkg/
 .bundle
+Gemfile.lock
diff --git a/Gemfile b/Gemfile
index 88db302..d4a53ab 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source "https://rubygems.org"
 
 gem "httparty", ">= 0.4.5"
-gem "httpclient", ">= 2.1.5.2"
+gem "httpclient", ">= 2.5.1"
 gem "json", ">= 1.1.9"
 gem "multipart-post", ">= 1.0.1"
 gem "oauth", ">= 0.4.3"
diff --git a/Gemfile.lock b/Gemfile.lock
deleted file mode 100644
index be4b26e..0000000
--- a/Gemfile.lock
+++ /dev/null
@@ -1,105 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activesupport (3.2.13)
-      i18n (= 0.6.1)
-      multi_json (~> 1.0)
-    addressable (2.3.6)
-    builder (3.2.2)
-    colorize (0.5.8)
-    coveralls (0.6.7)
-      colorize
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      thor
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    fakeweb (1.3.0)
-    faraday (0.9.0)
-      multipart-post (>= 1.2, < 3)
-    git (1.2.6)
-    github_api (0.11.3)
-      addressable (~> 2.3)
-      descendants_tracker (~> 0.0.1)
-      faraday (~> 0.8, < 0.10)
-      hashie (>= 1.2)
-      multi_json (>= 1.7.5, < 2.0)
-      nokogiri (~> 1.6.0)
-      oauth2
-    hashie (2.1.1)
-    highline (1.6.21)
-    httparty (0.11.0)
-      multi_json (~> 1.0)
-      multi_xml (>= 0.5.2)
-    httpclient (2.3.3)
-    i18n (0.6.1)
-    jeweler (2.0.1)
-      builder
-      bundler (>= 1.0)
-      git (>= 1.2.5)
-      github_api
-      highline (>= 1.6.15)
-      nokogiri (>= 1.5.10)
-      rake
-      rdoc
-    json (1.8.1)
-    jwt (0.1.11)
-      multi_json (>= 1.5)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    mini_portile (0.5.3)
-    mocha (0.14.0)
-      metaclass (~> 0.0.1)
-    multi_json (1.7.7)
-    multi_xml (0.5.4)
-    multipart-post (1.2.0)
-    nokogiri (1.6.1)
-      mini_portile (~> 0.5.0)
-    oauth (0.4.7)
-    oauth2 (0.9.3)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 0.1.8)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (~> 1.2)
-    rack (1.5.2)
-    rake (0.9.6)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    ruby-prof (0.13.0)
-    shoulda (3.5.0)
-      shoulda-context (~> 1.0, >= 1.0.1)
-      shoulda-matchers (>= 1.4.1, < 3.0)
-    shoulda-context (1.1.3)
-    shoulda-matchers (2.2.0)
-      activesupport (>= 3.0.0)
-    simplecov (0.7.1)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.7.1)
-    simplecov-html (0.7.1)
-    test-unit (2.5.5)
-    thor (0.18.1)
-    thread_safe (0.3.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.0)
-  coveralls
-  fakeweb (>= 1.2.6)
-  httparty (>= 0.4.5)
-  httpclient (>= 2.1.5.2)
-  jeweler (~> 2.0.1)
-  json (>= 1.1.9)
-  mocha (>= 0.9.8)
-  multipart-post (>= 1.0.1)
-  oauth (>= 0.4.3)
-  rake (= 0.9.6)
-  rdoc (~> 3.12)
-  ruby-prof (>= 0.9.2)
-  shoulda (>= 2.11.3)
-  test-unit
diff --git a/vimeo.gemspec b/vimeo.gemspec
index 56fa5c9..fdd2cef 100644
--- a/vimeo.gemspec
+++ b/vimeo.gemspec
@@ -207,7 +207,7 @@ Gem::Specification.new do |s|
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<httparty>, [">= 0.4.5"])
-      s.add_runtime_dependency(%q<httpclient>, [">= 2.1.5.2"])
+      s.add_runtime_dependency(%q<httpclient>, [">= 2.5.1"])
       s.add_runtime_dependency(%q<json>, [">= 1.1.9"])
       s.add_runtime_dependency(%q<multipart-post>, [">= 1.0.1"])
       s.add_runtime_dependency(%q<oauth>, [">= 0.4.3"])
@@ -220,7 +220,7 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<ruby-prof>, [">= 0.9.2"])
     else
       s.add_dependency(%q<httparty>, [">= 0.4.5"])
-      s.add_dependency(%q<httpclient>, [">= 2.1.5.2"])
+      s.add_dependency(%q<httpclient>, [">= 2.5.1"])
       s.add_dependency(%q<json>, [">= 1.1.9"])
       s.add_dependency(%q<multipart-post>, [">= 1.0.1"])
       s.add_dependency(%q<oauth>, [">= 0.4.3"])
@@ -234,7 +234,7 @@ Gem::Specification.new do |s|
     end
   else
     s.add_dependency(%q<httparty>, [">= 0.4.5"])
-    s.add_dependency(%q<httpclient>, [">= 2.1.5.2"])
+    s.add_dependency(%q<httpclient>, [">= 2.5.1"])
     s.add_dependency(%q<json>, [">= 1.1.9"])
     s.add_dependency(%q<multipart-post>, [">= 1.0.1"])
     s.add_dependency(%q<oauth>, [">= 0.4.3"])