From 3c54b7e478a0069b0ae67a5e8ed9e319ec05c130 Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@vanlanduyt.co>
Date: Tue, 23 Feb 2021 13:48:48 +0100
Subject: [PATCH] Bump thrift to 0.14.0

This is a minor bump of the thrift gem. This is a dependency of labkit
through jaeger-client
---
 Gemfile                                                  | 3 +++
 Gemfile.lock                                             | 3 ++-
 changelogs/unreleased/security-bvl-update-thrift-gem.yml | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/security-bvl-update-thrift-gem.yml

diff --git a/Gemfile b/Gemfile
index 5e8e54332ac84..b52a12dca23b7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -311,6 +311,9 @@ gem 'premailer-rails', '~> 1.10.3'
 
 # LabKit: Tracing and Correlation
 gem 'gitlab-labkit', '0.14.0'
+# Thrift is a dependency of gitlab-labkit, we want a version higher than 0.14.0
+# because of https://gitlab.com/gitlab-org/gitlab/-/issues/321900
+gem 'thrift', '>= 0.14.0'
 
 # I18n
 gem 'ruby_parser', '~> 3.15', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 1b3da5628b073..81e42d1189fdd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1186,7 +1186,7 @@ GEM
       rack (>= 1, < 3)
     thor (1.1.0)
     thread_safe (0.3.6)
-    thrift (0.13.0)
+    thrift (0.14.0)
     tilt (2.0.10)
     timecop (0.9.1)
     timeliness (0.3.10)
@@ -1535,6 +1535,7 @@ DEPENDENCIES
   terser (= 1.0.2)
   test-prof (~> 0.12.0)
   thin (~> 1.8.0)
+  thrift (>= 0.14.0)
   timecop (~> 0.9.1)
   toml-rb (~> 1.0.0)
   truncato (~> 0.7.11)
diff --git a/changelogs/unreleased/security-bvl-update-thrift-gem.yml b/changelogs/unreleased/security-bvl-update-thrift-gem.yml
new file mode 100644
index 0000000000000..afe1a0332e360
--- /dev/null
+++ b/changelogs/unreleased/security-bvl-update-thrift-gem.yml
@@ -0,0 +1,5 @@
+---
+title: Bump thrift gem to 0.14.0
+merge_request:
+author:
+type: security
-- 
GitLab