From 8c69126d203ac45e27669265bb991e4c3695357c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 May 2021 01:31:47 +0000 Subject: [PATCH 01/76] Bump puma from 5.3.0 to 5.3.1 Bumps [puma](https://github.com/puma/puma) from 5.3.0 to 5.3.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.3.0...v5.3.1) Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index bb69495..e2dfbbc 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source 'https://rubygems.org' do # Use postgres as the database for Active Record gem 'pg' # Use Puma as the app server - gem 'puma', '~> 5.0' + gem 'puma', '~> 5.3' # Use SCSS for stylesheets gem 'sass-rails', '~> 6.0' # Use Uglifier as compressor for JavaScript assets diff --git a/Gemfile.lock b/Gemfile.lock index 16090f1..c09f718 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -217,7 +217,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.3.0) + puma (5.3.1) nio4r (~> 2.0) racc (1.5.2) rack (2.2.3) @@ -386,7 +386,7 @@ DEPENDENCIES paperclip-meta! pg! pry-rails! - puma (~> 5.0)! + puma (~> 5.3)! rails (~> 6.0.3)! rails-erd! repost! From f8bc51b023fe1789cf57d33c5d543fc2b7f1fe4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 May 2021 08:51:16 +0000 Subject: [PATCH 02/76] Bump nokogiri from 1.11.3 to 1.11.4 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.3 to 1.11.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.3...v1.11.4) Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 16090f1..9c13616 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -177,10 +177,10 @@ GEM multipart-post (2.1.1) newrelic_rpm (7.0.0) nio4r (2.5.7) - nokogiri (1.11.3) + nokogiri (1.11.4) mini_portile2 (~> 2.5.0) racc (~> 1.4) - nokogiri (1.11.3-x86_64-linux) + nokogiri (1.11.4-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From 2df970042272765f17441efdb2ae93aa30f267b6 Mon Sep 17 00:00:00 2001 From: James Hulme Date: Wed, 26 May 2021 12:04:45 +0100 Subject: [PATCH 03/76] Sentry config --- Gemfile | 4 ++++ Gemfile.lock | 15 ++++++++++++--- config/initializers/sentry.rb | 6 ++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 config/initializers/sentry.rb diff --git a/Gemfile b/Gemfile index e2dfbbc..144dcbf 100644 --- a/Gemfile +++ b/Gemfile @@ -42,6 +42,10 @@ source 'https://rubygems.org' do # New Relic monitoring gem 'newrelic_rpm' + # Error reporting + gem 'sentry-rails' + gem 'sentry-ruby' + # https://github.com/advisories/GHSA-vr8q-g5c7-m54m gem "nokogiri", ">= 1.11.0.rc4" diff --git a/Gemfile.lock b/Gemfile.lock index 86523d4..8234cfc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,3 @@ -GEM - specs: - GEM remote: https://rubygems.org/ specs: @@ -324,6 +321,16 @@ GEM selenium-webdriver (3.142.7) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) + sentry-rails (4.4.0) + railties (>= 5.0) + sentry-ruby-core (~> 4.4.0.pre.beta) + sentry-ruby (4.4.2) + concurrent-ruby (~> 1.0, >= 1.0.2) + faraday (>= 1.0) + sentry-ruby-core (= 4.4.2) + sentry-ruby-core (4.4.2) + concurrent-ruby + faraday simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) @@ -399,6 +406,8 @@ DEPENDENCIES rubocop-rspec! sass-rails (~> 6.0)! selenium-webdriver! + sentry-rails! + sentry-ruby! turbolinks (~> 5)! uglifier (>= 1.3.0)! webdrivers (~> 4.4)! diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb new file mode 100644 index 0000000..60d8991 --- /dev/null +++ b/config/initializers/sentry.rb @@ -0,0 +1,6 @@ +return unless ENV['SENTRY_DSN'] + +Sentry.init do |config| + config.dsn = ENV['SENTRY_DSN'] + config.breadcrumbs_logger = [:active_support_logger] +end From d601bdb582870734e8110fb016eaac9649638e5a Mon Sep 17 00:00:00 2001 From: James Hulme Date: Wed, 2 Jun 2021 12:34:49 +0100 Subject: [PATCH 04/76] Re-add blank entry to Gemfile.lock Heroku refuses to deploy without it.... --- Gemfile.lock | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index 8234cfc..9bc4be8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,6 @@ +GEM + specs: + GEM remote: https://rubygems.org/ specs: From 430f33215d718737e2416bc306f54d98c392324f Mon Sep 17 00:00:00 2001 From: James Hulme Date: Wed, 2 Jun 2021 12:45:30 +0100 Subject: [PATCH 05/76] Specifiy ruby version in Gemfile It's what heroku uses --- .ruby-version | 1 - Gemfile | 2 ++ Gemfile.lock | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) delete mode 100644 .ruby-version diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index 2c9b4ef..0000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.7.3 diff --git a/Gemfile b/Gemfile index 144dcbf..df66b16 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ +ruby "2.7.3" + source 'https://rubygems.org' do gem 'rails', '~> 6.0.3' diff --git a/Gemfile.lock b/Gemfile.lock index 9bc4be8..7e17cf5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -415,5 +415,8 @@ DEPENDENCIES uglifier (>= 1.3.0)! webdrivers (~> 4.4)! +RUBY VERSION + ruby 2.7.3p183 + BUNDLED WITH 2.2.17 From c9df4456d79e8e4cfaebe5cceb54525a9ce73130 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Wed, 14 Jul 2021 14:40:56 +0100 Subject: [PATCH 06/76] trying to update addressable --- Gemfile.lock | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7e17cf5..5e8ec0f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,3 @@ -GEM - specs: - GEM remote: https://rubygems.org/ specs: @@ -61,7 +58,7 @@ GEM zeitwerk (~> 2.2, >= 2.2.2) acts-as-taggable-on (7.0.0) activerecord (>= 5.0, < 6.2) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) aws-eventstream (1.1.1) From aabe21c336eed14f131f5d1e275fa5367d0d4c7f Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Wed, 14 Jul 2021 15:39:32 +0100 Subject: [PATCH 07/76] specs thing --- Gemfile.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index 5e8ec0f..11217f1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,5 @@ +GEM + specs: GEM remote: https://rubygems.org/ specs: From e474665379c23f4aab801bd8acf699d64b7c2431 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 7 Sep 2021 11:03:23 +0100 Subject: [PATCH 08/76] * allow a custom header to be specified that will be used to fetch the source address of the request in IP based security checks --- app/controllers/application_controller.rb | 14 +++++++++++++- spec/features/ip_restrictions_spec.rb | 9 +++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f642256..f342f8e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,14 +9,26 @@ def self.permitted_ips_from_env ENV['PERMITTED_IPS'] end + def self.client_ip_header_from_env + ENV['CLIENT_IP_HEADER'] + end + private def check_permitted_ips return if Rails.env.development? return if self.class.permitted_ips_from_env.blank? + if !self.class.client_ip_header_from_env + ip_to_verify = request.ip + else + ip_to_verify = request.headers[self.class.client_ip_header_from_env] + end + + Rails.logger.debug("check_permitted_ips: checking ip: #{ip_to_verify}") + ip_addresses = list_of_permitted_ips( self.class.permitted_ips_from_env ) - return if ip_addresses.include? request.ip + return if ip_addresses.include? ip_to_verify render plain: 'Access Denied', status: :unauthorized end diff --git a/spec/features/ip_restrictions_spec.rb b/spec/features/ip_restrictions_spec.rb index ac55680..4eaa978 100644 --- a/spec/features/ip_restrictions_spec.rb +++ b/spec/features/ip_restrictions_spec.rb @@ -43,4 +43,13 @@ expect( page ).to have_text 'Access Denied' end + + it 'Disallows a non matching ip in a different header with basic permitted-IPs list' do + allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') + allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '' ) + + visit '/' + + expect( page ).to have_text 'Access Denied' + end end From 9fd54ad281a53923fc640cfaf5dc47df205b7fbb Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 7 Sep 2021 11:12:08 +0100 Subject: [PATCH 09/76] * set headers and add success case test --- spec/features/ip_restrictions_spec.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/spec/features/ip_restrictions_spec.rb b/spec/features/ip_restrictions_spec.rb index 4eaa978..5bc7e38 100644 --- a/spec/features/ip_restrictions_spec.rb +++ b/spec/features/ip_restrictions_spec.rb @@ -44,12 +44,23 @@ expect( page ).to have_text 'Access Denied' end - it 'Disallows a non matching ip in a different header with basic permitted-IPs list' do + it 'Disallows a non matching ip in a custom header with basic permitted-IPs list' do allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '' ) + page.set_headers("CF-Connecting-Ip" => '127.0.0.1') visit '/' expect( page ).to have_text 'Access Denied' end + + it 'Allows a matching ip in a custom header with basic permitted-IPs list' do + allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') + allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) + + page.set_headers("CF-Connecting-Ip" => '127.0.0.1') + visit '/' + + expect( page ).to have_css 'a[href="/search"]' + end end From 9a239ffb6efb8e28b61ed3f2fd454f5c2d886ccd Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 7 Sep 2021 11:12:32 +0100 Subject: [PATCH 10/76] * make rubohitler happy --- app/controllers/application_controller.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f342f8e..a18a44b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -19,11 +19,7 @@ def check_permitted_ips return if Rails.env.development? return if self.class.permitted_ips_from_env.blank? - if !self.class.client_ip_header_from_env - ip_to_verify = request.ip - else - ip_to_verify = request.headers[self.class.client_ip_header_from_env] - end + ip_to_verify = self.class.client_ip_header_from_env ? request.headers[self.class.client_ip_header_from_env] : request.ip Rails.logger.debug("check_permitted_ips: checking ip: #{ip_to_verify}") From 95836e38ab8d45422ae7120bf1cca9c90a111c95 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 7 Sep 2021 11:19:30 +0100 Subject: [PATCH 11/76] * try different way of setting header --- spec/features/ip_restrictions_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/features/ip_restrictions_spec.rb b/spec/features/ip_restrictions_spec.rb index 5bc7e38..79766ab 100644 --- a/spec/features/ip_restrictions_spec.rb +++ b/spec/features/ip_restrictions_spec.rb @@ -48,7 +48,7 @@ allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '' ) - page.set_headers("CF-Connecting-Ip" => '127.0.0.1') + Capybara.current_session.driver.header('CF-Connecting-Ip', '127.0.0.1') visit '/' expect( page ).to have_text 'Access Denied' @@ -58,7 +58,7 @@ allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) - page.set_headers("CF-Connecting-Ip" => '127.0.0.1') + Capybara.current_session.driver.header('CF-Connecting-Ip', '127.0.0.1') visit '/' expect( page ).to have_css 'a[href="/search"]' From af2578a26df176fc558e864ba85ed823f0b57659 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Wed, 8 Sep 2021 16:35:06 +0100 Subject: [PATCH 12/76] * very simple support for running rubocop, tests and app within docker --- Dockerfile | 22 ++++++++++++++++++ docker-compose.yml | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..bb569ae --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +# This Dockerfile is intended for local development. Since many (most) orgs using speakout have a deployment +# target of Heroku, this Dockerfile uses a Heroku image as a base. At the time of writing, the latest Heroku stack +# is Heroku-20 + +FROM circleci/ruby:2.7.3-node-browsers + +USER root +RUN mkdir /app +WORKDIR /app + +# As this is a dev container we are keeping the installation of app +# dependencies (via bundle and yarn), and the mounting of the source +# code external to the container build +#ENV PATH="/usr/local/lib/ruby/gems/bin:${PATH}" +RUN sudo mkdir /bundle +ENV BUNDLE_PATH=/bundle +ENV GEM_HOME=/bundle +RUN bundle config set path '/bundle' + +RUN mkdir -p /tmp/sockets + +CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..796898c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,58 @@ +version: '3' + +x-service-fragments: + ##### Abstract services for common setup ##### + app: &app + image: ruby + networks: + - default + volumes: + # Use cached bind mount for mac performance + - '.:/app:cached' + # use separate volume for gems and node packages to make development nicer + - bundle_cache:/bundle + - node_cache:/app/node_modules + - webdriver_cache:/root/.webdrivers + # use separate volume for bootsnap cache for performance... + - tmp_cache:/app/tmp/cache + +services: + ##### Concrete services ##### + postgres: + image: 'postgres:9.6-alpine' + environment: + # The Postgres image uses these to create a db user - note the user/pass here should match that in your env file! + - POSTGRES_USER=user + - POSTGRES_PASSWORD=password + - POSTGRES_DB=mahbucket_test + volumes: + - 'postgres:/var/lib/postgresql/data' + + web: + <<: *app + build: + dockerfile: Dockerfile + context: . + ports: + # Use a default port of 3005, but allow it to be overriden by an env variable + # E.g. `PORT=3001 docker-compose up` + - '${PORT:-3005}:3000' + stdin_open: true + tty: true + depends_on: + - postgres + environment: + - DATABASE_URL=postgres://user:password@postgres/mahbucket + - RACK_ENV=test + - RAILS_ENV=test + - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true + command: sh -c 'bundle check || bundle install && bundle exec rails webdrivers:chromedriver:update db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && puma -C ./config/puma.rb' + + +volumes: + postgres: + bundle_cache: + node_cache: + tmp_cache: + webdriver_cache: + From 85b47d21f9155f6d79cc15894979d22babbddffc Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Mon, 13 Sep 2021 09:47:21 +0100 Subject: [PATCH 13/76] * Add SKIP_AUTH flag to aid local dev and testing * Change ip_restrictions_spec.rb to request spec from feature spec as SKIP_AUTH means that it no longer needs JS to function --- .rubocop.yml | 2 +- Gemfile.lock | 2 -- README.md | 10 ++++++ app/controllers/application_controller.rb | 4 +++ ...on_migration.acts_as_taggable_on_engine.rb | 2 +- docker-compose.yml | 1 + .../ip_restrictions_spec.rb | 34 ++++++++----------- 7 files changed, 32 insertions(+), 23 deletions(-) rename spec/{features => requests}/ip_restrictions_spec.rb (69%) diff --git a/.rubocop.yml b/.rubocop.yml index 76cebc3..15d168b 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -33,7 +33,7 @@ Metrics/BlockLength: # This set of tests use IP addresses for good reasons Style/IpAddresses: Exclude: - - spec/features/ip_restrictions_spec.rb + - spec/requests/ip_restrictions_spec.rb # This might be worth enabling at some point? Bundler/GemVersion: diff --git a/Gemfile.lock b/Gemfile.lock index 11217f1..5e8ec0f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,3 @@ -GEM - specs: GEM remote: https://rubygems.org/ specs: diff --git a/README.md b/README.md index 9007e59..409601c 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,16 @@ currently using Ruby 2.7.1 and Rails 6.0.3 - so it should have a fairly wide compatibility range. If you find a version of either that it won't run with, please let me know. +## Running locally +If you are docker enabled then there is a very simple docker compose +setup that when run will run rubocop, rspecs and if successful launch +the app. + +Run with +``` +docker compose up +``` + ## System dependencies diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a18a44b..84f552e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -53,6 +53,10 @@ def handle_ip_list_with_comments( permitted_ips ) end def authenticate + if Rails.env.test? && ENV['SKIP_AUTH'] + session[:email] = 'admin@example.com' + return + end return if session[:email] return if /google_oauth2/.match?(request.path) diff --git a/db/migrate/20170112140910_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb b/db/migrate/20170112140910_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb index 6bbd559..ad52220 100644 --- a/db/migrate/20170112140910_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb +++ b/db/migrate/20170112140910_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb @@ -1,5 +1,5 @@ # This migration comes from acts_as_taggable_on_engine (originally 1) -class ActsAsTaggableOnMigration < ActiveRecord::Migration +class ActsAsTaggableOnMigration < ActiveRecord::Migration[5.0] def self.up create_table :tags do |t| t.string :name diff --git a/docker-compose.yml b/docker-compose.yml index 796898c..c73c9ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,6 +46,7 @@ services: - RACK_ENV=test - RAILS_ENV=test - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true + - SKIP_AUTH=true command: sh -c 'bundle check || bundle install && bundle exec rails webdrivers:chromedriver:update db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && puma -C ./config/puma.rb' diff --git a/spec/features/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb similarity index 69% rename from spec/features/ip_restrictions_spec.rb rename to spec/requests/ip_restrictions_spec.rb index 79766ab..a876ec1 100644 --- a/spec/features/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -1,28 +1,27 @@ require 'rails_helper' -RSpec.describe "User attempts to view items", type: :feature, js: true do +RSpec.describe "User attempts to view items", type: :request do it 'allows anyone if there are no permitted-IPs list' do allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( nil ) - visit '/' - - expect( page ).to have_css 'a[href="/search"]' + get '/' + expect( response.body ).to have_css 'a[href="/search"]' end it 'allows a matching ip with basic permitted-IPs list' do allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) - visit '/' + get '/' - expect( page ).to have_css 'a[href="/search"]' + expect( response.body ).to have_css 'a[href="/search"]' end it 'allows a matching ip with bracketed notes' do allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1 (localhost)' ) - visit '/' + get '/' - expect( page ).to have_css 'a[href="/search"]' + expect( response.body ).to have_css 'a[href="/search"]' end it 'allows a matching ip with multi-line permitted-IPs list in place' do @@ -31,36 +30,33 @@ 19.168.0.1 # local netblock PERMITTED_IPS - visit '/' + get '/' - expect( page ).to have_css 'a[href="/search"]' + expect( response.body ).to have_css 'a[href="/search"]' end it 'blocks non-matching permitted-IPs' do allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '1.3.3.7' ) - visit '/' + get '/' - expect( page ).to have_text 'Access Denied' + expect( response.body ).to have_text 'Access Denied' end it 'Disallows a non matching ip in a custom header with basic permitted-IPs list' do allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '' ) + get '/', headers: {'CF-Connecting-Ip' => '127.0.0.1' } - Capybara.current_session.driver.header('CF-Connecting-Ip', '127.0.0.1') - visit '/' - - expect( page ).to have_text 'Access Denied' + expect( response.body ).to have_text 'Access Denied' end it 'Allows a matching ip in a custom header with basic permitted-IPs list' do allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) - Capybara.current_session.driver.header('CF-Connecting-Ip', '127.0.0.1') - visit '/' + get '/', headers: {'CF-Connecting-Ip' => '127.0.0.1' } - expect( page ).to have_css 'a[href="/search"]' + expect( response.body ).to have_css 'a[href="/search"]' end end From 822f847479d0d58cfdb26b48f7f4f99fc7d2c9cf Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Mon, 13 Sep 2021 09:58:34 +0100 Subject: [PATCH 14/76] * comment fix, remove redundent sudo --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index bb569ae..f86ae41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ -# This Dockerfile is intended for local development. Since many (most) orgs using speakout have a deployment -# target of Heroku, this Dockerfile uses a Heroku image as a base. At the time of writing, the latest Heroku stack -# is Heroku-20 +# This Dockerfile uses a circleci image for convenience. FROM circleci/ruby:2.7.3-node-browsers @@ -12,7 +10,7 @@ WORKDIR /app # dependencies (via bundle and yarn), and the mounting of the source # code external to the container build #ENV PATH="/usr/local/lib/ruby/gems/bin:${PATH}" -RUN sudo mkdir /bundle +RUN mkdir /bundle ENV BUNDLE_PATH=/bundle ENV GEM_HOME=/bundle RUN bundle config set path '/bundle' From 49d5c4ced90827e330de1438b660456c7dcd060c Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Mon, 13 Sep 2021 10:01:37 +0100 Subject: [PATCH 15/76] * remove redendent webdriver install as its included in circleci image --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c73c9ab..5d8f60e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,7 +47,7 @@ services: - RAILS_ENV=test - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true - SKIP_AUTH=true - command: sh -c 'bundle check || bundle install && bundle exec rails webdrivers:chromedriver:update db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && puma -C ./config/puma.rb' + command: sh -c 'bundle check || bundle install && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && puma -C ./config/puma.rb' volumes: From 10b5cbe1771d55a0f0e4b4261d1237780d7a6b7f Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 09:42:42 +0100 Subject: [PATCH 16/76] * avoid stale X11 lock files --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5d8f60e..87a5aac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,7 +47,7 @@ services: - RAILS_ENV=test - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true - SKIP_AUTH=true - command: sh -c 'bundle check || bundle install && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && puma -C ./config/puma.rb' + command: sh -c 'bundle check || bundle install && rm -f /tmp/.X99-lock && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && bundle exec puma -C ./config/puma.rb' volumes: From a1dc516444dfef5e75622b45bc62a09894f61d8b Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 09:43:00 +0100 Subject: [PATCH 17/76] * empty permitted ips disables features, so put in an ip --- spec/requests/ip_restrictions_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/requests/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb index a876ec1..bfb4dda 100644 --- a/spec/requests/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -45,7 +45,7 @@ it 'Disallows a non matching ip in a custom header with basic permitted-IPs list' do allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') - allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '' ) + allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '192.168.0.1' ) get '/', headers: {'CF-Connecting-Ip' => '127.0.0.1' } expect( response.body ).to have_text 'Access Denied' From bc676f0c4fcd8625218572489257036828ec4bd1 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 09:43:19 +0100 Subject: [PATCH 18/76] * more useful debug logging --- app/controllers/application_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 84f552e..80e5929 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -21,9 +21,10 @@ def check_permitted_ips ip_to_verify = self.class.client_ip_header_from_env ? request.headers[self.class.client_ip_header_from_env] : request.ip - Rails.logger.debug("check_permitted_ips: checking ip: #{ip_to_verify}") - ip_addresses = list_of_permitted_ips( self.class.permitted_ips_from_env ) + + Rails.logger.debug("check_permitted_ips: checking ip: #{ip_to_verify} against #{ip_addresses}") + return if ip_addresses.include? ip_to_verify render plain: 'Access Denied', status: :unauthorized From 26a99a3107c7197f730b424aee848150f06c33c6 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 10:00:14 +0100 Subject: [PATCH 19/76] * store test logs --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1d4fc97..b9c3e77 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,3 +37,5 @@ jobs: - ruby/rubocop-check - ruby/rspec-test + - store_artifacts: + path: ./log/ From 2c9c4db08d8f9bf52c64685844be04bd269e996f Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 10:02:00 +0100 Subject: [PATCH 20/76] * store test logs --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b9c3e77..8c79743 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -38,4 +38,4 @@ jobs: - ruby/rubocop-check - ruby/rspec-test - store_artifacts: - path: ./log/ + path: ./log/ From 019fd9de1008f8209c5acf3dec4ca036d442c1f2 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 10:33:38 +0100 Subject: [PATCH 21/76] * store test logs --- spec/requests/ip_restrictions_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/requests/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb index bfb4dda..6c2d352 100644 --- a/spec/requests/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -52,6 +52,7 @@ end it 'Allows a matching ip in a custom header with basic permitted-IPs list' do + Rails.logger.debug("Allows a matching ip in a custom header with basic permitted-IPs list") allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) From 5a50e816bf64a3c352c7b37e7500bd8098230c66 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 16:04:20 +0100 Subject: [PATCH 22/76] * debugging to help circlci troubleshooting --- spec/requests/ip_restrictions_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/requests/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb index 6c2d352..bbd7712 100644 --- a/spec/requests/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -58,6 +58,7 @@ get '/', headers: {'CF-Connecting-Ip' => '127.0.0.1' } + Rails.logger.debug("BODY: #{response.body}") expect( response.body ).to have_css 'a[href="/search"]' end end From 56f8c122a9b6d70c7e8ed3a3568ae9a2bad51cd1 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 16:16:02 +0100 Subject: [PATCH 23/76] * set SKIP_AUTH=true for circleci tests to match local --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8c79743..be8d957 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,6 +13,7 @@ jobs: - RACK_ENV=test - RAILS_ENV=test - DATABASE_URL=postgres://testuser:testpass@127.0.0.1:5432/mahbucket_test + - SKIP_AUTH=true - image: circleci/postgres:10-alpine-ram environment: From 4868c15ca8f4d0d5a577f0a9f63e6bc275ffc361 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 16:19:25 +0100 Subject: [PATCH 24/76] * remove temp logging --- spec/requests/ip_restrictions_spec.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/requests/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb index bbd7712..bfb4dda 100644 --- a/spec/requests/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -52,13 +52,11 @@ end it 'Allows a matching ip in a custom header with basic permitted-IPs list' do - Rails.logger.debug("Allows a matching ip in a custom header with basic permitted-IPs list") allow( ApplicationController ).to receive( :client_ip_header_from_env ).and_return('CF-Connecting-Ip') allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( '127.0.0.1' ) get '/', headers: {'CF-Connecting-Ip' => '127.0.0.1' } - Rails.logger.debug("BODY: #{response.body}") expect( response.body ).to have_css 'a[href="/search"]' end end From c9106417391a333fc76c3171e0690b82efa25922 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 16:42:02 +0100 Subject: [PATCH 25/76] * heroku spec dance --- Gemfile.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index 5e8ec0f..8d80714 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,4 +1,6 @@ GEM + specs: + remote: https://rubygems.org/ specs: actioncable (6.0.3.7) From bac72c65e5ea98b3e270b03ed6d16344fa964713 Mon Sep 17 00:00:00 2001 From: Ian Sherratt Date: Tue, 14 Sep 2021 16:42:53 +0100 Subject: [PATCH 26/76] * heroku spec dance --- Gemfile.lock | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile.lock b/Gemfile.lock index 8d80714..5b5c89a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,7 @@ GEM specs: +GEM remote: https://rubygems.org/ specs: actioncable (6.0.3.7) From e5aa481595096f2f035edcc2dc9142f04301350d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Sep 2021 20:40:48 +0000 Subject: [PATCH 27/76] Bump nokogiri from 1.11.4 to 1.12.5 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.4 to 1.12.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.4...v1.12.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5b5c89a..6165ccd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -170,17 +170,17 @@ GEM nokogiri (~> 1) rake mini_mime (1.1.0) - mini_portile2 (2.5.1) + mini_portile2 (2.6.1) minitest (5.14.4) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) newrelic_rpm (7.0.0) nio4r (2.5.7) - nokogiri (1.11.4) - mini_portile2 (~> 2.5.0) + nokogiri (1.12.5) + mini_portile2 (~> 2.6.1) racc (~> 1.4) - nokogiri (1.11.4-x86_64-linux) + nokogiri (1.12.5-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From 72e09ac07db307142628e71bed778c3d4452d045 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Oct 2021 17:54:27 +0000 Subject: [PATCH 28/76] Bump puma from 5.3.1 to 5.5.1 Bumps [puma](https://github.com/puma/puma) from 5.3.1 to 5.5.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.3.1...v5.5.1) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index df66b16..8d5edaa 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ source 'https://rubygems.org' do # Use postgres as the database for Active Record gem 'pg' # Use Puma as the app server - gem 'puma', '~> 5.3' + gem 'puma', '~> 5.5' # Use SCSS for stylesheets gem 'sass-rails', '~> 6.0' # Use Uglifier as compressor for JavaScript assets diff --git a/Gemfile.lock b/Gemfile.lock index 6165ccd..104b8be 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -176,7 +176,7 @@ GEM multi_xml (0.6.0) multipart-post (2.1.1) newrelic_rpm (7.0.0) - nio4r (2.5.7) + nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) @@ -217,7 +217,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.3.1) + puma (5.5.1) nio4r (~> 2.0) racc (1.5.2) rack (2.2.3) @@ -396,7 +396,7 @@ DEPENDENCIES paperclip-meta! pg! pry-rails! - puma (~> 5.3)! + puma (~> 5.5)! rails (~> 6.0.3)! rails-erd! repost! From 3c587039f0b2ad7a4453c925c7168669ec16d9c0 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 16:44:52 +0000 Subject: [PATCH 29/76] trying some package upgrades --- Dockerfile | 2 +- Gemfile | 20 ++-- Gemfile.lock | 314 +++++++++++++++++++++++++++------------------------ 3 files changed, 177 insertions(+), 159 deletions(-) diff --git a/Dockerfile b/Dockerfile index f86ae41..92a3c7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # This Dockerfile uses a circleci image for convenience. -FROM circleci/ruby:2.7.3-node-browsers +FROM circleci/ruby:3.0.0-node-browsers USER root RUN mkdir /app diff --git a/Gemfile b/Gemfile index 8d5edaa..7639101 100644 --- a/Gemfile +++ b/Gemfile @@ -1,32 +1,32 @@ -ruby "2.7.3" +ruby "3.0.0" source 'https://rubygems.org' do - gem 'rails', '~> 6.0.3' + gem 'rails', '~> 6.1.0' # Use postgres as the database for Active Record gem 'pg' # Use Puma as the app server gem 'puma', '~> 5.5' # Use SCSS for stylesheets - gem 'sass-rails', '~> 6.0' + gem 'sass-rails' # Use Uglifier as compressor for JavaScript assets - gem 'uglifier', '>= 1.3.0' + gem 'uglifier' # Use CoffeeScript for .coffee assets and views - gem 'coffee-rails', '~> 5.0' + gem 'coffee-rails' # Use jquery as the JavaScript library gem 'jquery-rails' # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks - gem 'turbolinks', '~> 5' + gem 'turbolinks' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder - gem 'jbuilder', '~> 2.10' + gem 'jbuilder' # Use Redis adapter to run Action Cable in production # gem 'redis', '~> 3.0' # Use ActiveModel has_secure_password # gem 'bcrypt', '~> 3.1.7' # Authenticate via Google OAuth - gem 'omniauth', '~> 1.9.1' + gem 'omniauth', '>= 1.9.1' gem 'omniauth-google-oauth2' gem 'repost' @@ -57,11 +57,11 @@ source 'https://rubygems.org' do gem 'bundler-audit', require: false gem 'capybara' gem 'pry-rails' - gem 'rspec-rails', '~> 4.0' + gem 'rspec-rails' end group :development do - gem 'listen', '~> 3.2.1' + gem 'listen' gem 'rails-erd' gem 'rubocop', require: false gem 'rubocop-performance', require: false diff --git a/Gemfile.lock b/Gemfile.lock index 104b8be..80902ef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,99 +4,104 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.7) - actionpack (= 6.0.3.7) + actioncable (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.7) - actionpack (= 6.0.3.7) - activejob (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) + actionmailbox (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (>= 2.7.1) - actionmailer (6.0.3.7) - actionpack (= 6.0.3.7) - actionview (= 6.0.3.7) - activejob (= 6.0.3.7) + actionmailer (6.1.4.1) + actionpack (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.7) - actionview (= 6.0.3.7) - activesupport (= 6.0.3.7) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.4.1) + actionview (= 6.1.4.1) + activesupport (= 6.1.4.1) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.7) - actionpack (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) + actiontext (6.1.4.1) + actionpack (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) nokogiri (>= 1.8.5) - actionview (6.0.3.7) - activesupport (= 6.0.3.7) + actionview (6.1.4.1) + activesupport (= 6.1.4.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.7) - activesupport (= 6.0.3.7) + activejob (6.1.4.1) + activesupport (= 6.1.4.1) globalid (>= 0.3.6) - activemodel (6.0.3.7) - activesupport (= 6.0.3.7) - activerecord (6.0.3.7) - activemodel (= 6.0.3.7) - activesupport (= 6.0.3.7) - activestorage (6.0.3.7) - actionpack (= 6.0.3.7) - activejob (= 6.0.3.7) - activerecord (= 6.0.3.7) + activemodel (6.1.4.1) + activesupport (= 6.1.4.1) + activerecord (6.1.4.1) + activemodel (= 6.1.4.1) + activesupport (= 6.1.4.1) + activestorage (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activesupport (= 6.1.4.1) marcel (~> 1.0.0) - activesupport (6.0.3.7) + mini_mime (>= 1.1.0) + activesupport (6.1.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - acts-as-taggable-on (7.0.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + acts-as-taggable-on (8.1.0) activerecord (>= 5.0, < 6.2) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) - aws-eventstream (1.1.1) - aws-partitions (1.452.0) - aws-sdk-core (3.114.0) + aws-eventstream (1.2.0) + aws-partitions (1.532.0) + aws-sdk-core (3.122.1) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.43.0) - aws-sdk-core (~> 3, >= 3.112.0) + aws-sdk-kms (1.51.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.94.1) - aws-sdk-core (~> 3, >= 3.112.0) + aws-sdk-s3 (1.106.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sdk-kms (~> 1) - aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.3) + aws-sigv4 (~> 1.4) + aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) - brakeman (5.0.1) + brakeman (5.1.2) builder (3.2.4) - bundler-audit (0.8.0) + bundler-audit (0.9.0.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - capybara (3.35.3) + capybara (3.36.0) addressable + matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - childprocess (3.0.0) + childprocess (4.1.0) choice (0.2.0) climate_control (0.2.0) - codecov (0.5.2) + codecov (0.6.0) simplecov (>= 0.15, < 0.22) coderay (1.1.3) coffee-rails (5.0.0) @@ -106,7 +111,7 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crass (1.0.6) database_cleaner (2.0.1) database_cleaner-active_record (~> 2.0.0) @@ -115,32 +120,42 @@ GEM database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) diff-lcs (1.4.4) - docile (1.3.5) + docile (1.4.0) erubi (1.10.0) - execjs (2.7.0) - faraday (1.4.1) + execjs (2.8.1) + faraday (1.8.0) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0.1) faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.1) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) + faraday-httpclient (1.0.1) faraday-net_http (1.0.1) - faraday-net_http_persistent (1.1.0) - ffi (1.15.0) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.10) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + ffi (1.15.4) + globalid (0.5.2) + activesupport (>= 5.0) + hashie (5.0.0) + i18n (1.8.11) concurrent-ruby (~> 1.0) - jbuilder (2.11.2) + jbuilder (2.11.3) activesupport (>= 5.0.0) jmespath (1.4.0) jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jwt (2.2.3) + jwt (2.3.0) kaminari (1.2.1) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.1) @@ -153,29 +168,30 @@ GEM activerecord kaminari-core (= 1.2.1) kaminari-core (1.2.1) - listen (3.2.1) + listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.9.1) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) + matrix (0.4.2) method_source (1.0.0) - mime-types (3.3.1) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) + mime-types-data (3.2021.1115) mimemagic (0.3.10) nokogiri (~> 1) rake - mini_mime (1.1.0) + mini_mime (1.1.2) mini_portile2 (2.6.1) minitest (5.14.4) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - newrelic_rpm (7.0.0) + newrelic_rpm (8.1.0) nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) @@ -188,15 +204,16 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.1) + omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-google-oauth2 (0.8.2) + rack-protection + omniauth-google-oauth2 (1.0.0) jwt (>= 2.0) oauth2 (~> 1.1) - omniauth (~> 1.1) - omniauth-oauth2 (>= 1.6) - omniauth-oauth2 (1.7.1) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.7.1) + omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) paperclip (6.1.0) @@ -207,8 +224,8 @@ GEM terrapin (~> 0.6.0) paperclip-meta (3.1.0) paperclip (>= 5.0) - parallel (1.20.1) - parser (3.0.1.1) + parallel (1.21.0) + parser (3.0.2.0) ast (~> 2.4.1) pg (1.2.3) pry (0.14.1) @@ -217,26 +234,28 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.5.1) + puma (5.5.2) nio4r (~> 2.0) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) + rack-protection (2.1.0) + rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.7) - actioncable (= 6.0.3.7) - actionmailbox (= 6.0.3.7) - actionmailer (= 6.0.3.7) - actionpack (= 6.0.3.7) - actiontext (= 6.0.3.7) - actionview (= 6.0.3.7) - activejob (= 6.0.3.7) - activemodel (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) - bundler (>= 1.3.0) - railties (= 6.0.3.7) + rails (6.1.4.1) + actioncable (= 6.1.4.1) + actionmailbox (= 6.1.4.1) + actionmailer (= 6.1.4.1) + actionpack (= 6.1.4.1) + actiontext (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activemodel (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) + bundler (>= 1.15.0) + railties (= 6.1.4.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -246,21 +265,21 @@ GEM activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.0.3.7) - actionpack (= 6.0.3.7) - activesupport (= 6.0.3.7) + railties (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 0.13) + thor (~> 1.0) rainbow (3.0.0) - rake (13.0.3) + rake (13.0.6) rb-fsevent (0.11.0) rb-inotify (0.10.1) ffi (~> 1.0) regexp_parser (2.1.1) - repost (0.3.6) + repost (0.3.8) rexml (3.2.5) rspec (3.10.0) rspec-core (~> 3.10.0) @@ -274,43 +293,42 @@ GEM rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-rails (4.1.2) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) + rspec-rails (5.0.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + railties (>= 5.2) rspec-core (~> 3.10) rspec-expectations (~> 3.10) rspec-mocks (~> 3.10) rspec-support (~> 3.10) - rspec-support (3.10.2) + rspec-support (3.10.3) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.14.0) + rubocop (1.23.0) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.5.0, < 2.0) + rubocop-ast (>= 1.12.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.5.0) + rubocop-ast (1.13.0) parser (>= 3.0.1.1) - rubocop-performance (1.11.3) + rubocop-performance (1.12.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) - rubocop-rails (2.10.1) + rubocop-rails (2.12.4) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.3.0) - rubocop (~> 1.0) - rubocop-ast (>= 1.1.0) + rubocop-rspec (2.6.0) + rubocop (~> 1.19) ruby-graphviz (1.2.5) rexml ruby-progressbar (1.11.0) - ruby2_keywords (0.0.4) - rubyzip (2.3.0) + ruby2_keywords (0.0.5) + rubyzip (2.3.2) sass-rails (6.0.0) sassc-rails (~> 2.1, >= 2.1.1) sassc (2.4.0) @@ -321,17 +339,18 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (3.142.7) - childprocess (>= 0.5, < 4.0) + selenium-webdriver (4.0.3) + childprocess (>= 0.5, < 5.0) + rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2) - sentry-rails (4.4.0) + sentry-rails (4.8.0) railties (>= 5.0) - sentry-ruby-core (~> 4.4.0.pre.beta) - sentry-ruby (4.4.2) + sentry-ruby-core (~> 4.8.0) + sentry-ruby (4.8.0) concurrent-ruby (~> 1.0, >= 1.0.2) faraday (>= 1.0) - sentry-ruby-core (= 4.4.2) - sentry-ruby-core (4.4.2) + sentry-ruby-core (= 4.8.0) + sentry-ruby-core (4.8.0) concurrent-ruby faraday simplecov (0.21.2) @@ -343,33 +362,32 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.0) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) thor (1.1.0) - thread_safe (0.3.6) tilt (2.0.10) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.9) - thread_safe (~> 0.1) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unicode-display_width (2.0.0) - webdrivers (4.6.0) + unicode-display_width (2.1.0) + webdrivers (4.7.0) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (>= 3.0, < 4.0) - websocket-driver (0.7.3) + selenium-webdriver (> 3.141, < 5.0) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.4.2) + zeitwerk (2.5.1) PLATFORMS ruby @@ -382,41 +400,41 @@ DEPENDENCIES bundler-audit! capybara! codecov! - coffee-rails (~> 5.0)! + coffee-rails! database_cleaner! - jbuilder (~> 2.10)! + jbuilder! jquery-rails! kaminari! - listen (~> 3.2.1)! + listen! newrelic_rpm! nokogiri (>= 1.11.0.rc4)! - omniauth (~> 1.9.1)! + omniauth (>= 1.9.1)! omniauth-google-oauth2! paperclip (~> 6.1.0)! paperclip-meta! pg! pry-rails! puma (~> 5.5)! - rails (~> 6.0.3)! + rails (~> 6.1.0)! rails-erd! repost! rspec! - rspec-rails (~> 4.0)! + rspec-rails! rspec_junit_formatter! rubocop! rubocop-performance! rubocop-rails! rubocop-rspec! - sass-rails (~> 6.0)! + sass-rails! selenium-webdriver! sentry-rails! sentry-ruby! - turbolinks (~> 5)! - uglifier (>= 1.3.0)! + turbolinks! + uglifier! webdrivers (~> 4.4)! RUBY VERSION - ruby 2.7.3p183 + ruby 3.0.0p0 BUNDLED WITH 2.2.17 From e5dff4bd7d413497d3fac9cd944d4f77d61175e3 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 16:49:34 +0000 Subject: [PATCH 30/76] circle ci ruby version --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index be8d957..0105e27 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,7 @@ orbs: jobs: build: docker: - - image: circleci/ruby:2.7.3-node-browsers + - image: circleci/ruby:3.0.0-node-browsers environment: - RACK_ENV=test - RAILS_ENV=test From 4e274f5d20c683ffd8bc96a3ee1236ab1fa7e5c2 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 16:53:30 +0000 Subject: [PATCH 31/76] rubocop --- app/controllers/application_controller.rb | 2 +- spec/rails_helper.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 80e5929..7f0f4ab 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -23,7 +23,7 @@ def check_permitted_ips ip_addresses = list_of_permitted_ips( self.class.permitted_ips_from_env ) - Rails.logger.debug("check_permitted_ips: checking ip: #{ip_to_verify} against #{ip_addresses}") + Rails.logger.debug { "check_permitted_ips: checking ip: #{ip_to_verify} against #{ip_addresses}" } return if ip_addresses.include? ip_to_verify diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index db99d8b..801aefc 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -24,7 +24,7 @@ # directory. Alternatively, in the individual `*_spec.rb` files, manually # require only the support files necessary. # -Dir[Rails.root.join('spec/support/**/*.rb')].sort.each { |f| require f } +Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f } # Checks for pending migration and applies them before tests are run. # If you are not using ActiveRecord, you can remove this line. From 270f6411047e2c76b289e55b08a261aee8a40ba2 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 16:59:32 +0000 Subject: [PATCH 32/76] rubocop --- app/controllers/items_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index 130c0d3..a0b1cb4 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -67,7 +67,7 @@ def set_item @item = Item.find(params[:id]) end - # Never trust parameters from the Internet, only allow the whitelist through + # Never trust parameters from the Internet, only allow the safelist through def item_params params.require( :item ).permit( :file, :tag_list ) end From b0d4b3fcfbb45b31ea7ef78dc5444adc1e4fc5ad Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 17:11:49 +0000 Subject: [PATCH 33/76] rubocop ignores --- .rubocop.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.rubocop.yml b/.rubocop.yml index 15d168b..a65ec45 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,3 +1,5 @@ +inherit_from: .rubocop_todo.yml + require: - rubocop-performance - rubocop-rails From a24ae96cd8c2c07f1882c60a4aae89b20601fbaa Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 18 Nov 2021 17:42:39 +0000 Subject: [PATCH 34/76] adding todo file --- .rubocop_todo.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .rubocop_todo.yml diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml new file mode 100644 index 0000000..1c923cb --- /dev/null +++ b/.rubocop_todo.yml @@ -0,0 +1,12 @@ +# This configuration was generated by +# `rubocop --auto-gen-config` +# on 2021-11-18 17:08:54 UTC using RuboCop version 1.23.0. +# The point is for the user to remove these configuration records +# one by one as the offenses are removed from the code base. +# Note that changes in the inspected code, or installation of new +# versions of RuboCop, may require this file to be generated again. + +# Offense count: 1 +Style/TopLevelMethodDefinition: + Exclude: + - 'spec/support/capybara.rb' From 0dc6bf111950e314b85839988f623f834aedbd31 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 22 Nov 2021 11:40:29 +0000 Subject: [PATCH 35/76] trying to update omniauth --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 7639101..f42a419 100644 --- a/Gemfile +++ b/Gemfile @@ -26,7 +26,7 @@ source 'https://rubygems.org' do # gem 'bcrypt', '~> 3.1.7' # Authenticate via Google OAuth - gem 'omniauth', '>= 1.9.1' + gem 'omniauth', '~> 2.0' gem 'omniauth-google-oauth2' gem 'repost' diff --git a/Gemfile.lock b/Gemfile.lock index 80902ef..07f8633 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -408,7 +408,7 @@ DEPENDENCIES listen! newrelic_rpm! nokogiri (>= 1.11.0.rc4)! - omniauth (>= 1.9.1)! + omniauth (~> 2.0)! omniauth-google-oauth2! paperclip (~> 6.1.0)! paperclip-meta! From 5d84028966587700a502ff4e75e00ec790d28f91 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 22 Nov 2021 12:12:00 +0000 Subject: [PATCH 36/76] trying kt paperclip --- Gemfile | 5 +++-- Gemfile.lock | 17 +++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index f42a419..031db6e 100644 --- a/Gemfile +++ b/Gemfile @@ -32,8 +32,9 @@ source 'https://rubygems.org' do # Store files on Amazon S3 gem 'aws-sdk-s3' - gem 'paperclip', '~> 6.1.0' - gem 'paperclip-meta' + gem "kt-paperclip", "~> 6.4", ">= 6.4.1" + #gem 'paperclip', '~> 6.1.0' + #gem 'paperclip-meta' # Add tag features gem 'acts-as-taggable-on' diff --git a/Gemfile.lock b/Gemfile.lock index 07f8633..21e1ee3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -168,6 +168,12 @@ GEM activerecord kaminari-core (= 1.2.1) kaminari-core (1.2.1) + kt-paperclip (6.4.1) + activemodel (>= 4.2.0) + activesupport (>= 4.2.0) + mime-types + mimemagic (~> 0.3.0) + terrapin (~> 0.6.0) listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -216,14 +222,6 @@ GEM omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) - paperclip (6.1.0) - activemodel (>= 4.2.0) - activesupport (>= 4.2.0) - mime-types - mimemagic (~> 0.3.0) - terrapin (~> 0.6.0) - paperclip-meta (3.1.0) - paperclip (>= 5.0) parallel (1.21.0) parser (3.0.2.0) ast (~> 2.4.1) @@ -405,13 +403,12 @@ DEPENDENCIES jbuilder! jquery-rails! kaminari! + kt-paperclip (~> 6.4, >= 6.4.1)! listen! newrelic_rpm! nokogiri (>= 1.11.0.rc4)! omniauth (~> 2.0)! omniauth-google-oauth2! - paperclip (~> 6.1.0)! - paperclip-meta! pg! pry-rails! puma (~> 5.5)! From a6216037c335c82e67347871bb2c8711cb48c2e8 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 22 Nov 2021 12:15:43 +0000 Subject: [PATCH 37/76] rubocop --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 031db6e..5da6679 100644 --- a/Gemfile +++ b/Gemfile @@ -33,8 +33,8 @@ source 'https://rubygems.org' do # Store files on Amazon S3 gem 'aws-sdk-s3' gem "kt-paperclip", "~> 6.4", ">= 6.4.1" - #gem 'paperclip', '~> 6.1.0' - #gem 'paperclip-meta' + # gem 'paperclip', '~> 6.1.0' + # gem 'paperclip-meta' # Add tag features gem 'acts-as-taggable-on' From ad7f05f741f3d5c111faccecef70a656e4f160b7 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 22 Nov 2021 12:26:10 +0000 Subject: [PATCH 38/76] putting paperclipmeta back --- Gemfile | 2 +- Gemfile.lock | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 5da6679..b15ebdb 100644 --- a/Gemfile +++ b/Gemfile @@ -34,7 +34,7 @@ source 'https://rubygems.org' do gem 'aws-sdk-s3' gem "kt-paperclip", "~> 6.4", ">= 6.4.1" # gem 'paperclip', '~> 6.1.0' - # gem 'paperclip-meta' + gem 'paperclip-meta' # Add tag features gem 'acts-as-taggable-on' diff --git a/Gemfile.lock b/Gemfile.lock index 21e1ee3..db83037 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -222,6 +222,14 @@ GEM omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) + paperclip (6.1.0) + activemodel (>= 4.2.0) + activesupport (>= 4.2.0) + mime-types + mimemagic (~> 0.3.0) + terrapin (~> 0.6.0) + paperclip-meta (3.1.0) + paperclip (>= 5.0) parallel (1.21.0) parser (3.0.2.0) ast (~> 2.4.1) @@ -409,6 +417,7 @@ DEPENDENCIES nokogiri (>= 1.11.0.rc4)! omniauth (~> 2.0)! omniauth-google-oauth2! + paperclip-meta! pg! pry-rails! puma (~> 5.5)! From 2d16d9a186586702e8fbafae29f852e88ddfac15 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 22 Nov 2021 12:39:01 +0000 Subject: [PATCH 39/76] newer paperclip --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index b15ebdb..6746690 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ source 'https://rubygems.org' do # Store files on Amazon S3 gem 'aws-sdk-s3' - gem "kt-paperclip", "~> 6.4", ">= 6.4.1" + gem "kt-paperclip", '>= 7.0.1' # gem 'paperclip', '~> 6.1.0' gem 'paperclip-meta' diff --git a/Gemfile.lock b/Gemfile.lock index db83037..92bf24c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -168,11 +168,11 @@ GEM activerecord kaminari-core (= 1.2.1) kaminari-core (1.2.1) - kt-paperclip (6.4.1) + kt-paperclip (7.0.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) + marcel (~> 1.0.1) mime-types - mimemagic (~> 0.3.0) terrapin (~> 0.6.0) listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) @@ -411,7 +411,7 @@ DEPENDENCIES jbuilder! jquery-rails! kaminari! - kt-paperclip (~> 6.4, >= 6.4.1)! + kt-paperclip (>= 7.0.1)! listen! newrelic_rpm! nokogiri (>= 1.11.0.rc4)! From 1e188b6e18c1bd72e8d6d839047ce9804fa8f1b4 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Tue, 23 Nov 2021 12:57:42 +0000 Subject: [PATCH 40/76] new paperclip meta --- Gemfile | 4 ++-- Gemfile.lock | 18 +++++++----------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 6746690..88a875d 100644 --- a/Gemfile +++ b/Gemfile @@ -34,8 +34,8 @@ source 'https://rubygems.org' do gem 'aws-sdk-s3' gem "kt-paperclip", '>= 7.0.1' # gem 'paperclip', '~> 6.1.0' - gem 'paperclip-meta' - + # gem 'paperclip-meta' + gem 'paperclip-meta', git: 'https://github.com/GoodMeasuresLLC/paperclip-meta' # Add tag features gem 'acts-as-taggable-on' diff --git a/Gemfile.lock b/Gemfile.lock index 92bf24c..1bbbe0e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,10 @@ +GIT + remote: https://github.com/GoodMeasuresLLC/paperclip-meta + revision: 71ca62d8479a9a4787d902413906a38e42c9230d + specs: + paperclip-meta (3.1.0) + kt-paperclip (>= 7.0) + GEM specs: @@ -188,9 +195,6 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2021.1115) - mimemagic (0.3.10) - nokogiri (~> 1) - rake mini_mime (1.1.2) mini_portile2 (2.6.1) minitest (5.14.4) @@ -222,14 +226,6 @@ GEM omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) - paperclip (6.1.0) - activemodel (>= 4.2.0) - activesupport (>= 4.2.0) - mime-types - mimemagic (~> 0.3.0) - terrapin (~> 0.6.0) - paperclip-meta (3.1.0) - paperclip (>= 5.0) parallel (1.21.0) parser (3.0.2.0) ast (~> 2.4.1) From bc21a14bf6fea2dd154d233b8e835b0fbdfd8dd7 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Tue, 23 Nov 2021 14:14:29 +0000 Subject: [PATCH 41/76] comments about why paperclipmeta ;) --- Gemfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 88a875d..5fbd506 100644 --- a/Gemfile +++ b/Gemfile @@ -33,8 +33,10 @@ source 'https://rubygems.org' do # Store files on Amazon S3 gem 'aws-sdk-s3' gem "kt-paperclip", '>= 7.0.1' - # gem 'paperclip', '~> 6.1.0' - # gem 'paperclip-meta' + # Paperclip is no longer maintained and isn't compatible with Ruby 3. + # so we switched to kt-paperclip. Sadly we use paperclip-meta for width and height + # and thats tied to the original paperclip and the author refused the PR that fixes This + # so we're now using a version that someone else has fixed! gem 'paperclip-meta', git: 'https://github.com/GoodMeasuresLLC/paperclip-meta' # Add tag features gem 'acts-as-taggable-on' From f617aa596ff33bffb08fa82675c56f96295e556b Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Tue, 23 Nov 2021 14:15:47 +0000 Subject: [PATCH 42/76] grammar --- Gemfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 5fbd506..3132b8b 100644 --- a/Gemfile +++ b/Gemfile @@ -34,9 +34,9 @@ source 'https://rubygems.org' do gem 'aws-sdk-s3' gem "kt-paperclip", '>= 7.0.1' # Paperclip is no longer maintained and isn't compatible with Ruby 3. - # so we switched to kt-paperclip. Sadly we use paperclip-meta for width and height - # and thats tied to the original paperclip and the author refused the PR that fixes This - # so we're now using a version that someone else has fixed! + # We switched to kt-paperclip. Sadly we use paperclip-meta for width and height + # which istied to the original paperclip. The author refused the PR that fixes this + # so we're now using a version that someone else has fixed! gem 'paperclip-meta', git: 'https://github.com/GoodMeasuresLLC/paperclip-meta' # Add tag features gem 'acts-as-taggable-on' From dc2b4a5e1db411ddd612eba87583b5b07cf4e8a9 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Tue, 23 Nov 2021 14:17:53 +0000 Subject: [PATCH 43/76] sanity ;) --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 3132b8b..853e4c1 100644 --- a/Gemfile +++ b/Gemfile @@ -32,11 +32,11 @@ source 'https://rubygems.org' do # Store files on Amazon S3 gem 'aws-sdk-s3' - gem "kt-paperclip", '>= 7.0.1' # Paperclip is no longer maintained and isn't compatible with Ruby 3. # We switched to kt-paperclip. Sadly we use paperclip-meta for width and height - # which istied to the original paperclip. The author refused the PR that fixes this + # which is tied to the original paperclip. The author refused the PR that fixes this # so we're now using a version that someone else has fixed! + gem "kt-paperclip", '>= 7.0.1' gem 'paperclip-meta', git: 'https://github.com/GoodMeasuresLLC/paperclip-meta' # Add tag features gem 'acts-as-taggable-on' From 68f595d9ce324b5fafb73bed5374b9b9dcd3a725 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 21:47:37 +0000 Subject: [PATCH 44/76] Bump puma from 5.5.2 to 5.6.2 Bumps [puma](https://github.com/puma/puma) from 5.5.2 to 5.6.2. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.5.2...v5.6.2) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 853e4c1..c3f5611 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ source 'https://rubygems.org' do # Use postgres as the database for Active Record gem 'pg' # Use Puma as the app server - gem 'puma', '~> 5.5' + gem 'puma', '~> 5.6' # Use SCSS for stylesheets gem 'sass-rails' # Use Uglifier as compressor for JavaScript assets diff --git a/Gemfile.lock b/Gemfile.lock index 1bbbe0e..949adad 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -236,7 +236,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.5.2) + puma (5.6.2) nio4r (~> 2.0) racc (1.6.0) rack (2.2.3) @@ -416,7 +416,7 @@ DEPENDENCIES paperclip-meta! pg! pry-rails! - puma (~> 5.5)! + puma (~> 5.6)! rails (~> 6.1.0)! rails-erd! repost! From fd8529d507dd48d57d1bdb94f635be28e1d9cff2 Mon Sep 17 00:00:00 2001 From: James Hulme Date: Thu, 17 Feb 2022 17:14:03 +0000 Subject: [PATCH 45/76] Update rails from 6.1.4.1 to 6.1.4.6 Fix CVE-2022-23633 and CVE-2021-44528 --- Gemfile.lock | 128 +++++++++++++++++++++++++-------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 949adad..d6f284d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.4.1) - actionpack (= 6.1.4.1) - activesupport (= 6.1.4.1) + actioncable (6.1.4.6) + actionpack (= 6.1.4.6) + activesupport (= 6.1.4.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4.1) - actionpack (= 6.1.4.1) - activejob (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionmailbox (6.1.4.6) + actionpack (= 6.1.4.6) + activejob (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) mail (>= 2.7.1) - actionmailer (6.1.4.1) - actionpack (= 6.1.4.1) - actionview (= 6.1.4.1) - activejob (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionmailer (6.1.4.6) + actionpack (= 6.1.4.6) + actionview (= 6.1.4.6) + activejob (= 6.1.4.6) + activesupport (= 6.1.4.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.4.1) - actionview (= 6.1.4.1) - activesupport (= 6.1.4.1) + actionpack (6.1.4.6) + actionview (= 6.1.4.6) + activesupport (= 6.1.4.6) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4.1) - actionpack (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + actiontext (6.1.4.6) + actionpack (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) nokogiri (>= 1.8.5) - actionview (6.1.4.1) - activesupport (= 6.1.4.1) + actionview (6.1.4.6) + activesupport (= 6.1.4.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.4.1) - activesupport (= 6.1.4.1) + activejob (6.1.4.6) + activesupport (= 6.1.4.6) globalid (>= 0.3.6) - activemodel (6.1.4.1) - activesupport (= 6.1.4.1) - activerecord (6.1.4.1) - activemodel (= 6.1.4.1) - activesupport (= 6.1.4.1) - activestorage (6.1.4.1) - actionpack (= 6.1.4.1) - activejob (= 6.1.4.1) - activerecord (= 6.1.4.1) - activesupport (= 6.1.4.1) + activemodel (6.1.4.6) + activesupport (= 6.1.4.6) + activerecord (6.1.4.6) + activemodel (= 6.1.4.6) + activesupport (= 6.1.4.6) + activestorage (6.1.4.6) + actionpack (= 6.1.4.6) + activejob (= 6.1.4.6) + activerecord (= 6.1.4.6) + activesupport (= 6.1.4.6) marcel (~> 1.0.0) mini_mime (>= 1.1.0) - activesupport (6.1.4.1) + activesupport (6.1.4.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -150,10 +150,10 @@ GEM faraday-patron (1.0.0) faraday-rack (1.0.0) ffi (1.15.4) - globalid (0.5.2) + globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.8.11) + i18n (1.10.0) concurrent-ruby (~> 1.0) jbuilder (2.11.3) activesupport (>= 5.0.0) @@ -184,7 +184,7 @@ GEM listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.12.0) + loofah (2.14.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -196,17 +196,17 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2021.1115) mini_mime (1.1.2) - mini_portile2 (2.6.1) - minitest (5.14.4) + mini_portile2 (2.7.1) + minitest (5.15.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.13.1) + mini_portile2 (~> 2.7.0) racc (~> 1.4) - nokogiri (1.12.5-x86_64-linux) + nokogiri (1.13.1-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) @@ -244,20 +244,20 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.4.1) - actioncable (= 6.1.4.1) - actionmailbox (= 6.1.4.1) - actionmailer (= 6.1.4.1) - actionpack (= 6.1.4.1) - actiontext (= 6.1.4.1) - actionview (= 6.1.4.1) - activejob (= 6.1.4.1) - activemodel (= 6.1.4.1) - activerecord (= 6.1.4.1) - activestorage (= 6.1.4.1) - activesupport (= 6.1.4.1) + rails (6.1.4.6) + actioncable (= 6.1.4.6) + actionmailbox (= 6.1.4.6) + actionmailer (= 6.1.4.6) + actionpack (= 6.1.4.6) + actiontext (= 6.1.4.6) + actionview (= 6.1.4.6) + activejob (= 6.1.4.6) + activemodel (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) bundler (>= 1.15.0) - railties (= 6.1.4.1) + railties (= 6.1.4.6) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -269,9 +269,9 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.4.1) - actionpack (= 6.1.4.1) - activesupport (= 6.1.4.1) + railties (6.1.4.6) + actionpack (= 6.1.4.6) + activesupport (= 6.1.4.6) method_source rake (>= 0.13) thor (~> 1.0) @@ -364,13 +364,13 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.4.0) + sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) - thor (1.1.0) + thor (1.2.1) tilt (2.0.10) turbolinks (5.2.1) turbolinks-source (~> 5.2) @@ -389,7 +389,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.5.1) + zeitwerk (2.5.4) PLATFORMS ruby From 8bb0045c1429c6c52197733eaa96e00c7928e9c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Feb 2022 12:34:34 +0000 Subject: [PATCH 46/76] Bump nokogiri from 1.13.1 to 1.13.2 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.1 to 1.13.2. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.1...v1.13.2) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d6f284d..fa0c264 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -196,17 +196,17 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2021.1115) mini_mime (1.1.2) - mini_portile2 (2.7.1) + mini_portile2 (2.8.0) minitest (5.15.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.13.1) - mini_portile2 (~> 2.7.0) + nokogiri (1.13.2) + mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.1-x86_64-linux) + nokogiri (1.13.2-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From 39a068ab1b05cb55cdfd79010d1c7f7a493eed38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Mar 2022 22:20:19 +0000 Subject: [PATCH 47/76] Bump puma from 5.6.2 to 5.6.4 Bumps [puma](https://github.com/puma/puma) from 5.6.2 to 5.6.4. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.6.2...v5.6.4) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index fa0c264..fc9268c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -236,7 +236,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.6.2) + puma (5.6.4) nio4r (~> 2.0) racc (1.6.0) rack (2.2.3) From 2c120d9ec1d8d86fba3d6161354db386f060af34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Apr 2022 10:20:03 +0000 Subject: [PATCH 48/76] Bump nokogiri from 1.13.2 to 1.13.4 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.2 to 1.13.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.2...v1.13.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index fc9268c..de69bae 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -203,10 +203,10 @@ GEM multipart-post (2.1.1) newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.13.2) + nokogiri (1.13.4) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.2-x86_64-linux) + nokogiri (1.13.4-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From d92304589424ae6752b410dc1131c01b6dd16fc2 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 25 Apr 2022 15:30:10 +0100 Subject: [PATCH 49/76] updating rails --- Gemfile.lock | 116 +++++++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index de69bae..e9b40c5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.4.6) - actionpack (= 6.1.4.6) - activesupport (= 6.1.4.6) + actioncable (6.1.5) + actionpack (= 6.1.5) + activesupport (= 6.1.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4.6) - actionpack (= 6.1.4.6) - activejob (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) + actionmailbox (6.1.5) + actionpack (= 6.1.5) + activejob (= 6.1.5) + activerecord (= 6.1.5) + activestorage (= 6.1.5) + activesupport (= 6.1.5) mail (>= 2.7.1) - actionmailer (6.1.4.6) - actionpack (= 6.1.4.6) - actionview (= 6.1.4.6) - activejob (= 6.1.4.6) - activesupport (= 6.1.4.6) + actionmailer (6.1.5) + actionpack (= 6.1.5) + actionview (= 6.1.5) + activejob (= 6.1.5) + activesupport (= 6.1.5) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.4.6) - actionview (= 6.1.4.6) - activesupport (= 6.1.4.6) + actionpack (6.1.5) + actionview (= 6.1.5) + activesupport (= 6.1.5) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4.6) - actionpack (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) + actiontext (6.1.5) + actionpack (= 6.1.5) + activerecord (= 6.1.5) + activestorage (= 6.1.5) + activesupport (= 6.1.5) nokogiri (>= 1.8.5) - actionview (6.1.4.6) - activesupport (= 6.1.4.6) + actionview (6.1.5) + activesupport (= 6.1.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.4.6) - activesupport (= 6.1.4.6) + activejob (6.1.5) + activesupport (= 6.1.5) globalid (>= 0.3.6) - activemodel (6.1.4.6) - activesupport (= 6.1.4.6) - activerecord (6.1.4.6) - activemodel (= 6.1.4.6) - activesupport (= 6.1.4.6) - activestorage (6.1.4.6) - actionpack (= 6.1.4.6) - activejob (= 6.1.4.6) - activerecord (= 6.1.4.6) - activesupport (= 6.1.4.6) - marcel (~> 1.0.0) + activemodel (6.1.5) + activesupport (= 6.1.5) + activerecord (6.1.5) + activemodel (= 6.1.5) + activesupport (= 6.1.5) + activestorage (6.1.5) + actionpack (= 6.1.5) + activejob (= 6.1.5) + activerecord (= 6.1.5) + activesupport (= 6.1.5) + marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.4.6) + activesupport (6.1.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -118,7 +118,7 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.9) + concurrent-ruby (1.1.10) crass (1.0.6) database_cleaner (2.0.1) database_cleaner-active_record (~> 2.0.0) @@ -184,7 +184,7 @@ GEM listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.14.0) + loofah (2.16.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -244,20 +244,20 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.4.6) - actioncable (= 6.1.4.6) - actionmailbox (= 6.1.4.6) - actionmailer (= 6.1.4.6) - actionpack (= 6.1.4.6) - actiontext (= 6.1.4.6) - actionview (= 6.1.4.6) - activejob (= 6.1.4.6) - activemodel (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) + rails (6.1.5) + actioncable (= 6.1.5) + actionmailbox (= 6.1.5) + actionmailer (= 6.1.5) + actionpack (= 6.1.5) + actiontext (= 6.1.5) + actionview (= 6.1.5) + activejob (= 6.1.5) + activemodel (= 6.1.5) + activerecord (= 6.1.5) + activestorage (= 6.1.5) + activesupport (= 6.1.5) bundler (>= 1.15.0) - railties (= 6.1.4.6) + railties (= 6.1.5) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -269,11 +269,11 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.4.6) - actionpack (= 6.1.4.6) - activesupport (= 6.1.4.6) + railties (6.1.5) + actionpack (= 6.1.5) + activesupport (= 6.1.5) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) rainbow (3.0.0) rake (13.0.6) @@ -361,7 +361,7 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.3) - sprockets (4.0.2) + sprockets (4.0.3) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.4.2) From b4500f8430e7c09f522c2d33a1e1292a1f99dd81 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Tue, 3 May 2022 11:02:13 +0100 Subject: [PATCH 50/76] upgrade rails --- Gemfile.lock | 108 +++++++++++++++++++++++++-------------------------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e9b40c5..a837a04 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.5) - actionpack (= 6.1.5) - activesupport (= 6.1.5) + actioncable (6.1.5.1) + actionpack (= 6.1.5.1) + activesupport (= 6.1.5.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.5) - actionpack (= 6.1.5) - activejob (= 6.1.5) - activerecord (= 6.1.5) - activestorage (= 6.1.5) - activesupport (= 6.1.5) + actionmailbox (6.1.5.1) + actionpack (= 6.1.5.1) + activejob (= 6.1.5.1) + activerecord (= 6.1.5.1) + activestorage (= 6.1.5.1) + activesupport (= 6.1.5.1) mail (>= 2.7.1) - actionmailer (6.1.5) - actionpack (= 6.1.5) - actionview (= 6.1.5) - activejob (= 6.1.5) - activesupport (= 6.1.5) + actionmailer (6.1.5.1) + actionpack (= 6.1.5.1) + actionview (= 6.1.5.1) + activejob (= 6.1.5.1) + activesupport (= 6.1.5.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.5) - actionview (= 6.1.5) - activesupport (= 6.1.5) + actionpack (6.1.5.1) + actionview (= 6.1.5.1) + activesupport (= 6.1.5.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.5) - actionpack (= 6.1.5) - activerecord (= 6.1.5) - activestorage (= 6.1.5) - activesupport (= 6.1.5) + actiontext (6.1.5.1) + actionpack (= 6.1.5.1) + activerecord (= 6.1.5.1) + activestorage (= 6.1.5.1) + activesupport (= 6.1.5.1) nokogiri (>= 1.8.5) - actionview (6.1.5) - activesupport (= 6.1.5) + actionview (6.1.5.1) + activesupport (= 6.1.5.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.5) - activesupport (= 6.1.5) + activejob (6.1.5.1) + activesupport (= 6.1.5.1) globalid (>= 0.3.6) - activemodel (6.1.5) - activesupport (= 6.1.5) - activerecord (6.1.5) - activemodel (= 6.1.5) - activesupport (= 6.1.5) - activestorage (6.1.5) - actionpack (= 6.1.5) - activejob (= 6.1.5) - activerecord (= 6.1.5) - activesupport (= 6.1.5) + activemodel (6.1.5.1) + activesupport (= 6.1.5.1) + activerecord (6.1.5.1) + activemodel (= 6.1.5.1) + activesupport (= 6.1.5.1) + activestorage (6.1.5.1) + actionpack (= 6.1.5.1) + activejob (= 6.1.5.1) + activerecord (= 6.1.5.1) + activesupport (= 6.1.5.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.5) + activesupport (6.1.5.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -184,7 +184,7 @@ GEM listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.16.0) + loofah (2.17.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -244,20 +244,20 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.5) - actioncable (= 6.1.5) - actionmailbox (= 6.1.5) - actionmailer (= 6.1.5) - actionpack (= 6.1.5) - actiontext (= 6.1.5) - actionview (= 6.1.5) - activejob (= 6.1.5) - activemodel (= 6.1.5) - activerecord (= 6.1.5) - activestorage (= 6.1.5) - activesupport (= 6.1.5) + rails (6.1.5.1) + actioncable (= 6.1.5.1) + actionmailbox (= 6.1.5.1) + actionmailer (= 6.1.5.1) + actionpack (= 6.1.5.1) + actiontext (= 6.1.5.1) + actionview (= 6.1.5.1) + activejob (= 6.1.5.1) + activemodel (= 6.1.5.1) + activerecord (= 6.1.5.1) + activestorage (= 6.1.5.1) + activesupport (= 6.1.5.1) bundler (>= 1.15.0) - railties (= 6.1.5) + railties (= 6.1.5.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -269,9 +269,9 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.5) - actionpack (= 6.1.5) - activesupport (= 6.1.5) + railties (6.1.5.1) + actionpack (= 6.1.5.1) + activesupport (= 6.1.5.1) method_source rake (>= 12.2) thor (~> 1.0) From b7026d679bbf5ffd33b08e6da37ff09109d8572e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 May 2022 05:26:07 +0000 Subject: [PATCH 51/76] Bump nokogiri from 1.13.4 to 1.13.6 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.6. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.4...v1.13.6) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a837a04..1c80b27 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -203,10 +203,10 @@ GEM multipart-post (2.1.1) newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.13.4) + nokogiri (1.13.6) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.4-x86_64-linux) + nokogiri (1.13.6-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From f07de9cc2c6a4ee167a5db8929c7e18e61b4327e Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 6 Jun 2022 12:54:01 +0100 Subject: [PATCH 52/76] updating rack and others as a side effect --- Gemfile.lock | 110 +++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1c80b27..28d18b0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.5.1) - actionpack (= 6.1.5.1) - activesupport (= 6.1.5.1) + actioncable (6.1.6) + actionpack (= 6.1.6) + activesupport (= 6.1.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.5.1) - actionpack (= 6.1.5.1) - activejob (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionmailbox (6.1.6) + actionpack (= 6.1.6) + activejob (= 6.1.6) + activerecord (= 6.1.6) + activestorage (= 6.1.6) + activesupport (= 6.1.6) mail (>= 2.7.1) - actionmailer (6.1.5.1) - actionpack (= 6.1.5.1) - actionview (= 6.1.5.1) - activejob (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionmailer (6.1.6) + actionpack (= 6.1.6) + actionview (= 6.1.6) + activejob (= 6.1.6) + activesupport (= 6.1.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.5.1) - actionview (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionpack (6.1.6) + actionview (= 6.1.6) + activesupport (= 6.1.6) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.5.1) - actionpack (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + actiontext (6.1.6) + actionpack (= 6.1.6) + activerecord (= 6.1.6) + activestorage (= 6.1.6) + activesupport (= 6.1.6) nokogiri (>= 1.8.5) - actionview (6.1.5.1) - activesupport (= 6.1.5.1) + actionview (6.1.6) + activesupport (= 6.1.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.5.1) - activesupport (= 6.1.5.1) + activejob (6.1.6) + activesupport (= 6.1.6) globalid (>= 0.3.6) - activemodel (6.1.5.1) - activesupport (= 6.1.5.1) - activerecord (6.1.5.1) - activemodel (= 6.1.5.1) - activesupport (= 6.1.5.1) - activestorage (6.1.5.1) - actionpack (= 6.1.5.1) - activejob (= 6.1.5.1) - activerecord (= 6.1.5.1) - activesupport (= 6.1.5.1) + activemodel (6.1.6) + activesupport (= 6.1.6) + activerecord (6.1.6) + activemodel (= 6.1.6) + activesupport (= 6.1.6) + activestorage (6.1.6) + actionpack (= 6.1.6) + activejob (= 6.1.6) + activerecord (= 6.1.6) + activesupport (= 6.1.6) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.5.1) + activesupport (6.1.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -184,7 +184,7 @@ GEM listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.17.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -239,25 +239,25 @@ GEM puma (5.6.4) nio4r (~> 2.0) racc (1.6.0) - rack (2.2.3) + rack (2.2.3.1) rack-protection (2.1.0) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.5.1) - actioncable (= 6.1.5.1) - actionmailbox (= 6.1.5.1) - actionmailer (= 6.1.5.1) - actionpack (= 6.1.5.1) - actiontext (= 6.1.5.1) - actionview (= 6.1.5.1) - activejob (= 6.1.5.1) - activemodel (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + rails (6.1.6) + actioncable (= 6.1.6) + actionmailbox (= 6.1.6) + actionmailer (= 6.1.6) + actionpack (= 6.1.6) + actiontext (= 6.1.6) + actionview (= 6.1.6) + activejob (= 6.1.6) + activemodel (= 6.1.6) + activerecord (= 6.1.6) + activestorage (= 6.1.6) + activesupport (= 6.1.6) bundler (>= 1.15.0) - railties (= 6.1.5.1) + railties (= 6.1.6) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -269,9 +269,9 @@ GEM ruby-graphviz (~> 1.2) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.5.1) - actionpack (= 6.1.5.1) - activesupport (= 6.1.5.1) + railties (6.1.6) + actionpack (= 6.1.6) + activesupport (= 6.1.6) method_source rake (>= 12.2) thor (~> 1.0) From 427abb4705bbbdf98f3829e0c22c5fe2868fbcd1 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Thu, 7 Jul 2022 16:31:31 +0100 Subject: [PATCH 53/76] update Gemfile.lock --- Gemfile.lock | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b5683e2..92eab33 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -157,7 +157,7 @@ GEM concurrent-ruby (~> 1.0) jbuilder (2.11.3) activesupport (>= 5.0.0) - jmespath (1.4.0) + jmespath (1.6.1) jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) @@ -194,7 +194,6 @@ GEM method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.1115) mini_mime (1.1.2) mini_portile2 (2.8.0) From 05e9dc5e784aa23efc1ac5c4fba023982649924c Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Fri, 8 Jul 2022 12:33:36 +0100 Subject: [PATCH 54/76] updating rails --- Gemfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 92eab33..2b70b14 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -197,7 +197,7 @@ GEM mime-types-data (3.2021.1115) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.15.0) + minitest (5.16.2) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) @@ -239,11 +239,11 @@ GEM puma (5.6.4) nio4r (~> 2.0) racc (1.6.0) - rack (2.2.3.1) + rack (2.2.4) rack-protection (2.1.0) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.0.2) + rack (>= 1.3) rails (6.1.6) actioncable (= 6.1.6) actionmailbox (= 6.1.6) @@ -267,7 +267,7 @@ GEM activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) railties (6.1.6) actionpack (= 6.1.6) @@ -361,7 +361,7 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.3) - sprockets (4.0.3) + sprockets (4.1.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.4.2) @@ -389,7 +389,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.5.4) + zeitwerk (2.6.0) PLATFORMS ruby From 2d7a407d715c9e50669fe3edbbe21ed146f66ab1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Oct 2022 03:16:34 +0000 Subject: [PATCH 55/76] Bump nokogiri from 1.13.6 to 1.13.9 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.6 to 1.13.9. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.6...v1.13.9) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2b70b14..d84e1e9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -203,10 +203,10 @@ GEM multipart-post (2.1.1) newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.13.6) + nokogiri (1.13.9) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.6-x86_64-linux) + nokogiri (1.13.9-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) From f5fd7f42c0d23cce7c6c831a465f2e1faf60b5ab Mon Sep 17 00:00:00 2001 From: Tamsin <55600993+weatherpixie@users.noreply.github.com> Date: Thu, 19 Jan 2023 16:30:42 +0000 Subject: [PATCH 56/76] Add storage.yml file required by rails 6.1 and pass csrf token to google oauth callback to fix broken auth (#55) --- Gemfile | 1 + Gemfile.lock | 4 ++ app/controllers/application_controller.rb | 5 +- config/storage.yml | 21 +++++++ public/403.html | 67 +++++++++++++++++++++++ 5 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 config/storage.yml create mode 100644 public/403.html diff --git a/Gemfile b/Gemfile index c3f5611..4fd80ad 100644 --- a/Gemfile +++ b/Gemfile @@ -28,6 +28,7 @@ source 'https://rubygems.org' do # Authenticate via Google OAuth gem 'omniauth', '~> 2.0' gem 'omniauth-google-oauth2' + gem 'omniauth-rails_csrf_protection' gem 'repost' # Store files on Amazon S3 diff --git a/Gemfile.lock b/Gemfile.lock index d84e1e9..f6143b9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -226,6 +226,9 @@ GEM omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) + omniauth-rails_csrf_protection (1.0.1) + actionpack (>= 4.2) + omniauth (~> 2.0) parallel (1.21.0) parser (3.0.2.0) ast (~> 2.4.1) @@ -413,6 +416,7 @@ DEPENDENCIES nokogiri (>= 1.11.0.rc4)! omniauth (~> 2.0)! omniauth-google-oauth2! + omniauth-rails_csrf_protection! paperclip-meta! pg! pry-rails! diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7f0f4ab..826d878 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,7 +12,7 @@ def self.permitted_ips_from_env def self.client_ip_header_from_env ENV['CLIENT_IP_HEADER'] end - + private def check_permitted_ips @@ -24,7 +24,6 @@ def check_permitted_ips ip_addresses = list_of_permitted_ips( self.class.permitted_ips_from_env ) Rails.logger.debug { "check_permitted_ips: checking ip: #{ip_to_verify} against #{ip_addresses}" } - return if ip_addresses.include? ip_to_verify render plain: 'Access Denied', status: :unauthorized @@ -61,6 +60,6 @@ def authenticate return if session[:email] return if /google_oauth2/.match?(request.path) - redirect_post '/auth/google_oauth2' + redirect_post('/auth/google_oauth2', options: {authenticity_token: :auto}) end end diff --git a/config/storage.yml b/config/storage.yml new file mode 100644 index 0000000..d52c199 --- /dev/null +++ b/config/storage.yml @@ -0,0 +1,21 @@ +default: &default + adapter: postgresql + pool: 5 + timeout: 5000 + encoding: utf8 + +development: + <<: *default + database: mahbucket_dev + +# Warning: The database defined as "test" will be erased and +# re-generated from your development database when you run "rake". +# Do not set this db to the same as development or production. +test: + <<: *default + database: mahbucket_test + +# This should be overridden by DATABASE_URL in your ENV +production: + <<: *default + database: mahbucket diff --git a/public/403.html b/public/403.html new file mode 100644 index 0000000..8d8f069 --- /dev/null +++ b/public/403.html @@ -0,0 +1,67 @@ + + + + Forbidden (403) + + + + + + +
+
+

Authentication Error

+

oauth may not be correctly configured

+
+

If you are the application owner check the logs for more information.

+
+ + From 5f7097ce9213a0430d4e87feebd21ce3f5a65697 Mon Sep 17 00:00:00 2001 From: Nic Duke <117106845+nicduke38degrees@users.noreply.github.com> Date: Thu, 19 Jan 2023 16:33:37 +0000 Subject: [PATCH 57/76] trello ibtc3t5m: apply dependabot security patches Jan 2023 (#54) --- Gemfile.lock | 152 ++++++++++++++++++++++++++++----------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f6143b9..ed325e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.6) - actionpack (= 6.1.6) - activesupport (= 6.1.6) + actioncable (6.1.7) + actionpack (= 6.1.7) + activesupport (= 6.1.7) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.6) - actionpack (= 6.1.6) - activejob (= 6.1.6) - activerecord (= 6.1.6) - activestorage (= 6.1.6) - activesupport (= 6.1.6) + actionmailbox (6.1.7) + actionpack (= 6.1.7) + activejob (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) mail (>= 2.7.1) - actionmailer (6.1.6) - actionpack (= 6.1.6) - actionview (= 6.1.6) - activejob (= 6.1.6) - activesupport (= 6.1.6) + actionmailer (6.1.7) + actionpack (= 6.1.7) + actionview (= 6.1.7) + activejob (= 6.1.7) + activesupport (= 6.1.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.6) - actionview (= 6.1.6) - activesupport (= 6.1.6) + actionpack (6.1.7) + actionview (= 6.1.7) + activesupport (= 6.1.7) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.6) - actionpack (= 6.1.6) - activerecord (= 6.1.6) - activestorage (= 6.1.6) - activesupport (= 6.1.6) + actiontext (6.1.7) + actionpack (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) nokogiri (>= 1.8.5) - actionview (6.1.6) - activesupport (= 6.1.6) + actionview (6.1.7) + activesupport (= 6.1.7) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.6) - activesupport (= 6.1.6) + activejob (6.1.7) + activesupport (= 6.1.7) globalid (>= 0.3.6) - activemodel (6.1.6) - activesupport (= 6.1.6) - activerecord (6.1.6) - activemodel (= 6.1.6) - activesupport (= 6.1.6) - activestorage (6.1.6) - actionpack (= 6.1.6) - activejob (= 6.1.6) - activerecord (= 6.1.6) - activesupport (= 6.1.6) + activemodel (6.1.7) + activesupport (= 6.1.7) + activerecord (6.1.7) + activemodel (= 6.1.7) + activesupport (= 6.1.7) + activestorage (6.1.7) + actionpack (= 6.1.7) + activejob (= 6.1.7) + activerecord (= 6.1.7) + activesupport (= 6.1.7) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.6) + activesupport (6.1.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -126,9 +126,10 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) + date (3.3.3) diff-lcs (1.4.4) docile (1.4.0) - erubi (1.10.0) + erubi (1.12.0) execjs (2.8.1) faraday (1.8.0) faraday-em_http (~> 1.0) @@ -153,7 +154,7 @@ GEM globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) jbuilder (2.11.3) activesupport (>= 5.0.0) @@ -184,11 +185,14 @@ GEM listen (3.7.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.18.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp marcel (1.0.2) matrix (0.4.2) method_source (1.0.0) @@ -196,17 +200,26 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2021.1115) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.16.2) + mini_portile2 (2.8.1) + minitest (5.17.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) + net-imap (0.3.4) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol newrelic_rpm (8.1.0) nio4r (2.5.8) - nokogiri (1.13.9) + nokogiri (1.14.0) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.9-x86_64-linux) + nokogiri (1.14.0-x86_64-linux) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) @@ -241,26 +254,26 @@ GEM public_suffix (4.0.6) puma (5.6.4) nio4r (~> 2.0) - racc (1.6.0) - rack (2.2.4) + racc (1.6.2) + rack (2.2.5) rack-protection (2.1.0) rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.6) - actioncable (= 6.1.6) - actionmailbox (= 6.1.6) - actionmailer (= 6.1.6) - actionpack (= 6.1.6) - actiontext (= 6.1.6) - actionview (= 6.1.6) - activejob (= 6.1.6) - activemodel (= 6.1.6) - activerecord (= 6.1.6) - activestorage (= 6.1.6) - activesupport (= 6.1.6) + rails (6.1.7) + actioncable (= 6.1.7) + actionmailbox (= 6.1.7) + actionmailer (= 6.1.7) + actionpack (= 6.1.7) + actiontext (= 6.1.7) + actionview (= 6.1.7) + activejob (= 6.1.7) + activemodel (= 6.1.7) + activerecord (= 6.1.7) + activestorage (= 6.1.7) + activesupport (= 6.1.7) bundler (>= 1.15.0) - railties (= 6.1.6) + railties (= 6.1.7) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -270,11 +283,11 @@ GEM activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) - railties (6.1.6) - actionpack (= 6.1.6) - activesupport (= 6.1.6) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) + railties (6.1.7) + actionpack (= 6.1.7) + activesupport (= 6.1.7) method_source rake (>= 12.2) thor (~> 1.0) @@ -364,9 +377,9 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.3) - sprockets (4.1.1) + sprockets (4.2.0) concurrent-ruby (~> 1.0) - rack (> 1, < 3) + rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) @@ -375,10 +388,11 @@ GEM climate_control (>= 0.0.3, < 1.0) thor (1.2.1) tilt (2.0.10) + timeout (0.3.1) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (2.0.4) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) @@ -392,7 +406,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS ruby From 7a2e4334ff274c1c954a1b8f6b0e6b9f52afe742 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Fri, 3 Mar 2023 14:54:00 +0000 Subject: [PATCH 58/76] update rails (and get other stuff for free) --- Gemfile | 2 +- Gemfile.lock | 373 +++++++++++++++++++++++++-------------------------- 2 files changed, 182 insertions(+), 193 deletions(-) diff --git a/Gemfile b/Gemfile index 4fd80ad..913d6f6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ ruby "3.0.0" source 'https://rubygems.org' do - gem 'rails', '~> 6.1.0' + gem 'rails', '~> 6.1.7.1' # Use postgres as the database for Active Record gem 'pg' diff --git a/Gemfile.lock b/Gemfile.lock index ed325e7..ebf854e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,92 +11,92 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + actioncable (6.1.7.2) + actionpack (= 6.1.7.2) + activesupport (= 6.1.7.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actionmailbox (6.1.7.2) + actionpack (= 6.1.7.2) + activejob (= 6.1.7.2) + activerecord (= 6.1.7.2) + activestorage (= 6.1.7.2) + activesupport (= 6.1.7.2) mail (>= 2.7.1) - actionmailer (6.1.7) - actionpack (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activesupport (= 6.1.7) + actionmailer (6.1.7.2) + actionpack (= 6.1.7.2) + actionview (= 6.1.7.2) + activejob (= 6.1.7.2) + activesupport (= 6.1.7.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7) - actionview (= 6.1.7) - activesupport (= 6.1.7) + actionpack (6.1.7.2) + actionview (= 6.1.7.2) + activesupport (= 6.1.7.2) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7) - actionpack (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actiontext (6.1.7.2) + actionpack (= 6.1.7.2) + activerecord (= 6.1.7.2) + activestorage (= 6.1.7.2) + activesupport (= 6.1.7.2) nokogiri (>= 1.8.5) - actionview (6.1.7) - activesupport (= 6.1.7) + actionview (6.1.7.2) + activesupport (= 6.1.7.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7) - activesupport (= 6.1.7) + activejob (6.1.7.2) + activesupport (= 6.1.7.2) globalid (>= 0.3.6) - activemodel (6.1.7) - activesupport (= 6.1.7) - activerecord (6.1.7) - activemodel (= 6.1.7) - activesupport (= 6.1.7) - activestorage (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activesupport (= 6.1.7) + activemodel (6.1.7.2) + activesupport (= 6.1.7.2) + activerecord (6.1.7.2) + activemodel (= 6.1.7.2) + activesupport (= 6.1.7.2) + activestorage (6.1.7.2) + actionpack (= 6.1.7.2) + activejob (= 6.1.7.2) + activerecord (= 6.1.7.2) + activesupport (= 6.1.7.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7) + activesupport (6.1.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - acts-as-taggable-on (8.1.0) - activerecord (>= 5.0, < 6.2) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + acts-as-taggable-on (9.0.1) + activerecord (>= 6.0, < 7.1) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) aws-eventstream (1.2.0) - aws-partitions (1.532.0) - aws-sdk-core (3.122.1) + aws-partitions (1.720.0) + aws-sdk-core (3.170.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.63.0) + aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-kms (1.51.0) - aws-sdk-core (~> 3, >= 3.122.0) - aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.106.0) - aws-sdk-core (~> 3, >= 3.122.0) + aws-sdk-s3 (1.119.1) + aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sigv4 (1.4.0) + aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) - brakeman (5.1.2) + brakeman (5.4.1) builder (3.2.4) - bundler-audit (0.9.0.1) + bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - capybara (3.36.0) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) @@ -105,7 +105,6 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - childprocess (4.1.0) choice (0.2.0) climate_control (0.2.0) codecov (0.6.0) @@ -118,7 +117,7 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) crass (1.0.6) database_cleaner (2.0.1) database_cleaner-active_record (~> 2.0.0) @@ -127,68 +126,55 @@ GEM database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) date (3.3.3) - diff-lcs (1.4.4) + diff-lcs (1.5.0) docile (1.4.0) erubi (1.12.0) execjs (2.8.1) - faraday (1.8.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday (2.7.4) + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) - ffi (1.15.4) - globalid (1.0.0) + faraday-net_http (3.0.2) + ffi (1.15.5) + globalid (1.1.0) activesupport (>= 5.0) hashie (5.0.0) i18n (1.12.0) concurrent-ruby (~> 1.0) - jbuilder (2.11.3) + jbuilder (2.11.5) + actionview (>= 5.0.0) activesupport (>= 5.0.0) - jmespath (1.6.1) - jquery-rails (4.4.0) + jmespath (1.6.2) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jwt (2.3.0) - kaminari (1.2.1) + json (2.6.3) + jwt (2.7.0) + kaminari (1.2.2) activesupport (>= 4.1.0) - kaminari-actionview (= 1.2.1) - kaminari-activerecord (= 1.2.1) - kaminari-core (= 1.2.1) - kaminari-actionview (1.2.1) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) actionview - kaminari-core (= 1.2.1) - kaminari-activerecord (1.2.1) + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) activerecord - kaminari-core (= 1.2.1) - kaminari-core (1.2.1) - kt-paperclip (7.0.1) + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) + kt-paperclip (7.1.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) marcel (~> 1.0.1) mime-types terrapin (~> 0.6.0) - listen (3.7.0) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.8.0.1) + mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop @@ -198,13 +184,11 @@ GEM method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.1115) + mime-types-data (3.2023.0218.1) mini_mime (1.1.2) mini_portile2 (2.8.1) minitest (5.17.0) - multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.1.1) net-imap (0.3.4) date net-protocol @@ -214,137 +198,142 @@ GEM timeout net-smtp (0.3.3) net-protocol - newrelic_rpm (8.1.0) + newrelic_rpm (9.0.0) nio4r (2.5.8) - nokogiri (1.14.0) + nokogiri (1.14.2) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.14.0-x86_64-linux) + nokogiri (1.14.2-x86_64-linux) racc (~> 1.4) - oauth2 (1.4.7) - faraday (>= 0.8, < 2.0) + oauth2 (2.0.9) + faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (2.0.4) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + omniauth (2.1.1) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) rack-protection - omniauth-google-oauth2 (1.0.0) + omniauth-google-oauth2 (1.1.1) jwt (>= 2.0) - oauth2 (~> 1.1) + oauth2 (~> 2.0.6) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.8.0) + omniauth-oauth2 (1.8.0) + oauth2 (>= 1.4, < 3) omniauth (~> 2.0) - omniauth-oauth2 (~> 1.7.1) - omniauth-oauth2 (1.7.2) - oauth2 (~> 1.4) - omniauth (>= 1.9, < 3) omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) - parallel (1.21.0) - parser (3.0.2.0) + parallel (1.22.1) + parser (3.2.1.0) ast (~> 2.4.1) - pg (1.2.3) - pry (0.14.1) + pg (1.4.6) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (4.0.6) - puma (5.6.4) + public_suffix (5.0.1) + puma (5.6.5) nio4r (~> 2.0) racc (1.6.2) - rack (2.2.5) - rack-protection (2.1.0) + rack (2.2.6.3) + rack-protection (3.0.5) rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.7) - actioncable (= 6.1.7) - actionmailbox (= 6.1.7) - actionmailer (= 6.1.7) - actionpack (= 6.1.7) - actiontext (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activemodel (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + rails (6.1.7.2) + actioncable (= 6.1.7.2) + actionmailbox (= 6.1.7.2) + actionmailer (= 6.1.7.2) + actionpack (= 6.1.7.2) + actiontext (= 6.1.7.2) + actionview (= 6.1.7.2) + activejob (= 6.1.7.2) + activemodel (= 6.1.7.2) + activerecord (= 6.1.7.2) + activestorage (= 6.1.7.2) + activesupport (= 6.1.7.2) bundler (>= 1.15.0) - railties (= 6.1.7) + railties (= 6.1.7.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-erd (1.6.1) + rails-erd (1.7.2) activerecord (>= 4.2) activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.4.4) + rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + railties (6.1.7.2) + actionpack (= 6.1.7.2) + activesupport (= 6.1.7.2) method_source rake (>= 12.2) thor (~> 1.0) - rainbow (3.0.0) + rainbow (3.1.1) rake (13.0.6) - rb-fsevent (0.11.0) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.1.1) - repost (0.3.8) + regexp_parser (2.7.0) + repost (0.4.1) rexml (3.2.5) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.1) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (5.0.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) - rspec-support (3.10.3) - rspec_junit_formatter (0.4.1) + rspec-support (~> 3.12.0) + rspec-rails (6.0.1) + actionpack (>= 6.1) + activesupport (>= 6.1) + railties (>= 6.1) + rspec-core (~> 3.11) + rspec-expectations (~> 3.11) + rspec-mocks (~> 3.11) + rspec-support (~> 3.11) + rspec-support (3.12.0) + rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.23.0) + rubocop (1.47.0) + json (~> 2.3) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.2.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.12.0, < 2.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.26.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.13.0) - parser (>= 3.0.1.1) - rubocop-performance (1.12.0) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.27.0) + parser (>= 3.2.1.0) + rubocop-capybara (2.17.1) + rubocop (~> 1.41) + rubocop-performance (1.16.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) - rubocop-rails (2.12.4) + rubocop-rails (2.18.0) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.6.0) - rubocop (~> 1.19) + rubocop (>= 1.33.0, < 2.0) + rubocop-rspec (2.18.1) + rubocop (~> 1.33) + rubocop-capybara (~> 2.17) ruby-graphviz (1.2.5) rexml - ruby-progressbar (1.11.0) + ruby-progressbar (1.12.0) ruby2_keywords (0.0.5) rubyzip (2.3.2) sass-rails (6.0.0) @@ -357,26 +346,24 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.0.3) - childprocess (>= 0.5, < 5.0) + selenium-webdriver (4.8.1) rexml (~> 3.2, >= 3.2.5) - rubyzip (>= 1.2.2) - sentry-rails (4.8.0) + rubyzip (>= 1.2.2, < 3.0) + websocket (~> 1.0) + sentry-rails (5.8.0) railties (>= 5.0) - sentry-ruby-core (~> 4.8.0) - sentry-ruby (4.8.0) + sentry-ruby (~> 5.8.0) + sentry-ruby (5.8.0) concurrent-ruby (~> 1.0, >= 1.0.2) - faraday (>= 1.0) - sentry-ruby-core (= 4.8.0) - sentry-ruby-core (4.8.0) - concurrent-ruby - faraday simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) - simplecov_json_formatter (0.1.3) + simplecov_json_formatter (0.1.4) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) sprockets (4.2.0) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -387,26 +374,28 @@ GEM terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) thor (1.2.1) - tilt (2.0.10) - timeout (0.3.1) + tilt (2.1.0) + timeout (0.3.2) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (2.0.5) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unicode-display_width (2.1.0) + unicode-display_width (2.4.2) + version_gem (1.1.1) webdrivers (4.7.0) nokogiri (~> 1.6) rubyzip (>= 1.3.0) selenium-webdriver (> 3.141, < 5.0) + websocket (1.2.9) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.6) + zeitwerk (2.6.7) PLATFORMS ruby @@ -435,7 +424,7 @@ DEPENDENCIES pg! pry-rails! puma (~> 5.6)! - rails (~> 6.1.0)! + rails (~> 6.1.7.1)! rails-erd! repost! rspec! From 2fbcd7ce75a7b0efda4397483fd786579e8cb0c2 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 6 Mar 2023 14:33:25 +0000 Subject: [PATCH 59/76] ran rubocop --- app/controllers/application_controller.rb | 6 +++--- app/controllers/items_controller.rb | 6 +++--- config/environments/production.rb | 2 +- config/initializers/omniauth.rb | 2 +- config/initializers/sentry.rb | 2 +- spec/features/google_oauth_spec.rb | 2 +- spec/features/user_views_items_spec.rb | 2 +- spec/rails_helper.rb | 4 ++-- spec/requests/ip_restrictions_spec.rb | 2 +- spec/requests/items_spec.rb | 2 +- spec/support/omniauth.rb | 2 +- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 826d878..489f0c3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -6,11 +6,11 @@ class ApplicationController < ActionController::Base before_action :authenticate def self.permitted_ips_from_env - ENV['PERMITTED_IPS'] + ENV.fetch('PERMITTED_IPS', nil) end def self.client_ip_header_from_env - ENV['CLIENT_IP_HEADER'] + ENV.fetch('CLIENT_IP_HEADER', nil) end private @@ -58,7 +58,7 @@ def authenticate return end return if session[:email] - return if /google_oauth2/.match?(request.path) + return if request.path.include?('google_oauth2') redirect_post('/auth/google_oauth2', options: {authenticity_token: :auto}) end diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index a0b1cb4..dad7db9 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -17,6 +17,9 @@ def new @item = Item.new end + # GET /items/1/edit + def edit; end + # POST /items # POST /items.json def create @@ -33,9 +36,6 @@ def create end end - # GET /items/1/edit - def edit; end - # PATCH/PUT /items/1 # PATCH/PUT /items/1.json def update diff --git a/config/environments/production.rb b/config/environments/production.rb index 01dfc64..ac63754 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -74,7 +74,7 @@ config.active_support.deprecation = :notify # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new + config.log_formatter = Logger::Formatter.new # Use a different logger for distributed setups. # require 'syslog/logger' diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 69ccd81..707701b 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -1,3 +1,3 @@ Rails.application.config.middleware.use OmniAuth::Builder do - provider :google_oauth2, ENV['GOOGLE_OAUTH_CLIENT_ID'], ENV['GOOGLE_OAUTH_CLIENT_SECRET'] + provider :google_oauth2, ENV.fetch('GOOGLE_OAUTH_CLIENT_ID', nil), ENV.fetch('GOOGLE_OAUTH_CLIENT_SECRET', nil) end diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 60d8991..5510990 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -1,6 +1,6 @@ return unless ENV['SENTRY_DSN'] Sentry.init do |config| - config.dsn = ENV['SENTRY_DSN'] + config.dsn = ENV.fetch('SENTRY_DSN', nil) config.breadcrumbs_logger = [:active_support_logger] end diff --git a/spec/features/google_oauth_spec.rb b/spec/features/google_oauth_spec.rb index 86de70b..cf0052f 100644 --- a/spec/features/google_oauth_spec.rb +++ b/spec/features/google_oauth_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe "User authentication", type: :feature, js: false do +RSpec.describe "User authentication", js: false do it 'succeeds' do visit '/' expect( page ).to have_http_status :ok diff --git a/spec/features/user_views_items_spec.rb b/spec/features/user_views_items_spec.rb index 0471b96..ecfaebc 100644 --- a/spec/features/user_views_items_spec.rb +++ b/spec/features/user_views_items_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe "User views items", type: :feature, js: true do +RSpec.describe "User views items", js: true do it 'successfully' do visit '/' diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 801aefc..f55ad8e 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -4,8 +4,8 @@ # Prevent database truncation if the environment is production abort("The Rails environment is running in production mode!") if Rails.env.production? -require 'spec_helper' require 'rspec/rails' +require 'spec_helper' # Add additional requires below this line. Rails is not loaded until this point! @@ -32,7 +32,7 @@ RSpec.configure do |config| # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures - config.fixture_path = "#{::Rails.root}/spec/fixtures" + config.fixture_path = "#{Rails.root}/spec/fixtures" # If you're not using ActiveRecord, or you'd prefer not to run each of your # examples within a transaction, remove the following line or assign false diff --git a/spec/requests/ip_restrictions_spec.rb b/spec/requests/ip_restrictions_spec.rb index bfb4dda..2aad5a0 100644 --- a/spec/requests/ip_restrictions_spec.rb +++ b/spec/requests/ip_restrictions_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe "User attempts to view items", type: :request do +RSpec.describe "User attempts to view items" do it 'allows anyone if there are no permitted-IPs list' do allow( ApplicationController ).to receive( :permitted_ips_from_env ).and_return( nil ) diff --git a/spec/requests/items_spec.rb b/spec/requests/items_spec.rb index 43fd4c5..4399e7d 100644 --- a/spec/requests/items_spec.rb +++ b/spec/requests/items_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe 'Create/Update/Delete items', type: :request do +RSpec.describe 'Create/Update/Delete items' do before do allow_any_instance_of( ItemsController ).to receive( :authenticate ).and_return(nil) end diff --git a/spec/support/omniauth.rb b/spec/support/omniauth.rb index bce71bc..22f220f 100644 --- a/spec/support/omniauth.rb +++ b/spec/support/omniauth.rb @@ -5,7 +5,7 @@ uid: '12345', info: { name: 'Alice Tester', - email: "alice@#{ENV['GOOGLE_OAUTH_DOMAIN']}" + email: "alice@#{ENV.fetch('GOOGLE_OAUTH_DOMAIN', nil)}" } } ) From 2d9b3bd404adae6c9b1c64a333105955f348fa62 Mon Sep 17 00:00:00 2001 From: Tamsin Bowles Date: Mon, 6 Mar 2023 15:31:17 +0000 Subject: [PATCH 60/76] rubocop todo --- .rubocop_todo.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 1c923cb..d0aba71 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,11 +1,29 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2021-11-18 17:08:54 UTC using RuboCop version 1.23.0. +# on 2023-03-06 15:31:07 UTC using RuboCop version 1.47.0. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. +# Offense count: 6 +Capybara/SpecificMatcher: + Exclude: + - 'spec/features/user_views_items_spec.rb' + - 'spec/requests/ip_restrictions_spec.rb' + +# Offense count: 1 +# Configuration parameters: EnforcedStyle. +# SupportedStyles: slashes, arguments +Rails/FilePath: + Exclude: + - 'spec/rails_helper.rb' + +# Offense count: 3 +Rails/I18nLocaleTexts: + Exclude: + - 'app/controllers/items_controller.rb' + # Offense count: 1 Style/TopLevelMethodDefinition: Exclude: From bbd29103b22544f1f2453a4549fa5ad754e75621 Mon Sep 17 00:00:00 2001 From: Nic Duke <117106845+nicduke38degrees@users.noreply.github.com> Date: Mon, 24 Jul 2023 13:03:49 +0100 Subject: [PATCH 61/76] SCTTR-157 add github workflow config to auto-approve and auto-merge dependabot PRs (#58) --- .../dependabot-auto-approve-and-merge.yml | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/dependabot-auto-approve-and-merge.yml diff --git a/.github/workflows/dependabot-auto-approve-and-merge.yml b/.github/workflows/dependabot-auto-approve-and-merge.yml new file mode 100644 index 0000000..9ad0d64 --- /dev/null +++ b/.github/workflows/dependabot-auto-approve-and-merge.yml @@ -0,0 +1,50 @@ +name: Dependabot auto-approve and auto-merge +on: pull_request + +permissions: + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a minor|patch PR + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'}} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Merge a minor|patch PR + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Post to Slack + id: slack + uses: slackapi/slack-github-action@v1.24.0 + with: + channel-id: ${{ secrets.TECHTEAM_SLACK_CHANNEL_ID }} + alert-lookup: true + payload: | + { + "text": "Updated dependency ${{ steps.dependabot-metadata.outputs.dependency-names }}", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Updated dependency ${{ steps.dependabot-metadata.outputs.dependency-names }} from ${{steps.dependabot-metadata.outputs.previous-version}} to ${{steps.dependabot-metadata.outputs.new-version}}.\nFixes security advisory ${{steps.dependabot-metadata.outputs.ghsa-id}}\n\n<${{env.PULL_REQUEST_URL}}|View pull request>" + } + } + ] + } + env: + SLACK_DEPENDENCY_BOT_TOKEN: ${{ secrets.SLACK_DEPENDENCY_BOT_TOKEN }} + PULL_REQUEST_URL: "https://github.com/${{ github.repository }}/pull/${{ github.event.number }}" \ No newline at end of file From 2173d2e9c52cd130e6c29576594091d2e59eae47 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 24 Jul 2023 14:25:44 +0100 Subject: [PATCH 62/76] adjust rails dependency in Gemfile to allow updating to latest patch versions --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 913d6f6..25714df 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ ruby "3.0.0" source 'https://rubygems.org' do - gem 'rails', '~> 6.1.7.1' + gem 'rails', '~> 6.1.7' # Use postgres as the database for Active Record gem 'pg' From dc6c109722079fcb0e976d0455b5bca7f2ea0660 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 24 Jul 2023 14:34:50 +0100 Subject: [PATCH 63/76] Bump rails to fix security advisory CVE-2023-28120 --- Gemfile.lock | 150 ++++++++++++++++++++++++++------------------------- 1 file changed, 76 insertions(+), 74 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ebf854e..85de8d7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,60 +11,60 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.2) - actionpack (= 6.1.7.2) - activesupport (= 6.1.7.2) + actioncable (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.2) - actionpack (= 6.1.7.2) - activejob (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + actionmailbox (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (>= 2.7.1) - actionmailer (6.1.7.2) - actionpack (= 6.1.7.2) - actionview (= 6.1.7.2) - activejob (= 6.1.7.2) - activesupport (= 6.1.7.2) + actionmailer (6.1.7.4) + actionpack (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7.2) - actionview (= 6.1.7.2) - activesupport (= 6.1.7.2) + actionpack (6.1.7.4) + actionview (= 6.1.7.4) + activesupport (= 6.1.7.4) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.2) - actionpack (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + actiontext (6.1.7.4) + actionpack (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) nokogiri (>= 1.8.5) - actionview (6.1.7.2) - activesupport (= 6.1.7.2) + actionview (6.1.7.4) + activesupport (= 6.1.7.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.2) - activesupport (= 6.1.7.2) + activejob (6.1.7.4) + activesupport (= 6.1.7.4) globalid (>= 0.3.6) - activemodel (6.1.7.2) - activesupport (= 6.1.7.2) - activerecord (6.1.7.2) - activemodel (= 6.1.7.2) - activesupport (= 6.1.7.2) - activestorage (6.1.7.2) - actionpack (= 6.1.7.2) - activejob (= 6.1.7.2) - activerecord (= 6.1.7.2) - activesupport (= 6.1.7.2) + activemodel (6.1.7.4) + activesupport (= 6.1.7.4) + activerecord (6.1.7.4) + activemodel (= 6.1.7.4) + activesupport (= 6.1.7.4) + activestorage (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activesupport (= 6.1.7.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.2) + activesupport (6.1.7.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -138,7 +138,7 @@ GEM globalid (1.1.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.12.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) jbuilder (2.11.5) actionview (>= 5.0.0) @@ -171,9 +171,9 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.19.1) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap @@ -186,10 +186,10 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) mini_mime (1.1.2) - mini_portile2 (2.8.1) - minitest (5.17.0) + mini_portile2 (2.8.4) + minitest (5.18.1) multi_xml (0.6.0) - net-imap (0.3.4) + net-imap (0.3.6) date net-protocol net-pop (0.1.2) @@ -199,11 +199,11 @@ GEM net-smtp (0.3.3) net-protocol newrelic_rpm (9.0.0) - nio4r (2.5.8) - nokogiri (1.14.2) - mini_portile2 (~> 2.8.0) + nio4r (2.5.9) + nokogiri (1.15.3) + mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.14.2-x86_64-linux) + nokogiri (1.15.3-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -239,40 +239,42 @@ GEM public_suffix (5.0.1) puma (5.6.5) nio4r (~> 2.0) - racc (1.6.2) - rack (2.2.6.3) + racc (1.7.1) + rack (2.2.7) rack-protection (3.0.5) rack - rack-test (2.0.2) + rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.2) - actioncable (= 6.1.7.2) - actionmailbox (= 6.1.7.2) - actionmailer (= 6.1.7.2) - actionpack (= 6.1.7.2) - actiontext (= 6.1.7.2) - actionview (= 6.1.7.2) - activejob (= 6.1.7.2) - activemodel (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + rails (6.1.7.4) + actioncable (= 6.1.7.4) + actionmailbox (= 6.1.7.4) + actionmailer (= 6.1.7.4) + actionpack (= 6.1.7.4) + actiontext (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activemodel (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) bundler (>= 1.15.0) - railties (= 6.1.7.2) + railties (= 6.1.7.4) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.1.1) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) rails-erd (1.7.2) activerecord (>= 4.2) activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (6.1.7.2) - actionpack (= 6.1.7.2) - activesupport (= 6.1.7.2) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) method_source rake (>= 12.2) thor (~> 1.0) @@ -373,9 +375,9 @@ GEM sprockets (>= 3.0.0) terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) - thor (1.2.1) + thor (1.2.2) tilt (2.1.0) - timeout (0.3.2) + timeout (0.4.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -395,7 +397,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.7) + zeitwerk (2.6.8) PLATFORMS ruby @@ -424,7 +426,7 @@ DEPENDENCIES pg! pry-rails! puma (~> 5.6)! - rails (~> 6.1.7.1)! + rails (~> 6.1.7)! rails-erd! repost! rspec! From 2c5ba89604a3e85f4d5c750db6f57cd014c27847 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 24 Jul 2023 15:43:53 +0100 Subject: [PATCH 64/76] SCTTR-157 update dependabot workflow to use webhooks --- .github/workflows/dependabot-auto-approve-and-merge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-auto-approve-and-merge.yml b/.github/workflows/dependabot-auto-approve-and-merge.yml index 9ad0d64..a6a369e 100644 --- a/.github/workflows/dependabot-auto-approve-and-merge.yml +++ b/.github/workflows/dependabot-auto-approve-and-merge.yml @@ -30,7 +30,6 @@ jobs: id: slack uses: slackapi/slack-github-action@v1.24.0 with: - channel-id: ${{ secrets.TECHTEAM_SLACK_CHANNEL_ID }} alert-lookup: true payload: | { @@ -46,5 +45,6 @@ jobs: ] } env: - SLACK_DEPENDENCY_BOT_TOKEN: ${{ secrets.SLACK_DEPENDENCY_BOT_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK PULL_REQUEST_URL: "https://github.com/${{ github.repository }}/pull/${{ github.event.number }}" \ No newline at end of file From 174b19dd5ae6fc4b92a5848a1dabec70ee4bf546 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Tue, 25 Jul 2023 12:34:40 +0100 Subject: [PATCH 65/76] SCTRR-157 replace dependabot workflow with reference to reusable one --- .../dependabot-auto-approve-and-merge.yml | 47 ++----------------- 1 file changed, 4 insertions(+), 43 deletions(-) diff --git a/.github/workflows/dependabot-auto-approve-and-merge.yml b/.github/workflows/dependabot-auto-approve-and-merge.yml index a6a369e..f832126 100644 --- a/.github/workflows/dependabot-auto-approve-and-merge.yml +++ b/.github/workflows/dependabot-auto-approve-and-merge.yml @@ -2,49 +2,10 @@ name: Dependabot auto-approve and auto-merge on: pull_request permissions: + contents: write pull-requests: write jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve a minor|patch PR - if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - name: Merge a minor|patch PR - if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - name: Post to Slack - id: slack - uses: slackapi/slack-github-action@v1.24.0 - with: - alert-lookup: true - payload: | - { - "text": "Updated dependency ${{ steps.dependabot-metadata.outputs.dependency-names }}", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Updated dependency ${{ steps.dependabot-metadata.outputs.dependency-names }} from ${{steps.dependabot-metadata.outputs.previous-version}} to ${{steps.dependabot-metadata.outputs.new-version}}.\nFixes security advisory ${{steps.dependabot-metadata.outputs.ghsa-id}}\n\n<${{env.PULL_REQUEST_URL}}|View pull request>" - } - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - PULL_REQUEST_URL: "https://github.com/${{ github.repository }}/pull/${{ github.event.number }}" \ No newline at end of file + dependabot-workflow: + uses: 38degrees/github-workflows/workflows/dependabot-auto-approve-and-merge.yml@main + \ No newline at end of file From 82fea284b9e85b1c598086ac8beb9d0e08f4d263 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Tue, 25 Jul 2023 16:50:10 +0100 Subject: [PATCH 66/76] correct github workflow file reference in workflow --- .github/workflows/dependabot-auto-approve-and-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-approve-and-merge.yml b/.github/workflows/dependabot-auto-approve-and-merge.yml index f832126..7840e9a 100644 --- a/.github/workflows/dependabot-auto-approve-and-merge.yml +++ b/.github/workflows/dependabot-auto-approve-and-merge.yml @@ -7,5 +7,5 @@ permissions: jobs: dependabot-workflow: - uses: 38degrees/github-workflows/workflows/dependabot-auto-approve-and-merge.yml@main + uses: 38degrees/github-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@main \ No newline at end of file From 750d598b3afe7b583a7d1e9205b6d42680f994d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 19 Aug 2023 01:53:05 +0000 Subject: [PATCH 67/76] Bump puma from 5.6.5 to 5.6.7 Bumps [puma](https://github.com/puma/puma) from 5.6.5 to 5.6.7. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.6.5...v5.6.7) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 85de8d7..25a408d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -237,7 +237,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (5.0.1) - puma (5.6.5) + puma (5.6.7) nio4r (~> 2.0) racc (1.7.1) rack (2.2.7) From 326c2244fb3c919e78968f7db1ce43018f0cee41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 09:44:24 +0000 Subject: [PATCH 68/76] Bump nokogiri from 1.15.3 to 1.16.2 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.15.3 to 1.16.2. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.15.3...v1.16.2) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 85de8d7..d593d7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -186,7 +186,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) mini_mime (1.1.2) - mini_portile2 (2.8.4) + mini_portile2 (2.8.5) minitest (5.18.1) multi_xml (0.6.0) net-imap (0.3.6) @@ -200,10 +200,10 @@ GEM net-protocol newrelic_rpm (9.0.0) nio4r (2.5.9) - nokogiri (1.15.3) + nokogiri (1.16.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.15.3-x86_64-linux) + nokogiri (1.16.2-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -239,7 +239,7 @@ GEM public_suffix (5.0.1) puma (5.6.5) nio4r (~> 2.0) - racc (1.7.1) + racc (1.7.3) rack (2.2.7) rack-protection (3.0.5) rack From 7253fd01ccae40b3d66dafd97b40d525755b7233 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 09:53:11 +0000 Subject: [PATCH 69/76] Bump puma from 5.6.5 to 5.6.8 Bumps [puma](https://github.com/puma/puma) from 5.6.5 to 5.6.8. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.6.5...v5.6.8) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 85de8d7..cc960ca 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -199,7 +199,7 @@ GEM net-smtp (0.3.3) net-protocol newrelic_rpm (9.0.0) - nio4r (2.5.9) + nio4r (2.7.0) nokogiri (1.15.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -237,7 +237,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (5.0.1) - puma (5.6.5) + puma (5.6.8) nio4r (~> 2.0) racc (1.7.1) rack (2.2.7) From d40fbca09f213b20c104b143a4791276a06bee28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 19:30:09 +0000 Subject: [PATCH 70/76] Bump puma from 5.6.8 to 5.6.9 Bumps [puma](https://github.com/puma/puma) from 5.6.8 to 5.6.9. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.6.8...v5.6.9) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 959beda..436f4c7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -199,7 +199,7 @@ GEM net-smtp (0.3.3) net-protocol newrelic_rpm (9.0.0) - nio4r (2.5.9) + nio4r (2.7.3) nokogiri (1.16.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -237,7 +237,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (5.0.1) - puma (5.6.8) + puma (5.6.9) nio4r (~> 2.0) racc (1.7.3) rack (2.2.7) From 2671b8d269551045900873631899693a3575bad8 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 2 Dec 2024 14:24:27 +1100 Subject: [PATCH 71/76] Upgrade project to use ruby 3.3.5 --- .circleci/config.yml | 6 +++--- Dockerfile | 4 ++-- Gemfile | 2 +- Gemfile.lock | 2 +- README.md | 2 +- docker-compose.yml | 6 +++--- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0105e27..026bb87 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,18 +4,18 @@ version: 2.1 orbs: - ruby: circleci/ruby@1.1.1 + ruby: circleci/ruby@2.2.1 jobs: build: docker: - - image: circleci/ruby:3.0.0-node-browsers + - image: cimg/ruby:3.3.5-browsers environment: - RACK_ENV=test - RAILS_ENV=test - DATABASE_URL=postgres://testuser:testpass@127.0.0.1:5432/mahbucket_test - SKIP_AUTH=true - - image: circleci/postgres:10-alpine-ram + - image: cimg/postgres:10.20 environment: - POSTGRES_USER=testuser - POSTGRES_PASSWORD=testpass diff --git a/Dockerfile b/Dockerfile index 92a3c7d..b7cef8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # This Dockerfile uses a circleci image for convenience. -FROM circleci/ruby:3.0.0-node-browsers +FROM cimg/ruby:3.3.5-browsers USER root RUN mkdir /app @@ -17,4 +17,4 @@ RUN bundle config set path '/bundle' RUN mkdir -p /tmp/sockets -CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb +# CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb diff --git a/Gemfile b/Gemfile index 25714df..4d90954 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -ruby "3.0.0" +ruby "3.3.5" source 'https://rubygems.org' do gem 'rails', '~> 6.1.7' diff --git a/Gemfile.lock b/Gemfile.lock index 436f4c7..cc31041 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -445,7 +445,7 @@ DEPENDENCIES webdrivers (~> 4.4)! RUBY VERSION - ruby 3.0.0p0 + ruby 3.3.5p100 BUNDLED WITH 2.2.17 diff --git a/README.md b/README.md index 409601c..88be9c6 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ should hopefully be useful (or at least usable) for other file types too. ## Ruby and Rails versions Mah Bucket was initially developed using Ruby 2.3.1 and Rails 5.0.1, and is -currently using Ruby 2.7.1 and Rails 6.0.3 - so it should have a fairly wide +currently using Ruby 3.3.5 and Rails ~>6.1.7 - so it should have a fairly wide compatibility range. If you find a version of either that it won't run with, please let me know. diff --git a/docker-compose.yml b/docker-compose.yml index 87a5aac..68d1533 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ x-service-fragments: services: ##### Concrete services ##### postgres: - image: 'postgres:9.6-alpine' + image: 'cimg/postgres:10.20' environment: # The Postgres image uses these to create a db user - note the user/pass here should match that in your env file! - POSTGRES_USER=user @@ -29,7 +29,8 @@ services: - 'postgres:/var/lib/postgresql/data' web: - <<: *app + networks: + - default build: dockerfile: Dockerfile context: . @@ -48,7 +49,6 @@ services: - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true - SKIP_AUTH=true command: sh -c 'bundle check || bundle install && rm -f /tmp/.X99-lock && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && bundle exec puma -C ./config/puma.rb' - volumes: postgres: From e3e83adf67d73603e8f28c871d997c3abb1f0cbd Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 2 Dec 2024 14:37:30 +1100 Subject: [PATCH 72/76] update webdriver dependency and bundler versions --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 4d90954..8f93396 100644 --- a/Gemfile +++ b/Gemfile @@ -80,6 +80,6 @@ source 'https://rubygems.org' do gem 'rspec' gem 'rspec_junit_formatter' gem 'selenium-webdriver' - gem 'webdrivers', '~> 4.4' + gem 'webdrivers', '~> 5' end end diff --git a/Gemfile.lock b/Gemfile.lock index cc31041..1061ff4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -387,10 +387,10 @@ GEM execjs (>= 0.3.0, < 3) unicode-display_width (2.4.2) version_gem (1.1.1) - webdrivers (4.7.0) + webdrivers (5.3.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (> 3.141, < 5.0) + selenium-webdriver (~> 4.0, < 4.11) websocket (1.2.9) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) @@ -442,10 +442,10 @@ DEPENDENCIES sentry-ruby! turbolinks! uglifier! - webdrivers (~> 4.4)! + webdrivers (~> 5)! RUBY VERSION ruby 3.3.5p100 BUNDLED WITH - 2.2.17 + 2.5.23 From 20248c20b75eac8b68bea102b5499c367300b764 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 2 Dec 2024 16:02:24 +1100 Subject: [PATCH 73/76] Delete now unused Dockerfile and adjust docker-compose to use without Dockerfile. Also update selenium-webdriver, removing separate webdriver dependancy as no longer required --- Dockerfile | 20 -------------------- Gemfile | 1 - Gemfile.lock | 15 +++++++-------- docker-compose.yml | 13 ++++++------- 4 files changed, 13 insertions(+), 36 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index b7cef8f..0000000 --- a/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# This Dockerfile uses a circleci image for convenience. - -FROM cimg/ruby:3.3.5-browsers - -USER root -RUN mkdir /app -WORKDIR /app - -# As this is a dev container we are keeping the installation of app -# dependencies (via bundle and yarn), and the mounting of the source -# code external to the container build -#ENV PATH="/usr/local/lib/ruby/gems/bin:${PATH}" -RUN mkdir /bundle -ENV BUNDLE_PATH=/bundle -ENV GEM_HOME=/bundle -RUN bundle config set path '/bundle' - -RUN mkdir -p /tmp/sockets - -# CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb diff --git a/Gemfile b/Gemfile index 8f93396..34be5c3 100644 --- a/Gemfile +++ b/Gemfile @@ -80,6 +80,5 @@ source 'https://rubygems.org' do gem 'rspec' gem 'rspec_junit_formatter' gem 'selenium-webdriver' - gem 'webdrivers', '~> 5' end end diff --git a/Gemfile.lock b/Gemfile.lock index 1061ff4..2528159 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -91,6 +91,7 @@ GEM aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) + base64 (0.2.0) brakeman (5.4.1) builder (3.2.4) bundler-audit (0.9.1) @@ -171,6 +172,7 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) + logger (1.6.1) loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -285,7 +287,7 @@ GEM ffi (~> 1.0) regexp_parser (2.7.0) repost (0.4.1) - rexml (3.2.5) + rexml (3.3.9) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -348,7 +350,9 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.8.1) + selenium-webdriver (4.27.0) + base64 (~> 0.2) + logger (~> 1.4) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -387,11 +391,7 @@ GEM execjs (>= 0.3.0, < 3) unicode-display_width (2.4.2) version_gem (1.1.1) - webdrivers (5.3.1) - nokogiri (~> 1.6) - rubyzip (>= 1.3.0) - selenium-webdriver (~> 4.0, < 4.11) - websocket (1.2.9) + websocket (1.2.11) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -442,7 +442,6 @@ DEPENDENCIES sentry-ruby! turbolinks! uglifier! - webdrivers (~> 5)! RUBY VERSION ruby 3.3.5p100 diff --git a/docker-compose.yml b/docker-compose.yml index 68d1533..a71d3dc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' x-service-fragments: ##### Abstract services for common setup ##### app: &app - image: ruby + image: cimg/ruby:3.3.5-browsers networks: - default volumes: @@ -29,11 +29,10 @@ services: - 'postgres:/var/lib/postgresql/data' web: - networks: - - default - build: - dockerfile: Dockerfile - context: . + <<: *app + volumes: + - '.:/usr/src/app:cached' + working_dir: /usr/src/app ports: # Use a default port of 3005, but allow it to be overriden by an env variable # E.g. `PORT=3001 docker-compose up` @@ -49,7 +48,7 @@ services: - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true - SKIP_AUTH=true command: sh -c 'bundle check || bundle install && rm -f /tmp/.X99-lock && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && bundle exec puma -C ./config/puma.rb' - + volumes: postgres: bundle_cache: From ffe4117f65190b9e69a673b07cc205172fe9e719 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Mon, 2 Dec 2024 16:29:09 +1100 Subject: [PATCH 74/76] update capybara to support latest selenium-webdriver version --- Gemfile.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2528159..41a8d0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -72,8 +72,8 @@ GEM zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) aws-eventstream (1.2.0) aws-partitions (1.720.0) @@ -97,11 +97,11 @@ GEM bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - capybara (3.38.0) + capybara (3.40.0) addressable matrix mini_mime (>= 0.1.3) - nokogiri (~> 1.8) + nokogiri (~> 1.11) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) @@ -187,8 +187,8 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) - mini_mime (1.1.2) - mini_portile2 (2.8.5) + mini_mime (1.1.5) + mini_portile2 (2.8.8) minitest (5.18.1) multi_xml (0.6.0) net-imap (0.3.6) @@ -202,10 +202,10 @@ GEM net-protocol newrelic_rpm (9.0.0) nio4r (2.7.3) - nokogiri (1.16.2) + nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.2-x86_64-linux) + nokogiri (1.16.7-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -238,11 +238,11 @@ GEM method_source (~> 1.0) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (5.0.1) + public_suffix (6.0.1) puma (5.6.9) nio4r (~> 2.0) - racc (1.7.3) - rack (2.2.7) + racc (1.8.1) + rack (2.2.10) rack-protection (3.0.5) rack rack-test (2.1.0) @@ -285,7 +285,7 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.7.0) + regexp_parser (2.9.3) repost (0.4.1) rexml (3.3.9) rspec (3.12.0) From 749ac9e97c94d15bd1f64502f71af204aa49226c Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Tue, 14 Jan 2025 22:39:01 +1100 Subject: [PATCH 75/76] Revert "Merge pull request #67 from 38degrees/upgrade-to-ruby-3-3-5" This reverts commit 0ba8ba726d19ab6f99544e343f0733465ce8f62b, reversing changes made to 979c6e7f0059acc93d491a5e98eff1c4ceb95811. --- .circleci/config.yml | 6 +++--- Dockerfile | 20 ++++++++++++++++++++ Gemfile | 3 ++- Gemfile.lock | 43 ++++++++++++++++++++++--------------------- README.md | 2 +- docker-compose.yml | 11 ++++++----- 6 files changed, 54 insertions(+), 31 deletions(-) create mode 100644 Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 026bb87..0105e27 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,18 +4,18 @@ version: 2.1 orbs: - ruby: circleci/ruby@2.2.1 + ruby: circleci/ruby@1.1.1 jobs: build: docker: - - image: cimg/ruby:3.3.5-browsers + - image: circleci/ruby:3.0.0-node-browsers environment: - RACK_ENV=test - RAILS_ENV=test - DATABASE_URL=postgres://testuser:testpass@127.0.0.1:5432/mahbucket_test - SKIP_AUTH=true - - image: cimg/postgres:10.20 + - image: circleci/postgres:10-alpine-ram environment: - POSTGRES_USER=testuser - POSTGRES_PASSWORD=testpass diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..92a3c7d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +# This Dockerfile uses a circleci image for convenience. + +FROM circleci/ruby:3.0.0-node-browsers + +USER root +RUN mkdir /app +WORKDIR /app + +# As this is a dev container we are keeping the installation of app +# dependencies (via bundle and yarn), and the mounting of the source +# code external to the container build +#ENV PATH="/usr/local/lib/ruby/gems/bin:${PATH}" +RUN mkdir /bundle +ENV BUNDLE_PATH=/bundle +ENV GEM_HOME=/bundle +RUN bundle config set path '/bundle' + +RUN mkdir -p /tmp/sockets + +CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb diff --git a/Gemfile b/Gemfile index 34be5c3..25714df 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -ruby "3.3.5" +ruby "3.0.0" source 'https://rubygems.org' do gem 'rails', '~> 6.1.7' @@ -80,5 +80,6 @@ source 'https://rubygems.org' do gem 'rspec' gem 'rspec_junit_formatter' gem 'selenium-webdriver' + gem 'webdrivers', '~> 4.4' end end diff --git a/Gemfile.lock b/Gemfile.lock index 41a8d0a..436f4c7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -72,8 +72,8 @@ GEM zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) aws-eventstream (1.2.0) aws-partitions (1.720.0) @@ -91,17 +91,16 @@ GEM aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) - base64 (0.2.0) brakeman (5.4.1) builder (3.2.4) bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - capybara (3.40.0) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) - nokogiri (~> 1.11) + nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) @@ -172,7 +171,6 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.1) loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -187,8 +185,8 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) - mini_mime (1.1.5) - mini_portile2 (2.8.8) + mini_mime (1.1.2) + mini_portile2 (2.8.5) minitest (5.18.1) multi_xml (0.6.0) net-imap (0.3.6) @@ -202,10 +200,10 @@ GEM net-protocol newrelic_rpm (9.0.0) nio4r (2.7.3) - nokogiri (1.16.7) + nokogiri (1.16.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.7-x86_64-linux) + nokogiri (1.16.2-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -238,11 +236,11 @@ GEM method_source (~> 1.0) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (6.0.1) + public_suffix (5.0.1) puma (5.6.9) nio4r (~> 2.0) - racc (1.8.1) - rack (2.2.10) + racc (1.7.3) + rack (2.2.7) rack-protection (3.0.5) rack rack-test (2.1.0) @@ -285,9 +283,9 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.9.3) + regexp_parser (2.7.0) repost (0.4.1) - rexml (3.3.9) + rexml (3.2.5) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -350,9 +348,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.27.0) - base64 (~> 0.2) - logger (~> 1.4) + selenium-webdriver (4.8.1) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -391,7 +387,11 @@ GEM execjs (>= 0.3.0, < 3) unicode-display_width (2.4.2) version_gem (1.1.1) - websocket (1.2.11) + webdrivers (4.7.0) + nokogiri (~> 1.6) + rubyzip (>= 1.3.0) + selenium-webdriver (> 3.141, < 5.0) + websocket (1.2.9) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -442,9 +442,10 @@ DEPENDENCIES sentry-ruby! turbolinks! uglifier! + webdrivers (~> 4.4)! RUBY VERSION - ruby 3.3.5p100 + ruby 3.0.0p0 BUNDLED WITH - 2.5.23 + 2.2.17 diff --git a/README.md b/README.md index 88be9c6..409601c 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ should hopefully be useful (or at least usable) for other file types too. ## Ruby and Rails versions Mah Bucket was initially developed using Ruby 2.3.1 and Rails 5.0.1, and is -currently using Ruby 3.3.5 and Rails ~>6.1.7 - so it should have a fairly wide +currently using Ruby 2.7.1 and Rails 6.0.3 - so it should have a fairly wide compatibility range. If you find a version of either that it won't run with, please let me know. diff --git a/docker-compose.yml b/docker-compose.yml index a71d3dc..87a5aac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' x-service-fragments: ##### Abstract services for common setup ##### app: &app - image: cimg/ruby:3.3.5-browsers + image: ruby networks: - default volumes: @@ -19,7 +19,7 @@ x-service-fragments: services: ##### Concrete services ##### postgres: - image: 'cimg/postgres:10.20' + image: 'postgres:9.6-alpine' environment: # The Postgres image uses these to create a db user - note the user/pass here should match that in your env file! - POSTGRES_USER=user @@ -30,9 +30,9 @@ services: web: <<: *app - volumes: - - '.:/usr/src/app:cached' - working_dir: /usr/src/app + build: + dockerfile: Dockerfile + context: . ports: # Use a default port of 3005, but allow it to be overriden by an env variable # E.g. `PORT=3001 docker-compose up` @@ -49,6 +49,7 @@ services: - SKIP_AUTH=true command: sh -c 'bundle check || bundle install && rm -f /tmp/.X99-lock && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && bundle exec puma -C ./config/puma.rb' + volumes: postgres: bundle_cache: From 3e738a385dd55adcebdf78382aade71145a26e61 Mon Sep 17 00:00:00 2001 From: Nic Duke Date: Thu, 23 Jan 2025 20:10:47 +1100 Subject: [PATCH 76/76] Reverts previously reverted Ruby 3.3.5 upgrade change This reverts commit 749ac9e97c94d15bd1f64502f71af204aa49226c. --- .circleci/config.yml | 6 +++--- Dockerfile | 20 -------------------- Gemfile | 3 +-- Gemfile.lock | 43 +++++++++++++++++++++---------------------- README.md | 2 +- docker-compose.yml | 11 +++++------ 6 files changed, 31 insertions(+), 54 deletions(-) delete mode 100644 Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 0105e27..026bb87 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,18 +4,18 @@ version: 2.1 orbs: - ruby: circleci/ruby@1.1.1 + ruby: circleci/ruby@2.2.1 jobs: build: docker: - - image: circleci/ruby:3.0.0-node-browsers + - image: cimg/ruby:3.3.5-browsers environment: - RACK_ENV=test - RAILS_ENV=test - DATABASE_URL=postgres://testuser:testpass@127.0.0.1:5432/mahbucket_test - SKIP_AUTH=true - - image: circleci/postgres:10-alpine-ram + - image: cimg/postgres:10.20 environment: - POSTGRES_USER=testuser - POSTGRES_PASSWORD=testpass diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 92a3c7d..0000000 --- a/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# This Dockerfile uses a circleci image for convenience. - -FROM circleci/ruby:3.0.0-node-browsers - -USER root -RUN mkdir /app -WORKDIR /app - -# As this is a dev container we are keeping the installation of app -# dependencies (via bundle and yarn), and the mounting of the source -# code external to the container build -#ENV PATH="/usr/local/lib/ruby/gems/bin:${PATH}" -RUN mkdir /bundle -ENV BUNDLE_PATH=/bundle -ENV GEM_HOME=/bundle -RUN bundle config set path '/bundle' - -RUN mkdir -p /tmp/sockets - -CMD bundle check || bundle install && bundle exec puma -C ./config/puma.rb diff --git a/Gemfile b/Gemfile index 25714df..34be5c3 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -ruby "3.0.0" +ruby "3.3.5" source 'https://rubygems.org' do gem 'rails', '~> 6.1.7' @@ -80,6 +80,5 @@ source 'https://rubygems.org' do gem 'rspec' gem 'rspec_junit_formatter' gem 'selenium-webdriver' - gem 'webdrivers', '~> 4.4' end end diff --git a/Gemfile.lock b/Gemfile.lock index 436f4c7..41a8d0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -72,8 +72,8 @@ GEM zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) aws-eventstream (1.2.0) aws-partitions (1.720.0) @@ -91,16 +91,17 @@ GEM aws-sigv4 (~> 1.4) aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) + base64 (0.2.0) brakeman (5.4.1) builder (3.2.4) bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - capybara (3.38.0) + capybara (3.40.0) addressable matrix mini_mime (>= 0.1.3) - nokogiri (~> 1.8) + nokogiri (~> 1.11) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) @@ -171,6 +172,7 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) + logger (1.6.1) loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -185,8 +187,8 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) - mini_mime (1.1.2) - mini_portile2 (2.8.5) + mini_mime (1.1.5) + mini_portile2 (2.8.8) minitest (5.18.1) multi_xml (0.6.0) net-imap (0.3.6) @@ -200,10 +202,10 @@ GEM net-protocol newrelic_rpm (9.0.0) nio4r (2.7.3) - nokogiri (1.16.2) + nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.2-x86_64-linux) + nokogiri (1.16.7-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -236,11 +238,11 @@ GEM method_source (~> 1.0) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (5.0.1) + public_suffix (6.0.1) puma (5.6.9) nio4r (~> 2.0) - racc (1.7.3) - rack (2.2.7) + racc (1.8.1) + rack (2.2.10) rack-protection (3.0.5) rack rack-test (2.1.0) @@ -283,9 +285,9 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.7.0) + regexp_parser (2.9.3) repost (0.4.1) - rexml (3.2.5) + rexml (3.3.9) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -348,7 +350,9 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.8.1) + selenium-webdriver (4.27.0) + base64 (~> 0.2) + logger (~> 1.4) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -387,11 +391,7 @@ GEM execjs (>= 0.3.0, < 3) unicode-display_width (2.4.2) version_gem (1.1.1) - webdrivers (4.7.0) - nokogiri (~> 1.6) - rubyzip (>= 1.3.0) - selenium-webdriver (> 3.141, < 5.0) - websocket (1.2.9) + websocket (1.2.11) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -442,10 +442,9 @@ DEPENDENCIES sentry-ruby! turbolinks! uglifier! - webdrivers (~> 4.4)! RUBY VERSION - ruby 3.0.0p0 + ruby 3.3.5p100 BUNDLED WITH - 2.2.17 + 2.5.23 diff --git a/README.md b/README.md index 409601c..88be9c6 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ should hopefully be useful (or at least usable) for other file types too. ## Ruby and Rails versions Mah Bucket was initially developed using Ruby 2.3.1 and Rails 5.0.1, and is -currently using Ruby 2.7.1 and Rails 6.0.3 - so it should have a fairly wide +currently using Ruby 3.3.5 and Rails ~>6.1.7 - so it should have a fairly wide compatibility range. If you find a version of either that it won't run with, please let me know. diff --git a/docker-compose.yml b/docker-compose.yml index 87a5aac..a71d3dc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' x-service-fragments: ##### Abstract services for common setup ##### app: &app - image: ruby + image: cimg/ruby:3.3.5-browsers networks: - default volumes: @@ -19,7 +19,7 @@ x-service-fragments: services: ##### Concrete services ##### postgres: - image: 'postgres:9.6-alpine' + image: 'cimg/postgres:10.20' environment: # The Postgres image uses these to create a db user - note the user/pass here should match that in your env file! - POSTGRES_USER=user @@ -30,9 +30,9 @@ services: web: <<: *app - build: - dockerfile: Dockerfile - context: . + volumes: + - '.:/usr/src/app:cached' + working_dir: /usr/src/app ports: # Use a default port of 3005, but allow it to be overriden by an env variable # E.g. `PORT=3001 docker-compose up` @@ -49,7 +49,6 @@ services: - SKIP_AUTH=true command: sh -c 'bundle check || bundle install && rm -f /tmp/.X99-lock && bundle exec rails db:create db:environment:set db:schema:load && bundle exec rubocop && bundle exec rspec && bundle exec puma -C ./config/puma.rb' - volumes: postgres: bundle_cache: