consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,897 Commits 1 Branch 0 Tags
526d161e2d5f07b45da0368f2dd67ec87bd2b992
Commit Graph

476 Commits

Author SHA1 Message Date
Javier Martín
7212f6d701 Merge pull request #3788 from consul/dependabot/bundler/capybara-3.29.0 
Bump capybara from 2.17.0 to 3.29.0
 2020-04-06 20:34:37 +02:00
dependabot-preview[bot]
781188758a Bump capybara from 2.17.0 to 3.29.0 
Bumps [capybara](https://github.com/teamcapybara/capybara) from 2.17.0 to 3.29.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/2.17.0...3.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-06 20:11:44 +02:00
dependabot-preview[bot]
73cdc60ed7 [Security] Bump json from 2.1.0 to 2.3.0 
Bumps [json](https://github.com/flori/json) from 2.1.0 to 2.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.1.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-19 16:12:36 +00:00
dependabot-preview[bot]
2fccacfb10 [Security] Bump user_agent_parser from 2.4.1 to 2.6.0 
Bumps [user_agent_parser](https://github.com/ua-parser/uap-ruby) from 2.4.1 to 2.6.0. **This update includes a security fix.**
- [Release notes](https://github.com/ua-parser/uap-ruby/releases)
- [Commits](https://github.com/ua-parser/uap-ruby/compare/v2.4.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-10 19:48:29 +01:00
dependabot-preview[bot]
41777c93e6 [Security] Bump puma from 4.3.1 to 4.3.3 
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.3. **This update includes security fixes.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-01 22:55:54 +00:00
dependabot-preview[bot]
2b0450ef4f [Security] Bump nokogiri from 1.10.7 to 1.10.8 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.7 to 1.10.8. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.7...v1.10.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-24 19:43:53 +00:00
Javier Martín
9bbed55d20 Merge pull request #3840 from consul/omniauth_csrf 
Add CSRF protection to Omniauth requests
 2020-01-28 12:52:17 +01:00
dependabot-preview[bot]
58071fd66b Bump foundation-rails from 6.4.3.0 to 6.6.1.0 
Bumps [foundation-rails](https://get.foundation) from 6.4.3.0 to 6.6.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-18 10:09:00 +00:00
Alberto
34c75fec4b Merge pull request #3606 from consul/fontawesome 
Add Font Awesome icons
 2020-01-18 11:07:03 +01:00
dependabot-preview[bot]
81883ad89d [Security] Bump rack from 2.0.7 to 2.0.8 
Bumps [rack](https://github.com/rack/rack) from 2.0.7 to 2.0.8. **This update includes a security fix.**
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.0.7...2.0.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-17 15:46:48 +00:00
dependabot-preview[bot]
a1d8dd0966 [Security] Bump puma from 4.3.0 to 4.3.1 
Bumps [puma](https://github.com/puma/puma) from 4.3.0 to 4.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.0...v4.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-12-05 19:39:57 +00:00
Javi Martín
92ea3c3d43 Bump knapsack_pro from 1.1.0 to 1.15.0 2019-12-03 14:11:19 +01:00
Javi Martín
c4ebea27a7 Add CSRF protection to Omniauth requests 
More info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
 2019-11-29 03:18:53 +01:00
Julian Herrero
be4f6bc07e Make it easier to release a new version of CONSUL 
With this change we no longer need the branch `changelog` and it will
be easier to release new versions of CONSUL.
 2019-11-23 14:06:53 +01:00
Javier Martín
98d6477481 Merge pull request #3858 from consul/dependabot/bundler/nokogiri-1.10.5 
[Security] Bump nokogiri from 1.10.4 to 1.10.5
 2019-11-20 00:11:19 +01:00
Javi Martín
442baf8384 Remove browser gem direct dependency 
While the browser gem is great, we don't need it in this case for such a
simple usage.

There are a few really small differences between this code and the old
one: matching `/MSIE/` will return true for Opera 12 and false for
certain versions of IE11. Since we're only rendering a comment for IE8
and below, we don't care about IE11, and Opera 12 is six years old and
its users won't be affected by the comment.

Note we're still using the browser gem because ahoy_matey depends on it,
but now it's an indirect dependency.
 2019-11-18 13:12:35 +01:00
Javier Martín
0824cc3f2d Merge pull request #3848 from consul/dependabot/bundler/sitemap_generator-6.0.2 
Bump sitemap_generator from 6.0.1 to 6.0.2
 2019-11-17 23:19:02 +01:00
dependabot-preview[bot]
551a2fe4e4 [Security] Bump nokogiri from 1.10.4 to 1.10.5 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.5. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 20:43:00 +00:00
Javi Martín
58befabde5 Bump puma from 4.2.1 to 4.3.0 2019-11-12 20:20:45 +01:00
dependabot-preview[bot]
18f8c96073 Bump sitemap_generator from 6.0.1 to 6.0.2 
Bumps [sitemap_generator](https://github.com/kjvarga/sitemap_generator) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/kjvarga/sitemap_generator/releases)
- [Changelog](https://github.com/kjvarga/sitemap_generator/blob/master/CHANGES.md)
- [Commits](https://github.com/kjvarga/sitemap_generator/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-11 14:12:26 +00:00
Javi Martín
f240e0073f Bump ckeditor from 4.2.4 to 4.3.0 
This version solves a security issue:

https://ckeditor.com/cke4/release/CKEditor-4.11.0

Note this version adds a `ckeditor/samples` folder, which is
automatically added to the application's assets manifest even if we
remove all CKEditor references in our application. One of the files in
that folder makes ExecJS raise a syntax error, causing every page to
raise a 500 error.
 2019-11-06 22:05:44 +01:00
Javi Martín
128a816464 Remove collaborative legislation summary 
This feature wasn't properly tested nor reviewed, and after reviewing
several pull requests with a similar status and considering this pull
request is related to the public area of the web, we've decided to
remove it before releasing version 1.1.

This commit reverts commit 4f50e67a.
 2019-11-06 17:21:03 +01:00
Julian Herrero
69838c78b9 Revert "Stop using Knapsack Pro" 
This reverts PR https://github.com/consul/consul/pull/3812
 2019-11-06 18:58:05 +07:00
Javi Martín
ed223e0bd1 Use audited to track investment changes 
Our manual implementation had a few issues. In particular, it didn't
track changes related to associations, which became more of an issue
when we made investments translatable.

Using audited gives us more functionality while at the same time
simplifies our code. However, it adds one more external dependency to
our project.

The reason for choosing audited over paper trail is audited seems to
make it easier to handle associations.
 2019-11-05 13:02:37 +01:00
Julian Herrero
5b3d40ce8e Stop using Knapsack Pro 2019-11-04 16:58:06 +07:00
dependabot-preview[bot]
3ee216ba51 [Security] Bump loofah from 2.3.0 to 2.3.1 
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.3.0 to 2.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-24 03:08:09 +00:00
Javi Martín
48cbb934c1 Bump parser to 2.6.5.0 
This version is compatible with Ruby 2.4.9.
 2019-10-23 17:46:47 +02:00
decabeza
18975a3963 Add font-awesome-sass gem 
Now can use all icons from https://fontawesome.com.
 2019-10-23 15:49:15 +02:00
Javier Martín
7a9fefb933 Merge pull request #3707 from consul/dependabot/bundler/ancestry-3.0.7 
Bump ancestry from 3.0.2 to 3.0.7
 2019-10-23 01:29:42 +02:00
dependabot-preview[bot]
4dbf38195a Bump ancestry from 3.0.2 to 3.0.7 
Bumps [ancestry](https://github.com/stefankroes/ancestry) from 3.0.2 to 3.0.7.
- [Release notes](https://github.com/stefankroes/ancestry/releases)
- [Changelog](https://github.com/stefankroes/ancestry/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefankroes/ancestry/compare/v3.0.2...v3.0.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-22 22:32:10 +00:00
Pierre Mesure
213903ad45 Replace sass-rails gem by sassc-rails 2019-10-22 21:59:14 +02:00
Javi Martín
b36e659f4e Use puma instead of unicorn 
Puma is the server we use in the development environment, so this way we
don't need to maintain two servers. Furthermore, puma seems to offer a
few advantages over unicorn (like multithreading) and no disadvantages.
 2019-10-12 16:50:49 +02:00
dependabot-preview[bot]
22e91271e5 [Security] Bump devise from 4.6.2 to 4.7.1 
Bumps [devise](https://github.com/plataformatec/devise) from 4.6.2 to 4.7.1. **This update includes a security fix.**
- [Release notes](https://github.com/plataformatec/devise/releases)
- [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/devise/compare/v4.6.2...v4.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-09 16:43:34 +00:00
Javi Martín
368f42f1a2 Revert loofah update 
We need to update other gems as well if we update this one. Dependabot
updated it automatically when updating `foundation_rails_helper`, but it
doesn't seem to be necessary.
 2019-10-08 18:46:20 +02:00
Javier Martín
2c80c05372 Merge pull request #3739 from consul/dependabot/bundler/rubocop-0.75.0 
Bump rubocop from 0.60.0 to 0.75.0
 2019-10-08 13:20:01 +02:00
Javi Martín
63d31f47c7 Add missing rubocop dependencies 
Rails and performance cops have been extracted to separate gems.

Note in the past we had to add these lines in order to activate Rails
cops:

```
Rails:
  Enabled: true
```

But we didn't do it, and so Rails cops were ignored.

With the new version, it's enough to require `rubocop-rails`.
 2019-10-08 12:42:46 +02:00
dependabot-preview[bot]
26201d4fc2 Bump foundation_rails_helper from 2.0.0 to 3.0.0 
Bumps [foundation_rails_helper](https://github.com/sgruhier/foundation_rails_helper) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/sgruhier/foundation_rails_helper/releases)
- [Changelog](https://github.com/sgruhier/foundation_rails_helper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sgruhier/foundation_rails_helper/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-03 03:22:21 +00:00
dependabot-preview[bot]
d827946a10 Bump rubocop from 0.60.0 to 0.75.0 
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.60.0 to 0.75.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.60.0...v0.75.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-01 14:32:18 +00:00
dependabot-preview[bot]
235ee0fb83 [Security] Bump rubyzip from 1.2.2 to 1.3.0 
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 1.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v1.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-01 13:06:28 +00:00
dependabot-preview[bot]
dde9caf7fd Merge pull request #3706 from consul/dependabot/bundler/rubocop-rspec-1.35.0 2019-09-19 15:03:06 +00:00
dependabot-preview[bot]
21634cf4fe Bump rubocop-rspec from 1.33.0 to 1.35.0 
Bumps [rubocop-rspec](https://github.com/rubocop-hq/rubocop-rspec) from 1.33.0 to 1.35.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rspec/compare/v1.33.0...v1.35.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-16 16:47:42 +00:00
dependabot-preview[bot]
3786adc8ad Bump puma from 3.12.1 to 4.1.1 
Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 4.1.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.12.1...v4.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-16 16:46:40 +00:00
dependabot-preview[bot]
32df471946 Bump paranoia from 2.4.1 to 2.4.2 
Bumps [paranoia](https://github.com/rubysherpas/paranoia) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/rubysherpas/paranoia/releases)
- [Changelog](https://github.com/rubysherpas/paranoia/blob/core/CHANGELOG.md)
- [Commits](https://github.com/rubysherpas/paranoia/compare/v2.4.1...v2.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-13 17:37:28 +00:00
Javier Martín
edb51c09c2 Merge pull request #3442 from consul/dependabot/bundler/i18n-tasks-0.9.29 
Bump i18n-tasks from 0.9.25 to 0.9.29
 2019-09-13 19:35:37 +02:00
dependabot-preview[bot]
f0d4565815 Bump email_spec from 2.1.1 to 2.2.0 
Bumps [email_spec](https://github.com/email-spec/email-spec) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/email-spec/email-spec/releases)
- [Changelog](https://github.com/email-spec/email-spec/blob/master/Changelog.md)
- [Commits](https://github.com/email-spec/email-spec/compare/v2.1.1...v2.2.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2019-09-12 21:18:16 +00:00
dependabot-preview[bot]
a736252c4b Bump i18n-tasks from 0.9.25 to 0.9.29 
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.25 to 0.9.29.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.25...v0.9.29)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2019-09-11 20:02:35 +00:00
Javi Martín
d93a029ce5 Convert CofeeScript to JavaScript 
Compiled using `coffee -c` with CoffeeScript 1.12.6.
 2019-09-11 14:03:24 +02:00
Javi Martín
8bb5462253 Use capybara-webmock to avoid external requests 
The images from OpenStreetMap take a while to load, sometimes even
causing Net::ReadTimeout errors if the internet connection is slow. It's
happened a lot recently on Travis builds.

Using capybara-webmock we guarantee the test suite doesn't fail due to
network issues.
 2019-09-07 13:09:05 +02:00
dependabot-preview[bot]
f7da0704a0 [Security] Bump nokogiri from 1.10.2 to 1.10.4 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.2 to 1.10.4. **This update includes security fixes.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.2...v1.10.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-08-11 21:22:15 +00:00
Javi Martín
444fc524f7 Use the AttributeDefinedStatically rubocop rule 
Factory bot has stopped supporting dynamic attributes, and we'll have to
change all factories before upgrading.

In order to apply the rubocop rule, we need to bump rubocop-rspec to its
latest version.
 2019-08-07 19:41:45 +02:00