consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,108 Commits 1 Branch 0 Tags
8c389b3dd90e9cf40337fd89683df1c1601fde3b
Commit Graph

492 Commits

Author SHA1 Message Date
Javi Martín
44f6d43212 Bump mdl from 0.5.0 to 0.10.0 
This contains a security fix since we're upgrading kramdown.
 2020-08-11 12:13:17 +02:00
Javier Martín
b2a07121e3 Merge pull request #4035 from consul/dependabot/bundler/geocoder-1.6.3 
[Security] Bump geocoder from 1.4.5 to 1.6.3
 2020-08-08 18:42:18 +02:00
Javi Martín
9318c4f1e9 Bump pg_search from 2.0.1 to 2.3.0 
Using pg_search 2.0.1 with Rails 5.2 results in deprecation warnings:

DEPRECATION WARNING: Dangerous query method (method whose arguments used
as raw SQL) called with non-attribute argument(s):
"pg_search_978c2f8941354cf552831b.rank DESC, \"tags\".\"id\" ASC".
Non-attribute arguments will be disallowed in Rails 6.0. This method
should not be called with user-provided values, such as request
parameters or model attributes. Known-safe values can be passed by
wrapping them in Arel.sql().

We're not upgrading to the latest pg_search because it only supports
ActiveRecord >= 5.2.
 2020-07-14 13:16:08 +02:00
Javier Martín
11a1fa1b1d Merge pull request #4042 from consul/dependabot/bundler/rack-2.2.3 
[Security] Bump rack from 2.2.2 to 2.2.3
 2020-06-23 19:06:33 +02:00
Javier Martín
21572e704d Merge pull request #4033 from consul/dependabot/bundler/websocket-extensions-0.1.5 
[Security] Bump websocket-extensions from 0.1.4 to 0.1.5
 2020-06-16 17:49:09 +02:00
dependabot-preview[bot]
976f031984 [Security] Bump rack from 2.2.2 to 2.2.3 
Bumps [rack](https://github.com/rack/rack) from 2.2.2 to 2.2.3. **This update includes a security fix.**
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.2...2.2.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-16 12:16:08 +00:00
Javi Martín
199d8ff609 Bump rubocop from 0.75.0 to 0.83.0 
Recent versions introduce the `Layout/SpaceAroundMethodCallOperator`,
which we are going to use. We aren't upgrading to the latest rubocop
version because it conflicts with the version of Capybara we're using
and because it isn't supported by Hound.

Some rules have been renamed:

Layout/IndentAssignment is now Layout/AssignmentIndentation
Layout/IndentHeredoc is now Layout/HeredocIndentation
Layout/LeadingBlankLines is now Layout/LeadingEmptyLines
Layout/Tab is now Layout/IndentationStyle
Layout/TrailingBlankLines is now Layout/TrailingEmptyLines
Lint/StringConversionInInterpolation is now Lint/RedundantStringCoercion
Metrics/LineLength is now Layout/LineLength

Note after upgrading we get a new "offense" in the `StartWith` rule, so
we're changing the code in order to fix it.
 2020-06-16 13:47:38 +02:00
dependabot-preview[bot]
b734732cfd [Security] Bump geocoder from 1.4.5 to 1.6.3 
Bumps [geocoder](https://github.com/alexreisner/geocoder) from 1.4.5 to 1.6.3. **This update includes a security fix.**
- [Release notes](https://github.com/alexreisner/geocoder/releases)
- [Changelog](https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alexreisner/geocoder/compare/v1.4.5...v1.6.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-08 15:11:06 +00:00
dependabot-preview[bot]
4b5f518482 [Security] Bump websocket-extensions from 0.1.4 to 0.1.5 
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) from 0.1.4 to 0.1.5. **This update includes a security fix.**
- [Release notes](https://github.com/faye/websocket-extensions-ruby/releases)
- [Changelog](https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-ruby/compare/0.1.4...0.1.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-06-05 14:36:56 +00:00
dependabot-preview[bot]
eab36f476e [Security] Bump kaminari from 1.1.1 to 1.2.1 
Bumps [kaminari](https://github.com/kaminari/kaminari) from 1.1.1 to 1.2.1. **This update includes a security fix.**
- [Release notes](https://github.com/kaminari/kaminari/releases)
- [Changelog](https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kaminari/kaminari/compare/v1.1.1...v1.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-05-28 21:14:42 +00:00
dependabot-preview[bot]
8e36fab5ad [Security] Bump puma from 4.3.3 to 4.3.5 
Bumps [puma](https://github.com/puma/puma) from 4.3.3 to 4.3.5. **This update includes security fixes.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-05-26 16:39:43 +00:00
Javi Martín
59b625a5f9 Simplify chromedriver installation with webdrivers 
This gem will automatically install chromedriver based on the installed
version of Chrome/Chromium.
 2020-05-25 15:50:35 +02:00
Javi Martín
f89bf0c52c Bump initialjs-rails from 0.2.0.5 to 0.2.0.8 
Version 0.2.0.5 was causing comments to have invalid HTML because the
avatars had `<img>` tags with an empty `src` attribute.
 2020-05-12 23:57:57 +02:00
Javi Martín
e316ad9c96 Bump byebug to version 11.1.1 
Rails 5.1 updated the `method_source` dependency, which is incompatible
with pry 0.12.x (which some developers are using), and upgrading pry and
pry-byebug requires a more recent version of byebug.
 2020-04-24 15:43:54 +02:00
Javi Martín
1118c732f1 Bump acts-as-taggable-on to 6.0.0 
Rails 5.1 introduced certain changes in the way a record is touched when
the counter cache option is enabled in a belongs to association.

We need to upgrade acts-as-taggable-on so it keeps changing the
`updated_at` attribute when a new tag is added to a record.

Note we now need to reload the records in some cases to get the
`context_tag_list` method to return what we expect. Methods like
`context_tags` however work properly with no need to reload the record.
 2020-04-23 18:49:43 +02:00
Javi Martín
31fa6b8bde Upgrade Rails to 5.1 
Note we need to upgrade the bullet gem, although another option would be
to remove it completely.

Now we don't need the rubocop rules for deprecated methods, since using
them will raise an error and we'll be notified immediately.
 2020-04-23 18:49:43 +02:00
Javier Martín
7212f6d701 Merge pull request #3788 from consul/dependabot/bundler/capybara-3.29.0 
Bump capybara from 2.17.0 to 3.29.0
 2020-04-06 20:34:37 +02:00
dependabot-preview[bot]
781188758a Bump capybara from 2.17.0 to 3.29.0 
Bumps [capybara](https://github.com/teamcapybara/capybara) from 2.17.0 to 3.29.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/2.17.0...3.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-06 20:11:44 +02:00
dependabot-preview[bot]
73cdc60ed7 [Security] Bump json from 2.1.0 to 2.3.0 
Bumps [json](https://github.com/flori/json) from 2.1.0 to 2.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.1.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-19 16:12:36 +00:00
dependabot-preview[bot]
2fccacfb10 [Security] Bump user_agent_parser from 2.4.1 to 2.6.0 
Bumps [user_agent_parser](https://github.com/ua-parser/uap-ruby) from 2.4.1 to 2.6.0. **This update includes a security fix.**
- [Release notes](https://github.com/ua-parser/uap-ruby/releases)
- [Commits](https://github.com/ua-parser/uap-ruby/compare/v2.4.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-10 19:48:29 +01:00
dependabot-preview[bot]
41777c93e6 [Security] Bump puma from 4.3.1 to 4.3.3 
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.3. **This update includes security fixes.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-01 22:55:54 +00:00
dependabot-preview[bot]
2b0450ef4f [Security] Bump nokogiri from 1.10.7 to 1.10.8 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.7 to 1.10.8. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.7...v1.10.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-24 19:43:53 +00:00
Javier Martín
9bbed55d20 Merge pull request #3840 from consul/omniauth_csrf 
Add CSRF protection to Omniauth requests
 2020-01-28 12:52:17 +01:00
dependabot-preview[bot]
58071fd66b Bump foundation-rails from 6.4.3.0 to 6.6.1.0 
Bumps [foundation-rails](https://get.foundation) from 6.4.3.0 to 6.6.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-18 10:09:00 +00:00
Alberto
34c75fec4b Merge pull request #3606 from consul/fontawesome 
Add Font Awesome icons
 2020-01-18 11:07:03 +01:00
dependabot-preview[bot]
81883ad89d [Security] Bump rack from 2.0.7 to 2.0.8 
Bumps [rack](https://github.com/rack/rack) from 2.0.7 to 2.0.8. **This update includes a security fix.**
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.0.7...2.0.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-17 15:46:48 +00:00
dependabot-preview[bot]
a1d8dd0966 [Security] Bump puma from 4.3.0 to 4.3.1 
Bumps [puma](https://github.com/puma/puma) from 4.3.0 to 4.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.0...v4.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-12-05 19:39:57 +00:00
Javi Martín
92ea3c3d43 Bump knapsack_pro from 1.1.0 to 1.15.0 2019-12-03 14:11:19 +01:00
Javi Martín
c4ebea27a7 Add CSRF protection to Omniauth requests 
More info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
 2019-11-29 03:18:53 +01:00
Julian Herrero
be4f6bc07e Make it easier to release a new version of CONSUL 
With this change we no longer need the branch `changelog` and it will
be easier to release new versions of CONSUL.
 2019-11-23 14:06:53 +01:00
Javier Martín
98d6477481 Merge pull request #3858 from consul/dependabot/bundler/nokogiri-1.10.5 
[Security] Bump nokogiri from 1.10.4 to 1.10.5
 2019-11-20 00:11:19 +01:00
Javi Martín
442baf8384 Remove browser gem direct dependency 
While the browser gem is great, we don't need it in this case for such a
simple usage.

There are a few really small differences between this code and the old
one: matching `/MSIE/` will return true for Opera 12 and false for
certain versions of IE11. Since we're only rendering a comment for IE8
and below, we don't care about IE11, and Opera 12 is six years old and
its users won't be affected by the comment.

Note we're still using the browser gem because ahoy_matey depends on it,
but now it's an indirect dependency.
 2019-11-18 13:12:35 +01:00
Javier Martín
0824cc3f2d Merge pull request #3848 from consul/dependabot/bundler/sitemap_generator-6.0.2 
Bump sitemap_generator from 6.0.1 to 6.0.2
 2019-11-17 23:19:02 +01:00
dependabot-preview[bot]
551a2fe4e4 [Security] Bump nokogiri from 1.10.4 to 1.10.5 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.5. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 20:43:00 +00:00
Javi Martín
58befabde5 Bump puma from 4.2.1 to 4.3.0 2019-11-12 20:20:45 +01:00
dependabot-preview[bot]
18f8c96073 Bump sitemap_generator from 6.0.1 to 6.0.2 
Bumps [sitemap_generator](https://github.com/kjvarga/sitemap_generator) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/kjvarga/sitemap_generator/releases)
- [Changelog](https://github.com/kjvarga/sitemap_generator/blob/master/CHANGES.md)
- [Commits](https://github.com/kjvarga/sitemap_generator/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-11 14:12:26 +00:00
Javi Martín
f240e0073f Bump ckeditor from 4.2.4 to 4.3.0 
This version solves a security issue:

https://ckeditor.com/cke4/release/CKEditor-4.11.0

Note this version adds a `ckeditor/samples` folder, which is
automatically added to the application's assets manifest even if we
remove all CKEditor references in our application. One of the files in
that folder makes ExecJS raise a syntax error, causing every page to
raise a 500 error.
 2019-11-06 22:05:44 +01:00
Javi Martín
128a816464 Remove collaborative legislation summary 
This feature wasn't properly tested nor reviewed, and after reviewing
several pull requests with a similar status and considering this pull
request is related to the public area of the web, we've decided to
remove it before releasing version 1.1.

This commit reverts commit 4f50e67a.
 2019-11-06 17:21:03 +01:00
Julian Herrero
69838c78b9 Revert "Stop using Knapsack Pro" 
This reverts PR https://github.com/consul/consul/pull/3812
 2019-11-06 18:58:05 +07:00
Javi Martín
ed223e0bd1 Use audited to track investment changes 
Our manual implementation had a few issues. In particular, it didn't
track changes related to associations, which became more of an issue
when we made investments translatable.

Using audited gives us more functionality while at the same time
simplifies our code. However, it adds one more external dependency to
our project.

The reason for choosing audited over paper trail is audited seems to
make it easier to handle associations.
 2019-11-05 13:02:37 +01:00
Julian Herrero
5b3d40ce8e Stop using Knapsack Pro 2019-11-04 16:58:06 +07:00
dependabot-preview[bot]
3ee216ba51 [Security] Bump loofah from 2.3.0 to 2.3.1 
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.3.0 to 2.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-24 03:08:09 +00:00
Javi Martín
48cbb934c1 Bump parser to 2.6.5.0 
This version is compatible with Ruby 2.4.9.
 2019-10-23 17:46:47 +02:00
decabeza
18975a3963 Add font-awesome-sass gem 
Now can use all icons from https://fontawesome.com.
 2019-10-23 15:49:15 +02:00
Javier Martín
7a9fefb933 Merge pull request #3707 from consul/dependabot/bundler/ancestry-3.0.7 
Bump ancestry from 3.0.2 to 3.0.7
 2019-10-23 01:29:42 +02:00
dependabot-preview[bot]
4dbf38195a Bump ancestry from 3.0.2 to 3.0.7 
Bumps [ancestry](https://github.com/stefankroes/ancestry) from 3.0.2 to 3.0.7.
- [Release notes](https://github.com/stefankroes/ancestry/releases)
- [Changelog](https://github.com/stefankroes/ancestry/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefankroes/ancestry/compare/v3.0.2...v3.0.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-22 22:32:10 +00:00
Pierre Mesure
213903ad45 Replace sass-rails gem by sassc-rails 2019-10-22 21:59:14 +02:00
Javi Martín
b36e659f4e Use puma instead of unicorn 
Puma is the server we use in the development environment, so this way we
don't need to maintain two servers. Furthermore, puma seems to offer a
few advantages over unicorn (like multithreading) and no disadvantages.
 2019-10-12 16:50:49 +02:00
dependabot-preview[bot]
22e91271e5 [Security] Bump devise from 4.6.2 to 4.7.1 
Bumps [devise](https://github.com/plataformatec/devise) from 4.6.2 to 4.7.1. **This update includes a security fix.**
- [Release notes](https://github.com/plataformatec/devise/releases)
- [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/devise/compare/v4.6.2...v4.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-09 16:43:34 +00:00
Javi Martín
368f42f1a2 Revert loofah update 
We need to update other gems as well if we update this one. Dependabot
updated it automatically when updating `foundation_rails_helper`, but it
doesn't seem to be necessary.
 2019-10-08 18:46:20 +02:00