consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,957 Commits 1 Branch 0 Tags
390c749d24ac20b99b7fa97585ddc48107e15c8c
Commit Graph

19957 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
772b208c36 Bump autoprefixer-rails from 10.4.16.0 to 10.4.19.0 
Bumps [autoprefixer-rails](https://github.com/ai/autoprefixer-rails) from 10.4.16.0 to 10.4.19.0.
- [Changelog](https://github.com/ai/autoprefixer-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ai/autoprefixer-rails/compare/10.4.16.0...10.4.19.0)

---
updated-dependencies:
- dependency-name: autoprefixer-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-05 14:18:39 +00:00
Javi Martín
773bc229f5 Merge pull request #5597 from consuldemocracy/dependabot/bundler/caxlsx_rails-0.6.4 
Bump caxlsx_rails from 0.6.3 to 0.6.4
 2024-10-05 16:15:38 +02:00
dependabot[bot]
fed9a09bcf Bump caxlsx_rails from 0.6.3 to 0.6.4 
Bumps [caxlsx_rails](https://github.com/caxlsx/caxlsx_rails) from 0.6.3 to 0.6.4.
- [Changelog](https://github.com/caxlsx/caxlsx_rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caxlsx/caxlsx_rails/compare/v0.6.3...v0.6.4)

---
updated-dependencies:
- dependency-name: caxlsx_rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-05 13:53:06 +00:00
Javi Martín
b1d04a48dc Merge pull request #5513 from consuldemocracy/dependabot/bundler/devise-4.9.4 
Bump devise from 4.9.3 to 4.9.4
 2024-10-05 15:29:24 +02:00
dependabot[bot]
7d8c22716b Bump devise from 4.9.3 to 4.9.4 
Bumps [devise](https://github.com/heartcombo/devise) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/heartcombo/devise/releases)
- [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/devise/compare/v4.9.3...v4.9.4)

---
updated-dependencies:
- dependency-name: devise
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-05 13:07:18 +00:00
Javi Martín
7902a43763 Merge pull request #5732 from consuldemocracy/dependabot/npm_and_yarn/stylistic/stylelint-plugin-3.1.1 
Bump @stylistic/stylelint-plugin from 2.1.2 to 3.1.1
 2024-10-04 20:52:52 +02:00
dependabot[bot]
949eaf449b Bump @stylistic/stylelint-plugin from 2.1.2 to 3.1.1 
Bumps [@stylistic/stylelint-plugin](https://github.com/stylelint-stylistic/stylelint-stylistic) from 2.1.2 to 3.1.1.
- [Release notes](https://github.com/stylelint-stylistic/stylelint-stylistic/releases)
- [Changelog](https://github.com/stylelint-stylistic/stylelint-stylistic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint-stylistic/stylelint-stylistic/compare/v2.1.2...v3.1.1)

---
updated-dependencies:
- dependency-name: "@stylistic/stylelint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-04 18:29:30 +00:00
Javi Martín
1846f09b08 Merge pull request #5647 from consuldemocracy/dependabot/bundler/email_spec-2.3.0 
Bump email_spec from 2.2.2 to 2.3.0
 2024-10-04 20:27:23 +02:00
dependabot[bot]
a715f52c7c Bump email_spec from 2.2.2 to 2.3.0 
Bumps [email_spec](https://github.com/email-spec/email-spec) from 2.2.2 to 2.3.0.
- [Changelog](https://github.com/email-spec/email-spec/blob/main/CHANGELOG.md)
- [Commits](https://github.com/email-spec/email-spec/compare/v2.2.2...v2.3.0)

---
updated-dependencies:
- dependency-name: email_spec
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-04 18:03:16 +00:00
Javi Martín
e29984c797 Merge pull request #5669 from consuldemocracy/dependabot/bundler/knapsack_pro-7.8.0 
Bump knapsack_pro from 7.6.2 to 7.8.0
 2024-10-04 19:58:10 +02:00
dependabot[bot]
ca6acde255 Bump knapsack_pro from 7.6.2 to 7.8.0 
Bumps [knapsack_pro](https://github.com/KnapsackPro/knapsack_pro-ruby) from 7.6.2 to 7.8.0.
- [Changelog](https://github.com/KnapsackPro/knapsack_pro-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/KnapsackPro/knapsack_pro-ruby/compare/v7.6.2...v7.8.0)

---
updated-dependencies:
- dependency-name: knapsack_pro
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-04 17:36:58 +00:00
Javi Martín
80439e9fdc Merge pull request #5646 from consuldemocracy/dependabot/bundler/erb_lint-0.6.0 
Bump erb_lint from 0.5.0 to 0.6.0
 2024-10-04 19:34:51 +02:00
dependabot[bot]
fa16176f48 Bump erb_lint from 0.5.0 to 0.6.0 
Bumps [erb_lint](https://github.com/Shopify/erb-lint) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/Shopify/erb-lint/releases)
- [Commits](https://github.com/Shopify/erb-lint/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: erb_lint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-04 17:11:33 +00:00
Javi Martín
d8e7454f1a Merge pull request #5624 from consuldemocracy/dependabot/bundler/faker-3.4.2 
Bump faker from 3.4.1 to 3.4.2
 2024-10-04 19:09:52 +02:00
dependabot[bot]
48fd5ab3d0 Bump faker from 3.4.1 to 3.4.2 
Bumps [faker](https://github.com/faker-ruby/faker) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-04 16:47:52 +00:00
Sebastia
8d9876327f Merge pull request #5727 from consuldemocracy/release_2.2.1 
Release version 2.2.1
 2024-10-04 14:15:27 +02:00
taitus
2408caf9da Release version 2.2.1 2024-10-03 20:04:22 +02:00
Javi Martín
347b7b3126 Merge pull request #5728 from consuldemocracy/fix_user_content_translations_images 
Fix images layout in user content translations
 2024-10-03 19:58:54 +02:00
Sebastia
1d6c38f44c Merge pull request #5729 from consuldemocracy/i18n_crowdin 
Update translations from Crowdin
 2024-10-03 19:47:38 +02:00
Consul Bot
b470a50496 Update translations from Crowdin 2024-10-03 19:06:23 +02:00
Javi Martín
b5d3df5ee5 Fix images layout in user content translations 
Depending on the size of the window, these images can look pretty bad
when they're displayed right after some text, since on GitBook they
might appear in the middle of the paragraph.
 2024-10-03 14:14:10 +02:00
Sebastia
c6e239b13e Merge pull request #5710 from consuldemocracy/user_content_translations_docs 
Update user content translations documentation
 2024-10-02 16:02:18 +02:00
taitus
9c191890ae Improve user content translations docs 
Note that a step suggesting to run a rake task has been removed,
which is no longer necessary.
 2024-10-02 15:59:38 +02:00
Sebastia
255e0c963e Merge pull request #5709 from consuldemocracy/local_census_docs 
Update local census documentation
 2024-10-02 14:00:51 +02:00
taitus
f5f4eefc58 Improve local census documentation 2024-10-02 12:50:21 +02:00
Sebastia
7f5dff278e Merge pull request #5708 from consuldemocracy/configure_census_conection_docs 
Update remote census configuration documentation
 2024-10-02 12:02:19 +02:00
taitus
d23b1e9856 Update remote census configuration docs 
Remove some unhelpful images from the documentation.
 2024-10-02 11:57:15 +02:00
Sebastia
3b41a6610f Merge pull request #5707 from consuldemocracy/oauth-docs 
Update OAuth documentation
 2024-09-30 19:30:19 +02:00
taitus
bd6bdfcff8 Improve oauth docs 2024-09-30 19:28:06 +02:00
Sebastia
4114dcfb9d Merge pull request #5696 from consuldemocracy/servers-docs 
Update documentation for Production and Staging servers
 2024-09-30 19:19:06 +02:00
taitus
ff74960ba3 Update mail server configuration instructions 2024-09-30 18:25:07 +02:00
taitus
c267679aeb Update Heroku instructions 
Note that the variable related with the "hostname" is removed
from the Heroku instructions as it is not necessary to configure
the Bucket.
 2024-09-30 18:25:07 +02:00
taitus
c27a32a5f3 Update digital ocean instructions 2024-09-30 18:25:07 +02:00
taitus
6316938e3b Update manual installation instructions 2024-09-30 18:25:07 +02:00
taitus
cee4f3f027 Update ssh key instructions 2024-09-30 18:25:07 +02:00
taitus
d425b88f26 Update create deploy user instructions 2024-09-30 18:25:07 +02:00
taitus
81ab194831 Update installer installation instructions 2024-09-30 18:25:07 +02:00
taitus
ac23dc162f Update servers installation instructions 2024-09-30 18:25:07 +02:00
Javi Martín
06c15ef481 Merge pull request #5695 from consuldemocracy/graphql_docs 
Update GraphQL documentation
 2024-09-30 12:23:37 +02:00
Javi Martín
7b393a8f89 Merge pull request #5706 from consuldemocracy/graphql_limits 
Bring back GraphQL security limits
 2024-09-30 12:19:51 +02:00
Javi Martín
d00b431f58 Move GraphQL code examples to the GraphQL docs 
While this leads to a bit of duplication, since now the same code is in
both the Spanish and English texts, and it makes it harder to actually
run the code, it'll make it easier for people reading the documentation
to find the code, and we get rid of the confusingly-named `doc/` folder.
 2024-09-30 12:09:08 +02:00
Javi Martín
a5aa39f6e2 Update GraphQL documentation 
We don't use the `config/api.yml` file since commit c984e666f, and the
`.delete("\n").delete(" ")` in the code examples isn't necessary (we
should have probably added it in commit 56e42f209).

We're also changing the responses so there are no references to any
specific city.
 2024-09-30 12:09:08 +02:00
Javi Martín
5f80a75161 Limit GraphQL queries complexity once again 
We accidentally removed the code for maximum complexity in commit
c984e666f. As mentioned in the documentation:

> The main risk factor is multiple collections of resources being
> requested in the same query.

We reject these requests by limiting the complexity.

The `max_complexity` option depends on the page size being set. Without
it, we get an error:

```
Can't calculate complexity for User.public_debates, no `first:`,
`last:`, `max_page_size` or `default_max_page_size`
```

So we're also adding a default max page size.

Note that the documentation mentioned that the default page size was 25.
However, before commit c984e666f, we were using a page size of 50 in
some cases. We're going with the one mentioned in the documentation
since we don't fully understand the old code.
 2024-09-30 12:06:42 +02:00
Javi Martín
90bb7484a5 Add max_depth limit to GraphQL queries once again 
We accidentally removed this code in commit c984e666f. As mentioned in
our GraphQL documentation, limiting the depth of the queries helps
against DoS attacks.
 2024-09-30 11:52:39 +02:00
Javi Martín
d28854802e Merge pull request #5637 from consuldemocracy/api_public_find 
Make sure we only return public records in the API
 2024-09-30 11:52:01 +02:00
Javi Martín
b01364d26b Make sure we only return public records in the API 
When returning a collection of records in the API, we were making sure
we only returned public ones. However, when returning individual
records, we were not checking that.

In practice, this wasn't a big issue, since most `public_for_api`
methods return all records, but it could affect Consul Democracy
installations which might have customized their `public_for_api` method.
The only exception was the `budget` method, since it was returning
budgets that were still in drafting.
 2024-09-30 11:35:15 +02:00
Javi Martín
ba558b1490 Reorganize graphql specs 
Back in commit c984e666f, we reorganized the code related to the GraphQL
API, but we didn't reorganize the tests.

So we're doing it now, since we're going to fix a potential issue and
add some tests for it.
 2024-09-30 11:35:15 +02:00
Javi Martín
b1b963f90a Fix public_for_api association tests 
These tests were always passing because they were stubbing the response
of the same method they were testing. For example, we were testing the
result of `Comment.public_for_api` and stubbing it at the same time.

So we're now stubbing the result of the associations; for example, in
order to test `Comment.public_for_api`, we're stubbing the response of
`Debate.public_for_api`. Now the tests fail if, for instance, the
implementation of `Comment.public_for_api` returns all comments.
 2024-09-30 11:35:15 +02:00
Javi Martín
b44d217b00 Merge pull request #5571 from cyrillefr/Cannot_Access_Budget_Investments_Using_The_GraphQ_LAPI 
Add new GraphQL types for budget investments
 2024-09-30 11:33:39 +02:00
cyrillefr
18323a36c3 Add new GraphQL type for milestones 
- added the milestone type to be displayed with investments
- the corresponding spec
 2024-09-30 11:14:01 +02:00