consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,301 Commits 1 Branch 0 Tags
703e28e6cdce8d67be8efacd9f67a5f85cd2b9cc
Commit Graph

17301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Javi Martín
611d729080 Enable per form CSRF tokens 
This is the default for new Rails application, and adds an extra layer
of security since now the token will only be valid for its action, and
so attackers managing to change the form action will not do any harm
since the CSRF token will not work for the attackers' action.

Note that we've had InvalidAuthenticityToken exceptions for years; if we
keep getting them, chances are this change is *not* related.
 2020-10-04 15:47:20 +02:00
Javi Martín
53ddd046d9 Add "load_defaults" method and undo what it does 
The goal here is to have a notion on what the defaults are in a Rails 5
application, know why our application is working in a different way
(it's because these defaults aren't loaded in an application which was
originally developed using Rails 4), and have an explicit list of things
we are overwriting.

Furthermore, running the `app:update` rake task to upgrade to Rails 5.2
will by default add the line loading default options for Rails 5.0, so
by adopting those default options we prevent accidental mistakes when
upgrading.

We'll have to review these items and see which ones can be changed to
their default values for Rails 5 applications.
 2020-10-04 15:47:20 +02:00
Javi Martín
937638f281 Merge pull request #4176 from consul/dependabot/bundler/pg-1.2.3 
Bump pg from 0.21.0 to 1.0.0
 2020-10-04 15:38:55 +02:00
dependabot-preview[bot]
276703d35c Bump pg from 0.21.0 to 1.0.0 
Bumps [pg](https://github.com/ged/ruby-pg) from 0.21.0 to 1.0.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v0.21.0...v1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-04 15:21:06 +02:00
Javi Martín
0f0c44d377 Merge pull request #4089 from consul/dependabot/bundler/responders-3.0.1 
Bump responders from 2.4.1 to 3.0.1
 2020-10-04 15:01:06 +02:00
dependabot-preview[bot]
d29a62997c Bump responders from 2.4.1 to 3.0.1 
Bumps [responders](https://github.com/heartcombo/responders) from 2.4.1 to 3.0.1.
- [Release notes](https://github.com/heartcombo/responders/releases)
- [Changelog](https://github.com/heartcombo/responders/blob/master/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/responders/compare/v2.4.1...v3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-04 12:34:29 +00:00
Javi Martín
603527abed Merge pull request #4143 from consul/travis.com 
Update Travis badge to use travis-ci.com
 2020-10-02 19:50:54 +02:00
Javi Martín
afeb071d32 Merge pull request #4192 from consul/harmony 
Use Harmony mode in uglifier for ES2015+ support
 2020-10-02 19:13:43 +02:00
Javi Martín
4bb1b3a6c3 Use Harmony mode in uglifier for ES2015+ support 
Recent versions of graphql-rails updated React to a version which
requires this mode so it can be compiled on production.

So we enable this mode is described in the Uglifier README [2].

[1] https://github.com/lautis/uglifier/tree/v4.2.0#es6--es2015--harmony-mode
 2020-10-02 14:07:05 +02:00
Javi Martín
a8b892b6bf Merge pull request #4189 from consul/dependabot/bundler/graphql-1.11.5 
Bump graphql from 1.7.8 to 1.11.5
 2020-10-02 13:16:13 +02:00
dependabot-preview[bot]
996f28dfc7 Bump graphql from 1.7.8 to 1.11.5 
Bumps [graphql](https://github.com/rmosolgo/graphql-ruby) from 1.7.8 to 1.11.5.
- [Release notes](https://github.com/rmosolgo/graphql-ruby/releases)
- [Changelog](https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rmosolgo/graphql-ruby/compare/v1.7.8...v1.11.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-02 10:50:37 +00:00
Javi Martín
9071c9e3a3 Merge pull request #3288 from consul/dependabot/bundler/graphiql-rails-1.7.0 
Bump graphiql-rails from 1.4.8 to 1.7.0
 2020-10-02 12:48:47 +02:00
Javi Martín
8868df0635 Merge pull request #4167 from consul/dependabot/bundler/redcarpet-3.5.0 
Bump redcarpet from 3.4.0 to 3.5.0
 2020-09-29 15:16:51 +02:00
dependabot-preview[bot]
274950f526 Bump redcarpet from 3.4.0 to 3.5.0 
Bumps [redcarpet](https://github.com/vmg/redcarpet) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/vmg/redcarpet/releases)
- [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vmg/redcarpet/compare/v3.4.0...v3.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-29 12:04:05 +00:00
Javi Martín
dbb3185564 Merge pull request #4182 from consul/dependabot/bundler/rollbar-3.0.0 
Bump rollbar from 2.27.0 to 3.0.0
 2020-09-29 14:01:46 +02:00
Javi Martín
a2e1041424 Merge pull request #4164 from consul/dependabot/bundler/dalli-2.7.11 
Bump dalli from 2.7.6 to 2.7.10
 2020-09-29 13:30:22 +02:00
dependabot-preview[bot]
dccaadd992 Bump dalli from 2.7.6 to 2.7.10 
Bumps [dalli](https://github.com/petergoldstein/dalli) from 2.7.6 to 2.7.10.
- [Release notes](https://github.com/petergoldstein/dalli/releases)
- [Changelog](https://github.com/petergoldstein/dalli/blob/master/History.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v2.7.6...v2.7.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-29 13:07:45 +02:00
dependabot-preview[bot]
ecf1615577 Bump rollbar from 2.27.0 to 3.0.0 
Bumps [rollbar](https://github.com/rollbar/rollbar-gem) from 2.27.0 to 3.0.0.
- [Release notes](https://github.com/rollbar/rollbar-gem/releases)
- [Changelog](https://github.com/rollbar/rollbar-gem/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollbar/rollbar-gem/compare/v2.27.0...v3.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 21:36:35 +00:00
Javi Martín
4d9592878b Merge pull request #4184 from consul/dependabot/bundler/sitemap_generator-6.1.2 
Bump sitemap_generator from 6.0.2 to 6.1.2
 2020-09-28 23:34:21 +02:00
Javi Martín
bf2cbc5eae Merge pull request #4183 from consul/dependabot/bundler/webdrivers-4.4.1 
Bump webdrivers from 4.3.0 to 4.4.1
 2020-09-28 23:20:00 +02:00
dependabot-preview[bot]
c1d08cbd73 Bump sitemap_generator from 6.0.2 to 6.1.2 
Bumps [sitemap_generator](https://github.com/kjvarga/sitemap_generator) from 6.0.2 to 6.1.2.
- [Release notes](https://github.com/kjvarga/sitemap_generator/releases)
- [Changelog](https://github.com/kjvarga/sitemap_generator/blob/master/CHANGES.md)
- [Commits](https://github.com/kjvarga/sitemap_generator/compare/v6.0.2...v6.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 20:06:34 +00:00
dependabot-preview[bot]
1332e0b784 Bump webdrivers from 4.3.0 to 4.4.1 
Bumps [webdrivers](https://github.com/titusfortner/webdrivers) from 4.3.0 to 4.4.1.
- [Release notes](https://github.com/titusfortner/webdrivers/releases)
- [Changelog](https://github.com/titusfortner/webdrivers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/titusfortner/webdrivers/compare/v4.3.0...v4.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 20:05:45 +00:00
Javi Martín
68ee534b4f Merge pull request #4181 from consul/dependabot/bundler/rinku-2.0.6 
Bump rinku from 2.0.4 to 2.0.6
 2020-09-28 22:00:26 +02:00
Javi Martín
8b8816d420 Merge pull request #4178 from consul/dependabot/bundler/byebug-11.1.3 
Bump byebug from 11.1.1 to 11.1.3
 2020-09-28 21:53:54 +02:00
dependabot-preview[bot]
7e0f8411d8 Bump graphiql-rails from 1.4.8 to 1.7.0 
Bumps [graphiql-rails](https://github.com/rmosolgo/graphiql-rails) from 1.4.8 to 1.7.0.
- [Release notes](https://github.com/rmosolgo/graphiql-rails/releases)
- [Changelog](https://github.com/rmosolgo/graphiql-rails/blob/master/changelog.md)
- [Commits](https://github.com/rmosolgo/graphiql-rails/compare/v1.4.8...v1.7.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2020-09-28 19:50:06 +00:00
Javi Martín
d3e4f1a2d7 Merge pull request #4179 from consul/dependabot/bundler/github_changelog_generator-1.15.2 
Bump github_changelog_generator from 1.15.0 to 1.15.2
 2020-09-28 21:48:28 +02:00
dependabot-preview[bot]
92aadbaf69 Bump rinku from 2.0.4 to 2.0.6 
Bumps [rinku](https://github.com/vmg/rinku) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/vmg/rinku/releases)
- [Commits](https://github.com/vmg/rinku/compare/v2.0.4...v2.0.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:35:52 +00:00
dependabot-preview[bot]
74f680ac95 Bump github_changelog_generator from 1.15.0 to 1.15.2 
Bumps [github_changelog_generator](https://github.com/github-changelog-generator/Github-Changelog-Generator) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/github-changelog-generator/Github-Changelog-Generator/releases)
- [Changelog](https://github.com/github-changelog-generator/github-changelog-generator/blob/master/CHANGELOG.md)
- [Commits](https://github.com/github-changelog-generator/Github-Changelog-Generator/compare/v1.15.0...v1.15.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:34:20 +00:00
dependabot-preview[bot]
39fd26e203 Bump byebug from 11.1.1 to 11.1.3 
Bumps [byebug](https://github.com/deivid-rodriguez/byebug) from 11.1.1 to 11.1.3.
- [Release notes](https://github.com/deivid-rodriguez/byebug/releases)
- [Changelog](https://github.com/deivid-rodriguez/byebug/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deivid-rodriguez/byebug/compare/v11.1.1...v11.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:33:40 +00:00
Javi Martín
d1b0968f0f Merge pull request #4177 from consul/dependabot/bundler/invisible_captcha-1.1.0 
Bump invisible_captcha from 0.10.0 to 1.1.0
 2020-09-28 20:28:09 +02:00
Javi Martín
7e0d15e123 Merge pull request #4175 from consul/dependabot/bundler/uglifier-4.2.0 
Bump uglifier from 4.1.19 to 4.2.0
 2020-09-28 20:12:12 +02:00
dependabot-preview[bot]
671af856bd Bump invisible_captcha from 0.10.0 to 1.1.0 
Bumps [invisible_captcha](https://github.com/markets/invisible_captcha) from 0.10.0 to 1.1.0.
- [Release notes](https://github.com/markets/invisible_captcha/releases)
- [Changelog](https://github.com/markets/invisible_captcha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/markets/invisible_captcha/compare/v0.10.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 17:31:07 +00:00
Javi Martín
2d1865c79f Merge pull request #4162 from consul/dependabot/bundler/acts_as_votable-0.12.1 
Bump acts_as_votable from 0.11.1 to 0.12.1
 2020-09-28 19:26:10 +02:00
Javi Martín
47d12332c4 Merge pull request #4152 from consul/dependabot/bundler/spring-2.1.1 
Bump spring from 2.0.2 to 2.1.1
 2020-09-28 18:59:58 +02:00
dependabot-preview[bot]
d5c5f6cf78 Bump acts_as_votable from 0.11.1 to 0.12.1 
Bumps [acts_as_votable](https://github.com/ryanto/acts_as_votable) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/ryanto/acts_as_votable/releases)
- [Commits](https://github.com/ryanto/acts_as_votable/compare/v0.11.1...v0.12.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 16:58:33 +00:00
Javi Martín
c4f8efaa36 Merge pull request #4147 from consul/dependabot/bundler/ancestry-3.2.1 
Bump ancestry from 3.0.7 to 3.2.1
 2020-09-28 18:56:36 +02:00
dependabot-preview[bot]
de69b52a46 Bump spring from 2.0.2 to 2.1.1 
Bumps [spring](https://github.com/rails/spring) from 2.0.2 to 2.1.1.
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/spring/compare/v2.0.2...v2.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 16:26:58 +00:00
dependabot-preview[bot]
b55f2f3d8f Bump ancestry from 3.0.7 to 3.2.1 
Bumps [ancestry](https://github.com/stefankroes/ancestry) from 3.0.7 to 3.2.1.
- [Release notes](https://github.com/stefankroes/ancestry/releases)
- [Changelog](https://github.com/stefankroes/ancestry/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefankroes/ancestry/compare/v3.0.7...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 16:21:47 +00:00
Javi Martín
72c34c6193 Merge pull request #4174 from consul/dependabot/bundler/launchy-2.5.0 
Bump launchy from 2.4.3 to 2.5.0
 2020-09-28 18:21:29 +02:00
dependabot-preview[bot]
0e1b4cb570 Bump uglifier from 4.1.19 to 4.2.0 
Bumps [uglifier](https://github.com/lautis/uglifier) from 4.1.19 to 4.2.0.
- [Release notes](https://github.com/lautis/uglifier/releases)
- [Changelog](https://github.com/lautis/uglifier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lautis/uglifier/compare/v4.1.19...v4.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 15:50:45 +00:00
dependabot-preview[bot]
ad0ba877e8 Bump launchy from 2.4.3 to 2.5.0 
Bumps [launchy](https://github.com/copiousfreetime/launchy) from 2.4.3 to 2.5.0.
- [Release notes](https://github.com/copiousfreetime/launchy/releases)
- [Changelog](https://github.com/copiousfreetime/launchy/blob/master/README.md)
- [Commits](https://github.com/copiousfreetime/launchy/compare/v2.4.3...v2.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 15:49:46 +00:00
Javi Martín
04824c7e97 Merge pull request #4165 from consul/dependabot/bundler/puma-4.3.6 
Bump puma from 4.3.5 to 4.3.6
 2020-09-28 17:44:43 +02:00
Javi Martín
82f88c37e0 Merge pull request #4108 from consul/dependabot/bundler/rspec-rails-4.0.1 
Bump rspec-rails from 3.8.2 to 4.0.1
 2020-09-28 17:38:37 +02:00
dependabot-preview[bot]
1d34b92048 Bump rspec-rails from 3.8.2 to 4.0.1 
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.8.2 to 4.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.8.2...v4.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 15:05:48 +00:00
dependabot-preview[bot]
538966bf19 Bump puma from 4.3.5 to 4.3.6 
Bumps [puma](https://github.com/puma/puma) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.5...v4.3.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 15:05:21 +00:00
Javi Martín
32f2b4dace Merge pull request #4166 from consul/dependabot/bundler/capybara-3.33.0 
Bump capybara from 3.29.0 to 3.33.0
 2020-09-28 17:03:25 +02:00
dependabot-preview[bot]
2d4ff72d06 Bump capybara from 3.29.0 to 3.33.0 
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.29.0 to 3.33.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.29.0...3.33.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 14:38:29 +00:00
Javi Martín
2d59f5eda6 Merge pull request #4169 from consul/dependabot/bundler/selenium-webdriver-3.142.7 
Bump selenium-webdriver from 3.141.0 to 3.142.7
 2020-09-28 16:36:29 +02:00
dependabot-preview[bot]
b0b3a9c934 Bump selenium-webdriver from 3.141.0 to 3.142.7 
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 3.141.0 to 3.142.7.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 13:07:00 +00:00
Javi Martín
087a756c63 Merge pull request #4149 from consul/dependabot/bundler/letter_opener_web-1.4.0 
Bump letter_opener_web from 1.3.4 to 1.4.0
 2020-09-28 14:23:17 +02:00