consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,211 Commits 1 Branch 0 Tags
b8e352145c9e3662dc0ec8e32944848186494de3
Commit Graph

531 Commits

Author SHA1 Message Date
Javi Martín
59b625a5f9 Simplify chromedriver installation with webdrivers 
This gem will automatically install chromedriver based on the installed
version of Chrome/Chromium.
 2020-05-25 15:50:35 +02:00
Javi Martín
f89bf0c52c Bump initialjs-rails from 0.2.0.5 to 0.2.0.8 
Version 0.2.0.5 was causing comments to have invalid HTML because the
avatars had `<img>` tags with an empty `src` attribute.
 2020-05-12 23:57:57 +02:00
Javi Martín
e316ad9c96 Bump byebug to version 11.1.1 
Rails 5.1 updated the `method_source` dependency, which is incompatible
with pry 0.12.x (which some developers are using), and upgrading pry and
pry-byebug requires a more recent version of byebug.
 2020-04-24 15:43:54 +02:00
Javi Martín
1118c732f1 Bump acts-as-taggable-on to 6.0.0 
Rails 5.1 introduced certain changes in the way a record is touched when
the counter cache option is enabled in a belongs to association.

We need to upgrade acts-as-taggable-on so it keeps changing the
`updated_at` attribute when a new tag is added to a record.

Note we now need to reload the records in some cases to get the
`context_tag_list` method to return what we expect. Methods like
`context_tags` however work properly with no need to reload the record.
 2020-04-23 18:49:43 +02:00
Javi Martín
31fa6b8bde Upgrade Rails to 5.1 
Note we need to upgrade the bullet gem, although another option would be
to remove it completely.

Now we don't need the rubocop rules for deprecated methods, since using
them will raise an error and we'll be notified immediately.
 2020-04-23 18:49:43 +02:00
Javier Martín
7212f6d701 Merge pull request #3788 from consul/dependabot/bundler/capybara-3.29.0 
Bump capybara from 2.17.0 to 3.29.0
 2020-04-06 20:34:37 +02:00
dependabot-preview[bot]
781188758a Bump capybara from 2.17.0 to 3.29.0 
Bumps [capybara](https://github.com/teamcapybara/capybara) from 2.17.0 to 3.29.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/2.17.0...3.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-06 20:11:44 +02:00
dependabot-preview[bot]
73cdc60ed7 [Security] Bump json from 2.1.0 to 2.3.0 
Bumps [json](https://github.com/flori/json) from 2.1.0 to 2.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.1.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-19 16:12:36 +00:00
dependabot-preview[bot]
2fccacfb10 [Security] Bump user_agent_parser from 2.4.1 to 2.6.0 
Bumps [user_agent_parser](https://github.com/ua-parser/uap-ruby) from 2.4.1 to 2.6.0. **This update includes a security fix.**
- [Release notes](https://github.com/ua-parser/uap-ruby/releases)
- [Commits](https://github.com/ua-parser/uap-ruby/compare/v2.4.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-10 19:48:29 +01:00
dependabot-preview[bot]
41777c93e6 [Security] Bump puma from 4.3.1 to 4.3.3 
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.3. **This update includes security fixes.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-01 22:55:54 +00:00
dependabot-preview[bot]
2b0450ef4f [Security] Bump nokogiri from 1.10.7 to 1.10.8 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.7 to 1.10.8. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.7...v1.10.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-24 19:43:53 +00:00
Javier Martín
9bbed55d20 Merge pull request #3840 from consul/omniauth_csrf 
Add CSRF protection to Omniauth requests
 2020-01-28 12:52:17 +01:00
dependabot-preview[bot]
58071fd66b Bump foundation-rails from 6.4.3.0 to 6.6.1.0 
Bumps [foundation-rails](https://get.foundation) from 6.4.3.0 to 6.6.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-18 10:09:00 +00:00
Alberto
34c75fec4b Merge pull request #3606 from consul/fontawesome 
Add Font Awesome icons
 2020-01-18 11:07:03 +01:00
dependabot-preview[bot]
81883ad89d [Security] Bump rack from 2.0.7 to 2.0.8 
Bumps [rack](https://github.com/rack/rack) from 2.0.7 to 2.0.8. **This update includes a security fix.**
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.0.7...2.0.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-01-17 15:46:48 +00:00
dependabot-preview[bot]
a1d8dd0966 [Security] Bump puma from 4.3.0 to 4.3.1 
Bumps [puma](https://github.com/puma/puma) from 4.3.0 to 4.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.0...v4.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-12-05 19:39:57 +00:00
Javi Martín
92ea3c3d43 Bump knapsack_pro from 1.1.0 to 1.15.0 2019-12-03 14:11:19 +01:00
Javi Martín
c4ebea27a7 Add CSRF protection to Omniauth requests 
More info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
 2019-11-29 03:18:53 +01:00
Julian Herrero
be4f6bc07e Make it easier to release a new version of CONSUL 
With this change we no longer need the branch `changelog` and it will
be easier to release new versions of CONSUL.
 2019-11-23 14:06:53 +01:00
Javier Martín
98d6477481 Merge pull request #3858 from consul/dependabot/bundler/nokogiri-1.10.5 
[Security] Bump nokogiri from 1.10.4 to 1.10.5
 2019-11-20 00:11:19 +01:00
Javi Martín
442baf8384 Remove browser gem direct dependency 
While the browser gem is great, we don't need it in this case for such a
simple usage.

There are a few really small differences between this code and the old
one: matching `/MSIE/` will return true for Opera 12 and false for
certain versions of IE11. Since we're only rendering a comment for IE8
and below, we don't care about IE11, and Opera 12 is six years old and
its users won't be affected by the comment.

Note we're still using the browser gem because ahoy_matey depends on it,
but now it's an indirect dependency.
 2019-11-18 13:12:35 +01:00
Javier Martín
0824cc3f2d Merge pull request #3848 from consul/dependabot/bundler/sitemap_generator-6.0.2 
Bump sitemap_generator from 6.0.1 to 6.0.2
 2019-11-17 23:19:02 +01:00
dependabot-preview[bot]
551a2fe4e4 [Security] Bump nokogiri from 1.10.4 to 1.10.5 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.5. **This update includes a security fix.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-17 20:43:00 +00:00
Javi Martín
58befabde5 Bump puma from 4.2.1 to 4.3.0 2019-11-12 20:20:45 +01:00
dependabot-preview[bot]
18f8c96073 Bump sitemap_generator from 6.0.1 to 6.0.2 
Bumps [sitemap_generator](https://github.com/kjvarga/sitemap_generator) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/kjvarga/sitemap_generator/releases)
- [Changelog](https://github.com/kjvarga/sitemap_generator/blob/master/CHANGES.md)
- [Commits](https://github.com/kjvarga/sitemap_generator/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-11-11 14:12:26 +00:00
Javi Martín
f240e0073f Bump ckeditor from 4.2.4 to 4.3.0 
This version solves a security issue:

https://ckeditor.com/cke4/release/CKEditor-4.11.0

Note this version adds a `ckeditor/samples` folder, which is
automatically added to the application's assets manifest even if we
remove all CKEditor references in our application. One of the files in
that folder makes ExecJS raise a syntax error, causing every page to
raise a 500 error.
 2019-11-06 22:05:44 +01:00
Javi Martín
128a816464 Remove collaborative legislation summary 
This feature wasn't properly tested nor reviewed, and after reviewing
several pull requests with a similar status and considering this pull
request is related to the public area of the web, we've decided to
remove it before releasing version 1.1.

This commit reverts commit 4f50e67a.
 2019-11-06 17:21:03 +01:00
Julian Herrero
69838c78b9 Revert "Stop using Knapsack Pro" 
This reverts PR https://github.com/consul/consul/pull/3812
 2019-11-06 18:58:05 +07:00
Javi Martín
ed223e0bd1 Use audited to track investment changes 
Our manual implementation had a few issues. In particular, it didn't
track changes related to associations, which became more of an issue
when we made investments translatable.

Using audited gives us more functionality while at the same time
simplifies our code. However, it adds one more external dependency to
our project.

The reason for choosing audited over paper trail is audited seems to
make it easier to handle associations.
 2019-11-05 13:02:37 +01:00
Julian Herrero
5b3d40ce8e Stop using Knapsack Pro 2019-11-04 16:58:06 +07:00
dependabot-preview[bot]
3ee216ba51 [Security] Bump loofah from 2.3.0 to 2.3.1 
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.3.0 to 2.3.1. **This update includes a security fix.**
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-24 03:08:09 +00:00
Javi Martín
48cbb934c1 Bump parser to 2.6.5.0 
This version is compatible with Ruby 2.4.9.
 2019-10-23 17:46:47 +02:00
decabeza
18975a3963 Add font-awesome-sass gem 
Now can use all icons from https://fontawesome.com.
 2019-10-23 15:49:15 +02:00
Javier Martín
7a9fefb933 Merge pull request #3707 from consul/dependabot/bundler/ancestry-3.0.7 
Bump ancestry from 3.0.2 to 3.0.7
 2019-10-23 01:29:42 +02:00
dependabot-preview[bot]
4dbf38195a Bump ancestry from 3.0.2 to 3.0.7 
Bumps [ancestry](https://github.com/stefankroes/ancestry) from 3.0.2 to 3.0.7.
- [Release notes](https://github.com/stefankroes/ancestry/releases)
- [Changelog](https://github.com/stefankroes/ancestry/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefankroes/ancestry/compare/v3.0.2...v3.0.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-22 22:32:10 +00:00
Pierre Mesure
213903ad45 Replace sass-rails gem by sassc-rails 2019-10-22 21:59:14 +02:00
Javi Martín
b36e659f4e Use puma instead of unicorn 
Puma is the server we use in the development environment, so this way we
don't need to maintain two servers. Furthermore, puma seems to offer a
few advantages over unicorn (like multithreading) and no disadvantages.
 2019-10-12 16:50:49 +02:00
dependabot-preview[bot]
22e91271e5 [Security] Bump devise from 4.6.2 to 4.7.1 
Bumps [devise](https://github.com/plataformatec/devise) from 4.6.2 to 4.7.1. **This update includes a security fix.**
- [Release notes](https://github.com/plataformatec/devise/releases)
- [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/devise/compare/v4.6.2...v4.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-09 16:43:34 +00:00
Javi Martín
368f42f1a2 Revert loofah update 
We need to update other gems as well if we update this one. Dependabot
updated it automatically when updating `foundation_rails_helper`, but it
doesn't seem to be necessary.
 2019-10-08 18:46:20 +02:00
Javier Martín
2c80c05372 Merge pull request #3739 from consul/dependabot/bundler/rubocop-0.75.0 
Bump rubocop from 0.60.0 to 0.75.0
 2019-10-08 13:20:01 +02:00
Javi Martín
63d31f47c7 Add missing rubocop dependencies 
Rails and performance cops have been extracted to separate gems.

Note in the past we had to add these lines in order to activate Rails
cops:

```
Rails:
  Enabled: true
```

But we didn't do it, and so Rails cops were ignored.

With the new version, it's enough to require `rubocop-rails`.
 2019-10-08 12:42:46 +02:00
dependabot-preview[bot]
26201d4fc2 Bump foundation_rails_helper from 2.0.0 to 3.0.0 
Bumps [foundation_rails_helper](https://github.com/sgruhier/foundation_rails_helper) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/sgruhier/foundation_rails_helper/releases)
- [Changelog](https://github.com/sgruhier/foundation_rails_helper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sgruhier/foundation_rails_helper/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-03 03:22:21 +00:00
dependabot-preview[bot]
d827946a10 Bump rubocop from 0.60.0 to 0.75.0 
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.60.0 to 0.75.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.60.0...v0.75.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-01 14:32:18 +00:00
dependabot-preview[bot]
235ee0fb83 [Security] Bump rubyzip from 1.2.2 to 1.3.0 
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 1.3.0. **This update includes a security fix.**
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v1.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-01 13:06:28 +00:00
dependabot-preview[bot]
dde9caf7fd Merge pull request #3706 from consul/dependabot/bundler/rubocop-rspec-1.35.0 2019-09-19 15:03:06 +00:00
dependabot-preview[bot]
21634cf4fe Bump rubocop-rspec from 1.33.0 to 1.35.0 
Bumps [rubocop-rspec](https://github.com/rubocop-hq/rubocop-rspec) from 1.33.0 to 1.35.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-rspec/compare/v1.33.0...v1.35.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-16 16:47:42 +00:00
dependabot-preview[bot]
3786adc8ad Bump puma from 3.12.1 to 4.1.1 
Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 4.1.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.12.1...v4.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-16 16:46:40 +00:00
dependabot-preview[bot]
32df471946 Bump paranoia from 2.4.1 to 2.4.2 
Bumps [paranoia](https://github.com/rubysherpas/paranoia) from 2.4.1 to 2.4.2.
- [Release notes](https://github.com/rubysherpas/paranoia/releases)
- [Changelog](https://github.com/rubysherpas/paranoia/blob/core/CHANGELOG.md)
- [Commits](https://github.com/rubysherpas/paranoia/compare/v2.4.1...v2.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-13 17:37:28 +00:00
Javier Martín
edb51c09c2 Merge pull request #3442 from consul/dependabot/bundler/i18n-tasks-0.9.29 
Bump i18n-tasks from 0.9.25 to 0.9.29
 2019-09-13 19:35:37 +02:00
dependabot-preview[bot]
f0d4565815 Bump email_spec from 2.1.1 to 2.2.0 
Bumps [email_spec](https://github.com/email-spec/email-spec) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/email-spec/email-spec/releases)
- [Changelog](https://github.com/email-spec/email-spec/blob/master/Changelog.md)
- [Commits](https://github.com/email-spec/email-spec/compare/v2.1.1...v2.2.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2019-09-12 21:18:16 +00:00