consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,014 Commits 1 Branch 0 Tags
c614b0bc97c8b8ed98dc3888a8484ab41e81c12c
Commit Graph

18014 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Javi Martín
2d9f679105 Use Rails 5.2 schema format 2020-10-15 14:46:20 +02:00
Javi Martín
3267c81ba0 Upgrade to Rails 5.2 
All the code in the `bin/` and the `config/` folder has been generated
running `rake app:update`, except the `escape_javascript_fix` file,
which we've removed since the code there is already included in Rails
5.2.
 2020-10-15 14:46:20 +02:00
Javi Martín
e4d21ba148 Merge pull request #4173 from consul/dependabot/bundler/rubocop-performance-1.7.1 
Bump rubocop-performance from 1.6.1 to 1.7.1
 2020-10-11 20:15:08 +02:00
dependabot-preview[bot]
d73d9052c8 Bump rubocop-performance from 1.6.1 to 1.7.1 
Bumps [rubocop-performance](https://github.com/rubocop-hq/rubocop-performance) from 1.6.1 to 1.7.1.
- [Release notes](https://github.com/rubocop-hq/rubocop-performance/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop-performance/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-performance/compare/v1.6.1...v1.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-11 17:04:27 +00:00
Javi Martín
9efec56635 Merge pull request #4141 from consul/load_defaults 
Use Rails 5 default settings
 2020-10-06 15:34:24 +02:00
Javi Martín
5c0ba0b04c Generate local forms with form_with by default 
We're not replacing `form_for` with `form_with` for now, and even if we
did, most of our forms are not remote, so making them remote by default
would be inconvenient.
 2020-10-04 15:47:20 +02:00
Javi Martín
905ac48bb9 Raise an exception when an asset is not found 
This is the default in Rails 5.1 applications. If we want to use an
asset in the public folder, we need to add the `public_folder: true`
option, making it clear that we don't expect the asset to be in the
asset pipeline.

Since we don't use `asset_path` to reference assets in the public
folder, we can safely disable the `unknown_asset_fallback` option.
 2020-10-04 15:47:20 +02:00
Javi Martín
00dc58f8b3 Use Rails 5.1 defaults and overwrite them 
This way we know what we need to do to fully upgrade to Rails 5.1.
 2020-10-04 15:47:20 +02:00
Javi Martín
5442ca7c54 Remove redundant configuration option 
This option was added by Rails 4 new application generator. However, the
`assets.digest` option is set to true by default, and recent Rails
versions don't even add this option to the environment files.
 2020-10-04 15:47:20 +02:00
Javi Martín
32f06ea7d9 Keep belongs_to optional by default 
Changing it would mean reviewing and changing all our existing models,
and some of them might be tricky (like our Document and Image models,
which only validate certain associations in some cases), so we're
keeping it the way it's been until now.
 2020-10-04 15:47:20 +02:00
Javi Martín
b1c112952f Use Rails 5 default SSL options 
The default options (which apply when `force_ssl` is set, which is the
default in CONSUL) are `{ hsts: { subdomains: true } }`, which means we
tell browsers to apply our SSL settings to subdomains as well [1].
CONSUL installations implementing multitenancy with subdomains will
benefit from this change.

[1] https://api.rubyonrails.org/classes/ActionDispatch/SSL.html
 2020-10-04 15:47:20 +02:00
Javi Martín
0734e788bd Preserve timezone when calling to_time 
Quoting the Rails DateAndTime::Compatibility module:

> With Ruby 2.4+ the default for +to_time+ changed from
> converting to the local system time, to preserving the offset
> of the receiver. For backwards compatibility we're overriding
> this behavior

We don't need backwards compatibility in our application because we
aren't converting any time objects to the local system timezone but use
the application timezone all the time instead.
 2020-10-04 15:47:20 +02:00
Javi Martín
f1b38d20c1 Enable Origin header check in forgery protection 
This is the default in Rails 5 applications.

This option is not enabled by default in existing applications because
it would break applications running on several domains and doing POST
requests between them or running a reverse proxy that rewrites the Host
header. Since those aren't our cases, it's safe to enable it.
 2020-10-04 15:47:20 +02:00
Javi Martín
611d729080 Enable per form CSRF tokens 
This is the default for new Rails application, and adds an extra layer
of security since now the token will only be valid for its action, and
so attackers managing to change the form action will not do any harm
since the CSRF token will not work for the attackers' action.

Note that we've had InvalidAuthenticityToken exceptions for years; if we
keep getting them, chances are this change is *not* related.
 2020-10-04 15:47:20 +02:00
Javi Martín
53ddd046d9 Add "load_defaults" method and undo what it does 
The goal here is to have a notion on what the defaults are in a Rails 5
application, know why our application is working in a different way
(it's because these defaults aren't loaded in an application which was
originally developed using Rails 4), and have an explicit list of things
we are overwriting.

Furthermore, running the `app:update` rake task to upgrade to Rails 5.2
will by default add the line loading default options for Rails 5.0, so
by adopting those default options we prevent accidental mistakes when
upgrading.

We'll have to review these items and see which ones can be changed to
their default values for Rails 5 applications.
 2020-10-04 15:47:20 +02:00
Javi Martín
937638f281 Merge pull request #4176 from consul/dependabot/bundler/pg-1.2.3 
Bump pg from 0.21.0 to 1.0.0
 2020-10-04 15:38:55 +02:00
dependabot-preview[bot]
276703d35c Bump pg from 0.21.0 to 1.0.0 
Bumps [pg](https://github.com/ged/ruby-pg) from 0.21.0 to 1.0.0.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v0.21.0...v1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-04 15:21:06 +02:00
Javi Martín
0f0c44d377 Merge pull request #4089 from consul/dependabot/bundler/responders-3.0.1 
Bump responders from 2.4.1 to 3.0.1
 2020-10-04 15:01:06 +02:00
dependabot-preview[bot]
d29a62997c Bump responders from 2.4.1 to 3.0.1 
Bumps [responders](https://github.com/heartcombo/responders) from 2.4.1 to 3.0.1.
- [Release notes](https://github.com/heartcombo/responders/releases)
- [Changelog](https://github.com/heartcombo/responders/blob/master/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/responders/compare/v2.4.1...v3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-04 12:34:29 +00:00
Javi Martín
603527abed Merge pull request #4143 from consul/travis.com 
Update Travis badge to use travis-ci.com
 2020-10-02 19:50:54 +02:00
Javi Martín
afeb071d32 Merge pull request #4192 from consul/harmony 
Use Harmony mode in uglifier for ES2015+ support
 2020-10-02 19:13:43 +02:00
Javi Martín
4bb1b3a6c3 Use Harmony mode in uglifier for ES2015+ support 
Recent versions of graphql-rails updated React to a version which
requires this mode so it can be compiled on production.

So we enable this mode is described in the Uglifier README [2].

[1] https://github.com/lautis/uglifier/tree/v4.2.0#es6--es2015--harmony-mode
 2020-10-02 14:07:05 +02:00
Javi Martín
a8b892b6bf Merge pull request #4189 from consul/dependabot/bundler/graphql-1.11.5 
Bump graphql from 1.7.8 to 1.11.5
 2020-10-02 13:16:13 +02:00
dependabot-preview[bot]
996f28dfc7 Bump graphql from 1.7.8 to 1.11.5 
Bumps [graphql](https://github.com/rmosolgo/graphql-ruby) from 1.7.8 to 1.11.5.
- [Release notes](https://github.com/rmosolgo/graphql-ruby/releases)
- [Changelog](https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rmosolgo/graphql-ruby/compare/v1.7.8...v1.11.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-10-02 10:50:37 +00:00
Javi Martín
9071c9e3a3 Merge pull request #3288 from consul/dependabot/bundler/graphiql-rails-1.7.0 
Bump graphiql-rails from 1.4.8 to 1.7.0
 2020-10-02 12:48:47 +02:00
Javi Martín
8868df0635 Merge pull request #4167 from consul/dependabot/bundler/redcarpet-3.5.0 
Bump redcarpet from 3.4.0 to 3.5.0
 2020-09-29 15:16:51 +02:00
dependabot-preview[bot]
274950f526 Bump redcarpet from 3.4.0 to 3.5.0 
Bumps [redcarpet](https://github.com/vmg/redcarpet) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/vmg/redcarpet/releases)
- [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vmg/redcarpet/compare/v3.4.0...v3.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-29 12:04:05 +00:00
Javi Martín
dbb3185564 Merge pull request #4182 from consul/dependabot/bundler/rollbar-3.0.0 
Bump rollbar from 2.27.0 to 3.0.0
 2020-09-29 14:01:46 +02:00
Javi Martín
a2e1041424 Merge pull request #4164 from consul/dependabot/bundler/dalli-2.7.11 
Bump dalli from 2.7.6 to 2.7.10
 2020-09-29 13:30:22 +02:00
dependabot-preview[bot]
dccaadd992 Bump dalli from 2.7.6 to 2.7.10 
Bumps [dalli](https://github.com/petergoldstein/dalli) from 2.7.6 to 2.7.10.
- [Release notes](https://github.com/petergoldstein/dalli/releases)
- [Changelog](https://github.com/petergoldstein/dalli/blob/master/History.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v2.7.6...v2.7.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-29 13:07:45 +02:00
dependabot-preview[bot]
ecf1615577 Bump rollbar from 2.27.0 to 3.0.0 
Bumps [rollbar](https://github.com/rollbar/rollbar-gem) from 2.27.0 to 3.0.0.
- [Release notes](https://github.com/rollbar/rollbar-gem/releases)
- [Changelog](https://github.com/rollbar/rollbar-gem/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollbar/rollbar-gem/compare/v2.27.0...v3.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 21:36:35 +00:00
Javi Martín
4d9592878b Merge pull request #4184 from consul/dependabot/bundler/sitemap_generator-6.1.2 
Bump sitemap_generator from 6.0.2 to 6.1.2
 2020-09-28 23:34:21 +02:00
Javi Martín
bf2cbc5eae Merge pull request #4183 from consul/dependabot/bundler/webdrivers-4.4.1 
Bump webdrivers from 4.3.0 to 4.4.1
 2020-09-28 23:20:00 +02:00
dependabot-preview[bot]
c1d08cbd73 Bump sitemap_generator from 6.0.2 to 6.1.2 
Bumps [sitemap_generator](https://github.com/kjvarga/sitemap_generator) from 6.0.2 to 6.1.2.
- [Release notes](https://github.com/kjvarga/sitemap_generator/releases)
- [Changelog](https://github.com/kjvarga/sitemap_generator/blob/master/CHANGES.md)
- [Commits](https://github.com/kjvarga/sitemap_generator/compare/v6.0.2...v6.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 20:06:34 +00:00
dependabot-preview[bot]
1332e0b784 Bump webdrivers from 4.3.0 to 4.4.1 
Bumps [webdrivers](https://github.com/titusfortner/webdrivers) from 4.3.0 to 4.4.1.
- [Release notes](https://github.com/titusfortner/webdrivers/releases)
- [Changelog](https://github.com/titusfortner/webdrivers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/titusfortner/webdrivers/compare/v4.3.0...v4.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 20:05:45 +00:00
Javi Martín
68ee534b4f Merge pull request #4181 from consul/dependabot/bundler/rinku-2.0.6 
Bump rinku from 2.0.4 to 2.0.6
 2020-09-28 22:00:26 +02:00
Javi Martín
8b8816d420 Merge pull request #4178 from consul/dependabot/bundler/byebug-11.1.3 
Bump byebug from 11.1.1 to 11.1.3
 2020-09-28 21:53:54 +02:00
dependabot-preview[bot]
7e0f8411d8 Bump graphiql-rails from 1.4.8 to 1.7.0 
Bumps [graphiql-rails](https://github.com/rmosolgo/graphiql-rails) from 1.4.8 to 1.7.0.
- [Release notes](https://github.com/rmosolgo/graphiql-rails/releases)
- [Changelog](https://github.com/rmosolgo/graphiql-rails/blob/master/changelog.md)
- [Commits](https://github.com/rmosolgo/graphiql-rails/compare/v1.4.8...v1.7.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2020-09-28 19:50:06 +00:00
Javi Martín
d3e4f1a2d7 Merge pull request #4179 from consul/dependabot/bundler/github_changelog_generator-1.15.2 
Bump github_changelog_generator from 1.15.0 to 1.15.2
 2020-09-28 21:48:28 +02:00
dependabot-preview[bot]
92aadbaf69 Bump rinku from 2.0.4 to 2.0.6 
Bumps [rinku](https://github.com/vmg/rinku) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/vmg/rinku/releases)
- [Commits](https://github.com/vmg/rinku/compare/v2.0.4...v2.0.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:35:52 +00:00
dependabot-preview[bot]
74f680ac95 Bump github_changelog_generator from 1.15.0 to 1.15.2 
Bumps [github_changelog_generator](https://github.com/github-changelog-generator/Github-Changelog-Generator) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/github-changelog-generator/Github-Changelog-Generator/releases)
- [Changelog](https://github.com/github-changelog-generator/github-changelog-generator/blob/master/CHANGELOG.md)
- [Commits](https://github.com/github-changelog-generator/Github-Changelog-Generator/compare/v1.15.0...v1.15.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:34:20 +00:00
dependabot-preview[bot]
39fd26e203 Bump byebug from 11.1.1 to 11.1.3 
Bumps [byebug](https://github.com/deivid-rodriguez/byebug) from 11.1.1 to 11.1.3.
- [Release notes](https://github.com/deivid-rodriguez/byebug/releases)
- [Changelog](https://github.com/deivid-rodriguez/byebug/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deivid-rodriguez/byebug/compare/v11.1.1...v11.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 18:33:40 +00:00
Javi Martín
d1b0968f0f Merge pull request #4177 from consul/dependabot/bundler/invisible_captcha-1.1.0 
Bump invisible_captcha from 0.10.0 to 1.1.0
 2020-09-28 20:28:09 +02:00
Javi Martín
7e0d15e123 Merge pull request #4175 from consul/dependabot/bundler/uglifier-4.2.0 
Bump uglifier from 4.1.19 to 4.2.0
 2020-09-28 20:12:12 +02:00
dependabot-preview[bot]
671af856bd Bump invisible_captcha from 0.10.0 to 1.1.0 
Bumps [invisible_captcha](https://github.com/markets/invisible_captcha) from 0.10.0 to 1.1.0.
- [Release notes](https://github.com/markets/invisible_captcha/releases)
- [Changelog](https://github.com/markets/invisible_captcha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/markets/invisible_captcha/compare/v0.10.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 17:31:07 +00:00
Javi Martín
2d1865c79f Merge pull request #4162 from consul/dependabot/bundler/acts_as_votable-0.12.1 
Bump acts_as_votable from 0.11.1 to 0.12.1
 2020-09-28 19:26:10 +02:00
Javi Martín
47d12332c4 Merge pull request #4152 from consul/dependabot/bundler/spring-2.1.1 
Bump spring from 2.0.2 to 2.1.1
 2020-09-28 18:59:58 +02:00
dependabot-preview[bot]
d5c5f6cf78 Bump acts_as_votable from 0.11.1 to 0.12.1 
Bumps [acts_as_votable](https://github.com/ryanto/acts_as_votable) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/ryanto/acts_as_votable/releases)
- [Commits](https://github.com/ryanto/acts_as_votable/compare/v0.11.1...v0.12.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 16:58:33 +00:00
Javi Martín
c4f8efaa36 Merge pull request #4147 from consul/dependabot/bundler/ancestry-3.2.1 
Bump ancestry from 3.0.7 to 3.2.1
 2020-09-28 18:56:36 +02:00
dependabot-preview[bot]
de69b52a46 Bump spring from 2.0.2 to 2.1.1 
Bumps [spring](https://github.com/rails/spring) from 2.0.2 to 2.1.1.
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/spring/compare/v2.0.2...v2.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-09-28 16:26:58 +00:00