From 05ae908d3f4ee329e2497d56360d21be8b24ad4f Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2019 14:45:42 +0900 Subject: [Security] Bump brakeman from 4.6.1 to 4.7.1 (#12329) Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.6.1 to 4.7.1. **This update includes a security fix.** - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/master/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v4.6.1...v4.7.1) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index a7faa5161..b2759e76f 100644 --- a/Gemfile +++ b/Gemfile @@ -136,7 +136,7 @@ group :development do gem 'memory_profiler' gem 'rubocop', '~> 0.75', require: false gem 'rubocop-rails', '~> 2.3', require: false - gem 'brakeman', '~> 4.6', require: false + gem 'brakeman', '~> 4.7', require: false gem 'bundler-audit', '~> 0.6', require: false gem 'capistrano', '~> 3.11' -- cgit From c6960938dd9f92ca793683d1662bea3a28e51de5 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2019 22:05:16 +0900 Subject: Bump fuubar from 2.4.1 to 2.5.0 (#12356) Bumps [fuubar](https://github.com/thekompanee/fuubar) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/thekompanee/fuubar/releases) - [Changelog](https://github.com/thekompanee/fuubar/blob/master/CHANGELOG.md) - [Commits](https://github.com/thekompanee/fuubar/compare/releases/v2.4.1...releases/v2.5.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index b2759e76f..535184d46 100644 --- a/Gemfile +++ b/Gemfile @@ -102,7 +102,7 @@ gem 'rdf-normalize', '~> 0.3' group :development, :test do gem 'fabrication', '~> 2.20' - gem 'fuubar', '~> 2.4' + gem 'fuubar', '~> 2.5' gem 'i18n-tasks', '~> 0.9', require: false gem 'pry-byebug', '~> 3.7' gem 'pry-rails', '~> 0.3' diff --git a/Gemfile.lock b/Gemfile.lock index 6c60ddca3..d373349e9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -263,7 +263,7 @@ GEM fugit (1.1.6) et-orbi (~> 1.1, >= 1.1.6) raabro (~> 1.1) - fuubar (2.4.1) + fuubar (2.5.0) rspec-core (~> 3.0) ruby-progressbar (~> 1.4) get_process_mem (0.2.4) @@ -714,7 +714,7 @@ DEPENDENCIES fastimage fog-core (<= 2.1.0) fog-openstack (~> 0.3) - fuubar (~> 2.4) + fuubar (~> 2.5) goldfinger (~> 2.1) hamlit-rails (~> 0.2) health_check! -- cgit From e3111311766938de09daf7fbb4868acaabf13fa2 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2019 22:34:48 +0900 Subject: Bump stoplight from 2.1.3 to 2.2.0 (#12360) Bumps [stoplight](https://github.com/orgsync/stoplight) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/orgsync/stoplight/releases) - [Changelog](https://github.com/orgsync/stoplight/blob/master/CHANGELOG.md) - [Commits](https://github.com/orgsync/stoplight/compare/v2.1.3...v2.2.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index 535184d46..56ff483b9 100644 --- a/Gemfile +++ b/Gemfile @@ -87,7 +87,7 @@ gem 'sidekiq-bulk', '~>0.2.0' gem 'simple-navigation', '~> 4.1' gem 'simple_form', '~> 5.0' gem 'sprockets-rails', '~> 3.2', require: 'sprockets/railtie' -gem 'stoplight', '~> 2.1.3' +gem 'stoplight', '~> 2.2.0' gem 'strong_migrations', '~> 0.4' gem 'tty-command', '~> 0.9', require: false gem 'tty-prompt', '~> 0.19', require: false diff --git a/Gemfile.lock b/Gemfile.lock index d373349e9..8ed784e05 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -616,7 +616,7 @@ GEM net-ssh (>= 2.8.0) stackprof (0.2.13) statsd-ruby (1.4.0) - stoplight (2.1.3) + stoplight (2.2.0) streamio-ffmpeg (3.0.2) multi_json (~> 1.8) strong_migrations (0.4.2) @@ -790,7 +790,7 @@ DEPENDENCIES simplecov (~> 0.17) sprockets-rails (~> 3.2) stackprof - stoplight (~> 2.1.3) + stoplight (~> 2.2.0) streamio-ffmpeg (~> 3.0) strong_migrations (~> 0.4) thor (~> 0.20) -- cgit From 6fa2f3eba3cd212c4b4ddc4cf63bf94e0d224287 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2019 22:38:07 +0900 Subject: Bump faker from 2.6.0 to 2.7.0 (#12354) Bumps [faker](https://github.com/faker-ruby/faker) from 2.6.0 to 2.7.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.6.0...v2.7.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index 56ff483b9..c9cb74b77 100644 --- a/Gemfile +++ b/Gemfile @@ -116,7 +116,7 @@ end group :test do gem 'capybara', '~> 3.29' gem 'climate_control', '~> 0.2' - gem 'faker', '~> 2.6' + gem 'faker', '~> 2.7' gem 'microformats', '~> 4.1' gem 'rails-controller-testing', '~> 1.0' gem 'rspec-sidekiq', '~> 3.0' diff --git a/Gemfile.lock b/Gemfile.lock index d1f38d0a8..4982fcd82 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -240,7 +240,7 @@ GEM tzinfo excon (0.62.0) fabrication (2.20.2) - faker (2.6.0) + faker (2.7.0) i18n (>= 1.6, < 1.8) faraday (0.15.4) multipart-post (>= 1.2, < 3) @@ -709,7 +709,7 @@ DEPENDENCIES doorkeeper (~> 5.2) dotenv-rails (~> 2.7) fabrication (~> 2.20) - faker (~> 2.6) + faker (~> 2.7) fast_blank (~> 1.0) fastimage fog-core (<= 2.1.0) -- cgit From b0c4eb28e0f7f4c51c49982e7b8467afa944ab3a Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2019 22:42:50 +0900 Subject: Bump rubocop from 0.75.1 to 0.76.0 (#12355) Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.75.1 to 0.76.0. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.75.1...v0.76.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index c9cb74b77..01dc4866e 100644 --- a/Gemfile +++ b/Gemfile @@ -134,7 +134,7 @@ group :development do gem 'letter_opener', '~> 1.7' gem 'letter_opener_web', '~> 1.3' gem 'memory_profiler' - gem 'rubocop', '~> 0.75', require: false + gem 'rubocop', '~> 0.76', require: false gem 'rubocop-rails', '~> 2.3', require: false gem 'brakeman', '~> 4.7', require: false gem 'bundler-audit', '~> 0.6', require: false diff --git a/Gemfile.lock b/Gemfile.lock index 4982fcd82..114b1ee05 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -320,7 +320,7 @@ GEM idn-ruby (0.1.0) ipaddress (0.8.3) iso-639 (0.2.8) - jaro_winkler (1.5.3) + jaro_winkler (1.5.4) jmespath (1.4.0) json (2.2.0) json-canonicalization (0.1.0) @@ -557,7 +557,7 @@ GEM rspec-core (~> 3.0, >= 3.0.0) sidekiq (>= 2.4.0) rspec-support (3.9.0) - rubocop (0.75.1) + rubocop (0.76.0) jaro_winkler (~> 1.5.1) parallel (~> 1.10) parser (>= 2.6) @@ -777,7 +777,7 @@ DEPENDENCIES rqrcode (~> 0.10) rspec-rails (~> 3.9) rspec-sidekiq (~> 3.0) - rubocop (~> 0.75) + rubocop (~> 0.76) rubocop-rails (~> 2.3) ruby-progressbar (~> 1.10) sanitize (~> 5.1) -- cgit From a3a109d12c9f00b76eb12cd5e47382342bb36db4 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2019 22:43:43 +0900 Subject: Bump parallel from 1.17.0 to 1.18.0 (#12358) Bumps [parallel](https://github.com/grosser/parallel) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/grosser/parallel/releases) - [Commits](https://github.com/grosser/parallel/compare/v1.17.0...v1.18.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index 01dc4866e..329084142 100644 --- a/Gemfile +++ b/Gemfile @@ -67,7 +67,7 @@ gem 'oj', '~> 3.9' gem 'ostatus2', '~> 2.0' gem 'ox', '~> 2.11' gem 'parslet' -gem 'parallel', '~> 1.17' +gem 'parallel', '~> 1.18' gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c' gem 'pundit', '~> 2.1' gem 'premailer-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 114b1ee05..ceb903f60 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -423,7 +423,7 @@ GEM paperclip-av-transcoder (0.6.4) av (~> 0.9.0) paperclip (>= 2.5.2) - parallel (1.17.0) + parallel (1.18.0) parallel_tests (2.29.2) parallel parser (2.6.5.0) @@ -751,7 +751,7 @@ DEPENDENCIES ox (~> 2.11) paperclip (~> 6.0) paperclip-av-transcoder (~> 0.6) - parallel (~> 1.17) + parallel (~> 1.18) parallel_tests (~> 2.29) parslet pg (~> 1.1) -- cgit From f2362f642a76d9ba611258f375741af4e289d59b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2019 22:26:08 +0900 Subject: Bump rack-attack from 6.1.0 to 6.2.1 (#12421) Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 6.1.0 to 6.2.1. - [Release notes](https://github.com/kickstarter/rack-attack/releases) - [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md) - [Commits](https://github.com/kickstarter/rack-attack/compare/v6.1.0...v6.2.1) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index 329084142..cd366ffca 100644 --- a/Gemfile +++ b/Gemfile @@ -71,7 +71,7 @@ gem 'parallel', '~> 1.18' gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c' gem 'pundit', '~> 2.1' gem 'premailer-rails' -gem 'rack-attack', '~> 6.1' +gem 'rack-attack', '~> 6.2' gem 'rack-cors', '~> 1.0', require: 'rack/cors' gem 'rails-i18n', '~> 5.1' gem 'rails-settings-cached', '~> 0.6' diff --git a/Gemfile.lock b/Gemfile.lock index 1675dcce2..46010962f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -459,7 +459,7 @@ GEM activesupport (>= 3.0.0) raabro (1.1.6) rack (2.0.7) - rack-attack (6.1.0) + rack-attack (6.2.1) rack (>= 1.0, < 3) rack-cors (1.0.6) rack (>= 1.6.0) @@ -765,7 +765,7 @@ DEPENDENCIES pry-rails (~> 0.3) puma (~> 4.2) pundit (~> 2.1) - rack-attack (~> 6.1) + rack-attack (~> 6.2) rack-cors (~> 1.0) rails (~> 5.2.3) rails-controller-testing (~> 1.0) -- cgit From 4e992e4ea8cefcf8073513ff6b7f6d84224f6b72 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2019 22:40:16 +0900 Subject: Bump aws-sdk-s3 from 1.52.0 to 1.55.0 (#12419) Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.52.0 to 1.55.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.52.0...v1.55.0) Signed-off-by: dependabot-preview[bot] --- Gemfile | 2 +- Gemfile.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'Gemfile') diff --git a/Gemfile b/Gemfile index cd366ffca..158e8d236 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'makara', '~> 0.4' gem 'pghero', '~> 2.3' gem 'dotenv-rails', '~> 2.7' -gem 'aws-sdk-s3', '~> 1.52', require: false +gem 'aws-sdk-s3', '~> 1.55', require: false gem 'fog-core', '<= 2.1.0' gem 'fog-openstack', '~> 0.3', require: false gem 'paperclip', '~> 6.0' diff --git a/Gemfile.lock b/Gemfile.lock index 7886611e5..ac9c0e906 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -105,17 +105,17 @@ GEM av (0.9.0) cocaine (~> 0.5.3) aws-eventstream (1.0.3) - aws-partitions (1.230.0) - aws-sdk-core (3.72.0) + aws-partitions (1.240.0) + aws-sdk-core (3.78.0) aws-eventstream (~> 1.0, >= 1.0.2) - aws-partitions (~> 1, >= 1.228.0) + aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) aws-sdk-kms (1.25.0) aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.52.0) - aws-sdk-core (~> 3, >= 3.71.0) + aws-sdk-s3 (1.55.0) + aws-sdk-core (~> 3, >= 3.77.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) aws-sigv4 (1.1.0) @@ -682,7 +682,7 @@ DEPENDENCIES active_record_query_trace (~> 1.7) addressable (~> 2.7) annotate (~> 3.0) - aws-sdk-s3 (~> 1.52) + aws-sdk-s3 (~> 1.55) better_errors (~> 2.5) binding_of_caller (~> 0.7) blurhash (~> 0.1) -- cgit From 5605b828e5149bd3a5161eb8d536ad51094afe64 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2019 17:56:11 +0100 Subject: Bump webpacker from 4.0.7 to 4.2.0 (#12416) * Bump webpacker from 4.0.7 to 4.2.0 Bumps [webpacker](https://github.com/rails/webpacker) from 4.0.7 to 4.2.0. - [Release notes](https://github.com/rails/webpacker/releases) - [Changelog](https://github.com/rails/webpacker/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/webpacker/compare/v4.0.7...v4.2.0) Signed-off-by: dependabot-preview[bot] * Use NODE_ENV=tests instead of test, to work around async modules not having a chunk --- .env.test | 2 +- Gemfile | 2 +- Gemfile.lock | 4 ++-- config/webpack/test.js | 8 -------- config/webpack/tests.js | 8 ++++++++ 5 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 config/webpack/test.js create mode 100644 config/webpack/tests.js (limited to 'Gemfile') diff --git a/.env.test b/.env.test index fa4e1d91f..761d0d921 100644 --- a/.env.test +++ b/.env.test @@ -1,5 +1,5 @@ # Node.js -NODE_ENV=test +NODE_ENV=tests # Federation LOCAL_DOMAIN=cb6e6126.ngrok.io LOCAL_HTTPS=true diff --git a/Gemfile b/Gemfile index 158e8d236..0bdc86323 100644 --- a/Gemfile +++ b/Gemfile @@ -93,7 +93,7 @@ gem 'tty-command', '~> 0.9', require: false gem 'tty-prompt', '~> 0.19', require: false gem 'twitter-text', '~> 1.14' gem 'tzinfo-data', '~> 1.2019' -gem 'webpacker', '~> 4.0' +gem 'webpacker', '~> 4.2' gem 'webpush' gem 'json-ld', git: 'https://github.com/ruby-rdf/json-ld.git', ref: 'e742697a0906e74e8bb777ef98137bc3955d981d' diff --git a/Gemfile.lock b/Gemfile.lock index ac9c0e906..401de21f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -660,7 +660,7 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - webpacker (4.0.7) + webpacker (4.2.0) activesupport (>= 4.2) rack-proxy (>= 0.6.1) railties (>= 4.2) @@ -800,7 +800,7 @@ DEPENDENCIES twitter-text (~> 1.14) tzinfo-data (~> 1.2019) webmock (~> 3.7) - webpacker (~> 4.0) + webpacker (~> 4.2) webpush RUBY VERSION diff --git a/config/webpack/test.js b/config/webpack/test.js deleted file mode 100644 index 8b56eb92f..000000000 --- a/config/webpack/test.js +++ /dev/null @@ -1,8 +0,0 @@ -// Note: You must restart bin/webpack-dev-server for changes to take effect - -const merge = require('webpack-merge'); -const sharedConfig = require('./shared.js'); - -module.exports = merge(sharedConfig, { - mode: 'development', -}); diff --git a/config/webpack/tests.js b/config/webpack/tests.js new file mode 100644 index 000000000..8b56eb92f --- /dev/null +++ b/config/webpack/tests.js @@ -0,0 +1,8 @@ +// Note: You must restart bin/webpack-dev-server for changes to take effect + +const merge = require('webpack-merge'); +const sharedConfig = require('./shared.js'); + +module.exports = merge(sharedConfig, { + mode: 'development', +}); -- cgit