(security) updated sentry & web-console

CHANGELOG.md

@@ -6,6 +6,8 @@
 - Updated responders to 3.0
 - Updated devise to 4.9
 - Updated sassc to 2.3
+- Updated sentry to 5.8
+- Updated web-console to 4.2
 - Fix a bug: broken display after a plan category was deleted
 
 ## v5.9.1 2023 March 22

Gemfile

@@ -40,7 +40,7 @@ group :development do
   gem 'bullet'
   gem 'coveralls_reborn', '~> 0.18.0', require: false
   gem 'foreman'
-  gem 'web-console', '>= 3.3.0'
+  gem 'web-console', '>= 4.2.0'
   # Preview mail in the browser
   gem 'listen', '~> 3.0.5'
   gem 'overcommit'

Gemfile.lock

@@ -115,7 +115,7 @@ GEM
     cldr-plurals-runtime-rb (1.0.1)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     connection_pool (2.2.5)
     coveralls_reborn (0.18.0)
       simplecov (>= 0.18.1, < 0.20.0)
@@ -161,7 +161,7 @@ GEM
       faraday
       multi_json
     equalizer (0.0.11)
-    erubi (1.10.0)
+    erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
     faker (2.10.2)
@@ -238,7 +238,7 @@ GEM
       rake
     mini_magick (4.10.1)
     mini_mime (1.1.2)
-    minitest (5.17.0)
+    minitest (5.18.0)
     minitest-reporters (1.4.2)
       ansi
       builder
@@ -333,7 +333,7 @@ GEM
       rack (>= 2.1.0)
     rack-proxy (0.7.6)
       rack
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
     railroady (1.5.3)
     rails (6.1.7.2)
@@ -354,7 +354,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
+    rails-html-sanitizer (1.5.0)
       loofah (~> 2.19, >= 2.19.1)
     railties (6.1.7.2)
       actionpack (= 6.1.7.2)
@@ -415,10 +415,10 @@ GEM
       activerecord (>= 4)
       activesupport (>= 4)
     semantic_range (3.0.0)
-    sentry-rails (5.7.0)
+    sentry-rails (5.8.0)
       railties (>= 5.0)
-      sentry-ruby (~> 5.7.0)
-    sentry-ruby (5.7.0)
+      sentry-ruby (~> 5.8.0)
+    sentry-ruby (5.8.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
     sha3 (1.0.5)
     shakapacker (6.5.5)
@@ -498,11 +498,11 @@ GEM
       equalizer (~> 0.0, >= 0.0.9)
     warden (1.2.9)
       rack (>= 2.0.9)
-    web-console (3.7.0)
-      actionview (>= 5.0)
-      activemodel (>= 5.0)
+    web-console (4.2.0)
+      actionview (>= 6.0.0)
+      activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
-      railties (>= 5.0)
+      railties (>= 6.0.0)
     webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
@@ -599,7 +599,7 @@ DEPENDENCIES
   sys-filesystem
   tzinfo-data
   vcr (~> 6.1.0)
-  web-console (>= 3.3.0)
+  web-console (>= 4.2.0)
   webmock
 
 BUNDLED WITH

config/application.rb

@@ -53,12 +53,6 @@ class FabManager::Application < Rails::Application
     g.test_framework :mini_test
   end
 
-  if Rails.env.development?
-    config.web_console.whitelisted_ips << '192.168.0.0/16'
-    config.web_console.whitelisted_ips << '192.168.99.0/16' # docker
-    config.web_console.whitelisted_ips << '10.0.2.2' # vagrant
-  end
-
   # load locales for subdirectories
   config.i18n.load_path += Dir[Rails.root.join('config/locales/**/*.yml').to_s]
 

config/environments/development.rb

@@ -12,6 +12,9 @@ Rails.application.configure do
     Bullet.add_footer    = true
   end
 
+  # whitelist IP for web-console: local network, docker and vagrant
+  config.web_console.permissions = %w[192.168.0.0/16 192.168.99.0/16 10.0.2.2]
+
   # Settings specified here will take precedence over those in config/application.rb.
 
   # In the development environment your application's code is reloaded on

lib/tasks/fablab/chain.rake

@@ -6,7 +6,7 @@ namespace :fablab do
     task :all, [:force] => :environment do |_task, args|
       if Invoice.where.not(footprint: nil).count.positive? && args.force != 'force'
         print 'All footprints will be regenerated. Are you sure? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_invoices
@@ -17,12 +17,11 @@ namespace :fablab do
       chain_payment_schedules_objects if ActiveRecord::Base.connection.table_exists? PaymentScheduleObject.arel_table
     end
 
-
     desc 'assign all footprints to existing Invoice records'
     task invoices: :environment do
       if Invoice.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_invoices
@@ -32,10 +31,10 @@ namespace :fablab do
       if AccountingPeriod.count.positive?
         last_period = AccountingPeriod.order(start_at: :desc).first
         puts "Regenerating from #{last_period.end_at}..."
-        Invoice.where('created_at > ?', last_period.end_at).order(:id).each(&:chain_record)
+        Invoice.where('created_at > ?', last_period.end_at).order(:id).find_each(&:chain_record)
       else
         puts '(Re)generating all footprint...'
-        Invoice.order(:id).all.each(&:chain_record)
+        Invoice.order(:id).find_each(&:chain_record)
       end
     end
 
@@ -43,7 +42,7 @@ namespace :fablab do
     task invoices_items: :environment do
       if InvoiceItem.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_invoice_items
@@ -53,10 +52,10 @@ namespace :fablab do
       if AccountingPeriod.count.positive?
         last_period = AccountingPeriod.order(start_at: :desc).first
         puts "Regenerating from #{last_period.end_at}..."
-        InvoiceItem.where('created_at > ?', last_period.end_at).order(:id).each(&:chain_record)
+        InvoiceItem.where('created_at > ?', last_period.end_at).order(:id).find_each(&:chain_record)
       else
         puts '(Re)generating all footprint...'
-        InvoiceItem.order(:id).all.each(&:chain_record)
+        InvoiceItem.order(:id).find_each(&:chain_record)
       end
     end
 
@@ -64,21 +63,21 @@ namespace :fablab do
     task history_values: :environment do
       if HistoryValue.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_history_values
     end
 
     def chain_history_values
-      HistoryValue.order(:created_at).all.each(&:chain_record)
+      HistoryValue.order(:created_at).find_each(&:chain_record)
     end
 
     desc 'assign all footprints to existing PaymentSchedule records'
     task payment_schedule: :environment do
       if PaymentSchedule.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_payment_schedules
@@ -88,10 +87,10 @@ namespace :fablab do
       if AccountingPeriod.count.positive?
         last_period = AccountingPeriod.order(start_at: :desc).first
         puts "Regenerating from #{last_period.end_at}..."
-        PaymentSchedule.where('created_at > ?', last_period.end_at).order(:id).each(&:chain_record)
+        PaymentSchedule.where('created_at > ?', last_period.end_at).order(:id).find_each(&:chain_record)
       else
         puts '(Re)generating all footprint...'
-        PaymentSchedule.order(:id).all.each(&:chain_record)
+        PaymentSchedule.order(:id).find_each(&:chain_record)
       end
     end
 
@@ -99,7 +98,7 @@ namespace :fablab do
     task payment_schedule_item: :environment do
       if PaymentScheduleItem.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_payment_schedules_items
@@ -109,10 +108,10 @@ namespace :fablab do
       if AccountingPeriod.count.positive?
         last_period = AccountingPeriod.order(start_at: :desc).first
         puts "Regenerating from #{last_period.end_at}..."
-        PaymentScheduleItem.where('created_at > ?', last_period.end_at).order(:id).each(&:chain_record)
+        PaymentScheduleItem.where('created_at > ?', last_period.end_at).order(:id).find_each(&:chain_record)
       else
         puts '(Re)generating all footprint...'
-        PaymentScheduleItem.order(:id).all.each(&:chain_record)
+        PaymentScheduleItem.order(:id).find_each(&:chain_record)
       end
     end
 
@@ -120,7 +119,7 @@ namespace :fablab do
     task payment_schedule_object: :environment do
       if PaymentScheduleObject.where.not(footprint: nil).count.positive?
         print 'WARNING: Footprints were already generated. Regenerate? (y/n) '
-        confirm = STDIN.gets.chomp
+        confirm = $stdin.gets.chomp
         next unless confirm == 'y'
       end
       chain_payment_schedules_objects
@@ -130,10 +129,10 @@ namespace :fablab do
       if AccountingPeriod.count.positive?
         last_period = AccountingPeriod.order(start_at: :desc).first
         puts "Regenerating from #{last_period.end_at}..."
-        PaymentScheduleObject.where('created_at > ?', last_period.end_at).order(:id).each(&:chain_record)
+        PaymentScheduleObject.where('created_at > ?', last_period.end_at).order(:id).find_each(&:chain_record)
       else
         puts '(Re)generating all footprint...'
-        PaymentScheduleObject.order(:id).all.each(&:chain_record)
+        PaymentScheduleObject.order(:id).find_each(&:chain_record)
       end
     end
   end