From 4c4ae7e8a0bb1d979f4d53682eda8bdaf485261b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jan 2022 14:47:49 +0000 Subject: [PATCH 01/20] Bump sidekiq from 6.2.1 to 6.4.0 Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.1 to 6.4.0. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.2.1...v6.4.0) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ee7be9a7c..571dbe62e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -321,7 +321,7 @@ GEM recurrence (1.3.0) activesupport i18n - redis (4.4.0) + redis (4.5.1) repost (0.3.2) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) @@ -351,7 +351,7 @@ GEM activesupport (>= 4) semantic_range (2.3.0) sha3 (1.0.1) - sidekiq (6.2.1) + sidekiq (6.4.0) connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) From c679123dc17a55b82702ddc48cc182886a016d4e Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 8 Feb 2022 12:01:55 +0100 Subject: [PATCH 02/20] Version 5.3.3 --- CHANGELOG.md | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87532c77b..15acbf479 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # Changelog Fab-manager +- Updated german translations - Fix a bug: unable to rebuild the statistics - [TODO DEPLOY] `rails fablab:maintenance:regenerate_statistics[2020,04]` - Fix a bug/regresion: $sce.getTrustedHtml removes all dangerous html like iframe (youtube players, ect), replaced by $sce.trustAsHtml which trusts the content, it creates a security breach but all contents are created by users to we trust them diff --git a/package.json b/package.json index b3722472b..414945d44 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fab-manager", - "version": "5.3.2", + "version": "5.3.3", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "keywords": [ "fablab", From 3458e0a60e9767ac355406646a85f7fe8b520028 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Feb 2022 22:03:16 +0000 Subject: [PATCH 03/20] Bump puma from 4.3.9 to 4.3.11 Bumps [puma](https://github.com/puma/puma) from 4.3.9 to 4.3.11. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v4.3.9...v4.3.11) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index cfb4267e9..a4414445a 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem 'rails', '~> 5.2.4' # Used by rails 5.2 to reduce the app boot time by over 50% gem 'bootsnap' # Use Puma as web server -gem 'puma', '4.3.9' +gem 'puma', '4.3.11' gem 'webpacker', '~> 5.x' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder diff --git a/Gemfile.lock b/Gemfile.lock index ee7be9a7c..67a24c7e4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -269,7 +269,7 @@ GEM prawn-table (0.2.2) prawn (>= 1.3.0, < 3.0.0) public_suffix (4.0.6) - puma (4.3.9) + puma (4.3.11) nio4r (~> 2.0) pundit (2.1.0) activesupport (>= 3.0.0) @@ -475,7 +475,7 @@ DEPENDENCIES pg_search prawn prawn-table - puma (= 4.3.9) + puma (= 4.3.11) pundit railroady rails (~> 5.2.4) From a73a69db3aa92643c6a90f1486ebf7df461a03c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 13 Feb 2022 20:37:08 +0000 Subject: [PATCH 04/20] Bump follow-redirects from 1.14.7 to 1.14.8 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 047f00494..46be3b602 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4243,9 +4243,9 @@ flush-write-stream@^1.0.0: readable-stream "^2.3.6" follow-redirects@^1.0.0, follow-redirects@^1.14.0: - version "1.14.7" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685" - integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ== + version "1.14.8" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc" + integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA== for-in@^1.0.2: version "1.0.2" From 9d34ffedb316a2b01054c80014c675eae9d1b692 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Feb 2022 10:29:48 +0000 Subject: [PATCH 05/20] Bump url-parse from 1.5.3 to 1.5.10 Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.3 to 1.5.10. - [Release notes](https://github.com/unshiftio/url-parse/releases) - [Commits](https://github.com/unshiftio/url-parse/compare/1.5.3...1.5.10) --- updated-dependencies: - dependency-name: url-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 047f00494..52a761b1f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8832,9 +8832,9 @@ urix@^0.1.0: integrity sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI= url-parse@^1.4.3, url-parse@^1.5.1: - version "1.5.3" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.3.tgz#71c1303d38fb6639ade183c2992c8cc0686df862" - integrity sha512-IIORyIQD9rvj0A4CLWsHkBBJuNqWpFQe224b6j9t/ABmquIS0qDU2pY6kl6AuOrL5OkCXHMCFNe1jBcuAggjvQ== + version "1.5.10" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1" + integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ== dependencies: querystringify "^2.1.1" requires-port "^1.0.0" From 5eff4e4f41f3c8d88ab145b4cecb198dc2ee514f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Mar 2022 23:31:46 +0000 Subject: [PATCH 06/20] Bump image_processing from 1.12.1 to 1.12.2 Bumps [image_processing](https://github.com/janko/image_processing) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/janko/image_processing/releases) - [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md) - [Commits](https://github.com/janko/image_processing/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: image_processing dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ee7be9a7c..b3ff80a8d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -143,7 +143,7 @@ GEM i18n (>= 1.6, < 2) faraday (0.17.3) multipart-post (>= 1.2, < 3) - ffi (1.15.4) + ffi (1.15.5) foreman (0.87.0) forgery (0.7.0) friendly_id (5.1.0) @@ -166,7 +166,7 @@ GEM ice_cube (~> 0.16) ice_cube (0.16.3) ice_nine (0.11.2) - image_processing (1.12.1) + image_processing (1.12.2) mini_magick (>= 4.9.5, < 5) ruby-vips (>= 2.0.17, < 3) jaro_winkler (1.5.4) @@ -337,8 +337,8 @@ GEM unicode-display_width (~> 1.4.0) ruby-progressbar (1.10.1) ruby-rc4 (0.1.5) - ruby-vips (2.0.17) - ffi (~> 1.9) + ruby-vips (2.1.4) + ffi (~> 1.12) rubyXL (3.4.14) nokogiri (>= 1.10.8) rubyzip (>= 1.3.0) From 7aea87c276d3b125e5bd8bc401d74f1fb9720c11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Mar 2022 17:05:04 +0000 Subject: [PATCH 07/20] Bump nokogiri from 1.12.5 to 1.13.3 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.3. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.3) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5bff0bd6d..da4f14345 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -210,7 +210,7 @@ GEM rake mini_magick (4.10.1) mini_mime (1.1.0) - mini_portile2 (2.6.1) + mini_portile2 (2.8.0) minitest (5.14.4) minitest-reporters (1.4.2) ansi @@ -222,8 +222,8 @@ GEM multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.8) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.13.3) + mini_portile2 (~> 2.8.0) racc (~> 1.4) notify_with (0.0.2) jbuilder (~> 2.0) @@ -274,7 +274,7 @@ GEM pundit (2.1.0) activesupport (>= 3.0.0) raabro (1.1.6) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-proxy (0.6.5) rack From 49dd0d2daba658a33595bd97339e5c9bd020feaa Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 8 Mar 2022 15:48:06 +0100 Subject: [PATCH 08/20] (bug) a sentence was not linked to a translation key --- CHANGELOG.md | 2 ++ app/frontend/templates/projects/index.html | 2 +- config/locales/app.public.en.yml | 1 + .../20220225143203_drop_table_open_api_calls_count_tracings.rb | 3 +++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce42bfee1..3e2953702 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog Fab-manager +- Fix a bug: a sentence was not linked to a translation key + ## v5.3.5 2022 March 02 - Added [an option](doc/environment.md#OPENLAB_SSL_VERIFY) to allow set verify ssl option for OpenLab diff --git a/app/frontend/templates/projects/index.html b/app/frontend/templates/projects/index.html index d9d88b243..953dd0c34 100644 --- a/app/frontend/templates/projects/index.html +++ b/app/frontend/templates/projects/index.html @@ -42,7 +42,7 @@
- +
diff --git a/config/locales/app.public.en.yml b/config/locales/app.public.en.yml index 22482bae2..b6fc12eab 100644 --- a/config/locales/app.public.en.yml +++ b/config/locales/app.public.en.yml @@ -165,6 +165,7 @@ en: openlab_search_not_available_at_the_moment: "Search over the whole network is not available at the moment. You still can search over the projects of this platform." project_search_result_is_empty: "Sorry, we found no results matching your search criteria." reset_all_filters: "Reset all filters" + keywords: "Keywords" search: "Search" all_projects: "All projects" my_projects: "My projects" diff --git a/db/migrate/20220225143203_drop_table_open_api_calls_count_tracings.rb b/db/migrate/20220225143203_drop_table_open_api_calls_count_tracings.rb index 444074bce..9c73380e6 100644 --- a/db/migrate/20220225143203_drop_table_open_api_calls_count_tracings.rb +++ b/db/migrate/20220225143203_drop_table_open_api_calls_count_tracings.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +# OpenApiCallsCountTracings was an unused table probably from a wrong copy/paste. We removed this dead code. class DropTableOpenAPICallsCountTracings < ActiveRecord::Migration[5.2] def up drop_table :open_api_calls_count_tracings From cae79b5d5b44ad15ed0d884c20755a9e19b87966 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 8 Mar 2022 15:53:28 +0100 Subject: [PATCH 09/20] updated environment documentation --- CHANGELOG.md | 1 + doc/environment.md | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e2953702..51aed2b3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog Fab-manager - Fix a bug: a sentence was not linked to a translation key +- Updated environment documentation ## v5.3.5 2022 March 02 diff --git a/doc/environment.md b/doc/environment.md index 33bdf5030..d1dc87088 100644 --- a/doc/environment.md +++ b/doc/environment.md @@ -278,13 +278,16 @@ Set this variable to `https://openprojects.fab-manager.com` if you want to use t Typically, `DEFAULT_PROTOCOL` will be `https` (`http` if you are in development, or if you set `ALLOW_INSECURE_HTTP`). The variable `DEFAULT_HOST` should be your domain name (eg. fabmanager.example.com), and is also used for visits statistics (configuration of Google Analytics). These two variables are also used for SSO authentication. - - OPENLAB_SSL_VERIFY, OPENLAB_SSL_VERIFY_PEER + OPENLAB_SSL_VERIFY -Set this variable to `false` if you want to disable verify ssl certs. +Set this variable to `false` if you do not want to verify the OpenLab's server's certificate against the CA certificate. + + OPENLAB_SSL_VERIFY_PEER + +Set this variable to `false` if you want to turn off the OpenLab's server's verification but still send client certificate. ## Other settings From 794e1b8269d78282ec99769cd8cac4cbad4ed004 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 09:43:43 +0100 Subject: [PATCH 10/20] updated changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 51aed2b3f..c52312d90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,8 @@ # Changelog Fab-manager -- Fix a bug: a sentence was not linked to a translation key - Updated environment documentation +- Fix a bug: a sentence was not linked to a translation key +- Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) ## v5.3.5 2022 March 02 From 8ae4fbc6dc3ab60b83a993c30228cf59e675dc42 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 09:49:14 +0100 Subject: [PATCH 11/20] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c52312d90..9e42c58f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ - Updated environment documentation - Fix a bug: a sentence was not linked to a translation key - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) +- Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) ## v5.3.5 2022 March 02 From 2abc0eb3dbcc105051ced01cfa7f25b07635d09a Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 09:52:46 +0100 Subject: [PATCH 12/20] (security) updated rails --- CHANGELOG.md | 1 + Gemfile.lock | 110 +++++++++++++++++++++++++-------------------------- 2 files changed, 56 insertions(+), 55 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e42c58f4..8a08021dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fix a bug: a sentence was not linked to a translation key - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) +- Fix a security issue: updated rails to 5.2.6.3 to fix [CVE-2022-21831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831), [CVE-2022-23633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633) ## v5.3.5 2022 March 02 diff --git a/Gemfile.lock b/Gemfile.lock index 886138fe3..14f2311f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,46 +4,46 @@ GEM Ascii85 (1.0.3) aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (5.2.6) - actionpack (= 5.2.6) + actioncable (5.2.6.3) + actionpack (= 5.2.6.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.6) - actionpack (= 5.2.6) - actionview (= 5.2.6) - activejob (= 5.2.6) + actionmailer (5.2.6.3) + actionpack (= 5.2.6.3) + actionview (= 5.2.6.3) + activejob (= 5.2.6.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.6) - actionview (= 5.2.6) - activesupport (= 5.2.6) + actionpack (5.2.6.3) + actionview (= 5.2.6.3) + activesupport (= 5.2.6.3) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) actionpack-page_caching (1.2.2) actionpack (>= 5.0.0) - actionview (5.2.6) - activesupport (= 5.2.6) + actionview (5.2.6.3) + activesupport (= 5.2.6.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) active_record_query_trace (1.7) - activejob (5.2.6) - activesupport (= 5.2.6) + activejob (5.2.6.3) + activesupport (= 5.2.6.3) globalid (>= 0.3.6) - activemodel (5.2.6) - activesupport (= 5.2.6) - activerecord (5.2.6) - activemodel (= 5.2.6) - activesupport (= 5.2.6) + activemodel (5.2.6.3) + activesupport (= 5.2.6.3) + activerecord (5.2.6.3) + activemodel (= 5.2.6.3) + activesupport (= 5.2.6.3) arel (>= 9.0) - activestorage (5.2.6) - actionpack (= 5.2.6) - activerecord (= 5.2.6) + activestorage (5.2.6.3) + actionpack (= 5.2.6.3) + activerecord (= 5.2.6.3) marcel (~> 1.0.0) - activesupport (5.2.6) + activesupport (5.2.6.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -91,7 +91,7 @@ GEM cldr-plurals-runtime-rb (1.0.1) coercible (1.0.0) descendants_tracker (~> 0.0.1) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) connection_pool (2.2.5) coveralls_reborn (0.18.0) simplecov (>= 0.18.1, < 0.20.0) @@ -151,8 +151,8 @@ GEM fugit (1.3.1) et-orbi (~> 1.1, >= 1.1.8) raabro (~> 1.1) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (1.0.0) + activesupport (>= 5.0) hashdiff (1.0.1) hashery (2.1.2) hashie (4.1.0) @@ -160,7 +160,7 @@ GEM httparty (0.20.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.8.10) + i18n (1.10.0) concurrent-ruby (~> 1.0) icalendar (2.5.3) ice_cube (~> 0.16) @@ -193,12 +193,12 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.9.1) + loofah (2.14.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) message_format (0.0.6) twitter_cldr (~> 5.0) method_source (1.0.0) @@ -209,9 +209,9 @@ GEM nokogiri (~> 1) rake mini_magick (4.10.1) - mini_mime (1.1.0) - mini_portile2 (2.6.1) - minitest (5.14.4) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.15.0) minitest-reporters (1.4.2) ansi builder @@ -222,8 +222,8 @@ GEM multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.8) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.13.3) + mini_portile2 (~> 2.8.0) racc (~> 1.4) notify_with (0.0.2) jbuilder (~> 2.0) @@ -274,30 +274,30 @@ GEM pundit (2.1.0) activesupport (>= 3.0.0) raabro (1.1.6) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-proxy (0.6.5) rack rack-test (1.1.0) rack (>= 1.0, < 3) railroady (1.5.3) - rails (5.2.6) - actioncable (= 5.2.6) - actionmailer (= 5.2.6) - actionpack (= 5.2.6) - actionview (= 5.2.6) - activejob (= 5.2.6) - activemodel (= 5.2.6) - activerecord (= 5.2.6) - activestorage (= 5.2.6) - activesupport (= 5.2.6) + rails (5.2.6.3) + actioncable (= 5.2.6.3) + actionmailer (= 5.2.6.3) + actionpack (= 5.2.6.3) + actionview (= 5.2.6.3) + activejob (= 5.2.6.3) + activemodel (= 5.2.6.3) + activerecord (= 5.2.6.3) + activestorage (= 5.2.6.3) + activesupport (= 5.2.6.3) bundler (>= 1.3.0) - railties (= 5.2.6) + railties (= 5.2.6.3) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) rails-observers (0.1.5) activemodel (>= 4.0) @@ -306,14 +306,14 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (5.2.6) - actionpack (= 5.2.6) - activesupport (= 5.2.6) + railties (5.2.6.3) + actionpack (= 5.2.6.3) + activesupport (= 5.2.6.3) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.3) + rake (13.0.6) rb-fsevent (0.10.3) rb-inotify (0.10.1) ffi (~> 1.0) @@ -371,12 +371,12 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (4.0.2) + sprockets (4.0.3) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) ssrf_filter (1.0.7) stripe (5.29.0) @@ -422,7 +422,7 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) From 5a529e04921d2df6039842c53aba8de039ac2b60 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 09:57:38 +0100 Subject: [PATCH 13/20] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a08021dd..4efa63464 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) - Fix a security issue: updated rails to 5.2.6.3 to fix [CVE-2022-21831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831), [CVE-2022-23633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633) +- Fix a security issue: updated sidekiq to 6.4.0 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) ## v5.3.5 2022 March 02 From 00d631c0c4e1ca48f9d1becf3eaf7ffe8f3287a9 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 10:02:49 +0100 Subject: [PATCH 14/20] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4efa63464..93811f8aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) - Fix a security issue: updated rails to 5.2.6.3 to fix [CVE-2022-21831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831), [CVE-2022-23633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633) - Fix a security issue: updated sidekiq to 6.4.0 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) +- Fix a security issue: updated nokogiri to 1.13.3 to fix [CVE-2021-30560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560) and [CVE-2022-23308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308) ## v5.3.5 2022 March 02 From 5b68f2a1be1437923e705a22336c410d740ac921 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 10:05:01 +0100 Subject: [PATCH 15/20] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93811f8aa..6a5b9f6cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Fix a security issue: updated rails to 5.2.6.3 to fix [CVE-2022-21831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831), [CVE-2022-23633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633) - Fix a security issue: updated sidekiq to 6.4.0 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) - Fix a security issue: updated nokogiri to 1.13.3 to fix [CVE-2021-30560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560) and [CVE-2022-23308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308) +- Fix a security issue: updated puma to 4.3.11 to fix [CVE-2022-23634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634) ## v5.3.5 2022 March 02 From f00c638189a76a3a03075e772130e0051d36575d Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 11:21:59 +0100 Subject: [PATCH 16/20] (security) updated i18next-http-backend --- CHANGELOG.md | 4 +++ package.json | 8 ++--- yarn.lock | 92 +++++++++++++++++++++++++++++----------------------- 3 files changed, 60 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a5b9f6cd..26d49f271 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # Changelog Fab-manager - Updated environment documentation +- Updated react-i18next to 11.15.6 +- Updated i18next to 21.6.13 +- Updated i18next-icu to 2.0.3 - Fix a bug: a sentence was not linked to a translation key - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) @@ -8,6 +11,7 @@ - Fix a security issue: updated sidekiq to 6.4.0 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) - Fix a security issue: updated nokogiri to 1.13.3 to fix [CVE-2021-30560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560) and [CVE-2022-23308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308) - Fix a security issue: updated puma to 4.3.11 to fix [CVE-2022-23634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634) +- Fix a security issue: updated i18next-http-backend to 1.3.2 to fix [CVE-2022-0235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235) ## v5.3.5 2022 March 02 diff --git a/package.json b/package.json index 8dd427f71..f28fc5da8 100644 --- a/package.json +++ b/package.json @@ -99,9 +99,9 @@ "elasticsearch-browser": "3.1", "fullcalendar": "3.10.2", "holderjs": "2.6", - "i18next": "^19.8.3", - "i18next-http-backend": "^1.0.21", - "i18next-icu": "^1.4.2", + "i18next": "^21.6.13", + "i18next-http-backend": "^1.3.2", + "i18next-icu": "^2.0.3", "immer": "^9.0.6", "jasny-bootstrap": "3.1", "jquery": ">=3.5.0", @@ -116,7 +116,7 @@ "prop-types": "^15.7.2", "react": "^17.0.2", "react-dom": "^17.0.2", - "react-i18next": "^11.7.3", + "react-i18next": "^11.15.6", "react-modal": "^3.11.2", "react-select": "^4.3.1", "react-switch": "^6.0.0", diff --git a/yarn.lock b/yarn.lock index 52a761b1f..1830c8a33 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3028,12 +3028,12 @@ create-hmac@^1.1.0, create-hmac@^1.1.4, create-hmac@^1.1.7: safe-buffer "^5.0.1" sha.js "^2.4.8" -cross-fetch@3.1.4: - version "3.1.4" - resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.1.4.tgz#9723f3a3a247bf8b89039f3a380a9244e8fa2f39" - integrity sha512-1eAtFWdIubi6T4XPy6ei9iUFoKpUkIF971QLN8lIvvvwueI65+Nw5haMNKUwfJxabqlIIDODJKGrQ66gxC0PbQ== +cross-fetch@3.1.5: + version "3.1.5" + resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.1.5.tgz#e1389f44d9e7ba767907f7af8454787952ab534f" + integrity sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw== dependencies: - node-fetch "2.6.1" + node-fetch "2.6.7" cross-spawn@^6.0.0, cross-spawn@^6.0.5: version "6.0.5" @@ -4631,6 +4631,11 @@ html-entities@^2.1.0: resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-2.3.2.tgz#760b404685cb1d794e4f4b744332e3b00dcfe488" integrity sha512-c3Ab/url5ksaT0WyleslpBEthOzWhrjQbg75y7XUsfSzi3Dgzt0l8w5e7DylRn15MTlMMD58dTfzddNS2kcAjQ== +html-escaper@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453" + integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg== + html-loader@^1.3.0, html-loader@~1.3.0: version "1.3.2" resolved "https://registry.yarnpkg.com/html-loader/-/html-loader-1.3.2.tgz#5a72ebba420d337083497c9aba7866c9e1aee340" @@ -4737,24 +4742,22 @@ https-browserify@^1.0.0: resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73" integrity sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM= -i18next-http-backend@^1.0.21: - version "1.2.6" - resolved "https://registry.yarnpkg.com/i18next-http-backend/-/i18next-http-backend-1.2.6.tgz#80b12e8b207814aebb3b8a74c4487dd156973bee" - integrity sha512-NeNNRofj+rR6Cw+/Elf8bCVaCiqWg2Y6F+CrmDvHiPzAW2Dtxxlk8O0na2et/rr1n3ST6rJr4nMXH/QOFuhaeA== +i18next-http-backend@^1.3.2: + version "1.3.2" + resolved "https://registry.yarnpkg.com/i18next-http-backend/-/i18next-http-backend-1.3.2.tgz#ce6aff7aa60b6170e006d62b8f9cc1b3de55413e" + integrity sha512-SfcoUmsSWnc2LYsDsCq5TCg18cxJXvXymX9N37V+qqMKQY8Gf0rWkjOnRd20sMK633Dq4NF9tvqPbOiFJ49Kbw== dependencies: - cross-fetch "3.1.4" + cross-fetch "3.1.5" -i18next-icu@^1.4.2: - version "1.4.2" - resolved "https://registry.yarnpkg.com/i18next-icu/-/i18next-icu-1.4.2.tgz#2b79d1ac2c2d542725219beac34a74db15cd2ff9" - integrity sha512-EqHafx/sL8eoEowwqi5P6cXtLrzJXBKI4RmV+UaMXlpIJNfckVsq873F2KkMKkApxiw2ATj46C8MurmhMsHQGw== - dependencies: - intl-messageformat "2.2.0" +i18next-icu@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/i18next-icu/-/i18next-icu-2.0.3.tgz#f3a69f7813ce9d4648d66fbaa06fa466d0a8642e" + integrity sha512-sZ0VCWDnHysUYQL8j/0rVOxv6rLR+SBoaqQQ2UVNfLyJCuf/bAjYPkoUQgyuDkWFo1xZjeCf4G6GBNr7gD61bQ== -i18next@^19.8.3: - version "19.9.2" - resolved "https://registry.yarnpkg.com/i18next/-/i18next-19.9.2.tgz#ea5a124416e3c5ab85fddca2c8e3c3669a8da397" - integrity sha512-0i6cuo6ER6usEOtKajUUDj92zlG+KArFia0857xxiEHAQcUwh/RtOQocui1LPJwunSYT574Pk64aNva1kwtxZg== +i18next@^21.6.13: + version "21.6.13" + resolved "https://registry.yarnpkg.com/i18next/-/i18next-21.6.13.tgz#e881b05f156ac06997e9b63379d8b2674bb4a4f2" + integrity sha512-MVjNttw+5mIuu2/fwTpSU0EeI7iU/6pnDvGQboCzkILiv0/gD+FLZaF7qSHmUHO4ZkE6xJQ9SlBgGvMHxhC82Q== dependencies: "@babel/runtime" "^7.12.0" @@ -4924,18 +4927,6 @@ interpret@^1.4.0: resolved "https://registry.yarnpkg.com/interpret/-/interpret-1.4.0.tgz#665ab8bc4da27a774a40584e812e3e0fa45b1a1e" integrity sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA== -intl-messageformat-parser@1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/intl-messageformat-parser/-/intl-messageformat-parser-1.4.0.tgz#b43d45a97468cadbe44331d74bb1e8dea44fc075" - integrity sha1-tD1FqXRoytvkQzHXS7Ho3qRPwHU= - -intl-messageformat@2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/intl-messageformat/-/intl-messageformat-2.2.0.tgz#345bcd46de630b7683330c2e52177ff5eab484fc" - integrity sha1-NFvNRt5jC3aDMwwuUhd/9eq0hPw= - dependencies: - intl-messageformat-parser "1.4.0" - ip-regex@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-2.1.0.tgz#fa78bf5d2e6913c911ce9f819ee5146bb6d844e9" @@ -5974,10 +5965,12 @@ no-case@^3.0.4: lower-case "^2.0.2" tslib "^2.0.3" -node-fetch@2.6.1: - version "2.6.1" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052" - integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw== +node-fetch@2.6.7: + version "2.6.7" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" node-forge@^0.10.0: version "0.10.0" @@ -7407,12 +7400,13 @@ react-dom@^17.0.2: object-assign "^4.1.1" scheduler "^0.20.2" -react-i18next@^11.7.3: - version "11.11.0" - resolved "https://registry.yarnpkg.com/react-i18next/-/react-i18next-11.11.0.tgz#2f7c6cb4f81f94d1728a02d60e4bb5216709f942" - integrity sha512-p1jHmoyJgDFQmyubUEjrx6kCsr1izW/C8i9pOiJy+9lJqLYwNA8sElVplm0VAnop3kH68edT0/g3wB3UvAcRCQ== +react-i18next@^11.15.6: + version "11.15.6" + resolved "https://registry.yarnpkg.com/react-i18next/-/react-i18next-11.15.6.tgz#693430fbee5ac7d0774bd88683575d62adb24afb" + integrity sha512-OUWcFdNgIA9swVx3JGIreuquglAinpRwB/HYrCprTN+s9BQDt9LSiY7x5DGc2JzVpwqtpoTV7oRUTOxEPNyUPw== dependencies: "@babel/runtime" "^7.14.5" + html-escaper "^2.0.2" html-parse-stringify "^3.0.1" react-input-autosize@^3.0.0: @@ -8652,6 +8646,11 @@ toidentifier@1.0.0: resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553" integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw== +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o= + ts-pnp@^1.1.6: version "1.2.0" resolved "https://registry.yarnpkg.com/ts-pnp/-/ts-pnp-1.2.0.tgz#a500ad084b0798f1c3071af391e65912c86bca92" @@ -8966,6 +8965,11 @@ wbuf@^1.1.0, wbuf@^1.7.3: dependencies: minimalistic-assert "^1.0.0" +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE= + webpack-assets-manifest@^3.1.1: version "3.1.1" resolved "https://registry.yarnpkg.com/webpack-assets-manifest/-/webpack-assets-manifest-3.1.1.tgz#39bbc3bf2ee57fcd8ba07cda51c9ba4a3c6ae1de" @@ -9105,6 +9109,14 @@ websocket-extensions@>=0.1.1: resolved "https://registry.yarnpkg.com/websocket-extensions/-/websocket-extensions-0.1.4.tgz#7f8473bc839dfd87608adb95d7eb075211578a42" integrity sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg== +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0= + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + which-boxed-primitive@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz#13757bc89b209b049fe5d86430e21cf40a89a8e6" From 444cc11b6bddcacea32544ea58a60c66a1625421 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 11:29:30 +0100 Subject: [PATCH 17/20] udpated sidekiq-unique-jobs to 7.1.15 --- CHANGELOG.md | 1 + Gemfile | 2 +- Gemfile.lock | 12 ++++++++---- config/initializers/sidekiq.rb | 14 ++++++++++++++ 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26d49f271..98ceda75b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Updated react-i18next to 11.15.6 - Updated i18next to 21.6.13 - Updated i18next-icu to 2.0.3 +- Updated sidekiq-unique-jobs to 7.1.15 - Fix a bug: a sentence was not linked to a translation key - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) diff --git a/Gemfile b/Gemfile index a4414445a..de37be106 100644 --- a/Gemfile +++ b/Gemfile @@ -91,7 +91,7 @@ gem 'aasm' gem 'sidekiq', '>= 6.0.7' # Recurring jobs for Sidekiq gem 'sidekiq-cron' -gem 'sidekiq-unique-jobs', '~> 6.0.22' +gem 'sidekiq-unique-jobs', '~> 7.1.15' gem 'stripe', '5.29.0' diff --git a/Gemfile.lock b/Gemfile.lock index 86428d7aa..160508a7f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -66,6 +66,9 @@ GEM bindex (0.8.1) bootsnap (1.4.6) msgpack (~> 1.0) + brpoplpush-redis_script (0.1.2) + concurrent-ruby (~> 1.0, >= 1.0.5) + redis (>= 1.0, <= 5.0) builder (3.2.4) bullet (7.0.0) activesupport (>= 3.0.0) @@ -358,10 +361,11 @@ GEM sidekiq-cron (1.1.0) fugit (~> 1.1) sidekiq (>= 4.2.1) - sidekiq-unique-jobs (6.0.22) + sidekiq-unique-jobs (7.1.15) + brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) - sidekiq (>= 4.0, < 7.0) - thor (~> 0) + sidekiq (>= 5.0, < 8.0) + thor (>= 0.20, < 3.0) simplecov (0.19.0) docile (~> 1.1) simplecov-html (~> 0.11) @@ -494,7 +498,7 @@ DEPENDENCIES sha3 sidekiq (>= 6.0.7) sidekiq-cron - sidekiq-unique-jobs (~> 6.0.22) + sidekiq-unique-jobs (~> 7.1.15) spring spring-watcher-listen (~> 2.0.0) stripe (= 5.29.0) diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index 27034b32b..33342a0b9 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -6,6 +6,16 @@ redis_url = "redis://#{redis_host}:6379" Sidekiq.configure_server do |config| config.redis = { url: redis_url } + config.client_middleware do |chain| + chain.add SidekiqUniqueJobs::Middleware::Client + end + + config.server_middleware do |chain| + chain.add SidekiqUniqueJobs::Middleware::Server + end + + SidekiqUniqueJobs::Server.configure(config) + # load sidekiq-cron schedule config schedule_file = 'config/schedule.yml' @@ -17,6 +27,10 @@ end Sidekiq.configure_client do |config| config.redis = { url: redis_url } + + config.client_middleware do |chain| + chain.add SidekiqUniqueJobs::Middleware::Client + end end Sidekiq::Extensions.enable_delay! From d9212313928df39b25e58144c9a212496cc1c734 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 11:46:13 +0100 Subject: [PATCH 18/20] added intl-messageformat intl-messageformat is now a required dependency of i18next-icu since v2. Also added missing @type dependencies (angular & prop-types). They were previously misadded to peerDependencies --- package.json | 7 +++--- yarn.lock | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index f28fc5da8..b639afc1d 100644 --- a/package.json +++ b/package.json @@ -58,6 +58,8 @@ "@rails/webpacker": "5.4.3", "@stripe/react-stripe-js": "^1.4.0", "@stripe/stripe-js": "^1.13.2", + "@types/angular": "^1.7.3", + "@types/prop-types": "^15.7.2", "@types/react": "^17.0.3", "@types/react-dom": "^17.0.3", "@uirouter/angularjs": "0.4", @@ -103,6 +105,7 @@ "i18next-http-backend": "^1.3.2", "i18next-icu": "^2.0.3", "immer": "^9.0.6", + "intl-messageformat": "^9.11.4", "jasny-bootstrap": "3.1", "jquery": ">=3.5.0", "jquery-ujs": "^1.2.2", @@ -127,9 +130,5 @@ "ui-select": "0.19", "underscore": "1.12", "use-immer": "^0.5.1" - }, - "peerDependencies": { - "@types/angular": "^1.7.3", - "@types/prop-types": "^15.7.2" } } diff --git a/yarn.lock b/yarn.lock index 1830c8a33..cdb080303 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1262,6 +1262,45 @@ resolved "https://registry.yarnpkg.com/@emotion/weak-memoize/-/weak-memoize-0.2.5.tgz#8eed982e2ee6f7f4e44c253e12962980791efd46" integrity sha512-6U71C2Wp7r5XtFtQzYrW5iKFT67OixrSxjI4MptCHzdSVlgabczzqLe0ZSgnub/5Kp4hSbpDB1tMytZY9pwxxA== +"@formatjs/ecma402-abstract@1.11.3": + version "1.11.3" + resolved "https://registry.yarnpkg.com/@formatjs/ecma402-abstract/-/ecma402-abstract-1.11.3.tgz#f25276dfd4ef3dac90da667c3961d8aa9732e384" + integrity sha512-kP/Buv5vVFMAYLHNvvUzr0lwRTU0u2WTy44Tqwku1X3C3lJ5dKqDCYVqA8wL+Y19Bq+MwHgxqd5FZJRCIsLRyQ== + dependencies: + "@formatjs/intl-localematcher" "0.2.24" + tslib "^2.1.0" + +"@formatjs/fast-memoize@1.2.1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@formatjs/fast-memoize/-/fast-memoize-1.2.1.tgz#e6f5aee2e4fd0ca5edba6eba7668e2d855e0fc21" + integrity sha512-Rg0e76nomkz3vF9IPlKeV+Qynok0r7YZjL6syLz4/urSg0IbjPZCB/iYUMNsYA643gh4mgrX3T7KEIFIxJBQeg== + dependencies: + tslib "^2.1.0" + +"@formatjs/icu-messageformat-parser@2.0.18": + version "2.0.18" + resolved "https://registry.yarnpkg.com/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.0.18.tgz#b09e8f16b88e988fd125e7c5810300e8a6dd2c42" + integrity sha512-vquIzsAJJmZ5jWVH8dEgUKcbG4yu3KqtyPet+q35SW5reLOvblkfeCXTRW2TpIwNXzdVqsJBwjbTiRiSU9JxwQ== + dependencies: + "@formatjs/ecma402-abstract" "1.11.3" + "@formatjs/icu-skeleton-parser" "1.3.5" + tslib "^2.1.0" + +"@formatjs/icu-skeleton-parser@1.3.5": + version "1.3.5" + resolved "https://registry.yarnpkg.com/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.3.5.tgz#babc93a1c36383cf87cbb3d2f2145d26c2f7cb40" + integrity sha512-Nhyo2/6kG7ZfgeEfo02sxviOuBcvtzH6SYUharj3DLCDJH3A/4OxkKcmx/2PWGX4bc6iSieh+FA94CsKDxnZBQ== + dependencies: + "@formatjs/ecma402-abstract" "1.11.3" + tslib "^2.1.0" + +"@formatjs/intl-localematcher@0.2.24": + version "0.2.24" + resolved "https://registry.yarnpkg.com/@formatjs/intl-localematcher/-/intl-localematcher-0.2.24.tgz#b49fd753c0f54421f26a3c1d0e9cf98a3966e78f" + integrity sha512-K/HRGo6EMnCbhpth/y3u4rW4aXkmQNqRe1L2G+Y5jNr3v0gYhvaucV8WixNju/INAMbPBlbsRBRo/nfjnoOnxQ== + dependencies: + tslib "^2.1.0" + "@fortawesome/fontawesome-free@5.14.0": version "5.14.0" resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-5.14.0.tgz#a371e91029ebf265015e64f81bfbf7d228c9681f" @@ -1379,6 +1418,11 @@ resolved "https://registry.yarnpkg.com/@types/angular/-/angular-1.8.1.tgz#940b16476adff7b66608aae778e5e9f1c57ab847" integrity sha512-8zEjTC3gpkva6/dbUkiSxIUGUxYm9HD/pJJ0lbqfEM2TWqi/3vs4VtgoFxVXt5bmuJ+6G2caO2HaMD+NzB1VwA== +"@types/angular@^1.7.3": + version "1.8.4" + resolved "https://registry.yarnpkg.com/@types/angular/-/angular-1.8.4.tgz#a2cc163e508389c51d4c4119ebff6b9395cec472" + integrity sha512-wPS/ncJWhyxJsndsW1B6Ta8D4mi97x1yItSu+rkLDytU3oRIh2CFAjMuJceYwFAh9+DIohndWM0QBA9OU2Hv0g== + "@types/glob@^7.1.1": version "7.1.3" resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.1.3.tgz#e6ba80f36b7daad2c685acd9266382e68985c183" @@ -1424,6 +1468,11 @@ resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.3.tgz#2ab0d5da2e5815f94b0b9d4b95d1e5f243ab2ca7" integrity sha512-KfRL3PuHmqQLOG+2tGpRO26Ctg+Cq1E01D2DMriKEATHgWLfeNDmq9e29Q9WIky0dQ3NPkd1mzYH8Lm936Z9qw== +"@types/prop-types@^15.7.2": + version "15.7.4" + resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.4.tgz#fcf7205c25dff795ee79af1e30da2c9790808f11" + integrity sha512-rZ5drC/jWjrArrS8BR6SIr4cWpW09RNTYt9AMZo3Jwwif+iacXAqgVjm0B0Bv/S1jhDXKHqRVNCbACkJ89RAnQ== + "@types/q@^1.5.1": version "1.5.4" resolved "https://registry.yarnpkg.com/@types/q/-/q-1.5.4.tgz#15925414e0ad2cd765bfef58842f7e26a7accb24" @@ -4927,6 +4976,16 @@ interpret@^1.4.0: resolved "https://registry.yarnpkg.com/interpret/-/interpret-1.4.0.tgz#665ab8bc4da27a774a40584e812e3e0fa45b1a1e" integrity sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA== +intl-messageformat@^9.11.4: + version "9.11.4" + resolved "https://registry.yarnpkg.com/intl-messageformat/-/intl-messageformat-9.11.4.tgz#0f9030bc6d10e6a48592142f88e646d88f05f1f2" + integrity sha512-77TSkNubIy/hsapz6LQpyR6OADcxhWdhSaboPb5flMaALCVkPvAIxr48AlPqaMl4r1anNcvR9rpLWVdwUY1IKg== + dependencies: + "@formatjs/ecma402-abstract" "1.11.3" + "@formatjs/fast-memoize" "1.2.1" + "@formatjs/icu-messageformat-parser" "2.0.18" + tslib "^2.1.0" + ip-regex@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-2.1.0.tgz#fa78bf5d2e6913c911ce9f819ee5146bb6d844e9" @@ -8666,6 +8725,11 @@ tslib@^2.0.3: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.0.tgz#803b8cdab3e12ba581a4ca41c8839bbb0dacb09e" integrity sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg== +tslib@^2.1.0: + version "2.3.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.1.tgz#e8a335add5ceae51aa261d32a490158ef042ef01" + integrity sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw== + tsutils@^3.21.0: version "3.21.0" resolved "https://registry.yarnpkg.com/tsutils/-/tsutils-3.21.0.tgz#b48717d394cea6c1e096983eed58e9d61715b623" From 3955a282b844ee56d1534c2e590887b69ab8bdbb Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 14:33:50 +0100 Subject: [PATCH 19/20] Removed unmaintained gem sidekiq-cron and replaced it with sidekiq-scheduler --- CHANGELOG.md | 3 ++- Gemfile | 2 +- Gemfile.lock | 30 ++++++++++++++++++++---------- config/initializers/sidekiq.rb | 19 +++++++++++-------- config/routes.rb | 2 +- config/schedule.yml | 18 +++++++++--------- 6 files changed, 44 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 98ceda75b..5d2cda834 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,11 +5,12 @@ - Updated i18next to 21.6.13 - Updated i18next-icu to 2.0.3 - Updated sidekiq-unique-jobs to 7.1.15 +- Removed unmaintained gem sidekiq-cron and replaced it with sidekiq-scheduler - Fix a bug: a sentence was not linked to a translation key - Fix a security issue: updated image_processing to 1.12.2 to fix [CVE-2022-24720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24720) - Fix a security issue: updated url-parse to 1.5.10 to fix [CVE-2022-0686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686), [CVE-2022-0691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691), [CVE-2022-0639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639) and [CVE-2022-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512) - Fix a security issue: updated rails to 5.2.6.3 to fix [CVE-2022-21831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831), [CVE-2022-23633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633) -- Fix a security issue: updated sidekiq to 6.4.0 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) +- Fix a security issue: updated sidekiq to 6.4.1 to fix [CVE-2022-23837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23837) - Fix a security issue: updated nokogiri to 1.13.3 to fix [CVE-2021-30560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560) and [CVE-2022-23308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308) - Fix a security issue: updated puma to 4.3.11 to fix [CVE-2022-23634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634) - Fix a security issue: updated i18next-http-backend to 1.3.2 to fix [CVE-2022-0235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235) diff --git a/Gemfile b/Gemfile index de37be106..b9d3c004b 100644 --- a/Gemfile +++ b/Gemfile @@ -90,7 +90,7 @@ gem 'aasm' # Background job processing gem 'sidekiq', '>= 6.0.7' # Recurring jobs for Sidekiq -gem 'sidekiq-cron' +gem 'sidekiq-scheduler' gem 'sidekiq-unique-jobs', '~> 7.1.15' gem 'stripe', '5.29.0' diff --git a/Gemfile.lock b/Gemfile.lock index 160508a7f..f3c43e2db 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -118,6 +118,7 @@ GEM dotenv-rails (2.7.5) dotenv (= 2.7.5) railties (>= 3.2, < 6.1) + e2mmap (0.1.0) elasticsearch (5.0.5) elasticsearch-api (= 5.0.5) elasticsearch-transport (= 5.0.5) @@ -140,7 +141,7 @@ GEM multi_json equalizer (0.0.11) erubi (1.10.0) - et-orbi (1.2.1) + et-orbi (1.2.7) tzinfo faker (2.10.2) i18n (>= 1.6, < 2) @@ -151,9 +152,9 @@ GEM forgery (0.7.0) friendly_id (5.1.0) activerecord (>= 4.0.0) - fugit (1.3.1) + fugit (1.5.2) et-orbi (~> 1.1, >= 1.1.8) - raabro (~> 1.1) + raabro (~> 1.4) globalid (1.0.0) activesupport (>= 5.0) hashdiff (1.0.1) @@ -276,7 +277,7 @@ GEM nio4r (~> 2.0) pundit (2.1.0) activesupport (>= 3.0.0) - raabro (1.1.6) + raabro (1.4.0) racc (1.6.0) rack (2.2.3) rack-proxy (0.6.5) @@ -324,7 +325,7 @@ GEM recurrence (1.3.0) activesupport i18n - redis (4.5.1) + redis (4.6.0) repost (0.3.2) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) @@ -346,6 +347,8 @@ GEM nokogiri (>= 1.10.8) rubyzip (>= 1.3.0) rubyzip (2.3.0) + rufus-scheduler (3.8.1) + fugit (~> 1.1, >= 1.1.6) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) @@ -354,13 +357,17 @@ GEM activesupport (>= 4) semantic_range (2.3.0) sha3 (1.0.1) - sidekiq (6.4.0) + sidekiq (6.4.1) connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) - sidekiq-cron (1.1.0) - fugit (~> 1.1) - sidekiq (>= 4.2.1) + sidekiq-scheduler (3.1.1) + e2mmap + redis (>= 3, < 5) + rufus-scheduler (~> 3.2) + sidekiq (>= 3) + thwait + tilt (>= 1.4.0) sidekiq-unique-jobs (7.1.15) brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) @@ -391,6 +398,9 @@ GEM tins (~> 1.0) thor (0.20.3) thread_safe (0.3.6) + thwait (0.2.0) + e2mmap + tilt (2.0.10) tins (1.25.0) sync ttfunk (1.5.1) @@ -497,7 +507,7 @@ DEPENDENCIES seed_dump sha3 sidekiq (>= 6.0.7) - sidekiq-cron + sidekiq-scheduler sidekiq-unique-jobs (~> 7.1.15) spring spring-watcher-listen (~> 2.0.0) diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index 33342a0b9..8a62e32b6 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -1,5 +1,8 @@ # frozen_string_literal: true +require 'sidekiq' +require 'sidekiq-scheduler' + redis_host = ENV['REDIS_HOST'] || 'localhost' redis_url = "redis://#{redis_host}:6379" @@ -16,12 +19,14 @@ Sidekiq.configure_server do |config| SidekiqUniqueJobs::Server.configure(config) - # load sidekiq-cron schedule config - schedule_file = 'config/schedule.yml' - - if File.exist?(schedule_file) - rendered_schedule_file = ERB.new(File.read(schedule_file)).result - Sidekiq::Cron::Job.load_from_hash YAML.safe_load(rendered_schedule_file) + config.on(:startup) do + # load sidekiq-scheduler schedule config + schedule_file = 'config/schedule.yml' + if File.exist?(schedule_file) + rendered_schedule_file = ERB.new(File.read(schedule_file)).result + Sidekiq.schedule = YAML.safe_load(rendered_schedule_file) + SidekiqScheduler::Scheduler.instance.reload_schedule! + end end end @@ -33,8 +38,6 @@ Sidekiq.configure_client do |config| end end -Sidekiq::Extensions.enable_delay! - # Quieting logging in the test environment if Rails.env.test? require 'sidekiq/testing' diff --git a/config/routes.rb b/config/routes.rb index c9a0728ab..f931ca7ef 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require 'sidekiq_unique_jobs/web' -require 'sidekiq/cron/web' +require 'sidekiq-scheduler/web' Rails.application.routes.draw do if AuthProvider.active.providable_type == DatabaseProvider.name diff --git a/config/schedule.yml b/config/schedule.yml index d1bb8b1c6..967ca1ae4 100644 --- a/config/schedule.yml +++ b/config/schedule.yml @@ -1,38 +1,38 @@ subscription_expire_in_7_days: cron: "0 0 * * *" - class: "SubscriptionExpireWorker" + class: SubscriptionExpireWorker queue: default args: [7] subscription_is_expired: cron: "0 23 * * *" - class: "SubscriptionExpireWorker" + class: SubscriptionExpireWorker queue: default args: [0] generate_statistic: cron: "0 1 * * *" - class: "StatisticWorker" + class: StatisticWorker queue: default i_calendar_import: cron: "0 * * * *" - class: "ICalendarImportWorker" + class: ICalendarImportWorker queue: default reservation_reminder: cron: "1 * * * *" - class: "ReservationReminderWorker" + class: ReservationReminderWorker queue: default close_period_reminder_worker: cron: "0 12 * * 1" # every monday at 12pm - class: "ClosePeriodReminderWorker" + class: ClosePeriodReminderWorker queue: default free_disk_space: cron: "0 5 * * 0" # every sunday at 5am - class: "FreeDiskSpaceWorker" + class: FreeDiskSpaceWorker queue: system # schedule a version check, every week at the current day+time @@ -40,12 +40,12 @@ free_disk_space: <% m = DateTime.current.minute - 1; h = DateTime.current.hour; d = DateTime.current.cwday %> version_check: cron: <%="#{m} #{h} * * #{d}" %> - class: 'VersionCheckWorker' + class: VersionCheckWorker queue: system payment_schedule_item: cron: "0 * * * *" # every day, every hour - class: 'PaymentScheduleItemWorker' + class: PaymentScheduleItemWorker queue: default <%= PluginRegistry.insert_code('yml.schedule') %> From 6e44116c8e941a9c2aaf4b34d1656d21a4af1fe2 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 9 Mar 2022 14:38:24 +0100 Subject: [PATCH 20/20] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d2cda834..ef4891608 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ - Fix a security issue: updated nokogiri to 1.13.3 to fix [CVE-2021-30560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560) and [CVE-2022-23308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308) - Fix a security issue: updated puma to 4.3.11 to fix [CVE-2022-23634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634) - Fix a security issue: updated i18next-http-backend to 1.3.2 to fix [CVE-2022-0235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235) +- Fix a security issue: updated follow-redirects to 1.18.8 to fix [CVE-2022-0536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0536) ## v5.3.5 2022 March 02