From dd8a4e8688e7bd0a9e5d6d9aab8c922d9f654b4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Nov 2022 09:35:34 +0000 Subject: [PATCH 1/7] Bump loader-utils from 1.4.0 to 1.4.1 Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.1/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/yarn.lock b/yarn.lock index 281b9b244..8ac132caf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5321,14 +5321,7 @@ json5@^1.0.1: dependencies: minimist "^1.2.0" -json5@^2.1.2: - version "2.2.0" - resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.0.tgz#2dfefe720c6ba525d9ebd909950f0515316c89a3" - integrity sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA== - dependencies: - minimist "^1.2.5" - -json5@^2.2.1: +json5@^2.1.2, json5@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c" integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA== @@ -5380,9 +5373,9 @@ loader-runner@^4.2.0: integrity sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw== loader-utils@^1.0.2, loader-utils@^1.1.0, loader-utils@^1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.4.0.tgz#c579b5e34cb34b1a74edc6c1fb36bfa371d5a613" - integrity sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA== + version "1.4.1" + resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.4.1.tgz#278ad7006660bccc4d2c0c1578e17c5c78d5c0e0" + integrity sha512-1Qo97Y2oKaU+Ro2xnDMR26g1BwMT29jNbem1EvcujW2jqt+j5COXyscjM7bLQkM9HaxI7pkWeW7gnI072yMI9Q== dependencies: big.js "^5.2.2" emojis-list "^3.0.0" @@ -5637,7 +5630,12 @@ minimatch@^3.1.2: dependencies: brace-expansion "^1.1.7" -minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6: +minimist@^1.2.0: + version "1.2.7" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18" + integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g== + +minimist@^1.2.5, minimist@^1.2.6: version "1.2.6" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44" integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q== From a776b9cc6acdd3d52e0dafe6ba70e3dbacfd4f3a Mon Sep 17 00:00:00 2001 From: Sylvain Date: Thu, 10 Nov 2022 12:37:06 +0100 Subject: [PATCH 2/7] (bug) free disk space not verified in some cases --- CHANGELOG.md | 2 ++ app/workers/free_disk_space_worker.rb | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dbcab265f..9fe8f4077 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog Fab-manager +- Fix a bug: free disk space not verified in some cases + ## v5.5.0 2022 November 08 - Feature Fablab Store diff --git a/app/workers/free_disk_space_worker.rb b/app/workers/free_disk_space_worker.rb index d95c6a34e..942efebfb 100644 --- a/app/workers/free_disk_space_worker.rb +++ b/app/workers/free_disk_space_worker.rb @@ -10,14 +10,14 @@ class FreeDiskSpaceWorker stat = Sys::Filesystem.stat('.') mb_available = stat.block_size * stat.blocks_available / 1024 / 1024 - return if mb_available > Rails.application.secrets.disk_space_mb_alert + return if mb_available > Rails.application.secrets.disk_space_mb_alert.to_i NotificationCenter.call type: 'notify_admin_free_disk_space', receiver: User.adminsys || User.admins, attached_object: Role.first, meta_data: { mb_available: mb_available, - threshold: Rails.application.secrets.disk_space_mb_alert + threshold: Rails.application.secrets.disk_space_mb_alert.to_i } end end From 024bf92dae84dd9de0f160aba7a8a539bff7fbdf Mon Sep 17 00:00:00 2001 From: Sylvain Date: Mon, 14 Nov 2022 09:37:35 +0100 Subject: [PATCH 3/7] (doc) update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fe8f4077..5fa6b51a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog Fab-manager - Fix a bug: free disk space not verified in some cases +- Fix a security issue: updated loader-utils to 1.4.1 to fix [CVE-2022-37601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601) ## v5.5.0 2022 November 08 From d893c506e5b7421b82244808366f68ab9549d7a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Nov 2022 08:42:03 +0000 Subject: [PATCH 4/7] Bump minimatch from 3.0.4 to 3.1.2 Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/yarn.lock b/yarn.lock index 8ac132caf..16ba0705a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3472,7 +3472,7 @@ compression@^1.7.4: concat-map@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" - integrity sha1-2Klr13/Wjfd5OnMDajug1UBdR3s= + integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg== connect-history-api-fallback@^1.6.0: version "1.6.0" @@ -5616,14 +5616,7 @@ minimalistic-assert@^1.0.0: resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimatch@^3.0.2, minimatch@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" - integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA== - dependencies: - brace-expansion "^1.1.7" - -minimatch@^3.1.2: +minimatch@^3.0.2, minimatch@^3.0.4, minimatch@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== From d594a291b50e42854c277076d2d707ac5853f865 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Mon, 14 Nov 2022 09:46:18 +0100 Subject: [PATCH 5/7] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fa6b51a5..a5a07bf9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ - Fix a bug: free disk space not verified in some cases - Fix a security issue: updated loader-utils to 1.4.1 to fix [CVE-2022-37601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601) +- Fix a security issue: updated minimatch to 3.1.2 to fix [CVE-2022-3517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517) ## v5.5.0 2022 November 08 From 25606a26426116b9afee0b08725c7cc48065eddc Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 15 Nov 2022 15:12:08 +0100 Subject: [PATCH 6/7] (bug) unable to merge an SSO account with an existing account --- CHANGELOG.md | 1 + app/models/concerns/single_sign_on_concern.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5a07bf9c..17589c8f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog Fab-manager - Fix a bug: free disk space not verified in some cases +- Fix a bug: unable to merge an SSO account with an existing account - Fix a security issue: updated loader-utils to 1.4.1 to fix [CVE-2022-37601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601) - Fix a security issue: updated minimatch to 3.1.2 to fix [CVE-2022-3517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517) diff --git a/app/models/concerns/single_sign_on_concern.rb b/app/models/concerns/single_sign_on_concern.rb index d4642b7cb..1251b0d5e 100644 --- a/app/models/concerns/single_sign_on_concern.rb +++ b/app/models/concerns/single_sign_on_concern.rb @@ -13,7 +13,7 @@ module SingleSignOnConcern ## Retrieve the requested data in the User and user's Profile tables ## @param sso_mapping {String} must be of form 'user._field_' or 'profile._field_'. Eg. 'user.email' def get_data_from_sso_mapping(sso_mapping) - service = UserSetterService.new(self) + service = UserGetterService.new(self) service.read_attribute(sso_mapping) end From 7e095917ff6683e14d9c9f971fa2d5312798350f Mon Sep 17 00:00:00 2001 From: Du Peng Date: Tue, 15 Nov 2022 15:22:30 +0100 Subject: [PATCH 7/7] Version 5.5.1 --- CHANGELOG.md | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17589c8f0..7232a85b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog Fab-manager +## v5.5.1 2022 November 15 + - Fix a bug: free disk space not verified in some cases - Fix a bug: unable to merge an SSO account with an existing account - Fix a security issue: updated loader-utils to 1.4.1 to fix [CVE-2022-37601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601) diff --git a/package.json b/package.json index 4cfebb77c..80acdc725 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fab-manager", - "version": "5.5.0", + "version": "5.5.1", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "keywords": [ "fablab",