1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-10 21:24:20 +01:00
Commit Graph

162 Commits

Author SHA1 Message Date
Sylvain
9efab4e3a1 migrate to webpack
https://mariochavez.io/desarrollo/2020/05/19/from-the-asset-pipeline-to-webpack.html
2020-09-07 15:52:05 +02:00
Sylvain
69d5aa5c60 Updated coveralls gem to a supported version 2020-09-02 11:15:45 +02:00
Sylvain
3b9ddebc0d [security] updated json to 2.3.1 to fix CVE-2020-10663 2020-07-29 14:36:22 +02:00
Sylvain
15b9c7b4b9 test export availabilites 2020-07-22 11:16:43 +02:00
Sylvain
a67d41bbe7
Merge pull request #222 from sleede/dependabot/bundler/rack-2.2.3
Bump rack from 2.2.2 to 2.2.3
2020-06-29 08:01:26 +02:00
dependabot[bot]
f58809f418
Bump rack from 2.2.2 to 2.2.3
Bumps [rack](https://github.com/rack/rack) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.2...2.2.3)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-24 17:42:37 +00:00
Sylvain
d83e3a8d26 using gem pg_search 2020-06-22 11:25:35 +02:00
Sylvain
ddbf85f1b7
Merge pull request #217 from sleede/dependabot/bundler/websocket-extensions-0.1.5
Bump websocket-extensions from 0.1.4 to 0.1.5
2020-06-16 09:53:10 +02:00
Sylvain
68a99718c8 Merge branch 'settings' into dev 2020-06-15 17:53:17 +02:00
Sylvain
9ff0a06029 many sidekiq fixes 2020-06-09 18:51:57 +02:00
Sylvain
185b7b7162 updated sidekiq & redis to v6 2020-06-09 16:23:07 +02:00
dependabot[bot]
d4f655428e
Bump websocket-extensions from 0.1.4 to 0.1.5
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/faye/websocket-extensions-ruby/releases)
- [Changelog](https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-ruby/compare/0.1.4...0.1.5)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-06 10:05:28 +00:00
Sylvain
5c152412db test mime type of a file
use marcel to test mime types
updated mimemagic
2020-06-03 16:25:13 +02:00
Sylvain
1a38a8750b updated carrierware + validate file upload in front 2020-06-02 17:57:24 +02:00
dependabot[bot]
12d8587730
Bump kaminari from 1.2.0 to 1.2.1
Bumps [kaminari](https://github.com/kaminari/kaminari) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/kaminari/kaminari/releases)
- [Changelog](https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kaminari/kaminari/compare/v1.2.0...v1.2.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-28 21:46:52 +00:00
Sylvain
03abbabdc8 [security] updated rails to 5.2.4.2 2020-05-27 09:43:50 +02:00
dependabot[bot]
fade388043
Bump puma from 3.12.4 to 3.12.6
Bumps [puma](https://github.com/puma/puma) from 3.12.4 to 3.12.6.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-25 09:28:30 +00:00
Sylvain
2b95c043e3 Removed dependency to has_secure_token to fix warnings about already initialized constant 2020-05-18 17:45:01 +02:00
Sylvain
0cd5061852 update actionpack-page_caching to 1.2.2 to get the bugfix about relative_path 2020-05-18 15:31:17 +02:00
Sylvain
50dbc78bbf use nodeJS instead of deprecated therubyracer for uglifier > execjs 2020-05-18 13:12:13 +02:00
Sylvain
879bc7b58a upgrade to ruby 2.6 2020-05-18 10:28:30 +02:00
Sylvain
413c93a650
Merge pull request #210 from sleede/dependabot/bundler/actionpack-page_caching-1.2.1
Bump actionpack-page_caching from 1.1.0 to 1.2.1
2020-05-18 09:11:22 +02:00
dependabot[bot]
bc99ac0ebb
Bump actionpack-page_caching from 1.1.0 to 1.2.1
Bumps [actionpack-page_caching](https://github.com/rails/actionpack-page_caching) from 1.1.0 to 1.2.1.
- [Release notes](https://github.com/rails/actionpack-page_caching/releases)
- [Changelog](https://github.com/rails/actionpack-page_caching/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/actionpack-page_caching/compare/v1.1.0...v1.2.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-05-13 16:30:40 +00:00
Sylvain
b18bc2a97e Downgraded faraday from 1.0 to 0.17 for better compatibility with elasticsearch-ruby 5 (#205 #196) 2020-05-13 12:15:29 +02:00
Sylvain
b019af7f83 app:update for 5.2 2020-03-31 11:28:00 +02:00
Sylvain
2f1853295a [ongoing] upgrade to rails 5.2 2020-03-30 16:46:37 +02:00
Sylvain
b052cc9057 updated compass-core to fix deprecations 2020-03-25 12:35:09 +01:00
Sylvain
c25ff0d1ab updated compass 2020-03-25 12:35:08 +01:00
Du Peng
b3313d3e75 update rails to 5.1.7 2020-03-25 12:35:07 +01:00
Du Peng
9ca9425ef4 update to rails 5.0.7.2 2020-03-25 12:35:07 +01:00
Sylvain
8fca92b8ae prevent version check from running multiple times + updated sidekiq 2020-03-04 10:35:00 +01:00
Sylvain
c5923638f4 updated puma to fix xsrf issue 2020-03-02 16:20:20 +01:00
Sylvain
147a78de96 Merge branch 'tour' into dev 2020-03-02 15:39:45 +01:00
Sylvain
ce3e89c49c Merge branch 'dev' of github.com:sleede/fab-manager into dev 2020-03-02 08:42:58 +01:00
Sylvain
cd61826b6a
Merge branch 'dev' into dependabot/bundler/puma-3.12.3 2020-03-02 08:33:42 +01:00
dependabot[bot]
8c47a14115
Bump puma from 3.10.0 to 3.12.3
Bumps [puma](https://github.com/puma/puma) from 3.10.0 to 3.12.3.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.10.0...v3.12.3)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-28 18:53:21 +00:00
Sylvain
a52861ef57 Merge branch 'dev' of github.com:sleede/fab-manager into dev 2020-02-25 09:28:13 +01:00
Sylvain
9a9f08a1f0
Merge branch 'dev' into dependabot/bundler/nokogiri-1.10.8 2020-02-25 09:21:29 +01:00
dependabot[bot]
f2300c114c
Bump nokogiri from 1.10.4 to 1.10.8
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-25 01:57:36 +00:00
Sylvain
95338e267e possible fix for #49 2020-02-19 16:22:02 +01:00
Sylvain
bc2ad42c26 removed twitter gems 2020-01-17 08:46:45 +01:00
Sylvain
20d2a69ae0
Merge pull request #163 from sleede/dependabot/bundler/rack-1.6.12
Bump rack from 1.6.11 to 1.6.12
2019-12-23 08:48:11 +01:00
dependabot[bot]
07d04c2a4c
Bump rack from 1.6.11 to 1.6.12
Bumps [rack](https://github.com/rack/rack) from 1.6.11 to 1.6.12.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/1.6.11...1.6.12)

Signed-off-by: dependabot[bot] <support@github.com>
2019-12-19 08:48:13 +00:00
Sylvain
7d75810e45
Merge pull request #161 from sleede/dependabot/bundler/puma-3.12.2
Bump puma from 3.10.0 to 3.12.2
2019-12-09 08:31:54 +01:00
dependabot[bot]
2602010770
Bump puma from 3.10.0 to 3.12.2
Bumps [puma](https://github.com/puma/puma) from 3.10.0 to 3.12.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.10.0...v3.12.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-12-05 23:00:14 +00:00
Sylvain
eb3c78a61d [poc] show google agenda events in the public calendar 2019-11-26 13:44:43 +01:00
dependabot[bot]
279e5f692b
Bump loofah from 2.3.0 to 2.3.1
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.3.1)

Signed-off-by: dependabot[bot] <support@github.com>
2019-11-07 18:00:54 +00:00
Sylvain
fdcec06345 CVE-2019-16892 + #49
- updated rubyzip to fix a security issue
- updated axlsx and file writing method as a possible fix for #49
2019-10-21 16:11:49 +02:00
Sylvain
4300f29ad7 [bug] unable to run rake fablab🇪🇸* tasks due to an issue with gem faraday 0.16.x
Gem faraday was updated to 0.17 to solve the issue
2019-10-16 13:11:47 +02:00
Sylvain
5fcf9968cb Updated Omniauth & Omniauth-oauth2 + fixed oauth2 callback url 2019-10-02 16:06:27 +02:00
Sylvain
927479733b migrated links to /users/auth from GET to POST
see https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 for more info
2019-10-02 14:37:47 +02:00
Sylvain
35b069a4db added gem omniauth-rails_csrf_protection + [ongoing] moving from GET /users/auth/... to POST 2019-10-01 17:14:16 +02:00
David O' Rojo
b45960e343 Move puma gem out of development so it can be installed during image build 2019-09-23 02:23:42 -05:00
Nicolas Florentin
e179955169 updates libv8 2019-09-20 15:00:54 +02:00
Sylvain
c7fbc4d01d Merge branch 'sca' of github.com:sleede/fab-manager into sca 2019-09-12 09:55:34 +02:00
Sylvain
f620393266
Merge branch 'sca' into dependabot/bundler/devise-4.7.1 2019-09-12 09:50:14 +02:00
dependabot[bot]
9e6a69afcd
Bump devise from 4.6.1 to 4.7.1
Bumps [devise](https://github.com/plataformatec/devise) from 4.6.1 to 4.7.1.
- [Release notes](https://github.com/plataformatec/devise/releases)
- [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/devise/compare/v4.6.1...v4.7.1)

Signed-off-by: dependabot[bot] <support@github.com>
2019-09-12 00:46:28 +00:00
Sylvain
2ad188b741 [security] updated nokogiri to fix CVE-2019-5477 2019-09-11 17:35:17 +02:00
Sylvain
a0961314a4 [ongoing] upgrade stripe gem & api version to allow SCA 2019-09-05 11:03:22 +02:00
Sylvain
1be7bda603 [security] updated sidekiq to fix 3 security vulnerabilities 2019-07-29 11:34:59 +02:00
dependabot[bot]
210e7ac3c1
Bump mini_magick from 4.2.0 to 4.9.4
Bumps [mini_magick](https://github.com/minimagick/minimagick) from 4.2.0 to 4.9.4.
- [Release notes](https://github.com/minimagick/minimagick/releases)
- [Commits](https://github.com/minimagick/minimagick/compare/v4.2.0...v4.9.4)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-18 14:44:34 +00:00
Sylvain
528f5b9a00 fix docker build 2019-03-27 12:01:42 +01:00
Sylvain
2ac0336adb Merge branch 'dev' into host 2019-03-25 16:17:23 +01:00
Sylvain
5cdaa014ef [security] updated devise + updated rails 2019-03-25 14:57:48 +01:00
Sylvain
fd55c8d315 use SHA-3 (256 bits) to compute checksums + simplify accounting period integrity check UI 2019-03-21 17:15:41 +01:00
Sylvain
9854a4b965 prevent memory saturation with periodic checks 2019-02-26 15:18:19 +01:00
Sylvain
a687c50338 [security] CVE-2019-8331 2019-02-25 10:07:49 +01:00
Sylvain
746c0538e6 [bug] unable to run rails console 2019-01-22 11:24:00 +01:00
Sylvain
a2eb10331e [ongoing] remove invoicing disabled per user 2019-01-10 16:50:54 +01:00
Sylvain
96a27f8b98 [security] CVE-2018-16476: updated rails to 4.2.11 2018-12-17 11:10:39 +01:00
Sylvain
8e60545753 extend subscription and offer free days will keep track of previous subscription 2018-12-10 13:24:00 +01:00
Sylvain
56a62e975c updated uglifier with es6 support 2018-12-03 10:22:10 +01:00
Sylvain
def19b392b [security] updated ffi to fix CVE-2018-1000201 2018-11-27 17:25:32 +01:00
Sylvain
a9b97c386e [security] updated rubyzip to fix CVE-2018-1000544 2018-11-27 17:20:22 +01:00
Sylvain
2efd7644d2 [security] cve-2018-16468 and cve-2018-16471 2018-11-26 11:12:54 +01:00
Sylvain
efb1f9aec8 removed coffeescript dependency 2018-11-21 15:48:51 +01:00
Sylvain
4499c10e24 [security] fix for CVE-2018-3760 2018-07-12 14:34:20 +02:00
Sylvain
38e425cbc3 [security] fix for CVE-2017-18258 2018-07-12 14:26:21 +02:00
Sylvain
d69007c6c9 [ongoing] migrate es api 2018-06-05 12:30:08 +02:00
Sylvain
3e4e5e3e9b [security] fix for CVE-2018-3741 2018-04-30 07:57:21 +02:00
Sylvain
d606130bc3 [security] CVE-2018-8048 2018-03-27 10:17:41 +02:00
Sylvain
59152c3485 updated omniauth (omniauth#872) 2018-03-26 17:03:57 +02:00
Nicolas Florentin
8ebea1b3c9 updates twitter gem in order to get rid of security warning from gem "http" 2018-03-15 14:52:24 +01:00
Nicolas Florentin
d21564c046 updates rack-protection 2018-03-08 12:00:17 +01:00
Nicolas Florentin
ceca5e4564 updates omniauth, security issue 2018-03-07 16:01:02 +01:00
Sylvain
6539c60a14 [security] fix for CVE-2015-3224 2017-12-13 15:28:57 +01:00
Sylvain
c5b3de9a76 upgrade rails minor version 2017-11-13 12:25:28 +01:00
Sylvain
9f235d5c3b ArchLinux compatibility 2017-08-24 16:08:42 +02:00
Sylvain
295dc3749b [bug] filename too long on events&prices API + updated axlsx 2017-08-16 12:05:04 +02:00
Sylvain
7ff46db808 [bug] confirmation message after admin creation 2017-06-13 19:26:32 +02:00
cyril
511bd320f5 upgrade rdoc to 4.3.0 2017-06-08 21:56:46 +02:00
Sylvain
daefe626db replace letter_opener by MailCatcher 2017-03-02 10:29:17 +01:00
Sylvain
4c68f815e7 added coveralls 2016-12-01 13:08:41 +01:00
Sylvain
cf1c868546 test suite is now testing pdf files content 2016-12-01 11:37:09 +01:00
Peng DU
acd6bdad34 update gem coffee-rails 2016-09-28 11:11:13 +02:00
Sylvain
4dcab27af2 API generate valid xlsx files 2016-07-05 16:13:11 +02:00
Sylvain
875e513f1c Merge remote-tracking branch 'origin/open-api' into dev 2016-06-27 16:31:50 +02:00
Peng DU
8b699153cc update jbuilder and add cache in progress 2016-06-20 19:41:05 +02:00
Sylvain
7ec5e5ba03 [feature] allow user to add links to his socials networks 2016-05-16 11:18:30 +02:00
Nicolas Florentin
e349adf252 adds open_api's documentation 2016-05-05 15:02:02 +02:00