Commit Graph

862 Commits (541aea17217bb5c8d59a58f602fd4e886199ab26)

Author SHA1 Message Date
Matt Jankowski afc366e8dc Update `attr_encrypted` & `devise-two-factor` gems (#24626) 2023-04-24 19:08:21 +02:00
Matt Jankowski ce515b40b2 Gem version bumps (#24131) 2023-04-24 19:07:45 +02:00
dependabot[bot] 6cf564a7c6 Bump faker from 3.1.1 to 3.2.0 (#24579)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 10:39:46 +02:00
dependabot[bot] b7937d49dc Bump chewy from 7.2.7 to 7.3.0 (#24507)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 13:47:38 +02:00
dependabot[bot] b03ef74b20 Bump net-ldap from 0.17.1 to 0.18.0 (#24484)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 12:53:13 +02:00
dependabot[bot] 210b55a718 Bump puma from 6.1.1 to 6.2.1 (#24402)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:57:21 +02:00
dependabot[bot] 3f998a2f4d Bump capybara from 3.38.0 to 3.39.0 (#24395)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:29:14 +02:00
dependabot[bot] e4ad1fb231 Bump aws-sdk-s3 from 1.119.2 to 1.120.0 (#24401)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-05 13:26:33 +02:00
dependabot[bot] c728972888 Bump tzinfo-data from 1.2022.7 to 1.2023.2 (#24300)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-29 10:32:51 +02:00
Matt Jankowski 48befe5dbd Update strong_migrations to version 0.8.0 (#24270) 2023-03-27 09:11:10 +02:00
dependabot[bot] a600670940 Bump rack-cors from 1.1.1 to 2.0.1 (#24189)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-21 10:42:34 +09:00
Nick Schonning 8d05167e5f Include config/ and update all rubcop deps (#23963) 2023-03-17 10:13:28 +01:00
Eugen Rochko 4ea5355857 Remove `bullet` and `active_record_query_trace` gems (#24121) 2023-03-16 02:53:55 +01:00
dependabot[bot] 69c0672fc4 Bump rack-test from 2.0.2 to 2.1.0 (#24112)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 10:33:26 +09:00
Nick Schonning 30328759da Setup haml-lint CI with todo config (#23524) 2023-03-15 04:15:36 +01:00
Matt Jankowski 76950ce2bc Explicitly set github repo in instance presenter spec (#24036) 2023-03-09 14:27:48 +01:00
dependabot[bot] e0ab946c12 Bump omniauth_openid_connect from 0.6.0 to 0.6.1 (#23991)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-08 11:44:23 +01:00
Nick Schonning 88aa9e012d Convert CircleCI to GitHub Actions (#23608) 2023-03-07 04:49:43 +01:00
Nick Schonning 1f82971d12 Remove pinned rexml (#23964) 2023-03-06 15:43:21 +01:00
Nick Schonning 5f8438c42c Remove pry gems (#23884) 2023-03-03 22:53:08 +01:00
Nick Schonning 03e192ae38 Remove climate_control gem (#23886) 2023-03-03 22:48:48 +01:00
Matt Jankowski 0d409f9fd7 Update rspec-rails to version 6.0.1 (#23908) 2023-03-02 15:55:37 +01:00
Shlee 8ed5fc7252 [Dependashlee] Update to Puma 6.1.0 (#23795) 2023-02-28 13:30:28 +01:00
dependabot[bot] 185e7aa9ea Bump devise from 4.8.1 to 4.9.0 (#23691)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-21 10:41:28 +01:00
dependabot[bot] b8dc16c819 Bump oj from 3.13.23 to 3.14.2 (#23560)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-18 14:21:10 +09:00
dependabot[bot] b683ba772e Bump webauthn from 2.5.2 to 3.0.0 (#23659)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 10:06:24 +01:00
Aaron Patterson edc6f486bf Upgrade to Ruby 3.2 (#22928)
Co-authored-by: Matthew Ford <matt@bitzesty.com>
2023-02-15 08:30:27 +01:00
Stan Hu 7ab1306c20 Switch OpenID Connect gems (#23223)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 15:47:50 +01:00
Claire 9a70c0de00 Add dependency on net-http (#23571) 2023-02-13 14:36:07 +01:00
dependabot[bot] d9fdce121c Bump sidekiq-scheduler from 4.0.3 to 5.0.0 (#23212)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-02-13 13:31:42 +01:00
Nick Schonning acf0bbcab8 Replace hamlit-rails with haml-rails (#23542) 2023-02-13 04:59:30 +01:00
dependabot[bot] be3006e888 Bump bootsnap from 1.15.0 to 1.16.0 (#23340)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-04 15:55:07 +09:00
dependabot[bot] bc290e9a2a Bump redcarpet from 3.5.1 to 3.6.0 (#23339)
Bumps [redcarpet](https://github.com/vmg/redcarpet) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/vmg/redcarpet/releases)
- [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vmg/redcarpet/compare/v3.5.1...v3.6.0)

---
updated-dependencies:
- dependency-name: redcarpet
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:19:30 +01:00
dependabot[bot] 8eec28e802 Bump aws-sdk-s3 from 1.118.0 to 1.119.0 (#23341)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.118.0 to 1.119.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:16:38 +01:00
dependabot[bot] 2b107ab81f Bump simple_form from 5.1.0 to 5.2.0 (#23328)
Bumps [simple_form](https://github.com/heartcombo/simple_form) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/heartcombo/simple_form/releases)
- [Changelog](https://github.com/heartcombo/simple_form/blob/main/CHANGELOG.md)
- [Commits](https://github.com/heartcombo/simple_form/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: simple_form
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 11:07:16 +01:00
dependabot[bot] 0758811df2 Bump gitlab-omniauth-openid-connect from 0.10.0 to 0.10.1 (#23241)
Bumps [gitlab-omniauth-openid-connect](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect) from 0.10.0 to 0.10.1.
- [Release notes](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/tags)
- [Commits](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/compare/v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: gitlab-omniauth-openid-connect
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-31 00:46:27 +09:00
dependabot[bot] 6b0624261b Bump aws-sdk-s3 from 1.117.2 to 1.118.0 (#23202)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.117.2 to 1.118.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-30 10:57:59 +09:00
Kaspar V 930de8db1f fix(pghero): update because CVE-2023-22626 (#23190)
There is a vulnerability
[CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5)

```
Name: pghero
Version: 2.8.3
CVE: CVE-2023-22626
GHSA: GHSA-vf99-xw26-86g5
Criticality: High
URL: https://github.com/ankane/pghero/issues/439
Title: Information Disclosure Through EXPLAIN Feature
Solution: upgrade to '>= 3.1.0'
```
2023-01-22 23:09:02 +01:00
dependabot[bot] 17cc4e39e6 Bump rack from 2.2.5 to 2.2.6.2 (#23142)
Bumps [rack](https://github.com/rack/rack) from 2.2.5 to 2.2.6.2.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.5...v2.2.6.2)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 11:31:39 +01:00
dependabot[bot] 170a2a28be Bump nokogiri from 1.13.10 to 1.14.0 (#23128)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 10:54:19 +01:00
Aaron Patterson eb135d1c58 Remove microformats gem dependency (#22923)
Looks like this gem was introduced as a dependency in 90aa720d2e for
testing Miroformat output.  The last test using the Microformats gem was
removed in 8ad51fba6c, so I think it is
safe to remove this dependency.

For context, you [can't install the microformats gem with Ruby 3.2](https://github.com/microformats/microformats-ruby/pull/131),
so we can't currently bundle Mastodon with Ruby 3.2.  But since we don't
really need this gem, we can just remove it and unblock Ruby 3.2
2023-01-04 01:45:16 +01:00
dependabot[bot] 640210c251 Bump redis-namespace from 1.9.0 to 1.10.0 (#22765)
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:52:15 +09:00
dependabot[bot] b018009726 Bump rack from 2.2.4 to 2.2.5 (#22777)
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/2.2.4...v2.2.5)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:51:39 +09:00
dependabot[bot] 1d9fa295f5 Bump simplecov from 0.21.2 to 0.22.0 (#22773)
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.2 to 0.22.0.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.2...v0.22.0)

---
updated-dependencies:
- dependency-name: simplecov
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:37:19 +09:00
dependabot[bot] 572ae35d31 Bump faker from 3.0.0 to 3.1.0 (#22762)
Bumps [faker](https://github.com/faker-ruby/faker) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 09:35:54 +09:00
dependabot[bot] ab1b4adedf Bump scenic from 1.6.0 to 1.7.0 (#22258)
Bumps [scenic](https://github.com/scenic-views/scenic) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/scenic-views/scenic/releases)
- [Changelog](https://github.com/scenic-views/scenic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/scenic-views/scenic/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: scenic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:10:09 +09:00
dependabot[bot] 20253b71f3 Bump pundit from 2.2.0 to 2.3.0 (#22516)
Bumps [pundit](https://github.com/varvet/pundit) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/varvet/pundit/releases)
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/commits)

---
updated-dependencies:
- dependency-name: pundit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:53 +09:00
dependabot[bot] 3f8f8982ce Bump fog-core from 2.1.0 to 2.3.0 (#22521)
Bumps [fog-core](https://github.com/fog/fog-core) from 2.1.0 to 2.3.0.
- [Release notes](https://github.com/fog/fog-core/releases)
- [Changelog](https://github.com/fog/fog-core/blob/master/changelog.md)
- [Commits](https://github.com/fog/fog-core/compare/v2.1.0...v2.3.0)

---
updated-dependencies:
- dependency-name: fog-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 19:08:22 +09:00
Kaspar V d0fb555876 linting: RuboCop update, config fixes (#20574)
* fix(rubocop): update gems and add performance and rspec

fix(rubocop): update gems and add performance and rspec

- update present rubocop gems
- add rubocop-rspec and rubocop-performance gems
- move rubocop gems to gem group :development, :test in order to
  make linting in a github action that runs with RAILS_ENV=test possible

* feat(rubocop): disable some annoyance RSpec cops

To mee these prooved to be more annoying than helpful.
If not agreed, they can be enabled any time.

* fix(rubocop): do not ignore spec/**/*

Because rubocop-rspec should lint the specs as well, and they
deserve to be readable in general. It is relevant code, after all.

* fix(rubocop): change ignore db/**/* to db/schema.rb

because rails cops do some lints for migrations.
E.g. reversable migrations linting and more.

* fix(rubocop): tune rules configs

Bunch of commits squashed:

fix(rubocop): enable Layout/LineLength cop

Because this project has code with line lenghts > 500 chars.
This is not good practice at all, so I strongly suggest to
change the practice in the future.

But allow heredoc, URI and comments to still be long lines
and make the default Max: 120 explicit, by repeating it in the
config. To me this max length seems reasonable. Perhaps
a bit more could be ok for some. But > 500 chars in one line
Seems to be way too long IMHO.

fix(rubocop): Metrics/CyclomaticComplexity Max to 12

The default is 7, perhaps quite strict. But 25 is too loose,
the rule becomes pointless like that.

fix(rubocop): AllCops ruby version, cacheing and more info

- fix the target ruby version from 2.5 to 3.0
- have the cop error messages to be more informative and helpful
- enable cacheing in /tmp

fix(rubocop): Metrics/AbcSize to 34 from 115

Rubocops default is 17. If the rule is at 115 is becomes
pointless.

fix(rubocop): Metrics/BlockLength improvements

- instead of ignoring tasks completely, ignore only the
  long blocks that are specific to tasks (task, namespace)
- ignore also concern specific block methods (included, class_methods)

fix(rubocop): Metrics/ClassLength count heredoc array as one line

fix(rubocop): Metrics/MethodLength Max to 25

- the default is 10, but 65 is too loose, so perhaps 25?

fix(rubocop): Metrics/ModuleLength array and heredoc count as one

fix(rubocop): Metrics/PerceivedComplexity to 16 from 25

Rubocops default is 8, so how about only doubling that, instead
of > than tripple it?

fix(rubocop): enable Style/RedundantAssignment

Because I think that this rule would never really hurt,
but improve code quality and readability.

fix(rubocop): enable Style/RescueStandardError

I think everyone that ever had to debug what this can bring
will hopefully agree that this rule totally makes sense.
In the super rare exeptions where this is totally needed,
it can be excluded by disabling comment in that place.

fix(rubocop): Metrics/ParameterLists add explicit defaults and some excludes
2022-12-15 16:39:59 +01:00
Meisam ad2610c413 Validate nodeinfo response by schema (#21395)
* add json-schema to :test in Gemfile

* Create node_info_2.0_schema.json

* test match_response_schema

* Create match_response_schema.rb

* Update nodeinfo_controller_spec.rb

* Rename spec/support/node_info_2.0_schema.json to spec/support/schema/node_info_2.0_schema.json

* Update match_response_schema.rb

* cleanup

* additionally validate the json schema itself

disable throwing errors

test the schema matcher

* rename nodeinfo schema to nodeinfo_2.0

* use Rails.root.join to construct the path

* prettify json

* sync Gemfile.lock
2022-12-15 15:43:05 +01:00