Skip to content

Commit

Permalink
Routine Security Updates (#981)
Browse files Browse the repository at this point in the history
  • Loading branch information
@RickCarlino
RickCarlino authored Mar 15, 2019
1 parent 8281538 commit ed85fd9
Show file tree
Hide file tree
Showing 7 changed files with 184 additions and 179 deletions.
11 changes: 8 additions & 3 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ ruby "2.6.1"
gem "rails"
gem "bundler"

gem "mongoid"
# We can't upgrade to Mongoid 7 unless someone has
# time to manually QA the failed view specs that
# it causes. -RC 15 MAR 19
gem "mongoid", "~> 6"
gem "delayed_job_mongoid" # <= Problematic dep upgrade
gem "delayed_job_shallow_mongoid"
gem "kaminari-mongoid"
Expand All @@ -20,7 +23,9 @@ gem "aws-sdk-s3"
gem "bson_ext"

gem "searchkick"
gem "gibbon"
# This gem requires a manual upgrade.
# Help appreciated -RC 15 MAR 19
gem "gibbon", "~> 1"
gem "jsonapi-serializers"
gem "devise"
gem "eventmachine"
Expand Down Expand Up @@ -59,7 +64,7 @@ end
gem "font-awesome-sass"

# WARNING: Upgrading to foundation v6 is _not_ a trivial task.
gem 'foundation-rails', '5.5.2.1'
gem "foundation-rails", "5.5.2.1"
gem "sprockets"
gem "sprockets-es6"

Expand Down
149 changes: 76 additions & 73 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,25 @@ GEM
specs:
acme-client (0.4.1)
faraday (~> 0.9, >= 0.9.1)
actioncable (5.2.2)
actionpack (= 5.2.2)
actioncable (5.2.2.1)
actionpack (= 5.2.2.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.2)
actionpack (= 5.2.2)
actionview (= 5.2.2)
activejob (= 5.2.2)
actionmailer (5.2.2.1)
actionpack (= 5.2.2.1)
actionview (= 5.2.2.1)
activejob (= 5.2.2.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.2)
actionview (= 5.2.2)
activesupport (= 5.2.2)
actionpack (5.2.2.1)
actionview (= 5.2.2.1)
activesupport (= 5.2.2.1)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.2)
activesupport (= 5.2.2)
actionview (5.2.2.1)
activesupport (= 5.2.2.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
Expand All @@ -32,20 +32,20 @@ GEM
activemodel (>= 4.1, < 6)
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
activejob (5.2.2)
activesupport (= 5.2.2)
activejob (5.2.2.1)
activesupport (= 5.2.2.1)
globalid (>= 0.3.6)
activemodel (5.2.2)
activesupport (= 5.2.2)
activerecord (5.2.2)
activemodel (= 5.2.2)
activesupport (= 5.2.2)
activemodel (5.2.2.1)
activesupport (= 5.2.2.1)
activerecord (5.2.2.1)
activemodel (= 5.2.2.1)
activesupport (= 5.2.2.1)
arel (>= 9.0)
activestorage (5.2.2)
actionpack (= 5.2.2)
activerecord (= 5.2.2)
activestorage (5.2.2.1)
actionpack (= 5.2.2.1)
activerecord (= 5.2.2.1)
marcel (~> 0.3.1)
activesupport (5.2.2)
activesupport (5.2.2.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
Expand All @@ -58,27 +58,29 @@ GEM
capybara (~> 3.12, < 4)
websocket-driver (>= 0.6.5)
arel (9.0.0)
aws-eventstream (1.0.1)
aws-partitions (1.141.0)
aws-sdk-core (3.46.2)
aws-eventstream (~> 1.0)
aws-eventstream (1.0.2)
aws-partitions (1.144.0)
aws-sdk-core (3.47.0)
aws-eventstream (~> 1.0, >= 1.0.2)
aws-partitions (~> 1.0)
aws-sigv4 (~> 1.0)
aws-sigv4 (~> 1.1)
http-2 (~> 0.10)
jmespath (~> 1.0)
aws-sdk-kms (1.13.0)
aws-sdk-core (~> 3, >= 3.39.0)
aws-sigv4 (~> 1.0)
aws-sdk-kms (1.14.0)
aws-sdk-core (~> 3, >= 3.47.0)
aws-sigv4 (~> 1.1)
aws-sdk-rails (2.1.0)
aws-sdk-ses (~> 1)
railties (>= 3)
aws-sdk-s3 (1.30.1)
aws-sdk-core (~> 3, >= 3.39.0)
aws-sdk-s3 (1.32.0)
aws-sdk-core (~> 3, >= 3.47.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.0)
aws-sdk-ses (1.14.0)
aws-sdk-core (~> 3, >= 3.39.0)
aws-sigv4 (~> 1.0)
aws-sigv4 (1.0.3)
aws-sdk-ses (1.15.0)
aws-sdk-core (~> 3, >= 3.47.0)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
babel-source (5.8.35)
babel-transpiler (0.7.0)
babel-source (>= 4.0, < 6)
Expand Down Expand Up @@ -128,7 +130,7 @@ GEM
compass (~> 1.0.0)
sass-rails (< 5.1)
sprockets (< 4.0)
concurrent-ruby (1.1.4)
concurrent-ruby (1.1.5)
coveralls (0.8.22)
json (>= 1.8, < 3)
simplecov (~> 0.16.1)
Expand All @@ -138,21 +140,21 @@ GEM
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.4)
daemons (1.2.6)
daemons (1.3.1)
database_cleaner (1.7.0)
debug_inspector (0.0.3)
delayed_job (4.1.5)
activesupport (>= 3.0, < 5.3)
delayed_job_mongoid (2.3.0)
delayed_job_mongoid (2.3.1)
delayed_job (>= 3.0, < 5)
mongoid (>= 3.0, < 7)
mongoid (>= 3.0, < 8)
mongoid-compatibility (>= 0.4.0)
delayed_job_shallow_mongoid (1.2.0)
activesupport (>= 3.2)
delayed_job (>= 3.0)
delayed_job_mongoid (>= 2.0)
mongoid (>= 3.0)
devise (4.5.0)
devise (4.6.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0, < 6.0)
Expand All @@ -161,12 +163,12 @@ GEM
diff-lcs (1.3)
docile (1.3.1)
easy_diff (1.0.0)
elasticsearch (6.1.0)
elasticsearch-api (= 6.1.0)
elasticsearch-transport (= 6.1.0)
elasticsearch-api (6.1.0)
elasticsearch (6.2.0)
elasticsearch-api (= 6.2.0)
elasticsearch-transport (= 6.2.0)
elasticsearch-api (6.2.0)
multi_json
elasticsearch-transport (6.1.0)
elasticsearch-transport (6.2.0)
faraday
multi_json
erubi (1.8.0)
Expand All @@ -184,12 +186,12 @@ GEM
railties (>= 4.2.0)
faker (1.9.3)
i18n (>= 0.7)
faraday (0.15.3)
faraday (0.15.4)
multipart-post (>= 1.2, < 3)
ffi (1.9.25)
ffi (1.10.0)
font-awesome-rails (4.7.0.4)
railties (>= 3.2, < 6.0)
font-awesome-sass (5.5.0.1)
font-awesome-sass (5.6.1)
sassc (>= 1.11)
foundation-rails (5.5.2.1)
railties (>= 3.1.0)
Expand All @@ -210,10 +212,11 @@ GEM
moneta
multi_json (>= 1.9.2)
high_voltage (3.1.0)
http-2 (0.10.1)
httparty (0.16.4)
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
i18n (1.5.3)
i18n (1.6.0)
concurrent-ruby (~> 1.0)
impressionist (1.6.1)
nokogiri (~> 1)
Expand Down Expand Up @@ -294,7 +297,7 @@ GEM
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
mutations (0.8.3)
mutations (0.9.0)
activesupport
nested_form (0.3.2)
ng-rails-csrf (0.1.0)
Expand Down Expand Up @@ -332,18 +335,18 @@ GEM
rack-test (1.1.0)
rack (>= 1.0, < 3)
rack-timeout (0.5.1)
rails (5.2.2)
actioncable (= 5.2.2)
actionmailer (= 5.2.2)
actionpack (= 5.2.2)
actionview (= 5.2.2)
activejob (= 5.2.2)
activemodel (= 5.2.2)
activerecord (= 5.2.2)
activestorage (= 5.2.2)
activesupport (= 5.2.2)
rails (5.2.2.1)
actioncable (= 5.2.2.1)
actionmailer (= 5.2.2.1)
actionpack (= 5.2.2.1)
actionview (= 5.2.2.1)
activejob (= 5.2.2.1)
activemodel (= 5.2.2.1)
activerecord (= 5.2.2.1)
activestorage (= 5.2.2.1)
activesupport (= 5.2.2.1)
bundler (>= 1.3.0)
railties (= 5.2.2)
railties (= 5.2.2.1)
sprockets-rails (>= 2.0.0)
rails-assets-angular (1.5.8)
rails-assets-angular-dragdrop (1.0.13)
Expand Down Expand Up @@ -399,9 +402,9 @@ GEM
sass-rails (>= 4.0, < 6)
rails_serve_static_assets (0.0.5)
rails_stdout_logging (0.0.5)
railties (5.2.2)
actionpack (= 5.2.2)
activesupport (= 5.2.2)
railties (5.2.2.1)
actionpack (= 5.2.2.1)
activesupport (= 5.2.2.1)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
Expand All @@ -411,9 +414,9 @@ GEM
ffi (~> 1.0)
regexp_parser (1.3.0)
remotipart (1.4.2)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
rollbar (2.19.2)
multi_json
rspec-core (3.8.0)
Expand Down Expand Up @@ -441,8 +444,8 @@ GEM
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
sassc (2.0.0)
ffi (~> 1.9.6)
sassc (2.0.1)
ffi (~> 1.9)
rake
searchkick (3.1.2)
activemodel (>= 4.2)
Expand All @@ -467,7 +470,7 @@ GEM
activesupport (>= 4.0)
sprockets (>= 3.0.0)
stringex (2.8.5)
temple (0.8.0)
temple (0.8.1)
term-ansicolor (1.7.1)
tins (~> 1.0)
terrapin (0.6.0)
Expand Down Expand Up @@ -527,7 +530,7 @@ DEPENDENCIES
faker
font-awesome-sass
foundation-rails (= 5.5.2.1)
gibbon
gibbon (~> 1)
high_voltage
impressionist
jquery-rails
Expand All @@ -537,7 +540,7 @@ DEPENDENCIES
letsencrypt-rails-heroku
letter_opener
merit
mongoid
mongoid (~> 6)
mongoid-history
mongoid-paperclip
mongoid-slug
Expand Down
32 changes: 16 additions & 16 deletions spec/mutations/crops/update_crop_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
require 'spec_helper'
require 'openfarm_errors'
require "spec_helper"
require "openfarm_errors"

describe Crops::UpdateCrop do
let(:mutation) { Crops::UpdateCrop }
Expand All @@ -11,45 +11,45 @@
let(:params) do
{ user: user,
id: "#{crop.id}",
attributes: { binomial_name: 'updated',
description: 'A random description' } }
attributes: { binomial_name: "updated",
description: "A random description" } }
end

it 'requires fields' do
it "requires fields" do
errors = mutation.run({}).errors.message_list
expect(errors).to include('Attributes is required')
expect(errors).to include('Id is required')
expect(errors).to include("Attributes is required")
expect(errors).to include("ID is required")
end

it 'updates valid crops' do
it "updates valid crops" do
result = mutation.run(params).result
expect(result).to be_a(Crop)
expect(result.valid?).to be(true)
end

it 'updates a crop taxon' do
params[:attributes][:taxon] = 'Genus'
it "updates a crop taxon" do
params[:attributes][:taxon] = "Genus"
result = mutation.run(params).result
expect(result).to be_a(Crop)
expect(result.valid?).to be(true)
expect(result.taxon).to eq('Genus')
expect(result.taxon).to eq("Genus")
end

it 'updates crop companions' do
it "updates crop companions" do
params[:attributes][:companions] = [companion_crop].map(&:id)
result = mutation.run(params).result
expect(result).to be_a(Crop)
expect(result.valid?).to be(true)
expect(result.companions.first).to eq(companion_crop)
end

it 'disallows phony URLs' do
it "disallows phony URLs" do
image_hash = {
image_url: 'iWroteThisWrong.net/2haLt4J.jpg'
image_url: "iWroteThisWrong.net/2haLt4J.jpg",
}
image_params = params.merge(images: [ image_hash ])
image_params = params.merge(images: [image_hash])
results = mutation.run(image_params)
expect(results.success?).to be_falsey
expect(results.errors.message[:images]).to include('not a valid URL')
expect(results.errors.message[:images]).to include("not a valid URL")
end
end
Loading

0 comments on commit ed85fd9

Please sign in to comment.