c456e31d26
SECURITY: Bump Rails to 6.1.3.2 ( #12963 )
...
Includes fixes for
- CVE-2021-22902
- CVE-2021-22903
- CVE-2021-22904
- CVE-2021-22885
https://github.com/rails/rails/blob/v6.1.3.2/actionpack/CHANGELOG.md
2021-05-06 12:41:45 +01:00
b5a70bbb25
Build(deps): Bump rubocop from 1.13.0 to 1.14.0
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.13.0...v1.14.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-06 14:29:58 +08:00
9d3aee115d
Build(deps): Bump bootsnap from 1.7.4 to 1.7.5 ( #12944 )
...
Bumps [bootsnap](https://github.com/Shopify/bootsnap ) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/Shopify/bootsnap/releases )
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.4...v1.7.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-05 00:45:01 +02:00
14ed6e1657
Build(deps): Bump simplecov_json_formatter from 0.1.2 to 0.1.3 ( #12934 )
...
Bumps [simplecov_json_formatter](https://github.com/fede-moya/simplecov_json_formatter ) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/fede-moya/simplecov_json_formatter/releases )
- [Changelog](https://github.com/codeclimate-community/simplecov_json_formatter/blob/master/CHANGELOG.md )
- [Commits](https://github.com/fede-moya/simplecov_json_formatter/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-04 13:13:50 +10:00
5cba86f321
Build(deps): Bump stackprof from 0.2.16 to 0.2.17 ( #12935 )
...
Bumps [stackprof](https://github.com/tmm1/stackprof ) from 0.2.16 to 0.2.17.
- [Release notes](https://github.com/tmm1/stackprof/releases )
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md )
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.16...v0.2.17 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-04 13:01:53 +10:00
6e09c8fc78
Build(deps-dev): Bump discourse_dev from 0.1.0 to 0.2.0 ( #12844 )
...
Bumps [discourse_dev](https://github.com/discourse/discourse_dev ) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/discourse/discourse_dev/releases )
- [Commits](https://github.com/discourse/discourse_dev/compare/v0.1.0...v0.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 16:38:05 +02:00
f1e74c89a1
Build(deps-dev): Bump mock_redis from 0.27.3 to 0.28.0 ( #12923 )
2021-05-03 01:20:51 +02:00
72f07a88f1
Build(deps): Bump rubocop-ast from 1.4.1 to 1.5.0 ( #12924 )
2021-05-03 01:20:06 +02:00
f5a667bcc5
Build(deps-dev): Bump test-prof from 1.0.2 to 1.0.3 ( #12925 )
2021-05-03 01:19:24 +02:00
b17f27ebb1
Build(deps): Bump parser from 3.0.1.0 to 3.0.1.1 ( #12926 )
2021-05-03 01:18:53 +02:00
3bcce65c8b
Build(deps): Bump rack-mini-profiler from 2.3.1 to 2.3.2 ( #12911 )
...
Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases )
- [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md )
- [Commits](https://github.com/MiniProfiler/rack-mini-profiler/compare/v2.3.1...v2.3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-30 11:26:29 +01:00
15eabb1d97
Build(deps): Bump message_bus from 3.3.4 to 3.3.5 ( #12883 )
...
Bumps [message_bus](https://github.com/SamSaffron/message_bus ) from 3.3.4 to 3.3.5.
- [Release notes](https://github.com/SamSaffron/message_bus/releases )
- [Changelog](https://github.com/discourse/message_bus/blob/master/CHANGELOG )
- [Commits](https://github.com/SamSaffron/message_bus/compare/v3.3.4...v3.3.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-29 10:55:23 -04:00
0127df61c1
Build(deps): Bump rubocop-rspec from 2.2.0 to 2.3.0 ( #12884 )
...
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases )
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.2.0...v2.3.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-29 02:03:02 +02:00
3011ab3631
Build(deps): Bump excon from 0.80.1 to 0.81.0 ( #12885 )
...
Bumps [excon](https://github.com/excon/excon ) from 0.80.1 to 0.81.0.
- [Release notes](https://github.com/excon/excon/releases )
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt )
- [Commits](https://github.com/excon/excon/compare/v0.80.1...v0.81.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-29 02:01:32 +02:00
9e85f0f958
Build(deps): Bump mini_portile2 from 2.5.0 to 2.5.1 ( #12886 )
...
Bumps [mini_portile2](https://github.com/flavorjones/mini_portile ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/flavorjones/mini_portile/releases )
- [Changelog](https://github.com/flavorjones/mini_portile/blob/main/CHANGELOG.md )
- [Commits](https://github.com/flavorjones/mini_portile/compare/v2.5.0...v2.5.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-29 02:00:54 +02:00
4d21cb4efa
DEV: Update libv8-node ( #12869 )
2021-04-28 16:13:09 +02:00
24ad0b72a0
Build(deps): Bump bootsnap from 1.7.3 to 1.7.4 ( #12793 )
...
Bumps [bootsnap](https://github.com/Shopify/bootsnap ) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/Shopify/bootsnap/releases )
- [Changelog](https://github.com/Shopify/bootsnap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.7.3...v1.7.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-22 11:11:12 +02:00
45ccadeeeb
DEV: Upgrade Rails to 6.1.3.1 ( #12688 )
...
Rails 6.1.3.1 deprecates a few API and has some internal changes that break our tests suite, so this commit fixes all the deprecations and errors and now Discourse should be fully compatible with Rails 6.1.3.1. We also have a new release of the rails_failover gem that's compatible with Rails 6.1.3.1.
2021-04-21 12:36:32 +03:00
838fa12f14
Build(deps): Bump rubocop from 1.12.1 to 1.13.0 ( #12776 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.12.1 to 1.13.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.12.1...v1.13.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-21 10:06:47 +02:00
49d817e938
Build(deps): Bump jwt from 2.2.2 to 2.2.3 ( #12775 )
...
Bumps [jwt](https://github.com/jwt/ruby-jwt ) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/jwt/ruby-jwt/releases )
- [Changelog](https://github.com/jwt/ruby-jwt/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.2.2...v2.2.3 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-21 09:56:32 +02:00
a935b2079b
Build(deps): Bump faraday from 1.3.0 to 1.4.1 ( #12748 )
...
Bumps [faraday](https://github.com/lostisland/faraday ) from 1.3.0 to 1.4.1.
- [Release notes](https://github.com/lostisland/faraday/releases )
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lostisland/faraday/compare/v1.3.0...v1.4.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-19 10:13:56 +02:00
eb7145d5a4
Build(deps): Bump oj from 3.11.3 to 3.11.5 ( #12732 )
...
Bumps [oj](https://github.com/ohler55/oj ) from 3.11.3 to 3.11.5.
- [Release notes](https://github.com/ohler55/oj/releases )
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/ohler55/oj/compare/v3.11.3...v3.11.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-16 14:41:39 +02:00
965843f3e5
Build(deps): Bump excon from 0.79.0 to 0.80.1 ( #12724 )
...
Bumps [excon](https://github.com/excon/excon ) from 0.79.0 to 0.80.1.
- [Release notes](https://github.com/excon/excon/releases )
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt )
- [Commits](https://github.com/excon/excon/compare/v0.79.0...v0.80.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-16 13:53:03 +02:00
e08432ddde
DEV: Bump discourse_dev to 0.1.0 ( #12722 )
...
And add the "discourse-development-auth" plugin and client locale files.
2021-04-16 06:42:34 +05:30
81498bd131
DEV: updates to onebox 2.2.14 ( #12713 )
...
This commit also updates github’s body onebox styles in Discourse core:
- full width
- prevents show-more btn to trigger vertical scrolling
- makes text standout less and slightly bigger
2021-04-15 10:58:39 +02:00
56331275dc
Build(deps): Bump connection_pool from 2.2.4 to 2.2.5 ( #12710 )
...
Bumps [connection_pool](https://github.com/mperham/connection_pool ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/mperham/connection_pool/releases )
- [Changelog](https://github.com/mperham/connection_pool/blob/master/Changes.md )
- [Commits](https://github.com/mperham/connection_pool/compare/v2.2.4...v2.2.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-15 10:15:49 +02:00
ae27717b61
UX: moves from summary/details to a button to expand github body ( #12698 )
2021-04-15 08:52:04 +02:00
d56da72fe9
DEV: remove musl support from Gemfile ( #12689 )
...
We do not really support Discourse on Alpine linux / musl based distros.
We depend heavily on libc.
Besides this it looks like rubygems/bundler tends to handle this nuance incorrectly.
Remove it for now.
2021-04-13 20:55:40 -06:00
d87e8683cd
Build(deps): Bump mini_racer from 0.3.1 to 0.4.0 ( #12681 )
...
Bumps [mini_racer](https://github.com/discourse/mini_racer ) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/discourse/mini_racer/releases )
- [Changelog](https://github.com/rubyjs/mini_racer/blob/master/CHANGELOG )
- [Commits](https://github.com/discourse/mini_racer/compare/v0.3.1...v0.4.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-13 12:25:34 -04:00
2aaceaca36
Build(deps): Bump connection_pool from 2.2.3 to 2.2.4 ( #12680 )
...
Bumps [connection_pool](https://github.com/mperham/connection_pool ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/mperham/connection_pool/releases )
- [Changelog](https://github.com/mperham/connection_pool/blob/master/Changes.md )
- [Commits](https://github.com/mperham/connection_pool/compare/v2.2.3...v2.2.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-13 11:32:26 +02:00
094c9e5ea3
DEV: uses onebox 2.2.12 ( #12671 )
2021-04-12 11:34:05 +02:00
5e93730375
DEV: bump `discourse_dev` gem version to 0.0.9 ( #12660 )
2021-04-09 23:06:33 +05:30
b7dad91f2f
Build(deps-dev): Bump parallel_tests from 3.6.0 to 3.7.0 ( #12657 )
...
Bumps [parallel_tests](https://github.com/grosser/parallel_tests ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases )
- [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md )
- [Commits](https://github.com/grosser/parallel_tests/compare/v3.6.0...v3.7.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-09 12:03:19 +02:00
4de2317800
Build(deps): Bump sidekiq from 6.2.0 to 6.2.1 ( #12644 )
...
Bumps [sidekiq](https://github.com/mperham/sidekiq ) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/mperham/sidekiq/releases )
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md )
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.0...v6.2.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-08 13:05:59 +02:00
1cfea75ba8
Build(deps): Bump loofah from 2.9.0 to 2.9.1 ( #12646 )
...
Bumps [loofah](https://github.com/flavorjones/loofah ) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/flavorjones/loofah/releases )
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md )
- [Commits](https://github.com/flavorjones/loofah/compare/v2.9.0...v2.9.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-08 13:04:00 +02:00
481d3f4843
Build(deps): Bump nokogiri from 1.11.2 to 1.11.3 ( #12645 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.11.2 to 1.11.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.2...v1.11.3 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-08 13:03:42 +02:00
72ff9e817c
DEV: Bump discourse_dev to 0.0.8 ( #12639 )
2021-04-08 01:01:06 +05:30
70c0863114
DEV: bundle update onebox ( #12635 )
2021-04-07 12:20:15 -04:00
5e4c0e2caa
FEATURE: Treat site settings as plain text and add a new HTML type. ( #12618 )
...
To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type.
The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.
2021-04-07 12:51:19 -03:00
11e611f845
DEV: Bump discourse_dev to 0.0.7 ( #12633 )
2021-04-07 10:55:19 -04:00
b0ff853f9f
Build(deps): Bump parser from 3.0.0.0 to 3.0.1.0 ( #12624 )
...
Bumps [parser](https://github.com/whitequark/parser ) from 3.0.0.0 to 3.0.1.0.
- [Release notes](https://github.com/whitequark/parser/releases )
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/whitequark/parser/compare/v3.0.0.0...v3.0.1.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-07 00:26:11 +02:00
3c880910d3
Build(deps): Bump rexml from 3.2.4 to 3.2.5 ( #12606 )
...
Bumps [rexml](https://github.com/ruby/rexml ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/ruby/rexml/releases )
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md )
- [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 13:25:03 +02:00
002b937e1e
Build(deps): Bump mini_mime from 1.0.3 to 1.1.0 ( #12607 )
...
Bumps [mini_mime](https://github.com/discourse/mini_mime ) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/discourse/mini_mime/releases )
- [Changelog](https://github.com/discourse/mini_mime/blob/master/CHANGELOG )
- [Commits](https://github.com/discourse/mini_mime/compare/v1.0.3...v1.1.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 13:04:26 +02:00
96737b3d97
Build(deps): Bump oauth from 0.5.5 to 0.5.6 ( #12595 )
2021-04-05 11:04:05 +02:00
4105a30635
Build(deps): Bump progress from 3.5.2 to 3.6.0 ( #12596 )
2021-04-05 00:45:09 +02:00
41c0aca216
Build(deps): Bump rubocop from 1.12.0 to 1.12.1 ( #12597 )
2021-04-05 00:38:17 +02:00
9be99c055f
DEV: bundle update onebox ( #12591 )
2021-04-02 15:11:15 -04:00
7cf42cd830
Build(deps): Bump i18n from 1.8.9 to 1.8.10 ( #12576 )
...
Bumps [i18n](https://github.com/ruby-i18n/i18n ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/ruby-i18n/i18n/releases )
- [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ruby-i18n/i18n/compare/v1.8.9...v1.8.10 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-01 01:39:01 +02:00
5a430e79b0
DEV: bundle update onebox ( #12573 )
2021-03-31 14:57:46 -04:00
5fe1d1f84f
Build(deps-dev): Bump listen from 3.5.0 to 3.5.1 ( #12561 )
...
Bumps [listen](https://github.com/guard/listen ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/guard/listen/releases )
- [Commits](https://github.com/guard/listen/compare/v3.5.0...v3.5.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-31 10:45:06 -04:00
David Taylor
dependabot[bot]
Jarek Radosz
Osama Sayegh
Vinoth Kannan
Joffrey JAFFEUX
Sam
jbrw
Roman Rizzi
Penar Musaraj