Commit Graph

1233 Commits

Author SHA1 Message Date
dependabot-preview[bot] aaf159c48c Bump aws-partitions from 1.255.0 to 1.256.0 (#8566)
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.255.0 to 1.256.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-18 11:55:44 -03:00
dependabot-preview[bot] caa7cc51f1 Build(deps): Bump thor from 1.0.0 to 1.0.1 (#8572)
Bumps [thor](https://github.com/erikhuda/thor) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/erikhuda/thor/releases)
- [Changelog](https://github.com/erikhuda/thor/blob/master/CHANGELOG.md)
- [Commits](https://github.com/erikhuda/thor/compare/v1.0.0...v1.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-18 11:55:18 -03:00
Martin Brennan beb91e7eff
FIX: require: false for rotp gem (#8540)
The ROTP gem is only used in a very small amount of places in the app, we don't need to globally require it.

Also set the Addressable gem to not have a specific version range, as it has not been a problem yet.

Some slight refactoring of UserSecondFactor here too to use SecondFactorManager to avoid code repetition
2019-12-17 10:33:51 +10:00
dependabot-preview[bot] 998bbdc40f Bump fspath from 3.1.0 to 3.1.2 (#8564)
Bumps [fspath](https://github.com/toy/fspath) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/toy/fspath/releases)
- [Commits](https://github.com/toy/fspath/compare/v3.1.0...v3.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 12:19:31 -08:00
dependabot-preview[bot] 5acecfcb91 Bump in_threads from 1.5.1 to 1.5.3 (#8556)
Bumps [in_threads](https://github.com/toy/in_threads) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/toy/in_threads/releases)
- [Changelog](https://github.com/toy/in_threads/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/in_threads/compare/v1.5.1...v1.5.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 10:57:22 -08:00
dependabot-preview[bot] 82828d5145 Bump progress from 3.5.0 to 3.5.2 (#8560)
Bumps [progress](https://github.com/toy/progress) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/toy/progress/releases)
- [Changelog](https://github.com/toy/progress/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/progress/compare/v3.5.0...v3.5.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 10:45:33 -08:00
dependabot-preview[bot] aee3c6b96b Bump json from 2.2.0 to 2.3.0 (#8563)
Bumps [json](https://github.com/flori/json) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 10:35:08 -08:00
dependabot-preview[bot] e328700ae5 Bump aws-sdk-core from 3.85.0 to 3.86.0 (#8558)
Bumps [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) from 3.85.0 to 3.86.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-core/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 10:09:38 -08:00
dependabot-preview[bot] 22f1aa0c58 Bump jquery-rails from 4.3.3 to 4.3.5 (#8557)
Bumps [jquery-rails](https://github.com/rails/jquery-rails) from 4.3.3 to 4.3.5.
- [Release notes](https://github.com/rails/jquery-rails/releases)
- [Changelog](https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/jquery-rails/compare/v4.3.3...v4.3.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 09:44:56 -08:00
dependabot-preview[bot] db82ed86c4 Bump thor from 0.20.3 to 1.0.0 (#8550) 2019-12-16 09:23:47 -08:00
dependabot-preview[bot] 6b3308d614 Bump excon from 0.70.0 to 0.71.0 (#8551)
Bumps [excon](https://github.com/excon/excon) from 0.70.0 to 0.71.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.70.0...v0.71.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-16 08:53:42 -08:00
OsamaSayegh dc3c4bdd00 DEV: Bump Logster version to 2.5.1
This version has minor follow-up fixes and changes to the pattern
grouping feature that was introduced yesterday. See Logster changelog
for details: https://github.com/discourse/logster/blob/master/CHANGELOG.md
2019-12-13 09:51:19 +00:00
dependabot-preview[bot] 885d2bb87a Bump logster from 2.4.2 to 2.5.0 (#8538)
Bumps [logster](https://github.com/discourse/logster) from 2.4.2 to 2.5.0.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

This new version of Logster has grouping patterns that can be added via the UI to group logs that match into a single row. More details at 24d6cc9742
2019-12-12 08:26:49 +03:00
Martin Brennan e8ee847dd2 Merge branch 'master' of github.com:discourse/discourse 2019-12-12 14:33:09 +10:00
Martin Brennan 9c1e0b8bd2 bump rubocop-discourse to 1.0.2 for NoURIEscapeEncode cop 2019-12-12 14:30:27 +10:00
Martin Brennan edbc356593
FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528)
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:

URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.

I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.

Addressable is now also an explicit gem dependency.
2019-12-12 12:49:21 +10:00
Sam Saffron b6acfb7847 DEV: upgrade redis-namespace gem
New release has a few extra commands namespaced, nothing we use.

Also added a comment about why this is explicitly required.
2019-12-12 13:36:08 +11:00
dependabot-preview[bot] 61ac0d47ee DEV: Bump stackprof from 0.2.13 to 0.2.14 (#8531)
Bumps [stackprof](https://github.com/tmm1/stackprof) from 0.2.13 to 0.2.14.
- [Release notes](https://github.com/tmm1/stackprof/releases)
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.13...v0.2.14)

Minor upgrade to stackprof which is only used for diagnostics and not default required. Changes all look safe.
2019-12-12 13:29:00 +11:00
Krzysztof Kotlarek 746ba0d8fd SECURITY: upgrade rack-mini-profiler to avoid possible XSS (#8537) 2019-12-12 13:15:40 +11:00
dependabot-preview[bot] 863d3f89de Build(deps): Bump aws-sdk-s3 from 1.36.1 to 1.59.0 (#8502)
* Build(deps): Bump aws-sdk-s3 from 1.36.1 to 1.59.0

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.36.1 to 1.59.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.36.1...v1.59.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Dependabot/bundler/aws sdk s3 1.59.0 (#8532)
2019-12-11 10:18:11 -08:00
Mark VanLandingham 06c6062ed2
DEV: Lock sassc gem at version 2.0.1 with note (#8523) 2019-12-11 06:22:39 -08:00
dependabot-preview[bot] b90a592146 DEV: Bump aws-sdk-sns from 1.13.0 to 1.21.0 (#8490)
Bumps [aws-sdk-sns](https://github.com/aws/aws-sdk-ruby) from 1.13.0 to 1.21.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-sns/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/1.13.0...1.21.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-11 06:13:17 -08:00
Sam Saffron 1d16b34284 DEV: forgot to check in lockfile
updates lock file to properly match the generated one.
2019-12-11 12:45:42 +11:00
dependabot-preview[bot] 508b4c1e5e DEV: Bump css_parser from 1.7.0 to 1.7.1 (#8524)
Bumps [css_parser](https://github.com/premailer/css_parser) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/premailer/css_parser/releases)
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/premailer/css_parser/compare/v1.7.0...v1.7.1)

This minor update force UTF-8, this should have not impact on us as we only trade in UTF-8 strings for CSS anyway.
2019-12-11 10:56:53 +11:00
dependabot-preview[bot] 83175c9bfb DEV: Bump rspec-html-matchers from 0.9.1 to 0.9.2 (#8525)
Bumps [rspec-html-matchers](https://github.com/kucaahbe/rspec-html-matchers) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/kucaahbe/rspec-html-matchers/releases)
- [Changelog](https://github.com/kucaahbe/rspec-html-matchers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucaahbe/rspec-html-matchers/compare/v0.9.1...v0.9.2)

Low risk update, only impacts tests.
2019-12-11 10:55:25 +11:00
dependabot-preview[bot] 505b8b76bc Build(deps): Bump webpush from 0.3.8 to 1.0.0 (#8511)
Bumps [webpush](https://github.com/zaru/webpush) from 0.3.8 to 1.0.0.
- [Release notes](https://github.com/zaru/webpush/releases)
- [Changelog](https://github.com/zaru/webpush/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zaru/webpush/compare/v0.3.8...v1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 12:56:52 -08:00
dependabot-preview[bot] 3309a2b564 Build(deps-dev): Bump webmock from 3.5.1 to 3.7.6 (#8512)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.5.1 to 3.7.6.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.5.1...v3.7.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 10:38:03 -08:00
dependabot-preview[bot] 31c6a1528b Build(deps-dev): Bump listen from 3.1.5 to 3.2.1 (#8498)
Bumps [listen](https://github.com/guard/listen) from 3.1.5 to 3.2.1.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](https://github.com/guard/listen/compare/v3.1.5...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 08:48:40 -08:00
dependabot-preview[bot] 287ba20f3b Build(deps-dev): Bump parallel_tests from 2.29.2 to 2.30.0 (#8508)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.29.2 to 2.30.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.29.2...v2.30.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 16:11:49 +00:00
Mark VanLandingham 148970ca9b
DEV: Revert parallel_tests bump (#8518)
parallel_tests with this version uses `bin/rake`, which auto-loads plugins
2019-12-10 07:58:12 -08:00
dependabot-preview[bot] 2605adede0 Build(deps-dev): Bump parallel_tests from 2.29.2 to 2.30.0 (#8508)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.29.2 to 2.30.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.29.2...v2.30.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 07:12:38 -08:00
dependabot-preview[bot] da62f87694 Build(deps): Bump rqrcode from 0.10.1 to 1.1.2 (#8497)
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 0.10.1 to 1.1.2.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Commits](https://github.com/whomwah/rqrcode/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 06:49:20 -08:00
dependabot-preview[bot] ee1f77d301 Build(deps-dev): Bump uglifier from 4.1.20 to 4.2.0 (#8510)
Bumps [uglifier](https://github.com/lautis/uglifier) from 4.1.20 to 4.2.0.
- [Release notes](https://github.com/lautis/uglifier/releases)
- [Changelog](https://github.com/lautis/uglifier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lautis/uglifier/compare/v4.1.20...v4.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-10 06:28:15 -08:00
dependabot-preview[bot] 33ae9679d8 DEV: Bump excon from 0.64.0 to 0.70.0 (#8503)
Bumps [excon](https://github.com/excon/excon) from 0.64.0 to 0.70.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.64.0...v0.70.0)

Most changes are minor and update should be pretty safe.
2019-12-10 12:34:00 +11:00
Sam Saffron 3e0454c97b DEV: add a note about sprockets being held back
We want to upgrade to version 4, but it does not work atm.
2019-12-10 12:31:16 +11:00
dependabot-preview[bot] 84c251c778 DEV: Bump sidekiq from 5.2.7 to 6.0.3 (#8499)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.3.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

The big thing for us with this update is that it makes sidekiq a bit faster.
2019-12-10 12:05:02 +11:00
dependabot-preview[bot] c923c49964 DEV: Bump sassc-rails from 2.1.1 to 2.1.2 (#8501)
Bumps [sassc-rails](https://github.com/sass/sassc-rails) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/sass/sassc-rails/releases)
- [Commits](https://github.com/sass/sassc-rails/compare/v2.1.1...v2.1.2)

Minor fixes in the gem
2019-12-10 11:50:34 +11:00
Sam Saffron 0c52537f10 DEV: update rubocop to version 0.77
We like to stay as close as possible to latest with rubocop cause the cops
get better.

This update required some code changes, specifically the default is to avoid
explicit returns where implicit is done

Also this renames a few rules
2019-12-10 11:48:39 +11:00
dependabot-preview[bot] ee9afb87f2 DEV: Bump mock_redis from 0.19.0 to 0.22.0 (#8504)
Bumps [mock_redis](https://github.com/sds/mock_redis) from 0.19.0 to 0.22.0.
- [Release notes](https://github.com/sds/mock_redis/releases)
- [Changelog](https://github.com/sds/mock_redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sds/mock_redis/compare/v0.19.0...v0.22.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Mock redis update adds better parity for redis mock, we use it during tests.
2019-12-10 11:36:36 +11:00
Mark VanLandingham 6740e08caa
DEV: Revert 3 dependabot suggestions (#8506) 2019-12-09 14:40:54 -08:00
Mark VanLandingham 642c17a4b2
DEV: revert webpush version bump (#8505) 2019-12-09 13:53:25 -08:00
dependabot-preview[bot] 413a49fe06 Build(deps-dev): Bump rspec-html-matchers from 0.9.1 to 0.9.2 (#8494)
Bumps [rspec-html-matchers](https://github.com/kucaahbe/rspec-html-matchers) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/kucaahbe/rspec-html-matchers/releases)
- [Changelog](https://github.com/kucaahbe/rspec-html-matchers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucaahbe/rspec-html-matchers/compare/v0.9.1...v0.9.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 12:22:55 -08:00
dependabot-preview[bot] 866b634f22 Build(deps): Bump webpush from 0.3.8 to 1.0.0 (#8491)
Bumps [webpush](https://github.com/zaru/webpush) from 0.3.8 to 1.0.0.
- [Release notes](https://github.com/zaru/webpush/releases)
- [Changelog](https://github.com/zaru/webpush/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zaru/webpush/compare/v0.3.8...v1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 12:21:49 -08:00
dependabot-preview[bot] 6dd1d63671 Build(deps): Bump sassc from 2.0.1 to 2.2.1 (#8493)
Bumps [sassc](https://github.com/sass/sassc-ruby) from 2.0.1 to 2.2.1.
- [Release notes](https://github.com/sass/sassc-ruby/releases)
- [Changelog](https://github.com/sass/sassc-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/sassc-ruby/compare/v2.0.1...v2.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 12:19:39 -08:00
dependabot-preview[bot] bf847e680a Build(deps-dev): Bump uglifier from 4.1.20 to 4.2.0 (#8489)
Bumps [uglifier](https://github.com/lautis/uglifier) from 4.1.20 to 4.2.0.
- [Release notes](https://github.com/lautis/uglifier/releases)
- [Changelog](https://github.com/lautis/uglifier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lautis/uglifier/compare/v4.1.20...v4.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 12:16:03 -08:00
dependabot-preview[bot] 16de46f8d4 Build(deps): Bump omniauth-google-oauth2 from 0.7.0 to 0.8.0 (#8488)
Bumps [omniauth-google-oauth2](https://github.com/zquestz/omniauth-google-oauth2) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/zquestz/omniauth-google-oauth2/releases)
- [Changelog](https://github.com/zquestz/omniauth-google-oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zquestz/omniauth-google-oauth2/compare/v0.7.0...v0.8.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 12:13:07 -08:00
dependabot-preview[bot] 9be3945c91 Build(deps-dev): Bump rspec from 3.8.0 to 3.9.0 (#8487)
Bumps [rspec](https://github.com/rspec/rspec) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/rspec/rspec/releases)
- [Commits](https://github.com/rspec/rspec/compare/v3.8.0...v3.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 11:34:30 -08:00
dependabot-preview[bot] 3092cdc2bd Build(deps-dev): Bump simplecov from 0.16.1 to 0.17.1 (#8486)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.16.1 to 0.17.1.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.16.1...v0.17.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 11:32:25 -08:00
dependabot-preview[bot] 41f4159cc7 Build(deps): Bump multi_json from 1.13.1 to 1.14.1 (#8485)
Bumps [multi_json](https://github.com/intridea/multi_json) from 1.13.1 to 1.14.1.
- [Release notes](https://github.com/intridea/multi_json/releases)
- [Changelog](https://github.com/intridea/multi_json/blob/master/CHANGELOG.md)
- [Commits](https://github.com/intridea/multi_json/compare/v1.13.1...v1.14.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 11:30:30 -08:00
dependabot-preview[bot] 276fb7f46f DEV: Bump parallel_tests from 2.28.0 to 2.29.2 (#8484)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.28.0 to 2.29.2.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.28.0...v2.29.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 10:46:01 +00:00
dependabot-preview[bot] 510047c5df Build(deps): Bump ruby-openid from 2.7.0 to 2.9.2 (#8476)
Bumps [ruby-openid](https://github.com/openid/ruby-openid) from 2.7.0 to 2.9.2.
- [Release notes](https://github.com/openid/ruby-openid/releases)
- [Changelog](https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/openid/ruby-openid/compare/v2.7.0...v2.9.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-12-09 10:40:50 +00:00
Sam Saffron ed6d3b493c DEV: update dependencies
This updates some low risk dependencies. Mostly minor changes.

Public suffix now requires Ruby 2.3 and up which is not a problem for us.
2019-12-09 19:20:45 +11:00
dependabot-preview[bot] 9b30922109 Build(deps): Bump rotp from 3.3.1 to 5.1.0 (#8477)
* Build(deps): Bump rotp from 3.3.1 to 5.1.0

Bumps [rotp](https://github.com/mdp/rotp) from 3.3.1 to 5.1.0.
- [Release notes](https://github.com/mdp/rotp/releases)
- [Changelog](https://github.com/mdp/rotp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdp/rotp/compare/v3.3.1...v5.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix breaking ROTP changes
2019-12-09 14:29:48 +10:00
dependabot-preview[bot] fca727fd92 DEV: Bump tilt from 2.0.9 to 2.0.10 (#8479)
Minor update, removes a Ruby 2.7 deprecation.
2019-12-09 14:22:55 +11:00
dependabot-preview[bot] c853051edb DEV: Bump mustache from 1.1.0 to 1.1.1 (#8478)
Minor update, removes one warning which we have not seen yet.
2019-12-09 14:21:55 +11:00
dependabot-preview[bot] 7aa3233bcb DEV: Bump puma from 3.12.2 to 4.3.1 (#8475)
The downside here is that we are now going to require nio4r which requires some native code.

It is reasonably low risk though cause puma is very well tested. We use puma mostly in test environments, not in production.
2019-12-09 12:51:41 +11:00
dependabot-preview[bot] d198e824ce DEV: Bump fastimage from 2.1.5 to 2.1.7
This library is used to detect size of images, upgrading a minor version here should be low risk, we have integration tests to detect issues.
2019-12-09 12:49:53 +11:00
Sam Saffron 8a6421565e DEV: upgrade low risk gems
This updates a bunch of gems that have very low risk of breaking anything
or are mostly used in dev. Overall our goal is to be on latest gems with
latest bug fixes so this is us working in that direction.
2019-12-06 17:12:43 +11:00
dependabot[bot] cc92aa9e71 SECURITY: Bump puma from 3.12.1 to 3.12.2 (#8464)
Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.12.1...v3.12.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-12-06 14:09:29 +11:00
Sam Saffron a06fccae1b DEV: update dependencies and add notes about exceptions
Previously it was unclear why certain gems are being held back cause Gemfile
had no comment explaining it.

I tried to add some explanation from memory and remove some exceptions that
seemed to be superfluous.

This upgrades shoulda to latest, it appears to work once a couple of assertions
are removed

Also update http accept language used to auto detect language from http header
this is tested

Zeitwerk small update seems fine
2019-12-06 13:00:28 +11:00
Arpit Jalan cab9c7c77e Bump onebox version.
- FIX: use dedicated Vimeo onebox for all video types
2019-11-27 16:22:25 +05:30
Arpit Jalan 7543db086a Bump onebox version.
- FIX: Amazon video oneboxes were not working.
2019-11-20 14:47:59 +05:30
David Taylor eaf6096890 DEV: Use rubocop-discourse gem to add custom chdir cop
Followup to b27e009655
2019-11-18 15:39:41 +00:00
Gerhard Schlager c04369ed8f
DEV: Revert to Bundler 1.17
Follow-up to a2d6169a5e
2019-11-11 15:37:13 +01:00
Sam Saffron a2d6169a5e DEV: upgrade mini_racer
This is done to fix a compatibility issue with Ruby 2.7, it ensures we clean
up fds for a pipe we use to track timeouts in mini racer.
2019-11-11 15:36:16 +11:00
Sam Saffron 652b6363a2 DEV: upgrade bootsnap
This fixes Ruby 2.7 support which we are starting to test
2019-11-08 17:07:58 +11:00
Sam Saffron 26c0199c01 DEV: update Rails to version 6.0.1
This version of Rails eliminates a monkey patch that is no longer needed!

Additionally it preps us for Ruby 2.7 support.
2019-11-08 16:56:30 +11:00
Mark VanLandingham f79796fcac DEV: Bump loofah version due to vulnerability 2019-11-07 10:02:02 -05:00
Arpit Jalan c5df853dea Bump onebox version.
- fix for gfycat onebox in email
2019-11-07 10:03:12 +05:30
Arpit Jalan cb9702bf7a Bump onebox version.
- Remove native caching
- FIX: dropbox videos were not loading
2019-11-04 10:46:20 +05:30
Sam Saffron af841fa883 DEV: update rack-mini-profiler
This includes an important new feature, we pre-compile templates so CSPs
that disable eval can still apply to our sites.
2019-10-28 16:46:13 +11:00
Sam Saffron c9714fcbf8 FIX: update rack-mini-profiler
1.1.0 had regressions where rack mini profiler would break the site for IE11
users cause the payload had errors.

1.1.2 fixes that.
2019-10-25 11:17:44 +11:00
Arpit Jalan 12409f63a0 Bump onebox version.
- FIX: Follow redirect returns url if response code is 200
- FIX: do not resize xkcd image
2019-10-22 12:26:01 +05:30
Krzysztof Kotlarek 858cf5836c
FIX: update Redis gem to version 4.1.3
I run our benchmark on commit with hiredis and redis-4.1.3

Results:
type | hidredis | redis 4.1.3 | percent
--- | --- | --- | ---
Categories-50 | 49 | 50 | 102.04%
Categories-75 | 51 | 51 | 100.00%
Categories-90 | 63 | 64 | 101.59%
Categories-99 | 86 | 85 | 98.84%
Home-50 | 55 | 55 | 100.00%
Home-75 | 56 | 57 | 101.79%
Home-90 | 68 | 69 | 101.47%
Home-99 | 102 | 104 | 101.96%
Topic-50 | 36 | 37 | 102.78%
Topic-75 | 37 | 37 | 100.00%
Topic-90 | 47 | 48 | 102.13%
Topic-99 | 60 | 61 | 101.67%
Categories-admin-50 | 124 | 117 | 94.35%
Categories-admin-75 | 130 | 129 | 99.23%
Categories-admin-90 | 147 | 143 | 97.28%
Categories-admin-99 | 204 | 199 | 97.55%
Home-admin-50 | 146 | 148 | 101.37%
Home-admin-75 | 150 | 152 | 101.33%
Home-admin-90 | 169 | 168 | 99.41%
Home-admin-99 | 232 | 223 | 96.12%
Topic-admin-50 | 60 | 61 | 101.67%
Topic-admin-75 | 64 | 63 | 98.44%
Topic-admin-90 | 76 | 73 | 96.05%
Topic-admin-99 | 124 | 94 | 75.81%
Load rails | 2412 | 2360 | 97.84%
rss | 290204 | 295828 | 101.94%
pss | 277948 | 283624 | 102.04%

Redis gem is manipulating Redis config https://github.com/redis/redis-rb/blob/master/lib/redis/client.rb#L95
therefore we cannot pass the frozen config object.

Pass of the copy of the object is protecting original config
2019-10-21 09:59:24 +11:00
OsamaSayegh 1f6f118e52 DEV: Bump Logster version to 2.4.1
This version includes a few performance fixes, details here: 59f8cb0abf
2019-10-17 20:06:27 +00:00
Sam Saffron ae2a56999e Revert "FIX: update Redis gem to version 4.1.3 (#8197)"
This reverts commit ab74a50d85.

We really want to upgrade redis, but discovered some edge cases
around failover we need to test.

Holding off on the upgrade till a bit more testing happens
2019-10-17 11:41:46 +11:00
Krzysztof Kotlarek ab74a50d85 FIX: update Redis gem to version 4.1.3 (#8197)
* FIX: update Redis gem to version 4.1.3

I run our benchmark on commit with hiredis and redis-4.1.3

Results:
type | hidredis | redis 4.1.3 | percent
--- | --- | --- | ---
Categories-50 | 49 | 50 | 102.04%
Categories-75 | 51 | 51 | 100.00%
Categories-90 | 63 | 64 | 101.59%
Categories-99 | 86 | 85 | 98.84%
Home-50 | 55 | 55 | 100.00%
Home-75 | 56 | 57 | 101.79%
Home-90 | 68 | 69 | 101.47%
Home-99 | 102 | 104 | 101.96%
Topic-50 | 36 | 37 | 102.78%
Topic-75 | 37 | 37 | 100.00%
Topic-90 | 47 | 48 | 102.13%
Topic-99 | 60 | 61 | 101.67%
Categories-admin-50 | 124 | 117 | 94.35%
Categories-admin-75 | 130 | 129 | 99.23%
Categories-admin-90 | 147 | 143 | 97.28%
Categories-admin-99 | 204 | 199 | 97.55%
Home-admin-50 | 146 | 148 | 101.37%
Home-admin-75 | 150 | 152 | 101.33%
Home-admin-90 | 169 | 168 | 99.41%
Home-admin-99 | 232 | 223 | 96.12%
Topic-admin-50 | 60 | 61 | 101.67%
Topic-admin-75 | 64 | 63 | 98.44%
Topic-admin-90 | 76 | 73 | 96.05%
Topic-admin-99 | 124 | 94 | 75.81%
Load rails | 2412 | 2360 | 97.84%
rss | 290204 | 295828 | 101.94%
pss | 277948 | 283624 | 102.04%

* FIX: get rid of redis freedom patch
2019-10-17 08:49:23 +11:00
David Taylor 061c8874f5 FIX: Correct line count link in GitHub commit onebox
Bump onebox version
2019-10-15 23:52:59 +01:00
Sam Saffron c3cc96084c FIX: remove hiredis gem which is no longer needed
Previously some local micro-benchmarks revealed it was not giving any perf
benefits.

Now that we upgraded to 2.6.5 we are seeing some segfaults.

No need to carry this dependency around anymore.

We can re-evaluate in future if it improves perf and fix the segfaults.
2019-10-15 18:17:14 +11:00
romanrizzi 9845963105 FEATURE: Use the 'ugc' rel attribute alongside 'nofollow' 2019-10-14 15:21:48 -03:00
David Taylor 939a746dcd UX: Use theme colors for GitHub issue labels
Bump onebox version to pull tag rendering bug fix
2019-10-09 12:28:48 +01:00
David Taylor 3edd514c72 FEATURE: Redesigned GitHub oneboxes
Bump onebox version, and add new styling

Commit, PR and Issue oneboxes are updated with a new design. Timestamps are now localized using local-dates (if installed).
2019-10-09 11:47:58 +01:00
OsamaSayegh 061b98bc75 DEV: Bump Logster version to 2.3.3
This new version of Logster has a new feature that keeps track of
message timestamp when it's merged into other similar messages.
2019-10-08 16:39:52 +00:00
David Taylor e7cc7def8b UX: Stop using fixed-width font to render github issue description
Bump onebox version
2019-10-08 11:48:05 +01:00
Joffrey JAFFEUX 67a90a7d97 FIX: updates discourse-ember-source gem (#8167)
This is related to fix made to prevent a crash in iOS 9.5
2019-10-08 11:39:20 +11:00
David Taylor 615039f228 FEATURE: Improve GitHub commit, PR and issue onebox rendering
Bump onebox version to include new github rendering, and add relevant CSS

Avatars are reduced in size significantly, and icons are added to easily differentiate PRs and commits. The 'Issue:' prefix is removed from issue oneboxes, to make them consistent with commits and PRs.
2019-10-07 19:26:10 +01:00
Sam Saffron 8d5f47dded PREF: optimise preloading application
We preload to ensure as much memory as possible is reused from unicorn master
to various workers using copy-on-write (sidekiq, unicorn)

This migrates the preloading code into the Discourse module for easier
reuse and adds 3 notable preloading changes

1. We attempt to localize a string on each site, ensuring we warmup
the i18n

2. We preload all our templates (compiling .erb to class)

3. We warm-up our search tokenizer which uses cppjieba which is a large
memory consumer, this will only cause a warmup on CJK sites or sites with
the special site setting enabled.
2019-10-07 00:33:37 -04:00
Martin Brennan 68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Sam Saffron 0420e8145e SECURITY: update rubyzip dependency
This updates rubyzip library so that callers can trust entries when
extracting files avoiding situations where a rogues zip imported by a rogue
admin could cause a disk space issue.
2019-10-01 17:11:20 +10:00
Sam Saffron ba0114a6ff SECURITY: update rack-mini-profiler to latest to correct XSS
This corrects an XSS in ?pp=help.

Also removes the jQuery dependency from rack-mini-profiler and restricts
memory sensitive profiling methods development only.
2019-10-01 16:55:58 +10:00
Krzysztof Kotlarek 32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Arpit Jalan 4195548a17 Bump onebox version.
- indicate and link to Flickr Album
2019-09-11 23:23:11 +05:30
Sam Saffron 5da7ffd46c FEATURE: update mini_scheduler to support history filtering
New version of mini scheduler allows you to select the name of a schedule
in the history page in `/sidekiq/scheduler/history`.

This is handy for quickly looking up timing trends.
2019-09-11 18:43:02 +10:00
Sam Saffron ed00f35306 FEATURE: improve performance of anonymous cache
This commit introduces 2 features:

1. DISCOURSE_COMPRESS_ANON_CACHE (true|false, default false): this allows
you to optionally compress the anon cache body entries in Redis, can be
useful for high load sites with Redis that lives on a separate server to
to webs

2. DISCOURSE_ANON_CACHE_STORE_THRESHOLD (default 2), only pop entries into
redis if we observe them more than N times. This avoids situations where
a crawler can walk a big pile of topics and store them all in Redis never
to be used. Our default anon cache time for topics is only 60 seconds. Anon
cache is in place to avoid the "slashdot" effect where a single topic is
hit by 100s of people in one minute.
2019-09-04 17:18:32 +10:00
Sam Saffron 5db204f370 FIX: broken scheduler when changing per_host <-> global
Prior to this commit if we ever checked in a per_host directive and scheduled
job was previously global, total chaos could ensue as a feedback loop would
start

We very rarely used per_host to date, but just started making use of it
for heartbeats
2019-08-30 23:26:44 +10:00
Sam Saffron 098f9e8b5b PERF: Run multiple threads for regular job schedules
Under extreme load on large databases certain regular jobs can take quite
a while to run. We need to ensure we never starve a sidekiq from running
mini scheduler, cause without it we are unable to queue stuff such as
heartbeat jobs.
2019-08-29 15:34:36 +10:00
Arpit Jalan e9c971ba77 Bump onebox version.
- allow oneboxing for `www.amazon.com.mx`
2019-08-26 16:44:10 +05:30
Arpit Jalan 038bf02e33 Bump onebox version.
- strip whitespace from Twitter onebox
2019-08-21 10:19:54 +05:30
Régis Hanol 727430aacf SECURITY: bump nokogiri
We're not using the vulnerable method but there's no harm in upgrading.
2019-08-20 10:58:18 +02:00
Sam Saffron 8db38de9d7 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:29:11 +10:00
Arpit Jalan f27564a0a0 Bump onebox version.
- normalize and decode html entities for image URL
2019-08-19 19:01:23 +05:30
OsamaSayegh 50368940f7 DEV: Bump Logster version to 2.3.1
Commits since last version bump: 5cdcb76...c5bcb8e
2019-08-15 07:21:34 +00:00
Arpit Jalan 44f4801087 Bump onebox version.
- do not double encode percentage in url
- support hashbang in url
2019-08-12 08:42:50 +05:30
Sam Saffron 1f47ed1ea3 PERF: message_bus will be deferred by server when flooded
The message_bus performs a fair amount of work prior to hijacking requests
this change ensures that if there is a situation where the server is flooded
message_bus will inform client to back off for 30 seconds + random(120 secs)

This back-off is ultra cheap and happens very early in the middleware.

It corrects a situation where a flood to message bus could cause the app
to become unresponsive

MessageBus update is here to ensure message_bus gem properly respects
Retry-After header and status 429.

Under normal state this code should never trigger, to disable raise the
value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell
message bus to go away if we are queueing for 100ms or longer
2019-08-09 17:48:01 +10:00
Arpit Jalan bc5daa1466 Bump onebox version.
- prioritize `card_html` over `article_html`
2019-08-05 11:04:58 +05:30
Neil Lalonde 9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Arpit Jalan 6a0787445c Bump onebox version.
- Deprioritize Twitter card in generic onebox
2019-07-25 17:13:23 +05:30
Roman Rizzi f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Joffrey JAFFEUX b3eb67976d
DEV: Upgrades to Ember 3.10 (#7871)
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-07-16 12:45:15 +02:00
Arpit Jalan 25830c73be Bump onebox version.
- use custom placeholder HTML for generic whitelisted oneboxes
- optimize usage of custom placeholder HTML
2019-07-11 18:31:51 +05:30
romanrizzi f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi 8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Arpit Jalan f0f271cd5f Bump onebox version.
- remove additional whitespace from Twitter onebox
2019-07-09 13:12:03 +05:30
Arpit Jalan bb8cf81089 Bump onebox version.
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
Arpit Jalan feb828172b Bump onebox version.
- improved spacing for quoted twitter onebox
2019-07-06 09:41:01 +05:30
Arpit Jalan 5bc1fd23b0 Bump onebox version.
- update HTML for twitter quoted onebox
- updated CSS for twitter quoted onebox
2019-07-05 19:35:36 +05:30
Arpit Jalan 1ebc3cce4a Bump onebox version.
- twitter oneboxing using API was broken
2019-07-04 11:41:07 +05:30
Arpit Jalan 32edaa3843 Bump onebox version
- support for Twitter quoted tweets
2019-07-04 11:01:30 +05:30
Abroskin Alexander 0872a1182d DEV: Replace Overcommit with Lefthook (#7826)
Overcommit uses prebuilt hooks and require global installation.
To avoid this issues replace it with Lefthook.
Lefthook will be installed with npm packages. New contributors
will have fully consistent git hooks.
2019-07-02 11:29:52 +02:00
Arpit Jalan 7f14e185cc Bump onebox version.
- prevent double escaping of URL
2019-06-27 23:35:35 +05:30
Arpit Jalan 168a38dc29 Bump onebox version.
- better Twitch placeholder
- CSS for said placeholder
2019-06-26 23:22:29 +05:30
Arpit Jalan 2af4002817 Bump onebox version.
- Add a placeholder icon for Twitch onebox preview
- Add CSS for showing fontawesome play icon for placeholder class
2019-06-26 13:40:14 +05:30
Sam Saffron 4c89f7f881 DEV: bump version on mini_scheduler
This corrects a catastrophic state that can ensue if redis becomes readonly

It also adds support for multiple queues and minor cleanup
2019-06-24 16:56:16 +10:00
Guo Xiang Tan 29259b46ae DEV: Verbose mode for `posts:inline_uploads` rake task. 2019-06-10 08:59:11 +08:00
Guo Xiang Tan 1991af2abb DEV: Switch `InlineUploads` to a regexp based implementation. 2019-06-04 15:54:25 +08:00
Guo Xiang Tan d93e5fb00d DEV: Class that converts MD with old attachment links to new MD. 2019-06-04 15:54:25 +08:00
Vinoth Kannan 787ccb5746 revert the bundler version
871fcf1117
2019-06-04 08:45:30 +05:30
Vinoth Kannan 871fcf1117 PERF: omit user profile and private message stats in web hook serializer. 2019-06-04 08:44:10 +05:30
David Taylor 8511bfe583 Bump omniauth-google-oauth2 gem version
Pinning to an old version is no longer required following 8b4d6dafea
2019-06-03 19:17:00 +01:00
Joffrey JAFFEUX ee43b36b64
Bump onebox version. (#7666)
Fixes multiple possible sources of exceptions due to frozen strings. Wikipedia onebox was definitely failing before this patch.
2019-05-31 17:04:34 +02:00
Joffrey JAFFEUX 75d413ad11
Bump onebox version. (#7665)
Fixes a regression with soundclound onebox due to frozen string literal.
2019-05-31 16:41:33 +02:00
Arpit Jalan bf3c781f26 Bump onebox version.
- add frozen string literal to all the files
2019-05-28 17:39:42 +05:30
Daniel Waterworth f46d2ad086 DEV: Update test-prof (#7572)
* Updated test-prof

* Made rails_helper.rb use new test-prof APIs

Instead of the previous temporary hacks.

* Added environment option to disable prefabrication

It was removed mistakenly
2019-05-21 22:07:40 +10:00
Arpit Jalan ce89f19250 Bump onebox version.
- use Vimeo engine for private links only
- if og:video_url is missing, make one using Vimeo ID
2019-05-20 12:24:43 +05:30
Sam Saffron a4627c3d82 DEV: revert bundler to 1.7.3
At the moment bundler 2.0 is not compatible with:

https://github.com/discourse/discourse-backup-uploads-to-s3

We plan to get this fixed but in the mean time do not upgrade.

followup to 2a7065c5
2019-05-20 11:23:28 +10:00
Vinoth Kannan 2a7065c505 FIX: skip uploads without etag in s3 inventory check. 2019-05-20 00:09:52 +05:30
Régis Hanol 081eb76308 DEV: update rubocop - take 2 2019-05-17 14:13:25 +02:00
Régis Hanol 88102ce13d DEV: update rubocop 2019-05-17 14:08:58 +02:00
Sam Saffron bbcc39e66c FEATURE: update mini_racer to version including heap dump support
We recently noticed a leak, this introduces a new method on MiniRacer::Context

```
context.write_heap_snapshot(path)
```

To dump current memory in v8 context to a file, this can then be analyzed
in chrome and other similar tools

Can be triggered in production using rbtrace
2019-05-14 18:01:15 +10:00
Gerhard Schlager 73da9c171a DEV: Upgrade unicorn
The gem has minor bug fixes. One of those stopped the RubyMine debugger from working.
2019-05-07 17:03:27 +02:00
Arpit Jalan d679c4e0eb Bump onebox version.
- FIX: encode the URL per RFC 3986 spec
2019-05-06 18:17:42 +05:30
Vinoth Kannan 28547c6f08 revert bundler version change
73418aaf73
2019-05-02 04:37:55 +05:30
Vinoth Kannan 73418aaf73 DEV: Add bucket folder path to inventory id 2019-05-02 04:35:35 +05:30
romanrizzi 2ebe9e3a8b Bump onebox version 2019-04-30 10:07:48 -03:00
Guo Xiang Tan 09b3d0c2a0
DEV: Only install danger on Travis. (#7452) 2019-04-29 14:45:24 +08:00
Sam Saffron fa313564d7 DEV: update rails multisite
This gives us Rails 6 support, should not impact existing behavior
2019-04-29 16:24:47 +10:00
Sam Saffron c0a5a07eda DEV: missing change from prev commit 2019-04-29 15:52:47 +10:00
Sam Saffron 7ea5c8a5f5 DEV: update AWS dependency
AWS is a big moving target, this fills gaps in the API. Technically we
use such a tiny surface area that it probably does not matter, but it is
good to be up to date here.
2019-04-29 15:39:19 +10:00
Sam Saffron 2d9c8581ce DEV: low risk gem updates
This updates another batch of gems that are lowish risk

Most of the gem changes are here for Rails 6 / Ruby 2.6.3 support

Excon did some stuff around better cipher ordering
2019-04-29 15:33:01 +10:00
Sam Saffron 9797073de0 DEV: update mini_sql and some other gems
Big one is mini_sql, only noticeable change is that the internals now
support jruby!
2019-04-29 15:04:19 +10:00
Sam Saffron 75c1506cb0 DEV: update minor dependencies
These gems have very minor changes, and are low risk updates
2019-04-29 15:00:58 +10:00
Sam Saffron b3d91ea541 DEV: update rubocop
No changes required in core Discourse.
2019-04-29 14:57:30 +10:00
Sam Saffron 6449170e15 DEV: update mini racer version
Mini Racer 0.2.5 provides support for libv8 7.3 (so we just upgraded from
Chrome 67 -> 73 JS engine wise)
2019-04-29 10:22:27 +10:00
Maja Komel 4b455e741e DEV: Ember 3.8.0
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-04-26 12:16:21 +02:00
Sam Saffron 68d7b4023b FIX: update mini scheduler
The UX was not showing any durations longer than 1 minute for scheduled
jobs

Also updates sidekiq and rack minor versions which are low risk
2019-04-26 11:24:17 +10:00
Vinoth Kannan 1724c27713 FIX: reload the 'post' model to retrive raw field value. 2019-04-25 02:09:27 +05:30
Vinoth Kannan aed683390c FIX: Don't treat 'upload_patterns' as constant to make the rake task compatible with multisite 2019-04-25 02:06:20 +05:30
Gerhard Schlager 01a3311ffb SECURITY: Update nokogiri 2019-04-24 10:42:24 +02:00
Arpit Jalan e8f51815e5 Bump onebox version.
- Update github_blob engine to support displaying stl files
- FEATURE: add `data-original-href` attribute to Vimeo iframes
- Add poster image for video oneboxes
2019-04-24 13:59:14 +05:30
Guo Xiang Tan 8c8d3bea31 Remove unncessary gems installed due to Rails 5.2.3 upgrade.
Follow up to b3dcaacdf4.
2019-04-23 17:44:49 +08:00
Guo Xiang Tan b3dcaacdf4 Update Rails to 5.2.3. 2019-04-20 10:49:54 +09:00
Daniel Waterworth 7e3628d11f Added test-prof as a dependency (#7395)
test-prof is a collection of tools for analyzing test-suite performance.
2019-04-19 10:52:31 +02:00
Nicolas Sebastian Vidal 2b8487b0ea Removed "shoulda" gem in favor of "shoulda-matchers" and update (#7387)
* Update shoulda gem

* Remove shoulda gem in favor of shoulda-matchers only
2019-04-18 07:41:37 +10:00
Guo Xiang Tan e50494bcde Revert "DEV: Upgradae to Bundler 2."
This reverts commit f65c8a7ba1.

I can't deal with this now.
2019-04-15 11:05:51 +08:00
Guo Xiang Tan f65c8a7ba1 DEV: Upgradae to Bundler 2. 2019-04-15 09:02:02 +08:00
Vinoth Kannan 70fef8e0c3 FIX: change to correct bundled version 2019-04-14 14:46:56 +05:30
Vinoth Kannan 87b53e170b FIX: skip <br> inside <p> if next character is \n 2019-04-14 14:44:54 +05:30
Roman Rizzi 76e76140e1 Bump onebox version 2019-04-12 10:28:36 -03:00
Arpit Jalan 9c1d1777db Bump onebox version
- adds support for oneboxing google drive files
- add styling for google drive onebox favicon
2019-04-10 13:37:24 +05:30
Maja Komel b0053f3a1c FEATURE: bump onebox version, add styling for new reddit image onebox 2019-04-04 11:24:30 +02:00
David Taylor b375dcb14a DEV: Introduce parallel rspec testing
Adds the parallel_tests gem, and redis/postgres configuration for running rspec tests in parallel. To use:

```
rake parallel:rake[db:create]
rake parallel:rake[db:migrate]
rake parallel:spec
```

This brings the test suite from 12m20s to 3m11s on my macOS machine
2019-04-01 11:06:47 -04:00
Gerhard Schlager cadd1d670f DEV: Add simplecov as test dependency (#7271) 2019-04-01 16:00:11 +11:00
Osama Sayegh 6ea14b591f
Bump logster to 2.3.0 (#7251)
Introduces a new feature that keeps track of number of logs that have been suppressed by each pattern. 

![image](https://user-images.githubusercontent.com/17474474/54972259-e3b00680-4f9b-11e9-96cd-e2c12d2c239f.png)

d3146c0fe1
2019-03-26 07:51:58 +03:00
David Taylor 59491f3047 FIX: Add `sassc-rails` for plugins using sprockets to compile scss
This did not affect core because we have a custom stylesheet pipeline
2019-03-21 23:23:29 +00:00
David Taylor 56b4ee43d3 DEV: Update sassc gem 2019-03-20 16:04:26 +00:00
Maja Komel f3d0d8fe7d Upgrade to Ember 3.7.0 2019-03-20 14:43:25 +01:00
Osama Sayegh 14c1af0a9e Bump logster version to 2.2.0 (#7200) 2019-03-19 09:39:16 +01:00
Roman Rizzi bd8e46a9c1 SECURITY: Upgrading Rails version to 5.2.2.1 2019-03-13 16:24:54 -03:00
Roman Rizzi 77931b70c3
Revert "DEV: Upgrade to Ember 3.7.0 (#6977)" (#7165)
This reverts commit 3eebf8be73.
2019-03-13 15:49:47 -03:00
Maja Komel 3eebf8be73
DEV: Upgrade to Ember 3.7.0 (#6977)
* Upgrade to Ember 3.7.0

* use ember source 3.7.0.2

* fix mobile header

* fix navigation
2019-03-13 12:16:06 +01:00
Vinoth Kannan d4d67386c9 FIX: change to correct bundled version 2019-03-13 16:43:45 +05:30
Vinoth Kannan 1b454c73ae FIX: 'topic' can have null value 2019-03-13 16:34:47 +05:30
Arpit Jalan a9648e8fd1 onebox version bump
- FIX: respect code indentation
2019-03-07 17:55:47 +05:30
Vinoth Kannan 1b1f9831b0 Bump onebox version
discourse/onebox@4dd5a62
2019-03-06 11:58:41 +05:30
Gerhard Schlager 33129efdb5 Revert "Bump onebox version"
This reverts commit 345f6237cb.
2019-03-05 22:51:02 +01:00
Gerhard Schlager 345f6237cb Bump onebox version
f2b361fc28
2019-03-05 22:18:49 +01:00
Arpit Jalan 2d247cc4e9 Bump onebox version
- deafult to dedicated vimeo and gfycat engine
2019-02-26 10:50:27 +05:30
Sam 9faf058120 FEATURE: mini_sql upgrade
- Fixes deprecation regarding usage of BigDecimal in dev
- Handle edge case where query_hash would clear a non existent result
- Minor perf improvement to query_single

Most important thing though is that we are now on the latest gem
2019-02-25 16:02:32 +11:00
Sam 3aabb9825f Revert "DEV: update mini_sql to remove deprecation"
This reverts commit e8e61535eb.

Turns out some other changes happened to MiniSql which require Discourse
changes
2019-02-25 15:14:16 +11:00
Sam e8e61535eb DEV: update mini_sql to remove deprecation
The only reason this was done was to remove this deprecation when running
tests.

```
/home/sam/.rbenv/versions/2.6.1/lib/ruby/gems/2.6.0/gems/mini_sql-0.1.10/lib/mini_sql/coders.rb:5: warning: BigDecimal.new is deprecated; use BigDecimal() method instead.
```
2019-02-25 14:31:43 +11:00
Osama Sayegh f86ca5631a
Bump logster to v 2.1.2 (#7052) 2019-02-21 18:59:33 +03:00
Sam 8745f78277 DEV: disable async logging in development on broken Ruby
Ruby 2.5.3 has an upatched issue that crashes unicorn after fork:

https://bugs.ruby-lang.org/issues/14634

This will be patched in 2.5.4 however for now just warn people dev is slower
and disable async logging on the older rubies
2019-02-21 17:20:58 +11:00
Sam Saffron 83f13ecf82 FEATURE: bump onebox dependency
- Adds support of kaltura oneboxes
- Adds support for typeform oneboxes
2019-02-19 15:22:43 +11:00
Régis Hanol a3e9b809b2 Update aws-sdk-* gems to latest versions 2019-02-14 11:04:35 +01:00
Régis Hanol 4d674acc25 FEATURE: AWS SNS bounce notifications webhooks 2019-02-13 21:26:40 +01:00
Osama Sayegh 1c00e8a755 Bump logster to 2.1.0 (#7000) 2019-02-13 10:57:22 +01:00
Vinoth Kannan fb911766ee FIX: Bump onebox version to include imgur security fix 2019-02-13 01:14:06 +05:30
Sam 4cfc201604 DEV: update logster to stable release
This update logster to the stable 2.0.1 release instead of running a pre
release
2019-02-06 16:54:42 +11:00
Sam 0098b3072e DEV: update rack-mini-profiler
This gem update fixes an issue with upcoming Rails 6

(without this fix mini profiler will not work on rails 6 and simply renders
text)
2019-02-06 16:51:45 +11:00
Sam 1748ec421e DEV: gem updates
Another group of gems updated, better_errors is fairly safe as its for dev
chunky_png fairly safe, used for getting image info from pngs, erubi update
is very safe. Sanitize is used by onebox and should always be on latest.

Long term we should think of making sanitize an optional dependency on onebox
cause we are happy to just provide methods from core to do this and it would
remove nokogumbo and sanitize deps.
2019-02-05 12:35:42 +11:00