Daniel Waterworth
3a4ac3a7c0
FIX: Don't update url in GitImporter ( #19273 )
...
Since it's fetched and used elsewhere and expected to stay the same.
2022-12-01 10:50:06 -06:00
Daniel Waterworth
d9364a272e
FIX: When following redirects before cloning, use the first git request ( #19269 )
...
This is closer to git's redirect following behaviour. We prevented git
following redirects when we clone in order to prevent SSRF attacks.
Follow-up-to: 291bbc4fb9
2022-11-30 14:21:09 -06:00
Daniel Waterworth
47709c6d49
DEV: Reinstate --single-branch when cloning themes ( #19026 )
2022-11-15 13:23:57 -06:00
Jarek Radosz
c32fe340f0
DEV: Fix mocha deprecations ( #18828 )
...
It now supports strict keyword argument matching by default.
2022-11-02 10:47:59 +01:00
David Taylor
68b4fe4cf8
SECURITY: Expand and improve SSRF Protections ( #18815 )
...
See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2022-11-01 16:33:17 +00:00
Jarek Radosz
b27d5626d2
SECURITY: Prevent arbitrary file write when decompressing files ( #18421 )
...
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2022-09-29 20:00:38 +02:00
Phil Pirozhkov
493d437e79
Add RSpec 4 compatibility ( #17652 )
...
* Remove outdated option
04078317ba
* Use the non-globally exposed RSpec syntax
https://github.com/rspec/rspec-core/pull/2803
* Use the non-globally exposed RSpec syntax, cont
https://github.com/rspec/rspec-core/pull/2803
* Comply to strict predicate matchers
See:
- https://github.com/rspec/rspec-expectations/pull/1195
- https://github.com/rspec/rspec-expectations/pull/1196
- https://github.com/rspec/rspec-expectations/pull/1277
2022-07-28 10:27:38 +08:00
Loïc Guitaut
296aad430a
DEV: Use `describe` for methods in specs
2022-07-27 16:35:27 +02:00
David Taylor
c9dab6fd08
DEV: Automatically require 'rails_helper' in all specs ( #16077 )
...
It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors.
By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.
2022-03-01 17:50:50 +00:00
Jarek Radosz
45cc16098d
DEV: Move spec/components to spec/lib ( #15987 )
...
Lib specs were inexplicably split into two directories (`lib` and `components`)
This moves them all into `lib`.
2022-02-18 19:41:54 +01:00