3951e9b528
SECURITY: update rack from 2.0.5 to 2.0.6
...
This release contains security fixes to the underlying rack library
used by Discourse.
Impact is not too high as we do not use request.scheme in our templates
2018-11-07 10:05:22 +11:00
57ab6bcba1
SECURITY: update loofah for CVE-2018-16468
2018-10-30 10:51:03 -04:00
7fe3491bc0
bump onebox version
...
- UX: make title on Instagram less redundant
2018-10-25 12:18:16 +05:30
d20fd66286
bump onebox to 1.8.64
2018-10-16 11:10:11 -04:00
3aceda2dfd
Update to latest version of message bus
...
This includes DistributedCache which we will be using and perf fixes
2018-10-15 13:49:04 +11:00
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
893c0e9d5f
Don't run the pre-release for bundler.
2018-10-08 09:23:39 +08:00
6995fd12c6
build(deps): [security] bump nokogiri from 1.8.3 to 1.8.5 ( #6455 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.8.3 to 1.8.5. **This update includes security fixes.**
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.8.3...v1.8.5 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-10-05 09:43:17 -04:00
378584fdc0
correct under reporting of memory in memory profiler
2018-10-04 17:02:53 +10:00
420e7bccca
bump onebox version (take 2)
...
- better detection of zero dollar amazon price
2018-10-03 17:54:56 +05:30
b56d0026b9
bump onebox version
...
- do not display zero dollar price on Amazon onebox
- fix google play store onebox
2018-10-03 17:05:51 +05:30
a2b6eed284
FIX: correct compilation issues on clang 10
...
In MacOS we need different compilation flags now that some are
deprecated in clang 10, this is not specific to mojave which was
the previous fix
2018-09-28 09:42:06 +08:00
afd2edabe4
DEV: update mini_racer for Mojave support
...
MacOS Mojave deprecates some libraries making it a bit
harder to compile Mini Racer, this release adds support
2018-09-26 07:43:34 +08:00
80229668f9
bump onebox version
...
- FIX: user correct steam placeholder image url
- catch up Ruby 2.6
2018-09-19 10:06:43 +05:30
fb9e3e6423
Update aws-sdk-s3
...
In preparation for https://github.com/discourse/discourse/pull/6345
2018-09-17 17:39:46 +02:00
5bb7cc8710
FIX: update PG gem
...
We need the newer PG gem to fix issues around rb_wait_for_single_fd that
pop up in rare conditions
2018-09-13 21:57:20 +10:00
0d8c72d8c4
DEV: Add rake task to check locale files for errors
2018-09-05 00:47:39 +02:00
8ce8edaf40
bump onebox version
2018-08-31 15:10:11 +05:30
6b9aeeea73
bump onebox version
2018-08-31 08:40:36 +05:30
a928bf4300
Revert `rails_multisite` back to `2.0.4`.
2018-08-30 15:42:51 +08:00
2872b100dc
bump onebox version
2018-08-29 16:55:06 +05:30
b760f66523
Upgrade PG gem to latest
...
This unlocks some performance improvements
2018-08-27 10:58:19 +10:00
6acba44ed9
Revert "Install `mailcatcher` in development."
...
This reverts commit 914ce34e5b
2018-08-21 15:40:50 +08:00
914ce34e5b
Install `mailcatcher` in development.
2018-08-21 15:28:02 +08:00
168ffd8384
FEATURE: group warnings about IP level rate limiting
2018-08-13 14:38:20 +10:00
b829452c75
Merge pull request #6209 from discourse/mini_scheduler
...
REFACTOR: extract scheduler to the mini_scheduler gem
2018-08-01 10:28:24 -04:00
a115aae45f
Use rchardet instead of charlock_holmes gem
2018-08-01 10:41:20 +02:00
ff942ed2f3
FIX: Try detecting encoding of RSS feed
2018-08-01 10:41:20 +02:00
4ad7ce70ce
REFACTOR: extract scheduler to the mini_scheduler gem
2018-07-31 17:12:55 -04:00
458d9cd17a
bump onebox version
2018-07-31 22:52:03 +05:30
b4a2f3fe2f
DEV: implementing danger for travis
2018-07-24 10:12:15 -04:00
22dad7f0e8
bump onebox version
2018-07-17 13:55:00 +05:30
39299fdd8c
bump onebox version
2018-07-16 11:43:32 +05:30
2a5a57a87e
bump onebox version
2018-07-12 21:29:34 +05:30
72a3457379
Bump `discourse_image_optim` which uses a global timeout.
...
Our previous solution has the timeout set at the worker level
which means the total timeout would be X timeout secs * N number of
workers.
2018-07-09 10:30:18 +08:00
564e7e6898
FEATURE: update libv8 to version 6.7
...
This has parity with stable Chrome!
2018-07-09 09:08:25 +10:00
f662d1135e
FIX: update mini_racer corrects erratic segfaults
...
In some conditions mini_racer would segfault causing sidekiq crash or
web crash, this was automatically recovered from but not ideal.
2018-07-06 11:00:07 +10:00
3d2f3ef8ae
Update discourse_image_optim gem.
2018-07-03 15:22:54 +08:00
55a963252d
bump onebox version
2018-07-02 10:36:26 +05:30
ebd2be9e02
DEV: lower highline requirement
2018-06-27 22:50:00 +02:00
2f5b7beace
bump onebox version
2018-06-25 11:22:06 +05:30
da8c6e9ac0
bump mini_sql for faster/more correct time conversions
2018-06-24 15:17:47 +10:00
a171464a55
bump onebox version
2018-06-20 16:47:55 +05:30
bb959e85e6
Pin exifr to 1.2.5.
2018-06-20 17:27:46 +08:00
cb824a6b33
DEV: remove all calls to SqlBuilder use DB.build instead
...
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
2018-06-20 17:53:49 +10:00
76707eec1b
Update rails_multisite.
2018-06-20 15:11:41 +08:00
ccb57e609f
bump onebox version
2018-06-20 11:06:56 +05:30
2a8e7a5d4e
upgrade gems
2018-06-20 10:07:56 +10:00
8ea29c51ae
SECURITY: update sprockets for CVE-2018-3760
2018-06-20 09:49:26 +10:00
b8e5989201
correct rake db:create, which needs a defer DB object
2018-06-19 16:43:50 +10:00
5f64fd0a21
DEV: remove exec_sql and replace with mini_sql
...
Introduce new patterns for direct sql that are safe and fast.
MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API
- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder
See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
f4fdcda502
Upgrade to Rails 5.2 take 2.
2018-06-08 09:33:50 +08:00
c6bf8f6e24
FIX: Uploading JPEG files didn't work anymore
2018-06-07 17:39:27 +02:00
1834417e2f
downgrade rails properly
2018-06-07 20:38:22 +10:00
d3b8ee761c
revert to rails 5.1 for now
2018-06-07 19:47:53 +10:00
89ad2b5900
DEV: Rails 5.2 upgrade and global gem upgrade
...
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated
Performance testing shows that performance has not regressed
if anything it is marginally faster now.
2018-06-07 14:21:33 +10:00
2bd905c632
Revert "Upgrade Rails to 5.1.6."
...
This reverts commit ab66215f5c
2018-06-07 09:49:38 +08:00
ab66215f5c
Upgrade Rails to 5.1.6.
2018-06-07 08:34:36 +08:00
685083491e
FEATURE: StackOverflow importer
2018-06-04 16:57:12 +02:00
2bafd2a355
Don't pin version of `Fabrication` gem.
2018-05-28 15:09:02 +08:00
1c61117cbc
bump onebox version
2018-05-23 17:44:01 +05:30
8238097d0f
bump email_reply_trimmer
2018-05-17 10:22:53 +02:00
fc54238726
FIX: message bus had corrupt internal state for first 30 secs
...
This upgrades message bus to latest and corrects an issue where
it did not track the fact it was polling for the first 30 seconds
It corrected internal state after, but this caused some odd issues
2018-05-16 12:19:16 +10:00
b18e0825b5
Update Gemfile.lock.
2018-05-07 17:10:34 +08:00
91b31860a1
Feature: Push notifications for Android ( #5792 )
...
* Feature: Push notifications for Android
Notification config for desktop and mobile are merged.
Desktop notifications stay as they are for desktop views.
If mobile mode, push notifications are enabled.
Added push notification subscriptions in their own table, rather than through
custom fields.
Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
c718c59b5d
bump onebox version
2018-05-03 16:14:16 +05:30
ddb092f397
FIX: update mail gem to fix UTF-8 parsing issue
2018-04-25 21:53:37 +02:00
256545ca2c
bump onebox version
2018-04-23 15:18:19 +05:30
050ce48bd0
Update message bus to correct issue where too many reqs are performed
2018-04-20 15:52:24 +10:00
9c9fa4537c
Update Redis gems.
2018-04-20 12:49:36 +08:00
56b3527eb8
Upgrade Sidekiq.
2018-04-20 11:47:40 +08:00
284c946128
revert puma upgrade for now
...
it does not work right in dev
2018-04-11 14:36:10 +10:00
a89d7ef851
Bump puma from 3.9.1 to 3.11.3
...
Bumps [puma](https://github.com/puma/puma ) from 3.9.1 to 3.11.3.
- [Release notes](https://github.com/puma/puma/releases )
- [Changelog](https://github.com/puma/puma/blob/master/History.md )
- [Commits](https://github.com/puma/puma/compare/v3.9.1...v3.11.3 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-04-10 16:09:30 +10:00
689144b2bf
Upgrade Mail gem.
2018-04-04 18:35:40 +08:00
98faf2878e
FEATURE: bump rack-mini-profiler version
...
This corrects a warning in chrome console and provides better jQuery 3 compatability
2018-03-29 11:12:09 +11:00
2c1ede6e5f
update email_reply_trimmer
2018-03-28 13:12:50 +02:00
2ca37602d9
Update rack-protection
2018-03-26 12:49:54 -04:00
84e1ffd141
Update rails-html-sanitizer
2018-03-26 12:48:28 -04:00
3a62eba299
bump onebox version
2018-03-22 11:38:01 +05:30
25284d2340
update loofah gem
2018-03-21 13:32:28 +01:00
9c4936ec9c
update sanitize gem
2018-03-21 13:27:17 +01:00
3e32ab1523
UX: css for Instagram onebox
2018-03-19 13:32:36 +05:30
8027096c09
Partially revert "Upgrade mail gem to remove dependency on mime-types."
...
Still seeing heap_live_count spikes.
This reverts commit 58b8ea4f41
2018-03-14 20:21:45 +08:00
58b8ea4f41
Upgrade mail gem to remove dependency on mime-types.
...
* Use a EmailValidator.email_regexp for `Email.is_valid?`
check as we're seeing an increase in allocation when
parsing email addresses wih `Mail::Address`.
2018-03-14 14:37:55 +08:00
685406b1bb
try updating rubocop so it does not crash
2018-03-13 17:58:23 +11:00
39e679d3cb
FEATURE: allow themes to live in private git repos
...
This feature allows themes sourced from git to live on private
servers, it automatically generates key pairs.
2018-03-09 16:14:38 +11:00
bdb25338e5
Update bootsnap.
2018-03-06 17:37:02 +08:00
56bacb1c2f
Bump onebox
2018-02-27 12:07:16 +01:00
79e0cd7f52
update onebox
2018-02-26 10:15:14 +11:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
80ec6ce4fd
bump onebox
2018-02-21 10:06:17 +11:00
107eb5d830
FIX: binding_of_caller not working on Ruby 2.5
2018-02-19 11:37:16 +11:00
9d8df812dd
PERF: upgrade Oj gem
2018-02-19 11:37:16 +11:00
9bb7c3dcf0
bump onebox version
2018-02-16 21:32:25 +05:30
e456ae1b6c
Revert "Upgrade mail gem to drop dependency on `mime-types`."
...
This reverts commit 498cc15aa9
2018-02-16 07:04:22 +11:00
498cc15aa9
Upgrade mail gem to drop dependency on `mime-types`.
...
Boot Memory Usage
```
Total allocated: 225695379 bytes (1990663 objects)
Total retained: 32795116 bytes (291607 objects)
```
```
Total allocated: 218342892 bytes (1897350 objects)
Total retained: 30123426 bytes (261198 objects)
```
2018-02-15 16:24:26 +08:00
94b2c70c0d
PERF: remove oga gem
...
oga gem is automatically required by the aws gem
the oga gem retains about 1mb of memory, aws now uses nokogiri
This also removes the html normalize from the pretty text specs that was
a fair bit buggy as the polls test shows.
2018-02-15 14:36:40 +11:00
c89b42c488
PERF: only require the rss library if used
...
Before:
Total allocated: 257909321 bytes (2514134 objects)
Total retained: 39681579 bytes (343387 objects)
allocated memory by gem
-----------------------------------
42875979 rss
retained memory by gem
-----------------------------------
2080188 rss
retained objects by gem
-----------------------------------
13052 rss
After:
Total allocated: 210562047 bytes (2252030 objects)
Total retained: 37433816 bytes (328635 objects)
----
So, 2 less megabytes on boot and 13000 objects stuck in ruby heaps forever.
2018-02-15 13:11:33 +11:00
218c8e8623
Merge pull request #5595 from discourse/new-gfycat-onebox
...
New gfycat onebox
2018-02-14 19:03:28 -02:00
c3606fdef6
Update onebox
2018-02-14 17:43:13 -02:00
Sam
Kyle Zhao
Arpit Jalan
Penar Musaraj
Bianca Nenciu
Guo Xiang Tan
Grey Baker
Gerhard Schlager
Neil Lalonde
Joffrey JAFFEUX
Régis Hanol
Jeff Wong
dependabot[bot]
Robin Ward
Rafael dos Santos Silva