alchemy_cms 6.0.0.pre.b4 → 6.0.0.pre.rc2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fb49f5d73d0fe450fc5b15c1a31b8ea9db3c281a0ffbc10ea41fac56617f0ba8
4
- data.tar.gz: a0a78888094965fc097dcfe0642ef1ea22905300abff1659257d8ae2b7990670
3
+ metadata.gz: aa6425ce6e3aa16df7d9df57ac4d098093cc6707f95856f4a7030204b82cb7b9
4
+ data.tar.gz: ea96e420624ff64d60dccaa6e9e425354f85aa47e2a8602a20799414adf37096
5
5
  SHA512:
6
- metadata.gz: 0ce83617901077c47a15d5e3e3ec48e3f78ff1c879a18467a44aab0c20d69b59f4a7eb698b49688ca6e7d5cd45b1127196084943c4604d7474ea588eeae176e9
7
- data.tar.gz: 6e13fe6a39778668e02f5f09c475db1029f28fb42f8f439464798f017169ee28247f45e3a444c5c82a88d2d928cbdc4492ce5ba4d21dea509e61cb8098b8102f
6
+ metadata.gz: 8842fb9afc57ca77301e7658c3b00ca96306d5de1eda7827ba114d8fa0501fb9d520416ba8e9d100b785c9555be4b0d8f277dde4b44124539c9a9dbe2756d0b7
7
+ data.tar.gz: d18b971bd54abf71a988e78751ce104d6ba7ea8ad24fd809cdc44e7c4564c65b4f777971819ca7df14ab23162dfeeb5c0ab5936f58097139277fd72fb22567f2
@@ -0,0 +1,46 @@
1
+ # This workflow integrates Brakeman with GitHub's Code Scanning feature
2
+ # Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
3
+
4
+ name: Brakeman Scan
5
+
6
+ on:
7
+ push:
8
+ branches: [ main ]
9
+ pull_request:
10
+ # The branches below must be a subset of the branches above
11
+ branches: [ main ]
12
+ schedule:
13
+ - cron: '40 4 * * 2'
14
+
15
+ jobs:
16
+ brakeman-scan:
17
+ name: Brakeman Scan
18
+ runs-on: ubuntu-latest
19
+ steps:
20
+ # Checkout the repository to the GitHub Actions runner
21
+ - name: Checkout
22
+ uses: actions/checkout@v2
23
+
24
+ # Customize the ruby version depending on your needs
25
+ - name: Setup Ruby
26
+ uses: actions/setup-ruby@v1
27
+ with:
28
+ ruby-version: '2.7'
29
+
30
+ - name: Setup Brakeman
31
+ env:
32
+ BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
33
+ run: |
34
+ gem install brakeman --version $BRAKEMAN_VERSION
35
+
36
+ # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
37
+ - name: Scan
38
+ continue-on-error: true
39
+ run: |
40
+ brakeman -f sarif -o output.sarif.json .
41
+
42
+ # Upload the SARIF file generated in the previous step
43
+ - name: Upload SARIF
44
+ uses: github/codeql-action/upload-sarif@v1
45
+ with:
46
+ sarif_file: output.sarif.json
@@ -10,10 +10,11 @@ jobs:
10
10
  matrix:
11
11
  rails:
12
12
  - '6.0'
13
+ - '6.1'
13
14
  ruby:
14
- - '2.6.6'
15
- - '2.7.2'
16
- - '3.0.0'
15
+ - '2.6.8'
16
+ - '2.7.4'
17
+ - '3.0.2'
17
18
  database:
18
19
  - mysql
19
20
  - postgresql
data/CHANGELOG.md CHANGED
@@ -1,3 +1,20 @@
1
+ ## 6.0.0-rc2 (2021-10-13)
2
+
3
+ - Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
4
+
5
+ ## 6.0.0-rc1 (2021-09-12)
6
+
7
+ - Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
8
+
9
+ ## 6.0.0-b6 (2021-09-02)
10
+
11
+ - Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
12
+ - Do not validate element during toggle fold and create [#2186](https://github.com/AlchemyCMS/alchemy_cms/pull/2186) ([tvdeyen](https://github.com/tvdeyen))
13
+ ## 6.0.0-b5 (2021-08-27)
14
+
15
+ - Remove spec that tests default data store value [#2184](https://github.com/AlchemyCMS/alchemy_cms/pull/2184) ([tvdeyen](https://github.com/tvdeyen))
16
+ - Remove data store accessor from ingredient base class [#2183](https://github.com/AlchemyCMS/alchemy_cms/pull/2183) ([tvdeyen](https://github.com/tvdeyen))
17
+
1
18
  ## 6.0.0-b4 (2021-08-27)
2
19
 
3
20
  - Load custom Tinymce config for ingredients [#2182](https://github.com/AlchemyCMS/alchemy_cms/pull/2182) ([tvdeyen](https://github.com/tvdeyen))
data/Gemfile CHANGED
@@ -3,7 +3,7 @@ source "https://rubygems.org"
3
3
 
4
4
  gemspec
5
5
 
6
- rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
6
+ rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
7
7
  gem "rails", "~> #{rails_version}.0"
8
8
 
9
9
  if ENV["DB"].nil? || ENV["DB"] == "sqlite"
data/README.md CHANGED
@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
18
18
 
19
19
  Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
20
20
 
21
- **CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
21
+ **CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
22
22
 
23
23
 
24
24
  ## ✅ Features
data/SECURITY.md ADDED
@@ -0,0 +1,13 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ We support the current major and last minor version of the previous major version with security fixes.
6
+
7
+ ## Reporting a Vulnerability
8
+
9
+ Please send a preferably encrypted email to hello@alchemy-cms.com
10
+
11
+ PGP public key finger print
12
+
13
+ 52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0
data/alchemy_cms.gemspec CHANGED
@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
29
29
  activesupport
30
30
  railties
31
31
  ].each do |rails_gem|
32
- gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
32
+ gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
33
33
  end
34
34
 
35
35
  gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
@@ -4,12 +4,13 @@
4
4
  class window.Alchemy.LinkDialog extends Alchemy.Dialog
5
5
 
6
6
  constructor: (@link_object) ->
7
- parent_selector = @link_object.dataset.parentSelector
8
- parent = document.querySelector(parent_selector)
9
- @link_value_field = parent.querySelector("[data-link-value]")
10
- @link_title_field = parent.querySelector("[data-link-title]")
11
- @link_target_field = parent.querySelector("[data-link-target]")
12
- @link_class_field = parent.querySelector("[data-link-class]")
7
+ if @link_object.dataset
8
+ parent_selector = @link_object.dataset.parentSelector
9
+ parent = document.querySelector(parent_selector)
10
+ @link_value_field = parent.querySelector("[data-link-value]")
11
+ @link_title_field = parent.querySelector("[data-link-title]")
12
+ @link_target_field = parent.querySelector("[data-link-target]")
13
+ @link_class_field = parent.querySelector("[data-link-class]")
13
14
  @url = Alchemy.routes.link_admin_pages_path
14
15
  @$link_object = $(@link_object)
15
16
  @options =
@@ -32,14 +32,14 @@ module Alchemy
32
32
  if @paste_from_clipboard = params[:paste_from_clipboard].present?
33
33
  @element = paste_element_from_clipboard
34
34
  else
35
- @element = Element.create(create_element_params)
35
+ @element = Element.new(create_element_params)
36
36
  end
37
37
  if @page.definition["insert_elements_at"] == "top"
38
38
  @insert_at_top = true
39
- @element.move_to_top
39
+ @element.position = 1
40
40
  end
41
41
  end
42
- if @element.valid?
42
+ if @element.save
43
43
  render :create
44
44
  else
45
45
  @element.page_version = @page_version
@@ -91,10 +91,14 @@ module Alchemy
91
91
  end
92
92
  end
93
93
 
94
+ # Toggle fodls the element and persists the state in the db
95
+ #
96
+ # Ingredient validations might make the element invalid.
97
+ # In this case we are just toggling a UI state and do not care about the validations.
94
98
  def fold
95
99
  @page = @element.page
96
100
  @element.folded = !@element.folded
97
- @element.save
101
+ @element.save(validate: false)
98
102
  end
99
103
 
100
104
  private
@@ -99,12 +99,12 @@ module Alchemy
99
99
  # The ingredient that's used for element's preview text.
100
100
  #
101
101
  # It tries to find one of element's ingredients that is defined +as_element_title+.
102
- # Takes element's first ingredient if no ingredient is defined +as_element_title+.
102
+ # Takes element's first defined ingredient if no ingredient is defined +as_element_title+.
103
103
  #
104
104
  # @return (Alchemy::Ingredient)
105
105
  #
106
106
  def preview_ingredient
107
- @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || ingredients.first
107
+ @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || first_ingredient_by_definition
108
108
  end
109
109
 
110
110
  private
@@ -122,6 +122,13 @@ module Alchemy
122
122
  def preview_text_from_preview_ingredient(maxlength)
123
123
  preview_ingredient&.preview_text(maxlength)
124
124
  end
125
+
126
+ def first_ingredient_by_definition
127
+ return if ingredient_definitions.empty?
128
+
129
+ role = ingredient_definitions.first["role"]
130
+ ingredients.detect { |ingredient| ingredient.role == role }
131
+ end
125
132
  end
126
133
  end
127
134
  end
@@ -118,11 +118,6 @@ module Alchemy
118
118
  value.to_s[0..maxlength - 1]
119
119
  end
120
120
 
121
- # Cross DB adapter data accessor that works
122
- def data
123
- @_data ||= (self[:data] || {}).with_indifferent_access
124
- end
125
-
126
121
  # The path to the view partial of the ingredient
127
122
  # @return [String]
128
123
  def to_partial_path
@@ -16,7 +16,6 @@ RSpec.shared_examples_for "an alchemy ingredient" do
16
16
  it { is_expected.to belong_to(:related_object).optional }
17
17
  it { is_expected.to validate_presence_of(:role) }
18
18
  it { is_expected.to validate_presence_of(:type) }
19
- it { expect(subject.data).to eq({}) }
20
19
 
21
20
  describe "#settings" do
22
21
  subject { ingredient.settings }
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Alchemy
4
- VERSION = "6.0.0-b4"
4
+ VERSION = "6.0.0-rc2"
5
5
 
6
6
  def self.version
7
7
  VERSION
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@alchemy_cms/admin",
3
- "version": "6.0.0-b4",
3
+ "version": "6.0.0-rc2",
4
4
  "description": "AlchemyCMS",
5
5
  "browser": "package/admin.js",
6
6
  "files": [
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: alchemy_cms
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.0.pre.b4
4
+ version: 6.0.0.pre.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thomas von Deyen
@@ -10,10 +10,10 @@ authors:
10
10
  - Hendrik Mans
11
11
  - Carsten Fregin
12
12
  - Martin Meyerhoff
13
- autorequire:
13
+ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2021-08-27 00:00:00.000000000 Z
16
+ date: 2021-10-13 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: actionmailer
@@ -24,7 +24,7 @@ dependencies:
24
24
  version: '6.0'
25
25
  - - "<"
26
26
  - !ruby/object:Gem::Version
27
- version: '6.1'
27
+ version: '6.2'
28
28
  type: :runtime
29
29
  prerelease: false
30
30
  version_requirements: !ruby/object:Gem::Requirement
@@ -34,7 +34,7 @@ dependencies:
34
34
  version: '6.0'
35
35
  - - "<"
36
36
  - !ruby/object:Gem::Version
37
- version: '6.1'
37
+ version: '6.2'
38
38
  - !ruby/object:Gem::Dependency
39
39
  name: actionpack
40
40
  requirement: !ruby/object:Gem::Requirement
@@ -44,7 +44,7 @@ dependencies:
44
44
  version: '6.0'
45
45
  - - "<"
46
46
  - !ruby/object:Gem::Version
47
- version: '6.1'
47
+ version: '6.2'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
@@ -54,7 +54,7 @@ dependencies:
54
54
  version: '6.0'
55
55
  - - "<"
56
56
  - !ruby/object:Gem::Version
57
- version: '6.1'
57
+ version: '6.2'
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: actionview
60
60
  requirement: !ruby/object:Gem::Requirement
@@ -64,7 +64,7 @@ dependencies:
64
64
  version: '6.0'
65
65
  - - "<"
66
66
  - !ruby/object:Gem::Version
67
- version: '6.1'
67
+ version: '6.2'
68
68
  type: :runtime
69
69
  prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
74
74
  version: '6.0'
75
75
  - - "<"
76
76
  - !ruby/object:Gem::Version
77
- version: '6.1'
77
+ version: '6.2'
78
78
  - !ruby/object:Gem::Dependency
79
79
  name: activejob
80
80
  requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ dependencies:
84
84
  version: '6.0'
85
85
  - - "<"
86
86
  - !ruby/object:Gem::Version
87
- version: '6.1'
87
+ version: '6.2'
88
88
  type: :runtime
89
89
  prerelease: false
90
90
  version_requirements: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
94
94
  version: '6.0'
95
95
  - - "<"
96
96
  - !ruby/object:Gem::Version
97
- version: '6.1'
97
+ version: '6.2'
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: activemodel
100
100
  requirement: !ruby/object:Gem::Requirement
@@ -104,7 +104,7 @@ dependencies:
104
104
  version: '6.0'
105
105
  - - "<"
106
106
  - !ruby/object:Gem::Version
107
- version: '6.1'
107
+ version: '6.2'
108
108
  type: :runtime
109
109
  prerelease: false
110
110
  version_requirements: !ruby/object:Gem::Requirement
@@ -114,7 +114,7 @@ dependencies:
114
114
  version: '6.0'
115
115
  - - "<"
116
116
  - !ruby/object:Gem::Version
117
- version: '6.1'
117
+ version: '6.2'
118
118
  - !ruby/object:Gem::Dependency
119
119
  name: activerecord
120
120
  requirement: !ruby/object:Gem::Requirement
@@ -124,7 +124,7 @@ dependencies:
124
124
  version: '6.0'
125
125
  - - "<"
126
126
  - !ruby/object:Gem::Version
127
- version: '6.1'
127
+ version: '6.2'
128
128
  type: :runtime
129
129
  prerelease: false
130
130
  version_requirements: !ruby/object:Gem::Requirement
@@ -134,7 +134,7 @@ dependencies:
134
134
  version: '6.0'
135
135
  - - "<"
136
136
  - !ruby/object:Gem::Version
137
- version: '6.1'
137
+ version: '6.2'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: activesupport
140
140
  requirement: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ dependencies:
144
144
  version: '6.0'
145
145
  - - "<"
146
146
  - !ruby/object:Gem::Version
147
- version: '6.1'
147
+ version: '6.2'
148
148
  type: :runtime
149
149
  prerelease: false
150
150
  version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
154
154
  version: '6.0'
155
155
  - - "<"
156
156
  - !ruby/object:Gem::Version
157
- version: '6.1'
157
+ version: '6.2'
158
158
  - !ruby/object:Gem::Dependency
159
159
  name: railties
160
160
  requirement: !ruby/object:Gem::Requirement
@@ -164,7 +164,7 @@ dependencies:
164
164
  version: '6.0'
165
165
  - - "<"
166
166
  - !ruby/object:Gem::Version
167
- version: '6.1'
167
+ version: '6.2'
168
168
  type: :runtime
169
169
  prerelease: false
170
170
  version_requirements: !ruby/object:Gem::Requirement
@@ -174,7 +174,7 @@ dependencies:
174
174
  version: '6.0'
175
175
  - - "<"
176
176
  - !ruby/object:Gem::Version
177
- version: '6.1'
177
+ version: '6.2'
178
178
  - !ruby/object:Gem::Dependency
179
179
  name: active_model_serializers
180
180
  requirement: !ruby/object:Gem::Requirement
@@ -724,6 +724,7 @@ files:
724
724
  - ".github/ISSUE_TEMPLATE/Bug_report.md"
725
725
  - ".github/ISSUE_TEMPLATE/Feature_request.md"
726
726
  - ".github/PULL_REQUEST_TEMPLATE.md"
727
+ - ".github/workflows/brakeman-analysis.yml"
727
728
  - ".github/workflows/ci.yml"
728
729
  - ".github/workflows/stale.yml"
729
730
  - ".gitignore"
@@ -739,6 +740,7 @@ files:
739
740
  - LICENSE
740
741
  - README.md
741
742
  - Rakefile
743
+ - SECURITY.md
742
744
  - alchemy_cms.gemspec
743
745
  - app/assets/config/alchemy_manifest.js
744
746
  - app/assets/images/alchemy/alchemy-logo.png
@@ -1516,8 +1518,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1516
1518
  version: 1.3.1
1517
1519
  requirements:
1518
1520
  - ImageMagick (libmagick), v6.6 or greater.
1519
- rubygems_version: 3.1.6
1520
- signing_key:
1521
+ rubygems_version: 3.2.28
1522
+ signing_key:
1521
1523
  specification_version: 4
1522
1524
  summary: A powerful, userfriendly and flexible CMS for Rails
1523
1525
  test_files: []
1526
+ ...