alchemy_cms 6.0.0.pre.b5 → 6.0.0.pre.rc3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c960938b7e577abd1031dc1ff066eea2bc9636f2a94d61cab753ae42e1058768
-  data.tar.gz: d3dff1ab8a69b2dcfc2374aa78ecbbaad3c76d97fe66c23ede57d33e8f019f49
+  metadata.gz: 21260eb0f68590cfe400b34ba5cbfe8d18551ed9fd2f6cc206bb5c7ed2aebb66
+  data.tar.gz: 870421eb1bbaf3c7b246de59379297f63f3719da3601e1ac07f8bb72877d6c0a
 SHA512:
-  metadata.gz: 73e65f16a6c35dd438645b36f359745db42d657ca6d7de7082714f879105c97ac296861790dc15f6c3411f25970519f2d01dc5c3b2525e88e8fc25a2fca38b80
-  data.tar.gz: 78dedcd0ca764496af5abc4a8800675205ef6f78deb511bf8cf2f4bb5025f4e6cfe7315dc9a4d54d114a33efbb6d5ad2b53fc4de881686c8df158c7d7dfa83dd
+  metadata.gz: 8056e9a0e2cebea3069b47405f60339e4dbb1af55399323a32f7298976e918318ec7e790674a273d84825c0416c6658127dba68c5596562e0f8687bb9cbcd56e
+  data.tar.gz: 438ee71b5721ccf34a713a9c6469c5cc1a383a1dd75f7534348cb25b9ef9f9dd668e59821e7d3c087c1f3cc3d86fbf121d5e7b0c07905dfcb2f4cd431005f13d

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,46 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 4 * * 2'
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/ci.yml

@@ -10,10 +10,11 @@ jobs:
       matrix:
         rails:
           - '6.0'
+          - '6.1'
         ruby:
-          - '2.6.6'
-          - '2.7.2'
-          - '3.0.0'
+          - '2.6.8'
+          - '2.7.4'
+          - '3.0.2'
         database:
           - mysql
           - postgresql

data/CHANGELOG.md

@@ -1,3 +1,34 @@
+## 6.0.0-rc3 (2021-11-24)
+
+### Changes
+
+- Set stampable user_class_name without root identifier [#2215](https://github.com/AlchemyCMS/alchemy_cms/pull/2215) ([tvdeyen](https://github.com/tvdeyen))
+- Allow all possible args in tagged_with method [#2211](https://github.com/AlchemyCMS/alchemy_cms/pull/2211) ([robinboening](https://github.com/robinboening))
+
+### Fixes
+
+- fix(ImageCropper): Add dom ids to picture crop fields [#2219](https://github.com/AlchemyCMS/alchemy_cms/pull/2219) ([tvdeyen](https://github.com/tvdeyen))
+- Adjust tinymce skin assets urls again [#2218](https://github.com/AlchemyCMS/alchemy_cms/pull/2218) ([tvdeyen](https://github.com/tvdeyen))
+- Use relative path for tinymce font-face [#2214](https://github.com/AlchemyCMS/alchemy_cms/pull/2214) ([tvdeyen](https://github.com/tvdeyen))
+
+### Misc
+
+- Install correct npm package [#2204](https://github.com/AlchemyCMS/alchemy_cms/pull/2204) ([tvdeyen](https://github.com/tvdeyen))
+- Switch to cuprite for system testing [#2203](https://github.com/AlchemyCMS/alchemy_cms/pull/2203) ([tvdeyen](https://github.com/tvdeyen))
+- Upgrade webdrivers to version 5.0.0 [#2201](https://github.com/AlchemyCMS/alchemy_cms/pull/2201) ([depfu](https://github.com/apps/depfu))
+
+## 6.0.0-rc2 (2021-10-13)
+
+- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
+
+## 6.0.0-rc1 (2021-09-12)
+
+- Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
+
+## 6.0.0-b6 (2021-09-02)
+
+- Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
+- Do not validate element during toggle fold and create [#2186](https://github.com/AlchemyCMS/alchemy_cms/pull/2186) ([tvdeyen](https://github.com/tvdeyen))
 ## 6.0.0-b5 (2021-08-27)
 
 - Remove spec that tests default data store value [#2184](https://github.com/AlchemyCMS/alchemy_cms/pull/2184) ([tvdeyen](https://github.com/tvdeyen))

data/Gemfile

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 
 gemspec
 
-rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
+rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
 gem "rails", "~> #{rails_version}.0"
 
 if ENV["DB"].nil? || ENV["DB"] == "sqlite"
@@ -40,3 +40,8 @@ group :development, :test do
     gem "brakeman", require: false
   end
 end
+
+# Necessary for system tests in Rails 6.0
+if ENV["RAILS_VERSION"] == "6.0"
+  gem "selenium-webdriver"
+end

data/README.md

@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
 
 Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
 
-**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
+**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
 
 
 ## ✅ Features

data/SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We support the current major and last minor version of the previous major version with security fixes.
+
+## Reporting a Vulnerability
+
+Please send a preferably encrypted email to hello@alchemy-cms.com
+
+PGP public key finger print
+
+52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0

data/alchemy_cms.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
     activesupport
     railties
   ].each do |rails_gem|
-    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
+    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
   end
 
   gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
@@ -57,13 +57,13 @@ Gem::Specification.new do |gem|
 
   gem.add_development_dependency "capybara", ["~> 3.0"]
   gem.add_development_dependency "capybara-screenshot", ["~> 1.0"]
+  gem.add_development_dependency "cuprite", ["~> 0.13"]
   gem.add_development_dependency "factory_bot_rails", ["~> 6.0"]
   gem.add_development_dependency "puma", ["~> 5.0"]
   gem.add_development_dependency "rails-controller-testing", ["~> 1.0"]
   gem.add_development_dependency "rspec-activemodel-mocks", ["~> 1.0"]
   gem.add_development_dependency "rspec-rails", [">= 4.0.0.beta2"]
   gem.add_development_dependency "simplecov", ["~> 0.20"]
-  gem.add_development_dependency "webdrivers", ["~> 4.0"]
   gem.add_development_dependency "webmock", ["~> 3.3"]
   gem.add_development_dependency "shoulda-matchers", ["~> 5.0"]
   gem.add_development_dependency "timecop", ["~> 0.9"]

data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee

@@ -4,12 +4,13 @@
 class window.Alchemy.LinkDialog extends Alchemy.Dialog
 
   constructor: (@link_object) ->
-    parent_selector = @link_object.dataset.parentSelector
-    parent = document.querySelector(parent_selector)
-    @link_value_field = parent.querySelector("[data-link-value]")
-    @link_title_field = parent.querySelector("[data-link-title]")
-    @link_target_field = parent.querySelector("[data-link-target]")
-    @link_class_field = parent.querySelector("[data-link-class]")
+    if @link_object.dataset
+      parent_selector = @link_object.dataset.parentSelector
+      parent = document.querySelector(parent_selector)
+      @link_value_field = parent.querySelector("[data-link-value]")
+      @link_title_field = parent.querySelector("[data-link-title]")
+      @link_target_field = parent.querySelector("[data-link-target]")
+      @link_class_field = parent.querySelector("[data-link-class]")
     @url = Alchemy.routes.link_admin_pages_path
     @$link_object = $(@link_object)
     @options =

data/app/assets/stylesheets/tinymce/skins/alchemy/content.min.css.scss

@@ -30,7 +30,7 @@ td,th {
 
 .mce-object {
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/object.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/object.gif') no-repeat center;
 }
 
 .mce-pagebreak {
@@ -55,7 +55,7 @@ td,th {
   width: 9px!important;
   height: 9px!important;
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/anchor.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/anchor.gif') no-repeat center;
 }
 
 .mce-nbsp {
@@ -77,7 +77,7 @@ hr {
 }
 
 .mce-spellchecker-word {
-  background: url(img/wline.gif) repeat-x bottom left;
+  background: url('tinymce/skins/alchemy/fonts/img/wline.gif') repeat-x bottom left;
   cursor: default;
 }
 

data/app/assets/stylesheets/tinymce/skins/alchemy/skin.min.css.scss

@@ -1561,23 +1561,23 @@ i.mce-i-resize {
   opacity: 0.6;
   filter: alpha(opacity=60);
   zoom: 1;
-  background: #fff url('img/loader.gif') no-repeat center center;
+  background: #fff url('tinymce/skins/alchemy/fonts/img/loader.gif') no-repeat center center;
 }
 
 @font-face {
   font-family: 'tinymce';
-  src: url('fonts/tinymce.woff') format('woff'),
-       url('fonts/tinymce.ttf') format('truetype'),
-       url('fonts/tinymce.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }
 
 @font-face {
   font-family: 'tinymce-small';
-  src: url('fonts/tinymce-small.woff') format('woff'),
-       url('fonts/tinymce-small.ttf') format('truetype'),
-       url('fonts/tinymce-small.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce-small.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }

data/app/controllers/alchemy/admin/elements_controller.rb

@@ -32,14 +32,14 @@ module Alchemy
           if @paste_from_clipboard = params[:paste_from_clipboard].present?
             @element = paste_element_from_clipboard
           else
-            @element = Element.create(create_element_params)
+            @element = Element.new(create_element_params)
           end
           if @page.definition["insert_elements_at"] == "top"
             @insert_at_top = true
-            @element.move_to_top
+            @element.position = 1
           end
         end
-        if @element.valid?
+        if @element.save
           render :create
         else
           @element.page_version = @page_version
@@ -91,10 +91,14 @@ module Alchemy
         end
       end
 
+      # Toggle fodls the element and persists the state in the db
+      #
+      # Ingredient validations might make the element invalid.
+      # In this case we are just toggling a UI state and do not care about the validations.
       def fold
         @page = @element.page
         @element.folded = !@element.folded
-        @element.save
+        @element.save(validate: false)
       end
 
       private

data/app/models/alchemy/attachment.rb

@@ -28,7 +28,7 @@ module Alchemy
       after_assign { |f| write_attribute(:file_mime_type, f.mime_type) }
     end
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     has_many :essence_files, class_name: "Alchemy::EssenceFile", foreign_key: "attachment_id"
     has_many :contents, through: :essence_files

data/app/models/alchemy/element/presenters.rb

@@ -99,12 +99,12 @@ module Alchemy
       # The ingredient that's used for element's preview text.
       #
       # It tries to find one of element's ingredients that is defined +as_element_title+.
-      # Takes element's first ingredient if no ingredient is defined +as_element_title+.
+      # Takes element's first defined ingredient if no ingredient is defined +as_element_title+.
       #
       # @return (Alchemy::Ingredient)
       #
       def preview_ingredient
-        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || ingredients.first
+        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || first_ingredient_by_definition
       end
 
       private
@@ -122,6 +122,13 @@ module Alchemy
       def preview_text_from_preview_ingredient(maxlength)
         preview_ingredient&.preview_text(maxlength)
       end
+
+      def first_ingredient_by_definition
+        return if ingredient_definitions.empty?
+
+        role = ingredient_definitions.first["role"]
+        ingredients.detect { |ingredient| ingredient.role == role }
+      end
     end
   end
 end

data/app/models/alchemy/element.rb

@@ -57,7 +57,7 @@ module Alchemy
     #
     acts_as_list scope: [:page_version_id, :fixed, :parent_element_id]
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     has_many :contents, dependent: :destroy, inverse_of: :element
 

data/app/models/alchemy/node.rb

@@ -7,7 +7,7 @@ module Alchemy
     before_destroy :check_if_related_essence_nodes_present
 
     acts_as_nested_set scope: "language_id", touch: true
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     belongs_to :language, class_name: "Alchemy::Language"
     belongs_to :page, class_name: "Alchemy::Page", optional: true, inverse_of: :nodes

data/app/models/alchemy/page.rb

@@ -88,7 +88,7 @@ module Alchemy
 
     acts_as_nested_set(dependent: :destroy, scope: [:layoutpage, :language_id])
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     belongs_to :language
 

data/app/models/alchemy/picture.rb

@@ -110,7 +110,7 @@ module Alchemy
       case_sensitive: false,
       message: Alchemy.t("not a valid image")
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     scope :named, ->(name) { where("#{table_name}.name LIKE ?", "%#{name}%") }
     scope :recent, -> { where("#{table_name}.created_at > ?", Time.current - 24.hours).order(:created_at) }

data/app/views/alchemy/ingredients/_picture_editor.html.erb

@@ -54,7 +54,7 @@
     <%= f.hidden_field :link_title, data: { link_title: true }, id: nil %>
     <%= f.hidden_field :link_class_name, data: { link_class: true }, id: nil %>
     <%= f.hidden_field :link_target, data: { link_target: true }, id: nil %>
-    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: nil %>
-    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: nil %>
+    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: picture_editor.form_field_id(:crop_from) %>
+    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: picture_editor.form_field_id(:crop_size) %>
   <% end %>
 <% end %>

data/config/brakeman.ignore

@@ -58,7 +58,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/resources_controller.rb",
-      "line": 136,
+      "line": 209,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.require(resource_handler.namespaced_resource_name).permit!",
       "render_path": null,
@@ -86,7 +86,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 97,
+          "line": 102,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -109,7 +109,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 150,
+      "line": 155,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.fetch(:contents, {}).permit!",
       "render_path": null,
@@ -122,6 +122,26 @@
       "confidence": "Medium",
       "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "6addfcb9d23d2d6f699f2f3542169744ff749dc4d0a97f8ac783ab92593e1d84",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/alchemy/upgrader.rb",
+      "line": 30,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`yarn add @alchemy_cms/admin@~#{Alchemy.version}`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Upgrader",
+        "method": "update_npm_package"
+      },
+      "user_input": "Alchemy.version",
+      "confidence": "Medium",
+      "note": "The alchemy version is safe"
+    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 4,
@@ -255,6 +275,6 @@
       "note": ""
     }
   ],
-  "updated": "2021-06-29 20:56:10 +0200",
-  "brakeman_version": "5.0.1"
+  "updated": "2021-10-26 21:44:59 +0200",
+  "brakeman_version": "5.1.1"
 }

data/lib/alchemy/engine.rb

@@ -40,7 +40,7 @@ module Alchemy
       if Alchemy.user_class
         ActiveSupport.on_load(:active_record) do
           Alchemy.user_class.model_stamper
-          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class_name)
+          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class.name)
         end
       end
     end

data/lib/alchemy/taggable.rb

@@ -22,13 +22,20 @@ module Alchemy
     end
 
     module ClassMethods
-      # Find all records matching all of the given tags.
-      # Separate multiple tags by comma.
-      def tagged_with(names)
+      def tagged_with(names = [], **args)
         if names.is_a? String
           names = names.split(/,\s*/)
         end
-        super(names: names, match: :all)
+
+        unless args[:match]
+          args.merge!(match: :all)
+        end
+
+        if names.any?
+          args.merge!(names: names)
+        end
+
+        super(args)
       end
 
       # Returns all unique tags

data/lib/alchemy/upgrader.rb

@@ -24,6 +24,12 @@ module Alchemy
           todo "Check the default configuration file (./config/alchemy/config.yml.defaults) for new configuration options and insert them into your config file.", "Configuration has changed"
         end
       end
+
+      def update_npm_package
+        desc "Install new npm package."
+        `yarn add @alchemy_cms/admin@~#{Alchemy.version}`
+        log "Installed new npm package."
+      end
     end
   end
 end

data/lib/alchemy/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Alchemy
-  VERSION = "6.0.0-b5"
+  VERSION = "6.0.0-rc3"
 
   def self.version
     VERSION

data/lib/generators/alchemy/install/install_generator.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "rails/generators"
 require "alchemy/install/tasks"
+require "alchemy/version"
 
 module Alchemy
   module Generators
@@ -88,7 +89,7 @@ module Alchemy
       end
 
       def add_npm_package
-        run "yarn add @alchemy_cms/admin"
+        run "yarn add @alchemy_cms/admin@~#{Alchemy.version}"
       end
 
       def copy_alchemy_entry_point

data/lib/tasks/alchemy/upgrade.rake

@@ -17,6 +17,7 @@ namespace :alchemy do
     task prepare: [
       "alchemy:upgrade:database",
       "alchemy:upgrade:config",
+      "alchemy:upgrade:package",
     ]
 
     desc "Alchemy Upgrader: Prepares the database."
@@ -30,6 +31,11 @@ namespace :alchemy do
       Alchemy::Upgrader.copy_new_config_file
     end
 
+    desc "Alchemy Upgrader: Install new Node package."
+    task package: [:environment] do
+      Alchemy::Upgrader.update_npm_package
+    end
+
     desc "Upgrade Alchemy to v5.0"
     task "5.0" => [
       "alchemy:upgrade:prepare",

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alchemy_cms/admin",
-  "version": "6.0.0-b5",
+  "version": "6.0.0-rc3",
   "description": "AlchemyCMS",
   "browser": "package/admin.js",
   "files": [

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 6.0.0.pre.b5
+  version: 6.0.0.pre.rc3
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -10,10 +10,10 @@ authors:
 - Hendrik Mans
 - Carsten Fregin
 - Martin Meyerhoff
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -24,7 +24,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -34,7 +34,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -44,7 +44,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -54,7 +54,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionview
   requirement: !ruby/object:Gem::Requirement
@@ -64,7 +64,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -104,7 +104,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -114,7 +114,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -124,7 +124,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -134,7 +134,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -164,7 +164,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -174,7 +174,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: active_model_serializers
   requirement: !ruby/object:Gem::Requirement
@@ -571,6 +571,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cuprite
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
 - !ruby/object:Gem::Dependency
   name: factory_bot_rails
   requirement: !ruby/object:Gem::Requirement
@@ -655,20 +669,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.20'
-- !ruby/object:Gem::Dependency
-  name: webdrivers
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -724,6 +724,7 @@ files:
 - ".github/ISSUE_TEMPLATE/Bug_report.md"
 - ".github/ISSUE_TEMPLATE/Feature_request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/brakeman-analysis.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/stale.yml"
 - ".gitignore"
@@ -739,6 +740,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - alchemy_cms.gemspec
 - app/assets/config/alchemy_manifest.js
 - app/assets/images/alchemy/alchemy-logo.png
@@ -1517,7 +1519,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
 rubygems_version: 3.1.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails
 test_files: []
+...