RubyGems - alchemy_cms - Versions diffs - 6.0.0.pre.b5 → 6.0.0.pre.rc3 - Mend

alchemy_cms 6.0.0.pre.b5 → 6.0.0.pre.rc3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of alchemy_cms might be problematic. Click here for more details.

Files changed (28) hide show

checksums.yaml +4 -4
data/.github/workflows/brakeman-analysis.yml +46 -0
data/.github/workflows/ci.yml +4 -3
data/CHANGELOG.md +31 -0
data/Gemfile +6 -1
data/README.md +1 -1
data/SECURITY.md +13 -0
data/alchemy_cms.gemspec +2 -2
data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee +7 -6
data/app/assets/stylesheets/tinymce/skins/alchemy/content.min.css.scss +3 -3
data/app/assets/stylesheets/tinymce/skins/alchemy/skin.min.css.scss +7 -7
data/app/controllers/alchemy/admin/elements_controller.rb +8 -4
data/app/models/alchemy/attachment.rb +1 -1
data/app/models/alchemy/element/presenters.rb +9 -2
data/app/models/alchemy/element.rb +1 -1
data/app/models/alchemy/node.rb +1 -1
data/app/models/alchemy/page.rb +1 -1
data/app/models/alchemy/picture.rb +1 -1
data/app/views/alchemy/ingredients/_picture_editor.html.erb +2 -2
data/config/brakeman.ignore +25 -5
data/lib/alchemy/engine.rb +1 -1
data/lib/alchemy/taggable.rb +11 -4
data/lib/alchemy/upgrader.rb +6 -0
data/lib/alchemy/version.rb +1 -1
data/lib/generators/alchemy/install/install_generator.rb +2 -1
data/lib/tasks/alchemy/upgrade.rake +6 -0
data/package.json +1 -1
metadata +37 -34

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c960938b7e577abd1031dc1ff066eea2bc9636f2a94d61cab753ae42e1058768
-  data.tar.gz: d3dff1ab8a69b2dcfc2374aa78ecbbaad3c76d97fe66c23ede57d33e8f019f49
+  metadata.gz: 21260eb0f68590cfe400b34ba5cbfe8d18551ed9fd2f6cc206bb5c7ed2aebb66
+  data.tar.gz: 870421eb1bbaf3c7b246de59379297f63f3719da3601e1ac07f8bb72877d6c0a
 SHA512:
-  metadata.gz: 73e65f16a6c35dd438645b36f359745db42d657ca6d7de7082714f879105c97ac296861790dc15f6c3411f25970519f2d01dc5c3b2525e88e8fc25a2fca38b80
-  data.tar.gz: 78dedcd0ca764496af5abc4a8800675205ef6f78deb511bf8cf2f4bb5025f4e6cfe7315dc9a4d54d114a33efbb6d5ad2b53fc4de881686c8df158c7d7dfa83dd
+  metadata.gz: 8056e9a0e2cebea3069b47405f60339e4dbb1af55399323a32f7298976e918318ec7e790674a273d84825c0416c6658127dba68c5596562e0f8687bb9cbcd56e
+  data.tar.gz: 438ee71b5721ccf34a713a9c6469c5cc1a383a1dd75f7534348cb25b9ef9f9dd668e59821e7d3c087c1f3cc3d86fbf121d5e7b0c07905dfcb2f4cd431005f13d

data/.github/workflows/brakeman-analysis.yml ADDED Viewed

@@ -0,0 +1,46 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+name: Brakeman Scan
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 4 * * 2'
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/ci.yml CHANGED Viewed

@@ -10,10 +10,11 @@ jobs:
       matrix:
         rails:
           - '6.0'
+          - '6.1'
         ruby:
-          - '2.6.6'
-          - '2.7.2'
-          - '3.0.0'
+          - '2.6.8'
+          - '2.7.4'
+          - '3.0.2'
         database:
           - mysql
           - postgresql

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,34 @@
+## 6.0.0-rc3 (2021-11-24)
+### Changes
+- Set stampable user_class_name without root identifier [#2215](https://github.com/AlchemyCMS/alchemy_cms/pull/2215) ([tvdeyen](https://github.com/tvdeyen))
+- Allow all possible args in tagged_with method [#2211](https://github.com/AlchemyCMS/alchemy_cms/pull/2211) ([robinboening](https://github.com/robinboening))
+### Fixes
+- fix(ImageCropper): Add dom ids to picture crop fields [#2219](https://github.com/AlchemyCMS/alchemy_cms/pull/2219) ([tvdeyen](https://github.com/tvdeyen))
+- Adjust tinymce skin assets urls again [#2218](https://github.com/AlchemyCMS/alchemy_cms/pull/2218) ([tvdeyen](https://github.com/tvdeyen))
+- Use relative path for tinymce font-face [#2214](https://github.com/AlchemyCMS/alchemy_cms/pull/2214) ([tvdeyen](https://github.com/tvdeyen))
+### Misc
+- Install correct npm package [#2204](https://github.com/AlchemyCMS/alchemy_cms/pull/2204) ([tvdeyen](https://github.com/tvdeyen))
+- Switch to cuprite for system testing [#2203](https://github.com/AlchemyCMS/alchemy_cms/pull/2203) ([tvdeyen](https://github.com/tvdeyen))
+- Upgrade webdrivers to version 5.0.0 [#2201](https://github.com/AlchemyCMS/alchemy_cms/pull/2201) ([depfu](https://github.com/apps/depfu))
+## 6.0.0-rc2 (2021-10-13)
+- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
+## 6.0.0-rc1 (2021-09-12)
+- Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
+## 6.0.0-b6 (2021-09-02)
+- Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
+- Do not validate element during toggle fold and create [#2186](https://github.com/AlchemyCMS/alchemy_cms/pull/2186) ([tvdeyen](https://github.com/tvdeyen))
 ## 6.0.0-b5 (2021-08-27)
 - Remove spec that tests default data store value [#2184](https://github.com/AlchemyCMS/alchemy_cms/pull/2184) ([tvdeyen](https://github.com/tvdeyen))

data/Gemfile CHANGED Viewed

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 gemspec
-rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
+rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
 gem "rails", "~> #{rails_version}.0"
 if ENV["DB"].nil? || ENV["DB"] == "sqlite"
@@ -40,3 +40,8 @@ group :development, :test do
     gem "brakeman", require: false
   end
 end
+# Necessary for system tests in Rails 6.0
+if ENV["RAILS_VERSION"] == "6.0"
+  gem "selenium-webdriver"
+end

data/README.md CHANGED Viewed

@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
 Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
-**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
+**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
 ## ✅ Features

data/SECURITY.md ADDED Viewed

@@ -0,0 +1,13 @@
+# Security Policy
+## Supported Versions
+We support the current major and last minor version of the previous major version with security fixes.
+## Reporting a Vulnerability
+Please send a preferably encrypted email to hello@alchemy-cms.com
+PGP public key finger print
+52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0

data/alchemy_cms.gemspec CHANGED Viewed

@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
     activesupport
     railties
   ].each do |rails_gem|
-    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
+    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
   end
   gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
@@ -57,13 +57,13 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "capybara", ["~> 3.0"]
   gem.add_development_dependency "capybara-screenshot", ["~> 1.0"]
+  gem.add_development_dependency "cuprite", ["~> 0.13"]
   gem.add_development_dependency "factory_bot_rails", ["~> 6.0"]
   gem.add_development_dependency "puma", ["~> 5.0"]
   gem.add_development_dependency "rails-controller-testing", ["~> 1.0"]
   gem.add_development_dependency "rspec-activemodel-mocks", ["~> 1.0"]
   gem.add_development_dependency "rspec-rails", [">= 4.0.0.beta2"]
   gem.add_development_dependency "simplecov", ["~> 0.20"]
-  gem.add_development_dependency "webdrivers", ["~> 4.0"]
   gem.add_development_dependency "webmock", ["~> 3.3"]
   gem.add_development_dependency "shoulda-matchers", ["~> 5.0"]
   gem.add_development_dependency "timecop", ["~> 0.9"]

data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee CHANGED Viewed

@@ -4,12 +4,13 @@
 class window.Alchemy.LinkDialog extends Alchemy.Dialog
   constructor: (@link_object) ->
-    parent_selector = @link_object.dataset.parentSelector
-    parent = document.querySelector(parent_selector)
-    @link_value_field = parent.querySelector("[data-link-value]")
-    @link_title_field = parent.querySelector("[data-link-title]")
-    @link_target_field = parent.querySelector("[data-link-target]")
-    @link_class_field = parent.querySelector("[data-link-class]")
+    if @link_object.dataset
+      parent_selector = @link_object.dataset.parentSelector
+      parent = document.querySelector(parent_selector)
+      @link_value_field = parent.querySelector("[data-link-value]")
+      @link_title_field = parent.querySelector("[data-link-title]")
+      @link_target_field = parent.querySelector("[data-link-target]")
+      @link_class_field = parent.querySelector("[data-link-class]")
     @url = Alchemy.routes.link_admin_pages_path
     @$link_object = $(@link_object)
     @options =

data/app/assets/stylesheets/tinymce/skins/alchemy/content.min.css.scss CHANGED Viewed

@@ -30,7 +30,7 @@ td,th {
 .mce-object {
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/object.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/object.gif') no-repeat center;
 }
 .mce-pagebreak {
@@ -55,7 +55,7 @@ td,th {
   width: 9px!important;
   height: 9px!important;
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/anchor.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/anchor.gif') no-repeat center;
 }
 .mce-nbsp {
@@ -77,7 +77,7 @@ hr {
 }
 .mce-spellchecker-word {
-  background: url(img/wline.gif) repeat-x bottom left;
+  background: url('tinymce/skins/alchemy/fonts/img/wline.gif') repeat-x bottom left;
   cursor: default;
 }

data/app/assets/stylesheets/tinymce/skins/alchemy/skin.min.css.scss CHANGED Viewed

@@ -1561,23 +1561,23 @@ i.mce-i-resize {
   opacity: 0.6;
   filter: alpha(opacity=60);
   zoom: 1;
-  background: #fff url('img/loader.gif') no-repeat center center;
+  background: #fff url('tinymce/skins/alchemy/fonts/img/loader.gif') no-repeat center center;
 }
 @font-face {
   font-family: 'tinymce';
-  src: url('fonts/tinymce.woff') format('woff'),
-       url('fonts/tinymce.ttf') format('truetype'),
-       url('fonts/tinymce.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }
 @font-face {
   font-family: 'tinymce-small';
-  src: url('fonts/tinymce-small.woff') format('woff'),
-       url('fonts/tinymce-small.ttf') format('truetype'),
-       url('fonts/tinymce-small.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce-small.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }

data/app/controllers/alchemy/admin/elements_controller.rb CHANGED Viewed

@@ -32,14 +32,14 @@ module Alchemy
           if @paste_from_clipboard = params[:paste_from_clipboard].present?
             @element = paste_element_from_clipboard
           else
-            @element = Element.create(create_element_params)
+            @element = Element.new(create_element_params)
           end
           if @page.definition["insert_elements_at"] == "top"
             @insert_at_top = true
-            @element.move_to_top
+            @element.position = 1
           end
         end
-        if @element.valid?
+        if @element.save
           render :create
         else
           @element.page_version = @page_version
@@ -91,10 +91,14 @@ module Alchemy
         end
       end
+      # Toggle fodls the element and persists the state in the db
+      #
+      # Ingredient validations might make the element invalid.
+      # In this case we are just toggling a UI state and do not care about the validations.
       def fold
         @page = @element.page
         @element.folded = !@element.folded
-        @element.save
+        @element.save(validate: false)
       end
       private

data/app/models/alchemy/attachment.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Alchemy
       after_assign { |f| write_attribute(:file_mime_type, f.mime_type) }
     end
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
     has_many :essence_files, class_name: "Alchemy::EssenceFile", foreign_key: "attachment_id"
     has_many :contents, through: :essence_files

data/app/models/alchemy/element/presenters.rb CHANGED Viewed

@@ -99,12 +99,12 @@ module Alchemy
       # The ingredient that's used for element's preview text.
       #
       # It tries to find one of element's ingredients that is defined +as_element_title+.
-      # Takes element's first ingredient if no ingredient is defined +as_element_title+.
+      # Takes element's first defined ingredient if no ingredient is defined +as_element_title+.
       #
       # @return (Alchemy::Ingredient)
       #
       def preview_ingredient
-        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || ingredients.first
+        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || first_ingredient_by_definition
       end
       private
@@ -122,6 +122,13 @@ module Alchemy
       def preview_text_from_preview_ingredient(maxlength)
         preview_ingredient&.preview_text(maxlength)
       end
+      def first_ingredient_by_definition
+        return if ingredient_definitions.empty?
+        role = ingredient_definitions.first["role"]
+        ingredients.detect { |ingredient| ingredient.role == role }
+      end
     end
   end
 end

data/app/models/alchemy/element.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module Alchemy
     #
     acts_as_list scope: [:page_version_id, :fixed, :parent_element_id]
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
     has_many :contents, dependent: :destroy, inverse_of: :element

data/app/models/alchemy/node.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Alchemy
     before_destroy :check_if_related_essence_nodes_present
     acts_as_nested_set scope: "language_id", touch: true
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
     belongs_to :language, class_name: "Alchemy::Language"
     belongs_to :page, class_name: "Alchemy::Page", optional: true, inverse_of: :nodes

data/app/models/alchemy/page.rb CHANGED Viewed

@@ -88,7 +88,7 @@ module Alchemy
     acts_as_nested_set(dependent: :destroy, scope: [:layoutpage, :language_id])
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
     belongs_to :language

data/app/models/alchemy/picture.rb CHANGED Viewed

@@ -110,7 +110,7 @@ module Alchemy
       case_sensitive: false,
       message: Alchemy.t("not a valid image")
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
     scope :named, ->(name) { where("#{table_name}.name LIKE ?", "%#{name}%") }
     scope :recent, -> { where("#{table_name}.created_at > ?", Time.current - 24.hours).order(:created_at) }

data/app/views/alchemy/ingredients/_picture_editor.html.erb CHANGED Viewed

@@ -54,7 +54,7 @@
     <%= f.hidden_field :link_title, data: { link_title: true }, id: nil %>
     <%= f.hidden_field :link_class_name, data: { link_class: true }, id: nil %>
     <%= f.hidden_field :link_target, data: { link_target: true }, id: nil %>
-    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: nil %>
-    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: nil %>
+    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: picture_editor.form_field_id(:crop_from) %>
+    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: picture_editor.form_field_id(:crop_size) %>
   <% end %>
 <% end %>

data/config/brakeman.ignore CHANGED Viewed

@@ -58,7 +58,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/resources_controller.rb",
-      "line": 136,
+      "line": 209,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.require(resource_handler.namespaced_resource_name).permit!",
       "render_path": null,
@@ -86,7 +86,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 97,
+          "line": 102,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -109,7 +109,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 150,
+      "line": 155,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.fetch(:contents, {}).permit!",
       "render_path": null,
@@ -122,6 +122,26 @@
       "confidence": "Medium",
       "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "6addfcb9d23d2d6f699f2f3542169744ff749dc4d0a97f8ac783ab92593e1d84",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/alchemy/upgrader.rb",
+      "line": 30,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`yarn add @alchemy_cms/admin@~#{Alchemy.version}`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Upgrader",
+        "method": "update_npm_package"
+      },
+      "user_input": "Alchemy.version",
+      "confidence": "Medium",
+      "note": "The alchemy version is safe"
+    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 4,
@@ -255,6 +275,6 @@
       "note": ""
     }
   ],
-  "updated": "2021-06-29 20:56:10 +0200",
-  "brakeman_version": "5.0.1"
+  "updated": "2021-10-26 21:44:59 +0200",
+  "brakeman_version": "5.1.1"
 }

data/lib/alchemy/engine.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Alchemy
       if Alchemy.user_class
         ActiveSupport.on_load(:active_record) do
           Alchemy.user_class.model_stamper
-          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class_name)
+          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class.name)
         end
       end
     end

data/lib/alchemy/taggable.rb CHANGED Viewed

@@ -22,13 +22,20 @@ module Alchemy
     end
     module ClassMethods
-      # Find all records matching all of the given tags.
-      # Separate multiple tags by comma.
-      def tagged_with(names)
+      def tagged_with(names = [], **args)
         if names.is_a? String
           names = names.split(/,\s*/)
         end
-        super(names: names, match: :all)
+        unless args[:match]
+          args.merge!(match: :all)
+        end
+        if names.any?
+          args.merge!(names: names)
+        end
+        super(args)
       end
       # Returns all unique tags

data/lib/alchemy/upgrader.rb CHANGED Viewed

@@ -24,6 +24,12 @@ module Alchemy
           todo "Check the default configuration file (./config/alchemy/config.yml.defaults) for new configuration options and insert them into your config file.", "Configuration has changed"
         end
       end
+      def update_npm_package
+        desc "Install new npm package."
+        `yarn add @alchemy_cms/admin@~#{Alchemy.version}`
+        log "Installed new npm package."
+      end
     end
   end
 end

data/lib/alchemy/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Alchemy
-  VERSION = "6.0.0-b5"
+  VERSION = "6.0.0-rc3"
   def self.version
     VERSION

data/lib/generators/alchemy/install/install_generator.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "rails/generators"
 require "alchemy/install/tasks"
+require "alchemy/version"
 module Alchemy
   module Generators
@@ -88,7 +89,7 @@ module Alchemy
       end
       def add_npm_package
-        run "yarn add @alchemy_cms/admin"
+        run "yarn add @alchemy_cms/admin@~#{Alchemy.version}"
       end
       def copy_alchemy_entry_point

data/lib/tasks/alchemy/upgrade.rake CHANGED Viewed

@@ -17,6 +17,7 @@ namespace :alchemy do
     task prepare: [
       "alchemy:upgrade:database",
       "alchemy:upgrade:config",
+      "alchemy:upgrade:package",
     ]
     desc "Alchemy Upgrader: Prepares the database."
@@ -30,6 +31,11 @@ namespace :alchemy do
       Alchemy::Upgrader.copy_new_config_file
     end
+    desc "Alchemy Upgrader: Install new Node package."
+    task package: [:environment] do
+      Alchemy::Upgrader.update_npm_package
+    end
     desc "Upgrade Alchemy to v5.0"
     task "5.0" => [
       "alchemy:upgrade:prepare",

data/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alchemy_cms/admin",
-  "version": "6.0.0-b5",
+  "version": "6.0.0-rc3",
   "description": "AlchemyCMS",
   "browser": "package/admin.js",
   "files": [

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 6.0.0.pre.b5
+  version: 6.0.0.pre.rc3
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -10,10 +10,10 @@ authors:
 - Hendrik Mans
 - Carsten Fregin
 - Martin Meyerhoff
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -24,7 +24,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -34,7 +34,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -44,7 +44,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -54,7 +54,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionview
   requirement: !ruby/object:Gem::Requirement
@@ -64,7 +64,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -104,7 +104,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -114,7 +114,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -124,7 +124,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -134,7 +134,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -164,7 +164,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -174,7 +174,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: active_model_serializers
   requirement: !ruby/object:Gem::Requirement
@@ -571,6 +571,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cuprite
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
 - !ruby/object:Gem::Dependency
   name: factory_bot_rails
   requirement: !ruby/object:Gem::Requirement
@@ -655,20 +669,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.20'
-- !ruby/object:Gem::Dependency
-  name: webdrivers
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -724,6 +724,7 @@ files:
 - ".github/ISSUE_TEMPLATE/Bug_report.md"
 - ".github/ISSUE_TEMPLATE/Feature_request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/brakeman-analysis.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/stale.yml"
 - ".gitignore"
@@ -739,6 +740,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - alchemy_cms.gemspec
 - app/assets/config/alchemy_manifest.js
 - app/assets/images/alchemy/alchemy-logo.png
@@ -1517,7 +1519,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
 rubygems_version: 3.1.6
-signing_key:
+signing_key:
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails
 test_files: []
+...