alchemy_cms 6.0.0.pre.b6 → 6.0.0.pre.rc4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/brakeman-analysis.yml +46 -0
  3. data/.github/workflows/ci.yml +4 -3
  4. data/CHANGELOG.md +35 -0
  5. data/Gemfile +6 -1
  6. data/README.md +1 -1
  7. data/SECURITY.md +13 -0
  8. data/alchemy_cms.gemspec +3 -3
  9. data/app/assets/javascripts/alchemy/admin.js +0 -1
  10. data/app/assets/javascripts/alchemy/alchemy.gui.js.coffee +2 -2
  11. data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee +7 -6
  12. data/app/assets/stylesheets/alchemy/_extends.scss +4 -4
  13. data/app/assets/stylesheets/alchemy/flatpickr.scss +182 -232
  14. data/app/assets/stylesheets/tinymce/skins/alchemy/content.min.css.scss +3 -3
  15. data/app/assets/stylesheets/tinymce/skins/alchemy/skin.min.css.scss +7 -7
  16. data/app/controllers/alchemy/admin/base_controller.rb +9 -3
  17. data/app/models/alchemy/attachment.rb +1 -1
  18. data/app/models/alchemy/element.rb +1 -1
  19. data/app/models/alchemy/node.rb +1 -1
  20. data/app/models/alchemy/page.rb +1 -1
  21. data/app/models/alchemy/picture.rb +1 -1
  22. data/app/views/alchemy/ingredients/_picture_editor.html.erb +2 -2
  23. data/config/brakeman.ignore +25 -5
  24. data/lib/alchemy/engine.rb +8 -1
  25. data/lib/alchemy/error_tracking/airbrake_handler.rb +13 -0
  26. data/lib/alchemy/error_tracking.rb +14 -0
  27. data/lib/alchemy/taggable.rb +11 -4
  28. data/lib/alchemy/upgrader.rb +6 -0
  29. data/lib/alchemy/version.rb +1 -1
  30. data/lib/alchemy_cms.rb +1 -0
  31. data/lib/generators/alchemy/install/install_generator.rb +2 -1
  32. data/lib/tasks/alchemy/upgrade.rake +6 -0
  33. data/package/admin.js +3 -1
  34. data/package/src/datepicker.js +39 -0
  35. data/package.json +2 -1
  36. metadata +44 -39
  37. data/app/assets/javascripts/alchemy/alchemy.datepicker.js.coffee +0 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a2356162437442579cc431fade3fc3486f5262d22e6a6212950634e5ac90f595
4
- data.tar.gz: 4a933ae8c9652adbe6fef16cf2e420c31160b4352fb2fba3a15f536f67f1dbc0
3
+ metadata.gz: da8076b5e01533899e6c3003841940160335389c6e8a961bedec1b08839f61ba
4
+ data.tar.gz: dfcd49629458243d86cb4bb49615da876b3e5bfb1b69de121f90fe6e98bb964c
5
5
  SHA512:
6
- metadata.gz: 807c2793f1805245bf12512582f2bfd06acdc777a811b070877447792d20b5cfae46b7e04276d90aed455f97fca91f88385df51317a294b9569b7e845017dfbe
7
- data.tar.gz: 04ec712fe19f499cf0174ee0d044a6c086abec3c063cfa5df32380033de40f4373c9e0978f626a74ac83a67b190ef4154566da152b39e02dba47b15bc6d9e94f
6
+ metadata.gz: a25f6e26595f7b7e218200a0a7dbc1e69ac175c1daa3736b443501f80c8f1012215c69ab2f17addeb61b397cb3288b018b87f8e175d1ec9c1399e38101018d7f
7
+ data.tar.gz: 1c8cee2a1c08c70581945e25dc0745ba9bf2dea83e44220e00a096fce531df941bea97405836dcc4cf650ede4e12162e7ab6b9dc18a8e297f4ac6f71a18643d6
@@ -0,0 +1,46 @@
1
+ # This workflow integrates Brakeman with GitHub's Code Scanning feature
2
+ # Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
3
+
4
+ name: Brakeman Scan
5
+
6
+ on:
7
+ push:
8
+ branches: [ main ]
9
+ pull_request:
10
+ # The branches below must be a subset of the branches above
11
+ branches: [ main ]
12
+ schedule:
13
+ - cron: '40 4 * * 2'
14
+
15
+ jobs:
16
+ brakeman-scan:
17
+ name: Brakeman Scan
18
+ runs-on: ubuntu-latest
19
+ steps:
20
+ # Checkout the repository to the GitHub Actions runner
21
+ - name: Checkout
22
+ uses: actions/checkout@v2
23
+
24
+ # Customize the ruby version depending on your needs
25
+ - name: Setup Ruby
26
+ uses: actions/setup-ruby@v1
27
+ with:
28
+ ruby-version: '2.7'
29
+
30
+ - name: Setup Brakeman
31
+ env:
32
+ BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
33
+ run: |
34
+ gem install brakeman --version $BRAKEMAN_VERSION
35
+
36
+ # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
37
+ - name: Scan
38
+ continue-on-error: true
39
+ run: |
40
+ brakeman -f sarif -o output.sarif.json .
41
+
42
+ # Upload the SARIF file generated in the previous step
43
+ - name: Upload SARIF
44
+ uses: github/codeql-action/upload-sarif@v1
45
+ with:
46
+ sarif_file: output.sarif.json
@@ -10,10 +10,11 @@ jobs:
10
10
  matrix:
11
11
  rails:
12
12
  - '6.0'
13
+ - '6.1'
13
14
  ruby:
14
- - '2.6.6'
15
- - '2.7.2'
16
- - '3.0.0'
15
+ - '2.6.8'
16
+ - '2.7.4'
17
+ - '3.0.2'
17
18
  database:
18
19
  - mysql
19
20
  - postgresql
data/CHANGELOG.md CHANGED
@@ -1,3 +1,38 @@
1
+ ## 6.0.0-rc4 (2022-01-16)
2
+
3
+ ### Changes
4
+
5
+ - Allow ransack 2.5.0 [#2223](https://github.com/AlchemyCMS/alchemy_cms/pull/2223) ([depfu](https://github.com/apps/depfu))
6
+ - make the admin error tracker customizable [#2220](https://github.com/AlchemyCMS/alchemy_cms/pull/2220) ([DarkSwoop](https://github.com/DarkSwoop))
7
+ - Update Flatpickr to 4.6.9 [#2197](https://github.com/AlchemyCMS/alchemy_cms/pull/2197) ([tvdeyen](https://github.com/tvdeyen))
8
+
9
+ ## 6.0.0-rc3 (2021-11-24)
10
+
11
+ ### Changes
12
+
13
+ - Set stampable user_class_name without root identifier [#2215](https://github.com/AlchemyCMS/alchemy_cms/pull/2215) ([tvdeyen](https://github.com/tvdeyen))
14
+ - Allow all possible args in tagged_with method [#2211](https://github.com/AlchemyCMS/alchemy_cms/pull/2211) ([robinboening](https://github.com/robinboening))
15
+
16
+ ### Fixes
17
+
18
+ - fix(ImageCropper): Add dom ids to picture crop fields [#2219](https://github.com/AlchemyCMS/alchemy_cms/pull/2219) ([tvdeyen](https://github.com/tvdeyen))
19
+ - Adjust tinymce skin assets urls again [#2218](https://github.com/AlchemyCMS/alchemy_cms/pull/2218) ([tvdeyen](https://github.com/tvdeyen))
20
+ - Use relative path for tinymce font-face [#2214](https://github.com/AlchemyCMS/alchemy_cms/pull/2214) ([tvdeyen](https://github.com/tvdeyen))
21
+
22
+ ### Misc
23
+
24
+ - Install correct npm package [#2204](https://github.com/AlchemyCMS/alchemy_cms/pull/2204) ([tvdeyen](https://github.com/tvdeyen))
25
+ - Switch to cuprite for system testing [#2203](https://github.com/AlchemyCMS/alchemy_cms/pull/2203) ([tvdeyen](https://github.com/tvdeyen))
26
+ - Upgrade webdrivers to version 5.0.0 [#2201](https://github.com/AlchemyCMS/alchemy_cms/pull/2201) ([depfu](https://github.com/apps/depfu))
27
+
28
+ ## 6.0.0-rc2 (2021-10-13)
29
+
30
+ - Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
31
+
32
+ ## 6.0.0-rc1 (2021-09-12)
33
+
34
+ - Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
35
+
1
36
  ## 6.0.0-b6 (2021-09-02)
2
37
 
3
38
  - Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
data/Gemfile CHANGED
@@ -3,7 +3,7 @@ source "https://rubygems.org"
3
3
 
4
4
  gemspec
5
5
 
6
- rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
6
+ rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
7
7
  gem "rails", "~> #{rails_version}.0"
8
8
 
9
9
  if ENV["DB"].nil? || ENV["DB"] == "sqlite"
@@ -40,3 +40,8 @@ group :development, :test do
40
40
  gem "brakeman", require: false
41
41
  end
42
42
  end
43
+
44
+ # Necessary for system tests in Rails 6.0
45
+ if ENV["RAILS_VERSION"] == "6.0"
46
+ gem "selenium-webdriver"
47
+ end
data/README.md CHANGED
@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
18
18
 
19
19
  Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
20
20
 
21
- **CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
21
+ **CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
22
22
 
23
23
 
24
24
  ## ✅ Features
data/SECURITY.md ADDED
@@ -0,0 +1,13 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ We support the current major and last minor version of the previous major version with security fixes.
6
+
7
+ ## Reporting a Vulnerability
8
+
9
+ Please send a preferably encrypted email to hello@alchemy-cms.com
10
+
11
+ PGP public key finger print
12
+
13
+ 52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0
data/alchemy_cms.gemspec CHANGED
@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
29
29
  activesupport
30
30
  railties
31
31
  ].each do |rails_gem|
32
- gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
32
+ gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
33
33
  end
34
34
 
35
35
  gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
@@ -46,7 +46,7 @@ Gem::Specification.new do |gem|
46
46
  gem.add_runtime_dependency "kaminari", ["~> 1.1"]
47
47
  gem.add_runtime_dependency "originator", ["~> 3.1"]
48
48
  gem.add_runtime_dependency "non-stupid-digest-assets", ["~> 1.0.8"]
49
- gem.add_runtime_dependency "ransack", [">= 1.8", "< 2.4.2"] # 2.4.2 dropped Ruby 2.5 support in a patch level release
49
+ gem.add_runtime_dependency "ransack", [">= 1.8", "<= 2.5.0"] # 2.4.2 dropped Ruby 2.5 support in a patch level release
50
50
  gem.add_runtime_dependency "request_store", ["~> 1.2"]
51
51
  gem.add_runtime_dependency "responders", [">= 2.0", "< 4.0"]
52
52
  gem.add_runtime_dependency "sassc-rails", ["~> 2.1"]
@@ -57,13 +57,13 @@ Gem::Specification.new do |gem|
57
57
 
58
58
  gem.add_development_dependency "capybara", ["~> 3.0"]
59
59
  gem.add_development_dependency "capybara-screenshot", ["~> 1.0"]
60
+ gem.add_development_dependency "cuprite", ["~> 0.13"]
60
61
  gem.add_development_dependency "factory_bot_rails", ["~> 6.0"]
61
62
  gem.add_development_dependency "puma", ["~> 5.0"]
62
63
  gem.add_development_dependency "rails-controller-testing", ["~> 1.0"]
63
64
  gem.add_development_dependency "rspec-activemodel-mocks", ["~> 1.0"]
64
65
  gem.add_development_dependency "rspec-rails", [">= 4.0.0.beta2"]
65
66
  gem.add_development_dependency "simplecov", ["~> 0.20"]
66
- gem.add_development_dependency "webdrivers", ["~> 4.0"]
67
67
  gem.add_development_dependency "webmock", ["~> 3.3"]
68
68
  gem.add_development_dependency "shoulda-matchers", ["~> 5.0"]
69
69
  gem.add_development_dependency "timecop", ["~> 0.9"]
@@ -22,7 +22,6 @@
22
22
  //= require alchemy/alchemy.dialog
23
23
  //= require alchemy/alchemy.char_counter
24
24
  //= require alchemy/alchemy.confirm_dialog
25
- //= require alchemy/alchemy.datepicker
26
25
  //= require alchemy/alchemy.dirty
27
26
  //= require alchemy/alchemy.dragndrop
28
27
  //= require alchemy/alchemy.element_editors
@@ -6,7 +6,7 @@ Alchemy.GUI =
6
6
  # Initializes all Alchemy GUI elements in given scope
7
7
  init: (scope) ->
8
8
  Alchemy.SelectBox(scope)
9
- Alchemy.Datepicker(scope)
9
+ Alchemy.Datepicker(scope && scope.selector)
10
10
  Alchemy.Tooltips(scope)
11
11
  Alchemy.Buttons.observe(scope)
12
12
  # Dialog links use event delegation and therefore do not
@@ -21,7 +21,7 @@ Alchemy.GUI =
21
21
 
22
22
  initElement: ($el) ->
23
23
  Alchemy.ElementDirtyObserver($el)
24
- Alchemy.GUI.init($el)
24
+ Alchemy.GUI.init($el && $el.selector)
25
25
  Alchemy.ImageLoader($el[0])
26
26
  Alchemy.fileEditors($el.find(".essence_file, .essence_video, .essence_audio, .ingredient-editor.file, .ingredient-editor.audio, .ingredient-editor.video").selector)
27
27
  Alchemy.pictureEditors($el.find(".essence_picture, .ingredient-editor.picture").selector)
@@ -4,12 +4,13 @@
4
4
  class window.Alchemy.LinkDialog extends Alchemy.Dialog
5
5
 
6
6
  constructor: (@link_object) ->
7
- parent_selector = @link_object.dataset.parentSelector
8
- parent = document.querySelector(parent_selector)
9
- @link_value_field = parent.querySelector("[data-link-value]")
10
- @link_title_field = parent.querySelector("[data-link-title]")
11
- @link_target_field = parent.querySelector("[data-link-target]")
12
- @link_class_field = parent.querySelector("[data-link-class]")
7
+ if @link_object.dataset
8
+ parent_selector = @link_object.dataset.parentSelector
9
+ parent = document.querySelector(parent_selector)
10
+ @link_value_field = parent.querySelector("[data-link-value]")
11
+ @link_title_field = parent.querySelector("[data-link-title]")
12
+ @link_target_field = parent.querySelector("[data-link-target]")
13
+ @link_class_field = parent.querySelector("[data-link-class]")
13
14
  @url = Alchemy.routes.link_admin_pages_path
14
15
  @$link_object = $(@link_object)
15
16
  @options =
@@ -37,8 +37,8 @@
37
37
 
38
38
  &[disabled],
39
39
  &.disabled,
40
- &[readonly],
41
- &.readonly {
40
+ &:not(.flatpickr-input)[readonly],
41
+ &:not(.flatpickr-input).readonly {
42
42
  color: $form-field-disabled-text-color;
43
43
  background-color: $form-field-disabled-bg-color;
44
44
  cursor: default;
@@ -49,8 +49,8 @@
49
49
  cursor: not-allowed;
50
50
  }
51
51
 
52
- &[readonly],
53
- &.readonly {
52
+ &:not(.flatpickr-input)[readonly],
53
+ &:not(.flatpickr-input).readonly {
54
54
  pointer-events: none;
55
55
  }
56
56
  }