alchemy_cms 6.0.0.pre.b6 → 6.0.0.pre.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2356162437442579cc431fade3fc3486f5262d22e6a6212950634e5ac90f595
-  data.tar.gz: 4a933ae8c9652adbe6fef16cf2e420c31160b4352fb2fba3a15f536f67f1dbc0
+  metadata.gz: da8076b5e01533899e6c3003841940160335389c6e8a961bedec1b08839f61ba
+  data.tar.gz: dfcd49629458243d86cb4bb49615da876b3e5bfb1b69de121f90fe6e98bb964c
 SHA512:
-  metadata.gz: 807c2793f1805245bf12512582f2bfd06acdc777a811b070877447792d20b5cfae46b7e04276d90aed455f97fca91f88385df51317a294b9569b7e845017dfbe
-  data.tar.gz: 04ec712fe19f499cf0174ee0d044a6c086abec3c063cfa5df32380033de40f4373c9e0978f626a74ac83a67b190ef4154566da152b39e02dba47b15bc6d9e94f
+  metadata.gz: a25f6e26595f7b7e218200a0a7dbc1e69ac175c1daa3736b443501f80c8f1012215c69ab2f17addeb61b397cb3288b018b87f8e175d1ec9c1399e38101018d7f
+  data.tar.gz: 1c8cee2a1c08c70581945e25dc0745ba9bf2dea83e44220e00a096fce531df941bea97405836dcc4cf650ede4e12162e7ab6b9dc18a8e297f4ac6f71a18643d6

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,46 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 4 * * 2'
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/ci.yml

@@ -10,10 +10,11 @@ jobs:
       matrix:
         rails:
           - '6.0'
+          - '6.1'
         ruby:
-          - '2.6.6'
-          - '2.7.2'
-          - '3.0.0'
+          - '2.6.8'
+          - '2.7.4'
+          - '3.0.2'
         database:
           - mysql
           - postgresql

data/CHANGELOG.md

@@ -1,3 +1,38 @@
+## 6.0.0-rc4 (2022-01-16)
+
+### Changes
+
+- Allow ransack 2.5.0 [#2223](https://github.com/AlchemyCMS/alchemy_cms/pull/2223) ([depfu](https://github.com/apps/depfu))
+- make the admin error tracker customizable [#2220](https://github.com/AlchemyCMS/alchemy_cms/pull/2220) ([DarkSwoop](https://github.com/DarkSwoop))
+- Update Flatpickr to 4.6.9 [#2197](https://github.com/AlchemyCMS/alchemy_cms/pull/2197) ([tvdeyen](https://github.com/tvdeyen))
+
+## 6.0.0-rc3 (2021-11-24)
+
+### Changes
+
+- Set stampable user_class_name without root identifier [#2215](https://github.com/AlchemyCMS/alchemy_cms/pull/2215) ([tvdeyen](https://github.com/tvdeyen))
+- Allow all possible args in tagged_with method [#2211](https://github.com/AlchemyCMS/alchemy_cms/pull/2211) ([robinboening](https://github.com/robinboening))
+
+### Fixes
+
+- fix(ImageCropper): Add dom ids to picture crop fields [#2219](https://github.com/AlchemyCMS/alchemy_cms/pull/2219) ([tvdeyen](https://github.com/tvdeyen))
+- Adjust tinymce skin assets urls again [#2218](https://github.com/AlchemyCMS/alchemy_cms/pull/2218) ([tvdeyen](https://github.com/tvdeyen))
+- Use relative path for tinymce font-face [#2214](https://github.com/AlchemyCMS/alchemy_cms/pull/2214) ([tvdeyen](https://github.com/tvdeyen))
+
+### Misc
+
+- Install correct npm package [#2204](https://github.com/AlchemyCMS/alchemy_cms/pull/2204) ([tvdeyen](https://github.com/tvdeyen))
+- Switch to cuprite for system testing [#2203](https://github.com/AlchemyCMS/alchemy_cms/pull/2203) ([tvdeyen](https://github.com/tvdeyen))
+- Upgrade webdrivers to version 5.0.0 [#2201](https://github.com/AlchemyCMS/alchemy_cms/pull/2201) ([depfu](https://github.com/apps/depfu))
+
+## 6.0.0-rc2 (2021-10-13)
+
+- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
+
+## 6.0.0-rc1 (2021-09-12)
+
+- Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
+
 ## 6.0.0-b6 (2021-09-02)
 
 - Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))

data/Gemfile

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 
 gemspec
 
-rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
+rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
 gem "rails", "~> #{rails_version}.0"
 
 if ENV["DB"].nil? || ENV["DB"] == "sqlite"
@@ -40,3 +40,8 @@ group :development, :test do
     gem "brakeman", require: false
   end
 end
+
+# Necessary for system tests in Rails 6.0
+if ENV["RAILS_VERSION"] == "6.0"
+  gem "selenium-webdriver"
+end

data/README.md

@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
 
 Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
 
-**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
+**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
 
 
 ## ✅ Features

data/SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We support the current major and last minor version of the previous major version with security fixes.
+
+## Reporting a Vulnerability
+
+Please send a preferably encrypted email to hello@alchemy-cms.com
+
+PGP public key finger print
+
+52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0

data/alchemy_cms.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
     activesupport
     railties
   ].each do |rails_gem|
-    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
+    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
   end
 
   gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
@@ -46,7 +46,7 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "kaminari", ["~> 1.1"]
   gem.add_runtime_dependency "originator", ["~> 3.1"]
   gem.add_runtime_dependency "non-stupid-digest-assets", ["~> 1.0.8"]
-  gem.add_runtime_dependency "ransack", [">= 1.8", "< 2.4.2"] # 2.4.2 dropped Ruby 2.5 support in a patch level release
+  gem.add_runtime_dependency "ransack", [">= 1.8", "<= 2.5.0"] # 2.4.2 dropped Ruby 2.5 support in a patch level release
   gem.add_runtime_dependency "request_store", ["~> 1.2"]
   gem.add_runtime_dependency "responders", [">= 2.0", "< 4.0"]
   gem.add_runtime_dependency "sassc-rails", ["~> 2.1"]
@@ -57,13 +57,13 @@ Gem::Specification.new do |gem|
 
   gem.add_development_dependency "capybara", ["~> 3.0"]
   gem.add_development_dependency "capybara-screenshot", ["~> 1.0"]
+  gem.add_development_dependency "cuprite", ["~> 0.13"]
   gem.add_development_dependency "factory_bot_rails", ["~> 6.0"]
   gem.add_development_dependency "puma", ["~> 5.0"]
   gem.add_development_dependency "rails-controller-testing", ["~> 1.0"]
   gem.add_development_dependency "rspec-activemodel-mocks", ["~> 1.0"]
   gem.add_development_dependency "rspec-rails", [">= 4.0.0.beta2"]
   gem.add_development_dependency "simplecov", ["~> 0.20"]
-  gem.add_development_dependency "webdrivers", ["~> 4.0"]
   gem.add_development_dependency "webmock", ["~> 3.3"]
   gem.add_development_dependency "shoulda-matchers", ["~> 5.0"]
   gem.add_development_dependency "timecop", ["~> 0.9"]

data/app/assets/javascripts/alchemy/admin.js

@@ -22,7 +22,6 @@
 //= require alchemy/alchemy.dialog
 //= require alchemy/alchemy.char_counter
 //= require alchemy/alchemy.confirm_dialog
-//= require alchemy/alchemy.datepicker
 //= require alchemy/alchemy.dirty
 //= require alchemy/alchemy.dragndrop
 //= require alchemy/alchemy.element_editors

data/app/assets/javascripts/alchemy/alchemy.gui.js.coffee

@@ -6,7 +6,7 @@ Alchemy.GUI =
   # Initializes all Alchemy GUI elements in given scope
   init: (scope) ->
     Alchemy.SelectBox(scope)
-    Alchemy.Datepicker(scope)
+    Alchemy.Datepicker(scope && scope.selector)
     Alchemy.Tooltips(scope)
     Alchemy.Buttons.observe(scope)
     # Dialog links use event delegation and therefore do not
@@ -21,7 +21,7 @@ Alchemy.GUI =
 
   initElement: ($el) ->
     Alchemy.ElementDirtyObserver($el)
-    Alchemy.GUI.init($el)
+    Alchemy.GUI.init($el && $el.selector)
     Alchemy.ImageLoader($el[0])
     Alchemy.fileEditors($el.find(".essence_file, .essence_video, .essence_audio, .ingredient-editor.file, .ingredient-editor.audio, .ingredient-editor.video").selector)
     Alchemy.pictureEditors($el.find(".essence_picture, .ingredient-editor.picture").selector)

data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee

@@ -4,12 +4,13 @@
 class window.Alchemy.LinkDialog extends Alchemy.Dialog
 
   constructor: (@link_object) ->
-    parent_selector = @link_object.dataset.parentSelector
-    parent = document.querySelector(parent_selector)
-    @link_value_field = parent.querySelector("[data-link-value]")
-    @link_title_field = parent.querySelector("[data-link-title]")
-    @link_target_field = parent.querySelector("[data-link-target]")
-    @link_class_field = parent.querySelector("[data-link-class]")
+    if @link_object.dataset
+      parent_selector = @link_object.dataset.parentSelector
+      parent = document.querySelector(parent_selector)
+      @link_value_field = parent.querySelector("[data-link-value]")
+      @link_title_field = parent.querySelector("[data-link-title]")
+      @link_target_field = parent.querySelector("[data-link-target]")
+      @link_class_field = parent.querySelector("[data-link-class]")
     @url = Alchemy.routes.link_admin_pages_path
     @$link_object = $(@link_object)
     @options =

data/app/assets/stylesheets/alchemy/_extends.scss

@@ -37,8 +37,8 @@
 
   &[disabled],
   &.disabled,
-  &[readonly],
-  &.readonly {
+  &:not(.flatpickr-input)[readonly],
+  &:not(.flatpickr-input).readonly {
     color: $form-field-disabled-text-color;
     background-color: $form-field-disabled-bg-color;
     cursor: default;
@@ -49,8 +49,8 @@
     cursor: not-allowed;
   }
 
-  &[readonly],
-  &.readonly {
+  &:not(.flatpickr-input)[readonly],
+  &:not(.flatpickr-input).readonly {
     pointer-events: none;
   }
 }