alchemy_cms 6.0.0.pre.rc1 → 6.0.0.pre.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c2e459c0097bf27f22b10ef62a2daf9b6b00c9d27a5a7062a580a0ce40fd288
-  data.tar.gz: 79dcef9fe37b902dcbdaba9eafacca27e772660b297953a0f3cfefc076fc4719
+  metadata.gz: aa6425ce6e3aa16df7d9df57ac4d098093cc6707f95856f4a7030204b82cb7b9
+  data.tar.gz: ea96e420624ff64d60dccaa6e9e425354f85aa47e2a8602a20799414adf37096
 SHA512:
-  metadata.gz: ae3cca3894448880c1c86a63585b104a04fdeba14be7e9160451bc91a64993f2ff50080d87be5b2be487734fa4267358d0ce263da352a6005f1d8264919670bf
-  data.tar.gz: 74e9ad0b8e7242349d3be0b0e1abe54a4fbd73a7fbb17beac177faa332df98d25f0d0302868c5771b3d04a7f2da81257a7639e04739d7ef462f9d04c86ca449f
+  metadata.gz: 8842fb9afc57ca77301e7658c3b00ca96306d5de1eda7827ba114d8fa0501fb9d520416ba8e9d100b785c9555be4b0d8f277dde4b44124539c9a9dbe2756d0b7
+  data.tar.gz: d18b971bd54abf71a988e78751ce104d6ba7ea8ad24fd809cdc44e7c4564c65b4f777971819ca7df14ab23162dfeeb5c0ab5936f58097139277fd72fb22567f2

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,46 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 4 * * 2'
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 6.0.0-rc2 (2021-10-13)
+
+- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
+
 ## 6.0.0-rc1 (2021-09-12)
 
 - Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))

data/SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We support the current major and last minor version of the previous major version with security fixes.
+
+## Reporting a Vulnerability
+
+Please send a preferably encrypted email to hello@alchemy-cms.com
+
+PGP public key finger print
+
+52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0

data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee

@@ -4,12 +4,13 @@
 class window.Alchemy.LinkDialog extends Alchemy.Dialog
 
   constructor: (@link_object) ->
-    parent_selector = @link_object.dataset.parentSelector
-    parent = document.querySelector(parent_selector)
-    @link_value_field = parent.querySelector("[data-link-value]")
-    @link_title_field = parent.querySelector("[data-link-title]")
-    @link_target_field = parent.querySelector("[data-link-target]")
-    @link_class_field = parent.querySelector("[data-link-class]")
+    if @link_object.dataset
+      parent_selector = @link_object.dataset.parentSelector
+      parent = document.querySelector(parent_selector)
+      @link_value_field = parent.querySelector("[data-link-value]")
+      @link_title_field = parent.querySelector("[data-link-title]")
+      @link_target_field = parent.querySelector("[data-link-target]")
+      @link_class_field = parent.querySelector("[data-link-class]")
     @url = Alchemy.routes.link_admin_pages_path
     @$link_object = $(@link_object)
     @options =

data/lib/alchemy/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Alchemy
-  VERSION = "6.0.0-rc1"
+  VERSION = "6.0.0-rc2"
 
   def self.version
     VERSION

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alchemy_cms/admin",
-  "version": "6.0.0-rc1",
+  "version": "6.0.0-rc2",
   "description": "AlchemyCMS",
   "browser": "package/admin.js",
   "files": [

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 6.0.0.pre.rc1
+  version: 6.0.0.pre.rc2
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -13,7 +13,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-12 00:00:00.000000000 Z
+date: 2021-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -724,6 +724,7 @@ files:
 - ".github/ISSUE_TEMPLATE/Bug_report.md"
 - ".github/ISSUE_TEMPLATE/Feature_request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/brakeman-analysis.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/stale.yml"
 - ".gitignore"
@@ -739,6 +740,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - alchemy_cms.gemspec
 - app/assets/config/alchemy_manifest.js
 - app/assets/images/alchemy/alchemy-logo.png
@@ -1516,7 +1518,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
-rubygems_version: 3.2.26
+rubygems_version: 3.2.28
 signing_key:
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails