mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-06-04 22:27:18 -04:00
Code Issues Packages Projects Releases Wiki Activity
11,959 Commits 63 Branches 82 Tags
Layout/HashAlignment
Commit Graph

11959 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel O'Connor
a3ad9189b1 Fix WARNING: Using the raise_error matcher without providing a specific error or message risks false positives, since raise_error will match when Ruby raises a NoMethodError, NameError or ArgumentError, potentially allowing the expectation to pass without even executing the method you are intending to call. Actual error raised was #<ActiveRecord::RecordNotFound: Couldn't find Member with 'id'=9999>. Instead consider providing a specific error class or message. This message can be supressed by setting: RSpec::Expectations.configuration.warn_about_potential_false_positives = false. Called from /home/travis/build/Growstuff/growstuff/spec/controllers/member_controller_spec.rb:65:in `block (3 levels) in <top (required)>'. 2016-04-07 10:41:35 +09:30
Daniel O'Connor
da588b7fdb Create the plant part instead of assuming it's seeded 2016-04-07 10:08:21 +09:30
Daniel O'Connor
a7f9e113d6 Target the name attribute 2016-04-07 09:59:06 +09:30
Daniel O'Connor
c3a883de16 Ensure we choose a plant part 2016-04-07 09:47:53 +09:30
Daniel O'Connor
aa2a761a58 Ensure we choose a plant part 2016-04-07 09:46:29 +09:30
Daniel O'Connor
a800630b01 Ensure we choose a plant part 2016-04-07 09:43:45 +09:30
Cesy
b69bb219a3 Merge pull request #859 from CloCkWeRX/add_title_validations 
Add title validations
 2016-04-03 11:45:10 +01:00
Daniel O'Connor
a9330f2d77 #857 Add length validations to UI 2016-04-03 00:15:45 +10:30
Daniel O'Connor
de8bcc38d3 #857 Add length validations to models 2016-04-03 00:13:38 +10:30
Daniel O'Connor
99a3be08eb Fixes #853 2016-04-03 00:08:19 +10:30
Daniel O'Connor
d9f04d1fa9 Fixes #853 2016-04-03 00:08:12 +10:30
pozorvlak
1791ed5b01 Merge pull request #843 from CloCkWeRX/fix_CVE-2015-7551_upgrade_ruby 
Fix CVE-2015-7551
 2016-03-29 20:04:56 +01:00
pozorvlak
683ec9dd9d Merge pull request #842 from CloCkWeRX/cve_2015_5312_and_more 
Fix CVE 2015 5312 and more
 2016-03-29 20:03:41 +01:00
Daniel O'Connor
668f6d3a2b Fix 'app/views/harvests/_form.html.haml:39: warning: duplicated key at line 39 ignored: :class' 2016-03-29 00:43:14 +10:30
Mackenzie
90e9017a19 Merge pull request #841 from CloCkWeRX/fix_840_performance 
Eager load photos to reduce the number of queries executed
 2016-03-28 09:55:40 -04:00
Daniel O'Connor
9f3cb7ee8b Merge branch 'dev' of github.com:Growstuff/growstuff into fix_CVE-2015-7551_upgrade_ruby 2016-03-29 00:24:26 +10:30
Daniel O'Connor
df952a1779 Bump rspec to fix https://github.com/rspec/rspec-rails/issues/1532 2016-03-29 00:00:07 +10:30
Daniel O'Connor
3748f954c5 Name: uglifier 
Version: 2.5.3
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
 2016-03-28 23:54:29 +10:30
Mackenzie
dcbacddb58 Merge pull request #839 from CloCkWeRX/tweak_permissions 
Tweak permissions links
 2016-03-28 09:22:35 -04:00
Daniel O'Connor
b0adec20e7 Fix CVE-2015-7551 (https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/) 2016-03-28 23:40:17 +10:30
Daniel O'Connor
4e7e82c8a8 Fix CVE-2015-7551 (https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/) 2016-03-28 23:39:05 +10:30
Daniel O'Connor
6905cd410d Bump to current ruby 2.2.*, as there's an end of life for 2.1.* https://www.ruby-lang.org/en/news/2016/02/24/support-plan-of-ruby-2-0-0-and-2-1/ 2016-03-28 23:38:25 +10:30
Daniel O'Connor
66bb130a1a Fix CVE-2015-7551 (https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/) 2016-03-28 23:33:34 +10:30
Daniel O'Connor
03ae327e30 Name: uglifier 
Version: 2.5.3
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
 2016-03-28 23:27:15 +10:30
Daniel O'Connor
c1fde41f1f Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:23:56 +10:30
Daniel O'Connor
a10f6e4783 Name: actionpack 
Version: 4.1.11
Advisory: CVE-2015-7581
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
Title: Object leak vulnerability for wildcard controller routes in Action Pack
Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-0751
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Title: Possible Object Leak and Denial of Service attack in Action Pack
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2015-7576
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Title: Timing attack vulnerability in basic authentication in Action Controller.
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-2098
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Title: Possible remote code execution vulnerability in Action Pack
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-2097
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 3.2.22.2, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-0752
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: activemodel
Version: 4.1.11
Advisory: CVE-2016-0753
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
Title: Possible Input Validation Circumvention in Active Model
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: activerecord
Version: 4.1.11
Advisory: CVE-2015-7577
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Title: Nested attributes rejection proc bypass in Active Record
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
 2016-03-28 23:17:55 +10:30
Daniel O'Connor
a76d2a3eb0 Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:16:21 +10:30
Daniel O'Connor
049886459a Name: nokogiri 
Version: 1.6.5
Advisory: CVE-2015-1819
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Solution: upgrade to >= 1.6.7.2

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
 2016-03-28 23:13:31 +10:30
Daniel O'Connor
b57cb581dd #840 Eager load photos 2016-03-28 23:08:26 +10:30
Daniel O'Connor
f23cb78dcb #840 Eager load photos, which are used in the .interesting? call; so we don't have to do a photos.size call on every single crop. 2016-03-28 23:08:20 +10:30
Daniel O'Connor
bfffaab77f Have to stub the controller load_and_authorize_resource behaviour, as these tests aren't run in that context. 2016-03-28 22:26:36 +10:30
Daniel O'Connor
32af1b28a8 Update the expectations: an edit link is visible to crop wranglers (which used to be an expectation about the id appearing in a link) 2016-03-28 22:03:59 +10:30
Daniel O'Connor
9fa72fa5f7 Only render a pipe if there are multiple options like edit rights available 2016-03-28 21:41:06 +10:30
Daniel O'Connor
e35b15c868 Only render an edit control if the permission exists 2016-03-28 21:40:58 +10:30
Cesy
22e0e8fba0 Merge pull request #836 from gustavor-souza/patch-2 
Fixing a spec timezone problem.
 2015-10-09 09:17:15 +01:00
gustavor-souza
8caea57c47 Fixing a spec timezone problem. 2015-09-29 22:40:13 -03:00
Jim Stallings
2f561aaa47 Add myself to contributors 2015-09-26 11:54:51 -04:00
Jim Stallings
e02a6e569c Remove example file, add documentation 2015-09-26 11:54:02 -04:00
pozorvlak
24dd02a439 Merge pull request #829 from CloCkWeRX/upgrade_db_cleaner 
Upgrade database cleaner gem
 2015-09-23 21:17:14 +01:00
Cesy
45c8092a94 Merge pull request #832 from CloCkWeRX/ruby217 
Bump to ruby 2.1.7 for CVE-2015-3900
 2015-09-23 11:35:26 +01:00
Daniel O'Connor
48829dba3c Bump to ruby 2.1.7 for CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier; and others - https://www.ruby-lang.org/en/news/2015/08/18/ruby-2-1-7-released/ 2015-09-22 11:14:50 +09:30
Jim Stallings
98581801c3 GS-658 - i18n automation POC 2015-09-19 17:45:31 -04:00
Jim Stallings
93f9435fb9 GS-658: sort locale keys, add rake task for it 2015-09-19 16:24:01 -04:00
Cesy
46ee2168e1 Merge pull request #831 from CloCkWeRX/add_selenium 
Add additional capyabara driver options
 2015-09-16 11:59:22 +01:00
Cesy
5dd52ba17f Merge pull request #830 from CloCkWeRX/sprellin 
Fix minor typo in specs
 2015-09-16 11:52:30 +01:00
Daniel O'Connor
78a65f26c6 Add configuration into example file 2015-09-16 14:16:42 +09:30
Daniel O'Connor
f81666da5e And cleanup authentications 2015-09-15 12:58:35 +09:30
Daniel O'Connor
4a1bc9f6c0 Avoid test data conflicts and update expectations 2015-09-15 12:44:12 +09:30
Daniel O'Connor
0652c40c52 Avoid test data conflicts causing signup to act as signin-for-existing 2015-09-15 12:34:20 +09:30
Daniel O'Connor
a99145b705 Implement pending spec 2015-09-15 12:27:17 +09:30