mirror/growstuff
1
0
Fork 0
mirror of https://github.com/Growstuff/growstuff.git synced 2026-06-05 06:37:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,802 Commits 64 Branches 82 Tags
release9
Commit Graph

2802 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cesy
436527b902 Merge pull request #837 from Growstuff/dev 
Release 9
release9 		2016-05-16 20:09:00 +01:00
Cesy
260b16da11 Merge pull request #865 from CloCkWeRX/fix_progress 
Fix progress calculations
 2016-04-21 08:02:37 +01:00
Daniel O'Connor
cf0a646699 Add EOF newlines 2016-04-14 09:59:36 +09:30
Daniel O'Connor
12ad16a05a Newlines 2016-04-13 08:41:05 +09:30
Cesy
d525afb07c Merge pull request #866 from CloCkWeRX/fix_posts_path 
Fixes #851 Correct the link to be specific to the author
 2016-04-11 18:56:45 +01:00
Daniel O'Connor
3ff3ffa457 Don't update that link, geesh. Need more coffee! 2016-04-11 09:55:03 +09:30
Daniel O'Connor
e3c689ba6b Fixes #851 Correct the link to be specific to the author 2016-04-11 09:51:52 +09:30
Daniel O'Connor
82553d6e0a Avoid time travel in favour of calculating a number of past/future dates 2016-04-11 09:29:06 +09:30
Daniel O'Connor
3644a8124f Tweak specs, implementation properly 2016-04-09 22:54:03 +09:30
Daniel O'Connor
5cfa051d75 Update expectations 2016-04-09 22:43:17 +09:30
Daniel O'Connor
69fb98146b Adjust logic 2016-04-09 22:01:05 +09:30
Cesy
01b9e76814 Merge pull request #860 from CloCkWeRX/fix_warnings 
Fix WARNING: Using the `raise_error` matcher without providing a specific error
 2016-04-09 13:26:11 +01:00
Cesy
594e3470b4 Merge pull request #858 from CloCkWeRX/fix_plant_parts 
Fix plant parts / harvests issue #853
 2016-04-09 13:25:46 +01:00
Daniel O'Connor
7bb7a18b66 Fixes #850 Refactors percentage grown to model, stops rendering progress bars in situations it doesn't make sense. Adds specs. 2016-04-09 21:45:13 +09:30
Cesy
de4b89fdf7 Merge pull request #861 from hcbviolet/descriptions 
#852 Harvest description headings rendered when there's no description
 2016-04-09 13:08:00 +01:00
hcbviolet
e8d7ed0c2d Edit display_harvest_description method for no description 2016-04-08 17:34:58 -07:00
Daniel O'Connor
a3ad9189b1 Fix WARNING: Using the raise_error matcher without providing a specific error or message risks false positives, since raise_error will match when Ruby raises a NoMethodError, NameError or ArgumentError, potentially allowing the expectation to pass without even executing the method you are intending to call. Actual error raised was #<ActiveRecord::RecordNotFound: Couldn't find Member with 'id'=9999>. Instead consider providing a specific error class or message. This message can be supressed by setting: RSpec::Expectations.configuration.warn_about_potential_false_positives = false. Called from /home/travis/build/Growstuff/growstuff/spec/controllers/member_controller_spec.rb:65:in `block (3 levels) in <top (required)>'. 2016-04-07 10:41:35 +09:30
Daniel O'Connor
da588b7fdb Create the plant part instead of assuming it's seeded 2016-04-07 10:08:21 +09:30
Daniel O'Connor
a7f9e113d6 Target the name attribute 2016-04-07 09:59:06 +09:30
Daniel O'Connor
c3a883de16 Ensure we choose a plant part 2016-04-07 09:47:53 +09:30
Daniel O'Connor
aa2a761a58 Ensure we choose a plant part 2016-04-07 09:46:29 +09:30
Daniel O'Connor
a800630b01 Ensure we choose a plant part 2016-04-07 09:43:45 +09:30
Cesy
b69bb219a3 Merge pull request #859 from CloCkWeRX/add_title_validations 
Add title validations
 2016-04-03 11:45:10 +01:00
Daniel O'Connor
a9330f2d77 #857 Add length validations to UI 2016-04-03 00:15:45 +10:30
Daniel O'Connor
de8bcc38d3 #857 Add length validations to models 2016-04-03 00:13:38 +10:30
Daniel O'Connor
99a3be08eb Fixes #853 2016-04-03 00:08:19 +10:30
Daniel O'Connor
d9f04d1fa9 Fixes #853 2016-04-03 00:08:12 +10:30
pozorvlak
1791ed5b01 Merge pull request #843 from CloCkWeRX/fix_CVE-2015-7551_upgrade_ruby 
Fix CVE-2015-7551
 2016-03-29 20:04:56 +01:00
pozorvlak
683ec9dd9d Merge pull request #842 from CloCkWeRX/cve_2015_5312_and_more 
Fix CVE 2015 5312 and more
 2016-03-29 20:03:41 +01:00
Mackenzie
90e9017a19 Merge pull request #841 from CloCkWeRX/fix_840_performance 
Eager load photos to reduce the number of queries executed
 2016-03-28 09:55:40 -04:00
Daniel O'Connor
9f3cb7ee8b Merge branch 'dev' of github.com:Growstuff/growstuff into fix_CVE-2015-7551_upgrade_ruby 2016-03-29 00:24:26 +10:30
Daniel O'Connor
df952a1779 Bump rspec to fix https://github.com/rspec/rspec-rails/issues/1532 2016-03-29 00:00:07 +10:30
Daniel O'Connor
3748f954c5 Name: uglifier 
Version: 2.5.3
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
 2016-03-28 23:54:29 +10:30
Mackenzie
dcbacddb58 Merge pull request #839 from CloCkWeRX/tweak_permissions 
Tweak permissions links
 2016-03-28 09:22:35 -04:00
Daniel O'Connor
4e7e82c8a8 Fix CVE-2015-7551 (https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/) 2016-03-28 23:39:05 +10:30
Daniel O'Connor
66bb130a1a Fix CVE-2015-7551 (https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/) 2016-03-28 23:33:34 +10:30
Daniel O'Connor
03ae327e30 Name: uglifier 
Version: 2.5.3
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2
 2016-03-28 23:27:15 +10:30
Daniel O'Connor
c1fde41f1f Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:23:56 +10:30
Daniel O'Connor
a10f6e4783 Name: actionpack 
Version: 4.1.11
Advisory: CVE-2015-7581
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE
Title: Object leak vulnerability for wildcard controller routes in Action Pack
Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-0751
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Title: Possible Object Leak and Denial of Service attack in Action Pack
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2015-7576
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Title: Timing attack vulnerability in basic authentication in Action Controller.
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: actionpack
Version: 4.1.11
Advisory: CVE-2016-2098
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
Title: Possible remote code execution vulnerability in Action Pack
Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-2097
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 3.2.22.2, >= 4.1.14.2, ~> 4.1.14

Name: actionview
Version: 4.1.11
Advisory: CVE-2016-0752
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Title: Possible Information Leak Vulnerability in Action View
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Name: activemodel
Version: 4.1.11
Advisory: CVE-2016-0753
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
Title: Possible Input Validation Circumvention in Active Model
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Name: activerecord
Version: 4.1.11
Advisory: CVE-2015-7577
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g
Title: Nested attributes rejection proc bypass in Active Record
Solution: upgrade to ~> 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
 2016-03-28 23:17:55 +10:30
Daniel O'Connor
a76d2a3eb0 Name: devise 
Version: 3.4.1
Advisory: CVE-2015-8314
Criticality: Unknown
URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Solution: upgrade to >= 3.5.4
 2016-03-28 23:16:21 +10:30
Daniel O'Connor
049886459a Name: nokogiri 
Version: 1.6.5
Advisory: CVE-2015-1819
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1374
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-7499
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Solution: upgrade to >= 1.6.7.2

Name: nokogiri
Version: 1.6.5
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
 2016-03-28 23:13:31 +10:30
Daniel O'Connor
b57cb581dd #840 Eager load photos 2016-03-28 23:08:26 +10:30
Daniel O'Connor
f23cb78dcb #840 Eager load photos, which are used in the .interesting? call; so we don't have to do a photos.size call on every single crop. 2016-03-28 23:08:20 +10:30
Daniel O'Connor
bfffaab77f Have to stub the controller load_and_authorize_resource behaviour, as these tests aren't run in that context. 2016-03-28 22:26:36 +10:30
Daniel O'Connor
32af1b28a8 Update the expectations: an edit link is visible to crop wranglers (which used to be an expectation about the id appearing in a link) 2016-03-28 22:03:59 +10:30
Daniel O'Connor
9fa72fa5f7 Only render a pipe if there are multiple options like edit rights available 2016-03-28 21:41:06 +10:30
Daniel O'Connor
e35b15c868 Only render an edit control if the permission exists 2016-03-28 21:40:58 +10:30
Cesy
22e0e8fba0 Merge pull request #836 from gustavor-souza/patch-2 
Fixing a spec timezone problem.
 2015-10-09 09:17:15 +01:00
gustavor-souza
8caea57c47 Fixing a spec timezone problem. 2015-09-29 22:40:13 -03:00
pozorvlak
24dd02a439 Merge pull request #829 from CloCkWeRX/upgrade_db_cleaner 
Upgrade database cleaner gem
 2015-09-23 21:17:14 +01:00