diff --git a/.circleci/config.yml b/.circleci/config.yml index ccd163b61..74fcb9fd5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -68,7 +68,7 @@ jobs: command: bundle exec rubocop - run: name: Run brakeman - command: bundle exec brakeman -z + command: bundle exec brakeman - run: name: Run haml-lint command: bundle exec haml-lint app/views/ diff --git a/.haml-lint.yml b/.haml-lint.yml index 0927e9027..e3d566f90 100644 --- a/.haml-lint.yml +++ b/.haml-lint.yml @@ -43,6 +43,10 @@ linters: character: space # or tab width: 2 # ignored if character == tab + # TODO: enable once we got rid of the legacy UIs + InlineStyles: + enabled: false + InstanceVariables: enabled: false file_types: partials @@ -117,3 +121,8 @@ linters: # locally from time to time UnnecessaryStringOutput: enabled: false + + # Disabled because too agress ive, but to enable + # locally from time to time + ViewLength: + enabled: false diff --git a/Gemfile b/Gemfile index 591ce5f76..dd2d8e625 100644 --- a/Gemfile +++ b/Gemfile @@ -1,9 +1,9 @@ source 'https://rubygems.org' -gem 'rails', '5.0.0.1' +gem 'rails' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' @@ -13,12 +13,12 @@ gem 'therubyracer', platforms: :ruby # Use jquery as the JavaScript library gem 'jquery-rails' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks -gem 'turbolinks', '~> 5.0' +gem 'turbolinks' # bundle exec rake doc:rails generates the API under doc/api. gem 'sdoc', '~> 0.4.0', group: :doc # Enable deep clone of active record models -gem 'deep_cloneable', '~> 2.2.1' +gem 'deep_cloneable' gem 'warden', git: 'https://github.com/hassox/warden.git', branch: 'master' @@ -38,7 +38,7 @@ gem 'bootstrap-sass', '~> 3.3.5' gem 'kaminari' # Decorators -gem 'draper', '~> 3.0.0.pre1' +gem 'draper' gem 'unicode_utils' @@ -107,8 +107,8 @@ gem "delayed_job_web" gem 'select2-rails' # PDF Generation -gem 'prawn', '~> 2.0.1' -gem 'prawn_rails', '~> 0.0.11' +gem 'prawn' +gem 'prawn_rails' gem 'chunky_png' gem 'sentry-raven' @@ -153,7 +153,7 @@ group :development, :test do # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' gem 'spring-commands-rspec' - gem 'rspec-rails', '~> 3.0' + gem 'rspec-rails' # Deploy gem 'mina', ref: '343a7', git: 'https://github.com/mina-deploy/mina.git' diff --git a/Gemfile.lock b/Gemfile.lock index df20eaa38..d4d8f6bee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -18,55 +18,55 @@ GIT GEM remote: https://rubygems.org/ specs: - CFPropertyList (2.3.4) - actioncable (5.0.0.1) - actionpack (= 5.0.0.1) - nio4r (~> 1.2) + CFPropertyList (2.3.6) + actioncable (5.0.6) + actionpack (= 5.0.6) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.0.1) - actionpack (= 5.0.0.1) - actionview (= 5.0.0.1) - activejob (= 5.0.0.1) + actionmailer (5.0.6) + actionpack (= 5.0.6) + actionview (= 5.0.6) + activejob (= 5.0.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.0.1) - actionview (= 5.0.0.1) - activesupport (= 5.0.0.1) + actionpack (5.0.6) + actionview (= 5.0.6) + activesupport (= 5.0.6) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.1) - activesupport (= 5.0.0.1) + actionview (5.0.6) + activesupport (= 5.0.6) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - active_model_serializers (0.10.3) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + active_model_serializers (0.10.7) actionpack (>= 4.1, < 6) activemodel (>= 4.1, < 6) - jsonapi (= 0.1.1.beta2) - activejob (5.0.0.1) - activesupport (= 5.0.0.1) + case_transform (>= 0.2) + jsonapi-renderer (>= 0.1.1.beta1, < 0.3) + activejob (5.0.6) + activesupport (= 5.0.6) globalid (>= 0.3.6) - activemodel (5.0.0.1) - activesupport (= 5.0.0.1) - activemodel-serializers-xml (1.0.1) + activemodel (5.0.6) + activesupport (= 5.0.6) + activemodel-serializers-xml (1.0.2) activemodel (> 5.x) - activerecord (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (5.0.0.1) - activemodel (= 5.0.0.1) - activesupport (= 5.0.0.1) + activerecord (5.0.6) + activemodel (= 5.0.6) + activesupport (= 5.0.6) arel (~> 7.0) - activesupport (5.0.0.1) + activesupport (5.0.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.1) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) administrate (0.4.0) autoprefixer-rails (~> 6.0) bourbon (~> 4.2) @@ -79,19 +79,23 @@ GEM rails (>= 4.2, < 5.1) sass-rails (~> 5.0) selectize-rails (~> 0.6) - apipie-rails (0.3.7) - json + apipie-rails (0.5.6) + rails (>= 4.1) arel (7.1.4) ast (2.3.0) attr_required (1.0.1) - autoprefixer-rails (6.5.4) + autoprefixer-rails (6.7.7.2) execjs axlsx (2.0.1) htmlentities (~> 4.3.1) nokogiri (>= 1.4.1) rubyzip (~> 1.0.0) + axlsx_styler (0.1.7) + activesupport (>= 3.1) + axlsx (~> 2.0) bcrypt (3.1.11) - bindata (2.3.4) + bindata (2.4.1) + bindex (0.5.0) bootstrap-datepicker-rails (1.6.4.1) railties (>= 3.0) bootstrap-sass (3.3.7) @@ -102,17 +106,17 @@ GEM bourbon (4.3.4) sass (~> 3.4) thor (~> 0.19) - brakeman (3.7.0) - browser (2.3.0) + brakeman (4.1.1) + browser (2.5.2) builder (3.2.3) - byebug (9.0.6) - capybara (2.13.0) + byebug (9.1.0) + capybara (2.17.0) addressable - mime-types (>= 1.16) + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) + xpath (>= 2.0, < 4.0) capybara-selenium (0.0.6) capybara selenium-webdriver @@ -123,15 +127,17 @@ GEM mime-types (>= 1.16) mimemagic (>= 0.3.0) carrierwave-i18n (0.2.0) - chartkick (2.2.1) + case_transform (0.2) + activesupport + chartkick (2.2.5) childprocess (0.8.0) ffi (~> 1.0, >= 1.0.11) chunky_png (1.3.8) clamav-client (3.1.0) - coderay (1.1.1) - coffee-rails (4.2.1) + coderay (1.1.2) + coffee-rails (4.2.2) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.2.x) + railties (>= 4.0.0) coffee-script (2.4.1) coffee-script-source execjs @@ -142,12 +148,11 @@ GEM crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.3) - daemons (1.2.4) - database_cleaner (1.5.3) + daemons (1.2.6) + database_cleaner (1.6.2) datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) - debug_inspector (0.0.2) - deep_cloneable (2.2.2) + deep_cloneable (2.3.1) activerecord (>= 3.1.0, < 5.2.0) delayed_cron_job (0.7.2) delayed_job (>= 4.1) @@ -166,14 +171,14 @@ GEM railties (>= 4.1.0, < 5.2) responders warden (~> 1.2.3) - diff-lcs (1.2.5) + diff-lcs (1.3) domain_name (0.5.20170404) unf (>= 0.0.5, < 1.0.0) - dotenv (2.2.0) - dotenv-rails (2.2.0) - dotenv (= 2.2.0) - railties (>= 3.2, < 5.1) - draper (3.0.0.pre1) + dotenv (2.2.1) + dotenv-rails (2.2.1) + dotenv (= 2.2.1) + railties (>= 3.2, < 5.2) + draper (3.0.1) actionpack (~> 5.0) activemodel (~> 5.0) activemodel-serializers-xml (~> 1.0) @@ -186,23 +191,27 @@ GEM eventmachine (1.2.1) excon (0.60.0) execjs (2.7.0) - factory_girl (4.7.0) + factory_girl (4.9.0) activesupport (>= 3.0.0) - faraday (0.10.0) + faraday (0.12.2) multipart-post (>= 1.2, < 3) - ffi (1.9.14) + ffi (1.9.18) fission (0.5.0) CFPropertyList (~> 2.2) - fog (1.38.0) + fog (1.41.0) fog-aliyun (>= 0.1.0) fog-atmos fog-aws (>= 0.6.0) fog-brightbox (~> 0.4) fog-cloudatcost (~> 0.1.0) - fog-core (~> 1.32) + fog-core (~> 1.45) + fog-digitalocean (>= 0.3.0) + fog-dnsimple (~> 1.0) fog-dynect (~> 0.0.2) fog-ecloud (~> 0.1) fog-google (<= 0.1.0) + fog-internet-archive + fog-joyent fog-json fog-local fog-openstack @@ -222,7 +231,8 @@ GEM fog-xenserver fog-xml (~> 0.1.1) ipaddress (~> 0.5) - fog-aliyun (0.1.0) + json (>= 1.8, < 2.0) + fog-aliyun (0.2.0) fog-core (~> 1.27) fog-json (~> 1.0) ipaddress (~> 0.8) @@ -230,12 +240,12 @@ GEM fog-atmos (0.1.0) fog-core fog-xml - fog-aws (1.0.0) + fog-aws (2.0.0) fog-core (~> 1.38) fog-json (~> 1.0) fog-xml (~> 0.1) ipaddress (~> 0.8) - fog-brightbox (0.11.0) + fog-brightbox (0.14.0) fog-core (~> 1.22) fog-json inflecto (~> 0.0.2) @@ -248,6 +258,14 @@ GEM builder excon (~> 0.58) formatador (~> 0.2) + fog-digitalocean (0.3.0) + fog-core (~> 1.42) + fog-json (>= 1.0) + fog-xml (>= 0.1) + ipaddress (>= 0.5) + fog-dnsimple (1.0.0) + fog-core (~> 1.38) + fog-json (~> 1.0) fog-dynect (0.0.3) fog-core fog-json @@ -259,23 +277,30 @@ GEM fog-core fog-json fog-xml + fog-internet-archive (0.0.1) + fog-core + fog-json + fog-xml + fog-joyent (0.0.1) + fog-core (~> 1.42) + fog-json (>= 1.0) fog-json (1.0.2) fog-core (~> 1.0) multi_json (~> 1.10) - fog-local (0.3.1) + fog-local (0.4.0) fog-core (~> 1.27) - fog-openstack (0.1.18) - fog-core (>= 1.40) + fog-openstack (0.1.23) + fog-core (~> 1.40) fog-json (>= 1.0) ipaddress (>= 0.8) fog-powerdns (0.1.1) fog-core (~> 1.27) fog-json (~> 1.0) fog-xml (~> 0.1) - fog-profitbricks (3.0.0) + fog-profitbricks (4.1.1) fog-core (~> 1.42) fog-json (~> 1.0) - fog-rackspace (0.1.2) + fog-rackspace (0.1.5) fog-core (>= 1.35) fog-json (>= 1.0) fog-xml (>= 0.1) @@ -309,24 +334,24 @@ GEM fog-voxel (0.1.0) fog-core fog-xml - fog-vsphere (1.5.2) + fog-vsphere (1.13.1) fog-core rbvmomi (~> 1.9) - fog-xenserver (0.2.3) + fog-xenserver (0.3.0) fog-core fog-xml fog-xml (0.1.3) fog-core nokogiri (>= 1.5.11, < 2.0.0) - font-awesome-rails (4.7.0.1) - railties (>= 3.2, < 5.1) + font-awesome-rails (4.7.0.3) + railties (>= 3.2, < 5.2) formatador (0.2.5) - globalid (0.3.7) - activesupport (>= 4.1.0) - guard (2.14.0) + globalid (0.4.1) + activesupport (>= 4.2.0) + guard (2.14.2) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) - lumberjack (~> 1.0) + lumberjack (>= 1.0.12, < 2.0) nenv (~> 0.1) notiffany (~> 0.0) pry (>= 0.9.12) @@ -342,24 +367,25 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - haml (4.0.7) + haml (5.0.4) + temple (>= 0.8.0) tilt haml-lint (0.999.999) haml_lint - haml-rails (0.9.0) + haml-rails (1.0.0) actionpack (>= 4.0.1) activesupport (>= 4.0.1) - haml (>= 4.0.6, < 5.0) + haml (>= 4.0.6, < 6.0) html2haml (>= 1.0.1) railties (>= 4.0.1) - haml_lint (0.24.0) + haml_lint (0.27.0) haml (>= 4.0, < 5.1) rainbow rake (>= 10, < 13) - rubocop (>= 0.47.0) + rubocop (>= 0.50.0) sysexits (~> 1.1) - hashdiff (0.3.1) - hashie (3.4.6) + hashdiff (0.3.7) + hashie (3.5.7) html2haml (2.2.0) erubis (~> 2.7.0) haml (>= 4.0, < 6) @@ -374,24 +400,22 @@ GEM concurrent-ruby (~> 1.0) inflecto (0.0.2) ipaddress (0.8.3) - jquery-rails (4.2.1) + jquery-rails (4.3.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (1.8.6) - json-jwt (1.7.0) + json-jwt (1.8.3) activesupport bindata - multi_json (>= 1.3) securecompare url_safe_base64 - jsonapi (0.1.1.beta2) - json (~> 1.8) + jsonapi-renderer (0.2.0) jwt (1.5.6) kaminari (0.17.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) - kgio (2.10.0) + kgio (2.11.1) launchy (2.4.3) addressable (~> 2.3) leaflet-draw-rails (0.1.0) @@ -404,32 +428,32 @@ GEM rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) logstash-event (1.2.02) - logstasher (1.1.0) - activerecord (>= 4.0) + logstasher (1.2.2) activesupport (>= 4.0) logstash-event (~> 1.2.0) request_store loofah (2.1.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - lumberjack (1.0.10) - mail (2.6.4) - mime-types (>= 1.16, < 4) - mailjet (1.4.10) + lumberjack (1.0.12) + mail (2.7.0) + mini_mime (>= 0.1.1) + mailjet (1.5.4) activesupport (>= 3.1.0) rack (>= 1.4.0) rest-client - maruku (0.7.2) - method_source (0.8.2) + maruku (0.7.3) + method_source (0.9.0) mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mimemagic (0.3.2) + mini_mime (1.0.0) mini_portile2 (2.3.0) minitest (5.11.1) momentjs-rails (2.17.1) railties (>= 3.1) - multi_json (1.12.1) + multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) mustermann (1.0.1) @@ -438,7 +462,7 @@ GEM thor (~> 0.19) nenv (0.3.0) netrc (0.11.0) - nio4r (1.2.1) + nio4r (2.2.0) nokogiri (1.8.1) mini_portile2 (~> 2.3.0) normalize-rails (3.0.3) @@ -451,7 +475,7 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.7.1) + omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) omniauth-github (1.3.0) @@ -461,46 +485,45 @@ GEM oauth2 (~> 1.1) omniauth (~> 1.2) open4 (1.3.4) - openid_connect (0.12.0) + openid_connect (1.1.3) activemodel attr_required (>= 1.0.0) json (>= 1.4.3) json-jwt (>= 1.5.0) - rack-oauth2 (>= 1.3.1) + rack-oauth2 (>= 1.6.1) swd (>= 1.0.0) tzinfo validate_email validate_url webfinger (>= 1.0.1) - openstack (3.3.7) + openstack (3.3.12) json orm_adapter (0.5.0) parallel (1.12.1) parser (2.4.0.2) ast (~> 2.3) - pdf-core (0.6.1) + pdf-core (0.7.0) pg (0.19.0) powerpack (0.1.1) - prawn (2.0.2) - pdf-core (~> 0.6.0) - ttfunk (~> 1.4.0) + prawn (2.2.2) + pdf-core (~> 0.7.0) + ttfunk (~> 1.5) prawn_rails (0.0.11) prawn (>= 0.11.1) railties (>= 3.0.0) - pry (0.10.4) + pry (0.11.3) coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) - pry-byebug (3.4.2) - byebug (~> 9.0) + method_source (~> 0.9.0) + pry-byebug (3.5.1) + byebug (~> 9.1) pry (~> 0.10) - public_suffix (2.0.5) + public_suffix (3.0.1) rack (2.0.3) rack-handlers (0.7.3) rack rack-mini-profiler (0.10.7) rack (>= 1.2.0) - rack-oauth2 (1.4.0) + rack-oauth2 (1.7.0) activesupport (>= 2.3) attr_required (>= 0.0.5) httpclient (>= 2.4) @@ -510,39 +533,39 @@ GEM rack rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0.1) - actioncable (= 5.0.0.1) - actionmailer (= 5.0.0.1) - actionpack (= 5.0.0.1) - actionview (= 5.0.0.1) - activejob (= 5.0.0.1) - activemodel (= 5.0.0.1) - activerecord (= 5.0.0.1) - activesupport (= 5.0.0.1) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.1) + rails (5.0.6) + actioncable (= 5.0.6) + actionmailer (= 5.0.6) + actionpack (= 5.0.6) + actionview (= 5.0.6) + activejob (= 5.0.6) + activemodel (= 5.0.6) + activerecord (= 5.0.6) + activesupport (= 5.0.6) + bundler (>= 1.3.0) + railties (= 5.0.6) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) + rails-controller-testing (1.0.2) + actionpack (~> 5.x, >= 5.0.1) + actionview (~> 5.x, >= 5.0.1) activesupport (~> 5.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0.1) - actionpack (= 5.0.0.1) - activesupport (= 5.0.0.1) + railties (5.0.6) + actionpack (= 5.0.6) + activesupport (= 5.0.6) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (3.0.0) - raindrops (0.17.0) + raindrops (0.19.0) rake (12.3.0) - rb-fsevent (0.9.8) - rb-inotify (0.9.7) - ffi (>= 0.5.0) + rb-fsevent (0.10.2) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) rbvmomi (1.11.6) builder (~> 3.0) json (>= 1.8) @@ -550,7 +573,8 @@ GEM trollop (~> 2.1) rdoc (4.3.0) ref (2.0.0) - request_store (1.3.1) + request_store (1.4.0) + rack (>= 1.4) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) railties (>= 4.2.0, < 5.3) @@ -558,13 +582,13 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rgeo (0.5.3) - rgeo-geojson (0.4.3) - rgeo (~> 0.5) - rodf (0.3.7) - activesupport (>= 3.0, < 6.0) - builder (~> 3.0) - rubyzip (~> 1.0) + rgeo (1.0.0) + rgeo-geojson (2.0.0) + rgeo (~> 1.0) + rodf (1.0.0) + activesupport (>= 3.0) + builder (>= 3.0) + rubyzip (>= 1.0) rspec (3.5.0) rspec-core (~> 3.5.0) rspec-expectations (~> 3.5.0) @@ -595,8 +619,8 @@ GEM rainbow (>= 2.2.2, < 4.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) - rubocop-rspec-focused (0.1.0) - rubocop (>= 0.37) + rubocop-rspec-focused (1.0.0) + rubocop (>= 0.51) ruby-progressbar (1.9.0) ruby_dep (1.5.0) ruby_parser (3.10.1) @@ -604,19 +628,23 @@ GEM rubyzip (1.0.0) safe_yaml (1.0.4) sanitize-url (0.1.4) - sass (3.4.22) - sass-rails (5.0.6) + sass (3.5.5) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) railties (>= 4.0.0, < 6) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - scenic (1.3.0) + scenic (1.4.1) activerecord (>= 4.0.0) railties (>= 4.0.0) - scss_lint (0.53.0) + scss_lint (0.56.0) rake (>= 0.9, < 13) - sass (~> 3.4.20) + sass (~> 3.5.3) sdoc (0.4.2) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) @@ -627,61 +655,60 @@ GEM selenium-webdriver (3.8.0) childprocess (~> 0.5) rubyzip (~> 1.0) - sentry-raven (2.2.0) + sentry-raven (2.7.1) faraday (>= 0.7.6, < 1.0) sexp_processor (4.10.0) shellany (0.0.1) - shoulda-matchers (3.1.1) + shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - simple_form (3.4.0) - actionpack (> 4, < 5.1) - activemodel (> 4, < 5.1) + simple_form (3.5.0) + actionpack (> 4, < 5.2) + activemodel (> 4, < 5.2) sinatra (2.0.0) mustermann (~> 1.0) rack (~> 2.0) rack-protection (= 2.0.0) tilt (~> 2.0) - skylight (1.4.4) + skylight (1.5.0) activesupport (>= 3.0.0) - slop (3.6.0) smart_listing (1.2.0) coffee-rails jquery-rails kaminari (~> 0.17) rails (>= 3.2) - spreadsheet_architect (1.4.8) + spreadsheet_architect (2.0.2) axlsx (>= 2.0) - rodf (= 0.3.7) - spring (2.0.1) + axlsx_styler (>= 0.1.7) + rodf (>= 1.0.0) + spring (2.0.2) activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.0) + sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - swd (1.0.1) + swd (1.1.2) activesupport (>= 3) attr_required (>= 0.0.5) httpclient (>= 2.4) - i18n - json (>= 1.4.3) sysexits (1.2.0) + temple (0.8.0) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref thor (0.20.0) thread_safe (0.3.6) tilt (2.0.8) - timecop (0.8.1) + timecop (0.9.1) trollop (2.1.2) - ttfunk (1.4.0) - turbolinks (5.0.1) - turbolinks-source (~> 5) - turbolinks-source (5.0.0) + ttfunk (1.5.1) + turbolinks (5.1.0) + turbolinks-source (~> 5.1) + turbolinks-source (5.1.0) tzinfo (1.2.4) thread_safe (~> 0.1) uglifier (4.1.3) @@ -691,7 +718,7 @@ GEM unf_ext (0.0.7.4) unicode-display_width (1.3.0) unicode_utils (1.4.0) - unicorn (5.2.0) + unicorn (5.4.0) kgio (~> 2.6) raindrops (~> 0.7) url_safe_base64 (0.2.2) @@ -701,27 +728,26 @@ GEM validate_url (1.0.2) activemodel (>= 3.0.0) addressable - vcr (3.0.3) - web-console (3.4.0) + vcr (4.0.0) + web-console (3.5.1) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) - webfinger (1.0.2) + webfinger (1.1.0) activesupport httpclient (>= 2.4) - multi_json - webmock (2.3.1) + webmock (3.3.0) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) xml-simple (1.1.5) - xpath (2.1.0) - nokogiri (~> 1.3) - xray-rails (0.2.0) + xpath (3.0.0) + nokogiri (~> 1.8) + xray-rails (0.3.1) rails (>= 3.1.0) PLATFORMS @@ -747,13 +773,13 @@ DEPENDENCIES copy_carrierwave_file daemons database_cleaner - deep_cloneable (~> 2.2.1) + deep_cloneable delayed_cron_job delayed_job_active_record delayed_job_web devise dotenv-rails - draper (~> 3.0.0.pre1) + draper factory_girl fog fog-openstack @@ -778,21 +804,21 @@ DEPENDENCIES openid_connect openstack pg - prawn (~> 2.0.1) - prawn_rails (~> 0.0.11) + prawn + prawn_rails pry-byebug rack-handlers rack-mini-profiler - rails (= 5.0.0.1) + rails rails-controller-testing rest-client rgeo-geojson - rspec-rails (~> 3.0) + rspec-rails rspec_junit_formatter rubocop rubocop-rspec-focused sanitize-url - sass-rails (~> 5.0) + sass-rails scenic scss_lint sdoc (~> 0.4.0) @@ -807,7 +833,7 @@ DEPENDENCIES spring-commands-rspec therubyracer timecop - turbolinks (~> 5.0) + turbolinks uglifier (>= 1.3.0) unicode_utils unicorn diff --git a/README.md b/README.md index 1e50be21a..72098fa29 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Pour exécuter les tests de l'application, plusieurs possibilités : ## Linting - Faire tourner RuboCop : `bundle exec rubocop` -- Faire tourner Brakeman : `bundle exec brakeman -z` +- Faire tourner Brakeman : `bundle exec brakeman` - Linter les fichiers HAML : `bundle exec haml-lint app/views/` - Linter les fichiers SCSS : `bundle exec scss-lint app/assets/stylesheets/` diff --git a/app/views/dossiers/_infos_dossier.html.haml b/app/views/dossiers/_infos_dossier.html.haml index 73ec2bb2b..f1c09ddf9 100644 --- a/app/views/dossiers/_infos_dossier.html.haml +++ b/app/views/dossiers/_infos_dossier.html.haml @@ -43,7 +43,7 @@ - if dossier = link_to("Dossier #{dossier.id}", dossier.decorate.url(gestionnaire_signed_in?), target: '_blank') %br - = dossier.text_summary + = sanitize(dossier.text_summary) - else Pas de dossier associé - else diff --git a/app/views/new_gestionnaire/dossiers/_champs.html.haml b/app/views/new_gestionnaire/dossiers/_champs.html.haml index 1354f4624..45609eaa2 100644 --- a/app/views/new_gestionnaire/dossiers/_champs.html.haml +++ b/app/views/new_gestionnaire/dossiers/_champs.html.haml @@ -27,7 +27,7 @@ - else Dossier nº #{dossier.id} %br - = dossier.text_summary + = sanitize(dossier.text_summary) - else Pas de dossier associé - else diff --git a/app/views/new_gestionnaire/dossiers/_identite_entreprise.html.haml b/app/views/new_gestionnaire/dossiers/_identite_entreprise.html.haml index d3669980b..a60448c29 100644 --- a/app/views/new_gestionnaire/dossiers/_identite_entreprise.html.haml +++ b/app/views/new_gestionnaire/dossiers/_identite_entreprise.html.haml @@ -9,7 +9,7 @@ %td= entreprise.siret_siege_social %tr %th Forme juridique : - %td= entreprise.forme_juridique + %td= sanitize(entreprise.forme_juridique) - if etablissement.present? %tr %th Libellé NAF : diff --git a/app/views/new_gestionnaire/dossiers/editable_champs/_dossier_link.html.haml b/app/views/new_gestionnaire/dossiers/editable_champs/_dossier_link.html.haml index 4c6fd69b3..924cdc78e 100644 --- a/app/views/new_gestionnaire/dossiers/editable_champs/_dossier_link.html.haml +++ b/app/views/new_gestionnaire/dossiers/editable_champs/_dossier_link.html.haml @@ -1,7 +1,7 @@ - dossier = Dossier.find_by(id: champ.value) - show_text_summary = dossier.present? - show_warning = !show_text_summary && champ.value.present? -- text_summary = dossier.try(:text_summary) +- text_summary = sanitize(dossier.try(:text_summary)) .dossier-link = form.number_field :value,