diff --git a/.circleci/config.yml b/.circleci/config.yml index 2e2480cc..b98a62f7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2 jobs: build: docker: - - image: circleci/ruby:2.6.6-node-browsers + - image: circleci/ruby:3.0.2-node-browsers - image: postgres:9.6 environment: POSTGRES_HOST_AUTH_METHOD: trust diff --git a/.ruby-version b/.ruby-version index 338a5b5d..b5021469 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.6.6 +3.0.2 diff --git a/Gemfile b/Gemfile index 000d05bb..44d86fbe 100644 --- a/Gemfile +++ b/Gemfile @@ -5,11 +5,12 @@ ruby File.read('.ruby-version').strip gem 'rails', '~> 6.x' gem 'american_date' # this gives us the `to_date` method that we use in several places +gem 'authy', '2.7.5' gem 'carrierwave' gem 'carrierwave-aws' gem 'chartkick' gem 'devise' -gem 'devise-authy' +gem 'devise-authy', '2.2.1' # implementation changes after this point gem 'devise_invitable' gem 'devise-security' gem 'faker' # used for seed data on staging @@ -38,11 +39,10 @@ group :development, :test do gem 'factory_bot_rails', require: false gem 'rspec-rails', require: false gem 'rubocop' - gem 'selenium-webdriver', '3.141.0' # version locked bc/ https://stackoverflow.com/questions/56445641/ruby-watir-selenium-webdriver-depricated-warning/ + gem 'selenium-webdriver' gem 'shoulda-matchers' gem 'simplecov' gem 'webdrivers' - gem 'webmock', '~> 2.1', require: false end group :production do @@ -54,6 +54,6 @@ end group :development do gem 'brakeman' gem 'listen' - gem 'tocer', '~> 9.1' # used for the table of contents in our Readme + gem 'tocer' # used for the table of contents in our Readme end diff --git a/Gemfile.lock b/Gemfile.lock index 47af98b4..4a88c03a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,118 +1,125 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.7) - actionpack (= 6.0.3.7) + actioncable (6.1.4) + actionpack (= 6.1.4) + activesupport (= 6.1.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.7) - actionpack (= 6.0.3.7) - activejob (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) + actionmailbox (6.1.4) + actionpack (= 6.1.4) + activejob (= 6.1.4) + activerecord (= 6.1.4) + activestorage (= 6.1.4) + activesupport (= 6.1.4) mail (>= 2.7.1) - actionmailer (6.0.3.7) - actionpack (= 6.0.3.7) - actionview (= 6.0.3.7) - activejob (= 6.0.3.7) + actionmailer (6.1.4) + actionpack (= 6.1.4) + actionview (= 6.1.4) + activejob (= 6.1.4) + activesupport (= 6.1.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.7) - actionview (= 6.0.3.7) - activesupport (= 6.0.3.7) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.4) + actionview (= 6.1.4) + activesupport (= 6.1.4) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.7) - actionpack (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) + actiontext (6.1.4) + actionpack (= 6.1.4) + activerecord (= 6.1.4) + activestorage (= 6.1.4) + activesupport (= 6.1.4) nokogiri (>= 1.8.5) - actionview (6.0.3.7) - activesupport (= 6.0.3.7) + actionview (6.1.4) + activesupport (= 6.1.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.7) - activesupport (= 6.0.3.7) + activejob (6.1.4) + activesupport (= 6.1.4) globalid (>= 0.3.6) - activemodel (6.0.3.7) - activesupport (= 6.0.3.7) - activerecord (6.0.3.7) - activemodel (= 6.0.3.7) - activesupport (= 6.0.3.7) - activestorage (6.0.3.7) - actionpack (= 6.0.3.7) - activejob (= 6.0.3.7) - activerecord (= 6.0.3.7) + activemodel (6.1.4) + activesupport (= 6.1.4) + activerecord (6.1.4) + activemodel (= 6.1.4) + activesupport (= 6.1.4) + activestorage (6.1.4) + actionpack (= 6.1.4) + activejob (= 6.1.4) + activerecord (= 6.1.4) + activesupport (= 6.1.4) marcel (~> 1.0.0) - activesupport (6.0.3.7) + mini_mime (>= 1.1.0) + activesupport (6.1.4) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) american_date (1.1.1) - ast (2.4.1) + ast (2.4.2) authy (2.7.5) httpclient (>= 2.5.3.3) - aws-eventstream (1.1.0) - aws-partitions (1.371.0) - aws-sdk-core (3.107.0) + aws-eventstream (1.1.1) + aws-partitions (1.479.0) + aws-sdk-core (3.117.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.38.0) - aws-sdk-core (~> 3, >= 3.99.0) + aws-sdk-kms (1.44.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.81.0) - aws-sdk-core (~> 3, >= 3.104.3) + aws-sdk-s3 (1.96.2) + aws-sdk-core (~> 3, >= 3.112.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.2) + aws-sigv4 (1.2.4) aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.16) - brakeman (4.9.1) + brakeman (5.1.1) builder (3.2.4) - bundler-audit (0.7.0.1) + bundler-audit (0.8.0) bundler (>= 1.2.0, < 3) - thor (>= 0.18, < 2) + thor (~> 1.0) byebug (11.1.3) - capybara (3.33.0) + capybara (3.35.3) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.5) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) capybara-select-2 (0.5.1) - carrierwave (2.1.0) + carrierwave (2.2.2) activemodel (>= 5.0.0) activesupport (>= 5.0.0) addressable (~> 2.6) image_processing (~> 1.1) - mimemagic (>= 0.3.0) + marcel (~> 1.0.0) mini_mime (>= 0.1.3) + ssrf_filter (~> 1.0) carrierwave-aws (1.5.0) aws-sdk-s3 (~> 1.0) carrierwave (~> 2.0) - chartkick (3.4.0) - childprocess (0.9.0) - ffi (~> 1.0, >= 1.0.11) - concurrent-ruby (1.1.8) - crack (0.4.3) - safe_yaml (~> 1.0.0) + chartkick (4.0.5) + childprocess (3.0.0) + concurrent-ruby (1.1.9) crass (1.0.6) - database_cleaner (1.8.5) - devise (4.7.2) + database_cleaner (2.0.1) + database_cleaner-active_record (~> 2.0.0) + database_cleaner-active_record (2.0.1) + activerecord (>= 5.a) + database_cleaner-core (~> 2.0.0) + database_cleaner-core (2.0.1) + devise (4.8.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -121,36 +128,34 @@ GEM devise-authy (2.2.1) authy (>= 2.7.5) devise (>= 4.0.0) - devise-security (0.14.3) + devise-security (0.16.0) devise (>= 4.3.0, < 5.0) - rails (>= 4.2.0, < 7.0) - devise_invitable (2.0.2) + devise_invitable (2.0.5) actionmailer (>= 5.0) devise (>= 4.6) diff-lcs (1.4.4) - docile (1.3.2) + docile (1.4.0) dotenv (2.7.6) dotenv-rails (2.7.6) dotenv (= 2.7.6) railties (>= 3.2) erubi (1.10.0) - factory_bot (6.1.0) + factory_bot (6.2.0) activesupport (>= 5.0.0) - factory_bot_rails (6.1.0) - factory_bot (~> 6.1.0) + factory_bot_rails (6.2.0) + factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (2.14.0) + faker (2.18.0) i18n (>= 1.6, < 2) - ffi (1.13.1) - filterrific (5.2.1) + ffi (1.15.3) + filterrific (5.2.2) geography_helper (1.0.1) globalid (0.4.2) activesupport (>= 4.2.0) - hashdiff (1.0.1) httpclient (2.8.3) i18n (1.8.10) concurrent-ruby (~> 1.0) - image_processing (1.11.0) + image_processing (1.12.1) mini_magick (>= 4.9.5, < 5) ruby-vips (>= 2.0.17, < 3) jmespath (1.4.0) @@ -160,33 +165,30 @@ GEM thor (>= 0.14, < 2.0) jquery-ui-rails (6.0.1) railties (>= 3.2.16) - listen (3.2.1) + listen (3.6.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.9.1) + loofah (2.10.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) marcel (1.0.1) method_source (1.0.0) - mimemagic (0.4.3) - nokogiri (~> 1) - rake - mini_magick (4.10.1) + mini_magick (4.11.0) mini_mime (1.1.0) - mini_portile2 (2.5.3) minitest (5.14.4) nio4r (2.5.7) - nokogiri (1.11.7) - mini_portile2 (~> 2.5.0) + nokogiri (1.11.7-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.11.7-x86_64-linux) racc (~> 1.4) orm_adapter (0.5.0) - parallel (1.19.2) - parser (2.7.1.4) + parallel (1.20.1) + parser (3.0.2.0) ast (~> 2.4.1) pg (1.2.3) - pg_search (2.3.2) + pg_search (2.3.5) activerecord (>= 5.2) activesupport (>= 5.2) public_suffix (4.0.6) @@ -194,85 +196,84 @@ GEM nio4r (~> 2.0) racc (1.5.2) rack (2.2.3) - rack-attack (6.3.1) + rack-attack (6.5.0) rack (>= 1.0, < 3) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.7) - actioncable (= 6.0.3.7) - actionmailbox (= 6.0.3.7) - actionmailer (= 6.0.3.7) - actionpack (= 6.0.3.7) - actiontext (= 6.0.3.7) - actionview (= 6.0.3.7) - activejob (= 6.0.3.7) - activemodel (= 6.0.3.7) - activerecord (= 6.0.3.7) - activestorage (= 6.0.3.7) - activesupport (= 6.0.3.7) - bundler (>= 1.3.0) - railties (= 6.0.3.7) + rails (6.1.4) + actioncable (= 6.1.4) + actionmailbox (= 6.1.4) + actionmailer (= 6.1.4) + actionpack (= 6.1.4) + actiontext (= 6.1.4) + actionview (= 6.1.4) + activejob (= 6.1.4) + activemodel (= 6.1.4) + activerecord (= 6.1.4) + activestorage (= 6.1.4) + activesupport (= 6.1.4) + bundler (>= 1.15.0) + railties (= 6.1.4) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.7) - actionpack (= 6.0.3.7) - activesupport (= 6.0.3.7) + railties (6.1.4) + actionpack (= 6.1.4) + activesupport (= 6.1.4) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 0.13) + thor (~> 1.0) rainbow (3.0.0) - rake (13.0.3) - rb-fsevent (0.10.4) + rake (13.0.6) + rb-fsevent (0.11.0) rb-inotify (0.10.1) ffi (~> 1.0) - refinements (6.3.2) - regexp_parser (1.7.1) + refinements (8.2.0) + regexp_parser (2.1.1) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) - rollbar (3.0.0) - rspec-core (3.9.2) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.2) + rollbar (3.2.0) + rspec-core (3.10.1) + rspec-support (~> 3.10.0) + rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) + rspec-support (~> 3.10.0) + rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-rails (4.0.1) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) - rspec-core (~> 3.9) - rspec-expectations (~> 3.9) - rspec-mocks (~> 3.9) - rspec-support (~> 3.9) - rspec-support (3.9.3) - rubocop (0.91.0) + rspec-support (~> 3.10.0) + rspec-rails (5.0.1) + actionpack (>= 5.2) + activesupport (>= 5.2) + railties (>= 5.2) + rspec-core (~> 3.10) + rspec-expectations (~> 3.10) + rspec-mocks (~> 3.10) + rspec-support (~> 3.10) + rspec-support (3.10.2) + rubocop (1.18.4) parallel (~> 1.10) - parser (>= 2.7.1.1) + parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.7) + regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 0.4.0, < 1.0) + rubocop-ast (>= 1.8.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 2.0) - rubocop-ast (0.4.1) - parser (>= 2.7.1.4) - ruby-progressbar (1.10.1) - ruby-vips (2.0.17) - ffi (~> 1.9) - ruby_http_client (3.5.1) - rubyzip (1.3.0) - runcom (5.1.1) - refinements (~> 6.0) - xdg (~> 3.1) - safe_yaml (1.0.5) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.8.0) + parser (>= 3.0.1.1) + ruby-progressbar (1.11.0) + ruby-vips (2.1.2) + ffi (~> 1.12) + ruby_http_client (3.5.2) + rubyzip (2.3.2) + runcom (7.1.1) + refinements (~> 8.0) + xdg (~> 5.0) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -285,23 +286,23 @@ GEM sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) select2-rails (4.0.13) - selenium-webdriver (3.141.0) - childprocess (~> 0.5) - rubyzip (~> 1.2, >= 1.2.2) - sendgrid-ruby (6.3.4) + selenium-webdriver (3.142.7) + childprocess (>= 0.5, < 4.0) + rubyzip (>= 1.2.2) + sendgrid-ruby (6.4.0) ruby_http_client (~> 3.4) - shoulda-matchers (4.4.1) - activesupport (>= 4.2.0) - simple_calendar (2.4.1) + shoulda-matchers (5.0.0) + activesupport (>= 5.2.0) + simple_calendar (2.4.3) rails (>= 3.0) - simplecov (0.19.0) + simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) - simplecov-html (0.12.2) - skylight (4.3.1) - skylight-core (= 4.3.1) - skylight-core (4.3.1) - activesupport (>= 4.2.0) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.3) + skylight (5.1.1) + activesupport (>= 5.2.0) sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -309,44 +310,41 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - thor (0.20.3) - thread_safe (0.3.6) + ssrf_filter (1.0.7) + thor (1.1.0) tilt (2.0.10) - timecop (0.9.1) - tocer (9.1.2) - refinements (~> 6.0) - runcom (~> 5.0) - thor (~> 0.20) + timecop (0.9.4) + tocer (12.0.2) + refinements (~> 8.0) + runcom (~> 7.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.9) - thread_safe (~> 0.1) - unicode-display_width (1.7.0) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + unicode-display_width (2.0.0) warden (1.2.9) rack (>= 2.0.9) webdrivers (4.4.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) selenium-webdriver (>= 3.0, < 4.0) - webmock (2.3.2) - addressable (>= 2.3.6) - crack (>= 0.3.2) - hashdiff - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) will_paginate (3.3.0) - xdg (3.1.1) + xdg (5.1.1) xpath (3.2.0) nokogiri (~> 1.8) zeitwerk (2.4.2) PLATFORMS - ruby + x86_64-darwin-19 + x86_64-linux DEPENDENCIES american_date + authy (= 2.7.5) brakeman bundler-audit byebug @@ -357,7 +355,7 @@ DEPENDENCIES chartkick database_cleaner devise - devise-authy + devise-authy (= 2.2.1) devise-security devise_invitable dotenv-rails @@ -378,21 +376,20 @@ DEPENDENCIES rubocop sass-rails (~> 5.x) select2-rails - selenium-webdriver (= 3.141.0) + selenium-webdriver sendgrid-ruby shoulda-matchers simple_calendar simplecov skylight timecop - tocer (~> 9.1) + tocer turbolinks (~> 5.x) webdrivers - webmock (~> 2.1) will_paginate RUBY VERSION - ruby 2.6.6p146 + ruby 3.0.2p107 BUNDLED WITH - 2.1.4 + 2.2.22 diff --git a/app/uploaders/pdf_draft_uploader.rb b/app/uploaders/pdf_draft_uploader.rb index dcacae9b..4eb18b60 100644 --- a/app/uploaders/pdf_draft_uploader.rb +++ b/app/uploaders/pdf_draft_uploader.rb @@ -37,8 +37,8 @@ def store_dir # process resize_to_fit: [50, 50] # end - # Whitelist for permitted extensions - def extension_whitelist + # Allowlist for permitted extensions + def extension_allowlist %w[jpg jpeg gif png doc docx pdf txt pages cda mp3 zip mov mp4] end diff --git a/config/environments/production.rb b/config/environments/production.rb index e77915d3..77f45b86 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -57,7 +57,7 @@ # config.cache_store = :mem_cache_store # Right now only rack-attack uses this. Probably want to change if not. - config.cache_store = :file_store, { expires_in: 1.day } + config.cache_store = :file_store, "#{root}/tmp/cache/", { expires_in: 1.day } # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque diff --git a/config/locales/en.yml b/config/locales/en.yml index 7d9f666b..f7951454 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -32,4 +32,4 @@ en: errors: messages: - extension_whitelist_error: 'File could not be uploaded. Only text and image files are permitted.' + extension_allowlist_error: 'File could not be uploaded. Only text and image files are permitted.' diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 22f0eaac..9d8ebf6c 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,11 +1,7 @@ -require 'webmock/rspec' require 'simplecov' SimpleCov.start 'rails' -# Start disabled. Add :webmock_enabled metadata on describe/context blocks where you want WebMock enabled. -WebMock.disable! - RSpec.configure do |config| # rspec-expectations config goes here. You can use an alternate # assertion/expectation library such as wrong or the stdlib/minitest