Commit Graph

965 Commits

Author SHA1 Message Date
Robin Ward
a6701d8710 FIX: Gemfile bundler was breaking build
We update bundler in app.yml and the version received was too
new for our Gemfile.lock
2019-12-26 14:40:27 -05:00
Krzysztof Kotlarek
e1e571d32c SECURITY: upgrade rack-mini-profiler to avoid possible XSS (#8537) 2019-12-12 13:23:09 +11:00
Sam Saffron
fd0bb34001 SECURITY: update rack-mini-profiler to latest to correct XSS
This corrects an XSS in ?pp=help.

Also removes the jQuery dependency from rack-mini-profiler and restricts
memory sensitive profiling methods development only.
2019-10-01 16:56:51 +10:00
Sam Saffron
6477531098 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:31:58 +10:00
Sam Saffron
0fa02274c2 DEV: bump version on mini_scheduler
This corrects a catastrophic state that can ensue if redis becomes readonly

It also adds support for multiple queues and minor cleanup
2019-06-25 11:50:19 -04:00
Guo Xiang Tan
29259b46ae DEV: Verbose mode for posts:inline_uploads rake task. 2019-06-10 08:59:11 +08:00
Guo Xiang Tan
1991af2abb DEV: Switch InlineUploads to a regexp based implementation. 2019-06-04 15:54:25 +08:00
Guo Xiang Tan
d93e5fb00d DEV: Class that converts MD with old attachment links to new MD. 2019-06-04 15:54:25 +08:00
Vinoth Kannan
787ccb5746 revert the bundler version
871fcf1117
2019-06-04 08:45:30 +05:30
Vinoth Kannan
871fcf1117 PERF: omit user profile and private message stats in web hook serializer. 2019-06-04 08:44:10 +05:30
David Taylor
8511bfe583 Bump omniauth-google-oauth2 gem version
Pinning to an old version is no longer required following 8b4d6dafea
2019-06-03 19:17:00 +01:00
Joffrey JAFFEUX
ee43b36b64
Bump onebox version. (#7666)
Fixes multiple possible sources of exceptions due to frozen strings. Wikipedia onebox was definitely failing before this patch.
2019-05-31 17:04:34 +02:00
Joffrey JAFFEUX
75d413ad11
Bump onebox version. (#7665)
Fixes a regression with soundclound onebox due to frozen string literal.
2019-05-31 16:41:33 +02:00
Arpit Jalan
bf3c781f26 Bump onebox version.
- add frozen string literal to all the files
2019-05-28 17:39:42 +05:30
Daniel Waterworth
f46d2ad086 DEV: Update test-prof (#7572)
* Updated test-prof

* Made rails_helper.rb use new test-prof APIs

Instead of the previous temporary hacks.

* Added environment option to disable prefabrication

It was removed mistakenly
2019-05-21 22:07:40 +10:00
Arpit Jalan
ce89f19250 Bump onebox version.
- use Vimeo engine for private links only
- if og:video_url is missing, make one using Vimeo ID
2019-05-20 12:24:43 +05:30
Sam Saffron
a4627c3d82 DEV: revert bundler to 1.7.3
At the moment bundler 2.0 is not compatible with:

https://github.com/discourse/discourse-backup-uploads-to-s3

We plan to get this fixed but in the mean time do not upgrade.

followup to 2a7065c5
2019-05-20 11:23:28 +10:00
Vinoth Kannan
2a7065c505 FIX: skip uploads without etag in s3 inventory check. 2019-05-20 00:09:52 +05:30
Régis Hanol
081eb76308 DEV: update rubocop - take 2 2019-05-17 14:13:25 +02:00
Régis Hanol
88102ce13d DEV: update rubocop 2019-05-17 14:08:58 +02:00
Sam Saffron
bbcc39e66c FEATURE: update mini_racer to version including heap dump support
We recently noticed a leak, this introduces a new method on MiniRacer::Context

```
context.write_heap_snapshot(path)
```

To dump current memory in v8 context to a file, this can then be analyzed
in chrome and other similar tools

Can be triggered in production using rbtrace
2019-05-14 18:01:15 +10:00
Gerhard Schlager
73da9c171a DEV: Upgrade unicorn
The gem has minor bug fixes. One of those stopped the RubyMine debugger from working.
2019-05-07 17:03:27 +02:00
Arpit Jalan
d679c4e0eb Bump onebox version.
- FIX: encode the URL per RFC 3986 spec
2019-05-06 18:17:42 +05:30
Vinoth Kannan
28547c6f08 revert bundler version change
73418aaf73
2019-05-02 04:37:55 +05:30
Vinoth Kannan
73418aaf73 DEV: Add bucket folder path to inventory id 2019-05-02 04:35:35 +05:30
romanrizzi
2ebe9e3a8b Bump onebox version 2019-04-30 10:07:48 -03:00
Guo Xiang Tan
09b3d0c2a0
DEV: Only install danger on Travis. (#7452) 2019-04-29 14:45:24 +08:00
Sam Saffron
fa313564d7 DEV: update rails multisite
This gives us Rails 6 support, should not impact existing behavior
2019-04-29 16:24:47 +10:00
Sam Saffron
c0a5a07eda DEV: missing change from prev commit 2019-04-29 15:52:47 +10:00
Sam Saffron
7ea5c8a5f5 DEV: update AWS dependency
AWS is a big moving target, this fills gaps in the API. Technically we
use such a tiny surface area that it probably does not matter, but it is
good to be up to date here.
2019-04-29 15:39:19 +10:00
Sam Saffron
2d9c8581ce DEV: low risk gem updates
This updates another batch of gems that are lowish risk

Most of the gem changes are here for Rails 6 / Ruby 2.6.3 support

Excon did some stuff around better cipher ordering
2019-04-29 15:33:01 +10:00
Sam Saffron
9797073de0 DEV: update mini_sql and some other gems
Big one is mini_sql, only noticeable change is that the internals now
support jruby!
2019-04-29 15:04:19 +10:00
Sam Saffron
75c1506cb0 DEV: update minor dependencies
These gems have very minor changes, and are low risk updates
2019-04-29 15:00:58 +10:00
Sam Saffron
b3d91ea541 DEV: update rubocop
No changes required in core Discourse.
2019-04-29 14:57:30 +10:00
Sam Saffron
6449170e15 DEV: update mini racer version
Mini Racer 0.2.5 provides support for libv8 7.3 (so we just upgraded from
Chrome 67 -> 73 JS engine wise)
2019-04-29 10:22:27 +10:00
Maja Komel
4b455e741e DEV: Ember 3.8.0
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-04-26 12:16:21 +02:00
Sam Saffron
68d7b4023b FIX: update mini scheduler
The UX was not showing any durations longer than 1 minute for scheduled
jobs

Also updates sidekiq and rack minor versions which are low risk
2019-04-26 11:24:17 +10:00
Vinoth Kannan
1724c27713 FIX: reload the 'post' model to retrive raw field value. 2019-04-25 02:09:27 +05:30
Vinoth Kannan
aed683390c FIX: Don't treat 'upload_patterns' as constant to make the rake task compatible with multisite 2019-04-25 02:06:20 +05:30
Gerhard Schlager
01a3311ffb SECURITY: Update nokogiri 2019-04-24 10:42:24 +02:00
Arpit Jalan
e8f51815e5 Bump onebox version.
- Update github_blob engine to support displaying stl files
- FEATURE: add `data-original-href` attribute to Vimeo iframes
- Add poster image for video oneboxes
2019-04-24 13:59:14 +05:30
Guo Xiang Tan
8c8d3bea31 Remove unncessary gems installed due to Rails 5.2.3 upgrade.
Follow up to b3dcaacdf4.
2019-04-23 17:44:49 +08:00
Guo Xiang Tan
b3dcaacdf4 Update Rails to 5.2.3. 2019-04-20 10:49:54 +09:00
Daniel Waterworth
7e3628d11f Added test-prof as a dependency (#7395)
test-prof is a collection of tools for analyzing test-suite performance.
2019-04-19 10:52:31 +02:00
Nicolas Sebastian Vidal
2b8487b0ea Removed "shoulda" gem in favor of "shoulda-matchers" and update (#7387)
* Update shoulda gem

* Remove shoulda gem in favor of shoulda-matchers only
2019-04-18 07:41:37 +10:00
Guo Xiang Tan
e50494bcde Revert "DEV: Upgradae to Bundler 2."
This reverts commit f65c8a7ba1.

I can't deal with this now.
2019-04-15 11:05:51 +08:00
Guo Xiang Tan
f65c8a7ba1 DEV: Upgradae to Bundler 2. 2019-04-15 09:02:02 +08:00
Vinoth Kannan
70fef8e0c3 FIX: change to correct bundled version 2019-04-14 14:46:56 +05:30
Vinoth Kannan
87b53e170b FIX: skip <br> inside <p> if next character is \n 2019-04-14 14:44:54 +05:30
Roman Rizzi
76e76140e1 Bump onebox version 2019-04-12 10:28:36 -03:00