Merge pull request #314 from ackama/security-updates

Security updates
ackama · Jun 8, 2020 · 6d22b3b · 6d22b3b
2 parents cf31d39 + 6e5bca4
commit 6d22b3b
Show file tree

Hide file tree

Showing 45 changed files with 3,305 additions and 3,217 deletions.
diff --git a/.rubocop-https---bitbucket-org-rabidtech-rabid-dotfiles-raw-master--rubocop-yml b/.rubocop-https---bitbucket-org-rabidtech-rabid-dotfiles-raw-master--rubocop-yml
@@ -162,3 +162,55 @@ Style/FormatStringToken:
 Lint/AmbiguousBlockAssociation:
   Exclude:
     - "spec/**/*"
+
+# https://www.rubydoc.info/gems/rubocop/0.37.0/RuboCop/Cop/Performance/HashEachMethods
+Style/HashEachMethods:
+  Enabled: true
+
+# https://rubocop.readthedocs.io/en/latest/cops_style/
+Style/HashTransformKeys:
+  Enabled: false
+
+# https://rubocop.readthedocs.io/en/latest/cops_style/
+Style/HashTransformValues:
+  Enabled: false
+
+# https://rubocop.readthedocs.io/en/latest/cops_lint/#lintraiseexception
+Lint/RaiseException:
+  Enabled: true
+
+# https://rubocop.readthedocs.io/en/latest/cops_lint/#lintstructnewoverride
+Lint/StructNewOverride:
+  Enabled: true
+
+# https://docs.rubocop.org/en/latest/cops_layout/#layoutspacearoundmethodcalloperator
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
+# https://docs.rubocop.org/en/latest/cops_style/#styleexponentialnotation
+Style/ExponentialNotation:
+  Enabled: true
+
+# https://docs.rubocop.org/en/stable/cops_layout/#layoutemptylinesaroundattributeaccessor
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+
+# https://docs.rubocop.org/en/latest/cops_style/#styleslicingwithrange
+Style/SlicingWithRange:
+  Enabled: true
+
+# https://docs.rubocop.org/rubocop/cops_lint.html#lintdeprecatedopensslconstant
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+
+# https://docs.rubocop.org/rubocop/cops_lint.html#lintmixedregexpcapturetypes
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+
+# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantregexpcharacterclass
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+
+# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantregexpescape
+Style/RedundantRegexpEscape:
+  Enabled: true
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -43,7 +43,7 @@ Metrics/ClassLength:
   Exclude:
     - "spec/**/*"
 
-Metrics/LineLength:
+Layout/LineLength:
   Exclude:
     - "config/**/*"
     - "db/**/*"

diff --git a/.stylelintignore b/.stylelintignore
@@ -0,0 +1,6 @@
+# this file uses .gitignore syntax
+node_modules/
+coverage/
+public/
+vendor/
+tmp/
diff --git a/.stylelintrc.js b/.stylelintrc.js
@@ -0,0 +1,7 @@
+module.exports = {
+  plugins: ['stylelint-scss'],
+  extends: ['stylelint-config-recommended-scss'],
+  rules: {
+    'no-descending-specificity': null
+  }
+};
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -168,25 +168,24 @@ GEM
     inline_svg (1.5.2)
       activesupport (>= 3.0)
       nokogiri (>= 1.6)
-    jaro_winkler (1.5.3)
     jmespath (1.3.1)
     jquery-rails (4.3.5)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (2.3.0)
-    kaminari (1.1.1)
+    kaminari (1.2.1)
       activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.1.1)
-      kaminari-activerecord (= 1.1.1)
-      kaminari-core (= 1.1.1)
-    kaminari-actionview (1.1.1)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
       actionview
-      kaminari-core (= 1.1.1)
-    kaminari-activerecord (1.1.1)
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
       activerecord
-      kaminari-core (= 1.1.1)
-    kaminari-core (1.1.1)
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
@@ -225,8 +224,8 @@ GEM
     overcommit (0.49.1)
       childprocess (>= 0.6.3, < 2.0)
       iniparse (~> 1.4)
-    parallel (1.17.0)
-    parser (2.6.3.0)
+    parallel (1.19.1)
+    parser (2.7.1.3)
       ast (~> 2.4.0)
     pg (1.1.4)
     pry (0.12.2)
@@ -235,7 +234,7 @@ GEM
     pry-rails (0.3.9)
       pry (>= 0.10.4)
     public_suffix (3.1.1)
-    puma (4.3.3)
+    puma (4.3.5)
       nio4r (~> 2.0)
     pundit (2.1.0)
       activesupport (>= 3.0.0)
@@ -286,10 +285,11 @@ GEM
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     redis (4.1.2)
-    regexp_parser (1.6.0)
+    regexp_parser (1.7.1)
     responders (3.0.0)
       actionpack (>= 5.0)
       railties (>= 5.0)
+    rexml (3.2.4)
     rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.4)
@@ -307,14 +307,18 @@ GEM
       rspec-mocks (~> 3.8.0)
       rspec-support (~> 3.8.0)
     rspec-support (3.8.2)
-    rubocop (0.74.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (0.85.1)
       parallel (~> 1.10)
-      parser (>= 2.6)
+      parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.0.3)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-performance (1.4.1)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.0.3)
+      parser (>= 2.7.0.1)
+    rubocop-performance (1.6.1)
       rubocop (>= 0.71.0)
     rubocop-rails (2.3.0)
       rack (>= 1.1)
@@ -323,7 +327,7 @@ GEM
     ruby-vips (2.0.16)
       ffi (~> 1.9)
     ruby_dep (1.5.0)
-    rubyzip (2.2.0)
+    rubyzip (2.3.0)
     sassc (2.1.0)
       ffi (~> 1.9)
     sassc-rails (2.1.2)
@@ -363,15 +367,15 @@ GEM
     turbolinks-source (5.2.0)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    unicode-display_width (1.6.0)
+    unicode-display_width (1.7.0)
     virtus (1.0.5)
       axiom-types (~> 0.1)
       coercible (~> 1.0)
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
     warden (1.2.8)
       rack (>= 2.0.6)
-    webdrivers (4.2.0)
+    webdrivers (4.4.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
@@ -381,7 +385,7 @@ GEM
       railties (>= 4.2)
     websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
+    websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.3.0)

diff --git a/app/assets/stylesheets/administrate/base/_tables.scss b/app/assets/stylesheets/administrate/base/_tables.scss
@@ -16,7 +16,7 @@ thead {
 }
 
 tr {
-  border-bottom: $base-border !important; //sass-lint:disable-line no-important
+  border-bottom: $base-border !important;
 }
 
 tbody {

diff --git a/app/assets/stylesheets/administrate/components/_search.scss b/app/assets/stylesheets/administrate/components/_search.scss
@@ -1,4 +1,3 @@
-
 $_search-icon-size: 1rem;
 
 .search {
@@ -49,7 +48,3 @@ $_search-icon-size: 1rem;
     }
   }
 }
-
-
-
-
diff --git a/app/frontend/application.scss b/app/frontend/application.scss
@@ -30,6 +30,5 @@
 @import "components/sign-comments";
 @import "components/sign-examples";
 
-
 // Extension is required, otherwise webpacker tries to bundle video.js.
-@import "components/video.scss"; // sass-lint:disable-line clean-import-paths
+@import "components/video.scss";
diff --git a/app/frontend/components/_avatar.scss b/app/frontend/components/_avatar.scss
@@ -2,10 +2,9 @@
   border: solid 2px $white;
   border-radius: 50%;
 
-
   // Required to avoid avatar elements inside menus getting scaled by
   // .menu li > img
-  transform: none !important; //sass-lint:disable-line no-important
+  transform: none !important;
 
   &--small {
     height: 32px;

diff --git a/app/frontend/components/_chosen.scss b/app/frontend/components/_chosen.scss
@@ -1,5 +1,3 @@
-// sass-lint:disable force-element-nesting
-
 $chosen-sprite: url("images/chosen-sprite-adjusted.png");
 $chosen-sprite-retina: url("images/chosen-sprite@2x.png") !default;
 $chosen-font-family: inherit;

diff --git a/app/frontend/components/_comment-select.scss b/app/frontend/components/_comment-select.scss
@@ -1,4 +1,3 @@
-
 .comment-select {
   label,
   select {

diff --git a/app/frontend/components/_form.scss b/app/frontend/components/_form.scss
@@ -59,14 +59,14 @@
   &__buttons {
 
     &--alert {
-      color: get-color(alert) !important; //sass-lint:disable-line no-important
+      color: get-color(alert) !important;
 
       span {
         margin-left: 0.5rem;
       }
 
       &:hover {
-        background-color: get-color(alert-x-light) !important; //sass-lint:disable-line no-important
+        background-color: get-color(alert-x-light) !important;
       }
     }
   }

diff --git a/app/frontend/components/_hero-unit.scss b/app/frontend/components/_hero-unit.scss
@@ -18,7 +18,6 @@
     margin-top: 1rem;
     z-index: 1;
 
-
     @include breakpoint(large) {
       padding: 4rem 0 2rem;
     }
@@ -34,7 +33,7 @@
       background-image: url("images/search.svg");
       background-position: calc(100% - 1rem);
       background-repeat: no-repeat;
-      margin: 0 !important; // sass-lint:disable-line no-important
+      margin: 0 !important;
       padding-right: 2rem;
       transition: box-shadow, background-color linear 0.5s;
     }
@@ -62,7 +61,7 @@
 
     & > a,
     & > li > a {
-      //sass-lint:disable-block no-important
+
       color: get-color(medium) !important;
       font-weight: normal !important;
       padding: 0 1.5rem 0 0 !important;

diff --git a/app/frontend/components/_icons.scss b/app/frontend/components/_icons.scss
@@ -48,7 +48,6 @@ $icon-palette: map-merge(
   @include icon-fill;
   @include icon-size;
 
-
   @each $name, $color in $icon-palette {
     &--#{$name} { @include icon-fill($color); }
     &--stroke-#{$name} { @include icon-stroke($color); }

diff --git a/app/frontend/components/_messages.scss b/app/frontend/components/_messages.scss
@@ -12,27 +12,27 @@
       @include xy-cell(11);
 
       margin-top: 0;
-    };
+    }
 
     @include breakpoint(large) {
       @include xy-cell(9);
       @include xy-cell-offset(2);
-    };
+    }
 
     .home-page-messages {
       width: 75%;
 
       @include breakpoint(large) {
         width: 85%;
-      };
+      }
 
       @include breakpoint(xlarge) {
         width: 75%;
-      };
+      }
 
       @include breakpoint(xxlarge) {
         width: 70%;
-      };
+      }
     }
   }
 }
diff --git a/app/frontend/components/_navigation.scss b/app/frontend/components/_navigation.scss
@@ -1,4 +1,4 @@
-.navigation {  // sass-lint:disable-block no-important
+.navigation {
 
   @include breakpoint(medium) {
     @include flex;
@@ -86,8 +86,6 @@
     }
   }
 
-
-
   &__item {
     @include breakpoint(medium) {
       @include flex;
@@ -96,7 +94,7 @@
 
     & > a,
     & > li > a {
-      //sass-lint:disable-next-line no-important
+
       color: $white !important; // Override default menu styles
       font-weight: bold !important; //Override default menu styles
       padding: 0.5rem;
@@ -128,7 +126,6 @@
   }
 }
 
-
 .submenu-toggle {
   outline: none;
 }

diff --git a/app/frontend/components/_no-js.scss b/app/frontend/components/_no-js.scss
@@ -1,4 +1,4 @@
-body { // sass-lint:disable-block no-important
+body {
   &.no-js {
     .hide-if-no-js {
       display: none !important;

diff --git a/app/frontend/components/_search-bar.scss b/app/frontend/components/_search-bar.scss
@@ -3,7 +3,6 @@
   flex: 1;
   height: 100%;
 
-
   label {
     flex: 1;
     margin: 0;
@@ -22,7 +21,7 @@
       border-radius: 5000px;
     }
 
-    @include breakpoint(medium) { // sass-lint:disable-block no-important
+    @include breakpoint(medium) {
       border-radius: $global-radius;
       margin: 0.5rem auto !important;
     }