Update to v0.18.0#39
Draft
shadoath wants to merge 110 commits into
Draft
Conversation
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.3 to 1.11.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.11.3...v1.11.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [activerecord](https://github.com/rails/rails) from 6.1.3.2 to 6.1.4. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v6.1.4/activerecord/CHANGELOG.md) - [Commits](rails/rails@v6.1.3.2...v6.1.4) --- updated-dependencies: - dependency-name: activerecord dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add params to collection filter To filter a collection you can define COLLECTION_FILTER and use them like "filter:". With this PR you can also params to those filter and use them like "filter:param". The COLLECTION_FILTER will be called with the params a second argument. This ideas was already mentioned in the initial PR for COLLECTION_FILTERS, but not implemented. (github.com/thoughtbot/pull/947) * make sure filter and terms get not confused a filter like kind:vip and a terms like order:12 should not get confused. * take care of hound warnings * 2 more hound warnings taken care of
Version 1.0.1 invokes `YAML.safe_load` with arguments that are incompatible with Ruby 2.5, causing an `ArgumentError: unknown keyword: permitted_classes`
Bumps [appraisal](https://github.com/thoughtbot/appraisal) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/thoughtbot/appraisal/releases) - [Commits](thoughtbot/appraisal@v2.4.0...v2.4.1) --- updated-dependencies: - dependency-name: appraisal dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 0.5.2. - [Release notes](https://github.com/rails/globalid/releases) - [Commits](rails/globalid@v0.4.2...v0.5.2) --- updated-dependencies: - dependency-name: globalid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Ruby 2.5 reached EOL with the 2.5.9 release on 2021-04-05, we're now starting to see many deprecations of other libraries and so it's time for us to drop it too. http://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/rspec/rspec-rails/releases) - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](rspec/rspec-rails@v5.0.1...v5.0.2) --- updated-dependencies: - dependency-name: rspec-rails dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actionview](https://github.com/rails/rails) from 6.1.4 to 6.1.4.1. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v6.1.4.1/actionview/CHANGELOG.md) - [Commits](rails/rails@v6.1.4...v6.1.4.1) --- updated-dependencies: - dependency-name: actionview dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 3.142.7 to 4.0.3. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](https://github.com/SeleniumHQ/selenium/commits) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.35.3 to 3.36.0. - [Release notes](https://github.com/teamcapybara/capybara/releases) - [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md) - [Commits](teamcapybara/capybara@3.35.3...3.36.0) --- updated-dependencies: - dependency-name: capybara dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.34 to 0.9.35. - [Release notes](https://github.com/glebm/i18n-tasks/releases) - [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md) - [Commits](glebm/i18n-tasks@v0.9.34...v0.9.35) --- updated-dependencies: - dependency-name: i18n-tasks dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [globalid](https://github.com/rails/globalid) from 0.5.2 to 1.0.0. - [Release notes](https://github.com/rails/globalid/releases) - [Commits](rails/globalid@v0.5.2...v1.0.0) --- updated-dependencies: - dependency-name: globalid dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [yard](https://github.com/lsegal/yard) from 0.9.26 to 0.9.27. - [Release notes](https://github.com/lsegal/yard/releases) - [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md) - [Commits](lsegal/yard@v0.9.26...v0.9.27) --- updated-dependencies: - dependency-name: yard dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actionview](https://github.com/rails/rails) from 6.1.4.1 to 6.1.4.4. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v7.0.0/actionview/CHANGELOG.md) - [Commits](rails/rails@v6.1.4.1...v6.1.4.4) --- updated-dependencies: - dependency-name: actionview dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Several years ago in PR 1245 this was pinned with this message: > Pin the capybara gem, until we can drop Ruby 2.2.0 > Any capybara versions above 3.0.0 require a newer Ruby than 2.2.0, which > we will support in line with Rails requirements. Ruby 2.2 support has been dropped, so I think we can drop the pinning now? It doesn't really do much at this point anyway since dependabot is automatically updating to the lastest versions soon after they are released.
And refactor ".circleci/config" a bit. With all the current variations & limitations it's probably better to just list the supported configurations explicitly rather than trying to share config blocks.
If you have ActiveRecord i18n translation of the model you don't need to do
anything extra, if not, make an ActiveRecord i18n translation of the model.
e.g.:
The recipe has many recipe items.
```ruby
ATTRIBUTE_TYPES = {
recipe_items: Field::HasMany,
id: Field::Number,
name: Field::String,
package_spec: Field::String,
remark: Field::String,
created_at: Field::DateTime,
updated_at: Field::DateTime,
}.freeze
```
```yaml
zh-TW:
activerecord:
models:
recipe: 配方表
recipe_item: 材料
```
Since Administrate was released, browser support for native fields around date/time/datetime picking has improved substantially. Now, every major browser has adequate support for native pickers. For those who need to support older browsers, we'd recommend using a polyfill such as: https://github.com/jonstipe/datetime-local-polyfill This commit should maintain like-for-like compatability, including allowing filling out seconds by setting the `step` attribute. https://caniuse.com/input-datetime https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/datetime-local https://stackoverflow.com/questions/20111413/html5-datetime-local-control-how-to-hide-seconds
Bumps [pundit](https://github.com/varvet/pundit) from 2.1.1 to 2.2.0. - [Release notes](https://github.com/varvet/pundit/releases) - [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md) - [Commits](varvet/pundit@v2.1.1...v2.2.0) --- updated-dependencies: - dependency-name: pundit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](ged/ruby-pg@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This resolves CVE-2022-23633, a possible exposure of information vulnerability in Action Pack. https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released GHSA-wh98-p28r-vrc9 https://github.com/rails/rails/releases/tag/v6.1.4.6
Bumps [pg](https://github.com/ged/ruby-pg) from 1.3.2 to 1.3.3. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](ged/ruby-pg@v1.3.2...v1.3.3) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.1 to 1.13.3. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.1...v1.13.3) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [administrate-field-image](https://github.com/graysonwright/administrate-field-image) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/graysonwright/administrate-field-image/releases) - [Changelog](https://github.com/thoughtbot/administrate-field-image/blob/main/CHANGELOG.md) - [Commits](thoughtbot/administrate-field-image@v1.1.0...v1.2.0) --- updated-dependencies: - dependency-name: administrate-field-image dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dotenv-rails](https://github.com/bkeepers/dotenv) from 2.7.6 to 2.8.1. - [Release notes](https://github.com/bkeepers/dotenv/releases) - [Changelog](https://github.com/bkeepers/dotenv/blob/master/Changelog.md) - [Commits](bkeepers/dotenv@v2.7.6...v2.8.1) --- updated-dependencies: - dependency-name: dotenv-rails dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pg](https://github.com/ged/ruby-pg) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](ged/ruby-pg@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [faker](https://github.com/faker-ruby/faker) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md) - [Commits](faker-ruby/faker@v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webmock](https://github.com/bblimke/webmock) from 3.14.0 to 3.16.0. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](bblimke/webmock@v3.14.0...v3.16.0) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [webmock](https://github.com/bblimke/webmock) from 3.16.0 to 3.17.0. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](bblimke/webmock@v3.16.0...v3.17.0) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Rails 5.0 and 5.1 already reached end-of-life, and 5.2 will reach it next week. Time to drop support for them. Additionally, removed gemfiles/sass_3_4.gemfile, which was a leftover from thoughtbot#1197 https://guides.rubyonrails.org/maintenance_policy.html#severe-security-issues thoughtbot#1197
When referring to a route in the code, we run two checks: * `valid_action?` is `true` if the route is defined, `false` otherwise. * `show_action?` is expected to be overridden by developers in order to implement authorization. For example, it's implemented by `Administrate::Punditize` in order to integrate Administrate with Pundit. It should return `true` if the current user can access a given route, `false` otherwise. These two check should (almost) always happen together. For this reason, our code is peppered with `if` statements where both are checked... and a few others where we forget one or the other. These checks should be unified into a single method call, in order to avoid issues like the one described at thoughtbot#1861. This introduces a new method, called `accessible_action?`. The original methods should still exist, as they do have their uses individually. The new method will delegate to the existing ones. We also rename the two existing methods to something that will make their intent clear: * `valid_action?` becomes `existing_action?` * `show_action?` becomes `authorized_action?` In order to provide a clear upgrade path, the old names still exist and work, but they show a deprecation warning when used. They can be removed properly at a later version of Administrate.
This also fixes a typo in the associate spec.
Fixes thoughtbot#1978 This includes the namespace of the associated class. If the associated class is `System::Build`, the previous code would tell us that the name was `Build`. This code gets the right name.
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](SeleniumHQ/selenium@selenium-4.3.0...selenium-4.4.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [webmock](https://github.com/bblimke/webmock) from 3.17.0 to 3.17.1. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](bblimke/webmock@v3.17.0...v3.17.1) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pg](https://github.com/ged/ruby-pg) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/ged/ruby-pg/releases) - [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc) - [Commits](ged/ruby-pg@v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: pg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The template `app/views/fields/has_one/_show.html.erb` wasn't using the correct i18n key to translate the field names of the associated record. This PR includes a heavy revamp of `spec/administrate/views/fields/has_one/_show_spec.rb`, which needed some TLC in order to work with it. The diff for `lib/administrate/field/associative.rb` looks a bit misleading. The actual change is the definition of associated_class_name is now above the private declaration. Fixes thoughtbot#2185
Following the GitHub Actions pattern of having one check per service, rather than one big check for faster feedback. This also means we no longer need to bundle `bundler-audit`.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+7
to
+10
| [ | ||
| "name ILIKE ?", | ||
| "%#{search_term}%", | ||
| ], |
Check failure
Code scanning / CodeQL
SQL query built from user-controlled sources
Comment on lines
+13
to
+16
| [ | ||
| "customers.name ILIKE ?", | ||
| "%#{search_term}%", | ||
| ], |
Check failure
Code scanning / CodeQL
SQL query built from user-controlled sources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TODO in app:
valid_action?=>accessible_action?show_action?=>accessible_action?paginate resources, param_name: '_page'=>render("pagination", resources: resources)