diff --git a/Gemfile b/Gemfile index 54a31e85fc..1951b756be 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ ruby '~> 2.7.5' gem 'actionpack-xml_parser', '~> 2.0.0' gem 'activemodel-serializers-xml', '~> 1.0.1' -gem 'activerecord-import', '~> 1.2.0' +gem 'activerecord-import', '~> 1.3.0' gem 'activerecord-session_store', '~> 2.0.0' gem 'rails', '~> 6.1.4' gem 'responders', '~> 3.0' @@ -83,7 +83,7 @@ gem 'deckar01-task_list', '~> 2.3.1' # Requires escape-utils for faster escaping gem 'escape_utils', '~> 1.0' # Syntax highlighting used in html-pipeline with rouge -gem 'rouge', '~> 3.26.0' +gem 'rouge', '~> 3.27.0' # HTML sanitization used for html-pipeline gem 'sanitize', '~> 6.0.0' # HTML autolinking for mails and urls (replaces autolink) @@ -155,18 +155,18 @@ gem 'meta-tags', '~> 2.16.0' group :production do # we use dalli as standard memcache client # requires memcached 1.4+ - gem 'dalli', '~> 3.1.0' + gem 'dalli', '~> 3.2.0' end gem 'i18n-js', '~> 3.9.0' -gem 'rails-i18n', '~> 6.0.0' +gem 'rails-i18n', '~> 7.0.0' gem 'sprockets', '~> 3.7.0' gem 'puma', '~> 5.5' gem 'rack-timeout', '~> 0.6.0', require: "rack/timeout/base" gem 'puma-plugin-statsd', '~> 2.0' -gem 'nokogiri', '~> 1.12.5' +gem 'nokogiri', '~> 1.13.0' gem 'carrierwave', '~> 1.3.1' gem 'carrierwave_direct', '~> 2.1.0' @@ -280,7 +280,7 @@ group :development, :test do gem 'pry-stack_explorer', '~> 0.6.0' # Brakeman scanner - gem 'brakeman', '~> 5.1.0' + gem 'brakeman', '~> 5.2.0' gem 'danger-brakeman' end diff --git a/Gemfile.lock b/Gemfile.lock index 27b0088c99..6ec003ae99 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -159,7 +159,7 @@ PATH remote: modules/two_factor_authentication specs: openproject-two_factor_authentication (1.0.0) - aws-sdk-sns (~> 1.49.0) + aws-sdk-sns (~> 1.50.0) messagebird-rest (~> 1.4.2) rotp (~> 6.1) @@ -231,8 +231,8 @@ GEM activerecord (6.1.4.4) activemodel (= 6.1.4.4) activesupport (= 6.1.4.4) - activerecord-import (1.2.0) - activerecord (>= 3.2) + activerecord-import (1.3.0) + activerecord (>= 4.2) activerecord-nulldb-adapter (0.8.0) activerecord (>= 5.2.0, < 7.1) activerecord-session_store (2.0.0) @@ -273,21 +273,21 @@ GEM awesome_nested_set (3.4.0) activerecord (>= 4.0.0, < 7.0) aws-eventstream (1.2.0) - aws-partitions (1.543.0) - aws-sdk-core (3.125.0) + aws-partitions (1.546.0) + aws-sdk-core (3.125.1) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.52.0) - aws-sdk-core (~> 3, >= 3.122.0) + aws-sdk-kms (1.53.0) + aws-sdk-core (~> 3, >= 3.125.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.109.0) - aws-sdk-core (~> 3, >= 3.122.0) + aws-sdk-s3 (1.111.1) + aws-sdk-core (~> 3, >= 3.125.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sdk-sns (1.49.0) - aws-sdk-core (~> 3, >= 3.122.0) + aws-sdk-sns (1.50.0) + aws-sdk-core (~> 3, >= 3.125.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) @@ -297,7 +297,7 @@ GEM debug_inspector (>= 0.0.1) bootsnap (1.9.3) msgpack (~> 1.0) - brakeman (5.1.2) + brakeman (5.2.0) browser (5.3.1) builder (3.2.4) byebug (11.1.3) @@ -351,7 +351,7 @@ GEM rexml crass (1.0.6) daemons (1.4.1) - dalli (3.1.5) + dalli (3.2.0) danger (8.4.2) claide (~> 1.0) claide-plugins (>= 0.9.2) @@ -393,7 +393,7 @@ GEM delayed_job_active_record (4.1.6) activerecord (>= 3.0, < 6.2) delayed_job (>= 3.0, < 5) - diff-lcs (1.4.4) + diff-lcs (1.5.0) disposable (0.6.2) declarative (>= 0.0.9, < 1.0.0) representable (>= 3.1.1, < 3.2.0) @@ -451,16 +451,17 @@ GEM railties (>= 5.0.0) faker (2.19.0) i18n (>= 1.6, < 2) - faraday (1.8.0) + faraday (1.9.3) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) + faraday-net_http_persistent (~> 1.0) faraday-patron (~> 1.0) faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday-retry (~> 1.0) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) @@ -468,11 +469,14 @@ GEM faraday-http-cache (2.2.0) faraday (>= 0.8) faraday-httpclient (1.0.1) + faraday-multipart (1.0.2) + multipart-post (>= 1.2, < 3) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) - fastimage (2.2.5) + faraday-retry (1.0.3) + fastimage (2.2.6) ffi (1.15.4) flamegraph (0.9.5) fog-aws (3.12.0) @@ -500,7 +504,7 @@ GEM fuubar (2.5.1) rspec-core (~> 3.0) ruby-progressbar (~> 1.4) - git (1.9.1) + git (1.10.2) rchardet (~> 1.8) globalid (1.0.0) activesupport (>= 5.0) @@ -509,7 +513,7 @@ GEM i18n (>= 0.7) multi_json request_store (>= 1.0) - grape (1.6.0) + grape (1.6.2) activesupport builder dry-types (>= 1.1) @@ -598,10 +602,10 @@ GEM method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.1115) + mime-types-data (3.2022.0105) mini_magick (4.11.0) mini_mime (1.1.2) - mini_portile2 (2.6.1) + mini_portile2 (2.7.1) minisyntax (0.2.5) minitest (5.15.0) msgpack (1.4.2) @@ -616,13 +620,13 @@ GEM netrc (0.11.0) nio4r (2.5.8) no_proxy_fix (0.1.2) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.13.0) + mini_portile2 (~> 2.7.0) racc (~> 1.4) octokit (4.21.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) - oj (3.13.10) + oj (3.13.11) okcomputer (1.18.4) omniauth-saml (1.10.3) omniauth (~> 1.3, >= 1.3.2) @@ -643,12 +647,12 @@ GEM parallel (1.21.0) parallel_tests (3.7.3) parallel - parser (3.0.3.2) + parser (3.1.0.0) ast (~> 2.4.1) pdf-core (0.9.0) pdf-inspector (1.3.0) pdf-reader (>= 1.0, < 3.0.a) - pdf-reader (2.6.0) + pdf-reader (2.8.0) Ascii85 (~> 1.0) afm (~> 0.2.1) hashery (~> 2.0) @@ -683,6 +687,8 @@ GEM pry-stack_explorer (0.6.1) binding_of_caller (~> 1.0) pry (~> 0.13) + psych (4.0.3) + stringio public_suffix (4.0.6) puffing-billy (2.4.1) addressable (~> 2.5) @@ -745,9 +751,9 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - rails-i18n (6.0.0) + rails-i18n (7.0.1) i18n (>= 0.7, < 2) - railties (>= 6.0.0, < 7) + railties (>= 6.0.0, < 8) railties (6.1.4.4) actionpack (= 6.1.4.4) activesupport (= 6.1.4.4) @@ -761,7 +767,8 @@ GEM ffi (~> 1.0) rbtree3 (0.6.0) rchardet (1.8.0) - rdoc (6.3.3) + rdoc (6.4.0) + psych (>= 4.0.0) recaptcha (5.8.1) json redcarpet (3.5.1) @@ -786,7 +793,7 @@ GEM roar (1.1.1) representable (~> 3.0) rotp (6.2.0) - rouge (3.26.1) + rouge (3.27.0) rspec (3.10.0) rspec-core (~> 3.10.0) rspec-expectations (~> 3.10.0) @@ -810,22 +817,22 @@ GEM rspec-retry (0.6.2) rspec-core (> 3.3) rspec-support (3.10.3) - rubocop (1.23.0) + rubocop (1.24.1) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.12.0, < 2.0) + rubocop-ast (>= 1.15.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.15.0) + rubocop-ast (1.15.1) parser (>= 3.0.1.1) - rubocop-rails (2.12.4) + rubocop-rails (2.13.0) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.6.0) + rubocop-rspec (2.7.0) rubocop (~> 1.19) ruby-duration (3.2.3) activesupport (>= 3.0.0) @@ -839,9 +846,9 @@ GEM nokogiri (>= 1.10.5) rexml ruby2_keywords (0.0.5) - rubytree (1.0.0) - json (~> 2.1) - structured_warnings (~> 0.3) + rubytree (1.0.2) + json (~> 2.6.1) + structured_warnings (~> 0.4.0) rubyzip (2.3.2) sanitize (6.0.0) crass (~> 1.0.2) @@ -863,21 +870,21 @@ GEM rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2) semantic (1.6.1) - sentry-delayed_job (4.8.1) + sentry-delayed_job (4.8.3) delayed_job (>= 4.0) - sentry-ruby-core (~> 4.8.1) - sentry-rails (4.8.1) + sentry-ruby-core (~> 4.8.3) + sentry-rails (4.8.3) railties (>= 5.0) - sentry-ruby-core (~> 4.8.1) - sentry-ruby (4.8.1) + sentry-ruby-core (~> 4.8.3) + sentry-ruby (4.8.3) concurrent-ruby (~> 1.0, >= 1.0.2) - faraday (>= 1.0) - sentry-ruby-core (= 4.8.1) - sentry-ruby-core (4.8.1) + faraday (~> 1.0) + sentry-ruby-core (= 4.8.3) + sentry-ruby-core (4.8.3) concurrent-ruby faraday shoulda-context (2.0.0) - shoulda-matchers (5.0.0) + shoulda-matchers (5.1.0) activesupport (>= 5.2.0) spreadsheet (1.3.0) ruby-ole @@ -894,6 +901,7 @@ GEM ssrf_filter (1.0.7) stackprof (0.2.17) stringex (2.8.5) + stringio (3.0.1) structured_warnings (0.4.0) svg-graph (2.2.1) swd (1.3.0) @@ -907,7 +915,7 @@ GEM terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) test-prof (1.0.7) - thor (1.1.0) + thor (1.2.1) tilt (2.0.10) timecop (0.9.4) trailblazer-option (0.1.2) @@ -953,7 +961,7 @@ GEM activerecord (>= 4.2) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.5.1) + zeitwerk (2.5.3) PLATFORMS ruby @@ -961,7 +969,7 @@ PLATFORMS DEPENDENCIES actionpack-xml_parser (~> 2.0.0) activemodel-serializers-xml (~> 1.0.1) - activerecord-import (~> 1.2.0) + activerecord-import (~> 1.3.0) activerecord-nulldb-adapter (~> 0.8.0) activerecord-session_store (~> 2.0.0) acts_as_list (~> 1.0.1) @@ -974,7 +982,7 @@ DEPENDENCIES aws-sdk-s3 (~> 1.91) bcrypt (~> 3.1.6) bootsnap (~> 1.9.1) - brakeman (~> 5.1.0) + brakeman (~> 5.2.0) browser (~> 5.3.0) budgets! capybara (~> 3.36.0) @@ -987,7 +995,7 @@ DEPENDENCIES compare-xml (~> 0.66) costs! daemons - dalli (~> 3.1.0) + dalli (~> 3.2.0) danger-brakeman dashboards! database_cleaner (~> 2.0) @@ -1027,7 +1035,7 @@ DEPENDENCIES multi_json (~> 1.15.0) my_page! net-ldap (~> 0.17.0) - nokogiri (~> 1.12.5) + nokogiri (~> 1.13.0) oj (~> 3.13.0) okcomputer (~> 1.18.1) omniauth! @@ -1077,7 +1085,7 @@ DEPENDENCIES rack_session_access rails (~> 6.1.4) rails-controller-testing (~> 1.0.2) - rails-i18n (~> 6.0.0) + rails-i18n (~> 7.0.0) rdoc (>= 2.4.2) request_store (~> 1.5.0) responders (~> 3.0) @@ -1085,7 +1093,7 @@ DEPENDENCIES retriable (~> 3.1.1) rinku (~> 2.0.4) roar (~> 1.1.0) - rouge (~> 3.26.0) + rouge (~> 3.27.0) rspec (~> 3.10.0) rspec-rails (~> 5.0.0) rspec-retry (~> 0.6.1) diff --git a/app/models/custom_actions/actions/serializer.rb b/app/models/custom_actions/actions/serializer.rb index 3a2d678c45..680d7ca2ff 100644 --- a/app/models/custom_actions/actions/serializer.rb +++ b/app/models/custom_actions/actions/serializer.rb @@ -33,7 +33,7 @@ class CustomActions::Actions::Serializer return [] unless value YAML - .safe_load(value, [Symbol]) + .safe_load(value, permitted_classes: [Symbol]) .map do |key, values| klass = nil diff --git a/app/models/setting.rb b/app/models/setting.rb index 77883879c2..70d26ee827 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -149,7 +149,7 @@ class Setting < ApplicationRecord end def formatted_value(value) - return value unless value.present? + return value if value.blank? default = @@available_settings[name] @@ -314,7 +314,7 @@ class Setting < ApplicationRecord default = @@available_settings[name] if default['serialized'] && v.is_a?(String) - YAML::load(v) + YAML::safe_load(v, permitted_classes: [Symbol, ActiveSupport::HashWithIndifferentAccess, Date, Time]) elsif v.present? read_formatted_setting v, default["format"] else diff --git a/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec b/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec index 2ce558ea58..e24067131c 100644 --- a/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec +++ b/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec @@ -15,5 +15,5 @@ Gem::Specification.new do |s| s.add_dependency 'messagebird-rest', '~> 1.4.2' s.add_dependency 'rotp', '~> 6.1' - s.add_dependency 'aws-sdk-sns', '~> 1.49.0' + s.add_dependency 'aws-sdk-sns', '~> 1.50.0' end