Skip to content
This repository was archived by the owner on Sep 29, 2023. It is now read-only.

Commit

Permalink
Merge pull request #5 from RepairShopr/gem-security
Browse files Browse the repository at this point in the history 
Gem security
  • Loading branch information
@stevenjonescgm
stevenjonescgm authored Feb 14, 2020
2 parents c7e91e0 + 6ec55eb commit 70a549a
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 119 deletions.
2 changes: 2 additions & 0 deletions .env
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# dotenv loads .env etc in Development and Test to manage secrets outside Production.
# override locals with .local files eg .env.local

#RSYN_HOST=lvh.me:3000
RSYN_HOST=ngrok.io

DATABASE_URL=postgresql://postgres:postgres@localhost:5432

Expand Down
14 changes: 7 additions & 7 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ gem 'dotenv-rails', require: 'dotenv/rails-now', groups: [:development, :test]


# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.2.10' # go to 5.1.6? pg_sequence bug is fixed in 5.1.4
ruby '2.1.5'
gem 'rails', '< 5.0' # go to 5.1.6? pg_sequence bug is fixed in 5.1.4
ruby '2.5.7'
gem 'pg', '~> 0.18.4'
gem 'oj', '~> 2.16.1'
gem 'oj', '~> 2.18.5'
gem 'rollbar', '~> 2.15.6'

group :development do
gem 'guard-livereload', '~> 2.4', require: false
gem 'rerun'
# gem 'guard-livereload', '~> 2.4', require: false # security
# gem 'rerun' # security
gem 'annotate'

# Access an IRB console on exception pages or by using <%= console %> in views
Expand All @@ -23,7 +23,7 @@ gem 'sinatra'
gem 'redis'
gem "bower-rails", "~> 0.9.2"

gem 'simple_form'
gem 'simple_form' # for security, ">= 5.0.0"
gem 'faraday'
gem 'sidekiq'
# gem 'sidekiq-unique-jobs', '~> 4.0.18'
Expand Down Expand Up @@ -62,5 +62,5 @@ group :development, :test do
gem 'pry-byebug'

# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem 'spring', '~> 1.7.2'
end
162 changes: 63 additions & 99 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,36 @@
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.2.10)
actionpack (= 4.2.10)
actionview (= 4.2.10)
activejob (= 4.2.10)
actionmailer (4.2.11.1)
actionpack (= 4.2.11.1)
actionview (= 4.2.11.1)
activejob (= 4.2.11.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.10)
actionview (= 4.2.10)
activesupport (= 4.2.10)
actionpack (4.2.11.1)
actionview (= 4.2.11.1)
activesupport (= 4.2.11.1)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.10)
activesupport (= 4.2.10)
actionview (4.2.11.1)
activesupport (= 4.2.11.1)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (4.2.10)
activesupport (= 4.2.10)
activejob (4.2.11.1)
activesupport (= 4.2.11.1)
globalid (>= 0.3.0)
activemodel (4.2.10)
activesupport (= 4.2.10)
activemodel (4.2.11.1)
activesupport (= 4.2.11.1)
builder (~> 3.1)
activerecord (4.2.10)
activemodel (= 4.2.10)
activesupport (= 4.2.10)
activerecord (4.2.11.1)
activemodel (= 4.2.11.1)
activesupport (= 4.2.11.1)
arel (~> 6.0)
activesupport (4.2.10)
activesupport (4.2.11.1)
i18n (~> 0.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
Expand All @@ -39,10 +39,10 @@ GEM
activerecord (>= 3.2, <= 4.3)
rake (~> 10.4)
arel (6.0.4)
binding_of_caller (0.7.3)
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
bower-rails (0.9.2)
builder (3.2.3)
builder (3.2.4)
byebug (4.0.5)
columnize (= 0.9.0)
celluloid (0.16.0)
Expand All @@ -56,42 +56,22 @@ GEM
execjs
coffee-script-source (1.9.1.1)
columnize (0.9.0)
concurrent-ruby (1.0.5)
concurrent-ruby (1.1.6)
connection_pool (2.1.1)
crass (1.0.4)
crass (1.0.6)
debug_inspector (0.0.3)
dotenv (2.4.0)
dotenv-rails (2.4.0)
dotenv (= 2.4.0)
railties (>= 3.2, < 6.0)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
erubis (2.7.0)
eventmachine (1.0.7)
execjs (2.5.2)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
ffi (1.9.8)
formatador (0.2.5)
globalid (0.4.1)
globalid (0.4.2)
activesupport (>= 4.2.0)
guard (2.12.5)
formatador (>= 0.2.4)
listen (~> 2.7)
lumberjack (~> 1.0)
nenv (~> 0.1)
notiffany (~> 0.0)
pry (>= 0.9.12)
shellany (~> 0.0)
thor (>= 0.18.1)
guard-livereload (2.4.0)
em-websocket (~> 0.5)
guard (~> 2.8)
multi_json (~> 1.8)
hitimes (1.2.2)
http_parser.rb (0.6.0)
i18n (0.9.1)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
jbuilder (2.2.13)
activesupport (>= 3.0.0, < 5)
Expand All @@ -101,29 +81,21 @@ GEM
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (1.8.6)
listen (2.10.0)
celluloid (~> 0.16.0)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
loofah (2.2.2)
loofah (2.4.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
lumberjack (1.0.9)
mail (2.7.0)
mail (2.7.1)
mini_mime (>= 0.1.1)
method_source (0.8.2)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
minitest (5.10.3)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.0)
multi_json (1.11.0)
multipart-post (2.0.0)
nenv (0.2.0)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
notiffany (0.0.6)
nenv (~> 0.1)
shellany (~> 0.0)
oj (2.16.1)
nio4r (2.5.2)
nokogiri (1.10.8)
mini_portile2 (~> 2.4.0)
oj (2.18.5)
pg (0.18.4)
pry (0.10.1)
coderay (~> 1.1.0)
Expand All @@ -132,48 +104,43 @@ GEM
pry-byebug (3.1.0)
byebug (~> 4.0)
pry (~> 0.10)
puma (2.11.1)
rack (>= 1.1, < 2.0)
rack (1.6.10)
puma (4.3.1)
nio4r (~> 2.0)
rack (1.6.13)
rack-protection (1.5.5)
rack
rack-test (0.6.3)
rack (>= 1.0)
rails (4.2.10)
actionmailer (= 4.2.10)
actionpack (= 4.2.10)
actionview (= 4.2.10)
activejob (= 4.2.10)
activemodel (= 4.2.10)
activerecord (= 4.2.10)
activesupport (= 4.2.10)
rails (4.2.11.1)
actionmailer (= 4.2.11.1)
actionpack (= 4.2.11.1)
actionview (= 4.2.11.1)
activejob (= 4.2.11.1)
activemodel (= 4.2.11.1)
activerecord (= 4.2.11.1)
activesupport (= 4.2.11.1)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.10)
railties (= 4.2.11.1)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.8)
activesupport (>= 4.2.0.beta, < 5.0)
rails-dom-testing (1.0.9)
activesupport (>= 4.2.0, < 5.0)
nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (4.2.10)
actionpack (= 4.2.10)
activesupport (= 4.2.10)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (4.2.11.1)
actionpack (= 4.2.11.1)
activesupport (= 4.2.11.1)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (10.5.0)
rb-fsevent (0.9.4)
rb-inotify (0.9.5)
ffi (>= 0.5.0)
rdoc (4.2.0)
json (~> 1.4)
redis (3.2.1)
redis-namespace (1.5.1)
redis (~> 3.0, >= 3.0.4)
rerun (0.10.0)
listen (~> 2.7, >= 2.7.3)
rollbar (2.15.6)
multi_json
sass (3.4.13)
Expand All @@ -186,35 +153,34 @@ GEM
sdoc (0.4.1)
json (~> 1.7, >= 1.7.7)
rdoc (~> 4.0)
shellany (0.0.1)
sidekiq (3.1.4)
celluloid (>= 0.15.2)
connection_pool (>= 2.0.0)
json
redis (>= 3.0.6)
redis-namespace (>= 1.3.1)
simple_form (3.1.0)
actionpack (~> 4.0)
activemodel (~> 4.0)
simple_form (4.0.0)
actionpack (> 4)
activemodel (> 4)
sinatra (1.4.7)
rack (~> 1.5)
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
slop (3.6.0)
spring (1.3.6)
sprockets (3.7.1)
spring (1.7.2)
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
thor (0.20.0)
thor (1.0.1)
thread_safe (0.3.6)
tilt (1.4.1)
timers (4.0.1)
hitimes
tzinfo (1.2.4)
tzinfo (1.2.6)
thread_safe (~> 0.1)
uglifier (2.7.1)
execjs (>= 0.3.0)
Expand All @@ -235,29 +201,27 @@ DEPENDENCIES
coffee-rails (~> 4.1.0)
dotenv-rails
faraday
guard-livereload (~> 2.4)
jbuilder (~> 2.0)
jquery-rails
oj (~> 2.16.1)
oj (~> 2.18.5)
pg (~> 0.18.4)
pry
pry-byebug
puma
rails (= 4.2.10)
rails (< 5.0)
redis
rerun
rollbar (~> 2.15.6)
sass-rails (~> 5.0)
sdoc (~> 0.4.0)
sidekiq
simple_form
sinatra
spring
spring (~> 1.7.2)
uglifier (>= 1.3.0)
web-console (~> 2.0)

RUBY VERSION
ruby 2.1.5p273
ruby 2.5.7p206

BUNDLED WITH
1.16.1
1.17.3
2 changes: 1 addition & 1 deletion app/views/imports/show.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<hr>
<!--######################### RESOURCE TYPE DROPDOWN #########################-->

<%= simple_form_for @import, url: import_path(@import.uuid) do |f| %>
<%= simple_form_for @import, url: import_path(@import.uuid), html: { id: 'edit_import_resource' } do |f| %>
<%= f.input :resource_type, as: :select, collection: Import::RESOURCE_COLLECTION %>
<% end %>
<script>
Expand Down
14 changes: 11 additions & 3 deletions bin/rails
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
#!/usr/bin/env ruby
begin
load File.expand_path('../spring', __FILE__)
rescue LoadError => e
raise unless e.message.include?('spring')
end
begin
load File.expand_path("../spring", __FILE__)
rescue LoadError
rescue LoadError => e
raise unless e.message.include?('spring')
end
APP_PATH = File.expand_path('../../config/application', __FILE__)
require_relative '../config/boot'
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application', __FILE__)
require File.expand_path('../../config/boot', __FILE__)
require 'rails/commands'
5 changes: 3 additions & 2 deletions bin/rake
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
#!/usr/bin/env ruby
begin
load File.expand_path("../spring", __FILE__)
rescue LoadError
load File.expand_path('../spring', __FILE__)
rescue LoadError => e
raise unless e.message.include?('spring')
end
require_relative '../config/boot'
require 'rake'
Expand Down
Loading

0 comments on commit 70a549a

Please sign in to comment.