Merge branch 'release/1.4.3'

Gemfile

@@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby "3.2.2"
 
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "~> 7.0.8"
+gem "rails", "~> 7.0.8.1"
 
 # Use postgresql as the database for Active Record
 gem "pg"
@@ -106,7 +106,7 @@ gem "data_migrate", "~> 8.0.0.rc2"
 # pagy for Pagination
 gem "pagy", "~> 5.10"
 
-gem "nokogiri", ">= 1.13.10"
+gem "nokogiri", ">= 1.16.2"
 
 # Manage application specific business logic. https://github.com/AaronLasseigne/active_interaction
 gem "active_interaction"
@@ -230,8 +230,8 @@ gem "sentry-ruby"
 # https://github.com/grosser/parallel_tests
 gem "parallel_tests", group: [:development, :test]
 
-# CROS: https://github.com/cyu/rack-cors
-gem "rack-cors"
+# CORS: https://github.com/cyu/rack-cors
+gem "rack-cors", "2.0.0"
 
 # Administrate dashboard
 gem "administrate"

Gemfile.lock

@@ -14,77 +14,77 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    actioncable (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailbox (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8)
-      actionpack (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailer (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      actionview (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.8)
-      actionview (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionpack (7.0.8.1)
+      actionview (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8)
-      actionpack (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    actiontext (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8)
-      activesupport (= 7.0.8)
+    actionview (7.0.8.1)
+      activesupport (= 7.0.8.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_interaction (5.2.0)
       activemodel (>= 5.2, < 8)
       activesupport (>= 5.2, < 8)
-    activejob (7.0.8)
-      activesupport (= 7.0.8)
+    activejob (7.0.8.1)
+      activesupport (= 7.0.8.1)
       globalid (>= 0.3.6)
-    activemodel (7.0.8)
-      activesupport (= 7.0.8)
-    activerecord (7.0.8)
-      activemodel (= 7.0.8)
-      activesupport (= 7.0.8)
+    activemodel (7.0.8.1)
+      activesupport (= 7.0.8.1)
+    activerecord (7.0.8.1)
+      activemodel (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
     activerecord-import (1.4.1)
       activerecord (>= 4.2)
-    activestorage (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activesupport (= 7.0.8)
+    activestorage (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.8)
+    activesupport (7.0.8.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.4)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
     administrate (0.18.0)
       actionpack (>= 5.0)
@@ -140,11 +140,11 @@ GEM
     bundler-audit (0.9.1)
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
-    capybara (3.39.2)
+    capybara (3.40.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
@@ -329,7 +329,7 @@ GEM
     memoist (0.16.2)
     method_source (1.0.0)
     mini_magick (4.12.0)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
     minitest (5.19.0)
     money (6.16.0)
       i18n (>= 0.6.4, <= 2)
@@ -348,11 +348,11 @@ GEM
       net-protocol
     newrelic_rpm (8.16.0)
     nio4r (2.5.9)
-    nokogiri (1.15.4-arm64-darwin)
+    nokogiri (1.16.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.15.4-x86_64-darwin)
+    nokogiri (1.16.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.15.4-x86_64-linux)
+    nokogiri (1.16.2-x86_64-linux)
       racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
@@ -386,15 +386,15 @@ GEM
     parser (3.2.0.0)
       ast (~> 2.4.1)
     pg (1.4.5)
-    public_suffix (5.0.3)
+    public_suffix (5.0.4)
     puma (6.4.2)
       nio4r (~> 2.0)
     pundit (2.3.0)
       activesupport (>= 3.0.0)
     raabro (1.4.0)
-    racc (1.7.1)
-    rack (2.2.8)
-    rack-cors (2.0.1)
+    racc (1.7.3)
+    rack (2.2.8.1)
+    rack-cors (2.0.0)
       rack (>= 2.0.0)
     rack-mini-profiler (3.0.0)
       rack (>= 1.2.0)
@@ -404,20 +404,20 @@ GEM
       rack
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8)
-      actioncable (= 7.0.8)
-      actionmailbox (= 7.0.8)
-      actionmailer (= 7.0.8)
-      actionpack (= 7.0.8)
-      actiontext (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activemodel (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    rails (7.0.8.1)
+      actioncable (= 7.0.8.1)
+      actionmailbox (= 7.0.8.1)
+      actionmailer (= 7.0.8.1)
+      actionpack (= 7.0.8.1)
+      actiontext (= 7.0.8.1)
+      actionview (= 7.0.8.1)
+      activejob (= 7.0.8.1)
+      activemodel (= 7.0.8.1)
+      activerecord (= 7.0.8.1)
+      activestorage (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       bundler (>= 1.15.0)
-      railties (= 7.0.8)
+      railties (= 7.0.8.1)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -429,9 +429,9 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    railties (7.0.8.1)
+      actionpack (= 7.0.8.1)
+      activesupport (= 7.0.8.1)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -451,7 +451,7 @@ GEM
     redis (4.8.0)
     redis-client (0.17.0)
       connection_pool
-    regexp_parser (2.8.1)
+    regexp_parser (2.9.0)
     reline (0.3.3)
       io-console (~> 0.5)
     representable (3.2.0)
@@ -664,17 +664,17 @@ DEPENDENCIES
   letter_opener_web
   money
   newrelic_rpm (~> 8.4)
-  nokogiri (>= 1.13.10)
+  nokogiri (>= 1.16.2)
   omniauth-google-oauth2 (~> 1.0)
   omniauth-rails_csrf_protection (~> 1.0)
   pagy (~> 5.10)
   parallel_tests
   pg
   puma (~> 6.4.2)
   pundit (~> 2.2)
-  rack-cors
+  rack-cors (= 2.0.0)
   rack-mini-profiler (>= 2.3.3)
-  rails (~> 7.0.8)
+  rails (~> 7.0.8.1)
   rails-controller-testing (~> 1.0, >= 1.0.5)
   ransack
   react-rails (= 2.6.2)

SECURITY.md

@@ -2,42 +2,60 @@
 
 ## Reporting a Security Vulnerability
 
-If you discover a security vulnerability in the Miru Web project, please follow these guidelines to report it responsibly:
+If you discover a security vulnerability in the Miru Web project, please follow
+these guidelines to report it responsibly:
 
-1. **Privately Notify the Maintainers:** To report a security issue, please contact the project maintainers privately by emailing [[email protected]](mailto:[email protected]). Do not disclose the issue publicly until it has been resolved.
+1. **Privately Notify the Maintainers:** To report a security issue, please
+   contact the project maintainers privately by emailing
+   [[email protected]](mailto:[email protected]). Do not disclose the issue
+   publicly until it has been resolved.
 
-2. **Provide Details:** When reporting the issue, please provide detailed information about the vulnerability, including:
-    - A clear description of the vulnerability.
-    - Steps to reproduce the vulnerability.
-    - Information about the affected versions of the project.
-    - Any additional context or details that might be helpful.
+2. **Provide Details:** When reporting the issue, please provide detailed
+   information about the vulnerability, including:
 
-3. **Do Not Share Exploits:** Do not publicly share any details of the vulnerability, including proof-of-concept exploits or other code that demonstrates the issue.
+   - A clear description of the vulnerability.
+   - Steps to reproduce the vulnerability.
+   - Information about the affected versions of the project.
+   - Any additional context or details that might be helpful.
 
-4. **Keep Communication Confidential:** Please keep all communication regarding the security issue confidential until the maintainers confirm that the issue has been resolved.
+3. **Do Not Share Exploits:** Do not publicly share any details of the
+   vulnerability, including proof-of-concept exploits or other code that
+   demonstrates the issue.
+
+4. **Keep Communication Confidential:** Please keep all communication regarding
+   the security issue confidential until the maintainers confirm that the issue
+   has been resolved.
 
 ## Vulnerability Handling Process
 
-Once a security vulnerability is reported, the project maintainers will follow these steps:
+Once a security vulnerability is reported, the project maintainers will follow
+these steps:
 
-1. **Initial Review:** The maintainers will review the report to confirm the vulnerability's validity and severity.
+1. **Initial Review:** The maintainers will review the report to confirm the
+   vulnerability's validity and severity.
 
-2. **Patch Development:** If the vulnerability is confirmed, the maintainers will work on developing a patch to address it.
+2. **Patch Development:** If the vulnerability is confirmed, the maintainers
+   will work on developing a patch to address it.
 
-3. **Testing and Validation:** The patch will be thoroughly tested to ensure that it resolves the vulnerability without introducing new issues.
+3. **Testing and Validation:** The patch will be thoroughly tested to ensure
+   that it resolves the vulnerability without introducing new issues.
 
-4. **Release:** A new version of the project containing the security fix will be released. The maintainers will notify the reporter when the fix is ready.
+4. **Release:** A new version of the project containing the security fix will be
+   released. The maintainers will notify the reporter when the fix is ready.
 
-5. **Public Disclosure:** After a fixed version is released, the security issue will be publicly disclosed, along with the details of the fix.
+5. **Public Disclosure:** After a fixed version is released, the security issue
+   will be publicly disclosed, along with the details of the fix.
 
 ## Supported Versions
 
 The project currently supports the following versions:
 
 - Version 0.20.0 (Latest Release)
 
-Security issues will be addressed in the latest supported version. If you are using an older version, it is recommended to upgrade to the latest release.
+Security issues will be addressed in the latest supported version. If you are
+using an older version, it is recommended to upgrade to the latest release.
 
 ## Contact
 
-If you have any questions or need further clarification on this security policy, please contact us at [[email protected]](mailto:[email protected]).
+If you have any questions or need further clarification on this security policy,
+please contact us at [[email protected]](mailto:[email protected]).

app/controllers/internal_api/v1/time_tracking_controller.rb

@@ -19,7 +19,8 @@ def index
       entries: data[:entries],
       holiday_infos: data[:holiday_infos],
       leave_types: data[:leave_types],
-      projects: data[:projects]
+      projects: data[:projects],
+      company: current_company
     }, status: :ok
   end
 

app/javascript/src/StyledComponents/Button.tsx

@@ -26,6 +26,8 @@ const TERNARY_DISABLED = "bg-transparent text-miru-dark-purple-200 border-0";
 const DASHED =
   "bg-white rounded border border-dashed border-miru-dark-purple-200 text-center text-base font-bold tracking-widest text-miru-dark-purple-200";
 
+const DELETE = "bg-miru-red-400 hover:bg-miru-red-200 text-white";
+
 const SMALL = "px-5/100 py-1vh text-xs font-bold leading-4";
 const MEDIUM = "px-10/100 py-1vh text-base font-bold leading-5";
 const LARGE = "px-15/100 py-1vh text-xl font-bold leading-7";
@@ -47,6 +49,7 @@ export const BUTTON_STYLES = {
   secondary: "secondary",
   ternary: "ternary",
   dashed: "dashed",
+  delete: "delete",
   calendarCell: "calendarCell",
 };
 const SIZES = { small: "small", medium: "medium", large: "large" };
@@ -80,6 +83,8 @@ const Button = ({
 
       style == BUTTON_STYLES.dashed && !disabled && DASHED,
 
+      style == BUTTON_STYLES.delete && !disabled && DELETE,
+
       style == BUTTON_STYLES.calendarCell && Calendar_Cell,
 
       size == SIZES.small && SMALL,