From 2b89273bd84c04529f4b2e3a2de5a3bd7bc4dfbf Mon Sep 17 00:00:00 2001 From: Chris Kruger Date: Sat, 7 Aug 2021 08:32:35 +0800 Subject: [PATCH 1/3] rails 6 support --- app/assets/stylesheets/lines/application.scss | 2 +- app/controllers/lines/admin/articles_controller.rb | 8 ++++---- app/controllers/lines/admin/authors_controller.rb | 2 +- app/controllers/lines/admin/pictures_controller.rb | 2 +- app/controllers/lines/password_resets_controller.rb | 4 ++-- app/models/lines/article.rb | 4 ++-- lib/lines/version.rb | 2 +- lines.gemspec | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/app/assets/stylesheets/lines/application.scss b/app/assets/stylesheets/lines/application.scss index 80a36285..44231f94 100644 --- a/app/assets/stylesheets/lines/application.scss +++ b/app/assets/stylesheets/lines/application.scss @@ -1,4 +1,4 @@ -@import 'pygments.css'; +@import 'pygments'; @import 'fonts'; @import 'variables_and_mixins'; @import 'navbar'; diff --git a/app/controllers/lines/admin/articles_controller.rb b/app/controllers/lines/admin/articles_controller.rb index 957f72f8..e0c69598 100644 --- a/app/controllers/lines/admin/articles_controller.rb +++ b/app/controllers/lines/admin/articles_controller.rb @@ -80,7 +80,7 @@ def update end respond_to do |format| - if @article.update_attributes(article_params) + if @article.update(article_params) ActionController::Base.new.expire_fragment(@article) format.html { redirect_to admin_article_path(@article) } else @@ -102,7 +102,7 @@ def destroy # Toggles published state of an article def toggle_publish @article = Article.friendly.find(params[:article_id]) - @article.update_attributes(published: !@article.published) + @article.update(published: !@article.published) flash[:success] = "“#{@article.title}” has been #{'un' if !@article.published}published." redirect_to admin_articles_url end @@ -113,10 +113,10 @@ def toggle_feature old_featured = Article.where(featured: true) if old_featured.size > 0 old_featured.each do |article| - article.update_attributes(featured: false) + article.update(featured: false) end end - @article.update_attributes(featured: !@article.featured) + @article.update(featured: !@article.featured) redirect_to admin_articles_url end diff --git a/app/controllers/lines/admin/authors_controller.rb b/app/controllers/lines/admin/authors_controller.rb index 719fc33d..3bea1347 100644 --- a/app/controllers/lines/admin/authors_controller.rb +++ b/app/controllers/lines/admin/authors_controller.rb @@ -41,7 +41,7 @@ def create def update @author = Lines::Author.find(params[:id]) - if @author.update_attributes(author_params) + if @author.update(author_params) redirect_to admin_author_path(@author) else render action: "edit" diff --git a/app/controllers/lines/admin/pictures_controller.rb b/app/controllers/lines/admin/pictures_controller.rb index 1f9eb4d6..29ba6b16 100644 --- a/app/controllers/lines/admin/pictures_controller.rb +++ b/app/controllers/lines/admin/pictures_controller.rb @@ -14,7 +14,7 @@ def update @picture = Lines::Picture.find(params[:id]) respond_to do |format| - if @picture.update_attributes(picture_params[:picture]) + if @picture.update(picture_params[:picture]) format.html { redirect_to @picture } else format.html { render action: "edit" } diff --git a/app/controllers/lines/password_resets_controller.rb b/app/controllers/lines/password_resets_controller.rb index 9ed4fa89..31d64813 100644 --- a/app/controllers/lines/password_resets_controller.rb +++ b/app/controllers/lines/password_resets_controller.rb @@ -31,9 +31,9 @@ def update elsif wrong_password_confirmation? flash.now[:error] = "Password confirmation does not match." render 'edit' - elsif @user.update_attributes(user_params) + elsif @user.update(user_params) # deletr reset_digest and reset_sent_at - @user.update_attributes(reset_digest: nil, reset_sent_at: nil) + @user.update(reset_digest: nil, reset_sent_at: nil) flash[:success] = "Password has been reset. You can now log in with the new password." redirect_to new_session_path else diff --git a/app/models/lines/article.rb b/app/models/lines/article.rb index 655f0935..e568c6d0 100644 --- a/app/models/lines/article.rb +++ b/app/models/lines/article.rb @@ -85,7 +85,7 @@ def update_used_images image_ids = self.used_images if !image_ids.nil? Picture.where(id: image_ids).each do |picture| - picture.update_attributes(article_id: self.id) + picture.update(article_id: self.id) end end end @@ -124,4 +124,4 @@ def absolute_url_for(image) end end -end \ No newline at end of file +end diff --git a/lib/lines/version.rb b/lib/lines/version.rb index 6b0e9696..61177e61 100644 --- a/lib/lines/version.rb +++ b/lib/lines/version.rb @@ -1,3 +1,3 @@ module Lines - VERSION = "1.2.6.1" + VERSION = "1.2.7.0" end diff --git a/lines.gemspec b/lines.gemspec index e75be1d6..4929ff74 100644 --- a/lines.gemspec +++ b/lines.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency 'orm_adapter', '>= 0.5' s.add_runtime_dependency 'thread_safe', '>= 0.3' - s.add_runtime_dependency 'railties', '>= 3.2.6', '< 6' + s.add_runtime_dependency 'railties', '>= 3.2.6', '< 7' s.add_runtime_dependency 'rmagick', '>= 2.13.4' s.add_runtime_dependency 'thor', '>= 0.19' s.add_runtime_dependency 'carrierwave', '>= 0.10.0' @@ -42,7 +42,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency 'meta-tags', '>= 2.0.0' s.add_runtime_dependency 'i18n', '>= 0.7.0' s.add_runtime_dependency 'sprockets-rails', '< 4' - s.add_runtime_dependency 'rails', ['>= 3', '< 6'] + s.add_runtime_dependency 'rails', ['>= 3', '< 7'] s.add_development_dependency 'mysql2' s.add_development_dependency 'rspec-rails', '~> 2.14.2', '< 3' From 35b62e97b4fd4e99c671f0cd926210bd2acaf4cc Mon Sep 17 00:00:00 2001 From: Chris Kruger Date: Sat, 7 Aug 2021 08:35:36 +0800 Subject: [PATCH 2/3] fix update user example --- README.rdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rdoc b/README.rdoc index b103eae6..005a420f 100644 --- a/README.rdoc +++ b/README.rdoc @@ -72,7 +72,7 @@ To update an existing user, you’ll need the rails console with 'rails c' === UPDATE an existing user - u = User.find_by_email('your@email.com') + u = Lines::User.find_by(email: 'your@email.com') u.email = "new@mail.com" u.password = "newsekret" u.save From 5daf8dc9e5f9177fc9bd1b96b8d6ed93aec16073 Mon Sep 17 00:00:00 2001 From: Chris Kruger Date: Mon, 9 Aug 2021 20:53:01 +0800 Subject: [PATCH 3/3] address a bunch of CVE --- Gemfile.lock | 130 +++++++++++++++++++++++++-------------------------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index febf778f..4450abcf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - lines-engine (1.2.6.1) + lines-engine (1.2.7.0) acts-as-taggable-on (>= 3.5) bcrypt (~> 3.1.0, >= 3.1.0) carrierwave (>= 0.10.0) @@ -15,9 +15,9 @@ PATH meta-tags (>= 2.0.0) orm_adapter (>= 0.5) pygments.rb (>= 0.6.0) - rails (>= 3, < 6) + rails (>= 3, < 7) rails3-jquery-autocomplete (>= 1.0.11) - railties (>= 3.2.6, < 6) + railties (>= 3.2.6, < 7) redcarpet (>= 3.3.3) rmagick (>= 2.13.4) sanitize (>= 4.4.0) @@ -31,50 +31,50 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.4.4) - actionpack (= 5.2.4.4) + actioncable (5.2.6) + actionpack (= 5.2.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) + actionmailer (5.2.6) + actionpack (= 5.2.6) + actionview (= 5.2.6) + activejob (= 5.2.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.6) + actionview (= 5.2.6) + activesupport (= 5.2.6) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.6) + activesupport (= 5.2.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.4) - activesupport (= 5.2.4.4) + activejob (5.2.6) + activesupport (= 5.2.6) globalid (>= 0.3.6) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.6) + activesupport (= 5.2.6) + activerecord (5.2.6) + activemodel (= 5.2.6) + activesupport (= 5.2.6) arel (>= 9.0) - activestorage (5.2.4.4) - actionpack (= 5.2.4.4) - activerecord (= 5.2.4.4) - marcel (~> 0.3.1) - activesupport (5.2.4.4) + activestorage (5.2.6) + actionpack (= 5.2.6) + activerecord (= 5.2.6) + marcel (~> 1.0.0) + activesupport (5.2.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - acts-as-taggable-on (7.0.0) + acts-as-taggable-on (8.1.0) activerecord (>= 5.0, < 6.2) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) airbrussh (1.4.0) sshkit (>= 1.6.1, != 1.7.0) @@ -96,13 +96,14 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - carrierwave (2.1.0) + carrierwave (2.2.2) activemodel (>= 5.0.0) activesupport (>= 5.0.0) addressable (~> 2.6) image_processing (~> 1.1) - mimemagic (>= 0.3.0) + marcel (~> 1.0.0) mini_mime (>= 0.1.3) + ssrf_filter (~> 1.0) coderay (1.1.3) coffee-rails (5.0.0) coffee-script (>= 2.2.0) @@ -111,7 +112,7 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crass (1.0.6) diff-lcs (1.4.4) erubi (1.10.0) @@ -127,8 +128,8 @@ GEM formatador (0.2.5) friendly_id (5.4.2) activerecord (>= 4.0.0) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (0.5.2) + activesupport (>= 5.0) guard (2.16.2) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) @@ -141,7 +142,7 @@ GEM guard-rspec (4.2.0) guard (>= 2.1.1) rspec (>= 2.14, < 4.0) - i18n (1.8.8) + i18n (1.8.10) concurrent-ruby (~> 1.0) image_processing (1.12.1) mini_magick (>= 4.9.5, < 5) @@ -173,32 +174,30 @@ GEM listen (3.4.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.9.0) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.2.8) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - meta-tags (2.14.0) + marcel (1.0.1) + meta-tags (2.15.0) actionpack (>= 3.2.0, < 6.2) method_source (1.0.0) - mimemagic (0.3.5) mini_magick (4.11.0) - mini_mime (1.0.2) - mini_portile2 (2.5.0) - minitest (5.14.3) + mini_mime (1.0.3) + mini_portile2 (2.5.3) + minitest (5.14.4) mysql2 (0.5.3) nenv (0.3.0) net-scp (3.0.0) net-ssh (>= 2.6.5, < 7.0.0) net-ssh (6.1.0) - nio4r (2.5.4) - nokogiri (1.11.1) + nio4r (2.5.8) + nokogiri (1.11.7) mini_portile2 (~> 2.5.0) racc (~> 1.4) - nokogumbo (2.0.4) + nokogumbo (2.0.5) nokogiri (~> 1.8, >= 1.8.4) notiffany (0.1.3) nenv (~> 0.1) @@ -208,24 +207,24 @@ GEM coderay (~> 1.1) method_source (~> 1.0) public_suffix (4.0.6) - pygments.rb (2.0.0) + pygments.rb (2.2.0) racc (1.5.2) rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) railroady (1.5.3) - rails (5.2.4.4) - actioncable (= 5.2.4.4) - actionmailer (= 5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) - activemodel (= 5.2.4.4) - activerecord (= 5.2.4.4) - activestorage (= 5.2.4.4) - activesupport (= 5.2.4.4) + rails (5.2.6) + actioncable (= 5.2.6) + actionmailer (= 5.2.6) + actionpack (= 5.2.6) + actionview (= 5.2.6) + activejob (= 5.2.6) + activemodel (= 5.2.6) + activerecord (= 5.2.6) + activestorage (= 5.2.6) + activesupport (= 5.2.6) bundler (>= 1.3.0) - railties (= 5.2.4.4) + railties (= 5.2.6) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -234,19 +233,19 @@ GEM loofah (~> 2.3) rails3-jquery-autocomplete (1.0.15) rails (>= 3.2) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + railties (5.2.6) + actionpack (= 5.2.6) + activesupport (= 5.2.6) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) - rake (13.0.3) + rake (13.0.6) rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) redcarpet (3.5.1) regexp_parser (2.0.3) - rmagick (4.1.2) + rmagick (4.2.2) rspec (2.14.1) rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) @@ -263,8 +262,8 @@ GEM rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) - ruby-vips (2.0.17) - ffi (~> 1.9) + ruby-vips (2.1.2) + ffi (~> 1.12) sanitize (5.2.3) crass (~> 1.0.2) nokogiri (>= 1.8.0) @@ -294,6 +293,7 @@ GEM sshkit (1.21.2) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) + ssrf_filter (1.0.7) thor (1.1.0) thread_safe (0.3.6) tilt (2.0.10) @@ -301,7 +301,7 @@ GEM thread_safe (~> 0.1) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0)