Peter Bhat Harkins
6fa449cc91
bump for cve
2020-06-07 14:36:52 -05:00
Peter Bhat Harkins
77c483fe64
rm scout
2020-06-02 22:05:40 -05:00
Peter Bhat Harkins
dba2d722d6
bump puma
2020-05-31 22:22:43 -05:00
Peter Bhat Harkins
b5f3ed8de5
pin old sprockets
...
As is traditional for every Rails point release, the asset pipeline broke in a
new and obtuse way. In this case, by hanging puma indefinitely after serving
any page, requiring a kill -9. Pinning an old version; I'll burn 20 hours
unfucking whatever new wrong thing it's doing later.
The asset pipeline is nine years old.
2020-05-19 18:22:52 -05:00
Peter Bhat Harkins
87f2404c08
Ruby 2.7 and bundle update
2020-05-18 23:20:03 -05:00
Peter Bhat Harkins
2d374f01d0
match ruby version for byebug
2020-05-18 19:44:46 -05:00
Peter Bhat Harkins
0105930afa
bump rails; rubocop cleanup
2020-05-18 19:28:26 -05:00
Peter Bhat Harkins
e2ea9decb2
noreferrer
2020-05-16 14:44:25 -05:00
Peter Bhat Harkins
f09aba2ad8
bump rails
2020-05-16 09:13:44 -05:00
Peter Bhat Harkins
789ccf0724
bump rails to 5.2.4.2
2020-05-05 21:20:17 -05:00
Peter Bhat Harkins
8a46f78cf6
bump for DOS CVE
2020-03-02 20:37:21 -06:00
Peter Bhat Harkins
5f50c79a20
PDF parsing support for fetch title
...
Merge #707
2020-03-02 20:34:45 -06:00
Peter Bhat Harkins
9b4382a21d
bump rubocop
2020-02-10 06:50:41 -06:00
Peter Bhat Harkins
aa5b0788e7
bump to Rails 5.2.4.1
2020-02-05 08:27:32 -06:00
Peter Bhat Harkins
9d9050f57f
bump for security release
2019-12-25 12:50:17 -06:00
Peter Bhat Harkins
dc4cbc9017
bump loofah dep for vuln
2019-11-11 21:57:06 -06:00
Matthew Chigira
2b6a569a3b
Update Scout gem to 2.6.2 for timeline ( #773 )
2019-10-21 20:46:17 -07:00
Peter Bhat Harkins
21c69e29bf
test transaction_retry gem for mitigating deadlocks
...
https://github.com/lobsters/lobsters-ansible/issues/39
2019-10-17 21:29:36 -05:00
Thomas Dziedzic
d5016368e5
bump rubocop ( #753 )
2019-10-06 17:01:18 -07:00
Peter Bhat Harkins
be1bec2a74
bump for vulnerability
2019-08-21 08:27:20 -05:00
Thomas Dziedzic
1310166d74
Fix 2fa ( #701 )
2019-07-10 05:42:43 -07:00
Thomas Dziedzic
c143fbcc8b
mass bump ( #694 )
...
After this `bundle outdated` shows only 2 packages:
1. capybara which depends on ruby >= 2.4, should be bumped for the rails 6 update
2. tzinfo which is locked to 1.x by activesupport
2019-06-29 07:20:47 -07:00
Peter Bhat Harkins
1b448d916e
bump rubocop ( #690 )
2019-06-18 06:54:27 -07:00
Thomas Dziedzic
d0d2c9b1f9
silence warning about git vs https ( #689 )
2019-06-18 06:00:17 -07:00
Peter Bhat Harkins
1989831e72
rm sqlite
...
We haven't attempted to maintain support for it as we've increased our custom
SQL, and it's long been best practice in Rails to use the same database system
in dev as prod.
2019-06-14 09:24:12 -05:00
Thomas Dziedzic
a075903a2f
use rubocop-rails
...
the next version of rubocop 0.72 will remove the rails cops
https://github.com/rubocop-hq/rubocop/blob/master/manual/migrate_rails_cops.md
2019-06-13 09:19:32 -05:00
Thomas Dziedzic
0289386d57
bump rubocop and rubocop-rails
2019-06-13 08:53:09 -05:00
Casey R
5288928056
add scout gem for perf study ( #674 )
...
https://lobste.rs/s/5hshvd/proposal_lobste_rs_performance_analysis
Sister sites, you probably want to just ignore/revert this commit.
2019-05-08 22:22:04 +00:00
Peter Bhat Harkins
356cd601c5
bump rails for vulns
...
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
2019-03-13 12:53:56 -05:00
Abdullah Samman
089f3475ba
Migrate deprecated form_tag and form_for to form_with
...
See next commit for note on running view style checks.
2018-12-09 09:51:30 -06:00
Peter Bhat Harkins
c1ef5b5b29
bundle update
2018-11-19 20:40:37 -06:00
ur5us
ff5b7373b5
Switch to database cleaner approach for cleaning up test data
...
While the previous approach of hand-rolling test data cleanup + setup works
it’s prone to become insufficient with regards to future test scenarios. Recent
commits 6a6da094
and later 4620a9221
highlight the issue.
Using the database cleaner gem provides a cleaner (pun intended) approach to
setup a clean room environment before and after each specific test.
Annotating specs with with `:js` or `truncate` will switch from a transaction
based cleanup strategy to a truncation based one to enable feature/request specs
for which a web server is spun up in separate process by RSpec, in other words
the process executing the spec is not the same as the process handling the
request so RSpec/DatabaseCleaner wouldn’t know when to rollback the transaction.
The downside of this approach might be that RSpec takes a few more seconds to
run all specs.
2018-11-07 07:45:02 -06:00
Peter Bhat Harkins
386a3452b9
bump dependencies for rack CVEs
...
https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
https://groups.google.com/forum/#!topic/rubyonrails-security/U_x-YkfuVTg
2018-11-05 17:15:31 -06:00
Peter Bhat Harkins
4620a9221b
bump gems
...
* Disabling a new linter that rubocop added
* CommonMarker made SAFE the default
* The FK support or the bump left some test data around between runs
2018-10-18 08:25:06 -05:00
Peter Bhat Harkins
864e853572
add good_migrations to catch model use
2018-10-17 11:20:28 -05:00
Thomas Dziedzic
9827d7d648
bump public_suffix
2018-08-16 13:00:44 +00:00
Thomas Dziedzic
4aa925a87b
bump factory_bot_rails
...
also fix deprecations:
```
To automatically update from static attributes to dynamic ones,
install rubocop-rspec and run:
rubocop \
--require rubocop-rspec \
--only FactoryBot/AttributeDefinedStatically \
--auto-correct
```
2018-08-16 13:00:44 +00:00
Thomas Dziedzic
0064f2878b
bump bullet
2018-08-16 12:48:42 +00:00
Thomas Dziedzic
998a721d72
bump rubocop
2018-08-15 14:44:11 +00:00
Thomas Dziedzic
5150f1e58d
bump capybara
2018-08-15 14:17:35 +00:00
Thomas Dziedzic
336dab81f4
bump unicorn
2018-08-15 14:13:27 +00:00
Thomas Dziedzic
78377bc216
bump uglifier
2018-08-15 14:12:46 +00:00
Thomas Dziedzic
0ad463e954
bump jquery-rails
2018-08-15 14:11:58 +00:00
Thomas Dziedzic
b738f243a9
bump faker
2018-08-15 14:11:10 +00:00
Thomas Dziedzic
70fde32277
bump commonmarker
2018-08-15 14:10:25 +00:00
Thomas Dziedzic
2155584691
bump activerecord-typedstore
2018-08-15 14:09:39 +00:00
Thomas Dziedzic
4ec4b84456
bump bcrypt
2018-08-15 14:08:51 +00:00
Thomas Dziedzic
3c422b4ff7
bump rspec-rails
2018-08-15 14:00:26 +00:00
David Wolgemuth
c1681a4063
filter by tag and domain when searching for comments
2018-08-15 08:39:01 -05:00
Thomas Dziedzic
86ac9887b8
bump rails to 5.2.1
2018-08-15 08:07:51 -05:00
Peter Bhat Harkins
614f63c658
unpin mysql2 and update
...
I can't see a reason for us to pin a specific version of this gem.
Closes #532
2018-08-15 07:36:59 -05:00
Grey Baker
6b54680202
Bump nokogiri from 1.8.2 to 1.8.4 for security fix
...
PR #521
2018-08-08 08:39:01 -05:00
Peter Bhat Harkins
c05becb0fe
generate sitemaps
...
Google's indexing of the site is very spotty, and this seems a lot easier than
improving our builtin search engine.
2018-07-31 22:05:11 -05:00
Peter Bhat Harkins
87b8966ca6
rails complains that this is missing
2018-06-22 20:17:02 -05:00
Peter Bhat Harkins
ffc054f207
Revert "add bootsnap"; see #512
...
This reverts commit e5417d539b
.
2018-06-20 08:51:51 -05:00
thomasdziedzic-pd
e5417d539b
add bootsnap
...
PR #513 , #512
2018-06-20 07:38:21 -05:00
Grey Baker
a3a639abfb
Bump sprockets from 3.7.1 to 3.7.2
...
PR #515 , https://lobste.rs/s/rderhr/rails_asset_pipeline_directory
2018-06-19 13:17:37 -05:00
thomasdziedzic-pd
94d9549d5b
rails 5.2 upgrade
...
PR #498 , leaves some tasks in #508 and #509
2018-06-14 10:17:19 -05:00
David Wolgemuth
6799938325
replace abandoned Machinist gem with FactoryBot
...
PR #507
2018-06-14 08:34:59 -05:00
Hunter Madison
7a8497420e
Use `scenic-mysql_adapter` over `senic-mysql`
...
Fixes an irritating bug that kept prefixing the prod database name onto the view, which didn't work in dev.
2018-06-14 08:32:52 -05:00
David Wolgemuth
440c932d63
add byebug to development env
2018-06-13 09:57:45 -05:00
Peter Bhat Harkins
f278565e09
cache full pages for logged-out visitors without tag filters
2018-05-17 09:46:28 -05:00
Peter Bhat Harkins
fd84f02f8e
update from insecure version
2018-05-02 10:32:03 -05:00
Peter Bhat Harkins
ff1dc75523
high-value end-to-end happy path specs
...
Viewing homepage, ubmitting a story, viewing a story as a logged-in or
logged-out user, and submitting a comment. Also allows posting comments
without JavaScript.
I wanted smoke tests for the highest-traffic endpoints that tend to throw me a
few hundred emails if they hit exceptions in production.
2018-04-18 10:13:34 -05:00
Peter Bhat Harkins
5e8d57b618
Revert skylight
...
Closes #454
2018-04-12 16:00:47 -05:00
Godfrey Chan
616b331d1c
Add Skylight instrumentation
...
I discussed with @pushcx about adding Skylight instrumentation
to lobste.rs under the new [Skylight for Open Source](https://www.skylight.io/oss )
program.
If you’re not already familiar with Skylight, it is a smart profiler
for Rails apps. Skylight makes it easy to pinpoint performance issues
in Rails applications.
We work on a lot of open source projects ourselves, and in our experience
it can be pretty hard to get contributors to work on application performance
issues. Few contributors consider working on performance problems, and the
ones that might be interested may not even know where to start. By making
performance information more accessible, we hope to inspire potential
contributors to tackle slow parts of your app, and have a good way to
see if their contributions helped.
Once this patch is merged and deloyed*, you will be able to view the
performance data we collected at the [public Skylight dashboard](https://oss.skylight.io/app/applications/UVOwCQJiWlFy ).
The dashboard will be accessible to anyone (no Skylight account
required) to make it easy for contributors.
(*Actually, I lied a little. We still need to set the `SKYLIGHT_AUTHENTICATION`
environment variable to the appropiate API key on production, but I
will work with @pushcx on that off-thread.)
Fixes #454
2018-03-26 19:03:34 +01:00
James Brink
d48305ac7f
Fix broken dep - Parser 2.5.0.4 has been yanked
...
Updated parser to 2.5.0.5 as the previous version has
has been yanked by author, and no longer available.
https://rubygems.org/gems/parser/versions/2.5.0.4
2018-03-26 16:46:38 +01:00
Peter Bhat Harkins
29e095a9b6
add bullet to catch 1 + n queries and unused eager loading
2018-03-21 20:29:04 -05:00
Peter Bhat Harkins
c0393457a4
update to current rspec-rails integration style
2018-03-21 15:37:41 -05:00
Peter Bhat Harkins
604713e97c
Merge branch 'rubocop'
2018-03-21 15:19:48 -05:00
Peter Bhat Harkins
55da55cb9e
fix mysql/AR version incompatibility
2018-03-21 13:53:38 -05:00
Grey Baker
3cc57b786c
Update dependencies
...
* Bump rspec-rails from 3.6.0 to 3.7.2
Bumps [rspec-rails](https://github.com/rspec/rspec-rails ) from 3.6.0 to 3.7.2.
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md )
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.6.0...v3.7.2 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump activerecord-typedstore from 1.1.1 to 1.1.3
Bumps [activerecord-typedstore](https://github.com/byroot/activerecord-typedstore ) from 1.1.1 to 1.1.3.
- [Commits](https://github.com/byroot/activerecord-typedstore/compare/v1.1.1...v1.1.3 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump nokogiri from 1.8.1 to 1.8.2
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.8.1 to 1.8.2.
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.8.1...v1.8.2 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump scenic from 1.4.0 to 1.4.1
Bumps [scenic](https://github.com/thoughtbot/scenic ) from 1.4.0 to 1.4.1.
- [Changelog](https://github.com/thoughtbot/scenic/blob/master/NEWS.md )
- [Commits](https://github.com/thoughtbot/scenic/compare/v1.4.0...v1.4.1 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump exception_notification from 4.2.1 to 4.2.2
Bumps [exception_notification](https://github.com/smartinez87/exception_notification ) from 4.2.1 to 4.2.2.
- [Changelog](https://github.com/smartinez87/exception_notification/blob/master/CHANGELOG.rdoc )
- [Commits](https://github.com/smartinez87/exception_notification/compare/v4.2.1...v4.2.2 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump oauth from 0.5.3 to 0.5.4
Bumps oauth from 0.5.3 to 0.5.4.
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump uglifier from 3.2.0 to 4.1.7
Bumps [uglifier](https://github.com/lautis/uglifier ) from 3.2.0 to 4.1.7.
- [Changelog](https://github.com/lautis/uglifier/blob/master/CHANGELOG.md )
- [Commits](https://github.com/lautis/uglifier/compare/v3.2.0...v4.1.7 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump rotp from 3.3.0 to 3.3.1
Bumps [rotp](https://github.com/mdp/rotp ) from 3.3.0 to 3.3.1.
- [Changelog](https://github.com/mdp/rotp/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mdp/rotp/commits )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump rails from 5.1.1 to 5.1.5
Bumps [rails](https://github.com/rails/rails ) from 5.1.1 to 5.1.5.
- [Commits](https://github.com/rails/rails/compare/v5.1.1...v5.1.5 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump faker from 1.7.3 to 1.8.7
Bumps [faker](https://github.com/stympy/faker ) from 1.7.3 to 1.8.7.
- [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md )
- [Commits](https://github.com/stympy/faker/compare/v1.7.3...v1.8.7 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump unicorn from 5.3.0 to 5.4.0
Bumps [unicorn](https://bogomips.org/unicorn/ ) from 5.3.0 to 5.4.0.
Signed-off-by: dependabot[bot] <support@dependabot.com>
* Bump mysql2 from 0.4.6 to 0.4.10
Bumps [mysql2](https://github.com/brianmario/mysql2 ) from 0.4.6 to 0.4.10.
- [Release notes](https://github.com/brianmario/mysql2/releases )
- [Changelog](https://github.com/brianmario/mysql2/blob/master/CHANGELOG.md )
- [Commits](https://github.com/brianmario/mysql2/compare/0.4.6...0.4.10 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-03-21 13:43:51 -05:00
Peter Bhat Harkins
5851346765
add rubocop, 4849 offenses
2018-03-01 22:35:07 -06:00
Hunter Madison
dd42cca880
Show story and comment replies, tracking unread ones
2018-01-31 07:43:07 -06:00
Peter Bhat Harkins
a8415a675c
bump nokogiri for security fix
2018-01-25 18:42:52 -06:00
joshua stein
8311cb31d2
Gemfile.lock: update aftet 8128ff15b7
2017-09-08 10:31:06 -05:00
Adam Hess
28c8217652
Upgrade rails 5 1 ( #367 )
...
* Upgrade to rails 5.1
- Update versions of dependencies
- Switch before_filter to before_action
- Use render plain rather than render text
* Generate new rails 5.1 scripts
2017-06-18 11:04:32 -05:00
joshua stein
10cde11f83
Search: drop sphinx for searching, use sql fulltext
...
Sphinx's searchd is very buggy, often crashing on rebuilding its
indexes, not starting up, or just spinning at 100% CPU.
It is also a big external dependency that might not be available on
other hosting platforms.
This removes the ability to search both comments and stories at
once, though I don't know how useful that was anyway. We gain
boolean searching and the ability to more carefully craft queries
using particular keywords (in the future) like "user:blah" or
"tag:blah" to narrow things down.
2017-06-07 15:59:54 -05:00
Grey Baker
638cf44d0f
Upgrade nokogiri, jquery-rails and uglifier to secure version ( #362 )
2017-05-27 18:26:40 -05:00
Yuki Izumi
fa70ab147c
Simple replacement with CommonMarker
2017-04-12 22:53:51 +10:00
joshua stein
3c908f7487
update to rails 4.2.8
2017-03-18 21:20:40 -05:00
joshua stein
dbd84f1e03
add TOTP-based two-factor authentication option
2017-02-24 12:58:42 -06:00
joshua stein
8fbdc02078
step one of moving user settings to a single column
...
see #245
2017-01-19 12:02:51 -06:00
Derek Prior
f3a3413e66
Update htmlentities to remove warning
...
The previous version of `htmlentities` had a duplicate key in one of
its hashes, which produced the following warning:
```
.../htmlentities-4.3.2/lib/htmlentities/mappings/expanded.rb:465:
warning: key "inodot" is duplicated and overwritten on line 466
```
Updating to the latest removes this warning.
2016-03-05 17:32:44 -05:00
Derek Prior
6eec2e26af
Support Ruby 2.2.0 and 2.3.0
...
Judging from the test suite, the only issue in supporting Ruby 2.2.0+
was with the `mysql2` gem. Updating this to the latest 0.3.x allows
Lobsters to run with newer Rubies.
We can't update to the absolute latest `mysql2` gem without first
updating Rails, which is why I used the pessimistic version constraint
for `mysql2`.
2016-03-05 17:19:44 -05:00
joshua stein
befee851c8
update to rails 4.1.12
2015-07-24 01:38:51 -05:00
Carlos Puchol
56d771a9f4
rename bcrypt, to eliminate the warning that they changed the gem name
2015-03-04 22:33:09 -08:00
Serge Paquet
b7b93d0bf9
update to rails 4.1.8
2014-12-13 23:47:44 -05:00
Serge Paquet
346fec4ef9
update to thinking-sphinx 3.1.2
2014-12-13 23:43:20 -05:00
joshua stein
dfe6db4849
revert 85cb7c20
, give up on planet rss aggregation
2014-08-31 20:35:41 -05:00
joshua stein
c4b6772828
update to rails 4.0.8 for no particular reason
2014-08-17 19:25:02 -05:00
joshua stein
85cb7c2057
first stab at planet rss aggregation
...
could probably use a prettier layout and auto-posting a weblog url
to the main site (carrying tags)
2014-08-03 22:07:57 -05:00
joshua stein
b3e6679da0
update some gems, remove some useless comments from Gemfile
2014-08-03 22:07:50 -05:00
Andrey Chernih
9e849de0f7
Add task to generate test data
2014-07-07 12:15:28 +04:00
joshua stein
21553878f3
rails 4.0.5 for CVE-2014-0130
2014-05-06 21:29:07 -05:00
Serge Paquet
519427586a
use Rails4-style strong parameters mass assignment protection
2014-02-02 15:41:38 -05:00
Serge Paquet
709b0bff98
upgrade thinking-sphinx gem
2014-01-07 05:52:29 -05:00
Serge Paquet
9b0294c471
upgrade to rails v4.0.2
2013-12-30 17:40:52 -05:00
joshua stein
aeb97bd8eb
rails 3.2.16 and assorted gem updates
2013-12-03 16:14:18 -06:00
joshua stein
0ac51b9f8c
include oauth gem for a cli tool
2013-07-03 22:40:37 -05:00