tildeverse
/
tilde.news
mirror of https://github.com/tildeverse/lobsters
5
3
Fork 3
Code Issues 2 Releases Wiki Activity
2,728 Commits 3 Branches 0 Tags 6.6 MiB
Commit Graph

165 Commits

Author SHA1 Message Date
Peter Bhat Harkins 6fa449cc91 bump for cve 2020-06-07 14:36:52 -05:00
Peter Bhat Harkins 77c483fe64 rm scout 2020-06-02 22:05:40 -05:00
Peter Bhat Harkins dba2d722d6 bump puma 2020-05-31 22:22:43 -05:00
Peter Bhat Harkins b5f3ed8de5 pin old sprockets 
As is traditional for every Rails point release, the asset pipeline broke in a
new and obtuse way. In this case, by hanging puma indefinitely after serving
any page, requiring a kill -9. Pinning an old version; I'll burn 20 hours
unfucking whatever new wrong thing it's doing later.

The asset pipeline is nine years old.
 2020-05-19 18:22:52 -05:00
Peter Bhat Harkins 87f2404c08 Ruby 2.7 and bundle update 2020-05-18 23:20:03 -05:00
Peter Bhat Harkins 2d374f01d0 match ruby version for byebug 2020-05-18 19:44:46 -05:00
Peter Bhat Harkins 0105930afa bump rails; rubocop cleanup 2020-05-18 19:28:26 -05:00
Peter Bhat Harkins e2ea9decb2 noreferrer 2020-05-16 14:44:25 -05:00
Peter Bhat Harkins f09aba2ad8 bump rails 2020-05-16 09:13:44 -05:00
Peter Bhat Harkins 789ccf0724 bump rails to 5.2.4.2 2020-05-05 21:20:17 -05:00
Peter Bhat Harkins 8a46f78cf6 bump for DOS CVE 2020-03-02 20:37:21 -06:00
Peter Bhat Harkins 5f50c79a20 PDF parsing support for fetch title 
Merge #707
 2020-03-02 20:34:45 -06:00
Peter Bhat Harkins 9b4382a21d bump rubocop 2020-02-10 06:50:41 -06:00
Peter Bhat Harkins aa5b0788e7 bump to Rails 5.2.4.1 2020-02-05 08:27:32 -06:00
Peter Bhat Harkins 9d9050f57f bump for security release 2019-12-25 12:50:17 -06:00
Peter Bhat Harkins dc4cbc9017 bump loofah dep for vuln 2019-11-11 21:57:06 -06:00
Matthew Chigira 2b6a569a3b Update Scout gem to 2.6.2 for timeline (#773) 2019-10-21 20:46:17 -07:00
Peter Bhat Harkins 21c69e29bf test transaction_retry gem for mitigating deadlocks 
https://github.com/lobsters/lobsters-ansible/issues/39
 2019-10-17 21:29:36 -05:00
Thomas Dziedzic d5016368e5 bump rubocop (#753) 2019-10-06 17:01:18 -07:00
Peter Bhat Harkins be1bec2a74 bump for vulnerability 2019-08-21 08:27:20 -05:00
Thomas Dziedzic 1310166d74 Fix 2fa (#701) 2019-07-10 05:42:43 -07:00
Thomas Dziedzic c143fbcc8b mass bump (#694) 
After this `bundle outdated` shows only 2 packages:

1. capybara which depends on ruby >= 2.4, should be bumped for the rails 6 update
2. tzinfo which is locked to 1.x by activesupport
 2019-06-29 07:20:47 -07:00
Peter Bhat Harkins 1b448d916e
bump rubocop (#690) 2019-06-18 06:54:27 -07:00
Thomas Dziedzic d0d2c9b1f9 silence warning about git vs https (#689) 2019-06-18 06:00:17 -07:00
Peter Bhat Harkins 1989831e72 rm sqlite 
We haven't attempted to maintain support for it as we've increased our custom
SQL, and it's long been best practice in Rails to use the same database system
in dev as prod.
 2019-06-14 09:24:12 -05:00
Thomas Dziedzic a075903a2f use rubocop-rails 
the next version of rubocop 0.72 will remove the rails cops

https://github.com/rubocop-hq/rubocop/blob/master/manual/migrate_rails_cops.md
 2019-06-13 09:19:32 -05:00
Thomas Dziedzic 0289386d57 bump rubocop and rubocop-rails 2019-06-13 08:53:09 -05:00
Casey R 5288928056 add scout gem for perf study (#674) 
https://lobste.rs/s/5hshvd/proposal_lobste_rs_performance_analysis

Sister sites, you probably want to just ignore/revert this commit.
 2019-05-08 22:22:04 +00:00
Peter Bhat Harkins 356cd601c5 bump rails for vulns 
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
 2019-03-13 12:53:56 -05:00
Abdullah Samman 089f3475ba Migrate deprecated form_tag and form_for to form_with 
See next commit for note on running view style checks.
 2018-12-09 09:51:30 -06:00
Peter Bhat Harkins c1ef5b5b29 bundle update 2018-11-19 20:40:37 -06:00
ur5us ff5b7373b5 Switch to database cleaner approach for cleaning up test data 
While the previous approach of hand-rolling test data cleanup + setup works
it’s prone to become insufficient with regards to future test scenarios. Recent
commits 6a6da094 and later 4620a9221 highlight the issue.

Using the database cleaner gem provides a cleaner (pun intended) approach to
setup a clean room environment before and after each specific test.

Annotating specs with with `:js` or `truncate` will switch from a transaction
based cleanup strategy to a truncation based one to enable feature/request specs
for which a web server is spun up in separate process by RSpec, in other words
the process executing the spec is not the same as the process handling the
request so RSpec/DatabaseCleaner wouldn’t know when to rollback the transaction.

The downside of this approach might be that RSpec takes a few more seconds to
run all specs.
 2018-11-07 07:45:02 -06:00
Peter Bhat Harkins 386a3452b9 bump dependencies for rack CVEs 
https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
https://groups.google.com/forum/#!topic/rubyonrails-security/U_x-YkfuVTg
 2018-11-05 17:15:31 -06:00
Peter Bhat Harkins 4620a9221b bump gems 
* Disabling a new linter that rubocop added
 * CommonMarker made SAFE the default
 * The FK support or the bump left some test data around between runs
 2018-10-18 08:25:06 -05:00
Peter Bhat Harkins 864e853572 add good_migrations to catch model use 2018-10-17 11:20:28 -05:00
Thomas Dziedzic 9827d7d648 bump public_suffix 2018-08-16 13:00:44 +00:00
Thomas Dziedzic 4aa925a87b bump factory_bot_rails 
also fix deprecations:

```
To automatically update from static attributes to dynamic ones,
install rubocop-rspec and run:

rubocop \
  --require rubocop-rspec \
  --only FactoryBot/AttributeDefinedStatically \
  --auto-correct
```
 2018-08-16 13:00:44 +00:00
Thomas Dziedzic 0064f2878b bump bullet 2018-08-16 12:48:42 +00:00
Thomas Dziedzic 998a721d72 bump rubocop 2018-08-15 14:44:11 +00:00
Thomas Dziedzic 5150f1e58d bump capybara 2018-08-15 14:17:35 +00:00
Thomas Dziedzic 336dab81f4 bump unicorn 2018-08-15 14:13:27 +00:00
Thomas Dziedzic 78377bc216 bump uglifier 2018-08-15 14:12:46 +00:00
Thomas Dziedzic 0ad463e954 bump jquery-rails 2018-08-15 14:11:58 +00:00
Thomas Dziedzic b738f243a9 bump faker 2018-08-15 14:11:10 +00:00
Thomas Dziedzic 70fde32277 bump commonmarker 2018-08-15 14:10:25 +00:00
Thomas Dziedzic 2155584691 bump activerecord-typedstore 2018-08-15 14:09:39 +00:00
Thomas Dziedzic 4ec4b84456 bump bcrypt 2018-08-15 14:08:51 +00:00
Thomas Dziedzic 3c422b4ff7 bump rspec-rails 2018-08-15 14:00:26 +00:00
David Wolgemuth c1681a4063 filter by tag and domain when searching for comments 2018-08-15 08:39:01 -05:00
Thomas Dziedzic 86ac9887b8 bump rails to 5.2.1 2018-08-15 08:07:51 -05:00
Peter Bhat Harkins 614f63c658 unpin mysql2 and update 
I can't see a reason for us to pin a specific version of this gem.

Closes #532
 2018-08-15 07:36:59 -05:00
Grey Baker 6b54680202 Bump nokogiri from 1.8.2 to 1.8.4 for security fix 
PR #521
 2018-08-08 08:39:01 -05:00
Peter Bhat Harkins c05becb0fe generate sitemaps 
Google's indexing of the site is very spotty, and this seems a lot easier than
improving our builtin search engine.
 2018-07-31 22:05:11 -05:00
Peter Bhat Harkins 87b8966ca6 rails complains that this is missing 2018-06-22 20:17:02 -05:00
Peter Bhat Harkins ffc054f207 Revert "add bootsnap"; see #512 
This reverts commit e5417d539b.
 2018-06-20 08:51:51 -05:00
thomasdziedzic-pd e5417d539b add bootsnap 
PR #513, #512
 2018-06-20 07:38:21 -05:00
Grey Baker a3a639abfb Bump sprockets from 3.7.1 to 3.7.2 
PR #515, https://lobste.rs/s/rderhr/rails_asset_pipeline_directory
 2018-06-19 13:17:37 -05:00
thomasdziedzic-pd 94d9549d5b rails 5.2 upgrade 
PR #498, leaves some tasks in #508 and #509
 2018-06-14 10:17:19 -05:00
David Wolgemuth 6799938325 replace abandoned Machinist gem with FactoryBot 
PR #507
 2018-06-14 08:34:59 -05:00
Hunter Madison 7a8497420e Use `scenic-mysql_adapter` over `senic-mysql` 
Fixes an irritating bug that kept prefixing the prod database name onto the view, which didn't work in dev.
 2018-06-14 08:32:52 -05:00
David Wolgemuth 440c932d63 add byebug to development env 2018-06-13 09:57:45 -05:00
Peter Bhat Harkins f278565e09 cache full pages for logged-out visitors without tag filters 2018-05-17 09:46:28 -05:00
Peter Bhat Harkins fd84f02f8e update from insecure version 2018-05-02 10:32:03 -05:00
Peter Bhat Harkins ff1dc75523 high-value end-to-end happy path specs 
Viewing homepage, ubmitting a story, viewing a story as a logged-in or
logged-out user, and submitting a comment. Also allows posting comments
without JavaScript.

I wanted smoke tests for the highest-traffic endpoints that tend to throw me a
few hundred emails if they hit exceptions in production.
 2018-04-18 10:13:34 -05:00
Peter Bhat Harkins 5e8d57b618 Revert skylight 
Closes #454
 2018-04-12 16:00:47 -05:00
Godfrey Chan 616b331d1c Add Skylight instrumentation 
I discussed with @pushcx about adding Skylight instrumentation
to lobste.rs under the new [Skylight for Open Source](https://www.skylight.io/oss)
program.

If you’re not already familiar with Skylight, it is a smart profiler
for Rails apps. Skylight makes it easy to pinpoint performance issues
in Rails applications.

We work on a lot of open source projects ourselves, and in our experience
it can be pretty hard to get contributors to work on application performance
issues. Few contributors consider working on performance problems, and the
ones that might be interested may not even know where to start. By making
performance information more accessible, we hope to inspire potential
contributors to tackle slow parts of your app, and have a good way to
see if their contributions helped.

Once this patch is merged and deloyed*, you will be able to view the
performance data we collected at the [public Skylight dashboard](https://oss.skylight.io/app/applications/UVOwCQJiWlFy).
The dashboard will be accessible to anyone (no Skylight account
required) to make it easy for contributors.

(*Actually, I lied a little. We still need to set the `SKYLIGHT_AUTHENTICATION`
environment variable to the appropiate API key on production, but I
will work with @pushcx on that off-thread.)

Fixes #454
 2018-03-26 19:03:34 +01:00
James Brink d48305ac7f Fix broken dep - Parser 2.5.0.4 has been yanked 
Updated parser to 2.5.0.5 as the previous version has
has been yanked by author, and no longer available.
https://rubygems.org/gems/parser/versions/2.5.0.4
 2018-03-26 16:46:38 +01:00
Peter Bhat Harkins 29e095a9b6 add bullet to catch 1 + n queries and unused eager loading 2018-03-21 20:29:04 -05:00
Peter Bhat Harkins c0393457a4 update to current rspec-rails integration style 2018-03-21 15:37:41 -05:00
Peter Bhat Harkins 604713e97c Merge branch 'rubocop' 2018-03-21 15:19:48 -05:00
Peter Bhat Harkins 55da55cb9e fix mysql/AR version incompatibility 2018-03-21 13:53:38 -05:00
Grey Baker 3cc57b786c Update dependencies 
* Bump rspec-rails from 3.6.0 to 3.7.2

Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.6.0 to 3.7.2.
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.6.0...v3.7.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump activerecord-typedstore from 1.1.1 to 1.1.3

Bumps [activerecord-typedstore](https://github.com/byroot/activerecord-typedstore) from 1.1.1 to 1.1.3.
- [Commits](https://github.com/byroot/activerecord-typedstore/compare/v1.1.1...v1.1.3)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump nokogiri from 1.8.1 to 1.8.2

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.1 to 1.8.2.
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.8.1...v1.8.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump scenic from 1.4.0 to 1.4.1

Bumps [scenic](https://github.com/thoughtbot/scenic) from 1.4.0 to 1.4.1.
- [Changelog](https://github.com/thoughtbot/scenic/blob/master/NEWS.md)
- [Commits](https://github.com/thoughtbot/scenic/compare/v1.4.0...v1.4.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump exception_notification from 4.2.1 to 4.2.2

Bumps [exception_notification](https://github.com/smartinez87/exception_notification) from 4.2.1 to 4.2.2.
- [Changelog](https://github.com/smartinez87/exception_notification/blob/master/CHANGELOG.rdoc)
- [Commits](https://github.com/smartinez87/exception_notification/compare/v4.2.1...v4.2.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump oauth from 0.5.3 to 0.5.4

Bumps oauth from 0.5.3 to 0.5.4.

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump uglifier from 3.2.0 to 4.1.7

Bumps [uglifier](https://github.com/lautis/uglifier) from 3.2.0 to 4.1.7.
- [Changelog](https://github.com/lautis/uglifier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lautis/uglifier/compare/v3.2.0...v4.1.7)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump rotp from 3.3.0 to 3.3.1

Bumps [rotp](https://github.com/mdp/rotp) from 3.3.0 to 3.3.1.
- [Changelog](https://github.com/mdp/rotp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mdp/rotp/commits)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump rails from 5.1.1 to 5.1.5

Bumps [rails](https://github.com/rails/rails) from 5.1.1 to 5.1.5.
- [Commits](https://github.com/rails/rails/compare/v5.1.1...v5.1.5)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump faker from 1.7.3 to 1.8.7

Bumps [faker](https://github.com/stympy/faker) from 1.7.3 to 1.8.7.
- [Changelog](https://github.com/stympy/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stympy/faker/compare/v1.7.3...v1.8.7)

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump unicorn from 5.3.0 to 5.4.0

Bumps [unicorn](https://bogomips.org/unicorn/) from 5.3.0 to 5.4.0.

Signed-off-by: dependabot[bot] <support@dependabot.com>

* Bump mysql2 from 0.4.6 to 0.4.10

Bumps [mysql2](https://github.com/brianmario/mysql2) from 0.4.6 to 0.4.10.
- [Release notes](https://github.com/brianmario/mysql2/releases)
- [Changelog](https://github.com/brianmario/mysql2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianmario/mysql2/compare/0.4.6...0.4.10)

Signed-off-by: dependabot[bot] <support@dependabot.com>
 2018-03-21 13:43:51 -05:00
Peter Bhat Harkins 5851346765 add rubocop, 4849 offenses 2018-03-01 22:35:07 -06:00
Hunter Madison dd42cca880 Show story and comment replies, tracking unread ones 2018-01-31 07:43:07 -06:00
Peter Bhat Harkins a8415a675c bump nokogiri for security fix 2018-01-25 18:42:52 -06:00
joshua stein 8311cb31d2 Gemfile.lock: update aftet 8128ff15b7 2017-09-08 10:31:06 -05:00
Adam Hess 28c8217652 Upgrade rails 5 1 (#367) 
* Upgrade to rails 5.1

- Update versions of dependencies
- Switch before_filter to before_action
- Use render plain rather than render text

* Generate new rails 5.1 scripts
 2017-06-18 11:04:32 -05:00
joshua stein 10cde11f83 Search: drop sphinx for searching, use sql fulltext 
Sphinx's searchd is very buggy, often crashing on rebuilding its
indexes, not starting up, or just spinning at 100% CPU.

It is also a big external dependency that might not be available on
other hosting platforms.

This removes the ability to search both comments and stories at
once, though I don't know how useful that was anyway.  We gain
boolean searching and the ability to more carefully craft queries
using particular keywords (in the future) like "user:blah" or
"tag:blah" to narrow things down.
 2017-06-07 15:59:54 -05:00
Grey Baker 638cf44d0f Upgrade nokogiri, jquery-rails and uglifier to secure version (#362) 2017-05-27 18:26:40 -05:00
Yuki Izumi fa70ab147c
Simple replacement with CommonMarker 2017-04-12 22:53:51 +10:00
joshua stein 3c908f7487 update to rails 4.2.8 2017-03-18 21:20:40 -05:00
joshua stein dbd84f1e03 add TOTP-based two-factor authentication option 2017-02-24 12:58:42 -06:00
joshua stein 8fbdc02078 step one of moving user settings to a single column 
see #245
 2017-01-19 12:02:51 -06:00
Derek Prior f3a3413e66
Update htmlentities to remove warning 
The previous version of `htmlentities` had a duplicate key in one of
its hashes, which produced the following warning:

```
.../htmlentities-4.3.2/lib/htmlentities/mappings/expanded.rb:465:
warning: key "inodot" is duplicated and overwritten on line 466
```

Updating to the latest removes this warning.
 2016-03-05 17:32:44 -05:00
Derek Prior 6eec2e26af
Support Ruby 2.2.0 and 2.3.0 
Judging from the test suite, the only issue in supporting Ruby 2.2.0+
was with the `mysql2` gem. Updating this to the latest 0.3.x allows
Lobsters to run with newer Rubies.

We can't update to the absolute latest `mysql2` gem without first
updating Rails, which is why I used the pessimistic version constraint
for `mysql2`.
 2016-03-05 17:19:44 -05:00
joshua stein befee851c8 update to rails 4.1.12 2015-07-24 01:38:51 -05:00
Carlos Puchol 56d771a9f4 rename bcrypt, to eliminate the warning that they changed the gem name 2015-03-04 22:33:09 -08:00
Serge Paquet b7b93d0bf9 update to rails 4.1.8 2014-12-13 23:47:44 -05:00
Serge Paquet 346fec4ef9 update to thinking-sphinx 3.1.2 2014-12-13 23:43:20 -05:00
joshua stein dfe6db4849 revert 85cb7c20, give up on planet rss aggregation 2014-08-31 20:35:41 -05:00
joshua stein c4b6772828 update to rails 4.0.8 for no particular reason 2014-08-17 19:25:02 -05:00
joshua stein 85cb7c2057 first stab at planet rss aggregation 
could probably use a prettier layout and auto-posting a weblog url
to the main site (carrying tags)
 2014-08-03 22:07:57 -05:00
joshua stein b3e6679da0 update some gems, remove some useless comments from Gemfile 2014-08-03 22:07:50 -05:00
Andrey Chernih 9e849de0f7 Add task to generate test data 2014-07-07 12:15:28 +04:00
joshua stein 21553878f3 rails 4.0.5 for CVE-2014-0130 2014-05-06 21:29:07 -05:00
Serge Paquet 519427586a use Rails4-style strong parameters mass assignment protection 2014-02-02 15:41:38 -05:00
Serge Paquet 709b0bff98 upgrade thinking-sphinx gem 2014-01-07 05:52:29 -05:00
Serge Paquet 9b0294c471 upgrade to rails v4.0.2 2013-12-30 17:40:52 -05:00
joshua stein aeb97bd8eb rails 3.2.16 and assorted gem updates 2013-12-03 16:14:18 -06:00
joshua stein 0ac51b9f8c include oauth gem for a cli tool 2013-07-03 22:40:37 -05:00