Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependencies update #173

Merged
merged 1 commit into from
Nov 18, 2019
Merged

dependencies update #173

merged 1 commit into from
Nov 18, 2019

Conversation

t-romani
Copy link
Contributor

@t-romani t-romani commented Nov 13, 2019
edited
Loading

issue #172

run bundle update on terminal to update every gem
run into a couple issues:

  • first when running rails s, it would fail with
Expected to find a manifest file in `app/assets/config/manifest.js` (Sprockets::Railtie::ManifestNeededError)
But did not, please create this file and use it to link any assets that need
to be rendered by your app:

Example:
  //= link_tree ../images
  //= link_directory ../javascripts .js
  //= link_directory ../stylesheets .css
and restart your server

so following this I included the file and it worked.

  • second, brakeman would report
Confidence: High
Category: Path Traversal
Check: SprocketsPathTraversal
Message: sprockets 4.0.0 has a path traversal vulnerability (CVE-2018-3760). Upgrade to sprockets 4.0.0.beta8 or newer

so followed up this thread to solve it, downgrading the gem.
Also this can be informative.

  • Updated Faker::Number usage on user factory.

@santiagovidal
Copy link
Contributor

Some gems like activeadmin and annotate can also be updated, but we have to change the Gemfile.

annotate's latest version is 3.0.3
activeadmin's latest version is 2.4.0

There may be more like them.

@t-romani t-romani force-pushed the feature/dependencies_update branch from 826a9f6 to 7ae46ae Compare November 14, 2019 13:50
TimoPeraza
TimoPeraza approved these changes Nov 14, 2019
View reviewed changes
Copy link
Contributor

@TimoPeraza TimoPeraza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😃

santib
santib reviewed Nov 14, 2019
View reviewed changes
config/application.rb Outdated Show resolved Hide resolved
@t-romani t-romani force-pushed the feature/dependencies_update branch from 7ae46ae to 392bbe5 Compare November 15, 2019 14:33
santib
santib reviewed Nov 15, 2019
View reviewed changes
Gemfile Outdated Show resolved Hide resolved
@t-romani t-romani force-pushed the feature/dependencies_update branch from 392bbe5 to cd0e564 Compare November 15, 2019 15:14
@t-romani t-romani force-pushed the feature/dependencies_update branch from cd0e564 to 9f52e84 Compare November 15, 2019 15:23
santib
santib approved these changes Nov 15, 2019
View reviewed changes
Copy link
Member

@santib santib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job

JuanfraM
JuanfraM approved these changes Nov 18, 2019
View reviewed changes
Copy link
Contributor

@JuanfraM JuanfraM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good job! 👏 👏👏

@JuanfraM JuanfraM merged commit 59fc5b0 into master Nov 18, 2019
@santib santib deleted the feature/dependencies_update branch July 6, 2023 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimoPeraza TimoPeraza TimoPeraza approved these changes

@peter7z peter7z peter7z approved these changes

@santiagovidal santiagovidal santiagovidal approved these changes

@santib santib santib approved these changes

@JuanfraM JuanfraM JuanfraM approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@t-romani @santiagovidal @JuanfraM @santib @peter7z @TimoPeraza