From 36c1a24d1482a6a7dbb5347e4312d498bce48643 Mon Sep 17 00:00:00 2001 From: Max Kadel Date: Thu, 9 Sep 2021 14:01:46 -0400 Subject: [PATCH] Upgrade to Hyrax v2.9.5 - Security patch - Prepare for backport of fix for FlipFlop issue --- Gemfile | 2 +- Gemfile.lock | 255 +++++++++++++++++++++++++++------------------------ README.md | 2 + 3 files changed, 137 insertions(+), 122 deletions(-) diff --git a/Gemfile b/Gemfile index 088b5c13d..566b73c16 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ gem 'factory_bot_rails' # Needed so we can load fixtures for demos in production gem 'ffaker' # Needed so we can load fixtures for demos in production gem 'honeybadger' gem 'hydra-role-management' -gem 'hyrax', '~> 2.8' +gem 'hyrax', '~> 2.9' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder gem 'jbuilder' # Use jquery as the JavaScript library diff --git a/Gemfile.lock b/Gemfile.lock index 8a569156a..61b74dd12 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,25 +1,25 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.5) - actionpack (= 5.2.5) + actioncable (5.2.6) + actionpack (= 5.2.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.5) - actionpack (= 5.2.5) - actionview (= 5.2.5) - activejob (= 5.2.5) + actionmailer (5.2.6) + actionpack (= 5.2.6) + actionview (= 5.2.6) + activejob (= 5.2.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.5) - actionview (= 5.2.5) - activesupport (= 5.2.5) + actionpack (5.2.6) + actionview (= 5.2.6) + activesupport (= 5.2.6) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.5) - activesupport (= 5.2.5) + actionview (5.2.6) + activesupport (= 5.2.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -40,60 +40,61 @@ GEM activesupport (>= 3.0.0) rdf (>= 2.0.2, < 4.0) rdf-vocab (>= 2.0, < 4.0) - active_encode (0.7.0) + active_encode (0.8.1) rails sprockets (< 4) - activejob (5.2.5) - activesupport (= 5.2.5) + activejob (5.2.6) + activesupport (= 5.2.6) globalid (>= 0.3.6) - activemodel (5.2.5) - activesupport (= 5.2.5) + activemodel (5.2.6) + activesupport (= 5.2.6) activemodel-serializers-xml (1.0.2) activemodel (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (5.2.5) - activemodel (= 5.2.5) - activesupport (= 5.2.5) + activerecord (5.2.6) + activemodel (= 5.2.6) + activesupport (= 5.2.6) arel (>= 9.0) - activerecord-import (1.0.8) + activerecord-import (1.2.0) activerecord (>= 3.2) - activestorage (5.2.5) - actionpack (= 5.2.5) - activerecord (= 5.2.5) + activestorage (5.2.6) + actionpack (= 5.2.6) + activerecord (= 5.2.6) marcel (~> 1.0.0) - activesupport (5.2.5) + activesupport (5.2.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) airbrussh (1.4.0) sshkit (>= 1.6.1, != 1.7.0) almond-rails (0.3.0) rails (>= 4.2) + amazing_print (1.3.0) arel (9.0.0) ast (2.4.2) - autoprefixer-rails (10.2.4.0) - execjs + autoprefixer-rails (10.3.3.0) + execjs (~> 2) awesome_nested_set (3.4.0) activerecord (>= 4.0.0, < 7.0) - aws-eventstream (1.1.1) - aws-partitions (1.443.0) - aws-sdk-core (3.113.1) + aws-eventstream (1.2.0) + aws-partitions (1.498.0) + aws-sdk-core (3.121.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.43.0) - aws-sdk-core (~> 3, >= 3.112.0) + aws-sdk-kms (1.48.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.93.0) - aws-sdk-core (~> 3, >= 3.112.0) + aws-sdk-s3 (1.102.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sdk-kms (~> 1) - aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.3) + aws-sigv4 (~> 1.4) + aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) babel-source (5.8.35) babel-transpiler (0.7.0) @@ -193,8 +194,8 @@ GEM execjs coffee-script-source (1.12.2) commonjs (0.2.7) - concurrent-ruby (1.1.8) - connection_pool (2.2.3) + concurrent-ruby (1.1.9) + connection_pool (2.2.5) coveralls (0.8.23) json (>= 1.8, < 3) simplecov (~> 0.16.1) @@ -229,39 +230,39 @@ GEM dotenv-rails (2.7.6) dotenv (= 2.7.6) railties (>= 3.2) - draper (4.0.1) + draper (4.0.2) actionpack (>= 5.0) activemodel (>= 5.0) activemodel-serializers-xml (>= 1.0) activesupport (>= 5.0) request_store (>= 1.0) + ruby2_keywords dropbox_api (0.1.18) faraday (<= 1.0) oauth2 (~> 1.1) dry-configurable (0.12.1) concurrent-ruby (~> 1.0) dry-core (~> 0.5, >= 0.5.0) - dry-container (0.7.2) + dry-container (0.8.0) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.5.0) + dry-core (0.7.1) concurrent-ruby (~> 1.0) dry-equalizer (0.3.0) dry-events (0.3.0) concurrent-ruby (~> 1.0) dry-core (~> 0.5, >= 0.5) - dry-inflector (0.2.0) + dry-inflector (0.2.1) dry-initializer (3.0.4) - dry-logic (1.1.0) + dry-logic (1.2.0) concurrent-ruby (~> 1.0) dry-core (~> 0.5, >= 0.5) dry-matcher (0.9.0) dry-core (~> 0.4, >= 0.4.8) - dry-monads (1.3.5) + dry-monads (1.4.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.4, >= 0.4.4) - dry-equalizer - dry-schema (1.6.1) + dry-core (~> 0.7) + dry-schema (1.7.1) concurrent-ruby (~> 1.0) dry-configurable (~> 0.8, >= 0.8.3) dry-core (~> 0.5, >= 0.5) @@ -272,7 +273,7 @@ GEM dry-core (~> 0.5, >= 0.5) dry-types (~> 1.5) ice_nine (~> 0.11) - dry-transaction (0.13.2) + dry-transaction (0.13.3) dry-container (>= 0.2.8) dry-events (>= 0.1.0) dry-matcher (>= 0.7.0) @@ -290,17 +291,19 @@ GEM dry-equalizer (~> 0.2) dry-initializer (~> 3.0) dry-schema (~> 1.5, >= 1.5.2) - ebnf (2.1.2) + ebnf (2.2.1) + amazing_print (~> 1.2) htmlentities (~> 4.3) rdf (~> 3.1) scanf (~> 1.0) sxp (~> 1.1) + unicode-types (~> 1.6) equivalent-xml (0.6.0) nokogiri (>= 1.4.3) erubi (1.10.0) - ethon (0.13.0) + ethon (0.14.0) ffi (>= 1.15.0) - execjs (2.7.0) + execjs (2.8.1) factory_bot (6.1.0) activesupport (>= 5.0.0) factory_bot_rails (6.1.0) @@ -315,7 +318,7 @@ GEM fcrepo_wrapper (0.9.0) ruby-progressbar ffaker (2.17.0) - ffi (1.15.0) + ffi (1.15.4) ffi-compiler (1.0.1) ffi (>= 1.0.0) rake @@ -326,7 +329,7 @@ GEM font-awesome-rails (4.7.0.7) railties (>= 3.2, < 7) gems (1.2.0) - geocoder (1.6.6) + geocoder (1.6.7) github_changelog_generator (1.15.2) activesupport faraday-http-cache @@ -335,41 +338,45 @@ GEM rainbow (>= 2.2.1) rake (>= 10.0) retriable (~> 3.0) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (0.5.2) + activesupport (>= 5.0) google-api-client (0.53.0) google-apis-core (~> 0.1) google-apis-generator (~> 0.1) - google-apis-core (0.3.0) + google-apis-core (0.4.1) addressable (~> 2.5, >= 2.5.1) - googleauth (~> 0.14) - httpclient (>= 2.8.1, < 3.0) + googleauth (>= 0.16.2, < 2.a) + httpclient (>= 2.8.1, < 3.a) mini_mime (~> 1.0) representable (~> 3.0) - retriable (>= 2.0, < 4.0) + retriable (>= 2.0, < 4.a) rexml - signet (~> 0.14) webrick - google-apis-discovery_v1 (0.2.0) - google-apis-core (~> 0.1) - google-apis-generator (0.2.0) + google-apis-discovery_v1 (0.6.0) + google-apis-core (>= 0.4, < 2.a) + google-apis-drive_v3 (0.13.0) + google-apis-core (>= 0.4, < 2.a) + google-apis-generator (0.4.0) activesupport (>= 5.0) gems (~> 1.2) - google-apis-core (~> 0.1) - google-apis-discovery_v1 (~> 0.0) + google-apis-core (>= 0.4, < 2.a) + google-apis-discovery_v1 (~> 0.5) thor (>= 0.20, < 2.a) - google_drive (3.0.6) - google-api-client (>= 0.11.0, < 1.0.0) + google-apis-sheets_v4 (0.9.0) + google-apis-core (>= 0.4, < 2.a) + google_drive (3.0.7) + google-apis-drive_v3 (>= 0.5.0, < 1.0.0) + google-apis-sheets_v4 (>= 0.4.0, < 1.0.0) googleauth (>= 0.5.0, < 1.0.0) nokogiri (>= 1.5.3, < 2.0.0) - googleauth (0.16.1) + googleauth (0.17.1) faraday (>= 0.17.3, < 2.0) jwt (>= 1.4, < 3.0) memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) - signet (~> 0.14) - haml (5.2.1) + signet (~> 0.15) + haml (5.2.2) temple (>= 0.8.0) tilt hamster (3.0.0) @@ -391,15 +398,15 @@ GEM ffi-compiler (>= 1.0, < 2.0) http_logger (0.6.0) httpclient (2.8.3) - hydra-access-controls (11.0.6) + hydra-access-controls (11.0.7) active-fedora (>= 10.0.0) activesupport (>= 4, < 6) blacklight (>= 5.16) blacklight-access_controls (~> 0.6.0) cancancan (~> 1.8) deprecation (~> 1.0) - hydra-core (11.0.6) - hydra-access-controls (= 11.0.6) + hydra-core (11.0.7) + hydra-access-controls (= 11.0.7) railties (>= 4.0.0, < 6) hydra-derivatives (3.5.0) active-fedora (>= 11.3.1, < 14) @@ -409,7 +416,7 @@ GEM deprecation mime-types (> 2.0, < 4.0) mini_magick (>= 3.2, < 5) - hydra-editor (5.0.4) + hydra-editor (5.0.5) active-fedora (>= 9.0.0) activerecord (~> 5.0) almond-rails (~> 0.1) @@ -420,9 +427,9 @@ GEM sprockets-es6 hydra-file_characterization (1.1.2) activesupport (>= 3.0.0) - hydra-head (11.0.6) - hydra-access-controls (= 11.0.6) - hydra-core (= 11.0.6) + hydra-head (11.0.7) + hydra-access-controls (= 11.0.7) + hydra-core (= 11.0.7) rails (>= 5.2, < 6.1) hydra-pcdm (1.1.0) active-fedora (>= 10, < 14) @@ -438,7 +445,7 @@ GEM hydra-derivatives (~> 3.0) hydra-file_characterization (~> 1.0) hydra-pcdm (>= 0.9) - hyrax (2.9.4) + hyrax (2.9.5) active-fedora (>= 11.5.2, < 12.2) almond-rails (~> 0.1) awesome_nested_set (~> 3.1) @@ -525,12 +532,12 @@ GEM multi_json (~> 1.14) rack (~> 2.0) rdf (~> 3.1) - json-ld-preloaded (3.1.5) + json-ld-preloaded (3.1.6) json-ld (~> 3.1) rdf (~> 3.1) json-schema (2.8.1) addressable (>= 2.4) - jwt (2.2.2) + jwt (2.2.3) kaminari (1.2.1) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.1) @@ -553,7 +560,7 @@ GEM rdf-xsd (~> 3.1) sparql (~> 3.1) sxp (~> 1.1) - ldp (1.0.1) + ldp (1.0.3) deprecation faraday http_logger @@ -606,7 +613,8 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.9.1) + logger (1.4.3) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.6.6.rc1) @@ -619,10 +627,10 @@ GEM method_source (1.0.0) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) + mime-types-data (3.2021.0901) mini_magick (4.11.0) - mini_mime (1.1.0) - mini_portile2 (2.5.1) + mini_mime (1.1.1) + mini_portile2 (2.6.1) minitest (5.14.4) multi_json (1.15.0) multi_xml (0.6.0) @@ -636,13 +644,13 @@ GEM net-sftp (3.0.0) net-ssh (>= 5.0.0, < 7.0.0) net-ssh (6.1.0) - nio4r (2.5.7) + nio4r (2.5.8) noid (0.9.0) - noid-rails (3.0.2) + noid-rails (3.0.3) actionpack (>= 5.0.0, < 7) noid (~> 0.9) - nokogiri (1.11.4) - mini_portile2 (~> 2.5.0) + nokogiri (1.12.4) + mini_portile2 (~> 2.6.1) racc (~> 1.4) nokogumbo (2.0.5) nokogiri (~> 1.8, >= 1.8.4) @@ -699,18 +707,18 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.5) - actioncable (= 5.2.5) - actionmailer (= 5.2.5) - actionpack (= 5.2.5) - actionview (= 5.2.5) - activejob (= 5.2.5) - activemodel (= 5.2.5) - activerecord (= 5.2.5) - activestorage (= 5.2.5) - activesupport (= 5.2.5) + rails (5.2.6) + actioncable (= 5.2.6) + actionmailer (= 5.2.6) + actionpack (= 5.2.6) + actionview (= 5.2.6) + activejob (= 5.2.6) + activemodel (= 5.2.6) + activerecord (= 5.2.6) + activestorage (= 5.2.6) + activesupport (= 5.2.6) bundler (>= 1.3.0) - railties (= 5.2.5) + railties (= 5.2.6) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -719,22 +727,22 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) rails_autolink (1.1.6) rails (> 3.1) - railties (5.2.5) - actionpack (= 5.2.5) - activesupport (= 5.2.5) + railties (5.2.6) + actionpack (= 5.2.6) + activesupport (= 5.2.6) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.3) - rb-fsevent (0.10.4) + rake (13.0.6) + rb-fsevent (0.11.0) rb-inotify (0.10.1) ffi (~> 1.0) - rdf (3.1.13) + rdf (3.1.15) hamster (~> 3.0) link_header (~> 0.0, >= 0.0.8) rdf-aggregate-repo (3.1.0) @@ -793,15 +801,15 @@ GEM rexml (~> 3.2) redic (1.5.3) hiredis - redis (4.2.5) + redis (4.4.0) redis-namespace (1.8.1) redis (>= 3.0.4) redlock (1.2.1) redis (>= 3.0.0, < 5.0) regexp_parser (2.0.3) - representable (3.1.0) + representable (3.1.1) declarative (< 0.1.0) - trailblazer-option (~> 0.1.0) + trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) request_store (1.5.0) rack (>= 1.4) @@ -867,6 +875,7 @@ GEM multipart-post oauth2 ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) rubyzip (2.3.0) samvera-nesting_indexer (2.0.0) dry-equalizer @@ -895,8 +904,9 @@ GEM selenium-webdriver (3.142.7) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) - shex (0.6.1) - ebnf (~> 2.0) + shex (0.6.3) + ebnf (~> 2.1, >= 2.2) + htmlentities (~> 4.3) json-ld (~> 3.1) json-ld-preloaded (~> 3.1) rdf (~> 3.1) @@ -909,8 +919,8 @@ GEM connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) - signet (0.15.0) - addressable (~> 2.3) + signet (0.16.0) + addressable (~> 2.8) faraday (>= 0.17.3, < 2.0) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) @@ -922,7 +932,7 @@ GEM json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) - slop (4.8.2) + slop (4.9.1) solr_wrapper (3.0.2) http retriable @@ -932,10 +942,11 @@ GEM activesupport nokogiri xml-simple - sparql (3.1.6) + sparql (3.1.8) builder (~> 3.2) ebnf (~> 2.1) - rdf (~> 3.1, >= 3.1.12) + logger (~> 1.4) + rdf (~> 3.1, >= 3.1.14) rdf-aggregate-repo (~> 3.1) rdf-xsd (~> 3.1) sparql-client (~> 3.1, >= 3.1.2) @@ -975,7 +986,7 @@ GEM sync tinymce-rails (4.9.11) railties (>= 3.1.1) - trailblazer-option (0.1.0) + trailblazer-option (0.1.1) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -999,6 +1010,7 @@ GEM unf_ext unf_ext (0.0.7.7) unicode-display_width (1.7.0) + unicode-types (1.6.0) vcr (6.0.0) warden (1.2.9) rack (>= 2.0.9) @@ -1020,12 +1032,13 @@ GEM rack-proxy (>= 0.6.1) railties (>= 4.2) webrick (1.7.0) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) whenever (1.0.0) chronic (>= 0.6.3) - xml-simple (1.1.8) + xml-simple (1.1.9) + rexml xpath (3.2.0) nokogiri (~> 1.8) xray-rails (0.3.2) @@ -1060,7 +1073,7 @@ DEPENDENCIES github_changelog_generator honeybadger hydra-role-management - hyrax (~> 2.8) + hyrax (~> 2.9) hyrax-spec jasmine jbuilder diff --git a/README.md b/README.md index 26f93b6c9..fd8d25ea2 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,8 @@ or cherokee rose is the `npm install -g yarn` 1. Install yarn dependencies `yarn install` + + *NOTE* node-sass is particular about node versions, see their [version support policy](https://github.com/sass/node-sass#node-version-support-policy) if you're having difficulty 1. Install ClamAV This is required if you want to work with file uploads in your development environment. See: [Installing ClamAV](https://www.clamav.net/documents/installing-clamav) for instructions.