From de528e728883445f0c0df3a9f0569719c831abea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 03:01:10 +0000 Subject: [PATCH 01/70] Bump sass from 1.54.4 to 1.54.5 Bumps [sass](https://github.com/sass/dart-sass) from 1.54.4 to 1.54.5. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.54.4...1.54.5) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index a2b70ea2..5369c7ff 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "pnp-webpack-plugin": "^1.7.0", "propagating-hammerjs": "^2.0.1", "rails-erb-loader": "^5.5.2", - "sass": "^1.54.4", + "sass": "^1.54.5", "sass-loader": "^13.0.2", "shakapacker": "6.5.1", "sortablejs": "^1.15.0", diff --git a/yarn.lock b/yarn.lock index f51a9762..1f0471d4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3830,10 +3830,10 @@ sass-loader@^13.0.2: klona "^2.0.4" neo-async "^2.6.2" -sass@^1.54.4: - version "1.54.4" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.4.tgz#803ff2fef5525f1dd01670c3915b4b68b6cba72d" - integrity sha512-3tmF16yvnBwtlPrNBHw/H907j8MlOX8aTBnlNX1yrKx24RKcJGPyLhFUwkoKBKesR3unP93/2z14Ll8NicwQUA== +sass@^1.54.5: + version "1.54.5" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.5.tgz#93708f5560784f6ff2eab8542ade021a4a947b3a" + integrity sha512-p7DTOzxkUPa/63FU0R3KApkRHwcVZYC0PLnLm5iyZACyp15qSi32x7zVUhRdABAATmkALqgGrjCJAcWvobmhHw== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From e0c2c7b806eefbbd38b6395742605b1db6c05f87 Mon Sep 17 00:00:00 2001 From: Janis4411 Date: Mon, 8 Aug 2022 10:37:29 +0200 Subject: [PATCH 02/70] Hide score button if exercise has no tests We check for all teacher-defined assessments (linter and unit tests) to determine whether scoring should be possible --- app/controllers/exercises_controller.rb | 2 + app/controllers/submissions_controller.rb | 6 +-- app/models/exercise.rb | 4 ++ app/policies/exercise_policy.rb | 6 ++- spec/controllers/exercises_controller_spec.rb | 5 ++- spec/features/editor_spec.rb | 21 ++++++++++- spec/models/exercise_spec.rb | 37 +++++++++++++++++++ spec/policies/exercise_policy_spec.rb | 24 +++++++++++- 8 files changed, 97 insertions(+), 8 deletions(-) diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb index d8c01ef8..b23cb460 100644 --- a/app/controllers/exercises_controller.rb +++ b/app/controllers/exercises_controller.rb @@ -324,6 +324,8 @@ class ExercisesController < ApplicationController end end + @embed_options[:disable_score] = true unless @exercise.teacher_defined_assessment? + @hide_rfc_button = @embed_options[:disable_rfc] @search = Search.new diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 680af5d7..cdc687a3 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -83,7 +83,7 @@ class SubmissionsController < ApplicationController client_socket = tubesock client_socket.onopen do |_event| - kill_client_socket(client_socket) if @embed_options[:disable_run] + return kill_client_socket(client_socket) if @embed_options[:disable_run] end client_socket.onclose do |_event| @@ -199,7 +199,7 @@ class SubmissionsController < ApplicationController hijack do |tubesock| tubesock.onopen do |_event| switch_locale do - kill_client_socket(tubesock) if @embed_options[:disable_score] + return kill_client_socket(tubesock) if @embed_options[:disable_score] || !@submission.exercise.teacher_defined_assessment? # The score is stored separately, we can forward it to the client immediately tubesock.send_data(JSON.dump(@submission.calculate_score)) @@ -226,7 +226,7 @@ class SubmissionsController < ApplicationController hijack do |tubesock| tubesock.onopen do |_event| switch_locale do - kill_client_socket(tubesock) if @embed_options[:disable_run] + return kill_client_socket(tubesock) if @embed_options[:disable_run] # The score is stored separately, we can forward it to the client immediately tubesock.send_data(JSON.dump(@submission.test(@file))) diff --git a/app/models/exercise.rb b/app/models/exercise.rb index 7711dbe7..ed7ad7d3 100644 --- a/app/models/exercise.rb +++ b/app/models/exercise.rb @@ -205,6 +205,10 @@ class Exercise < ApplicationRecord " end + def teacher_defined_assessment? + files.any?(&:teacher_defined_assessment?) + end + def get_working_times_for_study_group(study_group_id, user = nil) user_progress = [] additional_user_data = [] diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb index 81fab186..497e6a42 100644 --- a/app/policies/exercise_policy.rb +++ b/app/policies/exercise_policy.rb @@ -29,10 +29,14 @@ class ExercisePolicy < AdminOrAuthorPolicy define_method(action) { (admin? || teacher_in_study_group? || author?) && @user.codeharbor_link } end - %i[implement? working_times? intervention? search? submit? reload?].each do |action| + %i[implement? working_times? intervention? search? reload?].each do |action| define_method(action) { everyone } end + def submit? + everyone && @record.teacher_defined_assessment? + end + class Scope < Scope def resolve if @user.admin? diff --git a/spec/controllers/exercises_controller_spec.rb b/spec/controllers/exercises_controller_spec.rb index 57479b5c..ad245b64 100644 --- a/spec/controllers/exercises_controller_spec.rb +++ b/spec/controllers/exercises_controller_spec.rb @@ -6,7 +6,10 @@ describe ExercisesController do let(:exercise) { create(:dummy) } let(:user) { create(:admin) } - before { allow(controller).to receive(:current_user).and_return(user) } + before do + create(:test_file, context: exercise) + allow(controller).to receive(:current_user).and_return(user) + end describe 'PUT #batch_update' do let(:attributes) { {public: 'true'} } diff --git a/spec/features/editor_spec.rb b/spec/features/editor_spec.rb index 5892354b..193aad2d 100644 --- a/spec/features/editor_spec.rb +++ b/spec/features/editor_spec.rb @@ -23,6 +23,7 @@ describe 'Editor', js: true do }] end let(:user) { create(:teacher) } + let(:exercise_without_test) { create(:tdd) } before do visit(sign_in_path) @@ -93,12 +94,28 @@ describe 'Editor', js: true do end end + context 'when an exercise has one or more teacher-defined assessments' do + it 'displays the score button' do + visit(implement_exercise_path(exercise)) + expect(page).to have_content(exercise.title) + expect(page).to have_content(I18n.t('exercises.editor.score')) + end + end + + context 'when an exercise has no teacher-defined assessment' do + it 'disables the score button' do + visit(implement_exercise_path(exercise_without_test)) + expect(page).to have_content(exercise_without_test.title) + expect(page).not_to have_content(I18n.t('exercises.editor.score')) + end + end + it 'contains a button for submitting the exercise' do submission = build(:submission, user: user, exercise: exercise) allow(submission).to receive(:calculate_score).and_return(scoring_response) allow(Submission).to receive(:find).and_return(submission) click_button(I18n.t('exercises.editor.score')) - expect(page).not_to have_css('#submit_outdated') - expect(page).to have_css('#submit') + expect(page).not_to have_content(I18n.t('exercises.editor.tooltips.exercise_deadline_passed')) + expect(page).to have_content(I18n.t('exercises.editor.submit')) end end diff --git a/spec/models/exercise_spec.rb b/spec/models/exercise_spec.rb index 57bd66c9..8bbb7014 100644 --- a/spec/models/exercise_spec.rb +++ b/spec/models/exercise_spec.rb @@ -124,4 +124,41 @@ describe Exercise do expect(exercise.duplicate).to be_a(described_class) end end + + describe '#teacher_defined_assessment?' do + let(:exercise) { create(:dummy) } + + context 'when no assessment is defined' do + it 'returns false' do + expect(exercise).not_to be_teacher_defined_assessment + end + end + + context 'when unit tests are defined' do + before { create(:test_file, context: exercise) } + + it 'returns true' do + expect(exercise).to be_teacher_defined_assessment + end + end + + context 'when linter tests are defined' do + before { create(:test_file, context: exercise, role: 'teacher_defined_linter') } + + it 'returns true' do + expect(exercise).to be_teacher_defined_assessment + end + end + + context 'when unit and linter tests are defined' do + before do + create(:test_file, context: exercise) + create(:test_file, context: exercise, role: 'teacher_defined_linter') + end + + it 'returns true' do + expect(exercise).to be_teacher_defined_assessment + end + end + end end diff --git a/spec/policies/exercise_policy_spec.rb b/spec/policies/exercise_policy_spec.rb index 8fad12a6..d2b8aca3 100644 --- a/spec/policies/exercise_policy_spec.rb +++ b/spec/policies/exercise_policy_spec.rb @@ -112,7 +112,7 @@ describe ExercisePolicy do end end - %i[implement? submit?].each do |action| + %i[implement?].each do |action| permissions(action) do it 'grants access to anyone' do %i[admin external_user teacher].each do |factory_name| @@ -122,6 +122,28 @@ describe ExercisePolicy do end end + %i[submit?].each do |action| + permissions(action) do + context 'when teacher-defined assessments are available' do + before { create(:test_file, context: exercise) } + + it 'grants access to anyone' do + %i[admin external_user teacher].each do |factory_name| + expect(policy).to permit(build(factory_name), exercise) + end + end + end + + context 'when teacher-defined assessments are not available' do + it 'does not grant access to anyone' do + %i[admin external_user teacher].each do |factory_name| + expect(policy).not_to permit(build(factory_name), exercise) + end + end + end + end + end + describe ExercisePolicy::Scope do describe '#resolve' do let(:admin) { create(:admin) } From e5879eb60628e1d9713c43875ea61273529ec8d9 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Mon, 22 Aug 2022 13:15:52 +0200 Subject: [PATCH 03/70] Simplify permission specs * Remove iteration if not required * Unify usage of parentheses for `permissions` call --- spec/policies/codeharbor_link_policy_spec.rb | 4 +- .../execution_environment_policy_spec.rb | 22 +++++----- spec/policies/exercise_policy_spec.rb | 44 ++++++++----------- spec/policies/external_user_policy_spec.rb | 14 +++--- 4 files changed, 37 insertions(+), 47 deletions(-) diff --git a/spec/policies/codeharbor_link_policy_spec.rb b/spec/policies/codeharbor_link_policy_spec.rb index 550700c1..f3541e50 100644 --- a/spec/policies/codeharbor_link_policy_spec.rb +++ b/spec/policies/codeharbor_link_policy_spec.rb @@ -54,7 +54,7 @@ describe CodeharborLinkPolicy do end end - permissions(:enabled?) do + permissions :enabled? do it 'reflects the config option' do %i[external_user admin teacher].each do |factory_name| expect(policy).to permit(create(factory_name), codeharbor_link) @@ -72,7 +72,7 @@ describe CodeharborLinkPolicy do allow(codeocean_config).to receive(:read).and_return(codeharbor_config) end - permissions(:enabled?) do + permissions :enabled? do it 'reflects the config option' do %i[external_user admin teacher].each do |factory_name| expect(policy).not_to permit(create(factory_name), codeharbor_link) diff --git a/spec/policies/execution_environment_policy_spec.rb b/spec/policies/execution_environment_policy_spec.rb index 651e9555..5654f920 100644 --- a/spec/policies/execution_environment_policy_spec.rb +++ b/spec/policies/execution_environment_policy_spec.rb @@ -7,19 +7,17 @@ describe ExecutionEnvironmentPolicy do let(:execution_environment) { build(:ruby) } - [:index?].each do |action| - permissions(action) do - it 'grants access to admins' do - expect(policy).to permit(build(:admin), execution_environment) - end + permissions :index? do + it 'grants access to admins' do + expect(policy).to permit(build(:admin), execution_environment) + end - it 'grants access to teachers' do - expect(policy).to permit(build(:teacher), execution_environment) - end + it 'grants access to teachers' do + expect(policy).to permit(build(:teacher), execution_environment) + end - it 'does not grant access to external users' do - expect(policy).not_to permit(build(:external_user), execution_environment) - end + it 'does not grant access to external users' do + expect(policy).not_to permit(build(:external_user), execution_environment) end end @@ -59,7 +57,7 @@ describe ExecutionEnvironmentPolicy do end end - permissions(:sync_all_to_runner_management?) do + permissions :sync_all_to_runner_management? do it 'grants access to the admin' do expect(policy).to permit(build(:admin)) end diff --git a/spec/policies/exercise_policy_spec.rb b/spec/policies/exercise_policy_spec.rb index d2b8aca3..e890fa7c 100644 --- a/spec/policies/exercise_policy_spec.rb +++ b/spec/policies/exercise_policy_spec.rb @@ -104,41 +104,35 @@ describe ExercisePolicy do end end - [:show?].each do |action| - permissions(action) do - it 'not grants access to external users' do - expect(policy).not_to permit(build(:external_user), exercise) + permissions :show? do + it 'not grants access to external users' do + expect(policy).not_to permit(build(:external_user), exercise) + end + end + + permissions :implement? do + it 'grants access to anyone' do + %i[admin external_user teacher].each do |factory_name| + expect(policy).to permit(build(factory_name), Exercise.new) end end end - %i[implement?].each do |action| - permissions(action) do + permissions :submit? do + context 'when teacher-defined assessments are available' do + before { create(:test_file, context: exercise) } + it 'grants access to anyone' do %i[admin external_user teacher].each do |factory_name| - expect(policy).to permit(build(factory_name), Exercise.new) + expect(policy).to permit(build(factory_name), exercise) end end end - end - %i[submit?].each do |action| - permissions(action) do - context 'when teacher-defined assessments are available' do - before { create(:test_file, context: exercise) } - - it 'grants access to anyone' do - %i[admin external_user teacher].each do |factory_name| - expect(policy).to permit(build(factory_name), exercise) - end - end - end - - context 'when teacher-defined assessments are not available' do - it 'does not grant access to anyone' do - %i[admin external_user teacher].each do |factory_name| - expect(policy).not_to permit(build(factory_name), exercise) - end + context 'when teacher-defined assessments are not available' do + it 'does not grant access to anyone' do + %i[admin external_user teacher].each do |factory_name| + expect(policy).not_to permit(build(factory_name), exercise) end end end diff --git a/spec/policies/external_user_policy_spec.rb b/spec/policies/external_user_policy_spec.rb index 5494b6fc..8e752327 100644 --- a/spec/policies/external_user_policy_spec.rb +++ b/spec/policies/external_user_policy_spec.rb @@ -16,14 +16,12 @@ describe ExternalUserPolicy do end end - [:index?].each do |action| - permissions(action) do - it 'grants access to admins and teachers only' do - expect(policy).to permit(build(:admin), ExternalUser.new) - expect(policy).to permit(build(:teacher), ExternalUser.new) - [:external_user].each do |factory_name| - expect(policy).not_to permit(build(factory_name), ExternalUser.new) - end + permissions :index? do + it 'grants access to admins and teachers only' do + expect(policy).to permit(build(:admin), ExternalUser.new) + expect(policy).to permit(build(:teacher), ExternalUser.new) + [:external_user].each do |factory_name| + expect(policy).not_to permit(build(factory_name), ExternalUser.new) end end end From 7c3ce7896c795ad498012b014ba0217565ded216 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Aug 2022 03:01:12 +0000 Subject: [PATCH 04/70] Bump rubocop from 1.35.0 to 1.35.1 Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.35.0 to 1.35.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.35.0...v1.35.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8354d194..1eec24d3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -414,7 +414,7 @@ GEM rspec-mocks (~> 3.10) rspec-support (~> 3.10) rspec-support (3.11.0) - rubocop (1.35.0) + rubocop (1.35.1) json (~> 2.3) parallel (~> 1.10) parser (>= 3.1.2.1) From c5747f1c149ac9b1d8f1a94b850aa8e0bc10bfa3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Aug 2022 03:01:50 +0000 Subject: [PATCH 05/70] Bump @babel/core from 7.18.10 to 7.18.13 Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.18.10 to 7.18.13. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.18.13/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 56 ++++++++++++++++++++++++++-------------------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/package.json b/package.json index 5369c7ff..c6851f18 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "codeocean", "private": true, "dependencies": { - "@babel/core": "^7.18.10", + "@babel/core": "^7.18.13", "@babel/plugin-transform-runtime": "^7.18.10", "@babel/preset-env": "7", "@babel/runtime": "7", diff --git a/yarn.lock b/yarn.lock index 1f0471d4..935925a3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -22,33 +22,33 @@ resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.18.8.tgz#2483f565faca607b8535590e84e7de323f27764d" integrity sha512-HSmX4WZPPK3FUxYp7g2T6EyO8j96HlZJlxmKPSh6KAcqwyDrfx7hKjXpAW/0FhFfTJsR0Yt4lAjLI2coMptIHQ== -"@babel/core@^7.18.10": - version "7.18.10" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.18.10.tgz#39ad504991d77f1f3da91be0b8b949a5bc466fb8" - integrity sha512-JQM6k6ENcBFKVtWvLavlvi/mPcpYZ3+R+2EySDEMSMbp7Mn4FexlbbJVrx2R7Ijhr01T8gyqrOaABWIOgxeUyw== +"@babel/core@^7.18.13": + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.18.13.tgz#9be8c44512751b05094a4d3ab05fc53a47ce00ac" + integrity sha512-ZisbOvRRusFktksHSG6pjj1CSvkPkcZq/KHD45LAkVP/oiHJkNBZWfpvlLmX8OtHDG8IuzsFlVRWo08w7Qxn0A== dependencies: "@ampproject/remapping" "^2.1.0" "@babel/code-frame" "^7.18.6" - "@babel/generator" "^7.18.10" + "@babel/generator" "^7.18.13" "@babel/helper-compilation-targets" "^7.18.9" "@babel/helper-module-transforms" "^7.18.9" "@babel/helpers" "^7.18.9" - "@babel/parser" "^7.18.10" + "@babel/parser" "^7.18.13" "@babel/template" "^7.18.10" - "@babel/traverse" "^7.18.10" - "@babel/types" "^7.18.10" + "@babel/traverse" "^7.18.13" + "@babel/types" "^7.18.13" convert-source-map "^1.7.0" debug "^4.1.0" gensync "^1.0.0-beta.2" json5 "^2.2.1" semver "^6.3.0" -"@babel/generator@^7.18.10": - version "7.18.12" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.12.tgz#fa58daa303757bd6f5e4bbca91b342040463d9f4" - integrity sha512-dfQ8ebCN98SvyL7IxNMCUtZQSq5R7kxgN+r8qYTGDmmSion1hX2C0zq2yo1bsCDhXixokv1SAWTZUMYbO/V5zg== +"@babel/generator@^7.18.13": + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.13.tgz#59550cbb9ae79b8def15587bdfbaa388c4abf212" + integrity sha512-CkPg8ySSPuHTYPJYo7IRALdqyjM9HCbt/3uOBEFbzyGVP6Mn8bwFPB0jX6982JVNBlYzM1nnPkfjuXSOPtQeEQ== dependencies: - "@babel/types" "^7.18.10" + "@babel/types" "^7.18.13" "@jridgewell/gen-mapping" "^0.3.2" jsesc "^2.5.1" @@ -262,10 +262,10 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@babel/parser@^7.18.10", "@babel/parser@^7.18.11": - version "7.18.11" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.18.11.tgz#68bb07ab3d380affa9a3f96728df07969645d2d9" - integrity sha512-9JKn5vN+hDt0Hdqn1PiJ2guflwP+B6Ga8qbDuoF0PzzVhrzsKIJo8yGqVk6CmMHiMei9w1C1Bp9IMJSIK+HPIQ== +"@babel/parser@^7.18.10", "@babel/parser@^7.18.13": + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.18.13.tgz#5b2dd21cae4a2c5145f1fbd8ca103f9313d3b7e4" + integrity sha512-dgXcIfMuQ0kgzLB2b9tRZs7TTFFaGM2AbtA4fJgUUYukzGH4jwsS7hzQHEGs67jdehpm22vkgKwvbU+aEflgwg== "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6": version "7.18.6" @@ -889,26 +889,26 @@ "@babel/parser" "^7.18.10" "@babel/types" "^7.18.10" -"@babel/traverse@^7.18.10", "@babel/traverse@^7.18.11", "@babel/traverse@^7.18.9": - version "7.18.11" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.18.11.tgz#3d51f2afbd83ecf9912bcbb5c4d94e3d2ddaa16f" - integrity sha512-TG9PiM2R/cWCAy6BPJKeHzNbu4lPzOSZpeMfeNErskGpTJx6trEvFaVCbDvpcxwy49BKWmEPwiW8mrysNiDvIQ== +"@babel/traverse@^7.18.11", "@babel/traverse@^7.18.13", "@babel/traverse@^7.18.9": + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.18.13.tgz#5ab59ef51a997b3f10c4587d648b9696b6cb1a68" + integrity sha512-N6kt9X1jRMLPxxxPYWi7tgvJRH/rtoU+dbKAPDM44RFHiMH8igdsaSBgFeskhSl/kLWLDUvIh1RXCrTmg0/zvA== dependencies: "@babel/code-frame" "^7.18.6" - "@babel/generator" "^7.18.10" + "@babel/generator" "^7.18.13" "@babel/helper-environment-visitor" "^7.18.9" "@babel/helper-function-name" "^7.18.9" "@babel/helper-hoist-variables" "^7.18.6" "@babel/helper-split-export-declaration" "^7.18.6" - "@babel/parser" "^7.18.11" - "@babel/types" "^7.18.10" + "@babel/parser" "^7.18.13" + "@babel/types" "^7.18.13" debug "^4.1.0" globals "^11.1.0" -"@babel/types@^7.18.10", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.4.4": - version "7.18.10" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.18.10.tgz#4908e81b6b339ca7c6b7a555a5fc29446f26dde6" - integrity sha512-MJvnbEiiNkpjo+LknnmRrqbY1GPUUggjv+wQVjetM/AONoupqRALB7I6jGqNUAZsKcRIEu2J6FRFvsczljjsaQ== +"@babel/types@^7.18.10", "@babel/types@^7.18.13", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.4.4": + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.18.13.tgz#30aeb9e514f4100f7c1cb6e5ba472b30e48f519a" + integrity sha512-ePqfTihzW0W6XAU+aMw2ykilisStJfDnsejDCXRchCcMJ4O0+8DhPXf2YUbZ6wjBlsEmZwLK/sPweWtu8hcJYQ== dependencies: "@babel/helper-string-parser" "^7.18.10" "@babel/helper-validator-identifier" "^7.18.6" From 4462d181ea512a7073ae033960ef07c69c27afdb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Aug 2022 03:01:35 +0000 Subject: [PATCH 06/70] Bump i18n-js from 4.0.2 to 4.1.0 Bumps [i18n-js](https://github.com/fnando/i18n) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/fnando/i18n/releases) - [Changelog](https://github.com/fnando/i18n/blob/main/CHANGELOG.md) - [Commits](https://github.com/fnando/i18n/compare/v4.0.2...v4.1.0) --- updated-dependencies: - dependency-name: i18n-js dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index c6851f18..4fe64811 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "d3": "^7.6.1", "d3-tip": "^0.9.1", "highlight.js": "^11.5.1", - "i18n-js": "^4.0.2", + "i18n-js": "^4.1.0", "jquery": "^3.6.0", "jquery-ui": "^1.13.1", "jquery-ujs": "^1.2.3", diff --git a/yarn.lock b/yarn.lock index 935925a3..eec3552b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2708,10 +2708,10 @@ human-signals@^2.1.0: resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0" integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw== -i18n-js@^4.0.2: - version "4.0.2" - resolved "https://registry.yarnpkg.com/i18n-js/-/i18n-js-4.0.2.tgz#31a62520204e292675bd72e82abdfeeb9aed5f20" - integrity sha512-81geA9vPvWe4NI2uL8Ve+/2jM03Sj/IvGgFHPxij7DbSXbG3CfChRK1vBj2h2IRl6eVRZf3Eq4ug3PgeeWUUPA== +i18n-js@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/i18n-js/-/i18n-js-4.1.0.tgz#ac7b67a291ad3a9c4e514284ac73b9885c0f42d7" + integrity sha512-p9U0+eGHUXagc3OqmNnJX96V+BFymBRde3GY8Emp5KfEi9gIa8x2LdAUQYtPkSS00gCSpNYuyDqso2oGdOp8gg== dependencies: bignumber.js "*" lodash "*" From c23073fc0af264d8610dcfa5a3533e9f8b11e959 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Aug 2022 03:00:45 +0000 Subject: [PATCH 07/70] Bump telegraf from 2.1.0 to 2.1.1 Bumps [telegraf](https://github.com/jgraichen/telegraf-ruby) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/jgraichen/telegraf-ruby/releases) - [Changelog](https://github.com/jgraichen/telegraf-ruby/blob/main/CHANGELOG.md) - [Commits](https://github.com/jgraichen/telegraf-ruby/compare/v2.1.0...v2.1.1) --- updated-dependencies: - dependency-name: telegraf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1eec24d3..00728ad1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -501,7 +501,7 @@ GEM sprockets (>= 3.0.0) ssrf_filter (1.0.8) strscan (3.0.4) - telegraf (2.1.0) + telegraf (2.1.1) influxdb temple (0.8.2) thor (1.2.1) From b005f3207d46cadffb172fb2345342f8a7c520b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Aug 2022 03:00:59 +0000 Subject: [PATCH 08/70] Bump puma from 5.6.4 to 5.6.5 Bumps [puma](https://github.com/puma/puma) from 5.6.4 to 5.6.5. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.6.4...v5.6.5) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1eec24d3..aea3b52a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -306,7 +306,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.7) - puma (5.6.4) + puma (5.6.5) nio4r (~> 2.0) pundit (2.2.0) activesupport (>= 3.0.0) From c8c3a5bf952cfbfc17f558202d71907d344200b5 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 11:56:42 +0200 Subject: [PATCH 09/70] Fix external user statistics for tags --- app/controllers/external_users_controller.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/app/controllers/external_users_controller.rb b/app/controllers/external_users_controller.rb index 95fa2634..7fdf9415 100644 --- a/app/controllers/external_users_controller.rb +++ b/app/controllers/external_users_controller.rb @@ -43,15 +43,15 @@ class ExternalUsersController < ApplicationController (created_at - lag(created_at) over (PARTITION BY user_id, exercise_id ORDER BY created_at)) AS working_time FROM submissions - WHERE user_id = #{@user.id} + WHERE #{ExternalUser.sanitize_sql(['user_id = ?', @user.id])} AND user_type = 'ExternalUser' - #{current_user.admin? ? '' : "AND study_group_id IN (#{current_user.study_groups.pluck(:id).join(', ')}) AND cause = 'submit'"} + #{current_user.admin? ? '' : "AND #{ExternalUser.sanitize_sql(['study_group_id IN (?)', current_user.study_groups.pluck(:id).join(', ')])}) AND cause = 'submit'"} GROUP BY exercise_id, user_id, id ) AS foo ) AS bar - #{tag.nil? ? '' : " JOIN exercise_tags et ON et.exercise_id = bar.exercise_id AND et.tag_id = #{tag} "} + #{tag.nil? ? '' : " JOIN exercise_tags et ON et.exercise_id = bar.exercise_id AND #{ExternalUser.sanitize_sql(['et.tag_id = ?', tag])}"} GROUP BY user_id, bar.exercise_id; " @@ -60,10 +60,14 @@ class ExternalUsersController < ApplicationController def statistics @user = ExternalUser.find(params[:id]) authorize! + if params[:tag].present? + tag = Tag.find(params[:tag]) + authorize(tag, :show?) + end statistics = {} - ApplicationRecord.connection.execute(working_time_query(params[:tag])).each do |tuple| + ApplicationRecord.connection.execute(working_time_query(tag&.id)).each do |tuple| statistics[tuple['exercise_id'].to_i] = tuple end From 721a0817eb000864a4ad9979f5743ffff55e3441 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 12:47:01 +0200 Subject: [PATCH 10/70] Bundle update --- Gemfile.lock | 10 +++++----- yarn.lock | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index fd4301a8..98c9863d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -76,8 +76,8 @@ GEM minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) amq-protocol (2.3.2) ast (2.4.2) autotest (5.0.0) @@ -254,7 +254,7 @@ GEM mnemosyne-ruby (1.13.0) activesupport (>= 4) bunny - msgpack (1.5.4) + msgpack (1.5.6) multi_json (1.15.0) multi_xml (0.6.0) nested_form (0.3.2) @@ -281,7 +281,7 @@ GEM racc (~> 1.4) nyan-cat-formatter (0.12.0) rspec (>= 2.99, >= 2.14.2, < 4) - oauth (0.5.10) + oauth (0.5.13) oauth2 (1.4.10) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) @@ -305,7 +305,7 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (4.0.7) + public_suffix (5.0.0) puma (5.6.5) nio4r (~> 2.0) pundit (2.2.0) diff --git a/yarn.lock b/yarn.lock index eec3552b..5f0dbddb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -18,9 +18,9 @@ "@babel/highlight" "^7.18.6" "@babel/compat-data@^7.17.7", "@babel/compat-data@^7.18.8": - version "7.18.8" - resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.18.8.tgz#2483f565faca607b8535590e84e7de323f27764d" - integrity sha512-HSmX4WZPPK3FUxYp7g2T6EyO8j96HlZJlxmKPSh6KAcqwyDrfx7hKjXpAW/0FhFfTJsR0Yt4lAjLI2coMptIHQ== + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.18.13.tgz#6aff7b350a1e8c3e40b029e46cbe78e24a913483" + integrity sha512-5yUzC5LqyTFp2HLmDoxGQelcdYgSpP9xsnMWBphAscOdFrHSAVbLNzWiy32sVNDqJRDiJK6klfDnAgu6PAGSHw== "@babel/core@^7.18.13": version "7.18.13" @@ -78,9 +78,9 @@ semver "^6.3.0" "@babel/helper-create-class-features-plugin@^7.18.6": - version "7.18.9" - resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.18.9.tgz#d802ee16a64a9e824fcbf0a2ffc92f19d58550ce" - integrity sha512-WvypNAYaVh23QcjpMR24CwZY2Nz6hqdOcFdPbNpV56hL5H6KiFheO7Xm1aPdlLQ7d5emYZX7VZwPp9x3z+2opw== + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.18.13.tgz#63e771187bd06d234f95fdf8bd5f8b6429de6298" + integrity sha512-hDvXp+QYxSRL+23mpAlSGxHMDyIGChm0/AwTfTAAK5Ufe40nCsyNdaYCGuK91phn/fVu9kqayImRDkvNAgdrsA== dependencies: "@babel/helper-annotate-as-pure" "^7.18.6" "@babel/helper-environment-visitor" "^7.18.9" @@ -569,9 +569,9 @@ "@babel/helper-plugin-utils" "^7.18.9" "@babel/plugin-transform-destructuring@^7.18.9": - version "7.18.9" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.18.9.tgz#68906549c021cb231bee1db21d3b5b095f8ee292" - integrity sha512-p5VCYNddPLkZTq4XymQIaIfZNJwT9YsjkPOhkVEqt6QIpQFZVM9IltqqYpOEkJoN1DPznmxUDyZ5CTZs/ZCuHA== + version "7.18.13" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.18.13.tgz#9e03bc4a94475d62b7f4114938e6c5c33372cbf5" + integrity sha512-TodpQ29XekIsex2A+YJPj5ax2plkGa8YYY6mFjCohk/IG9IY42Rtuj1FuDeemfg2ipxIFLzPeA83SIBnlhSIow== dependencies: "@babel/helper-plugin-utils" "^7.18.9" @@ -1085,9 +1085,9 @@ "@types/estree" "*" "@types/eslint@*": - version "8.4.5" - resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.4.5.tgz#acdfb7dd36b91cc5d812d7c093811a8f3d9b31e4" - integrity sha512-dhsC09y1gpJWnK+Ff4SGvCuSnk9DaU0BJZSzOwa6GVSg65XtTugLBITDAAzRU5duGBoXBHpdR/9jHGxJjNflJQ== + version "8.4.6" + resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.4.6.tgz#7976f054c1bccfcf514bff0564c0c41df5c08207" + integrity sha512-/fqTbjxyFUaYNO7VcW5g+4npmqVACz1bB7RTHYuLj+PRjw9hrCwrUXVQFpChUS0JsyEFvMZ7U/PfmvWgxJhI9g== dependencies: "@types/estree" "*" "@types/json-schema" "*" @@ -1144,9 +1144,9 @@ integrity sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA== "@types/node@*": - version "18.7.6" - resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.6.tgz#31743bc5772b6ac223845e18c3fc26f042713c83" - integrity sha512-EdxgKRXgYsNITy5mjjXjVE/CS8YENSdhiagGrLqjG0pvA2owgJ6i4l7wy/PFZGC0B1/H20lWKN7ONVDNYDZm7A== + version "18.7.13" + resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.13.tgz#23e6c5168333480d454243378b69e861ab5c011a" + integrity sha512-46yIhxSe5xEaJZXWdIBP7GU4HDTG8/eo0qd9atdiL+lFpA03y8KS+lkTN834TWJj5767GbWv4n/P6efyTFt1Dw== "@types/qs@*": version "6.9.7" @@ -1607,9 +1607,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001370: - version "1.0.30001378" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001378.tgz#3d2159bf5a8f9ca093275b0d3ecc717b00f27b67" - integrity sha512-JVQnfoO7FK7WvU4ZkBRbPjaot4+YqxogSDosHv0Hv5mWpUESmN+UubMU6L/hGz8QlQ2aY5U0vR6MOs6j/CXpNA== + version "1.0.30001382" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001382.tgz#4d37f0d0b6fffb826c8e5e1c0f4bf8ce592db949" + integrity sha512-2rtJwDmSZ716Pxm1wCtbPvHtbDWAreTPxXbkc5RkKglow3Ig/4GNGazDI9/BVnXbG/wnv6r3B5FEbkfg9OcTGg== chalk@^2.0.0: version "2.4.2" @@ -2302,9 +2302,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.4.202: - version "1.4.224" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.224.tgz#ecf2eed395cfedcbbe634658ccc4b457f7b254c3" - integrity sha512-dOujC5Yzj0nOVE23iD5HKqrRSDj2SD7RazpZS/b/WX85MtO6/LzKDF4TlYZTBteB+7fvSg5JpWh0sN7fImNF8w== + version "1.4.228" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.228.tgz#3baff13cf54198c2045f9bdd8b64db93aafd7f33" + integrity sha512-XfDHCvou7CsDMlFwb0WZ1tWmW48e7Sn7VBRyPfZsZZila9esRsJl1trO+OqDNV97GggFSt0ISbWslKXfQkG//g== emojis-list@^3.0.0: version "3.0.0" @@ -4160,9 +4160,9 @@ terser-webpack-plugin@^5.1.3, terser-webpack-plugin@^5.3.5: terser "^5.14.1" terser@^5.14.1: - version "5.14.2" - resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10" - integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA== + version "5.15.0" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.15.0.tgz#e16967894eeba6e1091509ec83f0c60e179f2425" + integrity sha512-L1BJiXVmheAQQy+as0oF3Pwtlo4s3Wi1X2zNZ2NxOB4wx9bdS9Vk67XQENLFdLYGCK/Z2di53mTj/hBafR+dTA== dependencies: "@jridgewell/source-map" "^0.3.2" acorn "^8.5.0" From ebf00eb475a14363c5b93875d7db76c6eaea409a Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 13:06:33 +0200 Subject: [PATCH 11/70] Update staging environment --- config/environments/staging.rb | 102 ++++++++++++++++++++++----------- 1 file changed, 70 insertions(+), 32 deletions(-) diff --git a/config/environments/staging.rb b/config/environments/staging.rb index f098937f..213e940f 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -9,18 +11,18 @@ Rails.application.configure do # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # true: Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. - # Eager load code for prometheus exporter + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both threaded web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + # Eager load is also required for the prometheus exporter config.eager_load = true - # enable web console in staging - config.web_console.development_only = false + # Disable web console in staging + config.web_console.development_only = true - # Show full error reports and disable caching. - config.consider_all_requests_local = true + # Full error reports as well as caching are disabled. + config.consider_all_requests_local = false config.action_controller.perform_caching = false # Raise an error on page load if there are pending migrations. @@ -39,47 +41,49 @@ Rails.application.configure do # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. # config.action_dispatch.rack_cache = true - # Disable Rails's static asset server (Apache or nginx will already do this). - config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. + config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? - # Compress JavaScripts and CSS. - # config.assets.js_compressor = :uglifier + # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # Generate digests for assets URLs. - config.assets.digest = true - - # Version of your assets, change this if you want to expire all your assets. - config.assets.version = '1.0' + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + + # Store uploaded files on the local file system (see config/storage.yml for options). + config.active_storage.service = :local + + # Mount Action Cable outside main process or domain. + # config.action_cable.mount_path = nil + # config.action_cable.url = 'wss://example.com/cable' + # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true - # Set to :debug to see everything in the log. + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). config.log_level = :info # Prepend all log lines with the following tags. - # config.log_tags = [ :subdomain, :uuid ] - - # Use a different logger for distributed setups. - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + # config.log_tags = [ :subdomain, :uuid, :request_id ] # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = "http://assets.example.com" + # Use a real queuing backend for Active Job (and separate queues per environment). + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "code_ocean_production" - # Precompile additional assets. - # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. - # config.assets.precompile += %w( search.js ) + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. @@ -92,12 +96,46 @@ Rails.application.configure do # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify - # Disable automatic flushing of the log to improve performance. - # config.autoflush_log = false + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new + # Use a different logger for distributed setups. + # require 'syslog/logger' + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + + if ENV['RAILS_LOG_TO_STDOUT'].present? + logger = ActiveSupport::Logger.new($stdout) + logger.formatter = config.log_formatter + config.logger = ActiveSupport::TaggedLogging.new(logger) + end + # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Inserts middleware to perform automatic connection switching. + # The `database_selector` hash is used to pass options to the DatabaseSelector + # middleware. The `delay` is used to determine how long to wait after a write + # to send a subsequent read to the primary. + # + # The `database_resolver` class is used by the middleware to determine which + # database is appropriate to use based on the time delay. + # + # The `database_resolver_context` class is used by the middleware to set + # timestamps for the last write to the primary. The resolver uses the context + # class timestamps to determine how long to wait before reading from the + # replica. + # + # By default Rails will store a last write timestamp in the session. The + # DatabaseSelector middleware is designed as such you can define your own + # strategy for connection switching and pass that into the middleware through + # these configuration options. + # config.active_record.database_selector = { delay: 2.seconds } + # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver + # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end From 309956e472189f70e56bdccaa7ae4b43422ec7bf Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 12:41:49 +0200 Subject: [PATCH 12/70] Remove NULL byte before saving strings --- app/models/application_record.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 2852279e..ae82f5a8 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -4,6 +4,7 @@ class ApplicationRecord < ActiveRecord::Base self.abstract_class = true before_validation :strip_strings + before_validation :remove_null_bytes def strip_strings # trim whitespace from beginning and end of string attributes @@ -16,6 +17,15 @@ class ApplicationRecord < ActiveRecord::Base end end + def remove_null_bytes + # remove null bytes from string attributes + attribute_names.each do |name| + if send(name.to_sym).respond_to?(:tr) + send("#{name}=".to_sym, send(name).tr("\0", '')) + end + end + end + def self.ransackable_associations(_auth_object = nil) [] end From 9686c912a83ff7efcbe9868c6fbb026f0a8daa8d Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 13:13:23 +0200 Subject: [PATCH 13/70] Move gem web-console to development group --- Gemfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 79c41778..91b6c649 100644 --- a/Gemfile +++ b/Gemfile @@ -55,6 +55,10 @@ gem 'mnemosyne-ruby' gem 'sentry-rails' gem 'sentry-ruby' +group :development do + gem 'web-console' +end + group :development, :staging do gem 'better_errors' gem 'binding_of_caller' @@ -67,7 +71,6 @@ group :development, :staging do gem 'rubocop-performance' gem 'rubocop-rails', require: false gem 'rubocop-rspec' - gem 'web-console' end group :development, :test, :staging do From 1e47f624724f7eea90f5596f8232a7e9ed6fb447 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 13:18:09 +0200 Subject: [PATCH 14/70] Remove web_console setting from staging.rb --- config/environments/staging.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 213e940f..a5b908ee 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -18,9 +18,6 @@ Rails.application.configure do # Eager load is also required for the prometheus exporter config.eager_load = true - # Disable web console in staging - config.web_console.development_only = true - # Full error reports as well as caching are disabled. config.consider_all_requests_local = false config.action_controller.perform_caching = false From 7da08d299015b9b21944e98883e8cc6f58f4d94a Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 23:29:49 +0200 Subject: [PATCH 15/70] Fix typo for working_time_query --- app/controllers/external_users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/external_users_controller.rb b/app/controllers/external_users_controller.rb index 7fdf9415..ff134cfd 100644 --- a/app/controllers/external_users_controller.rb +++ b/app/controllers/external_users_controller.rb @@ -45,7 +45,7 @@ class ExternalUsersController < ApplicationController FROM submissions WHERE #{ExternalUser.sanitize_sql(['user_id = ?', @user.id])} AND user_type = 'ExternalUser' - #{current_user.admin? ? '' : "AND #{ExternalUser.sanitize_sql(['study_group_id IN (?)', current_user.study_groups.pluck(:id).join(', ')])}) AND cause = 'submit'"} + #{current_user.admin? ? '' : "AND #{ExternalUser.sanitize_sql(['study_group_id IN (?)', current_user.study_groups.pluck(:id).join(', ')])} AND cause = 'submit'"} GROUP BY exercise_id, user_id, id From f4d350577aa64a7404f54266ba020ed3e164d017 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 23:39:42 +0200 Subject: [PATCH 16/70] Fix exercise search for teachers --- app/policies/exercise_policy.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb index 497e6a42..8963d795 100644 --- a/app/policies/exercise_policy.rb +++ b/app/policies/exercise_policy.rb @@ -43,8 +43,8 @@ class ExercisePolicy < AdminOrAuthorPolicy @scope.all elsif @user.teacher? @scope.where( - 'user_id IN (SELECT user_id FROM study_group_memberships WHERE study_group_id IN (?)) - OR (user_id = ? AND user_type = ?) + 'exercises.user_id IN (SELECT user_id FROM study_group_memberships WHERE study_group_id IN (?)) + OR (exercises.user_id = ? AND exercises.user_type = ?) OR public = TRUE', @user.study_groups.pluck(:id), @user.id, @user.class.name From 35dd745a296575e9b1fda0157833261ccc1a744f Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 24 Aug 2022 23:49:46 +0200 Subject: [PATCH 17/70] Use final submission for exercise feedback * Also, check for required permission --- app/controllers/user_exercise_feedbacks_controller.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/controllers/user_exercise_feedbacks_controller.rb b/app/controllers/user_exercise_feedbacks_controller.rb index e07b9c4a..1daa0c46 100644 --- a/app/controllers/user_exercise_feedbacks_controller.rb +++ b/app/controllers/user_exercise_feedbacks_controller.rb @@ -74,7 +74,7 @@ class UserExerciseFeedbacksController < ApplicationController def update submission = begin - current_user.submissions.where(exercise_id: @exercise.id).order('created_at DESC').first + current_user.submissions.where(exercise_id: @exercise.id).order('created_at DESC').final.first rescue StandardError nil end @@ -127,14 +127,16 @@ class UserExerciseFeedbacksController < ApplicationController user_type = current_user.class.name latest_submission = Submission .where(user_id: user_id, user_type: user_type, exercise_id: exercise_id) - .order(created_at: :desc).first + .order(created_at: :desc).final.first + + authorize(latest_submission, :show?) params[:user_exercise_feedback] .permit(:feedback_text, :difficulty, :exercise_id, :user_estimated_worktime) .merge(user_id: user_id, user_type: user_type, submission: latest_submission, - normalized_score: latest_submission.normalized_score) + normalized_score: latest_submission&.normalized_score) end def validate_inputs(uef_params) From 6dcccd324b06f7dc36f8e29c06ba7fbc0f9f1fe4 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 25 Aug 2022 00:23:08 +0200 Subject: [PATCH 18/70] Show feedback without rendering Markdown * We do not instruct learners how to write Markdown, this might yield to an unexpected rendering --- app/views/exercises/feedback.html.slim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/exercises/feedback.html.slim b/app/views/exercises/feedback.html.slim index 5085ed8c..292b6d9d 100644 --- a/app/views/exercises/feedback.html.slim +++ b/app/views/exercises/feedback.html.slim @@ -25,7 +25,7 @@ h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise)) span.date = feedback.created_at .card-collapse role="tabpanel" .card-body.feedback - .text = render_markdown(feedback.feedback_text) + .text = feedback.feedback_text .difficulty = "#{t('user_exercise_feedback.difficulty')} #{comment_presets[feedback.difficulty].join(' - ')}" if feedback.difficulty .worktime = "#{t('user_exercise_feedback.working_time')} #{time_presets[feedback.user_estimated_worktime].join(' - ')}" if feedback.user_estimated_worktime - if policy(@exercise).detailed_statistics? From b3f9a1ec908294c85dd9bf9d4f3a410c0ed0aea0 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 25 Aug 2022 00:31:32 +0200 Subject: [PATCH 19/70] Allow line breaks in feedback texts --- app/views/exercises/feedback.html.slim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/exercises/feedback.html.slim b/app/views/exercises/feedback.html.slim index 292b6d9d..23cdd608 100644 --- a/app/views/exercises/feedback.html.slim +++ b/app/views/exercises/feedback.html.slim @@ -25,7 +25,7 @@ h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise)) span.date = feedback.created_at .card-collapse role="tabpanel" .card-body.feedback - .text = feedback.feedback_text + .text style="white-space: pre-wrap;" = feedback.feedback_text .difficulty = "#{t('user_exercise_feedback.difficulty')} #{comment_presets[feedback.difficulty].join(' - ')}" if feedback.difficulty .worktime = "#{t('user_exercise_feedback.working_time')} #{time_presets[feedback.user_estimated_worktime].join(' - ')}" if feedback.user_estimated_worktime - if policy(@exercise).detailed_statistics? From bdebcf319e26dc6e2083175b046d67aef2d254c6 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 25 Aug 2022 18:14:10 +0200 Subject: [PATCH 20/70] Allow access to user statistics for teachers Fixes CODEOCEAN-BV --- app/controllers/external_users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/external_users_controller.rb b/app/controllers/external_users_controller.rb index ff134cfd..18a287c2 100644 --- a/app/controllers/external_users_controller.rb +++ b/app/controllers/external_users_controller.rb @@ -45,7 +45,7 @@ class ExternalUsersController < ApplicationController FROM submissions WHERE #{ExternalUser.sanitize_sql(['user_id = ?', @user.id])} AND user_type = 'ExternalUser' - #{current_user.admin? ? '' : "AND #{ExternalUser.sanitize_sql(['study_group_id IN (?)', current_user.study_groups.pluck(:id).join(', ')])} AND cause = 'submit'"} + #{current_user.admin? ? '' : "AND #{ExternalUser.sanitize_sql(['study_group_id IN (?)', current_user.study_groups.pluck(:id)])} AND cause = 'submit'"} GROUP BY exercise_id, user_id, id From 4de77ca3f58a52fc6f9c0907c40feb3e37a0ac68 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 25 Aug 2022 18:14:23 +0200 Subject: [PATCH 21/70] Improve get_quantiles method for exercise --- app/models/exercise.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/models/exercise.rb b/app/models/exercise.rb index ed7ad7d3..9418f1f6 100644 --- a/app/models/exercise.rb +++ b/app/models/exercise.rb @@ -255,7 +255,6 @@ class Exercise < ApplicationRecord end def get_quantiles(quantiles) - quantiles_str = self.class.sanitize_sql("[#{quantiles.join(',')}]") result = ActiveRecord::Base.transaction do self.class.connection.execute(" SET LOCAL intervalstyle = 'iso_8601'; @@ -362,7 +361,7 @@ class Exercise < ApplicationRecord GROUP BY e.external_id, f.user_id, exercise_id ) - SELECT unnest(percentile_cont(array#{quantiles_str}) within GROUP (ORDER BY working_time)) + SELECT unnest(percentile_cont(#{self.class.sanitize_sql(['array[?]', quantiles])}) within GROUP (ORDER BY working_time)) FROM result ") end From ffd7a0351a0136573df2ada7cc204e1b64459955 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 25 Aug 2022 20:13:22 +0200 Subject: [PATCH 22/70] Improve display of images for code output --- app/assets/javascripts/editor/evaluation.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/assets/javascripts/editor/evaluation.js b/app/assets/javascripts/editor/evaluation.js index 6fbec44a..a4a9311a 100644 --- a/app/assets/javascripts/editor/evaluation.js +++ b/app/assets/javascripts/editor/evaluation.js @@ -209,6 +209,13 @@ CodeOceanEditorEvaluation = { if (output.stdout !== undefined && !output.stdout.startsWith(" document + const parsedElement = doc.firstChild.lastChild.firstChild; + const sanitized_img = document.createElement('img'); + sanitized_img.src = parsedElement.src; + output.stdout = sanitized_img.outerHTML; } var element = this.findOrCreateOutputElement(index); From ad68ce8d7ca5a92f55c6a7dbf9b028ff6d1f093e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Aug 2022 03:01:35 +0000 Subject: [PATCH 23/70] Bump i18n-js from 4.0.0 to 4.0.1 Bumps [i18n-js](https://github.com/fnando/i18n-js) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/fnando/i18n-js/releases) - [Changelog](https://github.com/fnando/i18n-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/fnando/i18n-js/compare/v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: i18n-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 98c9863d..2bebb5ed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -179,7 +179,7 @@ GEM domain_name (~> 0.5) i18n (1.12.0) concurrent-ruby (~> 1.0) - i18n-js (4.0.0) + i18n-js (4.0.1) glob i18n image_processing (1.12.2) From 7b6f3b7f0e3fc0d1480b3edd7ee5aa5c04cbf84d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Aug 2022 03:01:37 +0000 Subject: [PATCH 24/70] Bump i18n-js from 4.1.0 to 4.1.1 Bumps [i18n-js](https://github.com/fnando/i18n) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/fnando/i18n/releases) - [Changelog](https://github.com/fnando/i18n/blob/main/CHANGELOG.md) - [Commits](https://github.com/fnando/i18n/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: i18n-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 4fe64811..7ee54eb8 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "d3": "^7.6.1", "d3-tip": "^0.9.1", "highlight.js": "^11.5.1", - "i18n-js": "^4.1.0", + "i18n-js": "^4.1.1", "jquery": "^3.6.0", "jquery-ui": "^1.13.1", "jquery-ujs": "^1.2.3", diff --git a/yarn.lock b/yarn.lock index 5f0dbddb..038bb3cc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2708,10 +2708,10 @@ human-signals@^2.1.0: resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0" integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw== -i18n-js@^4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/i18n-js/-/i18n-js-4.1.0.tgz#ac7b67a291ad3a9c4e514284ac73b9885c0f42d7" - integrity sha512-p9U0+eGHUXagc3OqmNnJX96V+BFymBRde3GY8Emp5KfEi9gIa8x2LdAUQYtPkSS00gCSpNYuyDqso2oGdOp8gg== +i18n-js@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/i18n-js/-/i18n-js-4.1.1.tgz#05ebd03c4d92f6dc26a00d7c5cfb90f9c326b67c" + integrity sha512-Uph8ghmfShexVhDcNtg5s40zprJZPrhW5iOEKsUwPiiBpIGN/0EJ9W7DTqhLFlWfAlpkFiaLxVxHsk8f+3KjIQ== dependencies: bignumber.js "*" lodash "*" From bd7ab53c3eec511d091ee1a072b35a95bb49731c Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Fri, 26 Aug 2022 15:36:59 +0200 Subject: [PATCH 25/70] Bundle update --- Gemfile.lock | 2 +- package.json | 2 +- yarn.lock | 86 +++++++++++++++++++++++----------------------------- 3 files changed, 40 insertions(+), 50 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2bebb5ed..a1b0d79c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -206,7 +206,7 @@ GEM hana (~> 1.3) regexp_parser (~> 2.0) uri_template (~> 0.7) - jwt (2.4.1) + jwt (2.5.0) kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) diff --git a/package.json b/package.json index 7ee54eb8..624f5247 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "@egjs/hammerjs": "^2.0.17", "@fortawesome/fontawesome-free": "^6.1.2", "@popperjs/core": "^2.11.6", - "@sentry/browser": "^6.11.0", + "@sentry/browser": "^7.11.1", "@webpack-cli/serve": "^1.7.0", "babel-loader": "^8.2.5", "bootstrap": "^5.2.0", diff --git a/yarn.lock b/yarn.lock index 038bb3cc..95e788d2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -989,56 +989,46 @@ resolved "https://registry.yarnpkg.com/@popperjs/core/-/core-2.11.6.tgz#cee20bd55e68a1720bdab363ecf0c821ded4cd45" integrity sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw== -"@sentry/browser@^6.11.0": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-6.19.7.tgz#a40b6b72d911b5f1ed70ed3b4e7d4d4e625c0b5f" - integrity sha512-oDbklp4O3MtAM4mtuwyZLrgO1qDVYIujzNJQzXmi9YzymJCuzMLSRDvhY83NNDCRxf0pds4DShgYeZdbSyKraA== +"@sentry/browser@^7.11.1": + version "7.11.1" + resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.11.1.tgz#377d417e833ef54c78a93ef720a742bda5022625" + integrity sha512-k2XHuzPfnm8VJPK5eWd1+Y5VCgN42sLveb8Qxc3prb5PSL416NWMLZaoB7RMIhy430fKrSFiosnm6QDk2M6pbA== dependencies: - "@sentry/core" "6.19.7" - "@sentry/types" "6.19.7" - "@sentry/utils" "6.19.7" + "@sentry/core" "7.11.1" + "@sentry/types" "7.11.1" + "@sentry/utils" "7.11.1" tslib "^1.9.3" -"@sentry/core@6.19.7": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/core/-/core-6.19.7.tgz#156aaa56dd7fad8c89c145be6ad7a4f7209f9785" - integrity sha512-tOfZ/umqB2AcHPGbIrsFLcvApdTm9ggpi/kQZFkej7kMphjT+SGBiQfYtjyg9jcRW+ilAR4JXC9BGKsdEQ+8Vw== +"@sentry/core@7.11.1": + version "7.11.1" + resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.11.1.tgz#d68e796f3b6428aefd6086a1db00118df7a9a9e4" + integrity sha512-kaDSZ6VNuO4ZZdqUOOX6XM6x+kjo2bMnDQ3IJG51FPvVjr8lXYhXj1Ccxcot3pBYAIWPPby2+vNDOXllmXqoBA== dependencies: - "@sentry/hub" "6.19.7" - "@sentry/minimal" "6.19.7" - "@sentry/types" "6.19.7" - "@sentry/utils" "6.19.7" + "@sentry/hub" "7.11.1" + "@sentry/types" "7.11.1" + "@sentry/utils" "7.11.1" tslib "^1.9.3" -"@sentry/hub@6.19.7": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-6.19.7.tgz#58ad7776bbd31e9596a8ec46365b45cd8b9cfd11" - integrity sha512-y3OtbYFAqKHCWezF0EGGr5lcyI2KbaXW2Ik7Xp8Mu9TxbSTuwTe4rTntwg8ngPjUQU3SUHzgjqVB8qjiGqFXCA== +"@sentry/hub@7.11.1": + version "7.11.1" + resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-7.11.1.tgz#1749b2b102ea1892ff388d65d66d3b402b393958" + integrity sha512-M6ClgdXdptS0lUBKB5KpXXe2qMQhsoiEN2pEGRI6+auqhfHCUQB1ZXsfjiOYexKC9fwx7TyFyZ9Jcaf2DTxEhw== dependencies: - "@sentry/types" "6.19.7" - "@sentry/utils" "6.19.7" + "@sentry/types" "7.11.1" + "@sentry/utils" "7.11.1" tslib "^1.9.3" -"@sentry/minimal@6.19.7": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/minimal/-/minimal-6.19.7.tgz#b3ee46d6abef9ef3dd4837ebcb6bdfd01b9aa7b4" - integrity sha512-wcYmSJOdvk6VAPx8IcmZgN08XTXRwRtB1aOLZm+MVHjIZIhHoBGZJYTVQS/BWjldsamj2cX3YGbGXNunaCfYJQ== - dependencies: - "@sentry/hub" "6.19.7" - "@sentry/types" "6.19.7" - tslib "^1.9.3" +"@sentry/types@7.11.1": + version "7.11.1" + resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.11.1.tgz#06e2827f6ba37159c33644208a0453b86d25e232" + integrity sha512-gIEhOPxC2cjrxQ0+K2SFJ1P6e/an5osSxVc9OOtekN28eHtVsXFCLB8XVWeNQnS7N2VkrVrkqORMBz1kvIcvVQ== -"@sentry/types@6.19.7": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/types/-/types-6.19.7.tgz#c6b337912e588083fc2896eb012526cf7cfec7c7" - integrity sha512-jH84pDYE+hHIbVnab3Hr+ZXr1v8QABfhx39KknxqKWr2l0oEItzepV0URvbEhB446lk/S/59230dlUUIBGsXbg== - -"@sentry/utils@6.19.7": - version "6.19.7" - resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-6.19.7.tgz#6edd739f8185fd71afe49cbe351c1bbf5e7b7c79" - integrity sha512-z95ECmE3i9pbWoXQrD/7PgkBAzJYR+iXtPuTkpBjDKs86O3mT+PXOT3BAn79w2wkn7/i3vOGD2xVr1uiMl26dA== +"@sentry/utils@7.11.1": + version "7.11.1" + resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.11.1.tgz#1635c5b223369d9428bc83c9b8908c9c3287ee10" + integrity sha512-tRVXNT5O9ilkV31pyHeTqA1PcPQfMV/2OR6yUYM4ah+QVISovC0f0ybhByuH5nYg6x/Gsnx1o7pc8L1GE3+O7A== dependencies: - "@sentry/types" "6.19.7" + "@sentry/types" "7.11.1" tslib "^1.9.3" "@trysound/sax@0.2.0": @@ -1607,9 +1597,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001370: - version "1.0.30001382" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001382.tgz#4d37f0d0b6fffb826c8e5e1c0f4bf8ce592db949" - integrity sha512-2rtJwDmSZ716Pxm1wCtbPvHtbDWAreTPxXbkc5RkKglow3Ig/4GNGazDI9/BVnXbG/wnv6r3B5FEbkfg9OcTGg== + version "1.0.30001383" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001383.tgz#aecf317ccd940690725ae3ae4f28293c5fb8050e" + integrity sha512-swMpEoTp5vDoGBZsYZX7L7nXHe6dsHxi9o6/LKf/f0LukVtnrxly5GVb/fWdCDTqi/yw6Km6tiJ0pmBacm0gbg== chalk@^2.0.0: version "2.4.2" @@ -1784,9 +1774,9 @@ cookie@0.5.0: integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw== core-js-compat@^3.21.0, core-js-compat@^3.22.1: - version "3.24.1" - resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.24.1.tgz#d1af84a17e18dfdd401ee39da9996f9a7ba887de" - integrity sha512-XhdNAGeRnTpp8xbD+sR/HFDK9CbeeeqXT6TuofXh3urqEevzkWmLRgrVoykodsw8okqo2pu1BOmuCKrHx63zdw== + version "3.25.0" + resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.25.0.tgz#489affbfbf9cb3fa56192fe2dd9ebaee985a66c5" + integrity sha512-extKQM0g8/3GjFx9US12FAgx8KJawB7RCQ5y8ipYLbmfzEzmFRWdDjIlxDx82g7ygcNG85qMVUSRyABouELdow== dependencies: browserslist "^4.21.3" semver "7.0.0" @@ -2302,9 +2292,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.4.202: - version "1.4.228" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.228.tgz#3baff13cf54198c2045f9bdd8b64db93aafd7f33" - integrity sha512-XfDHCvou7CsDMlFwb0WZ1tWmW48e7Sn7VBRyPfZsZZila9esRsJl1trO+OqDNV97GggFSt0ISbWslKXfQkG//g== + version "1.4.231" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.231.tgz#ae6de219c20aa690bc3d217ff151b208a9bd8ed6" + integrity sha512-E8WsUC60chToZUfxvVUXBb1U/mR/Df3GFX+mO3edtQnRTUt6L2XgpqBVWcGD/xrzQdINL1g/CEBPPn0YJ86Y6Q== emojis-list@^3.0.0: version "3.0.0" From 0b50c4a3f62f6490c83558d980e3109a4e4e0c4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 03:01:12 +0000 Subject: [PATCH 26/70] Bump jquery from 3.6.0 to 3.6.1 Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1) --- updated-dependencies: - dependency-name: jquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 624f5247..0ff27964 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "d3-tip": "^0.9.1", "highlight.js": "^11.5.1", "i18n-js": "^4.1.1", - "jquery": "^3.6.0", + "jquery": "^3.6.1", "jquery-ui": "^1.13.1", "jquery-ujs": "^1.2.3", "jstree": "^3.3.12", diff --git a/yarn.lock b/yarn.lock index 95e788d2..8353c80b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2872,10 +2872,10 @@ jquery-ujs@^1.2.3: resolved "https://registry.yarnpkg.com/jquery-ujs/-/jquery-ujs-1.2.3.tgz#dcac6026ab7268e5ee41faf9d31c997cd4ddd603" integrity sha512-59wvfx5vcCTHMeQT1/OwFiAj+UffLIwjRIoXdpO7Z7BCFGepzq9T9oLVeoItjTqjoXfUrHJvV7QU6pUR+UzOoA== -"jquery@>=1.8.0 <4.0.0", jquery@>=1.9.1, jquery@^3.6.0: - version "3.6.0" - resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470" - integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw== +"jquery@>=1.8.0 <4.0.0", jquery@>=1.9.1, jquery@^3.6.1: + version "3.6.1" + resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.1.tgz#fab0408f8b45fc19f956205773b62b292c147a16" + integrity sha512-opJeO4nCucVnsjiXOE+/PcCgYw9Gwpvs/a6B1LL/lQhwWwpbVEVYDZ1FokFr8PRc7ghYlrFPuyHuiiDNTQxmcw== js-tokens@^4.0.0: version "4.0.0" From 9dfdf9ec8d1f0deae6e1b96ab11fd6f48f3425ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Aug 2022 03:01:34 +0000 Subject: [PATCH 27/70] Bump terser-webpack-plugin from 5.3.5 to 5.3.6 Bumps [terser-webpack-plugin](https://github.com/webpack-contrib/terser-webpack-plugin) from 5.3.5 to 5.3.6. - [Release notes](https://github.com/webpack-contrib/terser-webpack-plugin/releases) - [Changelog](https://github.com/webpack-contrib/terser-webpack-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/terser-webpack-plugin/compare/v5.3.5...v5.3.6) --- updated-dependencies: - dependency-name: terser-webpack-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 0ff27964..a59e7002 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "sortablejs": "^1.15.0", "sorttable": "^1.0.2", "style-loader": "^3.3.1", - "terser-webpack-plugin": "^5.3.5", + "terser-webpack-plugin": "^5.3.6", "underscore": "^1.13.4", "uuid": "^8.3.2", "vis-data": "^7.1.4", diff --git a/yarn.lock b/yarn.lock index 8353c80b..3be2482d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4138,10 +4138,10 @@ tapable@^2.0, tapable@^2.1.1, tapable@^2.2.0: resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== -terser-webpack-plugin@^5.1.3, terser-webpack-plugin@^5.3.5: - version "5.3.5" - resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.5.tgz#f7d82286031f915a4f8fb81af4bd35d2e3c011bc" - integrity sha512-AOEDLDxD2zylUGf/wxHxklEkOe2/r+seuyOWujejFrIxHf11brA1/dWQNIgXa1c6/Wkxgu7zvv0JhOWfc2ELEA== +terser-webpack-plugin@^5.1.3, terser-webpack-plugin@^5.3.6: + version "5.3.6" + resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.6.tgz#5590aec31aa3c6f771ce1b1acca60639eab3195c" + integrity sha512-kfLFk+PoLUQIbLmB1+PZDMRSZS99Mp+/MHqDNmMA6tOItzRt+Npe3E+fsMs5mfcM0wCtrrdU387UnV+vnSffXQ== dependencies: "@jridgewell/trace-mapping" "^0.3.14" jest-worker "^27.4.5" From 8eec202dd8c655d934cc2e99a527420519d016a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Aug 2022 03:01:51 +0000 Subject: [PATCH 28/70] Bump sass from 1.54.5 to 1.54.6 Bumps [sass](https://github.com/sass/dart-sass) from 1.54.5 to 1.54.6. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.54.5...1.54.6) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 0ff27964..41f72692 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "pnp-webpack-plugin": "^1.7.0", "propagating-hammerjs": "^2.0.1", "rails-erb-loader": "^5.5.2", - "sass": "^1.54.5", + "sass": "^1.54.6", "sass-loader": "^13.0.2", "shakapacker": "6.5.1", "sortablejs": "^1.15.0", diff --git a/yarn.lock b/yarn.lock index 8353c80b..9217aa08 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3820,10 +3820,10 @@ sass-loader@^13.0.2: klona "^2.0.4" neo-async "^2.6.2" -sass@^1.54.5: - version "1.54.5" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.5.tgz#93708f5560784f6ff2eab8542ade021a4a947b3a" - integrity sha512-p7DTOzxkUPa/63FU0R3KApkRHwcVZYC0PLnLm5iyZACyp15qSi32x7zVUhRdABAATmkALqgGrjCJAcWvobmhHw== +sass@^1.54.6: + version "1.54.6" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.6.tgz#5a12c268db26555c335028e355d6b7b1a5b9b4c8" + integrity sha512-DUqJjR2WxXBcZjRSZX5gCVyU+9fuC2qDfFzoKX9rV4rCOcec5mPtEafTcfsyL3YJuLONjWylBne+uXVh5rrmFw== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From 3c675010da488f520a5d50c7d57e536fc3f3a9e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Aug 2022 03:02:01 +0000 Subject: [PATCH 29/70] Bump webpack-dev-server from 4.10.0 to 4.10.1 Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 4.10.0 to 4.10.1. - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-dev-server/compare/v4.10.0...v4.10.1) --- updated-dependencies: - dependency-name: webpack-dev-server dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 0ff27964..f903b0c3 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "xss": "^1.0.14" }, "devDependencies": { - "webpack-dev-server": "^4.10.0" + "webpack-dev-server": "^4.10.1" }, "babel": { "presets": [ diff --git a/yarn.lock b/yarn.lock index 8353c80b..8f1f2a75 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4339,10 +4339,10 @@ webpack-dev-middleware@^5.3.1: range-parser "^1.2.1" schema-utils "^4.0.0" -webpack-dev-server@^4.10.0: - version "4.10.0" - resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.10.0.tgz#de270d0009eba050546912be90116e7fd740a9ca" - integrity sha512-7dezwAs+k6yXVFZ+MaL8VnE+APobiO3zvpp3rBHe/HmWQ+avwh0Q3d0xxacOiBybZZ3syTZw9HXzpa3YNbAZDQ== +webpack-dev-server@^4.10.1: + version "4.10.1" + resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.10.1.tgz#124ac9ac261e75303d74d95ab6712b4aec3e12ed" + integrity sha512-FIzMq3jbBarz3ld9l7rbM7m6Rj1lOsgq/DyLGMX/fPEB1UBUPtf5iL/4eNfhx8YYJTRlzfv107UfWSWcBK5Odw== dependencies: "@types/bonjour" "^3.5.9" "@types/connect-history-api-fallback" "^1.3.5" From 1f009d2fd781d1b0335335e459a10dc1662ffe1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Aug 2022 03:01:42 +0000 Subject: [PATCH 30/70] Bump sass from 1.54.6 to 1.54.7 Bumps [sass](https://github.com/sass/dart-sass) from 1.54.6 to 1.54.7. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.54.6...1.54.7) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index bda0eb22..c0e5867f 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "pnp-webpack-plugin": "^1.7.0", "propagating-hammerjs": "^2.0.1", "rails-erb-loader": "^5.5.2", - "sass": "^1.54.6", + "sass": "^1.54.7", "sass-loader": "^13.0.2", "shakapacker": "6.5.1", "sortablejs": "^1.15.0", diff --git a/yarn.lock b/yarn.lock index d3031515..2813fb00 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3820,10 +3820,10 @@ sass-loader@^13.0.2: klona "^2.0.4" neo-async "^2.6.2" -sass@^1.54.6: - version "1.54.6" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.6.tgz#5a12c268db26555c335028e355d6b7b1a5b9b4c8" - integrity sha512-DUqJjR2WxXBcZjRSZX5gCVyU+9fuC2qDfFzoKX9rV4rCOcec5mPtEafTcfsyL3YJuLONjWylBne+uXVh5rrmFw== +sass@^1.54.7: + version "1.54.7" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.7.tgz#a93fb1690472b161fab8f4ab34a66a0f3000c478" + integrity sha512-3q7MQz7sCpVG6TLhUfZwGOcd2/sm2ghYN2JEdRjNiW04ILdvahdo9GuAs+bxsxZ3hDCKv+wUT5w0iFWGU0CxlA== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From d782a7214fdda5db572532b4986e0092f6295123 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Aug 2022 03:01:16 +0000 Subject: [PATCH 31/70] Bump @fortawesome/fontawesome-free from 6.1.2 to 6.2.0 Bumps [@fortawesome/fontawesome-free](https://github.com/FortAwesome/Font-Awesome) from 6.1.2 to 6.2.0. - [Release notes](https://github.com/FortAwesome/Font-Awesome/releases) - [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/6.x/CHANGELOG.md) - [Commits](https://github.com/FortAwesome/Font-Awesome/commits) --- updated-dependencies: - dependency-name: "@fortawesome/fontawesome-free" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index c0e5867f..e8819227 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "@babel/preset-env": "7", "@babel/runtime": "7", "@egjs/hammerjs": "^2.0.17", - "@fortawesome/fontawesome-free": "^6.1.2", + "@fortawesome/fontawesome-free": "^6.2.0", "@popperjs/core": "^2.11.6", "@sentry/browser": "^7.11.1", "@webpack-cli/serve": "^1.7.0", diff --git a/yarn.lock b/yarn.lock index 2813fb00..1dd5fdc5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -926,10 +926,10 @@ dependencies: "@types/hammerjs" "^2.0.36" -"@fortawesome/fontawesome-free@^6.1.2": - version "6.1.2" - resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.1.2.tgz#d18880eddeadd42b1c64cb559f2f3d13d47a4a64" - integrity sha512-XwWADtfdSN73/udaFm+1mnGIj/ShDZNFMe/PRoqv3FhQ4GNI2PUN70yFTPsjq65Lw2C9i4TG5/hTbxXIXVCiqQ== +"@fortawesome/fontawesome-free@^6.2.0": + version "6.2.0" + resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.2.0.tgz#ba3510825b332816fe7190f28827f8cb33a298b5" + integrity sha512-CNR7qRIfCwWHNN7FnKUniva94edPdyQzil/zCwk3v6k4R6rR2Fr8i4s3PM7n/lyfPA6Zfko9z5WDzFxG9SW1uQ== "@jridgewell/gen-mapping@^0.1.0": version "0.1.1" From 8a6323a5ee714e1c332bdd4d6177eca426ae22e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 03:01:17 +0000 Subject: [PATCH 32/70] Bump sass from 1.54.7 to 1.54.8 Bumps [sass](https://github.com/sass/dart-sass) from 1.54.7 to 1.54.8. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.54.7...1.54.8) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index e8819227..80881b39 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "pnp-webpack-plugin": "^1.7.0", "propagating-hammerjs": "^2.0.1", "rails-erb-loader": "^5.5.2", - "sass": "^1.54.7", + "sass": "^1.54.8", "sass-loader": "^13.0.2", "shakapacker": "6.5.1", "sortablejs": "^1.15.0", diff --git a/yarn.lock b/yarn.lock index 1dd5fdc5..671a0f26 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3820,10 +3820,10 @@ sass-loader@^13.0.2: klona "^2.0.4" neo-async "^2.6.2" -sass@^1.54.7: - version "1.54.7" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.7.tgz#a93fb1690472b161fab8f4ab34a66a0f3000c478" - integrity sha512-3q7MQz7sCpVG6TLhUfZwGOcd2/sm2ghYN2JEdRjNiW04ILdvahdo9GuAs+bxsxZ3hDCKv+wUT5w0iFWGU0CxlA== +sass@^1.54.8: + version "1.54.8" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.8.tgz#4adef0dd86ea2b1e4074f551eeda4fc5f812a996" + integrity sha512-ib4JhLRRgbg6QVy6bsv5uJxnJMTS2soVcCp9Y88Extyy13A8vV0G1fAwujOzmNkFQbR3LvedudAMbtuNRPbQww== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" From 3ec5263c31ec529b6e6313e1adf515b9bf40048b Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Fri, 2 Sep 2022 10:16:37 +0200 Subject: [PATCH 33/70] Bundle update --- Gemfile.lock | 10 +++--- yarn.lock | 86 ++++++++++++++++++++++++++-------------------------- 2 files changed, 48 insertions(+), 48 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a1b0d79c..9585f76a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -164,7 +164,7 @@ GEM websocket-driver (>= 0.5.1) ffi (1.15.5) forgery (0.8.1) - glob (0.3.0) + glob (0.3.1) globalid (1.0.0) activesupport (>= 5.0) haml (5.2.2) @@ -281,7 +281,7 @@ GEM racc (~> 1.4) nyan-cat-formatter (0.12.0) rspec (>= 2.99, >= 2.14.2, < 4) - oauth (0.5.13) + oauth (0.5.14) oauth2 (1.4.10) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) @@ -375,7 +375,7 @@ GEM activerecord (>= 6.1.5) activesupport (>= 6.1.5) i18n - rb-fsevent (0.11.1) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) rbtree (0.4.5) @@ -414,7 +414,7 @@ GEM rspec-mocks (~> 3.10) rspec-support (~> 3.10) rspec-support (3.11.0) - rubocop (1.35.1) + rubocop (1.36.0) json (~> 2.3) parallel (~> 1.10) parser (>= 3.1.2.1) @@ -499,7 +499,7 @@ GEM actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - ssrf_filter (1.0.8) + ssrf_filter (1.1.1) strscan (3.0.4) telegraf (2.1.1) influxdb diff --git a/yarn.lock b/yarn.lock index 671a0f26..d717f7a6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -990,45 +990,45 @@ integrity sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw== "@sentry/browser@^7.11.1": - version "7.11.1" - resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.11.1.tgz#377d417e833ef54c78a93ef720a742bda5022625" - integrity sha512-k2XHuzPfnm8VJPK5eWd1+Y5VCgN42sLveb8Qxc3prb5PSL416NWMLZaoB7RMIhy430fKrSFiosnm6QDk2M6pbA== + version "7.12.0" + resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.12.0.tgz#340151eb83b41a6c54fc91a75285f99e62a843a5" + integrity sha512-VoqZj3wJm5aUIDG+7LjeSHIw9/pujrUlA1QMu2YOY3LaP6UQsAAsOSo52brnaQQcwBrRySksaaaTxg6obJwInw== dependencies: - "@sentry/core" "7.11.1" - "@sentry/types" "7.11.1" - "@sentry/utils" "7.11.1" + "@sentry/core" "7.12.0" + "@sentry/types" "7.12.0" + "@sentry/utils" "7.12.0" tslib "^1.9.3" -"@sentry/core@7.11.1": - version "7.11.1" - resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.11.1.tgz#d68e796f3b6428aefd6086a1db00118df7a9a9e4" - integrity sha512-kaDSZ6VNuO4ZZdqUOOX6XM6x+kjo2bMnDQ3IJG51FPvVjr8lXYhXj1Ccxcot3pBYAIWPPby2+vNDOXllmXqoBA== +"@sentry/core@7.12.0": + version "7.12.0" + resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.12.0.tgz#14e75263b9c645ba5f314bb036d5cd1ac5aa621e" + integrity sha512-ERkeB/XdThvdSVZH4XysMPyWRG653HDq0AkJh8SgapExCZbwgj1lutCIpT1LIbZ8lUhRx5P+ua9OR2qj+vo5RA== dependencies: - "@sentry/hub" "7.11.1" - "@sentry/types" "7.11.1" - "@sentry/utils" "7.11.1" + "@sentry/hub" "7.12.0" + "@sentry/types" "7.12.0" + "@sentry/utils" "7.12.0" tslib "^1.9.3" -"@sentry/hub@7.11.1": - version "7.11.1" - resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-7.11.1.tgz#1749b2b102ea1892ff388d65d66d3b402b393958" - integrity sha512-M6ClgdXdptS0lUBKB5KpXXe2qMQhsoiEN2pEGRI6+auqhfHCUQB1ZXsfjiOYexKC9fwx7TyFyZ9Jcaf2DTxEhw== +"@sentry/hub@7.12.0": + version "7.12.0" + resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-7.12.0.tgz#b30d04222fd4e1a920ace8482de3aa413e04ca43" + integrity sha512-UgpC9WiHQAfcoEIIgeIopp3jeabllK6beLl5vA4ei6ay2TDMjA4NqUpzGq/GWVG0ewnblvHkqmjwAls2AEMtWg== dependencies: - "@sentry/types" "7.11.1" - "@sentry/utils" "7.11.1" + "@sentry/types" "7.12.0" + "@sentry/utils" "7.12.0" tslib "^1.9.3" -"@sentry/types@7.11.1": - version "7.11.1" - resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.11.1.tgz#06e2827f6ba37159c33644208a0453b86d25e232" - integrity sha512-gIEhOPxC2cjrxQ0+K2SFJ1P6e/an5osSxVc9OOtekN28eHtVsXFCLB8XVWeNQnS7N2VkrVrkqORMBz1kvIcvVQ== +"@sentry/types@7.12.0": + version "7.12.0" + resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.12.0.tgz#108a995c77d133f22366e6976fefa0ca7f8dcf5d" + integrity sha512-ldcuRzEx2ccZvaJjTSemWj+7TiWCV5A/vV7fEtZeoETFI+SiVbmqI5whdH7ZVVfhRNFf25Ib+TfTeaM9PM7A1A== -"@sentry/utils@7.11.1": - version "7.11.1" - resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.11.1.tgz#1635c5b223369d9428bc83c9b8908c9c3287ee10" - integrity sha512-tRVXNT5O9ilkV31pyHeTqA1PcPQfMV/2OR6yUYM4ah+QVISovC0f0ybhByuH5nYg6x/Gsnx1o7pc8L1GE3+O7A== +"@sentry/utils@7.12.0": + version "7.12.0" + resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.12.0.tgz#dd00bed3908f31453f2362988e501f98d534c7dd" + integrity sha512-GVB8E0V3RJHQClvi0gsRRJvDXP5c7M5ByYAvspJDczOOxNF8LTjTYVkBXAUdR9kcs+nya1q1YVsKvde2WGORTA== dependencies: - "@sentry/types" "7.11.1" + "@sentry/types" "7.12.0" tslib "^1.9.3" "@trysound/sax@0.2.0": @@ -1134,9 +1134,9 @@ integrity sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA== "@types/node@*": - version "18.7.13" - resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.13.tgz#23e6c5168333480d454243378b69e861ab5c011a" - integrity sha512-46yIhxSe5xEaJZXWdIBP7GU4HDTG8/eo0qd9atdiL+lFpA03y8KS+lkTN834TWJj5767GbWv4n/P6efyTFt1Dw== + version "18.7.14" + resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.14.tgz#0fe081752a3333392d00586d815485a17c2cf3c9" + integrity sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA== "@types/qs@*": version "6.9.7" @@ -1514,9 +1514,9 @@ body-parser@1.20.0: unpipe "1.0.0" bonjour-service@^1.0.11: - version "1.0.13" - resolved "https://registry.yarnpkg.com/bonjour-service/-/bonjour-service-1.0.13.tgz#4ac003dc1626023252d58adf2946f57e5da450c1" - integrity sha512-LWKRU/7EqDUC9CTAQtuZl5HzBALoCYwtLhffW3et7vZMwv3bWLpJf8bRYlMD5OCcDpTfnPgNCV4yo9ZIaJGMiA== + version "1.0.14" + resolved "https://registry.yarnpkg.com/bonjour-service/-/bonjour-service-1.0.14.tgz#c346f5bc84e87802d08f8d5a60b93f758e514ee7" + integrity sha512-HIMbgLnk1Vqvs6B4Wq5ep7mxvj9sGz5d1JJyDNSGNIdA/w2MCz6GTjWTdjqOJV1bEPj+6IkxDvWNFKEBxNt4kQ== dependencies: array-flatten "^2.1.2" dns-equal "^1.0.0" @@ -1597,9 +1597,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001370: - version "1.0.30001383" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001383.tgz#aecf317ccd940690725ae3ae4f28293c5fb8050e" - integrity sha512-swMpEoTp5vDoGBZsYZX7L7nXHe6dsHxi9o6/LKf/f0LukVtnrxly5GVb/fWdCDTqi/yw6Km6tiJ0pmBacm0gbg== + version "1.0.30001388" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001388.tgz#88e01f4591cbd81f9f665f3f078c66b509fbe55d" + integrity sha512-znVbq4OUjqgLxMxoNX2ZeeLR0d7lcDiE5uJ4eUiWdml1J1EkxbnQq6opT9jb9SMfJxB0XA16/ziHwni4u1I3GQ== chalk@^2.0.0: version "2.4.2" @@ -2292,9 +2292,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.4.202: - version "1.4.231" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.231.tgz#ae6de219c20aa690bc3d217ff151b208a9bd8ed6" - integrity sha512-E8WsUC60chToZUfxvVUXBb1U/mR/Df3GFX+mO3edtQnRTUt6L2XgpqBVWcGD/xrzQdINL1g/CEBPPn0YJ86Y6Q== + version "1.4.240" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.240.tgz#b11fb838f2e79f34fbe8b57eec55e7e5d81ee6ea" + integrity sha512-r20dUOtZ4vUPTqAajDGonIM1uas5tf85Up+wPdtNBNvBSqGCfkpvMVvQ1T8YJzPV9/Y9g3FbUDcXb94Rafycow== emojis-list@^3.0.0: version "3.0.0" @@ -4233,9 +4233,9 @@ unpipe@1.0.0, unpipe@~1.0.0: integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== update-browserslist-db@^1.0.5: - version "1.0.5" - resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.5.tgz#be06a5eedd62f107b7c19eb5bcefb194411abf38" - integrity sha512-dteFFpCyvuDdr9S/ff1ISkKt/9YZxKjI9WlRR99c180GaztJtRa/fn18FdxGVKVsnPY7/a/FDN68mcvUmP4U7Q== + version "1.0.6" + resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.6.tgz#044fddb5c26989628da5cff7a82ce1472152bce6" + integrity sha512-We7BqM9XFlcW94Op93uW8+2LXvGezs7QA0WY+f1H7RR1q46B06W6hZF6LbmOlpCS1HU22q/6NOGTGW5sCm7NJQ== dependencies: escalade "^3.1.1" picocolors "^1.0.0" From 60dc8c3b7ea8e6a0f4fce1c83a28bbc5c2fa9205 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Fri, 2 Sep 2022 16:38:41 +0200 Subject: [PATCH 34/70] Apply line-based coloring for output --- app/assets/javascripts/editor/editor.js.erb | 9 +- app/assets/javascripts/editor/evaluation.js | 86 ++++++++++---------- app/assets/stylesheets/base.css.scss | 2 +- app/assets/stylesheets/editor.css.scss | 19 ++--- app/controllers/submissions_controller.rb | 5 +- app/views/exercises/_editor_output.html.slim | 2 +- 6 files changed, 59 insertions(+), 64 deletions(-) diff --git a/app/assets/javascripts/editor/editor.js.erb b/app/assets/javascripts/editor/editor.js.erb index 3df79531..ee564da6 100644 --- a/app/assets/javascripts/editor/editor.js.erb +++ b/app/assets/javascripts/editor/editor.js.erb @@ -78,7 +78,7 @@ var CodeOceanEditor = { if ($('#output-' + index).isPresent()) { return $('#output-' + index); } else { - var element = $('
').attr('id', 'output-' + index);
+            var element = $('
').attr('id', 'output-' + index);
             $('#output').append(element);
             return element;
         }
@@ -648,7 +648,7 @@ var CodeOceanEditor = {
 
     augmentStacktraceInOutput: function () {
         if (this.tracepositions_regex) {
-            $('#output>pre').each($.proxy(function(index, element) {
+            $('#output > .output-element').each($.proxy(function(index, element) {
                 element = $(element)
 
                 const text = _.escape(element.text());
@@ -656,16 +656,11 @@ var CodeOceanEditor = {
 
                 let matches;
 
-                // Switch both lines below to enable the output of images and render  tags.
-                // Also consider `printOutput` in evaluation.js
-
-                // let augmented_text = element.text();
                 let augmented_text = element.html();
                 while (matches = this.tracepositions_regex.exec(text)) {
                     const frame = $('div.frame[data-filename="' + matches[1] + '"]')
 
                     if (frame.length > 0) {
-                        // augmented_text = augmented_text.replace(new RegExp(matches[0], 'g'), "" + matches[0] + "");
                         augmented_text = augmented_text.replace(new RegExp(_.unescape(matches[0]), 'g'), "" + matches[0] + "");
                     }
                 }
diff --git a/app/assets/javascripts/editor/evaluation.js b/app/assets/javascripts/editor/evaluation.js
index a4a9311a..23eb9533 100644
--- a/app/assets/javascripts/editor/evaluation.js
+++ b/app/assets/javascripts/editor/evaluation.js
@@ -189,7 +189,7 @@ CodeOceanEditorEvaluation = {
     },
 
     clearOutput: function () {
-        $('#output pre').remove();
+        $('#output > .output-element').remove();
         CodeOceanEditorTurtle.hideCanvas();
     },
 
@@ -207,50 +207,54 @@ CodeOceanEditorEvaluation = {
             return;
         }
 
-        if (output.stdout !== undefined && !output.stdout.startsWith("');
+
+        if (sanitizedStdout !== '') {
+            if (colorize) {
+                pre.addClass('text-success');
+            }
+            pre.append(sanitizedStdout)
+        }
+
+        if (sanitizedStderr !== '') {
+            if (colorize) {
+                pre.addClass('text-warning');
+            } else {
+                pre.append('StdErr: ');
+            }
+            pre.append(sanitizedStderr);
+        }
+
+        if (sanitizedStdout === '' && sanitizedStderr === '') {
+            if (colorize) {
+                pre.addClass('text-muted');
+            }
+            pre.text($('#output').data('message-no-output'))
+        }
+
+        element.append(pre);
+    },
+
+    sanitizeOutput: function (rawContent) {
+        let sanitizedContent = _.escape(rawContent).replace(this.nonPrintableRegEx, "");
+
+        if (rawContent !== undefined && rawContent.trim().startsWith(" document
             const parsedElement = doc.firstChild.lastChild.firstChild;
-            const sanitized_img = document.createElement('img');
-            sanitized_img.src = parsedElement.src;
-            output.stdout = sanitized_img.outerHTML;
+
+            if (parsedElement.src.startsWith("data:image")) {
+                const sanitizedImg = document.createElement('img');
+                sanitizedImg.src = parsedElement.src;
+                sanitizedContent = sanitizedImg.outerHTML;
+            }
         }
 
-        var element = this.findOrCreateOutputElement(index);
-        // Switch all four lines below to enable the output of images and render  tags.
-        // Also consider `augmentStacktraceInOutput` in editor.js.erb
-        if (!colorize) {
-            if (output.stdout !== undefined && output.stdout !== '') {
-                output.stdout = output.stdout.replace(this.nonPrintableRegEx, "")
-
-                element.append(output.stdout)
-                //element.text(element.text() + output.stdout)
-            }
-
-            if (output.stderr !== undefined && output.stderr !== '') {
-                output.stderr = output.stderr.replace(this.nonPrintableRegEx, "")
-
-                element.append('StdErr: ' + output.stderr);
-                //element.text('StdErr: ' + element.text() + output.stderr);
-            }
-
-        } else if (output.stderr) {
-            output.stderr = output.stderr.replace(this.nonPrintableRegEx, "")
-
-            element.addClass('text-warning').append(output.stderr);
-            //element.addClass('text-warning').text(element.text() + output.stderr);
-            this.QaApiOutputBuffer.stderr += output.stderr;
-        } else if (output.stdout) {
-            output.stdout = output.stdout.replace(this.nonPrintableRegEx, "")
-
-            element.addClass('text-success').append(output.stdout);
-            //element.addClass('text-success').text(element.text() + output.stdout);
-            this.QaApiOutputBuffer.stdout += output.stdout;
-        } else {
-            element.addClass('text-muted').text($('#output').data('message-no-output'));
-        }
+        return sanitizedContent;
     },
 
     getDeadlineInformation: function(deadline, translation_key, otherwise) {
diff --git a/app/assets/stylesheets/base.css.scss b/app/assets/stylesheets/base.css.scss
index 09235a88..4f5a79f0 100644
--- a/app/assets/stylesheets/base.css.scss
+++ b/app/assets/stylesheets/base.css.scss
@@ -25,7 +25,7 @@ i.fa-solid, i.fa-regular, i.fa-solid {
   margin-right: 0.5em;
 }
 
-pre {
+pre, .output-element {
   background-color: #FAFAFA;
   margin: 0;
   padding: .25rem!important;
diff --git a/app/assets/stylesheets/editor.css.scss b/app/assets/stylesheets/editor.css.scss
index 7d2ae714..9c4a5c7b 100644
--- a/app/assets/stylesheets/editor.css.scss
+++ b/app/assets/stylesheets/editor.css.scss
@@ -77,20 +77,13 @@
   overflow: auto;
 }
 
-#outputInformation {
-  #output {
-    max-height: 500px;
-    width: 100%;
+#output {
+  white-space: pre;
+  font-family: var(--bs-font-monospace);
+  font-size: 14px;
+
+  .output-element {
     overflow: auto;
-    margin: 2em 0;
-
-    p {
-      margin: 0.5em;
-    }
-
-    pre + pre {
-      margin-top: 1em;
-    }
   }
 }
 
diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index cdc687a3..2fa21912 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -73,6 +73,7 @@ class SubmissionsController < ApplicationController
     end
   end
 
+  # rubocop:disable Metrics/CyclomaticComplexity
   def run
     # These method-local socket variables are required in order to use one socket
     # in the callbacks of the other socket. As the callbacks for the client socket
@@ -167,7 +168,8 @@ class SubmissionsController < ApplicationController
             @testrun[:status] = :failed
             "\n#{t('exercises.implement.exit_failure', timestamp: l(Time.zone.now, format: :short), exit_code: exit_code)}"
           end
-        send_and_store client_socket, {cmd: :write, stream: :stdout, data: "#{exit_statement}\n"}
+        stream = @testrun[:status] == :ok ? :stdout : :stderr
+        send_and_store client_socket, {cmd: :write, stream: stream, data: "#{exit_statement}\n"}
         if exit_code == 137
           send_and_store client_socket, {cmd: :status, status: :out_of_memory}
           @testrun[:status] = :out_of_memory
@@ -194,6 +196,7 @@ class SubmissionsController < ApplicationController
   ensure
     save_testrun_output 'run'
   end
+  # rubocop:enable Metrics/CyclomaticComplexity:
 
   def score
     hijack do |tubesock|
diff --git a/app/views/exercises/_editor_output.html.slim b/app/views/exercises/_editor_output.html.slim
index 2997ca3e..c4838cba 100644
--- a/app/views/exercises/_editor_output.html.slim
+++ b/app/views/exercises/_editor_output.html.slim
@@ -79,7 +79,7 @@ div.d-grid id='output_sidebar_uncollapsed' class='d-none col-sm-12 enforce-botto
           .heading = t('exercises.implement.error_hints.heading')
           ul.body.mb-0
       #output
-        pre.overflow-scroll = t('exercises.implement.no_output_yet')
+        .output-element.overflow-scroll = t('exercises.implement.no_output_yet')
       - if CodeOcean::Config.new(:code_ocean).read[:flowr][:enabled] && !@embed_options[:disable_hints] && !@embed_options[:hide_test_results]
         #flowrHint.mb-2.card.text-white.bg-info data-url=CodeOcean::Config.new(:code_ocean).read[:flowr][:url] role='tab'
           .card-header = t('exercises.implement.flowr.heading')

From e77223e6282948da3bbf9c1a056deb560a996338 Mon Sep 17 00:00:00 2001
From: Janis Vaneylen 
Date: Fri, 2 Sep 2022 14:23:42 +0200
Subject: [PATCH 35/70] Refactor send_thank_you_note method and according specs

---
 app/mailers/user_mailer.rb       | 2 +-
 spec/mailers/user_mailer_spec.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index ffa928d1..3cfc95c9 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -45,7 +45,7 @@ class UserMailer < ApplicationMailer
   end
 
   def send_thank_you_note(request_for_comment, receiver)
-    token = AuthenticationToken.generate!(request_for_comment.user)
+    token = AuthenticationToken.generate!(receiver)
     @receiver_displayname = receiver.displayname
     @author = request_for_comment.user.displayname
     @thank_you_note = request_for_comment.thank_you_note
diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
index 1bd68eb3..7f5ae70b 100644
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@@ -132,9 +132,9 @@ describe UserMailer do
 
   describe '#send_thank_you_note' do
     let(:user) { create(:learner) }
-    let(:token) { AuthenticationToken.find_by(user: user) }
+    let(:receiver) { create(:teacher) }
+    let(:token) { AuthenticationToken.find_by(user: receiver) }
     let(:request_for_comments) { create(:rfc_with_comment, user: user) }
-    let(:receiver) { InternalUser.create(attributes_for(:teacher)) }
     let(:mail) { described_class.send_thank_you_note(request_for_comments, receiver).deliver_now }
 
     it 'sets the correct sender' do

From b6837e9539debda00d388409942e4b9434bb44a3 Mon Sep 17 00:00:00 2001
From: Janis Vaneylen 
Date: Fri, 2 Sep 2022 14:26:41 +0200
Subject: [PATCH 36/70] Refactor validity of token authentication

---
 app/controllers/application_controller.rb |  5 ++++-
 spec/features/authentication_spec.rb      | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 173f1e25..5e401697 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -40,7 +40,10 @@ class ApplicationController < ActionController::Base
     token = AuthenticationToken.find_by(shared_secret: params[:token])
     return unless token
 
-    auto_login(token.user) if token.expire_at.future?
+    if token.expire_at.future?
+      token.update(expire_at: Time.zone.now)
+      auto_login(token.user)
+    end
   end
 
   def set_sentry_context
diff --git a/spec/features/authentication_spec.rb b/spec/features/authentication_spec.rb
index 998d83fb..e28fce26 100644
--- a/spec/features/authentication_spec.rb
+++ b/spec/features/authentication_spec.rb
@@ -78,6 +78,25 @@ describe 'Authentication' do
           expect(page).to have_content(I18n.t('application.not_authorized'))
         end
       end
+
+      context 'when the authentication token is used to login' do
+        let(:token) { create(:authentication_token, user: user) }
+
+        it 'invalidates the token on login' do
+          mail.deliver_now
+          visit(rfc_link)
+          expect(token.reload.expire_at).to be_within(10.seconds).of(Time.zone.now)
+        end
+
+        it 'does not allow a second login' do
+          mail.deliver_now
+          visit(rfc_link)
+          expect(page).to have_current_path(rfc_link)
+          visit(sign_out_path)
+          visit(rfc_link)
+          expect(page).to have_current_path(root_path)
+        end
+      end
     end
   end
 

From 9050f02b7ae7bf93b6b9ce79d9fd6dfb18633b66 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Fri, 2 Sep 2022 17:52:24 +0200
Subject: [PATCH 37/70] Add additional test case for new CodeOcean::File#read
 method

---
 app/models/code_ocean/file.rb       |  2 +-
 spec/models/code_ocean/file_spec.rb | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/app/models/code_ocean/file.rb b/app/models/code_ocean/file.rb
index 67796eae..bdbc3657 100644
--- a/app/models/code_ocean/file.rb
+++ b/app/models/code_ocean/file.rb
@@ -58,7 +58,7 @@ module CodeOcean
 
     def read
       if native_file?
-        valid = Pathname(native_file.current_path).fnmatch? ::File.join(native_file.root, '**')
+        valid = Pathname(native_file.current_path).realpath.fnmatch? ::File.join(native_file.root, '**')
         return nil unless valid
 
         native_file.read
diff --git a/spec/models/code_ocean/file_spec.rb b/spec/models/code_ocean/file_spec.rb
index 6a279a6d..3482cc6a 100644
--- a/spec/models/code_ocean/file_spec.rb
+++ b/spec/models/code_ocean/file_spec.rb
@@ -69,7 +69,26 @@ describe CodeOcean::File do
     end
 
     context 'when the path has been modified' do
-      before { file.update(native_file: '../../../../secrets.yml') }
+      before do
+        file.update_column(:native_file, '../../../../secrets.yml') # rubocop:disable Rails/SkipsModelValidations
+        file.reload
+      end
+
+      it 'does not read the native file' do
+        expect(file.read).not_to be_present
+      end
+    end
+
+    context 'when a symlink is used' do
+      let(:fake_upload_location) { File.join(CarrierWave::Uploader::Base.new.root, 'uploads', 'files', 'secrets.yml') }
+
+      before do
+        File.symlink Rails.root.join('config/secrets.yml'), fake_upload_location
+        file.update_column(:native_file, '../secrets.yml') # rubocop:disable Rails/SkipsModelValidations
+        file.reload
+      end
+
+      after { File.delete(fake_upload_location) }
 
       it 'does not read the native file' do
         expect(file.read).not_to be_present

From e00d1772caaa89aaa88acdf20d636440cb3a4293 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Fri, 2 Sep 2022 18:14:14 +0200
Subject: [PATCH 38/70] Disallow markup for RfC emails

---
 app/mailers/user_mailer.rb       |  6 +--
 spec/mailers/user_mailer_spec.rb | 67 ++++++++++++++++++++++++++++++--
 2 files changed, 66 insertions(+), 7 deletions(-)

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index 3cfc95c9..1bc42c89 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -23,7 +23,7 @@ class UserMailer < ApplicationMailer
     token = AuthenticationToken.generate!(request_for_comment.user)
     @receiver_displayname = request_for_comment.user.displayname
     @commenting_user_displayname = commenting_user.displayname
-    @comment_text = comment.text
+    @comment_text = ERB::Util.html_escape comment.text
     @rfc_link = request_for_comment_url(request_for_comment, token: token.shared_secret)
     mail(
       subject: t('mailers.user_mailer.got_new_comment.subject',
@@ -35,7 +35,7 @@ class UserMailer < ApplicationMailer
     token = AuthenticationToken.generate!(subscription.user)
     @receiver_displayname = subscription.user.displayname
     @author_displayname = from_user.displayname
-    @comment_text = comment.text
+    @comment_text = ERB::Util.html_escape comment.text
     @rfc_link = request_for_comment_url(subscription.request_for_comment, token: token.shared_secret)
     @unsubscribe_link = unsubscribe_subscription_url(subscription)
     mail(
@@ -48,7 +48,7 @@ class UserMailer < ApplicationMailer
     token = AuthenticationToken.generate!(receiver)
     @receiver_displayname = receiver.displayname
     @author = request_for_comment.user.displayname
-    @thank_you_note = request_for_comment.thank_you_note
+    @thank_you_note = ERB::Util.html_escape request_for_comment.thank_you_note
     @rfc_link = request_for_comment_url(request_for_comment, token: token.shared_secret)
     mail(subject: t('mailers.user_mailer.send_thank_you_note.subject', author: @author), to: receiver.email)
   end
diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
index 7f5ae70b..ace8f719 100644
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@@ -93,6 +93,25 @@ describe UserMailer do
       # A five minute tolerance is allowed to account for the time difference between `now` and the creation timestamp of the token.
       expect(token.expire_at - Time.zone.now).to be_within(5.minutes).of(7.days)
     end
+
+    it 'sets the correct comment' do
+      expect(mail.body).to include(request_for_comment.comments.first.text)
+    end
+
+    context 'with an HTML comment' do
+      let(:html_comment) { 'test' }
+      let(:escaped_comment) { '<b>test</b>' }
+
+      before { request_for_comment.comments.first.update(text: html_comment) }
+
+      it 'does not include the HTML tags' do
+        expect(mail.body).not_to include(html_comment)
+      end
+
+      it 'includes escaped HTML tags' do
+        expect(mail.body).to include(escaped_comment)
+      end
+    end
   end
 
   describe '#got_new_comment_for_subscription' do
@@ -128,21 +147,41 @@ describe UserMailer do
       # A five minute tolerance is allowed to account for the time difference between `now` and the creation timestamp of the token.
       expect(token.expire_at - Time.zone.now).to be_within(5.minutes).of(7.days)
     end
+
+
+    it 'sets the correct comment' do
+      expect(mail.body).to include(request_for_comment.comments.first.text)
+    end
+
+    context 'with an HTML comment' do
+      let(:html_comment) { 'test' }
+      let(:escaped_comment) { '<b>test</b>' }
+
+      before { request_for_comment.comments.first.update(text: html_comment) }
+
+      it 'does not include the HTML tags' do
+        expect(mail.body).not_to include(html_comment)
+      end
+
+      it 'includes escaped HTML tags' do
+        expect(mail.body).to include(escaped_comment)
+      end
+    end
   end
 
   describe '#send_thank_you_note' do
     let(:user) { create(:learner) }
     let(:receiver) { create(:teacher) }
     let(:token) { AuthenticationToken.find_by(user: receiver) }
-    let(:request_for_comments) { create(:rfc_with_comment, user: user) }
-    let(:mail) { described_class.send_thank_you_note(request_for_comments, receiver).deliver_now }
+    let(:request_for_comment) { create(:rfc_with_comment, user: user) }
+    let(:mail) { described_class.send_thank_you_note(request_for_comment, receiver).deliver_now }
 
     it 'sets the correct sender' do
       expect(mail.from).to include('codeocean@hpi.de')
     end
 
     it 'sets the correct subject' do
-      expect(mail.subject).to eq(I18n.t('mailers.user_mailer.send_thank_you_note.subject', author: request_for_comments.user.displayname))
+      expect(mail.subject).to eq(I18n.t('mailers.user_mailer.send_thank_you_note.subject', author: request_for_comment.user.displayname))
     end
 
     it 'sets the correct receiver' do
@@ -150,7 +189,7 @@ describe UserMailer do
     end
 
     it 'includes the correct URL' do
-      expect(mail.body).to include(request_for_comment_url(request_for_comments, token: token.shared_secret))
+      expect(mail.body).to include(request_for_comment_url(request_for_comment, token: token.shared_secret))
     end
 
     it 'creates a new authentication token' do
@@ -162,5 +201,25 @@ describe UserMailer do
       # A five minute tolerance is allowed to account for the time difference between `now` and the creation timestamp of the token.
       expect(token.expire_at - Time.zone.now).to be_within(5.minutes).of(7.days)
     end
+
+
+    it 'sets the correct thank_you_note' do
+      expect(mail.body).to include(request_for_comment.thank_you_note)
+    end
+
+    context 'with an HTML comment' do
+      let(:html_comment) { 'test' }
+      let(:escaped_comment) { '<b>test</b>' }
+
+      before { request_for_comment.update(thank_you_note: html_comment) }
+
+      it 'does not include the HTML tags' do
+        expect(mail.body).not_to include(html_comment)
+      end
+
+      it 'includes escaped HTML tags' do
+        expect(mail.body).to include(escaped_comment)
+      end
+    end
   end
 end

From 87737e50a2356fe9fba16ceac46ec773a975a4f6 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 00:10:11 +0200
Subject: [PATCH 39/70] Fix Rubocop offenses

---
 spec/mailers/user_mailer_spec.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
index ace8f719..324c0945 100644
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@@ -148,7 +148,6 @@ describe UserMailer do
       expect(token.expire_at - Time.zone.now).to be_within(5.minutes).of(7.days)
     end
 
-
     it 'sets the correct comment' do
       expect(mail.body).to include(request_for_comment.comments.first.text)
     end
@@ -202,7 +201,6 @@ describe UserMailer do
       expect(token.expire_at - Time.zone.now).to be_within(5.minutes).of(7.days)
     end
 
-
     it 'sets the correct thank_you_note' do
       expect(mail.body).to include(request_for_comment.thank_you_note)
     end

From 0de213b8c71d91b17cc14cc4b76275438829d4bd Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 22:50:30 +0200
Subject: [PATCH 40/70] Pagedown: Use default sanitizer for preview

---
 app/assets/javascripts/pagedown/pagedown.js.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/pagedown/pagedown.js.erb b/app/assets/javascripts/pagedown/pagedown.js.erb
index 63b8307e..4ab4062c 100644
--- a/app/assets/javascripts/pagedown/pagedown.js.erb
+++ b/app/assets/javascripts/pagedown/pagedown.js.erb
@@ -7,7 +7,7 @@
 
 renderPagedown = function() {
     $(".wmd-output").each(function (i) {
-        const converter = new Markdown.Converter();
+        const converter = Markdown.getSanitizingConverter();
         const content = $(this).html();
         return $(this).html(converter.makeHtml(content));
     })
@@ -20,7 +20,7 @@ createPagedownEditor = function( selector, context ) {
             return;
         }
         const attr = $(input).attr('id').split('wmd-input')[1];
-        const converter = new Markdown.Converter();
+        const converter = Markdown.getSanitizingConverter();
         Markdown.Extra.init(converter);
         const help = {
             handler() {

From 49f4f0e6c59e6537b20b88c1bfc4f4443b982b64 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 00:05:13 +0200
Subject: [PATCH 41/70] Refactor exercise_controller and move more checks to
 policy

* We introduce a custom handler for Pundit::NotAuthorizedError
---
 app/controllers/exercises_controller.rb       | 14 ++++-
 app/policies/exercise_policy.rb               |  6 ++-
 spec/controllers/exercises_controller_spec.rb | 13 +++++
 spec/policies/exercise_policy_spec.rb         | 52 +++++++++++++++++--
 4 files changed, 78 insertions(+), 7 deletions(-)

diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb
index b23cb460..e0c1fc58 100644
--- a/app/controllers/exercises_controller.rb
+++ b/app/controllers/exercises_controller.rb
@@ -22,6 +22,8 @@ class ExercisesController < ApplicationController
   skip_after_action :verify_authorized, only: %i[import_exercise import_uuid_check]
   skip_after_action :verify_policy_scoped, only: %i[import_exercise import_uuid_check], raise: false
 
+  rescue_from Pundit::NotAuthorizedError, with: :not_authorized_for_exercise
+
   def authorize!
     authorize(@exercise || @exercises)
   end
@@ -294,8 +296,6 @@ class ExercisesController < ApplicationController
   private :update_exercise_tips
 
   def implement
-    redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished? && current_user.role != 'admin' && current_user.role != 'teacher' # TODO: TESTESTEST
-    redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
     user_solved_exercise = @exercise.solved_by?(current_user)
     count_interventions_today = UserExerciseIntervention.where(user: current_user).where('created_at >= ?',
       Time.zone.now.beginning_of_day).count
@@ -434,6 +434,16 @@ class ExercisesController < ApplicationController
     authorize!
   end
 
+  def not_authorized_for_exercise(_exception)
+    if %w[implement working_times intervention search reload].include?(action_name) && (current_user.admin? || current_user.teacher?)
+      redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished?
+      redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
+    else
+      render_not_authorized
+    end
+  end
+  private :not_authorized_for_exercise
+
   def set_execution_environments
     @execution_environments = ExecutionEnvironment.all.order(:name)
   end
diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb
index 8963d795..0452ce94 100644
--- a/app/policies/exercise_policy.rb
+++ b/app/policies/exercise_policy.rb
@@ -30,7 +30,11 @@ class ExercisePolicy < AdminOrAuthorPolicy
   end
 
   %i[implement? working_times? intervention? search? reload?].each do |action|
-    define_method(action) { everyone }
+    define_method(action) do
+      return no_one unless @record.files.visible.exists?
+
+      admin? || teacher_in_study_group? || author? || (everyone && !@record.unpublished?)
+    end
   end
 
   def submit?
diff --git a/spec/controllers/exercises_controller_spec.rb b/spec/controllers/exercises_controller_spec.rb
index ad245b64..dab8b754 100644
--- a/spec/controllers/exercises_controller_spec.rb
+++ b/spec/controllers/exercises_controller_spec.rb
@@ -187,6 +187,17 @@ describe ExercisesController do
       expect_flash_message(:alert, :'exercises.implement.no_files')
       expect_redirect(:exercise)
     end
+
+    context 'with other users accessing an unpublished exercise' do
+      let(:exercise) { create(:fibonacci, unpublished: true) }
+      let(:user) { create(:teacher) }
+
+      before { perform_request.call }
+
+      expect_assigns(exercise: :exercise)
+      expect_flash_message(:alert, :'exercises.implement.unpublished')
+      expect_redirect(:exercise)
+    end
   end
 
   describe 'GET #index' do
@@ -223,6 +234,8 @@ describe ExercisesController do
 
   describe 'GET #reload' do
     context 'when being anyone' do
+      let(:exercise) { create(:fibonacci) }
+
       before { get :reload, format: :json, params: {id: exercise.id} }
 
       expect_assigns(exercise: :exercise)
diff --git a/spec/policies/exercise_policy_spec.rb b/spec/policies/exercise_policy_spec.rb
index e890fa7c..3ccfe563 100644
--- a/spec/policies/exercise_policy_spec.rb
+++ b/spec/policies/exercise_policy_spec.rb
@@ -110,10 +110,54 @@ describe ExercisePolicy do
     end
   end
 
-  permissions :implement? do
-    it 'grants access to anyone' do
-      %i[admin external_user teacher].each do |factory_name|
-        expect(policy).to permit(build(factory_name), Exercise.new)
+  %i[implement? working_times? intervention? search? reload?].each do |action|
+    permissions(action) do
+      context 'when the exercise has no visible files' do
+        let(:exercise) { create(:dummy) }
+
+        it 'does not grant access to anyone' do
+          %i[admin external_user teacher].each do |factory_name|
+            expect(policy).not_to permit(build(factory_name), exercise)
+          end
+        end
+      end
+
+      context 'when the exercise has visible files' do
+        let(:exercise) { create(:fibonacci) }
+
+        it 'grants access to anyone' do
+          %i[admin external_user teacher].each do |factory_name|
+            expect(policy).to permit(build(factory_name), exercise)
+          end
+        end
+      end
+
+      context 'when the exercise is published' do
+        let(:exercise) { create(:fibonacci, unpublished: false) }
+
+        it 'grants access to anyone' do
+          %i[admin external_user teacher].each do |factory_name|
+            expect(policy).to permit(build(factory_name), exercise)
+          end
+        end
+      end
+
+      context 'when the exercise is unpublished' do
+        let(:exercise) { create(:fibonacci, unpublished: true) }
+
+        it 'grants access to admins' do
+          expect(policy).to permit(build(:admin), exercise)
+        end
+
+        it 'grants access to the author' do
+          expect(policy).to permit(exercise.author, exercise)
+        end
+
+        it 'does not grant access to everyone' do
+          %i[external_user teacher].each do |factory_name|
+            expect(policy).not_to permit(build(factory_name), exercise)
+          end
+        end
       end
     end
   end

From b67daedfc949934dc427d1e176aedd29af1289b1 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 00:05:38 +0200
Subject: [PATCH 42/70] Remove dead code from ProxyExercise

---
 app/controllers/proxy_exercises_controller.rb  | 5 +----
 app/policies/proxy_exercise_policy.rb          | 4 ----
 app/views/proxy_exercises/reload.json.jbuilder | 5 -----
 3 files changed, 1 insertion(+), 13 deletions(-)
 delete mode 100644 app/views/proxy_exercises/reload.json.jbuilder

diff --git a/app/controllers/proxy_exercises_controller.rb b/app/controllers/proxy_exercises_controller.rb
index 94074521..178c26c8 100644
--- a/app/controllers/proxy_exercises_controller.rb
+++ b/app/controllers/proxy_exercises_controller.rb
@@ -70,12 +70,9 @@ class ProxyExercisesController < ApplicationController
 
   def show
     @search = @proxy_exercise.exercises.ransack
-    @exercises = @proxy_exercise.exercises.ransack.result.order(:title) # @search.result.order(:title)
+    @exercises = @proxy_exercise.exercises.ransack.result.order(:title)
   end
 
-  # we might want to think about auth here
-  def reload; end
-
   def update
     myparams = proxy_exercise_params
     myparams[:exercises] = Exercise.find(myparams[:exercise_ids].compact_blank)
diff --git a/app/policies/proxy_exercise_policy.rb b/app/policies/proxy_exercise_policy.rb
index 4112064e..20c2e548 100644
--- a/app/policies/proxy_exercise_policy.rb
+++ b/app/policies/proxy_exercise_policy.rb
@@ -13,10 +13,6 @@ class ProxyExercisePolicy < AdminOrAuthorPolicy
     define_method(action) { admin? || author? }
   end
 
-  [:reload?].each do |action|
-    define_method(action) { everyone }
-  end
-
   class Scope < Scope
     def resolve
       if @user.admin?
diff --git a/app/views/proxy_exercises/reload.json.jbuilder b/app/views/proxy_exercises/reload.json.jbuilder
deleted file mode 100644
index 3f5793b1..00000000
--- a/app/views/proxy_exercises/reload.json.jbuilder
+++ /dev/null
@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-json.set! :files do
-  json.array! @exercise.files.visible, :content, :id
-end

From 22cd202e9d9b92607d51dc8d5aea029a8e521e74 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 11:42:36 +0200
Subject: [PATCH 43/70] Refactor reject_illegal_file_attributes check

* Improve readability of method
* Add a new check for the author of a submission
---
 app/controllers/concerns/file_parameters.rb |  8 +++++++-
 spec/concerns/file_parameters_spec.rb       | 17 +++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/app/controllers/concerns/file_parameters.rb b/app/controllers/concerns/file_parameters.rb
index dfe4b06b..5c4f48f8 100644
--- a/app/controllers/concerns/file_parameters.rb
+++ b/app/controllers/concerns/file_parameters.rb
@@ -5,8 +5,14 @@ module FileParameters
     if exercise && params
       params.reject do |_, file_attributes|
         file = CodeOcean::File.find_by(id: file_attributes[:file_id])
+        next true if file.nil? || file.hidden || file.read_only
         # avoid that public files from other contexts can be created
-        file.nil? || file.hidden || file.read_only || (file.context_type == 'Exercise' && file.context_id != exercise.id) || (file.context_type == 'CommunitySolution' && controller_name != 'community_solutions')
+        # `next` is similar to an early return and will proceed with the next iteration of the loop
+        next true if file.context_type == 'Exercise' && file.context_id != exercise.id
+        next true if file.context_type == 'Submission' && file.context.user != current_user
+        next true if file.context_type == 'CommunitySolution' && controller_name != 'community_solutions'
+
+        false
       end
     else
       []
diff --git a/spec/concerns/file_parameters_spec.rb b/spec/concerns/file_parameters_spec.rb
index c7470689..1a4bc595 100644
--- a/spec/concerns/file_parameters_spec.rb
+++ b/spec/concerns/file_parameters_spec.rb
@@ -25,6 +25,8 @@ describe FileParameters do
 
       it 'new file' do
         submission = create(:submission, exercise: hello_world, id: 1337)
+        controller.instance_variable_set(:@current_user, submission.user)
+
         new_file = create(:file, context: submission)
         expect(file_accepted?(new_file)).to be true
       end
@@ -42,16 +44,27 @@ describe FileParameters do
         expect(file_accepted?(hidden_file)).to be false
       end
 
-      it 'read only file' do
+      it 'read-only file' do
         read_only_file = create(:file, context: hello_world, read_only: true)
         expect(file_accepted?(read_only_file)).to be false
       end
 
-      it 'non existent file' do
+      it 'non-existent file' do
         # Ensure to use an invalid id for the file.
         non_existent_file = build(:file, context: hello_world, id: -1)
         expect(file_accepted?(non_existent_file)).to be false
       end
+
+      it 'file of another submission' do
+        learner1 = create(:learner)
+        learner2 = create(:learner)
+        submission_learner1 = create(:submission, exercise: hello_world, user: learner1)
+        _submission_learner2 = create(:submission, exercise: hello_world, user: learner2)
+
+        controller.instance_variable_set(:@current_user, learner2)
+        other_submissions_file = create(:file, context: submission_learner1)
+        expect(file_accepted?(other_submissions_file)).to be false
+      end
     end
   end
 end

From fbe80ac557127979cef5981c02d18cae4f870198 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 11:48:53 +0200
Subject: [PATCH 44/70] Ensure min-height for left and right sidebar in editor

---
 app/assets/stylesheets/editor.css.scss | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/assets/stylesheets/editor.css.scss b/app/assets/stylesheets/editor.css.scss
index 9c4a5c7b..77e4eb2d 100644
--- a/app/assets/stylesheets/editor.css.scss
+++ b/app/assets/stylesheets/editor.css.scss
@@ -20,6 +20,9 @@
   }
 }
 
+#content-left-sidebar, #content-right-sidebar {
+  min-height: 250px;
+}
 
 .frame {
   display: none;

From 1581d658ea973a324e32a624308e564b462d2878 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 19:03:15 +0200
Subject: [PATCH 45/70] Simplify user search for external teachers

---
 app/controllers/external_users_controller.rb |  2 +-
 app/controllers/internal_users_controller.rb |  2 +-
 app/models/user.rb                           |  8 +++-
 app/views/external_users/index.html.slim     | 44 ++++++++++++--------
 4 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/app/controllers/external_users_controller.rb b/app/controllers/external_users_controller.rb
index 18a287c2..10f7a77c 100644
--- a/app/controllers/external_users_controller.rb
+++ b/app/controllers/external_users_controller.rb
@@ -9,7 +9,7 @@ class ExternalUsersController < ApplicationController
   private :authorize!
 
   def index
-    @search = ExternalUser.ransack(params[:q])
+    @search = ExternalUser.ransack(params[:q], {auth_object: current_user})
     @users = @search.result.in_study_group_of(current_user).includes(:consumer).paginate(page: params[:page], per_page: per_page_param)
     authorize!
   end
diff --git a/app/controllers/internal_users_controller.rb b/app/controllers/internal_users_controller.rb
index aa528d25..a5125fc6 100644
--- a/app/controllers/internal_users_controller.rb
+++ b/app/controllers/internal_users_controller.rb
@@ -67,7 +67,7 @@ class InternalUsersController < ApplicationController
   end
 
   def index
-    @search = InternalUser.ransack(params[:q])
+    @search = InternalUser.ransack(params[:q], {auth_object: current_user})
     @users = @search.result.includes(:consumer).order(:name).paginate(page: params[:page], per_page: per_page_param)
     authorize!
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index fb718c57..ce519fc2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -42,7 +42,11 @@ class User < ApplicationRecord
     displayname
   end
 
-  def self.ransackable_attributes(_auth_object = nil)
-    %w[name email external_id consumer_id role]
+  def self.ransackable_attributes(auth_object)
+    if auth_object.admin?
+      %w[name email external_id consumer_id role]
+    else
+      %w[name external_id]
+    end
   end
 end
diff --git a/app/views/external_users/index.html.slim b/app/views/external_users/index.html.slim
index daa4aacb..20f86edb 100644
--- a/app/views/external_users/index.html.slim
+++ b/app/views/external_users/index.html.slim
@@ -1,24 +1,32 @@
 h1 = ExternalUser.model_name.human(count: 2)
 
 = render(layout: 'shared/form_filters') do |f|
-  .col-md-9.col
-    .row.align-items-center
-      .col
-        = f.label(:name_cont, t('activerecord.attributes.external_user.name'), class: 'visually-hidden form-label')
-        = f.search_field(:name_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.name'))
-      .col.mt-0.mt-sm-3.mt-md-0
-        = f.label(:email_cont, t('activerecord.attributes.external_user.email'), class: 'visually-hidden form-label')
-        = f.search_field(:email_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.email'))
-      .col.mt-3.mt-lg-0
-        = f.label(:external_id_cont, t('activerecord.attributes.external_user.external_id'), class: 'visually-hidden form-label')
-        = f.search_field(:external_id_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.external_id'))
-    .row
-      .col-auto
-        = f.label(:role_eq, t('activerecord.attributes.external_user.role'), class: 'visually-hidden form-label')
-        = f.select(:role_eq, User::ROLES.map { |role| [t("users.roles.#{role}"), role] }, { include_blank: true }, class: 'form-control', prompt: t('activerecord.attributes.external_user.role'))
-      .col-auto.mt-3.mt-lg-0
-        = f.label(:consumer_id_eq, t('activerecord.attributes.external_user.consumer'), class: 'visually-hidden form-label')
-        = f.collection_select(:consumer_id_eq, Consumer.with_external_users, :id, :name, class: 'form-control', prompt: t('activerecord.attributes.external_user.consumer'))
+  - if current_user.admin?
+    .col-md-9.col
+      .row.align-items-center
+        .col
+          = f.label(:name_cont, t('activerecord.attributes.external_user.name'), class: 'visually-hidden form-label')
+          = f.search_field(:name_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.name'))
+        .col.mt-0.mt-sm-3.mt-md-0
+          = f.label(:email_cont, t('activerecord.attributes.external_user.email'), class: 'visually-hidden form-label')
+          = f.search_field(:email_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.email'))
+        .col.mt-3.mt-lg-0
+          = f.label(:external_id_cont, t('activerecord.attributes.external_user.external_id'), class: 'visually-hidden form-label')
+          = f.search_field(:external_id_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.external_id'))
+      .row
+        .col-auto
+          = f.label(:role_eq, t('activerecord.attributes.external_user.role'), class: 'visually-hidden form-label')
+          = f.select(:role_eq, User::ROLES.map { |role| [t("users.roles.#{role}"), role] }, { include_blank: true }, class: 'form-control', prompt: t('activerecord.attributes.external_user.role'))
+        .col-auto.mt-3.mt-lg-0
+          = f.label(:consumer_id_eq, t('activerecord.attributes.external_user.consumer'), class: 'visually-hidden form-label')
+          = f.collection_select(:consumer_id_eq, Consumer.with_external_users, :id, :name, class: 'form-control', prompt: t('activerecord.attributes.external_user.consumer'))
+  - else
+    .col-auto
+      = f.label(:name_cont, t('activerecord.attributes.external_user.name'), class: 'visually-hidden form-label')
+      = f.search_field(:name_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.name'))
+    .col-auto
+      = f.label(:external_id_cont, t('activerecord.attributes.external_user.external_id'), class: 'visually-hidden form-label')
+      = f.search_field(:external_id_cont, class: 'form-control', placeholder: t('activerecord.attributes.external_user.external_id'))
 .table-responsive
   table.table
     thead

From e5d8db2796234bd9356d6122d6ae202783d320f8 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 19:13:08 +0200
Subject: [PATCH 46/70] Return propper error for anonymous users in
 exercises_controller

* not_authorized_for_exercise was not checking for a current_user

Fixes CODEOCEAN-C4
---
 app/controllers/exercises_controller.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb
index e0c1fc58..321c6f67 100644
--- a/app/controllers/exercises_controller.rb
+++ b/app/controllers/exercises_controller.rb
@@ -435,7 +435,10 @@ class ExercisesController < ApplicationController
   end
 
   def not_authorized_for_exercise(_exception)
-    if %w[implement working_times intervention search reload].include?(action_name) && (current_user.admin? || current_user.teacher?)
+    return render_not_authorized unless current_user
+    return render_not_authorized unless %w[implement working_times intervention search reload].include?(action_name)
+
+    if current_user.admin? || current_user.teacher?
       redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished?
       redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
     else

From 813c3f50afce9db6b4f87ace86591d12c72511be Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 19:15:15 +0200
Subject: [PATCH 47/70] Touch file location before setting a symlink in specs

---
 spec/models/code_ocean/file_spec.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec/models/code_ocean/file_spec.rb b/spec/models/code_ocean/file_spec.rb
index 3482cc6a..cbbaf9f1 100644
--- a/spec/models/code_ocean/file_spec.rb
+++ b/spec/models/code_ocean/file_spec.rb
@@ -83,6 +83,7 @@ describe CodeOcean::File do
       let(:fake_upload_location) { File.join(CarrierWave::Uploader::Base.new.root, 'uploads', 'files', 'secrets.yml') }
 
       before do
+        FileUtils.touch Rails.root.join('config/secrets.yml')
         File.symlink Rails.root.join('config/secrets.yml'), fake_upload_location
         file.update_column(:native_file, '../secrets.yml') # rubocop:disable Rails/SkipsModelValidations
         file.reload

From dccc60b7cadfe7ca4fd78a60c341c778be6e825f Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sun, 4 Sep 2022 23:12:46 +0200
Subject: [PATCH 48/70] Remove `renderWebsocketOutput` and use
 `printWebsocketOutput` instead

* The `render` command is not used much
* Originally added with commit 898074be3f
* The `#render` anchor (see findOrCreateRenderElement) was the "Render" button above the editor, nothing was rendered at all if executing code and otherwise it would be included _within_ the button.
---
 app/assets/javascripts/editor/editor.js.erb | 10 ----------
 app/assets/javascripts/editor/evaluation.js |  5 -----
 app/assets/javascripts/editor/execution.js  |  2 +-
 3 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/app/assets/javascripts/editor/editor.js.erb b/app/assets/javascripts/editor/editor.js.erb
index ee564da6..05b472cd 100644
--- a/app/assets/javascripts/editor/editor.js.erb
+++ b/app/assets/javascripts/editor/editor.js.erb
@@ -84,16 +84,6 @@ var CodeOceanEditor = {
         }
     },
 
-    findOrCreateRenderElement: function (index) {
-        if ($('#render-' + index).isPresent()) {
-            return $('#render-' + index);
-        } else {
-            var element = $('
').attr('id', 'render-' + index);
-            $('#render').append(element);
-            return element;
-        }
-    },
-
     getCardClass: function (result) {
         if (result.file_role === 'teacher_defined_linter') {
             return 'card bg-info text-white'
diff --git a/app/assets/javascripts/editor/evaluation.js b/app/assets/javascripts/editor/evaluation.js
index 23eb9533..31666c0c 100644
--- a/app/assets/javascripts/editor/evaluation.js
+++ b/app/assets/javascripts/editor/evaluation.js
@@ -174,11 +174,6 @@ CodeOceanEditorEvaluation = {
     /**
      * Output-Logic
      */
-    renderWebsocketOutput: function (msg) {
-        var element = this.findOrCreateRenderElement(0);
-        element.append(msg.data);
-    },
-
     printWebsocketOutput: function (msg) {
         if (!msg.data || msg.data === "\r") {
             return;
diff --git a/app/assets/javascripts/editor/execution.js b/app/assets/javascripts/editor/execution.js
index ec1784c9..2fd6245b 100644
--- a/app/assets/javascripts/editor/execution.js
+++ b/app/assets/javascripts/editor/execution.js
@@ -44,7 +44,7 @@ CodeOceanEditorWebsocket = {
     this.websocket.on('clear', this.clearOutput.bind(this));
     this.websocket.on('turtle', this.handleTurtleCommand.bind(this));
     this.websocket.on('turtlebatch', this.handleTurtlebatchCommand.bind(this));
-    this.websocket.on('render', this.renderWebsocketOutput.bind(this));
+    this.websocket.on('render', this.printWebsocketOutput.bind(this));
     this.websocket.on('exit', this.handleExitCommand.bind(this));
     this.websocket.on('status', this.showStatus.bind(this));
     this.websocket.on('hint', this.showHint.bind(this));

From 0a16f589e9f19a9e0f9c27ee7246b2480eba8cc5 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Tue, 6 Sep 2022 00:00:59 +0200
Subject: [PATCH 49/70] Use X-Sendfile to transmit native files and handle file
 uploads

---
 .../code_ocean/files_controller.rb            |  9 +++++++++
 app/controllers/submissions_controller.rb     |  6 +++++-
 app/models/code_ocean/file.rb                 |  9 +++++++--
 app/policies/code_ocean/file_policy.rb        | 12 +++++++++++
 config/environments/production.rb             |  2 +-
 config/environments/staging.rb                |  2 +-
 config/routes.rb                              |  1 +
 .../code_ocean/files_controller_spec.rb       | 20 +++++++++++++++++++
 .../submissions_controller_spec.rb            |  6 ++----
 9 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/app/controllers/code_ocean/files_controller.rb b/app/controllers/code_ocean/files_controller.rb
index 79331f6a..4d87684e 100644
--- a/app/controllers/code_ocean/files_controller.rb
+++ b/app/controllers/code_ocean/files_controller.rb
@@ -10,6 +10,15 @@ module CodeOcean
     end
     private :authorize!
 
+    def show_protected_upload
+      @file = CodeOcean::File.find(params[:id])
+      authorize!
+      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.name_with_extension != params[:filename]
+
+      real_location = Pathname(@file.native_file.current_path).realpath
+      send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension, disposition: 'attachment')
+    end
+
     def create
       @file = CodeOcean::File.new(file_params)
       if @file.file_template_id
diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index 2fa21912..fe6d67e8 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -56,7 +56,11 @@ class SubmissionsController < ApplicationController
   def download_file
     raise Pundit::NotAuthorizedError if @embed_options[:disable_download]
 
-    send_data(@file.read, filename: @file.name_with_extension)
+    if @file.native_file?
+      redirect_to protected_upload_path(id: @file.id, filename: @file.name_with_extension)
+    else
+      send_data(@file.content, filename: @file.name_with_extension)
+    end
   end
 
   def index
diff --git a/app/models/code_ocean/file.rb b/app/models/code_ocean/file.rb
index bdbc3657..5083f8c4 100644
--- a/app/models/code_ocean/file.rb
+++ b/app/models/code_ocean/file.rb
@@ -58,8 +58,7 @@ module CodeOcean
 
     def read
       if native_file?
-        valid = Pathname(native_file.current_path).realpath.fnmatch? ::File.join(native_file.root, '**')
-        return nil unless valid
+        return nil unless native_file_location_valid?
 
         native_file.read
       else
@@ -67,6 +66,12 @@ module CodeOcean
       end
     end
 
+    def native_file_location_valid?
+      real_location = Pathname(native_file.current_path).realpath
+      upload_location = Pathname(::File.join(native_file.root, 'uploads')).realpath
+      real_location.fnmatch? ::File.join(upload_location.to_s, '**')
+    end
+
     def ancestor_id
       file_id || id
     end
diff --git a/app/policies/code_ocean/file_policy.rb b/app/policies/code_ocean/file_policy.rb
index c9faf30d..d5be20cb 100644
--- a/app/policies/code_ocean/file_policy.rb
+++ b/app/policies/code_ocean/file_policy.rb
@@ -7,6 +7,8 @@ module CodeOcean
     end
 
     def show?
+      return false if @record.native_file? && !@record.native_file_location_valid?
+
       if @record.context.is_a?(Exercise)
         admin? || author? || !@record.hidden
       else
@@ -14,6 +16,16 @@ module CodeOcean
       end
     end
 
+    def show_protected_upload?
+      return false if @record.native_file? && !@record.native_file_location_valid?
+
+      if @record.context.is_a?(Exercise)
+        admin? || author? || (!@record.context.unpublished && !@record.hidden)
+      else
+        admin? || author?
+      end
+    end
+
     def create?
       if @record.context.is_a?(Exercise)
         admin? || author?
diff --git a/config/environments/production.rb b/config/environments/production.rb
index a06058c7..17fc2800 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -38,7 +38,7 @@ Rails.application.configure do
 
   # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+  config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index a5b908ee..b2ee0889 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -53,7 +53,7 @@ Rails.application.configure do
 
   # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+  config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
diff --git a/config/routes.rb b/config/routes.rb
index 69c3795b..dc276e13 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -128,6 +128,7 @@ Rails.application.routes.draw do
   namespace :code_ocean do
     resources :files, only: %i[create destroy]
   end
+  get '/uploads/files/:id/:filename', to: 'code_ocean/files#show_protected_upload', as: :protected_upload, constraints: {filename: FILENAME_REGEXP}
 
   resources :file_types
 
diff --git a/spec/controllers/code_ocean/files_controller_spec.rb b/spec/controllers/code_ocean/files_controller_spec.rb
index 2c555b08..476b72bc 100644
--- a/spec/controllers/code_ocean/files_controller_spec.rb
+++ b/spec/controllers/code_ocean/files_controller_spec.rb
@@ -7,6 +7,26 @@ describe CodeOcean::FilesController do
 
   before { allow(controller).to receive(:current_user).and_return(user) }
 
+  describe 'GET #show_protected_upload' do
+    context 'with a valid filename' do
+      let(:submission) { create(:submission, exercise: create(:audio_video)) }
+
+      before { get :show_protected_upload, params: {filename: file.name_with_extension, id: file.id} }
+
+      context 'with a binary file' do
+        let(:file) { submission.collect_files.detect {|file| file.file_type.file_extension == '.mp4' } }
+
+        expect_assigns(file: :file)
+        expect_content_type('video/mp4')
+        expect_http_status(:ok)
+
+        it 'sets the correct filename' do
+          expect(response.headers['Content-Disposition']).to include("attachment; filename=\"#{file.name_with_extension}\"")
+        end
+      end
+    end
+  end
+
   describe 'POST #create' do
     let(:submission) { create(:submission, user: user) }
 
diff --git a/spec/controllers/submissions_controller_spec.rb b/spec/controllers/submissions_controller_spec.rb
index 29244a11..a55e1cf9 100644
--- a/spec/controllers/submissions_controller_spec.rb
+++ b/spec/controllers/submissions_controller_spec.rb
@@ -74,11 +74,9 @@ describe SubmissionsController do
 
         expect_assigns(file: :file)
         expect_assigns(submission: :submission)
-        expect_content_type('video/mp4')
-        expect_http_status(:ok)
 
-        it 'sets the correct filename' do
-          expect(response.headers['Content-Disposition']).to include("attachment; filename=\"#{file.name_with_extension}\"")
+        it 'sets the correct redirect' do
+          expect(response.location).to eq protected_upload_url(id: file, filename: file.name_with_extension)
         end
       end
 

From fe41d445481c3b08c5fe34bd86f18982cabd4a4f Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Fri, 2 Sep 2022 19:08:01 +0200
Subject: [PATCH 50/70] Use SameSite strict for cookies

---
 config/initializers/session_store.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 57edb098..55ea37a8 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -6,4 +6,5 @@ Rails.application.config.session_store :cookie_store,
   key: '_code_ocean_session',
   expire_after: 1.month,
   secure: Rails.env.production? || Rails.env.staging?,
-  path: Rails.application.config.relative_url_root
+  path: Rails.application.config.relative_url_root,
+  same_site: :strict

From a2bb2844b4787f98c2f3ba1d8854f500a747a04e Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Fri, 2 Sep 2022 23:54:23 +0200
Subject: [PATCH 51/70] Add a Content Security Policy

---
 .github/workflows/ci.yml                      |  1 +
 .gitignore                                    |  1 +
 app/views/exercises/feedback.html.slim        |  3 +-
 app/views/layouts/application.html.slim       |  4 +-
 app/views/request_for_comments/show.html.slim |  2 +-
 config/content_security_policy.yml.ci         | 18 ++++++
 config/content_security_policy.yml.example    | 29 +++++++++
 .../initializers/content_security_policy.rb   | 61 ++++++++++++++-----
 config/initializers/sentry_csp.rb             | 40 ++++++++++++
 config/initializers/sentry_javascript.rb      |  2 +
 docs/LOCAL_SETUP.md                           |  4 +-
 provision/provision.vagrant.sh                |  2 +-
 12 files changed, 144 insertions(+), 23 deletions(-)
 create mode 100644 config/content_security_policy.yml.ci
 create mode 100644 config/content_security_policy.yml.example
 create mode 100644 config/initializers/sentry_csp.rb

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5ebaed00..521d880b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -70,6 +70,7 @@ jobs:
           cp config/secrets.yml.ci config/secrets.yml
           cp config/docker.yml.erb.ci config/docker.yml.erb
           cp config/mnemosyne.yml.ci config/mnemosyne.yml
+          cp config/content_security_policy.yml.ci config/content_security_policy.yml
 
       - name: Create database
         env:
diff --git a/.gitignore b/.gitignore
index 1e2bbb2b..759d2f78 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 /config/mnemosyne.yml
 /config/secrets.yml
 /config/docker.yml.erb
+/config/content_security_policy.yml
 /coverage
 /log/*.*
 /public/assets
diff --git a/app/views/exercises/feedback.html.slim b/app/views/exercises/feedback.html.slim
index 23cdd608..e52b5c5b 100644
--- a/app/views/exercises/feedback.html.slim
+++ b/app/views/exercises/feedback.html.slim
@@ -36,4 +36,5 @@ h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise))
 
   = render('shared/pagination', collection: @feedbacks)
 
-  script type="text/javascript" $(function () { $('[data-bs-toggle="tooltip"]').tooltip() });
+  = javascript_tag nonce: true do
+    | $(function () { $('[data-bs-toggle="tooltip"]').tooltip() });
diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim
index 044088d1..bd59b19f 100644
--- a/app/views/layouts/application.html.slim
+++ b/app/views/layouts/application.html.slim
@@ -15,8 +15,8 @@ html lang="#{I18n.locale || I18n.default_locale}"
     = javascript_include_tag('application', 'data-turbolinks-track': true)
     = yield(:head)
     = csrf_meta_tags
-    = timeago_script_tag
-    script type="text/javascript"
+    = timeago_script_tag nonce: true
+    = javascript_tag nonce: true do
       | I18n.defaultLocale = "#{I18n.default_locale}";
       | I18n.locale = "#{I18n.locale}";
       - if SentryJavascript.active?
diff --git a/app/views/request_for_comments/show.html.slim b/app/views/request_for_comments/show.html.slim
index aaaf578a..b8a2acf6 100644
--- a/app/views/request_for_comments/show.html.slim
+++ b/app/views/request_for_comments/show.html.slim
@@ -79,7 +79,7 @@
 
 = render('shared/modal', id: 'comment-modal', title: t('exercises.implement.comment.dialogtitle'), template: 'exercises/_comment_dialogcontent')
 
-javascript:
+javascript [nonce=content_security_policy_nonce]:
 
   $('.modal-content').draggable({
     handle: '.modal-header'
diff --git a/config/content_security_policy.yml.ci b/config/content_security_policy.yml.ci
new file mode 100644
index 00000000..312725e9
--- /dev/null
+++ b/config/content_security_policy.yml.ci
@@ -0,0 +1,18 @@
+default: &default
+  default_src: []
+
+
+development:
+  <<: *default
+  # Allow the webpack-dev-server in development
+  connect_src:
+    - http://localhost:3035
+    - ws://localhost:3035
+
+
+production:
+  <<: *default
+
+
+test:
+  <<: *default
diff --git a/config/content_security_policy.yml.example b/config/content_security_policy.yml.example
new file mode 100644
index 00000000..a766f1ac
--- /dev/null
+++ b/config/content_security_policy.yml.example
@@ -0,0 +1,29 @@
+# This file allows to further customize the Content Security Policy (CSP)
+# All settings will be applied **in addition** to the application CSP
+# Default directives are defined here: `initializers/content_security_policy.rb`
+
+default: &default
+  # Allow the S3 service hosted by the openHPI Cloud to be used for images
+  img_src:
+    - https://s3.xopic.de
+    - https://*.s3.xopic.de
+    - https://s3.openhpicloud.de
+    - https://*.s3.openhpicloud.de
+  # Optionally: Specify a custom, non-Sentry URL for reporting CSP violations
+  # report_uri: https://example.com/csp-report
+
+
+development:
+  <<: *default
+  # Allow the webpack-dev-server in development
+  connect_src:
+    - http://localhost:3035
+    - ws://localhost:3035
+
+
+production:
+  <<: *default
+
+
+test:
+  <<: *default
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index f87cb06b..07bc82ea 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -6,28 +6,57 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
-# Rails.application.config.content_security_policy do |policy|
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+require_relative 'sentry_csp'
+require_relative 'sentry_javascript'
 
-#   policy.default_src :self, :https
-#   policy.font_src    :self, :https, :data
-#   policy.img_src     :self, :https, :data
-#   policy.object_src  :none
-#   policy.script_src  :self, :https
-#   policy.style_src   :self, :https
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+def self.apply_yml_settings_for(policy)
+  csp_settings = CodeOcean::Config.new(:content_security_policy)
 
-#   # Specify URI for violation reports
-#   # policy.report_uri "/csp-violation-report-endpoint"
-# end
+  csp_settings.read.each do |directive, additional_settings|
+    existing_settings = if directive == 'report_uri'
+                          ''
+                        else
+                          policy.public_send(directive) || []
+                        end
+    all_settings = existing_settings + additional_settings
+    policy.public_send(directive, *all_settings)
+  end
+end
+
+def self.apply_sentry_settings_for(policy)
+  sentry_domain = URI.parse SentryJavascript.dsn
+  additional_setting = "#{sentry_domain.scheme}://#{sentry_domain.host}"
+  existing_settings = policy.connect_src || []
+  all_settings = existing_settings + [additional_setting]
+  policy.connect_src(*all_settings)
+end
+
+Rails.application.config.content_security_policy do |policy|
+  policy.default_src          :none
+  policy.base_uri             :none
+  policy.font_src             :self
+  # Code executions might return a base64 encoded image as a :data URI
+  policy.img_src              :self, :data
+  policy.object_src           :none
+  policy.script_src           :self, :report_sample
+  # Our ACE editor unfortunately requires :unsafe_inline for the code highlighting
+  policy.style_src            :self, :unsafe_inline, :report_sample
+  policy.connect_src          :self
+  policy.form_action          :self
+  policy.frame_ancestors      :none
+
+  # Specify URI for violation reports
+  policy.report_uri           SentryCsp.report_url if SentryCsp.active?
+
+  apply_yml_settings_for      policy
+  apply_sentry_settings_for   policy if SentryJavascript.active?
+end
 
 # If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
+Rails.application.config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 
 # Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
+Rails.application.config.content_security_policy_nonce_directives = %w[script-src]
 
 # Report CSP violations to a specified URI
 # For further information see the following documentation:
diff --git a/config/initializers/sentry_csp.rb b/config/initializers/sentry_csp.rb
new file mode 100644
index 00000000..891f5399
--- /dev/null
+++ b/config/initializers/sentry_csp.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require_relative 'sentry'
+
+class SentryCsp
+  def self.active?
+    dsn.present? && %w[development test].exclude?(environment)
+  end
+
+  def self.report_url
+    parsed_url = URI.parse dsn
+
+    # Add additional variables to the query string
+    query_params = CGI.parse(parsed_url.query || '')
+    query_params[:sentry_release] = release if release
+    query_params[:sentry_environment] = environment if environment
+
+    # Add the query string back to the URL
+    parsed_url.query = URI.encode_www_form(query_params)
+
+    # Return the full URL
+    parsed_url.to_s
+  end
+
+  class << self
+    private
+
+    def dsn
+      ENV.fetch('SENTRY_CSP_REPORT_URL', nil)
+    end
+
+    def release
+      Sentry.configuration.release
+    end
+
+    def environment
+      Sentry.configuration.environment
+    end
+  end
+end
diff --git a/config/initializers/sentry_javascript.rb b/config/initializers/sentry_javascript.rb
index 584f39da..9fe3479c 100644
--- a/config/initializers/sentry_javascript.rb
+++ b/config/initializers/sentry_javascript.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'sentry'
+
 class SentryJavascript
   def self.active?
     dsn.present? && %w[development test].exclude?(environment)
diff --git a/docs/LOCAL_SETUP.md b/docs/LOCAL_SETUP.md
index db5fdd36..2384fefe 100644
--- a/docs/LOCAL_SETUP.md
+++ b/docs/LOCAL_SETUP.md
@@ -194,7 +194,7 @@ source "$HOME/.profile"
 - Create all necessary config files:
 
   ```bash
-  for f in action_mailer.yml database.yml secrets.yml code_ocean.yml docker.yml.erb mnemosyne.yml
+  for f in action_mailer.yml database.yml secrets.yml code_ocean.yml docker.yml.erb mnemosyne.yml content_security_policy.yml
   do
     if [ ! -f config/$f ]
     then
@@ -303,7 +303,7 @@ source "$HOME/.profile"
   ```
 - Get a local copy of the config files and verify the settings:
   ```shell script
-  for f in action_mailer.yml database.yml secrets.yml code_ocean.yml docker.yml.erb mnemosyne.yml
+  for f in action_mailer.yml database.yml secrets.yml code_ocean.yml docker.yml.erb mnemosyne.yml content_security_policy.yml
   do
     if [ ! -f config/$f ]
     then
diff --git a/provision/provision.vagrant.sh b/provision/provision.vagrant.sh
index ecaf297b..6137d7f2 100644
--- a/provision/provision.vagrant.sh
+++ b/provision/provision.vagrant.sh
@@ -92,7 +92,7 @@ gem install bundler
 cd /home/vagrant/codeocean
 
 # config
-for f in action_mailer.yml database.yml secrets.yml docker.yml.erb mnemosyne.yml
+for f in action_mailer.yml database.yml secrets.yml docker.yml.erb mnemosyne.yml content_security_policy.yml
 do
   if [ ! -f config/$f ]
   then

From b6d8c7175b3de160c81eadc9a024f7d55ed24103 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 21:42:27 +0200
Subject: [PATCH 52/70] Disallow any external resources for :render_file

---
 app/controllers/submissions_controller.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index fe6d67e8..6db1bab9 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -14,6 +14,16 @@ class SubmissionsController < ApplicationController
   before_action :set_files_and_specific_file, only: %i[download_file render_file run test]
   before_action :set_mime_type, only: %i[download_file render_file]
 
+  # Overwrite the CSP header for the :render_file action
+  content_security_policy only: :render_file do |policy|
+    policy.img_src        :none
+    policy.script_src     :none
+    policy.font_src       :none
+    policy.style_src      :none
+    policy.connect_src    :none
+    policy.form_action    :none
+  end
+
   def create
     @submission = Submission.new(submission_params)
     authorize!

From 5b73f4df6f2a00cb76588b9c9516011f6bcf8da0 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 21:25:50 +0200
Subject: [PATCH 53/70] Refactor render_file method

* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
---
 app/controllers/submissions_controller.rb | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index 6db1bab9..71fe97f5 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -12,7 +12,7 @@ class SubmissionsController < ApplicationController
   before_action :set_testrun, only: %i[run score test]
   before_action :set_files, only: %i[download show]
   before_action :set_files_and_specific_file, only: %i[download_file render_file run test]
-  before_action :set_mime_type, only: %i[download_file render_file]
+  before_action :set_content_type_nosniff, only: %i[download download_file render_file]
 
   # Overwrite the CSP header for the :render_file action
   content_security_policy only: :render_file do |policy|
@@ -69,7 +69,7 @@ class SubmissionsController < ApplicationController
     if @file.native_file?
       redirect_to protected_upload_path(id: @file.id, filename: @file.name_with_extension)
     else
-      send_data(@file.content, filename: @file.name_with_extension)
+      send_data(@file.content, filename: @file.name_with_extension, disposition: 'attachment')
     end
   end
 
@@ -80,11 +80,10 @@ class SubmissionsController < ApplicationController
   end
 
   def render_file
-    if @file.native_file?
-      send_data(@file.read, filename: @file.name_with_extension, disposition: 'inline')
-    else
-      render(plain: @file.content)
-    end
+    # If a file should not be downloaded, it should not be rendered either
+    raise Pundit::NotAuthorizedError if @embed_options[:disable_download]
+
+    send_data(@file.read, filename: @file.name_with_extension, disposition: 'inline')
   end
 
   # rubocop:disable Metrics/CyclomaticComplexity
@@ -380,9 +379,9 @@ class SubmissionsController < ApplicationController
     @files = @submission.collect_files.select(&:visible)
   end
 
-  def set_mime_type
-    @mime_type = Mime::Type.lookup_by_extension(@file.file_type.file_extension.gsub(/^\./, ''))
-    response.headers['Content-Type'] = @mime_type.to_s
+  def set_content_type_nosniff
+    # When sending a file, we want to ensure that browsers follow our Content-Type header
+    response.headers['X-Content-Type-Options'] = 'nosniff'
   end
 
   def set_submission

From b0130b8faecceab8e4ba6aa002f84c71a493e2c2 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 00:01:13 +0200
Subject: [PATCH 54/70] Remove overwrite for X-Frame-Options

* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
---
 app/controllers/application_controller.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e401697..a08e780a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base
   after_action :verify_authorized, except: %i[welcome]
   around_action :mnemosyne_trace
   around_action :switch_locale
-  before_action :set_sentry_context, :allow_iframe_requests, :load_embed_options
+  before_action :set_sentry_context, :load_embed_options
   protect_from_forgery(with: :exception, prepend: true)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
   rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
@@ -96,10 +96,6 @@ class ApplicationController < ActionController::Base
     # Show root page
   end
 
-  def allow_iframe_requests
-    response.headers.delete('X-Frame-Options')
-  end
-
   def load_embed_options
     @embed_options = if session[:embed_options].present? && session[:embed_options].is_a?(Hash)
                        session[:embed_options].symbolize_keys

From 51e9daf930ae90df20576e9e00e0b92367d6cb46 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 00:09:50 +0200
Subject: [PATCH 55/70] Enable HSTS preload in app

---
 config/environments/production.rb | 1 +
 config/environments/staging.rb    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 17fc2800..4e6af6dd 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -50,6 +50,7 @@ Rails.application.configure do
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
+  config.ssl_options = {hsts: {preload: true}}
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index b2ee0889..bf50b877 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -65,6 +65,7 @@ Rails.application.configure do
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
+  config.ssl_options = {hsts: {preload: true}}
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).

From 9e08f3a6a8a75dc12252ed43295bcd0a70d42e10 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 03:22:44 +0200
Subject: [PATCH 56/70] Enable Subresource Integrity

---
 app/helpers/exercise_helper.rb           |  2 +-
 app/views/layouts/application.html.slim  |  8 +++----
 config/webpack/webpack.config.js         | 21 +++++++++++++++--
 lib/webpacker/sri_helper_extensions.rb   | 27 ++++++++++++++++++++++
 lib/webpacker/sri_manifest_extensions.rb | 29 ++++++++++++++++++++++++
 package.json                             |  1 +
 yarn.lock                                | 12 ++++++++++
 7 files changed, 93 insertions(+), 7 deletions(-)
 create mode 100644 lib/webpacker/sri_helper_extensions.rb
 create mode 100644 lib/webpacker/sri_manifest_extensions.rb

diff --git a/app/helpers/exercise_helper.rb b/app/helpers/exercise_helper.rb
index 26343917..4302a3fb 100644
--- a/app/helpers/exercise_helper.rb
+++ b/app/helpers/exercise_helper.rb
@@ -8,7 +8,7 @@ module ExerciseHelper
   end
 
   def qa_js_tag
-    javascript_include_tag "#{qa_url}/assets/qa_api.js"
+    javascript_include_tag "#{qa_url}/assets/qa_api.js", integrity: true, crossorigin: 'anonymous'
   end
 
   def qa_url
diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim
index bd59b19f..5bd6fdff 100644
--- a/app/views/layouts/application.html.slim
+++ b/app/views/layouts/application.html.slim
@@ -9,10 +9,10 @@ html lang="#{I18n.locale || I18n.default_locale}"
     = favicon_link_tag('/favicon.png', type: 'image/png')
     = favicon_link_tag('/favicon.png', rel: 'apple-touch-icon', type: 'image/png')
     = action_cable_meta_tag
-    = stylesheet_pack_tag('application', 'stylesheets', media: 'all', 'data-turbolinks-track': true)
-    = stylesheet_link_tag('application', media: 'all', 'data-turbolinks-track': true)
-    = javascript_pack_tag('application', 'data-turbolinks-track': true, defer: false)
-    = javascript_include_tag('application', 'data-turbolinks-track': true)
+    = stylesheet_pack_tag('application', 'stylesheets', media: 'all', 'data-turbolinks-track': true, integrity: true, crossorigin: 'anonymous')
+    = stylesheet_link_tag('application', media: 'all', 'data-turbolinks-track': true, integrity: true, crossorigin: 'anonymous')
+    = javascript_pack_tag('application', 'data-turbolinks-track': true, defer: false, integrity: true, crossorigin: 'anonymous')
+    = javascript_include_tag('application', 'data-turbolinks-track': true, integrity: true, crossorigin: 'anonymous')
     = yield(:head)
     = csrf_meta_tags
     = timeago_script_tag nonce: true
diff --git a/config/webpack/webpack.config.js b/config/webpack/webpack.config.js
index 355c3b3e..3ea79661 100644
--- a/config/webpack/webpack.config.js
+++ b/config/webpack/webpack.config.js
@@ -1,12 +1,14 @@
 // See the shakacode/shakapacker README and docs directory for advice on customizing your webpackConfig.
 
-const { webpackConfig, merge } = require('shakapacker')
+const { webpackConfig, config, merge } = require('shakapacker')
 const webpack = require('webpack');
 
 const CompressionPlugin = require("compression-webpack-plugin");
 const CssMinimizerPlugin = require("css-minimizer-webpack-plugin");
 const MiniCssExtractPlugin = require("mini-css-extract-plugin");
 const TerserPlugin = require("terser-webpack-plugin");
+const WebpackAssetsManifest = require('webpack-assets-manifest');
+const { SubresourceIntegrityPlugin } = require("webpack-subresource-integrity");
 
 // Custom ERB loader to disable Spring and prevent crashes
 const erb = require("./loaders/erb");
@@ -30,7 +32,9 @@ const envConfig = module.exports = {
         ],
     },
     output: {
-        publicPath: relative_url_root + public_output_path
+        publicPath: relative_url_root + public_output_path,
+        // the following setting is required for SRI to work:
+        crossOriginLoading: 'anonymous',
     },
     performance: {
         // Turn off size warnings for large assets
@@ -53,6 +57,15 @@ const envConfig = module.exports = {
         }),
         new CompressionPlugin(),
         new MiniCssExtractPlugin(),
+        new SubresourceIntegrityPlugin(),
+        new WebpackAssetsManifest({
+            entrypoints: true,
+            integrity: false,
+            writeToDisk: true,
+            entrypointsUseAssets: true,
+            publicPath: true,
+            output: config.manifestPath,
+        })
     ],
     resolve: {
         extensions: ['.css', '.ts', '.tsx'],
@@ -65,4 +78,8 @@ const envConfig = module.exports = {
     stats: 'minimal',
 }
 
+// Use the two lines below to remove the original WebpackAssetsManifest and replace it with our custom config.
+const filteredPlugins = webpackConfig.plugins.filter((plugin) => !(plugin instanceof WebpackAssetsManifest))
+webpackConfig.plugins = filteredPlugins;
+
 module.exports = merge(webpackConfig, envConfig)
diff --git a/lib/webpacker/sri_helper_extensions.rb b/lib/webpacker/sri_helper_extensions.rb
new file mode 100644
index 00000000..74b7bdfc
--- /dev/null
+++ b/lib/webpacker/sri_helper_extensions.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Webpacker::SriHelperExtensions
+  def stylesheet_link_tag(*sources, **options)
+    tags = sources.map do |stylesheet|
+      if stylesheet.is_a?(Hash)
+        super(stylesheet[:src], options.merge(integrity: stylesheet[:integrity]))
+      else
+        super(stylesheet, options)
+      end
+    end
+    safe_join(tags)
+  end
+
+  def javascript_include_tag(*sources, **options)
+    tags = sources.map do |javascript|
+      if javascript.is_a?(Hash)
+        super(javascript[:src], options.merge(integrity: javascript[:integrity]))
+      else
+        super(javascript, options)
+      end
+    end
+    safe_join(tags)
+  end
+end
+
+Sprockets::Rails::Helper.prepend(Webpacker::SriHelperExtensions)
diff --git a/lib/webpacker/sri_manifest_extensions.rb b/lib/webpacker/sri_manifest_extensions.rb
new file mode 100644
index 00000000..143bf7a5
--- /dev/null
+++ b/lib/webpacker/sri_manifest_extensions.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Webpacker::SriManifestExtensions
+  def lookup(name, pack_type = {})
+    asset = super
+
+    augment_with_integrity asset, pack_type
+  end
+
+  def lookup_pack_with_chunks(name, pack_type = {})
+    assets = super
+
+    assets.map do |asset|
+      augment_with_integrity asset, pack_type
+    end
+  end
+
+  def augment_with_integrity(asset, _pack_type = {})
+    if asset.respond_to?(:dig) && asset['integrity']
+      {src: asset['src'], integrity: asset['integrity']}
+    elsif asset.respond_to?(:dig)
+      asset['src']
+    else
+      asset
+    end
+  end
+end
+
+Webpacker::Manifest.prepend(Webpacker::SriManifestExtensions)
diff --git a/package.json b/package.json
index 80881b39..a9b2943f 100644
--- a/package.json
+++ b/package.json
@@ -51,6 +51,7 @@
     "webpack-cli": "^4.10.0",
     "webpack-merge": "^5.8.0",
     "webpack-sources": "^3.2.3",
+    "webpack-subresource-integrity": "^5.1.0",
     "xss": "^1.0.14"
   },
   "devDependencies": {
diff --git a/yarn.lock b/yarn.lock
index d717f7a6..7213fe82 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4199,6 +4199,11 @@ type-is@~1.6.18:
     media-typer "0.3.0"
     mime-types "~2.1.24"
 
+typed-assert@^1.0.8:
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/typed-assert/-/typed-assert-1.0.9.tgz#8af9d4f93432c4970ec717e3006f33f135b06213"
+  integrity sha512-KNNZtayBCtmnNmbo5mG47p1XsCyrx6iVqomjcZnec/1Y5GGARaxPs6r49RnSPeUP3YjNYiU9sQHAtY4BBvnZwg==
+
 underscore@^1.13.4:
   version "1.13.4"
   resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.4.tgz#7886b46bbdf07f768e0052f1828e1dcab40c0dee"
@@ -4387,6 +4392,13 @@ webpack-sources@^3.2.3:
   resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde"
   integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==
 
+webpack-subresource-integrity@^5.1.0:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/webpack-subresource-integrity/-/webpack-subresource-integrity-5.1.0.tgz#8b7606b033c6ccac14e684267cb7fb1f5c2a132a"
+  integrity sha512-sacXoX+xd8r4WKsy9MvH/q/vBtEHr86cpImXwyg74pFIpERKt6FmB8cXpeuh0ZLgclOlHI4Wcll7+R5L02xk9Q==
+  dependencies:
+    typed-assert "^1.0.8"
+
 webpack@^5.74.0:
   version "5.74.0"
   resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.74.0.tgz#02a5dac19a17e0bb47093f2be67c695102a55980"

From 7f0d8b63f97f87f00132390f6388a6be60395d38 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 10:50:29 +0200
Subject: [PATCH 57/70] Use Cookie Prefix in Production and Staging

---
 config/initializers/session_store.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 55ea37a8..b1fae6e4 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,8 +2,19 @@
 
 # Be sure to restart your server when you modify this file.
 
+def self.cookie_prefix
+  if (Rails.env.production? || Rails.env.staging?) \
+    && Rails.application.config.relative_url_root == '/'
+    '__Host-'
+  elsif Rails.env.production? || Rails.env.staging?
+    '__Secure-'
+  else
+    ''
+  end
+end
+
 Rails.application.config.session_store :cookie_store,
-  key: '_code_ocean_session',
+  key: "#{cookie_prefix}CodeOcean-Session",
   expire_after: 1.month,
   secure: Rails.env.production? || Rails.env.staging?,
   path: Rails.application.config.relative_url_root,

From fe0ad7a79d271829989e3d451fe9ebf401790bde Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Sat, 3 Sep 2022 20:02:45 +0200
Subject: [PATCH 58/70] Add Feature-Policy header

The header has been renamed to Permissions-Policy, but Rails has no support so far.
---
 config/initializers/permissions_policy.rb | 32 ++++++++++++++++-------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb
index 50bcf4ea..57e689ba 100644
--- a/config/initializers/permissions_policy.rb
+++ b/config/initializers/permissions_policy.rb
@@ -1,12 +1,26 @@
 # frozen_string_literal: true
+
 # Define an application-wide HTTP permissions policy. For further
 # information see https://developers.google.com/web/updates/2018/06/feature-policy
-#
-# Rails.application.config.permissions_policy do |f|
-#   f.camera      :none
-#   f.gyroscope   :none
-#   f.microphone  :none
-#   f.usb         :none
-#   f.fullscreen  :self
-#   f.payment     :self, "https://secure.example.com"
-# end
+# TODO: Feature-Policy has been renamed to Permissions-Policy. The Permissions-Policy is
+#       not yet supported by Rails (even though the new name is already used for the method)
+Rails.application.config.permissions_policy do |policy|
+  policy.accelerometer        :none
+  policy.ambient_light_sensor :none
+  policy.autoplay             :none
+  policy.camera               :none
+  policy.encrypted_media      :none
+  policy.fullscreen           :none
+  policy.geolocation          :none
+  policy.gyroscope            :none
+  policy.magnetometer         :none
+  policy.microphone           :none
+  policy.midi                 :none
+  policy.payment              :none
+  policy.picture_in_picture   :none
+  # The `speaker` directive is used for selection of non-default audio output devices
+  policy.speaker              :none
+  policy.usb                  :none
+  policy.vibrate              :none
+  policy.vr                   :none
+end

From 2028e636a387aa6c7f7fef042b50cb222a64ee31 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Tue, 6 Sep 2022 13:28:12 +0200
Subject: [PATCH 59/70] Use SameSite=Lax for LTI login

---
 config/initializers/session_store.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index b1fae6e4..7bd809a2 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -18,4 +18,7 @@ Rails.application.config.session_store :cookie_store,
   expire_after: 1.month,
   secure: Rails.env.production? || Rails.env.staging?,
   path: Rails.application.config.relative_url_root,
-  same_site: :strict
+  # Signing in through LTI won't work with `SameSite=Strict`
+  # as the cookie is not sent when accessing the `implement` route
+  # following the LTI launch initiated by the LMS as a third party.
+  same_site: :lax

From 63caf461cbbf42086e2a690bfa1f09a0de0d02ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Sep 2022 03:01:21 +0000
Subject: [PATCH 60/70] Bump @babel/runtime from 7.18.9 to 7.19.0

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.18.9 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 7213fe82..b75f44b6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -874,9 +874,9 @@
     esutils "^2.0.2"
 
 "@babel/runtime@7", "@babel/runtime@^7.8.4":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.18.9.tgz#b4fcfce55db3d2e5e080d2490f608a3b9f407f4a"
-  integrity sha512-lkqXDcvlFT5rvEjiu6+QYO+1GXrEHRo2LOtS7E4GtX5ESIZOgepqsZBVIj6Pv+a6zqsya9VCgiK1KAK4BvJDAw==
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.19.0.tgz#22b11c037b094d27a8a2504ea4dcff00f50e2259"
+  integrity sha512-eR8Lo9hnDS7tqkO7NsV+mKvCmv5boaXFSZ70DnfhcgiEne8hv9oCEd36Klw74EtizEqLsy4YnW8UWwpBVolHZA==
   dependencies:
     regenerator-runtime "^0.13.4"
 

From 6dfb7a967ec160ed4bd7ca4100c512f68cc7ff7a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Sep 2022 03:01:40 +0000
Subject: [PATCH 61/70] Bump @babel/core from 7.18.13 to 7.19.0

Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.18.13 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 package.json |   2 +-
 yarn.lock    | 115 ++++++++++++++++++++++++++++-----------------------
 2 files changed, 65 insertions(+), 52 deletions(-)

diff --git a/package.json b/package.json
index a9b2943f..76b78a19 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "codeocean",
   "private": true,
   "dependencies": {
-    "@babel/core": "^7.18.13",
+    "@babel/core": "^7.19.0",
     "@babel/plugin-transform-runtime": "^7.18.10",
     "@babel/preset-env": "7",
     "@babel/runtime": "7",
diff --git a/yarn.lock b/yarn.lock
index b75f44b6..949c2349 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -22,33 +22,38 @@
   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.18.13.tgz#6aff7b350a1e8c3e40b029e46cbe78e24a913483"
   integrity sha512-5yUzC5LqyTFp2HLmDoxGQelcdYgSpP9xsnMWBphAscOdFrHSAVbLNzWiy32sVNDqJRDiJK6klfDnAgu6PAGSHw==
 
-"@babel/core@^7.18.13":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.18.13.tgz#9be8c44512751b05094a4d3ab05fc53a47ce00ac"
-  integrity sha512-ZisbOvRRusFktksHSG6pjj1CSvkPkcZq/KHD45LAkVP/oiHJkNBZWfpvlLmX8OtHDG8IuzsFlVRWo08w7Qxn0A==
+"@babel/compat-data@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.19.0.tgz#2a592fd89bacb1fcde68de31bee4f2f2dacb0e86"
+  integrity sha512-y5rqgTTPTmaF5e2nVhOxw+Ur9HDJLsWb6U/KpgUzRZEdPfE6VOubXBKLdbcUTijzRptednSBDQbYZBOSqJxpJw==
+
+"@babel/core@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.19.0.tgz#d2f5f4f2033c00de8096be3c9f45772563e150c3"
+  integrity sha512-reM4+U7B9ss148rh2n1Qs9ASS+w94irYXga7c2jaQv9RVzpS7Mv1a9rnYYwuDa45G+DkORt9g6An2k/V4d9LbQ==
   dependencies:
     "@ampproject/remapping" "^2.1.0"
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.18.13"
-    "@babel/helper-compilation-targets" "^7.18.9"
-    "@babel/helper-module-transforms" "^7.18.9"
-    "@babel/helpers" "^7.18.9"
-    "@babel/parser" "^7.18.13"
+    "@babel/generator" "^7.19.0"
+    "@babel/helper-compilation-targets" "^7.19.0"
+    "@babel/helper-module-transforms" "^7.19.0"
+    "@babel/helpers" "^7.19.0"
+    "@babel/parser" "^7.19.0"
     "@babel/template" "^7.18.10"
-    "@babel/traverse" "^7.18.13"
-    "@babel/types" "^7.18.13"
+    "@babel/traverse" "^7.19.0"
+    "@babel/types" "^7.19.0"
     convert-source-map "^1.7.0"
     debug "^4.1.0"
     gensync "^1.0.0-beta.2"
     json5 "^2.2.1"
     semver "^6.3.0"
 
-"@babel/generator@^7.18.13":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.13.tgz#59550cbb9ae79b8def15587bdfbaa388c4abf212"
-  integrity sha512-CkPg8ySSPuHTYPJYo7IRALdqyjM9HCbt/3uOBEFbzyGVP6Mn8bwFPB0jX6982JVNBlYzM1nnPkfjuXSOPtQeEQ==
+"@babel/generator@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.19.0.tgz#785596c06425e59334df2ccee63ab166b738419a"
+  integrity sha512-S1ahxf1gZ2dpoiFgA+ohK9DIpz50bJ0CWs7Zlzb54Z4sG8qmdIrGrVqmy1sAtTVRb+9CU6U8VqT9L0Zj7hxHVg==
   dependencies:
-    "@babel/types" "^7.18.13"
+    "@babel/types" "^7.19.0"
     "@jridgewell/gen-mapping" "^0.3.2"
     jsesc "^2.5.1"
 
@@ -67,12 +72,12 @@
     "@babel/helper-explode-assignable-expression" "^7.18.6"
     "@babel/types" "^7.18.9"
 
-"@babel/helper-compilation-targets@^7.17.7", "@babel/helper-compilation-targets@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.18.9.tgz#69e64f57b524cde3e5ff6cc5a9f4a387ee5563bf"
-  integrity sha512-tzLCyVmqUiFlcFoAPLA/gL9TeYrF61VLNtb+hvkuVaB5SUjW7jcfrglBIX1vUIoT7CLP3bBlIMeyEsIl2eFQNg==
+"@babel/helper-compilation-targets@^7.17.7", "@babel/helper-compilation-targets@^7.18.9", "@babel/helper-compilation-targets@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.19.0.tgz#537ec8339d53e806ed422f1e06c8f17d55b96bb0"
+  integrity sha512-Ai5bNWXIvwDvWM7njqsG3feMlL9hCVQsPYXodsZyLwshYkZVJt59Gftau4VrE8S9IT9asd2uSP1hG6wCNw+sXA==
   dependencies:
-    "@babel/compat-data" "^7.18.8"
+    "@babel/compat-data" "^7.19.0"
     "@babel/helper-validator-option" "^7.18.6"
     browserslist "^4.20.2"
     semver "^6.3.0"
@@ -130,6 +135,14 @@
     "@babel/template" "^7.18.6"
     "@babel/types" "^7.18.9"
 
+"@babel/helper-function-name@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.19.0.tgz#941574ed5390682e872e52d3f38ce9d1bef4648c"
+  integrity sha512-WAwHBINyrpqywkUH0nTnNgI5ina5TFn85HKS0pbPDfxFfhyR/aNQEn4hGi1P1JyT//I0t4OgXUlofzWILRvS5w==
+  dependencies:
+    "@babel/template" "^7.18.10"
+    "@babel/types" "^7.19.0"
+
 "@babel/helper-hoist-variables@^7.18.6":
   version "7.18.6"
   resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz#d4d2c8fb4baeaa5c68b99cc8245c56554f926678"
@@ -151,19 +164,19 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.18.9.tgz#5a1079c005135ed627442df31a42887e80fcb712"
-  integrity sha512-KYNqY0ICwfv19b31XzvmI/mfcylOzbLtowkw+mfvGPAQ3kfCnMLYbED3YecL5tPd8nAYFQFAd6JHp2LxZk/J1g==
+"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.18.9", "@babel/helper-module-transforms@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.19.0.tgz#309b230f04e22c58c6a2c0c0c7e50b216d350c30"
+  integrity sha512-3HBZ377Fe14RbLIA+ac3sY4PTgpxHVkFrESaWhoI5PuyXPBBX8+C34qblV9G89ZtycGJCmCI/Ut+VUDK4bltNQ==
   dependencies:
     "@babel/helper-environment-visitor" "^7.18.9"
     "@babel/helper-module-imports" "^7.18.6"
     "@babel/helper-simple-access" "^7.18.6"
     "@babel/helper-split-export-declaration" "^7.18.6"
     "@babel/helper-validator-identifier" "^7.18.6"
-    "@babel/template" "^7.18.6"
-    "@babel/traverse" "^7.18.9"
-    "@babel/types" "^7.18.9"
+    "@babel/template" "^7.18.10"
+    "@babel/traverse" "^7.19.0"
+    "@babel/types" "^7.19.0"
 
 "@babel/helper-optimise-call-expression@^7.18.6":
   version "7.18.6"
@@ -244,14 +257,14 @@
     "@babel/traverse" "^7.18.11"
     "@babel/types" "^7.18.10"
 
-"@babel/helpers@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.18.9.tgz#4bef3b893f253a1eced04516824ede94dcfe7ff9"
-  integrity sha512-Jf5a+rbrLoR4eNdUmnFu8cN5eNJT6qdTdOg5IHIzq87WwyRw9PwguLFOWYgktN/60IP4fgDUawJvs7PjQIzELQ==
+"@babel/helpers@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.19.0.tgz#f30534657faf246ae96551d88dd31e9d1fa1fc18"
+  integrity sha512-DRBCKGwIEdqY3+rPJgG/dKfQy9+08rHIAJx8q2p+HSWP87s2HCrQmaAMMyMll2kIXKCW0cO1RdQskx15Xakftg==
   dependencies:
-    "@babel/template" "^7.18.6"
-    "@babel/traverse" "^7.18.9"
-    "@babel/types" "^7.18.9"
+    "@babel/template" "^7.18.10"
+    "@babel/traverse" "^7.19.0"
+    "@babel/types" "^7.19.0"
 
 "@babel/highlight@^7.18.6":
   version "7.18.6"
@@ -262,10 +275,10 @@
     chalk "^2.0.0"
     js-tokens "^4.0.0"
 
-"@babel/parser@^7.18.10", "@babel/parser@^7.18.13":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.18.13.tgz#5b2dd21cae4a2c5145f1fbd8ca103f9313d3b7e4"
-  integrity sha512-dgXcIfMuQ0kgzLB2b9tRZs7TTFFaGM2AbtA4fJgUUYukzGH4jwsS7hzQHEGs67jdehpm22vkgKwvbU+aEflgwg==
+"@babel/parser@^7.18.10", "@babel/parser@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.19.0.tgz#497fcafb1d5b61376959c1c338745ef0577aa02c"
+  integrity sha512-74bEXKX2h+8rrfQUfsBfuZZHzsEs6Eql4pqy/T4Nn6Y9wNPggQOqD6z6pn5Bl8ZfysKouFZT/UXEH94ummEeQw==
 
 "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6":
   version "7.18.6"
@@ -889,26 +902,26 @@
     "@babel/parser" "^7.18.10"
     "@babel/types" "^7.18.10"
 
-"@babel/traverse@^7.18.11", "@babel/traverse@^7.18.13", "@babel/traverse@^7.18.9":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.18.13.tgz#5ab59ef51a997b3f10c4587d648b9696b6cb1a68"
-  integrity sha512-N6kt9X1jRMLPxxxPYWi7tgvJRH/rtoU+dbKAPDM44RFHiMH8igdsaSBgFeskhSl/kLWLDUvIh1RXCrTmg0/zvA==
+"@babel/traverse@^7.18.11", "@babel/traverse@^7.18.9", "@babel/traverse@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.19.0.tgz#eb9c561c7360005c592cc645abafe0c3c4548eed"
+  integrity sha512-4pKpFRDh+utd2mbRC8JLnlsMUii3PMHjpL6a0SZ4NMZy7YFP9aXORxEhdMVOc9CpWtDF09IkciQLEhK7Ml7gRA==
   dependencies:
     "@babel/code-frame" "^7.18.6"
-    "@babel/generator" "^7.18.13"
+    "@babel/generator" "^7.19.0"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.18.9"
+    "@babel/helper-function-name" "^7.19.0"
     "@babel/helper-hoist-variables" "^7.18.6"
     "@babel/helper-split-export-declaration" "^7.18.6"
-    "@babel/parser" "^7.18.13"
-    "@babel/types" "^7.18.13"
+    "@babel/parser" "^7.19.0"
+    "@babel/types" "^7.19.0"
     debug "^4.1.0"
     globals "^11.1.0"
 
-"@babel/types@^7.18.10", "@babel/types@^7.18.13", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.4.4":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.18.13.tgz#30aeb9e514f4100f7c1cb6e5ba472b30e48f519a"
-  integrity sha512-ePqfTihzW0W6XAU+aMw2ykilisStJfDnsejDCXRchCcMJ4O0+8DhPXf2YUbZ6wjBlsEmZwLK/sPweWtu8hcJYQ==
+"@babel/types@^7.18.10", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.19.0", "@babel/types@^7.4.4":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.19.0.tgz#75f21d73d73dc0351f3368d28db73465f4814600"
+  integrity sha512-YuGopBq3ke25BVSiS6fgF49Ul9gH1x70Bcr6bqRLjWCkcX8Hre1/5+z+IiWOIerRMSSEfGZVB9z9kyq7wVs9YA==
   dependencies:
     "@babel/helper-string-parser" "^7.18.10"
     "@babel/helper-validator-identifier" "^7.18.6"

From fac1357e5d173304a8600f1ecfe59f215b511173 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Sep 2022 11:30:58 +0000
Subject: [PATCH 62/70] Bump @babel/preset-env from 7.18.10 to 7.19.0

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.18.10 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 yarn.lock | 110 ++++++++++++++++++++++++++++--------------------------
 1 file changed, 57 insertions(+), 53 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 949c2349..22c8ce29 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -17,12 +17,7 @@
   dependencies:
     "@babel/highlight" "^7.18.6"
 
-"@babel/compat-data@^7.17.7", "@babel/compat-data@^7.18.8":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.18.13.tgz#6aff7b350a1e8c3e40b029e46cbe78e24a913483"
-  integrity sha512-5yUzC5LqyTFp2HLmDoxGQelcdYgSpP9xsnMWBphAscOdFrHSAVbLNzWiy32sVNDqJRDiJK6klfDnAgu6PAGSHw==
-
-"@babel/compat-data@^7.19.0":
+"@babel/compat-data@^7.17.7", "@babel/compat-data@^7.18.8", "@babel/compat-data@^7.19.0":
   version "7.19.0"
   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.19.0.tgz#2a592fd89bacb1fcde68de31bee4f2f2dacb0e86"
   integrity sha512-y5rqgTTPTmaF5e2nVhOxw+Ur9HDJLsWb6U/KpgUzRZEdPfE6VOubXBKLdbcUTijzRptednSBDQbYZBOSqJxpJw==
@@ -103,6 +98,14 @@
     "@babel/helper-annotate-as-pure" "^7.18.6"
     regexpu-core "^5.1.0"
 
+"@babel/helper-create-regexp-features-plugin@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.19.0.tgz#7976aca61c0984202baca73d84e2337a5424a41b"
+  integrity sha512-htnV+mHX32DF81amCDrwIDr8nrp1PTm+3wfBN9/v8QJOLEioOCOG7qNyq0nHeFiWbT3Eb7gsPwEmV64UCQ1jzw==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.18.6"
+    regexpu-core "^5.1.0"
+
 "@babel/helper-define-polyfill-provider@^0.3.2":
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.3.2.tgz#bd10d0aca18e8ce012755395b05a79f45eca5073"
@@ -164,7 +167,7 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.18.9", "@babel/helper-module-transforms@^7.19.0":
+"@babel/helper-module-transforms@^7.18.6", "@babel/helper-module-transforms@^7.19.0":
   version "7.19.0"
   resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.19.0.tgz#309b230f04e22c58c6a2c0c0c7e50b216d350c30"
   integrity sha512-3HBZ377Fe14RbLIA+ac3sY4PTgpxHVkFrESaWhoI5PuyXPBBX8+C34qblV9G89ZtycGJCmCI/Ut+VUDK4bltNQ==
@@ -185,10 +188,10 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.16.7", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.18.9", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.18.9.tgz#4b8aea3b069d8cb8a72cdfe28ddf5ceca695ef2f"
-  integrity sha512-aBXPT3bmtLryXaoJLyYPXPlSD4p1ld9aYeR+sJNOZjJJGiOpb+fKfh3NkcCu7J54nUJwCERPBExCCpyCOHnu/w==
+"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.16.7", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.18.9", "@babel/helper-plugin-utils@^7.19.0", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.19.0.tgz#4796bb14961521f0f8715990bee2fb6e51ce21bf"
+  integrity sha512-40Ryx7I8mT+0gaNxm8JGTZFUITNqdLAgdg0hXzeVZxVD6nFsdhQvip6v8dqkRHzsz1VFpFAaOCHNn0vKBL7Czw==
 
 "@babel/helper-remap-async-to-generator@^7.18.6", "@babel/helper-remap-async-to-generator@^7.18.9":
   version "7.18.9"
@@ -296,13 +299,13 @@
     "@babel/helper-skip-transparent-expression-wrappers" "^7.18.9"
     "@babel/plugin-proposal-optional-chaining" "^7.18.9"
 
-"@babel/plugin-proposal-async-generator-functions@^7.18.10":
-  version "7.18.10"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.18.10.tgz#85ea478c98b0095c3e4102bff3b67d306ed24952"
-  integrity sha512-1mFuY2TOsR1hxbjCo4QL+qlIjV07p4H4EUYw2J/WCqsvFV6V9X9z9YhXbWndc/4fw+hYGlDT7egYxliMp5O6Ew==
+"@babel/plugin-proposal-async-generator-functions@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.19.0.tgz#cf5740194f170467df20581712400487efc79ff1"
+  integrity sha512-nhEByMUTx3uZueJ/QkJuSlCfN4FGg+xy+vRsfGQGzSauq5ks2Deid2+05Q3KhfaUjvec1IGhw/Zm3cFm8JigTQ==
   dependencies:
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-plugin-utils" "^7.18.9"
+    "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/helper-remap-async-to-generator" "^7.18.9"
     "@babel/plugin-syntax-async-generators" "^7.8.4"
 
@@ -560,16 +563,17 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.18.9"
 
-"@babel/plugin-transform-classes@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.18.9.tgz#90818efc5b9746879b869d5ce83eb2aa48bbc3da"
-  integrity sha512-EkRQxsxoytpTlKJmSPYrsOMjCILacAjtSVkd4gChEe2kXjFCun3yohhW5I7plXJhCemM0gKsaGMcO8tinvCA5g==
+"@babel/plugin-transform-classes@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.19.0.tgz#0e61ec257fba409c41372175e7c1e606dc79bb20"
+  integrity sha512-YfeEE9kCjqTS9IitkgfJuxjcEtLUHMqa8yUJ6zdz8vR7hKuo6mOy2C05P0F1tdMmDCeuyidKnlrw/iTppHcr2A==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
+    "@babel/helper-compilation-targets" "^7.19.0"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.18.9"
+    "@babel/helper-function-name" "^7.19.0"
     "@babel/helper-optimise-call-expression" "^7.18.6"
-    "@babel/helper-plugin-utils" "^7.18.9"
+    "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/helper-replace-supers" "^7.18.9"
     "@babel/helper-split-export-declaration" "^7.18.6"
     globals "^11.1.0"
@@ -581,7 +585,7 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.18.9"
 
-"@babel/plugin-transform-destructuring@^7.18.9":
+"@babel/plugin-transform-destructuring@^7.18.13":
   version "7.18.13"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.18.13.tgz#9e03bc4a94475d62b7f4114938e6c5c33372cbf5"
   integrity sha512-TodpQ29XekIsex2A+YJPj5ax2plkGa8YYY6mFjCohk/IG9IY42Rtuj1FuDeemfg2ipxIFLzPeA83SIBnlhSIow==
@@ -660,14 +664,14 @@
     "@babel/helper-simple-access" "^7.18.6"
     babel-plugin-dynamic-import-node "^2.3.3"
 
-"@babel/plugin-transform-modules-systemjs@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.18.9.tgz#545df284a7ac6a05125e3e405e536c5853099a06"
-  integrity sha512-zY/VSIbbqtoRoJKo2cDTewL364jSlZGvn0LKOf9ntbfxOvjfmyrdtEEOAdswOswhZEb8UH3jDkCKHd1sPgsS0A==
+"@babel/plugin-transform-modules-systemjs@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.19.0.tgz#5f20b471284430f02d9c5059d9b9a16d4b085a1f"
+  integrity sha512-x9aiR0WXAWmOWsqcsnrzGR+ieaTMVyGyffPVA7F8cXAGt/UxefYv6uSHZLkAFChN5M5Iy1+wjE+xJuPt22H39A==
   dependencies:
     "@babel/helper-hoist-variables" "^7.18.6"
-    "@babel/helper-module-transforms" "^7.18.9"
-    "@babel/helper-plugin-utils" "^7.18.9"
+    "@babel/helper-module-transforms" "^7.19.0"
+    "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/helper-validator-identifier" "^7.18.6"
     babel-plugin-dynamic-import-node "^2.3.3"
 
@@ -679,13 +683,13 @@
     "@babel/helper-module-transforms" "^7.18.6"
     "@babel/helper-plugin-utils" "^7.18.6"
 
-"@babel/plugin-transform-named-capturing-groups-regex@^7.18.6":
-  version "7.18.6"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.18.6.tgz#c89bfbc7cc6805d692f3a49bc5fc1b630007246d"
-  integrity sha512-UmEOGF8XgaIqD74bC8g7iV3RYj8lMf0Bw7NJzvnS9qQhM4mg+1WHKotUIdjxgD2RGrgFLZZPCFPFj3P/kVDYhg==
+"@babel/plugin-transform-named-capturing-groups-regex@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.19.0.tgz#58c52422e4f91a381727faed7d513c89d7f41ada"
+  integrity sha512-HDSuqOQzkU//kfGdiHBt71/hkDTApw4U/cMVgKgX7PqfB3LOaK+2GtCEsBu1dL9CkswDm0Gwehht1dCr421ULQ==
   dependencies:
-    "@babel/helper-create-regexp-features-plugin" "^7.18.6"
-    "@babel/helper-plugin-utils" "^7.18.6"
+    "@babel/helper-create-regexp-features-plugin" "^7.19.0"
+    "@babel/helper-plugin-utils" "^7.19.0"
 
 "@babel/plugin-transform-new-target@^7.18.6":
   version "7.18.6"
@@ -750,12 +754,12 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.18.6"
 
-"@babel/plugin-transform-spread@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.18.9.tgz#6ea7a6297740f381c540ac56caf75b05b74fb664"
-  integrity sha512-39Q814wyoOPtIB/qGopNIL9xDChOE1pNU0ZY5dO0owhiVt/5kFm4li+/bBtwc7QotG0u5EPzqhZdjMtmqBqyQA==
+"@babel/plugin-transform-spread@^7.19.0":
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.19.0.tgz#dd60b4620c2fec806d60cfaae364ec2188d593b6"
+  integrity sha512-RsuMk7j6n+r752EtzyScnWkQyuJdli6LdO5Klv8Yx0OfPVTcQkIUfS8clx5e9yHXzlnhOZF3CbQ8C2uP5j074w==
   dependencies:
-    "@babel/helper-plugin-utils" "^7.18.9"
+    "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/helper-skip-transparent-expression-wrappers" "^7.18.9"
 
 "@babel/plugin-transform-sticky-regex@^7.18.6":
@@ -795,17 +799,17 @@
     "@babel/helper-plugin-utils" "^7.18.6"
 
 "@babel/preset-env@7":
-  version "7.18.10"
-  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.18.10.tgz#83b8dfe70d7eea1aae5a10635ab0a5fe60dfc0f4"
-  integrity sha512-wVxs1yjFdW3Z/XkNfXKoblxoHgbtUF7/l3PvvP4m02Qz9TZ6uZGxRVYjSQeR87oQmHco9zWitW5J82DJ7sCjvA==
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.19.0.tgz#fd18caf499a67d6411b9ded68dc70d01ed1e5da7"
+  integrity sha512-1YUju1TAFuzjIQqNM9WsF4U6VbD/8t3wEAlw3LFYuuEr+ywqLRcSXxFKz4DCEj+sN94l/XTDiUXYRrsvMpz9WQ==
   dependencies:
-    "@babel/compat-data" "^7.18.8"
-    "@babel/helper-compilation-targets" "^7.18.9"
-    "@babel/helper-plugin-utils" "^7.18.9"
+    "@babel/compat-data" "^7.19.0"
+    "@babel/helper-compilation-targets" "^7.19.0"
+    "@babel/helper-plugin-utils" "^7.19.0"
     "@babel/helper-validator-option" "^7.18.6"
     "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.18.6"
     "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.18.9"
-    "@babel/plugin-proposal-async-generator-functions" "^7.18.10"
+    "@babel/plugin-proposal-async-generator-functions" "^7.19.0"
     "@babel/plugin-proposal-class-properties" "^7.18.6"
     "@babel/plugin-proposal-class-static-block" "^7.18.6"
     "@babel/plugin-proposal-dynamic-import" "^7.18.6"
@@ -839,9 +843,9 @@
     "@babel/plugin-transform-async-to-generator" "^7.18.6"
     "@babel/plugin-transform-block-scoped-functions" "^7.18.6"
     "@babel/plugin-transform-block-scoping" "^7.18.9"
-    "@babel/plugin-transform-classes" "^7.18.9"
+    "@babel/plugin-transform-classes" "^7.19.0"
     "@babel/plugin-transform-computed-properties" "^7.18.9"
-    "@babel/plugin-transform-destructuring" "^7.18.9"
+    "@babel/plugin-transform-destructuring" "^7.18.13"
     "@babel/plugin-transform-dotall-regex" "^7.18.6"
     "@babel/plugin-transform-duplicate-keys" "^7.18.9"
     "@babel/plugin-transform-exponentiation-operator" "^7.18.6"
@@ -851,9 +855,9 @@
     "@babel/plugin-transform-member-expression-literals" "^7.18.6"
     "@babel/plugin-transform-modules-amd" "^7.18.6"
     "@babel/plugin-transform-modules-commonjs" "^7.18.6"
-    "@babel/plugin-transform-modules-systemjs" "^7.18.9"
+    "@babel/plugin-transform-modules-systemjs" "^7.19.0"
     "@babel/plugin-transform-modules-umd" "^7.18.6"
-    "@babel/plugin-transform-named-capturing-groups-regex" "^7.18.6"
+    "@babel/plugin-transform-named-capturing-groups-regex" "^7.19.0"
     "@babel/plugin-transform-new-target" "^7.18.6"
     "@babel/plugin-transform-object-super" "^7.18.6"
     "@babel/plugin-transform-parameters" "^7.18.8"
@@ -861,14 +865,14 @@
     "@babel/plugin-transform-regenerator" "^7.18.6"
     "@babel/plugin-transform-reserved-words" "^7.18.6"
     "@babel/plugin-transform-shorthand-properties" "^7.18.6"
-    "@babel/plugin-transform-spread" "^7.18.9"
+    "@babel/plugin-transform-spread" "^7.19.0"
     "@babel/plugin-transform-sticky-regex" "^7.18.6"
     "@babel/plugin-transform-template-literals" "^7.18.9"
     "@babel/plugin-transform-typeof-symbol" "^7.18.9"
     "@babel/plugin-transform-unicode-escapes" "^7.18.10"
     "@babel/plugin-transform-unicode-regex" "^7.18.6"
     "@babel/preset-modules" "^0.1.5"
-    "@babel/types" "^7.18.10"
+    "@babel/types" "^7.19.0"
     babel-plugin-polyfill-corejs2 "^0.3.2"
     babel-plugin-polyfill-corejs3 "^0.5.3"
     babel-plugin-polyfill-regenerator "^0.4.0"

From d1ab0a6d8633d47d0fd0fdbbae117179ec929b0d Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Tue, 6 Sep 2022 13:45:03 +0200
Subject: [PATCH 63/70] [CSP] Add documentation about connect_src for WebSocket

---
 config/content_security_policy.yml.example | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/content_security_policy.yml.example b/config/content_security_policy.yml.example
index a766f1ac..000cca6f 100644
--- a/config/content_security_policy.yml.example
+++ b/config/content_security_policy.yml.example
@@ -9,6 +9,10 @@ default: &default
     - https://*.s3.xopic.de
     - https://s3.openhpicloud.de
     - https://*.s3.openhpicloud.de
+  # Webkit didn't consider the WSS scheme as part of 'self', adding it explicitly
+  # See https://bugs.webkit.org/show_bug.cgi?id=235873
+  connect_src:
+    - wss://codeocean.openhpi.de
   # Optionally: Specify a custom, non-Sentry URL for reporting CSP violations
   # report_uri: https://example.com/csp-report
 

From 0d40cdd03a0ee3df47864ae570bfc98bafd2c42b Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Wed, 7 Sep 2022 21:41:09 +0200
Subject: [PATCH 64/70] [CSP] Allow 'self' as base-uri

---
 config/initializers/content_security_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 07bc82ea..9bef6035 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -33,7 +33,7 @@ end
 
 Rails.application.config.content_security_policy do |policy|
   policy.default_src          :none
-  policy.base_uri             :none
+  policy.base_uri             :self
   policy.font_src             :self
   # Code executions might return a base64 encoded image as a :data URI
   policy.img_src              :self, :data

From 80419db86849886e010e33d64665237692508678 Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Wed, 7 Sep 2022 21:42:07 +0200
Subject: [PATCH 65/70] [CSP] Prevent use of unsafe-inline for links

* Also update all  tags in locals
---
 app/assets/javascripts/base.js |  3 +++
 config/locales/de.yml          | 12 ++++++------
 config/locales/en.yml          | 12 ++++++------
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/app/assets/javascripts/base.js b/app/assets/javascripts/base.js
index 3e39eed3..ef524c25 100644
--- a/app/assets/javascripts/base.js
+++ b/app/assets/javascripts/base.js
@@ -32,4 +32,7 @@ $.jstree.defaults.core.worker = false;
 // See https://github.com/rails/jquery-ujs/issues/456 for details
 $(document).on('turbolinks:load', function(){
     $.rails.refreshCSRFTokens();
+    $('.reloadCurrentPage').on('click', function() {
+        window.location.reload();
+    });
 });
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 0206f85b..426343b9 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -296,7 +296,7 @@ de:
     form:
       hints:
         command: filename wird automatisch durch den richtigen Dateinamen ersetzt.
-        docker_image: 'Wählen Sie ein Docker-Image aus der Liste oder fügen Sie ein neues hinzu, welches über DockerHub verfügbar ist.'
+        docker_image: 'Wählen Sie ein Docker-Image aus der Liste oder fügen Sie ein neues hinzu, welches über DockerHub verfügbar ist.'
         exposed_ports_list: Während der Ausführung sind diese Ports für den Nutzer zugänglich. Die Portnummern müssen nummerisch und mit Komma voneinander getrennt sein.
         cpu_limit: Geben Sie die Mindestmenge an CPU-Anteilen an, die für jeden Runner reserviert werden soll, gemessen in MHz.
       errors:
@@ -340,7 +340,7 @@ de:
       expand_output_sidebar: Ausgabe-Leiste Ausklappen
       input: Ihre Eingabe
       lastsaved: 'Zuletzt gespeichert: '
-      network: 'Während Ihr Code läuft, ist Port %{port} unter folgender Adresse erreichbar: %{address}.'
+      network: 'Während Ihr Code läuft, ist Port %{port} unter folgender Adresse erreichbar: %{address}.'
       render: Anzeigen
       run: Ausführen
       run_failure: Ihr Code konnte nicht auf der Plattform ausgeführt werden.
@@ -453,7 +453,7 @@ de:
         request: "Kommentaranfrage stellen"
         question: "Bitte beschreiben Sie kurz Ihre Probleme oder nennen Sie den Programmteil, zu dem Sie Feedback wünschen. Ihr Programmcode und eventuelle Fehlermeldungen werden automatisch zur Anfrage hinzugefügt."
       intervention:
-        explanation: "Diese Meldung erscheint, weil Sie %{duration} Minuten an dieser Aufgabe gearbeitet haben. 25% Ihrer Mitlernenden arbeiten länger daran, insofern ist das kein Problem, aber dies hat sich als effektiven Zeitpunkt für diese Meldung erwiesen."
+        explanation: "Diese Meldung erscheint, weil Sie %{duration} Minuten an dieser Aufgabe gearbeitet haben. 25% Ihrer Mitlernenden arbeiten länger daran, insofern ist das kein Problem, aber dies hat sich als effektiven Zeitpunkt für diese Meldung erwiesen."
       rfc_intervention:
         text: "Falls Sie bei dieser Aufgabe nicht weiterkommen und nicht selbst weiter knobeln möchten, können Ihre Mitlernenden bestimmt helfen! 
 
"
       break_intervention:
@@ -780,7 +780,7 @@ de:
     runtime_output: "Programmausgabe"
     test_results: "Testergebnisse"
   sessions:
-    expired: Ihre Session ist abgelaufen. Bitte laden Sie diese Seite neu bevor Sie fortfahren.
+    expired: Ihre Session ist abgelaufen. Bitte laden Sie diese Seite neu bevor Sie fortfahren.
     create:
       failure: Fehlerhafte E-Mail oder Passwort.
       success: Sie haben sich erfolgreich angemeldet.
@@ -793,7 +793,7 @@ de:
     destroy_through_lti:
       average_score: Durchschnittliche Punktzahl
       final_submissions: Abgaben anderer Nutzer
-      finished_with_consumer: 'Sie können dieses Fenster nun schließen oder zu %{consumer} zurückkehren.'
+      finished_with_consumer: 'Sie können dieses Fenster nun schließen oder zu %{consumer} zurückkehren.'
       finished_without_consumer: Sie können dieses Fenster nun schließen.
       headline: Gut gemacht!
       score: Ihre Punktzahl
@@ -834,7 +834,7 @@ de:
       link: Hilfe
     index: Index
     message_failure: Leider ist ein Fehler auf unserer Plattform aufgetreten. Bitte probieren Sie es später noch einmal.
-    websocket_failure: Leider ist ein Verbindungsproblem aufgetreten. Bitte überprüfen Sie Websocket-Verbindungen mit diesem Tool und versuchen Sie es erneut.
+    websocket_failure: Leider ist ein Verbindungsproblem aufgetreten. Bitte überprüfen Sie Websocket-Verbindungen mit diesem Tool und versuchen Sie es erneut.
     new: Hinzufügen
     new_model: '%{model} hinzufügen'
     number: Nummer
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 780cb87d..3c0d52e2 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -296,7 +296,7 @@ en:
     form:
       hints:
         command: filename is automatically replaced with the correct filename.
-        docker_image: Pick a Docker image listed above or add a new one which is available via DockerHub.
+        docker_image: Pick a Docker image listed above or add a new one which is available via DockerHub.
         exposed_ports_list: During code execution these ports are accessible for the user. Port numbers must be numeric and separated by a comma.
         cpu_limit: Specify the minimum amount of CPU shares to reserve for each runner, measured in MHz.
       errors:
@@ -340,7 +340,7 @@ en:
       expand_output_sidebar: Expand Output Sidebar
       input: Your input
       lastsaved: 'Last saved: '
-      network: 'While your code is running, port %{port} is accessible using the following address: %{address}.'
+      network: 'While your code is running, port %{port} is accessible using the following address: %{address}.'
       render: Render
       run: Run
       run_failure: Your code could not be run.
@@ -453,7 +453,7 @@ en:
         request: "Request Comments"
         question: 'Please shortly describe your problem or the program part you would like to get feedback for. Your program code and potential error messages are automatically appended to your request.'
       intervention:
-        explanation: "This message appears because you have been working on this exercise for %{duration} minutes. 25% of your fellow learners took more time to solve the exercise, so in that sense it's not a problem, but this has proven to be an effective time for this message."
+        explanation: "This message appears because you have been working on this exercise for %{duration} minutes. 25% of your fellow learners took more time to solve the exercise, so in that sense it's not a problem, but this has proven to be an effective time for this message."
       rfc_intervention:
         text: "If you are struggling with this exercise and don't want to continue on your own, your fellow learners can help out! 
 
"
       break_intervention:
@@ -780,7 +780,7 @@ en:
     runtime_output: "Runtime Output"
     test_results: "Test Results"
   sessions:
-    expired: Your session has expired. Please reload this page before continuing.
+    expired: Your session has expired. Please reload this page before continuing.
     create:
       failure: Invalid email or password.
       success: Successfully signed in.
@@ -793,7 +793,7 @@ en:
     destroy_through_lti:
       average_score: Average Score
       final_submissions: Other Users' Submissions
-      finished_with_consumer: 'You may close this window now or return to %{consumer}.'
+      finished_with_consumer: 'You may close this window now or return to %{consumer}.'
       finished_without_consumer: You may close this window now.
       headline: Well done!
       score: Your Score
@@ -834,7 +834,7 @@ en:
       link: Help
     index: Index
     message_failure: 'Sorry, something went wrong.'
-    websocket_failure: Sorry, a connection issue occoured. Please check WebSocket connections with this tool and try again.
+    websocket_failure: Sorry, a connection issue occoured. Please check WebSocket connections with this tool and try again.
     new: Add
     new_model: 'Add %{model}'
     number: Number

From 3b43e2445332d050f13c75dc65526f193393be57 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Sep 2022 03:01:55 +0000
Subject: [PATCH 66/70] Bump webpack-dev-server from 4.10.1 to 4.11.0

Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 4.10.1 to 4.11.0.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v4.10.1...v4.11.0)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 76b78a19..ce92da2d 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "xss": "^1.0.14"
   },
   "devDependencies": {
-    "webpack-dev-server": "^4.10.1"
+    "webpack-dev-server": "^4.11.0"
   },
   "babel": {
     "presets": [
diff --git a/yarn.lock b/yarn.lock
index 22c8ce29..58e98e7d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4361,10 +4361,10 @@ webpack-dev-middleware@^5.3.1:
     range-parser "^1.2.1"
     schema-utils "^4.0.0"
 
-webpack-dev-server@^4.10.1:
-  version "4.10.1"
-  resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.10.1.tgz#124ac9ac261e75303d74d95ab6712b4aec3e12ed"
-  integrity sha512-FIzMq3jbBarz3ld9l7rbM7m6Rj1lOsgq/DyLGMX/fPEB1UBUPtf5iL/4eNfhx8YYJTRlzfv107UfWSWcBK5Odw==
+webpack-dev-server@^4.11.0:
+  version "4.11.0"
+  resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.11.0.tgz#290ee594765cd8260adfe83b2d18115ea04484e7"
+  integrity sha512-L5S4Q2zT57SK7tazgzjMiSMBdsw+rGYIX27MgPgx7LDhWO0lViPrHKoLS7jo5In06PWYAhlYu3PbyoC6yAThbw==
   dependencies:
     "@types/bonjour" "^3.5.9"
     "@types/connect-history-api-fallback" "^1.3.5"

From 3ecb25fba19a840da03b2bfccf37d380f1d1a792 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Sep 2022 03:02:11 +0000
Subject: [PATCH 67/70] Bump bootstrap from 5.2.0 to 5.2.1

Bumps [bootstrap](https://github.com/twbs/bootstrap) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](https://github.com/twbs/bootstrap/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 76b78a19..8b0e02a0 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,7 @@
     "@sentry/browser": "^7.11.1",
     "@webpack-cli/serve": "^1.7.0",
     "babel-loader": "^8.2.5",
-    "bootstrap": "^5.2.0",
+    "bootstrap": "^5.2.1",
     "bootswatch": "^5.2.0",
     "chosen-js": "^1.8.7",
     "component-emitter": "^1.3.0",
diff --git a/yarn.lock b/yarn.lock
index 22c8ce29..661b9ea2 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1545,10 +1545,10 @@ boolbase@^1.0.0:
   resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
   integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==
 
-bootstrap@^5.2.0:
-  version "5.2.0"
-  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.2.0.tgz#838727fb60f1630db370fe57c63cbcf2962bb3d3"
-  integrity sha512-qlnS9GL6YZE6Wnef46GxGv1UpGGzAwO0aPL1yOjzDIJpeApeMvqV24iL+pjr2kU4dduoBA9fINKWKgMToobx9A==
+bootstrap@^5.2.1:
+  version "5.2.1"
+  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.2.1.tgz#45f97ff05cbe828bad807b014d8425f3aeb8ec3a"
+  integrity sha512-UQi3v2NpVPEi1n35dmRRzBJFlgvWHYwyem6yHhuT6afYF+sziEt46McRbT//kVXZ7b1YUYEVGdXEH74Nx3xzGA==
 
 bootswatch@^5.2.0:
   version "5.2.0"

From f0f495b0eff929a20053b0a688160de8b8970aaa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Sep 2022 03:02:29 +0000
Subject: [PATCH 68/70] Bump sass from 1.54.8 to 1.54.9

Bumps [sass](https://github.com/sass/dart-sass) from 1.54.8 to 1.54.9.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.54.8...1.54.9)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 76b78a19..a2323738 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
     "pnp-webpack-plugin": "^1.7.0",
     "propagating-hammerjs": "^2.0.1",
     "rails-erb-loader": "^5.5.2",
-    "sass": "^1.54.8",
+    "sass": "^1.54.9",
     "sass-loader": "^13.0.2",
     "shakapacker": "6.5.1",
     "sortablejs": "^1.15.0",
diff --git a/yarn.lock b/yarn.lock
index 22c8ce29..f9f77299 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3837,10 +3837,10 @@ sass-loader@^13.0.2:
     klona "^2.0.4"
     neo-async "^2.6.2"
 
-sass@^1.54.8:
-  version "1.54.8"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.8.tgz#4adef0dd86ea2b1e4074f551eeda4fc5f812a996"
-  integrity sha512-ib4JhLRRgbg6QVy6bsv5uJxnJMTS2soVcCp9Y88Extyy13A8vV0G1fAwujOzmNkFQbR3LvedudAMbtuNRPbQww==
+sass@^1.54.9:
+  version "1.54.9"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.54.9.tgz#b05f14ed572869218d1a76961de60cd647221762"
+  integrity sha512-xb1hjASzEH+0L0WI9oFjqhRi51t/gagWnxLiwUNMltA0Ab6jIDkAacgKiGYKM9Jhy109osM7woEEai6SXeJo5Q==
   dependencies:
     chokidar ">=3.0.0 <4.0.0"
     immutable "^4.0.0"

From 31c83b5163184b15fe8b2fd6223a696182dd459a Mon Sep 17 00:00:00 2001
From: Sebastian Serth 
Date: Fri, 9 Sep 2022 10:25:35 +0200
Subject: [PATCH 69/70] Bundle update

---
 Gemfile      |   2 +-
 Gemfile.lock |   6 +-
 package.json |   2 +-
 yarn.lock    | 156 ++++++++++++++++++++++-----------------------------
 4 files changed, 72 insertions(+), 94 deletions(-)

diff --git a/Gemfile b/Gemfile
index 91b6c649..32625599 100644
--- a/Gemfile
+++ b/Gemfile
@@ -42,7 +42,7 @@ gem 'rest-client'
 gem 'rubytree'
 gem 'rubyzip'
 gem 'sass-rails'
-gem 'shakapacker', '6.5.1'
+gem 'shakapacker', '6.5.2'
 gem 'slim-rails'
 gem 'sorcery' # Causes a deprecation warning in Rails 6.0+, see: https://github.com/Sorcery/sorcery/pull/255
 gem 'telegraf'
diff --git a/Gemfile.lock b/Gemfile.lock
index 9585f76a..e0aeae77 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -463,8 +463,8 @@ GEM
       sentry-ruby (~> 5.4.2)
     sentry-ruby (5.4.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-    set (1.0.2)
-    shakapacker (6.5.1)
+    set (1.0.3)
+    shakapacker (6.5.2)
       activesupport (>= 5.2)
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
@@ -611,7 +611,7 @@ DEPENDENCIES
   selenium-webdriver
   sentry-rails
   sentry-ruby
-  shakapacker (= 6.5.1)
+  shakapacker (= 6.5.2)
   shoulda-matchers
   simplecov
   slim-rails
diff --git a/package.json b/package.json
index 5ceee598..cd3e2549 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "rails-erb-loader": "^5.5.2",
     "sass": "^1.54.9",
     "sass-loader": "^13.0.2",
-    "shakapacker": "6.5.1",
+    "shakapacker": "6.5.2",
     "sortablejs": "^1.15.0",
     "sorttable": "^1.0.2",
     "style-loader": "^3.3.1",
diff --git a/yarn.lock b/yarn.lock
index f9d0bf83..8c87416f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -78,27 +78,19 @@
     semver "^6.3.0"
 
 "@babel/helper-create-class-features-plugin@^7.18.6":
-  version "7.18.13"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.18.13.tgz#63e771187bd06d234f95fdf8bd5f8b6429de6298"
-  integrity sha512-hDvXp+QYxSRL+23mpAlSGxHMDyIGChm0/AwTfTAAK5Ufe40nCsyNdaYCGuK91phn/fVu9kqayImRDkvNAgdrsA==
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.19.0.tgz#bfd6904620df4e46470bae4850d66be1054c404b"
+  integrity sha512-NRz8DwF4jT3UfrmUoZjd0Uph9HQnP30t7Ash+weACcyNkiYTywpIjDBgReJMKgr+n86sn2nPVVmJ28Dm053Kqw==
   dependencies:
     "@babel/helper-annotate-as-pure" "^7.18.6"
     "@babel/helper-environment-visitor" "^7.18.9"
-    "@babel/helper-function-name" "^7.18.9"
+    "@babel/helper-function-name" "^7.19.0"
     "@babel/helper-member-expression-to-functions" "^7.18.9"
     "@babel/helper-optimise-call-expression" "^7.18.6"
     "@babel/helper-replace-supers" "^7.18.9"
     "@babel/helper-split-export-declaration" "^7.18.6"
 
-"@babel/helper-create-regexp-features-plugin@^7.18.6":
-  version "7.18.6"
-  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.18.6.tgz#3e35f4e04acbbf25f1b3534a657610a000543d3c"
-  integrity sha512-7LcpH1wnQLGrI+4v+nPp+zUvIkF9x0ddv1Hkdue10tg3gmRnLy97DXh4STiOf1qeIInyD69Qv5kKSZzKD8B/7A==
-  dependencies:
-    "@babel/helper-annotate-as-pure" "^7.18.6"
-    regexpu-core "^5.1.0"
-
-"@babel/helper-create-regexp-features-plugin@^7.19.0":
+"@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.19.0":
   version "7.19.0"
   resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.19.0.tgz#7976aca61c0984202baca73d84e2337a5424a41b"
   integrity sha512-htnV+mHX32DF81amCDrwIDr8nrp1PTm+3wfBN9/v8QJOLEioOCOG7qNyq0nHeFiWbT3Eb7gsPwEmV64UCQ1jzw==
@@ -130,15 +122,7 @@
   dependencies:
     "@babel/types" "^7.18.6"
 
-"@babel/helper-function-name@^7.18.9":
-  version "7.18.9"
-  resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.18.9.tgz#940e6084a55dee867d33b4e487da2676365e86b0"
-  integrity sha512-fJgWlZt7nxGksJS9a0XdSaI4XvpExnNIgRP+rVefWh5U7BL8pPuir6SJUmFKRfjWQ51OtWSzwOxhaH/EBWWc0A==
-  dependencies:
-    "@babel/template" "^7.18.6"
-    "@babel/types" "^7.18.9"
-
-"@babel/helper-function-name@^7.19.0":
+"@babel/helper-function-name@^7.18.9", "@babel/helper-function-name@^7.19.0":
   version "7.19.0"
   resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.19.0.tgz#941574ed5390682e872e52d3f38ce9d1bef4648c"
   integrity sha512-WAwHBINyrpqywkUH0nTnNgI5ina5TFn85HKS0pbPDfxFfhyR/aNQEn4hGi1P1JyT//I0t4OgXUlofzWILRvS5w==
@@ -251,14 +235,14 @@
   integrity sha512-XO7gESt5ouv/LRJdrVjkShckw6STTaB7l9BrpBaAHDeF5YZT+01PCwmR0SJHnkW6i8OwW/EVWRShfi4j2x+KQw==
 
 "@babel/helper-wrap-function@^7.18.9":
-  version "7.18.11"
-  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.18.11.tgz#bff23ace436e3f6aefb61f85ffae2291c80ed1fb"
-  integrity sha512-oBUlbv+rjZLh2Ks9SKi4aL7eKaAXBWleHzU89mP0G6BMUlRxSckk9tSIkgDGydhgFxHuGSlBQZfnaD47oBEB7w==
+  version "7.19.0"
+  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.19.0.tgz#89f18335cff1152373222f76a4b37799636ae8b1"
+  integrity sha512-txX8aN8CZyYGTwcLhlk87KRqncAzhh5TpQamZUa0/u3an36NtDpUP6bQgBCBcLeBs09R/OwQu3OjK0k/HwfNDg==
   dependencies:
-    "@babel/helper-function-name" "^7.18.9"
+    "@babel/helper-function-name" "^7.19.0"
     "@babel/template" "^7.18.10"
-    "@babel/traverse" "^7.18.11"
-    "@babel/types" "^7.18.10"
+    "@babel/traverse" "^7.19.0"
+    "@babel/types" "^7.19.0"
 
 "@babel/helpers@^7.19.0":
   version "7.19.0"
@@ -897,7 +881,7 @@
   dependencies:
     regenerator-runtime "^0.13.4"
 
-"@babel/template@^7.18.10", "@babel/template@^7.18.6":
+"@babel/template@^7.18.10":
   version "7.18.10"
   resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.18.10.tgz#6f9134835970d1dbf0835c0d100c9f38de0c5e71"
   integrity sha512-TI+rCtooWHr3QJ27kJxfjutghu44DLnasDMwpDqCXVTal9RLp3RSYNh4NdBrRP2cQAoG9A8juOQl6P6oZG4JxA==
@@ -906,7 +890,7 @@
     "@babel/parser" "^7.18.10"
     "@babel/types" "^7.18.10"
 
-"@babel/traverse@^7.18.11", "@babel/traverse@^7.18.9", "@babel/traverse@^7.19.0":
+"@babel/traverse@^7.18.9", "@babel/traverse@^7.19.0":
   version "7.19.0"
   resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.19.0.tgz#eb9c561c7360005c592cc645abafe0c3c4548eed"
   integrity sha512-4pKpFRDh+utd2mbRC8JLnlsMUii3PMHjpL6a0SZ4NMZy7YFP9aXORxEhdMVOc9CpWtDF09IkciQLEhK7Ml7gRA==
@@ -1007,45 +991,45 @@
   integrity sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw==
 
 "@sentry/browser@^7.11.1":
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.12.0.tgz#340151eb83b41a6c54fc91a75285f99e62a843a5"
-  integrity sha512-VoqZj3wJm5aUIDG+7LjeSHIw9/pujrUlA1QMu2YOY3LaP6UQsAAsOSo52brnaQQcwBrRySksaaaTxg6obJwInw==
+  version "7.12.1"
+  resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-7.12.1.tgz#2be6fa5c2529a2a75abac4d00aca786362302a1a"
+  integrity sha512-pgyL65CrGFLe8sKcEG8KXAuVTE8zkAsyTlv/AuME06cSdxzO/memPK/r3BI6EM7WupIdga+V5tQUldeT1kgHNA==
   dependencies:
-    "@sentry/core" "7.12.0"
-    "@sentry/types" "7.12.0"
-    "@sentry/utils" "7.12.0"
+    "@sentry/core" "7.12.1"
+    "@sentry/types" "7.12.1"
+    "@sentry/utils" "7.12.1"
     tslib "^1.9.3"
 
-"@sentry/core@7.12.0":
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.12.0.tgz#14e75263b9c645ba5f314bb036d5cd1ac5aa621e"
-  integrity sha512-ERkeB/XdThvdSVZH4XysMPyWRG653HDq0AkJh8SgapExCZbwgj1lutCIpT1LIbZ8lUhRx5P+ua9OR2qj+vo5RA==
+"@sentry/core@7.12.1":
+  version "7.12.1"
+  resolved "https://registry.yarnpkg.com/@sentry/core/-/core-7.12.1.tgz#a22f1c530ed528a699ed204c36eb5fc8d308103d"
+  integrity sha512-DFHbzHFjukhlkRZ5xzfebx0IBzblW43kmfnalBBq7xEMscUvnhsYnlvL9Y20tuPZ/PrTcq4JAHbFluAvw6M0QQ==
   dependencies:
-    "@sentry/hub" "7.12.0"
-    "@sentry/types" "7.12.0"
-    "@sentry/utils" "7.12.0"
+    "@sentry/hub" "7.12.1"
+    "@sentry/types" "7.12.1"
+    "@sentry/utils" "7.12.1"
     tslib "^1.9.3"
 
-"@sentry/hub@7.12.0":
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-7.12.0.tgz#b30d04222fd4e1a920ace8482de3aa413e04ca43"
-  integrity sha512-UgpC9WiHQAfcoEIIgeIopp3jeabllK6beLl5vA4ei6ay2TDMjA4NqUpzGq/GWVG0ewnblvHkqmjwAls2AEMtWg==
+"@sentry/hub@7.12.1":
+  version "7.12.1"
+  resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-7.12.1.tgz#dffad40cd2b8f44df2d5f20a89df87879cbbf1c3"
+  integrity sha512-KLVnVqXf+CRmXNy9/T8K2/js7QvOQ94xtgP5KnWJbu2rl+JhxnIGiBRF51lPXFIatt7zWwB9qNdMS8lVsvLMGQ==
   dependencies:
-    "@sentry/types" "7.12.0"
-    "@sentry/utils" "7.12.0"
+    "@sentry/types" "7.12.1"
+    "@sentry/utils" "7.12.1"
     tslib "^1.9.3"
 
-"@sentry/types@7.12.0":
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.12.0.tgz#108a995c77d133f22366e6976fefa0ca7f8dcf5d"
-  integrity sha512-ldcuRzEx2ccZvaJjTSemWj+7TiWCV5A/vV7fEtZeoETFI+SiVbmqI5whdH7ZVVfhRNFf25Ib+TfTeaM9PM7A1A==
+"@sentry/types@7.12.1":
+  version "7.12.1"
+  resolved "https://registry.yarnpkg.com/@sentry/types/-/types-7.12.1.tgz#eff76d938f9effc62a2ec76cd5c3f04de37f5c15"
+  integrity sha512-VGZs39SZgMcCGv7H0VyFy1LEFGsnFZH590JUopmz6nG63EpeYQ2xzhIoPNAiLKbyUvBEwukn+faCg3u3MGqhgQ==
 
-"@sentry/utils@7.12.0":
-  version "7.12.0"
-  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.12.0.tgz#dd00bed3908f31453f2362988e501f98d534c7dd"
-  integrity sha512-GVB8E0V3RJHQClvi0gsRRJvDXP5c7M5ByYAvspJDczOOxNF8LTjTYVkBXAUdR9kcs+nya1q1YVsKvde2WGORTA==
+"@sentry/utils@7.12.1":
+  version "7.12.1"
+  resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-7.12.1.tgz#fcf80fdc332d0bd288e21b13efc7a2f0d604f75a"
+  integrity sha512-Dh8B13pC0u8uLM/zf+oZngyg808c6BDEO94F7H+h3IciCVVd92A0cOQwLGAEdf8srnJgpZJNAlSC8lFDhbFHzQ==
   dependencies:
-    "@sentry/types" "7.12.0"
+    "@sentry/types" "7.12.1"
     tslib "^1.9.3"
 
 "@trysound/sax@0.2.0":
@@ -1151,9 +1135,9 @@
   integrity sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA==
 
 "@types/node@*":
-  version "18.7.14"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.14.tgz#0fe081752a3333392d00586d815485a17c2cf3c9"
-  integrity sha512-6bbDaETVi8oyIARulOE9qF1/Qdi/23z6emrUh0fNJRUmjznqrixD4MpGDdgOFk5Xb0m2H6Xu42JGdvAxaJR/wA==
+  version "18.7.16"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.7.16.tgz#0eb3cce1e37c79619943d2fd903919fc30850601"
+  integrity sha512-EQHhixfu+mkqHMZl1R2Ovuvn47PUw18azMJOTwSZr9/fhzHNGXAJ0ma0dayRVchprpCj0Kc1K1xKoWaATWF1qg==
 
 "@types/qs@*":
   version "6.9.7"
@@ -1614,9 +1598,9 @@ caniuse-api@^3.0.0:
     lodash.uniq "^4.5.0"
 
 caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001370:
-  version "1.0.30001388"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001388.tgz#88e01f4591cbd81f9f665f3f078c66b509fbe55d"
-  integrity sha512-znVbq4OUjqgLxMxoNX2ZeeLR0d7lcDiE5uJ4eUiWdml1J1EkxbnQq6opT9jb9SMfJxB0XA16/ziHwni4u1I3GQ==
+  version "1.0.30001393"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001393.tgz#1aa161e24fe6af2e2ccda000fc2b94be0b0db356"
+  integrity sha512-N/od11RX+Gsk+1qY/jbPa0R6zJupEa0lxeBG598EbrtblxVCTJsQwbRBm6+V+rxpc5lHKdsXb9RY83cZIPLseA==
 
 chalk@^2.0.0:
   version "2.4.2"
@@ -1791,12 +1775,11 @@ cookie@0.5.0:
   integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
 
 core-js-compat@^3.21.0, core-js-compat@^3.22.1:
-  version "3.25.0"
-  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.25.0.tgz#489affbfbf9cb3fa56192fe2dd9ebaee985a66c5"
-  integrity sha512-extKQM0g8/3GjFx9US12FAgx8KJawB7RCQ5y8ipYLbmfzEzmFRWdDjIlxDx82g7ygcNG85qMVUSRyABouELdow==
+  version "3.25.1"
+  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.25.1.tgz#6f13a90de52f89bbe6267e5620a412c7f7ff7e42"
+  integrity sha512-pOHS7O0i8Qt4zlPW/eIFjwp+NrTPx+wTL0ctgI2fHn31sZOq89rDsmtc/A2vAX7r6shl+bmVI+678He46jgBlw==
   dependencies:
     browserslist "^4.21.3"
-    semver "7.0.0"
 
 core-util-is@~1.0.0:
   version "1.0.3"
@@ -1813,9 +1796,9 @@ cross-spawn@^7.0.3:
     which "^2.0.1"
 
 css-declaration-sorter@^6.3.0:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-6.3.0.tgz#72ebd995c8f4532ff0036631f7365cce9759df14"
-  integrity sha512-OGT677UGHJTAVMRhPO+HJ4oKln3wkBTwtDFH0ojbqm+MJm6xuDMHp2nkhh/ThaBqq20IbraBQSWKfSLNHQO9Og==
+  version "6.3.1"
+  resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-6.3.1.tgz#be5e1d71b7a992433fb1c542c7a1b835e45682ec"
+  integrity sha512-fBffmak0bPAnyqc/HO8C3n2sHrp9wcqQz6ES9koRF2/mLOVAx9zIQ3Y7R29sYCteTPqMCwns4WYQoCX91Xl3+w==
 
 css-loader@^6.7.1:
   version "6.7.1"
@@ -2309,9 +2292,9 @@ ee-first@1.1.1:
   integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
 
 electron-to-chromium@^1.4.202:
-  version "1.4.240"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.240.tgz#b11fb838f2e79f34fbe8b57eec55e7e5d81ee6ea"
-  integrity sha512-r20dUOtZ4vUPTqAajDGonIM1uas5tf85Up+wPdtNBNvBSqGCfkpvMVvQ1T8YJzPV9/Y9g3FbUDcXb94Rafycow==
+  version "1.4.246"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.246.tgz#802132d1bbd3ff32ce82fcd6a6ed6ab59b4366dc"
+  integrity sha512-/wFCHUE+Hocqr/LlVGsuKLIw4P2lBWwFIDcNMDpJGzyIysQV4aycpoOitAs32FT94EHKnNqDR/CVZJFbXEufJA==
 
 emojis-list@^3.0.0:
   version "3.0.0"
@@ -3880,17 +3863,12 @@ select-hose@^2.0.0:
   integrity sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg==
 
 selfsigned@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.0.1.tgz#8b2df7fa56bf014d19b6007655fff209c0ef0a56"
-  integrity sha512-LmME957M1zOsUhG+67rAjKfiWFox3SBxE/yymatMZsAx+oMrJ0YQ8AToOnyCm7xbeg2ep37IHLxdu0o2MavQOQ==
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.1.1.tgz#18a7613d714c0cd3385c48af0075abf3f266af61"
+  integrity sha512-GSL3aowiF7wa/WtSFwnUrludWFoNhftq8bUkH9pkzjpN2XSPOAYEgg6e0sS9s0rZwgJzJiQRPU18A6clnoW5wQ==
   dependencies:
     node-forge "^1"
 
-semver@7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e"
-  integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==
-
 semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0:
   version "6.3.0"
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
@@ -3962,10 +3940,10 @@ setprototypeof@1.2.0:
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
   integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 
-shakapacker@6.5.1:
-  version "6.5.1"
-  resolved "https://registry.yarnpkg.com/shakapacker/-/shakapacker-6.5.1.tgz#3c1554771c0498ea757cb86dfc06811875f4c2bd"
-  integrity sha512-yOVvek0fxAU3FUjWcT7GxpJ/zAbhKbGEw78HHYfMAHE95cDhxTAQjBwvChP/PlceiteXUryRI0Mrdy7jqXvmnw==
+shakapacker@6.5.2:
+  version "6.5.2"
+  resolved "https://registry.yarnpkg.com/shakapacker/-/shakapacker-6.5.2.tgz#dda95543107a71c7ada3f6ee102a1a31563c6738"
+  integrity sha512-32hpr/AuyQJEk/4J8quL/xLPl+NPR0mBvJ3D9AtwHIkbSTUA0++LZrvVO+aQ4S1Uy3Iz2KSI/JVRGGD/C4SFFg==
   dependencies:
     glob "^7.2.0"
     js-yaml "^4.1.0"
@@ -4255,9 +4233,9 @@ unpipe@1.0.0, unpipe@~1.0.0:
   integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==
 
 update-browserslist-db@^1.0.5:
-  version "1.0.6"
-  resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.6.tgz#044fddb5c26989628da5cff7a82ce1472152bce6"
-  integrity sha512-We7BqM9XFlcW94Op93uW8+2LXvGezs7QA0WY+f1H7RR1q46B06W6hZF6LbmOlpCS1HU22q/6NOGTGW5sCm7NJQ==
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.7.tgz#16279639cff1d0f800b14792de43d97df2d11b7d"
+  integrity sha512-iN/XYesmZ2RmmWAiI4Z5rq0YqSiv0brj9Ce9CfhNE4xIW2h+MFxcgkxIzZ+ShkFPUkjU3gQ+3oypadD3RAMtrg==
   dependencies:
     escalade "^3.1.1"
     picocolors "^1.0.0"

From 292e1552ed681d79a0ae41ac2fa45c2e31f0f811 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Sep 2022 03:01:32 +0000
Subject: [PATCH 70/70] Bump rails from 6.1.6.1 to 6.1.7

Bumps [rails](https://github.com/rails/rails) from 6.1.6.1 to 6.1.7.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.6.1...v6.1.7)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 Gemfile      |   2 +-
 Gemfile.lock | 108 +++++++++++++++++++++++++--------------------------
 2 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/Gemfile b/Gemfile
index 32625599..ae504b95 100644
--- a/Gemfile
+++ b/Gemfile
@@ -33,7 +33,7 @@ gem 'prometheus_exporter'
 gem 'pry-byebug'
 gem 'puma'
 gem 'pundit'
-gem 'rails', '~> 6.1.6'
+gem 'rails', '~> 6.1.7'
 gem 'rails_admin', '< 3.0.0' # Blocked by https://github.com/railsadminteam/rails_admin/issues/3490
 gem 'rails-i18n'
 gem 'rails-timeago'
diff --git a/Gemfile.lock b/Gemfile.lock
index e0aeae77..408f0f5c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -13,64 +13,64 @@ GEM
   remote: https://rubygems.org/
   specs:
     ZenTest (4.12.1)
-    actioncable (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actioncable (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      activejob (= 6.1.6.1)
-      activerecord (= 6.1.6.1)
-      activestorage (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actionmailbox (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (>= 2.7.1)
-    actionmailer (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      actionview (= 6.1.6.1)
-      activejob (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actionmailer (6.1.7)
+      actionpack (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.6.1)
-      actionview (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actionpack (6.1.7)
+      actionview (= 6.1.7)
+      activesupport (= 6.1.7)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      activerecord (= 6.1.6.1)
-      activestorage (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actiontext (6.1.7)
+      actionpack (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       nokogiri (>= 1.8.5)
-    actionview (6.1.6.1)
-      activesupport (= 6.1.6.1)
+    actionview (6.1.7)
+      activesupport (= 6.1.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.6.1)
-      activesupport (= 6.1.6.1)
+    activejob (6.1.7)
+      activesupport (= 6.1.7)
       globalid (>= 0.3.6)
-    activemodel (6.1.6.1)
-      activesupport (= 6.1.6.1)
+    activemodel (6.1.7)
+      activesupport (= 6.1.7)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.6.1)
-      activemodel (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
-    activestorage (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      activejob (= 6.1.6.1)
-      activerecord (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    activerecord (6.1.7)
+      activemodel (= 6.1.7)
+      activesupport (= 6.1.7)
+    activestorage (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activesupport (= 6.1.7)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.6.1)
+    activesupport (6.1.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -321,20 +321,20 @@ GEM
       rack
     rack-test (2.0.2)
       rack (>= 1.3)
-    rails (6.1.6.1)
-      actioncable (= 6.1.6.1)
-      actionmailbox (= 6.1.6.1)
-      actionmailer (= 6.1.6.1)
-      actionpack (= 6.1.6.1)
-      actiontext (= 6.1.6.1)
-      actionview (= 6.1.6.1)
-      activejob (= 6.1.6.1)
-      activemodel (= 6.1.6.1)
-      activerecord (= 6.1.6.1)
-      activestorage (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    rails (6.1.7)
+      actioncable (= 6.1.7)
+      actionmailbox (= 6.1.7)
+      actionmailer (= 6.1.7)
+      actionpack (= 6.1.7)
+      actiontext (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activemodel (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       bundler (>= 1.15.0)
-      railties (= 6.1.6.1)
+      railties (= 6.1.7)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -363,9 +363,9 @@ GEM
       rails (>= 5.0, < 7)
       remotipart (~> 1.3)
       sassc-rails (>= 1.3, < 3)
-    railties (6.1.6.1)
-      actionpack (= 6.1.6.1)
-      activesupport (= 6.1.6.1)
+    railties (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -590,7 +590,7 @@ DEPENDENCIES
   puma
   pundit
   rack-mini-profiler
-  rails (~> 6.1.6)
+  rails (~> 6.1.7)
   rails-controller-testing
   rails-i18n
   rails-timeago