bbb791471b
Remove AWS study
2022-09-21 18:57:12 +02:00
1dd8b4d8ff
Merge pull request #1372 from openHPI/dependabot/npm_and_yarn/webpack-dev-server-4.11.1
2022-09-20 03:11:29 +00:00
f2ccf0fe42
Bump webpack-dev-server from 4.11.0 to 4.11.1
...
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server ) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases )
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md )
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v4.11.0...v4.11.1 )
---
updated-dependencies:
- dependency-name: webpack-dev-server
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-20 03:02:01 +00:00
f0090c706d
Bump shoulda-matchers from 5.1.0 to 5.2.0
...
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers ) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases )
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md )
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v5.1.0...v5.2.0 )
---
updated-dependencies:
- dependency-name: shoulda-matchers
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-19 22:37:51 +02:00
51ece89040
Merge pull request #1370 from openHPI/dependabot/bundler/rubocop-rails-2.16.1
2022-09-19 03:09:41 +00:00
8d859bac0a
Bump rubocop-rails from 2.16.0 to 2.16.1
...
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails ) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases )
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.16.0...v2.16.1 )
---
updated-dependencies:
- dependency-name: rubocop-rails
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-19 03:01:31 +00:00
b8792ee347
Bundle update
2022-09-16 01:04:06 +02:00
7e9967e2bf
Fix rubocop offenses
2022-09-16 01:03:55 +02:00
03cc71ccbc
Update ExecutionEnvironment statistics and sync message
2022-09-14 12:19:59 +02:00
d02a1eae81
Validate password strength for internal users
2022-09-14 12:19:25 +02:00
f1aa004284
Use controller method for 404 responses
2022-09-14 01:01:14 +02:00
006c794f54
Fix rubocop offenses
2022-09-14 00:31:47 +02:00
9183c0634f
Bundle update
2022-09-13 23:43:17 +02:00
88a18d2ee8
Merge pull request #1364 from openHPI/dependabot/bundler/rails-6.1.7
2022-09-12 03:10:53 +00:00
292e1552ed
Bump rails from 6.1.6.1 to 6.1.7
...
Bumps [rails](https://github.com/rails/rails ) from 6.1.6.1 to 6.1.7.
- [Release notes](https://github.com/rails/rails/releases )
- [Commits](https://github.com/rails/rails/compare/v6.1.6.1...v6.1.7 )
---
updated-dependencies:
- dependency-name: rails
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-12 03:01:32 +00:00
31c83b5163
Bundle update
2022-09-09 10:25:35 +02:00
8a4aa0ae99
Merge pull request #1357 from openHPI/dependabot/npm_and_yarn/webpack-dev-server-4.11.0
2022-09-08 03:11:30 +00:00
6abbfd12b2
Merge pull request #1358 from openHPI/dependabot/npm_and_yarn/bootstrap-5.2.1
2022-09-08 03:10:55 +00:00
91be59f6a1
Merge pull request #1359 from openHPI/dependabot/npm_and_yarn/sass-1.54.9
2022-09-08 03:10:47 +00:00
f0f495b0ef
Bump sass from 1.54.8 to 1.54.9
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.54.8 to 1.54.9.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.54.8...1.54.9 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-08 03:02:29 +00:00
3ecb25fba1
Bump bootstrap from 5.2.0 to 5.2.1
...
Bumps [bootstrap](https://github.com/twbs/bootstrap ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/twbs/bootstrap/releases )
- [Commits](https://github.com/twbs/bootstrap/compare/v5.2.0...v5.2.1 )
---
updated-dependencies:
- dependency-name: bootstrap
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-08 03:02:11 +00:00
3b43e24453
Bump webpack-dev-server from 4.10.1 to 4.11.0
...
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server ) from 4.10.1 to 4.11.0.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases )
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md )
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v4.10.1...v4.11.0 )
---
updated-dependencies:
- dependency-name: webpack-dev-server
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-08 03:01:55 +00:00
80419db868
[CSP] Prevent use of unsafe-inline for links
...
* Also update all <a> tags in locals
2022-09-07 21:42:07 +02:00
0d40cdd03a
[CSP] Allow 'self' as base-uri
2022-09-07 21:41:09 +02:00
d1ab0a6d86
[CSP] Add documentation about connect_src for WebSocket
2022-09-06 13:57:29 +02:00
fac1357e5d
Bump @babel/preset-env from 7.18.10 to 7.19.0
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.18.10 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-06 13:57:10 +02:00
6dfb7a967e
Bump @babel/core from 7.18.13 to 7.19.0
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.18.13 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-06 13:29:51 +02:00
63caf461cb
Bump @babel/runtime from 7.18.9 to 7.19.0
...
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime ) from 7.18.9 to 7.19.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.19.0/packages/babel-runtime )
---
updated-dependencies:
- dependency-name: "@babel/runtime"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-09-06 13:29:44 +02:00
2028e636a3
Use SameSite=Lax for LTI login
2022-09-06 13:28:12 +02:00
fe0ad7a79d
Add Feature-Policy header
...
The header has been renamed to Permissions-Policy, but Rails has no support so far.
2022-09-06 11:21:38 +02:00
7f0d8b63f9
Use Cookie Prefix in Production and Staging
2022-09-06 11:21:38 +02:00
9e08f3a6a8
Enable Subresource Integrity
2022-09-06 11:21:37 +02:00
51e9daf930
Enable HSTS preload in app
2022-09-06 11:21:37 +02:00
b0130b8fae
Remove overwrite for X-Frame-Options
...
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
5b73f4df6f
Refactor render_file method
...
* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
2022-09-06 11:21:33 +02:00
b6d8c7175b
Disallow any external resources for :render_file
2022-09-06 11:20:57 +02:00
a2bb2844b4
Add a Content Security Policy
2022-09-06 11:20:57 +02:00
fe41d44548
Use SameSite strict for cookies
2022-09-06 11:20:56 +02:00
0a16f589e9
Use X-Sendfile to transmit native files and handle file uploads
2022-09-06 01:21:40 +02:00
dccc60b7ca
Remove renderWebsocketOutput and use printWebsocketOutput instead
...
* The `render` command is not used much
* Originally added with commit 898074be3f
2022-09-04 23:12:46 +02:00
813c3f50af
Touch file location before setting a symlink in specs
2022-09-04 19:15:15 +02:00
e5d8db2796
Return propper error for anonymous users in exercises_controller
...
* not_authorized_for_exercise was not checking for a current_user
Fixes CODEOCEAN-C4
2022-09-04 19:13:08 +02:00
1581d658ea
Simplify user search for external teachers
2022-09-04 19:03:15 +02:00
fbe80ac557
Ensure min-height for left and right sidebar in editor
2022-09-04 11:48:53 +02:00
22cd202e9d
Refactor reject_illegal_file_attributes check
...
* Improve readability of method
* Add a new check for the author of a submission
2022-09-04 11:42:36 +02:00
b67daedfc9
Remove dead code from ProxyExercise
2022-09-04 00:05:38 +02:00
49f4f0e6c5
Refactor exercise_controller and move more checks to policy
...
* We introduce a custom handler for Pundit::NotAuthorizedError
2022-09-04 00:05:13 +02:00
0de213b8c7
Pagedown: Use default sanitizer for preview
2022-09-03 22:50:30 +02:00
87737e50a2
Fix Rubocop offenses
2022-09-03 00:10:11 +02:00
e00d1772ca
Disallow markup for RfC emails
2022-09-02 18:14:14 +02:00
