Skip to content

[Security] Bump devise from 3.5.10 to 4.7.1 #526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot-preview wants to merge 3 commits into from
Closed

[Security] Bump devise from 3.5.10 to 4.7.1 #526

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5dd31a7
[Security] Bump devise from 3.5.10 to 4.7.1
dependabot-preview[bot] Jan 22, 2020
8fd14e6
Update devise_invitable
jurre Jan 22, 2020
fb1538e
Update devise sanitizer API
jurre Jan 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ gem "simple_form", "~> 4.0.0"
gem "title"
gem "uglifier"
gem "unicorn"
gem "devise", "~> 3.5.2"
gem "devise_invitable", "~> 1.5.5"
gem "devise", "~> 4.7.1"
Copy link
Copy Markdown

@houndci-bot houndci-bot Sep 10, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bundler/OrderedGems: Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem devise should appear before unicorn.
Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.

gem "devise_invitable"
Copy link
Copy Markdown

@houndci-bot houndci-bot Jan 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.

gem "apartment", "~> 0.26.0"
gem "pikaday-gem", "~> 1.2.0.0"
gem "momentjs-rails"
Expand Down
25 changes: 12 additions & 13 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -589,7 +589,7 @@ GEM
aws-sigv4 (~> 1.0)
aws-sigv2 (1.0.1)
aws-sigv4 (1.0.2)
bcrypt (3.1.11)
bcrypt (3.1.13)
better_errors (2.5.1)
coderay (>= 1.0.0)
erubi (>= 1.0.0)
Expand Down Expand Up @@ -645,16 +645,15 @@ GEM
delayed_job_active_record (4.0.3)
activerecord (>= 3.0, < 5.0)
delayed_job (>= 3.0, < 4.1)
devise (3.5.10)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
railties (>= 4.1.0)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
devise_invitable (1.5.5)
actionmailer (>= 3.2.6, < 5)
devise (>= 3.2.0)
devise_invitable (1.7.5)
actionmailer (>= 4.1.0)
devise (>= 4.0.0)
diff-lcs (1.3)
docile (1.1.5)
dotenv (0.11.1)
Expand Down Expand Up @@ -795,15 +794,15 @@ GEM
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.19.0)
rake (12.3.2)
rake (13.0.1)
rbtree3 (0.5.0)
recipient_interceptor (0.1.2)
mail
redcarpet (3.4.0)
regexp_parser (1.6.0)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
rspec-core (3.8.0)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.2)
Expand Down Expand Up @@ -912,8 +911,8 @@ DEPENDENCIES
dalli
database_cleaner
delayed_job_active_record (= 4.0.3)
devise (~> 3.5.2)
devise_invitable (~> 1.5.5)
devise (~> 4.7.1)
devise_invitable
dotenv-rails
email_spec
email_validator
Expand Down
5 changes: 3 additions & 2 deletions app/controllers/application_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@ class ApplicationController < ActionController::Base
protected

def configure_permitted_parameters
devise_parameter_sanitizer.for(:accept_invitation).
concat([:first_name, :last_name])
devise_parameter_sanitizer.permit(
:accept_invitation, keys: [:first_name, :last_name]
Copy link
Copy Markdown

@houndci-bot houndci-bot Jan 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/SymbolArray: Use %i or %I for an array of symbols.

)
end

def authenticate_inviter!
Expand Down