SRCH-2261 upgrade nokogiri to 1.11.5 (#730)

- bump Puma
GSA · May 25, 2021 · 0e8b4ef · 0e8b4ef
1 parent 5df77b2
commit 0e8b4ef
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 13 deletions.
diff --git a/Gemfile b/Gemfile
@@ -149,7 +149,7 @@ group :development, :test do
   gem 'faker', '~> 1.8'
   gem 'pry-rails', '~> 0.3.6'
   gem 'awesome_print'
-  gem 'puma', '~> 3.12'
+  gem 'puma', '~> 5.3'
 end
 
 group :test do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -194,7 +194,7 @@ GEM
     bcrypt (3.1.16)
     bcrypt-ruby (3.1.5)
       bcrypt (>= 3.1.3)
-    bindata (2.4.9)
+    bindata (2.4.10)
     buftok (0.2.0)
     builder (3.2.4)
     byebug (11.1.3)
@@ -496,7 +496,7 @@ GEM
     net-http-persistent (2.9.4)
     newrelic_rpm (5.0.0.342)
     nio4r (2.5.7)
-    nokogiri (1.11.3)
+    nokogiri (1.11.5)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     omniauth (1.4.3)
@@ -529,7 +529,8 @@ GEM
     pry-rails (0.3.9)
       pry (>= 0.10.4)
     public_suffix (3.1.1)
-    puma (3.12.6)
+    puma (5.3.1)
+      nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.5.2)
     rack (2.2.3)
@@ -880,7 +881,7 @@ DEPENDENCIES
   poltergeist (~> 1.18.1)
   pry-byebug (~> 3.5)
   pry-rails (~> 0.3.6)
-  puma (~> 3.12)
+  puma (~> 5.3)
   rack-contrib (~> 2.1.0)
   rack-cors (~> 1.1.0)
   rails (~> 5.2.0)

diff --git a/spec/models/affiliate_spec.rb b/spec/models/affiliate_spec.rb
@@ -520,10 +520,16 @@
                                    name: 'external-tracking-site'}) }.to_not raise_error
     end
 
-    it 'should not allow malformed external tracking code' do
-      expect { described_class.create!({ display_name: 'a site',
-                                   footer_fragment: '<script>var a;',
-                                   name: 'external-tracking-site'}) }.to raise_error
+    # malformed tags are rejected, but missing tags are not, i.e. "<h1>foo"
+    # https://cm-jira.usa.gov/browse/SRCH-2274
+    it 'does not allow malformed external tracking code' do
+      affiliate = described_class.new(
+        valid_attributes.merge(external_tracking_code: '<script>var a;</script')
+      )
+      expect(affiliate).not_to be_valid
+      expect(affiliate.errors.full_messages).to include(
+        "External tracking code is invalid: 1:35: ERROR: End tag : expected '>'."
+      )
     end
 
     it 'allows valid external tracking code' do
@@ -532,10 +538,16 @@
                                    name: 'footer-fragment-site'}) }.to_not raise_error
     end
 
-    it 'should not allow malformed footer_fragment' do
-      expect { described_class.create!({ display_name: 'a site',
-                                   footer_fragment: '<script>var a;',
-                                   name: 'footer-fragment-site'}) }.to raise_error
+    # malformed tags are rejected, but missing tags are not, i.e. "<h1>foo"
+    # https://cm-jira.usa.gov/browse/SRCH-2274
+    it 'does not allow a malformed footer_fragment' do
+      affiliate = described_class.new(
+        valid_attributes.merge(footer_fragment: '<script>var a;</script')
+      )
+      expect(affiliate).not_to be_valid
+      expect(affiliate.errors.full_messages).to include(
+        "Footer fragment is invalid: 1:35: ERROR: End tag : expected '>'."
+      )
     end
   end