Merge branch 'dmpopidor-dev' into dmpopidor-master

OPIDoR · May 25, 2023 · 4ea59d8 · 4ea59d8
2 parents 3cc70a4 + bb3922f
commit 4ea59d8
Show file tree

Hide file tree

Showing 152 changed files with 4,425 additions and 3,993 deletions.
diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
@@ -15,6 +15,7 @@ jobs:
     - uses: actions/setup-node@v2
       with:
         cache: 'yarn'
+        node-version: 16
 
     # Run yarn install for JS dependencies
     - name: 'Yarn Install'

diff --git a/.github/workflows/mysql.yml b/.github/workflows/mysql.yml
@@ -14,18 +14,20 @@ jobs:
 
     steps:
     # Checkout the repo
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Install Ruby and run bundler
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: '3.0'
         bundler-cache: true
-
+    
     # Install Node
-    - uses: actions/setup-node@v2
+    - uses: actions/setup-node@v3
       with:
+        node-version: '16.6.0'
         cache: 'yarn'
+        node-version: 16
 
     # Copy all of the example configs over
     - name: 'Setup the application'

diff --git a/.github/workflows/postgres.yml b/.github/workflows/postgres.yml
@@ -30,18 +30,23 @@ jobs:
 
     steps:
     # Checkout the repo
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Install Ruby and run bundler
     - uses: ruby/setup-ruby@v1
       with:
         ruby-version: '3.0'
         bundler-cache: true
-
+
+    ## - run: echo 'NODE_OPTIONS="--openssl-legacy-provider"' >> $GITHUB_ENV 
+    ## /home/runner/runners/2.301.1/externals/node12/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS
+
     # Install Node
-    - uses: actions/setup-node@v2
+    - uses: actions/setup-node@v3
       with:
+        node-version: '16.6.0'
         cache: 'yarn'
+        node-version: 16
 
     # Install the Postgres developer packages
     - name: 'Install Postgresql Packages'

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -23,6 +23,11 @@
 #
 # Try to place any new Cops under their relevant section and in alphabetical order
 
+require:
+#   - rubocop-rails
+#   - rubocop-rspec
+  - rubocop-performance
+
 AllCops:
   # Show the name of the cops being voilated in the feedback
   DisplayCopNames: true
@@ -104,6 +109,12 @@ Lint/UnexpectedBlockArity: # new in 1.5
   Enabled: true
 Lint/UnmodifiedReduceAccumulator: # new in 1.1
   Enabled: true
+Lint/Debugger: # new in 1.45.0
+  Description: 'Check for debugger calls.'
+  Enabled: true
+  Exclude:
+    - 'lib/tasks/**/*'
+
 
 # -----------
 # - METRICS -

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 **Note that the Webpacker gem has been removed in favor of jsbundling-rails.** This was done in preparation for the future migration to Rails 7. See [issue #3185](https://github.com/DMPRoadmap/roadmap/issues/3185) for more details on this change. If, after migrating to this version, you see 'Sprockets' related errors in your application you will need to rebuild you asset library. To do this run `bin/rails assets:clobber && bin/rails assets:precompile` from the project directory.
 
+All gem and JS dependencies were also updated via `bundle update && yarn upgrade`
+
 ### Upgrade to Ruby 3
 
 - Upgrade to Ruby version 3.0.5 [#3225](https://github.com/DMPRoadmap/roadmap/issues/3225)
@@ -16,6 +18,15 @@
 - Froze `lib/deprecators/*.rb` constants that were Strings
 - Updated places that were incorrectly using keyword args. See [this article](https://makandracards.com/makandra/496481-changes-to-positional-and-keyword-args-in-ruby-3-0) for an overview
 
+#### Upgraded TinyMCE to v6
+
+- Upgraded TinyMCE to v6 (v5 EOL is April 20 2023)
+- Adjusted JS code to conform to new TinyMCE version
+- Adjusted views to work with the new version
+- Updated variables.scss file to fix issue with button text/background color contrast
+- Updated blocks/_tables.scss to fix issue with dropdown menu overlap against table
+- updated config/initializers/assets.rb to copy over the tinymce skins and bootstrap glyphicons to the public directory so that they are accessible by TinyMCE and Bootstrap code
+
 #### Removed webpacker gem
 
 As Webpacker is no longer maintained by the Rails community, we have replaced it by `jsbundling-rails` and `cssbundling-rails` for the Javascript & CSS compilation.
@@ -43,6 +54,11 @@ With the removal of the webpacker gem, the DartSass package has been installed t
 - Sass variables are no longer declared globally and have to be included in files where they are used.
 For more detailed explanation, please refer to this video : https://www.youtube.com/watch?v=CR-a8upNjJ0
 
+### Introduction of RackAttack
+[Rack Attack](https://github.com/rack/rack-attack) is middleware that can be used to help protect the application from malicious activity. You can establish white/black lists for specific IP addresses and also define rate limits.
+
+- Using Rack-attack address vulnerabilities pointed out in password reset and login: there was no request rate limit.[#3214](https://github.com/DMPRoadmap/roadmap/issues/3214)
+
 ### Cleanup of Capybara configuration
 - Cleaned up Gemfile by:
   - removing gems that were already commented out
@@ -51,16 +67,31 @@ For more detailed explanation, please refer to this video : https://www.youtube.
 - Cleaned up `spec/rails_helper.rb` and `spec/spec_helper.rb`
 - Simplified the `spec/support/capybara.rb` helper to work with the latest version of Capybara and use its built in headless Chrome driver
 
+### Rubocop updates
+- Installed rubocop-performance gem and made suggested changes
+- Added lib tasks as exclusive from debugger rubocop check after rubocop upgrading to >= v1.45 [#3291](https://github.com/DMPRoadmap/roadmap/issues/3291)
+
+### GitHub actions updates
+- Added node version specification (v16) to eslint, PostgreSQL and MySQL github action to eliminate `digital routine enveloped` error [#319](https://github.com/portagenetwork/roadmap/issues/319)
+
+### Enhancements
+- Added enum to the funding status attribute of plan model to make the dropdown of 'funding status' being translatable
+- Allow users to download both single phase and  in PDF, TEXT and DOCX format. CSV file can only download single phase instead of all phases.
+
+### Bug Fixes
+
 ## v4.0.2
 
 ### Added
-
 - Added CHANGELOG.md and Danger Github Action [#3257](https://github.com/DMPRoadmap/roadmap/issues/3257)
 - Added validation with custom error message in research_output.rb to ensure a user does not enter a very large value as 'Anticipated file size'. [#3161](https://github.com/DMPRoadmap/roadmap/issues/3161)
 - Added popover for org profile page and added explanation for public plan
 
-### Fixed
+ - Added rack-attack version 6.6.1 gem. https://rubygems.org/gems/rack-attack/versions/6.6.1
 
+### Fixed
+- Fixed an issue that was preventing uses from leaving the research output byte_size field blank
+- Patched issue that was causing template visibility to default to organizationally visible after saving
 - Froze mail gem version [#3254](https://github.com/DMPRoadmap/roadmap/issues/3254)
 - Updated the CSV export so that it now includes research outputs
 - Updated sans-serif font used in PDF downloads to Roboto since Google API no longer offers Helvetica

diff --git a/CHANGELOG_DMPOPIDoR.md b/CHANGELOG_DMPOPIDoR.md
@@ -2,6 +2,16 @@
 
 **Attention** Cette liste de changements concerne les déploiements sur nos serveurs de test en interne. 
 
+## 12/05/2023
+- Mise à jour du CAPTCHA vers Recaptcha V3 : 
+  - La validation est transparente basée sur un score calculé par Google
+  - Si la validation échoue, le site propose le test "Je ne suis pas un robot"
+
+## 28/04/2023
+- Correction du problème de pagination de la liste des contributeurs dans l'onglet Contributeurs (issue gitbucket 482) & retrait du champ de recherche
+- Correction du problème d'affichage des boutons
+- Correction du problème d'affichage du message indiquant qu'un élément est déjà présent dans le plan, lors de la sauvegarde dans une popup.
+
 ## 05/04/2023
 - Amélioration des fenetres de confirmation pour le partage d'un plan public, l'import ANR, l'envoi d'une notification et la suppression d'un sous fragment dans une liste de sous fragment. (Installation de la librarie Sweetalert2)
 - Correction d'un problème d'affichage des logos Twitter et Github dans le pied de page

diff --git a/Gemfile b/Gemfile
@@ -108,9 +108,8 @@ gem 'jwt'
 # OO authorization for Rails (https://github.com/elabs/pundit)
 gem 'pundit'
 
-# Protect your Rails and Rack apps from bad clients. Rack::Attack lets you easily decide when
-# to allow, block and throttle based on properties of the request.
-gem 'rack-attack'
+# Gem for throttling malicious attacks
+gem 'rack-attack', '~> 6.6', '>= 6.6.1'
 
 # ========== #
 # UI / VIEWS #
@@ -290,6 +289,9 @@ group :ci, :development do
   # RuboCop rules for detecting and autocorrecting undecorated strings for i18n
   # (gettext and rails-i18n)
   gem 'rubocop-i18n'
+
+  # Performance checks by Rubocop
+  gem 'rubocop-performance', require: false
 end
 
 group :development do