Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #55

Open
wants to merge 5,585 commits into
base: stable
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client_apps/canvas_quizzes/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7
Prototype Pollution
SNYK-JS-MINIMIST-2429795
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt-contrib-jasmine The new version differs by 53 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Transifreq and others added 30 commits July 27, 2015 11:04
Change-Id: Id7fbee08e3ea563d2f2d804d198169745c8feb2f
Change-Id: I3b1a1630d4d7630465e1c202db18c3357ca61650
Change-Id: I294eb860fa2bfa313035bf52b9b8e85c9daafb06
Change-Id: I60eeadb7e75de08a96b56ff174ba85ea474054c5
Post grades lti tools will not allow section level assignment
posting, so we should disable their "post grades" buttons when a section
is selected. Pschool post grades jobs, on the other hand, do allow for
section level posting, so we should keep the pschool post grades button
available when properly configured sections are selected.

Test Plan:
  * configure at least 1 sis_app post grades tool
    * get local sisapp running
    * /accounts/1/settings/configurations
    * add app, by url http://<local sisapp>/post_grades/config.xml
  * enable "post grades to sis" (pschool) feature option in settings
  * configure at least 1 course
    * configure at least 1 section with sis id
    * configure at least 1 section without sis id
  * add and publish at least 1 assignment for both the course and
    section
  * navigate to gradebook, and notice that "post grades" dropdown
    appears
  * pick section with sis ID
    * lti tool post grades should become unavailable, but pschool button
      should still be available
  * pick section without sis ID
    * neither post grades button should be available

closes CNVS-21938

Change-Id: Id1236bef304479e7043229687658faed483ad505
Reviewed-on: https://gerrit.instructure.com/58982
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: Ben Bolton <bbolton@instructure.com>
Product-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Change-Id: I69deacaa45d3a4b3582715bbe78eda08c4e614a8
Change-Id: I888c2ffc2075cddd2cb9a069d039996feea5d1d4
Change-Id: I6cfdb35983e56f533fd8d0fe245da5a962dacdaf
Change-Id: I3604cde8aa13cb1af8fcc91c483e7d3c665598fc
Fixes CNVS-22084

Test plan:
 - Create a course
 - Add some students to the course
 - Ensure that the course is unpublished
 - Create some groups in the course
 - Ensure that you can add and remove students to and from the
   groups in the course
 - Ensure you can otherwise manage groups as you would expect to
   be able to even though the course is unpublished

Change-Id: I0c5ecd551c018f7bde08ffed566ecf3a15b8429a
Reviewed-on: https://gerrit.instructure.com/59043
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Jenkins
Reviewed-by: Joel Hough <joel@instructure.com>
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Product-Review: Peyton Craighill <pcraighill@instructure.com>
test plan:
* should fix quiz question point importing

* should also fix assignments for moodle 2.1 packages

(import the packages references in the ticket)

closes #CNVS-21870 #CNVS-21863

Change-Id: I6606721882f6e792b65bef0237c000441a9ba6d1
Reviewed-on: https://gerrit.instructure.com/59224
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Product-Review: James Williams  <jamesw@instructure.com>
the way this was written, it used to fire off
a promise for every brand all at the same time.

I’ve changed it so the memory usage will be more
like `k * <# variants>` instead of
`<# of themes> * <# variants> * k`
so it will stay constant (on my machine ~500mb) and
not grow huge as we get more people that have made
themes.  (where k is the memory it takes to
compile one sass file, and # themes is a constant,
in our case 6.

Change-Id: I1fa4b4410a1141b461019f0c614ba343ea73000c
Reviewed-on: https://gerrit.instructure.com/59182
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
QA-Review: Ryan Shaw <ryan@instructure.com>
refs CNVS-21215

test plan
- setup incoming mail processing
- cause an email duplicate to be sent (Mail gem and a console are
 great for this. the message id has to be the same)
- ensure that the response is not double posted in canvas

Change-Id: I2e6872fa430b38b5dd9498ce8329bf2bbeeea7ce
Reviewed-on: https://gerrit.instructure.com/57566
Tested-by: Jenkins
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
Product-Review: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Fixes CNVS-21220

Test Plan:

Test with CNVS-21215 & 21218

Change-Id: I194e66e25cd3e85718381735055aa6bbec9c4936
Reviewed-on: https://gerrit.instructure.com/58636
Reviewed-by: Joel Hough <joel@instructure.com>
Product-Review: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Tested-by: Jenkins
fixes: CNVS-22155

see: ryankshaw/brandable_css@e1b5a8e?diff=unified#diff-2b4ca49d4bb0a774c4d4c1672d7aa781R23

test plan:

say the path to your canvas-lms repos is in
/Users/ryan/code/canvas-lms

make a symlink that points to that in:
/Users/ryan/current

run `brandable_css`
it should work

Change-Id: I1f732a53e56ea376efe6cd7d54b3ae52178ac025
Reviewed-on: https://gerrit.instructure.com/59342
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
test plan:
* first, clear out all the cdn assets on your test
s3 bucket by running this in rails console:
Canvas::CDN::S3Uploader.new.bucket.objects.with_prefix('dist').delete_all
* compile_assets
* run bundle exec rake canvas:cdn:upload_to_s3
* access canvas in your browser
* on js/css/image assets (like common-xxxxx.js)
  you should see a "max age 1 year" header

Change-Id: I7847e614a0e3066686bda32f8854263f78cc168f
Reviewed-on: https://gerrit.instructure.com/59184
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
...because apparently "it's preloading. for
autoloading, CDN will look for cdn or c_d_n.

then in prod mode, it's somewhat different. like
autoloading is disabled? and it just pre-requires
everything in the autoload dirs"

test plan:

run `RAILS_ENV=production bundle exec rake canvas:cdn:upload_to_s3`

it should work

Change-Id: I5deed1cc2b9daa678465b174af320cf1724fea8c
Reviewed-on: https://gerrit.instructure.com/59341
Reviewed-by: James Williams  <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
fixes CNVS-21883

Change-Id: Ic65ae6db130d12c3a4ef96d6559981bb893fb6ff
Reviewed-on: https://gerrit.instructure.com/59149
Reviewed-by: Spencer Olson <solson@instructure.com>
Tested-by: Jenkins
QA-Review: Nathan Rogowski <nathan@instructure.com>
Product-Review: Dylan Ross <dross@instructure.com>
Fix boolean checks so api submission index returns an empty array to a student
that has no submissions

Fixes MBL-4441

Test plan
 - create a quiz
 - create a student
 - as the student make an api request for the student's submissions
 - should get empty array not 401

Change-Id: Ie73c1cb00c40fc5d884664bf676d1c305218ff8f
Reviewed-on: https://gerrit.instructure.com/59201
Reviewed-by: Ryan Taylor <rtaylor@instructure.com>
Tested-by: Jenkins
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Brian Finney <bfinney@instructure.com>
Fixes CNVS-22084

Test plan:
 - Create a course
 - Add some students to the course
 - Ensure that the course is unpublished
 - Create some groups in the course
 - Ensure that you can add and remove students to and from the
   groups in the course
 - Ensure you can otherwise manage groups as you would expect to
   be able to even though the course is unpublished

Change-Id: I0c5ecd551c018f7bde08ffed566ecf3a15b8429a
Reviewed-on: https://gerrit.instructure.com/59043
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Jenkins
Reviewed-by: Joel Hough <joel@instructure.com>
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Product-Review: Peyton Craighill <pcraighill@instructure.com>
Reduces the scope of information returned unnecessarily.

Closes CNVS-22197

Test Plan:
  - Confirm there is no answer weights or exact numerical answers data
    leaked via POST events to the /api/v1/quiz_submissions/:id/questions
    answering event.

Change-Id: Icfd85b6b669b3a61a1acc503b52c78ba346bfb19
Reviewed-on: https://gerrit.instructure.com/59359
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
Tested-by: Jenkins
QA-Review: Derek Hansen <dhansen@instructure.com>
Product-Review: Ryan Taylor <rtaylor@instructure.com>
Reduces the scope of information returned unnecessarily.

Closes CNVS-22197

Test Plan:
  - Confirm there is no answer weights or exact numerical answers data
    leaked via POST events to the /api/v1/quiz_submissions/:id/questions
    answering event.

Change-Id: Icfd85b6b669b3a61a1acc503b52c78ba346bfb19
Reviewed-on: https://gerrit.instructure.com/59359
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
Tested-by: Jenkins
QA-Review: Derek Hansen <dhansen@instructure.com>
Product-Review: Ryan Taylor <rtaylor@instructure.com>
Change-Id: I132d8eb1d3e23be2adbc123395b73cab7d1789bc
closes #CNVS-21870 frd

Change-Id: I94a4b1794ada6af444647e6a8dbb06874d2e25f7
Reviewed-on: https://gerrit.instructure.com/59354
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
Tested-by: Jenkins
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
fixes CNVS-22073

test plan:
  - go to theme editor
  - add an image and then undo
    having added that image
  - if that is the only thing youve
    changed so far, you do not get
    a preview button
  - once you change something else
    you can hit preview and it saves
    properly

  - apply theme with a non-default image
  - go to the editor and change back
    to default
  - you get an option to preview with
    the default
  - preview is successful

  - color & image changes act normally

Change-Id: Ia5de701177137625e65434ac316c22aec0e1dd39
Reviewed-on: https://gerrit.instructure.com/59056
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Reviewed-by: Jennifer Stern <jstern@instructure.com>
Product-Review: Jennifer Stern <jstern@instructure.com>
Tested-by: Jenkins
fixes: CNVS-22185

Because the the update_progress callback from the
upload_to_s3 callback was happening inside a
Parallel.each thread, we'd get random errors where
it ran out of active record postgres connections.
eg:
ActiveRecord::ConnectionTimeoutError
could not obtain a database connection within 5
seconds (waited 5.000153379 seconds). The max pool
size is currently 5; consider increasing it.

the fix is to call the callback on the main thread so
any db queries are happening from the normal rails thread.

also, this adds a progress bar so if you run this from
the command line, you'll get a nice progress bar like
https://files.slack.com/files-pri/T028ZAGUD-F0896CFR9/screen_shot_2015-07-28_at_10.19.36_am.png
so that when deployers run the:
`rake brand_configs:generate_and_upload_all`
task, which takes a long time, they have an idea
of how long it is going to take

test plan:

note:this is something that only broke on beta and
not on local machines so to test that this fixes it,
you kinda need to just run it there:

* open theme editor
* make a change
* hit preview
* it should not say there was an error

Change-Id: Ife052ab9573aa677d49d8e5e6c637b0faa2b116e
Reviewed-on: https://gerrit.instructure.com/59407
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Tested-by: Jenkins
Product-Review: Ryan Shaw <ryan@instructure.com>
This reverts commit 597abe9.

Fixes CNVS-22183

Test Plan:
 * Navigate to Scheduler
 * Click on "Create an Appointment Group"
 * Verify there is both a Save & Publish button and a Save button
 * Verify the Save & Publish button is blue, and the save button looks
   less eye-catching
 * Add the Appointment group to a course calendar and click the Save
   button
 * Verify the appointment is saved and
   displays on the list of appointment groups
 * Log in as a student in the course
 * Verify a student cannot see and interact with the appointment group
 * Log back in as a teacher, edit the Appointment group, and click Save
   and Publish
 * Log back in as a student in the course
 * Verify the student can now see and interact with the appointment
   group

Change-Id: I26663df508c8b4024b50f1cbe0c561ca3fb8ac31
Reviewed-on: https://gerrit.instructure.com/59404
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Product-Review: Steven Shepherd <sshepherd@instructure.com>
Tested-by: Jenkins
refs CNVS-21431, CNVS-21425

Test scenarios: https://gist.github.com/junyper/7481e6a2b65a1b799bad

Change-Id: I28b24bce592952acfd33cb1303496b8178f0d4b4
Reviewed-on: https://gerrit.instructure.com/58780
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Tested-by: Jenkins
Reviewed-by: Colleen Palmer <colleen@instructure.com>
Product-Review: Jennifer Stern <jstern@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>

Conflicts:
	app/jsx/theme_editor/ThemeEditor.jsx
closes #CNVS-21870 frd

Change-Id: I94a4b1794ada6af444647e6a8dbb06874d2e25f7
Reviewed-on: https://gerrit.instructure.com/59354
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
Tested-by: Jenkins
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Fixes CNVS-22170

Test plan:
 - Create a quiz
 - Set a answer comment to `">'><img src=x onerror=alert(3)>`
 - Take the test and view the resulting answer comment every where you
 can find it
 - Try lots of other forms of html to try and execute javascript

Change-Id: I209b266a648810763e03b602790001034815b44f
Reviewed-on: https://gerrit.instructure.com/59457
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Tested-by: Jenkins
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Cameron Sutter <csutter@instructure.com>
Transifreq and others added 29 commits August 25, 2015 10:14
Change-Id: I4900e1f982b4e5b98f45898fd1e3e114dea0b858
closes: CNVS-22368

When a student only has enrollments in unpublished
courses, they do not see a courses global nav link.
The link is needed to get to "all courses" and see
their enrollments.

this changes things so the "courses" menu is always
shown. that way those users will be able to get
to that "all courses" link

Product / UX/UI review question:
This is just one possible way of fixing this problem.
the other thing we could do is to leave it how it was
but do a second, more expensive DB query to see if
there are any of those unpublished or archived courses that
I can see on the /courses page but not in the course
menu. in standup, we agreed to do it like this but
if any of you feel strongly that we should do it
the other way, that's fine too.

test plan:
Add a new user
Enroll them in an unpublished course
Masquerade as the new user,
click the courses global nav option
you should see the "all courses" link in the tray popup

Change-Id: I140dbc4f4d2852c386cc57cac3f2afec6ef62979
Reviewed-on: https://gerrit.instructure.com/60233
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
closes #CNVS-22718

Change-Id: Ibccf62c76230ca665a043eb423fe88c7b8be5b00
Reviewed-on: https://gerrit.instructure.com/61745
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams  <jamesw@instructure.com>
QA-Review: James Williams  <jamesw@instructure.com>
fixes CNVS-22527

test-plan:
 - when "Updated Terms of Use" page displays, should not include any
   custom account CSS

Change-Id: I98bcc48e1bf4f281ee34db8ee50ed204defc437d
Reviewed-on: https://gerrit.instructure.com/61659
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Colleen Palmer <colleen@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
we already have logic in Canvas::Security to
protect us against brute force, and AuthLogic
is just checking the updated_at to see if they can
attempt to login again if failed_login attempts is
over 50

fixes CNVS-22681

test plan
 - update a pseudonyms failed_login_count to > 50
 - p = Pseudonym.last
 - p.failed_login_count = 54
 - p.save!
 - attempt to login
 - it should work

Change-Id: I72ebf54306c4fe6bd46d172d31b8f732555107a7
Reviewed-on: https://gerrit.instructure.com/61595
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Closes CNVS-21521

Test Plan:
  - Regression test that due_dates, closing "end_at" dates and all
    things quiz time limits/moderation are all good.
    - Good luck!

Change-Id: Id5ad6c0028e06e67caea28fce514190730a02e44
Reviewed-on: https://gerrit.instructure.com/59020
Tested-by: Jenkins
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Product-Review: Pedro Fajardo <pfajardo@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Change-Id: I010880cce15d3d241b5849ed40a6895aeebe3190
Kenneth tools relies on this path being on the page in order for their stuff
to work. This brings back the html elementpath below tinymce, but hides it
using css from the UI so it isn't visible.

closes: CNVS-22759

Test Plan:
- Open up a view that had TinyMCE
- You should not see any html elementpath below the editor

Example with path: http://cl.ly/image/1O3u3J3j361w
Example without path: http://cl.ly/image/050n0Q1B1P2g

Change-Id: I93e7fa65c1d05a105c7e80e7b65ba4e4176fec4e
Reviewed-on: https://gerrit.instructure.com/61956
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Stephen Jensen <sejensen@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins
Change-Id: I78b3422a91c6cce7f30b42b389bbb5e99af7f002
in massively sharded databases where there's a type for every table,
this reduces the number of rows queried and unused... massively

Change-Id: Ib9bcf70d060f5ba48ebedaa7108d9d364430c638
Reviewed-on: https://gerrit.instructure.com/61975
Tested-by: Jenkins
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes: CNVS-22806

Test Plan:
- Go to tinymce editor
- Make sure html path shows below editor

Change-Id: Ieafda7d14abe097c3c233cf397b4d844cc63fea0
Reviewed-on: https://gerrit.instructure.com/62012
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
Change-Id: I8ee23b0ddac2e56b21aaa87e0e0033a7eda5ade7
Reviewed-on: https://gerrit.instructure.com/62087
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
Change-Id: I0d4b2fc27daa7138719699153ee29cc2ee23f4fe
Reviewed-on: https://gerrit.instructure.com/62088
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
Rectifies a regression in the the recent refactoring of quiz
eligibility.

Closes CNVS-22755

Test Plan:
  - Create a quiz with 2 allowed attempts
  - Take it twice and see no "Take the Quiz Again" button on completion.

Change-Id: Ifc4f503746f64b0083365bd394e71e8c6e0d97e8
Reviewed-on: https://gerrit.instructure.com/61951
Tested-by: Jenkins
Reviewed-by: Matt Berns <mberns@instructure.com>
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes CNVS-22834

Change-Id: I64c4ec47343ad34852691cb94271e98f5d1d65f8
Reviewed-on: https://gerrit.instructure.com/62091
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
fixes CNVS-22655
fixes CNVS-22833

the can_take_quiz? method renders an access_code restriction template or
an ip restriction template if those things are required for the quiz.
previously, those were presented when trying to take the quiz, but
a recent change made it so that they were presented when simply trying
to view the quiz.  this reverts to the previous behavior.

test plan:
- as a teacher, create an access code or ip restricted quiz, publish it
- as a student, you should be able to view the quiz without being
  prompted for an access code (or from an invalid ip)
- as a student, when trying to take the quiz, the restrictions should
  apply correctly
- as a student who meets the restrictions, you should be able to take
  the quiz

Change-Id: Iedc78c3728501da56710e00857527a7323633eeb
Reviewed-on: https://gerrit.instructure.com/62089
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
test plan:
* using the respondus lockdown browser, should be able to log out
after submitting a quiz requiring the lockdown browser

closes #CNVS-22838

Change-Id: If7b28977fe9ed51444fca145b841cc15ca71eb49
Reviewed-on: https://gerrit.instructure.com/62099
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
Change-Id: Iaaecbd8562d265af8e9d6a54c9b3b9af4cebc6f7
fixes CNVS-22607

Test plan:
  * set up a section limited TA
  * download gradebook csv
  * ensure you can only see students in your section

Change-Id: I20c67d832f7cb234f7527d53747770c0092e9a0d
Reviewed-on: https://gerrit.instructure.com/61886
Reviewed-by: Dylan Ross <dross@instructure.com>
QA-Review: Derek Hansen <dhansen@instructure.com>
Tested-by: Jenkins
Product-Review: Cameron Matheson <cameron@instructure.com>
fixes CNVS-22845

Test Plan:
* Create a user with a sis id, create another user without a sis id
* Add both users to a course with any role
* Once added select the gear icon for both students
* They should both have the option to "Remove From Course"

Change-Id: Ia7c663ae02a1c91334e6d00614faa31c94f1ab40
Reviewed-on: https://gerrit.instructure.com/62151
Tested-by: Jenkins
Reviewed-by: James Williams  <jamesw@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.