ruby/panel
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

WIP: production.panel.sutty.nl #1

Draft
fauno wants to merge 1653 commits from production.panel.sutty.nl into rails
pull from: production.panel.sutty.nl
merge into: ruby:rails
Conversation 0 Commits 1653 Files changed 228 +1960 -891
fauno commented 2026-04-13 18:55:27 +00:00
Owner
Copy link

Difference between production and release

Difference between production and release
fauno added 1652 commits 2026-04-13 18:55:28 +00:00 
Name: puma
Version: 5.5.2
CVE: CVE-2022-23634
GHSA: GHSA-rmj8-8hhh-gv5h
Criticality: High
URL:
https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Title: Information Exposure with Puma when used with Rails
Solution: upgrade to ~> 4.3.11, >= 5.6.2

Name: puma
Version: 5.5.2
CVE: CVE-2022-24790
GHSA: GHSA-h99w-9q5r-gjq9
Criticality: Unknown
URL:
https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Title: HTTP Request Smuggling in puma
Solution: upgrade to ~> 4.3.12, >= 5.6.4
Name: nokogiri
Version: 1.12.5
CVE: CVE-2021-30560
GHSA: GHSA-fq42-c5rg-92c2
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 →
1.1.35)
Solution: upgrade to >= 1.13.2

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-24836
GHSA: GHSA-crjr-9rc5-ghw8
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Title: Inefficient Regular Expression Complexity in Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-24839
GHSA: GHSA-gx8x-g87m-h5q6
Criticality: High
URL:
https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Title: Denial of Service (DoS) in Nokogiri on JRuby
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2018-25032
GHSA: GHSA-v6gp-9mmm-c6p5
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Title: Out-of-bounds Write in zlib affects Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-23437
GHSA: GHSA-xxx9-3xcr-gjj3
Criticality: Medium
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Title: XML Injection in Xerces Java affects Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-29181
GHSA: GHSA-xh29-r2w5-wx8m
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Title: Improper Handling of Unexpected Data Type in Nokogiri
Solution: upgrade to >= 1.13.6

Name: nokogiri
Version: 1.12.5
GHSA: GHSA-cgx6-hpwq-fhv5
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri
Solution: upgrade to >= 1.13.5
Name: image_processing
Version: 1.12.1
CVE: CVE-2022-24720
GHSA: GHSA-cxf7-qrc5-9446
Criticality: Unknown
URL:
https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
Title: Remote shell execution vulnerability when applying commands from
user input
Solution: upgrade to >= 1.12.2
Name: blazer
Version: 2.4.7
CVE: CVE-2022-29498
GHSA: GHSA-qf9q-q4hh-qph3
Criticality: High
URL: https://github.com/ankane/blazer/issues/392
Title: SQL injection for certain queries with variables
Solution: upgrade to >= 2.6.0
Name: commonmarker
Version: 0.21.2
GHSA: GHSA-fmx4-26r3-wxpf
Criticality: High
URL:
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
Title: Integer overflow in cmark-gfm table parsing extension leads to
heap memory corruption
Solution: upgrade to >= 0.23.4
Name: actionpack
Version: 6.1.4.1
CVE: CVE-2021-44528
GHSA: GHSA-qphc-hf5q-v8fc
Criticality: Medium
URL:
https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ
Title: Possible Open Redirect in Host Authorization Middleware
Solution: upgrade to ~> 6.0.4, >= 6.0.4.2, ~> 6.1.4, >= 6.1.4.2, >=
7.0.0.rc2

Name: actionpack
Version: 6.1.4.1
CVE: CVE-2022-23633
GHSA: GHSA-wh98-p28r-vrc9
Criticality: High
URL:
https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Title: Possible exposure of information vulnerability in Action Pack
Solution: upgrade to ~> 5.2.6, >= 5.2.6.2, ~> 6.0.4, >= 6.0.4.6, ~>
6.1.4, >= 6.1.4.6, >= 7.0.2.2

Name: actionpack
Version: 6.1.4.1
CVE: CVE-2022-22577
GHSA: GHSA-mm33-5vfq-3mm3
Criticality: Unknown
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Title: Possible XSS Vulnerability in Action Pack
Solution: upgrade to ~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~>
6.1.5, >= 6.1.5.1, >= 7.0.2.4

Name: actionview
Version: 6.1.4.1
CVE: CVE-2022-27777
GHSA: GHSA-ch3h-j2vf-95pv
Criticality: Unknown
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Title: Possible XSS Vulnerability in Action View tag helpers
Solution: upgrade to ~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~>
6.1.5, >= 6.1.5.1, >= 7.0.2.4

Name: activestorage
Version: 6.1.4.1
CVE: CVE-2022-21831
GHSA: GHSA-w749-p3v6-hccq
Criticality: Unknown
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Title: Possible code injection vulnerability in Rails / Active Storage
Solution: upgrade to ~> 5.2.6, >= 5.2.6.3, ~> 6.0.4, >= 6.0.4.7, ~>
6.1.4, >= 6.1.4.7, >= 7.0.2.3
```
/usr/lib/ruby/gems/2.7.0/gems/i18n-1.9.1/lib/i18n/backend/base.rb:248:in `rescue in load_yml': can not load translations from /usr/lib/ruby/gems/2.7.0/gems/activesupport-6.1.4.7/lib/active_support/locale/en.yml: #<ArgumentError: wrong number of arguments (given 2, expected 1)> (I18n::InvalidLocaleData)
```
hace que todo tarde demasiado tiempo
la versión 2.8 es para ruby 3 y genera errores en require

https://github.com/ruby/net-imap/issues/16
la primera hipótesis sobre #10031 es que las excepciones cancelan la
actualización de la información, como si fueran una transacción, pero
haciendo pruebas manuales no pasa.

con este cambio al menos el código queda más limpio.
This reverts commit 2b0c1d88fd.
aunque el zip no se genere igual queremos poder sincronizar el sitio
los segundos se usan para sincronizar todas las versiones de un sitio
con otro servidor de sutty.  los primeros solo sincronizan los archivos
a otro servidor, no necesariamente bajo el mismo nombre.
closes ##10541

closes ##10540

closes ##10539

closes ##10538

closes ##10537

closes ##10536

closes ##10535

closes ##10534

closes ##10533
aunque es un poco obvio al mirar la lista de usuaries de un sitio
Usuarie#deliver_invitation además generaba un token cuando no era
necesario y esto es lo que hacía que les usuaries quedaran flotando.
y los commits también se harían en el idioma de le usuarie
como fallback usamos page
closes #12753
closes #12410
no salían porque la tabla se genera en base a expandir las urls y cuando
las urls venían vacías no se generaba la fila.
por ejemplo la dependencia en hidden service hace que no se sincronice
el sitio principal.
sutty/distributed-press-api-client#10
cuando estamos guardando un post con archivos subidos y posts
relacionados, al no usar el arbol actual se pisaban los archivos
modificados y el repositorio quedaba en un estado inconsistente.
This reverts commit 11f5b7375e.
* correr yarn para actualizar el yarn.lock si quedó mal
* commitear yarn.lock
* no commitear si falla la compilación
fix: mostrar un borde al enfocar links en las migas
si lo establecemos después de bootstrap, pisamos los colores de los
botones
This reverts commit 05bfc95db6.
This reverts commit 05bfc95db6.
This reverts commit e504501678.
versiones de jekyll-locales menores a 0.2 dejan symlinks rotos en lugar
de la colección _posts.  con esto ignoramos la colección del todo,
porque solo usamos las que están en idiomas.

sutty obliga efectivamente a todos los sitios jekyll a usar
jekyll-locales o al menos colocar los posts en un directorio de idiomas.

una salvedad sería agregar esto en la configuración:

```yaml
locales:
- "posts"
```
los archivos de datos se leen con rutas relativas, lo que puede mezclar
el cwd en usos concurrentes.

depreca la dependencia en jekyll-data además!
ya no es necesario y Dir.chdir no es concurrente, con lo que nos
ahorramos posibles bugs.
closes #13603
(cherry picked from commit 2a6a25a9cd4ee0e230c41f46f5114a278e232a45)
This reverts commit c5da02cf3e.
(cherry picked from commit ee7d1599e8)
porque jekyll los toma como archivos ocultos

(cherry picked from commit 5aef69cd94)
(cherry picked from commit c22276f74f)
(cherry picked from commit dc82b8cef2)
(cherry picked from commit ee10e170ec)
(cherry picked from commit 670d6063e5)
(cherry picked from commit 453798dcc7)
# Conflicts:
#	config/locales/en.yml
#	config/locales/es.yml
# Conflicts:
#	app/views/posts/index.haml
# Conflicts:
#	app/views/posts/index.haml
# Conflicts:
#	monit.conf
This reverts commit 750addad70.
# Conflicts:
#	app/views/posts/attributes/_new_belongs_to.haml
# Conflicts:
#	db/structure.sql
# Conflicts:
#	app/views/posts/index.haml
# Conflicts:
#	app/views/posts/show.haml
# Conflicts:
#	app/views/posts/attribute_ro/_plain_text.haml
# Conflicts:
#	app/services/lfs_object_service.rb
closes #20759

closes #20942
# Conflicts:
#	app/models/stat.rb
This reverts commit 332ae66b8a.
hay que actualizar chartkick en realidad
# Conflicts:
#	Gemfile.lock
closes #14473

closes #14612

closes #18580

closes #19427

closes #19474

closes #19993

closes #20082

closes #20105

closes #20297

closes #20309

closes #20610

closes #21015

closes #21016

closes #651

closes #9877
# Conflicts:
#	app/services/lfs_object_service.rb
closes #14389

closes #14454

closes #14570

closes #14720

closes #19503

closes #19504

closes #19812

closes #19895

closes #20144

closes #21012

closes #21110
# Conflicts:
#	app/views/posts/attribute_ro/_image.haml
#	app/views/posts/show.haml
# Conflicts:
#	app/views/posts/attribute_ro/_image.haml
closes #14545

closes #18641

closes #19385

closes #19849

closes #19931

closes #20019

closes #20055

closes #20056

closes #20484

closes #20546

closes #20919

closes #21052

closes #21169

closes #21170
# Conflicts:
#	app/models/site/repository.rb
# Conflicts:
#	app/models/site/repository.rb
# Conflicts:
#	app/models/site/repository.rb
# Conflicts:
#	app/views/posts/_new_has_one.haml
closes #21205

closes #21206

closes #21207

closes #21218

closes #21219
closes #21301
# Conflicts:
#	app/jobs/notify_disk_usage_over_limit_job.rb
como los valores actuales de las relaciones son lazy loaded, el
controlador de unsaved-changes piensa que el formulario fue modificado.
al hacer aparecer un target que indica que hubo cambios en la primera
página, indicamos que hay que actualizar el valor de base.

podríamos usar turbo-frame:load pero no hubo forma de hacerlo disparar.
closes #16148

closes #18758

closes #19224

closes #19234

closes #19274

closes #19349

closes #19369

closes #19370

closes #19372

closes #19377

closes #19384

closes #19415

closes #19544

closes #19546

closes #19547

closes #19548

closes #19585

closes #19586

closes #19940

closes #20109

closes #20189

closes #20238

closes #20379

closes #20380

closes #20671

closes #2129

closes #21470

closes #21471

closes #21472

closes #4796

closes #1373

closes #1791

closes #2128
closes #21462
# Conflicts:
#	app/mailers/application_mailer.rb
This pull request is marked as a work in progress.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin production.panel.sutty.nl:production.panel.sutty.nl
git switch production.panel.sutty.nl

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch rails
git merge --no-ff production.panel.sutty.nl
git switch production.panel.sutty.nl
git rebase rails
git switch rails
git merge --ff-only production.panel.sutty.nl
git switch production.panel.sutty.nl
git rebase rails
git switch rails
git merge --no-ff production.panel.sutty.nl
git switch rails
git merge --squash production.panel.sutty.nl
git switch rails
git merge --ff-only production.panel.sutty.nl
git switch rails
git merge production.panel.sutty.nl
git push origin rails
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ruby/panel!1
No description provided.