Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v4.1.0 - release candidate #3309

Merged
merged 119 commits into from
Apr 13, 2023
Merged

v4.1.0 - release candidate #3309

merged 119 commits into from
Apr 13, 2023

Conversation

briri
Copy link
Contributor

@briri briri commented Apr 12, 2023

Note this upgrade is a migration from Ruby v2.7.6 to v3.0.5. Note that this could have an impact on any customizations you may have made to your fork of this project. Please see https://www.fastruby.io/blog/ruby/upgrades/upgrade-ruby-from-2.7-to-3.0.html for further information on what to check. In particular, please note the changes to the way Ruby 3 handles keyword arguments

Note that the Webpacker gem has been removed in favor of jsbundling-rails. This was done in preparation for the future migration to Rails 7. See issue #3185 for more details on this change. If, after migrating to this version, you see 'Sprockets' related errors in your application you will need to rebuild you asset library. To do this run bin/rails assets:clobber && bin/rails assets:precompile from the project directory.

All gem and JS dependencies were also updated via bundle update && yarn upgrade

Upgrade to Ruby 3

  • Upgrade to Ruby version 3.0.5 #3225
  • Bumped all Github actions to use ruby 3.0
  • Removed .freeze from Regex and Range constants since those types are already immutable
  • Fixed Rubocop complaint about redundancy of r.nil? ? nil : r.user, so changed it to r&.user in app/models/plan.rb
  • Fixed Rubocop complaint about redundant :: in config.log_formatter = ::Logger::Formatter.new in config/environments/production.rb
  • Froze lib/deprecators/*.rb constants that were Strings
  • Updated places that were incorrectly using keyword args. See this article for an overview

Upgraded TinyMCE to v6

  • Upgraded TinyMCE to v6 (v5 EOL is April 20 2023)
  • Adjusted JS code to conform to new TinyMCE version
  • Adjusted views to work with the new version
  • Updated variables.scss file to fix issue with button text/background color contrast
  • Updated blocks/_tables.scss to fix issue with dropdown menu overlap against table
  • updated config/initializers/assets.rb to copy over the tinymce skins and bootstrap glyphicons to the public directory so that they are accessible by TinyMCE and Bootstrap code

Removed webpacker gem

As Webpacker is no longer maintained by the Rails community, we have replaced it by jsbundling-rails and cssbundling-rails for the Javascript & CSS compilation.

  • Removed webpacker gem
  • Added jsbundling-rails
  • Updated webpack and its configuration to V5
  • Moved app/javascript/packs/application.js to app/javascript/application.js
  • Removed ruby-sass gem
  • Added cssbundling-rails gem and DartSass JS library
  • Updated SASS stylesheets following the migration to the latest version of the sass package (See below).
  • Removed font-awesome-sass gem and used @fortawesome/fontawesome-free npm package
  • Issue with @import 'font-awesome-sprockets'; line in app/assets/stylesheets/application.scss. Removed that line after referring to the latest font-awesome install/setup guide which no longer includes it.

With the removal of Webpacker, the Javascript/SASS code is no longer automaticaly compiled when using the rails server command. It has been replaced by the bin/dev command that launch the rails server and the processes that watch for changes in the SASS and Javascript code.

SASS update : removal of the @import keyword

With the removal of the webpacker gem, the DartSass package has been installed to ensure the compilation of the Sass stylesheet and with it, an update to the Sass version used by the code :

  • @import keyword for custom stylesheets has been removed (although we can still import stylesheets from externals packages) and has been replaced by @use and @forward
  • An _index.scss file have to be created in folders containing multiple sass files. Each file have to be included in the index with the @use or @forward keyword.
  • In most cases @import can be replaced by @use when importing a file.
  • @forward makes mixins, functions and variables available when a stylesheet is loaded.
  • When imported, Sass variables are now namespaced with the file name in which they are declared (ex : color: colors.$red). A namespace can be renamed (ex : @use "colours" as c;) or removed when included (ex : @use "colours" as *;)
  • Sass variables are no longer declared globally and have to be included in files where they are used.
    For more detailed explanation, please refer to this video : https://www.youtube.com/watch?v=CR-a8upNjJ0

Introduction of RackAttack

Rack Attack is middleware that can be used to help protect the application from malicious activity. You can establish white/black lists for specific IP addresses and also define rate limits.

  • Using Rack-attack address vulnerabilities pointed out in password reset and login: there was no request rate limit.#3214

Cleanup of Capybara configuration

  • Cleaned up Gemfile by:
    • removing gems that were already commented out
    • removed selenium-webdriver and capybara-webmock
    • removing version restrictions on: danger, font-awesome-sass, webdrivers
  • Cleaned up spec/rails_helper.rb and spec/spec_helper.rb
  • Simplified the spec/support/capybara.rb helper to work with the latest version of Capybara and use its built in headless Chrome driver

Rubocop updates

  • Installed rubocop-performance gem and made suggested changes
  • Added lib tasks as exclusive from debugger rubocop check after rubocop upgrading to >= v1.45 #3291

GitHub actions updates

  • Added node version specification (v16) to eslint, PostgreSQL and MySQL github action to eliminate digital routine enveloped error #319

New Rake task for updating dependencies

  • Added a new bin/rails update:all task that will update the gem and JS dependencies and also add the x86_64-linux environment to the bundle's supported platform list

Enhancements

  • Added enum to the funding status attribute of plan model to make the dropdown of 'funding status' being translatable
  • Allow users to download both single phase and in PDF, TEXT and DOCX format. CSV file can only download single phase instead of all phases.

pengyin-shan and others added 30 commits October 3, 2022 12:21
resetting the password.

The Rack-Attack middleware for blocking & throttling abusive requests is
being used.
https://github.com/rack/rack-attack/blob/6-stable/README.md

Changes:
- Added rack-attack version 6.6.1 gem. https://rubygems.org/gems/rack-attack/versions/6.6.1
- Added config/initializers/rack_attack.rb:
  - The rack-attack functionality is enabled with
        Rack::Attack.enabled = true
    but may be switched off
        Rack::Attack.enabled = false.
  - Password reset requests are currently throttled from from an IP address
    for POSTs to path /users/passwords and is limited 2 requests every 30 seconds.
ess
  - Login requests are throttled  from an IP address
    for POSTs to path /users/sign_in and is limited 4 requests every 30 seconds.  - A new html page public/429.html with title "Too Many Request" is added.
briri and others added 24 commits March 23, 2023 12:36
DMP Assistant Feature - allow phase-only download - Ready
…te_limit_on_reset_password_link

Fix for bug #3214 which had noted there was no request rate limit to - WIP
…icons and tinymce skins into the public folder
Translation sync from Translation.io
@github-actions
Copy link

1 Warning
⚠️ This PR is too big! Consider breaking it down into smaller PRs.

Generated by 🚫 Danger

@briri briri changed the title v4.0.1 - release candidate v4.1.0 - release candidate Apr 12, 2023
@briri briri merged commit 7d9a1d5 into main Apr 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants