Merge pull request #989 from RickCarlino/cleanup_crops

RickCarlino · web-flow · commit 64e455b5c24f · 2019-05-20T15:12:43.000-05:00
May 2019 Release
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.6.1
+2.6.3
diff --git a/.travis.yml b/.travis.yml
@@ -2,7 +2,7 @@ language: ruby
 # If you don't specify a version, Travis CI will use MRI 1.9.3 as the default.
 # http://docs.travis-ci.com/user/languages/ruby/
 rvm:
-  - 2.6.1
+  - 2.6.3
 services:
   - mongodb
   - elasticsearch
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@
 # Image name: openfarm-webapp
 #
 
-FROM       ruby:2.6.1
+FROM       ruby:2.6.3
 MAINTAINER https://github.com/FarmBot/OpenFarm
 
 ENV     PHANTOM_JS_VERSION 1.9.8
diff --git a/Gemfile b/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-ruby "2.6.1"
+ruby "2.6.3"
 
 gem "rails"
 gem "bundler"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -208,7 +208,6 @@ GEM
       moneta
       multi_json (>= 1.9.2)
     high_voltage (3.1.0)
-    http-2 (0.10.1)
     httparty (0.16.4)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
@@ -588,7 +587,7 @@ DEPENDENCIES
   webmock
 
 RUBY VERSION
-   ruby 2.6.1p33
+   ruby 2.6.3p62
 
 BUNDLED WITH
    1.17.2
diff --git a/README.md b/README.md
@@ -10,9 +10,14 @@
 
 Contact rory@openfarm.cc to find out more, or open an issue to discuss your interest.
 
-# Open Source community of contributors: how it works
+# Security Concerns
+
+We take security seriously and value the input of independent researchers. Please email `security@farmbot.io` for issues that require immediate attention. Please follow [responsible disclosure](). **Do not use Slack or Github issues to discuss security vulnerabilities.**
+
+# The Community of Contributors: How it Works
 
 ### Shortcuts
+
 Already contributing to OpenFarm? You're welcome to [introduce yourself](https://docs.google.com/forms/d/e/1FAIpQLSfsKUABGJSO3gSfDUrdXymxP-GipdTLxbxsmR2FyxGdblN1-w/viewform)!
 
 Want to dig head first into our todo list of Github tasks? [Make yourself at home](https://github.com/openfarmcc/OpenFarm/projects)!
@@ -24,23 +29,23 @@ Want to dig head first into our todo list of Github tasks? [Make yourself at hom
 
 The main content are Growing Guides: creative, crowd-sourced, single-author, structured documents that include all of the necessary information for a person or machine to grow a plant, i.e.: seed spacing and depth, watering regimen, recommended soil composition and companion plants, sun/shade requirements, etc. In this Freebase platform, gardeners can find answers to questions like &ldquo;How do I grow tomatoes?&rdquo;
 
-### Start by joining the discussion of existing Contributors
+### Start by Joining Existing Contributors
 
 To start the discussion, get involved, and meet OpenFarm core community of contributors, we strongly recommend joining [our Slack room](http://slack.openfarm.cc/)! This is where you'll find the latest conversation about Openfarm and the most active contributors.
 
 Check also the [FAQ](http://openfarm.cc/pages/faq) for some frequently asked questions about contributing (Angular, Issue Trackers, IRC Channels).
 
 Check the [ongoing issues](https://github.com/openfarmcc/OpenFarm/projects) that need work on in the priority list.
 
-### Look for something you want to work on
+### Look for Something You Want to Work On
 
 For [front-end](https://github.com/openfarmcc/OpenFarm/projects/1) and [back-end](https://github.com/openfarmcc/OpenFarm/projects/3) code contributions, we aim at maintaining and prioritizing the Github issues through Github Projects, the Trello-like web-based project management board of Github: [OpenFarm Projects](https://github.com/openfarmcc/OpenFarm/projects).
 
 Need to use OpenFarm Assets? [Here they are](https://drive.google.com/open?id=0B-wExYzQcnp3cGphOGZQS1lBRFk)!
 
 We have few more languages missing for the website content to be translated: help us [translate the website](https://www.transifex.com/projects/p/openfarm/)!
 
-### Who can contribute
+### Who Can Contribute
 
 Everyone is welcome to bring value to the Open Source community of OpenFarm. Time is our most valuable assets here, so any minute of your time counts to make things happen! "Better done, than perfect!"
 We strive for diversity in our community and want to ensure we provide a safe and inclusive space for everyone by adopting a [Code of Conduct](https://openfarm.cc/pages/code_of_conduct?locale=en).
@@ -54,14 +59,6 @@ On the way we work together, we aim at:
 - prefering done, than perfect: breaking down tasks so that anyone can contribute few min of their time on a regular basis
 - taking shortcuts: what's the most obvious for a better usability? what's the shortest way to build a feature? What's the most valuable inputs for a feedback?
 
-### User Flow
-
-Update in progress
-
-### Mockups
-
-Update in progress
-
 ## Development
 
 ### Getting Started (The Easy Way)
@@ -221,7 +218,7 @@ Become a sponsor and get your logo on our README on Github with a link to your s
 
 The MIT License (MIT)
 
-Copyright (c) 2017 OpenFarm [(http://openfarm.cc/)](http://openfarm.cc/).
+Copyright (c) 2019 OpenFarm [(http://openfarm.cc/)](http://openfarm.cc/).
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/app/mutations/crops/update_crop.rb b/app/mutations/crops/update_crop.rb
@@ -13,7 +13,13 @@ class UpdateCrop < Mutations::Command
           array :common_names
           string :binomial_name
           string :taxon
-          string :svg_icon
+          # Temporarily disabled for security reasons (XSS attack vector)
+          #
+          # Fix this by:
+          #  * adding a CSP that disallows the use of arbitrary <script/> tags
+          #  * Removing all use of inline <script/> tags
+          #
+          # string :svg_icon
           string :description
           string :sun_requirements
           string :sowing_method
diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh
@@ -18,14 +18,14 @@ echo "--- INSTALLING RVM ---"
 
 gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys D39DC0E3
 
-curl -sSL https://get.rvm.io | bash -s stable --quiet-curl --ruby=2.6.1
+curl -sSL https://get.rvm.io | bash -s stable --quiet-curl --ruby=2.6.3
 
 echo "--- INSTALLING RUBY 2.6.1 ---"
 
 source /home/vagrant/.rvm/scripts/rvm
 
 rvm reload
-rvm --default use 2.6.1
+rvm --default use 2.6.3
 
 echo "--- INSTALLING ELASTICSEARCH ---"
 
diff --git a/spec/models/guide_spec.rb b/spec/models/guide_spec.rb
@@ -70,8 +70,8 @@
 
   it "sets the popularity score" do
     Guide.destroy_all
-    FactoryBot.create(:guide)
-    FactoryBot.create(:guide)
+    FactoryBot.create(:guide, impressions_field: 10)
+    FactoryBot.create(:guide, impressions_field: 12)
     guide = FactoryBot.create(:guide)
     expect(guide.popularity_score).not_to eq(0)
   end

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`# Image name: openfarm-webapp`
`3`	`3`	`#`
`4`	`4`
`5`		`-FROM ruby:2.6.1`
	`5`	`+FROM ruby:2.6.3`
`6`	`6`	`MAINTAINER https://github.com/FarmBot/OpenFarm`
`7`	`7`
`8`	`8`	`ENV PHANTOM_JS_VERSION 1.9.8`