saeloun / plate Goto Github PK
View Code? Open in Web Editor NEWA Plate of Rails Templates
A Plate of Rails Templates
Circle CI ready
This version fixes some CVE's.
Example:
Remediation
Upgrade activesupport to version 6.0.3.1 or later. For example:
gem "activesupport", ">= 6.0.3.1"
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-8165
high severity
Vulnerable versions: >= 6.0.0, <= 6.0.3
Patched version: 6.0.3.1
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the raw: true parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:
data = cache.fetch("demo", raw: true) { untrusted_string }
Impact
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling Rails.cache.fetch they are using consistent values of the raw parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.
Workarounds
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the raw argument should be double-checked to ensure that they conform to the expected format.
You can move the notification send after a contact is created to a job
SMTP configuration example
Make it Heroku deployable
ActiveJob with Sidekiq
Issue:
On committing the changes to the branch, the following error is observed
husky > pre-commit (node v10.15.3)
↓ Stashing changes... [skipped]
→ No partially staged files found...
❯ Running linters...
↓ Running tasks for app/**/*.{js.jsx,js,es6,jsx,scss,css} [skipped]
→ No staged files match app/**/*.{js.jsx,js,es6,jsx,scss,css}
❯ Running tasks for {app,test,features,lib}/**/*.{rb,rake,jbuilder}
✖ bundle exec rubocop -a
git add
✖ bundle exec rubocop -a found some errors. Please fix them and try committing again.
Bundler 2 requires Ruby 2.3 or later. Either install bundler 1 or update to a supported Ruby version.
husky > pre-commit hook failed (add --no-verify to bypass)
Context
When parallelize(workers: :number_of_processors)
is added in test_hepler.rb
and we execute rake, the test coverage report for SimpleCov show incorrect results.
When this line is commented out the coverage report is correct.
I also tried SimpleCov Parallel gem but this too shows an incorrect result.
The service_name attribute is missing in active_storage_blobs. So when we are trying to attach a file to active storage, it will raise this error.
Takes to devise user edit page and allows user to upload image, etc.
@vipulnsward _A
asking because
the link in README: http://railstemplate.herokuapp.com/
doesn't work any more.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.