diff --git a/Gemfile b/Gemfile index d66e01e..ff0f8ed 100644 --- a/Gemfile +++ b/Gemfile @@ -7,16 +7,17 @@ gem "oj_mimic_json", "~> 1.0", ">= 1.0.1" gem "equivalent-xml", "~> 0.6.0" gem "nokogiri", ">= 1.10.8" gem "iso8601", "~> 0.9.0" -gem "maremma", "4.6.1" -gem "faraday", "0.17.0" -gem "bolognese", "~> 1.0", ">= 1.4" +gem "maremma", "~> 4.6" +gem "faraday", "~> 1.0", ">= 1.0.1" +gem "bolognese", "~> 1.0", ">= 1.6.5" gem "dalli", "~> 2.7.6" gem "lograge", "~> 0.11.2" gem "logstash-event", "~> 1.2", ">= 1.2.02" gem "logstash-logger", "~> 0.26.1" -gem "sentry-raven", "~> 2.9" +gem 'sentry-raven', '~> 3.0' gem "gender_detector", "~> 0.1.2" gem "rack-cors", "~> 1.0", require: "rack/cors" +gem "rack-utf8_sanitizer", "~> 1.6" gem "git", "~> 1.5" gem "sprockets", "~> 3.7", ">= 3.7.2" diff --git a/Gemfile.lock b/Gemfile.lock index 539f447..7956f50 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,43 +1,43 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.4.2) - actionpack (= 5.2.4.2) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.2) - actionpack (= 5.2.4.2) - actionview (= 5.2.4.2) - activejob (= 5.2.4.2) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.2) - actionview (= 5.2.4.2) - activesupport (= 5.2.4.2) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.2) - activesupport (= 5.2.4.2) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.2) - activesupport (= 5.2.4.2) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.2.4.2) - activesupport (= 5.2.4.2) - activerecord (5.2.4.2) - activemodel (= 5.2.4.2) - activesupport (= 5.2.4.2) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) arel (>= 9.0) - activestorage (5.2.4.2) - actionpack (= 5.2.4.2) - activerecord (= 5.2.4.2) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) marcel (~> 0.3.1) - activesupport (5.2.4.2) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -45,9 +45,9 @@ GEM addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) arel (9.0.0) - ast (2.4.0) + ast (2.4.1) benchmark_methods (0.7) - better_errors (2.7.0) + better_errors (2.7.1) coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) @@ -55,7 +55,7 @@ GEM latex-decode (~> 0.0) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) - bolognese (1.5.21) + bolognese (1.6.6) activesupport (>= 4.2.5) benchmark_methods (~> 0.7) bibtex-ruby (>= 5.1.0) @@ -65,10 +65,10 @@ GEM concurrent-ruby (~> 1.1, >= 1.1.5) csl-styles (~> 1.0, >= 1.0.1.8) edtf (~> 3.0, >= 3.0.4) - faraday (= 0.17.0) + faraday (~> 1.0, >= 1.0.1) gender_detector (~> 0.1.2) iso8601 (~> 0.9.1) - json-ld (~> 2.2, >= 2.2.1) + json-ld (~> 3.1, >= 3.1.4) jsonlint (~> 0.3.0) loofah (~> 2.0, >= 2.0.3) maremma (>= 4.3, < 5) @@ -79,9 +79,9 @@ GEM postrank-uri (~> 1.0, >= 1.0.18) rdf-rdfxml (~> 3.1) rdf-turtle (~> 3.1) - thor (~> 0.19) + thor (~> 1.0, >= 1.0.1) builder (3.2.4) - capybara (3.32.1) + capybara (3.33.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -94,7 +94,7 @@ GEM citeproc-ruby (1.1.12) citeproc (~> 1.0, >= 1.0.9) csl (~> 1.5) - coderay (1.1.2) + coderay (1.1.3) colorize (0.8.1) concurrent-ruby (1.1.6) crack (0.4.3) @@ -106,7 +106,7 @@ GEM csl (~> 1.0) dalli (2.7.10) debug_inspector (0.0.3) - diff-lcs (1.3) + diff-lcs (1.4.2) docile (1.3.2) dotenv (2.7.5) ebnf (1.2.0) @@ -118,13 +118,13 @@ GEM nokogiri (>= 1.4.3) erubi (1.9.0) excon (0.71.1) - faraday (0.17.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) faraday-encoding (0.0.5) faraday - faraday_middleware (0.13.1) - faraday (>= 0.7.4, < 1.0) - ffi (1.12.2) + faraday_middleware (1.0.0) + faraday (~> 1.0) + ffi (1.13.1) gender_detector (0.1.2) unicode_utils (>= 1.3.0) git (1.7.0) @@ -138,14 +138,19 @@ GEM concurrent-ruby (~> 1.0) hashdiff (1.0.1) htmlentities (4.3.4) - i18n (1.8.2) + i18n (1.8.3) concurrent-ruby (~> 1.0) iso8601 (0.9.1) jaro_winkler (1.5.4) json (2.3.0) - json-ld (2.2.1) - multi_json (~> 1.12) - rdf (>= 2.2.8, < 4.0) + json-canonicalization (0.2.0) + json-ld (3.1.4) + htmlentities (~> 4.3) + json-canonicalization (~> 0.2) + link_header (~> 0.0, >= 0.0.8) + multi_json (~> 1.14) + rack (~> 2.0) + rdf (~> 3.1) jsonlint (0.3.0) oj (~> 3) optimist (~> 3) @@ -162,21 +167,21 @@ GEM logstash-event (1.2.02) logstash-logger (0.26.1) logstash-event (~> 1.2) - loofah (2.5.0) + loofah (2.6.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) - maremma (4.6.1) + maremma (4.8) activesupport (>= 4.2.5) addressable (>= 2.3.6) builder (~> 3.2, >= 3.2.2) excon (~> 0.71.0) - faraday (= 0.17.0) + faraday (~> 1.0, >= 1.0.1) faraday-encoding (~> 0.0.4) - faraday_middleware (~> 0.13.1) + faraday_middleware (~> 1.0) nokogiri (~> 1.10.4) oj (>= 2.8.3) oj_mimic_json (~> 1.0, >= 1.0.1) @@ -184,7 +189,7 @@ GEM mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.14.0) + minitest (5.14.1) multi_json (1.14.1) multipart-post (2.1.1) namae (1.0.1) @@ -194,40 +199,42 @@ GEM oj (3.10.6) oj_mimic_json (1.0.1) optimist (3.0.1) - parallel (1.19.1) - parser (2.7.1.2) - ast (~> 2.4.0) + parallel (1.19.2) + parser (2.7.1.4) + ast (~> 2.4.1) postrank-uri (1.0.24) addressable (>= 2.4.0) nokogiri (>= 1.8.0) public_suffix (>= 2.0.0, < 2.1) public_suffix (2.0.5) - rack (2.2.2) + rack (2.2.3) rack-cors (1.1.1) rack (>= 2.0.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.4.2) - actioncable (= 5.2.4.2) - actionmailer (= 5.2.4.2) - actionpack (= 5.2.4.2) - actionview (= 5.2.4.2) - activejob (= 5.2.4.2) - activemodel (= 5.2.4.2) - activerecord (= 5.2.4.2) - activestorage (= 5.2.4.2) - activesupport (= 5.2.4.2) + rack-utf8_sanitizer (1.7.0) + rack (>= 1.0, < 3.0) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.2.4.2) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (5.2.4.2) - actionpack (= 5.2.4.2) - activesupport (= 5.2.4.2) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) @@ -237,28 +244,31 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rchardet (1.8.0) - rdf (3.1.1) + rdf (3.1.3) hamster (~> 3.0) link_header (~> 0.0, >= 0.0.8) rdf-aggregate-repo (3.1.0) rdf (~> 3.1) - rdf-rdfa (3.1.0) + rdf-rdfa (3.1.1) haml (~> 5.1) htmlentities (~> 4.3) - rdf (~> 3.1) + rdf (~> 3.1, >= 3.1.2) rdf-aggregate-repo (~> 3.1) + rdf-vocab (~> 3.1, >= 3.1.5) rdf-xsd (~> 3.1) rdf-rdfxml (3.1.0) htmlentities (~> 4.3) rdf (~> 3.1) rdf-rdfa (~> 3.1) rdf-xsd (~> 3.1) - rdf-turtle (3.1.0) + rdf-turtle (3.1.1) ebnf (~> 1.2) - rdf (~> 3.1) + rdf (~> 3.1, >= 3.1.2) + rdf-vocab (3.1.5) + rdf (~> 3.1, >= 3.1.2) rdf-xsd (3.1.0) rdf (~> 3.1) - regexp_parser (1.7.0) + regexp_parser (1.7.1) request_store (1.5.0) rack (>= 1.4) rspec-core (3.9.2) @@ -285,7 +295,7 @@ GEM rainbow (>= 2.2.2, < 4.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 1.7) - rubocop-performance (1.5.2) + rubocop-performance (1.6.1) rubocop (>= 0.71.0) rubocop-rails (2.5.2) activesupport @@ -293,8 +303,8 @@ GEM rubocop (>= 0.72.0) ruby-progressbar (1.10.1) safe_yaml (1.0.5) - sentry-raven (2.13.0) - faraday (>= 0.7.6, < 1.0) + sentry-raven (3.0.0) + faraday (>= 1.0) simplecov (0.17.1) docile (~> 1.1) json (>= 1.8, < 3) @@ -314,7 +324,7 @@ GEM sxp (1.1.0) rdf (~> 3.1) temple (0.8.2) - thor (0.20.3) + thor (1.0.1) thread_safe (0.3.6) tilt (2.0.10) tzinfo (1.2.7) @@ -326,9 +336,9 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - websocket-driver (0.7.1) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) + websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) @@ -338,12 +348,12 @@ PLATFORMS DEPENDENCIES better_errors binding_of_caller - bolognese (~> 1.0, >= 1.4) + bolognese (~> 1.0, >= 1.6.5) capybara dalli (~> 2.7.6) dotenv equivalent-xml (~> 0.6.0) - faraday (= 0.17.0) + faraday (~> 1.0, >= 1.0.1) gender_detector (~> 0.1.2) git (~> 1.5) iso8601 (~> 0.9.0) @@ -351,17 +361,18 @@ DEPENDENCIES lograge (~> 0.11.2) logstash-event (~> 1.2, >= 1.2.02) logstash-logger (~> 0.26.1) - maremma (= 4.6.1) + maremma (~> 4.6) nokogiri (>= 1.10.8) oj (>= 3.1.0) oj_mimic_json (~> 1.0, >= 1.0.1) rack-cors (~> 1.0) + rack-utf8_sanitizer (~> 1.6) rails (~> 5.2) rspec-rails (~> 3.5, >= 3.5.2) rubocop (~> 0.77.0) rubocop-performance (~> 1.5, >= 1.5.1) rubocop-rails (~> 2.4) - sentry-raven (~> 2.9) + sentry-raven (~> 3.0) simplecov (~> 0.17.1) spring spring-watcher-listen (~> 2.0.0) diff --git a/config/application.rb b/config/application.rb index 9103e14..d398f0d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -60,6 +60,9 @@ class Application < Rails::Application # Configure SSL options to enable HSTS with subdomains. Previous versions had false. config.ssl_options = { hsts: { subdomains: true } } + # make sure all input is UTF-8 + config.middleware.insert 0, Rack::UTF8Sanitizer, additional_content_types: ['application/vnd.api+json', 'application/xml'] + # compress responses with deflate or gzip config.middleware.use Rack::Deflater