Addresses critical security Active Record RCE bug #86 #87 (#2403)

- Addresses two critical security issues related to Rails versions: https://github.com/powerhome/playbook/security/dependabot/87 https://github.com/powerhome/playbook/security/dependabot/86 - Updates Playbook version to latest in all examples. ____ #### Screens [INSERT SCREENSHOT] #### Breaking Changes No #### Runway Ticket URL No #### How to test this Deploy and verify it is working. Example rails 7 app has to be test locally. #### Checklist: - [ ] **LABELS** Add a label: `enhancement`, `bug`, `improvement`, `new kit`, `deprecated`, or `breaking`. See [Changelog & Labels](https://github.com/powerhome/playbook/wiki/Changelog-&-Labels) for details. - [ ] **DEPLOY** Please add the `Milano` label when you are ready for a review. - [ ] **SCREENSHOT** Please add a screen shot or two. - [ ] **SPECS** Please cover your changes with specs. - [ ] **READ DOCS** Please make sure you have read and understand the [Playbook Release Process](https://github.com/powerhome/playbook/wiki/Playbook-Releases)
powerhome · Mar 30, 2023 · 75a3235 · 75a3235
1 parent 2d9cf78
commit 75a3235
Show file tree

Hide file tree

Showing 16 changed files with 469 additions and 2,553 deletions.
diff --git a/examples/playbook-rails-webpack/Gemfile.lock b/examples/playbook-rails-webpack/Gemfile.lock
@@ -133,7 +133,7 @@ GEM
       racc (~> 1.4)
     nokogiri (1.13.9-x86_64-linux)
       racc (~> 1.4)
-    playbook_ui (11.6.0)
+    playbook_ui (12.10.0)
       actionpack (>= 5.2.4.5)
       actionview (>= 5.2.4.5)
       activesupport (>= 5.2.4.5)
@@ -254,6 +254,7 @@ GEM
 
 PLATFORMS
   x86_64-darwin-21
+  x86_64-darwin-22
   x86_64-linux
 
 DEPENDENCIES

diff --git a/examples/playbook-rails/.gitignore b/examples/playbook-rails/.gitignore
@@ -0,0 +1,48 @@
+*.rbc
+capybara-*.html
+.rspec
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/db/*.sqlite3-[0-9]*
+/public/system
+/coverage/
+/spec/tmp
+*.orig
+rerun.txt
+pickle-email-*.html
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# TODO Comment out this rule if you are OK with secrets being uploaded to the repo
+config/initializers/secret_token.rb
+config/master.key
+
+# Only include if you have production secrets in this file, which is no longer a Rails default
+# config/secrets.yml
+
+# dotenv, dotenv-rails
+# TODO Comment out these rules if environment variables can be committed
+.env
+.env*.local
+
+## Environment normalization:
+/.bundle
+/vendor/bundle
+
+# these should all be checked in to normalize the environment:
+# Ignore pow environment settings
+.powenv
+
+# Ignore Byebug command history file.
+.byebug_history
+
+/tmp
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+/public/uploads
diff --git a/examples/playbook-rails/Gemfile b/examples/playbook-rails/Gemfile
@@ -3,7 +3,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby "3.1.2"
 
-gem "rails", "~> 7.0.3", ">= 7.0.3.1"
+gem "rails", "~> 7.0.4"
 gem "sprockets-rails"
 gem "sqlite3", "~> 1.5"
 gem "puma", "~> 5.0"

diff --git a/examples/playbook-rails/Gemfile.lock b/examples/playbook-rails/Gemfile.lock
@@ -138,7 +138,7 @@ GEM
       racc (~> 1.4)
     nokogiri (1.13.9-x86_64-linux)
       racc (~> 1.4)
-    playbook_ui (11.5.0)
+    playbook_ui (12.10.0)
       actionpack (>= 5.2.4.5)
       actionview (>= 5.2.4.5)
       activesupport (>= 5.2.4.5)
@@ -254,6 +254,7 @@ GEM
 
 PLATFORMS
   x86_64-darwin-21
+  x86_64-darwin-22
   x86_64-linux
 
 DEPENDENCIES
@@ -264,7 +265,7 @@ DEPENDENCIES
   jbuilder
   playbook_ui
   puma (~> 5.0)
-  rails (~> 7.0.3, >= 7.0.3.1)
+  rails (~> 7.0.4)
   sassc-rails
   selenium-webdriver
   sprockets-rails

diff --git a/examples/playbook-rails/log/development.log b/examples/playbook-rails/log/development.log
@@ -515,3 +515,12 @@ Processing by PagesController#index as HTML
 Completed 200 OK in 5958ms (Views: 5945.3ms | ActiveRecord: 0.0ms | Allocations: 418391)
 
 
+Started GET "/" for ::1 at 2023-03-22 15:23:36 -0400
+Processing by PagesController#index as HTML
+  Rendering layout layouts/application.html.erb
+  Rendering pages/index.html.erb within layouts/application
+  Rendered pages/index.html.erb within layouts/application (Duration: 27.5ms | Allocations: 9119)
+  Rendered layout layouts/application.html.erb (Duration: 5648.5ms | Allocations: 413916)
+Completed 200 OK in 5665ms (Views: 5654.3ms | ActiveRecord: 0.0ms | Allocations: 418485)
+
+
diff --git a/examples/playbook-rails/tmp/.keep b/examples/playbook-rails/tmp/.keep
diff --git a/examples/playbook-rails/tmp/development_secret.txt b/examples/playbook-rails/tmp/development_secret.txt
diff --git a/examples/playbook-rails/tmp/pids/.keep b/examples/playbook-rails/tmp/pids/.keep
diff --git a/examples/playbook-rails/tmp/restart.txt b/examples/playbook-rails/tmp/restart.txt
diff --git a/examples/playbook-rails/tmp/storage/.keep b/examples/playbook-rails/tmp/storage/.keep
diff --git a/examples/rails-react-example/package.json b/examples/rails-react-example/package.json
@@ -4,7 +4,7 @@
     "@fortawesome/fontawesome-free": "^6.2.0",
     "@rails/webpacker": "5.4.3",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
-    "playbook-ui": "^11.6.0",
+    "playbook-ui": "^12.10.0",
     "prop-types": "^15.8.1",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",