Merge pull request #1831 from tactilenews/bump_view_component

Bump view_component to fix moderate security alert
tactilenews · Apr 8, 2024 · 66067ef · 66067ef
2 parents 4fad97e + eb00b62
commit 66067ef
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 21 deletions.
diff --git a/Gemfile b/Gemfile
@@ -60,7 +60,7 @@ gem 'pg_search'
 gem 'phony_rails'
 gem 'rails-settings-cached', '~> 2.8'
 gem 'valid_email2', '~> 4.0'
-gem 'view_component', '~> 2'
+gem 'view_component', '~> 2.83.0'
 
 # Middleware
 gem 'rack-attack', '~> 6.6'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -416,8 +416,8 @@ GEM
       activemodel (>= 3.2)
       mail (~> 2.5)
     vcr (6.1.0)
-    view_component (2.72.0)
-      activesupport (>= 5.0.0, < 8.0)
+    view_component (2.83.0)
+      activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     webmock (3.18.1)
@@ -485,7 +485,7 @@ DEPENDENCIES
   tzinfo-data
   valid_email2 (~> 4.0)
   vcr
-  view_component (~> 2)
+  view_component (~> 2.83.0)
   webmock
 
 RUBY VERSION

diff --git a/app/components/request_metrics/request_metrics.rb b/app/components/request_metrics/request_metrics.rb
@@ -2,10 +2,10 @@
 
 module RequestMetrics
   class RequestMetrics < ApplicationComponent
-    def initialize(request:, **)
+    def initialize(request_for_info:, **)
       super
 
-      @request = request
+      @request_for_info = request_for_info
     end
 
     def call
@@ -14,10 +14,10 @@ def call
 
     private
 
-    attr_reader :request
+    attr_reader :request_for_info
 
     def metrics
-      stats = request.stats
+      stats = request_for_info.stats
       [
         {
           value: stats[:counts][:contributors],

diff --git a/app/components/request_notification/request_notification.html.erb b/app/components/request_notification/request_notification.html.erb
@@ -1,7 +1,7 @@
 <div 
   class="RequestNotification" 
   data-controller="request-notification" 
-  data-request-notification-id-value="<%= request.id %>" 
+  data-request-notification-id-value="<%= request_for_info.id %>" 
   data-request-notification-last-updated-at-value="<%= last_updated_at %>"
   data-request-notification-message-template-value="<%= t('components.request_notification.message_template').to_json %>"
   hidden

diff --git a/app/components/request_notification/request_notification.rb b/app/components/request_notification/request_notification.rb
@@ -2,15 +2,15 @@
 
 module RequestNotification
   class RequestNotification < ApplicationComponent
-    def initialize(request:, **)
+    def initialize(request_for_info:, **)
       super
 
-      @request = request
+      @request_for_info = request_for_info
     end
 
     private
 
-    attr_reader :request
+    attr_reader :request_for_info
 
     def last_updated_at
       Time.zone.now.iso8601

diff --git a/app/views/requests/show.html.erb b/app/views/requests/show.html.erb
@@ -1,6 +1,6 @@
 <%= c 'main' do %>
   <% content_for :notifications do %>
-    <%= c 'request_notification', request: @request %>
+    <%= c 'request_notification', request_for_info: @request %>
   <% end %>
 
   <%= c 'page_header', styles: [:largeMarginBottom, :flexboxColumn] do %>
@@ -27,7 +27,7 @@
   <% end %>
 
   <%= c 'section', style: :xlargeSpaceBetween do %>
-    <%= c 'request_metrics', request: @request, style: :cards %>
+    <%= c 'request_metrics', request_for_info: @request, style: :cards %>
 
     <%= c 'stack' do %>
       <%= c 'message_groups_skeleton', request_id: @request.id %>

diff --git a/spec/components/move_message_form_spec.rb b/spec/components/move_message_form_spec.rb
@@ -6,10 +6,10 @@
   subject { render_inline(described_class.new(**params)) }
 
   let!(:older_request) { create(:request, broadcasted_at: 1.hour.ago) }
-  let!(:current_request) { create(:request, broadcasted_at: 0.hours.ago) }
+  let!(:request_for_info) { create(:request, broadcasted_at: 0.hours.ago) }
   let!(:planned_request) { create(:request, broadcasted_at: 1.hour.from_now) }
 
-  let(:message) { create(:message, request: current_request) }
+  let(:message) { create(:message, request: request_for_info) }
 
   let(:params) { { message: message } }
 
@@ -19,7 +19,7 @@
   it 'displays current request checked' do
     first = subject.css('input[type="radio"]').first
 
-    expect(first[:value]).to eq(current_request.id.to_s)
+    expect(first[:value]).to eq(request_for_info.id.to_s)
     expect(first[:checked]).to eq('checked')
   end
 

diff --git a/spec/components/request_metrics_spec.rb b/spec/components/request_metrics_spec.rb
@@ -5,8 +5,8 @@
 RSpec.describe RequestMetrics::RequestMetrics, type: :component do
   subject { render_inline(described_class.new(**params)) }
 
-  let(:params) { { request: request } }
-  let(:request) { build(:request) }
+  let(:params) { { request_for_info: request_for_info } }
+  let(:request_for_info) { build(:request) }
 
   it { should have_text('haben geantwortet') }
   it { should have_text('empfangene Nachrichten') }

diff --git a/spec/components/request_notification_spec.rb b/spec/components/request_notification_spec.rb
@@ -5,8 +5,8 @@
 RSpec.describe RequestNotification::RequestNotification, type: :component do
   subject { render_inline(described_class.new(**params)) }
 
-  let(:params) { { request: request } }
-  let(:request) { build(:request) }
+  let(:params) { { request_for_info: request_for_info } }
+  let(:request_for_info) { build(:request) }
 
   it { should have_css('.RequestNotification', visible: :hidden) }
 end