WIP: Update dependencies to fix security vulnerabilities

.rubocop.yml

@@ -10,3 +10,4 @@ AllCops:
     - 'Rakefile'
     - 'Vagrantfile'
     - 'vendor/**/*'
+    - 'lib/tasks/*'

.rubocop_todo.yml

@@ -50,7 +50,7 @@ Metrics/PerceivedComplexity:
   Max: 13
 
 # Offense count: 5
-Style/AccessorMethodName:
+Naming/AccessorMethodName:
   Exclude:
     - 'app/controllers/emails_controller.rb'
     - 'app/models/agreement_letter.rb'
@@ -121,7 +121,7 @@ Style/NumericPredicate:
 # NamePrefix: is_, has_, have_
 # NamePrefixBlacklist: is_, has_, have_
 # NameWhitelist: is_a?
-Style/PredicateName:
+Naming/PredicateName:
   Exclude:
     - 'spec/**/*'
     - 'app/controllers/events_controller.rb'

Gemfile

@@ -77,15 +77,15 @@ gem 'cancancan'
 gem 'has_scope'
 
 # Static code analysis
-gem 'rubocop', '0.46'
+gem 'rubocop'
 
 # DSL for building forms
 # See https://github.com/plataformatec/simple_form
 # gem 'simple_form'
 
 # OWl Carousel for nice Slideshows
 # https://github.com/acrogenesis/owlcarousel-rails
-gem 'owlcarousel-rails', github: 'acrogenesis/owlcarousel-rails', branch: 'OwlCarousel2'
+gem 'owlcarousel-rails'
 
 # coveralls.io
 gem 'coveralls', require: false

Gemfile.lock

@@ -1,11 +1,3 @@
-GIT
-  remote: git://github.com/acrogenesis/owlcarousel-rails.git
-  revision: 2dd679c61b795fa08003994c74d140c214781141
-  branch: OwlCarousel2
-  specs:
-    owlcarousel-rails (1.1.3.3)
-      jquery-rails
-
 GEM
   remote: https://rubygems.org/
   specs:
@@ -61,7 +53,7 @@ GEM
       activerecord (>= 3.2, < 6.0)
       rake (>= 10.4, < 13.0)
     arel (8.0.0)
-    ast (2.3.0)
+    ast (2.4.0)
     bcrypt (3.1.11)
     better_errors (2.1.1)
       coderay (>= 1.0.0)
@@ -99,6 +91,7 @@ GEM
       term-ansicolor (~> 1.3)
       thor (~> 0.19.1)
       tins (~> 1.6)
+    crass (1.0.4)
     database_cleaner (1.6.1)
     debug_inspector (0.0.3)
     delocalize (1.2.0)
@@ -112,7 +105,7 @@ GEM
     devise-bootstrap-views (0.0.11)
     diff-lcs (1.3)
     docile (1.1.5)
-    erubi (1.6.1)
+    erubi (1.7.1)
     erubis (2.7.0)
     execjs (2.7.0)
     factory_girl (4.8.0)
@@ -122,7 +115,7 @@ GEM
       railties (>= 3.0.0)
     figaro (1.1.1)
       thor (~> 0.14)
-    globalid (0.4.0)
+    globalid (0.4.1)
       activesupport (>= 4.2.0)
     has_scope (0.7.1)
       actionpack (>= 4.1, < 5.2)
@@ -150,28 +143,31 @@ GEM
       sprockets (> 2, < 4)
       tilt
     libv8 (3.16.14.19)
-    loofah (2.0.3)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.6.6)
-      mime-types (>= 1.16, < 4)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
     method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
     mini_magick (4.8.0)
     mini_mime (0.1.4)
-    mini_portile2 (2.2.0)
+    mini_portile2 (2.3.0)
     minitest (5.11.3)
-    nio4r (2.1.0)
-    nokogiri (1.8.0)
-      mini_portile2 (~> 2.2.0)
+    nio4r (2.3.1)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
     omniauth (1.6.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     orm_adapter (0.5.0)
+    owlcarousel-rails (2.2.3.5)
+    parallel (1.12.1)
     parser (2.3.3.1)
       ast (~> 2.2)
     pdf-core (0.7.0)
@@ -202,7 +198,7 @@ GEM
       pry (>= 0.10.4)
     public_suffix (2.0.5)
     puma (3.10.0)
-    rack (2.0.3)
+    rack (2.0.5)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
@@ -227,8 +223,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
     rails_12factor (0.0.3)
       rails_serve_static_assets
       rails_stdout_logging
@@ -271,14 +267,15 @@ GEM
     rspec-steps (2.1.1)
       rspec (>= 3.0, < 3.99)
     rspec-support (3.6.0)
-    rubocop (0.46.0)
-      parser (>= 2.3.1.1, < 3.0)
+    rubocop (0.51.0)
+      parallel (~> 1.10)
+      parser (>= 2.3.3.1, < 3.0)
       powerpack (~> 0.1)
-      rainbow (>= 1.99.1, < 3.0)
+      rainbow (>= 2.2.2, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-openid (2.7.0)
-    ruby-progressbar (1.8.1)
+    ruby-progressbar (1.9.0)
     ruby-rc4 (0.1.5)
     rubyzip (1.2.1)
     simplecov (0.12.0)
@@ -292,7 +289,7 @@ GEM
     sprockets (3.6.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.0)
+    sprockets-rails (3.2.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -317,7 +314,7 @@ GEM
       railties (>= 3.1)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.3.0)
+    unicode-display_width (1.3.3)
     warden (1.2.7)
       rack (>= 1.0)
     web-console (2.3.0)
@@ -327,7 +324,7 @@ GEM
       sprockets-rails (>= 2.0, < 4.0)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)
+    websocket-extensions (0.1.3)
     will_paginate (3.1.6)
     will_paginate-bootstrap (1.0.1)
       will_paginate (>= 3.0.3)
@@ -367,7 +364,7 @@ DEPENDENCIES
   mini_magick
   omniauth
   omniauth-openid
-  owlcarousel-rails!
+  owlcarousel-rails
   parser (~> 2.3.3.1)
   pdf-inspector
   pg
@@ -384,7 +381,7 @@ DEPENDENCIES
   ref
   rspec-rails (~> 3.6)
   rspec-steps (~> 2.1.1)
-  rubocop (= 0.46)
+  rubocop
   rubyzip
   simplecov
   spring

app/controllers/application_letters_controller.rb

@@ -2,7 +2,7 @@ class ApplicationLettersController < ApplicationController
   load_and_authorize_resource param_method: :application_params
   skip_authorize_resource only: :new
 
-  before_action :set_application, only: %i(show edit update destroy check)
+  before_action :set_application, only: %i[show edit update destroy check]
 
   # GET /applications
   def index

app/controllers/events_controller.rb

@@ -9,9 +9,9 @@
 class EventsController < ApplicationController
   include EventImageUploadHelper
   load_and_authorize_resource
-  skip_authorize_resource only: %i(badges download_agreement_letters send_participants_email)
-  before_action :set_event, only: %i(show edit update destroy participants
-                                     participants_pdf print_applications print_applications_eating_habits badges print_badges)
+  skip_authorize_resource only: %i[badges download_agreement_letters send_participants_email]
+  before_action :set_event, only: %i[show edit update destroy participants
+                                     participants_pdf print_applications print_applications_eating_habits badges print_badges]
 
   # GET /events
   def index
@@ -272,7 +272,7 @@ def event_params
       :application_deadline,
       :hidden,
       custom_application_fields: [],
-      date_ranges_attributes: [:start_date, :end_date, :id]
+      date_ranges_attributes: %i[start_date end_date id]
     )
     if params[:create].present? || params[:update_and_publish].present?
       parameters[:published] = true

app/controllers/profiles_controller.rb

@@ -1,7 +1,7 @@
 class ProfilesController < ApplicationController
   load_and_authorize_resource
 
-  before_action :set_profile, only: %i(show edit update destroy)
+  before_action :set_profile, only: %i[show edit update destroy]
 
   # GET /profiles/1
   def show; end

app/controllers/requests_controller.rb

@@ -1,7 +1,7 @@
 class RequestsController < ApplicationController
   load_and_authorize_resource
-  skip_authorize_resource only: %i(new create)
-  before_action :set_request, only: %i(show edit update destroy accept)
+  skip_authorize_resource only: %i[new create]
+  before_action :set_request, only: %i[show edit update destroy accept]
 
   # GET /requests
   def index

app/models/application_letter.rb

@@ -47,7 +47,7 @@ class ApplicationLetter < ActiveRecord::Base
   # @param none
   # @return [Array <String>] array of selectable statuses
   def self.selectable_statuses
-    %w(accepted rejected pending alternative)
+    %w[accepted rejected pending alternative]
   end
 
   # Checks if the deadline is over

app/models/event.rb

@@ -321,7 +321,7 @@ def application_letters_ordered(field, order_by)
             else
               'users.email'
             end
-    order_by = 'asc' unless order_by == 'asc' || order_by == 'desc'
+    order_by = 'asc' unless order_by == 'desc'
     application_letters.joins(user: :profile).order(field + ' ' + order_by)
   end
 

app/models/profile.rb

@@ -23,7 +23,7 @@
 #
 
 class Profile < ActiveRecord::Base
-  POSSIBLE_GENDERS = %w(male female other).freeze
+  POSSIBLE_GENDERS = %w[male female other].freeze
 
   belongs_to :user
 
@@ -78,15 +78,15 @@ def address
   # @param none
   # @return [Symbol] List of parameters
   def self.allowed_params
-    %i(first_name last_name gender birth_date street_name zip_code city state country discovery_of_site)
+    %i[first_name last_name gender birth_date street_name zip_code city state country discovery_of_site]
   end
 
   # Returns an array containing the allowed methods to sort by
   #
   # @param none
   # @return [Symbol] List of methods
   def self.allowed_sort_methods
-    Profile.allowed_params + %i(address name age)
+    Profile.allowed_params + %i[address name age]
   end
 
   private

app/models/request.rb

@@ -28,12 +28,12 @@
 
 class Request < ActiveRecord::Base
   validates_presence_of :form_of_address, :last_name, :first_name, :phone_number, :school_street, :school_zip_code_city, :email, :topic_of_workshop
-  validates :number_of_participants, numericality: { only_integer: true, greater_than: 0 }, allow_nil: :true
-  validates :number_of_participants_with_previous_knowledge, numericality: { only_integer: true, greater_than_or_equal_to: 0 }, allow_nil: :true
+  validates :number_of_participants, numericality: { only_integer: true, greater_than: 0 }, allow_nil: true
+  validates :number_of_participants_with_previous_knowledge, numericality: { only_integer: true, greater_than_or_equal_to: 0 }, allow_nil: true
   validates_format_of :email, with: Devise.email_regexp
 
-  enum form_of_address: %i(mr mrs prefer_to_omit)
-  enum status: %i(open accepted declined) # per database declaration, the first value is default
+  enum form_of_address: %i[mr mrs prefer_to_omit]
+  enum status: %i[open accepted declined] # per database declaration, the first value is default
 
   def name
     "#{first_name} #{last_name}"

app/uploaders/event_image_uploader.rb

@@ -37,6 +37,6 @@ def capture_size_before_cache(new_file)
 
   # white list of extensions which are allowed to be uploaded
   def extension_whitelist
-    %w(jpg jpeg gif png)
+    %w[jpg jpeg gif png]
   end
 end

lib/pdf_generation/applications_pdf.rb

@@ -40,7 +40,7 @@ def create_overview
     end
     unless @event.application_letters.empty?
       table overview_table_data,
-            header: 2, position: :center, row_colors: %w(F9F9F9 FFFFFF) do
+            header: 2, position: :center, row_colors: %w[F9F9F9 FFFFFF] do
         cells.borders = []
         row(1).borders = [:bottom]
         row(1).font_style = :bold