- Fix security vulnerbility for rack, nokogiri, excon, puma

- lock all dependency gem versions to make it safe to `bundle update` at anytime - update Readme links to ssl version of the documentation
obi-a · Dec 30, 2019 · 7451dc0 · 7451dc0
1 parent dee83bf
commit 7451dc0
Show file tree

Hide file tree

Showing 14 changed files with 115 additions and 117 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -21,4 +21,6 @@ addons:
     packages:
       - libzmq3-dev
 
+before_install: bundle update --bundler
+
 script: bundle exec rake webapp_tests core_tests
diff --git a/Changelog.rdoc b/Changelog.rdoc
@@ -1,3 +1,10 @@
+==Ragios v0.7.2.2
+12-30-2019
+- Fix security vulnerbility for rack, nokogiri, excon, puma
+- lock all dependency gem versions to make it safe to `bundle update` at anytime
+- update Readme links to ssl version of the documentation
+
+
 ==Ragios v0.7.2.1
 07-08-2019
 - Fix bug with that raises a port already bound error for workers port 5043 during started, this bug was introduced during the translation of existing docker-compose files to kubernetes for the last release. (showstopper release for v0.7.2 users)

diff --git a/Gemfile b/Gemfile
@@ -1,28 +1,28 @@
 source 'http://rubygems.org'
 
 gem 'rufus-scheduler', '~> 3.4.2', :require => 'rufus/scheduler'
-gem 'state_machine'
+gem 'state_machine', '~> 1.2.0'
 gem 'leanback', '~> 0.5.14'
-gem 'contracts'
+gem 'contracts', '0.4'
 gem 'celluloid-zmq', '~> 0.17.2'
+gem "nokogiri", '~> 1.10.4'
 
 gem 'daemons', :group => [:services]
 gem 'rake', :group => [:development, :test]
 gem 'ffi', '~> 1.9.24'
-gem "rack", ">= 2.0.6", :group => [:development, :web]
+gem 'rack', '~> 2.0.6', :group => [:development, :web]
 
 group :development do
   gem 'pry'
   gem 'foreman'
-  gem 'ragios-client', '~> 0.2.4'
 end
 
 group :notifiers do
   gem 'aws-ses'
 end
 
 group :plugins do
-  gem 'excon'
+  gem 'excon', '~> 0.71.0'
 end
 
 group :test do
@@ -31,7 +31,7 @@ group :test do
 end
 
 group :web, :development do
-  gem 'puma', '~> 3.10.0'
+  gem 'puma', '~> 3.12.2'
   gem 'sinatra', '~> 2.0.2', :require => 'sinatra/base'
   gem 'rack-protection', '~> 2.0.0'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -6,8 +6,8 @@ GEM
       mail (> 2.2.5)
       mime-types
       xml-simple
-    builder (3.2.3)
-    celluloid (0.17.3)
+    builder (3.2.4)
+    celluloid (0.17.4)
       celluloid-essentials
       celluloid-extras
       celluloid-fsm
@@ -29,105 +29,94 @@ GEM
       ffi
       ffi-rzmq
       timers (>= 4.1.1)
-    coderay (1.0.9)
+    coderay (1.1.2)
+    concurrent-ruby (1.1.5)
     contracts (0.4)
-    daemons (1.1.0)
+    daemons (1.3.1)
     diff-lcs (1.3)
-    domain_name (0.5.20180417)
+    domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    et-orbi (1.0.8)
+    et-orbi (1.2.2)
       tzinfo
-    excon (0.45.4)
+    excon (0.71.1)
     ffi (1.9.25)
     ffi (1.9.25-java)
-    ffi-rzmq (2.0.5)
-      ffi-rzmq-core (>= 1.0.6)
-    ffi-rzmq-core (1.0.6)
+    ffi-rzmq (2.0.7)
+      ffi-rzmq-core (>= 1.0.7)
+    ffi-rzmq-core (1.0.7)
       ffi
-    foreman (0.84.0)
-      thor (~> 0.19.1)
-    hitimes (1.2.4)
-    hitimes (1.2.4-java)
+    foreman (0.86.0)
+    http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
     leanback (0.5.14)
       multi_json (~> 1.11)
       rest-client (~> 2.0)
-    mail (2.6.6)
-      mime-types (>= 1.16, < 4)
-    method_source (0.8.1)
-    mime-types (3.2.2)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.2)
+    mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2018.0812)
+    mime-types-data (3.2019.1009)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    multi_json (1.13.1)
+    multi_json (1.14.1)
     mustermann (1.0.3)
     netrc (0.11.0)
-    nokogiri (1.9.1)
+    nokogiri (1.10.7)
       mini_portile2 (~> 2.4.0)
-    nokogiri (1.9.1-java)
-    pry (0.9.12.2)
-      coderay (~> 1.0.5)
-      method_source (~> 0.8)
-      slop (~> 3.4)
-    pry (0.9.12.2-java)
-      coderay (~> 1.0.5)
-      method_source (~> 0.8)
-      slop (~> 3.4)
+    nokogiri (1.10.7-java)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry (0.12.2-java)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
       spoon (~> 0.0)
-    puma (3.10.0)
-    puma (3.10.0-java)
-    rack (2.0.6)
-    rack-protection (2.0.4)
+    puma (3.12.2)
+    puma (3.12.2-java)
+    rack (2.0.8)
+    rack-protection (2.0.7)
       rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    ragios-client (0.2.4)
-      multi_json
-      nokogiri (>= 1.8.2)
-      rack (>= 2.0.6)
-      rest-client
-    rake (12.0.0)
-    rest-client (2.0.2)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rake (13.0.1)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rspec (3.6.0)
-      rspec-core (~> 3.6.0)
-      rspec-expectations (~> 3.6.0)
-      rspec-mocks (~> 3.6.0)
-    rspec-core (3.6.0)
-      rspec-support (~> 3.6.0)
-    rspec-expectations (3.6.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-mocks (3.6.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-support (3.6.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.1)
     rufus-scheduler (3.4.2)
       et-orbi (~> 1.0)
-    sinatra (2.0.4)
+    sinatra (2.0.7)
       mustermann (~> 1.0)
       rack (~> 2.0)
-      rack-protection (= 2.0.4)
+      rack-protection (= 2.0.7)
       tilt (~> 2.0)
-    slop (3.4.3)
-    spoon (0.0.4)
+    spoon (0.0.6)
       ffi
     state_machine (1.2.0)
-    thor (0.19.4)
-    thread_safe (0.3.6)
-    thread_safe (0.3.6-java)
-    tilt (2.0.8)
-    timers (4.1.2)
-      hitimes
-    tzinfo (1.2.4)
-      thread_safe (~> 0.1)
+    tilt (2.0.10)
+    timers (4.3.0)
+    tzinfo (2.0.1)
+      concurrent-ruby (~> 1.0)
     unf (0.1.4)
       unf_ext
     unf (0.1.4-java)
-    unf_ext (0.0.7.5)
+    unf_ext (0.0.7.6)
     xml-simple (1.1.5)
 
 PLATFORMS
@@ -137,23 +126,23 @@ PLATFORMS
 DEPENDENCIES
   aws-ses
   celluloid-zmq (~> 0.17.2)
-  contracts
+  contracts (= 0.4)
   daemons
-  excon
+  excon (~> 0.71.0)
   ffi (~> 1.9.24)
   foreman
   leanback (~> 0.5.14)
+  nokogiri (~> 1.10.4)
   pry
-  puma (~> 3.10.0)
-  rack (>= 2.0.6)
+  puma (~> 3.12.2)
+  rack (~> 2.0.6)
   rack-protection (~> 2.0.0)
   rack-test
-  ragios-client (~> 0.2.4)
   rake
   rspec
   rufus-scheduler (~> 3.4.2)
   sinatra (~> 2.0.2)
-  state_machine
+  state_machine (~> 1.2.0)
 
 BUNDLED WITH
    1.15.4
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Sample usage to monitor a website for uptime in Ruby code:
 ```ruby
 monitor = {
   monitor: "My Website",
-  url: "http://mysite.com",
+  url: "https://mysite.com",
   every: "5m",
   contact: "[email protected]",
   via: "email_notifier",
@@ -17,11 +17,11 @@ monitor = {
 
 ragios.create(monitor)
 ```
-The above example creates a monitor that monitor uses an `uptime_monitor` plugin to monitor the website `http://mysite.com` for uptime. This monitor runs tests on the website every 5 minutes, if it detects the website is down, it sends an  alert email to `[email protected]` via an email notifier.
+The above example creates a monitor that monitor uses an `uptime_monitor` plugin to monitor the website `https://mysite.com` for uptime. This monitor runs tests on the website every 5 minutes, if it detects the website is down, it sends an  alert email to `[email protected]` via an email notifier.
 
 ## Features:
 A small and minimal extensible design:
-* Users can add, update, start, stop, restart and delete monitors that can monitor anything in simple Ruby code. [See details](http://www.whisperservers.com/ragios/ragios-saint-ruby/using-ragios/)
+* Users can add, update, start, stop, restart and delete monitors that can monitor anything in simple Ruby code. [See details](https://www.whisperservers.com/ragios/ragios-saint-ruby/using-ragios/)
 
 * Includes a REST API, a web admin dashboard (Web UI) and a Ruby client rubygem that makes it easy to interact with Ragios directly with ruby code.
 
@@ -49,41 +49,41 @@ I'm doing this just for fun and educational purposes.
 ## Documentation:
 
 
-* [Ragios (Saint Ruby)](http://www.whisperservers.com/ragios/ragios-saint-ruby/)
+* [Ragios (Saint Ruby)](http//www.whisperservers.com/ragios/ragios-saint-ruby/)
 
-   + [Installation](http://www.whisperservers.com/ragios/ragios-saint-ruby/installation/)
+   + [Installation](https://www.whisperservers.com/ragios/ragios-saint-ruby/installation/)
 
-   + [Start/Stop the server](http://www.whisperservers.com/ragios/running-ragios/)
+   + [Start/Stop the server](https://www.whisperservers.com/ragios/running-ragios/)
 
-   + [Using Ragios](http://www.whisperservers.com/ragios/ragios-saint-ruby/using-ragios/)
+   + [Using Ragios](https://www.whisperservers.com/ragios/ragios-saint-ruby/using-ragios/)
 
-   + [Notifications](http://www.whisperservers.com/ragios/ragios-saint-ruby/notifications/)
+   + [Notifications](https://www.whisperservers.com/ragios/ragios-saint-ruby/notifications/)
 
-   + [Events](http://www.whisperservers.com/ragios/events/)
+   + [Events](https://www.whisperservers.com/ragios/events/)
 
-   + [Services](http://www.whisperservers.com/ragios/services/)
+   + [Services](https://www.whisperservers.com/ragios/services/)
 
    + [Web Admin Dashboard](https://github.com/obi-a/ragios/wiki/Web-Admin-Dashboard)
 
-   + [Development Mode](http://www.whisperservers.com/ragios/development-mode/)
+   + [Development Mode](https://www.whisperservers.com/ragios/development-mode/)
 
-   + [Creating Notifiers](http://www.whisperservers.com/ragios/notifiers/)
+   + [Creating Notifiers](https://www.whisperservers.com/ragios/notifiers/)
 
-   + [Creating Plugins](http://www.whisperservers.com/ragios/plugins/)
+   + [Creating Plugins](https://www.whisperservers.com/ragios/plugins/)
 
-   + [Authentication](http://www.whisperservers.com/ragios/authentication/)
+   + [Authentication](https://www.whisperservers.com/ragios/authentication/)
 
-   + [REST API](http://www.whisperservers.com/ragios/ragios-rest-api/)
+   + [REST API](https://www.whisperservers.com/ragios/ragios-rest-api/)
 
-     * [API Authentication](http://www.whisperservers.com/ragios/api-authentication/)
+     * [API Authentication](https://www.whisperservers.com/ragios/api-authentication/)
 
-     * [Monitors API](http://www.whisperservers.com/ragios/monitors-api/)
+     * [Monitors API](https://www.whisperservers.com/ragios/monitors-api/)
 
-     * [Events API](http://www.whisperservers.com/ragios/events-api/)
+     * [Events API](https://www.whisperservers.com/ragios/events-api/)
    + [Run Ragios on a Kubernetes Cluster](https://github.com/obi-a/ragios/wiki/Run-Ragios-on-a-Kubernetes-Cluster)
 
 
 ## License:
 MIT License.
 
-Copyright (c) 2019 Obi Akubue, obi-akubue.org
+Copyright (c) 2020 Obi Akubue, obi-akubue.org
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.7.2.1
+0.7.2.2
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -17,8 +17,8 @@ services:
       RAGIOS_RECURRING_JOBS_RECEIVER_ADDRESS: recurring_jobs
       RAGIOS_EVENTS_RECEIVER_ADDRESS: events
       RAGIOS_WEB_SERVER_ADDRESS: 'tcp://0.0.0.0:5041'
-      RAGIOS_WEB_SERVER_ENV: production
-      RAGIOS_ENV: production
+      RAGIOS_WEB_SERVER_ENV: development
+      RAGIOS_ENV: development
       RAGIOS_LOG_LEVEL: debug
       SES_AWS_ACCESS_KEY_ID:
       SES_AWS_SECRET_ACCESS_KEY:
@@ -49,7 +49,7 @@ services:
       RAGIOS_RECURRING_JOBS_RECEIVER_ADDRESS: '0.0.0.0'
       RAGIOS_EVENTS_RECEIVER_ADDRESS: events
       RAGIOS_WORKERS_PUSHER_ADDRESS: '0.0.0.0'
-      RAGIOS_ENV: production
+      RAGIOS_ENV: development
       RAGIOS_LOG_LEVEL: debug
       SES_AWS_ACCESS_KEY_ID:
       SES_AWS_SECRET_ACCESS_KEY:
@@ -78,7 +78,7 @@ services:
       RAGIOS_EVENTS_RECEIVER_ADDRESS: events
       RAGIOS_WORKERS_PUSHER_ADDRESS: recurring_jobs
       RAGIOS_NOTIFICATIONS_RECEIVER_ADDRESS: notifications
-      RAGIOS_ENV: production
+      RAGIOS_ENV: development
       RAGIOS_LOG_LEVEL: debug
       SES_AWS_ACCESS_KEY_ID:
       SES_AWS_SECRET_ACCESS_KEY:
@@ -98,7 +98,7 @@ services:
       - couchdb:couchdb
     environment:
       RAGIOS_EVENTS_RECEIVER_ADDRESS: '0.0.0.0'
-      RAGIOS_ENV: production
+      RAGIOS_ENV: development
       RAGIOS_LOG_LEVEL: debug
       COUCHDB_ADMIN_USERNAME:
       COUCHDB_ADMIN_PASSWORD:
@@ -118,7 +118,7 @@ services:
     environment:
       RAGIOS_NOTIFICATIONS_RECEIVER_ADDRESS: '0.0.0.0'
       RAGIOS_EVENTS_RECEIVER_ADDRESS: events
-      RAGIOS_ENV: production
+      RAGIOS_ENV: development
       RAGIOS_LOG_LEVEL: debug
       SES_AWS_ACCESS_KEY_ID:
       SES_AWS_SECRET_ACCESS_KEY: