12dcabcdbd
docker: Remove need for static_asset_compiler.
...
Now that the way we're installing from Git involving building a
release tarball with a 2-stage build, we no longer need to do this.
2018-05-20 13:15:21 -07:00
d140838831
provision: Bump provision version after dependencies upgrade.
2018-05-20 11:18:59 -07:00
ac7e6b19bd
xmlhttprequest: Upgrade xmlhttprequest to v1.8.0.
2018-05-20 11:11:03 -07:00
62a90661ad
underscore: Upgrade underscore to v1.9.0.
2018-05-20 11:11:03 -07:00
4605579335
typescript: Upgrade typescript to v2.8.3.
2018-05-20 11:11:03 -07:00
38d6654265
tslint: Upgrade tslint to v5.10.0.
2018-05-20 11:11:03 -07:00
a60099a6d5
ts-loader: Upgrade ts-loader to v4.3.0.
2018-05-20 11:11:03 -07:00
0c87ce5b1c
svgo: Upgrade svgo to v1.0.5.
...
It also updated all the svg to be optmized per new version.
This new version, since the last version contains bug fixes and improvement.
Refs: https://github.com/svg/svgo/releases
2018-05-20 11:11:03 -07:00
0d697cd569
String.codePointAt: Upgrade String.codePointAt polyfill to v0.2.1.
2018-05-20 11:11:03 -07:00
4091815721
moment-timezone: Upgrade moment-timezone to v0.5.17.
...
Refs: https://github.com/moment/moment-timezone/blob/master/changelog.md
2018-05-20 11:11:03 -07:00
506b23237a
jquery-validation: Upgrade jquery-validation to v1.17.0
...
Refs: https://github.com/jquery-validation/jquery-validation/releases/tag/1.17.0
2018-05-20 11:11:03 -07:00
11d819ee3d
clipboard: Upgrade clipboard to v2.0.1.
2018-05-20 11:11:03 -07:00
9c4a189781
moment: Upgrade moment to v2.22.1.
...
This version since the last version contains bug fixes and locale improvements.
Ref: https://github.com/moment/moment/blob/develop/CHANGELOG.md#2221-see-full-changelog
2018-05-20 11:11:03 -07:00
778742a189
jsdom: Upgrade jsdom to v11.10.0.
...
This also updates node_tests to use new constructor which is uppercase,
and some properties that are changed to be more clear now, like
jsdom().defaultView which is meant to the window object is now called window.
Ref: https://github.com/jsdom/jsdom/blob/master/Changelog.md
2018-05-20 11:11:03 -07:00
00151f988a
handlebars: Upgrade handlebars to v4.0.11.
...
This version only contains bugfixes. No breaking changes have been introduced.
Ref: https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v4011---october-17th-2017
2018-05-20 11:11:03 -07:00
7b40f8d50d
flatpickr: Upgrade flatpickr to v4.5.0.
...
This new version is a lot ahead that what we now have currently.
Reading through the changelog there does not seem to any breaking
changes, just that this package have been updated a lot.
Ref: https://github.com/flatpickr/flatpickr/releases
2018-05-20 11:11:03 -07:00
f02c2349b8
@types/webpack: Upgrade @types/webpack to v4.4.0.
...
This updates the webpack typescript type defenations to latest so we
can find bugs with webpack configurations.
2018-05-20 11:11:03 -07:00
bcfc34c996
webpack-cli: Upgrade webpack-cli to v2.1.3.
...
This version just contains bugs fixes and regressions covered.
Ref: https://github.com/webpack/webpack-cli/releases/tag/2.1.3
2018-05-20 11:11:03 -07:00
50b663906a
nyc: Upgrade nyc to v11.8.0.
...
This fixes a one vulnerability with this package's dependency.
randomatic - Cryptographically Weak PRNG
Ref: https://nodesecurity.io/advisories/157
2018-05-20 11:11:03 -07:00
19ba08e055
webpack-dev-server: Upgrade webpack-dev-server to v3.1.4.
2018-05-20 11:11:03 -07:00
74b0a73260
phantomjs-prebuilt: Upgrade phantomjs-prebuilt to 2.1.16.
...
This solves 8 vulnerabilities, in its dependencies.
conacat-stream - Memory Exposure
Ref: https://nodesecurity.io/advisories/597
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566
tunnel-agent - Memory Exposure
Ref: https://nodesecurity.io/advisories/598
debug - Regular Expression Denial of Service
Ref: https://nodesecurity.io/advisories/534
stringstream - Out-of-bounds Read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
b9d49c846e
webpack: Upgrade webpack to v4.8.3.
2018-05-20 11:11:03 -07:00
6f4fc628e6
node-sass: Upgrade node-sass to v4.9.0.
...
This resolves 12 vulnerabilities.
Following were the issue with the dependencies of node-sass.
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566
tunnle-agent - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/598
stringstream - Out-of-bounds read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
b376629974
ploty.js: Upgrade ploty.js to v1.37.1.
...
This solves 14 security venrubilities in the ploty.js's dependencies.
This was found by using the `npm audit` tool which can analyse dependencies
of dependencies issues.
static-eval - Sandbox Breakout / Arbitrary Code Execution
Ref: https://nodesecurity.io/advisories/548
hoek - Prototype pollution
Ref: https://nodesecurity.io/advisories/566
stringstream - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
fa9d79e203
stats: Add 1 day actives and total users to number of users chart.
2018-05-20 10:56:16 -07:00
5ddc6c21e9
stats: Clean up line spacing in populate_number_of_users in stats.js.
...
We use this compressed form in our other layout definitions. Makes it easier
to visually digest.
2018-05-20 10:56:16 -07:00
66a589c7a7
stats: Extend get_chart_data to support charts with multiple CountStats.
2018-05-20 10:56:16 -07:00
08bf0a66b8
stats: Refactor the get_time_series_by_subgroup calls in get_chart_data.
...
This code is going to end up pretty complex -- each stat has multiple levels
of aggregation (UserCount, RealmCount, InstallationCount), and refinement
(subgroups), and soon we'll have charts that take data from multiple stats
as input.
Not sure what the best way to present it is, but hopefully this simplifies
it a bit.
2018-05-20 10:56:16 -07:00
26decb4c48
stats: Add 1day_actives::day CountStat to analytics tables.
2018-05-20 10:56:16 -07:00
3dcde1c139
webhooks/mention: Update docs to conform to style guide.
...
This one took quite a while too. The interaction between Mention
and Zapier is kinda weird and the Zapier instructions are pretty
complicated.
2018-05-20 10:54:13 -07:00
2f93c16df2
webhooks/slack: Update docs to conform to style guide.
2018-05-20 10:54:13 -07:00
257d0f5537
webhooks/statuspage: Update docs to conform to style guide.
2018-05-20 10:54:13 -07:00
d94202c662
notifications: Add consistent order for sending email notifications.
...
Notification emails are sent in increasing order of the max message-id
of the unread message thread.
2018-05-20 10:19:13 -07:00
407aa99704
test_notifications: Fix confusing variable naming in test_unread_anchor.
2018-05-20 10:16:53 -07:00
3f4200db3c
tests: Disable slow query messages in test environment.
...
Slow queries during backend tests sends messages to Error Bot
which affects the database state causing the tests to fail.
This fixes the occasional flakes due to that.
2018-05-20 10:16:53 -07:00
2aa044d327
webhooks/librato: Stop advertising Snapshot notifications.
...
We ask our users to enable Snapshot notifications in Zulip via
Slack! But our Slack integration isn't exactly super robust and
I checked and our librato implementation isn't super smart about
handling snapshot payloads that come in via Slack.
Overall, this seems like a very poor solution, asking the user
to set up Slack in order to get the notifications in Zulip. So, I
thought we should get rid of at least the docs that suggest doing
this.
I also read librato/view.py and it wasn't clear to me how Slack
is supposed to act as an intermediate service here in a reliable
manner, which is another reason to not advertise this.
2018-05-20 10:14:03 -07:00
9d9988d368
webhooks/librato: Rewrite docs to conform to style guide.
2018-05-20 10:14:03 -07:00
2655ece96f
create-production-venv: Fix missing virtualenv dependency.
...
On newer distros like Xenial, Stretch, etc., we were incorrectly not
installing the Python 3 version of the virtualenv package. This was
accidentally working because most base images with Python already have
this package too, but this was failing to install the right
dependencies in our Docker builds, requiring unnecessary manual code.
We fixed this some time ago for provision.py, but not for production.
2018-05-18 16:53:35 -07:00
9de80990ea
api: Update links for new /deploying-bots page.
...
Also caught by test-help-documentation.
2018-05-18 16:31:52 -07:00
847fc69c79
api: Fix a badly line-wrapped link.
...
Caught by test-help-documentation.
2018-05-18 16:31:36 -07:00
dd7507c88a
docs: Add a page on deploying bots in production.
2018-05-18 16:13:17 -07:00
0ba5c9c07d
lint: Fix extra long lines in stats.js.
...
I'm not sure why this wasn't reported in CI.
2018-05-18 15:44:30 -07:00
ffa41311ca
tests: Add node test for compose.needs_subscribe_warning.
2018-05-18 15:24:40 -07:00
bdda920e0b
bots: Do not show `not_subscribed` warning for bots on private streams.
...
Fixes #9373 .
`not_subscribed` warning is not shown for bots on either private or public
streams. Some of the bots have an interface such that they receive the
message mentioning them even if on a private stream where they are not
subscribed.
2018-05-18 15:24:40 -07:00
2e6d04797a
static/js/settings_users.js: Remove unused function.
...
Remove function `get_email_for_user_row`. As we already store email
as data-attribute of row, can directly access with .attr() method.
2018-05-18 15:20:43 -07:00
38db31779b
/json/bots: Return "No user" if access other realms bot.
...
Instead of returning warning "Insufficient Permission", return
"No such bot" warning if user tries to access other realms bot."
2018-05-18 15:20:43 -07:00
4162e61f33
/json/users: Replace email with user_id in API to reactivate user.
2018-05-18 15:20:43 -07:00
06e7e933cc
/json/users: Replace email with user_id in API to update/remove users.
2018-05-18 15:20:43 -07:00
b8e2339a65
test_presence: Update debugging print statements.
2018-05-18 15:20:15 -07:00
1af7fc7344
stats: Add /stats/installation.
2018-05-18 15:12:36 -07:00
Tim Abbott
Priyank Patel
Nikhil Kumar Mishra
Rishi Gupta
Eeshan Garg
Sampriti Panda
Shubham Padia
Yashashvi Dave