2.0 Security Upgrades (#220)

* fix(dashboard): Fixes security vulnerability that allowed event_tracking role to access Dashboard (#215)

* chore(release): 1.22.3 [skip ci]

## [1.22.3](v1.22.2...v1.22.3) (2020-05-16)

### Bug Fixes

* **dashboard:** Fixes security vulnerability that allowed event_tracking role to access Dashboard ([#215](#215)) ([](74a40ad))

### Styles

* **check-in:** Changes table header to be more descriptive ([#207](#207)) ([](889fbd0))
* **config:** Removes unused event_is_over flag ([#208](#208)) ([](0c73e66))

* build(deps): Upgrade yarn (#212)

* build(deps): Upgrade yarn

* build(deps): Upgrade gems

* build(deps): Remove obsolete gems

* v0.0.0

* build(deps): Update semantic-release

* fix(questionnaire): visual bug in school autocomplete school dropdown

the css was set for an "a" tag when the list was made up of divs so I
switched the css to work for the "div" tag in the autocomplete

* fix(questionnaire): visual bug in school autocomplete school dropdown

the css was set for an "a" tag when the list was made up of divs so I
switched the css to work for the "div" tag in the autocomplete. I also
hide a element that was not present earlier

* build(deps): Upgrades Rails to 5.2.4.3

* build(deps): Upgrades gems

Co-authored-by: Jeremy Rudman <jeremyrudman@gmail.com>

* build(deps): Bump puma from 4.3.4 to 4.3.5 (#219)

Bumps [puma](https://github.com/puma/puma) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): Upgrades Puma cache (#221)

Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net>
Co-authored-by: Jeremy Rudman <jeremyrudman@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.gitignore

@@ -28,3 +28,8 @@
 
 # don't commit local env vars
 .env
+
+# Ignore RubyMine
+/.idea
+
+.generators

CHANGELOG.md

@@ -1,3 +1,16 @@
+## [1.22.3](https://github.com/codeRIT/hackathon-manager/compare/v1.22.2...v1.22.3) (2020-05-16)
+
+
+### Bug Fixes
+
+* **dashboard:** Fixes security vulnerability that allowed event_tracking role to access Dashboard ([#215](https://github.com/codeRIT/hackathon-manager/issues/215)) ([](https://github.com/codeRIT/hackathon-manager/commit/74a40ad))
+
+
+### Styles
+
+* **check-in:** Changes table header to be more descriptive ([#207](https://github.com/codeRIT/hackathon-manager/issues/207)) ([](https://github.com/codeRIT/hackathon-manager/commit/889fbd0))
+* **config:** Removes unused event_is_over flag ([#208](https://github.com/codeRIT/hackathon-manager/issues/208)) ([](https://github.com/codeRIT/hackathon-manager/commit/0c73e66))
+
 ## [1.22.2](https://github.com/codeRIT/hackathon-manager/compare/v1.22.1...v1.22.2) (2020-03-29)
 
 

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '>= 2.5'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 5.2.4.2'
+gem 'rails', '~> 5.2.4.3'
 # Use mysql as the database for Active Record
 gem 'mysql2', '>= 0.4.4', '< 0.6.0'
 # Use Puma as the app server
@@ -61,7 +61,7 @@ gem 'mustache', '~> 1.0'
 # Assets
 gem 'sprockets'
 gem 'jquery-rails'
-gem 'jquery-ui-sass-rails'
+gem 'jquery-ui-rails'
 gem 'selectize-rails'
 gem 'highcharts-rails', '~> 6.0'
 gem 'bootstrap', '~> 4.3.1'

Gemfile.lock

@@ -1,43 +1,43 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.4.2)
-      actionpack (= 5.2.4.2)
+    actioncable (5.2.4.3)
+      actionpack (= 5.2.4.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.2)
+    actionmailer (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      actionview (= 5.2.4.3)
+      activejob (= 5.2.4.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.2)
-      actionview (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    actionpack (5.2.4.3)
+      actionview (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.2)
-      activesupport (= 5.2.4.2)
+    actionview (5.2.4.3)
+      activesupport (= 5.2.4.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.2)
-      activesupport (= 5.2.4.2)
+    activejob (5.2.4.3)
+      activesupport (= 5.2.4.3)
       globalid (>= 0.3.6)
-    activemodel (5.2.4.2)
-      activesupport (= 5.2.4.2)
-    activerecord (5.2.4.2)
-      activemodel (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    activemodel (5.2.4.3)
+      activesupport (= 5.2.4.3)
+    activerecord (5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       arel (>= 9.0)
-    activestorage (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      activerecord (= 5.2.4.2)
+    activestorage (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      activerecord (= 5.2.4.3)
       marcel (~> 0.3.1)
-    activesupport (5.2.4.2)
+    activesupport (5.2.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -56,23 +56,23 @@ GEM
     autoprefixer-rails (9.7.6)
       execjs
     aws-eventstream (1.1.0)
-    aws-partitions (1.305.0)
-    aws-sdk-core (3.94.0)
+    aws-partitions (1.317.0)
+    aws-sdk-core (3.96.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-kms (1.30.0)
+    aws-sdk-kms (1.31.0)
       aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.63.0)
-      aws-sdk-core (~> 3, >= 3.83.0)
+    aws-sdk-s3 (1.65.0)
+      aws-sdk-core (~> 3, >= 3.96.1)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.1.3)
       aws-eventstream (~> 1.0, >= 1.0.2)
     bcrypt (3.1.13)
-    better_errors (2.7.0)
+    better_errors (2.7.1)
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
@@ -92,7 +92,7 @@ GEM
       sassc-rails (>= 2.0.0)
     builder (3.2.4)
     byebug (11.1.3)
-    capybara (3.32.1)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -127,7 +127,7 @@ GEM
       doorkeeper
       rails
     docile (1.3.2)
-    doorkeeper (5.3.1)
+    doorkeeper (5.4.0)
       railties (>= 5)
     dotenv (2.7.5)
     dotenv-rails (2.7.5)
@@ -154,7 +154,7 @@ GEM
     font-awesome-rails (4.7.0.5)
       railties (>= 3.2, < 6.1)
     formatador (0.2.5)
-    fugit (1.3.4)
+    fugit (1.3.5)
       et-orbi (~> 1.1, >= 1.1.8)
       raabro (~> 1.1)
     globalid (0.4.2)
@@ -199,17 +199,12 @@ GEM
       concurrent-ruby (~> 1.0)
     io-like (0.3.1)
     jmespath (1.4.0)
-    jquery-rails (4.3.5)
+    jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-ui-rails (4.0.3)
-      jquery-rails
-      railties (>= 3.1.0)
-    jquery-ui-sass-rails (4.0.3.0)
-      jquery-rails
-      jquery-ui-rails (= 4.0.3)
-      railties (>= 3.1.0)
+    jquery-ui-rails (6.0.1)
+      railties (>= 3.2.16)
     json (2.3.0)
     jwt (2.2.1)
     listen (3.1.5)
@@ -227,11 +222,11 @@ GEM
     method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0425)
-    mimemagic (0.3.4)
+    mime-types-data (3.2020.0512)
+    mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.14.0)
+    minitest (5.14.1)
     minitest-reporters (1.4.2)
       ansi
       builder
@@ -275,27 +270,27 @@ GEM
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.4)
-    puma (4.3.3)
+    public_suffix (4.0.5)
+    puma (4.3.5)
       nio4r (~> 2.0)
-    raabro (1.1.6)
+    raabro (1.3.1)
     rack (2.2.2)
     rack-protection (2.0.8.1)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.4.2)
-      actioncable (= 5.2.4.2)
-      actionmailer (= 5.2.4.2)
-      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.2)
-      activemodel (= 5.2.4.2)
-      activerecord (= 5.2.4.2)
-      activestorage (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    rails (5.2.4.3)
+      actioncable (= 5.2.4.3)
+      actionmailer (= 5.2.4.3)
+      actionpack (= 5.2.4.3)
+      actionview (= 5.2.4.3)
+      activejob (= 5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activerecord (= 5.2.4.3)
+      activestorage (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       bundler (>= 1.3.0)
-      railties (= 5.2.4.2)
+      railties (= 5.2.4.3)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -313,18 +308,18 @@ GEM
       rails_stdout_logging
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    railties (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.5.0)
-    redis (4.1.3)
+    redis (4.1.4)
     regexp_parser (1.7.0)
     responders (3.0.0)
       actionpack (>= 5.0)
@@ -418,7 +413,7 @@ GEM
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
     valid_attribute (2.0.0)
-    validate_url (1.0.8)
+    validate_url (1.0.11)
       activemodel (>= 3.0.0)
       public_suffix
     warden (1.2.8)
@@ -470,15 +465,15 @@ DEPENDENCIES
   highcharts-rails (~> 6.0)
   httparty
   jquery-rails
-  jquery-ui-sass-rails
+  jquery-ui-rails
   listen (>= 3.0.5, < 3.2)
   minitest-reporters
   mustache (~> 1.0)
   mysql2 (>= 0.4.4, < 0.6.0)
   omniauth-mlh (~> 0.1)
   omniauth-rails_csrf_protection
   puma (~> 4.3)
-  rails (~> 5.2.4.2)
+  rails (~> 5.2.4.3)
   rails-controller-testing
   rails-settings-cached (~> 0.7.2)
   rails_12factor

app/assets/config/manifest.js

@@ -1,3 +1,4 @@
 //= link_tree ../images
 //= link_tree ../javascripts .js
 //= link_directory ../stylesheets .css
+//= link application.css

app/assets/javascripts/application.js

@@ -14,7 +14,7 @@
 //= require activestorage
 //= require turbolinks
 //= require jquery
-//= require jquery.ui.autocomplete
+//= require jquery-ui/widgets/autocomplete
 //= require highcharts
 //= require chartkick
 //= require ./vendor/debounce

app/assets/javascripts/registrations.js

@@ -1,6 +1,7 @@
 document.addEventListener('turbolinks:load', function() {
   $('[data-school-picker]').autocomplete({
     source: function(request, response) {
+      $(".ui-helper-hidden-accessible").hide();
       $.ajax({
         url: '/apply/schools',
         dataType: 'json',

app/assets/stylesheets/forms/_forms.sass

@@ -261,9 +261,10 @@ input[type=submit]
     color: var(--input--text--focus)
   list-style: none
   padding: 0
-  .ui-menu-item a
+  .ui-menu-item div
     padding: 2px 5px
     display: block
+    cursor: pointer
     &:hover, &.ui-state-focus
       @include css4
         background: var(--primary)

app/controllers/manage/dashboard_controller.rb

@@ -1,6 +1,6 @@
 class Manage::DashboardController < Manage::ApplicationController
   skip_before_action :require_admin_or_limited_admin
-  before_action :require_admin_or_limited_admin_or_event_tracking
+  before_action :require_admin_or_limited_admin
 
   def index
   end

package.json

@@ -3,8 +3,9 @@
   "private": true,
   "dependencies": {},
   "devDependencies": {
-    "@semantic-release/changelog": "^3.0.2",
-    "@semantic-release/git": "^7.0.8",
-    "semantic-release": "^15.13.12"
-  }
+    "@semantic-release/changelog": "^5.0.1",
+    "@semantic-release/git": "^9.0.0",
+    "semantic-release": "^17.0.7"
+  },
+  "version": "0.0.0"
 }