From 5debe9e8ee2499079ca81648d2185db320162b81 Mon Sep 17 00:00:00 2001 From: Sivin Varghese <64252451+iamsivin@users.noreply.github.com> Date: Mon, 23 Aug 2021 21:34:23 +0530 Subject: [PATCH] fix: Add agent typing notification on all channels (#2855) Fixes CVE-2021-22881 Co-authored-by: Pranav Raj S --- .circleci/config.yml | 10 +- Gemfile.lock | 118 +++++++++--------- .../widgets/conversation/ReplyBox.vue | 12 +- 3 files changed, 69 insertions(+), 71 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f8ffdf076..c5a6430a3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ defaults: &defaults working_directory: ~/build docker: # specify the version you desire here - - image: circleci/ruby:3.0.2-node-browsers + - image: cimg/ruby:3.0.2-node # Specify service dependencies here if necessary # CircleCI maintains a library of pre-built images @@ -40,20 +40,20 @@ jobs: - restore_cache: keys: - - chatwoot-bundle-{{ checksum "Gemfile.lock" }} + - chatwoot-bundle-{{ .Environment.CACHE_VERSION }}-{{ checksum "Gemfile.lock" }} - chatwoot-bundle - run: bundle install --frozen --path ~/.bundle - save_cache: paths: - ~/.bundle - key: chatwoot-bundle-{{ checksum "Gemfile.lock" }} + key: chatwoot-bundle-{{ .Environment.CACHE_VERSION }}-{{ checksum "Gemfile.lock" }} # Only necessary if app uses webpacker or yarn in some other way - restore_cache: keys: - - chatwoot-yarn-{{ checksum "yarn.lock" }} + - chatwoot-yarn-{{ .Environment.CACHE_VERSION }}-{{ checksum "yarn.lock" }} - chatwoot-yarn- - run: @@ -62,7 +62,7 @@ jobs: # Store yarn / webpacker cache - save_cache: - key: chatwoot-yarn-{{ checksum "yarn.lock" }} + key: chatwoot-yarn-{{ .Environment.CACHE_VERSION }}-{{ checksum "yarn.lock" }} paths: - ~/.cache/yarn diff --git a/Gemfile.lock b/Gemfile.lock index 30c6c022a..c849b2b20 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,63 +1,63 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.4) - actionpack (= 6.1.4) - activesupport (= 6.1.4) + actioncable (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4) - actionpack (= 6.1.4) - activejob (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + actionmailbox (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (>= 2.7.1) - actionmailer (6.1.4) - actionpack (= 6.1.4) - actionview (= 6.1.4) - activejob (= 6.1.4) - activesupport (= 6.1.4) + actionmailer (6.1.4.1) + actionpack (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.4) - actionview (= 6.1.4) - activesupport (= 6.1.4) + actionpack (6.1.4.1) + actionview (= 6.1.4.1) + activesupport (= 6.1.4.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4) - actionpack (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + actiontext (6.1.4.1) + actionpack (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) nokogiri (>= 1.8.5) - actionview (6.1.4) - activesupport (= 6.1.4) + actionview (6.1.4.1) + activesupport (= 6.1.4.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) active_record_query_trace (1.8) - activejob (6.1.4) - activesupport (= 6.1.4) + activejob (6.1.4.1) + activesupport (= 6.1.4.1) globalid (>= 0.3.6) - activemodel (6.1.4) - activesupport (= 6.1.4) - activerecord (6.1.4) - activemodel (= 6.1.4) - activesupport (= 6.1.4) + activemodel (6.1.4.1) + activesupport (= 6.1.4.1) + activerecord (6.1.4.1) + activemodel (= 6.1.4.1) + activesupport (= 6.1.4.1) activerecord-import (1.2.0) activerecord (>= 3.2) - activestorage (6.1.4) - actionpack (= 6.1.4) - activejob (= 6.1.4) - activerecord (= 6.1.4) - activesupport (= 6.1.4) + activestorage (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activesupport (= 6.1.4.1) marcel (~> 1.0.0) mini_mime (>= 1.1.0) - activesupport (6.1.4) + activesupport (6.1.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -115,7 +115,7 @@ GEM statsd-ruby (~> 1.1) bcrypt (3.1.16) bindex (0.8.1) - bootsnap (1.7.6) + bootsnap (1.7.7) msgpack (~> 1.0) brakeman (5.1.1) browser (5.3.1) @@ -216,7 +216,7 @@ GEM grpc (~> 1.25) geocoder (1.6.7) gli (2.20.1) - globalid (0.5.1) + globalid (0.5.2) activesupport (>= 5.0) google-apis-core (0.4.1) addressable (~> 2.5, >= 2.5.1) @@ -336,7 +336,7 @@ GEM listen (3.6.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.11.0) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -349,7 +349,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2021.0704) mini_magick (4.11.0) - mini_mime (1.1.0) + mini_mime (1.1.1) minitest (5.14.4) mock_redis (0.28.0) ruby2_keywords @@ -362,7 +362,7 @@ GEM net-http-persistent (4.0.1) connection_pool (~> 2.2) netrc (0.11.0) - nio4r (2.5.7) + nio4r (2.5.8) nokogiri (1.11.7-arm64-darwin) racc (~> 1.4) nokogiri (1.11.7-x86_64-darwin) @@ -400,29 +400,29 @@ GEM rack-test (1.1.0) rack (>= 1.0, < 3) rack-timeout (0.6.0) - rails (6.1.4) - actioncable (= 6.1.4) - actionmailbox (= 6.1.4) - actionmailer (= 6.1.4) - actionpack (= 6.1.4) - actiontext (= 6.1.4) - actionview (= 6.1.4) - activejob (= 6.1.4) - activemodel (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + rails (6.1.4.1) + actioncable (= 6.1.4.1) + actionmailbox (= 6.1.4.1) + actionmailer (= 6.1.4.1) + actionpack (= 6.1.4.1) + actiontext (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activemodel (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) bundler (>= 1.15.0) - railties (= 6.1.4) + railties (= 6.1.4.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.1) loofah (~> 2.3) - railties (6.1.4) - actionpack (= 6.1.4) - activesupport (= 6.1.4) + railties (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) method_source rake (>= 0.13) thor (~> 1.0) diff --git a/app/javascript/dashboard/components/widgets/conversation/ReplyBox.vue b/app/javascript/dashboard/components/widgets/conversation/ReplyBox.vue index 6e7a039af..acb417876 100644 --- a/app/javascript/dashboard/components/widgets/conversation/ReplyBox.vue +++ b/app/javascript/dashboard/components/widgets/conversation/ReplyBox.vue @@ -390,13 +390,11 @@ export default { this.isFocused = true; }, toggleTyping(status) { - if (this.isAWebWidgetInbox && !this.isPrivate) { - const conversationId = this.currentChat.id; - this.$store.dispatch('conversationTypingStatus/toggleTyping', { - status, - conversationId, - }); - } + const conversationId = this.currentChat.id; + this.$store.dispatch('conversationTypingStatus/toggleTyping', { + status, + conversationId, + }); }, onFileUpload(file) { if (!file) {