Skip to content

v15.18.0 #2496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gabrielburnworth merged 55 commits into from
Sep 3, 2025
Merged

v15.18.0 #2496

gabrielburnworth merged 55 commits into from
Sep 3, 2025

Conversation

@gabrielburnworth
Copy link
Contributor

@gabrielburnworth gabrielburnworth commented Sep 3, 2025

No description provided.

@gabrielburnworth
upgrade deps (bp6)
767c1b8
@gabrielburnworth
clear parcel assets before building
bba871d
@gabrielburnworth
Merge branch 'main' of https://github.com/FarmBot/Farmbot-Web-App int…
761eb61 
…o staging
@gabrielburnworth
fix csp_reports error
ccc4559
@gabrielburnworth
add commit SHAs to release info
0ace718
@gabrielburnworth
upgrade deps (postgres:17)
d668a84
@gabrielburnworth
add menu configs and sun angle debugger
b16ef34
@gabrielburnworth
add demo account lua runner
6f7eeeb
@gabrielburnworth
add more demo account bot controls
e79a158
@gabrielburnworth
add estop and helpers to lua runner
3d50b2f
@gabrielburnworth
add more to and refactor lua runner
0f0539f
@gabrielburnworth
upgrade deps
2870de2
@gabrielburnworth
improve 3D and demo account tool handling
e6d5ea7
@gabrielburnworth
add move and execute to lua runner
e9ab867
@gabrielburnworth
support queueing and track call depth in lua runner
dc6e730
@gabrielburnworth
add point group loops and safe z to demo accounts
07dceb8
@gabrielburnworth
add warnings, flowrate, bugfixes, and points to demo accounts
3163ffb
@gabrielburnworth
support demo sequence scope declarations
87ee6cc
@gabrielburnworth
improve watering animation
64c91c9
@gabrielburnworth
add axis_order
3ff065c
@gabrielburnworth
add seeder_tip_z_offset
ebad9c6
@gabrielburnworth
fix lua runner move helper
f889139
@gabrielburnworth
change move axis_order to grouping and route
3a8e1d6
@gabrielburnworth
fix watering animation
ada920d
@gabrielburnworth
add dev settings and fix inactive color
4f48caa
@gabrielburnworth
move calculate move code
06c716b
@gabrielburnworth
add demo account logging
175db8f
@gabrielburnworth
upgrade deps (ruby)
71b624b
@gabrielburnworth
add default axis order setting
1d6f702
@gabrielburnworth
eslint-ignore problem file
f2f8d90
gabrielburnworth and others added 25 commits August 12, 2025 16:05
@gabrielburnworth
use correct tooltip
92bfa11
@gabrielburnworth
add 3D sequence visualization and fix demo trough movements
9fab685
@gabrielburnworth
handle JSON errors
001ad26
@roryaronson
sequence editor styling improvements
20723fd
@roryaronson
improve nav popup tabs
394786c
@roryaronson
better icon button active states
8830e81
@gabrielburnworth
update seeded sequences and demo account lua runner
4eef26f
@gabrielburnworth
add filtering to get_point lua runner functions
3fc462e
@gabrielburnworth
add new slot setup steps
bca2f6d
@gabrielburnworth
shorten water job name
cc15858
@gabrielburnworth
upgrade deps
e922aed
@gabrielburnworth
add max_auto_reruns to ci config
bd64d8e
@gabrielburnworth
handle ai error messages
739b70b
@gabrielburnworth
increase spinach demo water amount
cbc9f96
@gabrielburnworth
show v1.8 seed option during setup
f0b7e8b
@roryaronson
better align wizard slot components
aa96c7c
@gabrielburnworth
add is_demo lua helper
61f78b4
@gabrielburnworth
adjust job css and nav order
692b29d
@gabrielburnworth
add toolslot tool dropdowns to setup wizard
e73ff80
@gabrielburnworth
remove v1.8 feature wall
2bf6d46
@gabrielburnworth
upgrade deps
1640488
@gabrielburnworth
allow viewing of os download table on mobile
a62b828
@roryaronson
setup wizard slot assignment alignment
50ac600
@roryaronson
beacon highlight improvement
909e1c2
@gabrielburnworth
fix motor load indicator position
c53ef0e
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 3, 2025
View reviewed changes
app/controllers/dashboard_controller.rb
@@ -1,5 +1,6 @@
class DashboardController < ApplicationController
before_action :set_global_config
skip_before_action :verify_authenticity_token, only: [:csp_reports]

Check failure

Code scanning / CodeQL

CSRF protection weakened or disabled High

Potential CSRF vulnerability due to forgery protection being disabled or weakened.

Copilot Autofix

AI 4 months ago

To fix the potential CSRF vulnerability, we should remove the line that disables CSRF protection (skip_before_action :verify_authenticity_token, only: [:csp_reports]) from the DashboardController. This will restore the default CSRF protection provided by Rails and ensure that all actions, including csp_reports, require valid CSRF tokens. If there is a valid need to allow CSRF-exempt endpoints, a more secure approach should be taken (such as limiting the action format to JSON, authenticating requests, or whitelisting trusted sources; but that is outside the scope since we only have the provided snippet). Remove line 3 from app/controllers/dashboard_controller.rb.

Suggested changeset 1
app/controllers/dashboard_controller.rb

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,6 +1,5 @@
 class DashboardController < ApplicationController
   before_action :set_global_config
-  skip_before_action :verify_authenticity_token, only: [:csp_reports]
   layout "dashboard"
 
   # === THESE CONSTANTS ARE CONFIGURABLE: ===
EOF
@@ -1,6 +1,5 @@
class DashboardController < ApplicationController
before_action :set_global_config
skip_before_action :verify_authenticity_token, only: [:csp_reports]
layout "dashboard"

# === THESE CONSTANTS ARE CONFIGURABLE: ===
Copilot is powered by AI and may make mistakes. Always verify output.
@gabrielburnworth gabrielburnworth merged commit 8a77311 into main Sep 3, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gabrielburnworth @roryaronson