Fix Totp tests (#3527)

* Fix Totp tests

* Replace yarn audit with configurable one

Most of the errors we see coming from yarn audit are for dev dependencies
which have no impact in production. See:

rails/webpacker#2969 (comment)
and
rails/webpacker#3017 (comment)

We need to be able to suppress warnings which do not apply.

* Audit lower but allowlist more

* Gem updates

* Sorbet updates for CI to pass

* Standard rb fix

* Update arm check

.audit-ci.json

@@ -0,0 +1,4 @@
+{
+  "low": true,
+  "allowlist": ["1006846", "1005154", "1006865", "1006854", "1006852", "1004955", "1004946", "1005560", "1004967", "1006724"]
+}

.github/workflows/build.yml

@@ -73,7 +73,7 @@ jobs:
       - name: Brakeman
         run: bundle exec brakeman
       - name: Yarn audit
-        run: yarn audit && yarn --cwd public/creators-landing audit
+        run: npx audit-ci --config .audit-ci.json && (cd public/creators-landing && npx audit-ci --config ../../.audit-ci.json)
       - name: Bundler Audit
         run: bundle exec bundle-audit check --update
       - name: Sorbet Linter

Gemfile

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
-def x86_64?
-  `uname -p`.strip == "x86_64"
+def not_arm?
+  arch = `uname -m`.strip
+  !(arch.include?("arm") || arch.include?("aarch64"))
 end
 
 gem "ssrf_filter"
@@ -142,8 +143,8 @@ gem "sidekiq-scheduler", "~> 3.0.1"
 # slim for view templates
 gem "slim-rails", "~> 3.1"
 
-gem "sorbet", "0.5.9318", group: :development if x86_64?
-gem "sorbet-runtime", "0.5.9318"
+gem "sorbet", "0.5.9538", group: :development if not_arm?
+gem "sorbet-runtime", "0.5.9538"
 
 gem "stripe", "~> 5.1", ">= 5.1.1"
 
@@ -155,7 +156,7 @@ gem "rotp", "~> 6.2.0"
 
 gem "webpacker", "~> 4.0.7"
 
-gem "sorbet-rails", "0.7.5"
+gem "sorbet-rails", "0.7.27"
 
 # pagination support for models
 gem "will_paginate"
@@ -190,7 +191,7 @@ group :development do
   # i18n-tasks helps you find and manage missing and unused translations.
   gem "i18n-tasks", "~> 0.9.12"
 
-  gem "tapioca", "0.5.4", require: false if x86_64?
+  gem "tapioca", "0.6.1", require: false if not_arm?
 end
 
 group :test do

Gemfile.lock

@@ -81,9 +81,9 @@ GEM
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    active_model_serializers (0.10.12)
-      actionpack (>= 4.1, < 6.2)
-      activemodel (>= 4.1, < 6.2)
+    active_model_serializers (0.10.13)
+      actionpack (>= 4.1, < 7.1)
+      activemodel (>= 4.1, < 7.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
     activejob (6.1.4.4)
@@ -130,8 +130,8 @@ GEM
     autoprefixer-rails (10.4.2.0)
       execjs (~> 2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.547.0)
-    aws-sdk-core (3.125.3)
+    aws-partitions (1.549.0)
+    aws-sdk-core (3.125.5)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
@@ -162,7 +162,7 @@ GEM
     brakeman (5.2.0)
     brotli (0.2.3)
     builder (3.2.4)
-    bullet (7.0.0)
+    bullet (7.0.1)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
     bundler-audit (0.9.0.1)
@@ -235,7 +235,7 @@ GEM
       raabro (~> 1.4)
     globalid (1.0.0)
       activesupport (>= 5.0)
-    google-protobuf (3.19.2-x86_64-linux)
+    google-protobuf (3.19.3-x86_64-darwin)
     hashdiff (1.0.1)
     hashie (4.1.0)
     highline (2.0.3)
@@ -266,7 +266,7 @@ GEM
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    listen (3.7.0)
+    listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     lograge (0.11.2)
@@ -301,7 +301,7 @@ GEM
     netrc (0.11.0)
     newrelic_rpm (6.15.0)
     nio4r (2.5.8)
-    nokogiri (1.12.5-x86_64-linux)
+    nokogiri (1.12.5-x86_64-darwin)
       racc (~> 1.4)
     oauth (0.5.8)
     oauth2 (1.4.7)
@@ -426,7 +426,7 @@ GEM
     redis (4.2.5)
     regexp_parser (2.2.0)
     render_async (2.1.11)
-    request_store (1.5.0)
+    request_store (1.5.1)
       rack (>= 1.4)
     responders (3.0.1)
       actionpack (>= 5.0)
@@ -442,9 +442,9 @@ GEM
     rotp (6.2.0)
     rqrcode (0.10.1)
       chunky_png (~> 1.0)
-    rubocop (1.24.1)
+    rubocop (1.25.0)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
@@ -453,7 +453,7 @@ GEM
       unicode-display_width (>= 1.4.0, < 3.0)
     rubocop-ast (1.15.1)
       parser (>= 3.0.1.1)
-    rubocop-performance (1.13.1)
+    rubocop-performance (1.13.2)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     rubocop-sorbet (0.6.5)
@@ -529,21 +529,21 @@ GEM
       thor (~> 1.0)
       tilt (~> 2.0)
       yard (~> 0.9, >= 0.9.24)
-    sorbet (0.5.9318)
-      sorbet-static (= 0.5.9318)
+    sorbet (0.5.9538)
+      sorbet-static (= 0.5.9538)
     sorbet-coerce (0.5.0)
       polyfill (~> 1.8)
       safe_type (~> 1.1, >= 1.1.1)
       sorbet-runtime (>= 0.4.4704)
-    sorbet-rails (0.7.5)
+    sorbet-rails (0.7.27)
       method_source (>= 0.9.2)
       parlour (>= 4.0.1)
       parser (>= 2.7)
       sorbet-coerce (>= 0.2.6)
       sorbet-runtime (>= 0.5)
-    sorbet-runtime (0.5.9318)
-    sorbet-static (0.5.9318-x86_64-linux)
-    spoom (1.1.7)
+    sorbet-runtime (0.5.9538)
+    sorbet-static (0.5.9538-universal-darwin-20)
+    spoom (1.1.8)
       sorbet (>= 0.5.9204)
       sorbet-runtime (>= 0.5.9204)
       thor (>= 0.19.2)
@@ -555,17 +555,17 @@ GEM
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     ssrf_filter (1.0.7)
-    standard (1.6.0)
-      rubocop (= 1.24.1)
-      rubocop-performance (= 1.13.1)
-    stripe (5.42.0)
-    tapioca (0.5.4)
+    standard (1.7.0)
+      rubocop (= 1.25.0)
+      rubocop-performance (= 1.13.2)
+    stripe (5.43.0)
+    tapioca (0.6.1)
       bundler (>= 1.17.3)
       pry (>= 0.12.2)
-      rbi
-      sorbet-runtime
-      sorbet-static (>= 0.5.6200)
-      spoom
+      rbi (~> 0.0.0, >= 0.0.9)
+      sorbet-runtime (>= 0.5.9204)
+      sorbet-static (>= 0.5.9204)
+      spoom (~> 1.1.0, >= 1.1.4)
       thor (>= 0.19.2)
       yard-sorbet
     temping (3.10.0)
@@ -586,9 +586,9 @@ GEM
     unf_ext (0.0.8)
     unicode-display_width (2.1.0)
     uniform_notifier (1.14.2)
-    unparser (0.6.2)
+    unparser (0.6.3)
       diff-lcs (~> 1.3)
-      parser (>= 3.0.0)
+      parser (>= 3.1.0)
     vcr (6.0.0)
     warden (1.2.9)
       rack (>= 2.0.9)
@@ -630,7 +630,7 @@ GEM
       multipart-post (~> 2.0)
 
 PLATFORMS
-  x86_64-linux
+  x86_64-darwin-20
 
 DEPENDENCIES
   active_model_serializers (~> 0.10.0)
@@ -710,13 +710,13 @@ DEPENDENCIES
   simplecov
   slim-rails (~> 3.1)
   solargraph
-  sorbet (= 0.5.9318)
-  sorbet-rails (= 0.7.5)
-  sorbet-runtime (= 0.5.9318)
+  sorbet (= 0.5.9538)
+  sorbet-rails (= 0.7.27)
+  sorbet-runtime (= 0.5.9538)
   ssrf_filter
   standard
   stripe (~> 5.1, >= 5.1.1)
-  tapioca (= 0.5.4)
+  tapioca (= 0.6.1)
   temping
   tzinfo-data
   u2f (~> 1.0)

app/controllers/api/v1/public/base_controller.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class Api::V1::Public::BaseController < ActionController::API
   # This BaseController does not IP whitelist, whereas API::BaseController does
   before_action :set_public_cache_control

app/controllers/api/v2/public/base_controller.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class Api::V2::Public::BaseController < ActionController::API
   # This BaseController does not IP whitelist, whereas API::BaseController does
   before_action :set_public_cache_control

app/controllers/api/v3/public/base_controller.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class Api::V3::Public::BaseController < ActionController::API
   # This BaseController does not IP whitelist, whereas API::BaseController does
   before_action :set_public_cache_control

app/controllers/channel_transfer_controller.rb

@@ -16,8 +16,9 @@ def reject_transfer
   def verify_token
     @current_channel = Channel.find(params[:id])
     if @current_channel.nil? || @current_channel.contest_token.blank? || !ActiveSupport::SecurityUtils.secure_compare(
-                                                                                       ::Digest::SHA256.hexdigest(@current_channel.contest_token),
-                                                                                       ::Digest::SHA256.hexdigest(params[:token_id]))
+      ::Digest::SHA256.hexdigest(@current_channel.contest_token),
+      ::Digest::SHA256.hexdigest(params[:token_id])
+    )
       respond_to do |format|
         format.json {
           head 404

app/helpers/admin/faq_helper.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Admin::FaqHelper
   def categories_select_options(faq_category_id)
     options_from_collection_for_select(FaqCategory.includes(:faqs).all, :id, :name, faq_category_id)

app/helpers/admin/organization_helper.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Admin::OrganizationHelper
   def boolean_to_image(value)
     if value

app/helpers/admin/publishers_helper.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Admin
   module PublishersHelper
     def publisher_status(publisher)

app/helpers/application_helper.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module ApplicationHelper
   def popover_menu(&block)
     render(layout: "popover", &block)

app/helpers/promos_helper.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module PromosHelper
   include ActionView::Helpers::DateHelper
 

app/jobs/cache_uphold_tips.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class CacheUpholdTips < ApplicationJob
   queue_as :scheduler
 

app/jobs/generate_referral_report_job.rb

@@ -12,7 +12,7 @@ def perform(publisher_id:, referral_codes:, start_date:, end_date:, interval:, b
     ).perform
 
     filename = "tmp/#{Time.now}_referral_report_#{start_date}-#{end_date}.csv"
-    File.open(filename, "w") { |f| f.write(report_csv) }
+    File.write(filename, report_csv)
 
     email = Publisher.find(publisher_id).email
 

app/jobs/sync/unattached_promo_registrations_stats_job.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # Fetches and saves the referral stats for unattached codes
 class Sync::UnattachedPromoRegistrationsStatsJob < ApplicationJob
   include PromosHelper

app/models/case_note.rb

@@ -8,7 +8,7 @@ class CaseNote < ApplicationRecord
   validates :created_by, presence: true
   validates :note, presence: true, allow_blank: false
   validates_with HtmlValidator, attributes: [:note]
-  
+
   has_many_attached :files
 
   validate :file_attachment_validation

app/models/faq_category.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: false
 class FaqCategory < ApplicationRecord
   has_many :faqs
 

app/models/github_channel_details.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class GithubChannelDetails < BaseChannelDetails
   has_paper_trail
 

app/models/organization.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class Organization < ApplicationRecord
   has_many :memberships
   has_many :members, through: :memberships

app/models/promo_campaign.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class PromoCampaign < ApplicationRecord
   has_many :promo_registrations
   validates :name, uniqueness: {case_sensitive: false}, presence: true

app/models/publisher.rb

@@ -58,7 +58,7 @@ class Publisher < ApplicationRecord
 
   belongs_to :created_by, class_name: "Publisher"
   has_many :created_users, class_name: "Publisher",
-                           foreign_key: "created_by_id"
+    foreign_key: "created_by_id"
 
   attribute :subscribed_to_marketing_emails, :boolean, default: false # (Albert Wang): We will use this as a flag for whether or not marketing emails are on for the user.
   validates :email, email: true, presence: true, unless: -> {

app/models/reddit_channel_details.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class RedditChannelDetails < BaseChannelDetails
   has_paper_trail
 

app/models/vimeo_channel_details.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 class VimeoChannelDetails < BaseChannelDetails
   has_paper_trail
 

app/services/payout/bitflyer_service.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Payout
   class BitflyerService < Service
     def self.build

app/services/payout/gemini_service.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Payout
   class GeminiService < Service
     def perform(payout_report:, publisher:)

app/services/payout/uphold_service.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 module Payout
   class UpholdService < Service
     def perform(payout_report:, publisher:)

app/services/promo/assign_promo_to_channel_service.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # Registers a promo registration for each verified channel for a publisher
 class Promo::AssignPromoToChannelService < BaseApiClient
   include PromosHelper