From 9b3006750a4f4d70cab009eea5a0668f711e2237 Mon Sep 17 00:00:00 2001
From: Pavel Nabutovsky <pavel.nabutovsky@quoininc.com>
Date: Thu, 5 Sep 2024 16:13:12 -0400
Subject: [PATCH 1/4] Upgrade ruby to 3.3.5, rexml to 3.3.6, and force alpine
 rebuild to take care of CVEs

---
 .ruby-version                      | 2 +-
 Gemfile                            | 2 +-
 Gemfile.lock                       | 4 ++--
 azure-pipelines.yml                | 2 +-
 bitbucket-pipelines.yml            | 2 +-
 doc/getting_started_development.md | 6 +++---
 docker/application/Dockerfile      | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.ruby-version b/.ruby-version
index 6d5369b963..f13c6f452c 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-ruby-3.3.4
+ruby-3.3.5
diff --git a/Gemfile b/Gemfile
index d992ef5f01..cd3263ff03 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,7 +3,7 @@
 # Copyright (c) 2014 - 2023 UNICEF. All rights reserved.
 
 source 'https://rubygems.org'
-ruby '3.3.4'
+ruby '3.3.5'
 
 gem 'activerecord-nulldb-adapter'      # Running Rake tasks at build time before DB is set up. TODO: Still needed?
 gem 'aws-sdk-s3',          '~> 1.130', # Access and manage Amazon S3 storage (with ActiveStorage).
diff --git a/Gemfile.lock b/Gemfile.lock
index 08e59b4a5c..1f03c47427 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -301,7 +301,7 @@ GEM
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.3.4)
+    rexml (3.3.6)
       strscan
     roo (2.10.0)
       nokogiri (~> 1)
@@ -494,7 +494,7 @@ DEPENDENCIES
   write_xlsx (~> 1.11)
 
 RUBY VERSION
-   ruby 3.3.4p94
+   ruby 3.3.5p100
 
 BUNDLED WITH
    2.4.18
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index f95fa5eab4..8a479b6365 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -41,7 +41,7 @@ jobs:
         displayName: 'Install dependencies'
       - bash: |
           . ~/.bash_env
-          rbenv global 3.3.4
+          rbenv global 3.3.5
           bundle install --without production --path=${BUNDLE_PATH:-vendor/bundle}
         displayName: 'Bundle install'
         env:
diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml
index fc318b2413..763f3ab682 100644
--- a/bitbucket-pipelines.yml
+++ b/bitbucket-pipelines.yml
@@ -4,7 +4,7 @@ definitions:
   steps:
     - step: &server-test
         name: Server tests
-        image: ruby:3.3.4-bookworm
+        image: ruby:3.3.5-bookworm
         script:
           - ./bin/install_local_test_solr.sh
           - ./bin/run_server_tests.sh
diff --git a/doc/getting_started_development.md b/doc/getting_started_development.md
index 8a6e5f768d..e1db7780f2 100644
--- a/doc/getting_started_development.md
+++ b/doc/getting_started_development.md
@@ -111,9 +111,9 @@ In the Primero top-level directory, there is a file `.ruby-version`, which conta
 
 ```bash
 cat .ruby-version
-# This will print something like: ruby-3.3.4
+# This will print something like: ruby-3.3.5
 # rbenv needs the version number, but not the ruby- prefix.
-rbenv install 3.3.4 # replace 3.3.4 with whatever version is in .ruby-version
+rbenv install 3.3.5 # replace 3.3.5 with whatever version is in .ruby-version
 ```
 
 It will take several minutes to build and install ruby, depending on the speed of your machine.
@@ -121,7 +121,7 @@ Once you have succeeded in installing ruby, it is worth checking that you are no
 
 ```bash
 ruby --version
-# This should print something like: ruby 3.3.4 (or whatever the current version in the .ruby-version is)
+# This should print something like: ruby 3.3.5 (or whatever the current version in the .ruby-version is)
 ```
 
 ## Installing node using `nvm`
diff --git a/docker/application/Dockerfile b/docker/application/Dockerfile
index b454382e71..86cee7a1a7 100644
--- a/docker/application/Dockerfile
+++ b/docker/application/Dockerfile
@@ -2,7 +2,7 @@
 
 # -------------------------------------------------------------------- BUILD STAGE
 ARG BUILD_REGISTRY
-ARG RUBY_VERSION=3.3.4
+ARG RUBY_VERSION=3.3.5
 FROM ${BUILD_REGISTRY}ruby:${RUBY_VERSION}-alpine3.20 AS build-env
 
 ENV BUILD_PACKAGES="bash curl wget curl-dev build-base git"

From f6c63f595e999b3b429b0020df74fb7d27fc37d6 Mon Sep 17 00:00:00 2001
From: Automated Account <aespinoz@quoininc.com>
Date: Fri, 6 Sep 2024 12:38:59 -0600
Subject: [PATCH 2/4] Bump nginx to v1.27.1 and alpine to v3.20

---
 docker/nginx/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index cfce72474a..10bf5fd6c9 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -3,9 +3,9 @@
 # ------------------------------------------------------------------ BUILD STAGE
 
 ARG BUILD_REGISTRY
-ARG version=1.27.0
+ARG version=1.27.1
 # TODO: Although the rest of Primero uses Alpine 3.20 base images, Nginx doesn't have one.
-ARG ALPINE_VERSION=3.19
+ARG ALPINE_VERSION=3.20
 
 FROM ${BUILD_REGISTRY}nginx:${version}-alpine${ALPINE_VERSION} AS builder
 ARG version
@@ -43,7 +43,7 @@ ENV GROUP_ID=${NGINX_GID}
 # If you are updating `version` or `ALPINE_VERSION`,
 # run: `docker scout cves primero/nginx:my-tag` to verify whether the versions of the security packages
 # listed in SECURITY_UPDATED_PACKAGES are still necessary.
-ENV SECURITY_UPDATED_PACKAGES="curl=8.9.0-r0"
+ENV SECURITY_UPDATED_PACKAGES="libexpat=2.6.3-r0 curl=8.9.1-r1"
 
 COPY [ "nginx/root/", "/" ]
 

From 947dbe72f03393f52cbe10eac209fa7b6d7fad38 Mon Sep 17 00:00:00 2001
From: Alberto Espinoza <aespinoz@quoininc.com>
Date: Wed, 11 Sep 2024 10:44:14 -0600
Subject: [PATCH 3/4] R2-2994 - Chinese users see wrong month translations

---
 config/locales/dates/cmn.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/locales/dates/cmn.yml b/config/locales/dates/cmn.yml
index 803681f49c..a8db858db3 100644
--- a/config/locales/dates/cmn.yml
+++ b/config/locales/dates/cmn.yml
@@ -19,6 +19,7 @@ cmn:
       - 星期五
       - 星期六
     abbr_month_names:
+      - ~
       - 一月
       - 二月
       - 三月
@@ -40,6 +41,7 @@ cmn:
       - 星期五
       - 星期六
     month_names:
+      - ~
       - 一月
       - 二月
       - 三月

From 6a62c0d252cb9f81ccd1e787a5db1a1f7bfff133 Mon Sep 17 00:00:00 2001
From: Joshua Toliver <jtoliver@quoininc.com>
Date: Tue, 17 Sep 2024 12:43:57 -0400
Subject: [PATCH 4/4] R2-3015: Fixing ghn insight breaking when applying this
 quarter filter

---
 app/models/managed_reports/sql_report_indicator.rb            | 3 ++-
 .../managed_reports/indicators/multiple_violations_spec.rb    | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/models/managed_reports/sql_report_indicator.rb b/app/models/managed_reports/sql_report_indicator.rb
index ae0602f082..78375ea43c 100644
--- a/app/models/managed_reports/sql_report_indicator.rb
+++ b/app/models/managed_reports/sql_report_indicator.rb
@@ -154,7 +154,8 @@ def group_id_alias(params_grouped_by)
     end
 
     def table_name_for_query(params)
-      return 'violations' if params['ctfmr_verified_date'].present?
+      return 'violations' if params['ctfmr_verified_date'].present? ||
+                             params&.[]('ghn_date_filter')&.field_name == 'ctfmr_verified_date'
 
       'incidents'
     end
diff --git a/spec/models/managed_reports/indicators/multiple_violations_spec.rb b/spec/models/managed_reports/indicators/multiple_violations_spec.rb
index 9c2f6dddbe..d11819c551 100644
--- a/spec/models/managed_reports/indicators/multiple_violations_spec.rb
+++ b/spec/models/managed_reports/indicators/multiple_violations_spec.rb
@@ -141,6 +141,10 @@
           field_name: 'ghn_date_filter',
           from: '2021-04-01',
           to: '2022-06-10'
+        ),
+        'type' => SearchFilters::Value.new(
+          field_name: 'type',
+          value: 'ghn_report'
         )
       }
     ).data