Bump activesupport, rails, coffee-rails, web-console and sass-rails

[dependabot]

Bumps activesupport, rails, coffee-rails, web-console and sass-rails. These dependencies needed to be updated together.
Updates activesupport from 4.2.10 to 7.0.4.2

Release notes

Sourced from activesupport's releases.

v7.0.4.2

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix domain: :all for two letter TLD

  This fixes a compatibility issue introduced in our previous security release when using domain: :all with a two letter but single level top level domain domain (like .ca, rather than .co.uk).

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.0.4.2 (January 24, 2023)

• No changes.

Rails 7.0.4.1 (January 17, 2023)

• Avoid regex backtracking in Inflector.underscore

  [CVE-2023-22796]

Rails 7.0.4 (September 09, 2022)

• Redis cache store is now compatible with redis-rb 5.0.

  Jean Boussier

• Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

  ActiveSupport::Deprecation.behavior= was supposed to accept any object that responds to call, but in fact its internal implementation assumed that this object could respond to arity, so it was restricted to only Proc objects.

  This change removes this arity restriction of custom behaviors.

  Ryo Nakamura

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• No changes.

Rails 7.0.2.4 (April 26, 2022)

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

  Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

... (truncated)

Commits

• 7c70791 Version 7.0.4.2
• 23e0345 Version 7.0.4.1
• 2164d4f Avoid regex backtracking in Inflector.underscore
• 8015c2c Version 7.0.4
• ff27758 Revert "Merge pull request #44695 from Edouard-chin/ec-tagger-logger-broadcast"
• 4a1f224 Merge pull request #45882 from rails/short-inspect-on-test-case
• a3bd3b5 Backport Redis 5.0 compatibility
• 67f37ac Fix flaky tests for RedisCacheStore
• c520e38 Document AS::Cache::MemCacheStore#write options [ci-skip]
• a74b650 Document AS::Cache::Store#initialize options [ci-skip]
• Additional commits viewable in compare view

Updates rails from 4.2.10 to 7.0.4.2

Release notes

Sourced from rails's releases.

v7.0.4.2

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix domain: :all for two letter TLD

  This fixes a compatibility issue introduced in our previous security release when using domain: :all with a two letter but single level top level domain domain (like .ca, rather than .co.uk).

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Commits

• 7c70791 Version 7.0.4.2
• 1d6de16 Merge pull request #47087 from jhawthorn/cookie_domain
• 23e0345 Version 7.0.4.1
• d7aba06 Make sanitize_as_sql_comment more strict
• 8d82687 Avoid regex backtracking on If-None-Match header
• 2164d4f Avoid regex backtracking in Inflector.underscore
• cd46b0e Use string#split instead of regex for domain parts
• e50e26d Fix sec issue with _url_host_allowed?
• 82bcdc0 Added integer width check to PostgreSQL::Quoting
• 8015c2c Version 7.0.4
• Additional commits viewable in compare view

Updates coffee-rails from 4.1.1 to 5.0.0

Changelog

Sourced from coffee-rails's changelog.

5.0.0 (Apr 23, 2019)

• Remove support to Rails < 5.2.
• Support Rails 6.

4.2.2 (May 24, 2017)

• Support digest resolution for coffee templates.

4.2.1 (June 30, 2016)

• Fix error in the gem package.

4.2.0 (June 30, 2016)

• Override js_template hook in the Rails generator to allow Rails to be CoffeeScript agnostic.

Commits

• 32a2939 Prepare to 5.0.0
• 6507f0a Set the javascripts generator option as true in the railtie
• 5f0e005 Point to rails repository
• 74214e8 Merge pull request #114 from larouxn/rails_6_support
• eff9c00 Revert folder structure changes, remove --javascripts flag
• e7ce694 Fix for exclusively Rails 6
• 69e6782 TESTING, use my fork of Rails
• fc8c48c Conditionally use Rails 6 folder stucture
• 5df5816 Merge pull request #111 from larouxn/stop_testing_below_ruby_2.2
• 9bead93 Merge pull request #112 from larouxn/update_travis_jruby_version
• Additional commits viewable in compare view

Updates web-console from 2.3.0 to 4.2.0

Release notes

Sourced from web-console's releases.

4.2.0

• #308 Fix web-console inline templates rendering (@​voxik)
• #306 Support Ruby 3.0 and above (@​ryanwood)

4.1.0

• #304 Add support for Rails 6.1 (@​stephannv)
• #298 Prevent deprecation warnings by removing template formats (@​mikelkew)
• #297 Use MutationObserver instead of Mutation Events (@​mikelkew)
• #296 Add CSP nonce to injected scripts and styles (@​mikelkew)

4.0.4

• fb483743 Fix a crash on webrick with Rack 2.2.3 (@​gsamokovarov)

4.0.3

• #291 Deprecate config.web_console.whitelisted_ips (@​JuanitoFatas)
• #290 Fix Content-Length for rack >= 2.1.0 (@​p8)

4.0.2

• #285 Increase timeout on paste (@​celvro)

4.0.1

• #279 Fix initial config.web_console.permissions value (@​patorash)

... (truncated)

Changelog

Sourced from web-console's changelog.

4.2.0

• #308 Fix web-console inline templates rendering ([@​voxik])
• #306 Support Ruby 3.0 and above ([@​ryanwood])

4.1.0

• #304 Add support for Rails 6.1 ([@​stephannv])
• #298 Prevent deprecation warnings by removing template formats ([@​mikelkew])
• #297 Use MutationObserver instead of Mutation Events ([@​mikelkew])
• #296 Add CSP nonce to injected scripts and styles ([@​mikelkew])

4.0.4

• fb483743 Fix a crash on webrick with Rack 2.2.3 ([@​gsamokovarov])

4.0.3

• #291 Deprecate config.web_console.whitelisted_ips ([@​JuanitoFatas])
• #290 Fix Content-Length for rack >= 2.1.0 ([@​p8])

4.0.2

• #285 Increase timeout on paste ([@​celvro])

4.0.1

• #279 Fix initial config.web_console.permissions value ([@​patorash])

4.0.0

• 61ce65b5 Move to config.web_console.permissions ([@​gsamokovarov])
• 96127ac1 Introduce Binding#console as an alternative interface ([@​gsamokovarov])
• d4591ca5 Introduce Rails 6 support ([@​gsamokovarov])
• f97d8a88 Introduce Ruby 2.6 support ([@​gsamokovarov])
• d6deacd9 Drop Rails 5 support ([@​gsamokovarov])
• 90fda878 Drop Ruby 2.4 support ([@​gsamokovarov])
• #265 Add support for nested exceptions ([@​yuki24])

3.7.0

• #263 Show binding changes ([@​causztic])
• #258 Support Ctrl-A, Ctrl-W and Ctrl-U ([@​gsamokovarov])
• #257 Always try to keep the console underneath the website content ([@​gsamokovarov])

3.6.2

• #255 Fix the truncated HTML body, because of wrong Content-Length header ([@​timomeh])

3.6.1

... (truncated)

Commits

• 997a20c Release 4.2.0
• 511f380 Prepare the changelog for 4.2.0
• 3c95d41 Drop hard to maintain railtie tests
• 6111280 Prepare Web Console for its next release
• 91eed5a Merge pull request #308 from ryanwood/fix-js-string
• 3931b25 fix js string error - closes #240
• 5345813 Merge pull request #306 from voxik/ruby-3-compat
• 006f739 Mock binding object must provide #source_location call.
• 1a2a9f8 Make binding.eval Ruby 3.0 compatible.
• 167c240 Separate the older documentation section
• Additional commits viewable in compare view

Updates sass-rails from 5.0.7 to 6.0.0

Release notes

Sourced from sass-rails's releases.

6.0.0

Breaking change

• Move the implementation to sassc-rails.

  This gem is now only just a wrapper around sassc-rails. For more information on how sassc differs from Ruby sass see https://github.com/sass/sassc-rails#libsass-compatibility-with-ruby-sass.

Commits

• a77240c Prepare to 6.0.0
• 8dbe4dc Bump version to 6.0.0.beta3
• 830a8ec Bump minimum version of sassc-rails
• ff54c20 Fix open-ended dependency
• ebe9ef7 Bump version to v6.0.0.beta2
• 409d871 Merge pull request #424 from rails/sassc-rails
• d809900 Recomend to use SassC::Rails::Importer to users requiring sass/rails/importer
• 706526d Make sass-rails an wrapper for sassc-rails to allow a smooth upgrade path
• ac38f1e Merge pull request #423 from gregmolnar/master
• d61b999 remove gemnasium badge from readme
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.