Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump railties, actionpack, actionview and activemodel #4136

Closed
wants to merge 1 commit into from
Closed

build(deps): bump railties, actionpack, actionview and activemodel #4136

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 12, 2024

Bumps railties, actionpack, actionview and activemodel. These dependencies needed to be updated together.
Updates railties from 7.2.2.1 to 8.0.0.1

Release notes

Sourced from railties's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Changelog

Sourced from railties's changelog.

Rails 8.0.0.1 (December 10, 2024)

  • No changes.

Rails 8.0.0 (November 07, 2024)

  • No changes.

Rails 8.0.0.rc2 (October 30, 2024)

  • Fix incorrect database.yml with skip_solid.

    Joé Dupuis

  • Set Regexp.timeout to 1s by default to improve security over Regexp Denial-of-Service attacks.

    Rafael Mendonça França

Rails 8.0.0.rc1 (October 19, 2024)

  • Remove deprecated support to extend Rails console through Rails::ConsoleMethods.

    Rafael Mendonça França

  • Remove deprecated file rails/console/helpers.

    Rafael Mendonça França

  • Remove deprecated file rails/console/app.

    Rafael Mendonça França

  • Remove deprecated config.read_encrypted_secrets.

    Rafael Mendonça França

  • Add Kamal support for devcontainers

    Previously generated devcontainer could not use docker and therefore Kamal.

    Joé Dupuis

Rails 8.0.0.beta1 (September 26, 2024)

  • Exit rails g with code 1 if generator could not be found.

... (truncated)

Commits
  • a993c27 Preparing for 8.0.0.1 release
  • dd8f718 Preparing for 8.0.0 release
  • f88e6ae Merge pull request #53550 from tysongach/devcontainer-links
  • 4f042a8 Merge pull request #53520 from Earlopain/fix-backtrace-env-gem-paths
  • 473f2b2 Merge pull request #53515 from k-tsuchiya-jp/fix-53467
  • a122c47 Merge pull request #53522 from nashby/routes-reload
  • 4e45524 Merge pull request #53531 from y-yagi/donot_generate_steps_for_system_tests
  • 1367b6a Merge pull request #53508 from nisusam/fix_typos
  • 20d0c8c Merge pull request #53128 from jeromedalbert/fix-solid-help
  • 6283314 Preparing for 8.0.0.rc2 release
  • Additional commits viewable in compare view

Updates actionpack from 7.2.2.1 to 8.0.0.1

Release notes

Sourced from actionpack's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.0.0.1 (December 10, 2024)

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Rails 8.0.0 (November 07, 2024)

  • No changes.

Rails 8.0.0.rc2 (October 30, 2024)

  • Fix routes with :: in the path.

    Rafael Mendonça França

  • Maintain Rack 2 parameter parsing behaviour.

    Matthew Draper

Rails 8.0.0.rc1 (October 19, 2024)

  • Remove Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality.

    Rafael Mendonça França

  • Improve ActionController::TestCase to expose a binary encoded request.body.

    The rack spec clearly states:

    The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.

    Until now its encoding was generally UTF-8, which doesn't accurately reflect production behavior.

    Jean Boussier

  • Update ActionController::AllowBrowser to support passing method names to :block

    class ApplicationController < ActionController::Base
  allow_browser versions: :modern, block: :handle_outdated_browser

... (truncated)

Commits

Updates actionview from 7.2.2.1 to 8.0.0.1

Release notes

Sourced from actionview's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.0.0.1 (December 10, 2024)

  • No changes.

Rails 8.0.0 (November 07, 2024)

  • No changes.

Rails 8.0.0.rc2 (October 30, 2024)

  • No changes.

Rails 8.0.0.rc1 (October 19, 2024)

  • Remove deprecated support to passing a content to void tag elements on the tag builder.

    Rafael Mendonça França

  • Remove deprecated support to passing nil to the model: argument of form_with.

    Rafael Mendonça França

Rails 8.0.0.beta1 (September 26, 2024)

  • Enable DependencyTracker to evaluate renders with trailing interpolation.

    <%= render "maintenance_tasks/runs/info/#{run.status}" %>

    Previously, the DependencyTracker would ignore this render, but now it will mark all partials in the "maintenance_tasks/runs/info" folder as dependencies.

    Hartley McGuire

  • Rename text_area methods into textarea

    Old names are still available as aliases.

    Sean Doyle

  • Rename check_box* methods into checkbox*.

    Old names are still available as aliases.

... (truncated)

Commits
  • a993c27 Preparing for 8.0.0.1 release
  • dd8f718 Preparing for 8.0.0 release
  • 6c84b11 Fix typos [ci-skip]
  • 1367b6a Merge pull request #53508 from nisusam/fix_typos
  • 6283314 Preparing for 8.0.0.rc2 release
  • 571ebf7 Fix invalid syntax in TextHelper#highlight API docs example [ci skip]
  • 35b3c7f Preparing for 8.0.0.rc1 release
  • c7da421 Remove deprecated support to passing a content to void tag elements on the `t...
  • 0c150ba Remove deprecated support to passing nil to the model: argument of `form_...
  • 344a916 Support Prism for ActionView::Template.spot
  • Additional commits viewable in compare view

Updates activemodel from 7.2.2.1 to 8.0.0.1

Release notes

Sourced from activemodel's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 8.0.0.1 (December 10, 2024)

  • No changes.

Rails 8.0.0 (November 07, 2024)

  • No changes.

Rails 8.0.0.rc2 (October 30, 2024)

  • No changes.

Rails 8.0.0.rc1 (October 19, 2024)

  • Add :except_on option for validations. Grants the ability to skip validations in specified contexts.

    class User < ApplicationRecord
    #...
    validates :birthday, presence: { except_on: :admin }
    #...
end
user = User.new(attributes except birthday)
user.save(context: :admin)

    Drew Bragg

Rails 8.0.0.beta1 (September 26, 2024)

  • Make ActiveModel::Serialization#read_attribute_for_serialization public

    Sean Doyle

  • Add a default token generator for password reset tokens when using has_secure_password.

    class User < ApplicationRecord
  has_secure_password
end
user = User.create!(name: "david", password: "123", password_confirmation: "123")
token = user.password_reset_token
User.find_by_password_reset_token(token) # returns user
16 minutes later...

... (truncated)

Commits
  • a993c27 Preparing for 8.0.0.1 release
  • dd8f718 Preparing for 8.0.0 release
  • 8f83ab6 Merge pull request #53536 from kyanagi/use_each_pair_in_active_model_attribut...
  • 61fcc50 Merge pull request #53530 from zzak/nodoc-generate_alias_attribute_methods
  • 1367b6a Merge pull request #53508 from nisusam/fix_typos
  • 6283314 Preparing for 8.0.0.rc2 release
  • 35b3c7f Preparing for 8.0.0.rc1 release
  • e875b2d Fix time zone-aware custom attributes not to hit the circuit breaker for infi...
  • 399af7f Revert "ActiveModel::Attribute: elide dup for immutable types"
  • 4e003d6 Pull attribute initialization in to a function
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump railties, actionpack, actionview and activemodel
0d47518 
Bumps [railties](https://github.com/rails/rails), [actionpack](https://github.com/rails/rails), [actionview](https://github.com/rails/rails) and [activemodel](https://github.com/rails/rails). These dependencies needed to be updated together.

Updates `railties` from 7.2.2.1 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.0.1/railties/CHANGELOG.md)
- [Commits](rails/rails@v7.2.2.1...v8.0.0.1)

Updates `actionpack` from 7.2.2.1 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.0.1/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v7.2.2.1...v8.0.0.1)

Updates `actionview` from 7.2.2.1 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.0.1/actionview/CHANGELOG.md)
- [Commits](rails/rails@v7.2.2.1...v8.0.0.1)

Updates `activemodel` from 7.2.2.1 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.0.1/activemodel/CHANGELOG.md)
- [Commits](rails/rails@v7.2.2.1...v8.0.0.1)

---
updated-dependencies:
- dependency-name: railties
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: actionpack
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: actionview
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: activemodel
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Dec 12, 2024
@dependabot dependabot bot mentioned this pull request Dec 12, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 16, 2024

Superseded by #4141.

@dependabot dependabot bot closed this Dec 16, 2024
@dependabot dependabot bot deleted the dependabot/bundler/multi-f5383d62f2 branch December 16, 2024 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants