Bump sinatra, rails, devise, simple_form, rspec-rails, web-console and sass-rails

[dependabot]

Bumps sinatra, rails, devise, simple_form, rspec-rails, web-console and sass-rails. These dependencies needed to be updated together.
Updates sinatra from 1.4.8 to 3.0.4

Changelog

Sourced from sinatra's changelog.

3.0.4 / 2022-11-25

• Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai

3.0.3 / 2022-11-11

• Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by @​ooooooo-q

3.0.2 / 2022-10-01

• New: Add Haml 6 support. #1820 by Jordan Owens

3.0.1 / 2022-09-26

• Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson

• Fix: Revert change to server start and stop messaging by using Kernel#warn. Renamed internal warn method warn_for_deprecation. #1818 by Jordan Owens

3.0.0 / 2022-09-26

• New: Add Falcon support. #1794 by Samuel Williams and @​horaciob

• New: Add AES GCM encryption support for session cookies. #1324 (sinatra/sinatra#1324) by Michael Coyne

• Deprecated: Sinatra Reloader will be removed in the next major release.

• Fix: Internal Sinatra errors now extend Sinatra::Error. This fixes #1204 and #1518. bda8c29d by Jordan Owens

• Fix: Preserve query param value if named route param nil. #1676 by Jordan Owens

• Require Ruby 2.6 as minimum Ruby version. #1699 by Eloy Pérez

• Breaking change: Remove support for the Stylus template engine. #1697 by Eloy Pérez

• Breaking change: Remove support for the erubis template engine. #1761 by Eloy Pérez

• Breaking change: Remove support for the textile template engine. #1766 by Eloy Pérez

• Breaking change: Remove support for SASS as a template engine. #1768 by Eloy Pérez

• Breaking change: Remove support for Wlang as a template engine. #1780 by Eloy Pérez

• Breaking change: Remove support for CoffeeScript as a template engine. #1790 by Eloy Pérez

• Breaking change: Remove support for Mediawiki as a template engine. #1791 by Eloy Pérez

• Breaking change: Remove support for Creole as a template engine. #1792 by Eloy Pérez

• Breaking change: Remove support for Radius as a template engine. #1793 by Eloy Pérez

... (truncated)

Commits

• eca7b54 3.0.4 release
• bbc1d47 Merge pull request #1841 from sinatra/filename-escaping
• ea8fc94 escape filename in the Content-Disposition header
• c90f203 Merge pull request #1839 from andrykonchin/ak/skip-falcon-in-specs
• 42e3eed Don't run integration specs on falcon against TruffleRuby
• cafaab9 3.0.3 release
• 44ff149 Merge pull request #1835 from dentarg/puma-edge-job
• e328d08 CI: fix typo in job name variable
• 88844e4 CI: shorter job name
• 9b5fcd0 CI: include Puma in job name
• Additional commits viewable in compare view

Updates rails from 4.2.11.3 to 7.0.4

Release notes

Sourced from rails's releases.

v7.0.4

Active Support

• Redis cache store is now compatible with redis-rb 5.0.

  Jean Boussier

• Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

  ActiveSupport::Deprecation.behavior= was supposed to accept any object that responds to call, but in fact its internal implementation assumed that this object could respond to arity, so it was restricted to only Proc objects.

  This change removes this arity restriction of custom behaviors.

  Ryo Nakamura

Active Model

• Handle name clashes in attribute methods code generation cache.

  When two distinct attribute methods would generate similar names, the first implementation would be incorrectly re-used.

  class A
    attribute_method_suffix "_changed?"
    define_attribute_methods :x
  end
  class B
  attribute_method_suffix "?"
  define_attribute_methods :x_changed
  end

  Jean Boussier

Active Record

• Symbol is allowed by default for YAML columns

  Étienne Barrié

• Fix ActiveRecord::Store to serialize as a regular Hash

... (truncated)

Commits

• 8015c2c Version 7.0.4
• f3c345e Merge pull request #45964 from jhawthorn/server_timing_safety
• ff27758 Revert "Merge pull request #44695 from Edouard-chin/ec-tagger-logger-broadcast"
• 4d25c64 Merge pull request #45221 from jhawthorn/ac_params_eql_fix
• 8525e57 Merge pull request #45102 from feliperaul/fix_activestorage_proxy_downloads_f...
• b45f5f2 Merge pull request #45907 from eitoball/fix-typo-in-guide-configureing
• fae93e0 Merge pull request #45928 from Shopify/rails-error-doc
• 670ad8d Merge pull request #45891 from Cofense/active-record-validations-guide-intern...
• 1a81cf1 Merge pull request #45900 from yahonda/lock_que_version
• 76df62d Merge pull request #45903 from skipkayhil/backport-45851
• Additional commits viewable in compare view

Updates devise from 4.7.1 to 4.8.1

Changelog

Sourced from devise's changelog.

4.8.1 - 2021-12-16

• enhancements
  • Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.

4.8.0 - 2021-04-29

• enhancements

  • Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.
    • Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to method: :post, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use method: :post, or changed to use buttons (e.g. button_to) to work with OmniAuth 2. (if you're using links with method: :post, make sure your app has rails-ujs or jquery-ujs included in order for these links to work properly.)
    • As part of the OmniAuth 2.0 upgrade you might also need to add the omniauth-rails_csrf_protection gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
  • Introduce Lockable#reset_failed_attempts! model method to reset failed attempts counter to 0 after the user signs in.
    • This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with Trackable#update_tracked_fields!.
  • Add support for Ruby 3.
  • Add support for Rails 6.1.
  • Move CI to GitHub Actions.

• deprecations

  • Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated in favor of Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION (@​hanachin)

4.7.3 - 2020-09-20

• bug fixes
  • Do not modify :except option given to #serializable_hash. (by @​dpep)
  • Fix thor deprecation when running the devise generator. (by @​deivid-rodriguez)
  • Fix hanging tests for streaming controllers using Devise. (by @​afn)

4.7.2 - 2020-06-10

• enhancements

  • Increase default stretches to 12 (by @​sergey-alekseev)
  • Ruby 2.7 support (kwarg warnings removed)

• bug fixes

  • Generate scoped views with proper scoped errors partial (by @​shobhitic)
  • Allow to set scoped already_authenticated error messages (by @​gurgelrenan)

Commits

• 43800b4 Bump to 4.8.1 with Rails 7 support
• baf5e00 Merge pull request #5435 from dixpac/dix/rails_7
• 289dd5f Add support for Rails 7
• 9f5b837 Bundle update to Rails 7.0 rc1
• 8593801 Keep the constantize behavior consistent for versions prior to Rails 7
• bb879f7 Merge branch 'ca-rails-main'
• 772b74a Update Changelog adding Rails 7 support
• 51bf327 Refactor using helper to swap config
• 14eb136 Eliminate Rails 7 warning about Active Record legacy connection handling
• f3e8fd3 Move the Gemfile to test with Rails 7.0 alpha2, fix session test issue
• Additional commits viewable in compare view

Updates simple_form from 3.1.0 to 5.1.0

Changelog

Sourced from simple_form's changelog.

5.1.0

• Remove I18nCache module entirely. It was added complexity for very little gain in some translations, and caused extra trouble upgrading to Ruby 3. If you need that level of caching consider looking into I18n caching as a whole.
• Add support for Ruby 3.0, drop support for Ruby < 2.5.
• Add support for Rails 6.1, drop support for Rails < 5.2.
• Move CI to GitHub Actions.

5.0.3

Bug fix

• Fix for ActiveStorage::Attached::Many. @​enriquez

5.0.2

Enhancements

• Remove instruction to use form-inline class. @​goalaleo
• Added RichTextAreaInput for ActionText. itsterry
• Skip valid_class check if no class defined. TALlama

Bug fix

• Fix 'aria-required' field generated by prompt. @​CarlosAlbertoSantos

5.0.1

Bug fix

• Replace _url with remote_url when trying to guess file inputs @​tegon. This has the side-effect of changing carrierwave's support from 0.2.1 to 0.2.2.

5.0.0

Enhancements

• Set multiple attribute for grouped selects also. @​ollym
• Removes or renames label classes. Abduvakilov
• Support to label custom classes for inline collections. @​feliperenan
• Update bootstrap generator template to match v4.3.x. @​m5o
• Allow "required" attribute in generated select elements of PriorityInput. @​mcountis

Bug fix

• Do not call #send in form object to check whether the attribute is a file input. @​tegon

Deprecations

• The config SimpleForm.file_methods is deprecated and it has no effect. Simple Form now supports automatically discover of file inputs for the following Gems: activestorage, carrierwave, paperclip, refile and shrine. If you are using a custom method that is not from one of the supported Gems, please change your forms to pass the input type explicitly:

 <%= form.input :avatar, as: :file %>

See http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676 for more information.

4.1.0

... (truncated)

Commits

• 74f2c72 Release v5.1.0
• cbcfe2e Add note about Ruby/Rails support versions in the Readme
• 0595088 Add support for Ruby 3, drop support for Ruby < 2.5, remove I18nCache
• 19e7394 Update to Rails 6.1, drop support to Rails < 5.2
• e0df150 Rename gemfiles
• f0b4123 Move from travis to GitHub Actions
• 4f829d6 Merge pull request #1719 from jonesdeini/master
• 4312bba Remove unused methods
• 689f5e6 Drop support to Ruby < 2.4, update travis to run on latest versions
• 0186ada Enable email notifications for now, remove slack config
• Additional commits viewable in compare view

Updates rspec-rails from 3.7.2 to 6.0.1

Release notes

Sourced from rspec-rails's releases.

4.0.2 / 2020-12-26

Full Changelog

Bug Fixes:

• Indent all extra failure lines output from system specs. (Alex Robbin, #2321)
• Generated request spec for update now uses the correct let. (Paul Hanyzewski, #2344)
• Return true/false from predicate methods in config rather than raw values. (Phil Pirozhkov, Jon Rowe, #2353, #2354)
• Remove old #fixture_path feature detection code which broke under newer Rails. (Koen Punt, Jon Rowe, #2370)

Changelog

Sourced from rspec-rails's changelog.

6.0.1 / 2022-10-18

Full Changelog

Bug Fixes:

• Prevent tagged logged support in Rails 7 calling #name. (Jon Rowe, #2625)

6.0.0 / 2022-10-10

Full Changelog

Enhancements:

• Support Rails 7
• Template tweaks to remove instance variables from generated specs. (Takuma Ishikawa, #2599)
• Generators now respects default path configuration option. (@​vivekmiyani, #2508)

Breaking Changes:

• Drop support for Rails below 6.1
• Drop support for Ruby below 2.5 (following supported versions of Rails 6.1)
• Change the order of after_teardown from after to around in system specs to improve compatibility with extensions and Capybara. (Tim Diggins, #2596)

Deprecations:

• Deprecates integration spec generator (rspec:integration) which was an alias of request spec generator (rspec:request) (Luka Lüdicke, #2374)

5.1.2 / 2022-04-24

Full Changelog

Bug Fixes:

• Fix controller scaffold templates parameter name. (Taketo Takashima, #2591)
• Include generator specs in the inferred list of specs. (Jason Karns, #2597)

5.1.1 / 2022-03-07

Full Changelog

Bug Fixes:

• Properly handle global id serialised arguments in have_enqueued_mail. (Jon Rowe, #2578)

5.1.0 / 2022-01-26

Full Changelog

Enhancements:

... (truncated)

Commits

• ce70c2f v6.0.1
• 8f867f4 Changelog for 6.0.1
• ac38623 Changelog for #2625
• bc5a3c0 Merge pull request #2625 from rspec/replacement-tagged-logger-support
• 73c0989 Merge pull request #2626 from rspec/fix-build
• 0646044 v6.0.0
• 7cd6f93 s/upload_backups_spec.rb/upload_backups_job_spec.rb/g
• 8016684 Merge pull request #2587 from rspec/shanecav84/include-tagged-logging
• 0b4d164 Fixed typo
• 396c68f This updates Rubocop and uses the .rubocop_rspec_base.yml for consistency
• Additional commits viewable in compare view

Updates web-console from 2.1.3 to 4.2.0

Release notes

Sourced from web-console's releases.

4.2.0

• #308 Fix web-console inline templates rendering (@​voxik)
• #306 Support Ruby 3.0 and above (@​ryanwood)

4.1.0

• #304 Add support for Rails 6.1 (@​stephannv)
• #298 Prevent deprecation warnings by removing template formats (@​mikelkew)
• #297 Use MutationObserver instead of Mutation Events (@​mikelkew)
• #296 Add CSP nonce to injected scripts and styles (@​mikelkew)

4.0.4

• fb483743 Fix a crash on webrick with Rack 2.2.3 (@​gsamokovarov)

4.0.3

• #291 Deprecate config.web_console.whitelisted_ips (@​JuanitoFatas)
• #290 Fix Content-Length for rack >= 2.1.0 (@​p8)

4.0.2

• #285 Increase timeout on paste (@​celvro)

4.0.1

• #279 Fix initial config.web_console.permissions value (@​patorash)

... (truncated)

Changelog

Sourced from web-console's changelog.

4.2.0

• #308 Fix web-console inline templates rendering ([@​voxik])
• #306 Support Ruby 3.0 and above ([@​ryanwood])

4.1.0

• #304 Add support for Rails 6.1 ([@​stephannv])
• #298 Prevent deprecation warnings by removing template formats ([@​mikelkew])
• #297 Use MutationObserver instead of Mutation Events ([@​mikelkew])
• #296 Add CSP nonce to injected scripts and styles ([@​mikelkew])

4.0.4

• fb483743 Fix a crash on webrick with Rack 2.2.3 ([@​gsamokovarov])

4.0.3

• #291 Deprecate config.web_console.whitelisted_ips ([@​JuanitoFatas])
• #290 Fix Content-Length for rack >= 2.1.0 ([@​p8])

4.0.2

• #285 Increase timeout on paste ([@​celvro])

4.0.1

• #279 Fix initial config.web_console.permissions value ([@​patorash])

4.0.0

• 61ce65b5 Move to config.web_console.permissions ([@​gsamokovarov])
• 96127ac1 Introduce Binding#console as an alternative interface ([@​gsamokovarov])
• d4591ca5 Introduce Rails 6 support ([@​gsamokovarov])
• f97d8a88 Introduce Ruby 2.6 support ([@​gsamokovarov])
• d6deacd9 Drop Rails 5 support ([@​gsamokovarov])
• 90fda878 Drop Ruby 2.4 support ([@​gsamokovarov])
• #265 Add support for nested exceptions ([@​yuki24])

3.7.0

• #263 Show binding changes ([@​causztic])
• #258 Support Ctrl-A, Ctrl-W and Ctrl-U ([@​gsamokovarov])
• #257 Always try to keep the console underneath the website content ([@​gsamokovarov])

3.6.2

• #255 Fix the truncated HTML body, because of wrong Content-Length header ([@​timomeh])

3.6.1

... (truncated)

Commits

• 997a20c Release 4.2.0
• 511f380 Prepare the changelog for 4.2.0
• 3c95d41 Drop hard to maintain railtie tests
• 6111280 Prepare Web Console for its next release
• 91eed5a Merge pull request #308 from ryanwood/fix-js-string
• 3931b25 fix js string error - closes #240
• 5345813 Merge pull request #306 from voxik/ruby-3-compat
• 006f739 Mock binding object must provide #source_location call.
• 1a2a9f8 Make binding.eval Ruby 3.0 compatible.
• 167c240 Separate the older documentation section
• Additional commits viewable in compare view

Updates sass-rails from 4.0.5 to 6.0.0

Release notes

Sourced from sass-rails's releases.

6.0.0

Breaking change

• Move the implementation to sassc-rails.

  This gem is now only just a wrapper around sassc-rails. For more information on how sassc differs from Ruby sass see https://github.com/sass/sassc-rails#libsass-compatibility-with-ruby-sass.

v5.0.7

• Remove ruby warnings

v5.0.6

• Fixes deprecation warnings on Sprockets 3 (#382)

  Richard Schneeman

5.0.5

• Support Rails 5

5.0.4

• Allow Tilt 2 usage
• Allow no compression for all environments

5.0.3

• Fixed file permissions

5.0.2

• Configure assets environment inside a configure block. This fixes an issue with sprockets-rails' master branch.

5.0.1

• Fixed @import glob related caching bug

5.0.0

• Register scss and sass extensions for rake notes
• Make possible to use sprocktes > 2.8 and < 4
• Make possible to use sass ~> 3.1
• Deprecate .css.scss and .css.sass extensions
• Limit =require to .css only files and @import to .scss files. Avoid mixing the two.

Commits

• a77240c Prepare to 6.0.0
• 8dbe4dc Bump version to 6.0.0.beta3
• 830a8ec Bump minimum version of sassc-rails
• ff54c20 Fix open-ended dependency
• ebe9ef7 Bump version to v6.0.0.beta2
• 409d871 Merge pull request #424 from rails/sassc-rails
• d809900 Recomend to use SassC::Rails::Importer to users requiring sass/rails/importer
• 706526d Make sass-rails an wrapper for sassc-rails to allow a smooth upgrade path
• ac38f1e Merge pull request #423 from gregmolnar/master
• d61b999 remove gemnasium badge from readme
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.