Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency @rails/ujs to v6.1.7 - autoclosed #77

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 11, 2022

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@rails/ujs (source) 6.1.4 -> 6.1.7 age adoption passing confidence

Release Notes

rails/rails (@​rails/ujs)

v6.1.7

Compare Source

Active Support
  • No changes.
Active Model
  • No changes.
Active Record
  • Symbol is allowed by default for YAML columns

    Étienne Barrié

  • Fix ActiveRecord::Store to serialize as a regular Hash

    Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess
    which is wasteful and cause problem with YAML safe_load.

    Jean Boussier

  • Fix PG.connect keyword arguments deprecation warning on ruby 2.7

    Fixes #​44307.

    Nikita Vasilevsky

Action View
  • No changes.
Action Pack
  • No changes.
Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0.

    fatkodima

Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties
  • No changes.

v6.1.6: 6.1.6

Compare Source

Active Support
  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters
    in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

Active Model
  • No changes.
Active Record
  • No changes.
Action View
  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Escape dangerous characters in names of tags and names of attributes in the
    tag helpers, following the XML specification. Rename the option
    :escape_attributes to :escape, to simplify by applying the option to the
    whole tag.

    Álvaro Martín Fraguas

Action Pack
  • Allow Content Security Policy DSL to generate for API responses.

    Tim Wade

Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • No changes.
Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties
  • No changes.

v6.1.5: 6.1.5

Compare Source

Active Support
  • Fix ActiveSupport::Duration.build to support negative values.

    The algorithm to collect the parts of the ActiveSupport::Duration
    ignored the sign of the value and accumulated incorrect part values. This
    impacted ActiveSupport::Duration#sum (which is dependent on parts) but
    not ActiveSupport::Duration#eql? (which is dependent on value).

    Caleb Buxton, Braden Staudacher

  • Time#change and methods that call it (eg. Time#advance) will now
    return a Time with the timezone argument provided, if the caller was
    initialized with a timezone argument.

    Fixes #​42467.

    Alex Ghiculescu

  • Clone to keep extended Logger methods for tagged logger.

    Orhan Toy

  • assert_changes works on including ActiveSupport::Assertions module.

    Pedro Medeiros

Active Model
  • Clear secure password cache if password is set to nil

    Before:

    user.password = 'something'
    user.password = nil

    user.password # => 'something'

    Now:

    user.password = 'something'
    user.password = nil

    user.password # => nil

    Markus Doits

  • Fix delegation in ActiveModel::Type::Registry#lookup and ActiveModel::Type.lookup

    Passing a last positional argument {} would be incorrectly considered as keyword argument.

    Benoit Daloze

  • Fix to_json after changes_applied for ActiveModel::Dirty object.

    Ryuta Kamizono

Active Record
  • Fix ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate for Ruby 2.6.

    Ruby 2.6 and 2.7 have slightly different implementations of the String#@​- method.
    In Ruby 2.6, the receiver of the String#@​- method is modified under certain circumstances.
    This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
    fixed in Ruby 2.7.

    Before the changes in this commit, the
    ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate method, which internally
    calls the String#@​- method, could also modify an input string argument in Ruby 2.6 --
    changing a tainted, unfrozen string into a tainted, frozen string.

    Fixes #​43056

    Eric O'Hanlon

  • Fix migration compatibility to create SQLite references/belongs_to column as integer when
    migration version is 6.0.

    reference/belongs_to in migrations with version 6.0 were creating columns as
    bigint instead of integer for the SQLite Adapter.

    Marcelo Lauxen

  • Fix dbconsole for 3-tier config.

    Eileen M. Uchitelle

  • Better handle SQL queries with invalid encoding.

    Post.create(name: "broken \xC8 UTF-8")

    Would cause all adapters to fail in a non controlled way in the code
    responsible to detect write queries.

    The query is now properly passed to the database connection, which might or might
    not be able to handle it, but will either succeed or failed in a more correct way.

    Jean Boussier

  • Ignore persisted in-memory records when merging target lists.

    Kevin Sjöberg

  • Fix regression bug that caused ignoring additional conditions for preloading
    has_many through relations.

    Fixes #​43132

    Alexander Pauly

  • Fix ActiveRecord::InternalMetadata to not be broken by
    config.active_record.record_timestamps = false

    Since the model always create the timestamp columns, it has to set them, otherwise it breaks
    various DB management tasks.

    Fixes #​42983

    Jean Boussier

  • Fix duplicate active record objects on inverse_of.

    Justin Carvalho

  • Fix duplicate objects stored in has many association after save.

    Fixes #​42549.

    Alex Ghiculescu

  • Fix performance regression in CollectionAssocation#build.

    Alex Ghiculescu

  • Fix retrieving default value for text column for MariaDB.

    fatkodima

Action View
  • preload_link_tag properly inserts as attributes for files with image MIME
    types, such as JPG or SVG.

    Nate Berkopec

  • Add autocomplete="off" to all generated hidden fields.

    Fixes #​42610.

    Ryan Baumann

  • Fix current_page? when URL has trailing slash.

    This fixes the current_page? helper when the given URL has a trailing slash,
    and is an absolute URL or also has query params.

    Fixes #​33956.

    Jonathan Hefner

Action Pack
  • Fix content_security_policy returning invalid directives.

    Directives such as self, unsafe-eval and few others were not
    single quoted when the directive was the result of calling a lambda
    returning an array.

    content_security_policy do |policy|
      policy.frame_ancestors lambda { [:self, "https://example.com"] }
    end

    With this fix the policy generated from above will now be valid.

    Edouard Chin

  • Update HostAuthorization middleware to render debug info only
    when config.consider_all_requests_local is set to true.

    Also, blocked host info is always logged with level error.

    Fixes #​42813.

    Nikita Vyrko

  • Dup arrays that get "converted".

    Fixes #​43681.

    Aaron Patterson

  • Don't show deprecation warning for equal paths.

    Anton Rieder

  • Fix crash in ActionController::Instrumentation with invalid HTTP formats.

    Fixes #​43094.

    Alex Ghiculescu

  • Add fallback host for SystemTestCase driven by RackTest.

    Fixes #​42780.

    Petrik de Heus

  • Add more detail about what hosts are allowed.

    Alex Ghiculescu

Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • The Action Cable client now ensures successful channel subscriptions:

    • The client maintains a set of pending subscriptions until either
      the server confirms the subscription or the channel is torn down.
    • Rectifies the race condition where an unsubscribe is rapidly followed
      by a subscribe (on the same channel identifier) and the requests are
      handled out of order by the ActionCable server, thereby ignoring the
      subscribe command.

    Daniel Spinosa

  • Truncate broadcast logging messages.

    J Smith

Active Storage
  • Attachments can be deleted after their association is no longer defined.

    Fixes #​42514

    Don Sisco

Action Mailbox
  • Add attachments to the list of permitted parameters for inbound emails conductor.

    When using the conductor to test inbound emails with attachments, this prevents an
    unpermitted parameter warning in default configurations, and prevents errors for
    applications that set:

    config.action_controller.action_on_unpermitted_parameters = :raise

    David Jones, Dana Henke

Action Text
  • Fix Action Text extra trix content wrapper.

    Alexandre Ruban

Railties
  • In zeitwerk mode, setup the once autoloader first, and the main autoloader after it.
    This order plays better with shared namespaces.

    Xavier Noria

  • Handle paths with spaces when editing credentials.

    Alex Ghiculescu

  • Support Psych 4 when loading secrets.

    Nat Morcos


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@triszt4n triszt4n added this to the Rails 7 milestone Apr 16, 2022
@renovate renovate bot force-pushed the renovate/rails-ujs-6.x branch from b4d702a to ce1c955 Compare May 9, 2022 14:12
@renovate renovate bot changed the title Update dependency @rails/ujs to v6.1.5 Update dependency @rails/ujs to v6.1.6 May 9, 2022
@renovate renovate bot changed the title Update dependency @rails/ujs to v6.1.6 Update dependency @rails/ujs to v6.1.7 Sep 25, 2022
@renovate renovate bot force-pushed the renovate/rails-ujs-6.x branch from cebd2a3 to 291b1ce Compare May 28, 2023 09:33
@renovate renovate bot changed the title Update dependency @rails/ujs to v6.1.7 fix(deps): update dependency @rails/ujs to v6.1.7 Jan 31, 2024
@renovate renovate bot changed the title fix(deps): update dependency @rails/ujs to v6.1.7 fix(deps): update dependency @rails/ujs to v6.1.7 - autoclosed Aug 28, 2024
@renovate renovate bot closed this Aug 28, 2024
@renovate renovate bot deleted the renovate/rails-ujs-6.x branch August 28, 2024 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant