Release notes
*Sourced from [actionview's releases](https://github.com/rails/rails/releases).*
> ## 5.2.4.1
> ## Active Support
>
> * No changes.
>
>
>
> ## Active Model
>
> * No changes.
>
>
>
> ## Active Record
>
> * No changes.
>
>
>
> ## Action View
>
> * No changes.
>
>
>
> ## Action Pack
>
> * Fix possible information leak / session hijacking vulnerability.
>
> The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the
> gem dalli to be updated as well.
>
> CVE-2019-16782.
>
>
>
> ## Active Job
>
> * No changes.
>
>
>
> ## Action Mailer
>
> * No changes.
>
>
>
> ## Action Cable
>
> ... (truncated)
Commits
- [`ac30e38`](https://github.com/rails/rails/commit/ac30e389ecfa0e26e3d44c1eda8488ddf63b3ecc) Preparing for 5.2.4.1 release
- [`8bec77c`](https://github.com/rails/rails/commit/8bec77cc0f1fd47677a331a64f68c5918efd2ca9) Preparing for 5.2.4 release
- [`9e2a341`](https://github.com/rails/rails/commit/9e2a34122bd436e92a21ded4a50fa23461c29a4e) Preparing for 5.2.4.rc1 release
- [`b4262a3`](https://github.com/rails/rails/commit/b4262a32547a881b22e4a8c10ee68e68e122d6e7) Merge pull request [#37054](https://github-redirect.dependabot.com/rails/rails/issues/37054) from sinsoku/patch/add_doc_for_placeholder_option
- [`17c4240`](https://github.com/rails/rails/commit/17c4240eafcf8e16f51abab6605dda1a9416ee1c) Merge pull request [#35121](https://github-redirect.dependabot.com/rails/rails/issues/35121) from utilum/warning_tried_to_create_proc_without_block
- [`2dc08f6`](https://github.com/rails/rails/commit/2dc08f6837abd61bee3a7b0b02181c5dfdd18ece) Revert "Update sanitizer in ActionView::Helpers::SanitizeHelper"
- [`2cd4bce`](https://github.com/rails/rails/commit/2cd4bce87685c0b6c01d3baabff42f68014bce32) Update sanitizer in ActionView::Helpers::SanitizeHelper
- [`f64de36`](https://github.com/rails/rails/commit/f64de36c29b4dee412dd7fa8359849dabdcc54b9) Suppress Ruby warning: :warning: non-nil $, will be deprecated
- [`765403c`](https://github.com/rails/rails/commit/765403c71dbd72b393792d2633ca5abf46ad6295) Merge pull request [#36437](https://github-redirect.dependabot.com/rails/rails/issues/36437) from sudara/fix_programmatic_clicks_with_data_remote
- [`e6f3218`](https://github.com/rails/rails/commit/e6f3218638507b71c53e022ce0c274ca8273707a) Merge pull request [#36477](https://github-redirect.dependabot.com/rails/rails/issues/36477) from albertoalmagro/alberto/button-to-default-path
- Additional commits viewable in [compare view](https://github.com/rails/rails/compare/v5.1.5...v5.2.4.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CultivateLabs/storytime/network/alerts).
dependabot[bot]
commented
4 years ago
Bumps actionview from 5.1.5 to 5.2.4.1.
Release notes
*Sourced from [actionview's releases](https://github.com/rails/rails/releases).* > ## 5.2.4.1 > ## Active Support > > * No changes. > > > > ## Active Model > > * No changes. > > > > ## Active Record > > * No changes. > > > > ## Action View > > * No changes. > > > > ## Action Pack > > * Fix possible information leak / session hijacking vulnerability. > > The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the > gem dalli to be updated as well. > > CVE-2019-16782. > > > > ## Active Job > > * No changes. > > > > ## Action Mailer > > * No changes. > > > > ## Action Cable > > ... (truncated)Commits
- [`ac30e38`](https://github.com/rails/rails/commit/ac30e389ecfa0e26e3d44c1eda8488ddf63b3ecc) Preparing for 5.2.4.1 release - [`8bec77c`](https://github.com/rails/rails/commit/8bec77cc0f1fd47677a331a64f68c5918efd2ca9) Preparing for 5.2.4 release - [`9e2a341`](https://github.com/rails/rails/commit/9e2a34122bd436e92a21ded4a50fa23461c29a4e) Preparing for 5.2.4.rc1 release - [`b4262a3`](https://github.com/rails/rails/commit/b4262a32547a881b22e4a8c10ee68e68e122d6e7) Merge pull request [#37054](https://github-redirect.dependabot.com/rails/rails/issues/37054) from sinsoku/patch/add_doc_for_placeholder_option - [`17c4240`](https://github.com/rails/rails/commit/17c4240eafcf8e16f51abab6605dda1a9416ee1c) Merge pull request [#35121](https://github-redirect.dependabot.com/rails/rails/issues/35121) from utilum/warning_tried_to_create_proc_without_block - [`2dc08f6`](https://github.com/rails/rails/commit/2dc08f6837abd61bee3a7b0b02181c5dfdd18ece) Revert "Update sanitizer in ActionView::Helpers::SanitizeHelper" - [`2cd4bce`](https://github.com/rails/rails/commit/2cd4bce87685c0b6c01d3baabff42f68014bce32) Update sanitizer in ActionView::Helpers::SanitizeHelper - [`f64de36`](https://github.com/rails/rails/commit/f64de36c29b4dee412dd7fa8359849dabdcc54b9) Suppress Ruby warning: :warning: non-nil $, will be deprecated - [`765403c`](https://github.com/rails/rails/commit/765403c71dbd72b393792d2633ca5abf46ad6295) Merge pull request [#36437](https://github-redirect.dependabot.com/rails/rails/issues/36437) from sudara/fix_programmatic_clicks_with_data_remote - [`e6f3218`](https://github.com/rails/rails/commit/e6f3218638507b71c53e022ce0c274ca8273707a) Merge pull request [#36477](https://github-redirect.dependabot.com/rails/rails/issues/36477) from albertoalmagro/alberto/button-to-default-path - Additional commits viewable in [compare view](https://github.com/rails/rails/compare/v5.1.5...v5.2.4.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CultivateLabs/storytime/network/alerts).