chore(deps): update dependency rails to v6.1.7.9

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
rails (source, changelog)	6.1.6 -> 6.1.7.9

---

Release Notes

rails/rails (rails)

### [`v6.1.7.9`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.9): 6.1.7.9 [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.8...v6.1.7.9) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Avoid regex backtracking in HTTP Token authentication \[CVE-2024-47887] - Avoid regex backtracking in query parameter filtering \[CVE-2024-41128] #### Active Job - No changes. #### Action Mailer - Avoid regex backtracking in `block_format` helper \[CVE-2024-47889] #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Avoid backtracing in plain_text_for_blockquote_node \[CVE-2024-47888] #### Railties - No changes. #### Guides - No changes. ### [`v6.1.7.8`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.8): 6.1.7.8 [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.7...v6.1.7.8) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Include the HTTP Permissions-Policy on non-HTML Content-Types \[CVE-2024-28103] #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v6.1.7.7`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.7): 6.1.7.7 [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.6...v6.1.7.7) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - Disables the session in `ActiveStorage::Blobs::ProxyController` and `ActiveStorage::Representations::ProxyController` in order to allow caching by default in some CDNs as CloudFlare Fixes [#​44136](https://redirect.github.com/rails/rails/issues/44136) *Bruno Prieto* #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v6.1.7.6`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.6) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.5...v6.1.7.6) No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release. ### [`v6.1.7.5`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.5): 6.1.7.5 Release [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.4...v6.1.7.5) #### Active Support - Use a temporary file for storing unencrypted files while editing \[CVE-2023-38037] #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v6.1.7.4`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.4) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.3...v6.1.7.4) ##### Active Support - No changes. ##### Active Model - No changes. ##### Active Record - No changes. ##### Action View - No changes. ##### Action Pack - Raise an exception if illegal characters are provide to redirect_to \[CVE-2023-28362] *Zack Deveau* ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - No changes. ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - No changes. ### [`v6.1.7.3`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.3) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.2...v6.1.7.3) #### Active Support - Implement SafeBuffer#bytesplice \[CVE-2023-28120] #### Active Model - No changes. #### Active Record - No changes. #### Action View - Ignore certain data-\* attributes in rails-ujs when element is contenteditable \[CVE-2023-23913] #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v6.1.7.2`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.2) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7.1...v6.1.7.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Fix `domain: :all` for two letter TLD This fixes a compatibility issue introduced in our previous security release when using `domain: :all` with a two letter but single level top level domain domain (like `.ca`, rather than `.co.uk`). #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v6.1.7.1`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7.1) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.7...v6.1.7.1) ##### Active Support - Avoid regex backtracking in Inflector.underscore \[CVE-2023-22796] ##### Active Model - No changes. ##### Active Record - Make sanitize_as_sql_comment more strict Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input. This commit makes the sanitization more robust by replacing any occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal. This also clarifies in the documentation of annotate that it should not be provided user input. \[CVE-2023-22794] - Added integer width check to PostgreSQL::Quoting Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan. This behavior is configurable via ActiveRecord::Base.raise_int_wider_than\_64bit which defaults to true. \[CVE-2022-44566] ##### Action View - No changes. ##### Action Pack - Avoid regex backtracking on If-None-Match header \[CVE-2023-22795] - Use string#split instead of regex for domain parts \[CVE-2023-22792] ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - No changes. ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - No changes. ### [`v6.1.7`](https://redirect.github.com/rails/rails/releases/tag/v6.1.7) [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.6.1...v6.1.7) ##### Active Support - No changes. ##### Active Model - No changes. ##### Active Record - Symbol is allowed by default for YAML columns *Étienne Barrié* - Fix `ActiveRecord::Store` to serialize as a regular Hash Previously it would serialize as an `ActiveSupport::HashWithIndifferentAccess` which is wasteful and cause problem with YAML safe_load. *Jean Boussier* - Fix PG.connect keyword arguments deprecation warning on ruby 2.7 Fixes [#​44307](https://redirect.github.com/rails/rails/issues/44307). *Nikita Vasilevsky* ##### Action View - No changes. ##### Action Pack - No changes. ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0. *fatkodima* ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - No changes. ### [`v6.1.6.1`](https://redirect.github.com/rails/rails/releases/tag/v6.1.6.1): 6.1.6.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v6.1.6...v6.1.6.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - Change ActiveRecord::Coders::YAMLColumn default to safe_load This adds two new configuration options The configuration options are as follows: - `config.active_storage.use_yaml_unsafe_load` When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is *not* recommended, but can aid in upgrading. - `config.active_record.yaml_column_permitted_classes` The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows: config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time] \[CVE-2022-32224] #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.