Redis cache store is now compatible with redis-rb 5.0.
Jean Boussier
Fix NoMethodError on custom ActiveSupport::Deprecation behavior.
ActiveSupport::Deprecation.behavior= was supposed to accept any object
that responds to call, but in fact its internal implementation assumed that
this object could respond to arity, so it was restricted to only Proc objects.
This change removes this arity restriction of custom behaviors.
Ryo Nakamura
Rails 7.0.3.1 (July 12, 2022)
No changes.
Rails 7.0.3 (May 09, 2022)
No changes.
Rails 7.0.2.4 (April 26, 2022)
Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
This fixes a compatibility issue introduced in our previous security
release when using domain: :all with a two letter but single level top
level domain domain (like .ca, rather than .co.uk).
Rails 7.0.4.1 (January 17, 2023)
Fix sec issue with _url_host_allowed?
Disallow certain strings from _url_host_allowed? to avoid a redirect
to malicious sites.
[CVE-2023-22797]
Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
Use string#split instead of regex for domain parts
[CVE-2023-22792]
Rails 7.0.4 (September 09, 2022)
Prevent ActionDispatch::ServerTiming from overwriting existing values in Server-Timing.
Previously, if another middleware down the chain set Server-Timing header,
it would overwritten by ActionDispatch::ServerTiming.
Jakub Malinowski
Rails 7.0.3.1 (July 12, 2022)
No changes.
Rails 7.0.3 (May 09, 2022)
Allow relative redirects when raise_on_open_redirects is enabled.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ctti-clinicaltrials/aact/network/alerts).
Looks like this PR is already up-to-date with dev! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.
Bumps activesupport, rails, activerecord-import and actionpack. These dependencies needed to be updated together. Updates
activesupport
from 6.0.0 to 7.0.4.3Release notes
Sourced from activesupport's releases.
... (truncated)
Changelog
Sourced from activesupport's changelog.
... (truncated)
Commits
c15ee6e
Preparing for 7.0.4.3 release3468503
Implement SafeBuffer#bytesplice7c70791
Version 7.0.4.223e0345
Version 7.0.4.12164d4f
Avoid regex backtracking in Inflector.underscore8015c2c
Version 7.0.4ff27758
Revert "Merge pull request #44695 from Edouard-chin/ec-tagger-logger-broadcast"4a1f224
Merge pull request #45882 from rails/short-inspect-on-test-casea3bd3b5
Backport Redis 5.0 compatibility67f37ac
Fix flaky tests for RedisCacheStoreUpdates
rails
from 6.0.0 to 7.0.4.3Release notes
Sourced from rails's releases.
... (truncated)
Commits
c15ee6e
Preparing for 7.0.4.3 release73009ea
Ignore certain data-* attributes in rails-ujs when element is contenteditable3468503
Implement SafeBuffer#bytesplice7c70791
Version 7.0.4.21d6de16
Merge pull request #47087 from jhawthorn/cookie_domain23e0345
Version 7.0.4.1d7aba06
Make sanitize_as_sql_comment more strict8d82687
Avoid regex backtracking on If-None-Match header2164d4f
Avoid regex backtracking in Inflector.underscorecd46b0e
Use string#split instead of regex for domain partsUpdates
activerecord-import
from 0.19.1 to 1.4.1Changelog
Sourced from activerecord-import's changelog.
... (truncated)
Commits
ef08aca
Update changelog for 1.4.1ca49cba
Bump version to 1.4.1e322b7b
Merge pull request #783 from Booster-Apps/composite-primary-keys-required-bel...15ed95c
Test composite primary keys in Rails 7.0e869608
Fix importing models that are required to belong to models with composite pri...20c1d3a
Fix linter issuec993b61
Fixes zdennis/activerecord-import#775612c874
Set ActiveRecord::Base.use_yaml_unsafe_load to trueed0c456
Fix tests for AR < 5.0fbd940d
Allow raw SQL in returning optionUpdates
actionpack
from 6.0.0 to 7.0.4.3Release notes
Sourced from actionpack's releases.
... (truncated)
Changelog
Sourced from actionpack's changelog.
... (truncated)
Commits
c15ee6e
Preparing for 7.0.4.3 release7c70791
Version 7.0.4.21d6de16
Merge pull request #47087 from jhawthorn/cookie_domain23e0345
Version 7.0.4.18d82687
Avoid regex backtracking on If-None-Match headercd46b0e
Use string#split instead of regex for domain partse50e26d
Fix sec issue with _url_host_allowed?8015c2c
Version 7.0.4f3c345e
Merge pull request #45964 from jhawthorn/server_timing_safety4d25c64
Merge pull request #45221 from jhawthorn/ac_params_eql_fixDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ctti-clinicaltrials/aact/network/alerts).