search

ncuesta / dropzonejs-rails

Spice your Rails apps with some Dropzone sugar!
http://rubygems.org/gems/dropzonejs-rails
MIT License
312 stars 56 forks source link

Bump actionpack from 7.0.2 to 7.0.3 #74

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps actionpack from 7.0.2 to 7.0.3.

Release notes

Sourced from actionpack's releases.

7.0.3

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

    Xavier Noria

  • Fixed MariaDB default function support.

    Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

    kaspernj

  • Fix remove_foreign_key with :if_exists option when foreign key actually exists.

    fatkodima

  • Remove --no-comments flag in structure dumps for PostgreSQL

    This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

    ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

    Alex Ghiculescu

  • Use the model name as a prefix when filtering encrypted attributes from logs.

    For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.0.3 (May 09, 2022)

  • Allow relative redirects when raise_on_open_redirects is enabled.

    Tom Hughes

  • Fix authenticate_with_http_basic to allow for missing password.

    Before Rails 7.0 it was possible to handle basic authentication with only a username.

    authenticate_with_http_basic do |token, _|
  ApiClient.authenticate(token)
end

    This ability is restored.

    Jean Boussier

  • Fix content_security_policy returning invalid directives.

    Directives such as self, unsafe-eval and few others were not single quoted when the directive was the result of calling a lambda returning an array.

    content_security_policy do |policy|
  policy.frame_ancestors lambda { [:self, "https://example.com"] }
end

    With this fix the policy generated from above will now be valid.

    Edouard Chin

  • Fix skip_forgery_protection to run without raising an error if forgery protection has not been enabled / verify_authenticity_token is not a defined callback.

    This fix prevents the Rails 7.0 Welcome Page (/) from raising an ArgumentError if default_protect_from_forgery is false.

    Brad Trick

  • Fix ActionController::Live to copy the IsolatedExecutionState in the ephemeral thread.

    Since its inception ActionController::Live has been copying thread local variables to keep things such as CurrentAttributes set from middlewares working in the controller action.

... (truncated)

Commits
  • 3872bc0 Preparing for 7.0.3 release
  • 0e805db Merge pull request #44295 from guillaumecabanel/main
  • f7c77b2 Add missing require of action_controller/metal/exceptions to `action_contro...
  • 5107a6d Fix style and misspell in action dispatch executor test
  • d82885d Merge pull request #44934 from soartec-lab/add-api-doc-for-samesite-of-cookie
  • c204039 Merge branch '7-0-sec' into 7-0-stable
  • 3520cc7 Preparing for 7.0.2.4 release
  • f2f7900 updating changelog for release
  • 8198d7c Merge pull request #44635 from imtayadeway/tjw/api-csp-i
  • 89dd6f5 Merge pull request #44850 from kamipo/preserve_kwargs_flag
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ncuesta/dropzonejs-rails/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #80.