#1399 - Same
change re: YAML.safe_load as in 13.0.0, but this time for Rails 6.0 and 6.1.
This change only affects users whose versions table has object or
object_changes columns of type text, and who use the YAML serializer. People
who use the JSON serializer, or those with json(b) columns, are unaffected.
#1406 -
Certain [Metadata][1] keys are now forbidden, like id, and item_type.
These keys are reserved by PT.
This change is unlikely to affect anyone. It is not expected that anyone
uses these metadata keys. Most people probably don't use PT metadata at all.
Dependencies
Drop support for Rails 5.2, which reached EoL on 2022-06-01
Drop support for Ruby 2.6, which reached EoL on 2022-03-31
Drop support for request_store < 1.4
Added
None
Fixed
#1395 -
Fix incorrect Version#created_at value when using
PaperTrail::RecordTrail#update_columns
#1404 -
Delay referencing ActiveRecord until after Railtie is loaded
Where possible, methods which are not part of PaperTrail's public API have
had their access changed to private. All of these methods had been clearly
marked as @api private in the documentation, for years. This is not expected
to be a breaking change.
13.0.0 (2022-08-15)
Breaking Changes
For Rails >= 7.0, the default serializer will now use YAML.safe_load unless
ActiveRecord.use_yaml_unsafe_load. This change only affects users whose
versions table has object or object_changes columns of type text, and
who use the YAML serializer. People who use the JSON serializer, or those with
json(b) columns, are unaffected. Please see
https://github.com/paper-trail-gem/paper_trail/blob/master/doc/pt_13_yaml_safe_load.md for details.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps paper_trail from 12.3.0 to 14.0.0.
Changelog
Sourced from paper_trail's changelog.
... (truncated)
Commits
1aa0945
Release 14.0.0edefe81
Drop support for request_store < 1.481822fa
Lint: Rails/RedundantForeignKeye98e639
Lint: Rails/RakeEnvironment3ad8bf2
Regen rubocop todo3885128
Lint: Rails/NegateIncludef5e129f
Lint: Rails/ApplicationRecord71f5212
Make some api-private methods actually private9a48faf
Doc: Mention PT 14 YAML.safe_loade059109
GHA: upgrade to actions/stale@v6, add exempt-issue-labels optionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)