Some internal housekeeping on reloads could break custom respond_to?
methods in class objects that referenced reloadable constants. See
#44125 for details.
Xavier Noria
Fixed MariaDB default function support.
Defaults would be written wrong in "db/schema.rb" and not work correctly
if using db:schema:load. Further more the function name would be
added as string content when saving new records.
kaspernj
Fix remove_foreign_key with :if_exists option when foreign key actually exists.
fatkodima
Remove --no-comments flag in structure dumps for PostgreSQL
This broke some apps that used custom schema comments. If you don't want
comments in your structure dump, you can use:
Use the model name as a prefix when filtering encrypted attributes from logs.
For example, when encrypting Person#name it will add person.name as a filter
parameter, instead of just name. This prevents unintended filtering of parameters
with a matching name in other models.
Directives such as self, unsafe-eval and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
With this fix the policy generated from above will now be valid.
Edouard Chin
Fix skip_forgery_protection to run without raising an error if forgery
protection has not been enabled / verify_authenticity_token is not a
defined callback.
This fix prevents the Rails 7.0 Welcome Page (/) from raising an
ArgumentError if default_protect_from_forgery is false.
Brad Trick
Fix ActionController::Live to copy the IsolatedExecutionState in the ephemeral thread.
Since its inception ActionController::Live has been copying thread local variables
to keep things such as CurrentAttributes set from middlewares working in the controller action.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/plashchynski/crono/network/alerts).
Bumps actionpack from 6.1.2.1 to 7.0.3.
Release notes
Sourced from actionpack's releases.
... (truncated)
Changelog
Sourced from actionpack's changelog.
... (truncated)
Commits
3872bc0
Preparing for 7.0.3 release0e805db
Merge pull request #44295 from guillaumecabanel/mainf7c77b2
Add missing require ofaction_controller/metal/exceptions
to `action_contro...5107a6d
Fix style and misspell in action dispatch executor testd82885d
Merge pull request #44934 from soartec-lab/add-api-doc-for-samesite-of-cookiec204039
Merge branch '7-0-sec' into 7-0-stable3520cc7
Preparing for 7.0.2.4 releasef2f7900
updating changelog for release8198d7c
Merge pull request #44635 from imtayadeway/tjw/api-csp-i89dd6f5
Merge pull request #44850 from kamipo/preserve_kwargs_flagDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/plashchynski/crono/network/alerts).