Fix EncryptedConfiguration returning incorrect values for some Hash
methods
Hartley McGuire
Fix arguments being destructed Enumerable#many? with block.
Andrew Novoselac
Fix humanize for strings ending with id.
fatkodima
Active Model
No changes.
Active Record
Fix autosave associations with validations added on :base of the associated objects.
fatkodima
Fix result with anonymous PostgreSQL columns of different type from json.
Oleksandr Avoiants
Preserve timestamp when setting an ActiveSupport::TimeWithZone value to timestamptz attribute.
fatkodima
Fix where on association with has_one/has_many polymorphic relations.
Before:
Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates")
Later:
Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates" WHERE "price_estimates"."estimate_of_type" = 'Treasure')
Bring back Devise.activerecord51? and deprecate it, in order to avoid breakage with some libraries that apparently relied on it.
4.9.1 - 2023-03-31
enhancements
Allow resource class scopes to override the global configuration for sign_in_after_reset_password behaviour. #5429@mattr
Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. #5575
Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. #5576
bug fixes
Failure app will respond with configured redirect_status instead of error_status if the recall app returns a redirect status (300..399) #5573
Add support for Hotwire + Turbo, default in Rails 7+.
Devise uses the latest responders version (v3.1.0 or higher), which allows configuring the status used for validation error responses (error_status) and for redirects after POST/PUT/PATCH/DELETE requests (redirect_status). For backwards compatibility, Devise keeps error_status as :ok which returns a 200 OK response, and redirect_status to :found which returns a 302 Found response, but you can configure it to return 422 Unprocessable Entity and 303 See Other respectively, to match the behavior expected by Hotwire/Turbo:
# config/initializers/devise.rb
Devise.setup do |config|
# ...
config.responder.error_status = :unprocessable_entity
config.responder.redirect_status = :see_other
# ...
end
These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of responders will issue a warning and have no effect, so please upgrade the responders version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board.
If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with config.responder = MyApplicationResponder, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the responders readme for more info on that.
If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary.
:turbo_stream is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on :turbo_stream to be treated as a non-navigational format before, you can reconfigure your navigational_formats in the Devise initializer file to exclude it.
OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default devise/shared/_links.html.erb partial from Devise with OmniAuth enabled.
The "Cancel my account" button was changed to include the data-turbo-confirm option, so that it works with both rails-ujs and Turbo by default.
Devise does not provide "sign out" links/buttons in its shared views, but if you're using sign_out_via with :delete (the default), and are using links with method: :delete, those need to be updated with data: { turbo_method: :delete } instead for Turbo.
Rails: The deprecated config.paper_trail configuration technique has been removed. This configuration object was deprecated in 10.2.0. It only had one key, config.paper_trail.enabled. Please review docs section 2.d. Turning PaperTrail Off for alternatives.
Added
where_object_changes_from queries for versions where the object's attributes changed from one set of known values to any other set of values.
Fixed
#1281 Rails: Instead of an Engine, PT now provides a Railtie, which is simpler.
Expand kwargs passed to save_with_version using double splat operator - Rails 6.1 compatibility
#1287 - Fix 'rails db:migrate' error when run against an app with mysql2 adapter
Dependencies
Drop support for ruby 2.4 (reached EoL on 2020-03-31)
#1399 - Same
change re: YAML.safe_load as in 13.0.0, but this time for Rails 6.0 and 6.1.
This change only affects users whose versions table has object or
object_changes columns of type text, and who use the YAML serializer. People
who use the JSON serializer, or those with json(b) columns, are unaffected.
#1406 -
Certain [Metadata][1] keys are now forbidden, like id, and item_type.
These keys are reserved by PT.
This change is unlikely to affect anyone. It is not expected that anyone
uses these metadata keys. Most people probably don't use PT metadata at all.
Dependencies
Drop support for Rails 5.2, which reached EoL on 2022-06-01
Drop support for Ruby 2.6, which reached EoL on 2022-03-31
Drop support for request_store < 1.4
Added
None
Fixed
#1395 -
Fix incorrect Version#created_at value when using
PaperTrail::RecordTrail#update_columns
#1404 -
Delay referencing ActiveRecord until after Railtie is loaded
Where possible, methods which are not part of PaperTrail's public API have
had their access changed to private. All of these methods had been clearly
marked as @api private in the documentation, for years. This is not expected
to be a breaking change.
13.0.0 (2022-08-15)
Breaking Changes
For Rails >= 7.0, the default serializer will now use YAML.safe_load unless
ActiveRecord.use_yaml_unsafe_load. This change only affects users whose
versions table has object or object_changes columns of type text, and
who use the YAML serializer. People who use the JSON serializer, or those with
json(b) columns, are unaffected. Please see
https://github.com/paper-trail-gem/paper_trail/blob/master/doc/pt_13_yaml_safe_load.md for details.
Use after_save instead of after_commit for clear_scope_changed callback #407 (@Flixt)
Rename add_to_list_top and add_to_list_bottom private methods to avoid_collision that handles both cases as well as the case where :add_new_at is nil. Setting an explicit position when :add_new_at is nil will now shuffle other items out of the way if necessary. This may break existing workarounds you have in place to deal with this bug. #411. ([brendon])
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/polarbeardesign/dds_app/network/alerts).
Bumps jquery-rails, rails, devise, sass-rails, coffee-rails, paper_trail, exception_notification, acts_as_list and i18n. These dependencies needed to be updated together. Updates
jquery-railsfrom 3.1.5 to 4.6.0Changelog
Sourced from jquery-rails's changelog.
... (truncated)
Commits
12869daRelease v4.6.0 with jQuery v3.7.065a9c73Update jquery to 3.7.0fb5a7a8Merge pull request #293 from MichaelHoste/patch-1d9dfbe1Merge pull request #296 from okuramasafumi/patch-1f34a439Update CHANGELOG.mdb9e5aa7Fix typo in CHANGELOG.md (usj=>ujs)de8792dRelease v4.5.1 with jquery 3.6.1 and jquery-ujs 1.2.37e6f508Update jquery-ujs to latest v1.2.3a80d74bUpdate jQuery to latest v3.6.1153d9ffFix changelog typo [ci skip]Updates
railsfrom 3.2.22 to 7.0.6Release notes
Sourced from rails's releases.
... (truncated)
Commits
593893cPreparing for 7.0.6 releasee4509c6Fix yarn.lock4aa2446Update CHANGELOG0b89567Avoid creating match object when checking for illegal header valuebe7cde2Merge pull request #48588 from zzak/7-0-backport-f1cdfc09ae3da1Fix rubocop warning8e37f2bMerge branch '7-0-sec' into 7-0-stablecdd14cePreparing for 7.0.5.1 release93b9c74update changelogc9ab9b3Added check for illegal HTTP header value in redirect_toUpdates
devisefrom 3.5.10 to 4.9.2Release notes
Sourced from devise's releases.
Changelog
Sourced from devise's changelog.
... (truncated)
Commits
8b0b849Release v4.9.24f849f4Bring back `Devise.activerecord51? and deprecate it3926e6dRelease v4.9.1506eaf4Merge pull request #5576 from heartcombo/ca-multiple-orms8dbe5b2Merge pull request #5573 from heartcombo/ca/failure-app-respect-redirect207ddc5Improve support for Devise in apps with multiple ORMs loaded367ea42Refactor dirty tracking conditionals for different versions (#5575)89a0835Uses the responderredirect_statuswhen recall returns a redirecteed5117Add explicit test for respecting theerror_statusresponder config232c855Fix tests with Rails mainUpdates
sass-railsfrom 3.2.6 to 6.0.0Release notes
Sourced from sass-rails's releases.
... (truncated)
Commits
a77240cPrepare to 6.0.08dbe4dcBump version to 6.0.0.beta3830a8ecBump minimum version of sassc-railsff54c20Fix open-ended dependencyebe9ef7Bump version to v6.0.0.beta2409d871Merge pull request #424 from rails/sassc-railsd809900Recomend to use SassC::Rails::Importer to users requiring sass/rails/importer706526dMake sass-rails an wrapper for sassc-rails to allow a smooth upgrade pathac38f1eMerge pull request #423 from gregmolnar/masterd61b999remove gemnasium badge from readmeUpdates
coffee-railsfrom 3.2.2 to 5.0.0Changelog
Sourced from coffee-rails's changelog.
Commits
32a2939Prepare to 5.0.06507f0aSet the javascripts generator option as true in the railtie5f0e005Point to rails repository74214e8Merge pull request #114 from larouxn/rails_6_supporteff9c00Revert folder structure changes, remove --javascripts flage7ce694Fix for exclusively Rails 669e6782TESTING, use my fork of Railsfc8c48cConditionally use Rails 6 folder stucture5df5816Merge pull request #111 from larouxn/stop_testing_below_ruby_2.29bead93Merge pull request #112 from larouxn/update_travis_jruby_versionUpdates
paper_trailfrom 4.0.2 to 14.0.0Release notes
Sourced from paper_trail's releases.
... (truncated)
Changelog
Sourced from paper_trail's changelog.
... (truncated)
Commits
1aa0945Release 14.0.0edefe81Drop support for request_store < 1.481822faLint: Rails/RedundantForeignKeye98e639Lint: Rails/RakeEnvironment3ad8bf2Regen rubocop todo3885128Lint: Rails/NegateIncludef5e129fLint: Rails/ApplicationRecord71f5212Make some api-private methods actually private9a48fafDoc: Mention PT 14 YAML.safe_loade059109GHA: upgrade to actions/stale@v6, add exempt-issue-labels optionUpdates
exception_notificationfrom 3.0.1 to 4.5.0Changelog
Sourced from exception_notification's changelog.
... (truncated)
Commits
13bd47dMerge pull request #527 from mschnitzer/master092d399Delete travis config60cbe96Reflect current GitHub actions build status in README01874d9Update release date for upcoming 4.5.0 release7337212Highlight that Rails versions below 5.2 are no longer supported5eaea31Merge pull request #524 from Cyberwatch/refactor_tests84f4be8Add net-smtp to be compatible with ruby 3.17d3c321Use github action for testing and update test suite10272f9Merge pull request #526 from mschnitzer/prepare_for_4.5.009fb4a4Merge pull request #523 from Cyberwatch/update_rails_7Updates
acts_as_listfrom 0.2.0 to 1.1.0Changelog
Sourced from acts_as_list's changelog.
... (truncated)
Commits
5d5e506Version 1.1.09180a74Avoid collision when add_new_at is nil (#411)c56edafUse after_save instead of after_commit for clear_scope_changed callback (#407)c1e60aeAdd Ruby 3.2 to the CI matrix (#408)ddbba24Bump actions/checkout from 2 to 3 (#402)a6106c0Migrate CI to GitHub Actions (#401)db89982Improve readability by keeping parity with the rest of the doc (#398)d4732a4Merge branch 'master' of https://github.com/brendon/acts_as_list474621fVersion 1.0.419a251fAdd Tests ruby 2.7 and 3.0 for integration test (#393)Updates
i18nfrom 0.6.11 to 1.14.1Release notes
Sourced from i18n's releases.
... (truncated)
Commits
395aa5eBump to 1.14.15d5c40fMerge pull request #666 from amatsuda/checkout_v3d61de01Fix build warnings in the CI by using actions/checkout@v3767c0a2Merge pull request #665 from amatsuda/ci_ruby329b519dcCI against Ruby 3.2c396baeMerge pull request #659 from mark-a/mark-a-fallback-docbbe078bMerge pull request #662 from amatsuda/default_empty_array0bbef26Merge pull request #663 from amatsuda/fix_rails_edge_ci26ae7f6Merge pull request #664 from amatsuda/skip_jruby_rails526afb576Skip CIing on jruby against Rails 5.2Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/polarbeardesign/dds_app/network/alerts).