Release notes
*Sourced from [devise's releases](https://github.com/plataformatec/devise/releases).*
> ## v3.5.3
> - bug fixes
> - Fix password reset for records where `confirmation_required?` is disabled and
> `confirmation_sent_at` is nil. (by [@andygeers](https://github.com/andygeers))
> - Allow resources with no `email` field to be recoverable (and do not clear the
> reset password token if the model was already persisted). (by [@seddy](https://github.com/seddy), [@stanhu](https://github.com/stanhu))
> - enhancements
> - Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed.
>
> ## v3.5.2
> - enhancements
> - Perform case insensitive basic authorization matching
> - bug fixes
> - Do not use digests for password confirmation token
> - Fix infinite redirect in Rails 4.2 authenticated routes
> - Autoload Devise::Encryptor to avoid errors on thread-safe mode
> - deprecations
> - `config.expire_auth_token_on_timeout` was removed
>
> ## v3.4.1
> - enhancements
> - Devise default views now have a similar markup to Rails scaffold views. (by [@udaysinghcode](https://github.com/udaysinghcode), [@cllns](https://github.com/cllns))
> - Passing `now: true` to the `set_flash_message` helper now sets the message into
> the `flash.now` Hash. (by [@hbriggs](https://github.com/hbriggs))
> - bugfixes
> - Fixed an regression with translation of flash messages for when the `authentication_keys`
> config is a Hash. (by [@lucasmazza](https://github.com/lucasmazza))
>
> ## v3.4.0
> - enhancements
> - Support added for Rails 4.2. Devise now depends on the `responders` gem due
> the extraction of the `respond_with` API from Rails. (by [@lucasmazza](https://github.com/lucasmazza))
> - The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding
> a hint about the minimum password length when `validatable` is enabled. (by [@aried3r](https://github.com/aried3r))
> - Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag
> to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by [@Chun-Yang](https://github.com/Chun-Yang))
> - Removed the hardcoded references for "email" in the flash messages. If you are using
> different attributes as the `authentication_keys` they will be interpolated in the
> messages instead. (by [@timoschilling](https://github.com/timoschilling))
> - bug fix
> - Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished`
> exception when executed inside a mountable engine. (by [@lucasmazza](https://github.com/lucasmazza))
> - Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by [@micat](https://github.com/micat))
> - Ensure all causes of failed login have the same error message (by [@pjungwir](https://github.com/pjungwir))
> - The `last_attempt_warning` now takes effect when generating the unauthenticated
> message for your users. To keep the current behavior, this flag is now `true`
> by default. (by [@lucasmazza](https://github.com/lucasmazza))
Changelog
*Sourced from [devise's changelog](https://github.com/plataformatec/devise/blob/v3.5.10/CHANGELOG.md).*
> ### 3.5.10 - 2016-05-15
>
> * bug fixes
> * Fix overwriting the remember_token when a valid one already exists (by [@ralinchimev](https://github.com/ralinchimev)).
>
> ### 3.5.9 - 2016-05-02
>
> * bug fixes
> * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none`
> and `:undefined` strategies. (by [@f3ndot](https://github.com/f3ndot))
>
> ### 3.5.8 - 2016-04-25
>
> * bug fixes
> * Fix the e-mail confirmation instructions send when a user updates the email address from nil
>
> ### 3.5.7 - 2016-04-18
>
> * bug fixes
> * Fix the `extend_remember_period` configuration. When set to `false` it does
> not update the cookie expiration anymore.(by [@ulissesalmeida](https://github.com/ulissesalmeida))
>
> ### 3.5.6 - 2016-01-02
>
> * bug fixes
> * Fix type coercion of the rememberable timestamp stored on cookies.
>
> ### 3.5.5 - 2016-22-01
>
> * bug fixes
> * Bring back remember_expired? implementation
> * Ensure timeouts are not triggered if remember me is being used
>
> ### 3.5.4 - 2016-18-01
>
> * bug fixes
> * Store creation timestamps on remember cookies
>
> ### 3.5.3 - 2015-12-10
>
> * bug fixes
> * Fix password reset for records where `confirmation_required?` is disabled and
> `confirmation_sent_at` is nil. (by [@andygeers](https://github.com/andygeers))
> * Allow resources with no `email` field to be recoverable (and do not clear the
> reset password token if the model was already persisted). (by [@seddy](https://github.com/seddy), [@stanhu](https://github.com/stanhu))
>
> * enhancements
> * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed.
>
> ### 3.5.2 - 2015-08-10
> ... (truncated)
Commits
- [`321fe1d`](https://github.com/plataformatec/devise/commit/321fe1d13b172c7160bce9fd083d526cb4900fcc) Release 3.5.10
- [`a7dcf98`](https://github.com/plataformatec/devise/commit/a7dcf98f7edd3786ea281c6ab4b12bfa4735e8d2) Fix overwriting the remember_token when a valid one already exists ([#4101](https://github-redirect.dependabot.com/plataformatec/devise/issues/4101))
- [`7e658a2`](https://github.com/plataformatec/devise/commit/7e658a2abfd5e429eaf95dc3f088acb7f21f5d15) Release 3.5.9
- [`0252f0e`](https://github.com/plataformatec/devise/commit/0252f0e4a8e082211ce187401edb09e16e1cbb55) Extract list of both strategies into class constant
- [`07e907e`](https://github.com/plataformatec/devise/commit/07e907ec26bcf40c37cb9c86724aba03cacdfd59) :beetle: Fix strategy checking in #unlock_strategy_enabled? for :none and und...
- [`e9ed3e2`](https://github.com/plataformatec/devise/commit/e9ed3e2cb438e9127ab4a77d610b8d5fad2451e7) Support for older rails versions.
- [`2fa6735`](https://github.com/plataformatec/devise/commit/2fa67354625cd18a52550cd4d344ada66bb27361) Lock mime-types to ~> 2.99
- [`b8cddc3`](https://github.com/plataformatec/devise/commit/b8cddc3cf34d1502fc057fdcba800485fea8f869) Release 3.5.8
- [`1d57169`](https://github.com/plataformatec/devise/commit/1d57169c7bd12977a6697a5a06cda265442bb5c8) Send confirmation instructions when a user updates the email address from nil
- [`812c1de`](https://github.com/plataformatec/devise/commit/812c1de8e8324de6debd18b1262e29108891f4a7) Release 3.5.7 version.
- Additional commits viewable in [compare view](https://github.com/plataformatec/devise/compare/v1.5.3...v3.5.10)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/travis-ci/travis-crowd/network/alerts).
Bumps devise from 1.5.3 to 3.5.10.
Release notes
*Sourced from [devise's releases](https://github.com/plataformatec/devise/releases).* > ## v3.5.3 > - bug fixes > - Fix password reset for records where `confirmation_required?` is disabled and > `confirmation_sent_at` is nil. (by [@andygeers](https://github.com/andygeers)) > - Allow resources with no `email` field to be recoverable (and do not clear the > reset password token if the model was already persisted). (by [@seddy](https://github.com/seddy), [@stanhu](https://github.com/stanhu)) > - enhancements > - Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. > > ## v3.5.2 > - enhancements > - Perform case insensitive basic authorization matching > - bug fixes > - Do not use digests for password confirmation token > - Fix infinite redirect in Rails 4.2 authenticated routes > - Autoload Devise::Encryptor to avoid errors on thread-safe mode > - deprecations > - `config.expire_auth_token_on_timeout` was removed > > ## v3.4.1 > - enhancements > - Devise default views now have a similar markup to Rails scaffold views. (by [@udaysinghcode](https://github.com/udaysinghcode), [@cllns](https://github.com/cllns)) > - Passing `now: true` to the `set_flash_message` helper now sets the message into > the `flash.now` Hash. (by [@hbriggs](https://github.com/hbriggs)) > - bugfixes > - Fixed an regression with translation of flash messages for when the `authentication_keys` > config is a Hash. (by [@lucasmazza](https://github.com/lucasmazza)) > > ## v3.4.0 > - enhancements > - Support added for Rails 4.2. Devise now depends on the `responders` gem due > the extraction of the `respond_with` API from Rails. (by [@lucasmazza](https://github.com/lucasmazza)) > - The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding > a hint about the minimum password length when `validatable` is enabled. (by [@aried3r](https://github.com/aried3r)) > - Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag > to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by [@Chun-Yang](https://github.com/Chun-Yang)) > - Removed the hardcoded references for "email" in the flash messages. If you are using > different attributes as the `authentication_keys` they will be interpolated in the > messages instead. (by [@timoschilling](https://github.com/timoschilling)) > - bug fix > - Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` > exception when executed inside a mountable engine. (by [@lucasmazza](https://github.com/lucasmazza)) > - Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by [@micat](https://github.com/micat)) > - Ensure all causes of failed login have the same error message (by [@pjungwir](https://github.com/pjungwir)) > - The `last_attempt_warning` now takes effect when generating the unauthenticated > message for your users. To keep the current behavior, this flag is now `true` > by default. (by [@lucasmazza](https://github.com/lucasmazza))Changelog
*Sourced from [devise's changelog](https://github.com/plataformatec/devise/blob/v3.5.10/CHANGELOG.md).* > ### 3.5.10 - 2016-05-15 > > * bug fixes > * Fix overwriting the remember_token when a valid one already exists (by [@ralinchimev](https://github.com/ralinchimev)). > > ### 3.5.9 - 2016-05-02 > > * bug fixes > * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` > and `:undefined` strategies. (by [@f3ndot](https://github.com/f3ndot)) > > ### 3.5.8 - 2016-04-25 > > * bug fixes > * Fix the e-mail confirmation instructions send when a user updates the email address from nil > > ### 3.5.7 - 2016-04-18 > > * bug fixes > * Fix the `extend_remember_period` configuration. When set to `false` it does > not update the cookie expiration anymore.(by [@ulissesalmeida](https://github.com/ulissesalmeida)) > > ### 3.5.6 - 2016-01-02 > > * bug fixes > * Fix type coercion of the rememberable timestamp stored on cookies. > > ### 3.5.5 - 2016-22-01 > > * bug fixes > * Bring back remember_expired? implementation > * Ensure timeouts are not triggered if remember me is being used > > ### 3.5.4 - 2016-18-01 > > * bug fixes > * Store creation timestamps on remember cookies > > ### 3.5.3 - 2015-12-10 > > * bug fixes > * Fix password reset for records where `confirmation_required?` is disabled and > `confirmation_sent_at` is nil. (by [@andygeers](https://github.com/andygeers)) > * Allow resources with no `email` field to be recoverable (and do not clear the > reset password token if the model was already persisted). (by [@seddy](https://github.com/seddy), [@stanhu](https://github.com/stanhu)) > > * enhancements > * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. > > ### 3.5.2 - 2015-08-10 > ... (truncated)Commits
- [`321fe1d`](https://github.com/plataformatec/devise/commit/321fe1d13b172c7160bce9fd083d526cb4900fcc) Release 3.5.10 - [`a7dcf98`](https://github.com/plataformatec/devise/commit/a7dcf98f7edd3786ea281c6ab4b12bfa4735e8d2) Fix overwriting the remember_token when a valid one already exists ([#4101](https://github-redirect.dependabot.com/plataformatec/devise/issues/4101)) - [`7e658a2`](https://github.com/plataformatec/devise/commit/7e658a2abfd5e429eaf95dc3f088acb7f21f5d15) Release 3.5.9 - [`0252f0e`](https://github.com/plataformatec/devise/commit/0252f0e4a8e082211ce187401edb09e16e1cbb55) Extract list of both strategies into class constant - [`07e907e`](https://github.com/plataformatec/devise/commit/07e907ec26bcf40c37cb9c86724aba03cacdfd59) :beetle: Fix strategy checking in #unlock_strategy_enabled? for :none and und... - [`e9ed3e2`](https://github.com/plataformatec/devise/commit/e9ed3e2cb438e9127ab4a77d610b8d5fad2451e7) Support for older rails versions. - [`2fa6735`](https://github.com/plataformatec/devise/commit/2fa67354625cd18a52550cd4d344ada66bb27361) Lock mime-types to ~> 2.99 - [`b8cddc3`](https://github.com/plataformatec/devise/commit/b8cddc3cf34d1502fc057fdcba800485fea8f869) Release 3.5.8 - [`1d57169`](https://github.com/plataformatec/devise/commit/1d57169c7bd12977a6697a5a06cda265442bb5c8) Send confirmation instructions when a user updates the email address from nil - [`812c1de`](https://github.com/plataformatec/devise/commit/812c1de8e8324de6debd18b1262e29108891f4a7) Release 3.5.7 version. - Additional commits viewable in [compare view](https://github.com/plataformatec/devise/compare/v1.5.3...v3.5.10)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/travis-ci/travis-crowd/network/alerts).