search

waymondo / turboboost

Enhanced AJAX handling for Rails apps
166 stars 17 forks source link

Bump actionview from 5.2.2.1 to 7.0.3 #59

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps actionview from 5.2.2.1 to 7.0.3.

Release notes

Sourced from actionview's releases.

7.0.3

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

    Xavier Noria

  • Fixed MariaDB default function support.

    Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

    kaspernj

  • Fix remove_foreign_key with :if_exists option when foreign key actually exists.

    fatkodima

  • Remove --no-comments flag in structure dumps for PostgreSQL

    This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

    ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

    Alex Ghiculescu

  • Use the model name as a prefix when filtering encrypted attributes from logs.

    For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 7.0.3 (May 09, 2022)

  • Ensure models passed to form_for attempt to call to_model.

    Sean Doyle

Rails 7.0.2.4 (April 26, 2022)

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag.

    Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

  • No changes.

Rails 7.0.2.2 (February 11, 2022)

  • No changes.

Rails 7.0.2.1 (February 11, 2022)

  • No changes.

Rails 7.0.2 (February 08, 2022)

  • Ensure preload_link_tag preloads JavaScript modules correctly.

    Máximo Mussini

  • Fix stylesheet_link_tag and similar helpers are being used to work in objects with a response method.

    dark-panda

Rails 7.0.1 (January 06, 2022)

  • Fix button_to to work with a hash parameter as URL.

    MingyuanQin

... (truncated)

Commits
  • 3872bc0 Preparing for 7.0.3 release
  • 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
  • c204039 Merge branch '7-0-sec' into 7-0-stable
  • 3520cc7 Preparing for 7.0.2.4 release
  • f2f7900 updating changelog for release
  • 4e3ebe0 Fix button_to UJS examples formatting [ci-skip]
  • e5bb80f Fix link_to UJS examples formatting [ci-skip]
  • aa43de1 Merge pull request #44784 from ghiculescu/data-remote-no-turbo
  • 5c7dae5 Fix and add protections for XSS in names.
  • 89dd6f5 Merge pull request #44850 from kamipo/preserve_kwargs_flag
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/waymondo/turboboost/network/alerts).
dependabot[bot] commented 2 years ago

Looks like actionview is up-to-date now, so this is no longer needed.