waymondo / turboboost

Enhanced AJAX handling for Rails apps
166 stars 17 forks source link

Bump activesupport from 5.2.2.1 to 7.0.3 #60

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps activesupport from 5.2.2.1 to 7.0.3.

Release notes

Sourced from activesupport's releases.

7.0.3

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

    Xavier Noria

  • Fixed MariaDB default function support.

    Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

    kaspernj

  • Fix remove_foreign_key with :if_exists option when foreign key actually exists.

    fatkodima

  • Remove --no-comments flag in structure dumps for PostgreSQL

    This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

    ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']
    

    Alex Ghiculescu

  • Use the model name as a prefix when filtering encrypted attributes from logs.

    For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.0.3 (May 09, 2022)

  • No changes.

Rails 7.0.2.4 (April 26, 2022)

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

  • No changes.

Rails 7.0.2.2 (February 11, 2022)

  • Fix Reloader method signature to work with the new Executor signature

Rails 7.0.2.1 (February 11, 2022)

  • No changes.

Rails 7.0.2 (February 08, 2022)

  • Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

    Stephen Sugden

  • Improve File.atomic_write error handling.

    Daniel Pepper

Rails 7.0.1 (January 06, 2022)

... (truncated)

Commits
  • 3872bc0 Preparing for 7.0.3 release
  • 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 2722895 Emphasize cacheable objects in guide and API docs [ci-skip]
  • a1fbc46 Allow setting some active support settings via initializers
  • c204039 Merge branch '7-0-sec' into 7-0-stable
  • 3520cc7 Preparing for 7.0.2.4 release
  • f2f7900 updating changelog for release
  • 2266802 Merge pull request #44893 from ghousemohamed/add-docs-for-run-load-hooks
  • 13cf5d3 Merge pull request #44366 from avalanche123/patch-1
  • 5c7dae5 Fix and add protections for XSS in names.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/waymondo/turboboost/network/alerts).
dependabot[bot] commented 2 years ago

Looks like activesupport is up-to-date now, so this is no longer needed.