Skip to content
GitLab

Bump actionpack from 5.2.1.1 to 5.2.2

Merged Administrator requested to merge dependabot/bundler/actionpack-5.2.2 into master

Created by: dependabot-preview[bot]

Bumps actionpack from 5.2.1.1 to 5.2.2.

Release notes

Sourced from actionpack's releases.

5.2.2

Active Support

  • Fix bug where #to_options for ActiveSupport::HashWithIndifferentAccess would not act as alias for #symbolize_keys.

    Nick Weiland

  • Improve the logic that detects non-autoloaded constants.

    Jan Habermann, Xavier Noria

  • Fix bug where URI.unescape would fail with mixed Unicode/escaped character input:

    URI.unescape("\xe3\x83\x90")  # => "バ"
URI.unescape("%E3%83%90")  # => "バ"
URI.unescape("\xe3\x83\x90%E3%83%90")  # => Encoding::CompatibilityError

    Ashe Connor, Aaron Patterson

Active Model

  • Fix numericality validator to still use value before type cast except Active Record.

    Fixes #33651, #33686.

    Ryuta Kamizono

Active Record

  • Do not ignore the scoping with query methods in the scope block.

    Ryuta Kamizono

  • Allow aliased attributes to be used in #update_columns and #update.

    Gannon McGibbon

  • Allow spaces in postgres table names.

    Fixes issue where "user post" is misinterpreted as ""user"."post"" when quoting table names with the postgres adapter.

    Gannon McGibbon

  • Cached columns_hash fields should be excluded from ResultSet#column_types

... (truncated)
Changelog

Sourced from actionpack's changelog.

Rails 5.2.2 (December 04, 2018)

  • Reset Capybara sessions if failed system test screenshot raising an exception.

    Reset Capybara sessions if take_failed_screenshot raise exception in system test after_teardown.

    Maxim Perepelitsa

  • Use request object for context if there's no controller

    There is no controller instance when using a redirect route or a mounted rack application so pass the request object as the context when resolving dynamic CSP sources in this scenario.

    Fixes #34200.

    Andrew White

  • Apply mapping to symbols returned from dynamic CSP sources

    Previously if a dynamic source returned a symbol such as :self it would be converted to a string implicity, e.g:

    policy.default_src -> { :self }

    would generate the header:

    Content-Security-Policy: default-src self

    and now it generates:

    Content-Security-Policy: default-src 'self'

    Andrew White

  • Fix rails routes -c for controller name consists of multiple word.

    Yoshiyuki Kinjo

  • Call the #redirect_to block in controller context.

    Steven Peckins

Commits
  • 94b5cd3 Preparing for 5.2.2 release
  • 3a08d33 Improve the task to generate the release summary
  • 9bb9131 Merge pull request #34572 from kamipo/fix_scoping_with_query_method
  • 3a9442f Merge pull request #34569 from gmcgibbon/allow_attribute_aliases_in_update
  • 73ba302 Preparing for 5.2.2.rc1 release
  • 1d0ea1c Merge pull request #34561 from gmcgibbon/allow_spaces_in_table_names
  • 01f076e Add autoload hook for AbstractController::ActionNotFound
  • ae3d203 Merge pull request #34557 from sergioisidoro/sergio-patch-load-error
  • a69b5b1 Merge pull request #34550 from mogulla3/fix-argument-error-when-uploding-to-s3
  • 44fc938 Remove duplicated test
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.