Created by: dependabot-preview[bot]
Bumps actionpack from 6.0.3.4 to 6.1.0.
Release notes
Sourced from actionpack's releases.
6.1.0
Active Support
Ensure
MemoryStore
disables compression by default. Reverts behavior ofMemoryStore
to its prior rails5.1
behavior.Max Gurewitz
Calling
iso8601
on negative durations retains the negative sign on individual digits instead of prepending it.This change is required so we can interoperate with PostgreSQL, which prefers negative signs for each component.
Compatibility with other iso8601 parsers which support leading negatives as well as negatives per component is still retained.
Before:
(-1.year - 1.day).iso8601 # => "-P1Y1D"
After:
(-1.year - 1.day).iso8601 # => "P-1Y-1D"
Vipul A M
Remove deprecated
ActiveSupport::Notifications::Instrumenter#end=
.Rafael Mendonça França
Deprecate
ActiveSupport::Multibyte::Unicode.default_normalization_form
.Rafael Mendonça França
Remove deprecated
ActiveSupport::Multibyte::Unicode.pack_graphemes
,ActiveSupport::Multibyte::Unicode.unpack_graphemes
,ActiveSupport::Multibyte::Unicode.normalize
,ActiveSupport::Multibyte::Unicode.downcase
,ActiveSupport::Multibyte::Unicode.upcase
andActiveSupport::Multibyte::Unicode.swapcase
.Rafael Mendonça França
Remove deprecated
ActiveSupport::Multibyte::Chars#consumes?
andActiveSupport::Multibyte::Chars#normalize
.Rafael Mendonça França
Changelog
Sourced from actionpack's changelog.
Rails 6.1.0 (December 09, 2020)
Support for the HTTP header
Feature-Policy
has been revised to reflect its rename toPermissions-Policy
.Rails.application.config.permissions_policy do |p| p.camera :none p.gyroscope :none p.microphone :none p.usb :none p.fullscreen :self p.payment :self, "https://secure-example.com" end
Julien Grillot
Allow
ActionDispatch::HostAuthorization
to exclude specific requests.Host Authorization checks can be skipped for specific requests. This allows for health check requests to be permitted for requests with missing or non-matching host headers.
Chris Bisnett
Add
config.action_dispatch.request_id_header
to allow changing the name of the unique X-Request-Id headerArlston Fernandes
Deprecate
config.action_dispatch.return_only_media_type_on_content_type
.Rafael Mendonça França
Change
ActionDispatch::Response#content_type
to return the full Content-Type header.Rafael Mendonça França
Remove deprecated
ActionDispatch::Http::ParameterFilter
.Rafael Mendonça França
Added support for exclusive no-store Cache-Control header.
If
no-store
is set on Cache-Control header it is exclusive (all other cache directives are dropped).Chris Kruger
Catch invalid UTF-8 parameters for POST requests and respond with BadRequest.
Additionally, perform
#set_binary_encoding
inActionDispatch::Http::Request#GET
and
Commits
-
914caca
Preparing for 6.1.0 release -
b38eb45
Preparing for 6.1.0.rc2 release -
cce7006
Merge pull request #40045 from sandip-mane/40041-hosts-case-fix -
01f32e6
Merge pull request #40652 from p8/rename-permissions-header -
d1e0baa
Register Feature-Policy -> Permissions-Policy in CHANGELOG [skip ci] -
c06f9a1
Rename HTTP Feature Policy to Permissions Policy -
282e8d3
Merge pull request #40567 from hahmed/ha/formatted-error-messages -
b589640
Merge pull request #40591 from jonathanhefner/actioncontroller-cookies-docs -
8389f99
Preparing for 6.1.0.rc1 release -
1f76740
Add request exclusion to Host Authorization - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language -
@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)