Created by: dependabot[bot]
Bumps actionpack from 6.1.4.4 to 7.0.0.
Release notes
Sourced from actionpack's releases.
7.0.0
Action Cable
The Action Cable client now ensures successful channel subscriptions:
- The client maintains a set of pending subscriptions until either the server confirms the subscription or the channel is torn down.
- Rectifies the race condition where an unsubscribe is rapidly followed by a subscribe (on the same channel identifier) and the requests are handled out of order by the ActionCable server, thereby ignoring the subscribe command.
Daniel Spinosa
Compile ESM package that can be used directly in the browser as actioncable.esm.js.
DHH
Move action_cable.js to actioncable.js to match naming convention used for other Rails frameworks, and use JS console to communicate the deprecation.
DHH
Stop transpiling the UMD package generated as actioncable.js and drop the IE11 testing that relied on that.
DHH
Truncate broadcast logging messages.
J Smith
OpenSSL constants are now used for Digest computations.
Dirkjan Bussink
The Action Cable client now includes safeguards to prevent a "thundering herd" of client reconnects after server connectivity loss:
- The client will wait a random amount between 1x and 3x of the stale threshold after the server's last ping before making the first reconnection attempt.
- Subsequent reconnection attempts now use exponential backoff instead of logarithmic backoff. To allow the delay between reconnection attempts to increase slowly at first, the default exponentiation base is < 2.
- Random jitter is applied to each delay between reconnection attempts.
Jonathan Hefner
Action Mailbox
- Removed deprecated environment variable
MAILGUN_INGRESS_API_KEY
.
... (truncated)
Changelog
Sourced from actionpack's changelog.
Rails 7.0.0 (December 15, 2021)
Deprecate
Rails.application.config.action_controller.urlsafe_csrf_tokens
. This config is now always enabled.Étienne Barrié
Instance variables set in requests in a
ActionController::TestCase
are now cleared before the next requestThis means if you make multiple requests in the same test, instance variables set in the first request will not persist into the second one. (It's not recommended to make multiple requests in the same test.)
Alex Ghiculescu
Rails 7.0.0.rc3 (December 14, 2021)
- No changes.
Rails 7.0.0.rc2 (December 14, 2021)
- Fix X_FORWARDED_HOST protection. [CVE-2021-44528]
Rails 7.0.0.rc1 (December 06, 2021)
Rails.application.executor
hooks can now be called around every request in aActionController::TestCase
This helps to better simulate request or job local state being reset between requests and prevent state leaking from one request to another.
To enable this, set
config.active_support.executor_around_test_case = true
(this is the default in Rails 7).Alex Ghiculescu
Consider onion services secure for cookies.
Justin Tracey
Remove deprecated
Rails.config.action_view.raise_on_missing_translations
.Rafael Mendonça França
Remove deprecated support to passing a path to
fixture_file_upload
relative tofixture_path
.Rafael Mendonça França
Remove deprecated
ActionDispatch::SystemTestCase#host!
.Rafael Mendonça França
Remove deprecated
Rails.config.action_dispatch.hosts_response_app
.
... (truncated)
Commits
-
984c3ef
Preparing for 7.0.0 release -
8943a91
Merge pull request #43883 from rails/dup-converted-arrays -
67a8028
Merge pull request #43882 from rails/rm-allow-ip-with-port -
6c85f3b
Merge pull request #43871 from rails/rm-fix-hosts-with-port -
aa1c8fc
Fix ruby warnings -
87cd782
Add CHANGELOG entry for #43817 -
51e6542
Merge pull request #43817 from etiennebarrie/deprecate-non-url-safe-csrf-tokens -
fa107f2
Merge pull request #43836 from donv/patch-1 -
797ac0c
Merge branch '7-0-sec' into 7-0-stable -
834cc1a
Preparing for 7.0.0.rc3 release - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)