Skip to content
GitLab

Bump actionpack from 6.1.4.4 to 7.0.1

Closed Administrator requested to merge dependabot/bundler/actionpack-7.0.1 into main

Created by: dependabot[bot]

Bumps actionpack from 6.1.4.4 to 7.0.1.

Release notes

Sourced from actionpack's releases.

7.0.1

Active Support

Active Model

  • No changes.

Active Record

  • Change QueryMethods#in_order_of to drop records not listed in values.

    in_order_of now filters down to the values provided, to match the behavior of the Enumerable version.

    Kevin Newton

  • Allow named expression indexes to be revertible.

    Previously, the following code would raise an error in a reversible migration executed while rolling back, due to the index name not being used in the index removal.

    add_index(:settings, "(data->'property')", using: :gin, name: :index_settings_data_property)

    Fixes #43331.

    Oliver Günther

  • Better error messages when association name is invalid in the argument of ActiveRecord::QueryMethods::WhereChain#missing.

    ykpythemind

  • Fix ordered migrations for single db in multi db environment.

    Himanshu

  • Extract on update CURRENT_TIMESTAMP for mysql2 adapter.

    Kazuhiro Masuda

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.0.1 (January 06, 2022)

  • Fix ActionController::Parameters methods to keep the original logger context when creating a new copy of the original object.

    Yutaka Kamei

Rails 7.0.0 (December 15, 2021)

  • Deprecate Rails.application.config.action_controller.urlsafe_csrf_tokens. This config is now always enabled.

    Étienne Barrié

  • Instance variables set in requests in a ActionController::TestCase are now cleared before the next request

    This means if you make multiple requests in the same test, instance variables set in the first request will not persist into the second one. (It's not recommended to make multiple requests in the same test.)

    Alex Ghiculescu

Rails 7.0.0.rc3 (December 14, 2021)

  • No changes.

Rails 7.0.0.rc2 (December 14, 2021)

  • Fix X_FORWARDED_HOST protection. [CVE-2021-44528]

Rails 7.0.0.rc1 (December 06, 2021)

  • Rails.application.executor hooks can now be called around every request in a ActionController::TestCase

    This helps to better simulate request or job local state being reset between requests and prevent state leaking from one request to another.

    To enable this, set config.active_support.executor_around_test_case = true (this is the default in Rails 7).

    Alex Ghiculescu

  • Consider onion services secure for cookies.

    Justin Tracey

  • Remove deprecated Rails.config.action_view.raise_on_missing_translations.

    Rafael Mendonça França

... (truncated)

Commits
  • 6bfc637 Preparing for 7.0.1 release
  • 958af52 Merge pull request #44039 from kamipo/bump-year-to-2022
  • da5ad65 Merge pull request #43980 from lsylvester/dynamic-action-controller-route-seg...
  • 3d05ba7 Merge pull request #43900 from yykamei/initialize-with-logging_context
  • dda51ab Merge pull request #43897 from dixpac/dix/match_example_with_docs
  • 984c3ef Preparing for 7.0.0 release
  • 8943a91 Merge pull request #43883 from rails/dup-converted-arrays
  • 67a8028 Merge pull request #43882 from rails/rm-allow-ip-with-port
  • 6c85f3b Merge pull request #43871 from rails/rm-fix-hosts-with-port
  • aa1c8fc Fix ruby warnings
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)