Skip to content
This repository was archived by the owner on Sep 29, 2025. It is now read-only.

Bump actionview from 5.2.4.3 to 6.1.3.2 #114

Closed
wants to merge 1 commit into from
Closed

Bump actionview from 5.2.4.3 to 6.1.3.2 #114

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 2, 2021
edited
Loading

Bumps actionview from 5.2.4.3 to 6.1.3.2.

Release notes

Sourced from actionview's releases.

6.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Prevent open redirects by correctly escaping the host allow list CVE-2021-22903

  • Prevent catastrophic backtracking during mime parsing CVE-2021-22902

  • Prevent regex DoS in HTTP token authentication CVE-2021-22904

  • Prevent string polymorphic route arguments.

    url_for supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls.

    CVE-2021-22885

    Gannon McGibbon

Active Job

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 6.1.3.2 (May 05, 2021)

  • No changes.

Rails 6.1.3.1 (March 26, 2021)

  • No changes.

Rails 6.1.3 (February 17, 2021)

  • No changes.

Rails 6.1.2.1 (February 10, 2021)

  • No changes.

Rails 6.1.2 (February 09, 2021)

  • No changes.

Rails 6.1.1 (January 07, 2021)

  • Fix lazy translation in partial with block.

    Marek Kasztelnik

  • Avoid extra SELECT COUNT queries when rendering Active Record collections.

    aar0nr

  • Link preloading keep integrity hashes in the header.

    Étienne Barrié

  • Add config.action_view.preload_links_header to allow disabling of the Link header being added by default when using stylesheet_link_tag and javascript_include_tag.

    Andrew White

  • The translate helper now resolves default values when a nil key is specified, instead of always returning nil.

    Jonathan Hefner

... (truncated)

Commits
  • 75ac626 Preparing for 6.1.3.2 release
  • 9c21201 Prep for release
  • 0303187 Prevent string polymorphic route arguments
  • 85c6823 v6.1.3.1
  • 5aaaa16 Preparing for 6.1.3 release
  • eddb809 Merge pull request #41441 from jonathanhefner/apidocs-inline-code-markup
  • bc9c1fe Merge pull request #41416 from tjschuck/fix_highlight_docs
  • 130c128 Preparing for 6.1.2.1 release
  • bf8c59c Preparing for 6.1.2 release
  • ab23ee6 Merge pull request #41206 from intrip/41198-fix-current-page-kwargs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 2, 2021
@dependabot dependabot bot mentioned this pull request Jun 2, 2021
Closed
@dependabot
Bump actionview from 5.2.4.3 to 6.1.3.2
d10672f 
Bumps [actionview](https://github.com/rails/rails) from 5.2.4.3 to 6.1.3.2.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.1.3.2/actionview/CHANGELOG.md)
- [Commits](rails/rails@v5.2.4.3...v6.1.3.2)

---
updated-dependencies:
- dependency-name: actionview
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/bundler/actionview-6.1.3.2 branch from 880895e to d10672f Compare June 19, 2021 04:23
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 28, 2022

Superseded by #133.

@dependabot dependabot bot closed this Apr 28, 2022
@dependabot dependabot bot deleted the dependabot/bundler/actionview-6.1.3.2 branch April 28, 2022 02:48
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants