jetthoughts
Bump actionview from 7.0.2.3 to 7.0.4.2
Bumps actionview from 7.0.2.3 to 7.0.4.2.
Release notes
Sourced from actionview's releases.
v7.0.4.2
Active Support
- No changes.
Active Model
- No changes.
Active Record
- No changes.
Action View
- No changes.
Action Pack
Fix
domain: :allfor two letter TLDThis fixes a compatibility issue introduced in our previous security release when using
domain: :allwith a two letter but single level top level domain domain (like.ca, rather than.co.uk).Active Job
- No changes.
Action Mailer
- No changes.
Action Cable
... (truncated)
Changelog
Sourced from actionview's changelog.
Rails 7.0.4.2 (January 24, 2023)
- No changes.
Rails 7.0.4.1 (January 17, 2023)
- No changes.
Rails 7.0.4 (September 09, 2022)
Guard against
ActionView::Helpers::FormTagHelper#field_namecalls with nilobject_namearguments. For example:<%= fields do |f| %> <%= f.field_name :body %> <% end %>Sean Doyle
Strings returned from
strip_tagsare correctly taggedhtml_safe?Because these strings contain no HTML elements and the basic entities are escaped, they are safe to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping entities when being concatenated to a SafeBuffer during rendering.
Fixes rails/rails-html-sanitizer#124
Mike Dalessio
Rails 7.0.3.1 (July 12, 2022)
- No changes.
Rails 7.0.3 (May 09, 2022)
Ensure models passed to
form_forattempt to callto_model.Sean Doyle
Rails 7.0.2.4 (April 26, 2022)
Fix and add protections for XSS in
ActionView::HelpersandERB::Util.Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option
... (truncated)
Commits
7c70791Version 7.0.4.223e0345Version 7.0.4.18015c2cVersion 7.0.4deb8087Standardize format of "Options" subsections [ci-skip]c5a407dLinkify code references [ci-skip]e874cf5Fix typos [ci-skip]b3e79beMerge pull request #45675 from hirotaka/fix_date_select_with_locale196e0f7Merge pull request #45572 from fatkodima/fix-cached-missing-translations0f4be71Merge pull request #45563 from diegomichel/fixes-rubydoc-info-linksa730810Merge branch '7-0-sec' into 7-0-stable- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}