CMMS icon indicating copy to clipboard operation
CMMS copied to clipboard

Published 20 hours ago verified publisher icon jingz

Bump devise and rails

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps devise and rails. These dependencies needed to be updated together. Updates devise from 1.5.4 to 4.8.1

Release notes

Sourced from devise's releases.

v4.8.1

No release notes provided.

v4.8.0

No release notes provided.

v4.7.1

No release notes provided.

v4.7.0

No release notes provided.

v4.6.2

No release notes provided.

v4.6.1

No release notes provided.

v4.6.0

No release notes provided.

v4.5.0

No release notes provided.

v4.4.3

No release notes provided.

v4.4.2

No release notes provided.

v4.4.1

No release notes provided.

v4.4.0

No release notes provided.

v3.5.3

  • bug fixes
    • Fix password reset for records where confirmation_required? is disabled and confirmation_sent_at is nil. (by @​andygeers)
    • Allow resources with no email field to be recoverable (and do not clear the reset password token if the model was already persisted). (by @​seddy, @​stanhu)
  • enhancements
    • Upon setting Devise.send_password_change_notification = true a user will receive notification when their password has been changed.

v3.5.2

  • enhancements
    • Perform case insensitive basic authorization matching
  • bug fixes
    • Do not use digests for password confirmation token

... (truncated)

Changelog

Sourced from devise's changelog.

4.8.1 - 2021-12-16

  • enhancements
    • Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.

4.8.0 - 2021-04-29

  • enhancements

    • Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.
      • Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to method: :post, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use method: :post, or changed to use buttons (e.g. button_to) to work with OmniAuth 2. (if you're using links with method: :post, make sure your app has rails-ujs or jquery-ujs included in order for these links to work properly.)
      • As part of the OmniAuth 2.0 upgrade you might also need to add the omniauth-rails_csrf_protection gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
    • Introduce Lockable#reset_failed_attempts! model method to reset failed attempts counter to 0 after the user signs in.
      • This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with Trackable#update_tracked_fields!.
    • Add support for Ruby 3.
    • Add support for Rails 6.1.
    • Move CI to GitHub Actions.

  • deprecations

    • Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated in favor of Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION (@​hanachin)

4.7.3 - 2020-09-20

  • bug fixes
    • Do not modify :except option given to #serializable_hash. (by @​dpep)
    • Fix thor deprecation when running the devise generator. (by @​deivid-rodriguez)
    • Fix hanging tests for streaming controllers using Devise. (by @​afn)

4.7.2 - 2020-06-10

  • enhancements

    • Increase default stretches to 12 (by @​sergey-alekseev)
    • Ruby 2.7 support (kwarg warnings removed)

  • bug fixes

    • Generate scoped views with proper scoped errors partial (by @​shobhitic)
    • Allow to set scoped already_authenticated error messages (by @​gurgelrenan)

4.7.1 - 2019-09-06

  • bug fixes
    • Fix an edge case where records with a blank confirmation_token could be confirmed (by @​tegon)
    • Fix typo inside update_needs_confirmation i18n key (by @​lslm)

4.7.0 - 2019-08-19

  • enhancements
    • Support Rails 6.0
    • Update CI to rails 6.0.0.beta3 (by @​tunnes)
    • refactor method name to be more consistent (by @​saiqulhaq)
    • Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @​Vasfed)

... (truncated)

Commits

Updates rails from 3.0.20 to 7.0.4.2

Release notes

Sourced from rails's releases.

v7.0.4.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix domain: :all for two letter TLD

    This fixes a compatibility issue introduced in our previous security release when using domain: :all with a two letter but single level top level domain domain (like .ca, rather than .co.uk).

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

... (truncated)

Commits
  • 7c70791 Version 7.0.4.2
  • 1d6de16 Merge pull request #47087 from jhawthorn/cookie_domain
  • 23e0345 Version 7.0.4.1
  • d7aba06 Make sanitize_as_sql_comment more strict
  • 8d82687 Avoid regex backtracking on If-None-Match header
  • 2164d4f Avoid regex backtracking in Inflector.underscore
  • cd46b0e Use string#split instead of regex for domain parts
  • e50e26d Fix sec issue with _url_host_allowed?
  • 82bcdc0 Added integer width check to PostgreSQL::Quoting
  • 8015c2c Version 7.0.4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Jan 27 '23 00:01 dependabot[bot]