Bump stimulus_reflex from 3.5.0.pre10 to 3.5.0.rc4

[dependabot[bot]]

Bumps stimulus_reflex from 3.5.0.pre10 to 3.5.0.rc4.

Release notes

Sourced from stimulus_reflex's releases.

v3.5.0.rc4

Security Fix

• Only allow safe method_name calls on reflexes (resolves CVE-2024-28121, click here to learn more) by @​marcoroth, thanks to @​FelixMartel for reporting this!

Changed

• Don't choose first controller if no matching StimulusReflex-enabled controller was found by @​marcoroth in stimulusreflex/stimulus_reflex#670
• Export StimulusReflexController constant by @​marcoroth in stimulusreflex/stimulus_reflex#672

Fixed

• Fix exception in ActionCable channel due to reflexes overwriting each other's data by @​alexander-makarenko in stimulusreflex/stimulus_reflex#663
• Fix reflex_data keyword argument by @​brunoenten in stimulusreflex/stimulus_reflex#673
• Fix undefined package_json during Yarn install by @​mattboldt in stimulusreflex/stimulus_reflex#676
• Fix ReflexData parsing by @​Matt-Yorkley in stimulusreflex/stimulus_reflex#688

Docs

• Update setup docs by @​julianrubisch in stimulusreflex/stimulus_reflex#645
• Update mrujs link on docs by @​cpgo in stimulusreflex/stimulus_reflex#675
• Fix typo in Step 2 of Setup Docs by @​ryanmansfield in stimulusreflex/stimulus_reflex#680

Dependencies

• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in stimulusreflex/stimulus_reflex#671
• Bump vite from 4.3.9 to 4.5.2 by @​dependabot in stimulusreflex/stimulus_reflex#681
• Bump rack from 2.2.7 to 2.2.8.1 by @​dependabot in stimulusreflex/stimulus_reflex#690
• Bump ip from 1.1.8 to 1.1.9 by @​dependabot in stimulusreflex/stimulus_reflex#685

New Contributors

• @​alexander-makarenko made their first contribution in stimulusreflex/stimulus_reflex#663
• @​cpgo made their first contribution in stimulusreflex/stimulus_reflex#675
• @​brunoenten made their first contribution in stimulusreflex/stimulus_reflex#673
• @​mattboldt made their first contribution in stimulusreflex/stimulus_reflex#676
• @​ryanmansfield made their first contribution in stimulusreflex/stimulus_reflex#680
• @​FelixMartel made their first contribution in GHSA-f78j-4w3g-4q65

Commits

Full Changelog: https://github.com/stimulusreflex/stimulus_reflex/compare/v3.5.0.rc3...v3.5.0.rc4

v3.5.0.rc3

Released: 2023-07-12

Added

-

Fixed

... (truncated)

Commits

• 3de99e4 v3.5.0.rc4
• dd140c3 Fix encoding in ReflexFactoryTest
• 538582d Merge pull request from GHSA-f78j-4w3g-4q65
• 078db30 Fix ReflexData parsing (#688)
• 5325da4 Bump Ruby version in standard action
• 983244a Bump ip from 1.1.8 to 1.1.9 (#685)
• c3ca5c0 Bump rack from 2.2.7 to 2.2.8.1 (#690)
• 736e87d Drop Ruby 2.7 support
• ed5ecb3 Bump to Ruby 3.3
• 5b760e0 Upgrade GitHub Action versions
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.