Bump activerecord-session_store, rails and rspec-rails

[dependabot]

Bumps activerecord-session_store, rails and rspec-rails. These dependencies needed to be updated together.
Updates activerecord-session_store from 1.1.3 to 2.0.0

Release notes

Sourced from activerecord-session_store's releases.

Version 2.0.0

• Drop support to Rails < 5.2 and Ruby < 2.2 (5db9171)
• Fix compatibility issue with ruby-head (#159)
• Fix CVE-2019-25025 vulnerability (#151)
• Add db:sessions:upgrade rake task to upgrade all existing sessions to the secure version (c23358c)

Please see CVE-2019-25025 mitigation section in the README file for more information about security vulnerability and mitigation.

Commits

• 78e0047 Bump to 2.0.0
• c23358c Move secure migration into a rake task
• 1973f37 Update styling in README.md
• b1f36fb Update build matrix
• c16ddd2 Merge pull request #175 from thorsteneckel/patch-1
• 4b705d9 Migration can not rolled back as sessions are now secure hashes. Thanks to @​n...
• 90a4cb2 Applied suggestions by @​kratob
• 59755d3 Added documentation on how to mitigate CVE-2015-9284.
• 9d4dd11 Merge pull request #151 from rails-lts/secure-session-store
• 532a9a5 Merge remote-tracking branch 'upstream/master' into secure-session-store
• Additional commits viewable in compare view

Updates rails from 5.1.7 to 5.2.4.5

Release notes

Sourced from rails's releases.

5.2.4.5

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Fix possible DoS vector in PostgreSQL money type

  Carefully crafted input can cause a DoS via the regular expressions used for validating the money format in the PostgreSQL adapter. This patch fixes the regexp.

  Thanks to @​dee-see from Hackerone for this patch!

  [CVE-2021-22880]

  Aaron Patterson

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

... (truncated)

Commits

• dc7364b Preparing for 5.2.4.5 release
• bf0ef9d Fix possible DoS vector in PostgreSQL money type
• 404ad9e v5.2.4.4
• aaa7ab1 Fix XSS vulnerability in translate helper
• 7b5cc5a Preparing for 5.2.4.3 release
• 559cce2 updating changelog
• 3c806b9 bumping version
• 9cb66f6 update changelog
• fbc7bec Check that request is same-origin prior to including CSRF token in XHRs
• d124f19 HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ...
• Additional commits viewable in compare view

Updates rspec-rails from 3.9.1 to 5.0.0

Release notes

Sourced from rspec-rails's releases.

4.0.2 / 2020-12-26

Full Changelog

Bug Fixes:

• Indent all extra failure lines output from system specs. (Alex Robbin, #2321)
• Generated request spec for update now uses the correct let. (Paul Hanyzewski, #2344)
• Return true/false from predicate methods in config rather than raw values. (Phil Pirozhkov, Jon Rowe, #2353, #2354)
• Remove old #fixture_path feature detection code which broke under newer Rails. (Koen Punt, Jon Rowe, #2370)

Changelog

Sourced from rspec-rails's changelog.

5.0.0 / 2021-03-09

Full Changelog

Enhancements:

• Support new #file_fixture_path and new fixture test support code. (Jon Rowe, #2398)
• Support for Rails 6.1. (Benoit Tigeot, Jon Rowe, Phil Pirozhkov, and more #2398)

Breaking Changes:

• Drop support for Rails below 5.2.

4.1.1 / 2021-03-09

Bug Fixes:

• Remove generated specs when destroying a generated controller. (@​Naokimi, #2475)

4.1.0 / 2021-03-06

Enhancements:

• Issue a warning when using job matchers with #at mis-match on usec precision. (Jon Rowe, #2350)
• Generated request specs now have a bare _spec suffix instead of request_spec. (Eloy Espinaco, Luka Lüdicke, #2355, #2356, #2378)
• Generated scaffold now includes engine route helpers when inside a mountable engine. (Andrew W. Lee, #2372)
• Improve request spec "controller" scafold when no action is specified. (Thomas Hareau, #2399)
• Introduce testing snippets concept (Phil Pirozhkov, Benoit Tigeot, #2423)
• Prevent collisions with let(:name) for Rails 6.1 and let(:method_name) on older Rails. (Benoit Tigeot, #2461)

4.0.2 / 2020-12-26

Full Changelog

Bug Fixes:

• Indent all extra failure lines output from system specs. (Alex Robbin, #2321)
• Generated request spec for update now uses the correct let. (Paul Hanyzewski, #2344)
• Return true/false from predicate methods in config rather than raw values. (Phil Pirozhkov, Jon Rowe, #2353, #2354)
• Remove old #fixture_path feature detection code which broke under newer Rails. (Koen Punt, Jon Rowe, #2370)
• Fix an error when use_active_record is false (Phil Pirozhkov, #2423)

4.0.1 / 2020-05-16

Full Changelog

... (truncated)

Commits

• 9b5ddec v5.0.0
• b64d4ae v4.1.1
• a7913ba Changelog for #2475
• 887fc5f Merge pull request #2475 from Naokimi/main
• f249b48 Merge pull request #2476 from rspec/prep-version-5
• 1543e02 Docs for version 5.0.0
• 710e997 added test
• 686bf84 Remove support for < 5.2
• 77e073a Truncate builds to 5.2+
• 7efc47d Limit Rails to 5.2 and above
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.