diff --git a/.github/security.md b/.github/security.md
index 0e6e2fcad9f49..dc32fb3a0da2e 100644
--- a/.github/security.md
+++ b/.github/security.md
@@ -3,10 +3,10 @@
## Reporting a Vulnerability
**Do not open up a GitHub issue if the bug is a security vulnerability in Rails**.
-Instead, refer to our [security policy](https://rubyonrails.org/security/).
+Instead, refer to our [security policy](https://rubyonrails.org/security).
## Supported Versions
Security backports are provided for some previous release series. For details
of which release series are currently receiving security backports see our
-[security policy](https://rubyonrails.org/security/).
+[security policy](https://rubyonrails.org/security).
diff --git a/Gemfile b/Gemfile
index 9c12fe562001a..2b579552c2f2d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,6 +6,8 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
gemspec
+gem "minitest", ">= 5.15.0"
+
# We need a newish Rake since Active Job sets its test tasks' descriptions.
gem "rake", ">= 11.1"
@@ -42,7 +44,7 @@ group :rubocop do
end
group :doc do
- gem "sdoc", ">= 2.2.0"
+ gem "sdoc", ">= 2.3.0"
gem "redcarpet", "~> 3.2.3", platforms: :ruby
gem "w3c_validators", "~> 1.3.6"
gem "kindlerb", "~> 1.2.0"
@@ -137,7 +139,7 @@ platforms :ruby, :mswin, :mswin64, :mingw, :x64_mingw do
gem "sqlite3", "~> 1.4"
group :db do
- gem "pg", "~> 1.1"
+ gem "pg", "~> 1.3"
gem "mysql2", "~> 0.5", github: "brianmario/mysql2"
end
end
@@ -174,18 +176,3 @@ end
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby]
gem "wdm", ">= 0.1.0", platforms: [:mingw, :mswin, :x64_mingw, :mswin64]
-
-if RUBY_VERSION >= "3.1"
- # net-smtp, net-imap and net-pop were removed from default gems in Ruby 3.1, but is used by the `mail` gem.
- # So we need to add them as dependencies until `mail` is fixed: https://github.com/mikel/mail/pull/1439
- gem "net-smtp", require: false
- gem "net-imap", require: false
- gem "net-pop", require: false
-
- # digest gem, which is one of the default gems has bumped to 3.1.0.pre for ruby 3.1.0dev.
- gem "digest", "~> 3.1.0.pre", require: false
-
- # matrix was removed from default gems in Ruby 3.1, but is used by the `capybara` gem.
- # So we need to add it as a dependency until `capybara` is fixed: https://github.com/teamcapybara/capybara/pull/2468
- gem "matrix", require: false
-end
diff --git a/Gemfile.lock b/Gemfile.lock
index a9570308c8fa2..b98533489b74a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,6 @@
GIT
remote: https://github.com/brianmario/mysql2.git
- revision: 7f4e844fccf6afa888d0bd108d4707a2a7784484
+ revision: 25c42c712118b046eb9df7a0f50ffde1a04ee6d1
specs:
mysql2 (0.5.3)
@@ -24,82 +24,88 @@ GIT
PATH
remote: .
specs:
- actioncable (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ actioncable (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- activejob (= 7.0.0.alpha2)
- activerecord (= 7.0.0.alpha2)
- activestorage (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ actionmailbox (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
mail (>= 2.7.1)
- actionmailer (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- actionview (= 7.0.0.alpha2)
- activejob (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ net-imap
+ net-pop
+ net-smtp
+ actionmailer (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ actionview (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
mail (~> 2.5, >= 2.5.4)
+ net-imap
+ net-pop
+ net-smtp
rails-dom-testing (~> 2.0)
- actionpack (7.0.0.alpha2)
- actionview (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ actionpack (7.0.3.1)
+ actionview (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
rack (~> 2.0, >= 2.2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- activerecord (= 7.0.0.alpha2)
- activestorage (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ actiontext (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ actionview (7.0.3.1)
+ activesupport (= 7.0.3.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ activejob (7.0.3.1)
+ activesupport (= 7.0.3.1)
globalid (>= 0.3.6)
- activemodel (7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
- activerecord (7.0.0.alpha2)
- activemodel (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
- activestorage (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- activejob (= 7.0.0.alpha2)
- activerecord (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ activemodel (7.0.3.1)
+ activesupport (= 7.0.3.1)
+ activerecord (7.0.3.1)
+ activemodel (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
+ activestorage (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
- activesupport (7.0.0.alpha2)
+ activesupport (7.0.3.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
- rails (7.0.0.alpha2)
- actioncable (= 7.0.0.alpha2)
- actionmailbox (= 7.0.0.alpha2)
- actionmailer (= 7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- actiontext (= 7.0.0.alpha2)
- actionview (= 7.0.0.alpha2)
- activejob (= 7.0.0.alpha2)
- activemodel (= 7.0.0.alpha2)
- activerecord (= 7.0.0.alpha2)
- activestorage (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ rails (7.0.3.1)
+ actioncable (= 7.0.3.1)
+ actionmailbox (= 7.0.3.1)
+ actionmailer (= 7.0.3.1)
+ actionpack (= 7.0.3.1)
+ actiontext (= 7.0.3.1)
+ actionview (= 7.0.3.1)
+ activejob (= 7.0.3.1)
+ activemodel (= 7.0.3.1)
+ activerecord (= 7.0.3.1)
+ activestorage (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
bundler (>= 1.15.0)
- railties (= 7.0.0.alpha2)
- railties (7.0.0.alpha2)
- actionpack (= 7.0.0.alpha2)
- activesupport (= 7.0.0.alpha2)
+ railties (= 7.0.3.1)
+ railties (7.0.3.1)
+ actionpack (= 7.0.3.1)
+ activesupport (= 7.0.3.1)
method_source
rake (>= 12.2)
thor (~> 1.0)
@@ -108,44 +114,44 @@ PATH
GEM
remote: https://rubygems.org/
specs:
- addressable (2.7.0)
+ addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
amq-protocol (2.3.2)
ast (2.4.2)
- aws-eventstream (1.1.1)
- aws-partitions (1.469.0)
- aws-sdk-core (3.114.3)
+ aws-eventstream (1.2.0)
+ aws-partitions (1.546.0)
+ aws-sdk-core (3.125.1)
aws-eventstream (~> 1, >= 1.0.2)
- aws-partitions (~> 1, >= 1.239.0)
+ aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
- aws-sdk-kms (1.44.0)
- aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sdk-kms (1.53.0)
+ aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
- aws-sdk-s3 (1.96.1)
- aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sdk-s3 (1.111.1)
+ aws-sdk-core (~> 3, >= 3.125.0)
aws-sdk-kms (~> 1)
+ aws-sigv4 (~> 1.4)
+ aws-sdk-sns (1.50.0)
+ aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
- aws-sdk-sns (1.41.0)
- aws-sdk-core (~> 3, >= 3.112.0)
- aws-sigv4 (~> 1.1)
- aws-sigv4 (1.2.3)
+ aws-sigv4 (1.4.0)
aws-eventstream (~> 1, >= 1.0.2)
- azure-storage-blob (2.0.1)
+ azure-storage-blob (2.0.3)
azure-storage-common (~> 2.0)
- nokogiri (~> 1.11.0.rc2)
- azure-storage-common (2.0.2)
+ nokogiri (~> 1, >= 1.10.8)
+ azure-storage-common (2.0.4)
faraday (~> 1.0)
- faraday_middleware (~> 1.0.0.rc1)
+ faraday_middleware (~> 1.0, >= 1.0.0.rc1)
net-http-persistent (~> 4.0)
- nokogiri (~> 1.11.0.rc2)
- backburner (1.5.0)
+ nokogiri (~> 1, >= 1.10.8)
+ backburner (1.6.0)
beaneater (~> 1.0)
concurrent-ruby (~> 1.0, >= 1.0.1)
dante (> 0.1.5)
bcrypt (3.1.16)
beaneater (1.1.1)
- benchmark-ips (2.9.1)
+ benchmark-ips (2.9.2)
blade (0.7.2)
activesupport (>= 3.0.0)
blade-qunit_adapter (>= 2.0.1)
@@ -159,14 +165,15 @@ GEM
thor (>= 0.19.1)
useragent (>= 0.16.7)
blade-qunit_adapter (2.0.1)
- bootsnap (1.7.5)
+ bootsnap (1.9.3)
msgpack (~> 1.0)
builder (3.2.4)
- bunny (2.18.0)
+ bunny (2.19.0)
amq-protocol (~> 2.3, >= 2.3.1)
sorted_set (~> 1, >= 1.0.2)
- capybara (3.35.3)
+ capybara (3.36.0)
addressable
+ matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
rack (>= 1.6.0)
@@ -184,14 +191,14 @@ GEM
crack (0.4.5)
rexml
crass (1.0.6)
- cssbundling-rails (0.2.2)
+ cssbundling-rails (1.1.0)
railties (>= 6.0.0)
- curses (1.4.2)
- daemons (1.4.0)
- dalli (3.0.1)
+ curses (1.4.3)
+ daemons (1.4.1)
+ dalli (3.2.0)
dante (0.2.0)
- debug (1.1.0)
- irb
+ debug (1.4.0)
+ irb (>= 1.3.6)
reline (>= 0.2.7)
declarative (0.0.20)
delayed_job (4.1.9)
@@ -199,7 +206,8 @@ GEM
delayed_job_active_record (4.1.6)
activerecord (>= 3.0, < 6.2)
delayed_job (>= 3.0, < 5)
- digest-crc (0.6.3)
+ digest (3.1.0)
+ digest-crc (0.6.4)
rake (>= 12.0.0, < 14.0.0)
em-http-request (1.1.7)
addressable (>= 2.3.4)
@@ -210,25 +218,35 @@ GEM
em-socksify (0.3.2)
eventmachine (>= 1.0.0.beta.4)
erubi (1.10.0)
- et-orbi (1.2.4)
+ et-orbi (1.2.6)
tzinfo
event_emitter (0.2.6)
eventmachine (1.2.7)
execjs (2.8.1)
- faraday (1.4.2)
+ faraday (1.9.2)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
+ faraday-httpclient (~> 1.0)
+ faraday-multipart (~> 1.0)
faraday-net_http (~> 1.0)
- faraday-net_http_persistent (~> 1.1)
- multipart-post (>= 1.2, < 3)
+ faraday-net_http_persistent (~> 1.0)
+ faraday-patron (~> 1.0)
+ faraday-rack (~> 1.0)
+ faraday-retry (~> 1.0)
ruby2_keywords (>= 0.0.4)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
+ faraday-httpclient (1.0.1)
+ faraday-multipart (1.0.2)
+ multipart-post (>= 1.2, < 3)
faraday-net_http (1.0.1)
- faraday-net_http_persistent (1.1.0)
- faraday_middleware (1.0.0)
+ faraday-net_http_persistent (1.2.0)
+ faraday-patron (1.0.0)
+ faraday-rack (1.0.0)
+ faraday-retry (1.0.2)
+ faraday_middleware (1.2.0)
faraday (~> 1.0)
faye (1.4.0)
cookiejar (>= 0.3.0)
@@ -241,85 +259,86 @@ GEM
faye-websocket (0.11.1)
eventmachine (>= 0.12.0)
websocket-driver (>= 0.5.1)
- ffi (1.15.3)
- fugit (1.5.0)
+ ffi (1.15.4)
+ fugit (1.5.2)
et-orbi (~> 1.1, >= 1.1.8)
raabro (~> 1.4)
- globalid (0.6.0)
+ globalid (1.0.0)
activesupport (>= 5.0)
- google-apis-core (0.3.0)
+ google-apis-core (0.4.1)
addressable (~> 2.5, >= 2.5.1)
- googleauth (~> 0.14)
- httpclient (>= 2.8.1, < 3.0)
+ googleauth (>= 0.16.2, < 2.a)
+ httpclient (>= 2.8.1, < 3.a)
mini_mime (~> 1.0)
representable (~> 3.0)
- retriable (>= 2.0, < 4.0)
+ retriable (>= 2.0, < 4.a)
rexml
- signet (~> 0.14)
webrick
- google-apis-iamcredentials_v1 (0.4.0)
- google-apis-core (~> 0.1)
- google-apis-storage_v1 (0.4.0)
- google-apis-core (~> 0.1)
+ google-apis-iamcredentials_v1 (0.9.0)
+ google-apis-core (>= 0.4, < 2.a)
+ google-apis-storage_v1 (0.10.0)
+ google-apis-core (>= 0.4, < 2.a)
google-cloud-core (1.6.0)
google-cloud-env (~> 1.0)
google-cloud-errors (~> 1.0)
google-cloud-env (1.5.0)
faraday (>= 0.17.3, < 2.0)
- google-cloud-errors (1.1.0)
- google-cloud-storage (1.31.1)
- addressable (~> 2.5)
+ google-cloud-errors (1.2.0)
+ google-cloud-storage (1.35.0)
+ addressable (~> 2.8)
digest-crc (~> 0.4)
google-apis-iamcredentials_v1 (~> 0.1)
google-apis-storage_v1 (~> 0.1)
- google-cloud-core (~> 1.2)
- googleauth (~> 0.9)
+ google-cloud-core (~> 1.6)
+ googleauth (>= 0.16.2, < 2.a)
mini_mime (~> 1.0)
- googleauth (0.16.2)
+ googleauth (1.1.0)
faraday (>= 0.17.3, < 2.0)
jwt (>= 1.4, < 3.0)
memoist (~> 0.16)
multi_json (~> 1.11)
os (>= 0.9, < 2.0)
- signet (~> 0.14)
+ signet (>= 0.16, < 2.a)
hashdiff (1.0.1)
hiredis (0.6.3)
- http_parser.rb (0.6.0)
+ http_parser.rb (0.8.0)
httpclient (2.8.3)
- i18n (1.8.11)
+ i18n (1.10.0)
concurrent-ruby (~> 1.0)
image_processing (1.12.1)
mini_magick (>= 4.9.5, < 5)
ruby-vips (>= 2.0.17, < 3)
- importmap-rails (0.7.3)
- rails (>= 6.0.0)
- io-console (0.5.9)
- irb (1.3.7)
- reline (>= 0.2.7)
+ importmap-rails (1.0.1)
+ actionpack (>= 6.0.0)
+ railties (>= 6.0.0)
+ io-console (0.5.11)
+ irb (1.4.1)
+ reline (>= 0.3.0)
jmespath (1.4.0)
- jsbundling-rails (0.1.7)
+ jsbundling-rails (1.0.2)
railties (>= 6.0.0)
- json (2.5.1)
- jwt (2.2.3)
+ json (2.6.1)
+ jwt (2.3.0)
kindlerb (1.2.0)
mustache
nokogiri
libxml-ruby (3.2.1)
- listen (3.6.0)
+ listen (3.7.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
- loofah (2.12.0)
+ loofah (2.17.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.2)
+ matrix (0.4.2)
memoist (0.16.2)
method_source (1.0.0)
mini_magick (4.11.0)
mini_mime (1.1.2)
- mini_portile2 (2.5.3)
- minitest (5.14.4)
+ mini_portile2 (2.7.1)
+ minitest (5.15.0)
minitest-bisect (1.5.1)
minitest-server (~> 1.0)
path_expander (~> 1.1)
@@ -338,31 +357,43 @@ GEM
ruby2_keywords (~> 0.0.1)
net-http-persistent (4.0.1)
connection_pool (~> 2.2)
+ net-imap (0.2.3)
+ digest
+ net-protocol
+ strscan
+ net-pop (0.1.1)
+ digest
+ net-protocol
+ timeout
+ net-protocol (0.1.3)
+ timeout
+ net-smtp (0.3.1)
+ digest
+ net-protocol
+ timeout
nio4r (2.5.8)
- nokogiri (1.11.7)
- mini_portile2 (~> 2.5.0)
- racc (~> 1.4)
- nokogiri (1.11.7-x86_64-darwin)
+ nokogiri (1.13.0)
+ mini_portile2 (~> 2.7.0)
racc (~> 1.4)
- nokogiri (1.11.7-x86_64-linux)
- racc (~> 1.4)
- os (1.1.1)
- parallel (1.20.1)
- parser (3.0.2.0)
+ os (1.1.4)
+ parallel (1.21.0)
+ parser (3.1.0.0)
ast (~> 2.4.1)
path_expander (1.1.0)
- pg (1.2.3)
- propshaft (0.1.7)
- rails (>= 7.0.0.alpha2)
- psych (3.3.2)
+ pg (1.3.0)
+ propshaft (0.4.4)
+ actionpack (>= 7.0.0.alpha2)
+ activesupport (>= 7.0.0.alpha2)
+ rack
+ railties (>= 7.0.0.alpha2)
public_suffix (4.0.6)
- puma (5.3.2)
+ puma (5.5.2)
nio4r (~> 2.0)
- que (0.14.3)
+ que (1.0.0)
raabro (1.4.0)
racc (1.6.0)
rack (2.2.3)
- rack-cache (1.12.1)
+ rack-cache (1.13.0)
rack (>= 0.4)
rack-protection (2.1.0)
rack
@@ -379,78 +410,78 @@ GEM
rb-inotify (0.10.1)
ffi (~> 1.0)
rbtree (0.4.4)
- rdoc (6.3.1)
+ rdoc (6.3.3)
redcarpet (3.2.3)
- redis (4.3.1)
+ redis (4.5.1)
redis-namespace (1.8.1)
redis (>= 3.0.4)
- regexp_parser (2.1.1)
- reline (0.2.7)
+ regexp_parser (2.2.0)
+ reline (0.3.1)
io-console (~> 0.5)
representable (3.1.1)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
- resque (2.0.0)
+ resque (2.2.0)
mono_logger (~> 1.0)
multi_json (~> 1.0)
redis-namespace (~> 1.6)
sinatra (>= 0.9.2)
vegas (~> 0.1.2)
- resque-scheduler (4.4.0)
+ resque-scheduler (4.5.0)
mono_logger (~> 1.0)
redis (>= 3.3)
- resque (>= 1.26)
- rufus-scheduler (~> 3.2)
+ resque (>= 1.27)
+ rufus-scheduler (~> 3.2, < 3.7)
retriable (3.1.2)
rexml (3.2.5)
- rouge (3.26.0)
- rubocop (1.19.0)
+ rouge (3.27.0)
+ rubocop (1.24.1)
parallel (~> 1.10)
parser (>= 3.0.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
- rubocop-ast (>= 1.9.1, < 2.0)
+ rubocop-ast (>= 1.15.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
- rubocop-ast (1.9.1)
+ rubocop-ast (1.15.1)
parser (>= 3.0.1.1)
- rubocop-minitest (0.15.0)
+ rubocop-minitest (0.17.0)
rubocop (>= 0.90, < 2.0)
rubocop-packaging (0.5.1)
rubocop (>= 0.89, < 2.0)
- rubocop-performance (1.11.4)
+ rubocop-performance (1.13.1)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
- rubocop-rails (2.11.3)
+ rubocop-rails (2.13.0)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.7.0, < 2.0)
ruby-progressbar (1.11.0)
- ruby-vips (2.1.2)
+ ruby-vips (2.1.4)
ffi (~> 1.12)
- ruby2_keywords (0.0.4)
+ ruby2_keywords (0.0.5)
rubyzip (2.3.2)
- rufus-scheduler (3.7.0)
+ rufus-scheduler (3.6.0)
fugit (~> 1.1, >= 1.1.6)
- sdoc (2.2.0)
- rdoc (>= 5.0)
- selenium-webdriver (4.0.3)
+ sdoc (2.3.0)
+ rdoc (>= 5.0, < 6.4.0)
+ selenium-webdriver (4.1.0)
childprocess (>= 0.5, < 5.0)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2)
- sequel (5.45.0)
+ sequel (5.52.0)
serverengine (2.0.7)
sigdump (~> 0.2.2)
- set (1.0.1)
- sidekiq (6.2.1)
+ set (1.0.2)
+ sidekiq (6.3.1)
connection_pool (>= 2.2.2)
rack (~> 2.0)
redis (>= 4.2.0)
sigdump (0.2.4)
- signet (0.15.0)
- addressable (~> 2.3)
+ signet (0.16.0)
+ addressable (~> 2.8)
faraday (>= 0.17.3, < 2.0)
jwt (>= 1.5, < 3.0)
multi_json (~> 1.10)
@@ -472,33 +503,36 @@ GEM
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-export (1.0.0)
- sprockets-rails (3.2.2)
- actionpack (>= 4.0)
- activesupport (>= 4.0)
+ sprockets-rails (3.4.2)
+ actionpack (>= 5.2)
+ activesupport (>= 5.2)
sprockets (>= 3.0.0)
sqlite3 (1.4.2)
stackprof (0.2.17)
- stimulus-rails (0.5.4)
- rails (>= 6.0.0)
+ stimulus-rails (1.0.2)
+ railties (>= 6.0.0)
+ strscan (3.0.2)
sucker_punch (3.0.1)
concurrent-ruby (~> 1.0)
- tailwindcss-rails (0.4.3)
- rails (>= 6.0.0)
- terser (1.1.4)
+ tailwindcss-rails (2.0.4)
+ railties (>= 6.0.0)
+ terser (1.1.8)
execjs (>= 0.3.0, < 3)
thin (1.8.1)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
- thor (1.1.0)
+ thor (1.2.1)
tilt (2.0.10)
- trailblazer-option (0.1.1)
- turbo-rails (0.7.14)
- rails (>= 6.0.0)
+ timeout (0.2.0)
+ trailblazer-option (0.1.2)
+ turbo-rails (1.0.0)
+ actionpack (>= 6.0.0)
+ railties (>= 6.0.0)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
uber (0.1.0)
- unicode-display_width (2.0.0)
+ unicode-display_width (2.1.0)
useragent (0.16.10)
vegas (0.1.11)
rack (>= 1.0.0)
@@ -510,8 +544,8 @@ GEM
nokogiri (~> 1.6)
rubyzip (>= 1.3.0)
selenium-webdriver (~> 4.0)
- webmock (3.13.0)
- addressable (>= 2.3.6)
+ webmock (3.14.0)
+ addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
webrick (1.7.0)
@@ -521,7 +555,7 @@ GEM
websocket-extensions (0.1.5)
xpath (3.2.0)
nokogiri (~> 1.8)
- zeitwerk (2.5.1)
+ zeitwerk (2.5.4)
PLATFORMS
ruby
@@ -557,12 +591,13 @@ DEPENDENCIES
kindlerb (~> 1.2.0)
libxml-ruby
listen (~> 3.3)
+ minitest (>= 5.15.0)
minitest-bisect
minitest-ci
minitest-retry
mysql2 (~> 0.5)!
nokogiri (>= 1.8.1, != 1.11.0)
- pg (~> 1.1)
+ pg (~> 1.3)
propshaft (>= 0.1.7)
psych (~> 3.0)
puma
@@ -584,7 +619,7 @@ DEPENDENCIES
rubocop-packaging
rubocop-performance
rubocop-rails
- sdoc (>= 2.2.0)
+ sdoc (>= 2.3.0)
selenium-webdriver (>= 4.0.0)
sequel
sidekiq
@@ -607,4 +642,4 @@ DEPENDENCIES
websocket-client-simple!
BUNDLED WITH
- 2.2.29
+ 2.2.32
diff --git a/MIT-LICENSE b/MIT-LICENSE
index 0b699068bf5f0..0a0ce3889a0c1 100644
--- a/MIT-LICENSE
+++ b/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2005-2021 David Heinemeier Hansson
+Copyright (c) 2005-2022 David Heinemeier Hansson
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/RAILS_VERSION b/RAILS_VERSION
index 08d7939aaeaa0..9df7c7716c0b3 100644
--- a/RAILS_VERSION
+++ b/RAILS_VERSION
@@ -1 +1 @@
-7.0.0.alpha2
+7.0.3.1
diff --git a/README.md b/README.md
index 224d3ca301409..5f3732b44014b 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,3 @@
-
-
- 
-
-
-
# Welcome to Rails
## What's Rails?
@@ -78,8 +72,7 @@ and may also be used independently outside Rails.
Run with `--help` or `-h` for options.
-4. Go to `http://localhost:3000` and you'll see:
-"Yay! You’re on Rails!"
+4. Go to `http://localhost:3000` and you'll see the Rails bootscreen with your Rails and Ruby versions.
5. Follow the guidelines to start developing your application. You may find
the following resources handy:
@@ -93,10 +86,10 @@ We encourage you to contribute to Ruby on Rails! Please check out the
[Contributing to Ruby on Rails guide](https://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html) for guidelines about how to proceed. [Join us!](https://contributors.rubyonrails.org)
Trying to report a possible security vulnerability in Rails? Please
-check out our [security policy](https://rubyonrails.org/security/) for
+check out our [security policy](https://rubyonrails.org/security) for
guidelines about how to proceed.
-Everyone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails [code of conduct](https://rubyonrails.org/conduct/).
+Everyone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails [code of conduct](https://rubyonrails.org/conduct).
## License
diff --git a/RELEASING_RAILS.md b/RELEASING_RAILS.md
index 9c305841f2724..dd4b9807898f1 100644
--- a/RELEASING_RAILS.md
+++ b/RELEASING_RAILS.md
@@ -158,7 +158,7 @@ break existing applications.
If you used Markdown format for your email, you can just paste it into the
blog.
-* https://weblog.rubyonrails.org
+* https://rubyonrails.org/blog
### Post the announcement to the Rails Twitter account.
diff --git a/actioncable/CHANGELOG.md b/actioncable/CHANGELOG.md
index 612fbb3cb365e..4f15709a2db88 100644
--- a/actioncable/CHANGELOG.md
+++ b/actioncable/CHANGELOG.md
@@ -1,3 +1,59 @@
+## Rails 7.0.3.1 (July 12, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.3 (May 09, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.4 (April 26, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.3 (March 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.2 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.1 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2 (February 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.1 (January 06, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.0 (December 15, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc3 (December 14, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc2 (December 14, 2021) ##
+
+* No changes.
+
+## Rails 7.0.0.rc1 (December 06, 2021) ##
+
* The Action Cable client now ensures successful channel subscriptions:
* The client maintains a set of pending subscriptions until either
diff --git a/actioncable/MIT-LICENSE b/actioncable/MIT-LICENSE
index 48dd75d6a9fa2..816d1294bca1d 100644
--- a/actioncable/MIT-LICENSE
+++ b/actioncable/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2015-2021 Basecamp, LLC
+Copyright (c) 2015-2022 Basecamp, LLC
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/actioncable/app/assets/javascripts/action_cable.js b/actioncable/app/assets/javascripts/action_cable.js
index d2c264baa4406..22edeccf30ab5 100644
--- a/actioncable/app/assets/javascripts/action_cable.js
+++ b/actioncable/app/assets/javascripts/action_cable.js
@@ -166,7 +166,7 @@
if (!allowReconnect) {
this.monitor.stop();
}
- if (this.isActive()) {
+ if (this.isOpen()) {
return this.webSocket.close();
}
}
diff --git a/actioncable/app/assets/javascripts/actioncable.esm.js b/actioncable/app/assets/javascripts/actioncable.esm.js
index 416448ce6c2fc..2187eb90bf097 100644
--- a/actioncable/app/assets/javascripts/actioncable.esm.js
+++ b/actioncable/app/assets/javascripts/actioncable.esm.js
@@ -172,7 +172,7 @@ class Connection {
if (!allowReconnect) {
this.monitor.stop();
}
- if (this.isActive()) {
+ if (this.isOpen()) {
return this.webSocket.close();
}
}
diff --git a/actioncable/app/assets/javascripts/actioncable.js b/actioncable/app/assets/javascripts/actioncable.js
index e8f48805e0d6a..b3cc4299dbc94 100644
--- a/actioncable/app/assets/javascripts/actioncable.js
+++ b/actioncable/app/assets/javascripts/actioncable.js
@@ -166,7 +166,7 @@
if (!allowReconnect) {
this.monitor.stop();
}
- if (this.isActive()) {
+ if (this.isOpen()) {
return this.webSocket.close();
}
}
diff --git a/actioncable/app/javascript/action_cable/connection.js b/actioncable/app/javascript/action_cable/connection.js
index 87584545cc598..d21761bd0700e 100644
--- a/actioncable/app/javascript/action_cable/connection.js
+++ b/actioncable/app/javascript/action_cable/connection.js
@@ -44,7 +44,8 @@ class Connection {
close({allowReconnect} = {allowReconnect: true}) {
if (!allowReconnect) { this.monitor.stop() }
- if (this.isActive()) {
+ // Avoid closing websockets in a "connecting" state due to Safari 15.1+ bug. See: https://github.com/rails/rails/issues/43835#issuecomment-1002288478
+ if (this.isOpen()) {
return this.webSocket.close()
}
}
diff --git a/actioncable/lib/action_cable.rb b/actioncable/lib/action_cable.rb
index 45fbdf4436ba9..3827584b51825 100644
--- a/actioncable/lib/action_cable.rb
+++ b/actioncable/lib/action_cable.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
#--
-# Copyright (c) 2015-2021 Basecamp, LLC
+# Copyright (c) 2015-2022 Basecamp, LLC
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
diff --git a/actioncable/lib/action_cable/channel/base.rb b/actioncable/lib/action_cable/channel/base.rb
index c90c2c4817433..d0488430f970a 100644
--- a/actioncable/lib/action_cable/channel/base.rb
+++ b/actioncable/lib/action_cable/channel/base.rb
@@ -186,7 +186,7 @@ def subscribe_to_channel
end
# Called by the cable connection when it's cut, so the channel has a chance to cleanup with callbacks.
- # This method is not intended to be called directly by the user. Instead, overwrite the #unsubscribed callback.
+ # This method is not intended to be called directly by the user. Instead, override the #unsubscribed callback.
def unsubscribe_from_channel # :nodoc:
run_callbacks :unsubscribe do
unsubscribed
diff --git a/actioncable/lib/action_cable/channel/naming.rb b/actioncable/lib/action_cable/channel/naming.rb
index e487021b5e6a4..7fd922ab0c87e 100644
--- a/actioncable/lib/action_cable/channel/naming.rb
+++ b/actioncable/lib/action_cable/channel/naming.rb
@@ -18,7 +18,7 @@ def channel_name
end
end
- # Delegates to the class' channel_name
+ # Delegates to the class's ::channel_name.
delegate :channel_name, to: :class
end
end
diff --git a/actioncable/lib/action_cable/connection/tagged_logger_proxy.rb b/actioncable/lib/action_cable/connection/tagged_logger_proxy.rb
index c7a0f07b19eb6..3c8ea9d4a6e37 100644
--- a/actioncable/lib/action_cable/connection/tagged_logger_proxy.rb
+++ b/actioncable/lib/action_cable/connection/tagged_logger_proxy.rb
@@ -3,7 +3,7 @@
module ActionCable
module Connection
# Allows the use of per-connection tags against the server logger. This wouldn't work using the traditional
- # ActiveSupport::TaggedLogging enhanced Rails.logger, as that logger will reset the tags between requests.
+ # ActiveSupport::TaggedLogging enhanced Rails.logger, as that logger will reset the tags between requests.
# The connection is long-lived, so it needs its own set of tags for its independent duration.
class TaggedLoggerProxy
attr_reader :tags
diff --git a/actioncable/lib/action_cable/connection/test_case.rb b/actioncable/lib/action_cable/connection/test_case.rb
index d8907dd255c07..6fd9c20ddb1ee 100644
--- a/actioncable/lib/action_cable/connection/test_case.rb
+++ b/actioncable/lib/action_cable/connection/test_case.rb
@@ -86,7 +86,7 @@ def initialize(request)
# end
#
# +connect+ accepts additional information about the HTTP request with the
- # +params+, +headers+, +session+ and Rack +env+ options.
+ # +params+, +headers+, +session+, and Rack +env+ options.
#
# def test_connect_with_headers_and_query_string
# connect params: { user_id: 1 }, headers: { "X-API-TOKEN" => "secret-my" }
diff --git a/actioncable/lib/action_cable/engine.rb b/actioncable/lib/action_cable/engine.rb
index 9d95b28d22c42..e369068ade833 100644
--- a/actioncable/lib/action_cable/engine.rb
+++ b/actioncable/lib/action_cable/engine.rb
@@ -25,8 +25,8 @@ class Engine < Rails::Engine # :nodoc:
initializer "action_cable.asset" do
config.after_initialize do |app|
- if Rails.application.config.respond_to?(:assets) && app.config.action_cable.precompile_assets
- Rails.application.config.assets.precompile += %w( actioncable.js actioncable.esm.js )
+ if app.config.respond_to?(:assets) && app.config.action_cable.precompile_assets
+ app.config.assets.precompile += %w( actioncable.js actioncable.esm.js )
end
end
end
diff --git a/actioncable/lib/action_cable/gem_version.rb b/actioncable/lib/action_cable/gem_version.rb
index 3aa1b9ff8095b..d6e4f76794eb4 100644
--- a/actioncable/lib/action_cable/gem_version.rb
+++ b/actioncable/lib/action_cable/gem_version.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
module ActionCable
- # Returns the version of the currently loaded Action Cable as a Gem::Version.
+ # Returns the currently loaded version of Action Cable as a Gem::Version.
def self.gem_version
Gem::Version.new VERSION::STRING
end
@@ -9,8 +9,8 @@ def self.gem_version
module VERSION
MAJOR = 7
MINOR = 0
- TINY = 0
- PRE = "alpha2"
+ TINY = 3
+ PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff --git a/actioncable/lib/action_cable/subscription_adapter/test.rb b/actioncable/lib/action_cable/subscription_adapter/test.rb
index ce604cc88eb71..83c28f41a19e6 100644
--- a/actioncable/lib/action_cable/subscription_adapter/test.rb
+++ b/actioncable/lib/action_cable/subscription_adapter/test.rb
@@ -7,7 +7,7 @@ module SubscriptionAdapter
# == Test adapter for Action Cable
#
# The test adapter should be used only in testing. Along with
- # ActionCable::TestHelper it makes a great tool to test your Rails application.
+ # ActionCable::TestHelper it makes a great tool to test your Rails application.
#
# To use the test adapter set +adapter+ value to +test+ in your +config/cable.yml+ file.
#
diff --git a/actioncable/lib/action_cable/version.rb b/actioncable/lib/action_cable/version.rb
index 86115c6065208..00d5f6d2ee3ad 100644
--- a/actioncable/lib/action_cable/version.rb
+++ b/actioncable/lib/action_cable/version.rb
@@ -3,7 +3,7 @@
require_relative "gem_version"
module ActionCable
- # Returns the version of the currently loaded Action Cable as a Gem::Version
+ # Returns the currently loaded version of Action Cable as a Gem::Version.
def self.version
gem_version
end
diff --git a/actioncable/package.json b/actioncable/package.json
index e2b618459285a..0a84c6607f7d1 100644
--- a/actioncable/package.json
+++ b/actioncable/package.json
@@ -1,8 +1,8 @@
{
"name": "@rails/actioncable",
- "version": "7.0.0-alpha2",
+ "version": "7.0.3-1",
"description": "WebSocket framework for Ruby on Rails.",
- "module": "app/javascript/action_cable/index.js",
+ "module": "app/assets/javascripts/actioncable.esm.js",
"main": "app/assets/javascripts/actioncable.js",
"files": [
"app/assets/javascripts/*.js",
diff --git a/actionmailbox/CHANGELOG.md b/actionmailbox/CHANGELOG.md
index 610fb7a467b6b..261ad73c3309a 100644
--- a/actionmailbox/CHANGELOG.md
+++ b/actionmailbox/CHANGELOG.md
@@ -1,3 +1,59 @@
+## Rails 7.0.3.1 (July 12, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.3 (May 09, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.4 (April 26, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.3 (March 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.2 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.1 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2 (February 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.1 (January 06, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.0 (December 15, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc3 (December 14, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc2 (December 14, 2021) ##
+
+* No changes.
+
+## Rails 7.0.0.rc1 (December 06, 2021) ##
+
* Removed deprecated environment variable `MAILGUN_INGRESS_API_KEY`.
*Rafael Mendonça França*
diff --git a/actionmailbox/MIT-LICENSE b/actionmailbox/MIT-LICENSE
index 3491050dd5865..b660c7da9ab75 100644
--- a/actionmailbox/MIT-LICENSE
+++ b/actionmailbox/MIT-LICENSE
@@ -1,6 +1,6 @@
MIT License
-Copyright (c) 2018-2021 Basecamp, LLC
+Copyright (c) 2018-2022 Basecamp, LLC
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/actionmailbox/actionmailbox.gemspec b/actionmailbox/actionmailbox.gemspec
index 382eff97b155a..6f07f54e47cc2 100644
--- a/actionmailbox/actionmailbox.gemspec
+++ b/actionmailbox/actionmailbox.gemspec
@@ -39,4 +39,7 @@ Gem::Specification.new do |s|
s.add_dependency "actionpack", version
s.add_dependency "mail", ">= 2.7.1"
+ s.add_dependency "net-imap"
+ s.add_dependency "net-pop"
+ s.add_dependency "net-smtp"
end
diff --git a/actionmailbox/app/controllers/action_mailbox/base_controller.rb b/actionmailbox/app/controllers/action_mailbox/base_controller.rb
index 80a14355b776a..fdd3b5e735aa8 100644
--- a/actionmailbox/app/controllers/action_mailbox/base_controller.rb
+++ b/actionmailbox/app/controllers/action_mailbox/base_controller.rb
@@ -3,7 +3,7 @@
module ActionMailbox
# The base class for all Action Mailbox ingress controllers.
class BaseController < ActionController::Base
- skip_forgery_protection if default_protect_from_forgery
+ skip_forgery_protection
before_action :ensure_configured
diff --git a/actionmailbox/lib/action_mailbox/base.rb b/actionmailbox/lib/action_mailbox/base.rb
index ce3e2a104c69c..0a393268d012a 100644
--- a/actionmailbox/lib/action_mailbox/base.rb
+++ b/actionmailbox/lib/action_mailbox/base.rb
@@ -27,7 +27,7 @@ module ActionMailbox
# routing :all => :backstop
# end
#
- # Application mailboxes need to overwrite the +#process+ method, which is invoked by the framework after
+ # Application mailboxes need to override the #process method, which is invoked by the framework after
# callbacks have been run. The callbacks available are: +before_processing+, +after_processing+, and
# +around_processing+. The primary use case is ensure certain preconditions to processing are fulfilled
# using +before_processing+ callbacks.
@@ -35,7 +35,7 @@ module ActionMailbox
# If a precondition fails to be met, you can halt the processing using the +#bounced!+ method,
# which will silently prevent any further processing, but not actually send out any bounce notice. You
# can also pair this behavior with the invocation of an Action Mailer class responsible for sending out
- # an actual bounce email. This is done using the +#bounce_with+ method, which takes the mail object returned
+ # an actual bounce email. This is done using the #bounce_with method, which takes the mail object returned
# by an Action Mailer method, like so:
#
# class ForwardsMailbox < ApplicationMailbox
@@ -51,7 +51,7 @@ module ActionMailbox
#
# During the processing of the inbound email, the status will be tracked. Before processing begins,
# the email will normally have the +pending+ status. Once processing begins, just before callbacks
- # and the +#process+ method is called, the status is changed to +processing+. If processing is allowed to
+ # and the #process method is called, the status is changed to +processing+. If processing is allowed to
# complete, the status is changed to +delivered+. If a bounce is triggered, then +bounced+. If an unhandled
# exception is bubbled up, then +failed+.
#
@@ -89,7 +89,7 @@ def perform_processing # :nodoc:
end
def process
- # Overwrite in subclasses
+ # Override in subclasses
end
def finished_processing? # :nodoc:
diff --git a/actionmailbox/lib/action_mailbox/gem_version.rb b/actionmailbox/lib/action_mailbox/gem_version.rb
index ea928c3915765..2675271d11a63 100644
--- a/actionmailbox/lib/action_mailbox/gem_version.rb
+++ b/actionmailbox/lib/action_mailbox/gem_version.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
module ActionMailbox
- # Returns the currently-loaded version of Action Mailbox as a Gem::Version.
+ # Returns the currently loaded version of Action Mailbox as a Gem::Version.
def self.gem_version
Gem::Version.new VERSION::STRING
end
@@ -9,8 +9,8 @@ def self.gem_version
module VERSION
MAJOR = 7
MINOR = 0
- TINY = 0
- PRE = "alpha2"
+ TINY = 3
+ PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff --git a/actionmailbox/lib/action_mailbox/router/route.rb b/actionmailbox/lib/action_mailbox/router/route.rb
index 7e98e8338296d..7c67c775900f7 100644
--- a/actionmailbox/lib/action_mailbox/router/route.rb
+++ b/actionmailbox/lib/action_mailbox/router/route.rb
@@ -2,7 +2,7 @@
module ActionMailbox
# Encapsulates a route, which can then be matched against an inbound_email and provide a lookup of the matching
- # mailbox class. See examples for the different route addresses and how to use them in the +ActionMailbox::Base+
+ # mailbox class. See examples for the different route addresses and how to use them in the ActionMailbox::Base
# documentation.
class Router::Route
attr_reader :address, :mailbox_name
diff --git a/actionmailbox/lib/action_mailbox/routing.rb b/actionmailbox/lib/action_mailbox/routing.rb
index 8391bf9db0b13..4e98d4ee0b29f 100644
--- a/actionmailbox/lib/action_mailbox/routing.rb
+++ b/actionmailbox/lib/action_mailbox/routing.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
module ActionMailbox
- # See +ActionMailbox::Base+ for how to specify routing.
+ # See ActionMailbox::Base for how to specify routing.
module Routing
extend ActiveSupport::Concern
diff --git a/actionmailbox/lib/action_mailbox/test_helper.rb b/actionmailbox/lib/action_mailbox/test_helper.rb
index 1be23ea8dbfd7..ea50afd7f0a61 100644
--- a/actionmailbox/lib/action_mailbox/test_helper.rb
+++ b/actionmailbox/lib/action_mailbox/test_helper.rb
@@ -4,18 +4,18 @@
module ActionMailbox
module TestHelper
- # Create an +InboundEmail+ record using an eml fixture in the format of message/rfc822
+ # Create an InboundEmail record using an eml fixture in the format of message/rfc822
# referenced with +fixture_name+ located in +test/fixtures/files/fixture_name+.
def create_inbound_email_from_fixture(fixture_name, status: :processing)
create_inbound_email_from_source file_fixture(fixture_name).read, status: status
end
- # Creates an +InboundEmail+ by specifying through options or a block.
+ # Creates an InboundEmail by specifying through options or a block.
#
# ==== Options
#
- # * :status - The +status+ to set for the created +InboundEmail+.
- # For possible statuses, see {its documentation}[rdoc-ref:ActionMailbox::InboundEmail].
+ # * :status - The +status+ to set for the created InboundEmail.
+ # For possible statuses, see its documentation.
#
# ==== Creating a simple email
#
@@ -68,26 +68,25 @@ def create_inbound_email_from_mail(status: :processing, **mail_options, &block)
create_inbound_email_from_source mail.to_s, status: status
end
- # Create an +InboundEmail+ using the raw rfc822 +source+ as text.
+ # Create an InboundEmail using the raw rfc822 +source+ as text.
def create_inbound_email_from_source(source, status: :processing)
ActionMailbox::InboundEmail.create_and_extract_message_id! source, status: status
end
- # Create an +InboundEmail+ from fixture using the same arguments as +create_inbound_email_from_fixture+
+ # Create an InboundEmail from fixture using the same arguments as create_inbound_email_from_fixture
# and immediately route it to processing.
def receive_inbound_email_from_fixture(*args)
create_inbound_email_from_fixture(*args).tap(&:route)
end
- # Create an +InboundEmail+ using the same options or block as
- # {create_inbound_email_from_mail}[rdoc-ref:#create_inbound_email_from_mail],
- # then immediately route it for processing.
+ # Create an InboundEmail using the same options or block as
+ # create_inbound_email_from_mail, then immediately route it for processing.
def receive_inbound_email_from_mail(**kwargs, &block)
create_inbound_email_from_mail(**kwargs, &block).tap(&:route)
end
- # Create an +InboundEmail+ using the same arguments as +create_inbound_email_from_source+ and immediately route it
+ # Create an InboundEmail using the same arguments as create_inbound_email_from_source and immediately route it
# to processing.
def receive_inbound_email_from_source(*args)
create_inbound_email_from_source(*args).tap(&:route)
diff --git a/actionmailbox/lib/action_mailbox/version.rb b/actionmailbox/lib/action_mailbox/version.rb
index e65d27f5ddf84..00f7cf377015f 100644
--- a/actionmailbox/lib/action_mailbox/version.rb
+++ b/actionmailbox/lib/action_mailbox/version.rb
@@ -3,7 +3,7 @@
require_relative "gem_version"
module ActionMailbox
- # Returns the currently-loaded version of Action Mailbox as a Gem::Version.
+ # Returns the currently loaded version of Action Mailbox as a Gem::Version.
def self.version
gem_version
end
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
index 57cdf0765e032..895a46be7cc0b 100644
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,61 @@
+## Rails 7.0.3.1 (July 12, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.3 (May 09, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.4 (April 26, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.3 (March 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.2 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.1 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2 (February 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.1 (January 06, 2022) ##
+
+* Keep configuration of `smtp_settings` consistent between 6.1 and 7.0.
+
+ *André Luis Leal Cardoso Junior*
+
+
+## Rails 7.0.0 (December 15, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc3 (December 14, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc2 (December 14, 2021) ##
+
+* No changes.
+
+## Rails 7.0.0.rc1 (December 06, 2021) ##
+
* Remove deprecated `ActionMailer::DeliveryJob` and `ActionMailer::Parameterized::DeliveryJob`
in favor of `ActionMailer::MailDeliveryJob`.
diff --git a/actionmailer/MIT-LICENSE b/actionmailer/MIT-LICENSE
index 689e3fda4777a..2cc0faa2c40ea 100644
--- a/actionmailer/MIT-LICENSE
+++ b/actionmailer/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2004-2021 David Heinemeier Hansson
+Copyright (c) 2004-2022 David Heinemeier Hansson
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/actionmailer/actionmailer.gemspec b/actionmailer/actionmailer.gemspec
index 905bf41057acd..fb8ebb1b87c94 100644
--- a/actionmailer/actionmailer.gemspec
+++ b/actionmailer/actionmailer.gemspec
@@ -39,5 +39,8 @@ Gem::Specification.new do |s|
s.add_dependency "activejob", version
s.add_dependency "mail", ["~> 2.5", ">= 2.5.4"]
+ s.add_dependency "net-imap"
+ s.add_dependency "net-pop"
+ s.add_dependency "net-smtp"
s.add_dependency "rails-dom-testing", "~> 2.0"
end
diff --git a/actionmailer/lib/action_mailer.rb b/actionmailer/lib/action_mailer.rb
index 09d0353bd9360..d94c5d8c24303 100644
--- a/actionmailer/lib/action_mailer.rb
+++ b/actionmailer/lib/action_mailer.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
#--
-# Copyright (c) 2004-2021 David Heinemeier Hansson
+# Copyright (c) 2004-2022 David Heinemeier Hansson
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
diff --git a/actionmailer/lib/action_mailer/base.rb b/actionmailer/lib/action_mailer/base.rb
index edd45196b5fb2..ad733e31fe30f 100644
--- a/actionmailer/lib/action_mailer/base.rb
+++ b/actionmailer/lib/action_mailer/base.rb
@@ -106,7 +106,7 @@ module ActionMailer
# You got a new note!
# <%= truncate(@note.body, length: 25) %>
#
- # If you need to access the subject, from or the recipients in the view, you can do that through message object:
+ # If you need to access the subject, from, or the recipients in the view, you can do that through message object:
#
# You got a new note from <%= message.from %>!
# <%= truncate(@note.body, length: 25) %>
@@ -149,9 +149,9 @@ module ActionMailer
# mail = NotifierMailer.welcome(User.first) # => an ActionMailer::MessageDelivery object
# mail.deliver_now # generates and sends the email now
#
- # The ActionMailer::MessageDelivery class is a wrapper around a delegate that will call
+ # The ActionMailer::MessageDelivery class is a wrapper around a delegate that will call
# your method to generate the mail. If you want direct access to the delegator, or Mail::Message,
- # you can call the message method on the ActionMailer::MessageDelivery object.
+ # you can call the message method on the ActionMailer::MessageDelivery object.
#
# NotifierMailer.welcome(User.first).message # => a Mail::Message object
#
@@ -334,14 +334,37 @@ module ActionMailer
# end
#
# Callbacks in Action Mailer are implemented using
- # AbstractController::Callbacks, so you can define and configure
+ # AbstractController::Callbacks, so you can define and configure
# callbacks in the same manner that you would use callbacks in classes that
- # inherit from ActionController::Base.
+ # inherit from ActionController::Base.
#
# Note that unless you have a specific reason to do so, you should prefer
# using before_action rather than after_action in your
# Action Mailer classes so that headers are parsed properly.
#
+ # = Rescuing Errors
+ #
+ # +rescue+ blocks inside of a mailer method cannot rescue errors that occur
+ # outside of rendering -- for example, record deserialization errors in a
+ # background job, or errors from a third-party mail delivery service.
+ #
+ # To rescue errors that occur during any part of the mailing process, use
+ # {rescue_from}[rdoc-ref:ActiveSupport::Rescuable::ClassMethods#rescue_from]:
+ #
+ # class NotifierMailer < ApplicationMailer
+ # rescue_from ActiveJob::DeserializationError do
+ # # ...
+ # end
+ #
+ # rescue_from "SomeThirdPartyService::ApiError" do
+ # # ...
+ # end
+ #
+ # def notify(recipient)
+ # mail(to: recipient, subject: "Notification")
+ # end
+ # end
+ #
# = Previewing emails
#
# You can preview your email templates visually by adding a mailer preview file to the
@@ -402,6 +425,7 @@ module ActionMailer
# This is a symbol and one of :plain (will send the password Base64 encoded), :login (will
# send the password Base64 encoded) or :cram_md5 (combines a Challenge/Response mechanism to exchange
# information and a cryptographic Message Digest 5 algorithm to hash important information)
+ # * :enable_starttls - Use STARTTLS when connecting to your SMTP server and fail if unsupported. Defaults to false.
# * :enable_starttls_auto - Detects if STARTTLS is enabled in your SMTP server and starts
# to use it. Defaults to true.
# * :openssl_verify_mode - When using TLS, you can set how OpenSSL checks the certificate. This is
@@ -492,28 +516,28 @@ def unregister_interceptors(*interceptors)
end
# Register an Observer which will be notified when mail is delivered.
- # Either a class, string or symbol can be passed in as the Observer.
+ # Either a class, string, or symbol can be passed in as the Observer.
# If a string or symbol is passed in it will be camelized and constantized.
def register_observer(observer)
Mail.register_observer(observer_class_for(observer))
end
# Unregister a previously registered Observer.
- # Either a class, string or symbol can be passed in as the Observer.
+ # Either a class, string, or symbol can be passed in as the Observer.
# If a string or symbol is passed in it will be camelized and constantized.
def unregister_observer(observer)
Mail.unregister_observer(observer_class_for(observer))
end
# Register an Interceptor which will be called before mail is sent.
- # Either a class, string or symbol can be passed in as the Interceptor.
+ # Either a class, string, or symbol can be passed in as the Interceptor.
# If a string or symbol is passed in it will be camelized and constantized.
def register_interceptor(interceptor)
Mail.register_interceptor(observer_class_for(interceptor))
end
# Unregister a previously registered Interceptor.
- # Either a class, string or symbol can be passed in as the Interceptor.
+ # Either a class, string, or symbol can be passed in as the Interceptor.
# If a string or symbol is passed in it will be camelized and constantized.
def unregister_interceptor(interceptor)
Mail.unregister_interceptor(observer_class_for(interceptor))
@@ -623,6 +647,7 @@ def process(method_name, *args) # :nodoc:
@_message = NullMail.new unless @_mail_was_called
end
end
+ ruby2_keywords(:process)
class NullMail # :nodoc:
def body; "" end
diff --git a/actionmailer/lib/action_mailer/gem_version.rb b/actionmailer/lib/action_mailer/gem_version.rb
index c500dd9472a52..6e6325e5e7543 100644
--- a/actionmailer/lib/action_mailer/gem_version.rb
+++ b/actionmailer/lib/action_mailer/gem_version.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
module ActionMailer
- # Returns the version of the currently loaded Action Mailer as a Gem::Version.
+ # Returns the currently loaded version of Action Mailer as a Gem::Version.
def self.gem_version
Gem::Version.new VERSION::STRING
end
@@ -9,8 +9,8 @@ def self.gem_version
module VERSION
MAJOR = 7
MINOR = 0
- TINY = 0
- PRE = "alpha2"
+ TINY = 3
+ PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff --git a/actionmailer/lib/action_mailer/message_delivery.rb b/actionmailer/lib/action_mailer/message_delivery.rb
index 1fd669af3e7e6..26ab624a33c8e 100644
--- a/actionmailer/lib/action_mailer/message_delivery.rb
+++ b/actionmailer/lib/action_mailer/message_delivery.rb
@@ -63,7 +63,7 @@ def processed?
# * :priority - Enqueues the email with the specified priority
#
# By default, the email will be enqueued using ActionMailer::MailDeliveryJob. Each
- # ActionMailer::Base class can specify the job to use by setting the class variable
+ # ActionMailer::Base class can specify the job to use by setting the class variable
# +delivery_job+.
#
# class AccountRegistrationMailer < ApplicationMailer
@@ -89,7 +89,7 @@ def deliver_later!(options = {})
# * :priority - Enqueues the email with the specified priority
#
# By default, the email will be enqueued using ActionMailer::MailDeliveryJob. Each
- # ActionMailer::Base class can specify the job to use by setting the class variable
+ # ActionMailer::Base class can specify the job to use by setting the class variable
# +delivery_job+.
#
# class AccountRegistrationMailer < ApplicationMailer
diff --git a/actionmailer/lib/action_mailer/railtie.rb b/actionmailer/lib/action_mailer/railtie.rb
index 29c01a6f9262d..84fa768a1b6c8 100644
--- a/actionmailer/lib/action_mailer/railtie.rb
+++ b/actionmailer/lib/action_mailer/railtie.rb
@@ -45,11 +45,13 @@ class Railtie < Rails::Railtie # :nodoc:
self.delivery_job = delivery_job.constantize
end
- if smtp_settings = options.delete(:smtp_settings)
- self.smtp_settings = smtp_settings
+ if options.smtp_settings
+ self.smtp_settings = options.smtp_settings
end
- if smtp_timeout = options.delete(:smtp_timeout)
+ smtp_timeout = options.delete(:smtp_timeout)
+
+ if self.smtp_settings && smtp_timeout
self.smtp_settings[:open_timeout] ||= smtp_timeout
self.smtp_settings[:read_timeout] ||= smtp_timeout
end
diff --git a/actionmailer/lib/action_mailer/rescuable.rb b/actionmailer/lib/action_mailer/rescuable.rb
index 5a9927ebb93d1..facde36eeb513 100644
--- a/actionmailer/lib/action_mailer/rescuable.rb
+++ b/actionmailer/lib/action_mailer/rescuable.rb
@@ -20,7 +20,7 @@ def handle_exceptions # :nodoc:
end
private
- def process(*)
+ def process(...)
handle_exceptions do
super
end
diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb
index 4549d6eb57b60..18a73c2b41582 100644
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -3,7 +3,7 @@
require_relative "gem_version"
module ActionMailer
- # Returns the version of the currently loaded Action Mailer as a
+ # Returns the currently loaded version of Action Mailer as a
# Gem::Version.
def self.version
gem_version
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 6c6eccb23b381..7acf7336e9ee9 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,137 @@
+## Rails 7.0.3.1 (July 12, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.3 (May 09, 2022) ##
+
+* Allow relative redirects when `raise_on_open_redirects` is enabled.
+
+ *Tom Hughes*
+
+* Fix `authenticate_with_http_basic` to allow for missing password.
+
+ Before Rails 7.0 it was possible to handle basic authentication with only a username.
+
+ ```ruby
+ authenticate_with_http_basic do |token, _|
+ ApiClient.authenticate(token)
+ end
+ ```
+
+ This ability is restored.
+
+ *Jean Boussier*
+
+* Fix `content_security_policy` returning invalid directives.
+
+ Directives such as `self`, `unsafe-eval` and few others were not
+ single quoted when the directive was the result of calling a lambda
+ returning an array.
+
+ ```ruby
+ content_security_policy do |policy|
+ policy.frame_ancestors lambda { [:self, "https://example.com"] }
+ end
+ ```
+
+ With this fix the policy generated from above will now be valid.
+
+ *Edouard Chin*
+
+* Fix `skip_forgery_protection` to run without raising an error if forgery
+ protection has not been enabled / `verify_authenticity_token` is not a
+ defined callback.
+
+ This fix prevents the Rails 7.0 Welcome Page (`/`) from raising an
+ `ArgumentError` if `default_protect_from_forgery` is false.
+
+ *Brad Trick*
+
+* Fix `ActionController::Live` to copy the IsolatedExecutionState in the ephemeral thread.
+
+ Since its inception `ActionController::Live` has been copying thread local variables
+ to keep things such as `CurrentAttributes` set from middlewares working in the controller action.
+
+ With the introduction of `IsolatedExecutionState` in 7.0, some of that global state was lost in
+ `ActionController::Live` controllers.
+
+ *Jean Boussier*
+
+* Fix setting `trailing_slash: true` in route definition.
+
+ ```ruby
+ get '/test' => "test#index", as: :test, trailing_slash: true
+
+ test_path() # => "/test/"
+ ```
+
+ *Jean Boussier*
+
+## Rails 7.0.2.4 (April 26, 2022) ##
+
+* Allow Content Security Policy DSL to generate for API responses.
+
+ *Tim Wade*
+
+## Rails 7.0.2.3 (March 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.2 (February 11, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.2.1 (February 11, 2022) ##
+
+* Under certain circumstances, the middleware isn't informed that the
+ response body has been fully closed which result in request state not
+ being fully reset before the next request
+
+ [CVE-2022-23633]
+
+
+## Rails 7.0.2 (February 08, 2022) ##
+
+* No changes.
+
+
+## Rails 7.0.1 (January 06, 2022) ##
+
+* Fix `ActionController::Parameters` methods to keep the original logger context when creating a new copy
+ of the original object.
+
+ *Yutaka Kamei*
+
+
+## Rails 7.0.0 (December 15, 2021) ##
+
+* Deprecate `Rails.application.config.action_controller.urlsafe_csrf_tokens`. This config is now always enabled.
+
+ *Étienne Barrié*
+
+* Instance variables set in requests in a `ActionController::TestCase` are now cleared before the next request
+
+ This means if you make multiple requests in the same test, instance variables set in the first request will
+ not persist into the second one. (It's not recommended to make multiple requests in the same test.)
+
+ *Alex Ghiculescu*
+
+
+## Rails 7.0.0.rc3 (December 14, 2021) ##
+
+* No changes.
+
+
+## Rails 7.0.0.rc2 (December 14, 2021) ##
+
+* Fix X_FORWARDED_HOST protection. [CVE-2021-44528]
+
+
+## Rails 7.0.0.rc1 (December 06, 2021) ##
+
* `Rails.application.executor` hooks can now be called around every request in a `ActionController::TestCase`
This helps to better simulate request or job local state being reset between requests and prevent state
diff --git a/actionpack/MIT-LICENSE b/actionpack/MIT-LICENSE
index 689e3fda4777a..2cc0faa2c40ea 100644
--- a/actionpack/MIT-LICENSE
+++ b/actionpack/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2004-2021 David Heinemeier Hansson
+Copyright (c) 2004-2022 David Heinemeier Hansson
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/actionpack/lib/abstract_controller/base.rb b/actionpack/lib/abstract_controller/base.rb
index 61fc35561eee9..65a1aa1dbe81e 100644
--- a/actionpack/lib/abstract_controller/base.rb
+++ b/actionpack/lib/abstract_controller/base.rb
@@ -150,13 +150,14 @@ def process(action, *args)
process_action(action_name, *args)
end
+ ruby2_keywords(:process)
- # Delegates to the class' ::controller_path
+ # Delegates to the class's ::controller_path.
def controller_path
self.class.controller_path
end
- # Delegates to the class' ::action_methods
+ # Delegates to the class's ::action_methods.
def action_methods
self.class.action_methods
end
@@ -177,7 +178,7 @@ def available_action?(action_name)
# Tests if a response body is set. Used to determine if the
# +process_action+ callback needs to be terminated in
- # +AbstractController::Callbacks+.
+ # AbstractController::Callbacks.
def performed?
response_body
end
@@ -210,8 +211,8 @@ def action_method?(name)
#
# Notice that the first argument is the method to be dispatched
# which is *not* necessarily the same as the action name.
- def process_action(method_name, *args)
- send_action(method_name, *args)
+ def process_action(...)
+ send_action(...)
end
# Actually call the method associated with the action. Override
diff --git a/actionpack/lib/abstract_controller/callbacks.rb b/actionpack/lib/abstract_controller/callbacks.rb
index 6ada987bdc04f..563e9f414d127 100644
--- a/actionpack/lib/abstract_controller/callbacks.rb
+++ b/actionpack/lib/abstract_controller/callbacks.rb
@@ -229,7 +229,7 @@ def _insert_callbacks(callbacks, block = nil)
private
# Override AbstractController::Base#process_action to run the
# process_action callbacks around the normal behavior.
- def process_action(*)
+ def process_action(...)
run_callbacks(:process_action) do
super
end
diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb
index 62ae8f8d9eed3..2175baf6d9abf 100644
--- a/actionpack/lib/action_controller.rb
+++ b/actionpack/lib/action_controller.rb
@@ -3,6 +3,7 @@
require "abstract_controller"
require "action_dispatch"
require "action_controller/metal/strong_parameters"
+require "action_controller/metal/exceptions"
module ActionController
extend ActiveSupport::Autoload
diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb
index 36923aaf5480b..de5c18a7f7785 100644
--- a/actionpack/lib/action_controller/api.rb
+++ b/actionpack/lib/action_controller/api.rb
@@ -5,7 +5,7 @@
require "action_controller/log_subscriber"
module ActionController
- # API Controller is a lightweight version of ActionController::Base,
+ # API Controller is a lightweight version of ActionController::Base,
# created for applications that don't require all functionalities that a complete
# \Rails controller provides, allowing you to create controllers with just the
# features that you need for API only applications.
@@ -32,7 +32,7 @@ module ActionController
# end
#
# Request, response, and parameters objects all work the exact same way as
- # ActionController::Base.
+ # ActionController::Base.
#
# == Renders
#
@@ -51,7 +51,7 @@ module ActionController
#
# Redirects are used to move from one action to another. You can use the
# redirect_to method in your controllers in the same way as in
- # ActionController::Base. For example:
+ # ActionController::Base. For example:
#
# def create
# redirect_to root_url and return if not_authorized?
@@ -61,7 +61,7 @@ module ActionController
# == Adding New Behavior
#
# In some scenarios you may want to add back some functionality provided by
- # ActionController::Base that is not present by default in
+ # ActionController::Base that is not present by default in
# ActionController::API, for instance MimeResponds. This
# module gives you the respond_to method. Adding it is quite simple,
# you just need to include the module in a specific controller or in
@@ -83,7 +83,7 @@ module ActionController
# end
# end
#
- # Make sure to check the modules included in ActionController::Base
+ # Make sure to check the modules included in ActionController::Base
# if you want to use any other functionality that is not provided
# by ActionController::API out of the box.
class API < Metal
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index e86dda6abca10..9479a6268ba47 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -87,10 +87,11 @@ module ActionController
#
# or you can remove the entire session with +reset_session+.
#
- # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
- # This prevents the user from tampering with the session but also allows them to see its contents.
- #
- # Do not put secret information in cookie-based sessions!
+ # By default, sessions are stored in an encrypted browser cookie (see
+ # ActionDispatch::Session::CookieStore). Thus the user will not be able to
+ # read or edit the session data. However, the user can keep a copy of the
+ # cookie even after it has expired, so you should avoid storing sensitive
+ # information in cookie-based sessions.
#
# == Responses
#
diff --git a/actionpack/lib/action_controller/form_builder.rb b/actionpack/lib/action_controller/form_builder.rb
index 09d2ac1837cb2..19361d3db4de9 100644
--- a/actionpack/lib/action_controller/form_builder.rb
+++ b/actionpack/lib/action_controller/form_builder.rb
@@ -3,7 +3,7 @@
module ActionController
# Override the default form builder for all views rendered by this
# controller and any of its descendants. Accepts a subclass of
- # +ActionView::Helpers::FormBuilder+.
+ # ActionView::Helpers::FormBuilder.
#
# For example, given a form builder:
#
@@ -36,7 +36,7 @@ module ClassMethods
# in the views rendered by this controller and its subclasses.
#
# ==== Parameters
- # * builder - Default form builder, an instance of +ActionView::Helpers::FormBuilder+
+ # * builder - Default form builder, an instance of ActionView::Helpers::FormBuilder
def default_form_builder(builder)
self._default_form_builder = builder
end
diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb
index f58005cdc9fd6..ca0f76bde6f02 100644
--- a/actionpack/lib/action_controller/metal.rb
+++ b/actionpack/lib/action_controller/metal.rb
@@ -60,7 +60,7 @@ def build_middleware(klass, args, block)
# ActionController::Metal is the simplest possible controller, providing a
# valid Rack interface without the additional niceties provided by
- # ActionController::Base.
+ # ActionController::Base.
#
# A sample metal controller might look like this:
#
@@ -111,7 +111,7 @@ def build_middleware(klass, args, block)
#
# == Other Helpers
#
- # You can refer to the modules included in ActionController::Base to see
+ # You can refer to the modules included in ActionController::Base to see
# other features you can bring into your metal controller.
#
class Metal < AbstractController::Base
@@ -137,7 +137,7 @@ def self.action_encoding_template(action) # :nodoc:
false
end
- # Delegates to the class' controller_name.
+ # Delegates to the class's ::controller_name.
def controller_name
self.class.controller_name
end
diff --git a/actionpack/lib/action_controller/metal/conditional_get.rb b/actionpack/lib/action_controller/metal/conditional_get.rb
index 4d82fae63898b..861b1a48822d3 100644
--- a/actionpack/lib/action_controller/metal/conditional_get.rb
+++ b/actionpack/lib/action_controller/metal/conditional_get.rb
@@ -268,7 +268,7 @@ def stale?(object = nil, **freshness_kwargs)
# expires_in 3.hours, public: true, stale_while_revalidate: 60.seconds, stale_if_error: 5.minutes
#
# HTTP Cache-Control Extensions other values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
- # Any additional key-value pairs are concatenated onto the `Cache-Control` header in the response:
+ # Any additional key-value pairs are concatenated onto the Cache-Control header in the response:
#
# expires_in 3.hours, public: true, "s-maxage": 3.hours, "no-transform": true
#
diff --git a/actionpack/lib/action_controller/metal/content_security_policy.rb b/actionpack/lib/action_controller/metal/content_security_policy.rb
index fe1afc512b9b9..ea8838353f683 100644
--- a/actionpack/lib/action_controller/metal/content_security_policy.rb
+++ b/actionpack/lib/action_controller/metal/content_security_policy.rb
@@ -2,7 +2,6 @@
module ActionController # :nodoc:
module ContentSecurityPolicy
- # TODO: Documentation
extend ActiveSupport::Concern
include AbstractController::Helpers
@@ -14,6 +13,29 @@ module ContentSecurityPolicy
end
module ClassMethods
+ # Overrides parts of the globally configured Content-Security-Policy
+ # header:
+ #
+ # class PostsController < ApplicationController
+ # content_security_policy do |policy|
+ # policy.base_uri "https://www.example.com"
+ # end
+ # end
+ #
+ # Options can be passed similar to +before_action+. For example, pass
+ # only: :index to override the header on the index action only:
+ #
+ # class PostsController < ApplicationController
+ # content_security_policy(only: :index) do |policy|
+ # policy.default_src :self, :https
+ # end
+ # end
+ #
+ # Pass +false+ to remove the Content-Security-Policy header:
+ #
+ # class PostsController < ApplicationController
+ # content_security_policy false, only: :index
+ # end
def content_security_policy(enabled = true, **options, &block)
before_action(options) do
if block_given?
@@ -28,6 +50,18 @@ def content_security_policy(enabled = true, **options, &block)
end
end
+ # Overrides the globally configured Content-Security-Policy-Report-Only
+ # header:
+ #
+ # class PostsController < ApplicationController
+ # content_security_policy_report_only only: :index
+ # end
+ #
+ # Pass +false+ to remove the Content-Security-Policy-Report-Only header:
+ #
+ # class PostsController < ApplicationController
+ # content_security_policy_report_only false, only: :index
+ # end
def content_security_policy_report_only(report_only = true, **options)
before_action(options) do
request.content_security_policy_report_only = report_only
diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb
index 5988d5c577354..f857a9b6364ca 100644
--- a/actionpack/lib/action_controller/metal/helpers.rb
+++ b/actionpack/lib/action_controller/metal/helpers.rb
@@ -26,7 +26,7 @@ module ActionController
#
# module FormattedTimeHelper
# def format_time(time, format=:long, blank_message=" ")
- # time.blank? ? blank_message : time.to_s(format)
+ # time.blank? ? blank_message : time.to_fs(format)
# end
# end
#
@@ -91,7 +91,7 @@ def helpers
end
end
- # Overwrite modules_for_helpers to accept :all as argument, which loads
+ # Override modules_for_helpers to accept +:all+ as argument, which loads
# all helpers in helpers_path.
#
# ==== Parameters
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index aae5cf87fc120..439ffd5c99490 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -5,9 +5,9 @@
require "active_support/core_ext/array/access"
module ActionController
- # HTTP Basic, Digest and Token authentication.
+ # HTTP Basic, Digest, and Token authentication.
module HttpAuthentication
- # HTTP \Basic authentication.
+ # = HTTP \Basic authentication
#
# === Simple \Basic example
#
@@ -70,7 +70,12 @@ module ControllerMethods
extend ActiveSupport::Concern
module ClassMethods
+ # Enables HTTP \Basic authentication.
+ #
+ # See ActionController::HttpAuthentication::Basic for example usage.
def http_basic_authenticate_with(name:, password:, realm: nil, **options)
+ raise ArgumentError, "Expected name: to be a String, got #{name.class}" unless name.is_a?(String)
+ raise ArgumentError, "Expected password: to be a String, got #{password.class}" unless password.is_a?(String)
before_action(options) { http_basic_authenticate_or_request_with name: name, password: password, realm: realm }
end
end
@@ -79,8 +84,8 @@ def http_basic_authenticate_or_request_with(name:, password:, realm: nil, messag
authenticate_or_request_with_http_basic(realm, message) do |given_name, given_password|
# This comparison uses & so that it doesn't short circuit and
# uses `secure_compare` so that length information isn't leaked.
- ActiveSupport::SecurityUtils.secure_compare(given_name, name) &
- ActiveSupport::SecurityUtils.secure_compare(given_password, password)
+ ActiveSupport::SecurityUtils.secure_compare(given_name.to_s, name) &
+ ActiveSupport::SecurityUtils.secure_compare(given_password.to_s, password)
end
end
@@ -104,7 +109,7 @@ def authenticate(request, &login_procedure)
end
def has_basic_credentials?(request)
- request.authorization.present? && (auth_scheme(request).downcase == "basic") && user_name_and_password(request).length == 2
+ request.authorization.present? && (auth_scheme(request).downcase == "basic")
end
def user_name_and_password(request)
@@ -135,7 +140,7 @@ def authentication_request(controller, realm, message)
end
end
- # HTTP \Digest authentication.
+ # = HTTP \Digest authentication
#
# === Simple \Digest example
#
@@ -181,22 +186,28 @@ module Digest
extend self
module ControllerMethods
+ # Authenticate using an HTTP \Digest, or otherwise render an HTTP header
+ # requesting the client to send a \Digest.
+ #
+ # See ActionController::HttpAuthentication::Digest for example usage.
def authenticate_or_request_with_http_digest(realm = "Application", message = nil, &password_procedure)
authenticate_with_http_digest(realm, &password_procedure) || request_http_digest_authentication(realm, message)
end
- # Authenticate with HTTP Digest, returns true or false
+ # Authenticate using an HTTP \Digest. Returns true if authentication is
+ # successful, false otherwise.
def authenticate_with_http_digest(realm = "Application", &password_procedure)
HttpAuthentication::Digest.authenticate(request, realm, &password_procedure)
end
- # Render output including the HTTP Digest authentication header
+ # Render an HTTP header requesting the client to send a \Digest for
+ # authentication.
def request_http_digest_authentication(realm = "Application", message = nil)
HttpAuthentication::Digest.authentication_request(self, realm, message)
end
end
- # Returns false on a valid response, true otherwise
+ # Returns false on a valid response, true otherwise.
def authenticate(request, realm, &password_procedure)
request.authorization && validate_digest_response(request, realm, &password_procedure)
end
@@ -301,7 +312,7 @@ def secret_token(request)
#
# An implementation might choose not to accept a previously used nonce or a previously used digest, in order to
# protect against a replay attack. Or, an implementation might choose to use one-time nonces or digests for
- # POST, PUT, or PATCH requests and a time-stamp for GET requests. For more details on the issues involved see Section 4
+ # POST, PUT, or PATCH requests, and a time-stamp for GET requests. For more details on the issues involved see Section 4
# of this document.
#
# The nonce is opaque to the client. Composed of Time, and hash of Time with secret
@@ -331,9 +342,9 @@ def opaque(secret_key)
end
end
- # HTTP Token authentication.
+ # = HTTP \Token authentication
#
- # Simple Token example:
+ # === Simple \Token example
#
# class PostsController < ApplicationController
# TOKEN = "secret"
@@ -412,14 +423,22 @@ module Token
extend self
module ControllerMethods
+ # Authenticate using an HTTP Bearer token, or otherwise render an HTTP
+ # header requesting the client to send a Bearer token.
+ #
+ # See ActionController::HttpAuthentication::Token for example usage.
def authenticate_or_request_with_http_token(realm = "Application", message = nil, &login_procedure)
authenticate_with_http_token(&login_procedure) || request_http_token_authentication(realm, message)
end
+ # Authenticate using an HTTP Bearer token. Returns true if
+ # authentication is successful, false otherwise.
def authenticate_with_http_token(&login_procedure)
Token.authenticate(self, &login_procedure)
end
+ # Render an HTTP header requesting the client to send a Bearer token for
+ # authentication.
def request_http_token_authentication(realm = "Application", message = nil)
Token.authentication_request(self, realm, message)
end
@@ -428,17 +447,17 @@ def request_http_token_authentication(realm = "Application", message = nil)
# If token Authorization header is present, call the login
# procedure with the present token and options.
#
- # [controller]
- # ActionController::Base instance for the current request.
+ # Returns the return value of login_procedure if a
+ # token is found. Returns nil if no token is found.
+ #
+ # ==== Parameters
#
- # [login_procedure]
- # Proc to call if a token is present. The Proc should take two arguments:
+ # * +controller+ - ActionController::Base instance for the current request.
+ # * +login_procedure+ - Proc to call if a token is present. The Proc
+ # should take two arguments:
#
# authenticate(controller) { |token, options| ... }
#
- # Returns the return value of login_procedure if a
- # token is found. Returns nil if no token is found.
-
def authenticate(controller, &login_procedure)
token, options = token_and_options(controller.request)
unless token.blank?
@@ -449,14 +468,18 @@ def authenticate(controller, &login_procedure)
# Parses the token and options out of the token Authorization header.
# The value for the Authorization header is expected to have the prefix
# "Token" or "Bearer". If the header looks like this:
+ #
# Authorization: Token token="abc", nonce="def"
- # Then the returned token is "abc", and the options are
- # {nonce: "def"}
#
- # request - ActionDispatch::Request instance with the current headers.
+ # Then the returned token is "abc", and the options are
+ # {nonce: "def"}.
#
# Returns an +Array+ of [String, Hash] if a token is present.
# Returns +nil+ if no token is found.
+ #
+ # ==== Parameters
+ #
+ # * +request+ - ActionDispatch::Request instance with the current headers.
def token_and_options(request)
authorization_request = request.authorization.to_s
if authorization_request[TOKEN_REGEX]
@@ -469,7 +492,7 @@ def token_params_from(auth)
rewrite_param_values params_array_from raw_params auth
end
- # Takes raw_params and turns it into an array of parameters
+ # Takes +raw_params+ and turns it into an array of parameters.
def params_array_from(raw_params)
raw_params.map { |param| param.split %r/=(.+)?/ }
end
@@ -494,10 +517,12 @@ def raw_params(auth)
# Encodes the given token and options into an Authorization header value.
#
- # token - String token.
- # options - optional Hash of the options.
- #
# Returns String.
+ #
+ # ==== Parameters
+ #
+ # * +token+ - String token.
+ # * +options+ - Optional Hash of the options.
def encode_credentials(token, options = {})
values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value|
"#{key}=#{value.to_s.inspect}"
@@ -507,10 +532,12 @@ def encode_credentials(token, options = {})
# Sets a WWW-Authenticate header to let the client know a token is desired.
#
- # controller - ActionController::Base instance for the outgoing response.
- # realm - String realm to use in the header.
- #
# Returns nothing.
+ #
+ # ==== Parameters
+ #
+ # * +controller+ - ActionController::Base instance for the outgoing response.
+ # * +realm+ - String realm to use in the header.
def authentication_request(controller, realm, message = nil)
message ||= "HTTP Token: Access denied.\n"
controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.tr('"', "")}")
diff --git a/actionpack/lib/action_controller/metal/live.rb b/actionpack/lib/action_controller/metal/live.rb
index 77c9d4a227ec8..5b9dd0128a6be 100644
--- a/actionpack/lib/action_controller/metal/live.rb
+++ b/actionpack/lib/action_controller/metal/live.rb
@@ -261,6 +261,7 @@ def process(name)
# Since we're processing the view in a different thread, copy the
# thread locals from the main thread to the child thread. :'(
locals.each { |k, v| t2[k] = v }
+ ActiveSupport::IsolatedExecutionState.share_with(t1)
begin
super(name)
diff --git a/actionpack/lib/action_controller/metal/permissions_policy.rb b/actionpack/lib/action_controller/metal/permissions_policy.rb
index dff1c065f5243..bf2ede48bfa2d 100644
--- a/actionpack/lib/action_controller/metal/permissions_policy.rb
+++ b/actionpack/lib/action_controller/metal/permissions_policy.rb
@@ -1,37 +1,28 @@
# frozen_string_literal: true
module ActionController # :nodoc:
- # HTTP Permissions Policy is a web standard for defining a mechanism to
- # allow and deny the use of browser permissions in its own context, and
- # in content within any