actionpack 5.2.7.1 → 6.1.4.6

data/lib/action_dispatch/testing/test_response.rb

@@ -14,40 +14,12 @@ module ActionDispatch
       new response.status, response.headers, response.body
     end
 
-    def initialize(*) # :nodoc:
-      super
-      @response_parser = RequestEncoder.parser(content_type)
-    end
-
-    # Was the response successful?
-    def success?
-      ActiveSupport::Deprecation.warn(<<-MSG.squish)
-       The success? predicate is deprecated and will be removed in Rails 6.0.
-       Please use successful? as provided by Rack::Response::Helpers.
-      MSG
-      successful?
-    end
-
-    # Was the URL not found?
-    def missing?
-      ActiveSupport::Deprecation.warn(<<-MSG.squish)
-       The missing? predicate is deprecated and will be removed in Rails 6.0.
-       Please use not_found? as provided by Rack::Response::Helpers.
-      MSG
-      not_found?
-    end
-
-    # Was there a server-side error?
-    def error?
-      ActiveSupport::Deprecation.warn(<<-MSG.squish)
-       The error? predicate is deprecated and will be removed in Rails 6.0.
-       Please use server_error? as provided by Rack::Response::Helpers.
-      MSG
-      server_error?
+    def parsed_body
+      @parsed_body ||= response_parser.call(body)
     end
 
-    def parsed_body
-      @parsed_body ||= @response_parser.call(body)
+    def response_parser
+      @response_parser ||= RequestEncoder.parser(media_type)
     end
   end
 end

data/lib/action_dispatch.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2004-2018 David Heinemeier Hansson
+# Copyright (c) 2004-2020 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -40,20 +40,27 @@ module ActionDispatch
   class IllegalStateError < StandardError
   end
 
+  class MissingController < NameError
+  end
+
   eager_autoload do
     autoload_under "http" do
       autoload :ContentSecurityPolicy
+      autoload :PermissionsPolicy
       autoload :Request
       autoload :Response
     end
   end
 
   autoload_under "middleware" do
+    autoload :HostAuthorization
     autoload :RequestId
     autoload :Callbacks
     autoload :Cookies
+    autoload :ActionableExceptions
     autoload :DebugExceptions
     autoload :DebugLocks
+    autoload :DebugView
     autoload :ExceptionWrapper
     autoload :Executor
     autoload :Flash
@@ -76,8 +83,6 @@ module ActionDispatch
     autoload :Headers
     autoload :MimeNegotiation
     autoload :Parameters
-    autoload :ParameterFilter
-    autoload :Upload
     autoload :UploadedFile, "action_dispatch/http/upload"
     autoload :URL
   end
@@ -110,4 +115,5 @@ autoload :Mime, "action_dispatch/http/mime_type"
 ActiveSupport.on_load(:action_view) do
   ActionView::Base.default_formats ||= Mime::SET.symbols
   ActionView::Template::Types.delegate_to Mime
+  ActionView::LookupContext::DetailsKey.clear
 end

data/lib/action_pack/gem_version.rb

@@ -7,10 +7,10 @@ module ActionPack
   end
 
   module VERSION
-    MAJOR = 5
-    MINOR = 2
-    TINY  = 7
-    PRE   = "1"
+    MAJOR = 6
+    MINOR = 1
+    TINY  = 4
+    PRE   = "6"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_pack.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2004-2018 David Heinemeier Hansson
+# Copyright (c) 2004-2020 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 5.2.7.1
+  version: 6.1.4.6
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-26 00:00:00.000000000 Z
+date: 2022-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -33,7 +33,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.8
+        version: 2.0.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.8
+        version: 2.0.9
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -67,7 +67,7 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -77,7 +77,7 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: rails-dom-testing
   requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.7.1
+        version: 6.1.4.6
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -157,20 +157,22 @@ files:
 - lib/action_controller/metal/content_security_policy.rb
 - lib/action_controller/metal/cookies.rb
 - lib/action_controller/metal/data_streaming.rb
+- lib/action_controller/metal/default_headers.rb
 - lib/action_controller/metal/etag_with_flash.rb
 - lib/action_controller/metal/etag_with_template_digest.rb
 - lib/action_controller/metal/exceptions.rb
 - lib/action_controller/metal/flash.rb
-- lib/action_controller/metal/force_ssl.rb
 - lib/action_controller/metal/head.rb
 - lib/action_controller/metal/helpers.rb
 - lib/action_controller/metal/http_authentication.rb
 - lib/action_controller/metal/implicit_render.rb
 - lib/action_controller/metal/instrumentation.rb
 - lib/action_controller/metal/live.rb
+- lib/action_controller/metal/logging.rb
 - lib/action_controller/metal/mime_responds.rb
 - lib/action_controller/metal/parameter_encoding.rb
 - lib/action_controller/metal/params_wrapper.rb
+- lib/action_controller/metal/permissions_policy.rb
 - lib/action_controller/metal/redirecting.rb
 - lib/action_controller/metal/renderers.rb
 - lib/action_controller/metal/rendering.rb
@@ -187,6 +189,7 @@ files:
 - lib/action_controller/test_case.rb
 - lib/action_dispatch.rb
 - lib/action_dispatch/http/cache.rb
+- lib/action_dispatch/http/content_disposition.rb
 - lib/action_dispatch/http/content_security_policy.rb
 - lib/action_dispatch/http/filter_parameters.rb
 - lib/action_dispatch/http/filter_redirect.rb
@@ -194,8 +197,8 @@ files:
 - lib/action_dispatch/http/mime_negotiation.rb
 - lib/action_dispatch/http/mime_type.rb
 - lib/action_dispatch/http/mime_types.rb
-- lib/action_dispatch/http/parameter_filter.rb
 - lib/action_dispatch/http/parameters.rb
+- lib/action_dispatch/http/permissions_policy.rb
 - lib/action_dispatch/http/rack_cache.rb
 - lib/action_dispatch/http/request.rb
 - lib/action_dispatch/http/response.rb
@@ -206,10 +209,7 @@ files:
 - lib/action_dispatch/journey/gtg/builder.rb
 - lib/action_dispatch/journey/gtg/simulator.rb
 - lib/action_dispatch/journey/gtg/transition_table.rb
-- lib/action_dispatch/journey/nfa/builder.rb
 - lib/action_dispatch/journey/nfa/dot.rb
-- lib/action_dispatch/journey/nfa/simulator.rb
-- lib/action_dispatch/journey/nfa/transition_table.rb
 - lib/action_dispatch/journey/nodes/node.rb
 - lib/action_dispatch/journey/parser.rb
 - lib/action_dispatch/journey/parser.y
@@ -224,13 +224,16 @@ files:
 - lib/action_dispatch/journey/visualizer/fsm.css
 - lib/action_dispatch/journey/visualizer/fsm.js
 - lib/action_dispatch/journey/visualizer/index.html.erb
+- lib/action_dispatch/middleware/actionable_exceptions.rb
 - lib/action_dispatch/middleware/callbacks.rb
 - lib/action_dispatch/middleware/cookies.rb
 - lib/action_dispatch/middleware/debug_exceptions.rb
 - lib/action_dispatch/middleware/debug_locks.rb
+- lib/action_dispatch/middleware/debug_view.rb
 - lib/action_dispatch/middleware/exception_wrapper.rb
 - lib/action_dispatch/middleware/executor.rb
 - lib/action_dispatch/middleware/flash.rb
+- lib/action_dispatch/middleware/host_authorization.rb
 - lib/action_dispatch/middleware/public_exceptions.rb
 - lib/action_dispatch/middleware/reloader.rb
 - lib/action_dispatch/middleware/remote_ip.rb
@@ -243,17 +246,24 @@ files:
 - lib/action_dispatch/middleware/ssl.rb
 - lib/action_dispatch/middleware/stack.rb
 - lib/action_dispatch/middleware/static.rb
+- lib/action_dispatch/middleware/templates/rescues/_actions.html.erb
+- lib/action_dispatch/middleware/templates/rescues/_actions.text.erb
+- lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb
 - lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
 - lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb
 - lib/action_dispatch/middleware/templates/rescues/_source.html.erb
 - lib/action_dispatch/middleware/templates/rescues/_source.text.erb
 - lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
 - lib/action_dispatch/middleware/templates/rescues/_trace.text.erb
+- lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
+- lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
 - lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb
 - lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb
 - lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb
 - lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb
 - lib/action_dispatch/middleware/templates/rescues/layout.erb
+- lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb
+- lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb
 - lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb
 - lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb
 - lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb
@@ -282,7 +292,6 @@ files:
 - lib/action_dispatch/system_testing/server.rb
 - lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb
 - lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb
-- lib/action_dispatch/system_testing/test_helpers/undef_methods.rb
 - lib/action_dispatch/testing/assertion_response.rb
 - lib/action_dispatch/testing/assertions.rb
 - lib/action_dispatch/testing/assertions/response.rb
@@ -295,12 +304,15 @@ files:
 - lib/action_pack.rb
 - lib/action_pack/gem_version.rb
 - lib/action_pack/version.rb
-homepage: http://rubyonrails.org
+homepage: https://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.7.1/actionpack
-  changelog_uri: https://github.com/rails/rails/blob/v5.2.7.1/actionpack/CHANGELOG.md
+  bug_tracker_uri: https://github.com/rails/rails/issues
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.4.6/actionpack/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.4.6/
+  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.4.6/actionpack
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -309,7 +321,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -317,7 +329,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.1.6
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).

data/lib/action_controller/metal/force_ssl.rb

@@ -1,99 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/core_ext/hash/except"
-require "active_support/core_ext/hash/slice"
-
-module ActionController
-  # This module provides a method which will redirect the browser to use the secured HTTPS
-  # protocol. This will ensure that users' sensitive information will be
-  # transferred safely over the internet. You _should_ always force the browser
-  # to use HTTPS when you're transferring sensitive information such as
-  # user authentication, account information, or credit card information.
-  #
-  # Note that if you are really concerned about your application security,
-  # you might consider using +config.force_ssl+ in your config file instead.
-  # That will ensure all the data is transferred via HTTPS, and will
-  # prevent the user from getting their session hijacked when accessing the
-  # site over unsecured HTTP protocol.
-  module ForceSSL
-    extend ActiveSupport::Concern
-    include AbstractController::Callbacks
-
-    ACTION_OPTIONS = [:only, :except, :if, :unless]
-    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
-    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
-
-    module ClassMethods
-      # Force the request to this particular controller or specified actions to be
-      # through the HTTPS protocol.
-      #
-      # If you need to disable this for any reason (e.g. development) then you can use
-      # an +:if+ or +:unless+ condition.
-      #
-      #     class AccountsController < ApplicationController
-      #       force_ssl if: :ssl_configured?
-      #
-      #       def ssl_configured?
-      #         !Rails.env.development?
-      #       end
-      #     end
-      #
-      # ==== URL Options
-      # You can pass any of the following options to affect the redirect URL
-      # * <tt>host</tt>       - Redirect to a different host name
-      # * <tt>subdomain</tt>  - Redirect to a different subdomain
-      # * <tt>domain</tt>     - Redirect to a different domain
-      # * <tt>port</tt>       - Redirect to a non-standard port
-      # * <tt>path</tt>       - Redirect to a different path
-      #
-      # ==== Redirect Options
-      # You can pass any of the following options to affect the redirect status and response
-      # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
-      # * <tt>flash</tt>      - Set a flash message when redirecting
-      # * <tt>alert</tt>      - Set an alert message when redirecting
-      # * <tt>notice</tt>     - Set a notice message when redirecting
-      #
-      # ==== Action Options
-      # You can pass any of the following options to affect the before_action callback
-      # * <tt>only</tt>       - The callback should be run only for this action
-      # * <tt>except</tt>     - The callback should be run for all actions except this action
-      # * <tt>if</tt>         - A symbol naming an instance method or a proc; the
-      #   callback will be called only when it returns a true value.
-      # * <tt>unless</tt>     - A symbol naming an instance method or a proc; the
-      #   callback will be called only when it returns a false value.
-      def force_ssl(options = {})
-        action_options = options.slice(*ACTION_OPTIONS)
-        redirect_options = options.except(*ACTION_OPTIONS)
-        before_action(action_options) do
-          force_ssl_redirect(redirect_options)
-        end
-      end
-    end
-
-    # Redirect the existing request to use the HTTPS protocol.
-    #
-    # ==== Parameters
-    # * <tt>host_or_options</tt> - Either a host name or any of the URL and
-    #   redirect options available to the <tt>force_ssl</tt> method.
-    def force_ssl_redirect(host_or_options = nil)
-      unless request.ssl?
-        options = {
-          protocol: "https://",
-          host: request.host,
-          path: request.fullpath,
-          status: :moved_permanently
-        }
-
-        if host_or_options.is_a?(Hash)
-          options.merge!(host_or_options)
-        elsif host_or_options
-          options[:host] = host_or_options
-        end
-
-        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
-        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
-      end
-    end
-  end
-end

data/lib/action_dispatch/http/parameter_filter.rb

@@ -1,86 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/core_ext/object/duplicable"
-
-module ActionDispatch
-  module Http
-    class ParameterFilter
-      FILTERED = "[FILTERED]".freeze # :nodoc:
-
-      def initialize(filters = [])
-        @filters = filters
-      end
-
-      def filter(params)
-        compiled_filter.call(params)
-      end
-
-    private
-
-      def compiled_filter
-        @compiled_filter ||= CompiledFilter.compile(@filters)
-      end
-
-      class CompiledFilter # :nodoc:
-        def self.compile(filters)
-          return lambda { |params| params.dup } if filters.empty?
-
-          strings, regexps, blocks = [], [], []
-
-          filters.each do |item|
-            case item
-            when Proc
-              blocks << item
-            when Regexp
-              regexps << item
-            else
-              strings << Regexp.escape(item.to_s)
-            end
-          end
-
-          deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
-          deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
-
-          regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
-          deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
-
-          new regexps, deep_regexps, blocks
-        end
-
-        attr_reader :regexps, :deep_regexps, :blocks
-
-        def initialize(regexps, deep_regexps, blocks)
-          @regexps = regexps
-          @deep_regexps = deep_regexps.any? ? deep_regexps : nil
-          @blocks = blocks
-        end
-
-        def call(original_params, parents = [])
-          filtered_params = original_params.class.new
-
-          original_params.each do |key, value|
-            parents.push(key) if deep_regexps
-            if regexps.any? { |r| key =~ r }
-              value = FILTERED
-            elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
-              value = FILTERED
-            elsif value.is_a?(Hash)
-              value = call(value, parents)
-            elsif value.is_a?(Array)
-              value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
-            elsif blocks.any?
-              key = key.dup if key.duplicable?
-              value = value.dup if value.duplicable?
-              blocks.each { |b| b.call(key, value) }
-            end
-            parents.pop if deep_regexps
-
-            filtered_params[key] = value
-          end
-
-          filtered_params
-        end
-      end
-    end
-  end
-end

data/lib/action_dispatch/journey/nfa/builder.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require "action_dispatch/journey/nfa/transition_table"
-require "action_dispatch/journey/gtg/transition_table"
-
-module ActionDispatch
-  module Journey # :nodoc:
-    module NFA # :nodoc:
-      class Visitor < Visitors::Visitor # :nodoc:
-        def initialize(tt)
-          @tt = tt
-          @i  = -1
-        end
-
-        def visit_CAT(node)
-          left  = visit(node.left)
-          right = visit(node.right)
-
-          @tt.merge(left.last, right.first)
-
-          [left.first, right.last]
-        end
-
-        def visit_GROUP(node)
-          from  = @i += 1
-          left  = visit(node.left)
-          to    = @i += 1
-
-          @tt.accepting = to
-
-          @tt[from, left.first] = nil
-          @tt[left.last, to] = nil
-          @tt[from, to] = nil
-
-          [from, to]
-        end
-
-        def visit_OR(node)
-          from = @i += 1
-          children = node.children.map { |c| visit(c) }
-          to = @i += 1
-
-          children.each do |child|
-            @tt[from, child.first] = nil
-            @tt[child.last, to]    = nil
-          end
-
-          @tt.accepting = to
-
-          [from, to]
-        end
-
-        def terminal(node)
-          from_i = @i += 1 # new state
-          to_i   = @i += 1 # new state
-
-          @tt[from_i, to_i] = node
-          @tt.accepting = to_i
-          @tt.add_memo(to_i, node.memo)
-
-          [from_i, to_i]
-        end
-      end
-
-      class Builder # :nodoc:
-        def initialize(ast)
-          @ast = ast
-        end
-
-        def transition_table
-          tt = TransitionTable.new
-          Visitor.new(tt).accept(@ast)
-          tt
-        end
-      end
-    end
-  end
-end

data/lib/action_dispatch/journey/nfa/simulator.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "strscan"
-
-module ActionDispatch
-  module Journey # :nodoc:
-    module NFA # :nodoc:
-      class MatchData # :nodoc:
-        attr_reader :memos
-
-        def initialize(memos)
-          @memos = memos
-        end
-      end
-
-      class Simulator # :nodoc:
-        attr_reader :tt
-
-        def initialize(transition_table)
-          @tt = transition_table
-        end
-
-        def simulate(string)
-          input = StringScanner.new(string)
-          state = tt.eclosure(0)
-          until input.eos?
-            sym   = input.scan(%r([/.?]|[^/.?]+))
-
-            # FIXME: tt.eclosure is not needed for the GTG
-            state = tt.eclosure(tt.move(state, sym))
-          end
-
-          acceptance_states = state.find_all { |s|
-            tt.accepting?(tt.eclosure(s).sort.last)
-          }
-
-          return if acceptance_states.empty?
-
-          memos = acceptance_states.flat_map { |x| tt.memo(x) }.compact
-
-          MatchData.new(memos)
-        end
-
-        alias :=~    :simulate
-        alias :match :simulate
-      end
-    end
-  end
-end