actionpack 6.1.0.rc1 → 6.1.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a4a41e1ca0c25578fbd6a0ea8a05295194ae1bd4583adec81c901d36df926af
4
- data.tar.gz: 8582c26944953ae947cf95b4582f3b000af462b0786476d4dc84a268963bbdd8
3
+ metadata.gz: 9ddc348fb8652218b5bd5b37bdb59d84478978eef60efa1e6e0ec970975e51fe
4
+ data.tar.gz: 3cb8f6771faff1498a49741146ee58df760bfaf71736ab90329b44141b600448
5
5
  SHA512:
6
- metadata.gz: c6ae9cf119acfd74a41566d30f6d499ed3590355134a7a00ebc77b25a8516f1037448bc202c543b0c92cedc842d38e1b787df12f4260bebf5f1595c42c192d2a
7
- data.tar.gz: 69965930679b64e98df6a5b4edaefa9f15a7c38480fd179507b3a27c663b07478411a6ae04355dd5a30f97f18be8b4441e083b5c97d0015f95963d5adf29dcda
6
+ metadata.gz: ca1a39f35896900dad228fdb4174207fcf571407aa3e033a82718bf2411b2d45665bd03db6df7e21d25cc8df4aaa33d83190502be910a528b51fc4ce4871d2f3
7
+ data.tar.gz: 66aec3e70249c3661662c5357ba2cc53b3845449bca439c3b07e34068fbb99be354e9dfa536d1964d9446d66519c6c515125827e1cc7f3b01c046b3a9a0741b3
data/CHANGELOG.md CHANGED
@@ -1,4 +1,58 @@
1
- ## Rails 6.1.0.rc1 (November 02, 2020) ##
1
+ ## Rails 6.1.2.1 (February 10, 2021) ##
2
+
3
+ * Prevent open redirect when allowed host starts with a dot
4
+
5
+ [CVE-2021-22881]
6
+
7
+ Thanks to @tktech (https://hackerone.com/tktech) for reporting this
8
+ issue and the patch!
9
+
10
+ *Aaron Patterson*
11
+
12
+
13
+ ## Rails 6.1.2 (February 09, 2021) ##
14
+
15
+ * Fix error in `ActionController::LogSubscriber` that would happen when throwing inside a controller action.
16
+
17
+ *Janko Marohnić*
18
+
19
+ * Fix `fixture_file_upload` deprecation when `file_fixture_path` is a relative path.
20
+
21
+ *Eugene Kenny*
22
+
23
+
24
+ ## Rails 6.1.1 (January 07, 2021) ##
25
+
26
+ * Fix nil translation key lookup in controllers/
27
+
28
+ *Jan Klimo*
29
+
30
+ * Quietly handle unknown HTTP methods in Action Dispatch SSL middleware.
31
+
32
+ *Alex Robbin*
33
+
34
+ * Change the request method to a `GET` when passing failed requests down to `config.exceptions_app`.
35
+
36
+ *Alex Robbin*
37
+
38
+
39
+ ## Rails 6.1.0 (December 09, 2020) ##
40
+
41
+ * Support for the HTTP header `Feature-Policy` has been revised to reflect
42
+ its [rename](https://github.com/w3c/webappsec-permissions-policy/pull/379) to [`Permissions-Policy`](https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field).
43
+
44
+ ```ruby
45
+ Rails.application.config.permissions_policy do |p|
46
+ p.camera :none
47
+ p.gyroscope :none
48
+ p.microphone :none
49
+ p.usb :none
50
+ p.fullscreen :self
51
+ p.payment :self, "https://secure-example.com"
52
+ end
53
+ ```
54
+
55
+ *Julien Grillot*
2
56
 
3
57
  * Allow `ActionDispatch::HostAuthorization` to exclude specific requests.
4
58
 
data/README.rdoc CHANGED
@@ -33,7 +33,7 @@ The latest version of Action Pack can be installed with RubyGems:
33
33
 
34
34
  Source code can be downloaded as part of the Rails project on GitHub:
35
35
 
36
- * https://github.com/rails/rails/tree/master/actionpack
36
+ * https://github.com/rails/rails/tree/main/actionpack
37
37
 
38
38
 
39
39
  == License
@@ -15,7 +15,7 @@ module AbstractController
15
15
  # to translate many keys within the same controller / action and gives you a
16
16
  # simple framework for scoping them consistently.
17
17
  def translate(key, **options)
18
- if key.start_with?(".")
18
+ if key&.start_with?(".")
19
19
  path = controller_path.tr("/", ".")
20
20
  defaults = [:"#{path}#{key}"]
21
21
  defaults << options[:default] if options[:default]
@@ -29,7 +29,7 @@ module ActionController
29
29
  autoload :DefaultHeaders
30
30
  autoload :EtagWithTemplateDigest
31
31
  autoload :EtagWithFlash
32
- autoload :FeaturePolicy
32
+ autoload :PermissionsPolicy
33
33
  autoload :Flash
34
34
  autoload :Head
35
35
  autoload :Helpers
@@ -226,7 +226,7 @@ module ActionController
226
226
  FormBuilder,
227
227
  RequestForgeryProtection,
228
228
  ContentSecurityPolicy,
229
- FeaturePolicy,
229
+ PermissionsPolicy,
230
230
  Streaming,
231
231
  DataStreaming,
232
232
  HttpAuthentication::Basic::ControllerMethods,
@@ -23,7 +23,7 @@ module ActionController
23
23
  additions = ActionController::Base.log_process_action(payload)
24
24
  status = payload[:status]
25
25
 
26
- if status.nil? && (exception_class_name = payload[:exception].first)
26
+ if status.nil? && (exception_class_name = payload[:exception]&.first)
27
27
  status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
28
28
  end
29
29
 
@@ -182,7 +182,7 @@ module ActionController
182
182
  #
183
183
  # You can also pass an object that responds to +maximum+, such as a
184
184
  # collection of active records. In this case +last_modified+ will be set by
185
- # calling +maximum(:updated_at)+ on the collection (the timestamp of the
185
+ # calling <tt>maximum(:updated_at)</tt> on the collection (the timestamp of the
186
186
  # most recently updated record) and the +etag+ by passing the object itself.
187
187
  #
188
188
  # def index
@@ -9,7 +9,9 @@ module ActionController #:nodoc:
9
9
  end
10
10
 
11
11
  private
12
- def cookies
12
+ # The cookies for the current request. See ActionDispatch::Cookies for
13
+ # more information.
14
+ def cookies # :doc:
13
15
  request.cookie_jar
14
16
  end
15
17
  end
@@ -484,7 +484,7 @@ module ActionController
484
484
  def raw_params(auth)
485
485
  _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
486
486
 
487
- if !_raw_params.first.start_with?(TOKEN_KEY)
487
+ if !_raw_params.first&.start_with?(TOKEN_KEY)
488
488
  _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
489
489
  end
490
490
 
@@ -1,11 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ActionController #:nodoc:
4
- # HTTP Feature Policy is a web standard for defining a mechanism to
5
- # allow and deny the use of browser features in its own context, and
4
+ # HTTP Permissions Policy is a web standard for defining a mechanism to
5
+ # allow and deny the use of browser permissions in its own context, and
6
6
  # in content within any <iframe> elements in the document.
7
7
  #
8
- # Full details of HTTP Feature Policy specification and guidelines can
8
+ # Full details of HTTP Permissions Policy specification and guidelines can
9
9
  # be found at MDN:
10
10
  #
11
11
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
@@ -13,7 +13,7 @@ module ActionController #:nodoc:
13
13
  # Examples of usage:
14
14
  #
15
15
  # # Global policy
16
- # Rails.application.config.feature_policy do |f|
16
+ # Rails.application.config.permissions_policy do |f|
17
17
  # f.camera :none
18
18
  # f.gyroscope :none
19
19
  # f.microphone :none
@@ -24,20 +24,20 @@ module ActionController #:nodoc:
24
24
  #
25
25
  # # Controller level policy
26
26
  # class PagesController < ApplicationController
27
- # feature_policy do |p|
27
+ # permissions_policy do |p|
28
28
  # p.geolocation "https://example.com"
29
29
  # end
30
30
  # end
31
- module FeaturePolicy
31
+ module PermissionsPolicy
32
32
  extend ActiveSupport::Concern
33
33
 
34
34
  module ClassMethods
35
- def feature_policy(**options, &block)
35
+ def permissions_policy(**options, &block)
36
36
  before_action(options) do
37
37
  if block_given?
38
- policy = request.feature_policy.clone
38
+ policy = request.permissions_policy.clone
39
39
  yield policy
40
- request.feature_policy = policy
40
+ request.permissions_policy = policy
41
41
  end
42
42
  end
43
43
  end
@@ -46,7 +46,7 @@ module ActionDispatch
46
46
  eager_autoload do
47
47
  autoload_under "http" do
48
48
  autoload :ContentSecurityPolicy
49
- autoload :FeaturePolicy
49
+ autoload :PermissionsPolicy
50
50
  autoload :Request
51
51
  autoload :Response
52
52
  end
@@ -3,9 +3,14 @@
3
3
  require "active_support/core_ext/object/deep_dup"
4
4
 
5
5
  module ActionDispatch #:nodoc:
6
- class FeaturePolicy
6
+ class PermissionsPolicy
7
7
  class Middleware
8
8
  CONTENT_TYPE = "Content-Type"
9
+ # The Feature-Policy header has been renamed to Permissions-Policy.
10
+ # The Permissions-Policy requires a different implementation and isn't
11
+ # yet supported by all browsers. To avoid having to rename this
12
+ # middleware in the future we use the new name for the middleware but
13
+ # keep the old header name and implementation for now.
9
14
  POLICY = "Feature-Policy"
10
15
 
11
16
  def initialize(app)
@@ -19,7 +24,7 @@ module ActionDispatch #:nodoc:
19
24
  return response unless html_response?(headers)
20
25
  return response if policy_present?(headers)
21
26
 
22
- if policy = request.feature_policy
27
+ if policy = request.permissions_policy
23
28
  headers[POLICY] = policy.build(request.controller_instance)
24
29
  end
25
30
 
@@ -47,13 +52,13 @@ module ActionDispatch #:nodoc:
47
52
  end
48
53
 
49
54
  module Request
50
- POLICY = "action_dispatch.feature_policy"
55
+ POLICY = "action_dispatch.permissions_policy"
51
56
 
52
- def feature_policy
57
+ def permissions_policy
53
58
  get_header(POLICY)
54
59
  end
55
60
 
56
- def feature_policy=(policy)
61
+ def permissions_policy=(policy)
57
62
  set_header(POLICY, policy)
58
63
  end
59
64
  end
@@ -63,8 +68,8 @@ module ActionDispatch #:nodoc:
63
68
  none: "'none'",
64
69
  }.freeze
65
70
 
66
- # List of available features can be found at
67
- # https://github.com/WICG/feature-policy/blob/master/features.md#policy-controlled-features
71
+ # List of available permissions can be found at
72
+ # https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#policy-controlled-features
68
73
  DIRECTIVES = {
69
74
  accelerometer: "accelerometer",
70
75
  ambient_light_sensor: "ambient-light-sensor",
@@ -121,14 +126,14 @@ module ActionDispatch #:nodoc:
121
126
  when String, Proc
122
127
  source
123
128
  else
124
- raise ArgumentError, "Invalid HTTP feature policy source: #{source.inspect}"
129
+ raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}"
125
130
  end
126
131
  end
127
132
  end
128
133
 
129
134
  def apply_mapping(source)
130
135
  MAPPINGS.fetch(source) do
131
- raise ArgumentError, "Unknown HTTP feature policy source mapping: #{source.inspect}"
136
+ raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}"
132
137
  end
133
138
  end
134
139
 
@@ -156,12 +161,12 @@ module ActionDispatch #:nodoc:
156
161
  source.to_s
157
162
  when Proc
158
163
  if context.nil?
159
- raise RuntimeError, "Missing context for the dynamic feature policy source: #{source.inspect}"
164
+ raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}"
160
165
  else
161
166
  context.instance_exec(&source)
162
167
  end
163
168
  else
164
- raise RuntimeError, "Unexpected feature policy source: #{source.inspect}"
169
+ raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}"
165
170
  end
166
171
  end
167
172
  end
@@ -23,7 +23,7 @@ module ActionDispatch
23
23
  include ActionDispatch::Http::FilterParameters
24
24
  include ActionDispatch::Http::URL
25
25
  include ActionDispatch::ContentSecurityPolicy::Request
26
- include ActionDispatch::FeaturePolicy::Request
26
+ include ActionDispatch::PermissionsPolicy::Request
27
27
  include Rack::Request::Env
28
28
 
29
29
  autoload :Session, "action_dispatch/request/session"
@@ -51,9 +51,9 @@ module ActionDispatch
51
51
 
52
52
  def sanitize_string(host)
53
53
  if host.start_with?(".")
54
- /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/
54
+ /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/i
55
55
  else
56
- host
56
+ /\A#{host}\z/i
57
57
  end
58
58
  end
59
59
  end
@@ -103,11 +103,20 @@ module ActionDispatch
103
103
 
104
104
  private
105
105
  def authorized?(request)
106
- origin_host = request.get_header("HTTP_HOST").to_s.sub(/:\d+\z/, "")
107
- forwarded_host = request.x_forwarded_host.to_s.split(/,\s?/).last.to_s.sub(/:\d+\z/, "")
108
-
109
- @permissions.allows?(origin_host) &&
110
- (forwarded_host.blank? || @permissions.allows?(forwarded_host))
106
+ valid_host = /
107
+ \A
108
+ (?<host>[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9\.:]+\])
109
+ (:\d+)?
110
+ \z
111
+ /x
112
+
113
+ origin_host = valid_host.match(
114
+ request.get_header("HTTP_HOST").to_s.downcase)
115
+ forwarded_host = valid_host.match(
116
+ request.x_forwarded_host.to_s.split(/,\s?/).last)
117
+
118
+ origin_host && @permissions.allows?(origin_host[:host]) && (
119
+ forwarded_host.nil? || @permissions.allows?(forwarded_host[:host]))
111
120
  end
112
121
 
113
122
  def excluded?(request)
@@ -46,7 +46,9 @@ module ActionDispatch
46
46
  status = wrapper.status_code
47
47
  request.set_header "action_dispatch.exception", wrapper.unwrapped_exception
48
48
  request.set_header "action_dispatch.original_path", request.path_info
49
+ request.set_header "action_dispatch.original_request_method", request.raw_request_method
49
50
  request.path_info = "/#{status}"
51
+ request.request_method = "GET"
50
52
  response = @exceptions_app.call(request.env)
51
53
  response[1]["X-Cascade"] == "pass" ? pass_response(status) : response
52
54
  rescue Exception => failsafe_error
@@ -52,6 +52,8 @@ module ActionDispatch
52
52
  # Default to 2 years as recommended on hstspreload.org.
53
53
  HSTS_EXPIRES_IN = 63072000
54
54
 
55
+ PERMANENT_REDIRECT_REQUEST_METHODS = %w[GET HEAD] # :nodoc:
56
+
55
57
  def self.default_hsts_options
56
58
  { expires: HSTS_EXPIRES_IN, subdomains: true, preload: false }
57
59
  end
@@ -131,7 +133,7 @@ module ActionDispatch
131
133
  end
132
134
 
133
135
  def redirection_status(request)
134
- if request.get? || request.head?
136
+ if PERMANENT_REDIRECT_REQUEST_METHODS.include?(request.raw_request_method)
135
137
  301 # Issue a permanent redirect via a GET request.
136
138
  elsif @ssl_default_redirect_status
137
139
  @ssl_default_redirect_status
@@ -1,5 +1,7 @@
1
1
  <% if exception.respond_to?(:original_message) && exception.respond_to?(:corrections) %>
2
- <h2><%= h exception.original_message %></h2>
2
+ <div class="exception-message">
3
+ <%= simple_format h(exception.original_message), { class: "message" }, wrapper_tag: "div" %>
4
+ </div>
3
5
  <%
4
6
  # The 'did_you_mean' gem can raise exceptions when calling #corrections on
5
7
  # the exception. If it does there are no corrections to show.
@@ -14,5 +16,7 @@
14
16
  </ul>
15
17
  <% end %>
16
18
  <% else %>
17
- <h2><%= h exception.message %></h2>
19
+ <div class="exception-message">
20
+ <%= simple_format h(exception.message), { class: "message" }, wrapper_tag: "div" %>
21
+ </div>
18
22
  <% end %>
@@ -49,6 +49,18 @@
49
49
  line-height: 25px;
50
50
  }
51
51
 
52
+ .exception-message {
53
+ padding: 8px 0;
54
+ }
55
+
56
+ .exception-message .message{
57
+ margin-bottom: 8px;
58
+ line-height: 25px;
59
+ font-size: 1.5em;
60
+ font-weight: bold;
61
+ color: #C00;
62
+ }
63
+
52
64
  .details {
53
65
  border: 1px solid #D0D0D0;
54
66
  border-radius: 4px;
@@ -51,10 +51,19 @@
51
51
  }
52
52
 
53
53
  @media (prefers-color-scheme: dark) {
54
+ body {
55
+ background-color: #222;
56
+ color: #ECECEC;
57
+ }
58
+
54
59
  #route_table tbody tr:nth-child(odd) {
55
60
  background: #333;
56
61
  }
57
62
 
63
+ #route_table tbody tr:nth-child(even) {
64
+ background: #444;
65
+ }
66
+
58
67
  #route_table tbody.exact_matches,
59
68
  #route_table tbody.fuzzy_matches {
60
69
  color: #333;
@@ -71,14 +71,14 @@ module ActionDispatch
71
71
 
72
72
  def set_headless_chrome_browser_options
73
73
  configure do |capabilities|
74
- capabilities.args << "--headless"
75
- capabilities.args << "--disable-gpu" if Gem.win_platform?
74
+ capabilities.add_argument("--headless")
75
+ capabilities.add_argument("--disable-gpu") if Gem.win_platform?
76
76
  end
77
77
  end
78
78
 
79
79
  def set_headless_firefox_browser_options
80
80
  configure do |capabilities|
81
- capabilities.args << "-headless"
81
+ capabilities.add_argument("-headless")
82
82
  end
83
83
  end
84
84
  end
@@ -29,7 +29,7 @@ module ActionDispatch
29
29
  haven't set yet. Set `file_fixture_path` to discard this warning.
30
30
  EOM
31
31
  elsif path.exist?
32
- non_deprecated_path = path.relative_path_from(Pathname(self.class.file_fixture_path))
32
+ non_deprecated_path = Pathname(File.absolute_path(path)).relative_path_from(Pathname(File.absolute_path(self.class.file_fixture_path)))
33
33
  ActiveSupport::Deprecation.warn(<<~EOM)
34
34
  Passing a path to `fixture_file_upload` relative to `fixture_path` is deprecated.
35
35
  In Rails 6.2, the path needs to be relative to `file_fixture_path`.
@@ -9,8 +9,8 @@ module ActionPack
9
9
  module VERSION
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
- TINY = 0
13
- PRE = "rc1"
12
+ TINY = 2
13
+ PRE = "1"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.0.rc1
4
+ version: 6.1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-02 00:00:00.000000000 Z
11
+ date: 2021-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.1.0.rc1
19
+ version: 6.1.2.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.1.0.rc1
26
+ version: 6.1.2.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
98
98
  requirements:
99
99
  - - '='
100
100
  - !ruby/object:Gem::Version
101
- version: 6.1.0.rc1
101
+ version: 6.1.2.1
102
102
  type: :runtime
103
103
  prerelease: false
104
104
  version_requirements: !ruby/object:Gem::Requirement
105
105
  requirements:
106
106
  - - '='
107
107
  - !ruby/object:Gem::Version
108
- version: 6.1.0.rc1
108
+ version: 6.1.2.1
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: activemodel
111
111
  requirement: !ruby/object:Gem::Requirement
112
112
  requirements:
113
113
  - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: 6.1.0.rc1
115
+ version: 6.1.2.1
116
116
  type: :development
117
117
  prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: 6.1.0.rc1
122
+ version: 6.1.2.1
123
123
  description: Web apps on Rails. Simple, battle-tested conventions for building and
124
124
  testing MVC web applications. Works with any Rack-compatible server.
125
125
  email: david@loudthinking.com
@@ -161,7 +161,6 @@ files:
161
161
  - lib/action_controller/metal/etag_with_flash.rb
162
162
  - lib/action_controller/metal/etag_with_template_digest.rb
163
163
  - lib/action_controller/metal/exceptions.rb
164
- - lib/action_controller/metal/feature_policy.rb
165
164
  - lib/action_controller/metal/flash.rb
166
165
  - lib/action_controller/metal/head.rb
167
166
  - lib/action_controller/metal/helpers.rb
@@ -173,6 +172,7 @@ files:
173
172
  - lib/action_controller/metal/mime_responds.rb
174
173
  - lib/action_controller/metal/parameter_encoding.rb
175
174
  - lib/action_controller/metal/params_wrapper.rb
175
+ - lib/action_controller/metal/permissions_policy.rb
176
176
  - lib/action_controller/metal/redirecting.rb
177
177
  - lib/action_controller/metal/renderers.rb
178
178
  - lib/action_controller/metal/rendering.rb
@@ -191,7 +191,6 @@ files:
191
191
  - lib/action_dispatch/http/cache.rb
192
192
  - lib/action_dispatch/http/content_disposition.rb
193
193
  - lib/action_dispatch/http/content_security_policy.rb
194
- - lib/action_dispatch/http/feature_policy.rb
195
194
  - lib/action_dispatch/http/filter_parameters.rb
196
195
  - lib/action_dispatch/http/filter_redirect.rb
197
196
  - lib/action_dispatch/http/headers.rb
@@ -199,6 +198,7 @@ files:
199
198
  - lib/action_dispatch/http/mime_type.rb
200
199
  - lib/action_dispatch/http/mime_types.rb
201
200
  - lib/action_dispatch/http/parameters.rb
201
+ - lib/action_dispatch/http/permissions_policy.rb
202
202
  - lib/action_dispatch/http/rack_cache.rb
203
203
  - lib/action_dispatch/http/request.rb
204
204
  - lib/action_dispatch/http/response.rb
@@ -309,10 +309,10 @@ licenses:
309
309
  - MIT
310
310
  metadata:
311
311
  bug_tracker_uri: https://github.com/rails/rails/issues
312
- changelog_uri: https://github.com/rails/rails/blob/v6.1.0.rc1/actionpack/CHANGELOG.md
313
- documentation_uri: https://api.rubyonrails.org/v6.1.0.rc1/
312
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md
313
+ documentation_uri: https://api.rubyonrails.org/v6.1.2.1/
314
314
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
315
- source_code_uri: https://github.com/rails/rails/tree/v6.1.0.rc1/actionpack
315
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.2.1/actionpack
316
316
  post_install_message:
317
317
  rdoc_options: []
318
318
  require_paths:
@@ -324,12 +324,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
324
324
  version: 2.5.0
325
325
  required_rubygems_version: !ruby/object:Gem::Requirement
326
326
  requirements:
327
- - - ">"
327
+ - - ">="
328
328
  - !ruby/object:Gem::Version
329
- version: 1.3.1
329
+ version: '0'
330
330
  requirements:
331
331
  - none
332
- rubygems_version: 3.1.4
332
+ rubygems_version: 3.0.3
333
333
  signing_key:
334
334
  specification_version: 4
335
335
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).