actionpack 7.1.4.2 → 7.1.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9bd7816015412fae314bd4fa1fd0ae92392ff4113d2c1349f9d2583e69cb132a
4
- data.tar.gz: 68add3afd1737983f98720b9e6339a4a323c945348e96a0bd1e03dbf7c89c906
3
+ metadata.gz: ef6ded6ec75402697cbeaf5e35774fc5883ec6dea9a31c9698b28949c0b9547f
4
+ data.tar.gz: d31034f579dbab96df8449bbe31b449aa6c6d94711ce0f394ed3933bd316546b
5
5
  SHA512:
6
- metadata.gz: ccceb25da20cd27588cc573e6e93afd2fcf157dc2e3e5d0e5854da79402466f391fc54adea0e68c543fec506c71956d81e2c937fab7c950718d44f3712b69939
7
- data.tar.gz: c3e2439e31b326c084501898663cf36518e3b03dfa66eed20ee8b74624433d7c9c224ef799cd257b27dc2125227f519d0ce089401711e14ccc5cb06e3f382563
6
+ metadata.gz: 563f1655070799cff368211fbe55ce13d4cd8a5984ca16d9c94df8fb6fec119c644d0a43a3fadf088cf2df019d4c6266a1e36ea4e3de1a82dbdf92f8e100d3c1
7
+ data.tar.gz: 170f1c5406ee4c8d740d50b63fd74d8c803b3aa4f8a16b69d73355949bb7a9d7835d4118d685050c3dd967cac6933403e1097575ab1d9e4dbfbdce292defe978
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## Rails 7.1.5 (October 30, 2024) ##
2
+
3
+ * No changes.
4
+
5
+
1
6
  ## Rails 7.1.4.2 (October 23, 2024) ##
2
7
 
3
8
  * No changes.
@@ -9,10 +14,14 @@
9
14
 
10
15
  [CVE-2024-47887]
11
16
 
17
+ *John Hawthorn*
18
+
12
19
  * Avoid regex backtracking in query parameter filtering
13
20
 
14
21
  [CVE-2024-41128]
15
22
 
23
+ *John Hawthorn*
24
+
16
25
  ## Rails 7.1.4 (August 22, 2024) ##
17
26
 
18
27
  * Resolve deprecation warning in latest `selenium-webdriver`.
@@ -207,7 +207,7 @@ module ActionController
207
207
  end
208
208
  end
209
209
 
210
- # Returns false on a valid response, true otherwise.
210
+ # Returns true on a valid response, false otherwise.
211
211
  def authenticate(request, realm, &password_procedure)
212
212
  request.authorization && validate_digest_response(request, realm, &password_procedure)
213
213
  end
@@ -425,7 +425,7 @@ module ActionController
425
425
  module ControllerMethods
426
426
  # Authenticate using an HTTP Bearer token, or otherwise render an HTTP
427
427
  # header requesting the client to send a Bearer token. For the authentication
428
- # to be considered successful, +login_procedure+ should return a non-nil
428
+ # to be considered successful, +login_procedure+ must not return a false
429
429
  # value. Typically, the authenticated user is returned.
430
430
  #
431
431
  # See ActionController::HttpAuthentication::Token for example usage.
@@ -99,7 +99,7 @@ module ActionDispatch
99
99
  { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
100
100
  elsif filter[:grep]
101
101
  grep_pattern = Regexp.new(filter[:grep])
102
- path = URI::DEFAULT_PARSER.escape(filter[:grep])
102
+ path = RFC2396_PARSER.escape(filter[:grep])
103
103
  normalized_path = ("/" + path).squeeze("/")
104
104
 
105
105
  {
@@ -2026,7 +2026,7 @@ module ActionDispatch
2026
2026
  name_for_action(options.delete(:as), action)
2027
2027
  end
2028
2028
 
2029
- path = Mapping.normalize_path URI::DEFAULT_PARSER.escape(path), formatted
2029
+ path = Mapping.normalize_path RFC2396_PARSER.escape(path), formatted
2030
2030
  ast = Journey::Parser.parse path
2031
2031
 
2032
2032
  mapping = Mapping.build(@scope, @set, ast, controller, default_action, to, via, formatted, options_constraints, anchor, options)
@@ -903,7 +903,7 @@ module ActionDispatch
903
903
  params.each do |key, value|
904
904
  if value.is_a?(String)
905
905
  value = value.dup.force_encoding(Encoding::BINARY)
906
- params[key] = URI::DEFAULT_PARSER.unescape(value)
906
+ params[key] = RFC2396_PARSER.unescape(value)
907
907
  end
908
908
  end
909
909
  req.path_parameters = params
@@ -29,6 +29,7 @@ require "active_support/core_ext/module/attribute_accessors"
29
29
 
30
30
  require "action_pack"
31
31
  require "rack"
32
+ require "uri"
32
33
  require "action_dispatch/deprecator"
33
34
 
34
35
  module Rack # :nodoc:
@@ -53,6 +54,9 @@ module ActionDispatch
53
54
  message: "ActionDispatch::IllegalStateError is deprecated without replacement.",
54
55
  deprecator: ActionDispatch.deprecator
55
56
 
57
+ RFC2396_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
58
+ private_constant :RFC2396_PARSER
59
+
56
60
  class MissingController < NameError
57
61
  end
58
62
 
@@ -9,8 +9,8 @@ module ActionPack
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 1
12
- TINY = 4
13
- PRE = "2"
12
+ TINY = 5
13
+ PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.4.2
4
+ version: 7.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-23 00:00:00.000000000 Z
11
+ date: 2024-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.1.4.2
19
+ version: 7.1.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.1.4.2
26
+ version: 7.1.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,28 @@ dependencies:
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 7.1.4.2
131
+ version: 7.1.5
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: 7.1.4.2
138
+ version: 7.1.5
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: activemodel
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 7.1.4.2
145
+ version: 7.1.5
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 7.1.4.2
152
+ version: 7.1.5
153
153
  description: Web apps on Rails. Simple, battle-tested conventions for building and
154
154
  testing MVC web applications. Works with any Rack-compatible server.
155
155
  email: david@loudthinking.com
@@ -346,10 +346,10 @@ licenses:
346
346
  - MIT
347
347
  metadata:
348
348
  bug_tracker_uri: https://github.com/rails/rails/issues
349
- changelog_uri: https://github.com/rails/rails/blob/v7.1.4.2/actionpack/CHANGELOG.md
350
- documentation_uri: https://api.rubyonrails.org/v7.1.4.2/
349
+ changelog_uri: https://github.com/rails/rails/blob/v7.1.5/actionpack/CHANGELOG.md
350
+ documentation_uri: https://api.rubyonrails.org/v7.1.5/
351
351
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
352
- source_code_uri: https://github.com/rails/rails/tree/v7.1.4.2/actionpack
352
+ source_code_uri: https://github.com/rails/rails/tree/v7.1.5/actionpack
353
353
  rubygems_mfa_required: 'true'
354
354
  post_install_message:
355
355
  rdoc_options: []