actionpack 7.2.2.2 → 7.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de497a4bfe038de60adf6ae41286240f2876e6708be4aa79f87639cf7c1b95d3
-  data.tar.gz: 77b807fbf7571a65674d4b78affdcc0c54821c935d6ec6634ee8e5fe63a13015
+  metadata.gz: e774a50c3ffb6c9c4f387e2bf3632992f1979e8b050cdd481e0ff41fc289f4d4
+  data.tar.gz: b433f1b952b2cca2850d40a668bbf4196a72dd1981ede7714348607cb79fadb1
 SHA512:
-  metadata.gz: f8761d3f2b5c3be0bfd48360b9f568974a34c47752357b56b81a751068e5b27bc3b26a2474274be3653f3b822042c371346c502d61afc35f95fee4a614e93ee9
-  data.tar.gz: 0cda820f77379fa28d2243069428fbd068f7020b7ee1d9555b315e4924c9e866d8d08ff30d2b7e67680fe2fcd9706f435f9f542edf8ef8b4f84f4788858b48e0
+  metadata.gz: 7c48de1742782bbad870035834911eb2bac273330d2d34317c2d670f02d762d9998f024491fe37e17b8628f4255844d66fec7522bb47e10668e0a775e160e6c4
+  data.tar.gz: d72cf3db810cc51bfca8ff37af293e22a4089838ec00fb8cc44dce15d77255937a7221a90b6fdd2dc38f01803abd42757641b5fb665d6c121111bf3e548022f4

data/CHANGELOG.md

@@ -1,3 +1,46 @@
+## Rails 7.2.3 (October 28, 2025) ##
+
+*   Submit test requests using `as: :html` with `Content-Type: x-www-form-urlencoded`
+
+    *Sean Doyle*
+
+*   Address `rack 3.2` deprecations warnings.
+
+    ```
+    warning: Status code :unprocessable_entity is deprecated and will be removed in a future version of Rack.
+    Please use :unprocessable_content instead.
+    ```
+
+    Rails API will transparently convert one into the other for the forseable future.
+
+    *Earlopain*, *Jean Boussier*
+
+*   Always return empty body for HEAD requests in `PublicExceptions` and
+    `DebugExceptions`.
+
+    This is required by `Rack::Lint` (per RFC9110).
+
+    *Hartley McGuire*
+
+*   Fix `url_for` to handle `:path_params` gracefully when it's not a `Hash`.
+
+    Prevents various security scanners from causing exceptions.
+
+    *Martin Emde*
+
+*   Fix `ActionDispatch::Executor` to unwrap exceptions like other error reporting middlewares.
+
+    *Jean Boussier*
+
+*   Fix NoMethodError when a non-string CSRF token is passed through headers.
+
+    *Ryan Heneise*
+
+*   Fix invalid response when rescuing `ActionController::Redirecting::UnsafeRedirectError` in a controller.
+
+    *Alex Ghiculescu*
+
+
 ## Rails 7.2.2.2 (August 13, 2025) ##
 
 *   No changes.

data/README.rdoc

@@ -52,6 +52,6 @@ Bug reports for the Ruby on \Rails project can be filed here:
 
 * https://github.com/rails/rails/issues
 
-Feature requests should be discussed on the rails-core mailing list here:
+Feature requests should be discussed on the rubyonrails-core forum here:
 
 * https://discuss.rubyonrails.org/c/rubyonrails-core

data/lib/abstract_controller/base.rb

@@ -86,14 +86,10 @@ module AbstractController
         controller.public_instance_methods(true) - methods
       end
 
-      # A list of method names that should be considered actions. This includes all
+      # A `Set` of method names that should be considered actions. This includes all
       # public instance methods on a controller, less any internal methods (see
       # internal_methods), adding back in any methods that are internal, but still
       # exist on the class itself.
-      #
-      # #### Returns
-      # *   `Set` - A set of all methods that should be considered actions.
-      #
       def action_methods
         @action_methods ||= begin
           # All public instance methods of this class, including ancestors except for
@@ -121,9 +117,6 @@ module AbstractController
       #
       #     MyApp::MyPostsController.controller_path # => "my_app/my_posts"
       #
-      # #### Returns
-      # *   `String`
-      #
       def controller_path
         @controller_path ||= name.delete_suffix("Controller").underscore unless anonymous?
       end
@@ -147,10 +140,6 @@ module AbstractController
     # The actual method that is called is determined by calling #method_for_action.
     # If no method can handle the action, then an AbstractController::ActionNotFound
     # error is raised.
-    #
-    # #### Returns
-    # *   `self`
-    #
     def process(action, ...)
       @_action_name = action.to_s
 

data/lib/abstract_controller/collector.rb

@@ -27,7 +27,7 @@ module AbstractController
     def method_missing(symbol, ...)
       unless mime_constant = Mime[symbol]
         raise NoMethodError, "To respond to a custom format, register it as a MIME type first: " \
-          "https://guides.rubyonrails.org/action_controller_overview.html#restful-downloads. " \
+          "https://guides.rubyonrails.org/action_controller_advanced_topics.html#restful-downloads. " \
           "If you meant to respond to a variant like :tablet or :phone, not a custom format, " \
           "be sure to nest your variant response within a format response: " \
           "format.html { |html| html.tablet { ... } }"

data/lib/abstract_controller/helpers.rb

@@ -90,7 +90,7 @@ module AbstractController
       #--
       # Implemented by Resolution#modules_for_helpers.
 
-      # :method: # all_helpers_from_path
+      # :method: all_helpers_from_path
       # :call-seq: all_helpers_from_path(path)
       #
       # Returns a list of helper names in a given path.

data/lib/action_controller/metal/live.rb

@@ -58,7 +58,7 @@ module ActionController
 
     module ClassMethods
       def make_response!(request)
-        if request.get_header("HTTP_VERSION") == "HTTP/1.0"
+        if (request.get_header("SERVER_PROTOCOL") || request.get_header("HTTP_VERSION")) == "HTTP/1.0"
           super
         else
           Live::Response.new.tap do |res|

data/lib/action_controller/metal/params_wrapper.rb

@@ -198,14 +198,14 @@ module ActionController
       #       # enables the parameter wrapper for XML format
       #
       #     wrap_parameters :person
-      #       # wraps parameters into +params[:person]+ hash
+      #       # wraps parameters into params[:person] hash
       #
       #     wrap_parameters Person
       #       # wraps parameters by determining the wrapper key from Person class
-      #       # (+person+, in this case) and the list of attribute names
+      #       # (:person, in this case) and the list of attribute names
       #
       #     wrap_parameters include: [:username, :title]
-      #       # wraps only +:username+ and +:title+ attributes from parameters.
+      #       # wraps only :username and :title attributes from parameters.
       #
       #     wrap_parameters false
       #       # disables parameters wrapping for this controller altogether.

data/lib/action_controller/metal/redirecting.rb

@@ -106,13 +106,14 @@ module ActionController
 
       allow_other_host = response_options.delete(:allow_other_host) { _allow_other_host }
 
-      self.status = _extract_redirect_to_status(options, response_options)
+      proposed_status = _extract_redirect_to_status(options, response_options)
 
       redirect_to_location = _compute_redirect_to_location(request, options)
       _ensure_url_is_http_header_safe(redirect_to_location)
 
       self.location      = _enforce_open_redirect_protection(redirect_to_location, allow_other_host: allow_other_host)
       self.response_body = ""
+      self.status        = proposed_status
     end
 
     # Soft deprecated alias for #redirect_back_or_to where the `fallback_location`
@@ -211,9 +212,9 @@ module ActionController
 
       def _extract_redirect_to_status(options, response_options)
         if options.is_a?(Hash) && options.key?(:status)
-          Rack::Utils.status_code(options.delete(:status))
+          ActionDispatch::Response.rack_status_code(options.delete(:status))
         elsif response_options.key?(:status)
-          Rack::Utils.status_code(response_options[:status])
+          ActionDispatch::Response.rack_status_code(response_options[:status])
         else
           302
         end

data/lib/action_controller/metal/rendering.rb

@@ -232,7 +232,7 @@ module ActionController
         end
 
         if options[:status]
-          options[:status] = Rack::Utils.status_code(options[:status])
+          options[:status] = ActionDispatch::Response.rack_status_code(options[:status])
         end
 
         super

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -142,6 +142,7 @@ module ActionController # :nodoc:
       #
       #
       # Built-in unverified request handling methods are:
+      #
       # *   `:exception` - Raises ActionController::InvalidAuthenticityToken
       #     exception.
       # *   `:reset_session` - Resets the session.
@@ -170,6 +171,7 @@ module ActionController # :nodoc:
       #
       #
       # Built-in session token strategies are:
+      #
       # *   `:session` - Store the CSRF token in the session.  Used as default if
       #     `:store` option is not specified.
       # *   `:cookie` - Store the CSRF token in an encrypted cookie.
@@ -498,7 +500,7 @@ module ActionController # :nodoc:
       # Checks the client's masked token to see if it matches the session token.
       # Essentially the inverse of `masked_authenticity_token`.
       def valid_authenticity_token?(session, encoded_masked_token) # :doc:
-        if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
+        if !encoded_masked_token.is_a?(String) || encoded_masked_token.empty?
           return false
         end
 

data/lib/action_controller/metal/strong_parameters.rb

@@ -1118,9 +1118,6 @@ module ActionController
         keys - params.keys - always_permitted_parameters
       end
 
-      #
-      # --- Filtering ----------------------------------------------------------
-      #
       # This is a list of permitted scalar types that includes the ones supported in
       # XML and JSON requests.
       #

data/lib/action_controller/renderer.rb

@@ -96,7 +96,6 @@ module ActionController
     #     *   `:script_name` - The portion of the incoming request's URL path that
     #         corresponds to the application. Converts to Rack's `SCRIPT_NAME`.
     #     *   `:input` - The input stream. Converts to Rack's `rack.input`.
-    #
     # *   `defaults` - Default values for the Rack env. Entries are specified in the
     #     same format as `env`. `env` will be merged on top of these values.
     #     `defaults` will be retained when calling #new on a renderer instance.

data/lib/action_dispatch/constants.rb

@@ -30,5 +30,11 @@ module ActionDispatch
       SERVER_TIMING = "server-timing"
       STRICT_TRANSPORT_SECURITY = "strict-transport-security"
     end
+
+    if Gem::Version.new(Rack::RELEASE) < Gem::Version.new("3.1")
+      UNPROCESSABLE_CONTENT = :unprocessable_entity
+    else
+      UNPROCESSABLE_CONTENT = :unprocessable_content
+    end
   end
 end

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -56,9 +56,14 @@ module ActionDispatch
 
       # Returns the MIME type for the format used in the request.
       #
-      #     GET /posts/5.xml   | request.format => Mime[:xml]
-      #     GET /posts/5.xhtml | request.format => Mime[:html]
-      #     GET /posts/5       | request.format => Mime[:html] or Mime[:js], or request.accepts.first
+      #     # GET /posts/5.xml
+      #     request.format # => Mime[:xml]
+      #
+      #     # GET /posts/5.xhtml
+      #     request.format # => Mime[:html]
+      #
+      #     # GET /posts/5
+      #     request.format # => Mime[:html] or Mime[:js], or request.accepts.first
       #
       def format(_view_path = nil)
         formats.first || Mime::NullType.instance

data/lib/action_dispatch/http/request.rb

@@ -132,7 +132,7 @@ module ActionDispatch
 
     # Populate the HTTP method lookup cache.
     HTTP_METHODS.each { |method|
-      HTTP_METHOD_LOOKUP[method] = method.underscore.to_sym
+      HTTP_METHOD_LOOKUP[method] = method.downcase.underscore.to_sym
     }
 
     alias raw_request_method request_method # :nodoc:
@@ -236,8 +236,9 @@ module ActionDispatch
     #
     #     send_early_hints("link" => "</style.css>; rel=preload; as=style,</script.js>; rel=preload")
     #
-    # If you are using `javascript_include_tag` or `stylesheet_link_tag` the Early
-    # Hints headers are included by default if supported.
+    # If you are using {javascript_include_tag}[rdoc-ref:ActionView::Helpers::AssetTagHelper#javascript_include_tag]
+    # or {stylesheet_link_tag}[rdoc-ref:ActionView::Helpers::AssetTagHelper#stylesheet_link_tag]
+    # the Early Hints headers are included by default if supported.
     def send_early_hints(links)
       env["rack.early_hints"]&.call(links)
     end

data/lib/action_dispatch/http/response.rb

@@ -46,6 +46,20 @@ module ActionDispatch # :nodoc:
       Headers = ::Rack::Utils::HeaderHash
     end
 
+    class << self
+      if ActionDispatch::Constants::UNPROCESSABLE_CONTENT == :unprocessable_content
+        def rack_status_code(status) # :nodoc:
+          status = :unprocessable_content if status == :unprocessable_entity
+          Rack::Utils.status_code(status)
+        end
+      else
+        def rack_status_code(status) # :nodoc:
+          status = :unprocessable_entity if status == :unprocessable_content
+          Rack::Utils.status_code(status)
+        end
+      end
+    end
+
     # To be deprecated:
     Header = Headers
 
@@ -245,7 +259,7 @@ module ActionDispatch # :nodoc:
 
     # Sets the HTTP status code.
     def status=(status)
-      @status = Rack::Utils.status_code(status)
+      @status = Response.rack_status_code(status)
     end
 
     # Sets the HTTP response's content MIME type. For example, in the controller you

data/lib/action_dispatch/http/url.rb

@@ -272,7 +272,7 @@ module ActionDispatch
         end
       end
 
-      # Returns whether this request is using the standard port
+      # Returns whether this request is using the standard port.
       #
       #     req = ActionDispatch::Request.new 'HTTP_HOST' => 'example.com:80'
       #     req.standard_port? # => true
@@ -307,7 +307,7 @@ module ActionDispatch
         standard_port? ? "" : ":#{port}"
       end
 
-      # Returns the requested port, such as 8080, based on SERVER_PORT
+      # Returns the requested port, such as 8080, based on SERVER_PORT.
       #
       #     req = ActionDispatch::Request.new 'SERVER_PORT' => '80'
       #     req.server_port # => 80

data/lib/action_dispatch/journey/formatter.rb

@@ -60,8 +60,13 @@ module ActionDispatch
 
       def generate(name, options, path_parameters)
         original_options = options.dup
-        path_params = options.delete(:path_params) || {}
-        options = path_params.merge(options)
+        path_params = options.delete(:path_params)
+        if path_params.is_a?(Hash)
+          options = path_params.merge(options)
+        else
+          path_params = nil
+          options = options.dup
+        end
         constraints = path_parameters.merge(options)
         missing_keys = nil
 
@@ -79,7 +84,7 @@ module ActionDispatch
             # top-level params' normal behavior of generating query_params should be
             # preserved even if the same key is also a bind_param
             parameterized_parts.key?(key) || route.defaults.key?(key) ||
-              (path_params.key?(key) && !original_options.key?(key))
+              (path_params&.key?(key) && !original_options.key?(key))
           end
 
           defaults       = route.defaults

data/lib/action_dispatch/journey/gtg/transition_table.rb

@@ -107,10 +107,10 @@ module ActionDispatch
           end
 
           {
-            regexp_states:   simple_regexp,
-            string_states:   @string_states,
-            stdparam_states: @stdparam_states,
-            accepting:       @accepting
+            regexp_states:   simple_regexp.stringify_keys,
+            string_states:   @string_states.stringify_keys,
+            stdparam_states: @stdparam_states.stringify_keys,
+            accepting:       @accepting.stringify_keys
           }
         end
 

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -65,7 +65,9 @@ module ActionDispatch
             content_type = Mime[:text]
           end
 
-          if api_request?(content_type)
+          if request.head?
+            render(wrapper.status_code, "", content_type)
+          elsif api_request?(content_type)
             render_for_api_request(content_type, wrapper)
           else
             render_for_browser_request(request, wrapper)

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -18,8 +18,8 @@ module ActionDispatch
       "ActionController::UnknownFormat"                    => :not_acceptable,
       "ActionDispatch::Http::MimeNegotiation::InvalidType" => :not_acceptable,
       "ActionController::MissingExactTemplate"             => :not_acceptable,
-      "ActionController::InvalidAuthenticityToken"         => :unprocessable_entity,
-      "ActionController::InvalidCrossOriginRequest"        => :unprocessable_entity,
+      "ActionController::InvalidAuthenticityToken"         => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
+      "ActionController::InvalidCrossOriginRequest"        => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
@@ -173,7 +173,7 @@ module ActionDispatch
     end
 
     def self.status_code_for_exception(class_name)
-      Rack::Utils.status_code(@@rescue_responses[class_name])
+      ActionDispatch::Response.rack_status_code(@@rescue_responses[class_name])
     end
 
     def show?(request)

data/lib/action_dispatch/middleware/executor.rb

@@ -21,8 +21,11 @@ module ActionDispatch
         end
 
         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
-      rescue => error
-        @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
+      rescue Exception => error
+        request = ActionDispatch::Request.new env
+        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, error)
+        @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
         state.complete! unless returned

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -32,7 +32,11 @@ module ActionDispatch
       end
       body = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
-      render(status, content_type, body)
+      if env["action_dispatch.original_request_method"] == "HEAD"
+        render_format(status, content_type, "")
+      else
+        render(status, content_type, body)
+      end
     end
 
     private

data/lib/action_dispatch/routing/mapper.rb

@@ -852,7 +852,7 @@ module ActionDispatch
         #
         # Takes same options as `Base#match` and `Resources#resources`.
         #
-        #     # route /posts (without the prefix /admin) to +Admin::PostsController+
+        #     # route /posts (without the prefix /admin) to Admin::PostsController
         #     scope module: "admin" do
         #       resources :posts
         #     end
@@ -862,7 +862,7 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # prefix the routing helper name: +sekret_posts_path+ instead of +posts_path+
+        #     # prefix the routing helper name: sekret_posts_path instead of posts_path
         #     scope as: "sekret" do
         #       resources :posts
         #     end
@@ -961,12 +961,12 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # maps to +Sekret::PostsController+ rather than +Admin::PostsController+
+        #     # maps to Sekret::PostsController rather than Admin::PostsController
         #     namespace :admin, module: "sekret" do
         #       resources :posts
         #     end
         #
-        #     # generates +sekret_posts_path+ rather than +admin_posts_path+
+        #     # generates sekret_posts_path rather than admin_posts_path
         #     namespace :admin, as: "sekret" do
         #       resources :posts
         #     end
@@ -1499,7 +1499,7 @@ module ActionDispatch
         #
         # ### Examples
         #
-        #     # routes call +Admin::PostsController+
+        #     # routes call Admin::PostsController
         #     resources :posts, module: "admin"
         #
         #     # resource actions are at /admin/posts.

data/lib/action_dispatch/testing/assertion_response.rb

@@ -38,7 +38,7 @@ module ActionDispatch
 
     private
       def code_from_name(name)
-        GENERIC_RESPONSE_CODES[name] || Rack::Utils.status_code(name)
+        GENERIC_RESPONSE_CODES[name] || ActionDispatch::Response.rack_status_code(name)
       end
 
       def name_from_code(code)

data/lib/action_dispatch/testing/integration.rb

@@ -594,9 +594,8 @@ module ActionDispatch
   #         end
   #     end
   #
-  # See the [request helpers documentation]
-  # (rdoc-ref:ActionDispatch::Integration::RequestHelpers) for help
-  # on how to use `get`, etc.
+  # See the [request helpers documentation](rdoc-ref:ActionDispatch::Integration::RequestHelpers)
+  # for help on how to use `get`, etc.
   #
   # ### Changing the request encoding
   #

data/lib/action_dispatch/testing/request_encoder.rb

@@ -3,6 +3,7 @@
 # :markup: markdown
 
 require "nokogiri"
+require "action_dispatch/http/mime_type"
 
 module ActionDispatch
   class RequestEncoder # :nodoc:
@@ -15,9 +16,9 @@ module ActionDispatch
 
     @encoders = { identity: IdentityEncoder.new }
 
-    attr_reader :response_parser
+    attr_reader :response_parser, :content_type
 
-    def initialize(mime_name, param_encoder, response_parser)
+    def initialize(mime_name, param_encoder, response_parser, content_type)
       @mime = Mime[mime_name]
 
       unless @mime
@@ -27,10 +28,7 @@ module ActionDispatch
 
       @response_parser = response_parser || -> body { body }
       @param_encoder   = param_encoder   || :"to_#{@mime.symbol}".to_proc
-    end
-
-    def content_type
-      @mime.to_s
+      @content_type    = content_type    || @mime.to_s
     end
 
     def accept_header
@@ -50,11 +48,13 @@ module ActionDispatch
       @encoders[name] || @encoders[:identity]
     end
 
-    def self.register_encoder(mime_name, param_encoder: nil, response_parser: nil)
-      @encoders[mime_name] = new(mime_name, param_encoder, response_parser)
+    def self.register_encoder(mime_name, param_encoder: nil, response_parser: nil, content_type: nil)
+      @encoders[mime_name] = new(mime_name, param_encoder, response_parser, content_type)
     end
 
-    register_encoder :html, response_parser: -> body { Rails::Dom::Testing.html_document.parse(body) }
+    register_encoder :html, response_parser: -> body { Rails::Dom::Testing.html_document.parse(body) },
+                            param_encoder: -> param { param },
+                            content_type: Mime[:url_encoded_form].to_s
     register_encoder :json, response_parser: -> body { JSON.parse(body, object_class: ActiveSupport::HashWithIndifferentAccess) }
   end
 end

data/lib/action_dispatch/testing/test_process.rb

@@ -9,8 +9,7 @@ module ActionDispatch
   module TestProcess
     module FixtureFile
       # Shortcut for
-      # `Rack::Test::UploadedFile.new(File.join(ActionDispatch::IntegrationTest.file_f
-      # ixture_path, path), type)`:
+      # `Rack::Test::UploadedFile.new(File.join(ActionDispatch::IntegrationTest.file_fixture_path, path), type)`:
       #
       #     post :change_avatar, params: { avatar: file_fixture_upload('david.png', 'image/png') }
       #

data/lib/action_pack/gem_version.rb

@@ -11,8 +11,8 @@ module ActionPack
   module VERSION
     MAJOR = 7
     MINOR = 2
-    TINY  = 2
-    PRE   = "2"
+    TINY  = 3
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 7.2.2.2
+  version: 7.2.3
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -15,14 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
+- !ruby/object:Gem::Dependency
+  name: cgi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -60,7 +74,7 @@ dependencies:
         version: 2.2.4
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -70,7 +84,7 @@ dependencies:
         version: 2.2.4
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3.3'
 - !ruby/object:Gem::Dependency
   name: rack-session
   requirement: !ruby/object:Gem::Requirement
@@ -147,28 +161,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.2.2.2
+        version: 7.2.3
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -368,10 +382,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.2.2.2/actionpack/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.2.2.2/
+  changelog_uri: https://github.com/rails/rails/blob/v7.2.3/actionpack/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.2.3/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.2.2.2/actionpack
+  source_code_uri: https://github.com/rails/rails/tree/v7.2.3/actionpack
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths: