actiontext 7.0.4 → 7.1.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 82de1e2be05cc3b13e988c6b414f4c352a8f1a116cddca68fd1bca06cd0ec7cb
-  data.tar.gz: fe16bd3209f7ceb9ab2694839697979d94bb64d96bb7686bd5a5a3b8ad8187aa
+  metadata.gz: d51a41ff03b550ac428a52ce89ee785539d2ac0b386c5597f4c06b763070d054
+  data.tar.gz: 85028cdc38e4448c321e17190924c602f7bd940588307ef42206c7e0842ba31a
 SHA512:
-  metadata.gz: 997f51c29f335af6073885d08b0c312a89bbea06eca533231ca851b450948184f96791a10d0dba23d09640985aa60086d44e66b570abbd53080868fc775192f1
-  data.tar.gz: 041b4833e2d2b16e6c49e338b6d851023748d62c35e95cc7e5dbca27c52d69f18a8c5e5e54ea5ca51f21687af4a3bb5b85efa1b0189e1e465eb84b406ba28a1f
+  metadata.gz: 417dec3ad3e197b566e52b5b42356481d6a5f54e1a792b5f16c7eeaa45137b2a4bdeeb32e83fd890d884fc60864e7d6062ebe25115710a40de06df3c93812c95
+  data.tar.gz: ab1691bf97b79a8f2b644b6bf324c06fc663fd8ca2ba4641a906fcf7062a4c4acb4103b25b405561fc21e81198ce7b7541a9d02921d137ae14de6eb75d01b1c7

data/CHANGELOG.md

@@ -1,109 +1,125 @@
-## Rails 7.0.4 (September 09, 2022) ##
+## Rails 7.1.3.4 (June 04, 2024) ##
 
-*   No changes.
+*   Sanitize ActionText HTML ContentAttachment in Trix edit view
+    [CVE-2024-32464]
 
 
-## Rails 7.0.3.1 (July 12, 2022) ##
+## Rails 7.1.3.3 (May 16, 2024) ##
 
-*   No changes.
+*   Upgrade Trix to 1.3.2 to fix [CVE-2024-34341](https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
+
+    *Rafael Mendonça França*
 
 
-## Rails 7.0.3 (May 09, 2022) ##
+## Rails 7.1.3.2 (February 21, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.2.4 (April 26, 2022) ##
+## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.2.3 (March 08, 2022) ##
+## Rails 7.1.3 (January 16, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.2.2 (February 11, 2022) ##
+## Rails 7.1.2 (November 10, 2023) ##
 
-*   No changes.
+*   Compile ESM package that can be used directly in the browser as `actiontext.esm.js`.
 
+    *Matias Grunberg*
 
-## Rails 7.0.2.1 (February 11, 2022) ##
+*   Fix using actiontext.js with Sprockets.
 
-*   No changes.
+    *Matias Grunberg*
 
+*   Upgrade Trix to 2.0.7.
 
-## Rails 7.0.2 (February 08, 2022) ##
+    *Hartley McGuire*
 
-*   No changes.
+*   Fix using Trix with Sprockets.
 
+    *Hartley McGuire*
 
-## Rails 7.0.1 (January 06, 2022) ##
+
+## Rails 7.1.1 (October 11, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0 (December 15, 2021) ##
+## Rails 7.1.0 (October 05, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0.rc3 (December 14, 2021) ##
+## Rails 7.1.0.rc2 (October 01, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0.rc2 (December 14, 2021) ##
+## Rails 7.1.0.rc1 (September 27, 2023) ##
 
 *   No changes.
 
-## Rails 7.0.0.rc1 (December 06, 2021) ##
-
-*   Fix an issue with how nested lists were displayed when converting to plain text
-
-    *Matt Swanson*
 
-*   Allow passing in a custom `direct_upload_url` or `blob_url_template` to `rich_text_area_tag`.
+## Rails 7.1.0.beta1 (September 13, 2023) ##
 
-    *Lucas Mansur*
+*   Use `Rails::HTML5::SafeListSanitizer` by default in the Rails 7.1 configuration if it is
+    supported.
 
+    Action Text's sanitizer can be configured by setting
+    `config.action_text.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
+    `Rails::HTML5::Sanitizer`.
 
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
+    The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
+    fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
+    `Rails::HTML4::Sanitizer`.
 
-*   No changes.
+    As a result of this change, the defaults for `ActionText::ContentHelper.allowed_tags` and
+    `.allowed_attributes` are applied at runtime, so the value of these attributes is now 'nil'
+    unless set by the application. You may call `sanitizer_allowed_tags` or
+    `sanitizer_allowed_attributes` to inspect the tags and attributes being allowed by the
+    sanitizer.
 
+    *Mike Dalessio*
 
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
+*   Attachables now can override default attachment missing template.
 
-*   Make the Action Text + Trix JavaScript and CSS available through the asset pipeline.
+    When rendering Action Text attachments where the underlying attachable model has
+    been removed, a fallback template is used. You now can override this template on
+    a per-model basis. For example, you could render a placeholder image for a file
+    attachment or the text "Deleted User" for a User attachment.
 
-    *DHH*
+    *Matt Swanson*, *Joel Drapper*
 
-*   OpenSSL constants are now used for Digest computations.
+*   Update bundled Trix version from `1.3.1` to `2.0.4`.
 
-    *Dirkjan Bussink*
+    *Sarah Ridge*, *Sean Doyle*
 
-*   Add support for passing `form:` option to `rich_text_area_tag` and
-    `rich_text_area` helpers to specify the `<input type="hidden" form="...">`
-    value.
+*   Apply `field_error_proc` to `rich_text_area` form fields.
 
-    *Sean Doyle*
+    *Kaíque Kandy Koga*
 
-*   Add `config.action_text.attachment_tag_name`, to specify the HTML tag that contains attachments.
+*   Action Text attachment URLs rendered in a background job (a la Turbo
+    Streams) now use `Rails.application.default_url_options` and
+    `Rails.application.config.force_ssl` instead of `http://example.org`.
 
-    *Mark VanLandingham*
+    *Jonathan Hefner*
 
-*   Expose how we render the HTML _surrounding_ rich text content as an
-    extensible `layouts/action_view/contents/_content.html.erb` template to
-    encourage user-land customizations, while retaining private API control over how
-    the rich text itself is rendered by `action_text/contents/_content.html.erb`
-    partial.
+*   Support `strict_loading:` option for `has_rich_text` declaration
 
     *Sean Doyle*
 
-*   Add `with_all_rich_text` method to eager load all rich text associations on a model at once.
+*   Update ContentAttachment so that it can encapsulate arbitrary HTML content in a document.
+
+    *Jamis Buck*
 
-    *Matt Swanson*, *DHH*
+*   Fix an issue that caused the content layout to render multiple times when a
+    rich_text field was updated.
 
+    *Jacob Herrington*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actiontext/CHANGELOG.md) for previous changes.
+Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actiontext/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020-2022 Basecamp, LLC
+Copyright (c) 37signals LLC
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,8 +1,8 @@
 # Action Text
 
-Action Text brings rich text content and editing to Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
+Action Text brings rich text content and editing to \Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
 
-You can read more about Action Text in the [Action Text Overview](https://edgeguides.rubyonrails.org/action_text_overview.html) guide.
+You can read more about Action Text in the [Action Text Overview](https://guides.rubyonrails.org/action_text_overview.html) guide.
 
 ## Development