actiontext 7.0.8.7 → 7.1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24518302c3909a97a1cd36a9ab7945be3f08ba7fc64e4157c9bcbb569ea48c28
-  data.tar.gz: 5c0568c1d862c1e7f7b0039548cb529fed8d7fcd0cb161d174738c9d16afc3ec
+  metadata.gz: eb74f8a7619b8294b0f780f649611245104b6024e96887adad4ccdafb54076db
+  data.tar.gz: 97c1d24e0a68191e7909bdbb7bd4f63a61086c73a4d4f8c64921fe0150c04c08
 SHA512:
-  metadata.gz: da7bdf7d7b57e394fc7cca3e4b4a4f256265f1c1cbda0e917f0ddbb9ff2e0af01d865b8db69dcf31c694b1534b5561e0fffbe71cc0349d0781cb09b378d9d303
-  data.tar.gz: fb280fe4907385d2afef2f634badca0c2064b5597fce3e45fc5b4e60b3f089f6cd8cb4ace96ae82685d2b5ec5b5024723c0257a28e2e833206dbaac412828498
+  metadata.gz: 7ba1c7ad2177a86adc5d155070860fd09f5c4fe2485912dad6419aa748e0d6843cf874bc69361cee342096b86ac7cfc30038727473e5f09434457b328b48f53d
+  data.tar.gz: d1ee2ce1e3f1c4d2c0063251d2257aefa03b3fd7db4eeca59143f033ecb0da68c2c787e02bba421ac3b11d944acebc51b4bce3a01cd83b7ef38cc0213543cff5

data/CHANGELOG.md

@@ -1,203 +1,162 @@
-## Rails 7.0.8.7 (December 10, 2024) ##
+## Rails 7.1.5.1 (December 10, 2024) ##
 
-*   Update vendored trix version to 1.3.4
+*   Update vendored trix version to 2.1.10
 
     *John Hawthorn*
 
 
-## Rails 7.0.8.6 (October 23, 2024) ##
+## Rails 7.1.5 (October 30, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.5 (October 15, 2024) ##
-
-*   Avoid backtracing in plain_text_for_blockquote_node
-
-    [CVE-2024-47888]
-
-
-## Rails 7.0.8.4 (June 04, 2024) ##
-
-*   No changes.
-
-
-## Rails 7.0.8.3 (May 17, 2024) ##
-
-*   Fix vendored trix.css to be correct file.
-
-    *Hartley McGuire*
-
-## Rails 7.0.8.2 (May 16, 2024) ##
-
-*   Upgrade Trix to 1.3.2 to fix [CVE-2024-34341](https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
-
-    *Rafael Mendonça França*
-
-
-## Rails 7.0.8.1 (February 21, 2024) ##
-
-*   No changes.
-
-
-## Rails 7.0.8 (September 09, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.7.2 (August 22, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.7.1 (August 22, 2023) ##
+## Rails 7.1.4.2 (October 23, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.7 (August 09, 2023) ##
+## Rails 7.1.4.1 (October 15, 2024) ##
 
-*   No changes.
-
-
-## Rails 7.0.6 (June 29, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.5.1 (June 26, 2023) ##
+*   Avoid backtracing in plain_text_for_blockquote_node
 
-*   No changes.
+    [CVE-2024-47888]
 
+    *John Hawthorn*
 
-## Rails 7.0.5 (May 24, 2023) ##
+## Rails 7.1.4 (August 22, 2024) ##
 
-*   Fix `ActionText::Attachable#as_json`.
+*   Strip `content` attribute if the key is present but the value is empty
 
-    *Alexandre Ruban*
+    *Jeremy Green*
 
+*   Only sanitize `content` attribute when present in attachments.
 
-## Rails 7.0.4.3 (March 13, 2023) ##
+    *Petrik de Heus*
 
-*   No changes.
 
+## Rails 7.1.3.4 (June 04, 2024) ##
 
-## Rails 7.0.4.2 (January 24, 2023) ##
+*   Sanitize ActionText HTML ContentAttachment in Trix edit view
+    [CVE-2024-32464]
 
-*   No changes.
+    *Aaron Patterson*
 
+## Rails 7.1.3.3 (May 16, 2024) ##
 
-## Rails 7.0.4.1 (January 17, 2023) ##
+*   Upgrade Trix to 2.1.1 to fix [CVE-2024-34341](https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
 
-*   No changes.
+    *Rafael Mendonça França*
 
 
-## Rails 7.0.4 (September 09, 2022) ##
+## Rails 7.1.3.2 (February 21, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.3.1 (July 12, 2022) ##
+## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.3 (May 09, 2022) ##
+## Rails 7.1.3 (January 16, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.2.4 (April 26, 2022) ##
-
-*   No changes.
+## Rails 7.1.2 (November 10, 2023) ##
 
+*   Compile ESM package that can be used directly in the browser as `actiontext.esm.js`.
 
-## Rails 7.0.2.3 (March 08, 2022) ##
-
-*   No changes.
+    *Matias Grunberg*
 
+*   Fix using actiontext.js with Sprockets.
 
-## Rails 7.0.2.2 (February 11, 2022) ##
+    *Matias Grunberg*
 
-*   No changes.
+*   Upgrade Trix to 2.0.7.
 
+    *Hartley McGuire*
 
-## Rails 7.0.2.1 (February 11, 2022) ##
+*   Fix using Trix with Sprockets.
 
-*   No changes.
+    *Hartley McGuire*
 
 
-## Rails 7.0.2 (February 08, 2022) ##
+## Rails 7.1.1 (October 11, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.1 (January 06, 2022) ##
+## Rails 7.1.0 (October 05, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0 (December 15, 2021) ##
+## Rails 7.1.0.rc2 (October 01, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0.rc3 (December 14, 2021) ##
+## Rails 7.1.0.rc1 (September 27, 2023) ##
 
 *   No changes.
 
 
-## Rails 7.0.0.rc2 (December 14, 2021) ##
+## Rails 7.1.0.beta1 (September 13, 2023) ##
 
-*   No changes.
-
-## Rails 7.0.0.rc1 (December 06, 2021) ##
+*   Use `Rails::HTML5::SafeListSanitizer` by default in the Rails 7.1 configuration if it is
+    supported.
 
-*   Fix an issue with how nested lists were displayed when converting to plain text
+    Action Text's sanitizer can be configured by setting
+    `config.action_text.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
+    `Rails::HTML5::Sanitizer`.
 
-    *Matt Swanson*
+    The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
+    fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
+    `Rails::HTML4::Sanitizer`.
 
-*   Allow passing in a custom `direct_upload_url` or `blob_url_template` to `rich_text_area_tag`.
+    As a result of this change, the defaults for `ActionText::ContentHelper.allowed_tags` and
+    `.allowed_attributes` are applied at runtime, so the value of these attributes is now 'nil'
+    unless set by the application. You may call `sanitizer_allowed_tags` or
+    `sanitizer_allowed_attributes` to inspect the tags and attributes being allowed by the
+    sanitizer.
 
-    *Lucas Mansur*
+    *Mike Dalessio*
 
+*   Attachables now can override default attachment missing template.
 
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
+    When rendering Action Text attachments where the underlying attachable model has
+    been removed, a fallback template is used. You now can override this template on
+    a per-model basis. For example, you could render a placeholder image for a file
+    attachment or the text "Deleted User" for a User attachment.
 
-*   No changes.
+    *Matt Swanson*, *Joel Drapper*
 
+*   Update bundled Trix version from `1.3.1` to `2.0.4`.
 
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
+    *Sarah Ridge*, *Sean Doyle*
 
-*   Make the Action Text + Trix JavaScript and CSS available through the asset pipeline.
+*   Apply `field_error_proc` to `rich_text_area` form fields.
 
-    *DHH*
+    *Kaíque Kandy Koga*
 
-*   OpenSSL constants are now used for Digest computations.
+*   Action Text attachment URLs rendered in a background job (a la Turbo
+    Streams) now use `Rails.application.default_url_options` and
+    `Rails.application.config.force_ssl` instead of `http://example.org`.
 
-    *Dirkjan Bussink*
+    *Jonathan Hefner*
 
-*   Add support for passing `form:` option to `rich_text_area_tag` and
-    `rich_text_area` helpers to specify the `<input type="hidden" form="...">`
-    value.
+*   Support `strict_loading:` option for `has_rich_text` declaration
 
     *Sean Doyle*
 
-*   Add `config.action_text.attachment_tag_name`, to specify the HTML tag that contains attachments.
-
-    *Mark VanLandingham*
-
-*   Expose how we render the HTML _surrounding_ rich text content as an
-    extensible `layouts/action_view/contents/_content.html.erb` template to
-    encourage user-land customizations, while retaining private API control over how
-    the rich text itself is rendered by `action_text/contents/_content.html.erb`
-    partial.
-
-    *Sean Doyle*
+*   Update ContentAttachment so that it can encapsulate arbitrary HTML content in a document.
 
-*   Add `with_all_rich_text` method to eager load all rich text associations on a model at once.
+    *Jamis Buck*
 
-    *Matt Swanson*, *DHH*
+*   Fix an issue that caused the content layout to render multiple times when a
+    rich_text field was updated.
 
+    *Jacob Herrington*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actiontext/CHANGELOG.md) for previous changes.
+Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actiontext/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020-2022 Basecamp, LLC
+Copyright (c) 37signals LLC
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,8 +1,8 @@
 # Action Text
 
-Action Text brings rich text content and editing to Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
+Action Text brings rich text content and editing to \Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
 
-You can read more about Action Text in the [Action Text Overview](https://edgeguides.rubyonrails.org/action_text_overview.html) guide.
+You can read more about Action Text in the [Action Text Overview](https://guides.rubyonrails.org/action_text_overview.html) guide.
 
 ## Development