actionview 6.1.7.2 → 7.1.3

data/CHANGELOG.md

@@ -1,439 +1,461 @@
-## Rails 6.1.7.2 (January 24, 2023) ##
-
-*   No changes.
-
-
-## Rails 6.1.7.1 (January 17, 2023) ##
-
-*   No changes.
-
-
-## Rails 6.1.7 (September 09, 2022) ##
-
-*   No changes.
+## Rails 7.1.3 (January 16, 2024) ##
 
+*   Better handle SyntaxError in Action View.
 
-## Rails 6.1.6.1 (July 12, 2022) ##
+    *Mario Caropreso*
 
-*   No changes.
-
-
-## Rails 6.1.6 (May 09, 2022) ##
-
-*   No changes.
-
-
-## Rails 6.1.5.1 (April 26, 2022) ##
-
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
-
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
-
-    *Álvaro Martín Fraguas*
-
-## Rails 6.1.5 (March 09, 2022) ##
-
-*   `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
-    types, such as JPG or SVG.
-
-    *Nate Berkopec*
-
-*   Add `autocomplete="off"` to all generated hidden fields.
-
-    Fixes #42610.
-
-    *Ryan Baumann*
-
-*   Fix `current_page?` when URL has trailing slash.
-
-    This fixes the `current_page?` helper when the given URL has a trailing slash,
-    and is an absolute URL or also has query params.
-
-    Fixes #33956.
+*   Fix `word_wrap` with empty string.
 
     *Jonathan Hefner*
 
+*   Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
 
-## Rails 6.1.4.7 (March 08, 2022) ##
-
-*   No changes.
-
-
-## Rails 6.1.4.6 (February 11, 2022) ##
+    Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`.
 
-*   No changes.
-
-
-## Rails 6.1.4.5 (February 11, 2022) ##
+    *Sean Doyle*
 
-*   No changes.
+*   Fix detection of required strict locals.
 
+    Further fix `render @collection` compatibility with strict locals
 
-## Rails 6.1.4.4 (December 15, 2021) ##
+    *Jean Boussier*
 
-*   No changes.
 
+## Rails 7.1.2 (November 10, 2023) ##
 
-## Rails 6.1.4.3 (December 14, 2021) ##
+*   Fix the `number_to_human_size` view helper to correctly work with negative numbers.
 
-*   No changes.
+    *Earlopain*
 
+*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them
 
-## Rails 6.1.4.2 (December 14, 2021) ##
+    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
 
-*   No changes.
+    Now they are only passed if the template will actually accept them.
 
+    *Yasha Krasnou*, *Jean Boussier*
 
-## Rails 6.1.4.1 (August 19, 2021) ##
+*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers
 
-*   No changes.
+    *Hartley McGuire*, *Ryunosuke Sato*
 
+*   Fix the `capture` view helper compatibility with HAML and Slim
 
-## Rails 6.1.4 (June 24, 2021) ##
+    When a blank string was captured in HAML or Slim (and possibly other template engines)
+    it would instead return the entire buffer.
 
-*   The `translate` helper now passes `default` values that aren't
-    translation keys through `I18n.translate` for interpolation.
+    *Jean Boussier*
 
-    *Jonathan Hefner*
 
-*   Don't attach UJS form submission handlers to Turbo forms.
+## Rails 7.1.1 (October 11, 2023) ##
 
-    *David Heinemeier Hansson*
+*   Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
 
-*   Allow both `current_page?(url_hash)` and `current_page?(**url_hash)` on Ruby 2.7.
+    This fix was already landed in >= 7.0.4.3, < 7.1.0.
+    [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
 
-    *Ryuta Kamizono*
+    *Ryunosuke Sato*
 
 
-## Rails 6.1.3.2 (May 05, 2021) ##
+## Rails 7.1.0 (October 05, 2023) ##
 
 *   No changes.
 
 
-## Rails 6.1.3.1 (March 26, 2021) ##
+## Rails 7.1.0.rc2 (October 01, 2023) ##
 
 *   No changes.
 
 
-## Rails 6.1.3 (February 17, 2021) ##
+## Rails 7.1.0.rc1 (September 27, 2023) ##
 
-*   No changes.
-
-
-## Rails 6.1.2.1 (February 10, 2021) ##
+*   Introduce `ActionView::TestCase.register_parser`
 
-*   No changes.
+    ```ruby
+    register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }
 
+    test "renders RSS" do
+      article = Article.create!(title: "Hello, world")
 
-## Rails 6.1.2 (February 09, 2021) ##
+      render formats: :rss, partial: article
 
-*   No changes.
+      assert_equal "Hello, world", rendered.rss.items.last.title
+    end
+    ```
 
+    By default, register parsers for `:html` and `:json`.
 
-## Rails 6.1.1 (January 07, 2021) ##
+    *Sean Doyle*
 
-*   Fix lazy translation in partial with block.
 
-    *Marek Kasztelnik*
+## Rails 7.1.0.beta1 (September 13, 2023) ##
 
-*   Avoid extra `SELECT COUNT` queries when rendering Active Record collections.
+*   Fix `simple_format` with blank `wrapper_tag` option returns plain html tag
 
-    *aar0nr*
+    By default `simple_format` method returns the text wrapped with `<p>`. But if we explicitly specify
+    the `wrapper_tag: nil` in the options, it returns the text wrapped with `<></>` tag.
 
-*   Link preloading keep integrity hashes in the header.
+    Before:
 
-    *Étienne Barrié*
+    ```ruby
+    simple_format("Hello World", {},  { wrapper_tag: nil })
+    # <>Hello World</>
+    ```
 
-*   Add `config.action_view.preload_links_header` to allow disabling of
-    the `Link` header being added by default when using `stylesheet_link_tag`
-    and `javascript_include_tag`.
+    After:
 
-    *Andrew White*
+    ```ruby
+    simple_format("Hello World", {},  { wrapper_tag: nil })
+    # <p>Hello World</p>
+    ```
 
-*   The `translate` helper now resolves `default` values when a `nil` key is
-    specified, instead of always returning `nil`.
+    *Akhil G Krishnan*, *Junichi Ito*
 
-    *Jonathan Hefner*
+*   Don't double-encode nested `field_id` and `field_name` index values
 
+    Pass `index: @options` as a default keyword argument to `field_id` and
+    `field_name` view helper methods.
 
-## Rails 6.1.0 (December 09, 2020) ##
+    *Sean Doyle*
 
-*   SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
-    call safe_list_sanitizer's class method
+*   Allow opting in/out of `Link preload` headers when calling `stylesheet_link_tag` or `javascript_include_tag`
 
-    Fixes #39586
+    ```ruby
+    # will exclude header, even if setting is enabled:
+    javascript_include_tag("http://example.com/all.js", preload_links_header: false)
 
-    *Taufiq Muhammadi*
+    # will include header, even if setting is disabled:
+    stylesheet_link_tag("http://example.com/all.js", preload_links_header: true)
+    ```
 
-*   Change form_with to generate non-remote forms by default.
+    *Alex Ghiculescu*
 
-    `form_with` would generate a remote form by default. This would confuse
-    users because they were forced to handle remote requests.
+*   Stop generating `Link preload` headers once it has reached 1KB.
 
-    All new 6.1 applications will generate non-remote forms by default.
-    When upgrading a 6.0 application you can enable remote forms by default by
-    setting `config.action_view.form_with_generates_remote_forms` to `true`.
+    Some proxies have trouble handling large headers, but more importantly preload links
+    have diminishing returns so it's preferable not to go overboard with them.
 
-    *Petrik de Heus*
+    If tighter control is needed, it's recommended to disable automatic generation of preloads
+    and to generate them manually from the controller or from a middleware.
 
-*   Yield translated strings to calls of `ActionView::FormBuilder#button`
-    when a block is given.
+    *Jean Boussier*
 
-    *Sean Doyle*
+*   `simple_format` helper now handles a `:sanitize_options` - any extra options you want appending to the sanitize.
 
-*   Alias `ActionView::Helpers::Tags::Label::LabelBuilder#translation` to
-    `#to_s` so that `form.label` calls can yield that value to their blocks.
+    Before:
+    ```ruby
+      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>")
+      # => "<p><a href=\"http://example.com\">Continue</a></p>"
+    ```
 
-    *Sean Doyle*
+    After:
+    ```ruby
+      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>", {}, { sanitize_options: { attributes: %w[target href] } })
+      # => "<p><a target=\"_blank\" href=\"http://example.com\">Continue</a></p>"
+    ```
 
-*   Rename the new `TagHelper#class_names` method to `TagHelper#token_list`,
-    and make the original available as an alias.
+    *Andrei Andriichuk*
 
-        token_list("foo", "foo bar")
-        # => "foo bar"
+*   Add support for HTML5 standards-compliant sanitizers, and default to `Rails::HTML5::Sanitizer`
+    in the Rails 7.1 configuration if it is supported.
 
-    *Sean Doyle*
+    Action View's HTML sanitizers can be configured by setting
+    `config.action_view.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
+    `Rails::HTML5::Sanitizer`.
 
-*   ARIA Array and Hash attributes are treated as space separated `DOMTokenList`
-    values. This is useful when declaring lists of label text identifiers in
-    `aria-labelledby` or `aria-describedby`.
-
-        tag.input type: 'checkbox', name: 'published', aria: {
-          invalid: @post.errors[:published].any?,
-          labelledby: ['published_context', 'published_label'],
-          describedby: { published_errors: @post.errors[:published].any? }
-        }
-        #=> <input
-              type="checkbox" name="published" aria-invalid="true"
-              aria-labelledby="published_context published_label"
-              aria-describedby="published_errors"
-            >
+    The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
+    fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
+    `Rails::HTML4::Sanitizer`.
 
-    *Sean Doyle*
+    *Mike Dalessio*
 
-*   Remove deprecated `escape_whitelist` from `ActionView::Template::Handlers::ERB`.
+*   `config.dom_testing_default_html_version` controls the HTML parser used by
+    `ActionView::TestCase#document_root_element`, which creates the DOM used by the assertions in
+    Rails::Dom::Testing.
 
-    *Rafael Mendonça França*
+    The Rails 7.1 default configuration opts into the HTML5 parser when it is supported, to better
+    represent what the DOM would be in a browser user agent. Previously this test helper always used
+    Nokogiri's HTML4 parser.
 
-*   Remove deprecated `find_all_anywhere` from `ActionView::Resolver`.
+    *Mike Dalessio*
 
-    *Rafael Mendonça França*
+*   Add support for the HTML picture tag. It supports passing a String, an Array or a Block.
+    Supports passing properties directly to the img tag via the `:image` key.
+    Since the picture tag requires an img tag, the last element you provide will be used for the img tag.
+    For complete control over the picture tag, a block can be passed, which will populate the contents of the tag accordingly.
 
-*   Remove deprecated `formats` from `ActionView::Template::HTML`.
+    Can be used like this for a single source:
+    ```erb
+    <%= picture_tag("picture.webp") %>
+    ```
+    which will generate the following:
+    ```html
+    <picture>
+        <img src="/images/picture.webp" />
+    </picture>
+    ```
 
-    *Rafael Mendonça França*
+    For multiple sources:
+    ```erb
+    <%= picture_tag("picture.webp", "picture.png", :class => "mt-2", :image => { alt: "Image", class: "responsive-img" }) %>
+    ```
+    will generate:
+    ```html
+    <picture class="mt-2">
+        <source srcset="/images/picture.webp" />
+        <source srcset="/images/picture.png" />
+        <img alt="Image" class="responsive-img" src="/images/picture.png" />
+    </picture>
+    ```
 
-*   Remove deprecated `formats` from `ActionView::Template::RawFile`.
+    Full control via a block:
+    ```erb
+    <%= picture_tag(:class => "my-class") do %>
+        <%= tag(:source, :srcset => image_path("picture.webp")) %>
+        <%= tag(:source, :srcset => image_path("picture.png")) %>
+        <%= image_tag("picture.png", :alt => "Image") %>
+    <% end %>
+    ```
+    will generate:
+    ```html
+    <picture class="my-class">
+        <source srcset="/images/picture.webp" />
+        <source srcset="/images/picture.png" />
+        <img alt="Image" src="/images/picture.png" />
+    </picture>
+    ```
 
-    *Rafael Mendonça França*
+    *Juan Pablo Balarini*
 
-*   Remove deprecated `formats` from `ActionView::Template::Text`.
+*   Remove deprecated support to passing instance variables as locals to partials.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated `find_file` from `ActionView::PathSet`.
+*   Remove deprecated constant `ActionView::Path`.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated `rendered_format` from `ActionView::LookupContext`.
+*   Guard `token_list` calls from escaping HTML too often
 
-    *Rafael Mendonça França*
+    *Sean Doyle*
 
-*   Remove deprecated `find_file` from `ActionView::ViewPaths`.
+*   `select` can now be called with a single hash containing options and some HTML options
 
-    *Rafael Mendonça França*
+    Previously this would not work as expected:
 
-*   Require that `ActionView::Base` subclasses implement `#compiled_method_container`.
+    ```erb
+    <%= select :post, :author, authors, required: true %>
+    ```
 
-    *Rafael Mendonça França*
+    Instead you needed to do this:
 
-*   Remove deprecated support to pass an object that is not a `ActionView::LookupContext` as the first argument
-    in `ActionView::Base#initialize`.
+    ```erb
+    <%= select :post, :author, authors, {}, required: true %>
+    ```
 
-    *Rafael Mendonça França*
+    Now, either form is accepted, for the following HTML attributes: `required`, `multiple`, `size`.
 
-*   Remove deprecated `format` argument `ActionView::Base#initialize`.
+    *Alex Ghiculescu*
 
-    *Rafael Mendonça França*
+*   Datetime form helpers (`time_field`, `date_field`, `datetime_field`, `week_field`, `month_field`) now accept an instance of Time/Date/DateTime as `:value` option.
 
-*   Remove deprecated `ActionView::Template#refresh`.
+    Before:
+    ```erb
+    <%= form.datetime_field :written_at, value: Time.current.strftime("%Y-%m-%dT%T") %>
+    ```
 
-    *Rafael Mendonça França*
+    After:
+    ```erb
+    <%= form.datetime_field :written_at, value: Time.current %>
+    ```
 
-*   Remove deprecated `ActionView::Template#original_encoding`.
+    *Andrey Samsonov*
 
-    *Rafael Mendonça França*
+*   Choices of `select` can optionally contain html attributes as the last element
+    of the child arrays when using grouped/nested collections
 
-*   Remove deprecated `ActionView::Template#variants`.
+    ```erb
+    <%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
+    # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
+    ```
 
-    *Rafael Mendonça França*
+    *Chris Gunther*
 
-*   Remove deprecated `ActionView::Template#formats`.
+*   `check_box_tag` and `radio_button_tag` now accept `checked` as a keyword argument
 
-    *Rafael Mendonça França*
+    This is to make the API more consistent with the `FormHelper` variants. You can now
+    provide `checked` as a positional or keyword argument:
 
-*   Remove deprecated `ActionView::Template#virtual_path=`.
+    ```erb
+    = check_box_tag "admin", "1", false
+    = check_box_tag "admin", "1", checked: false
 
-    *Rafael Mendonça França*
+    = radio_button_tag 'favorite_color', 'maroon', false
+    = radio_button_tag 'favorite_color', 'maroon', checked: false
+    ```
 
-*   Remove deprecated `ActionView::Template#updated_at`.
+    *Alex Ghiculescu*
 
-    *Rafael Mendonça França*
+*   Allow passing a class to `dom_id`.
+    You no longer need to call `new` when passing a class to `dom_id`.
+    This makes `dom_id` behave like `dom_class` in this regard.
+    Apart from saving a few keystrokes, it prevents Ruby from needing
+    to instantiate a whole new object just to generate a string.
 
-*   Remove deprecated `updated_at` argument required on `ActionView::Template#initialize`.
+    Before:
+    ```ruby
+    dom_id(Post) # => NoMethodError: undefined method `to_key' for Post:Class
+    ```
 
-    *Rafael Mendonça França*
+    After:
+    ```ruby
+    dom_id(Post) # => "new_post"
+    ```
 
-*   Make `locals` argument required on `ActionView::Template#initialize`.
+    *Goulven Champenois*
 
-    *Rafael Mendonça França*
+*   Report `:locals` as part of the data returned by ActionView render instrumentation.
 
-*   Remove deprecated `ActionView::Template.finalize_compiled_template_methods`.
+    Before:
+    ```ruby
+    {
+    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
+    layout: "layouts/application"
+    }
+    ```
 
-    *Rafael Mendonça França*
+    After:
+    ```ruby
+    {
+    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
+    layout: "layouts/application",
+    locals: {foo: "bar"}
+    }
+    ```
 
-*   Remove deprecated `config.action_view.finalize_compiled_template_methods`
+    *Aaron Gough*
 
-    *Rafael Mendonça França*
+*   Strip `break_sequence` at the end of `word_wrap`.
 
-*   Remove deprecated support to calling `ActionView::ViewPaths#with_fallback` with a block.
+    This fixes a bug where `word_wrap` didn't properly strip off break sequences that had printable characters.
 
-    *Rafael Mendonça França*
+    For example, compare the outputs of this template:
 
-*   Remove deprecated support to passing absolute paths to `render template:`.
+    ```erb
+    # <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>
+    ```
 
-    *Rafael Mendonça França*
+    Before:
 
-*   Remove deprecated support to passing relative paths to `render file:`.
+    ```
+    # 11
+    # 22
+    #
+    # 33
+    # 44
+    #
+    ```
 
-    *Rafael Mendonça França*
+    After:
 
-*   Remove support to template handlers that don't accept two arguments.
+    ```
+    # 11
+    # 22
+    # 33
+    # 44
+    ```
 
-    *Rafael Mendonça França*
+    *Max Chernyak*
 
-*   Remove deprecated pattern argument in `ActionView::Template::PathResolver`.
+*   Allow templates to set strict `locals`.
 
-    *Rafael Mendonça França*
+    By default, templates will accept any `locals` as keyword arguments. To define what `locals` a template accepts, add a `locals` magic comment:
 
-*   Remove deprecated support to call private methods from object in some view helpers.
+    ```erb
+    <%# locals: (message:) -%>
+    <%= message %>
+    ```
 
-    *Rafael Mendonça França*
+    Default values can also be provided:
 
-*   `ActionView::Helpers::TranslationHelper#translate` accepts a block, yielding
-    the translated text and the fully resolved translation key:
+    ```erb
+    <%# locals: (message: "Hello, world!") -%>
+    <%= message %>
+    ```
 
-        <%= translate(".relative_key") do |translation, resolved_key| %>
-          <span title="<%= resolved_key %>"><%= translation %></span>
-        <% end %>
+    Or `locals` can be disabled entirely:
 
-    *Sean Doyle*
+    ```erb
+    <%# locals: () %>
+    ```
 
-*   Ensure cache fragment digests include all relevant template dependencies when
-    fragments are contained in a block passed to the render helper. Remove the
-    virtual_path keyword arguments found in CacheHelper as they no longer possess
-    any function following 1581cab.
+    *Joel Hawksley*
 
-    Fixes #38984.
+*   Add `include_seconds` option for `datetime_local_field`
 
-    *Aaron Lipman*
+    This allows to omit seconds part in the input field, by passing `include_seconds: false`
 
-*   Deprecate `config.action_view.raise_on_missing_translations` in favor of
-    `config.i18n.raise_on_missing_translations`.
+    *Wojciech Wnętrzak*
 
-    New generalized configuration option now determines whether an error should be raised
-    for missing translations in controllers and views.
+*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
+    `object_name` arguments. For example:
 
-    *fatkodima*
+    ```erb
+    <%= fields do |f| %>
+      <%= f.field_name :body %>
+    <% end %>
+    ```
 
-*   Instrument layout rendering in `TemplateRenderer#render_with_layout` as `render_layout.action_view`,
-    and include (when necessary) the layout's virtual path in notification payloads for collection and partial renders.
+    *Sean Doyle*
 
-    *Zach Kemp*
+*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
 
-*   `ActionView::Base.annotate_rendered_view_with_filenames` annotates HTML output with template file names.
+    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
+    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
+    entities when being concatenated to a SafeBuffer during rendering.
 
-    *Joel Hawksley*, *Aaron Patterson*
+    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
 
-*   `ActionView::Helpers::TranslationHelper#translate` returns nil when
-    passed `default: nil` without a translation matching `I18n#translate`.
+    *Mike Dalessio*
 
-    *Stefan Wrobel*
+*   Move `convert_to_model` call from `form_for` into `form_with`
 
-*   `OptimizedFileSystemResolver` prefers template details in order of locale,
-    formats, variants, handlers.
+    Now that `form_for` is implemented in terms of `form_with`, remove the
+    `convert_to_model` call from `form_for`.
 
-    *Iago Pimenta*
+    *Sean Doyle*
 
-*   Added `class_names` helper to create a CSS class value with conditional classes.
+*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
 
-    *Joel Hawksley*, *Aaron Patterson*
+    Escape dangerous characters in names of tags and names of attributes in the
+    tag helpers, following the XML specification. Rename the option
+    `:escape_attributes` to `:escape`, to simplify by applying the option to the
+    whole tag.
 
-*   Add support for conditional values to TagBuilder.
+    *Álvaro Martín Fraguas*
 
-    *Joel Hawksley*
+*   Extend audio_tag and video_tag to accept Active Storage attachments.
 
-*   `ActionView::Helpers::FormOptionsHelper#select` should mark option for `nil` as selected.
+    Now it's possible to write
 
     ```ruby
-    @post = Post.new
-    @post.category = nil
-
-    # Before
-    select("post", "category", none: nil, programming: 1, economics: 2)
-    # =>
-    # <select name="post[category]" id="post_category">
-    #   <option value="">none</option>
-    #  <option value="1">programming</option>
-    #  <option value="2">economics</option>
-    # </select>
-
-    # After
-    select("post", "category", none: nil, programming: 1, economics: 2)
-    # =>
-    # <select name="post[category]" id="post_category">
-    #   <option selected="selected" value="">none</option>
-    #  <option value="1">programming</option>
-    #  <option value="2">economics</option>
-    # </select>
+    audio_tag(user.audio_file)
+    video_tag(user.video_file)
     ```
 
-    *bogdanvlviv*
-
-*   Log lines for partial renders and started template renders are now
-    emitted at the `DEBUG` level instead of `INFO`.
-
-    Completed template renders are still logged at the `INFO` level.
-
-    *DHH*
-
-*   ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
-
-    *Juanito Fatas*
+    Instead of
 
-*   Added `phone_to` helper method to create a link from mobile numbers.
-
-    *Pietro Moro*
-
-*   annotated_source_code returns an empty array so TemplateErrors without a
-    template in the backtrace are surfaced properly by DebugExceptions.
-
-    *Guilherme Mansur*, *Kasper Timm Hansen*
-
-*   Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
-
-    *Guilherme Mansur*, *Gannon McGibbon*
-
-*   `RenderingHelper` supports rendering objects that `respond_to?` `:render_in`.
+    ```ruby
+    audio_tag(polymorphic_path(user.audio_file))
+    video_tag(polymorphic_path(user.video_file))
+    ```
 
-    *Joel Hawksley*, *Natasha Umer*, *Aaron Patterson*, *Shawn Allen*, *Emily Plummer*, *Diana Mounter*, *John Hawthorn*, *Nathan Herald*, *Zaid Zawaideh*, *Zach Ahn*
+    `image_tag` already supported that, so this follows the same pattern.
 
-*   Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
+    *Matheus Richard*
 
-    *Younes SERRAJ*
+*   Ensure models passed to `form_for` attempt to call `to_model`.
 
+    *Sean Doyle*
 
-Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md) for previous changes.