activesupport 6.1.4.1 → 6.1.7.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d2866429ce29fdfb9ae183ca23e131624daf0107d249b6269a393d59db5b1ac
-  data.tar.gz: 06d4c6f6b659067bebc386e5d6c62f692466371604b6242493f7abeba38db270
+  metadata.gz: 6d11e7add09b8c7e3de38aa8b0f5a2f6e82920e1a933dbe470eb1436541f9413
+  data.tar.gz: 75a53790ba8b139edd4744c4e20cdbc75c185e5a6737b6f5ffb01da9fcbcec84
 SHA512:
-  metadata.gz: 6ca0f8278c8a7d08151652ee47f69f9a832c3c1cdfc433b97744b404ed41940922a9441718406845e82cbf4852cb60d924d5149f26c8b47694a5895ce93dfb22
-  data.tar.gz: a0f724cf8582fb20a2041e3ddda9b129c5cc1c2e9b9cf9aae10cd30edbecaeb43bee9bca780ca3308735895bab765d29d29de39add95e8b66223004f185931bd
+  metadata.gz: 766b6574b39a45ef1d1030249546e0561a93a51212c615c61b5619f2d722c750b27164bf6635e699eb1157533fc5e73de87abc89e0e9e18a544868cf87a9ca1e
+  data.tar.gz: 765934ca6dc427f1ad29dc81cb4450f7e0fff58178837e7369761006eb9cc5d72d2acc548c5245a6828a10b0403367da4ab6b3529525885fca353ec9bbcd1454

data/CHANGELOG.md

@@ -1,3 +1,141 @@
+## Rails 6.1.7.10 (October 23, 2024) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.9 (October 15, 2024) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.8 (June 04, 2024) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.7 (February 21, 2024) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.6 (August 22, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.5 (August 22, 2023) ##
+
+*   Use a temporary file for storing unencrypted files while editing
+
+    [CVE-2023-38037]
+
+
+## Rails 6.1.7.4 (June 26, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.3 (March 13, 2023) ##
+
+*   Implement SafeBuffer#bytesplice
+
+    [CVE-2023-28120]
+
+
+## Rails 6.1.7.2 (January 24, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+*   Avoid regex backtracking in Inflector.underscore
+
+    [CVE-2023-22796]
+
+
+## Rails 6.1.7 (September 09, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.6.1 (July 12, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.6 (May 09, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.5.1 (April 26, 2022) ##
+
+*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
+
+    Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
+    in names of tags and names of attributes, following the specification of XML.
+
+    *Álvaro Martín Fraguas*
+
+## Rails 6.1.5 (March 09, 2022) ##
+
+*   Fix `ActiveSupport::Duration.build` to support negative values.
+
+    The algorithm to collect the `parts` of the `ActiveSupport::Duration`
+    ignored the sign of the `value` and accumulated incorrect part values. This
+    impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
+    not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
+
+    *Caleb Buxton*, *Braden Staudacher*
+
+*   `Time#change` and methods that call it (eg. `Time#advance`) will now
+    return a `Time` with the timezone argument provided, if the caller was
+    initialized with a timezone argument.
+
+    Fixes [#42467](https://github.com/rails/rails/issues/42467).
+
+    *Alex Ghiculescu*
+
+*   Clone to keep extended Logger methods for tagged logger.
+
+    *Orhan Toy*
+
+*   `assert_changes` works on including `ActiveSupport::Assertions` module.
+
+    *Pedro Medeiros*
+
+
+## Rails 6.1.4.7 (March 08, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.6 (February 11, 2022) ##
+
+*   Fix Reloader method signature to work with the new Executor signature
+
+
+## Rails 6.1.4.5 (February 11, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.4 (December 15, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.3 (December 14, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.2 (December 14, 2021) ##
+
+*   No changes.
+
+
 ## Rails 6.1.4.1 (August 19, 2021) ##
 
 *   No changes.
@@ -278,7 +416,7 @@
 
     *Max Gurewitz*
 
-*   `URI.parser` is deprecated and will be removed in Rails 6.2. Use
+*   `URI.parser` is deprecated and will be removed in Rails 7.0. Use
     `URI::DEFAULT_PARSER` instead.
 
     *Jean Boussier*

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2005-2020 David Heinemeier Hansson
+Copyright (c) 2005-2022 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/lib/active_support/core_ext/digest/uuid.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "securerandom"
+require "digest"
 
 module Digest
   module UUID

data/lib/active_support/core_ext/string/output_safety.rb

@@ -11,6 +11,14 @@ class ERB
     HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
     JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
 
+    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
+    TAG_NAME_START_REGEXP_SET = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
+                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
+                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
+    TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
+    TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
+    TAG_NAME_REPLACEMENT_CHAR = "_"
+
     # A utility method for escaping HTML tag characters.
     # This method is also aliased as <tt>h</tt>.
     #
@@ -115,6 +123,26 @@ class ERB
     end
 
     module_function :json_escape
+
+    # A utility method for escaping XML names of tags and names of attributes.
+    #
+    #   xml_name_escape('1 < 2 & 3')
+    #   # => "1___2___3"
+    #
+    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
+    def xml_name_escape(name)
+      name = name.to_s
+      return "" if name.blank?
+
+      starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      return starting_char if name.size == 1
+
+      following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      starting_char + following_chars
+    end
+    module_function :xml_name_escape
   end
 end
 
@@ -188,6 +216,10 @@ module ActiveSupport #:nodoc:
     end
     alias << concat
 
+    def bytesplice(*args, value)
+      super(*args, implicit_html_escape_interpolated_argument(value))
+    end
+
     def insert(index, value)
       super(index, html_escape_interpolated_argument(value))
     end

data/lib/active_support/core_ext/time/calculations.rb

@@ -160,6 +160,8 @@ class Time
       ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, new_offset)
     elsif utc?
       ::Time.utc(new_year, new_month, new_day, new_hour, new_min, new_sec)
+    elsif zone&.respond_to?(:utc_to_local)
+      ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
     elsif zone
       ::Time.local(new_year, new_month, new_day, new_hour, new_min, new_sec)
     else

data/lib/active_support/core_ext/uri.rb

@@ -20,7 +20,7 @@ module URI
   class << self
     def parser
       ActiveSupport::Deprecation.warn(<<-MSG.squish)
-        URI.parser is deprecated and will be removed in Rails 6.2.
+        URI.parser is deprecated and will be removed in Rails 7.0.
         Use `URI::DEFAULT_PARSER` instead.
       MSG
       URI::DEFAULT_PARSER

data/lib/active_support/current_attributes.rb

@@ -164,6 +164,7 @@ module ActiveSupport
 
           send(name, *args, &block)
         end
+        ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
     end
 
     attr_accessor :attributes

data/lib/active_support/dependencies/zeitwerk_integration.rb

@@ -89,7 +89,10 @@ module ActiveSupport
             end
 
             Rails.autoloaders.main.enable_reloading if enable_reloading
-            Rails.autoloaders.each(&:setup)
+
+            # Order matters.
+            Rails.autoloaders.once.setup
+            Rails.autoloaders.main.setup
           end
 
           def autoload_once?(autoload_path)

data/lib/active_support/deprecation.rb

@@ -38,7 +38,7 @@ module ActiveSupport
     # and the second is a library name.
     #
     #   ActiveSupport::Deprecation.new('2.0', 'MyLibrary')
-    def initialize(deprecation_horizon = "6.2", gem_name = "Rails")
+    def initialize(deprecation_horizon = "7.0", gem_name = "Rails")
       self.gem_name = gem_name
       self.deprecation_horizon = deprecation_horizon
       # By default, warnings are not silenced and debugging is off.

data/lib/active_support/digest.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "digest"
+
 module ActiveSupport
   class Digest #:nodoc:
     class <<self

data/lib/active_support/duration.rb

@@ -186,17 +186,18 @@ module ActiveSupport
         end
 
         parts = {}
-        remainder = value.round(9)
+        remainder_sign = value <=> 0
+        remainder = value.round(9).abs
 
         PARTS.each do |part|
           unless part == :seconds
             part_in_seconds = PARTS_IN_SECONDS[part]
-            parts[part] = remainder.div(part_in_seconds)
+            parts[part] = remainder.div(part_in_seconds) * remainder_sign
             remainder %= part_in_seconds
           end
         end unless value == 0
 
-        parts[:seconds] = remainder
+        parts[:seconds] = remainder * remainder_sign
 
         new(value, parts)
       end

data/lib/active_support/encrypted_file.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "pathname"
-require "tmpdir"
+require "tempfile"
 require "active_support/message_encryptor"
 
 module ActiveSupport
@@ -69,17 +69,16 @@ module ActiveSupport
 
     private
       def writing(contents)
-        tmp_file = "#{Process.pid}.#{content_path.basename.to_s.chomp('.enc')}"
-        tmp_path = Pathname.new File.join(Dir.tmpdir, tmp_file)
-        tmp_path.binwrite contents
+        Tempfile.create(["", "-" + content_path.basename.to_s.chomp(".enc")]) do |tmp_file|
+          tmp_path = Pathname.new(tmp_file)
+          tmp_path.binwrite contents
 
-        yield tmp_path
+          yield tmp_path
 
-        updated_contents = tmp_path.binread
+          updated_contents = tmp_path.binread
 
-        write(updated_contents) if updated_contents != contents
-      ensure
-        FileUtils.rm(tmp_path) if tmp_path&.exist?
+          write(updated_contents) if updated_contents != contents
+        end
       end
 
 

data/lib/active_support/execution_wrapper.rb

@@ -63,18 +63,21 @@ module ActiveSupport
     # after the work has been performed.
     #
     # Where possible, prefer +wrap+.
-    def self.run!
-      if active?
-        Null
+    def self.run!(reset: false)
+      if reset
+        lost_instance = active.delete(Thread.current)
+        lost_instance&.complete!
       else
-        new.tap do |instance|
-          success = nil
-          begin
-            instance.run!
-            success = true
-          ensure
-            instance.complete! unless success
-          end
+        return Null if active?
+      end
+
+      new.tap do |instance|
+        success = nil
+        begin
+          instance.run!
+          success = true
+        ensure
+          instance.complete! unless success
         end
       end
     end
@@ -103,11 +106,11 @@ module ActiveSupport
     self.active = Concurrent::Hash.new
 
     def self.active? # :nodoc:
-      @active[Thread.current]
+      @active.key?(Thread.current)
     end
 
     def run! # :nodoc:
-      self.class.active[Thread.current] = true
+      self.class.active[Thread.current] = self
       run_callbacks(:run)
     end
 

data/lib/active_support/gem_version.rb

@@ -9,8 +9,8 @@ module ActiveSupport
   module VERSION
     MAJOR = 6
     MINOR = 1
-    TINY  = 4
-    PRE   = "1"
+    TINY  = 7
+    PRE   = "10"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_support/inflector/methods.rb

@@ -93,8 +93,7 @@ module ActiveSupport
       return camel_cased_word unless /[A-Z-]|::/.match?(camel_cased_word)
       word = camel_cased_word.to_s.gsub("::", "/")
       word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
-      word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2')
-      word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
+      word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
       word.tr!("-", "_")
       word.downcase!
       word

data/lib/active_support/multibyte/unicode.rb

@@ -10,13 +10,13 @@ module ActiveSupport
 
       def default_normalization_form
         ActiveSupport::Deprecation.warn(
-          "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 6.2."
+          "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 7.0."
         )
       end
 
       def default_normalization_form=(_)
         ActiveSupport::Deprecation.warn(
-          "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 6.2."
+          "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 7.0."
         )
       end
 

data/lib/active_support/per_thread_registry.rb

@@ -56,5 +56,6 @@ module ActiveSupport
 
         send(name, *args, &block)
       end
+      ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
   end
 end

data/lib/active_support/railtie.rb

@@ -87,7 +87,7 @@ module ActiveSupport
         if app.config.active_support.use_sha1_digests
           ActiveSupport::Deprecation.warn(<<-MSG.squish)
             config.active_support.use_sha1_digests is deprecated and will
-            be removed from Rails 6.2. Use
+            be removed from Rails 7.0. Use
             config.active_support.hash_digest_class = ::Digest::SHA1 instead.
           MSG
           ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1

data/lib/active_support/reloader.rb

@@ -58,7 +58,7 @@ module ActiveSupport
       prepare!
     end
 
-    def self.run! # :nodoc:
+    def self.run!(reset: false) # :nodoc:
       if check!
         super
       else

data/lib/active_support/tagged_logging.rb

@@ -79,7 +79,7 @@ module ActiveSupport
     end
 
     def self.new(logger)
-      logger = logger.dup
+      logger = logger.clone
 
       if logger.formatter
         logger.formatter = logger.formatter.dup

data/lib/active_support/testing/assertions.rb

@@ -189,7 +189,7 @@ module ActiveSupport
         error = "#{expression.inspect} didn't change"
         error = "#{error}. It was already #{to}" if before == to
         error = "#{message}.\n#{error}" if message
-        assert_not_equal before, after, error
+        refute_equal before, after, error
 
         unless to == UNTRACKED
           error = "Expected change to #{to}\n"

data/lib/active_support/values/time_zone.rb

@@ -381,6 +381,8 @@ module ActiveSupport
     # If the string is invalid then an +ArgumentError+ will be raised unlike +parse+
     # which usually returns +nil+ when given an invalid date string.
     def iso8601(str)
+      raise ArgumentError, "invalid date" if str.nil?
+
       parts = Date._iso8601(str)
 
       raise ArgumentError, "invalid date" if parts.empty?

data/lib/active_support.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2005-2020 David Heinemeier Hansson
+# Copyright (c) 2005-2022 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 6.1.4.1
+  version: 6.1.7.10
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-19 00:00:00.000000000 Z
+date: 2024-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -357,11 +357,12 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.4.1/activesupport/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.4.1/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.7.10/activesupport/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.7.10/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.4.1/activesupport
-post_install_message:
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.7.10/activesupport
+  rubygems_mfa_required: 'true'
+post_install_message: 
 rdoc_options:
 - "--encoding"
 - UTF-8
@@ -378,8 +379,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
-signing_key:
+rubygems_version: 3.5.16
+signing_key: 
 specification_version: 4
 summary: A toolkit of support libraries and Ruby core extensions extracted from the
   Rails framework.