activesupport 6.1.4.2 → 6.1.7.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf7e19ba2e1d0a24549ec6ec697496e079be3da50264a2f4edae0da4eb35ad62
-  data.tar.gz: ddb87eb893cdb889f4ee529393bc39a047801132aab5c0b485aa15c5065d03e4
+  metadata.gz: 90c1e1ac6c0b5064de76fbc6bdf516d85f2b7339a082841ed3d96d314acadd95
+  data.tar.gz: 505167362a4d007a7e88a0b3f0cead94944d33a56a5ce5d77791ecf619a0b28c
 SHA512:
-  metadata.gz: 8ff285f6dae07cfeb1bce11657578fc386b35358137314aa9445653343167822f93e30e91ad78e5a69caa3e19ebc9a2f5493574e85bf645e04423c7a8c53920d
-  data.tar.gz: b34d549dc38753838653d4455f66f3fcf61528c7ab24d4b5b2f525f2943f6616049488f411de691b702a3f25f4c471caf9d982e0d7d21eaf4c64d8c05cdd2088
+  metadata.gz: a360ad74604b0a82b416e90883dbdd0f2f90de338b025cab43a0e43428d1421c90d4fe8631b9a6cfa8c55fc746036ec8432baeb19883099ff5d992d7cd4c54a7
+  data.tar.gz: c6527296af9e7b0fcc56ee3eee03ff02b761959d4fe9c11774ecb1818d7ae642820a582bd346970ec1b0837cacff1e9e429179934a7d3a54f99f6a5d4b66c098

data/CHANGELOG.md

@@ -1,3 +1,121 @@
+## Rails 6.1.7.7 (February 21, 2024) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.6 (August 22, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.5 (August 22, 2023) ##
+
+*   Use a temporary file for storing unencrypted files while editing
+
+    [CVE-2023-38037]
+
+
+## Rails 6.1.7.4 (June 26, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.3 (March 13, 2023) ##
+
+*   Implement SafeBuffer#bytesplice
+
+    [CVE-2023-28120]
+
+
+## Rails 6.1.7.2 (January 24, 2023) ##
+
+*   No changes.
+
+
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+*   Avoid regex backtracking in Inflector.underscore
+
+    [CVE-2023-22796]
+
+
+## Rails 6.1.7 (September 09, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.6.1 (July 12, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.6 (May 09, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.5.1 (April 26, 2022) ##
+
+*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
+
+    Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
+    in names of tags and names of attributes, following the specification of XML.
+
+    *Álvaro Martín Fraguas*
+
+## Rails 6.1.5 (March 09, 2022) ##
+
+*   Fix `ActiveSupport::Duration.build` to support negative values.
+
+    The algorithm to collect the `parts` of the `ActiveSupport::Duration`
+    ignored the sign of the `value` and accumulated incorrect part values. This
+    impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
+    not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
+
+    *Caleb Buxton*, *Braden Staudacher*
+
+*   `Time#change` and methods that call it (eg. `Time#advance`) will now
+    return a `Time` with the timezone argument provided, if the caller was
+    initialized with a timezone argument.
+
+    Fixes [#42467](https://github.com/rails/rails/issues/42467).
+
+    *Alex Ghiculescu*
+
+*   Clone to keep extended Logger methods for tagged logger.
+
+    *Orhan Toy*
+
+*   `assert_changes` works on including `ActiveSupport::Assertions` module.
+
+    *Pedro Medeiros*
+
+
+## Rails 6.1.4.7 (March 08, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.6 (February 11, 2022) ##
+
+*   Fix Reloader method signature to work with the new Executor signature
+
+
+## Rails 6.1.4.5 (February 11, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.4 (December 15, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.3 (December 14, 2021) ##
+
+*   No changes.
+
+
 ## Rails 6.1.4.2 (December 14, 2021) ##
 
 *   No changes.
@@ -283,7 +401,7 @@
 
     *Max Gurewitz*
 
-*   `URI.parser` is deprecated and will be removed in Rails 6.2. Use
+*   `URI.parser` is deprecated and will be removed in Rails 7.0. Use
     `URI::DEFAULT_PARSER` instead.
 
     *Jean Boussier*

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2005-2020 David Heinemeier Hansson
+Copyright (c) 2005-2022 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/lib/active_support/core_ext/digest/uuid.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "securerandom"
+require "digest"
 
 module Digest
   module UUID

data/lib/active_support/core_ext/string/output_safety.rb

@@ -11,6 +11,14 @@ class ERB
     HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
     JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
 
+    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
+    TAG_NAME_START_REGEXP_SET = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
+                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
+                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
+    TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
+    TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
+    TAG_NAME_REPLACEMENT_CHAR = "_"
+
     # A utility method for escaping HTML tag characters.
     # This method is also aliased as <tt>h</tt>.
     #
@@ -115,6 +123,26 @@ class ERB
     end
 
     module_function :json_escape
+
+    # A utility method for escaping XML names of tags and names of attributes.
+    #
+    #   xml_name_escape('1 < 2 & 3')
+    #   # => "1___2___3"
+    #
+    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
+    def xml_name_escape(name)
+      name = name.to_s
+      return "" if name.blank?
+
+      starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      return starting_char if name.size == 1
+
+      following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      starting_char + following_chars
+    end
+    module_function :xml_name_escape
   end
 end
 
@@ -188,6 +216,10 @@ module ActiveSupport #:nodoc:
     end
     alias << concat
 
+    def bytesplice(*args, value)
+      super(*args, implicit_html_escape_interpolated_argument(value))
+    end
+
     def insert(index, value)
       super(index, html_escape_interpolated_argument(value))
     end

data/lib/active_support/core_ext/time/calculations.rb

@@ -160,6 +160,8 @@ class Time
       ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, new_offset)
     elsif utc?
       ::Time.utc(new_year, new_month, new_day, new_hour, new_min, new_sec)
+    elsif zone&.respond_to?(:utc_to_local)
+      ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
     elsif zone
       ::Time.local(new_year, new_month, new_day, new_hour, new_min, new_sec)
     else

data/lib/active_support/core_ext/uri.rb

@@ -20,7 +20,7 @@ module URI
   class << self
     def parser
       ActiveSupport::Deprecation.warn(<<-MSG.squish)
-        URI.parser is deprecated and will be removed in Rails 6.2.
+        URI.parser is deprecated and will be removed in Rails 7.0.
         Use `URI::DEFAULT_PARSER` instead.
       MSG
       URI::DEFAULT_PARSER

data/lib/active_support/current_attributes.rb

@@ -164,6 +164,7 @@ module ActiveSupport
 
           send(name, *args, &block)
         end
+        ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
     end
 
     attr_accessor :attributes

data/lib/active_support/dependencies/zeitwerk_integration.rb

@@ -89,7 +89,10 @@ module ActiveSupport
             end
 
             Rails.autoloaders.main.enable_reloading if enable_reloading
-            Rails.autoloaders.each(&:setup)
+
+            # Order matters.
+            Rails.autoloaders.once.setup
+            Rails.autoloaders.main.setup
           end
 
           def autoload_once?(autoload_path)

data/lib/active_support/deprecation.rb

@@ -38,7 +38,7 @@ module ActiveSupport
     # and the second is a library name.
     #
     #   ActiveSupport::Deprecation.new('2.0', 'MyLibrary')
-    def initialize(deprecation_horizon = "6.2", gem_name = "Rails")
+    def initialize(deprecation_horizon = "7.0", gem_name = "Rails")
       self.gem_name = gem_name
       self.deprecation_horizon = deprecation_horizon
       # By default, warnings are not silenced and debugging is off.

data/lib/active_support/digest.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "digest"
+
 module ActiveSupport
   class Digest #:nodoc:
     class <<self

data/lib/active_support/duration.rb

@@ -186,17 +186,18 @@ module ActiveSupport
         end
 
         parts = {}
-        remainder = value.round(9)
+        remainder_sign = value <=> 0
+        remainder = value.round(9).abs
 
         PARTS.each do |part|
           unless part == :seconds
             part_in_seconds = PARTS_IN_SECONDS[part]
-            parts[part] = remainder.div(part_in_seconds)
+            parts[part] = remainder.div(part_in_seconds) * remainder_sign
             remainder %= part_in_seconds
           end
         end unless value == 0
 
-        parts[:seconds] = remainder
+        parts[:seconds] = remainder * remainder_sign
 
         new(value, parts)
       end

data/lib/active_support/encrypted_file.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "pathname"
-require "tmpdir"
+require "tempfile"
 require "active_support/message_encryptor"
 
 module ActiveSupport
@@ -69,17 +69,16 @@ module ActiveSupport
 
     private
       def writing(contents)
-        tmp_file = "#{Process.pid}.#{content_path.basename.to_s.chomp('.enc')}"
-        tmp_path = Pathname.new File.join(Dir.tmpdir, tmp_file)
-        tmp_path.binwrite contents
+        Tempfile.create(["", "-" + content_path.basename.to_s.chomp(".enc")]) do |tmp_file|
+          tmp_path = Pathname.new(tmp_file)
+          tmp_path.binwrite contents
 
-        yield tmp_path
+          yield tmp_path
 
-        updated_contents = tmp_path.binread
+          updated_contents = tmp_path.binread
 
-        write(updated_contents) if updated_contents != contents
-      ensure
-        FileUtils.rm(tmp_path) if tmp_path&.exist?
+          write(updated_contents) if updated_contents != contents
+        end
       end
 
 

data/lib/active_support/execution_wrapper.rb

@@ -63,18 +63,21 @@ module ActiveSupport
     # after the work has been performed.
     #
     # Where possible, prefer +wrap+.
-    def self.run!
-      if active?
-        Null
+    def self.run!(reset: false)
+      if reset
+        lost_instance = active.delete(Thread.current)
+        lost_instance&.complete!
       else
-        new.tap do |instance|
-          success = nil
-          begin
-            instance.run!
-            success = true
-          ensure
-            instance.complete! unless success
-          end
+        return Null if active?
+      end
+
+      new.tap do |instance|
+        success = nil
+        begin
+          instance.run!
+          success = true
+        ensure
+          instance.complete! unless success
         end
       end
     end
@@ -103,11 +106,11 @@ module ActiveSupport
     self.active = Concurrent::Hash.new
 
     def self.active? # :nodoc:
-      @active[Thread.current]
+      @active.key?(Thread.current)
     end
 
     def run! # :nodoc:
-      self.class.active[Thread.current] = true
+      self.class.active[Thread.current] = self
       run_callbacks(:run)
     end
 

data/lib/active_support/gem_version.rb

@@ -9,8 +9,8 @@ module ActiveSupport
   module VERSION
     MAJOR = 6
     MINOR = 1
-    TINY  = 4
-    PRE   = "2"
+    TINY  = 7
+    PRE   = "7"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_support/inflector/methods.rb

@@ -93,8 +93,7 @@ module ActiveSupport
       return camel_cased_word unless /[A-Z-]|::/.match?(camel_cased_word)
       word = camel_cased_word.to_s.gsub("::", "/")
       word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
-      word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2')
-      word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
+      word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
       word.tr!("-", "_")
       word.downcase!
       word

data/lib/active_support/multibyte/unicode.rb

@@ -10,13 +10,13 @@ module ActiveSupport
 
       def default_normalization_form
         ActiveSupport::Deprecation.warn(
-          "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 6.2."
+          "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 7.0."
         )
       end
 
       def default_normalization_form=(_)
         ActiveSupport::Deprecation.warn(
-          "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 6.2."
+          "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 7.0."
         )
       end
 

data/lib/active_support/per_thread_registry.rb

@@ -56,5 +56,6 @@ module ActiveSupport
 
         send(name, *args, &block)
       end
+      ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
   end
 end

data/lib/active_support/railtie.rb

@@ -87,7 +87,7 @@ module ActiveSupport
         if app.config.active_support.use_sha1_digests
           ActiveSupport::Deprecation.warn(<<-MSG.squish)
             config.active_support.use_sha1_digests is deprecated and will
-            be removed from Rails 6.2. Use
+            be removed from Rails 7.0. Use
             config.active_support.hash_digest_class = ::Digest::SHA1 instead.
           MSG
           ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1

data/lib/active_support/reloader.rb

@@ -58,7 +58,7 @@ module ActiveSupport
       prepare!
     end
 
-    def self.run! # :nodoc:
+    def self.run!(reset: false) # :nodoc:
       if check!
         super
       else

data/lib/active_support/tagged_logging.rb

@@ -79,7 +79,7 @@ module ActiveSupport
     end
 
     def self.new(logger)
-      logger = logger.dup
+      logger = logger.clone
 
       if logger.formatter
         logger.formatter = logger.formatter.dup

data/lib/active_support/testing/assertions.rb

@@ -189,7 +189,7 @@ module ActiveSupport
         error = "#{expression.inspect} didn't change"
         error = "#{error}. It was already #{to}" if before == to
         error = "#{message}.\n#{error}" if message
-        assert_not_equal before, after, error
+        refute_equal before, after, error
 
         unless to == UNTRACKED
           error = "Expected change to #{to}\n"

data/lib/active_support/values/time_zone.rb

@@ -381,6 +381,8 @@ module ActiveSupport
     # If the string is invalid then an +ArgumentError+ will be raised unlike +parse+
     # which usually returns +nil+ when given an invalid date string.
     def iso8601(str)
+      raise ArgumentError, "invalid date" if str.nil?
+
       parts = Date._iso8601(str)
 
       raise ArgumentError, "invalid date" if parts.empty?

data/lib/active_support.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2005-2020 David Heinemeier Hansson
+# Copyright (c) 2005-2022 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 6.1.4.2
+  version: 6.1.7.7
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-14 00:00:00.000000000 Z
+date: 2024-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -357,10 +357,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.4.2/activesupport/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.4.2/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.7.7/activesupport/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.7.7/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.4.2/activesupport
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.7.7/activesupport
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options:
 - "--encoding"
@@ -378,7 +379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: A toolkit of support libraries and Ruby core extensions extracted from the