activesupport 6.1.4.4 → 6.1.6.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activesupport might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1ec1e3cca9d61111ff604b7639f716d337c41fafa59d810e0e29af9274460bd4
4
- data.tar.gz: 509ae88f48b93a55ded50a1fe567ee6516e63596c895c3d19e50e3862e235b0a
3
+ metadata.gz: b457aace5d72669ba3ed04ec9ed826dbc1828773d8e0236edd8928f4a360b4e9
4
+ data.tar.gz: 73a7333915bea522eec6f1361b4db6b177f78cb14a3741ec6834e3521855e77f
5
5
  SHA512:
6
- metadata.gz: 262264f05e68b7d5d7faf62decb52a5aa7548e194ef490c245316bc4e911236d0bc50e46b66bda0a95c3e33a15976922f183dbb73630237a7d6f83bdcf07f0fe
7
- data.tar.gz: b6f62d421506b1d29bb79ecde59e5de474a034f73cfd256cce30290873633e2bed6cb8f4fa0a19fe24c471f78896f4a3afa62f277fa21f23ba684afc9d7b4139
6
+ metadata.gz: 7479b00d0759dfb5517b187d3f57e18b0408876efe999b5bfc02425936422f0f624dcec8403be2519d0f8baee1452657a9ec70517cb404c4c1d75118e29ca2d4
7
+ data.tar.gz: f14ce57aac4745c7ec3ddaa166fc3ff840f88c2763709801fe3338ee76cf9e4e3d6821e6c11d083cb26b3763c825c94beb241c41268e69d336df29712f31bf2a
data/CHANGELOG.md CHANGED
@@ -1,3 +1,60 @@
1
+ ## Rails 6.1.6.1 (July 12, 2022) ##
2
+
3
+ * No changes.
4
+
5
+
6
+ ## Rails 6.1.5.1 (April 26, 2022) ##
7
+
8
+ * Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
9
+
10
+ Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
11
+ in names of tags and names of attributes, following the specification of XML.
12
+
13
+ *Álvaro Martín Fraguas*
14
+
15
+ ## Rails 6.1.5 (March 09, 2022) ##
16
+
17
+ * Fix `ActiveSupport::Duration.build` to support negative values.
18
+
19
+ The algorithm to collect the `parts` of the `ActiveSupport::Duration`
20
+ ignored the sign of the `value` and accumulated incorrect part values. This
21
+ impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
22
+ not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
23
+
24
+ *Caleb Buxton*, *Braden Staudacher*
25
+
26
+ * `Time#change` and methods that call it (eg. `Time#advance`) will now
27
+ return a `Time` with the timezone argument provided, if the caller was
28
+ initialized with a timezone argument.
29
+
30
+ Fixes [#42467](https://github.com/rails/rails/issues/42467).
31
+
32
+ *Alex Ghiculescu*
33
+
34
+ * Clone to keep extended Logger methods for tagged logger.
35
+
36
+ *Orhan Toy*
37
+
38
+ * `assert_changes` works on including `ActiveSupport::Assertions` module.
39
+
40
+ *Pedro Medeiros*
41
+
42
+
43
+ ## Rails 6.1.4.7 (March 08, 2022) ##
44
+
45
+ * No changes.
46
+
47
+
48
+ ## Rails 6.1.4.6 (February 11, 2022) ##
49
+
50
+ * Fix Reloader method signature to work with the new Executor signature
51
+
52
+
53
+ ## Rails 6.1.4.5 (February 11, 2022) ##
54
+
55
+ * No changes.
56
+
57
+
1
58
  ## Rails 6.1.4.4 (December 15, 2021) ##
2
59
 
3
60
  * No changes.
@@ -293,7 +350,7 @@
293
350
 
294
351
  *Max Gurewitz*
295
352
 
296
- * `URI.parser` is deprecated and will be removed in Rails 6.2. Use
353
+ * `URI.parser` is deprecated and will be removed in Rails 7.0. Use
297
354
  `URI::DEFAULT_PARSER` instead.
298
355
 
299
356
  *Jean Boussier*
data/MIT-LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2005-2020 David Heinemeier Hansson
1
+ Copyright (c) 2005-2022 David Heinemeier Hansson
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining
4
4
  a copy of this software and associated documentation files (the
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "securerandom"
4
+ require "digest"
4
5
 
5
6
  module Digest
6
7
  module UUID
@@ -11,6 +11,14 @@ class ERB
11
11
  HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
12
12
  JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
13
13
 
14
+ # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
15
+ TAG_NAME_START_REGEXP_SET = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
16
+ "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
17
+ "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
18
+ TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
19
+ TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
20
+ TAG_NAME_REPLACEMENT_CHAR = "_"
21
+
14
22
  # A utility method for escaping HTML tag characters.
15
23
  # This method is also aliased as <tt>h</tt>.
16
24
  #
@@ -115,6 +123,26 @@ class ERB
115
123
  end
116
124
 
117
125
  module_function :json_escape
126
+
127
+ # A utility method for escaping XML names of tags and names of attributes.
128
+ #
129
+ # xml_name_escape('1 < 2 & 3')
130
+ # # => "1___2___3"
131
+ #
132
+ # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
133
+ def xml_name_escape(name)
134
+ name = name.to_s
135
+ return "" if name.blank?
136
+
137
+ starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
138
+
139
+ return starting_char if name.size == 1
140
+
141
+ following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
142
+
143
+ starting_char + following_chars
144
+ end
145
+ module_function :xml_name_escape
118
146
  end
119
147
  end
120
148
 
@@ -160,6 +160,8 @@ class Time
160
160
  ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, new_offset)
161
161
  elsif utc?
162
162
  ::Time.utc(new_year, new_month, new_day, new_hour, new_min, new_sec)
163
+ elsif zone&.respond_to?(:utc_to_local)
164
+ ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
163
165
  elsif zone
164
166
  ::Time.local(new_year, new_month, new_day, new_hour, new_min, new_sec)
165
167
  else
@@ -20,7 +20,7 @@ module URI
20
20
  class << self
21
21
  def parser
22
22
  ActiveSupport::Deprecation.warn(<<-MSG.squish)
23
- URI.parser is deprecated and will be removed in Rails 6.2.
23
+ URI.parser is deprecated and will be removed in Rails 7.0.
24
24
  Use `URI::DEFAULT_PARSER` instead.
25
25
  MSG
26
26
  URI::DEFAULT_PARSER
@@ -89,7 +89,10 @@ module ActiveSupport
89
89
  end
90
90
 
91
91
  Rails.autoloaders.main.enable_reloading if enable_reloading
92
- Rails.autoloaders.each(&:setup)
92
+
93
+ # Order matters.
94
+ Rails.autoloaders.once.setup
95
+ Rails.autoloaders.main.setup
93
96
  end
94
97
 
95
98
  def autoload_once?(autoload_path)
@@ -38,7 +38,7 @@ module ActiveSupport
38
38
  # and the second is a library name.
39
39
  #
40
40
  # ActiveSupport::Deprecation.new('2.0', 'MyLibrary')
41
- def initialize(deprecation_horizon = "6.2", gem_name = "Rails")
41
+ def initialize(deprecation_horizon = "7.0", gem_name = "Rails")
42
42
  self.gem_name = gem_name
43
43
  self.deprecation_horizon = deprecation_horizon
44
44
  # By default, warnings are not silenced and debugging is off.
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "digest"
4
+
3
5
  module ActiveSupport
4
6
  class Digest #:nodoc:
5
7
  class <<self
@@ -186,17 +186,18 @@ module ActiveSupport
186
186
  end
187
187
 
188
188
  parts = {}
189
- remainder = value.round(9)
189
+ remainder_sign = value <=> 0
190
+ remainder = value.round(9).abs
190
191
 
191
192
  PARTS.each do |part|
192
193
  unless part == :seconds
193
194
  part_in_seconds = PARTS_IN_SECONDS[part]
194
- parts[part] = remainder.div(part_in_seconds)
195
+ parts[part] = remainder.div(part_in_seconds) * remainder_sign
195
196
  remainder %= part_in_seconds
196
197
  end
197
198
  end unless value == 0
198
199
 
199
- parts[:seconds] = remainder
200
+ parts[:seconds] = remainder * remainder_sign
200
201
 
201
202
  new(value, parts)
202
203
  end
@@ -63,18 +63,21 @@ module ActiveSupport
63
63
  # after the work has been performed.
64
64
  #
65
65
  # Where possible, prefer +wrap+.
66
- def self.run!
67
- if active?
68
- Null
66
+ def self.run!(reset: false)
67
+ if reset
68
+ lost_instance = active.delete(Thread.current)
69
+ lost_instance&.complete!
69
70
  else
70
- new.tap do |instance|
71
- success = nil
72
- begin
73
- instance.run!
74
- success = true
75
- ensure
76
- instance.complete! unless success
77
- end
71
+ return Null if active?
72
+ end
73
+
74
+ new.tap do |instance|
75
+ success = nil
76
+ begin
77
+ instance.run!
78
+ success = true
79
+ ensure
80
+ instance.complete! unless success
78
81
  end
79
82
  end
80
83
  end
@@ -103,11 +106,11 @@ module ActiveSupport
103
106
  self.active = Concurrent::Hash.new
104
107
 
105
108
  def self.active? # :nodoc:
106
- @active[Thread.current]
109
+ @active.key?(Thread.current)
107
110
  end
108
111
 
109
112
  def run! # :nodoc:
110
- self.class.active[Thread.current] = true
113
+ self.class.active[Thread.current] = self
111
114
  run_callbacks(:run)
112
115
  end
113
116
 
@@ -9,8 +9,8 @@ module ActiveSupport
9
9
  module VERSION
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
- TINY = 4
13
- PRE = "4"
12
+ TINY = 6
13
+ PRE = "1"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -10,13 +10,13 @@ module ActiveSupport
10
10
 
11
11
  def default_normalization_form
12
12
  ActiveSupport::Deprecation.warn(
13
- "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 6.2."
13
+ "ActiveSupport::Multibyte::Unicode.default_normalization_form is deprecated and will be removed in Rails 7.0."
14
14
  )
15
15
  end
16
16
 
17
17
  def default_normalization_form=(_)
18
18
  ActiveSupport::Deprecation.warn(
19
- "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 6.2."
19
+ "ActiveSupport::Multibyte::Unicode.default_normalization_form= is deprecated and will be removed in Rails 7.0."
20
20
  )
21
21
  end
22
22
 
@@ -56,5 +56,6 @@ module ActiveSupport
56
56
 
57
57
  send(name, *args, &block)
58
58
  end
59
+ ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
59
60
  end
60
61
  end
@@ -87,7 +87,7 @@ module ActiveSupport
87
87
  if app.config.active_support.use_sha1_digests
88
88
  ActiveSupport::Deprecation.warn(<<-MSG.squish)
89
89
  config.active_support.use_sha1_digests is deprecated and will
90
- be removed from Rails 6.2. Use
90
+ be removed from Rails 7.0. Use
91
91
  config.active_support.hash_digest_class = ::Digest::SHA1 instead.
92
92
  MSG
93
93
  ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1
@@ -58,7 +58,7 @@ module ActiveSupport
58
58
  prepare!
59
59
  end
60
60
 
61
- def self.run! # :nodoc:
61
+ def self.run!(reset: false) # :nodoc:
62
62
  if check!
63
63
  super
64
64
  else
@@ -79,7 +79,7 @@ module ActiveSupport
79
79
  end
80
80
 
81
81
  def self.new(logger)
82
- logger = logger.dup
82
+ logger = logger.clone
83
83
 
84
84
  if logger.formatter
85
85
  logger.formatter = logger.formatter.dup
@@ -189,7 +189,7 @@ module ActiveSupport
189
189
  error = "#{expression.inspect} didn't change"
190
190
  error = "#{error}. It was already #{to}" if before == to
191
191
  error = "#{message}.\n#{error}" if message
192
- assert_not_equal before, after, error
192
+ refute_equal before, after, error
193
193
 
194
194
  unless to == UNTRACKED
195
195
  error = "Expected change to #{to}\n"
@@ -381,6 +381,8 @@ module ActiveSupport
381
381
  # If the string is invalid then an +ArgumentError+ will be raised unlike +parse+
382
382
  # which usually returns +nil+ when given an invalid date string.
383
383
  def iso8601(str)
384
+ raise ArgumentError, "invalid date" if str.nil?
385
+
384
386
  parts = Date._iso8601(str)
385
387
 
386
388
  raise ArgumentError, "invalid date" if parts.empty?
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  #--
4
- # Copyright (c) 2005-2020 David Heinemeier Hansson
4
+ # Copyright (c) 2005-2022 David Heinemeier Hansson
5
5
  #
6
6
  # Permission is hereby granted, free of charge, to any person obtaining
7
7
  # a copy of this software and associated documentation files (the
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activesupport
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.4.4
4
+ version: 6.1.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-15 00:00:00.000000000 Z
11
+ date: 2022-07-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: i18n
@@ -357,11 +357,12 @@ licenses:
357
357
  - MIT
358
358
  metadata:
359
359
  bug_tracker_uri: https://github.com/rails/rails/issues
360
- changelog_uri: https://github.com/rails/rails/blob/v6.1.4.4/activesupport/CHANGELOG.md
361
- documentation_uri: https://api.rubyonrails.org/v6.1.4.4/
360
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.6.1/activesupport/CHANGELOG.md
361
+ documentation_uri: https://api.rubyonrails.org/v6.1.6.1/
362
362
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
363
- source_code_uri: https://github.com/rails/rails/tree/v6.1.4.4/activesupport
364
- post_install_message:
363
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.6.1/activesupport
364
+ rubygems_mfa_required: 'true'
365
+ post_install_message:
365
366
  rdoc_options:
366
367
  - "--encoding"
367
368
  - UTF-8
@@ -378,8 +379,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
378
379
  - !ruby/object:Gem::Version
379
380
  version: '0'
380
381
  requirements: []
381
- rubygems_version: 3.2.32
382
- signing_key:
382
+ rubygems_version: 3.3.3
383
+ signing_key:
383
384
  specification_version: 4
384
385
  summary: A toolkit of support libraries and Ruby core extensions extracted from the
385
386
  Rails framework.