RubyGems - activesupport - Versions diffs - 7.2.3 → 7.2.3.1 - Mend

activesupport 7.2.3 → 7.2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +21 -0
data/lib/active_support/core_ext/string/output_safety.rb +3 -1
data/lib/active_support/gem_version.rb +1 -1
data/lib/active_support/number_helper/number_converter.rb +1 -1
data/lib/active_support/number_helper/number_to_delimited_converter.rb +17 -2
metadata +11 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d12b3bc49972cf65396ee7cb16b370f76853dde525bf3d111e6da8a5936ab441
-  data.tar.gz: a97522d2f10dc74dc7d3bc922eb37b3b6c369bd729e26a22e97d250602d6c544
+  metadata.gz: 261d0e3b9b660e219ce3e59ae3cbc65626e77898ecfd1f8dc7c8ed96e4121b0c
+  data.tar.gz: 8c4d30dde1dab152e5584ec01c9c0863b4a3b9b6451ae0e068d0a3091a3c66a1
 SHA512:
-  metadata.gz: 2a89e3f270073d83270087ad960f1236ee794fb833303b1e97121a1f52b20f07ca79d22c879b474d33d9180b2fbc90359619bd20886a8ab978dabcd7df3df4e2
-  data.tar.gz: 0576fb7d4a4bef1d8e9e8a0bbce32f0fbb74ba626e7bbcacabcf50352aaf3c2f6567e4989debe83095164b1f9a16a31ea9c0a9afe55cd4327ffc645f5acbef2d
+  metadata.gz: 3947053b6497e31d25efbaba030b6a0e2fd01a0e1fe260256efd775964cb0df6542b93de6a87da65b1f2385695a3bdbbdd5d829eb4fa6c4ee6af55dca88d1ba2
+  data.tar.gz: bcc914be8d4e83f8ded6c746568b91e7a80578437045c145f9dd9c811b3f17d40485080e5566b536b8505a787e91a611597fdf19de129e6c02be7c91e23bfbfe

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,24 @@
+## Rails 7.2.3.1 (March 23, 2026) ##
+*   Reject scientific notation in NumberConverter
+    [CVE-2026-33176]
+    *Jean Boussier*
+*   Fix `SafeBuffer#%` to preserve unsafe status
+    [CVE-2026-33170]
+    *Jean Boussier*
+*   Improve performance of NumberToDelimitedConverter
+    [CVE-2026-33169]
+    *Jean Boussier*
 ## Rails 7.2.3 (October 28, 2025) ##
 *   Fix `Enumerable#sole` to return the full tuple instead of just the first element of the tuple.

data/lib/active_support/core_ext/string/output_safety.rb CHANGED Viewed

@@ -128,7 +128,9 @@ module ActiveSupport # :nodoc:
         escaped_args = Array(args).map { |arg| explicit_html_escape_interpolated_argument(arg) }
       end
-      self.class.new(super(escaped_args))
+      new_safe_buffer = self.class.new(super(escaped_args))
+      new_safe_buffer.instance_variable_set(:@html_safe, @html_safe)
+      new_safe_buffer
     end
     attr_reader :html_safe

data/lib/active_support/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActiveSupport
     MAJOR = 7
     MINOR = 2
     TINY  = 3
-    PRE   = nil
+    PRE   = "1"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_support/number_helper/number_converter.rb CHANGED Viewed

@@ -180,7 +180,7 @@ module ActiveSupport
           when Float, Rational
             number.to_d(0)
           when String
-            BigDecimal(number, exception: false)
+            BigDecimal(number, exception: false) unless number.to_s.match?(/[de]/i)
           else
             number.to_d rescue nil
           end

data/lib/active_support/number_helper/number_to_delimited_converter.rb CHANGED Viewed

@@ -16,9 +16,24 @@ module ActiveSupport
       private
         def parts
           left, right = number.to_s.split(".")
-          left.gsub!(delimiter_pattern) do |digit_to_delimit|
-            "#{digit_to_delimit}#{options[:delimiter]}"
+          if delimiter_pattern
+            left.gsub!(delimiter_pattern) do |digit_to_delimit|
+              "#{digit_to_delimit}#{options[:delimiter]}"
+            end
+          else
+            left_parts = []
+            offset = left.size % 3
+            if offset > 0
+              left_parts << left[0, offset]
+            end
+            (left.size / 3).times do |i|
+              left_parts << left[offset + (i * 3), 3]
+            end
+            left = left_parts.join(options[:delimiter])
           end
           [left, right].compact
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: activesupport
 version: !ruby/object:Gem::Version
-  version: 7.2.3
+  version: 7.2.3.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -90,6 +90,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -97,6 +100,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: base64
   requirement: !ruby/object:Gem::Requirement
@@ -479,10 +485,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.2.3/activesupport/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.2.3/
+  changelog_uri: https://github.com/rails/rails/blob/v7.2.3.1/activesupport/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.2.3.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.2.3/activesupport
+  source_code_uri: https://github.com/rails/rails/tree/v7.2.3.1/activesupport
   rubygems_mfa_required: 'true'
 rdoc_options:
 - "--encoding"
@@ -500,7 +506,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 4.0.6
 specification_version: 4
 summary: A toolkit of support libraries and Ruby core extensions extracted from the
   Rails framework.