activesupport 8.1.2 → 8.1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/lib/active_support/core_ext/string/output_safety.rb +11 -2
- data/lib/active_support/gem_version.rb +1 -1
- data/lib/active_support/number_helper/number_converter.rb +1 -1
- data/lib/active_support/number_helper/number_to_delimited_converter.rb +17 -2
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c68d8c9bb247dcd9b6ba1a321f2f697ef70d56a5a2ab18f31995a5005a69004e
|
|
4
|
+
data.tar.gz: 05f2bc953516e62fa3ec707bac717963bc567b1e7a2d2c9c2ad8ea82e05cb38b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bf2c57851277401b08d89b986357c78dd0676aa660a540dfde0411366377c7198a3350500da5a6e1145017e768d288d1ae85161330f282ec464a7733b286c414
|
|
7
|
+
data.tar.gz: 14e9dc2f3c8d34c6cda4f319fd83555386ebb175b082a7f82d395f51c35d824055fec2fc4891a984d2e7e9e362be41304e3e285b16f3d0865950f7ddf58ce8cf
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,24 @@
|
|
|
1
|
+
## Rails 8.1.2.1 (March 23, 2026) ##
|
|
2
|
+
|
|
3
|
+
* Reject scientific notation in NumberConverter
|
|
4
|
+
|
|
5
|
+
[CVE-2026-33176]
|
|
6
|
+
|
|
7
|
+
*Jean Boussier*
|
|
8
|
+
|
|
9
|
+
* Fix `SafeBuffer#%` to preserve unsafe status
|
|
10
|
+
|
|
11
|
+
[CVE-2026-33170]
|
|
12
|
+
|
|
13
|
+
*Jean Boussier*
|
|
14
|
+
|
|
15
|
+
* Improve performance of NumberToDelimitedConverter
|
|
16
|
+
|
|
17
|
+
[CVE-2026-33169]
|
|
18
|
+
|
|
19
|
+
*Jean Boussier*
|
|
20
|
+
|
|
21
|
+
|
|
1
22
|
## Rails 8.1.2 (January 08, 2026) ##
|
|
2
23
|
|
|
3
24
|
* Make `delegate` and `delegate_missing_to` work in BasicObject subclasses.
|
|
@@ -116,7 +116,7 @@ module ActiveSupport # :nodoc:
|
|
|
116
116
|
new_string = super
|
|
117
117
|
new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
|
|
118
118
|
if @html_unsafe
|
|
119
|
-
new_safe_buffer.
|
|
119
|
+
new_safe_buffer.mark_unsafe!
|
|
120
120
|
end
|
|
121
121
|
new_safe_buffer
|
|
122
122
|
end
|
|
@@ -129,7 +129,11 @@ module ActiveSupport # :nodoc:
|
|
|
129
129
|
escaped_args = Array(args).map { |arg| explicit_html_escape_interpolated_argument(arg) }
|
|
130
130
|
end
|
|
131
131
|
|
|
132
|
-
self.class.new(super(escaped_args))
|
|
132
|
+
new_safe_buffer = self.class.new(super(escaped_args))
|
|
133
|
+
if @html_unsafe
|
|
134
|
+
new_safe_buffer.mark_unsafe!
|
|
135
|
+
end
|
|
136
|
+
new_safe_buffer
|
|
133
137
|
end
|
|
134
138
|
|
|
135
139
|
def html_safe?
|
|
@@ -194,6 +198,11 @@ module ActiveSupport # :nodoc:
|
|
|
194
198
|
EOT
|
|
195
199
|
end
|
|
196
200
|
|
|
201
|
+
protected
|
|
202
|
+
def mark_unsafe!
|
|
203
|
+
@html_unsafe = true
|
|
204
|
+
end
|
|
205
|
+
|
|
197
206
|
private
|
|
198
207
|
def explicit_html_escape_interpolated_argument(arg)
|
|
199
208
|
(!html_safe? || arg.html_safe?) ? arg : ERB::Util.unwrapped_html_escape(arg)
|
|
@@ -16,9 +16,24 @@ module ActiveSupport
|
|
|
16
16
|
private
|
|
17
17
|
def parts
|
|
18
18
|
left, right = number.to_s.split(".")
|
|
19
|
-
|
|
20
|
-
|
|
19
|
+
if delimiter_pattern
|
|
20
|
+
left.gsub!(delimiter_pattern) do |digit_to_delimit|
|
|
21
|
+
"#{digit_to_delimit}#{options[:delimiter]}"
|
|
22
|
+
end
|
|
23
|
+
else
|
|
24
|
+
left_parts = []
|
|
25
|
+
offset = left.size % 3
|
|
26
|
+
if offset > 0
|
|
27
|
+
left_parts << left[0, offset]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
(left.size / 3).times do |i|
|
|
31
|
+
left_parts << left[offset + (i * 3), 3]
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
left = left_parts.join(options[:delimiter])
|
|
21
35
|
end
|
|
36
|
+
|
|
22
37
|
[left, right].compact
|
|
23
38
|
end
|
|
24
39
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activesupport
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.1.2
|
|
4
|
+
version: 8.1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
@@ -501,10 +501,10 @@ licenses:
|
|
|
501
501
|
- MIT
|
|
502
502
|
metadata:
|
|
503
503
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
|
504
|
-
changelog_uri: https://github.com/rails/rails/blob/v8.1.2/activesupport/CHANGELOG.md
|
|
505
|
-
documentation_uri: https://api.rubyonrails.org/v8.1.2/
|
|
504
|
+
changelog_uri: https://github.com/rails/rails/blob/v8.1.2.1/activesupport/CHANGELOG.md
|
|
505
|
+
documentation_uri: https://api.rubyonrails.org/v8.1.2.1/
|
|
506
506
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
|
507
|
-
source_code_uri: https://github.com/rails/rails/tree/v8.1.2/activesupport
|
|
507
|
+
source_code_uri: https://github.com/rails/rails/tree/v8.1.2.1/activesupport
|
|
508
508
|
rubygems_mfa_required: 'true'
|
|
509
509
|
rdoc_options:
|
|
510
510
|
- "--encoding"
|
|
@@ -522,7 +522,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
522
522
|
- !ruby/object:Gem::Version
|
|
523
523
|
version: '0'
|
|
524
524
|
requirements: []
|
|
525
|
-
rubygems_version: 4.0.
|
|
525
|
+
rubygems_version: 4.0.6
|
|
526
526
|
specification_version: 4
|
|
527
527
|
summary: A toolkit of support libraries and Ruby core extensions extracted from the
|
|
528
528
|
Rails framework.
|