rest_framework 0.9.14 → 0.9.16

data/lib/rest_framework/mixins/model_controller_mixin.rb

@@ -2,13 +2,17 @@
 module RESTFramework::Mixins::BaseModelControllerMixin
   BASE64_REGEX = /data:(.*);base64,(.*)/
   BASE64_TRANSLATE = ->(field, value) {
+    return value unless BASE64_REGEX.match?(value)
+
     _, content_type, payload = value.match(BASE64_REGEX).to_a
     return {
       io: StringIO.new(Base64.decode64(payload)),
       content_type: content_type,
-      filename: "image_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
+      filename: "file_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
     }
   }
+  ACTIVESTORAGE_KEYS = [:io, :content_type, :filename, :identify, :key]
+
   include RESTFramework::BaseControllerMixin
 
   RRF_BASE_MODEL_CONFIG = {
@@ -43,14 +47,24 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     native_serializer_associations_limit_query_param: "associations_limit",
     native_serializer_include_associations_count: false,
 
-    # Attributes for default model filtering, ordering, and searching.
-    filterset_fields: nil,
+    # Attributes for filtering, ordering, and searching.
+    filter_backends: [
+      RESTFramework::QueryFilter,
+      RESTFramework::OrderingFilter,
+      RESTFramework::SearchFilter,
+    ],
+    filter_recordset_before_find: true,
+    filter_fields: nil,
     ordering_fields: nil,
     ordering_query_param: "ordering",
     ordering_no_reorder: false,
     search_fields: nil,
     search_query_param: "search",
     search_ilike: false,
+    ransack_options: nil,
+    ransack_query_param: "q",
+    ransack_distinct: true,
+    ransack_distinct_query_param: "distinct",
 
     # Options for association assignment.
     permit_id_assignment: true,
@@ -58,21 +72,11 @@ module RESTFramework::Mixins::BaseModelControllerMixin
 
     # Option for `recordset.create` vs `Model.create` behavior.
     create_from_recordset: true,
-
-    # Control if filtering is done before find.
-    filter_recordset_before_find: true,
-
-    # Options for `ransack` filtering.
-    ransack_options: nil,
-    ransack_query_param: "q",
-    ransack_distinct: true,
-    ransack_distinct_query_param: "distinct",
   }
 
   module ClassMethods
     IGNORE_VALIDATORS_WITH_KEYS = [:if, :unless].freeze
 
-    # Get the model for this controller.
     def get_model
       return @model if @model
       return (@model = self.model) if self.model
@@ -86,8 +90,8 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       raise RESTFramework::UnknownModelError, self
     end
 
-    # Override `get_label` to include ActiveRecord i18n-translated column names.
-    def get_label(s)
+    # Override to include ActiveRecord i18n-translated column names.
+    def label_for(s)
       return self.get_model.human_attribute_name(s, default: super)
     end
 
@@ -115,10 +119,10 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     end
 
     # Get a field's config, including defaults.
-    def get_field_config(f)
+    def field_config_for(f)
       f = f.to_sym
-      @_get_field_config ||= {}
-      return @_get_field_config[f] if @_get_field_config[f]
+      @_field_config_for ||= {}
+      return @_field_config_for[f] if @_field_config_for[f]
 
       config = self.field_config&.dig(f) || {}
 
@@ -145,7 +149,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         }.to_h.compact.presence
       end
 
-      return @_get_field_config[f] = config.compact
+      return @_field_config_for[f] = config.compact
     end
 
     # Get metadata about the resource's fields.
@@ -171,7 +175,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         metadata = {
           type: nil,
           kind: nil,
-          label: self.get_label(f),
+          label: self.label_for(f),
           primary_key: nil,
           required: nil,
           read_only: nil,
@@ -303,14 +307,14 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         end
 
         # Serialize any field config.
-        metadata[:config] = self.get_field_config(f).presence
+        metadata[:config] = self.field_config_for(f).presence
 
         next [f, metadata.compact]
       }.to_h
     end
 
     # Get a hash of metadata to be rendered in the `OPTIONS` response.
-    def get_options_metadata
+    def options_metadata
       return super.merge(
         {
           primary_key: self.get_model.primary_key,
@@ -396,9 +400,8 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     return self.class.get_fields(input_fields: self.class.fields)
   end
 
-  # Pass fields to get dynamic metadata based on which fields are available.
-  def get_options_metadata
-    return self.class.get_options_metadata
+  def options_metadata
+    return self.class.options_metadata
   end
 
   # Get a list of parameters allowed for the current action.
@@ -408,7 +411,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     @_get_allowed_parameters = self.allowed_parameters
     return @_get_allowed_parameters if @_get_allowed_parameters
 
-    # For fields, automatically add `_id`/`_ids` and `_attributes` variations for associations.
+    # Assemble strong parameters.
     variations = []
     hash_variations = {}
     reflections = self.class.get_model.reflections
@@ -417,12 +420,13 @@ module RESTFramework::Mixins::BaseModelControllerMixin
 
       # ActiveStorage Integration: `has_one_attached`.
       if reflections.key?("#{f}_attachment")
+        hash_variations[f] = ACTIVESTORAGE_KEYS
         next f
       end
 
       # ActiveStorage Integration: `has_many_attached`.
       if reflections.key?("#{f}_attachments")
-        hash_variations[f] = []
+        hash_variations[f] = ACTIVESTORAGE_KEYS
         next nil
       end
 
@@ -434,6 +438,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       # Return field if it's not an association.
       next f unless ref = reflections[f]
 
+      # Add `_id`/`_ids` variations for associations.
       if self.permit_id_assignment && id_field = RESTFramework::Utils.get_id_field(f, ref)
         if id_field.ends_with?("_ids")
           hash_variations[id_field] = []
@@ -442,31 +447,36 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         end
       end
 
+      # Add `_attributes` variations for associations.
       if self.permit_nested_attributes_assignment
-        hash_variations["#{f}_attributes"] = self.class.get_field_config(f)[:sub_fields]
+        hash_variations["#{f}_attributes"] = (
+          self.class.field_config_for(f)[:sub_fields] + ["_destroy"]
+        )
       end
 
-      # Associations are not allowed to be submitted in their bare form.
+      # Associations are not allowed to be submitted in their bare form (if they are submitted that
+      # way, they will be translated to either ID assignment or nested attributes assignment).
       next nil
     }.compact
     @_get_allowed_parameters += variations
     @_get_allowed_parameters << hash_variations
+
     return @_get_allowed_parameters
   end
 
-  # Get the configured serializer class, or `NativeSerializer` as a default.
-  def get_serializer_class
+  def serializer_class
     return super || RESTFramework::NativeSerializer
   end
 
-  # Get filtering backends, defaulting to using `ModelQueryFilter`, `ModelOrderingFilter`, and
-  # `ModelSearchFilter`.
-  def get_filter_backends
-    return self.filter_backends || [
-      RESTFramework::ModelQueryFilter,
-      RESTFramework::ModelOrderingFilter,
-      RESTFramework::ModelSearchFilter,
-    ]
+  def apply_filters(data)
+    # TODO: Compatibility; remove in 1.0.
+    if filtered_data = self.try(:get_filtered_data, data)
+      return filtered_data
+    end
+
+    return self.filter_backends&.reduce(data) { |d, filter|
+      filter.new(controller: self).filter_data(d)
+    } || data
   end
 
   # Use strong parameters to filter the request body using the configured allowed parameters.
@@ -492,6 +502,45 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       end
     end
 
+    # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
+    #
+    # rubocop:disable Layout/LineLength
+    #
+    # Example base64 images (red, green, and blue squares):
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mP8z8BQz0AEYBxVSF+FABJADveWkH6oAAAAAElFTkSuQmCC
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNk+M9Qz0AEYBxVSF+FAAhKDveksOjmAAAAAElFTkSuQmCC
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNkYPhfz0AEYBxVSF+FAP5FDvcfRYWgAAAAAElFTkSuQmCC
+    #
+    # rubocop:enable Layout/LineLength
+    has_many_attached_scalar_data = {}
+    self.class.get_model.attachment_reflections.keys.each do |k|
+      if data[k].is_a?(Array)
+        data[k] = data[k].map { |v|
+          if v.is_a?(String)
+            v = BASE64_TRANSLATE.call(k, v)
+
+            # Remember scalars because Rails strong params will remove it.
+            if v.is_a?(String)
+              has_many_attached_scalar_data[k] ||= []
+              has_many_attached_scalar_data[k] << v
+            end
+          elsif v.is_a?(Hash)
+            if v[:io].is_a?(String)
+              v[:io] = StringIO.new(Base64.decode64(v[:io]))
+            end
+          end
+
+          next v
+        }
+      elsif data[k].is_a?(Hash)
+        if data[k][:io].is_a?(String)
+          data[k][:io] = StringIO.new(Base64.decode64(data[k][:io]))
+        end
+      elsif data[k].is_a?(String)
+        data[k] = BASE64_TRANSLATE.call(k, data[k])
+      end
+    end
+
     # Filter the request body with strong params. If `bulk` is true, then we apply allowed
     # parameters to the `_json` key of the request body.
     body_params = if allowed_params == true
@@ -503,6 +552,15 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       ActionController::Parameters.new(data).permit(*allowed_params)
     end
 
+    # ActiveStorage Integration: Workaround for Rails strong params not allowing you to permit an
+    # array containing a mix of scalars and hashes. This is needed for `has_many_attached`, because
+    # API consumers must be able to provide scalar `signed_id` values for existing attachments along
+    # with hashes for new attachments. It's worth mentioning that base64 scalars are converted to
+    # hashes that conform to the ActiveStorage API.
+    has_many_attached_scalar_data.each do |k, v|
+      body_params[k].unshift(*v)
+    end
+
     # Filter primary key, if configured.
     if self.filter_pk_from_request_body && bulk_mode != :update
       body_params.delete(pk)
@@ -511,27 +569,6 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # Filter fields in `exclude_body_fields`.
     (self.exclude_body_fields || []).each { |f| body_params.delete(f) }
 
-    # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
-    #
-    # rubocop:disable Layout/LineLength
-    #
-    # Example base64 image:
-    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAApgAAAKYB3X3/OAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAANCSURBVEiJtZZPbBtFFMZ/M7ubXdtdb1xSFyeilBapySVU8h8OoFaooFSqiihIVIpQBKci6KEg9Q6H9kovIHoCIVQJJCKE1ENFjnAgcaSGC6rEnxBwA04Tx43t2FnvDAfjkNibxgHxnWb2e/u992bee7tCa00YFsffekFY+nUzFtjW0LrvjRXrCDIAaPLlW0nHL0SsZtVoaF98mLrx3pdhOqLtYPHChahZcYYO7KvPFxvRl5XPp1sN3adWiD1ZAqD6XYK1b/dvE5IWryTt2udLFedwc1+9kLp+vbbpoDh+6TklxBeAi9TL0taeWpdmZzQDry0AcO+jQ12RyohqqoYoo8RDwJrU+qXkjWtfi8Xxt58BdQuwQs9qC/afLwCw8tnQbqYAPsgxE1S6F3EAIXux2oQFKm0ihMsOF71dHYx+f3NND68ghCu1YIoePPQN1pGRABkJ6Bus96CutRZMydTl+TvuiRW1m3n0eDl0vRPcEysqdXn+jsQPsrHMquGeXEaY4Yk4wxWcY5V/9scqOMOVUFthatyTy8QyqwZ+kDURKoMWxNKr2EeqVKcTNOajqKoBgOE28U4tdQl5p5bwCw7BWquaZSzAPlwjlithJtp3pTImSqQRrb2Z8PHGigD4RZuNX6JYj6wj7O4TFLbCO/Mn/m8R+h6rYSUb3ekokRY6f/YukArN979jcW+V/S8g0eT/N3VN3kTqWbQ428m9/8k0P/1aIhF36PccEl6EhOcAUCrXKZXXWS3XKd2vc/TRBG9O5ELC17MmWubD2nKhUKZa26Ba2+D3P+4/MNCFwg59oWVeYhkzgN/JDR8deKBoD7Y+ljEjGZ0sosXVTvbc6RHirr2reNy1OXd6pJsQ+gqjk8VWFYmHrwBzW/n+uMPFiRwHB2I7ih8ciHFxIkd/3Omk5tCDV1t+2nNu5sxxpDFNx+huNhVT3/zMDz8usXC3ddaHBj1GHj/As08fwTS7Kt1HBTmyN29vdwAw+/wbwLVOJ3uAD1wi/dUH7Qei66PfyuRj4Ik9is+hglfbkbfR3cnZm7chlUWLdwmprtCohX4HUtlOcQjLYCu+fzGJH2QRKvP3UNz8bWk1qMxjGTOMThZ3kvgLI5AzFfo379UAAAAASUVORK5CYII=
-    #
-    # rubocop:enable Layout/LineLength
-    self.class.get_model.attachment_reflections.keys.each do |k|
-      next unless (body_params[k].is_a?(String) && body_params[k].match?(BASE64_REGEX)) ||
-        (body_params[k].is_a?(Array) && body_params[k].all? { |v|
-          v.is_a?(String) && v.match?(BASE64_REGEX)
-        })
-
-      if body_params[k].is_a?(Array)
-        body_params[k] = body_params[k].map { |v| BASE64_TRANSLATE.call(k, v) }
-      else
-        body_params[k] = BASE64_TRANSLATE.call(k, body_params[k])
-      end
-    end
-
     return body_params
   end
   alias_method :get_create_params, :get_body_params
@@ -551,13 +588,12 @@ module RESTFramework::Mixins::BaseModelControllerMixin
 
   # Get the records this controller has access to *after* any filtering is applied.
   def get_records
-    return @records ||= self.get_filtered_data(self.get_recordset)
+    return @records ||= self.apply_filters(self.get_recordset)
   end
 
-  # Get a single record by primary key or another column, if allowed. The return value is cached and
-  # exposed to the view as the `@record` instance variable.
+  # Get a single record by primary key or another column, if allowed. The return value is memoized
+  # and exposed to the view as the `@record` instance variable.
   def get_record
-    # Cache the result.
     return @record if @record
 
     find_by_key = self.class.get_model.primary_key
@@ -582,7 +618,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       self.get_recordset
     end
 
-    # Return the record. Route key is always `:id` by Rails convention.
+    # Return the record. Route key is always `:id` by Rails' convention.
     if is_pk
       return @record = collection.find(request.path_parameters[:id])
     else
@@ -609,11 +645,9 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
     # the serializer directly. This would fail for active model serializers, but maybe we don't
     # care?
-    serializer_class = self.get_serializer_class
+    s = RESTFramework::Utils.wrap_ams(self.serializer_class)
     serialized_records = records.map do |record|
-      serializer_class.new(record, controller: self).serialize.merge!(
-        {errors: record.errors.presence}.compact,
-      )
+      s.new(record, controller: self).serialize.merge!({errors: record.errors.presence}.compact)
     end
 
     return serialized_records

data/lib/rest_framework/serializers/native_serializer.rb

@@ -195,7 +195,7 @@ class RESTFramework::Serializers::NativeSerializer < RESTFramework::Serializers:
     attachment_reflections = @model.attachment_reflections
 
     fields.each do |f|
-      field_config = @controller.class.get_field_config(f)
+      field_config = @controller.class.field_config_for(f)
       next if field_config[:write_only]
 
       if f.in?(column_names)
@@ -259,18 +259,22 @@ class RESTFramework::Serializers::NativeSerializer < RESTFramework::Serializers:
           serializer_methods[f] = f
           includes_map[f] = {"#{f}_attachment": :blob}
           self.define_singleton_method(f) do |record|
-            next record.send(f).attachment&.url
+            attached = record.send(f)
+            next attached.attachment ? {signed_id: attached.signed_id, url: attached.url} : nil
           end
         elsif ref.macro == :has_many_attached
           serializer_methods[f] = f
           includes_map[f] = {"#{f}_attachments": :blob}
           self.define_singleton_method(f) do |record|
             # Iterating the collection yields attachment objects.
-            next record.send(f).map(&:url)
+            next record.send(f).map { |a| {signed_id: a.signed_id, url: a.url} }
           end
         end
       elsif @model.method_defined?(f)
         methods << f
+      else
+        # Assume anything else is a virtual column.
+        columns << f
       end
     end
 

data/lib/rest_framework/utils.rb

@@ -28,7 +28,7 @@ module RESTFramework::Utils
             [f, {}]
           }.to_h if metadata[:fields].is_a?(Array)
           metadata[:fields]&.each do |field, cfg|
-            cfg[:label] = controller.get_label(field) unless cfg[:label]
+            cfg[:label] = controller.label_for(field) unless cfg[:label]
           end
         end
 
@@ -47,7 +47,7 @@ module RESTFramework::Utils
 
       # Insert action label if it's not provided.
       if controller
-        metadata[:label] ||= controller.get_label(k)
+        metadata[:label] ||= controller.label_for(k)
       end
 
       next [
@@ -159,9 +159,10 @@ module RESTFramework::Utils
     )
     parsed_fields += fields_hash[:include].map(&:to_s) if fields_hash[:include]
     parsed_fields -= fields_hash[:exclude].map(&:to_s) if fields_hash[:exclude]
+    parsed_fields -= fields_hash[:except].map(&:to_s) if fields_hash[:except]
 
     # Warn for any unknown keys.
-    (fields_hash.keys - [:only, :include, :exclude]).each do |k|
+    (fields_hash.keys - [:only, :except, :include, :exclude]).each do |k|
       Rails.logger.warn("RRF: Unknown key in fields hash: #{k}")
     end
 
@@ -233,4 +234,13 @@ module RESTFramework::Utils
 
     return nil
   end
+
+  # Wrap a serializer with an adapter if it is an ActiveModel::Serializer.
+  def self.wrap_ams(s)
+    if defined?(ActiveModel::Serializer) && (s < ActiveModel::Serializer)
+      return RESTFramework::ActiveModelSerializerAdapterFactory.for(s)
+    end
+
+    return s
+  end
 end

data/lib/rest_framework.rb

@@ -31,57 +31,57 @@ module RESTFramework
   EXTERNAL_ASSETS = {
     # Bootstrap
     "bootstrap.min.css" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/css/bootstrap.min.css",
-      sri: "sha384-aFq/bzH65dt+w6FI2ooMVUpc+21e0SRygnTpmBvdBgSdnuTN7QbdgL+OapgHtvPp",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css",
+      sri: "sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH",
     },
     "bootstrap.min.js" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/js/bootstrap.bundle.min.js",
-      sri: "sha384-qKXV1j0HvMUeCBQ+QVp7JcfGl760yU08IQ+GpUo5hlbpg51QRiuqHAJz8+BrxE/N",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js",
+      sri: "sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz",
     },
 
     # Bootstrap Icons
     "bootstrap-icons.min.css" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.4/font/bootstrap-icons.min.css",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css",
       inline_fonts: true,
     },
 
     # Highlight.js
     "highlight.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js",
-      sri: "sha512-bgHRAiTjGrzHzLyKOnpFvaEpGzJet3z4tZnXGjpsCcqOnAH6VGUx9frc5bcIhKTVLEiCO6vEhNAgx5jtLUYrfA==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/highlight.min.js",
+      sri: "sha512-6QBAC6Sxc4IF04SvIg0k78l5rP5YgVjmHX2NeArelbxM3JGj4imMqfNzEta3n+mi7iG3nupdLnl3QrbfjdXyTg==",
     },
     "highlight-json.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/json.min.js",
-      sri: "sha512-0xYvyncS9OLE7GOpNBZFnwyh9+bq4HVgk4yVVYI678xRvE22ASicF1v6fZ1UiST+M6pn17MzFZdvVCI3jTHSyw==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/languages/json.min.js",
+      sri: "sha512-8JO7/pRnd1Ce8OBXWQg85e5wNPJdBaQdN8w4oDa+HelMXaLwCxTdbzdWHmJtWR9AmcI6dOln4FS5/KrzpxqqfQ==",
     },
     "highlight-xml.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/xml.min.js",
-      sri: "sha512-5zBcw+OKRkaNyvUEPlTSfYylVzgpi7KpncY36b0gRudfxIYIH0q0kl2j26uCUB3YBRM6ytQQEZSgRg+ZlBTmdA==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/languages/xml.min.js",
+      sri: "sha512-/vq6wbS2Qkv8Hj4mP3Jd/m6MbnIrquzZiUt9tIluQfe332IQeFDrSIK7j2cjAyn6/9Ntb2WMPbo1CAxu26NViA==",
     },
     "highlight-a11y-dark.min.css" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-dark.min.css",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/styles/a11y-dark.min.css",
       sri: "sha512-Vj6gPCk8EZlqnoveEyuGyYaWZ1+jyjMPg8g4shwyyNlRQl6d3L9At02ZHQr5K6s5duZl/+YKMnM3/8pDhoUphg==",
       extra_tag_attrs: {class: "rrf-dark-mode"},
     },
     "highlight-a11y-light.min.css" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-light.min.css",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/styles/a11y-light.min.css",
       sri: "sha512-WDk6RzwygsN9KecRHAfm9HTN87LQjqdygDmkHSJxVkVI7ErCZ8ZWxP6T8RvBujY1n2/E4Ac+bn2ChXnp5rnnHA==",
       extra_tag_attrs: {class: "rrf-light-mode"},
     },
 
     # NeatJSON
     "neatjson.min.js" => {
-      url: "https://cdn.jsdelivr.net/npm/neatjson@0.10.5/javascript/neatjson.min.js",
+      url: "https://cdn.jsdelivr.net/npm/neatjson@0.10.6/javascript/neatjson.min.js",
       exclude_from_docs: true,
     },
 
     # Trix
     "trix.min.css" => {
-      url: "https://unpkg.com/trix@2.0.0/dist/trix.css",
+      url: "https://unpkg.com/trix@2.0.8/dist/trix.css",
       exclude_from_docs: true,
     },
     "trix.min.js" => {
-      url: "https://unpkg.com/trix@2.0.0/dist/trix.umd.min.js",
+      url: "https://unpkg.com/trix@2.0.8/dist/trix.umd.min.js",
       exclude_from_docs: true,
     },
   }.map { |name, cfg|