rest_framework 0.9.15 → 0.10.0

data/lib/rest_framework/mixins/model_controller_mixin.rb

@@ -2,6 +2,8 @@
 module RESTFramework::Mixins::BaseModelControllerMixin
   BASE64_REGEX = /data:(.*);base64,(.*)/
   BASE64_TRANSLATE = ->(field, value) {
+    return value unless BASE64_REGEX.match?(value)
+
     _, content_type, payload = value.match(BASE64_REGEX).to_a
     return {
       io: StringIO.new(Base64.decode64(payload)),
@@ -45,14 +47,24 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     native_serializer_associations_limit_query_param: "associations_limit",
     native_serializer_include_associations_count: false,
 
-    # Attributes for default model filtering, ordering, and searching.
-    filterset_fields: nil,
+    # Attributes for filtering, ordering, and searching.
+    filter_backends: [
+      RESTFramework::QueryFilter,
+      RESTFramework::OrderingFilter,
+      RESTFramework::SearchFilter,
+    ],
+    filter_recordset_before_find: true,
+    filter_fields: nil,
     ordering_fields: nil,
     ordering_query_param: "ordering",
     ordering_no_reorder: false,
     search_fields: nil,
     search_query_param: "search",
     search_ilike: false,
+    ransack_options: nil,
+    ransack_query_param: "q",
+    ransack_distinct: true,
+    ransack_distinct_query_param: "distinct",
 
     # Options for association assignment.
     permit_id_assignment: true,
@@ -60,21 +72,11 @@ module RESTFramework::Mixins::BaseModelControllerMixin
 
     # Option for `recordset.create` vs `Model.create` behavior.
     create_from_recordset: true,
-
-    # Control if filtering is done before find.
-    filter_recordset_before_find: true,
-
-    # Options for `ransack` filtering.
-    ransack_options: nil,
-    ransack_query_param: "q",
-    ransack_distinct: true,
-    ransack_distinct_query_param: "distinct",
   }
 
   module ClassMethods
     IGNORE_VALIDATORS_WITH_KEYS = [:if, :unless].freeze
 
-    # Get the model for this controller.
     def get_model
       return @model if @model
       return (@model = self.model) if self.model
@@ -88,8 +90,8 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       raise RESTFramework::UnknownModelError, self
     end
 
-    # Override `get_label` to include ActiveRecord i18n-translated column names.
-    def get_label(s)
+    # Override to include ActiveRecord i18n-translated column names.
+    def label_for(s)
       return self.get_model.human_attribute_name(s, default: super)
     end
 
@@ -101,13 +103,20 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       # If fields is a hash, then parse it.
       if input_fields.is_a?(Hash)
         return RESTFramework::Utils.parse_fields_hash(
-          input_fields, self.get_model, exclude_associations: self.exclude_associations
+          input_fields,
+          self.get_model,
+          exclude_associations: self.exclude_associations,
+          action_text: self.enable_action_text,
+          active_storage: self.enable_active_storage,
         )
       elsif !input_fields
         # Otherwise, if fields is nil, then fallback to columns.
         model = self.get_model
         return model ? RESTFramework::Utils.fields_for(
-          model, exclude_associations: self.exclude_associations
+          model,
+          exclude_associations: self.exclude_associations,
+          action_text: self.enable_action_text,
+          active_storage: self.enable_active_storage,
         ) : []
       elsif input_fields
         input_fields = input_fields.map(&:to_s)
@@ -117,10 +126,10 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     end
 
     # Get a field's config, including defaults.
-    def get_field_config(f)
+    def field_config_for(f)
       f = f.to_sym
-      @_get_field_config ||= {}
-      return @_get_field_config[f] if @_get_field_config[f]
+      @_field_config_for ||= {}
+      return @_field_config_for[f] if @_field_config_for[f]
 
       config = self.field_config&.dig(f) || {}
 
@@ -147,7 +156,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         }.to_h.compact.presence
       end
 
-      return @_get_field_config[f] = config.compact
+      return @_field_config_for[f] = config.compact
     end
 
     # Get metadata about the resource's fields.
@@ -173,7 +182,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         metadata = {
           type: nil,
           kind: nil,
-          label: self.get_label(f),
+          label: self.label_for(f),
           primary_key: nil,
           required: nil,
           read_only: nil,
@@ -305,14 +314,14 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         end
 
         # Serialize any field config.
-        metadata[:config] = self.get_field_config(f).presence
+        metadata[:config] = self.field_config_for(f).presence
 
         next [f, metadata.compact]
       }.to_h
     end
 
     # Get a hash of metadata to be rendered in the `OPTIONS` response.
-    def get_options_metadata
+    def options_metadata
       return super.merge(
         {
           primary_key: self.get_model.primary_key,
@@ -398,9 +407,8 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     return self.class.get_fields(input_fields: self.class.fields)
   end
 
-  # Pass fields to get dynamic metadata based on which fields are available.
-  def get_options_metadata
-    return self.class.get_options_metadata
+  def options_metadata
+    return self.class.options_metadata
   end
 
   # Get a list of parameters allowed for the current action.
@@ -410,35 +418,34 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     @_get_allowed_parameters = self.allowed_parameters
     return @_get_allowed_parameters if @_get_allowed_parameters
 
-    # For fields, automatically add `_id`/`_ids` and `_attributes` variations for associations.
+    # Assemble strong parameters.
     variations = []
     hash_variations = {}
-    alt_hash_variations = {}
     reflections = self.class.get_model.reflections
     @_get_allowed_parameters = self.get_fields.map { |f|
       f = f.to_s
 
-      # ActiveStorage Integration: `has_one_attached`.
-      if reflections.key?("#{f}_attachment")
-        hash_variations[f] = ACTIVESTORAGE_KEYS
+      # ActionText Integration:
+      if self.class.enable_action_text && reflections.key?("rich_test_#{f}")
         next f
       end
 
-      # ActiveStorage Integration: `has_many_attached`.
-      if reflections.key?("#{f}_attachments")
-        hash_variations[f] = []
-        alt_hash_variations[f] = ACTIVESTORAGE_KEYS
-        next nil
+      # ActiveStorage Integration: `has_one_attached`
+      if self.class.enable_active_storage && reflections.key?("#{f}_attachment")
+        hash_variations[f] = ACTIVESTORAGE_KEYS
+        next f
       end
 
-      # ActionText Integration.
-      if reflections.key?("rich_test_#{f}")
-        next f
+      # ActiveStorage Integration: `has_many_attached`
+      if self.class.enable_active_storage && reflections.key?("#{f}_attachments")
+        hash_variations[f] = ACTIVESTORAGE_KEYS
+        next nil
       end
 
       # Return field if it's not an association.
       next f unless ref = reflections[f]
 
+      # Add `_id`/`_ids` variations for associations.
       if self.permit_id_assignment && id_field = RESTFramework::Utils.get_id_field(f, ref)
         if id_field.ends_with?("_ids")
           hash_variations[id_field] = []
@@ -447,34 +454,36 @@ module RESTFramework::Mixins::BaseModelControllerMixin
         end
       end
 
+      # Add `_attributes` variations for associations.
       if self.permit_nested_attributes_assignment
         hash_variations["#{f}_attributes"] = (
-          self.class.get_field_config(f)[:sub_fields] + ["_destroy"]
+          self.class.field_config_for(f)[:sub_fields] + ["_destroy"]
         )
       end
 
-      # Associations are not allowed to be submitted in their bare form.
+      # Associations are not allowed to be submitted in their bare form (if they are submitted that
+      # way, they will be translated to either ID assignment or nested attributes assignment).
       next nil
     }.compact
     @_get_allowed_parameters += variations
     @_get_allowed_parameters << hash_variations
-    @_get_allowed_parameters << alt_hash_variations
+
     return @_get_allowed_parameters
   end
 
-  # Get the configured serializer class, or `NativeSerializer` as a default.
-  def get_serializer_class
+  def serializer_class
     return super || RESTFramework::NativeSerializer
   end
 
-  # Get filtering backends, defaulting to using `ModelQueryFilter`, `ModelOrderingFilter`, and
-  # `ModelSearchFilter`.
-  def get_filter_backends
-    return self.filter_backends || [
-      RESTFramework::ModelQueryFilter,
-      RESTFramework::ModelOrderingFilter,
-      RESTFramework::ModelSearchFilter,
-    ]
+  def apply_filters(data)
+    # TODO: Compatibility; remove in 1.0.
+    if filtered_data = self.try(:get_filtered_data, data)
+      return filtered_data
+    end
+
+    return self.filter_backends&.reduce(data) { |d, filter|
+      filter.new(controller: self).filter_data(d)
+    } || data
   end
 
   # Use strong parameters to filter the request body using the configured allowed parameters.
@@ -500,6 +509,47 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       end
     end
 
+    # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
+    #
+    # rubocop:disable Layout/LineLength
+    #
+    # Example base64 images (red, green, and blue squares):
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mP8z8BQz0AEYBxVSF+FABJADveWkH6oAAAAAElFTkSuQmCC
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNk+M9Qz0AEYBxVSF+FAAhKDveksOjmAAAAAElFTkSuQmCC
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNkYPhfz0AEYBxVSF+FAP5FDvcfRYWgAAAAAElFTkSuQmCC
+    #
+    # rubocop:enable Layout/LineLength
+    has_many_attached_scalar_data = {}
+    if self.class.enable_active_storage
+      self.class.get_model.attachment_reflections.keys.each do |k|
+        if data[k].is_a?(Array)
+          data[k] = data[k].map { |v|
+            if v.is_a?(String)
+              v = BASE64_TRANSLATE.call(k, v)
+
+              # Remember scalars because Rails strong params will remove it.
+              if v.is_a?(String)
+                has_many_attached_scalar_data[k] ||= []
+                has_many_attached_scalar_data[k] << v
+              end
+            elsif v.is_a?(Hash)
+              if v[:io].is_a?(String)
+                v[:io] = StringIO.new(Base64.decode64(v[:io]))
+              end
+            end
+
+            next v
+          }
+        elsif data[k].is_a?(Hash)
+          if data[k][:io].is_a?(String)
+            data[k][:io] = StringIO.new(Base64.decode64(data[k][:io]))
+          end
+        elsif data[k].is_a?(String)
+          data[k] = BASE64_TRANSLATE.call(k, data[k])
+        end
+      end
+    end
+
     # Filter the request body with strong params. If `bulk` is true, then we apply allowed
     # parameters to the `_json` key of the request body.
     body_params = if allowed_params == true
@@ -511,6 +561,15 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       ActionController::Parameters.new(data).permit(*allowed_params)
     end
 
+    # ActiveStorage Integration: Workaround for Rails strong params not allowing you to permit an
+    # array containing a mix of scalars and hashes. This is needed for `has_many_attached`, because
+    # API consumers must be able to provide scalar `signed_id` values for existing attachments along
+    # with hashes for new attachments. It's worth mentioning that base64 scalars are converted to
+    # hashes that conform to the ActiveStorage API.
+    has_many_attached_scalar_data.each do |k, v|
+      body_params[k].unshift(*v)
+    end
+
     # Filter primary key, if configured.
     if self.filter_pk_from_request_body && bulk_mode != :update
       body_params.delete(pk)
@@ -519,35 +578,6 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # Filter fields in `exclude_body_fields`.
     (self.exclude_body_fields || []).each { |f| body_params.delete(f) }
 
-    # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
-    #
-    # rubocop:disable Layout/LineLength
-    #
-    # Example base64 image:
-    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAApgAAAKYB3X3/OAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAANCSURBVEiJtZZPbBtFFMZ/M7ubXdtdb1xSFyeilBapySVU8h8OoFaooFSqiihIVIpQBKci6KEg9Q6H9kovIHoCIVQJJCKE1ENFjnAgcaSGC6rEnxBwA04Tx43t2FnvDAfjkNibxgHxnWb2e/u992bee7tCa00YFsffekFY+nUzFtjW0LrvjRXrCDIAaPLlW0nHL0SsZtVoaF98mLrx3pdhOqLtYPHChahZcYYO7KvPFxvRl5XPp1sN3adWiD1ZAqD6XYK1b/dvE5IWryTt2udLFedwc1+9kLp+vbbpoDh+6TklxBeAi9TL0taeWpdmZzQDry0AcO+jQ12RyohqqoYoo8RDwJrU+qXkjWtfi8Xxt58BdQuwQs9qC/afLwCw8tnQbqYAPsgxE1S6F3EAIXux2oQFKm0ihMsOF71dHYx+f3NND68ghCu1YIoePPQN1pGRABkJ6Bus96CutRZMydTl+TvuiRW1m3n0eDl0vRPcEysqdXn+jsQPsrHMquGeXEaY4Yk4wxWcY5V/9scqOMOVUFthatyTy8QyqwZ+kDURKoMWxNKr2EeqVKcTNOajqKoBgOE28U4tdQl5p5bwCw7BWquaZSzAPlwjlithJtp3pTImSqQRrb2Z8PHGigD4RZuNX6JYj6wj7O4TFLbCO/Mn/m8R+h6rYSUb3ekokRY6f/YukArN979jcW+V/S8g0eT/N3VN3kTqWbQ428m9/8k0P/1aIhF36PccEl6EhOcAUCrXKZXXWS3XKd2vc/TRBG9O5ELC17MmWubD2nKhUKZa26Ba2+D3P+4/MNCFwg59oWVeYhkzgN/JDR8deKBoD7Y+ljEjGZ0sosXVTvbc6RHirr2reNy1OXd6pJsQ+gqjk8VWFYmHrwBzW/n+uMPFiRwHB2I7ih8ciHFxIkd/3Omk5tCDV1t+2nNu5sxxpDFNx+huNhVT3/zMDz8usXC3ddaHBj1GHj/As08fwTS7Kt1HBTmyN29vdwAw+/wbwLVOJ3uAD1wi/dUH7Qei66PfyuRj4Ik9is+hglfbkbfR3cnZm7chlUWLdwmprtCohX4HUtlOcQjLYCu+fzGJH2QRKvP3UNz8bWk1qMxjGTOMThZ3kvgLI5AzFfo379UAAAAASUVORK5CYII=
-    #
-    # rubocop:enable Layout/LineLength
-    self.class.get_model.attachment_reflections.keys.each do |k|
-      if body_params[k].is_a?(Array)
-        body_params[k] = body_params[k].map { |v|
-          if v.is_a?(String)
-            BASE64_TRANSLATE.call(k, v)
-          elsif v.is_a?(ActionController::Parameters)
-            if v[:io].is_a?(String)
-              v[:io] = StringIO.new(Base64.decode64(v[:io]))
-            end
-            v
-          end
-        }
-      elsif body_params[k].is_a?(ActionController::Parameters)
-        if body_params[k][:io].is_a?(String)
-          body_params[k][:io] = StringIO.new(Base64.decode64(body_params[k][:io]))
-        end
-      elsif body_params[k].is_a?(String)
-        body_params[k] = BASE64_TRANSLATE.call(k, body_params[k])
-      end
-    end
-
     return body_params
   end
   alias_method :get_create_params, :get_body_params
@@ -567,13 +597,12 @@ module RESTFramework::Mixins::BaseModelControllerMixin
 
   # Get the records this controller has access to *after* any filtering is applied.
   def get_records
-    return @records ||= self.get_filtered_data(self.get_recordset)
+    return @records ||= self.apply_filters(self.get_recordset)
   end
 
-  # Get a single record by primary key or another column, if allowed. The return value is cached and
-  # exposed to the view as the `@record` instance variable.
+  # Get a single record by primary key or another column, if allowed. The return value is memoized
+  # and exposed to the view as the `@record` instance variable.
   def get_record
-    # Cache the result.
     return @record if @record
 
     find_by_key = self.class.get_model.primary_key
@@ -598,7 +627,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       self.get_recordset
     end
 
-    # Return the record. Route key is always `:id` by Rails convention.
+    # Return the record. Route key is always `:id` by Rails' convention.
     if is_pk
       return @record = collection.find(request.path_parameters[:id])
     else
@@ -625,11 +654,9 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
     # the serializer directly. This would fail for active model serializers, but maybe we don't
     # care?
-    serializer_class = self.get_serializer_class
+    s = RESTFramework::Utils.wrap_ams(self.serializer_class)
     serialized_records = records.map do |record|
-      serializer_class.new(record, controller: self).serialize.merge!(
-        {errors: record.errors.presence}.compact,
-      )
+      s.new(record, controller: self).serialize.merge!({errors: record.errors.presence}.compact)
     end
 
     return serialized_records

data/lib/rest_framework/serializers/native_serializer.rb

@@ -195,7 +195,7 @@ class RESTFramework::Serializers::NativeSerializer < RESTFramework::Serializers:
     attachment_reflections = @model.attachment_reflections
 
     fields.each do |f|
-      field_config = @controller.class.get_field_config(f)
+      field_config = @controller.class.field_config_for(f)
       next if field_config[:write_only]
 
       if f.in?(column_names)
@@ -246,27 +246,38 @@ class RESTFramework::Serializers::NativeSerializer < RESTFramework::Serializers:
           includes[f] = sub_config
           includes_map[f] = f.to_sym
         end
-      elsif ref = reflections["rich_text_#{f}"]
+      elsif @controller.class.enable_action_text && ref = reflections["rich_text_#{f}"]
         # ActionText Integration: Define rich text serializer method.
         includes_map[f] = :"rich_text_#{f}"
         serializer_methods[f] = f
         self.define_singleton_method(f) do |record|
           next record.send(f).to_s
         end
-      elsif ref = attachment_reflections[f]
+      elsif @controller.class.enable_active_storage && ref = attachment_reflections[f]
         # ActiveStorage Integration: Define attachment serializer method.
         if ref.macro == :has_one_attached
           serializer_methods[f] = f
           includes_map[f] = {"#{f}_attachment": :blob}
           self.define_singleton_method(f) do |record|
-            next record.send(f).attachment&.url
+            attached = record.send(f)
+            next attached.attachment ? {
+              filename: attached.filename,
+              signed_id: attached.signed_id,
+              url: attached.url,
+            } : nil
           end
         elsif ref.macro == :has_many_attached
           serializer_methods[f] = f
           includes_map[f] = {"#{f}_attachments": :blob}
           self.define_singleton_method(f) do |record|
             # Iterating the collection yields attachment objects.
-            next record.send(f).map(&:url)
+            next record.send(f).map { |a|
+              {
+                filename: a.filename,
+                signed_id: a.signed_id,
+                url: a.url,
+              }
+            }
           end
         end
       elsif @model.method_defined?(f)

data/lib/rest_framework/utils.rb

@@ -28,7 +28,7 @@ module RESTFramework::Utils
             [f, {}]
           }.to_h if metadata[:fields].is_a?(Array)
           metadata[:fields]&.each do |field, cfg|
-            cfg[:label] = controller.get_label(field) unless cfg[:label]
+            cfg[:label] = controller.label_for(field) unless cfg[:label]
           end
         end
 
@@ -47,7 +47,7 @@ module RESTFramework::Utils
 
       # Insert action label if it's not provided.
       if controller
-        metadata[:label] ||= controller.get_label(k)
+        metadata[:label] ||= controller.label_for(k)
       end
 
       next [
@@ -153,16 +153,21 @@ module RESTFramework::Utils
   end
 
   # Parse fields hashes.
-  def self.parse_fields_hash(fields_hash, model, exclude_associations: nil)
-    parsed_fields = fields_hash[:only] || (
-      model ? self.fields_for(model, exclude_associations: exclude_associations) : []
+  def self.parse_fields_hash(h, model, exclude_associations:, action_text:, active_storage:)
+    parsed_fields = h[:only] || (
+      model ? self.fields_for(
+        model,
+        exclude_associations: exclude_associations,
+        action_text: action_text,
+        active_storage: active_storage,
+      ) : []
     )
-    parsed_fields += fields_hash[:include].map(&:to_s) if fields_hash[:include]
-    parsed_fields -= fields_hash[:exclude].map(&:to_s) if fields_hash[:exclude]
-    parsed_fields -= fields_hash[:except].map(&:to_s) if fields_hash[:except]
+    parsed_fields += h[:include].map(&:to_s) if h[:include]
+    parsed_fields -= h[:exclude].map(&:to_s) if h[:exclude]
+    parsed_fields -= h[:except].map(&:to_s) if h[:except]
 
     # Warn for any unknown keys.
-    (fields_hash.keys - [:only, :except, :include, :exclude]).each do |k|
+    (h.keys - [:only, :except, :include, :exclude]).each do |k|
       Rails.logger.warn("RRF: Unknown key in fields hash: #{k}")
     end
 
@@ -173,16 +178,24 @@ module RESTFramework::Utils
   # Get the fields for a given model, including not just columns (which includes
   # foreign keys), but also associations. Note that we always return an array of
   # strings, not symbols.
-  def self.fields_for(model, exclude_associations: nil)
+  def self.fields_for(model, exclude_associations:, action_text:, active_storage:)
     foreign_keys = model.reflect_on_all_associations(:belongs_to).map(&:foreign_key)
     base_fields = model.column_names.reject { |c| c.in?(foreign_keys) }
 
     return base_fields if exclude_associations
 
-    # Add associations in addition to normal columns.
-    return base_fields + model.reflections.map { |association, ref|
+    # ActionText Integration: Determine the normalized field names for action text attributes.
+    atf = action_text ? model.reflect_on_all_associations(:has_one).collect(&:name).select { |n|
+      n.to_s.start_with?("rich_text_")
+    }.map { |n| n.to_s.delete_prefix("rich_text_") } : []
+
+    # ActiveStorage Integration: Determine the normalized field names for active storage attributes.
+    asf = active_storage ? model.attachment_reflections.keys : []
+
+    # Associations:
+    associations = model.reflections.map { |association, ref|
       # Ignore associations for which we have custom integrations.
-      if ref.class_name.in?(%w(ActiveStorage::Attachment ActiveStorage::Blob ActionText::RichText))
+      if ref.class_name.in?(%w(ActionText::RichText ActiveStorage::Attachment ActiveStorage::Blob))
         next nil
       end
 
@@ -193,11 +206,9 @@ module RESTFramework::Utils
       end
 
       next association
-    }.compact + model.reflect_on_all_associations(:has_one).collect(&:name).select { |n|
-      n.to_s.start_with?("rich_text_")
-    }.map { |n|
-      n.to_s.delete_prefix("rich_text_")
-    } + model.attachment_reflections.keys
+    }.compact
+
+    return base_fields + associations + atf + asf
   end
 
   # Get the sub-fields that may be serialized and filtered/ordered for a reflection.
@@ -234,4 +245,13 @@ module RESTFramework::Utils
 
     return nil
   end
+
+  # Wrap a serializer with an adapter if it is an ActiveModel::Serializer.
+  def self.wrap_ams(s)
+    if defined?(ActiveModel::Serializer) && (s < ActiveModel::Serializer)
+      return RESTFramework::ActiveModelSerializerAdapterFactory.for(s)
+    end
+
+    return s
+  end
 end

data/lib/rest_framework.rb

@@ -31,57 +31,57 @@ module RESTFramework
   EXTERNAL_ASSETS = {
     # Bootstrap
     "bootstrap.min.css" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/css/bootstrap.min.css",
-      sri: "sha384-aFq/bzH65dt+w6FI2ooMVUpc+21e0SRygnTpmBvdBgSdnuTN7QbdgL+OapgHtvPp",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css",
+      sri: "sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH",
     },
     "bootstrap.min.js" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/js/bootstrap.bundle.min.js",
-      sri: "sha384-qKXV1j0HvMUeCBQ+QVp7JcfGl760yU08IQ+GpUo5hlbpg51QRiuqHAJz8+BrxE/N",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js",
+      sri: "sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz",
     },
 
     # Bootstrap Icons
     "bootstrap-icons.min.css" => {
-      url: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.4/font/bootstrap-icons.min.css",
+      url: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css",
       inline_fonts: true,
     },
 
     # Highlight.js
     "highlight.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js",
-      sri: "sha512-bgHRAiTjGrzHzLyKOnpFvaEpGzJet3z4tZnXGjpsCcqOnAH6VGUx9frc5bcIhKTVLEiCO6vEhNAgx5jtLUYrfA==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/highlight.min.js",
+      sri: "sha512-6QBAC6Sxc4IF04SvIg0k78l5rP5YgVjmHX2NeArelbxM3JGj4imMqfNzEta3n+mi7iG3nupdLnl3QrbfjdXyTg==",
     },
     "highlight-json.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/json.min.js",
-      sri: "sha512-0xYvyncS9OLE7GOpNBZFnwyh9+bq4HVgk4yVVYI678xRvE22ASicF1v6fZ1UiST+M6pn17MzFZdvVCI3jTHSyw==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/languages/json.min.js",
+      sri: "sha512-8JO7/pRnd1Ce8OBXWQg85e5wNPJdBaQdN8w4oDa+HelMXaLwCxTdbzdWHmJtWR9AmcI6dOln4FS5/KrzpxqqfQ==",
     },
     "highlight-xml.min.js" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/xml.min.js",
-      sri: "sha512-5zBcw+OKRkaNyvUEPlTSfYylVzgpi7KpncY36b0gRudfxIYIH0q0kl2j26uCUB3YBRM6ytQQEZSgRg+ZlBTmdA==",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/languages/xml.min.js",
+      sri: "sha512-/vq6wbS2Qkv8Hj4mP3Jd/m6MbnIrquzZiUt9tIluQfe332IQeFDrSIK7j2cjAyn6/9Ntb2WMPbo1CAxu26NViA==",
     },
     "highlight-a11y-dark.min.css" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-dark.min.css",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/styles/a11y-dark.min.css",
       sri: "sha512-Vj6gPCk8EZlqnoveEyuGyYaWZ1+jyjMPg8g4shwyyNlRQl6d3L9At02ZHQr5K6s5duZl/+YKMnM3/8pDhoUphg==",
       extra_tag_attrs: {class: "rrf-dark-mode"},
     },
     "highlight-a11y-light.min.css" => {
-      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-light.min.css",
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/styles/a11y-light.min.css",
       sri: "sha512-WDk6RzwygsN9KecRHAfm9HTN87LQjqdygDmkHSJxVkVI7ErCZ8ZWxP6T8RvBujY1n2/E4Ac+bn2ChXnp5rnnHA==",
       extra_tag_attrs: {class: "rrf-light-mode"},
     },
 
     # NeatJSON
     "neatjson.min.js" => {
-      url: "https://cdn.jsdelivr.net/npm/neatjson@0.10.5/javascript/neatjson.min.js",
+      url: "https://cdn.jsdelivr.net/npm/neatjson@0.10.6/javascript/neatjson.min.js",
       exclude_from_docs: true,
     },
 
     # Trix
     "trix.min.css" => {
-      url: "https://unpkg.com/trix@2.0.0/dist/trix.css",
+      url: "https://unpkg.com/trix@2.0.8/dist/trix.css",
       exclude_from_docs: true,
     },
     "trix.min.js" => {
-      url: "https://unpkg.com/trix@2.0.0/dist/trix.umd.min.js",
+      url: "https://unpkg.com/trix@2.0.8/dist/trix.umd.min.js",
       exclude_from_docs: true,
     },
   }.map { |name, cfg|