mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
74,494 Commits 56 Branches 544 Tags 410 MiB
Commit Graph

180 Commits

Author SHA1 Message Date
Kasper Timm Hansen 12001611d6
Require and support rails-html-sanitzer 1.2.0 
Rails now requires 1.2.0 because it relies on the safe_list_sanitizer
API exclusively.

Also raise `sanitizer_vendor` API from the dead for
rails-deprecated_sanitizer.

Fixes https://github.com/rails/rails-deprecated_sanitizer/pull/6
 2019-08-09 00:07:45 +02:00
Abhay Nikam 476abd403b Updated links from http to https in guides, docs, etc 2019-03-09 16:43:47 +05:30
Kasper Timm Hansen 647d7e6167
Revert "Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"" 
I reverted the wrong commit. Damn it.

This reverts commit f66a977fc7.
 2019-01-08 22:19:22 +01:00
Kasper Timm Hansen f66a977fc7
Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json" 
We had a discussion on the Core team and we don't want to expose this information
as a JSON endpoint and not by default.

It doesn't make sense to expose this JSON locally and this controller is only
accessible in dev, so the proposed access from a production app seems off.

This reverts commit 8eaffe7e89, reversing
changes made to b6e4305c3b.
 2019-01-08 22:16:58 +01:00
Kasper Timm Hansen 1b7c3222e8
Require Ruby 2.5 for Rails 6. 
Generally followed the pattern for https://github.com/rails/rails/pull/32034

* Removes needless CI configs for 2.4
* Targets 2.5 in rubocop
* Updates existing CHANGELOG entries for fewer merge conflicts
* Removes Hash#slice extension as that's inlined on Ruby 2.5.
* Removes the need for send on define_method in MethodCallAssertions.
 2018-12-19 21:47:50 +01:00
Gannon McGibbon e74fdbe00c Amend CVE note and security guide section wordings 
Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.

[ci skip]
 2018-11-06 18:06:57 -05:00
Gannon McGibbon 1c11688b56 Add CVE note to security guide and gemspecs 
[ci skip]
 2018-11-06 14:25:36 -05:00
Jeremy Daer d4eb0dc89e Rails 6 requires Ruby 2.4.1+ 
Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug.

References #32028
 2018-02-17 15:34:57 -08:00
Rafael Mendonça França 0ea8e7db1a Remove support to Ruby 2.2 
Rails 6 will only support Ruby >= 2.3.
 2018-02-16 18:52:10 -05:00
Kir Shatrov dfcc766163 Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
Dwight Watson de550be5ea Update rack-test dependency constraint 2017-07-24 15:09:00 +10:00
Matthew Draper 87b3e226d6 Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" 
This reverts commit 3420a14590, reversing
changes made to afb66a5a59.
 2017-07-02 02:15:17 +09:30
Kir Shatrov cfade1ec7e Enforce frozen string in Rubocop 2017-07-01 02:11:03 +03:00
Grey Baker 3e6ce1cd69 Add source code and changelog links to gemspecs 2017-06-28 10:06:01 +01:00
bogdanvlviv 40bdbce191
Define path with __dir__ 
".. with __dir__ we can restore order in the Universe." - by @fxn

Related to 5b8738c2df
 2017-05-23 00:53:51 +03:00
Xavier Noria adca8154c6 applies new string literal convention in the gemspecs 
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
 2016-08-06 19:27:12 +02:00
Rafael Mendonça França 3bf0fe4a9c
Do not allow rack pre releases 2016-06-30 15:12:08 -03:00
Connor Shea 86c860ff0c
Update rails-dom-testing gem to 2.0 
Resolves #24924.
 2016-05-09 20:23:42 -06:00
Xavier Noria 1eb27fafa9 revises the homepage URL in the gemspecs [ci skip] 
References https://github.com/rails/homepage/issues/46.
 2016-03-10 07:55:27 +01:00
Rafael Mendonça França 9b5ae716db Revert "Merge pull request #23562 from Azzurrio/patch-1" 
This reverts commit 8c3cca5e11, reversing
changes made to 9dcf67c4da.

Reason: https://github.com/rails/rails/pull/23562#issuecomment-181442569
 2016-02-08 14:09:29 -02:00
Karim El-Husseiny ec82c13dd4 Update rails-html-sanitizer version to v1.0.3 
rails-html-sanitizer 1.0.2 is vulnerable: https://groups.google.com/d/msg/rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ
 2016-02-08 17:04:31 +02:00
Aaron Patterson 51211a94bd point at rack master 2015-08-20 13:45:11 -07:00
Rafael Mendonça França 8aadbeb3de Remove concurrent-ruby from Action Pack gemspec 
It is already on Active Support
 2015-07-14 15:17:41 -03:00
Jerry D'Antonio 284a9ba8ec Replaced `ActiveSupport::Concurrency::Latch` with concurrent-ruby. 
The concurrent-ruby gem is a toolset containing many concurrency
utilities. Many of these utilities include runtime-specific
optimizations when possible. Rather than clutter the Rails codebase with
concurrency utilities separate from the core task, such tools can be
superseded by similar tools in the more specialized gem. This commit
replaces `ActiveSupport::Concurrency::Latch` with
`Concurrent::CountDownLatch`, which is functionally equivalent.
 2015-07-13 15:44:21 -04:00
Jon Atack 32f7491808 Upgrade to Ruby 2.2.2 
and fix the grammar in the ruby_version_check.rb user message.
 2015-04-14 08:41:56 +05:30
Rafael Mendonça França 2c1f6267f9 Merge pull request #19252 from kaspth/single-escaping-strip-tags 
Let strip_tags leave HTML escaping to Rails.
 2015-03-10 16:05:47 -03:00
Kasper Timm Hansen 37695b8aab Let strip_tags leave HTML escaping to Rails. 
Prevents double escaping errors, such as "&" becoming "&".
 2015-03-10 20:04:01 +01:00
Peter Suschlik f0768eba28 Target Ruby 2.2.1 in gemspecs 
This is a follow-up to #19257
 2015-03-09 09:56:26 +01:00
eileencodes e1e2b54e85 Bump rack-test to fix nil values being sent to `parse_nested_query` 
I found that nil values were being incorrectly sent to
`parse_nested_query` in Rack. Originally it was thought that Rails was
doing something incorrect but it was actually rack-test. This was fixed
in brynary/rack-test@4a4b2c1 and is no longer an issue. This commit
bumps rack-test in Rails so changes to Rack don't cause failures.

See rack/rack#813 for more information.
 2015-03-01 16:58:15 -05:00
Santiago Pastorino da175a2b46 Relax Rack dependency 
Rack is very carefully released, we should be able to upgrade minor
versions without much effort. We are a bunch of Rails core who are also
Rack core members so there won't be any issue with that. And in case
there's something wrong, we should fix on both sides.
Even though, doesn't seem like we will have a 1.7 version, this will be
useful as an example for when we go with Rack 2.0. We should ~> 2.0.
 2015-01-12 15:32:33 -02:00
claudiob d3b098b828 Require Ruby 2.2 for Rails 5.0 
Stems from [this comment](https://github.com/rails/rails/pull/18203#issuecomment-68138096) by @robin850
and by the blog post http://weblog.rubyonrails.org/2014/12/19/Rails-4-2-final
 2014-12-26 13:53:09 +01:00
Godfrey Chan 111f2f4422 Use released rack 
`rack.version` was bumped in 28e77c710a
 2014-12-19 01:26:19 -08:00
claudiob 96d0f751f9 Bump required Ruby version to 2.1.0 
[This article](http://weblog.rubyonrails.org/2014/8/20/Rails-4-2-beta1/#maintenance-consequences-and-rails-5-0) states that:

> Rails 5.0 is in most likelihood going to target Ruby 2.2.

Before the exact minimum version is fully decided, @arthurnn [suggests](https://github.com/rails/rails/pull/17830#issuecomment-64940383)
that **at least** version 2.1.0 **must** be required by the `gemspec` files.
 2014-11-28 22:59:51 -08:00
Santiago Pastorino 5ac824ecb7 Bump to rack 1.6.0.beta2 2014-11-27 16:54:44 -02:00
Rafael Mendonça França e3f7817cec Use released rails-dom-testing 2014-11-25 19:43:36 -02:00
Rafael Mendonça França be5521eb4e Use released rails-dom-testing 2014-10-16 16:53:46 -03:00
Godfrey Chan b008e4bd8a Use released rails-html-sanitizer and rails-deprecated_sanitizer 2014-09-26 01:37:05 +09:00
Rafael Mendonça França 2c0cad8034 Use released rails-dom-testing 2014-09-25 12:31:42 -03:00
Kasper Timm Hansen 28eecd934b Ship with rails-html-sanitizer instead. 2014-09-03 20:27:59 +02:00
Rafael Mendonça França 08f209614b Use released rails-deprecated_sanitizer 2014-08-19 16:45:31 -03:00
Rafael Mendonça França fad9e729f1 Fix the rails-dom-testing dependecy 2014-08-19 16:41:38 -03:00
Santiago Pastorino 6b32a4f371 Bump rack dependency 2014-08-18 16:10:58 -03:00
Kasper Timm Hansen 1e2ffe7ae6 Prepare for partial release. 
- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.
 2014-08-17 19:25:47 +02:00
Rafael Mendonça França a8c667e8f1 Defining the right dependencies 2014-07-15 13:40:22 -03:00
Jarmo Isotalo adffea62b5 Upgraded rack 
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.

Also modified generators to include rack/rack for not yet released
version of rack
 2014-05-19 00:03:08 +03:00
Łukasz Strzałkowski d8888b94b3 Retain ActionPack dependency on ActionView 2013-12-05 01:02:46 +01:00
Erik Michaels-Ober 04a1442c4d Remove tzinfo dependency from Action Pack 
This gem is used by Active Support but it should not be a dependency of
Action Pack.
 2013-09-17 19:15:25 +02:00
Łukasz Strzałkowski e29c1b3103 Remove dependency on AV 2013-08-25 11:39:12 +02:00
Piotr Sarnacki 78b0934dd1 Add bare actionview gem to the root directory 
This commit creates structure for Action View gem and is first of a
series of commits extracting Action View from Action Pack.
 2013-06-20 17:23:15 +02:00
kennyj 4ed4cfd5ed Bump TZInfo version to 0.3.37 based on version v2013b of the underlying tz data. 2013-03-26 02:12:49 +09:00