Kasper Timm Hansen
12001611d6
Require and support rails-html-sanitzer 1.2.0
...
Rails now requires 1.2.0 because it relies on the safe_list_sanitizer
API exclusively.
Also raise `sanitizer_vendor` API from the dead for
rails-deprecated_sanitizer.
Fixes https://github.com/rails/rails-deprecated_sanitizer/pull/6
2019-08-09 00:07:45 +02:00
Abhay Nikam
476abd403b
Updated links from http to https in guides, docs, etc
2019-03-09 16:43:47 +05:30
Kasper Timm Hansen
647d7e6167
Revert "Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json""
...
I reverted the wrong commit. Damn it.
This reverts commit f66a977fc7
.
2019-01-08 22:19:22 +01:00
Kasper Timm Hansen
f66a977fc7
Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"
...
We had a discussion on the Core team and we don't want to expose this information
as a JSON endpoint and not by default.
It doesn't make sense to expose this JSON locally and this controller is only
accessible in dev, so the proposed access from a production app seems off.
This reverts commit 8eaffe7e89
, reversing
changes made to b6e4305c3b
.
2019-01-08 22:16:58 +01:00
Kasper Timm Hansen
1b7c3222e8
Require Ruby 2.5 for Rails 6.
...
Generally followed the pattern for https://github.com/rails/rails/pull/32034
* Removes needless CI configs for 2.4
* Targets 2.5 in rubocop
* Updates existing CHANGELOG entries for fewer merge conflicts
* Removes Hash#slice extension as that's inlined on Ruby 2.5.
* Removes the need for send on define_method in MethodCallAssertions.
2018-12-19 21:47:50 +01:00
Gannon McGibbon
e74fdbe00c
Amend CVE note and security guide section wordings
...
Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.
[ci skip]
2018-11-06 18:06:57 -05:00
Gannon McGibbon
1c11688b56
Add CVE note to security guide and gemspecs
...
[ci skip]
2018-11-06 14:25:36 -05:00
Jeremy Daer
d4eb0dc89e
Rails 6 requires Ruby 2.4.1+
...
Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug.
References #32028
2018-02-17 15:34:57 -08:00
Rafael Mendonça França
0ea8e7db1a
Remove support to Ruby 2.2
...
Rails 6 will only support Ruby >= 2.3.
2018-02-16 18:52:10 -05:00
Kir Shatrov
dfcc766163
Use frozen string literal in actionpack/
2017-07-29 14:02:40 +03:00
Dwight Watson
de550be5ea
Update rack-test dependency constraint
2017-07-24 15:09:00 +10:00
Matthew Draper
87b3e226d6
Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"
...
This reverts commit 3420a14590
, reversing
changes made to afb66a5a59
.
2017-07-02 02:15:17 +09:30
Kir Shatrov
cfade1ec7e
Enforce frozen string in Rubocop
2017-07-01 02:11:03 +03:00
Grey Baker
3e6ce1cd69
Add source code and changelog links to gemspecs
2017-06-28 10:06:01 +01:00
bogdanvlviv
40bdbce191
Define path with __dir__
...
".. with __dir__ we can restore order in the Universe." - by @fxn
Related to 5b8738c2df
2017-05-23 00:53:51 +03:00
Xavier Noria
adca8154c6
applies new string literal convention in the gemspecs
...
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
2016-08-06 19:27:12 +02:00
Rafael Mendonça França
3bf0fe4a9c
Do not allow rack pre releases
2016-06-30 15:12:08 -03:00
Connor Shea
86c860ff0c
Update rails-dom-testing gem to 2.0
...
Resolves #24924 .
2016-05-09 20:23:42 -06:00
Xavier Noria
1eb27fafa9
revises the homepage URL in the gemspecs [ci skip]
...
References https://github.com/rails/homepage/issues/46 .
2016-03-10 07:55:27 +01:00
Rafael Mendonça França
9b5ae716db
Revert "Merge pull request #23562 from Azzurrio/patch-1"
...
This reverts commit 8c3cca5e11
, reversing
changes made to 9dcf67c4da
.
Reason: https://github.com/rails/rails/pull/23562#issuecomment-181442569
2016-02-08 14:09:29 -02:00
Karim El-Husseiny
ec82c13dd4
Update rails-html-sanitizer version to v1.0.3
...
rails-html-sanitizer 1.0.2 is vulnerable: https://groups.google.com/d/msg/rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ
2016-02-08 17:04:31 +02:00
Aaron Patterson
51211a94bd
point at rack master
2015-08-20 13:45:11 -07:00
Rafael Mendonça França
8aadbeb3de
Remove concurrent-ruby from Action Pack gemspec
...
It is already on Active Support
2015-07-14 15:17:41 -03:00
Jerry D'Antonio
284a9ba8ec
Replaced `ActiveSupport::Concurrency::Latch` with concurrent-ruby.
...
The concurrent-ruby gem is a toolset containing many concurrency
utilities. Many of these utilities include runtime-specific
optimizations when possible. Rather than clutter the Rails codebase with
concurrency utilities separate from the core task, such tools can be
superseded by similar tools in the more specialized gem. This commit
replaces `ActiveSupport::Concurrency::Latch` with
`Concurrent::CountDownLatch`, which is functionally equivalent.
2015-07-13 15:44:21 -04:00
Jon Atack
32f7491808
Upgrade to Ruby 2.2.2
...
and fix the grammar in the ruby_version_check.rb user message.
2015-04-14 08:41:56 +05:30
Rafael Mendonça França
2c1f6267f9
Merge pull request #19252 from kaspth/single-escaping-strip-tags
...
Let strip_tags leave HTML escaping to Rails.
2015-03-10 16:05:47 -03:00
Kasper Timm Hansen
37695b8aab
Let strip_tags leave HTML escaping to Rails.
...
Prevents double escaping errors, such as "&" becoming "&".
2015-03-10 20:04:01 +01:00
Peter Suschlik
f0768eba28
Target Ruby 2.2.1 in gemspecs
...
This is a follow-up to #19257
2015-03-09 09:56:26 +01:00
eileencodes
e1e2b54e85
Bump rack-test to fix nil values being sent to `parse_nested_query`
...
I found that nil values were being incorrectly sent to
`parse_nested_query` in Rack. Originally it was thought that Rails was
doing something incorrect but it was actually rack-test. This was fixed
in brynary/rack-test@4a4b2c1 and is no longer an issue. This commit
bumps rack-test in Rails so changes to Rack don't cause failures.
See rack/rack#813 for more information.
2015-03-01 16:58:15 -05:00
Santiago Pastorino
da175a2b46
Relax Rack dependency
...
Rack is very carefully released, we should be able to upgrade minor
versions without much effort. We are a bunch of Rails core who are also
Rack core members so there won't be any issue with that. And in case
there's something wrong, we should fix on both sides.
Even though, doesn't seem like we will have a 1.7 version, this will be
useful as an example for when we go with Rack 2.0. We should ~> 2.0.
2015-01-12 15:32:33 -02:00
claudiob
d3b098b828
Require Ruby 2.2 for Rails 5.0
...
Stems from [this comment](https://github.com/rails/rails/pull/18203#issuecomment-68138096 ) by @robin850
and by the blog post http://weblog.rubyonrails.org/2014/12/19/Rails-4-2-final
2014-12-26 13:53:09 +01:00
Godfrey Chan
111f2f4422
Use released rack
...
`rack.version` was bumped in 28e77c710a
2014-12-19 01:26:19 -08:00
claudiob
96d0f751f9
Bump required Ruby version to 2.1.0
...
[This article](http://weblog.rubyonrails.org/2014/8/20/Rails-4-2-beta1/#maintenance-consequences-and-rails-5-0 ) states that:
> Rails 5.0 is in most likelihood going to target Ruby 2.2.
Before the exact minimum version is fully decided, @arthurnn [suggests](https://github.com/rails/rails/pull/17830#issuecomment-64940383 )
that **at least** version 2.1.0 **must** be required by the `gemspec` files.
2014-11-28 22:59:51 -08:00
Santiago Pastorino
5ac824ecb7
Bump to rack 1.6.0.beta2
2014-11-27 16:54:44 -02:00
Rafael Mendonça França
e3f7817cec
Use released rails-dom-testing
2014-11-25 19:43:36 -02:00
Rafael Mendonça França
be5521eb4e
Use released rails-dom-testing
2014-10-16 16:53:46 -03:00
Godfrey Chan
b008e4bd8a
Use released rails-html-sanitizer and rails-deprecated_sanitizer
2014-09-26 01:37:05 +09:00
Rafael Mendonça França
2c0cad8034
Use released rails-dom-testing
2014-09-25 12:31:42 -03:00
Kasper Timm Hansen
28eecd934b
Ship with rails-html-sanitizer instead.
2014-09-03 20:27:59 +02:00
Rafael Mendonça França
08f209614b
Use released rails-deprecated_sanitizer
2014-08-19 16:45:31 -03:00
Rafael Mendonça França
fad9e729f1
Fix the rails-dom-testing dependecy
2014-08-19 16:41:38 -03:00
Santiago Pastorino
6b32a4f371
Bump rack dependency
2014-08-18 16:10:58 -03:00
Kasper Timm Hansen
1e2ffe7ae6
Prepare for partial release.
...
- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.
2014-08-17 19:25:47 +02:00
Rafael Mendonça França
a8c667e8f1
Defining the right dependencies
2014-07-15 13:40:22 -03:00
Jarmo Isotalo
adffea62b5
Upgraded rack
...
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
2014-05-19 00:03:08 +03:00
Łukasz Strzałkowski
d8888b94b3
Retain ActionPack dependency on ActionView
2013-12-05 01:02:46 +01:00
Erik Michaels-Ober
04a1442c4d
Remove tzinfo dependency from Action Pack
...
This gem is used by Active Support but it should not be a dependency of
Action Pack.
2013-09-17 19:15:25 +02:00
Łukasz Strzałkowski
e29c1b3103
Remove dependency on AV
2013-08-25 11:39:12 +02:00
Piotr Sarnacki
78b0934dd1
Add bare actionview gem to the root directory
...
This commit creates structure for Action View gem and is first of a
series of commits extracting Action View from Action Pack.
2013-06-20 17:23:15 +02:00
kennyj
4ed4cfd5ed
Bump TZInfo version to 0.3.37 based on version v2013b of the underlying tz data.
2013-03-26 02:12:49 +09:00