Commits · v7.0.8.6 · GitHub User Contribution Mapping Tests / UCM-enabled-Nov-19

Oct 23, 2024
- Preparing for 7.0.8.6 release · bc979c5c
  John Hawthorn authored 5 months ago
  
  View commits for tag v7.0.8.6 v7.0.8.6
  
  bc979c5c
- Fix relesaser Gemfile to include blade and sprockets-export · 4a782257
  Rafael Mendonça França authored 5 months ago
  
  Those are require to relesase actionview.
  4a782257
- Improvements to releaser · 9951c3f5
  John Hawthorn authored 6 months ago
  
  * Check for gh default repo * Add --verify-tag to release create * Run build and print checksums before push
  9951c3f5
- Fix NoMethodError in ActionMailer block_format · 07f5c9bd
  Michael Leimstaedtner authored 5 months ago
  
  07f5c9bd
Oct 15, 2024
- Preparing for 7.0.8.5 release · f61f4ef9
  John Hawthorn authored 6 months ago
  
  View commits for tag v7.0.8.5 v7.0.8.5
  
  f61f4ef9
- Update CHANGELOGs · d666c965
  John Hawthorn authored 6 months ago
  
  d666c965
- Merge pull request #16 from rails/7-0-sec-relase · 35bf08d3
  John Hawthorn authored 6 months ago
  
  Add release script to 7-0-stable
  35bf08d3
- Remove required Ruby version from releaser · d8f015b4
  John Hawthorn authored 6 months ago
  
  d8f015b4
- Merge pull request #53053 from gabriel-amaral/gabriel-amaral/fix-devcontainer-image-build · 3d16b149
  Rafael Mendonça França authored 6 months ago
  
  Copy tools/releaser to devcontainer Docker image
  3d16b149
- Merge pull request #52962 from rails/rm-releser · 30abd6bd
  Rafael Mendonça França authored 6 months ago
  
  New release process using Trusted Publishing
  30abd6bd
- Avoid backtracking in ActionMailer block_format · 0e5694f4
  John Hawthorn authored 6 months ago
  
  [CVE-2024-47889] Thanks to yuki_osaki and scyoon for reporting this vulnerability
  0e5694f4
- ActionText: Avoid backtracing in plain_text_for_blockquote_node · 727b0946
  John Hawthorn authored 6 months ago
  
  [CVE-2024-47888] Co-authored-by: ooooooo_q <ooooooo-q@users.noreply.github.com>
  727b0946
- Avoid backtracking in filtered_query_string · b1241f46
  John Hawthorn authored 6 months ago
  
  Thanks scyoon for the patch CVE-2024-41128
  b1241f46
- Avoid backtracking in Token#raw_params · 56b2fc33
  John Hawthorn authored 6 months ago
  
  Thanks to scyoon for the patch [CVE-2024-47887]
  56b2fc33
- Update gems · 4e89a681
  John Hawthorn authored 6 months ago
  
  4e89a681
- Add missing require · fb16c1f1
  John Hawthorn authored 6 months ago
  
  fb16c1f1
- Merge pull request #51510 from fatkodima/remove-ostruct · 40d8b920
  Jean Boussier authored 1 year ago
  
  Remove usage of `OpenStruct`
  40d8b920
- Merge pull request #51984 from zzak/7-1-51075 · d738eec3
  Jean Boussier authored 10 months ago
  
  [7-1-stable] Update Method#duplicable? to be consistent with Ruby 3.4
  d738eec3
- Merge pull request #49416 from Shopify/fix-render-call-extractor-on-ruby-3.3 · 85590399
  Rafael Mendonça França authored 1 year ago
  
  Fix RenderCallExtractor to be compatible with Ruby 3.3
  85590399
- [7-0-stable] Lock sqlite3 to 1.7.x in bug_report_templates to prevent slipping to 2.x · 1e180878
  zzak authored 9 months ago
  
``` --- Running bug_report_templates/action_mailbox.rb Fetching gem metadata from https://rubygems.org/........... Resolving dependencies... Fetching sqlite3 2.0.2 Installing sqlite3 2.0.2 with native extensions /home/zzak/.rbenv/versions/3.4.0/lib/ruby/gems/3.4.0+0/gems/bundler-2.4.19/lib/bundler/rubygems_integration.rb:280:in 'block (2 levels) in Kernel#replace_gem': Error loading the 'sqlite3' Active Record adapter. Missing a gem it depends on? can't activate sqlite3 (~> 1.4), already activated sqlite3-2.0.2. Make sure all dependencies are added to Gemfile. (LoadError) ```
1e180878
- Merge pull request #50376 from skipkayhil/hm-bug-templates-missing-sqlite · b259a1d8
  Yasuo Honda authored 1 year ago
  
  Add sqlite3 back to bug templates that need it
  b259a1d8
- Merge pull request #50317 from zzak/consolidate-bug_reports · af2daf6c
  Jean Boussier authored 1 year ago
  
  Consolidate bug_report_templates and remove the gem versions
  af2daf6c
- Merge pull request #48514 from p8/guides/config-secret-key-base · 11c9d88a
  Guillermo Iguaran authored 1 year ago
  
  Set `secret_key_base` on `config` in bug_report_templates
  11c9d88a
- Merge pull request #52176 from zzak/7-0-selenium-webdriver · 6da6af8b
  Eileen M. Uchitelle authored 9 months ago
  
  [7-0-stable] Support selenium-webdriver 4.22.0 that enables CDP in Firefox by default
  6da6af8b
Oct 10, 2024
- Merge pull request #52143 from skipkayhil/hm-fix-7-0-stable-ci · 67c2813e
  Jean Boussier authored 10 months ago
  
  Regenerate yarn.lock
  67c2813e
Oct 09, 2024
- Lock importmap-rails to < 2 for Ruby 3.0 and older compatibility · ae3c4c1a
  Jean Boussier authored 6 months ago
  
  ae3c4c1a
Jun 04, 2024

Preparing for 7.0.8.4 release · ec7f2536
Aaron Patterson authored 10 months ago

View commits for tag v7.0.8.4 v7.0.8.4

ec7f2536
update changelog · f12d5aea
Aaron Patterson authored 10 months ago

f12d5aea

include the HTTP Permissions-Policy on non-HTML Content-Types · b84cbeca

Zack Deveau authored 1 year ago

[CVE-2024-28103]
The application configurable Permissions-Policy is only
served on responses with an HTML related Content-Type.

This change allows all Content-Types to serve the
configured Permissions-Policy as there are many non-HTML
Content-Types that would benefit from this header.
(examples include image/svg+xml and application/xml)

b84cbeca

May 17, 2024
- Preparing for 7.0.8.3 release · 08bc3ce3
  Rafael Mendonça França authored 11 months ago
  
  View commits for tag v7.0.8.3 v7.0.8.3
  
  08bc3ce3
- Keep actiontext depending on trix 1.3.1 · 73fac325
  Rafael Mendonça França authored 11 months ago
  
  73fac325
- Merge pull request #51851 from skipkayhil/hm-fix-7-0-trix · 83e6a75b
  Rafael Mendonça França authored 11 months ago
  
  Fix vendor_trix not fetching css file
  83e6a75b
May 16, 2024
- Preparing for 7.0.8.2 release · 7c8d2a1d
  Rafael Mendonça França authored 11 months ago
  
  View commits for tag v7.0.8.2 v7.0.8.2
  
  7c8d2a1d
- Upgrade Trix to 1.3.2 to fix [CVE-2024-34341][1] · 07e6c88c
  Rafael Mendonça França authored 11 months ago
  
  [1]: https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99
  07e6c88c
Feb 21, 2024
- Preparing for 7.0.8.1 release · 506462ab
  Aaron Patterson authored 1 year ago
  
  View commits for tag v7.0.8.1 v7.0.8.1
  
  506462ab
- update changelog · 030cd01b
  Aaron Patterson authored 1 year ago
  
  030cd01b
- fix XSS vulnerability when using translation · 4c83b331
  ooooooo_q authored 1 year ago
  
  [CVE-2024-26143]
  4c83b331
- Merge pull request #48869 from brunoprietog/disable-session-active-storage-proxy-controllers · 723f5456
  Rafael Mendonça França authored 1 year ago
  
  Disable session in ActiveStorage blobs and representations proxy controllers [CVE-2024-26144]
  723f5456
Sep 09, 2023
- Preparing for 7.0.8 release · fc734f28
  Rafael Mendonça França authored 1 year ago
  
  View commits for tag v7.0.8 v7.0.8
  
  fc734f28
- Merge pull request #44370 from mohits/patch-1 · af486bef
  Eileen M. Uchitelle authored 2 years ago
  
  Provide change summary before details for all gems
  af486bef