Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-actionpack-7.0 for
openSUSE:Factory checked in at 2023-11-02 20:23:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-7.0 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-7.0.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionpack-7.0"
Thu Nov 2 20:23:12 2023 rev:10 rq:1122857 version:7.0.8
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-7.0/rubygem-actionpack-7.0.changes
2023-07-03 17:43:11.716863360 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-7.0.new.17445/rubygem-actionpack-7.0.changes
2023-11-02 20:23:40.668710181 +0100
@@ -1,0 +2,27 @@
+Thu Nov 2 15:31:52 UTC 2023 - Dan Äermák <[email protected]>
+
+- ## Rails 7.0.8 (September 09, 2023) ##
+
+* Fix `HostAuthorization` potentially displaying the value of the
+ X_FORWARDED_HOST header when the HTTP_HOST header is being blocked.
+
+ *Hartley McGuire*, *Daniel Schlosser*
+
+## Rails 7.0.7.2 (August 22, 2023) ##
+
+* No changes.
+
+## Rails 7.0.7.1 (August 22, 2023) ##
+
+* No changes.
+
+## Rails 7.0.7 (August 09, 2023) ##
+
+* No changes.
+
+## Rails 7.0.6 (June 29, 2023) ##
+
+* No changes.
+
+
+-------------------------------------------------------------------
Old:
----
actionpack-7.0.5.1.gem
New:
----
actionpack-7.0.8.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionpack-7.0.spec ++++++
--- /var/tmp/diff_new_pack.kyxISh/_old 2023-11-02 20:23:41.248731525 +0100
+++ /var/tmp/diff_new_pack.kyxISh/_new 2023-11-02 20:23:41.248731525 +0100
@@ -24,12 +24,11 @@
#
Name: rubygem-actionpack-7.0
-Version: 7.0.5.1
+Version: 7.0.8
Release: 0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
%define mod_version_suffix -7.0
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: %{ruby >= 2.7.0}
BuildRequires: %{rubygem gem2rpm}
BuildRequires: ruby-macros >= 5
@@ -38,7 +37,6 @@
Source1: gem2rpm.yml
Summary: Web-flow and rendering framework putting the VC in MVC (part of
License: MIT
-Group: Development/Languages/Ruby
%description
Web apps on Rails. Simple, battle-tested conventions for building and testing
++++++ actionpack-7.0.5.1.gem -> actionpack-7.0.8.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2023-06-26 23:35:15.000000000 +0200
+++ new/CHANGELOG.md 2023-09-09 21:09:47.000000000 +0200
@@ -1,3 +1,31 @@
+## Rails 7.0.8 (September 09, 2023) ##
+
+* Fix `HostAuthorization` potentially displaying the value of the
+ X_FORWARDED_HOST header when the HTTP_HOST header is being blocked.
+
+ *Hartley McGuire*, *Daniel Schlosser*
+
+
+## Rails 7.0.7.2 (August 22, 2023) ##
+
+* No changes.
+
+
+## Rails 7.0.7.1 (August 22, 2023) ##
+
+* No changes.
+
+
+## Rails 7.0.7 (August 09, 2023) ##
+
+* No changes.
+
+
+## Rails 7.0.6 (June 29, 2023) ##
+
+* No changes.
+
+
## Rails 7.0.5.1 (June 26, 2023) ##
* Raise an exception if illegal characters are provide to redirect_to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.rdoc new/README.rdoc
--- old/README.rdoc 2023-06-26 23:35:15.000000000 +0200
+++ new/README.rdoc 2023-09-09 21:09:47.000000000 +0200
@@ -30,7 +30,7 @@
$ gem install actionpack
-Source code can be downloaded as part of the Rails project on GitHub:
+Source code can be downloaded as part of the \Rails project on GitHub:
* https://github.com/rails/rails/tree/main/actionpack
@@ -48,7 +48,7 @@
* https://api.rubyonrails.org
-Bug reports for the Ruby on Rails project can be filed here:
+Bug reports for the Ruby on \Rails project can be filed here:
* https://github.com/rails/rails/issues
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/abstract_controller/helpers.rb
new/lib/abstract_controller/helpers.rb
--- old/lib/abstract_controller/helpers.rb 2023-06-26 23:35:15.000000000
+0200
+++ new/lib/abstract_controller/helpers.rb 2023-09-09 21:09:47.000000000
+0200
@@ -85,10 +85,13 @@
file, line = location.path, location.lineno
methods.each do |method|
- _helpers_for_modification.class_eval <<~ruby_eval, file, line
- def #{method}(*args, &block) # def
current_user(*args, &block)
- controller.send(:'#{method}', *args, &block) #
controller.send(:'current_user', *args, &block)
- end # end
+ # def current_user(*args, &block)
+ # controller.send(:'current_user', *args, &block)
+ # end
+ _helpers_for_modification.class_eval
<<~ruby_eval.lines.map(&:strip).join(";"), file, line
+ def #{method}(*args, &block)
+ controller.send(:'#{method}', *args, &block)
+ end
ruby2_keywords(:'#{method}')
ruby_eval
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/abstract_controller/translation.rb
new/lib/abstract_controller/translation.rb
--- old/lib/abstract_controller/translation.rb 2023-06-26 23:35:15.000000000
+0200
+++ new/lib/abstract_controller/translation.rb 2023-09-09 21:09:47.000000000
+0200
@@ -6,7 +6,7 @@
module Translation
mattr_accessor :raise_on_missing_translations, default: false
- # Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
+ # Delegates to <tt>I18n.translate</tt>.
#
# When the given key starts with a period, it will be scoped by the current
# controller and action. So if you call <tt>translate(".foo")</tt> from
@@ -29,7 +29,7 @@
end
alias :t :translate
- # Delegates to <tt>I18n.localize</tt>. Also aliased as <tt>l</tt>.
+ # Delegates to <tt>I18n.localize</tt>.
def localize(object, **options)
I18n.localize(object, **options)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal/redirecting.rb
new/lib/action_controller/metal/redirecting.rb
--- old/lib/action_controller/metal/redirecting.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_controller/metal/redirecting.rb 2023-09-09
21:09:47.000000000 +0200
@@ -87,7 +87,7 @@
allow_other_host = response_options.delete(:allow_other_host) {
_allow_other_host }
- self.status = _extract_redirect_to_status(options,
response_options)
+ self.status = _extract_redirect_to_status(options, response_options)
redirect_to_location = _compute_redirect_to_location(request, options)
_ensure_url_is_http_header_safe(redirect_to_location)
@@ -215,7 +215,7 @@
# Attempt to comply with the set of valid token characters
# defined for an HTTP header value in
# https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6
- if url.match(ILLEGAL_HEADER_VALUE_REGEX)
+ if url.match?(ILLEGAL_HEADER_VALUE_REGEX)
msg = "The redirect URL #{url} contains one or more illegal HTTP
header field character. " \
"Set of legal characters defined in
https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6";
raise UnsafeRedirectError, msg
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal/renderers.rb
new/lib/action_controller/metal/renderers.rb
--- old/lib/action_controller/metal/renderers.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_controller/metal/renderers.rb 2023-09-09
21:09:47.000000000 +0200
@@ -3,12 +3,12 @@
require "set"
module ActionController
- # See <tt>Renderers.add</tt>
+ # See Renderers.add
def self.add_renderer(key, &block)
Renderers.add(key, &block)
end
- # See <tt>Renderers.remove</tt>
+ # See Renderers.remove
def self.remove_renderer(key)
Renderers.remove(key)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal/rescue.rb
new/lib/action_controller/metal/rescue.rb
--- old/lib/action_controller/metal/rescue.rb 2023-06-26 23:35:15.000000000
+0200
+++ new/lib/action_controller/metal/rescue.rb 2023-09-09 21:09:47.000000000
+0200
@@ -1,9 +1,10 @@
# frozen_string_literal: true
module ActionController # :nodoc:
- # This module is responsible for providing +rescue_from+ helpers
- # to controllers and configuring when detailed exceptions must be
- # shown.
+ # This module is responsible for providing
+ # {rescue_from}[rdoc-ref:ActiveSupport::Rescuable::ClassMethods#rescue_from]
+ # to controllers, wrapping actions to handle configured errors, and
+ # configuring when detailed exceptions must be shown.
module Rescue
extend ActiveSupport::Concern
include ActiveSupport::Rescuable
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal/strong_parameters.rb
new/lib/action_controller/metal/strong_parameters.rb
--- old/lib/action_controller/metal/strong_parameters.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_controller/metal/strong_parameters.rb 2023-09-09
21:09:47.000000000 +0200
@@ -97,7 +97,7 @@
# * +false+ to take no action.
# * <tt>:log</tt> to emit an
<tt>ActiveSupport::Notifications.instrument</tt> event on the
# <tt>unpermitted_parameters.action_controller</tt> topic and log at the
DEBUG level.
- # * <tt>:raise</tt> to raise a
<tt>ActionController::UnpermittedParameters</tt> exception.
+ # * <tt>:raise</tt> to raise an ActionController::UnpermittedParameters
exception.
#
# Examples:
#
@@ -146,7 +146,7 @@
# :method: each_key
#
# :call-seq:
- # each_key()
+ # each_key(&block)
#
# Calls block once for each key in the parameters, passing the key.
# If no block is given, an enumerator is returned instead.
@@ -160,14 +160,6 @@
# Returns true if the parameters have no key/value pairs.
##
- # :method: has_key?
- #
- # :call-seq:
- # has_key?(key)
- #
- # Returns true if the given key is present in the parameters.
-
- ##
# :method: has_value?
#
# :call-seq:
@@ -184,22 +176,6 @@
# Returns true if the given key is present in the parameters.
##
- # :method: key?
- #
- # :call-seq:
- # key?(key)
- #
- # Returns true if the given key is present in the parameters.
-
- ##
- # :method: member?
- #
- # :call-seq:
- # member?(key)
- #
- # Returns true if the given key is present in the parameters.
-
- ##
# :method: keys
#
# :call-seq:
@@ -230,9 +206,13 @@
# values()
#
# Returns a new array of the values of the parameters.
- delegate :keys, :key?, :has_key?, :member?, :values, :has_value?, :value?,
:empty?, :include?,
+ delegate :keys, :values, :has_value?, :value?, :empty?, :include?,
:as_json, :to_s, :each_key, to: :@parameters
+ alias_method :has_key?, :include?
+ alias_method :key?, :include?
+ alias_method :member?, :include?
+
# By default, never raise an UnpermittedParameters exception if these
# params are present. The default includes both 'controller' and 'action'
# because they are added by Rails and should be of no concern. One way
@@ -248,7 +228,7 @@
end
end
- # Returns a new instance of <tt>ActionController::Parameters</tt>.
+ # Returns a new <tt>ActionController::Parameters</tt> instance.
# Also, sets the +permitted+ attribute to the default value of
# <tt>ActionController::Parameters.permit_all_parameters</tt>.
#
@@ -290,7 +270,7 @@
[self.class, @parameters, @permitted].hash
end
- # Returns a safe <tt>ActiveSupport::HashWithIndifferentAccess</tt>
+ # Returns a safe ActiveSupport::HashWithIndifferentAccess
# representation of the parameters with all unpermitted keys removed.
#
# params = ActionController::Parameters.new({
@@ -350,18 +330,15 @@
# safe_params.to_query("user")
# # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish"
#
- # The string pairs "key=value" that conform the query string
+ # The string pairs <tt>"key=value"</tt> that conform the query string
# are sorted lexicographically in ascending order.
- #
- # This method is also aliased as +to_param+.
def to_query(*args)
to_h.to_query(*args)
end
alias_method :to_param, :to_query
- # Returns an unsafe, unfiltered
- # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of the
- # parameters.
+ # Returns an unsafe, unfiltered ActiveSupport::HashWithIndifferentAccess
+ # representation of the parameters.
#
# params = ActionController::Parameters.new({
# name: "Senjougahara Hitagi",
@@ -401,7 +378,7 @@
# looping in the common use case permit + mass-assignment. Defined in a
# method to instantiate it only if needed.
#
- # Testing membership still loops, but it's going to be faster than our own
+ # \Testing membership still loops, but it's going to be faster than our own
# loop that converts values. Also, we are not going to build a new array
# object per fetch.
def converted_arrays
@@ -449,7 +426,7 @@
# ActionController::Parameters.new(person: { name: "Francesco"
}).require(:person)
# # => #<ActionController::Parameters {"name"=>"Francesco"} permitted:
false>
#
- # Otherwise raises <tt>ActionController::ParameterMissing</tt>:
+ # Otherwise raises ActionController::ParameterMissing:
#
# ActionController::Parameters.new.require(:person)
# # ActionController::ParameterMissing: param is missing or the value is
empty: person
@@ -501,7 +478,6 @@
end
end
- # Alias of #require.
alias :required :require
# Returns a new <tt>ActionController::Parameters</tt> instance that
@@ -523,7 +499,7 @@
# +:name+ passes if it is a key of +params+ whose associated value is of
type
# +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
# +Date+, +Time+, +DateTime+, +StringIO+, +IO+,
- # +ActionDispatch::Http::UploadedFile+ or +Rack::Test::UploadedFile+.
+ # ActionDispatch::Http::UploadedFile or +Rack::Test::UploadedFile+.
# Otherwise, the key +:name+ is filtered out.
#
# You may declare that the parameter should be an array of permitted
scalars
@@ -645,16 +621,16 @@
end
# Assigns a value to a given +key+. The given key may still get filtered
out
- # when +permit+ is called.
+ # when #permit is called.
def []=(key, value)
@parameters[key] = value
end
# Returns a parameter for the given +key+. If the +key+
# can't be found, there are several options: With no other arguments,
- # it will raise an <tt>ActionController::ParameterMissing</tt> error;
+ # it will raise an ActionController::ParameterMissing error;
# if a second argument is given, then that is returned (converted to an
- # instance of ActionController::Parameters if possible); if a block
+ # instance of +ActionController::Parameters+ if possible); if a block
# is given, then that will be run and its result returned.
#
# params = ActionController::Parameters.new(person: { name: "Francesco"
})
@@ -700,7 +676,7 @@
new_instance_with_inherited_permitted_status(@parameters.slice(*keys))
end
- # Returns current <tt>ActionController::Parameters</tt> instance which
+ # Returns the current <tt>ActionController::Parameters</tt> instance which
# contains only the given +keys+.
def slice!(*keys)
@parameters.slice!(*keys)
@@ -726,7 +702,7 @@
new_instance_with_inherited_permitted_status(@parameters.extract!(*keys))
end
- # Returns a new <tt>ActionController::Parameters</tt> with the results of
+ # Returns a new <tt>ActionController::Parameters</tt> instance with the
results of
# running +block+ once for every value. The keys are unchanged.
#
# params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
@@ -773,9 +749,9 @@
)
end
- # Returns the <tt>ActionController::Parameters</tt> instance changing its
keys.
- # This includes the keys from the root hash and from all nested hashes and
arrays.
- # The values are unchanged.
+ # Returns the same <tt>ActionController::Parameters</tt> instance with
+ # changed keys. This includes the keys from the root hash and from all
+ # nested hashes and arrays. The values are unchanged.
def deep_transform_keys!(&block)
@parameters.deep_transform_keys!(&block)
self
@@ -783,13 +759,13 @@
# Deletes a key-value pair from +Parameters+ and returns the value. If
# +key+ is not found, returns +nil+ (or, with optional code block, yields
- # +key+ and returns the result). Cf. #extract!, which returns the
- # corresponding +ActionController::Parameters+ object.
+ # +key+ and returns the result). This method is similar to #extract!, which
+ # returns the corresponding +ActionController::Parameters+ object.
def delete(key, &block)
convert_value_to_parameters(@parameters.delete(key, &block))
end
- # Returns a new instance of <tt>ActionController::Parameters</tt> with only
+ # Returns a new <tt>ActionController::Parameters</tt> instance with only
# items that the block evaluates to true.
def select(&block)
new_instance_with_inherited_permitted_status(@parameters.select(&block))
@@ -802,7 +778,7 @@
end
alias_method :keep_if, :select!
- # Returns a new instance of <tt>ActionController::Parameters</tt> with
items
+ # Returns a new <tt>ActionController::Parameters</tt> instance with items
# that the block evaluates to true removed.
def reject(&block)
new_instance_with_inherited_permitted_status(@parameters.reject(&block))
@@ -815,7 +791,7 @@
end
alias_method :delete_if, :reject!
- # Returns a new instance of <tt>ActionController::Parameters</tt> with
+nil+ values removed.
+ # Returns a new <tt>ActionController::Parameters</tt> instance with +nil+
values removed.
def compact
new_instance_with_inherited_permitted_status(@parameters.compact)
end
@@ -825,7 +801,7 @@
self if @parameters.compact!
end
- # Returns a new instance of <tt>ActionController::Parameters</tt> without
the blank values.
+ # Returns a new <tt>ActionController::Parameters</tt> instance without the
blank values.
# Uses Object#blank? for determining if a value is blank.
def compact_blank
reject { |_k, v| v.blank? }
@@ -843,7 +819,7 @@
convert_value_to_parameters(@parameters.values_at(*keys))
end
- # Returns a new <tt>ActionController::Parameters</tt> with all keys from
+ # Returns a new <tt>ActionController::Parameters</tt> instance with all
keys from
# +other_hash+ merged into current hash.
def merge(other_hash)
new_instance_with_inherited_permitted_status(
@@ -851,15 +827,15 @@
)
end
- # Returns current <tt>ActionController::Parameters</tt> instance with
+ # Returns the current <tt>ActionController::Parameters</tt> instance with
# +other_hash+ merged into current hash.
def merge!(other_hash)
@parameters.merge!(other_hash.to_h)
self
end
- # Returns a new <tt>ActionController::Parameters</tt> with all keys from
- # current hash merged into +other_hash+.
+ # Returns a new <tt>ActionController::Parameters</tt> instance with all
keys
+ # from current hash merged into +other_hash+.
def reverse_merge(other_hash)
new_instance_with_inherited_permitted_status(
other_hash.to_h.merge(@parameters)
@@ -867,7 +843,7 @@
end
alias_method :with_defaults, :reverse_merge
- # Returns current <tt>ActionController::Parameters</tt> instance with
+ # Returns the current <tt>ActionController::Parameters</tt> instance with
# current hash merged into +other_hash+.
def reverse_merge!(other_hash)
@parameters.merge!(other_hash.to_h) { |key, left, right| left }
@@ -917,7 +893,7 @@
coder.map = { "parameters" => @parameters, "permitted" => @permitted }
end
- # Returns duplicate of object including all parameters.
+ # Returns a duplicate +ActionController::Parameters+ instance with the
same permitted parameters.
def deep_dup
self.class.new(@parameters.deep_dup, @logging_context).tap do |duplicate|
duplicate.permitted = @permitted
@@ -1024,10 +1000,11 @@
# This is a list of permitted scalar types that includes the ones
# supported in XML and JSON requests.
#
- # This list is in particular used to filter ordinary requests, String
goes
+ # This list is in particular used to filter ordinary requests, \String
goes
# as first element to quickly short-circuit the common case.
#
- # If you modify this collection please update the API of +permit+ above.
+ # If you modify this collection please update the one in the #permit doc
+ # as well.
PERMITTED_SCALAR_TYPES = [
String,
Symbol,
@@ -1083,8 +1060,8 @@
value.is_a?(Array) || value.is_a?(Parameters)
end
- EMPTY_ARRAY = []
- EMPTY_HASH = {}
+ EMPTY_ARRAY = [] # :nodoc:
+ EMPTY_HASH = {} # :nodoc:
def hash_filter(params, filter)
filter = filter.with_indifferent_access
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_dispatch/middleware/host_authorization.rb
new/lib/action_dispatch/middleware/host_authorization.rb
--- old/lib/action_dispatch/middleware/host_authorization.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_dispatch/middleware/host_authorization.rb 2023-09-09
21:09:47.000000000 +0200
@@ -95,7 +95,7 @@
def response_body(request)
return "" unless
request.get_header("action_dispatch.show_detailed_exceptions")
- template = DebugView.new(host: request.host)
+ template = DebugView.new(hosts:
request.env["action_dispatch.blocked_hosts"])
template.render(template: "rescues/blocked_host", layout:
"rescues/layout")
end
@@ -111,7 +111,7 @@
return unless logger
- logger.error("[#{self.class.name}] Blocked host: #{request.host}")
+ logger.error("[#{self.class.name}] Blocked hosts:
#{request.env["action_dispatch.blocked_hosts"].join(", ")}")
end
def available_logger(request)
@@ -131,21 +131,28 @@
return @app.call(env) if @permissions.empty?
request = Request.new(env)
+ hosts = blocked_hosts(request)
- if authorized?(request) || excluded?(request)
+ if hosts.empty? || excluded?(request)
mark_as_authorized(request)
@app.call(env)
else
+ env["action_dispatch.blocked_hosts"] = hosts
@response_app.call(env)
end
end
private
- def authorized?(request)
+ def blocked_hosts(request)
+ hosts = []
+
origin_host = request.get_header("HTTP_HOST")
+ hosts << origin_host unless @permissions.allows?(origin_host)
+
forwarded_host = request.x_forwarded_host&.split(/,\s?/)&.last
+ hosts << forwarded_host unless forwarded_host.blank? ||
@permissions.allows?(forwarded_host)
- @permissions.allows?(origin_host) && (forwarded_host.blank? ||
@permissions.allows?(forwarded_host))
+ hosts
end
def excluded?(request)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_dispatch/middleware/show_exceptions.rb
new/lib/action_dispatch/middleware/show_exceptions.rb
--- old/lib/action_dispatch/middleware/show_exceptions.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_dispatch/middleware/show_exceptions.rb 2023-09-09
21:09:47.000000000 +0200
@@ -6,14 +6,17 @@
# This middleware rescues any exception returned by the application
# and calls an exceptions app that will wrap it in a format for the end user.
#
- # The exceptions app should be passed as parameter on initialization
- # of ShowExceptions. Every time there is an exception, ShowExceptions will
- # store the exception in env["action_dispatch.exception"], rewrite the
- # PATH_INFO to the exception status code and call the Rack app.
+ # The exceptions app should be passed as a parameter on initialization of
+ # +ShowExceptions+. Every time there is an exception, +ShowExceptions+ will
+ # store the exception in <tt>env["action_dispatch.exception"]</tt>, rewrite
+ # the +PATH_INFO+ to the exception status code and call the Rack app.
#
- # If the application returns a "X-Cascade" pass response, this middleware
- # will send an empty response as result with the correct status code.
- # If any exception happens inside the exceptions app, this middleware
+ # In \Rails applications, the exceptions app can be configured with
+ # +config.exceptions_app+, which defaults to
ActionDispatch::PublicExceptions.
+ #
+ # If the application returns an <tt>"X-Cascade" => "pass"</tt> response, this
+ # middleware will send an empty response as a result with the correct status
+ # code. If any exception happens inside the exceptions app, this middleware
# catches the exceptions and returns a failsafe response.
class ShowExceptions
def initialize(app, exceptions_app)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
new/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
--- old/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
2023-06-26 23:35:15.000000000 +0200
+++ new/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb
2023-09-09 21:09:47.000000000 +0200
@@ -1,8 +1,12 @@
<header>
- <h1>Blocked host: <%= @host %></h1>
+ <h1>Blocked hosts: <%= @hosts.join(", ") %></h1>
</header>
<main role="main" id="container">
- <h2>To allow requests to <%= @host %> make sure it is a valid hostname
(containing only numbers, letters, dashes and dots), then add the following to
your environment configuration:</h2>
- <pre>config.hosts << "<%= @host %>"</pre>
+ <h2>To allow requests to these hosts, make sure they are valid hostnames
(containing only numbers, letters, dashes and dots), then add the following to
your environment configuration:</h2>
+ <pre>
+ <% @hosts.each do |host| %>
+ config.hosts << "<%= host %>"
+ <% end %>
+ </pre>
<p>For more details view: <a
href="https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization";>the
Host Authorization guide</a></p>
</main>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
new/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
--- old/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
2023-06-26 23:35:15.000000000 +0200
+++ new/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb
2023-09-09 21:09:47.000000000 +0200
@@ -1,7 +1,9 @@
-Blocked host: <%= @host %>
+Blocked hosts: <%= @hosts.join(", ") %>
-To allow requests to <%= @host %> make sure it is a valid hostname (containing
only numbers, letters, dashes and dots), then add the following to your
environment configuration:
+To allow requests to these hosts, make sure they are valid hostnames
(containing only numbers, letters, dashes and dots), then add the following to
your environment configuration:
- config.hosts << "<%= @host %>"
+<% @hosts.each do |host| %>
+ config.hosts << "<%= host %>"
+<% end %>
For more details on host authorization view:
https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_dispatch/system_testing/browser.rb
new/lib/action_dispatch/system_testing/browser.rb
--- old/lib/action_dispatch/system_testing/browser.rb 2023-06-26
23:35:15.000000000 +0200
+++ new/lib/action_dispatch/system_testing/browser.rb 2023-09-09
21:09:47.000000000 +0200
@@ -26,7 +26,7 @@
yield options if block_given? && options
end
- # driver_path can be configured as a proc. The webdrivers gem uses this
+ # driver_path can be configured as a proc.
# proc to update web drivers. Running this proc early allows us to only
# update the webdriver once and avoid race conditions when using
# parallel tests.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_pack/gem_version.rb
new/lib/action_pack/gem_version.rb
--- old/lib/action_pack/gem_version.rb 2023-06-26 23:35:15.000000000 +0200
+++ new/lib/action_pack/gem_version.rb 2023-09-09 21:09:47.000000000 +0200
@@ -9,8 +9,8 @@
module VERSION
MAJOR = 7
MINOR = 0
- TINY = 5
- PRE = "1"
+ TINY = 8
+ PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2023-06-26 23:35:15.000000000 +0200
+++ new/metadata 2023-09-09 21:09:47.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionpack
version: !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2023-06-26 00:00:00.000000000 Z
+date: 2023-09-09 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.5.1
+ version: 7.0.8
description: Web apps on Rails. Simple, battle-tested conventions for building
and
testing MVC web applications. Works with any Rack-compatible server.
email: [email protected]
@@ -310,10 +310,10 @@
- MIT
metadata:
bug_tracker_uri: https://github.com/rails/rails/issues
- changelog_uri:
https://github.com/rails/rails/blob/v7.0.5.1/actionpack/CHANGELOG.md
- documentation_uri: https://api.rubyonrails.org/v7.0.5.1/
+ changelog_uri:
https://github.com/rails/rails/blob/v7.0.8/actionpack/CHANGELOG.md
+ documentation_uri: https://api.rubyonrails.org/v7.0.8/
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
- source_code_uri: https://github.com/rails/rails/tree/v7.0.5.1/actionpack
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.8/actionpack
rubygems_mfa_required: 'true'
post_install_message:
rdoc_options: []
@@ -331,7 +331,7 @@
version: '0'
requirements:
- none
-rubygems_version: 3.3.3
+rubygems_version: 3.4.18
signing_key:
specification_version: 4
summary: Web-flow and rendering framework putting the VC in MVC (part of
Rails).
