Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-actionview-7.0 for
openSUSE:Factory checked in at 2022-10-12 18:24:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-actionview-7.0 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionview-7.0.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionview-7.0"
Wed Oct 12 18:24:58 2022 rev:6 rq:1010042 version:7.0.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-actionview-7.0/rubygem-actionview-7.0.changes
2022-08-06 22:07:48.974596924 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionview-7.0.new.2275/rubygem-actionview-7.0.changes
2022-10-12 18:26:40.661952187 +0200
@@ -1,0 +2,30 @@
+Mon Oct 10 12:52:48 UTC 2022 - Stephan Kulow <co...@suse.com>
+
+updated to version 7.0.4
+ see installed CHANGELOG.md
+
+ ## Rails 7.0.4 (September 09, 2022) ##
+
+ * Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with
nil
+ `object_name` arguments. For example:
+
+ ```erb
+ <%= fields do |f| %>
+ <%= f.field_name :body %>
+ <% end %>
+ ```
+
+ *Sean Doyle*
+
+ * Strings returned from `strip_tags` are correctly tagged `html_safe?`
+
+ Because these strings contain no HTML elements and the basic entities
are escaped, they are safe
+ to be included as-is as PCDATA in HTML content. Tagging them as
html-safe avoids double-escaping
+ entities when being concatenated to a SafeBuffer during rendering.
+
+ Fixes
[rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
+
+ *Mike Dalessio*
+
+
+-------------------------------------------------------------------
Old:
----
actionview-7.0.3.1.gem
New:
----
actionview-7.0.4.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionview-7.0.spec ++++++
--- /var/tmp/diff_new_pack.GjQjr8/_old 2022-10-12 18:26:41.013952962 +0200
+++ /var/tmp/diff_new_pack.GjQjr8/_new 2022-10-12 18:26:41.017952971 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-actionview-7.0
-Version: 7.0.3.1
+Version: 7.0.4
Release: 0
%define mod_name actionview
%define mod_full_name %{mod_name}-%{version}
++++++ actionview-7.0.3.1.gem -> actionview-7.0.4.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2022-07-12 19:30:27.000000000 +0200
+++ new/CHANGELOG.md 2022-09-09 20:42:18.000000000 +0200
@@ -1,3 +1,26 @@
+## Rails 7.0.4 (September 09, 2022) ##
+
+* Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with
nil
+ `object_name` arguments. For example:
+
+ ```erb
+ <%= fields do |f| %>
+ <%= f.field_name :body %>
+ <% end %>
+ ```
+
+ *Sean Doyle*
+
+* Strings returned from `strip_tags` are correctly tagged `html_safe?`
+
+ Because these strings contain no HTML elements and the basic entities are
escaped, they are safe
+ to be included as-is as PCDATA in HTML content. Tagging them as html-safe
avoids double-escaping
+ entities when being concatenated to a SafeBuffer during rendering.
+
+ Fixes
[rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
+
+ *Mike Dalessio*
+
## Rails 7.0.3.1 (July 12, 2022) ##
* No changes.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/gem_version.rb
new/lib/action_view/gem_version.rb
--- old/lib/action_view/gem_version.rb 2022-07-12 19:30:27.000000000 +0200
+++ new/lib/action_view/gem_version.rb 2022-09-09 20:42:18.000000000 +0200
@@ -9,8 +9,8 @@
module VERSION
MAJOR = 7
MINOR = 0
- TINY = 3
- PRE = "1"
+ TINY = 4
+ PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/date_helper.rb
new/lib/action_view/helpers/date_helper.rb
--- old/lib/action_view/helpers/date_helper.rb 2022-07-12 19:30:27.000000000
+0200
+++ new/lib/action_view/helpers/date_helper.rb 2022-09-09 20:42:18.000000000
+0200
@@ -888,7 +888,7 @@
def month_names
@month_names ||= begin
month_names = @options[:use_month_names] || translated_month_names
- month_names.unshift(nil) if month_names.size < 13
+ month_names = [nil, *month_names] if month_names.size < 13
month_names
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/form_helper.rb
new/lib/action_view/helpers/form_helper.rb
--- old/lib/action_view/helpers/form_helper.rb 2022-07-12 19:30:27.000000000
+0200
+++ new/lib/action_view/helpers/form_helper.rb 2022-09-09 20:42:18.000000000
+0200
@@ -1438,10 +1438,12 @@
# formatted by trying to call +strftime+ with "%H:%M" on the object's
value.
# It is also possible to override this by passing the "value" option.
#
- # === Options
- # * Accepts same options as time_field_tag
+ # ==== Options
+ #
+ # Supports the same options as FormTagHelper#time_field_tag.
+ #
+ # ==== Examples
#
- # === Example
# time_field("task", "started_at")
# # => <input id="task_started_at" name="task[started_at]" type="time"
/>
#
@@ -1553,7 +1555,8 @@
# Returns an input tag of type "number".
#
# ==== Options
- # * Accepts same options as number_field_tag
+ #
+ # Supports the same options as FormTagHelper#number_field_tag.
def number_field(object_name, method, options = {})
Tags::NumberField.new(object_name, method, self, options).render
end
@@ -1561,7 +1564,8 @@
# Returns an input tag of type "range".
#
# ==== Options
- # * Accepts same options as range_field_tag
+ #
+ # Supports the same options as FormTagHelper#range_field_tag.
def range_field(object_name, method, options = {})
Tags::RangeField.new(object_name, method, self, options).render
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/form_tag_helper.rb
new/lib/action_view/helpers/form_tag_helper.rb
--- old/lib/action_view/helpers/form_tag_helper.rb 2022-07-12
19:30:27.000000000 +0200
+++ new/lib/action_view/helpers/form_tag_helper.rb 2022-09-09
20:42:18.000000000 +0200
@@ -131,7 +131,7 @@
# a little duplication to construct fewer strings
case
- when object_name.empty?
+ when object_name.blank?
"#{method_name}#{names}#{multiple ? "[]" : ""}"
when index
"#{object_name}[#{index}][#{method_name}]#{names}#{multiple ? "[]" :
""}"
@@ -657,9 +657,11 @@
# Creates a text field of type "color".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# color_field_tag 'name'
# # => <input id="name" name="name" type="color" />
#
@@ -678,9 +680,11 @@
# Creates a text field of type "search".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# search_field_tag 'name'
# # => <input id="name" name="name" type="search" />
#
@@ -699,9 +703,11 @@
# Creates a text field of type "tel".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# telephone_field_tag 'name'
# # => <input id="name" name="name" type="tel" />
#
@@ -721,9 +727,11 @@
# Creates a text field of type "date".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# date_field_tag 'name'
# # => <input id="name" name="name" type="date" />
#
@@ -741,23 +749,27 @@
# Creates a text field of type "time".
#
- # === Options
+ # ==== Options
+ #
+ # Supports the same options as #text_field_tag. Additionally, supports:
+ #
# * <tt>:min</tt> - The minimum acceptable value.
# * <tt>:max</tt> - The maximum acceptable value.
# * <tt>:step</tt> - The acceptable value granularity.
# * <tt>:include_seconds</tt> - Include seconds and ms in the output
timestamp format (true by default).
- # * Otherwise accepts the same options as text_field_tag.
def time_field_tag(name, value = nil, options = {})
text_field_tag(name, value, options.merge(type: :time))
end
# Creates a text field of type "datetime-local".
#
- # === Options
+ # ==== Options
+ #
+ # Supports the same options as #text_field_tag. Additionally, supports:
+ #
# * <tt>:min</tt> - The minimum acceptable value.
# * <tt>:max</tt> - The maximum acceptable value.
# * <tt>:step</tt> - The acceptable value granularity.
- # * Otherwise accepts the same options as text_field_tag.
def datetime_field_tag(name, value = nil, options = {})
text_field_tag(name, value, options.merge(type: "datetime-local"))
end
@@ -766,22 +778,26 @@
# Creates a text field of type "month".
#
- # === Options
+ # ==== Options
+ #
+ # Supports the same options as #text_field_tag. Additionally, supports:
+ #
# * <tt>:min</tt> - The minimum acceptable value.
# * <tt>:max</tt> - The maximum acceptable value.
# * <tt>:step</tt> - The acceptable value granularity.
- # * Otherwise accepts the same options as text_field_tag.
def month_field_tag(name, value = nil, options = {})
text_field_tag(name, value, options.merge(type: :month))
end
# Creates a text field of type "week".
#
- # === Options
+ # ==== Options
+ #
+ # Supports the same options as #text_field_tag. Additionally, supports:
+ #
# * <tt>:min</tt> - The minimum acceptable value.
# * <tt>:max</tt> - The maximum acceptable value.
# * <tt>:step</tt> - The acceptable value granularity.
- # * Otherwise accepts the same options as text_field_tag.
def week_field_tag(name, value = nil, options = {})
text_field_tag(name, value, options.merge(type: :week))
end
@@ -789,9 +805,11 @@
# Creates a text field of type "url".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# url_field_tag 'name'
# # => <input id="name" name="name" type="url" />
#
@@ -810,9 +828,11 @@
# Creates a text field of type "email".
#
# ==== Options
- # * Accepts the same options as text_field_tag.
+ #
+ # Supports the same options as #text_field_tag.
#
# ==== Examples
+ #
# email_field_tag 'name'
# # => <input id="name" name="name" type="email" />
#
@@ -831,15 +851,18 @@
# Creates a number field.
#
# ==== Options
+ #
+ # Supports the same options as #text_field_tag. Additionally, supports:
+ #
# * <tt>:min</tt> - The minimum acceptable value.
# * <tt>:max</tt> - The maximum acceptable value.
# * <tt>:in</tt> - A range specifying the <tt>:min</tt> and
# <tt>:max</tt> values.
# * <tt>:within</tt> - Same as <tt>:in</tt>.
# * <tt>:step</tt> - The acceptable value granularity.
- # * Otherwise accepts the same options as text_field_tag.
#
# ==== Examples
+ #
# number_field_tag 'quantity'
# # => <input id="quantity" name="quantity" type="number" />
#
@@ -881,12 +904,13 @@
# Creates a range form element.
#
# ==== Options
- # * Accepts the same options as number_field_tag.
+ #
+ # Supports the same options as #number_field_tag.
def range_field_tag(name, value = nil, options = {})
number_field_tag(name, value, options.merge(type: :range))
end
- # Creates the hidden UTF8 enforcer tag. Override this method in a helper
+ # Creates the hidden UTF-8 enforcer tag. Override this method in a helper
# to customize the tag.
def utf8_enforcer_tag
# Use raw HTML to ensure the value is written as an HTML entity; it
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/sanitize_helper.rb
new/lib/action_view/helpers/sanitize_helper.rb
--- old/lib/action_view/helpers/sanitize_helper.rb 2022-07-12
19:30:27.000000000 +0200
+++ new/lib/action_view/helpers/sanitize_helper.rb 2022-09-09
20:42:18.000000000 +0200
@@ -101,7 +101,7 @@
# strip_tags("> A quote from Smith & Wesson")
# # => > A quote from Smith & Wesson
def strip_tags(html)
- self.class.full_sanitizer.sanitize(html)
+ self.class.full_sanitizer.sanitize(html)&.html_safe
end
# Strips all link tags from +html+ leaving just the link text.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/helpers/translation_helper.rb
new/lib/action_view/helpers/translation_helper.rb
--- old/lib/action_view/helpers/translation_helper.rb 2022-07-12
19:30:27.000000000 +0200
+++ new/lib/action_view/helpers/translation_helper.rb 2022-09-09
20:42:18.000000000 +0200
@@ -90,7 +90,7 @@
translated = ActiveSupport::HtmlSafeTranslation.translate(key,
**options, default: default)
- break translated unless translated.equal?(MISSING_TRANSLATION)
+ break translated unless translated == MISSING_TRANSLATION
if alternatives.present? && !alternatives.first.is_a?(Symbol)
break alternatives.first && I18n.translate(**options, default:
alternatives)
@@ -111,7 +111,7 @@
# Delegates to <tt>I18n.localize</tt> with no additional functionality.
#
- # See
https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
+ # See https://www.rubydoc.info/gems/i18n/I18n/Backend/Base:localize
# for more information.
def localize(object, **options)
I18n.localize(object, **options)
@@ -119,7 +119,7 @@
alias :l :localize
private
- MISSING_TRANSLATION = Object.new
+ MISSING_TRANSLATION = -(2**60)
private_constant :MISSING_TRANSLATION
NO_DEFAULT = [].freeze
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_view/routing_url_for.rb
new/lib/action_view/routing_url_for.rb
--- old/lib/action_view/routing_url_for.rb 2022-07-12 19:30:27.000000000
+0200
+++ new/lib/action_view/routing_url_for.rb 2022-09-09 20:42:18.000000000
+0200
@@ -47,6 +47,9 @@
# <%= url_for(action: 'jump', anchor: 'tax&ship') %>
# # => /testing/jump/#tax&ship
#
+ # <%= url_for(Workshop) %>
+ # # => /workshops
+ #
# <%= url_for(Workshop.new) %>
# # relies on Workshop answering a persisted? call (and in this case
returning false)
# # => /workshops
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2022-07-12 19:30:27.000000000 +0200
+++ new/metadata 2022-09-09 20:42:18.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionview
version: !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2022-07-12 00:00:00.000000000 Z
+date: 2022-09-09 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
- !ruby/object:Gem::Dependency
name: builder
requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 7.0.3.1
+ version: 7.0.4
description: Simple, battle-tested conventions and helpers for building web
pages.
email: da...@loudthinking.com
executables: []
@@ -246,10 +246,10 @@
- MIT
metadata:
bug_tracker_uri: https://github.com/rails/rails/issues
- changelog_uri:
https://github.com/rails/rails/blob/v7.0.3.1/actionview/CHANGELOG.md
- documentation_uri: https://api.rubyonrails.org/v7.0.3.1/
+ changelog_uri:
https://github.com/rails/rails/blob/v7.0.4/actionview/CHANGELOG.md
+ documentation_uri: https://api.rubyonrails.org/v7.0.4/
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
- source_code_uri: https://github.com/rails/rails/tree/v7.0.3.1/actionview
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.4/actionview
rubygems_mfa_required: 'true'
post_install_message:
rdoc_options: []
