Update requirements for actionview, actionpack, activemodel and activerecord

[dependabot]

Updates the requirements on actionview, actionpack, activemodel and activerecord to permit the latest version.
Updates actionview from 5.2.3 to 6.0.2.2

Release notes

Sourced from actionview's releases.

6.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible information leak / session hijacking vulnerability.

  The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

  CVE-2019-16782.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 6.0.2.1 (December 18, 2019)

• No changes.

Rails 6.0.2 (December 13, 2019)

• No changes.

Rails 6.0.1 (November 5, 2019)

• UJS avoids Element.closest() for IE 9 compatibility.

  George Claghorn

Rails 6.0.0 (August 16, 2019)

• ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.

  Juanito Fatas

Rails 6.0.0.rc2 (July 22, 2019)

• Fix select_tag so that it doesn't change options when include_blank is present.

  Younes SERRAJ

Rails 6.0.0.rc1 (April 24, 2019)

• Fix partial caching skips same item issue

  If we render cached collection partials with repeated items, those repeated items will get skipped. For example, if you have 5 identical items in your collection, Rails only renders the first one when cached is set to true. But it should render all 5 items instead.

  Fixes #35114.

  Stan Lo

• Only clear ActionView cache in development on file changes

  To speed up development mode, view caches are only cleared when files in the view paths have changed. Applications which have implemented custom ActionView::Resolver subclasses may need to add their own cache clearing.

... (truncated)

Commits

• 157920a Preparing for 6.0.2.2 release
• 1251d88 Fix possible XSS vector in JS escape helper
• f33d52c Preparing for 6.0.2.1 release
• f675cb3 Preparing for 6.0.2 release
• 63107e9 Preparing for 6.0.2.rc2 release
• ec7721c Revert "Merge pull request #37504 from utilum/no_implicit_conversion_of_nil"
• a015f55 Preparing for 6.0.2.rc1 release
• 7bb5b66 [ci skip] Document deprecations for TemplateHandler subclasses
• 824ca84 [ci skip] Document changes for render(file: ) behaviour
• f2dfc5a Merge branch '6-0-1' into 6-0-stable
• Additional commits viewable in compare view

Updates actionpack from 5.2.3 to 6.0.2.2

Release notes

Sourced from actionpack's releases.

6.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible information leak / session hijacking vulnerability.

  The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

  CVE-2019-16782.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 6.0.2.1 (December 18, 2019)

• Fix possible information leak / session hijacking vulnerability.

  The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

  CVE-2019-16782.

Rails 6.0.2 (December 13, 2019)

• Allow using mountable engine route helpers in System Tests.

  Chalo Fernandez

Rails 6.0.1 (November 5, 2019)

• ActionDispatch::SystemTestCase now inherits from ActiveSupport::TestCase rather than ActionDispatch::IntegrationTest. This permits running jobs in system tests.

  George Claghorn, Edouard Chin

• Registered MIME types may contain extra flags:

  Mime::Type.register "text/html; fragment", :html_fragment

  Aaron Patterson

Rails 6.0.0 (August 16, 2019)

• No changes.

Rails 6.0.0.rc2 (July 22, 2019)

• Add the ability to set the CSP nonce only to the specified directives.

  Fixes #35137.

  Yuji Yaginuma

• Keep part when scope option has value.

  When a route was defined within an optional scope, if that route didn't

... (truncated)

Commits

• 157920a Preparing for 6.0.2.2 release
• f33d52c Preparing for 6.0.2.1 release
• ad2da1a Fix possible information leak / session hijacking vulnerability.
• f675cb3 Preparing for 6.0.2 release
• 63107e9 Preparing for 6.0.2.rc2 release
• ec7721c Revert "Merge pull request #37504 from utilum/no_implicit_conversion_of_nil"
• 6629ed7 Controller can be symbols as well
• a015f55 Preparing for 6.0.2.rc1 release
• c4175eb Update CHANGELOG [ci skip]
• 8fde863 Allow using mountable engine route helpers in System Tests
• Additional commits viewable in compare view

Updates activemodel from 5.2.3 to 6.0.2.2

Release notes

Sourced from activemodel's releases.

6.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible information leak / session hijacking vulnerability.

  The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

  CVE-2019-16782.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 6.0.2.1 (December 18, 2019)

• No changes.

Rails 6.0.2 (December 13, 2019)

• No changes.

Rails 6.0.1 (November 5, 2019)

• No changes.

Rails 6.0.0 (August 16, 2019)

• No changes.

Rails 6.0.0.rc2 (July 22, 2019)

• No changes.

Rails 6.0.0.rc1 (April 24, 2019)

• Type cast falsy boolean symbols on boolean attribute as false.

  Fixes #35676.

  Ryuta Kamizono

• Change how validation error translation strings are fetched: The new behavior will first try the more specific keys, including doing locale fallback, then try the less specific ones.

  For example, this is the order in which keys will now be tried for a blank error on a product's title attribute with current locale set to en-US:

  en-US.activerecord.errors.models.product.attributes.title.blank
  en-US.activerecord.errors.models.product.blank
  en-US.activerecord.errors.messages.blank
  en.activerecord.errors.models.product.attributes.title.blank
  en.activerecord.errors.models.product.blank
  en.activerecord.errors.messages.blank
  en-US.errors.attributes.title.blank
  en-US.errors.messages.blank
  

... (truncated)

Commits

• 157920a Preparing for 6.0.2.2 release
• f33d52c Preparing for 6.0.2.1 release
• f675cb3 Preparing for 6.0.2 release
• 63107e9 Preparing for 6.0.2.rc2 release
• ec7721c Revert "Merge pull request #37504 from utilum/no_implicit_conversion_of_nil"
• a015f55 Preparing for 6.0.2.rc1 release
• f2dfc5a Merge branch '6-0-1' into 6-0-stable
• af327a4 v6.0.1
• a077f94 Merge pull request #37504 from utilum/no_implicit_conversion_of_nil
• cc69a14 Fix multi-threaded issue for AcceptanceValidator
• Additional commits viewable in compare view

Updates activerecord from 5.2.3 to 6.0.2.2

Release notes

Sourced from activerecord's releases.

6.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible information leak / session hijacking vulnerability.

  The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

  CVE-2019-16782.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 6.0.2.1 (December 18, 2019)

• No changes.

Rails 6.0.2 (December 13, 2019)

• Share the same connection pool for primary and replica databases in the transactional tests for the same database.

  Edouard Chin

• Fix the preloader when one record is fetched using after_initialize but not the entire collection.

  Bradley Price

• Fix collection callbacks not terminating when :abort is thrown.

  Edouard Chin, Ryuta Kamizono

• Correctly deprecate where.not working as NOR for relations.

  12a9664 deprecated where.not working as NOR, however doing a relation query like where.not(relation: { ... }) wouldn't be properly deprecated and where.not would work as NAND instead.

  Edouard Chin

• Fix db:migrate task with multiple databases to restore the connection to the previous database.

  The migrate task iterates and establish a connection over each db resulting in the last one to be used by subsequent rake tasks. We should reestablish a connection to the connection that was established before the migrate tasks was run

  Edouard Chin

• Fix multi-threaded issue for AcceptanceValidator.

  Ryuta Kamizono

Rails 6.0.1 (November 5, 2019)

• Common Table Expressions are allowed on read-only connections.

  Chris Morris

... (truncated)

Commits

• 157920a Preparing for 6.0.2.2 release
• f33d52c Preparing for 6.0.2.1 release
• f675cb3 Preparing for 6.0.2 release
• 63107e9 Preparing for 6.0.2.rc2 release
• ec7721c Revert "Merge pull request #37504 from utilum/no_implicit_conversion_of_nil"
• bb0d9c0 Fix typo colection -> collection
• a015f55 Preparing for 6.0.2.rc1 release
• c4175eb Update CHANGELOG [ci skip]
• 241def5 Merge pull request #37774 from Edouard-chin/ec-enlist-fixture-connection
• e6fe137 Merge pull request #37747 from bradleyprice/check-association-loaded-across-c...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[leonsp-ai]

The build would also need json >= 2.3.0, nokogiri >= 1.10.8 to pass bundle audit and succeed.

[dependabot]

Superseded by #21.