Bump activerecord, actionpack, railties and dotenv-rails

[dependabot]

Bumps activerecord, actionpack, railties and dotenv-rails. These dependencies needed to be updated together.
Updates activerecord from 5.2.4.4 to 7.0.7

Release notes

Sourced from activerecord's releases.

7.0.7

Active Support

• Fix Cache::NullStore with local caching for repeated reads.

  fatkodima

• Fix to_s with no arguments not respecting custom :default formats

  Hartley McGuire

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Fix Enumerable#sum for Enumerator#lazy.

  fatkodima, Matthew Draper, Jonathan Hefner

• Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem

  Hartley McGuire

Active Model

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Active Record

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 7.0.7 (August 09, 2023)

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

  Eileen M. Uchitelle

• Correctly dump check constraints for MySQL 8.0.16+.

  Steve Hill

• Fix ActiveRecord::QueryMethods#in_order_of to include nils, to match the behavior of Enumerable#in_order_of.

  For example, Post.in_order_of(:title, [nil, "foo"]) will now include posts with nil titles, the same as Post.all.to_a.in_order_of(:title, [nil, "foo"]).

  fatkodima

• Revert "Fix autosave associations with validations added on :base of the associated objects."

  This change intended to remove the :base attribute from the message, but broke many assumptions which key these errors were stored.

  zzak

• Fix #previously_new_record? to return true for destroyed records.

  Before, if a record was created and then destroyed, #previously_new_record? would return true. Now, any UPDATE or DELETE to a record is considered a change, and will result in #previously_new_record? returning false.

  Adrianna Chang

• Revert breaking changes to has_one relationship deleting the old record before the new one is validated.

  zzak

• Fix support for Active Record instances being uses in queries.

  As of 7.0.5, query arguments were deep duped to avoid mutations impacting the query cache, but this had the adverse effect to clearing the primary key when the query argument contained an ActiveRecord::Base instance.

... (truncated)

Commits

• 522c86f Preparing for 7.0.7 release
• 5610cba Sync CHANGELOG with the changes in the repository
• 2dccb3f Merge pull request #48891 from rails/rm-devcontainer-right
• fabd0b5 Merge pull request #48886 from fatkodima/backport-45670
• 64ea100 Make sure nested base errors are translatable
• bc035fc Use single quotes instead of double quotes to get SQLite constraints
• b9521b5 Remove duplicated fixture
• d25e34d Fix ActiveRecord::QueryMethods#in_order_of to work with nils
• 36597e2 Merge pull request #48861 from paulreece/correct_missing_and_associated_behavior
• 05eaeba Merge pull request #48738 from paulreece/enum_join_missing_fix
• Additional commits viewable in compare view

Updates actionpack from 5.2.4.4 to 7.0.7

Release notes

Sourced from actionpack's releases.

7.0.7

Active Support

• Fix Cache::NullStore with local caching for repeated reads.

  fatkodima

• Fix to_s with no arguments not respecting custom :default formats

  Hartley McGuire

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Fix Enumerable#sum for Enumerator#lazy.

  fatkodima, Matthew Draper, Jonathan Hefner

• Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem

  Hartley McGuire

Active Model

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Active Record

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.0.7 (August 09, 2023)

• No changes.

Rails 7.0.6 (June 29, 2023)

• No changes.

Rails 7.0.5.1 (June 26, 2023)

• Raise an exception if illegal characters are provide to redirect_to [CVE-2023-28362]

  Zack Deveau

Rails 7.0.5 (May 24, 2023)

• Do not return CSP headers for 304 Not Modified responses.

  Tobias Kraze

• Fix EtagWithFlash when there is no Flash middleware available.

  fatkodima

• Fix content-type header with send_stream.

  Elliot Crosby-McCullough

• Address Selenium :capabilities deprecation warning.

  Ron Shinall

• Fix cookie domain for domain: all on two letter single level TLD.

  John Hawthorn

• Don't double log the controller, action, or namespaced_controller when using ActiveRecord::QueryLog

  Previously if you set config.active_record.query_log_tags to an array that included :controller, :namespaced_controller, or :action, that item would get logged twice. This bug has been fixed.

  Alex Ghiculescu

• Rescue EOFError exception from rack on a multipart request.

  Nikita Vasilevsky

... (truncated)

Commits

• 522c86f Preparing for 7.0.7 release
• c05a88d Merge pull request #45116 from ghiculescu/helper_method_backtrace
• 593893c Preparing for 7.0.6 release
• 0b89567 Avoid creating match object when checking for illegal header value
• 9ae3da1 Fix rubocop warning
• 8e37f2b Merge branch '7-0-sec' into 7-0-stable
• cdd14ce Preparing for 7.0.5.1 release
• 93b9c74 update changelog
• c9ab9b3 Added check for illegal HTTP header value in redirect_to
• be2282d Merge pull request #48327 from zzak/action-controller-links
• Additional commits viewable in compare view

Updates railties from 5.2.4.4 to 7.0.7

Release notes

Sourced from railties's releases.

7.0.7

Active Support

• Fix Cache::NullStore with local caching for repeated reads.

  fatkodima

• Fix to_s with no arguments not respecting custom :default formats

  Hartley McGuire

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Fix Enumerable#sum for Enumerator#lazy.

  fatkodima, Matthew Draper, Jonathan Hefner

• Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem

  Hartley McGuire

Active Model

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Active Record

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

... (truncated)

Changelog

Sourced from railties's changelog.

Rails 7.0.7 (August 09, 2023)

• Update default scaffold templates to set 303 (See Other) as status code on redirect for the update action for XHR requests other than GET or POST to avoid issues (e.g browsers trying to follow the redirect using the original request method resulting in double PATCH/PUT)

  Guillermo Iguaran

Rails 7.0.6 (June 29, 2023)

• Avoid escaping paths when editing credentials.

  Jonathan Hefner

Rails 7.0.5.1 (June 26, 2023)

• No changes.

Rails 7.0.5 (May 24, 2023)

• Add puma app server to Gemfile in order to start test/dummy.

  Donapieppo

• Rails console now disables IRB's autocompletion feature in production by default.

  Setting IRB_USE_AUTOCOMPLETE=true can override this default.

  Stan Lo

• Send 303 See Other status code back for the destroy action on newly generated scaffold controllers.

  Tony Drake

Rails 7.0.4.3 (March 13, 2023)

• No changes.

Rails 7.0.4.2 (January 24, 2023)

• No changes.

Rails 7.0.4.1 (January 17, 2023)

... (truncated)

Commits

• 522c86f Preparing for 7.0.7 release
• eb7e42d Merge pull request #46617 from r7kamura/feature/isolation-level-default
• e24025c Merge pull request #46965 from fatkodima/flaky-use_postgresql-test
• 5d1ad87 Update default scaffold templates to set 303 (See Other) as status code on re...
• 593893c Preparing for 7.0.6 release
• 4aa2446 Update CHANGELOG
• 8e37f2b Merge branch '7-0-sec' into 7-0-stable
• cdd14ce Preparing for 7.0.5.1 release
• 30a287a Avoid escaping paths when editing credentials
• 17b3152 Merge pull request #48329 from zzak/unlink-rails-lib-readme
• Additional commits viewable in compare view

Updates dotenv-rails from 2.7.5 to 2.8.1

Release notes

Sourced from dotenv-rails's releases.

v2.8.1

What's Changed

• Restore support for EOL'd Ruby versions (2.5, 2.6) (#458)[https://redirect.github.com/Continue to support EOL'd Ruby versions bkeepers/dotenv#458]

Full Changelog: bkeepers/dotenv@v2.8.0...v2.8.1

Dotenv 2.8.0

What's Changed

• Drop support for Ruby 2.4, 2.5, and 2.6, which are EOL
• Fix template (-t) handling of export declarations #416
• Unescape escaped characters when value is not quoted #421
• Add overload option for the CLI ($ dotenv --overload -f .env.local) #445

New Contributors

• @​dependabot made their first contribution in bkeepers/dotenv#429
• @​bethesque made their first contribution in bkeepers/dotenv#421
• @​ahangarha made their first contribution in bkeepers/dotenv#452
• @​AhmedKamal20 made their first contribution in bkeepers/dotenv#445

Full Changelog: bkeepers/dotenv@v2.7.6...v2.8.0

Dotenv 2.7.6

2.7.6 - July 11, 2020

• Add a Dotenv::Railtie.overload method #403
• Support for more Rails versions #404
• Fix template handling of blank lines and comments #413
• Fix for dotenv-rails Rake task environment allocation#405

Changelog

Sourced from dotenv-rails's changelog.

2.8.1 - July 27, 2022

• Restore support for EOL'd Ruby versions (2.5, 2.6) (#458)[https://redirect.github.com/Continue to support EOL'd Ruby versions bkeepers/dotenv#458]

2.8.0 - July 26, 2022

• Drop support for Ruby 2.4, 2.5, and 2.6, which are EOL
• Fix template (-t) handling of export declarations #416
• Unescape escaped characters when value is not quoted #421
• Add overload option for the CLI ($ dotenv --overload -f .env.local) #445

2.7.6 - July 11, 2020

• Add a Dotenv::Railtie.overload method #403
• Support for more Rails versions #404
• Fix template handling of blank lines and comments #413
• Fix for dotenv-rails Rake task environment allocation#405

Commits

• 45b712a Merge pull request #458 from bkeepers/eol-ruby
• 93a3b0f Prepare for 2.8.1 release
• 7712533 Disable rule that fails on Ruby 2.5
• 4c3e28c Specify ruby_version in .standard.yml
• 0974810 Avoid newer ruby range syntax
• d7c9135 Continue to support EOL'd Ruby versions (sigh)
• 36c117c Prepare for 2.8.0 release
• d93a95b Merge pull request #456 from bkeepers/cli-update
• 029df7a Remove unnecessary method
• 491bfef CL < OptionParser to simplify setup more
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.