Skip to content

build(deps): bump actionpack from 8.0.1 to 8.0.2#4354

Merged
philippthun merged 1 commit intomainfrom
dependabot/bundler/actionpack-8.0.2
May 12, 2025
Merged

build(deps): bump actionpack from 8.0.1 to 8.0.2#4354
philippthun merged 1 commit intomainfrom
dependabot/bundler/actionpack-8.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github May 12, 2025

Bumps actionpack from 8.0.1 to 8.0.2.

Release notes

Sourced from actionpack's releases.

8.0.2

Active Support

  • Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

    fatkodima

  • Fix Active Support Cache fetch_multi when local store is active.

    fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

    Jean Boussier

  • Fix execution wrapping to report all exceptions, including Exception.

    If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

    Gannon McGibbon

  • Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

    These errors are rescued and reported to Rails.error.

    Jean Boussier

  • Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

    zzak

  • Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

    verifier.rotate(old_secret).on_rotation { ... }

    Now both work as documented.

    Jean Boussier

  • Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

    This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

    Jean Boussier, Florent Beaurain, Ali Sepehri

  • Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.0.2 (March 12, 2025)

  • No changes.

Rails 8.0.2 (March 12, 2025)

  • Improve with_routing test helper to not rebuild the middleware stack.

    Otherwise some middleware configuration could be lost.

    Édouard Chin

  • Add resource name to the ArgumentError that's raised when invalid :only or :except options are given to #resource or #resources

    This makes it easier to locate the source of the problem, especially for routes drawn by gems.

    Before:

    :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]

    After:

    Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]

    Jeremy Green

  • Fix url_for to handle :path_params gracefully when it's not a Hash.

    Prevents various security scanners from causing exceptions.

    Martin Emde

  • Fix ActionDispatch::Executor to unwrap exceptions like other error reporting middlewares.

    Jean Boussier

Commits
  • 3235827 Preparing for 8.0.2 release
  • 97752ef Merge pull request #54705 from Edouard-chin/ec-with-routing
  • 6644442 Merge pull request #54617 from byroot/move-strict-warnings
  • f842b84 Merge pull request #54613 from ioquatix/rack-lint-compatibility
  • ba1b691 Remove RDoc syntax in code example comments [ci-skip]
  • 9b70ddc Merge pull request #54289 from seanpdoyle/csrf-doc-formatting
  • 24dc650 Link javascript_include_tag and stylesheet_link_tag [ci-skip]
  • 740acb6 Merge pull request #54455 from Shopify/report_all_errors
  • f11286a Merge pull request #54434 from ryenski/ryenski/fix-nomethod-error-in-non-stri...
  • bbd4959 Merge pull request #54308 from tiramizoo/assert_dom_preference
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump actionpack from 8.0.1 to 8.0.2
068e585 
Bumps [actionpack](https://github.com/rails/rails) from 8.0.1 to 8.0.2.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.2/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v8.0.1...v8.0.2)

---
updated-dependencies:
- dependency-name: actionpack
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 12, 2025
@philippthun philippthun merged commit e56dc38 into main May 12, 2025
12 checks passed
@philippthun philippthun deleted the dependabot/bundler/actionpack-8.0.2 branch May 12, 2025 11:49
ari-wg-gitbot added a commit to cloudfoundry/capi-release that referenced this pull request May 12, 2025
@ari-wg-gitbot
Bump cloud_controller_ng
0146952 
Dependency updates in cloud_controller_ng:

- build(deps): bump actionpack from 8.0.1 to 8.0.2
    PR: cloudfoundry/cloud_controller_ng#4354
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philippthun philippthun philippthun approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@philippthun