Update active_model_serializers 0.10.13 → 0.10.14 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ active_model_serializers (0.10.13 → 0.10.14) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 7 commits:

• chore: bump to 0.10.14
• Update gem requirement to allow Rails 7.1 (#2453)
• Upgrade to Ubuntu 22.04 on Github Actions (#2451)
• Merge pull request #2442 from ohbarye/remove-travis-setting
• Remove travis settings
• Merge pull request #2427 from y-yagi/fix-bundler-deprecated-method
• Fix checking of method defined or not

↗️ loofah (indirect, 2.21.4 → 2.22.0) · Repo · Changelog

Release Notes

2.22.0

2.22.0 / 2023-11-13

Added

• A :targetblank HTML scrubber which ensures all hyperlinks have target="_blank". [#275] @stefannibrasil and @thdaraujo
• A :noreferrer HTML scrubber which ensures all hyperlinks have rel=noreferrer, similar to the :nofollow and :noopener scrubbers. [#277] @wynksaiddestroy

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 6 commits:

• version bump to v2.22.0
• update CHANGELOG
• Merge pull request #277 from wynksaiddestroy/feature/noreferrer_scrubber
• Add noreferrer scrubber
• Merge pull request #275 from hexdevs/add-target-blank-scrub
• feat: adds :targetblank scrubber

↗️ rails-dom-testing (indirect, 2.0.3 → 2.2.0) · Repo · Changelog

Release Notes

2.2.0

What's Changed

• Allow user to choose the HTML parser used by @flavorjones in #109
• Fix string substitution regression by @nicoco007 in #110

New Contributors

• @nicoco007 made their first contribution in #110

Full Changelog: v2.1.1...v2.2.0

2.1.1

What's Changed

• Fix issue when application isn't using minitest.

Full Changelog: v2.1.0...v2.1.1

2.1.0

What's Changed

• Address warning: mismatched indentations at 'when' with 'case' by @yahonda in #74
• Make assert_dom_equal ignore insignificant whitespace when walking the node tree by @jduff in #84
• Expand Substitution Matching Types support by @seanpdoyle in #90
• Alias assert_select methods to assert_dom versions by @seanpdoyle in #93
• Raise an error if the last arg is the wrong format by @ghiculescu in #96
• Fix replacement for multiple substitutions by @speckins in #76
• Better error message if response.body is blank or not parseable by Nokogiri by @ghiculescu in #97
• selector_assertions/html_selector: No trailing . on content_mismatch by @issyl0 in #102
• Use Minitest::Assertion#diff for content failure messages by @flavorjones in #106

New Contributors

• @nicolasleger made their first contribution in #73
• @yahonda made their first contribution in #74
• @dependabot made their first contribution in #79
• @jduff made their first contribution in #86
• @amatsuda made their first contribution in #88
• @seanpdoyle made their first contribution in #90
• @ghiculescu made their first contribution in #96
• @jbampton made their first contribution in #95
• @speckins made their first contribution in #76
• @issyl0 made their first contribution in #102
• @flavorjones made their first contribution in #103

Full Changelog: v2.0.3...v2.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rails-html-sanitizer (indirect, 1.5.0 → 1.6.0) · Repo · Changelog

Release Notes

1.6.0

1.6.0 / 2023-05-26

• Dependencies have been updated:

  • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
  • As a result, required Ruby version is now >= 2.7.0

  Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1
  (which supports Ruby 2.5) is still in security support.

  Mike Dalessio

• HTML5 standards-compliant sanitizers are now available on platforms supported by
  Nokogiri::HTML5. These are available as:

  • Rails::HTML5::FullSanitizer
  • Rails::HTML5::LinkSanitizer
  • Rails::HTML5::SafeListSanitizer

  And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version
  of Rails.

  Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical
  to the vendor class methods on Rails::HTML::Sanitizer.

  Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's
  supported, else the legacy HTML4 vendor.

  Mike Dalessio

• Module namespaces have changed, but backwards compatibility is provided by aliases.

  The library defines three additional modules:

  • Rails::HTML for general functionality (replacing Rails::Html)
  • Rails::HTML4 containing sanitizers that parse content as HTML4
  • Rails::HTML5 containing sanitizers that parse content as HTML5

  The following aliases are maintained for backwards compatibility:

  • Rails::Html points to Rails::HTML
  • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
  • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
  • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

  Mike Dalessio

• LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer
  already ensured this encoding.

  Mike Dalessio

• SafeListSanitizer allows time tag and lang attribute by default.

  Mike Dalessio

• The constant Rails::Html::XPATHS_TO_REMOVE has been removed. It's not necessary with the
  existing sanitizers, and should have been a private constant all along anyway.

  Mike Dalessio

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 57 commits:

• version bump to v1.6.0
• doc: update CHANGELOG and README with supported branch info
• doc: update README moving verbose notes after usage
• version bump to v1.6.0.rc2
• Merge pull request #167 from rails/flavorjones-best-supported-vendor-method
• feat: introduce Rails::HTML::Sanitizer.best_supported_vendor
• version bump to v1.6.0.rc1
• doc: update CONTRIBUTING with release process
• Merge pull request #166 from rails/flavorjones-update-deps-for-html5-variation2
• dep: update loofah and nokogiri to versions fully supporting HTML5
• Merge pull request #165 from rails/flavorjones-small-readme-change
• test: print value of html5_support? at start of suite
• doc: small improvements to README
• Merge pull request #163 from rails/flavorjones-ensure-utf8-encoding-from-all-sanitizers
• fix: ensure LinkSanitizer returns UTF-8 encoded strings
• Merge pull request #162 from rails/flavorjones-html5-sanitizer-vendor
• doc: update CHANGELOG
• feat: add HTML5::Sanitizer to provide a vendor interface for Rails
• Merge pull request #161 from rails/flavorjones-quash-uninit-ivar-warning
• fix: avoid uninitialized ivar warning
• Merge pull request #160 from rails/flavorjones-update-license-and-copyright
• legal: update copyright dates and add myself as a maintainer
• Merge pull request #158 from rails/flavorjones-support-html5-parsing
• doc: update README
• test: fix tests to accommodate HTML5 parser behavior
• feat: add HTML5 variations of the sanitizers
• test: reorganize sanitizer tests
• move the sanitizers under the Rails::HTML4 namespace
• naming: Rails::Html is now Rails::HTML
• refactor: extract scrubber logic into composable concerns
• prefactor: extract orthogonal sanitizer methods
• prefactor: replace Loofah.scrub_fragment with the long form
• test: add API coverage for Sanitizer singleton methods
• doc: set up .rdoc_options and start marking things :nodoc:
• dep: remove rails-dom-testing
• ci: add rubocop
• Merge pull request #159 from rails/flavorjones-fix-requires
• refactor: use require_relative for internal requires
• Merge pull request #156 from rails/flavorjones-add-scrubber-test-coverage
• ci: now that JRuby passes, let's not ignore errors
• test: accommodate jruby nokogiri 1.13 behavior
• test: don't use assert_dom_equal and be explicit about assert_nil
• test: remove bulk test of all Loofah ALLOWED_ELEMENTS
• test: update to accommodate jruby behavior
• test: avoid renaming nodes to avoid errors in JRuby
• feat: remove Rails::Html::XPATHS_TO_REMOVE
• feat: SafeListSanitizer allows "time" tag and "lang" attr
• style: scrubber tag and attribute arrays
• rubocop: enable Minitest/NoAssertions
• Merge pull request #151 from rails/flavorjones-rubocop
• style(rubocop): correct all warnings
• dep(style): move dev deps into Gemfile and add rubocop
• dep: set required_ruby_version to ">= 2.5.0"
• dev: update CI to use main as the default branch
• Merge pull request #150 from amatsuda/ci
• dev: set version to 1.6.0.dev
• CI against Ruby 3.2

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)