Merge branch '7-1-sec' into 7-1-stable

rails · Feb 21, 2024 · ed84c0d · ed84c0d
2 parents e711c4a + 6f0d1ad
commit ed84c0d
Show file tree

Hide file tree

Showing 36 changed files with 4,961 additions and 4,932 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -10,71 +10,71 @@ GIT
 PATH
   remote: .
   specs:
-    actioncable (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actioncable (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      activejob (= 7.1.3.1)
-      activerecord (= 7.1.3.1)
-      activestorage (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actionmailbox (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activejob (= 7.1.3.2)
+      activerecord (= 7.1.3.2)
+      activestorage (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      actionview (= 7.1.3.1)
-      activejob (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actionmailer (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      actionview (= 7.1.3.2)
+      activejob (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.3.1)
-      actionview (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actionpack (7.1.3.2)
+      actionview (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       nokogiri (>= 1.8.5)
       racc
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      activerecord (= 7.1.3.1)
-      activestorage (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actiontext (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activerecord (= 7.1.3.2)
+      activestorage (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.3.1)
-      activesupport (= 7.1.3.1)
+    actionview (7.1.3.2)
+      activesupport (= 7.1.3.2)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.1.3.1)
-      activesupport (= 7.1.3.1)
+    activejob (7.1.3.2)
+      activesupport (= 7.1.3.2)
       globalid (>= 0.3.6)
-    activemodel (7.1.3.1)
-      activesupport (= 7.1.3.1)
-    activerecord (7.1.3.1)
-      activemodel (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    activemodel (7.1.3.2)
+      activesupport (= 7.1.3.2)
+    activerecord (7.1.3.2)
+      activemodel (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       timeout (>= 0.4.0)
-    activestorage (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      activejob (= 7.1.3.1)
-      activerecord (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    activestorage (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activejob (= 7.1.3.2)
+      activerecord (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       marcel (~> 1.0)
-    activesupport (7.1.3.1)
+    activesupport (7.1.3.2)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -84,23 +84,23 @@ PATH
       minitest (>= 5.1, < 5.22.0)
       mutex_m
       tzinfo (~> 2.0)
-    rails (7.1.3.1)
-      actioncable (= 7.1.3.1)
-      actionmailbox (= 7.1.3.1)
-      actionmailer (= 7.1.3.1)
-      actionpack (= 7.1.3.1)
-      actiontext (= 7.1.3.1)
-      actionview (= 7.1.3.1)
-      activejob (= 7.1.3.1)
-      activemodel (= 7.1.3.1)
-      activerecord (= 7.1.3.1)
-      activestorage (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+    rails (7.1.3.2)
+      actioncable (= 7.1.3.2)
+      actionmailbox (= 7.1.3.2)
+      actionmailer (= 7.1.3.2)
+      actionpack (= 7.1.3.2)
+      actiontext (= 7.1.3.2)
+      actionview (= 7.1.3.2)
+      activejob (= 7.1.3.2)
+      activemodel (= 7.1.3.2)
+      activerecord (= 7.1.3.2)
+      activestorage (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       bundler (>= 1.15.0)
-      railties (= 7.1.3.1)
-    railties (7.1.3.1)
-      actionpack (= 7.1.3.1)
-      activesupport (= 7.1.3.1)
+      railties (= 7.1.3.2)
+    railties (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
       irb
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -351,10 +351,6 @@ GEM
     nokogiri (1.15.4)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.15.4-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.15.4-x86_64-linux)
-      racc (~> 1.4)
     os (1.1.4)
     parallel (1.22.1)
     parser (3.2.1.1)
@@ -500,8 +496,6 @@ GEM
       sprockets (>= 3.0.0)
     sqlite3 (1.6.6)
       mini_portile2 (~> 2.8.0)
-    sqlite3 (1.6.6-x86_64-darwin)
-    sqlite3 (1.6.6-x86_64-linux)
     stackprof (0.2.23)
     stimulus-rails (1.2.1)
       railties (>= 6.0.0)

diff --git a/RAILS_VERSION b/RAILS_VERSION
@@ -1 +1 @@
-7.1.3.1
+7.1.3.2
diff --git a/actioncable/CHANGELOG.md b/actioncable/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/actioncable/lib/action_cable/gem_version.rb b/actioncable/lib/action_cable/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actioncable/package.json b/actioncable/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@rails/actioncable",
-  "version": "7.1.3-1",
+  "version": "7.1.3-2",
   "description": "WebSocket framework for Ruby on Rails.",
   "module": "app/assets/javascripts/actioncable.esm.js",
   "main": "app/assets/javascripts/actioncable.js",

diff --git a/actionmailbox/CHANGELOG.md b/actionmailbox/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/actionmailbox/lib/action_mailbox/gem_version.rb b/actionmailbox/lib/action_mailbox/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/actionmailer/lib/action_mailer/gem_version.rb b/actionmailer/lib/action_mailer/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
@@ -6,6 +6,11 @@
 
     *Jean Boussier*
 
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   Fix `raise_on_missing_translations` not working correctly with the
+    `translate` method in controllers after the patch for CVE-2024-26143.
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   Fix possible XSS vulnerability with the `translate` method in controllers

diff --git a/actionpack/lib/abstract_controller/translation.rb b/actionpack/lib/abstract_controller/translation.rb
@@ -28,18 +28,7 @@ def translate(key, **options)
         end
       end
 
-      if options[:raise].nil?
-        options[:default] = [] unless options[:default]
-        options[:default] << MISSING_TRANSLATION
-      end
-
-      result = ActiveSupport::HtmlSafeTranslation.translate(key, **options)
-
-      if result == MISSING_TRANSLATION
-        +"translation missing: #{key}"
-      else
-        result
-      end
+      ActiveSupport::HtmlSafeTranslation.translate(key, **options)
     end
     alias :t :translate
 
@@ -48,9 +37,5 @@ def localize(object, **options)
       I18n.localize(object, **options)
     end
     alias :l :localize
-
-    private
-      MISSING_TRANSLATION = -(2**60)
-      private_constant :MISSING_TRANSLATION
   end
 end
diff --git a/actionpack/lib/action_pack/gem_version.rb b/actionpack/lib/action_pack/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actionpack/test/abstract/translation_test.rb b/actionpack/test/abstract/translation_test.rb
@@ -146,15 +146,19 @@ def test_translate_escapes_interpolations_in_translations_with_a_html_suffix
       def test_translate_marks_translation_with_missing_html_key_as_safe_html
         @controller.stub :action_name, :index do
           translation = @controller.t("<tag>.html")
-          assert_equal "translation missing: <tag>.html", translation
           assert_equal false, translation.html_safe?
+          assert_equal "Translation missing: en.<tag>.html", translation
         end
       end
       def test_translate_marks_translation_with_missing_nested_html_key_as_safe_html
         @controller.stub :action_name, :index do
           translation = @controller.t(".<tag>.html")
-          assert_equal "translation missing: abstract_controller.testing.translation.index.<tag>.html", translation
           assert_equal false, translation.html_safe?
+          assert_equal(<<~MSG.strip, translation)
+            Translation missing. Options considered were:
+            - en.abstract_controller.testing.translation.index.<tag>.html
+            - en.abstract_controller.testing.translation.<tag>.html
+          MSG
         end
       end
     end

diff --git a/actiontext/CHANGELOG.md b/actiontext/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/actiontext/lib/action_text/gem_version.rb b/actiontext/lib/action_text/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actiontext/package.json b/actiontext/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@rails/actiontext",
-  "version": "7.1.3-1",
+  "version": "7.1.3-2",
   "description": "Edit and display rich text in Rails applications",
   "module": "app/assets/javascripts/actiontext.esm.js",
   "main": "app/assets/javascripts/actiontext.js",

diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
@@ -2,6 +2,12 @@
 
     *Jean Boussier*
 
+
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/actionview/lib/action_view/gem_version.rb b/actionview/lib/action_view/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/actionview/package.json b/actionview/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@rails/ujs",
-  "version": "7.1.3-1",
+  "version": "7.1.3-2",
   "description": "Ruby on Rails unobtrusive scripting adapter",
   "main": "app/assets/javascripts/rails-ujs.js",
   "module": "app/assets/javascripts/rails-ujs.esm.js",

diff --git a/activejob/CHANGELOG.md b/activejob/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/activejob/lib/active_job/gem_version.rb b/activejob/lib/active_job/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 7.1.3.2 (February 21, 2024) ##
+
+*   No changes.
+
+
 ## Rails 7.1.3.1 (February 21, 2024) ##
 
 *   No changes.

diff --git a/activemodel/lib/active_model/gem_version.rb b/activemodel/lib/active_model/gem_version.rb
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 1
     TINY  = 3
-    PRE   = "1"
+    PRE   = "2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end