build(deps): bump actionview, activemodel, actionpack and railties

[dependabot]

Bumps actionview, activemodel, actionpack and railties. These dependencies needed to be updated together.
Updates actionview from 7.2.2.1 to 8.0.1

Release notes

Sourced from actionview's releases.

8.0.1

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.0.1 (December 13, 2024)

• Fix a crash in ERB template error highlighting when the error occurs on a line in the compiled template that is past the end of the source template.

  Martin Emde

• Improve reliability of ERB template error highlighting. Fix infinite loops and crashes in highlighting and improve tolerance for alternate ERB handlers.

  Martin Emde

Rails 8.0.0.1 (December 10, 2024)

• No changes.

Rails 8.0.0 (November 07, 2024)

• No changes.

Rails 8.0.0.rc2 (October 30, 2024)

• No changes.

Rails 8.0.0.rc1 (October 19, 2024)

• Remove deprecated support to passing a content to void tag elements on the tag builder.

  Rafael Mendonça França

• Remove deprecated support to passing nil to the model: argument of form_with.

  Rafael Mendonça França

Rails 8.0.0.beta1 (September 26, 2024)

• Enable DependencyTracker to evaluate renders with trailing interpolation.

  <%= render "maintenance_tasks/runs/info/#{run.status}" %>

  Previously, the DependencyTracker would ignore this render, but now it will mark all partials in the "maintenance_tasks/runs/info" folder as

... (truncated)

Commits

• cf6ff17 Preparing for 8.0.1 release
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 0c1bb3a Sync CHANGELOG
• 79ce69a Merge pull request #53696 from martinemde/martinemde/handle-multi-line-templa...
• f17ef1b Merge pull request #53657 from martinemde/martinemde/find_offset-test-and-fix
• dd8f718 Preparing for 8.0.0 release
• 6c84b11 Fix typos [ci-skip]
• 1367b6a Merge pull request #53508 from nisusam/fix_typos
• 6283314 Preparing for 8.0.0.rc2 release
• Additional commits viewable in compare view

Updates activemodel from 7.2.2.1 to 8.0.1

Release notes

Sourced from activemodel's releases.

8.0.1

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 8.0.1 (December 13, 2024)

• No changes.

Rails 8.0.0.1 (December 10, 2024)

• No changes.

Rails 8.0.0 (November 07, 2024)

• No changes.

Rails 8.0.0.rc2 (October 30, 2024)

• No changes.

Rails 8.0.0.rc1 (October 19, 2024)

• Add :except_on option for validations. Grants the ability to skip validations in specified contexts.

  class User < ApplicationRecord
      #...
      validates :birthday, presence: { except_on: :admin }
      #...
  end
  user = User.new(attributes except birthday)
  user.save(context: :admin)

  Drew Bragg

Rails 8.0.0.beta1 (September 26, 2024)

• Make ActiveModel::Serialization#read_attribute_for_serialization public

  Sean Doyle

• Add a default token generator for password reset tokens when using has_secure_password.

  class User < ApplicationRecord
    has_secure_password
  end

... (truncated)

Commits

• cf6ff17 Preparing for 8.0.1 release
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 9cea447 Merge pull request #53791 from fatkodima/fix-rubocop-offences
• dd8f718 Preparing for 8.0.0 release
• 8f83ab6 Merge pull request #53536 from kyanagi/use_each_pair_in_active_model_attribut...
• 61fcc50 Merge pull request #53530 from zzak/nodoc-generate_alias_attribute_methods
• 1367b6a Merge pull request #53508 from nisusam/fix_typos
• 6283314 Preparing for 8.0.0.rc2 release
• 35b3c7f Preparing for 8.0.0.rc1 release
• Additional commits viewable in compare view

Updates actionpack from 7.2.2.1 to 8.0.1

Release notes

Sourced from actionpack's releases.

8.0.1

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.0.1 (December 13, 2024)

• Add ActionDispatch::Request::Session#store method to conform Rack spec.

  Yaroslav

Rails 8.0.0.1 (December 10, 2024)

• Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

  [CVE-2024-54133]

  Gannon McGibbon

Rails 8.0.0 (November 07, 2024)

• No changes.

Rails 8.0.0.rc2 (October 30, 2024)

• Fix routes with :: in the path.

  Rafael Mendonça França

• Maintain Rack 2 parameter parsing behaviour.

  Matthew Draper

Rails 8.0.0.rc1 (October 19, 2024)

• Remove Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality.

  Rafael Mendonça França

• Improve ActionController::TestCase to expose a binary encoded request.body.

  The rack spec clearly states:

  The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.

  Until now its encoding was generally UTF-8, which doesn't accurately reflect production behavior.

  Jean Boussier

... (truncated)

Commits

• cf6ff17 Preparing for 8.0.1 release
• c167cbe Merge pull request #53941 from byroot/rack-server-protocol
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 2e3f41e Add CSP directive validation
• 0c1bb3a Sync CHANGELOG
• 6a44f10 Merge pull request #53837 from Uaitt/fix-wrongly-formatted-markdown
• 9cea447 Merge pull request #53791 from fatkodima/fix-rubocop-offences
• 637956b Merge pull request #53778 from hachi8833/fix_apidoc_strong_parameters
• e93dcfe Merge pull request #53765 from p8/actionpack/fix-options-formatting (#53768)
• Additional commits viewable in compare view

Updates railties from 7.2.2.1 to 8.0.1

Release notes

Sourced from railties's releases.

8.0.1

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

... (truncated)

Changelog

Sourced from railties's changelog.

Rails 8.0.1 (December 13, 2024)

• Skip generation system tests related code for CI when --skip-system-test is given.

  fatkodima

• Don't add bin/thrust if thruster is not in Gemfile.

  Étienne Barrié

• Don't install a package for system test when applications don't use it.

  y-yagi

Rails 8.0.0.1 (December 10, 2024)

• No changes.

Rails 8.0.0 (November 07, 2024)

• No changes.

Rails 8.0.0.rc2 (October 30, 2024)

• Fix incorrect database.yml with skip_solid.

  Joé Dupuis

• Set Regexp.timeout to 1s by default to improve security over Regexp Denial-of-Service attacks.

  Rafael Mendonça França

Rails 8.0.0.rc1 (October 19, 2024)

• Remove deprecated support to extend Rails console through Rails::ConsoleMethods.

  Rafael Mendonça França

• Remove deprecated file rails/console/helpers.

  Rafael Mendonça França

• Remove deprecated file rails/console/app.

  Rafael Mendonça França

... (truncated)

Commits

• cf6ff17 Preparing for 8.0.1 release
• 0bba3c2 Merge pull request #53936 from jsharpify/jsharpify/prism-parsing
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 0c1bb3a Sync CHANGELOG
• dab4ec3 Merge pull request #53807 from fatkodima/change-profile_reporter-parent
• 17fe84c Merge pull request #53776 from fatkodima/skip-ci-system-tests
• ec278dd Merge pull request #53741 from skipkayhil/hm-only-reload-helper
• 701d3e0 Merge pull request #53557 from gabrielso/authentication_avoid_query
• 0810e2c Merge pull request #53582 from eregon/patch-1
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[philippthun]

@dependabot rebase

[philippthun]

@dependabot rebase

[philippthun]

⚠️ Merge only after #4189 has been released and a new cf-deployment major version has been cut.