chore(deps): update dependency rails to v5.2.8.1

[renovate]

This PR contains the following updates:

Package	Update	Change
rails (source, changelog)	patch	'~> 7.0', '>= 7.0.6' -> '~> 5.0', '>= 5.2.8.1'

---

Release Notes

rails/rails (rails)

v5.2.8.1: 5.2.8.1

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as
  follows:

  • config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old
  "unsafe" YAML loading strategy, maintaining the existing behavior but leaving
  the possible escalation vulnerability in place. Setting this option to true
  is not recommended, but can aid in upgrading.

  • config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be deserialized
  by default. This option allows you to specify classes deemed "safe" in your
  application. For example, if your application uses Symbol and Time in
  serialized data, you can add Symbol and Time to the allowed list as follows:

  config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
  

  [CVE-2022-32224]

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Railties

• No changes.

v5.2.8: 5.2.8

Compare Source

Active Support

• Fix tag helper regression.

  Eileen Uchitelle

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Railties

• No changes.

v5.2.7.1: 5.2.7.1

Compare Source

Active Support

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters
  in names of tags and names of attributes, following the specification of XML.

  Álvaro Martín Fraguas

Active Model

• No changes.

Active Record

• No changes.

Action View

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Escape dangerous characters in names of tags and names of attributes in the
  tag helpers, following the XML specification. Rename the option
  :escape_attributes to :escape, to simplify by applying the option to the
  whole tag.

  Álvaro Martín Fraguas

Action Pack

• Allow Content Security Policy DSL to generate for API responses.

  Tim Wade

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Railties

• No changes.

v5.2.7: 5.2.7

Compare Source

Active Support

• Restore support to Ruby 2.2.

  ojab

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• Fix ActiveStorage.supported_image_processing_methods and
  ActiveStorage.unsupported_image_processing_arguments that were not being applied.

  Rafael Mendonça França

Railties

• No changes.

v5.2.6.3: 5.2.6.3

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• Added image transformation validation via configurable allow-list.

  Variant now offers a configurable allow-list for
  transformation methods in addition to a configurable deny-list for arguments.

  [CVE-2022-21831]

Railties

• No changes.

v5.2.6.2: 5.2.6.2

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix Reloader method signature to work with the new Executor signature

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Railties

• No changes.

v5.2.6.1: 5.2.6.1

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Under certain circumstances, the middleware isn't informed that the
  response body has been fully closed which result in request state not
  being fully reset before the next request

  [CVE-2022-23633]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Railties

• No changes.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

[06:38:36.886] INFO (9): Installing tool ruby v3.2.2...
[06:38:36.890] INFO (9): Preparing legacy tool ruby ...
installing v2 tool ruby v3.2.2
linking tool ruby v3.2.2
ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux]
gem 3.4.10
RubyGems Environment:
  - RUBYGEMS VERSION: 3.4.10
  - RUBY VERSION: 3.2.2 (2023-03-30 patchlevel 53) [x86_64-linux]
  - INSTALLATION DIRECTORY: /tmp/worker/7f9dcf/f5978a/cache/others/bundler
  - USER INSTALLATION DIRECTORY: /home/ubuntu/.local/share/gem/ruby/3.2.0
  - RUBY EXECUTABLE: /opt/containerbase/tools/ruby/3.2.2/bin/ruby
  - GIT EXECUTABLE: /usr/bin/git
  - EXECUTABLE DIRECTORY: /tmp/worker/7f9dcf/f5978a/cache/others/bundler/bin
  - SPEC CACHE DIRECTORY: /home/ubuntu/.local/share/gem/specs
  - SYSTEM CONFIGURATION DIRECTORY: /usr/local/ruby/3.2.2/etc
  - RUBYGEMS PLATFORMS:
     - ruby
     - x86_64-linux
  - GEM PATHS:
     - /tmp/worker/7f9dcf/f5978a/cache/others/bundler
     - /home/ubuntu/.local/share/gem/ruby/3.2.0
     - /opt/containerbase/tools/ruby/3.2.2/lib/ruby/gems/3.2.0
  - GEM CONFIGURATION:
     - :update_sources => true
     - :verbose => true
     - :backtrace => false
     - :bulk_threshold => 1000
     - "gem" => "--bindir /home/ubuntu/bin --no-document"
     - :benchmark => false
  - REMOTE SOURCES:
     - https://rubygems.org/
  - SHELL PATH:
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/bin
     - /home/ubuntu/.cargo/bin
     - /home/ubuntu/.local/bin
     - /go/bin
     - /home/ubuntu/bin
     - /home/ubuntu/bin
     - /usr/local/sbin
     - /usr/local/bin
     - /usr/sbin
     - /usr/bin
     - /sbin
     - /bin
[06:38:38.804] INFO (9): Installed tool ruby in 1.9s.
[06:38:38.925] INFO (93): Installing tool bundler v1.17.3...
[06:38:38.928] INFO (93): Preparing legacy tool bundler ...
installing v2 tool bundler v1.17.3
Successfully installed bundler-1.17.3
1 gem installed
linking tool bundler v1.17.3
[06:38:39.518] FATAL (93): Command failed with exit code 1: /usr/local/containerbase/bin/install-tool bundler 1.17.3
    err: {
      "type": "Error",
      "message": "Command failed with exit code 1: /usr/local/containerbase/bin/install-tool bundler 1.17.3",
      "stack":
          Error: Command failed with exit code 1: /usr/local/containerbase/bin/install-tool bundler 1.17.3
              at makeError (/snapshot/dist/containerbase-cli.js:44669:13)
              at handlePromise (/snapshot/dist/containerbase-cli.js:45124:29)
              at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
              at async InstallLegacyToolService.execute (/snapshot/dist/containerbase-cli.js:45383:5)
              at async InstallToolService.execute (/snapshot/dist/containerbase-cli.js:45536:7)
              at async InstallToolShortCommand.execute (/snapshot/dist/containerbase-cli.js:45603:14)
              at async InstallToolShortCommand.validateAndExecute (/snapshot/dist/containerbase-cli.js:1342:26)
              at async _Cli.run (/snapshot/dist/containerbase-cli.js:2455:22)
              at async _Cli.runExit (/snapshot/dist/containerbase-cli.js:2463:28)
              at async main (/snapshot/dist/containerbase-cli.js:45735:3)
      "shortMessage": "Command failed with exit code 1: /usr/local/containerbase/bin/install-tool bundler 1.17.3",
      "command": "/usr/local/containerbase/bin/install-tool bundler 1.17.3",
      "escapedCommand": "\"/usr/local/containerbase/bin/install-tool\" bundler 1.17.3",
      "exitCode": 1,
      "failed": true,
      "timedOut": false,
      "isCanceled": false,
      "killed": false
    }
[06:38:39.522] INFO (93): Installed tool bundler with errors in 597ms.

/opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:272:in `search_up': undefined method `untaint' for "/tmp/worker/7f9dcf/f5978a/repos/github/brucellino/hackfest-app":String (NoMethodError)

      current  = File.expand_path(SharedHelpers.pwd).untaint
                                                    ^^^^^^^^
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:259:in `find_file'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:251:in `find_gemfile'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/shared_helpers.rb:27:in `root'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler.rb:234:in `root'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler.rb:246:in `app_config_path'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler.rb:273:in `settings'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/feature_flag.rb:21:in `block in settings_method'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/cli.rb:97:in `<class:CLI>'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/cli.rb:7:in `<module:Bundler>'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/cli.rb:6:in `<top (required)>'
	from <internal:/opt/containerbase/tools/ruby/3.2.2/lib/ruby/3.2.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
	from <internal:/opt/containerbase/tools/ruby/3.2.2/lib/ruby/3.2.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/exe/bundle:23:in `block in <top (required)>'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/exe/bundler:4:in `load'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/gems/bundler-1.17.3/exe/bundler:4:in `<top (required)>'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/bin/bundler:25:in `load'
	from /opt/containerbase/tools/bundler/1.17.3/3.2/bin/bundler:25:in `<main>'

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update ('~> 5.0', '>= 5.2.8.1'). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.