Bump devise, rails, coffee-rails, responders, sprockets, heroku, nokogiri, sass-rails, jbuilder, angular_rails_csrf and angular-rails-templates

[dependabot]

Bumps devise, rails, coffee-rails, responders, sprockets, heroku, nokogiri, sass-rails, jbuilder, angular_rails_csrf and angular-rails-templates. These dependencies needed to be updated together.
Updates devise from 3.4.1 to 5.0.4

Release notes

Sourced from devise's releases.

v5.0.4

https://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08

v5.0.3

https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16

v5.0.2

https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18

v5.0.1

https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13

v5.0.0

https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23

v5.0.0.rc

https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31

v4.9.4

https://github.com/heartcombo/devise/blob/v4.9.4/CHANGELOG.md#494---2024-04-10

v4.9.3

https://github.com/heartcombo/devise/blob/v4.9.3/CHANGELOG.md#493---2023-10-11

v4.9.2

https://github.com/heartcombo/devise/blob/v4.9.2/CHANGELOG.md#unreleased

v4.9.1

https://github.com/heartcombo/devise/blob/v4.9.1/CHANGELOG.md#491---2023-03-31

v4.9.0

https://github.com/heartcombo/devise/blob/v4.9.0/CHANGELOG.md#490---2023-02-17

v4.8.1

No release notes provided.

v4.8.0

No release notes provided.

v4.7.1

No release notes provided.

v4.7.0

No release notes provided.

v4.6.2

No release notes provided.

v4.6.1

No release notes provided.

... (truncated)

Changelog

Sourced from devise's changelog.

5.0.4 - 2026-05-08

• security fixes
  • Fix open redirect in FailureApp via unvalidated Referer header on non-GET session timeout. CVE-2026-40295 GHSA-jp94-3292-c3xv

5.0.3 - 2026-03-16

• security fixes
  • Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 GHSA-57hq-95w6-v4fc #5783 #5784

5.0.2 - 2026-02-18

• enhancements
  • Allow resource class scopes to override the global configuration for sign_in_after_change_password behaviour. #5825
    • Note: some users ran into an issue with this change because RegistrationsController now relies on a setting from the :registerable module. These users were configuring their own routes pointing to the RegistrationsController for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted :registerable from the model declaration. While using just a portion of the controller functionality is a valid use for :registerable (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check this issue for more info.
  • Add sign_in_after_reset_password? check hook to passwords controller, to allow it to be customized by users. #5826

5.0.1 - 2026-02-13

• bug fixes
  • Fix translation issue with German E-Mail on invalid authentication messages caused by previous fix for incorrect grammar #5822

5.0.0 - 2026-01-23

no changes

5.0.0.rc - 2025-12-31

• breaking changes

  • Drop support to Ruby < 2.7

  • Drop support to Rails < 7.0

  • Remove deprecated :bypass option from sign_in helper, use bypass_sign_in instead. #5803

  • Remove deprecated devise_error_messages! helper, use render "devise/shared/error_messages", resource: resource instead. #5803

  • Remove deprecated scope second argument from sign_in(resource, :admin) controller test helper, use sign_in(resource, scope: :admin) instead. #5803

  • Remove deprecated Devise::TestHelpers, use Devise::Test::ControllerHelpers instead. #5803

  • Remove deprecated Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION #5598

  • Remove deprecated Devise.activerecord51? method.

  • Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.

    This is potentially a breaking change because Devise previously used the following order to find a secret key:

    app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base
    

    Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645

  • Change password instructions button label on devise view from Send me reset password instructions to Send me password reset instructions #5515

  • Change <br> tags separating form elements to wrapping them in <p> tags #5494

  • Replace [data-turbo-cache=false] with [data-turbo-temporary] on devise/shared/error_messages partial. This has been deprecated by Turbo since v7.3.0 (released on Mar 1, 2023).

... (truncated)

Commits

• 9ea459d Release v5.0.4 with sec fix for timeoutable
• 025fe21 Merge commit from fork
• 7ca7ed9 Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]
• 605de86 Update links to https [ci skip]
• 5e3a8bf Bundle update
• 5d20277 Cleanup old Rails.version check for db migration path
• 4ffb0b7 Fix Gemfile for Rails 7.2, incorrectly testing against 7.1
• 2f80920 Release v5.0.3
• 5334707 Add CVE to changelog [ci skip]
• 0252777 Fix race condition vulnerability, by ensuring the unconfirmed_email is alwa...
• Additional commits viewable in compare view

Updates rails from 4.2.0 to 8.1.3

Release notes

Sourced from rails's releases.

8.1.3

Active Support

• Fix JSONGemCoderEncoder to correctly serialize custom object hash keys.

  When hash keys are custom objects whose as_json returns a Hash, the encoder now calls to_s on the original key object instead of on the as_json result.

  Before: hash = {CustomKey.new(123) => "value"} hash.to_json # => {"{:id=>123}":"value"}

  After: hash.to_json # => {"custom_123":"value"}

  Dan Sharp

• Fix inflections to better handle overlapping acronyms.

  ActiveSupport::Inflector.inflections(:en) do |inflect|
    inflect.acronym "USD"
    inflect.acronym "USDC"
  end
  "USDC".underscore # => "usdc"

  Said Kaldybaev

• Silence Dalli 4.0+ warning when using ActiveSupport::Cache::MemCacheStore.

  zzak

Active Model

• Fix Ruby 4.0 delegator warning when calling inspect on attributes.

  Hammad Khan

• Fix NoMethodError when deserialising Type::Integer objects marshalled under Rails 8.0.

  The performance optimisation that replaced @range with @max/@min broke Marshal compatibility. Objects serialised under 8.0 (with @range) and deserialised under 8.1 (expecting @max/@min) would crash with undefined method '<=' for nil because Marshal.load restores instance variables without calling initialize.

... (truncated)

Commits

• fa8f081 Preparing for 8.1.3 release
• 63cef3d Merge branch '8-1-sec' into 8-1-stable
• 1db4b89 Preparing for 8.1.2.1 release
• 1c7d1cf Update changelog
• e91694b Update CHANGELOG (8.1 only)
• 6752711 Fix XSS in debug exceptions copy-to-clipboard
• 63f5ad8 Skip blank attribute names in Action View tag helpers
• 8c9676b Prevent glob injection in ActiveStorage DiskService#delete_prefixed
• 9b06fbc Prevent path traversal in ActiveStorage DiskService
• ec1a0e2 Improve performance of NumberToDelimitedConverter
• Additional commits viewable in compare view

Updates coffee-rails from 4.1.1 to 5.0.0

Changelog

Sourced from coffee-rails's changelog.

5.0.0 (Apr 23, 2019)

• Remove support to Rails < 5.2.
• Support Rails 6.

4.2.2 (May 24, 2017)

• Support digest resolution for coffee templates.

4.2.1 (June 30, 2016)

• Fix error in the gem package.

4.2.0 (June 30, 2016)

• Override js_template hook in the Rails generator to allow Rails to be CoffeeScript agnostic.

Commits

• 32a2939 Prepare to 5.0.0
• 6507f0a Set the javascripts generator option as true in the railtie
• 5f0e005 Point to rails repository
• 74214e8 Merge pull request #114 from larouxn/rails_6_support
• eff9c00 Revert folder structure changes, remove --javascripts flag
• e7ce694 Fix for exclusively Rails 6
• 69e6782 TESTING, use my fork of Rails
• fc8c48c Conditionally use Rails 6 folder stucture
• 5df5816 Merge pull request #111 from larouxn/stop_testing_below_ruby_2.2
• 9bead93 Merge pull request #112 from larouxn/update_travis_jruby_version
• Additional commits viewable in compare view

Updates responders from 2.1.1 to 3.2.0

Release notes

Sourced from responders's releases.

v3.2.0

https://github.com/heartcombo/responders/blob/v3.2.0/CHANGELOG.md#320

v3.1.1

https://github.com/heartcombo/responders/blob/v3.1.1/CHANGELOG.md#311

v3.1.0

https://github.com/heartcombo/responders/blob/v3.1.0/CHANGELOG.md#310

v3.0.1

No release notes provided.

v3.0.0

No release notes provided.

v2.4.1

No release notes provided.

Changelog

Sourced from responders's changelog.

3.2.0

• Add support for Ruby 3.3/3.4 and Rails 7.2/8.0/8.1. (no changes required)
• Drop support for Rails < 7 and Ruby < 2.7.

3.1.1

• Add support for Rails 7.1. (no changes required.)

3.1.0

• Add config responders.redirect_status to allow overriding the redirect code/status used in redirects. The default is 302 Found, which matches Rails, but it allows to change responders to redirect with 303 See Other for example, to make it more compatible with how Hotwire/Turbo expects redirects to work.
• Add config responders.error_status to allow overriding the status code used to respond to HTML or JS requests that have errors on the resource. The default is 200 OK, but it allows to change the response to be 422 Unprocessable Entity in such cases for example, which makes it more consistent with other statuses more commonly used in APIs (like JSON/XML), and works by default with Turbo/Hotwire which expects a 422 on form error HTML responses. Note that changing this may break your application if you're relying on the previous 2xx status to handle error cases.
• Add support for Ruby 3.0, 3.1, and 3.2, drop support for Ruby < 2.5.
• Add support for Rails 6.1 and 7.0, drop support for Rails < 5.2.
• Move CI to GitHub Actions.

3.0.1

• Add support to Ruby 2.7

3.0.0

• Remove support for Rails 4.2
• Remove support for Ruby < 2.4

2.4.1

• Add support for Rails 6 beta

2.4.0

• respond_with now accepts a new kwarg called :render which goes straight to the render call after an unsuccessful post request. Useful if for example you need to render a template which is outside of controller's path eg:

  respond_with resource, render: { template: 'path/to/template' }

2.3.0

• verify_request_format! is aliased to verify_requested_format! now.
• Implementing the interpolation_options method on your controller is deprecated in favor of naming it flash_interpolation_options instead.

2.2.0

• Added the verify_request_format! method, that can be used as a before_action callback to prevent your actions from being invoked when the controller does not respond to the request mime type, preventing the execution of complex queries or creating/deleting records from your app.

... (truncated)

Commits

• b20fdd2 Release v3.2.0
• 818ec07 Merge pull request #254 from heartcombo/ca-upgrade
• 19ee5c2 Update Ruby/Rails support
• 9cd1924 Update copyright, use new email [ci skip]
• 9bdc60d Merge pull request #249 from kianmeng/fix-typo
• 5f389bf Fix typo, compatibilty -> compatibility
• 5d4af94 Bump year [ci skip]
• 0a7b783 Add support to Ruby 3.3 (no changes required)
• 14f9dea Update to latest gems
• a677558 Fix link to old Rails 3 blog post (#247)
• Additional commits viewable in compare view

Updates sprockets from 2.12.3 to 3.7.5

Release notes

Sourced from sprockets's releases.

v3.7.0

• Deprecated interfaces now emit deprecation warnings #345

v3.6.3

• Faster asset lookup in large directories #336
• Faster PathUtils.match_path_extname rails/sprockets@697269c
• Fixed uglifier comment stripping #326
• Error messages now show load path info #313

v3.6.2

Performance improvements.

• rails/sprockets#320
• rails/sprockets#312

3.6.1

Some performance improvements

3.6.0

• Add Manifest#find_sources to return the source of the compiled assets.
• Fix the list of compressable mime types.
• Improve performance of the FileStore cache.

3.5.2

• Fix JRuby bug with concurrent-ruby.
• Fix disabling gzip generation in cached environments.

3.5.1

Fix gzip asset generation for assets already on disk.

3.5.0

• Reintroduce Gzip file generation for non-binary assets.

3.4.1

• PathUtils::Entries will no longer error on an empty directory.

3.4.0

Expose method to override the sass cache in the SassProcessor.

3.3.5

• Fix bug related to absolute path being reintroduced into history cache #141.

3.3.4

• Relative cache contents now work with windows.

3.3.3

• Remove more absolute paths from cache contents.

3.3.2

• Fix cache contents to use relative paths instead of absolute paths.

... (truncated)

Changelog

Sourced from sprockets's changelog.

3.7.5 (Spet 19, 2024)

• Fix Sprockets::Base#unescape #808.

3.7.4 (March 28, 2024)

• Fix deprecated calls to the uri gem.

3.7.3 (March 28, 2024)

• Various compatibility fixes for newer Ruby versions.

3.7.2 (June 19, 2018)

• Security release for CVE-2018-3760.

3.7.1 (December 19, 2016)

• Ruby 2.4 support for Sprockets 3.

3.7.0 (July 21, 2016)

• Deprecated interfaces now emit deprecation warnings #345

3.6.3 (July 1, 2016)

• Faster asset lookup in large directories #336
• Faster PathUtils.match_path_extname rails/sprockets@697269c
• Fixed uglifier comment stripping #326
• Error messages now show load path info #313

3.6.2 (June 21, 2016)

• More performance improvements.

3.6.1 (June 17, 2016)

• Some performance improvements.

3.6.0 (April 6, 2016)

• Add Manifest#find_sources to return the source of the compiled assets.
• Fix the list of compressable mime types.
• Improve performance of the FileStore cache.

3.5.2 (December 8, 2015)

• Fix JRuby bug with concurrent-ruby.
• Fix disabling gzip generation in cached environments.

... (truncated)

Commits

• 71f7713 Release 3.7.5
• 2952558 Merge pull request #808 from tricknotes/fix-sprockets-base-unescape-for-3.x
• 86ea3e2 Fix Sprockets::Base#unescape to avoid unexpected change landed in 3.7.4.
• fb92f7b Release 3.7.4
• 384bf45 Fix compatiblity with newer uri gem
• 0487291 Release 3.7.3
• d5e09e3 Merge pull request #804 from casperisfine/3.x-fix-erb-version-checking
• 45886ab Skip TestRequire on CI and older rubies
• 086c8ba Setup GitHub Actions
• 35350e2 Fix frozen string literal compatibility issues
• Additional commits viewable in compare view

Updates heroku from 3.42.33 to 3.99.4

Changelog

Sourced from heroku's changelog.

3.99.3 2017-06-05

Add deprecation message for all commands

3.99.2 2017-04-05

Fix duplicate command not found message

3.99.1 2017-03-17

Fix help and listing plugins

3.99.0 2017-03-13

Add deprecation message Use v5 CLI directly without analyzing commands

3.43.999 2017-02-22

Show deprecation message when being used

3.43.99 2017-02-22

Show deprecation message when being used

3.43.16 2016-12-11

Use heroku.com domain for SSL-Doctor

3.43.15 2016-12-06

Use heroku.com domain for SSL-Doctor

3.43.14 2016-11-11

Fix windows autoupdates

3.43.13 2016-10-28

Stop assuming domain for some private endpoints Fixes bug where proxy url had underscore in it

3.43.12 2016-09-07

Revert: Update rest-client gem because security vulnerabilities

3.43.11 2016-09-07

Update rest-client gem because security vulnerabilities

... (truncated)

Commits

• See full diff in compare view

Updates nokogiri from 1.6.7.2 to 1.19.3

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem

v1.19.2 / 2026-03-19

Dependencies

• [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

SHA256 Checksums

c34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem
7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem
b7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem
61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem
58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem
e9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem
8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem
7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem
fa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem
93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem
38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem

Full Changelog: sparklemotion/nokogiri@v1.19.1...v1.19.2

v1.19.1 / 2026-02-16

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

• Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
• [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.

v1.19.2 / 2026-03-19

Dependencies

• [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

v1.18.10 / 2025-09-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
• [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

... (truncated)

Commits

• c139a3d version bump to v1.19.3
• 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
• 03e7968 test: skip CSS tokenizer benchmarks on JRuby
• b984b7e fix: ReDoS in CSS tokenizer ident rule
• 0092623 fix: ReDoS in CSS tokenizer STRING rule
• ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
• ce188a3 doc: update CHANGELOG
• caeaac4 fix: memory leak in XSLT transform
• 25220bf dep(test): test against libxml-ruby v6 (#3618)
• 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
• Additional commits viewable in compare view

Updates sass-rails from 5.0.4 to 5.1.0

Release notes

Sourced from sass-rails's releases.

v5.0.7

• Remove ruby warnings

v5.0.6

• Fixes deprecation warnings on Sprockets 3 (#382)

  Richard Schneeman

5.0.5

• Support Rails 5

Commits

• 9c98c84 Prepare to 5.1.0
• bcc0725 Merge branch 'rm-test-with-rails-6' into 5-0-stable
• 72e9e21 Make the tests pass with all supported versions of rails
• 1860306 Update the example applications
• 9dfddee Remove support to old Rails versions
• d2bfbe6 Remove support to old rubies
• 4fd9731 Allow Rails 6 and test with all versions
• e2e189a Prepare for 5.0.7
• bb5c1d3 Merge pull request #403 from y-yagi/fix-ruby-warnings
• c76fc6d Merge pull request #404 from y-yagi/fix_broken_ci
• Additional commits viewable in compare view

Updates jbuilder from 2.4.0 to 2.14.1

Release notes

Sourced from jbuilder's releases.

v2.14.1

What's Changed

• Ensure that Jbuilder.encode properly forwards arguments to .new by @​flavorjones in rails/jbuilder#601

New Contributors

• @​flavorjones made their first contribution in rails/jbuilder#601

Full Changelog: rails/jbuilder@v2.14.0...v2.14.1

v2.14.0

What's Changed

• Drop support to Ruby < 3.0 and Rails < 7.0
• Test against Rails 8 and fix Rails 7 logger dependency by @​excid3 in rails/jbuilder#582
• Add status: :see_other to update action by @​excid3 in rails/jbuilder#583
• Force close final statement in templates by @​ienders in rails/jbuilder#578
• Optimize _is_collection? method by @​moberegger in rails/jbuilder#590
• Add #frozen_string_literal: true to all files by @​moberegger in rails/jbuilder#599
• Optimize _key to prevent string allocation when formatting Symbols by @​moberegger in rails/jbuilder#593
• Optimize key formatter by @​moberegger in rails/jbuilder#597
• Optimize internal extract! calls to save on memory allocation by @​moberegger in rails/jbuilder#598
• Fix regression in API controllers with view_cache_dependencies helper by @​excid3 in rails/jbuilder#575
• Optimize method_missing via alias_method by @​moberegger in rails/jbuilder#600
• Cleanup project for Rails 7+ support by @​moberegger in rails/jbuilder#594
• Fix warnings and prevent Jbuilder::VERSION constant from being obliterated by @​pixeltrix in rails/jbuilder#574
• Optimize memory allocation when rendering partials by @​moberegger in rails/jbuilder#591

New Contributors

• @​richardvenneman made their first contribution in rails/jbuilder#576
• @​ienders made their first contribution in rails/jbuilder#578
• @​moberegger made their first contribution in rails/jbuilder#590

Full Changelog: rails/jbuilder@v2.13.0...v2.14.0

v2.13.0

What's Changed

• Redirect to @record or path in controller generator by @​jeromedalbert in rails/jbuilder#569
• Return early from collection partial rendering if blank by @​tylerjc in rails/jbuilder#560
• Add missing ':see_other' status code in generated destroy controller method by @​ldeld in rails/jbuilder#538
• Remove OpenStruct references from Jbuilder by @​mtsmfm in rails/jbuilder#567
• Use new params.expect syntax instead of params.require by @​jeromedalbert in rails/jbuilder#573

New Contributors

• @​jeromedalbert made their first contribution in rails/jbuilder#570
• @​tylerjc made their first contribution in rails/jbuilder#560
• @​ldeld made their first contribution in rails/jbuilder#538
• @​mtsmfm made their first contribution in rails/jbuilder#567

Full Changelog: rails/jbuilder@v2.12.0...v2.13.0

... (truncated)

Commits

• 38339ad Prepare for 2.14.1
• 2400fd9 Merge pull request #601 from flavorjones/flavorjones/fix-encode-arguments
• a6863b5 Ensure that Jbuilder.encode properly forwards arguments to .new
• 30ba7df Prepare for 2.14.0
• 5f4af71 Merge pull request #591 from moberegger/moberegger/optimize_options_merges
• 6fd6c06 Small _set_inline_partial optimization
• b7b5abb Stop mutating options in partial! method
• 7e16adf Stop mutating options in set! method
• 8474b41 Remove _partial micro-optimization
• 9ffacf7 Merge pull request #574 from pixeltrix/fix-warnings-and-version-constant
• Additional commits viewable in compare view

Updates angular_rails_csrf from 1.0.4 to 7.0.2

Release notes

Sourced from angular_rails_csrf's releases.

Version 7.0.2

No release notes provided.

Version 7.0.1

No release notes provided.

Version 7.0.0

No release notes provided.

Version 6.0.0

No release notes provided.

Version 5.0.0

No release notes provided.

Version 4.5.0

No release notes provided.

Version 4.4.0

No release notes provided.

Version 4.3.0

No release notes provided.

Version 4.2.0

No release notes provided.

Version 4.1.0

Changes since 3.2.0:

• Added support for Rails 6.0
• Dropped support for Rails 4
• Updated dependencies, tested against more recent Rubies and Rails, prettified things a bit
• Added a new angular_rails_csrf_secure option

Version 4.0.1

No release notes provided.

Version 4.0.0

No release notes provided.

Version 3.2.0

No release notes provided.

Version 3.0.0

No release notes provided.

Version 2.1.1

No release notes provided.

... (truncated)

Changelog

Sourced from angular_rails_csrf's changelog.

7.0.2 (01-Nov-25)

• Test with Ruby 3.5
• Remove deprecation message, put into passive maintenance mode

7.0.1 (11-May-25)

• Test with Ruby 3.4
• Repo moved
• Add deprecation message

7.0.0 (12-Nov-24)

• Breaking change: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
• Set Railties dependency to < 9
• Test with Rails 8
• Do not test with Ruby 3.0 and 3.1

6.0.0 (14-Nov-23)

• Breaking change: drop support for Ruby < 3. If you need to support older Rubies, stay on v5. If you'd like to support even older stuff, v4.5.0 is your choice as it plays nicely with Rails 5.1 and Ruby 2.5.
• Test only with Rails 7
• Fix some failing tests, minor tweaks

5.0.0 (14-Dec-21)

• Add support for Rails 7.
• Test against Rails 6.1 and Rails 7.0.
• Test against Ruby 3.0.
• Rails 5.1 is not supported officially anymore (but should still work fine).
• Ruby < 2.7 is not supported anymore (has reached end of life) but should still work.

4.5.0 (21-Sep-20)

• Added a new HttpOnly option (thanks, @​Lubo-mir)
• Introduced some code refactorings

4.4.0 (04-Aug-20)

• Make the gem play nicely with controllers that do not have protect_against_forgery? method defined — for example, certain Doorkeeper controllers (thanks, @​amenz)
• Updated dependencies and cops

4.3.0 (18-May-20)

• Ruby version 2.4 is no longer officially supported (though it still should work) - this is also due to the fact that v2.4 is abanoded by Ruby core team as well. Required Ruby version is now 2.5+ according to version compatibility.
• Dropped backwards compatibility with older versions of Rails (v4 and below). If you require Rails 4 support, use angular_rails_csrf v3.
• Increased test coverage up to 100%.

4.2.0 (31-Mar-20)

... (truncated)

Commits

• cc2bb19 remove deprecation notice (#56)
• d021ec6 update ci perms
• 954f88d update testing matrix
• 81d345c 7.0.1
• 7c1cf17 prepare for new version"
• 4e38cb3 bump [skip ci]
• 9cf140e prepare for new version
• 2f7d587 Update rails requirement from 8.0.1 to 8.0.2 (#54)
• 0718fe3 Update rails requirement from 8.0.0 to 8.0.1 (#53)
• 067480c Update README.md [skip ci]
• Additional commits viewable in compare view

Updates angular-rails-templates from 0.2.0 to 1.4.0

Release notes

Sourced from angular-rails-templates's releases.

v1.3.1

What's Changed

• Fix broken tests due to missing Logger by @​ehelms in pitr/angular-rails-templates#174
• Rely on the digest class defined by Rails by @​ehelms in pitr/angular-rails-templates#173
• Release v1.3.1 by @​mathieujobin in pitr/angular-rails-templates#176

New Contributors

• @​ehelms made their first contribution in pitr/angular-rails-templates#174

Full Changelog: pitr/angular-rails-templates@v1.3.0...v1.3.1

v1.2.1

No release notes provided.

v1.2.0

No release notes provided.

Changelog

Sourced from angular-rails-templates's changelog.

1.4.0

• Support Rails 8.1 (#178) (Jade Alejandra Ornelas)

1.3.1

• Fix broken tests due to missing Logger (#174) (Eric Helms)
• Rely on the digest class defined by Rails (#173) (Eric Helms)

1.3.0

• Support Rails 8 (#172) (Eric Pugh)

1.2.2

• Support Rails 7.2 (#170) (Mansoor Khan)

1.2.1

• Support Rails 7.1 (#169) (Mathieu Jobin)

1.2.0

• Support Rails 7

1.1.0

• Support Rails 6
• Use global Rails namespace [merqlove, #148]

1.0.2

• Silence deprecation warning on sprockets 3.7 [kressh, #145]

1.0.1

• Better support for Rails 5 and Sprockets 4 [merqlove/sandrew, #142]

1.0.0

• Add support for Rails 5.0 [pitr, #131]

1.0.0.beta2

• Loading tilt gem before using
• Configurable extension .html [speranskydanil, #99]
• Default inside_paths is a relative path [redterror, #108]
• Do not process files outside inside_paths path [keenahn, #113]

1.0.0.beta1

... (truncated)

Commits

• 669a0dd release 1.4.0
• 1bd9d56 Merge pull request #178 from zoobean/rails-8-1-support
• 436e4f3 Merge branch 'master' into rails-8-1-support
• f19c249 Merge pull request #179 from pitr/upgrade-stuff
• 805dba1 fix quotations in test
• df60b41 fix build badge
• 6c99d12 README cleanup
• 820d7c1 move to coveralls_reborn, use latest ubuntu runners
• 7dce531 use latest ubuntu
• 857cfc7 Rails 8.1 support
• Additional commits viewable in