@rails/ujs
Advanced tools
Comparing version 6.0.2 to 6.0.3-1
@@ -0,1 +1,31 @@ | ||
## Rails 6.0.3.1 (May 18, 2020) ## | ||
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs | ||
## Rails 6.0.3 (May 06, 2020) ## | ||
* annotated_source_code returns an empty array so TemplateErrors without a | ||
template in the backtrace are surfaced properly by DebugExceptions. | ||
*Guilherme Mansur*, *Kasper Timm Hansen* | ||
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions. | ||
*Guilherme Mansur*, *Gannon McGibbon* | ||
## Rails 6.0.2.2 (March 19, 2020) ## | ||
* Fix possible XSS vector in escape_javascript helper | ||
CVE-2020-5267 | ||
*Aaron Patterson* | ||
## Rails 6.0.2.1 (December 18, 2019) ## | ||
* No changes. | ||
## Rails 6.0.2 (December 13, 2019) ## | ||
@@ -2,0 +32,0 @@ |
@@ -250,4 +250,4 @@ /* | ||
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); | ||
CSRFProtection(xhr); | ||
} | ||
CSRFProtection(xhr); | ||
xhr.withCredentials = !!options.withCredentials; | ||
@@ -254,0 +254,0 @@ xhr.onreadystatechange = function() { |
{ | ||
"name": "@rails/ujs", | ||
"version": "6.0.2", | ||
"version": "6.0.3-1", | ||
"description": "Ruby on Rails unobtrusive scripting adapter", | ||
@@ -5,0 +5,0 @@ "main": "lib/assets/compiled/rails-ujs.js", |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
39573
1