@rails/ujs - npm Package Compare versions

Comparing version 6.0.2 to 6.0.3-1

CHANGELOG.md

		@@ -0,1 +1,31 @@
		## Rails 6.0.3.1 (May 18, 2020) ##

		* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs

		## Rails 6.0.3 (May 06, 2020) ##

		* annotated_source_code returns an empty array so TemplateErrors without a
		template in the backtrace are surfaced properly by DebugExceptions.

		Guilherme Mansur, Kasper Timm Hansen

		* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.

		Guilherme Mansur, Gannon McGibbon


		## Rails 6.0.2.2 (March 19, 2020) ##

		* Fix possible XSS vector in escape_javascript helper

		CVE-2020-5267

		Aaron Patterson


		## Rails 6.0.2.1 (December 18, 2019) ##

		* No changes.


		## Rails 6.0.2 (December 13, 2019) ##
		@@ -2,0 +32,0 @@

lib/assets/compiled/rails-ujs.js

		@@ -250,4 +250,4 @@ /*
		xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
		CSRFProtection(xhr);
		}
		CSRFProtection(xhr);
		xhr.withCredentials = !!options.withCredentials;
		@@ -254,0 +254,0 @@ xhr.onreadystatechange = function() {

package.json

		{
		"name": "@rails/ujs",
		"version": "6.0.2",
		"version": "6.0.3-1",
		"description": "Ruby on Rails unobtrusive scripting adapter",
		@@ -5,0 +5,0 @@ "main": "lib/assets/compiled/rails-ujs.js",

README.rdoc

Sorry, the diff of this file is not supported yet

New alerts