@rails/ujs
Advanced tools
Comparing version 6.0.3 to 6.1.0-rc1
363
CHANGELOG.md
@@ -1,319 +0,260 @@ | ||
## Rails 6.0.3 (May 06, 2020) ## | ||
## Rails 6.1.0.rc1 (November 02, 2020) ## | ||
* annotated_source_code returns an empty array so TemplateErrors without a | ||
template in the backtrace are surfaced properly by DebugExceptions. | ||
* Yield translated strings to calls of `ActionView::FormBuilder#button` | ||
when a block is given. | ||
*Guilherme Mansur*, *Kasper Timm Hansen* | ||
*Sean Doyle* | ||
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions. | ||
* Alias `ActionView::Helpers::Tags::Label::LabelBuilder#translation` to | ||
`#to_s` so that `form.label` calls can yield that value to their blocks. | ||
*Guilherme Mansur*, *Gannon McGibbon* | ||
*Sean Doyle* | ||
* Rename the new `TagHelper#class_names` method to `TagHelper#token_list`, | ||
and make the original available as an alias. | ||
## Rails 6.0.2.2 (March 19, 2020) ## | ||
token_list("foo", "foo bar") | ||
# => "foo bar" | ||
* Fix possible XSS vector in escape_javascript helper | ||
*Sean Doyle* | ||
CVE-2020-5267 | ||
* ARIA Array and Hash attributes are treated as space separated `DOMTokenList` | ||
values. This is useful when declaring lists of label text identifiers in | ||
`aria-labelledby` or `aria-describedby`. | ||
*Aaron Patterson* | ||
tag.input type: 'checkbox', name: 'published', aria: { | ||
invalid: @post.errors[:published].any?, | ||
labelledby: ['published_context', 'published_label'], | ||
describedby: { published_errors: @post.errors[:published].any? } | ||
} | ||
#=> <input | ||
type="checkbox" name="published" aria-invalid="true" | ||
aria-labelledby="published_context published_label" | ||
aria-describedby="published_errors" | ||
> | ||
*Sean Doyle* | ||
## Rails 6.0.2.1 (December 18, 2019) ## | ||
* Remove deprecated `escape_whitelist` from `ActionView::Template::Handlers::ERB`. | ||
* No changes. | ||
*Rafael Mendonça França* | ||
* Remove deprecated `find_all_anywhere` from `ActionView::Resolver`. | ||
## Rails 6.0.2 (December 13, 2019) ## | ||
*Rafael Mendonça França* | ||
* No changes. | ||
* Remove deprecated `formats` from `ActionView::Template::HTML`. | ||
*Rafael Mendonça França* | ||
## Rails 6.0.1 (November 5, 2019) ## | ||
* Remove deprecated `formats` from `ActionView::Template::RawFile`. | ||
* UJS avoids `Element.closest()` for IE 9 compatibility. | ||
*Rafael Mendonça França* | ||
*George Claghorn* | ||
* Remove deprecated `formats` from `ActionView::Template::Text`. | ||
*Rafael Mendonça França* | ||
## Rails 6.0.0 (August 16, 2019) ## | ||
* Remove deprecated `find_file` from `ActionView::PathSet`. | ||
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0. | ||
*Rafael Mendonça França* | ||
*Juanito Fatas* | ||
* Remove deprecated `rendered_format` from `ActionView::LookupContext`. | ||
*Rafael Mendonça França* | ||
## Rails 6.0.0.rc2 (July 22, 2019) ## | ||
* Remove deprecated `find_file` from `ActionView::ViewPaths`. | ||
* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present. | ||
*Rafael Mendonça França* | ||
*Younes SERRAJ* | ||
* Require that `ActionView::Base` subclasses implement `#compiled_method_container`. | ||
*Rafael Mendonça França* | ||
## Rails 6.0.0.rc1 (April 24, 2019) ## | ||
* Remove deprecated support to pass an object that is not a `ActionView::LookupContext` as the first argument | ||
in `ActionView::Base#initialize`. | ||
* Fix partial caching skips same item issue | ||
*Rafael Mendonça França* | ||
If we render cached collection partials with repeated items, those repeated items | ||
will get skipped. For example, if you have 5 identical items in your collection, Rails | ||
only renders the first one when `cached` is set to true. But it should render all | ||
5 items instead. | ||
* Remove deprecated `format` argument `ActionView::Base#initialize`. | ||
Fixes #35114. | ||
*Rafael Mendonça França* | ||
*Stan Lo* | ||
* Remove deprecated `ActionView::Template#refresh`. | ||
* Only clear ActionView cache in development on file changes | ||
*Rafael Mendonça França* | ||
To speed up development mode, view caches are only cleared when files in | ||
the view paths have changed. Applications which have implemented custom | ||
`ActionView::Resolver` subclasses may need to add their own cache clearing. | ||
* Remove deprecated `ActionView::Template#original_encoding`. | ||
*John Hawthorn* | ||
*Rafael Mendonça França* | ||
* Fix `ActionView::FixtureResolver` so that it handles template variants correctly. | ||
* Remove deprecated `ActionView::Template#variants`. | ||
*Edward Rudd* | ||
*Rafael Mendonça França* | ||
* `ActionView::TemplateRender.render(file: )` now renders the file directly, | ||
without using any handlers, using the new `Template::RawFile` class. | ||
* Remove deprecated `ActionView::Template#formats`. | ||
*John Hawthorn*, *Cliff Pruitt* | ||
*Rafael Mendonça França* | ||
* Remove deprecated `ActionView::Template#virtual_path=`. | ||
## Rails 6.0.0.beta3 (March 11, 2019) ## | ||
*Rafael Mendonça França* | ||
* Only accept formats from registered mime types | ||
* Remove deprecated `ActionView::Template#updated_at`. | ||
A lack of filtering on mime types could allow an attacker to read | ||
arbitrary files on the target server or to perform a denial of service | ||
attack. | ||
*Rafael Mendonça França* | ||
Fixes CVE-2019-5418 | ||
Fixes CVE-2019-5419 | ||
* Remove deprecated `updated_at` argument required on `ActionView::Template#initialize`. | ||
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* | ||
*Rafael Mendonça França* | ||
* Make `locals` argument required on `ActionView::Template#initialize`. | ||
## Rails 6.0.0.beta2 (February 25, 2019) ## | ||
*Rafael Mendonça França* | ||
* `ActionView::Template.finalize_compiled_template_methods` is deprecated with | ||
no replacement. | ||
* Remove deprecated `ActionView::Template.finalize_compiled_template_methods`. | ||
*tenderlove* | ||
*Rafael Mendonça França* | ||
* `config.action_view.finalize_compiled_template_methods` is deprecated with | ||
no replacement. | ||
* Remove deprecated `config.action_view.finalize_compiled_template_methods` | ||
*tenderlove* | ||
*Rafael Mendonça França* | ||
* Ensure unique DOM IDs for collection inputs with float values. | ||
* Remove deprecated support to calling `ActionView::ViewPaths#with_fallback` with a block. | ||
Fixes #34974. | ||
*Rafael Mendonça França* | ||
*Mark Edmondson* | ||
* Remove deprecated support to passing absolute paths to `render template:`. | ||
* Single arity template handlers are deprecated. Template handlers must | ||
now accept two parameters, the view object and the source for the view object. | ||
*Rafael Mendonça França* | ||
*tenderlove* | ||
* Remove deprecated support to passing relative paths to `render file:`. | ||
*Rafael Mendonça França* | ||
## Rails 6.0.0.beta1 (January 18, 2019) ## | ||
* Remove support to template handlers that don't accept two arguments. | ||
* [Rename npm package](https://github.com/rails/rails/pull/34905) from | ||
[`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to | ||
[`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs). | ||
*Rafael Mendonça França* | ||
*Javan Makhmali* | ||
* Remove deprecated pattern argument in `ActionView::Template::PathResolver`. | ||
* Remove deprecated `image_alt` helper. | ||
*Rafael Mendonça França* | ||
* Fix the need of `#protect_against_forgery?` method defined in | ||
`ActionView::Base` subclasses. This prevents the use of forms and buttons. | ||
* Remove deprecated support to call private methods from object in some view helpers. | ||
*Genadi Samokovarov* | ||
*Rafael Mendonça França* | ||
* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms. | ||
* `ActionView::Helpers::TranslationHelper#translate` accepts a block, yielding | ||
the translated text and the fully resolved translation key: | ||
Fixes #33889. | ||
<%= translate(".relative_key") do |translation, resolved_key| %> | ||
<span title="<%= resolved_key %>"><%= translation %></span> | ||
<% end %> | ||
*Wolfgang Hobmaier* | ||
*Sean Doyle* | ||
* Prevent non-primary mouse keys from triggering Rails UJS click handlers. | ||
Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks. | ||
For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur. | ||
* Ensure cache fragment digests include all relevant template dependencies when | ||
fragments are contained in a block passed to the render helper. Remove the | ||
virtual_path keyword arguments found in CacheHelper as they no longer possess | ||
any function following 1581cab. | ||
``` | ||
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %> | ||
``` | ||
Fixes #38984. | ||
Fixes #34541. | ||
*Aaron Lipman* | ||
*Wolfgang Hobmaier* | ||
* Deprecate `config.action_view.raise_on_missing_translations` in favor of | ||
`config.i18n.raise_on_missing_translations`. | ||
* Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines. | ||
New generalized configuration option now determines whether an error should be raised | ||
for missing translations in controllers and views. | ||
For example, given input like this: | ||
*fatkodima* | ||
``` | ||
This is a paragraph with an initial indent, | ||
followed by additional lines that are not indented, | ||
and finally terminated with a blockquote: | ||
"A pithy saying" | ||
``` | ||
* Instrument layout rendering in `TemplateRenderer#render_with_layout` as `render_layout.action_view`, | ||
and include (when necessary) the layout's virtual path in notification payloads for collection and partial renders. | ||
Calling `word_wrap` should not trim the indents on the first and last lines. | ||
*Zach Kemp* | ||
Fixes #34487. | ||
* `ActionView::Base.annotate_rendered_view_with_filenames` annotates HTML output with template file names. | ||
*Lyle Mullican* | ||
*Joel Hawksley*, *Aaron Patterson* | ||
* Add allocations to template rendering instrumentation. | ||
* `ActionView::Helpers::TranslationHelper#translate` returns nil when | ||
passed `default: nil` without a translation matching `I18n#translate`. | ||
Adds the allocations for template and partial rendering to the server output on render. | ||
*Stefan Wrobel* | ||
``` | ||
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004) | ||
Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654) | ||
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564) | ||
``` | ||
* `OptimizedFileSystemResolver` prefers template details in order of locale, | ||
formats, variants, handlers. | ||
*Eileen M. Uchitelle*, *Aaron Patterson* | ||
*Iago Pimenta* | ||
* Respect the `only_path` option passed to `url_for` when the options are passed in as an array | ||
* Added `class_names` helper to create a CSS class value with conditional classes. | ||
Fixes #33237. | ||
*Joel Hawksley*, *Aaron Patterson* | ||
*Joel Ambass* | ||
* Add support for conditional values to TagBuilder. | ||
* Deprecate calling private model methods from view helpers. | ||
*Joel Hawksley* | ||
For example, in methods like `options_from_collection_for_select` | ||
and `collection_select` it is possible to call private methods from | ||
the objects used. | ||
* `ActionView::Helpers::FormOptionsHelper#select` should mark option for `nil` as selected. | ||
Fixes #33546. | ||
```ruby | ||
@post = Post.new | ||
@post.category = nil | ||
*Ana María Martínez Gómez* | ||
# Before | ||
select("post", "category", none: nil, programming: 1, economics: 2) | ||
# => | ||
# <select name="post[category]" id="post_category"> | ||
# <option value="">none</option> | ||
# <option value="1">programming</option> | ||
# <option value="2">economics</option> | ||
# </select> | ||
* Fix issue with `button_to`'s `to_form_params` | ||
# After | ||
select("post", "category", none: nil, programming: 1, economics: 2) | ||
# => | ||
# <select name="post[category]" id="post_category"> | ||
# <option selected="selected" value="">none</option> | ||
# <option value="1">programming</option> | ||
# <option value="2">economics</option> | ||
# </select> | ||
``` | ||
`button_to` was throwing exception when invoked with `params` hash that | ||
contains symbol and string keys. The reason for the exception was that | ||
`to_form_params` was comparing the given symbol and string keys. | ||
*bogdanvlviv* | ||
The issue is fixed by turning all keys to strings inside | ||
`to_form_params` before comparing them. | ||
* Log lines for partial renders and started template renders are now | ||
emitted at the `DEBUG` level instead of `INFO`. | ||
*Georgi Georgiev* | ||
Completed template renders are still logged at the `INFO` level. | ||
* Mark arrays of translations as trusted safe by using the `_html` suffix. | ||
*DHH* | ||
Example: | ||
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0. | ||
en: | ||
foo_html: | ||
- "One" | ||
- "<strong>Two</strong>" | ||
- "Three 👋 🙂" | ||
*Juanito Fatas* | ||
*Juan Broullon* | ||
* Added `phone_to` helper method to create a link from mobile numbers. | ||
* Add `year_format` option to date_select tag. This option makes it possible to customize year | ||
names. Lambda should be passed to use this option. | ||
*Pietro Moro* | ||
Example: | ||
* annotated_source_code returns an empty array so TemplateErrors without a | ||
template in the backtrace are surfaced properly by DebugExceptions. | ||
date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" }) | ||
*Guilherme Mansur*, *Kasper Timm Hansen* | ||
The HTML produced: | ||
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions. | ||
<select id="user_birthday__1i" name="user_birthday[(1i)]"> | ||
<option value="1998">Heisei 10</option> | ||
<option value="1999">Heisei 11</option> | ||
<option value="2000">Heisei 12</option> | ||
</select> | ||
/* The rest is omitted */ | ||
*Guilherme Mansur*, *Gannon McGibbon* | ||
*Koki Ryu* | ||
* `RenderingHelper` supports rendering objects that `respond_to?` `:render_in`. | ||
* Fix JavaScript views rendering does not work with Firefox when using | ||
Content Security Policy. | ||
*Joel Hawksley*, *Natasha Umer*, *Aaron Patterson*, *Shawn Allen*, *Emily Plummer*, *Diana Mounter*, *John Hawthorn*, *Nathan Herald*, *Zaid Zawaideh*, *Zach Ahn* | ||
Fixes #32577. | ||
* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present. | ||
*Yuji Yaginuma* | ||
*Younes SERRAJ* | ||
* Add the `nonce: true` option for `javascript_include_tag` helper to | ||
support automatic nonce generation for Content Security Policy. | ||
Works the same way as `javascript_tag nonce: true` does. | ||
*Yaroslav Markin* | ||
* Remove `ActionView::Helpers::RecordTagHelper`. | ||
*Yoshiyuki Hirano* | ||
* Disable `ActionView::Template` finalizers in test environment. | ||
Template finalization can be expensive in large view test suites. | ||
Add a configuration option, | ||
`action_view.finalize_compiled_template_methods`, and turn it off in | ||
the test environment. | ||
*Simon Coffey* | ||
* Extract the `confirm` call in its own, overridable method in `rails_ujs`. | ||
Example: | ||
Rails.confirm = function(message, element) { | ||
return (my_bootstrap_modal_confirm(message)); | ||
} | ||
*Mathieu Mahé* | ||
* Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required` | ||
field. | ||
Example: | ||
select :post, | ||
:category, | ||
["lifestyle", "programming", "spiritual"], | ||
{ selected: "", disabled: "", prompt: "Choose one" }, | ||
{ required: true } | ||
Placeholder option would be selected and disabled. | ||
The HTML produced: | ||
<select required="required" name="post[category]" id="post_category"> | ||
<option disabled="disabled" selected="selected" value="">Choose one</option> | ||
<option value="lifestyle">lifestyle</option> | ||
<option value="programming">programming</option> | ||
<option value="spiritual">spiritual</option></select> | ||
*Sergey Prikhodko* | ||
* Don't enforce UTF-8 by default. | ||
With the disabling of TLS 1.0 by most major websites, continuing to run | ||
IE8 or lower becomes increasingly difficult so default to not enforcing | ||
UTF-8 encoding as it's not relevant to other browsers. | ||
*Andrew White* | ||
* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`. | ||
*Rui Onodera* | ||
* Rails 6 requires Ruby 2.5.0 or newer. | ||
*Jeremy Daer*, *Kasper Timm Hansen* | ||
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes. | ||
Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md) for previous changes. |
@@ -250,4 +250,4 @@ /* | ||
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); | ||
CSRFProtection(xhr); | ||
} | ||
CSRFProtection(xhr); | ||
xhr.withCredentials = !!options.withCredentials; | ||
@@ -254,0 +254,0 @@ xhr.onreadystatechange = function() { |
{ | ||
"name": "@rails/ujs", | ||
"version": "6.0.3", | ||
"version": "6.1.0-rc1", | ||
"description": "Ruby on Rails unobtrusive scripting adapter", | ||
@@ -31,3 +31,3 @@ "main": "lib/assets/compiled/rails-ujs.js", | ||
}, | ||
"homepage": "http://rubyonrails.org/", | ||
"homepage": "https://rubyonrails.org/", | ||
"devDependencies": { | ||
@@ -34,0 +34,0 @@ "coffeelint": "^2.1.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
38302
372156
1
15