@rails/ujs - npm Package Compare versions

Comparing version 6.0.3 to 6.1.0-rc1

363

CHANGELOG.md

		@@ -1,319 +0,260 @@
		## Rails 6.0.3 (May 06, 2020) ##
		## Rails 6.1.0.rc1 (November 02, 2020) ##

		* annotated_source_code returns an empty array so TemplateErrors without a
		template in the backtrace are surfaced properly by DebugExceptions.
		* Yield translated strings to calls of `ActionView::FormBuilder#button`
		when a block is given.

		Guilherme Mansur, Kasper Timm Hansen
		Sean Doyle

		* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
		* Alias `ActionView::Helpers::Tags::Label::LabelBuilder#translation` to
		`#to_s` so that `form.label` calls can yield that value to their blocks.

		Guilherme Mansur, Gannon McGibbon
		Sean Doyle

		* Rename the new `TagHelper#class_names` method to `TagHelper#token_list`,
		and make the original available as an alias.

		## Rails 6.0.2.2 (March 19, 2020) ##
		token_list("foo", "foo bar")
		# => "foo bar"

		* Fix possible XSS vector in escape_javascript helper
		Sean Doyle

		CVE-2020-5267
		* ARIA Array and Hash attributes are treated as space separated `DOMTokenList`
		values. This is useful when declaring lists of label text identifiers in
		`aria-labelledby` or `aria-describedby`.

		Aaron Patterson
		tag.input type: 'checkbox', name: 'published', aria: {
		invalid: @post.errors[:published].any?,
		labelledby: ['published_context', 'published_label'],
		describedby: { published_errors: @post.errors[:published].any? }
		}
		#=> <input
		type="checkbox" name="published" aria-invalid="true"
		aria-labelledby="published_context published_label"
		aria-describedby="published_errors"
		>

		Sean Doyle

		## Rails 6.0.2.1 (December 18, 2019) ##
		* Remove deprecated `escape_whitelist` from `ActionView::Template::Handlers::ERB`.

		* No changes.
		Rafael Mendonça França

		* Remove deprecated `find_all_anywhere` from `ActionView::Resolver`.

		## Rails 6.0.2 (December 13, 2019) ##
		Rafael Mendonça França

		* No changes.
		* Remove deprecated `formats` from `ActionView::Template::HTML`.

		Rafael Mendonça França

		## Rails 6.0.1 (November 5, 2019) ##
		* Remove deprecated `formats` from `ActionView::Template::RawFile`.

		* UJS avoids `Element.closest()` for IE 9 compatibility.
		Rafael Mendonça França

		George Claghorn
		* Remove deprecated `formats` from `ActionView::Template::Text`.

		Rafael Mendonça França

		## Rails 6.0.0 (August 16, 2019) ##
		* Remove deprecated `find_file` from `ActionView::PathSet`.

		* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
		Rafael Mendonça França

		Juanito Fatas
		* Remove deprecated `rendered_format` from `ActionView::LookupContext`.

		Rafael Mendonça França

		## Rails 6.0.0.rc2 (July 22, 2019) ##
		* Remove deprecated `find_file` from `ActionView::ViewPaths`.

		* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
		Rafael Mendonça França

		Younes SERRAJ
		* Require that `ActionView::Base` subclasses implement `#compiled_method_container`.

		Rafael Mendonça França

		## Rails 6.0.0.rc1 (April 24, 2019) ##
		* Remove deprecated support to pass an object that is not a `ActionView::LookupContext` as the first argument
		in `ActionView::Base#initialize`.

		* Fix partial caching skips same item issue
		Rafael Mendonça França

		If we render cached collection partials with repeated items, those repeated items
		will get skipped. For example, if you have 5 identical items in your collection, Rails
		only renders the first one when `cached` is set to true. But it should render all
		5 items instead.
		* Remove deprecated `format` argument `ActionView::Base#initialize`.

		Fixes #35114.
		Rafael Mendonça França

		Stan Lo
		* Remove deprecated `ActionView::Template#refresh`.

		* Only clear ActionView cache in development on file changes
		Rafael Mendonça França

		To speed up development mode, view caches are only cleared when files in
		the view paths have changed. Applications which have implemented custom
		`ActionView::Resolver` subclasses may need to add their own cache clearing.
		* Remove deprecated `ActionView::Template#original_encoding`.

		John Hawthorn
		Rafael Mendonça França

		* Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
		* Remove deprecated `ActionView::Template#variants`.

		Edward Rudd
		Rafael Mendonça França

		* `ActionView::TemplateRender.render(file: )` now renders the file directly,
		without using any handlers, using the new `Template::RawFile` class.
		* Remove deprecated `ActionView::Template#formats`.

		John Hawthorn, Cliff Pruitt
		Rafael Mendonça França

		* Remove deprecated `ActionView::Template#virtual_path=`.

		## Rails 6.0.0.beta3 (March 11, 2019) ##
		Rafael Mendonça França

		* Only accept formats from registered mime types
		* Remove deprecated `ActionView::Template#updated_at`.

		A lack of filtering on mime types could allow an attacker to read
		arbitrary files on the target server or to perform a denial of service
		attack.
		Rafael Mendonça França

		Fixes CVE-2019-5418
		Fixes CVE-2019-5419
		* Remove deprecated `updated_at` argument required on `ActionView::Template#initialize`.

		John Hawthorn, Eileen M. Uchitelle, Aaron Patterson
		Rafael Mendonça França

		* Make `locals` argument required on `ActionView::Template#initialize`.

		## Rails 6.0.0.beta2 (February 25, 2019) ##
		Rafael Mendonça França

		* `ActionView::Template.finalize_compiled_template_methods` is deprecated with
		no replacement.
		* Remove deprecated `ActionView::Template.finalize_compiled_template_methods`.

		tenderlove
		Rafael Mendonça França

		* `config.action_view.finalize_compiled_template_methods` is deprecated with
		no replacement.
		* Remove deprecated `config.action_view.finalize_compiled_template_methods`

		tenderlove
		Rafael Mendonça França

		* Ensure unique DOM IDs for collection inputs with float values.
		* Remove deprecated support to calling `ActionView::ViewPaths#with_fallback` with a block.

		Fixes #34974.
		Rafael Mendonça França

		Mark Edmondson
		* Remove deprecated support to passing absolute paths to `render template:`.

		* Single arity template handlers are deprecated. Template handlers must
		now accept two parameters, the view object and the source for the view object.
		Rafael Mendonça França

		tenderlove
		* Remove deprecated support to passing relative paths to `render file:`.

		Rafael Mendonça França

		## Rails 6.0.0.beta1 (January 18, 2019) ##
		* Remove support to template handlers that don't accept two arguments.

		* [Rename npm package](https://github.com/rails/rails/pull/34905) from
		[`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
		[`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
		Rafael Mendonça França

		Javan Makhmali
		* Remove deprecated pattern argument in `ActionView::Template::PathResolver`.

		* Remove deprecated `image_alt` helper.

		Rafael Mendonça França

		* Fix the need of `#protect_against_forgery?` method defined in
		`ActionView::Base` subclasses. This prevents the use of forms and buttons.
		* Remove deprecated support to call private methods from object in some view helpers.

		Genadi Samokovarov
		Rafael Mendonça França

		* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
		* `ActionView::Helpers::TranslationHelper#translate` accepts a block, yielding
		the translated text and the fully resolved translation key:

		Fixes #33889.
		<%= translate(".relative_key") do \|translation, resolved_key\| %>
		<span title="<%= resolved_key %>"><%= translation %></span>
		<% end %>

		Wolfgang Hobmaier
		Sean Doyle

		* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
		Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
		For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
		* Ensure cache fragment digests include all relevant template dependencies when
		fragments are contained in a block passed to the render helper. Remove the
		virtual_path keyword arguments found in CacheHelper as they no longer possess
		any function following 1581cab.

		```
		<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
		```
		Fixes #38984.

		Fixes #34541.
		Aaron Lipman

		Wolfgang Hobmaier
		* Deprecate `config.action_view.raise_on_missing_translations` in favor of
		`config.i18n.raise_on_missing_translations`.

		* Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
		New generalized configuration option now determines whether an error should be raised
		for missing translations in controllers and views.

		For example, given input like this:
		fatkodima

		```
		This is a paragraph with an initial indent,
		followed by additional lines that are not indented,
		and finally terminated with a blockquote:
		"A pithy saying"
		```
		* Instrument layout rendering in `TemplateRenderer#render_with_layout` as `render_layout.action_view`,
		and include (when necessary) the layout's virtual path in notification payloads for collection and partial renders.

		Calling `word_wrap` should not trim the indents on the first and last lines.
		Zach Kemp

		Fixes #34487.
		* `ActionView::Base.annotate_rendered_view_with_filenames` annotates HTML output with template file names.

		Lyle Mullican
		Joel Hawksley, Aaron Patterson

		* Add allocations to template rendering instrumentation.
		* `ActionView::Helpers::TranslationHelper#translate` returns nil when
		passed `default: nil` without a translation matching `I18n#translate`.

		Adds the allocations for template and partial rendering to the server output on render.
		Stefan Wrobel

		```
		Rendered posts/_form.html.erb (Duration: 7.1ms \| Allocations: 6004)
		Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms \| Allocations: 6654)
		Completed 200 OK in 858ms (Views: 848.4ms \| ActiveRecord: 0.4ms \| Allocations: 1539564)
		```
		* `OptimizedFileSystemResolver` prefers template details in order of locale,
		formats, variants, handlers.

		Eileen M. Uchitelle, Aaron Patterson
		Iago Pimenta

		* Respect the `only_path` option passed to `url_for` when the options are passed in as an array
		* Added `class_names` helper to create a CSS class value with conditional classes.

		Fixes #33237.
		Joel Hawksley, Aaron Patterson

		Joel Ambass
		* Add support for conditional values to TagBuilder.

		* Deprecate calling private model methods from view helpers.
		Joel Hawksley

		For example, in methods like `options_from_collection_for_select`
		and `collection_select` it is possible to call private methods from
		the objects used.
		* `ActionView::Helpers::FormOptionsHelper#select` should mark option for `nil` as selected.

		Fixes #33546.
		```ruby
		@post = Post.new
		@post.category = nil

		Ana María Martínez Gómez
		# Before
		select("post", "category", none: nil, programming: 1, economics: 2)
		# =>
		# <select name="post[category]" id="post_category">
		# <option value="">none</option>
		# <option value="1">programming</option>
		# <option value="2">economics</option>
		# </select>

		* Fix issue with `button_to`'s `to_form_params`
		# After
		select("post", "category", none: nil, programming: 1, economics: 2)
		# =>
		# <select name="post[category]" id="post_category">
		# <option selected="selected" value="">none</option>
		# <option value="1">programming</option>
		# <option value="2">economics</option>
		# </select>
		```

		`button_to` was throwing exception when invoked with `params` hash that
		contains symbol and string keys. The reason for the exception was that
		`to_form_params` was comparing the given symbol and string keys.
		bogdanvlviv

		The issue is fixed by turning all keys to strings inside
		`to_form_params` before comparing them.
		* Log lines for partial renders and started template renders are now
		emitted at the `DEBUG` level instead of `INFO`.

		Georgi Georgiev
		Completed template renders are still logged at the `INFO` level.

		* Mark arrays of translations as trusted safe by using the `_html` suffix.
		DHH

		Example:
		* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.

		en:
		foo_html:
		- "One"
		- "<strong>Two</strong>"
		- "Three 👋 🙂"
		Juanito Fatas

		Juan Broullon
		* Added `phone_to` helper method to create a link from mobile numbers.

		* Add `year_format` option to date_select tag. This option makes it possible to customize year
		names. Lambda should be passed to use this option.
		Pietro Moro

		Example:
		* annotated_source_code returns an empty array so TemplateErrors without a
		template in the backtrace are surfaced properly by DebugExceptions.

		date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
		Guilherme Mansur, Kasper Timm Hansen

		The HTML produced:
		* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.

		<select id="user_birthday__1i" name="user_birthday[(1i)]">
		<option value="1998">Heisei 10</option>
		<option value="1999">Heisei 11</option>
		<option value="2000">Heisei 12</option>
		</select>
		/* The rest is omitted */
		Guilherme Mansur, Gannon McGibbon

		Koki Ryu
		* `RenderingHelper` supports rendering objects that `respond_to?` `:render_in`.

		* Fix JavaScript views rendering does not work with Firefox when using
		Content Security Policy.
		Joel Hawksley, Natasha Umer, Aaron Patterson, Shawn Allen, Emily Plummer, Diana Mounter, John Hawthorn, Nathan Herald, Zaid Zawaideh, Zach Ahn

		Fixes #32577.
		* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.

		Yuji Yaginuma
		Younes SERRAJ

		* Add the `nonce: true` option for `javascript_include_tag` helper to
		support automatic nonce generation for Content Security Policy.
		Works the same way as `javascript_tag nonce: true` does.

		Yaroslav Markin

		* Remove `ActionView::Helpers::RecordTagHelper`.

		Yoshiyuki Hirano

		* Disable `ActionView::Template` finalizers in test environment.

		Template finalization can be expensive in large view test suites.
		Add a configuration option,
		`action_view.finalize_compiled_template_methods`, and turn it off in
		the test environment.

		Simon Coffey

		* Extract the `confirm` call in its own, overridable method in `rails_ujs`.

		Example:

		Rails.confirm = function(message, element) {
		return (my_bootstrap_modal_confirm(message));
		}

		Mathieu Mahé

		* Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
		field.

		Example:

		select :post,
		:category,
		["lifestyle", "programming", "spiritual"],
		{ selected: "", disabled: "", prompt: "Choose one" },
		{ required: true }

		Placeholder option would be selected and disabled.

		The HTML produced:

		<select required="required" name="post[category]" id="post_category">
		<option disabled="disabled" selected="selected" value="">Choose one</option>
		<option value="lifestyle">lifestyle</option>
		<option value="programming">programming</option>
		<option value="spiritual">spiritual</option></select>

		Sergey Prikhodko

		* Don't enforce UTF-8 by default.

		With the disabling of TLS 1.0 by most major websites, continuing to run
		IE8 or lower becomes increasingly difficult so default to not enforcing
		UTF-8 encoding as it's not relevant to other browsers.

		Andrew White

		* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.

		Rui Onodera

		* Rails 6 requires Ruby 2.5.0 or newer.

		Jeremy Daer, Kasper Timm Hansen


		Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.
		Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md) for previous changes.

lib/assets/compiled/rails-ujs.js

		@@ -250,4 +250,4 @@ /*
		xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
		CSRFProtection(xhr);
		}
		CSRFProtection(xhr);
		xhr.withCredentials = !!options.withCredentials;
		@@ -254,0 +254,0 @@ xhr.onreadystatechange = function() {

package.json

		{
		"name": "@rails/ujs",
		"version": "6.0.3",
		"version": "6.1.0-rc1",
		"description": "Ruby on Rails unobtrusive scripting adapter",
		@@ -31,3 +31,3 @@ "main": "lib/assets/compiled/rails-ujs.js",
		},
		"homepage": "http://rubyonrails.org/",
		"homepage": "https://rubyonrails.org/",
		"devDependencies": {
		@@ -34,0 +34,0 @@ "coffeelint": "^2.1.0",

@rails/ujs - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics