build(deps): bump actionpack, actionview, activemodel and railties

[dependabot]

Bumps actionpack, actionview, activemodel and railties. These dependencies needed to be updated together.
Updates actionpack from 7.2.2.1 to 8.0.2

Release notes

Sourced from actionpack's releases.

8.0.2

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.2 (March 12, 2025)

• Improve with_routing test helper to not rebuild the middleware stack.

  Otherwise some middleware configuration could be lost.

  Édouard Chin

• Add resource name to the ArgumentError that's raised when invalid :only or :except options are given to #resource or #resources

  This makes it easier to locate the source of the problem, especially for routes drawn by gems.

  Before:

  :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
  

  After:

  Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
  

  Jeremy Green

• Fix url_for to handle :path_params gracefully when it's not a Hash.

  Prevents various security scanners from causing exceptions.

  Martin Emde

• Fix ActionDispatch::Executor to unwrap exceptions like other error reporting middlewares.

  Jean Boussier

Rails 8.0.1 (December 13, 2024)

• Add ActionDispatch::Request::Session#store method to conform Rack spec.

  Yaroslav

Rails 8.0.0.1 (December 10, 2024)

• Add validation to content security policies to disallow spaces and semicolons.

... (truncated)

Commits

• 3235827 Preparing for 8.0.2 release
• 97752ef Merge pull request #54705 from Edouard-chin/ec-with-routing
• 6644442 Merge pull request #54617 from byroot/move-strict-warnings
• f842b84 Merge pull request #54613 from ioquatix/rack-lint-compatibility
• ba1b691 Remove RDoc syntax in code example comments [ci-skip]
• 9b70ddc Merge pull request #54289 from seanpdoyle/csrf-doc-formatting
• 24dc650 Link javascript_include_tag and stylesheet_link_tag [ci-skip]
• 740acb6 Merge pull request #54455 from Shopify/report_all_errors
• f11286a Merge pull request #54434 from ryenski/ryenski/fix-nomethod-error-in-non-stri...
• bbd4959 Merge pull request #54308 from tiramizoo/assert_dom_preference
• Additional commits viewable in compare view

Updates actionview from 7.2.2.1 to 8.0.2

Release notes

Sourced from actionview's releases.

8.0.2

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.2 (March 12, 2025)

• Respect html_options[:form] when collection_checkboxes generates the hidden <input>.

  Riccardo Odone

• Layouts have access to local variables passed to render.

  This fixes #31680 which was a regression in Rails 5.1.

  Mike Dalessio

• Argument errors related to strict locals in templates now raise an ActionView::StrictLocalsError, and all other argument errors are reraised as-is.

  Previously, any ArgumentError raised during template rendering was swallowed during strict local error handling, so that an ArgumentError unrelated to strict locals (e.g., a helper method invoked with incorrect arguments) would be replaced by a similar ArgumentError with an unrelated backtrace, making it difficult to debug templates.

  Now, any ArgumentError unrelated to strict locals is reraised, preserving the original backtrace for developers.

  Also note that ActionView::StrictLocalsError is a subclass of ArgumentError, so any existing code that rescues ArgumentError will continue to work.

  Fixes #52227.

  Mike Dalessio

• Fix stack overflow error in dependency tracker when dealing with circular dependencies

  Jean Boussier

Rails 8.0.1 (December 13, 2024)

• Fix a crash in ERB template error highlighting when the error occurs on a line in the compiled template that is past the end of the source template.

  Martin Emde

• Improve reliability of ERB template error highlighting. Fix infinite loops and crashes in highlighting and improve tolerance for alternate ERB handlers.

... (truncated)

Commits

• 3235827 Preparing for 8.0.2 release
• 6644442 Merge pull request #54617 from byroot/move-strict-warnings
• f1857b6 Merge pull request #54567 from flavorjones/flavorjones-document-sanitizer
• d89a641 Autolink FormBuilder#text_field [ci-skip]
• 3957dcf Autolink FormBuilder#fields_for [ci-skip]
• 1f3ba9b Avoid autolinking FormBuilder#fields_for to itself [ci-skip]
• 74cf3ff Autolink FormBuilder#form_with [ci-skip]
• 1239ba5 Autolink UncacheableFragmentError [ci-skip]
• ba1b691 Remove RDoc syntax in code example comments [ci-skip]
• 379d2fe Autolink FormTagHelper#checkbox_tag [ci-skip]
• Additional commits viewable in compare view

Updates activemodel from 7.2.2.1 to 8.0.2

Release notes

Sourced from activemodel's releases.

8.0.2

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.1 (December 13, 2024)

• No changes.

Rails 8.0.0.1 (December 10, 2024)

• No changes.

Rails 8.0.0 (November 07, 2024)

• No changes.

Rails 8.0.0.rc2 (October 30, 2024)

• No changes.

Rails 8.0.0.rc1 (October 19, 2024)

• Add :except_on option for validations. Grants the ability to skip validations in specified contexts.

  class User < ApplicationRecord
      #...
      validates :birthday, presence: { except_on: :admin }
      #...
  end
  user = User.new(attributes except birthday)
  user.save(context: :admin)

  Drew Bragg

Rails 8.0.0.beta1 (September 26, 2024)

• Make ActiveModel::Serialization#read_attribute_for_serialization public

... (truncated)

Commits

• 3235827 Preparing for 8.0.2 release
• 6644442 Merge pull request #54617 from byroot/move-strict-warnings
• a5fcbed Fix formatting of code example [ci-skip]
• 7dce33a Merge pull request #54266 from zzak/re-54250
• 217da83 Merge pull request #53639 from etiennebarrie/hide-AcceptanceValidator
• 08dd351 Merge pull request #54053 from Earlopain/block-warnings (#54073)
• cf6ff17 Preparing for 8.0.1 release
• 3d17d95 Merge tag 'v8.0.0.1' into 8-0-stable
• a993c27 Preparing for 8.0.0.1 release
• 9cea447 Merge pull request #53791 from fatkodima/fix-rubocop-offences
• Additional commits viewable in compare view

Updates railties from 7.2.2.1 to 8.0.2

Release notes

Sourced from railties's releases.

8.0.2

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

... (truncated)

Changelog

Sourced from railties's changelog.

Rails 8.0.2 (March 12, 2025)

• No changes.

Rails 8.0.2 (March 12, 2025)

• Fix Rails console to load routes.

  Otherwise *_path and *url methods are missing on the app object.

  Édouard Chin

• Update rails new --minimal option

  Extend the --minimal flag to exclude recently added features: skip_brakeman, skip_ci, skip_docker, skip_kamal, skip_rubocop, skip_solid and skip_thruster.

  eelcoj

• Use secret_key_base from ENV or credentials when present locally.

  When ENV["SECRET_KEY_BASE"] or Rails.application.credentials.secret_key_base is set for test or development, it is used for the Rails.config.secret_key_base, instead of generating a tmp/local_secret.txt file.

  Petrik de Heus

Rails 8.0.1 (December 13, 2024)

• Skip generation system tests related code for CI when --skip-system-test is given.

  fatkodima

• Don't add bin/thrust if thruster is not in Gemfile.

  Étienne Barrié

• Don't install a package for system test when applications don't use it.

  y-yagi

Rails 8.0.0.1 (December 10, 2024)

• No changes.

... (truncated)

Commits

• 3235827 Preparing for 8.0.2 release
• ca72d86 Merge pull request #54633 from pvande/patch-1
• 6644442 Merge pull request #54617 from byroot/move-strict-warnings
• 096bfcc Merge pull request #54552 from fatkodima/fix-skip-kamal-database_yml-generation
• df51214 Merge pull request #54489 from Edouard-chin/ec-readable-error
• 78dd86f Merge pull request #54488 from byroot/fix-test-runner-squish
• f97b866 Use monospace formatting [ci-skip]
• 68dab21 Clarify indentation and with_indentation docs [ci-skip]
• dc63db0 Merge pull request #54380 from Edouard-chin/ec-load-routes-console
• 9248546 Merge pull request #54313 from eelcoj/update-minimal-flag
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[philippthun]

First merge #4141 (Rails 8.0.1) and then rebase this PR...