chore(deps): update dependency devise from v4.8.1 to '~> 4.9.0'

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
devise (changelog)	'~> 4.8.1' -> '~> 4.9.0'

---

Release Notes

heartcombo/devise (devise)

v4.9.3

Compare Source

• enhancements
  • Add support for Rails 7.1.
  • Add Devise.deprecator to integrate with new application deprecators in Rails 7.1. (@​soartec-lab, @​etiennebarrie)

v4.9.2

Compare Source

• deprecations
  • Bring back Devise.activerecord51? and deprecate it, in order to avoid breakage with some libraries that apparently relied on it.

v4.9.1

Compare Source

• enhancements

  • Allow resource class scopes to override the global configuration for sign_in_after_reset_password behaviour. #​5429 @​mattr
  • Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. #​5575
  • Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. #​5576

• bug fixes

  • Failure app will respond with configured redirect_status instead of error_status if the recall app returns a redirect status (300..399) #​5573
  • Fix frozen string exception in validatable. #​5563 #​5465 @​mameier

v4.9.0

Compare Source

• enhancements
  • Add support for Ruby 3.1/3.2.
  • Add support for Hotwire + Turbo, default in Rails 7+.

    • Devise uses the latest responders version (v3.1.0 or higher), which allows configuring the status used for validation error responses (error_status) and for redirects after POST/PUT/PATCH/DELETE requests (redirect_status). For backwards compatibility, Devise keeps error_status as :ok which returns a 200 OK response, and redirect_status to :found which returns a 302 Found response, but you can configure it to return 422 Unprocessable Entity and 303 See Other respectively, to match the behavior expected by Hotwire/Turbo:

config/initializers/devise.rb

  Devise.setup do |config|

...

    config.responder.error_status = :unprocessable_entity
    config.responder.redirect_status = :see_other

...

  end
  ```

  These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board.
* If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that.
* If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary.
* `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it.
* OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled.
* The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default.
* Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo.
* Check [this upgrade guide](https://togithub.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information