Bump devise from 4.7.3 to 4.8.1 #1225

dependabot · 2021-12-16T11:08:56Z

Bumps devise from 4.7.3 to 4.8.1.

Changelog

4.8.1

enhancements

Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.

4.8.0 - 2021-04-29

enhancements

Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.

Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to method: :post, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use method: :post, or changed to use buttons (e.g. button_to) to work with OmniAuth 2. (if you're using links with method: :post, make sure your app has rails-ujs or jquery-ujs included in order for these links to work properly.)

As part of the OmniAuth 2.0 upgrade you might also need to add the omniauth-rails_csrf_protection gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.

Introduce Lockable#reset_failed_attempts! model method to reset failed attempts counter to 0 after the user signs in.

This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with Trackable#update_tracked_fields!.

Add support for Ruby 3.

Add support for Rails 6.1.

Move CI to GitHub Actions.

deprecations

Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated in favor of Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION (@hanachin)

Commits

43800b4 Bump to 4.8.1 with Rails 7 support
baf5e00 Merge pull request #5435 from dixpac/dix/rails_7
289dd5f Add support for Rails 7
9f5b837 Bundle update to Rails 7.0 rc1
8593801 Keep the constantize behavior consistent for versions prior to Rails 7
bb879f7 Merge branch 'ca-rails-main'
772b74a Update Changelog adding Rails 7 support
51bf327 Refactor using helper to swap config
14eb136 Eliminate Rails 7 warning about Active Record legacy connection handling
f3e8fd3 Move the Gemfile to test with Rails 7.0 alpha2, fix session test issue
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [devise](https://github.com/heartcombo/devise) from 4.7.3 to 4.8.1. - [Release notes](https://github.com/heartcombo/devise/releases) - [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md) - [Commits](heartcombo/devise@v4.7.3...v4.8.1) --- updated-dependencies: - dependency-name: devise dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-02-20T12:24:15Z

Superseded by #1291.

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Dec 16, 2021

dependabot bot mentioned this pull request Dec 16, 2021

Bump devise from 4.7.3 to 4.8.0 #1194

Closed

dependabot bot closed this Feb 20, 2023

dependabot bot deleted the dependabot/bundler/devise-4.8.1 branch February 20, 2023 12:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump devise from 4.7.3 to 4.8.1 #1225

Bump devise from 4.7.3 to 4.8.1 #1225

dependabot bot commented on behalf of github Dec 16, 2021

dependabot bot commented on behalf of github Feb 20, 2023

Bump devise from 4.7.3 to 4.8.1 #1225

Bump devise from 4.7.3 to 4.8.1 #1225

Conversation

dependabot bot commented on behalf of github Dec 16, 2021

4.8.1

4.8.0 - 2021-04-29

dependabot bot commented on behalf of github Feb 20, 2023