Skip to content

Bump devise from 4.7.1 to 4.8.0

NipaNipa requested to merge dependabot/bundler/devise-4.8.0 into master

Bumps devise from 4.7.1 to 4.8.0.

Changelog

Sourced from devise's changelog.

4.8.0 - 2021-04-29

  • enhancements

    • Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.
      • Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to method: :post, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use method: :post, or changed to use buttons (e.g. button_to) to work with OmniAuth 2. (if you're using links with method: :post, make sure your app has rails-ujs or jquery-ujs included in order for these links to work properly.)
      • As part of the OmniAuth 2.0 upgrade you might also need to add the omniauth-rails_csrf_protection gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
    • Introduce Lockable#reset_failed_attempts! model method to reset failed attempts counter to 0 after the user signs in.
      • This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with Trackable#update_tracked_fields!.
    • Add support for Ruby 3.
    • Add support for Rails 6.1.
    • Move CI to GitHub Actions.

  • deprecations

    • Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated in favor of Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION (@​hanachin)

4.7.3 - 2020-09-20

  • bug fixes
    • Do not modify :except option given to #serializable_hash. (by @​dpep)
    • Fix thor deprecation when running the devise generator. (by @​deivid-rodriguez)
    • Fix hanging tests for streaming controllers using Devise. (by @​afn)

4.7.2 - 2020-06-10

  • enhancements

    • Increase default stretches to 12 (by @​sergey-alekseev)
    • Ruby 2.7 support (kwarg warnings removed)

  • bug fixes

    • Generate scoped views with proper scoped errors partial (by @​shobhitic)
    • Allow to set scoped already_authenticated error messages (by @​gurgelrenan)
Commits
  • 57d1a1d Release v4.8.0
  • 5d5636f Merge pull request #5369 from heartcombo/ca-lockable-reset-attempts
  • a3ae35e Create a model hook around the lockable warden hook to reset attempts
  • e8e0c27 Revert "Lock bundler to 2.2.9 instead of latest"
  • 429afcb Bundle update
  • ef9a2f4 Use minitest helpers to check if objects respond to certain methods
  • 0cd72a5 Merge pull request #5347 from heartcombo/ca-build
  • 1ba53dc Lock bundler to 2.2.9 instead of latest
  • faef12c Use the 6-0-stable version of Rails to fix issue with JSON responses
  • c82a381 Bundle update
  • Additional commits viewable in compare view

Merge request reports