Merged requested to merge dependabot/bundler/devise-4.8.1 into master
Bumps devise from 4.4.3 to 4.8.1.
Sourced from devise's changelog.
4.8.1 - 2021-12-16
- Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.
4.8.0 - 2021-04-29
- Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in their release notes. Devise's OmniAuth Overview wiki was also updated to cover OmniAuth 2.0 requirements.
- Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to
method: :post, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use
method: :post, or changed to use buttons (e.g.
button_to) to work with OmniAuth 2. (if you're using links with
method: :post, make sure your app has
jquery-ujsincluded in order for these links to work properly.)
- As part of the OmniAuth 2.0 upgrade you might also need to add the
omniauth-rails_csrf_protectiongem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
Lockable#reset_failed_attempts!model method to reset failed attempts counter to 0 after the user signs in.
- This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with
- Add support for Ruby 3.
- Add support for Rails 6.1.
- Move CI to GitHub Actions.
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATIONis deprecated in favor of
4.7.3 - 2020-09-20
- bug fixes
- Do not modify
:exceptoption given to
#serializable_hash. (by @dpep)
- Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
- Fix hanging tests for streaming controllers using Devise. (by @afn)
4.7.2 - 2020-06-10
- Increase default stretches to 12 (by @sergey-alekseev)
- Ruby 2.7 support (kwarg warnings removed)
- Generate scoped views with proper scoped errors partial (by @shobhitic)
- Allow to set scoped
already_authenticatederror messages (by @gurgelrenan)
4.7.1 - 2019-09-06
- bug fixes
- Fix an edge case where records with a blank
confirmation_tokencould be confirmed (by @tegon)
- Fix typo inside
update_needs_confirmationi18n key (by @lslm)
4.7.0 - 2019-08-19
- Support Rails 6.0
- Update CI to rails 6.0.0.beta3 (by @tunnes)
- refactor method name to be more consistent (by @saiqulhaq)
- Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed)
43800b4Bump to 4.8.1 with Rails 7 support
baf5e00Merge pull request #5435 from dixpac/dix/rails_7
289dd5fAdd support for Rails 7
9f5b837Bundle update to Rails 7.0 rc1
8593801Keep the constantize behavior consistent for versions prior to Rails 7
bb879f7Merge branch 'ca-rails-main'
772b74aUpdate Changelog adding Rails 7 support
51bf327Refactor using helper to swap config
14eb136Eliminate Rails 7 warning about Active Record legacy connection handling
f3e8fd3Move the Gemfile to test with Rails 7.0 alpha2, fix session test issue
- Additional commits viewable in compare view