www/ruby-rails60: update to 6.0.4

Ruby on Rails 6.0.4 (2021-06-15), including security fixes.

Active Support

* Fixed issue in ActiveSupport::Cache::RedisCacheStore not passing
  options to read_multi causing fetch_multi to not work properly.
  (Rajesh Sharma)

* with_options copies its options hash again to avoid leaking mutations.
  Fixes #39343.  (Eugene Kenny)

Active Record

* Only warn about negative enums if a positive form that would cause
  conflicts exists.  Fixes #39065.  (Alex Ghiculescu)

* Allow the inverse of a has_one association that was previously
  autosaved to be loaded.  Fixes #34255.  (Steven Weber)

* Reset statement cache for association if table_name is changed.
  Fixes #36453.  (Ryuta Kamizono)

* Type cast extra select for eager loading.  (Ryuta Kamizono)

* Prevent collection associations from being autosaved multiple times.
  Fixes #39173.  (Eugene Kenny)

* Resolve issue with insert_all unique_by option when used with
  expression index.

  When the :unique_by option of ActiveRecord::Persistence.insert_all
  and ActiveRecord::Persistence.upsert_all was used with the name of
  an expression index, an error was raised.  Adding a guard around the
  formatting behavior for the :unique_by corrects this.

  Usage:

	create_table :books, id: :integer, force: true do |t|
	  t.column :name, :string
	  t.index "lower(name)", unique: true
	end

  	Book.insert_all [{ name: "MyTest" }], unique_by: :index_books_on_lower_name

  Fixes #39516.  (Austen Madden)

* Fix preloading for polymorphic association with custom scope.
  (Ryuta Kamizono)

* Allow relations with different SQL comments in the or method.
  (Takumi Shotoku)

* Resolve conflict between counter cache and optimistic locking.

  Bump an Active Record instance's lock version after updating its
  counter cache.  This avoids raising an unnecessary
  ActiveRecord::StaleObjectError upon subsequent transactions by
  maintaining parity with the corresponding database record's
  lock_version column.  Fixes #16449.  (Aaron Lipman)

* Fix through association with source/through scope which has joins.
  (Ryuta Kamizono)

* Fix through association to respect source scope for includes/preload.
  (Ryuta Kamizono)

* Fix eager load with Arel joins to maintain the original joins order.
  (Ryuta Kamizono)

* Fix group by count with eager loading + order + limit/offset.
  (Ryuta Kamizono)

* Fix left joins order when merging multiple left joins from different
  associations.  (Ryuta Kamizono)

* Fix index creation to preserve index comment in bulk change table on
  MySQL.  (Ryuta Kamizono)

* Change remove_foreign_key to not check :validate option if database
  doesn't support the feature.  (Ryuta Kamizono)

* Fix the result of aggregations to maintain duplicated "group by"
  fields.  (Ryuta Kamizono)

* Do not return duplicated records when using preload.  (Bogdan Gusiev)

Action View

* SanitizeHelper.sanitized_allowed_attributes and
  SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's
  class method.  Fixes #39586.  (Taufiq Muhammadi)

Action Pack

* Accept base64_urlsafe CSRF tokens to make forward compatible.

* Base64 strict-encoded CSRF tokens are not inherently websafe, which
  makes them difficult to deal with.  For example, the common practice
  of sending the CSRF token to a browser in a client-readable cookie
  does not work properly out of the box: the value has to be
  url-encoded and decoded to survive transport.

  In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which
  are inherently safe to transport.  Validation accepts both urlsafe
  tokens, and strict-encoded tokens for backwards compatibility.

  In Rails 5.2.5, the CSRF token format is accidentally changed to
  urlsafe-encoded.  If you upgrade apps from 5.2.5, set the config
  urlsafe_csrf_tokens = true.

	Rails.application.config.action_controller.urlsafe_csrf_tokens = true

  (Scott Blum, Étienne Barrié)

* Signed and encrypted cookies can now store false as their value when
  action_dispatch.use_cookies_with_metadata is enabled.  (Rolandas
  Barysas)

Active Storage

* The Poppler PDF previewer renders a preview image using the original
  document's crop box rather than its media box, hiding print
  margins. This matches the behavior of the MuPDF previewer.  (Vincent
  Robert)

Railties

* Allow relative paths with trailing slashes to be passed to rails
  test.  (Eugene Kenny)

* Return a 405 Method Not Allowed response when a request uses an
  unknown HTTP method.  Fixes #38998.  (Loren Norman)

1 files changed, 5 insertions, 5 deletions

diff --git a/www/ruby-actionview60/distinfo b/www/ruby-actionview60/distinfo
index 4462abcb0d5..3b9faf4dac7 100644
--- a/www/ruby-actionview60/distinfo
+++ b/www/ruby-actionview60/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2021/05/08 14:02:33 taca Exp $
+$NetBSD: distinfo,v 1.10 2021/07/04 06:58:37 taca Exp $
 
-SHA1 (actionview-6.0.3.7.gem) = 1ba54e1bb8a9a82f2b653c137dad1e4f2ccfc35a
-RMD160 (actionview-6.0.3.7.gem) = db65a9c3585d5b2946c47cf47080d5a3bb8b9e55
-SHA512 (actionview-6.0.3.7.gem) = 8c95b885126ab404a13aef5c2bb3f63d34152d5b10191cb540633e649074c0fae53f0ee9c992d7f8349b81d515ddaaaba8ffc558bb1f6604af8ec0edbdfc8492
-Size (actionview-6.0.3.7.gem) = 169984 bytes
+SHA1 (actionview-6.0.4.gem) = b397ad71cccf34a03b13fe98da6ec5084a5975ad
+RMD160 (actionview-6.0.4.gem) = b9eb76a4b2a67458a151d17bf8f2bc2ddfb6fd6c
+SHA512 (actionview-6.0.4.gem) = 0949761f8adf0b3b5a4653aea2f1b9c13e08ce4ed411ad7121a2dd67e13409383680cf4f61be790afaf7ad2c491a17acd88171a98a9d866594a0ea4547257385
+Size (actionview-6.0.4.gem) = 169984 bytes