Skip to content

Update actionview requirement from ~> 7.2.3 to ~> 8.1.2#411

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/actionview-8.1.2.1
Open

Update actionview requirement from ~> 7.2.3 to ~> 8.1.2#411
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/actionview-8.1.2.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

Updates the requirements on actionview to permit the latest version.

Release notes

Sourced from actionview's releases.

8.1.2.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • No changes.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.1.2.1 (March 23, 2026)

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Rails 8.1.2 (January 08, 2026)

  • Fix file_field to join mime types with a comma when provided as Array

    file_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])

    Now behaves likes:

    file_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')

    Bogdan Gusiev

  • Fix strict locals parsing to handle multiline definitions.

    Said Kaldybaev

  • Fix content_security_policy_nonce error in mailers when using content_security_policy_nonce_auto setting.

    The content_security_policy_nonce helper is provided by ActionController::ContentSecurityPolicy, and it relies on request.content_security_policy_nonce. Mailers lack both the module and the request object.

    Jarrett Lusso

Rails 8.1.1 (October 28, 2025)

  • Respect remove_hidden_field_autocomplete config in form builder hidden_field.

    Rafael Mendonça França

Rails 8.1.0 (October 22, 2025)

... (truncated)

Commits
  • 1db4b89 Preparing for 8.1.2.1 release
  • 1c7d1cf Update changelog
  • e91694b Update CHANGELOG (8.1 only)
  • 63f5ad8 Skip blank attribute names in Action View tag helpers
  • d7c8ae6 Preparing for 8.1.2 release
  • 27aa94f Merge pull request #56389 from bogdan/semantic-file-input-accept
  • 7cf18e0 Merge pull request #56316 from shivabhusal/support-closing_parenthesis-in-nex...
  • 160db66 Merge pull request #56270 from Saidbek/fix-multiline-strict-locals-parsing
  • 386004e Add CHANGELOG entry for #56050
  • dc94813 Merge pull request #56050 from jclusso/fix-stylesheet-tag-nonce-mailer
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 23, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 23, 2026 19:52
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 23, 2026
@dependabot dependabot bot mentioned this pull request Mar 23, 2026
Closed
hharen
hharen previously approved these changes Mar 23, 2026
View reviewed changes
@dependabot
Update actionview requirement from ~> 7.2.3 to ~> 8.1.2
cb86425 
Updates the requirements on [actionview](https://github.com/rails/rails) to permit the latest version.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.2.1/actionview/CHANGELOG.md)
- [Commits](rails/rails@v7.2.3...v8.1.2.1)

---
updated-dependencies:
- dependency-name: actionview
  dependency-version: 8.1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/bundler/actionview-8.1.2.1 branch from 0ae4f73 to cb86425 Compare March 23, 2026 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hharen hharen hharen left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hharen