Bump activesupport from 6.1.4.4 to 7.0.4 in /updater

[dependabot]

Bumps activesupport from 6.1.4.4 to 7.0.4.

Release notes

Sourced from activesupport's releases.

v7.0.4

Active Support

• Redis cache store is now compatible with redis-rb 5.0.

  Jean Boussier

• Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

  ActiveSupport::Deprecation.behavior= was supposed to accept any object that responds to call, but in fact its internal implementation assumed that this object could respond to arity, so it was restricted to only Proc objects.

  This change removes this arity restriction of custom behaviors.

  Ryo Nakamura

Active Model

• Handle name clashes in attribute methods code generation cache.

  When two distinct attribute methods would generate similar names, the first implementation would be incorrectly re-used.

  class A
    attribute_method_suffix "_changed?"
    define_attribute_methods :x
  end
  class B
  attribute_method_suffix "?"
  define_attribute_methods :x_changed
  end

  Jean Boussier

Active Record

• Symbol is allowed by default for YAML columns

  Étienne Barrié

• Fix ActiveRecord::Store to serialize as a regular Hash

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.0.4 (September 09, 2022)

• Redis cache store is now compatible with redis-rb 5.0.

  Jean Boussier

• Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

  ActiveSupport::Deprecation.behavior= was supposed to accept any object that responds to call, but in fact its internal implementation assumed that this object could respond to arity, so it was restricted to only Proc objects.

  This change removes this arity restriction of custom behaviors.

  Ryo Nakamura

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• No changes.

Rails 7.0.2.4 (April 26, 2022)

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

  Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

• No changes.

Rails 7.0.2.2 (February 11, 2022)

• Fix Reloader method signature to work with the new Executor signature

Rails 7.0.2.1 (February 11, 2022)

• No changes.

... (truncated)

Commits

• 8015c2c Version 7.0.4
• ff27758 Revert "Merge pull request #44695 from Edouard-chin/ec-tagger-logger-broadcast"
• 4a1f224 Merge pull request #45882 from rails/short-inspect-on-test-case
• a3bd3b5 Backport Redis 5.0 compatibility
• 67f37ac Fix flaky tests for RedisCacheStore
• c520e38 Document AS::Cache::MemCacheStore#write options [ci-skip]
• a74b650 Document AS::Cache::Store#initialize options [ci-skip]
• f7a82bf Document AS::Cache::Store#read options [ci-skip]
• 414351f Rewrite AS::Cache::Store#fetch options doc as list [ci-skip]
• 2661d22 Consolidate AS::Cache::Store#write documentation [ci-skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jeffwidman]

@dependabot rebase

[jeffwidman]

This is necessary to import delegate... for some reason it was working fine without an explicit import under v6, but under v7 requires an explicit import.

[jeffwidman]

Smoke test failure for go is likely unrelated, but I'll re-run to be sure, as activesupport is a foundational enough change that we want to be sure:

INFO <job_cli> Submitting github.com/fatih/color pull request for creation
2022/10/13 04:35:24 [172] POST http://host.docker.internal:41101/update_jobs/cli/create_pull_request
2022/10/13 04:35:24 http: panic serving 172.17.0.2:54944: yaml: unmarshal errors:
  line 1: cannot unmarshal !!map into string
goroutine 24 [running]:
net/http.(*conn).serve.func1()
	/usr/local/go/src/net/http/server.go:1850 +0xbf
panic({0x888e80, 0xc0000ac738})
	/usr/local/go/src/runtime/panic.go:890 +0x262
github.com/dependabot/cli/internal/server.decode[...]({0xc000018500, 0x2430, 0x2500})
	/github/workspace/internal/server/api.go:244 +0x259
github.com/dependabot/cli/internal/server.decodeWrapper({0xc000034611, 0x13}, {0xc000018500, 0x2430, 0x2500})
	/github/workspace/internal/server/api.go:221 +0xb3
github.com/dependabot/cli/internal/server.(*API).pushResult(0xc00039c000, {0xc000034611, 0x13}, {0xc000018500?, 0x0?, 0xc95460?})
	/github/workspace/internal/server/api.go:166 +0x45
github.com/dependabot/cli/internal/server.(*API).ServeHTTP(0xc00039c000, {0xc0001b6b20?, 0x9060f3?}, 0xc000176800)
	/github/workspace/internal/server/api.go:114 +0x18d
net/http.serverHandler.ServeHTTP({0x9d24b0?}, {0x9d3e78, 0xc00010e0e0}, 0xc000176800)
	/usr/local/go/src/net/http/server.go:2947 +0x30c
net/http.(*conn).serve(0xc0001e2b40, {0x9d44c0, 0xc0002ed410})
	/usr/local/go/src/net/http/server.go:1991 +0x607
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:3102 +0x4db

[jeffwidman]

Re-running the failing go smoke test looks like a reproducible failure. However, I tested this branch in staging, and it ran the go update fine, so I'm wondering if there's a problem with the https://github.com/dependabot/cli ?

I also tried running the test against main to see if something changed external to this particular branch: https://github.com/dependabot/dependabot-core/actions/runs/3239886270

However, clicking into the results shows that they all immediately passed because path filtering skipped the runs... At first I assumed I needed to add an if condition setup to bypass filtering on main/manual trigger, but then I saw

dependabot-core/.github/workflows/smoke.yml

Line 44 in 119fcb0

if: github.event_name != 'workflow_dispatch'

AFAICT, that should bypass the filtering such that the smoke tests should fully execute when manually triggered... But yet they didn't. 🤔

For now I'd like to get this shipped, and then will dig further into this later this week as I assume it will keep cropping up on future PR's.

[jeffwidman]

Interestingly, the go smoke test is succeeding on other PR's that were rebased post-merge of this PR.

I don't know why it repeatedly failed on this PR.

[jeffwidman]

Interestingly, the go smoke test is succeeding on other PR's that were rebased post-merge of this PR.

That was because of path filtering... those other PR's didn't touch the go code so the check bailed out early. Unfortunately, it still reports itself as green so if you don't remember this little detail, you'll get misled by the false positive.

I chatted with Jake and he already took a shot at fixing that to mark itself as skipped but ran into difficulties.

I've been bit by this several times in dev/staging and now here in prod, so I'll take another shot at it and maybe ping the actions team to see if there's a workaround.