Skip to content

Bump actionview from 8.1.1 to 8.1.2.1#105

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/actionview-8.1.2.1
Closed

Bump actionview from 8.1.1 to 8.1.2.1#105
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/actionview-8.1.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps actionview from 8.1.1 to 8.1.2.1.

Release notes

Sourced from actionview's releases.

8.1.2.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.1.2.1 (March 23, 2026)

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Rails 8.1.2 (January 08, 2026)

  • Fix file_field to join mime types with a comma when provided as Array

    file_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])

    Now behaves likes:

    file_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')

    Bogdan Gusiev

  • Fix strict locals parsing to handle multiline definitions.

    Said Kaldybaev

  • Fix content_security_policy_nonce error in mailers when using content_security_policy_nonce_auto setting.

    The content_security_policy_nonce helper is provided by ActionController::ContentSecurityPolicy, and it relies on request.content_security_policy_nonce. Mailers lack both the module and the request object.

    Jarrett Lusso

Commits
  • 1db4b89 Preparing for 8.1.2.1 release
  • 1c7d1cf Update changelog
  • e91694b Update CHANGELOG (8.1 only)
  • 63f5ad8 Skip blank attribute names in Action View tag helpers
  • d7c8ae6 Preparing for 8.1.2 release
  • 27aa94f Merge pull request #56389 from bogdan/semantic-file-input-accept
  • 7cf18e0 Merge pull request #56316 from shivabhusal/support-closing_parenthesis-in-nex...
  • 160db66 Merge pull request #56270 from Saidbek/fix-multiline-strict-locals-parsing
  • 386004e Add CHANGELOG entry for #56050
  • dc94813 Merge pull request #56050 from jclusso/fix-stylesheet-tag-nonce-mailer
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 6, 2026
@dependabot
Bump actionview from 8.1.1 to 8.1.2.1
33a05bf 
Bumps [actionview](https://github.com/rails/rails) from 8.1.1 to 8.1.2.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.3/actionview/CHANGELOG.md)
- [Commits](rails/rails@v8.1.1...v8.1.2.1)

---
updated-dependencies:
- dependency-name: actionview
  dependency-version: 8.1.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/actionview-8.1.2.1 branch from f638203 to 33a05bf Compare April 8, 2026 10:44
@dependabot @github

dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown
Contributor Author

Looks like actionview is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 8, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/actionview-8.1.2.1 branch April 8, 2026 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants