diff --git a/Gemfile.lock b/Gemfile.lock index f02a541e314..69516dca6d0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -49,53 +49,57 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actioncable (7.0.8) - actionpack (= 7.0.8) - activesupport (= 7.0.8) + actioncable (7.1.3.2) + actionpack (= 7.1.3.2) + activesupport (= 7.1.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.8) - actionpack (= 7.0.8) - activejob (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) + zeitwerk (~> 2.6) + actionmailbox (7.1.3.2) + actionpack (= 7.1.3.2) + activejob (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.8) - actionpack (= 7.0.8) - actionview (= 7.0.8) - activejob (= 7.0.8) - activesupport (= 7.0.8) + actionmailer (7.1.3.2) + actionpack (= 7.1.3.2) + actionview (= 7.1.3.2) + activejob (= 7.1.3.2) + activesupport (= 7.1.3.2) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.8) - actionview (= 7.0.8) - activesupport (= 7.0.8) - rack (~> 2.0, >= 2.2.4) + rails-dom-testing (~> 2.2) + actionpack (7.1.3.2) + actionview (= 7.1.3.2) + activesupport (= 7.1.3.2) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) actionpack-action_caching (1.2.2) actionpack (>= 4.0.0) - actiontext (7.0.8) - actionpack (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) + actiontext (7.1.3.2) + actionpack (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.8) - activesupport (= 7.0.8) + actionview (7.1.3.2) + activesupport (= 7.1.3.2) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) active_model_serializers (0.8.4) activemodel (>= 3.0) active_storage_validations (1.1.4) @@ -103,8 +107,8 @@ GEM activemodel (>= 5.2.0) activestorage (>= 5.2.0) activesupport (>= 5.2.0) - activejob (7.0.8) - activesupport (= 7.0.8) + activejob (7.1.3.2) + activesupport (= 7.1.3.2) globalid (>= 0.3.6) activemerchant (1.133.0) activesupport (>= 4.2) @@ -112,12 +116,13 @@ GEM i18n (>= 0.6.9) nokogiri (~> 1.4) rexml (~> 3.2.5) - activemodel (7.0.8) - activesupport (= 7.0.8) - activerecord (7.0.8) - activemodel (= 7.0.8) - activesupport (= 7.0.8) - activerecord-import (1.6.0) + activemodel (7.1.3.2) + activesupport (= 7.1.3.2) + activerecord (7.1.3.2) + activemodel (= 7.1.3.2) + activesupport (= 7.1.3.2) + timeout (>= 0.4.0) + activerecord-import (1.5.1) activerecord (>= 4.2) activerecord-postgresql-adapter (0.0.1) pg @@ -128,17 +133,21 @@ GEM multi_json (~> 1.11, >= 1.11.2) rack (>= 2.0.8, < 4) railties (>= 6.1) - activestorage (7.0.8) - actionpack (= 7.0.8) - activejob (= 7.0.8) - activerecord (= 7.0.8) - activesupport (= 7.0.8) + activestorage (7.1.3.2) + actionpack (= 7.1.3.2) + activejob (= 7.1.3.2) + activerecord (= 7.1.3.2) + activesupport (= 7.1.3.2) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.8) + activesupport (7.1.3.2) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) minitest (>= 5.1) + mutex_m tzinfo (~> 2.0) acts-as-taggable-on (10.0.0) activerecord (>= 6.1, < 7.2) @@ -271,6 +280,8 @@ GEM digest (3.1.1) docile (1.4.0) dotenv (3.1.2) + drb (2.2.0) + ruby2_keywords email_validator (2.2.4) activemodel erubi (1.12.0) @@ -437,6 +448,7 @@ GEM msgpack (1.7.2) multi_json (1.15.0) multi_xml (0.6.0) + mutex_m (0.2.0) net-http (0.4.1) uri net-imap (0.4.10) @@ -543,21 +555,24 @@ GEM rack (< 3) rack-test (2.1.0) rack (>= 1.3) - rack-timeout (0.7.0) - rails (7.0.8) - actioncable (= 7.0.8) - actionmailbox (= 7.0.8) - actionmailer (= 7.0.8) - actionpack (= 7.0.8) - actiontext (= 7.0.8) - actionview (= 7.0.8) - activejob (= 7.0.8) - activemodel (= 7.0.8) - activerecord (= 7.0.8) - activestorage (= 7.0.8) - activesupport (= 7.0.8) + rack-timeout (0.6.3) + rackup (1.0.0) + rack (< 3) + webrick + rails (7.1.3.2) + actioncable (= 7.1.3.2) + actionmailbox (= 7.1.3.2) + actionmailer (= 7.1.3.2) + actionpack (= 7.1.3.2) + actiontext (= 7.1.3.2) + actionview (= 7.1.3.2) + activejob (= 7.1.3.2) + activemodel (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) bundler (>= 1.15.0) - railties (= 7.0.8) + railties (= 7.1.3.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -578,13 +593,14 @@ GEM i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) rails_safe_tasks (1.0.0) - railties (7.0.8) - actionpack (= 7.0.8) - activesupport (= 7.0.8) - method_source + railties (7.1.3.2) + actionpack (= 7.1.3.2) + activesupport (= 7.1.3.2) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.2.1) ransack (4.1.1) @@ -702,6 +718,7 @@ GEM ruby-rc4 (0.1.5) ruby-vips (2.1.4) ffi (~> 1.12) + ruby2_keywords (0.0.5) rubyzip (2.3.2) rufus-scheduler (3.8.2) fugit (~> 1.1, >= 1.1.6) diff --git a/app/controllers/payment_gateways/paypal_controller.rb b/app/controllers/payment_gateways/paypal_controller.rb index b3ba7b9957d..c87599a8f95 100644 --- a/app/controllers/payment_gateways/paypal_controller.rb +++ b/app/controllers/payment_gateways/paypal_controller.rb @@ -24,7 +24,7 @@ def express # At this point Paypal has *provisionally* accepted that the payment can now be placed, # and the user will be redirected to a Paypal payment page. On completion, the user is # sent back and the response is handled in the #confirm action in this controller. - redirect_to provider.express_checkout_url(pp_response, useraction: 'commit') + redirect_to provider.express_checkout_url(pp_response, useraction: 'commit'), allow_other_host: true else flash[:error] = Spree.t( diff --git a/app/controllers/spree/admin/payments_controller.rb b/app/controllers/spree/admin/payments_controller.rb index 0afaa5227c1..5b321a9ac2e 100644 --- a/app/controllers/spree/admin/payments_controller.rb +++ b/app/controllers/spree/admin/payments_controller.rb @@ -63,7 +63,7 @@ def fire Bugsnag.notify(e) flash[:error] = e.message ensure - redirect_to request.referer + redirect_to request.referer, allow_other_host: true end def paypal_refund diff --git a/config/application.rb b/config/application.rb index 09d8fb5abea..11d76be65d2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -224,7 +224,7 @@ module ::Reporting; end # Apply framework defaults. New recommended defaults are successively added with each Rails version and # include the defaults from previous versions. For more info see: # https://guides.rubyonrails.org/configuring.html#results-of-config-load-defaults - config.load_defaults 6.1 + config.load_defaults 7.1 config.action_view.form_with_generates_remote_forms = false config.active_record.cache_versioning = false config.active_record.has_many_inversing = false diff --git a/spec/models/spree/image_spec.rb b/spec/models/spree/image_spec.rb index 115c20b526e..10fd719f1dc 100644 --- a/spec/models/spree/image_spec.rb +++ b/spec/models/spree/image_spec.rb @@ -85,7 +85,7 @@ module Spree expect(attachment.attached?).to eq true url = Rails.application.routes.url_helpers.url_for(attachment) - expect(url).to match %r|^http://test\.host/rails/active_storage/blobs/redirect/[[:alnum:]-]+/logo-black\.png$| + expect(url).to match %r|^http://test\.host/rails/active_storage/blobs/redirect/[[:alnum:]=-]+/logo-black\.png$| end end @@ -103,7 +103,7 @@ module Spree expect(subject.attachment).to be_attached expect(Rails.application.routes.url_helpers.url_for(subject.attachment)). - to match %r"^http://test\.host/rails/active_storage/blobs/redirect/[[:alnum:]-]+/logo-black\.png" + to match %r"^http://test\.host/rails/active_storage/blobs/redirect/[[:alnum:]=-]+/logo-black\.png" end end end