Log message:
www/ruby-rails61: update to 6.1.6.1

Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.

databases/ruby-activerecord61

* Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as
  follows:

	o config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old
  "unsafe" YAML loading strategy, maintaining the existing behavior but
  leaving the possible escalation vulnerability in place.  Setting this
  option to true is *not* recommended, but can aid in upgrading.

	o config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be
  deserialized by default.  This option allows you to specify classes deemed
  "safe" in your application.  For example, if your application uses Symbol
  and Time in serialized data, you can add Symbol and Time to the allowed
  list as follows:

	config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]

  [CVE-2022-32224]

Log message:
www/ruby-rails61: update to 6.1.6

Ruby on Rails 6.1.6 (2022-05-12)

Active Support

* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters in
  names of tags and names of attributes, following the specification of XML.

Action View

* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Escape dangerous characters in names of tags and names of attributes in
  the tag helpers, following the XML specification. Rename the option
  :escape_attributes to :escape, to simplify by applying the option to the
  whole tag.

Action Pack

* Allow Content Security Policy DSL to generate for API responses.

Log message:
databases/ruby-activerecord61: update to 6.1.5.1

## Rails 6.1.5.1 (April 26, 2022) ##

*   No changes.

## Rails 6.1.5 (March 09, 2022) ##

*   Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for \ 
Ruby 2.6.

    Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` \ 
method.
    In Ruby 2.6, the receiver of the `String#@-` method is modified under \ 
certain circumstances.
    This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) \ 
and only
    fixed in Ruby 2.7.

    Before the changes in this commit, the
    `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, \ 
which internally
    calls the `String#@-` method, could also modify an input string argument in \ 
Ruby 2.6 --
    changing a tainted, unfrozen string into a tainted, frozen string.

    Fixes #43056

    *Eric O'Hanlon*

*   Fix migration compatibility to create SQLite references/belongs_to column as \ 
integer when
    migration version is 6.0.

    `reference`/`belongs_to` in migrations with version 6.0 were creating columns as
    bigint instead of integer for the SQLite Adapter.

    *Marcelo Lauxen*

*   Fix dbconsole for 3-tier config.

    *Eileen M. Uchitelle*

*   Better handle SQL queries with invalid encoding.

    ```ruby
    Post.create(name: "broken \xC8 UTF-8")
    ```

    Would cause all adapters to fail in a non controlled way in the code
    responsible to detect write queries.

    The query is now properly passed to the database connection, which might or might
    not be able to handle it, but will either succeed or failed in a more \ 
correct way.

    *Jean Boussier*

*   Ignore persisted in-memory records when merging target lists.

    *Kevin Sjöberg*

*   Fix regression bug that caused ignoring additional conditions for preloading
    `has_many` through relations.

    Fixes #43132

    *Alexander Pauly*

*   Fix `ActiveRecord::InternalMetadata` to not be broken by
    `config.active_record.record_timestamps = false`

    Since the model always create the timestamp columns, it has to set them, \ 
otherwise it breaks
    various DB management tasks.

    Fixes #42983

    *Jean Boussier*

*   Fix duplicate active record objects on `inverse_of`.

    *Justin Carvalho*

*   Fix duplicate objects stored in has many association after save.

    Fixes #42549.

    *Alex Ghiculescu*

*   Fix performance regression in `CollectionAssocation#build`.

    *Alex Ghiculescu*

*   Fix retrieving default value for text column for MariaDB.

    *fatkodima*

Log message:
ruby*: fix rails version in COMMENT

Log message:
www/ruby-rails61: update to 6.1.4.7

Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.

Changes are in devel/ruby-activestorage61 only.

## Rails 6.1.4.7 (March 08, 2022) ##

* Added image transformation validation via configurable allow-list.

 Variant now offers a configurable allow-list for
 transformation methods in addition to a configurable deny-list for arguments.

 [CVE-2022-21831]

Log message:
www/ruby-rails61: update to 6.1.4.6

This update contains security fix for CVE-2022-23633 in ruby-actionpack61.

Active Support 6.1.4.6 (2022-02-11)

* Fix Reloader method signature to work with the new Executor signature.

Action Pack 6.1.4.5 (2022-02-11)

* Under certain circumstances, the middleware isn't informed that the
  response body has been fully closed which result in request state
  not being fully reset before the next request.

  [CVE-2022-23633]

Other packages have no change.

Log message:
databases/ruby-activerecord61: update to 6.1.4.4

No change except version.

Log message:
databases: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (some may be only fetched
conditionally):

./databases/cstore/distinfo D6.data.ros.gz
./databases/cstore/distinfo cstore0.2.tar.gz
./databases/cstore/distinfo data4.tar.gz

Log message:
databases: Remove SHA1 distfile hashes

Log message:
databases/ruby-activerecord61: update to 6.1.4

Active Record

* Do not try to rollback transactions that failed due to a
  ActiveRecord::TransactionRollbackError.  (Jamie McCarthy)

* Raise an error if pool_config is nil in set_pool_config.  (Eileen
  M. Uchitelle)

* Fix compatibility with psych >= 4.

  Starting in Psych 4.0.0 YAML.load behaves like YAML.safe_load.  To
  preserve compatibility Active Record's schema cache loader and
  YAMLColumn now uses YAML.unsafe_load if available.  (Jean Boussier)

* Support using replicas when using rails dbconsole.  (Christopher
  Thornton)

* Restore connection pools after transactional tests.  (Eugene Kenny)

* Change upsert_all to fails cleanly for MySQL when :unique_by is
  used.  (Bastian Bartmann)

* Fix user-defined self.default_scope to respect table alias.  (Ryuta
  Kamizono)

* Clear @cache_keys cache after update_all, delete_all, destroy_all.
  (Ryuta Kamizono)

* Changed Arel predications contains and overlaps to use quoted_node
  so that PostgreSQL arrays are quoted properly.  (Bradley Priest)

* Fix merge when the where clauses have string contents.  (Ryuta
  Kamizono)

* Fix rollback of parent destruction with nested dependent: :destroy.
  (Jacopo Beschi)

* Fix binds logging for "WHERE ... IN ..." statements.  (Ricardo Díaz)

* Handle false in relation strict loading checks.

  Previously when a model had strict loading set to true and then had
  a relation set strict_loading to false the false wasn't considered
  when deciding whether to raise/warn about strict loading.

	class Dog < ActiveRecord::Base
	  self.strict_loading_by_default = true

	  has_many :treats, strict_loading: false
	end

  In the example, dog.treats would still raise even though
  strict_loading was set to false.  This is a bug effecting more than
  Active Storage which is why I made this PR superceeding #41461.  We
  need to fix this for all applications since the behavior is a little
  surprising.  I took the test from ##41461 and the code suggestion
  from #41453 with some additions.  (Eileen M. Uchitelle, Radamés Roriz)

* Fix numericality validator without precision.  (Ryuta Kamizono)

* Fix aggregate attribute on Enum types.  (Ryuta Kamizono)

* Fix CREATE INDEX statement generation for PostgreSQL.  (eltongo)

* Fix where clause on enum attribute when providing array of strings.
  (Ryuta Kamizono)

* Fix unprepared_statement to work it when nesting.  (Ryuta Kamizono)