build(deps): bump moment and @decidim/core

[dependabot]

Bumps moment to 2.29.4 and updates ancestor dependency @decidim/core. These dependencies need to be updated together.

Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates @decidim/core from 0.26.2 to 0.27.0

Release notes

Sourced from @​decidim/core's releases.

v0.27.0

See our blog post about the highlights for admins in this release.

1. Upgrade notes

As usual, we recommend that you have a full backup, of the database, application code and static files.

To update, follow these steps:

1.1. Update your Gemfile

gem "decidim", "0.27.0"
gem "decidim-dev", "0.27.0"

1.2. Run these commands

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

1.3. Follow the steps and commands detailed in these notes

2. General notes

2.1. Ruby update to 3.0

We have updated the Ruby version to 3.0.2. Upgrading to this version will require either to install the Ruby Version on your host, or change the decidim docker image to use ruby:3.0.2.

You can read more about this change on PR #8452.

2.2. Rails update to 6.1

We have updated the Ruby on Rails version to 6.1. This will be done automatically when doing the bundle update. If you had any code customization you'll probably need to take this into account and update your code. Some important aspects to mention:

• ActionMailer - Change default queue name of the deliver (:mailers) job to be the job adapter's default (:default)
• ActiveSupport - Remove deprecated fallback to I18n.default_locale when config.i18n.fallbacks is empty. This change should be transparent for all the Decidim users that have configured the Decidim.default_locale
• If you are using Spring, it is highly suggested to add the following line at the top of your application's config/spring.rb (especially if you are seeing the following messages in the console ERROR: directory is already being watched!):

require "decidim/spring"

You can read more about this change on PR #8411.

2.3. Data consent change (aka "cookie consent")

... (truncated)

Changelog

Sourced from @​decidim/core's changelog.

0.27.0

Detailed changes

Added

Nothing.

Changed

Nothing.

Fixed

Nothing.

Removed

Nothing.

Developer improvements

Nothing.

0.27.0.rc2

Detailed changes

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-assemblies, decidim-conferences, decidim-consultations, decidim-core, decidim-elections, decidim-initiatives, decidim-participatory processes: Backport 'Fix background-image URLs with weird characters' to v0.27 #9495
• decidim-comments, decidim-core: Backport 'Fix long word breaking on comments and cards' to v0.27 #9530
• decidim-core: Backport 'Fix nested attributes model mapping' to v0.27 #9532
• decidim-initiatives: Backport 'Add the rexml gem as a requirement for Ruby 3.0.0+ compatibility' to v0.27 #9533
• decidim-elections: Backport 'Advertise users if BB connection is lost in trustees/admin zones' to v0.27 #9534
• decidim-assemblies, decidim-conferences, decidim-elections: Backport 'Fix cache hash on Hightlighted spaces' to v0.27 #9537
• decidim-core: Backport 'Fix email subject when participatory space title is present' to v0.27 #9538
• decidim-accountability: Backport 'Add short format to result date' to v0.27 #9541
• decidim-conferences: Backport 'Fix published conferences order' to v0.27 #9687
• decidim-comments: Backport 'Fix creation notification when editing a comment ' to v0.27 #9689
• decidim-elections: Backport 'Remove margin-bottom on votings navigation' to v0.27 #9691
• decidim-initiatives: Backport 'Use public link on initiatives mailer' to v0.27 #9693

... (truncated)

Commits

• 485d757 Bump to v0.27.0 final version
• 1fada22 Bump to rc2 version
• ac449a6 Bump to rc1 version
• 326e677 Accept and reject cookies (#9271)
• f3ce4d8 Remove unnecessary locks and include them in .gitignore (#9275)
• 3d4abd7 performance: replace moment by dayjs (#9161)
• 021f167 Remove social-share-button npm package (#9042)
• a4fa482 Dynamic attachment uploads (#8681)
• 3d4ec74 Remove "leaflet-svgicon" npm dependency (#8673)
• feec80e Update npm dependencies (#8670)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.