Bump clearance from 2.2.0 to 2.3.1

[dependabot]

Bumps clearance from 2.2.0 to 2.3.1.

Release notes

Sourced from clearance's releases.

v2.3.1

Fixed

• Support for accessing Rails 6.x primary_key_type in generator.
• Fix password reset URLs when using a custom model
• Fix flaky test that relied on too specific time delta
• Revert case sensitivity for email uniqueness
• Bump nokogiri and actionview dependencies to address security vulnerabilities

v2.3.0

2.3.0 - August 14, 2020

Fixed

• Delete cookie correctly when a callable object is set as the custom domain setting.
• Strip as parameter when signing in through the back door.
• Remove broken autoload for deprecated password strategies.

Changed

• Deliver password reset email inline rather than in the background.
• Remove unnecessary unsafe interpolation in erb templates.

v2.2.1

Fixed

• Prevent user enumeration by timing attacks. Trying to log in with an unrecognized email address will now take the same amount of time as for a user that does exist in the system.

Changelog

Sourced from clearance's changelog.

[2.3.1] - March 5, 2021

Fixed

• Support for accessing Rails 6.x primary_key_type in generator.
• Fix password reset URLs when using a custom model
• Fix flaky test that relied on too specific time delta
• Revert case sensitivity for email uniqueness
• Bump nokogiri and actionview dependencies to address security vulnerabilities

2.3.0 - August 14, 2020

Fixed

• Delete cookie correctly when a callable object is set as the custom domain setting.
• Strip as parameter when signing in through the back door.
• Remove broken autoload for deprecated password strategies.

Changed

• Deliver password reset email inline rather than in the background.
• Remove unnecessary unsafe interpolation in erb templates.

2.2.1 - August 7, 2020

Fixed

• Prevent user enumeration by timing attacks. Trying to log in with an unrecognized email address will now take the same amount of time as for a user that does exist in the system.

Commits

• 77c9d2d Bump nokogiri from 1.10.10 to 1.11.1 (#935)
• b518b32 Bump actionview from 6.0.3.2 to 6.1.3 (#934)
• b50defc Revert case sensitivity for email uniqueness (#930)
• 6e66881 Increase time range for authentication spec (#932)
• eeb5b0f Fix password reset URLs when using a custom model
• 728bf9d Use GitHub Actions instead of Travis for CI (#926)
• eeb5d40 Fix Rails 6.x issue with finding primary key type
• fbaf5cf [ci skip] Bump version to 2.3.0
• dcb96dc Deliver password reset email inline (#882)
• 05db2df Add parameter stripping to BackDoor (#897)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

[dependabot]

Superseded by #114.