Update activemodel requirement from ~> 6.1 to ~> 7.0

[dependabot]

Updates the requirements on activemodel to permit the latest version.

Release notes

Sourced from activemodel's releases.

v7.0.4.1

Active Support

• Avoid regex backtracking in Inflector.underscore

  [CVE-2023-22796]

Active Model

• No changes.

Active Record

• Make sanitize_as_sql_comment more strict

  Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

  This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

  This also clarifies in the documentation of annotate that it should not be provided user input.

  [CVE-2023-22794]

• Added integer width check to PostgreSQL::Quoting

  Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan.

  This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

  [CVE-2022-44566]

Action View

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 7.0.4.1 (January 17, 2023)

• No changes.

Rails 7.0.4 (September 09, 2022)

• Handle name clashes in attribute methods code generation cache.

  When two distinct attribute methods would generate similar names, the first implementation would be incorrectly re-used.

  class A
    attribute_method_suffix "_changed?"
    define_attribute_methods :x
  end
  class B
  attribute_method_suffix "?"
  define_attribute_methods :x_changed
  end

  Jean Boussier

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• No changes.

Rails 7.0.2.4 (April 26, 2022)

• No changes.

Rails 7.0.2.3 (March 08, 2022)

• No changes.

Rails 7.0.2.2 (February 11, 2022)

• No changes.

... (truncated)

Commits

• 23e0345 Version 7.0.4.1
• 8015c2c Version 7.0.4
• 60ee8cf Use tap in conditionally-required password example [ci-skip]
• 117aae0 Merge pull request #45754 from jonathanhefner/has_secure_password-conditional...
• a730810 Merge branch '7-0-sec' into 7-0-stable
• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 0a23b96 Fix the attribute methods cache backport
• 8e7b3b7 Fix code cache namespacing for proxied attribute methods
• 3872bc0 Preparing for 7.0.3 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #115.