Bump actionpack from 5.2.3 to 6.0.0

[dependabot-preview]

Bumps actionpack from 5.2.3 to 6.0.0.

Release notes

Sourced from actionpack's releases.

6.0.0.beta1

Active Support

• Remove deprecated Module#reachable? method.

  Rafael Mendonça França

• Remove deprecated #acronym_regex method from Inflections.

  Rafael Mendonça França

• Fix String#safe_constantize throwing a LoadError for incorrectly cased constant references.

  Keenan Brock

• Preserve key order passed to ActiveSupport::CacheStore#fetch_multi.

  fetch_multi(*names) now returns its results in the same order as the *names requested, rather than returning cache hits followed by cache misses.

  Gannon McGibbon

• If the same block is included multiple times for a Concern, an exception is no longer raised.

  Mark J. Titorenko, Vlad Bokov

• Fix bug where #to_options for ActiveSupport::HashWithIndifferentAccess
  would not act as alias for #symbolize_keys.

  Nick Weiland

• Improve the logic that detects non-autoloaded constants.

  Jan Habermann, Xavier Noria

• Deprecate ActiveSupport::Multibyte::Unicode#pack_graphemes(array) and ActiveSuppport::Multibyte::Unicode#unpack_graphemes(string)
  in favor of array.flatten.pack("U*") and string.scan(/\X/).map(&:codepoints), respectively.

  Francesco Rodríguez

• Deprecate ActiveSupport::Multibyte::Chars.consumes? in favor of String#is_utf8?.

  Francesco Rodríguez

• Fix duration being rounded to a full second.

    time = DateTime.parse("2018-1-1")
    time += 0.51.seconds
  

  Will now correctly add 0.51 second and not 1 full second.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 6.0.0 (August 16, 2019)

• No changes.

Rails 6.0.0.rc2 (July 22, 2019)

• Add the ability to set the CSP nonce only to the specified directives.

  Fixes #35137.

  Yuji Yaginuma

• Keep part when scope option has value.

  When a route was defined within an optional scope, if that route didn't
  take parameters the scope was lost when using path helpers. This commit
  ensures scope is kept both when the route takes parameters or when it
  doesn't.

  Fixes #33219

  Alberto Almagro

• Change ActionDispatch::Response#content_type to return Content-Type header as it is.

  Previously, ActionDispatch::Response#content_type returned value does NOT
  contain charset part. This behavior changed to returned Content-Type header
  containing charset part as it is.

  If you want just MIME type, please use ActionDispatch::Response#media_type
  instead.

  Enable action_dispatch.return_only_media_type_on_content_type to use this change.
  If not enabled, ActionDispatch::Response#content_type returns the same
  value as before version, but its behavior is deprecate.

  Yuji Yaginuma

• Calling ActionController::Parameters#transform_keys/! without a block now returns
  an enumerator for the parameters instead of the underlying hash.

  Eugene Kenny

• Fix a bug where DebugExceptions throws an error when malformed query parameters are provided

  Yuki Nishijima, Stan Lo

Rails 6.0.0.rc1 (April 24, 2019)

... (truncated)

Commits

• 66cabed Preparing for 6.0.0 release
• f57aac4 Merge pull request #36854 from eugeneius/media_type_instead_of_content_type
• 49718d1 Require and support rails-html-sanitzer 1.2.0
• ad34b6c Remove invalid autoload of ActionDispatch::Http::Upload
• 072f6f9 Merge pull request #36537 from quadule/fix-cookie-rotation-hash-pollution
• ac34a70 Fix error 500 caused by ActionController::RoutingError (via fail-safe) when P...
• c1274e1 Merge pull request #36254 from sharang-d/remove-named-helpers
• 393b864 Merge pull request #36504 from mtsmfm/mtsmfm/fix-flaky-render-test
• 4f78062 Preparing for 6.0.0.rc2 release
• f5c1f85 Merge pull request #36602 from jhawthorn/system_testing_preload_2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[nickcharlton]

This is really an upgrade to Rails 6, and we should do some regression testing on this first.

#1401, for example. And I'm sure there's a few others.