Skip to content

Bump devise from 4.9.4 to 5.0.2#1022

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/devise-5.0.2
Open

Bump devise from 4.9.4 to 5.0.2#1022
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/devise-5.0.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 19, 2026

Bumps devise from 4.9.4 to 5.0.2.

Release notes

Sourced from devise's releases.

v5.0.2

https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18

v5.0.1

https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13

v5.0.0

https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23

v5.0.0.rc

https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31

Changelog

Sourced from devise's changelog.

5.0.2 - 2026-02-18

  • enhancements
    • Allow resource class scopes to override the global configuration for sign_in_after_change_password behaviour. #5825
    • Add sign_in_after_reset_password? check hook to passwords controller, to allow it to be customized by users. #5826

5.0.1 - 2026-02-13

  • bug fixes
    • Fix translation issue with German E-Mail on invalid authentication messages caused by previous fix for incorrect grammar #5822

5.0.0 - 2026-01-23

no changes

5.0.0.rc - 2025-12-31

  • breaking changes

    • Drop support to Ruby < 2.7

    • Drop support to Rails < 7.0

    • Remove deprecated :bypass option from sign_in helper, use bypass_sign_in instead. #5803

    • Remove deprecated devise_error_messages! helper, use render "devise/shared/error_messages", resource: resource instead. #5803

    • Remove deprecated scope second argument from sign_in(resource, :admin) controller test helper, use sign_in(resource, scope: :admin) instead. #5803

    • Remove deprecated Devise::TestHelpers, use Devise::Test::ControllerHelpers instead. #5803

    • Remove deprecated Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION #5598

    • Remove deprecated Devise.activerecord51? method.

    • Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.

      This is potentially a breaking change because Devise previously used the following order to find a secret key:

      app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base

      Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645

    • Change password instructions button label on devise view from Send me reset password instructions to Send me password reset instructions #5515

    • Change <br> tags separating form elements to wrapping them in <p> tags #5494

    • Replace [data-turbo-cache=false] with [data-turbo-temporary] on devise/shared/error_messages partial. This has been deprecated by Turbo since v7.3.0 (released on Mar 1, 2023).

      If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to [data-turbo-cache=false].

  • enhancements

    • Add Rails 8 support.

      • Routes are lazy-loaded by default in test and development environments now so Devise loads them before Devise.mappings call. #5728

    • New apps using Rack 3.1+ will be generated using config.responder.error_status = :unprocessable_content, since :unprocessable_entity has been deprecated by Rack.

      Latest versions of Rails transparently convert :unprocessable_entity -> :unprocessable_content, and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with :unprocessable_entity. They can also simply change their error_status to :unprocessable_content in latest Rack versions to avoid the warning.

    • Add Ruby 3.4 and 4.0 support.

    • Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. #5568

... (truncated)

Commits
  • 5b008ed Release v5.0.2
  • 916f94e Add sign_in_after_reset_password? check hook to passwords controller (#5826)
  • 1befcb5 Stop building both branch & PR with pushes
  • bb2b4ec Allow model config to override sign_in_after_change_password (#5825)
  • e5ffdc4 Update missed generator to use correct grammar for "send password reset" butt...
  • 1054ef8 Release v5.0.1
  • 03c419e Only downcase first letter of each auth key, not the entire string (#5822)
  • dbc1bb2 Fix minitest name (#5821)
  • c51da69 Release v5, no changes since RC
  • e9c534d Fix "Test is missing assertions" warnings
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump devise from 4.9.4 to 5.0.2
f120289 
Bumps [devise](https://github.com/heartcombo/devise) from 4.9.4 to 5.0.2.
- [Release notes](https://github.com/heartcombo/devise/releases)
- [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md)
- [Commits](heartcombo/devise@v4.9.4...v5.0.2)

---
updated-dependencies:
- dependency-name: devise
  dependency-version: 5.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Feb 19, 2026
@dependabot dependabot bot mentioned this pull request Feb 19, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments