HEADS UP!

[tagliala]

Todo list (in priority order)

• Remove the uniqueness middleware (Middleware should use CSRF token #512) (How to override default_scope in mutli-tenant app (with Devise) #597) (Simple suggestion how to break brute attack on uniqueness filter  #612) (is_unique? check fails on MySQL and probably other storage engines #636) (Uniqueness case sensitive validation not working with mysql2 #659) (client_side_validations uses synchronous ajax #226) [7.0] 🚢
• Unobtrusive Javascript (Unobtrusive javascript #666) (Content Security Policy (CSP) and injecting the script tag #601) [9.0] 🚢
• Idempotent events
• Run JavaScript tests on CI (Run javascript unit tests on CI #591)
• Promise-based approach (client_side_validations uses synchronous ajax #226) (Proposal: change to model based validations on client #490)
• Raise CodeClimate score to 4.0 [8.0] 🚢
• Remove jQuery dependency
• Use ES6 instead of coffeescript (Move back to JavaScript #492) (Move to ES6 #741) [16.0]

What's new?

Proper SemVer

A proper SemVer allows us to break things very badly. The first feature which will be removed from CSV will be the middleware.

The Middleware

If you want need the middleware, stay on 6.0 but please note that it will not be supported and bugfixes/new features will not be backported by me.

If there is someone who wants to maintain the middleware as a separate gem, you are the welcome!

Please note that you may also need to import the middleware from the mongoid plugin

[tagliala]

4.0, 6.0, 7.0, 8.0, 9.0, 10.0, 11.0 OMG! 😱

Version 16.0 🚀

Breaking changes

• Rewrite the JavaScript module from CoffeeScript to ES6

Version 15.0 🚀

Breaking changes

• Drop Ruby 2.2 support

Version 14.0 🚀

This version should not contain breaking changes.

Add support to form_with

---

Version 13.0 🚀

Potential Breaking changes

• Fix case-sensitive uniqueness validator

---

Version 12.0 🚀

Potential Breaking changes

• Drop the deprecated tokenizer support in length validator

---

Version 11.0 🚀

Potential Breaking changes

• Association validators

In Rails 5, whenever we define a belongs_to association, it is
required to have the associated record present by default.

This change allows ClientSideValidation to inherit validations from
:field if the attribute name ends by _id and there are no
validations set on :field_id. Ref: #712

---

Version 10.0 🚀

Potential Breaking changes

• Client-side Numericality validator

Client side numericality validator now mimics the behavior of server-side one. In other words, it will not accept anymore the thousand separator. Ref: #717

---

Version 9.0 🚀

Breaking changes

• Unobtrusive javascript 😮

This is a feature that I desired for a long time. I thought it was almost impossible to implement without a full rewrite but I was wrong and I was able to manage it in just a couple of days (after feeling reluctant for a couple of years 🤦‍♂️).

CSV now uses a data attribute with some configuration instead of a script tag. In this way, you can block inline javascript with CSP and this will help security and cacheability

In this version, I've completely dropped references to the remote validators, but you should still be able to implement one. Feel free to start a wiki or to open issues if you need extra configuration to do that.

Is this the best available solution? No, of course it isn't. Is it better than before? I think so.

---

Version 8.0 🚀

This version should not contain breaking changes.

🤷‍♂️

I've preferred to bump up the major because of potential breaking changes if you monkey patched the gem. If you didn't touch CSV internals, you should be able to use CSV >= 8.0

---

Version 7.0 🚀

Version 7.0 drops the active record middleware. You should be able to update to this version if you didn't use remote validators before (uniqueness or custom remote validators).

You should consider to setup your own implementation of remote validators and get rid of the CSV middleware because it is not secure (potential data disclosure) and it is not protected from brute force attacks

Breaking changes

• Drop the active record middleware 😡

---

Version 6.0 🚀

I've intentionally skipped 5.0 because I didn't want a version number which could recall Rails 5.0. As I said before, CSV will follow its own versioning system.

Version 6.0 is basically the "old" 4.2 CSV updated to Rails 5.

Breaking changes

• Drop Rails 4 support 😠

New features

• Rails 5.0 support 🎉

[fleck]

Working on setting up an Vanilla JavaScript version https://github.com/fleck/client_side_validations/tree/ES. I'm using rollup, I see you had mentioned using webpack, but for a library rollup is better suited. JS tests are passing and there's a lot of refactoring that could still be done. There are a couple of failing tests relating to copying assets. I can commit more time to this, but wanted to get some feedback before spending more time.

[tagliala]

@fleck thanks for your work, it looks good!

Please submit a PR, I will start a review there.

PS: at the moment I'm without my development machine, so please be patient