What's Changed

• Bump devise-security to 0.17.0 by @dillonwelch in #366
• Change create to use new when possible by @dillonwelch in #368
• Update rubocop by @olbrich in #364
• Update to use byebug directly so we can use newer pry by @dillonwelch in #371
• Bump rubocop-minitest from 0.17.0 to 0.19.1 by @dependabot in #387
• Bump solargraph from 0.44.2 to 0.44.3 by @dependabot in #383
• Add paranoid verfication config for devise_security.rb by @kossy0701 in #374
• Bump rubocop-rails from 2.13.0 to 2.14.2 by @dependabot in #379
• Bump mongoid from 7.3.3 to 7.4.0 by @dependabot in #385
• Bump railties from 5.2.6 to 5.2.7 by @dependabot in #382
• Bump rubocop from 1.24.0 to 1.27.0 by @dependabot in #386
• Bump sqlite3 from 1.4.2 to 1.4.4 by @dependabot in #395
• Bump rubocop from 1.27.0 to 1.28.2 by @dependabot in #391
• Bump rack from 2.2.3 to 2.2.3.1 by @dependabot in #396
• Bump railties from 5.2.7 to 5.2.8 by @dependabot in #393
• Bump nokogiri from 1.13.3 to 1.13.4 by @dependabot in #389
• Bump omniauth from 2.0.4 to 2.1.0 by @dependabot in #390
• Update copyright notice by @dillonwelch in #372
• Round 1 of Rubocop cleanup by @dillonwelch in #367
• Bump railties from 5.2.8 to 5.2.8.1 by @dependabot in #399
• Update fr.yml by @Arpsara in #398
• Add missing translations for other languages by @dillonwelch in #373
• Fix 'send' of 'path_for' on controller helpers by @djpremier in #376
• Bump tzinfo from 1.2.9 to 1.2.10 by @dependabot in #400
• Fix a grammer in a code comment by @garigari-kun in #401
• PasswordExpiredController: Accept block for update action by @vlad-psh in #402
• Delete outdated controller patches by @vlad-psh in #403
• Update minimum ruby development version to 2.7. by @olbrich in #417
• Fix for Devise 4.9.1 by @olivier-thatch in #414
• v0.18.0 Pre-release cleanup by @olbrich in #419
• Add Rails 7.0 & Ruby 3.1 support by @djpremier in #404
• Update Mongoid to 8.0 series by @petergoldstein in #407

New Contributors

• @kossy0701 made their first contribution in #374
• @Arpsara made their first contribution in #398
• @djpremier made their first contribution in #376
• @garigari-kun made their first contribution in #401
• @vlad-psh made their first contribution in #402
• @olivier-thatch made their first contribution in #414
• @petergoldstein made their first contribution in #407

Full Changelog: v0.17.0...v0.18.0

New Features

• Allow settings in secure_validatable to be overridden at a class or instance level (#356)
• Add new setting for password complexity validator in secure_validatable (#356)
• Allow redirect routes to be customized (#316)
• Add Bulgarian (bg) translations (#327)

Bug Fixes & Maintenance

• Fix translations for digits vs digit and symbols vs symbol (#345)
• Performance fixes for email_equal_to_password validation (#354)
• Fix duplicate error messages in password_expiration workflow (#340)
• Unlock devise version (#334)
• Ensure passwords are not subject to another order when storing (#289)
• Only show "blank" error if password is missing (#342)
• Fix for email_equal_to_password validation when email is nil (#320)

New Features

• Add validation to ensure password does not match email to secure_validatable (#277)

Bug Fixes & Maintenance

• Change name of initializer file to match Rubocop default settings (#245)
• Separate positional and keyword arguments (#260)

Deprecations

• Dropped support for Rails 4.2 (#300)
• Cleaned up extra Rails 4.x code (#254)
• Remove deprecated schema files for old Mongoid versions (#296)

New Features

• Add Traditional Chinese (zh_TW) translations (#244)
• Add Czech (cs) translations (#242)
• Add Hindi (hi) translations (#241)
• Add Farsi (fa) translations (#240)
• Add Belarusian (be_By) translations (#236)
• Add Simplified Chinese (zh_CN) translations (#235)
• Add Ukrainian (uk_UA) translations (#233)
• Add Portuguese (pt) translations (#223)
• Add Dutch (nl) translations (#196)
• Add Russian (ru) translations (#128)
• Add missing German (de) translations (#123)
• Update paranoid_verification_code/show.html.erb and password_expired/show.html.erb to use translations instead of hardcoded text (#115)
• Allow flexible API response on Devise::PasswordExpiredController (#111)

Bug Fixes & Maintenance

• Reduce gem size (#248)
• Update to Spanish (es) translations (#234)
• Update for Italian (it) translations (#229)
• Remove requirement to include entirety of Rails ecosystem (#219)
• Password Expirable bugfix (#201)
• Fix spelling mistake in English (en) translations (#190)
• Fix attribute_changed? deprecation warning (#174)
• Update for German (de) translations (#126)
• Add deprecation warnings for Rails 4.2 (#124)
• Fix typo for Japan (ja) translations (#117)

Deprecations

• Dropped official support for Ruby 2.4 (#189) (See discussion here: #261 (comment))

New Features

• N/A

Bug Fixes & Maintenance

• Fixes for problems caused because some modules that needed the compatibility module didn't explicitly include them. (#107)

New Features

• N/A

Bug Fixes & Maintenance

• Fixes problem with name resolution caused by ORM compatibility modules (#103 & #104)

New Features

• N/A

Bug Fixes & Maintenance

• Getting "Uninitialized DEVISE_ORM" during install (#99)

New Features

• Mongoid support (#76)
• Add Japanese (ja) translations (#69)

Bug Fixes & Maintenance

• Fix mongoid index issue (#93)
• Updates to German translations (#88)
• Require minimum devise version of 4.3.0 (#83)
• Remove mass assignment from password_archivable (#68)
• Loosen ruby requirement (#67)

Remove Ruby 2.2 support: #55
Remove Rails 4.1 support: #56 #57
Refactor Password Expirable: #45
Better documentation in generator file: #46
Support for Turkish locale: #38
Password complexity validation with ReDOS vulnerability: #31
Add frozen_string_literal: true pragma: #34
Models now inherit from ApplicationRecord: #30

Bump required Ruby version to 2.2.9: #28
Fix for encrypted password being null: #25
Lower minimum rails to 4.1: #27
Fixes deprecation warnings: #26
Update Password Archivable to use password_salt: #23
Rubocop cleanup: #21