Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependency rails to v8 (#185)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [rails](https://rubyonrails.org)
([source](https://redirect.github.com/rails/rails),
[changelog](https://redirect.github.com/rails/rails/releases/tag/v8.0.0.1))
| `'~> 6.1.7.3'` -> `'~> 8.0.0.0'` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>rails/rails (rails)</summary>
###
[`v8.0.0.1`](https://redirect.github.com/rails/rails/releases/tag/v8.0.0.1):
8.0.0.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v8.0.0...v8.0.0.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Add validation to content security policies to disallow spaces and
semicolons.
Developers should use multiple arguments, and different directive
methods instead.
\[CVE-2024-54133]
*Gannon McGibbon*
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Update vendored trix version to 2.1.10
*John Hawthorn*
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v8.0.0`](https://redirect.github.com/rails/rails/releases/tag/v8.0.0):
8.0.0
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.2.1...v8.0.0)
#### Active Support
- Remove deprecated support to passing an array of strings to
`ActiveSupport::Deprecation#warn`.
*Rafael Mendonça França*
- Remove deprecated support to setting `attr_internal_naming_format`
with a `@` prefix.
*Rafael Mendonça França*
- Remove deprecated `ActiveSupport::ProxyObject`.
*Rafael Mendonça França*
- Don't execute i18n watcher on boot. It shouldn't catch any file
changes initially,
and unnecessarily slows down boot of applications with lots of
translations.
*Gannon McGibbon*, *David Stosik*
- Fix `ActiveSupport::HashWithIndifferentAccess#stringify_keys` to
stringify all keys not just symbols.
Previously:
```ruby
{ 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2
```
After this change:
```ruby
{ 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2
```
This change can be seen as a bug fix, but since it behaved like this for
a very long time, we're deciding
to not backport the fix and to make the change in a major release.
*Jean Boussier*
- Include options when instrumenting
`ActiveSupport::Cache::Store#delete` and
`ActiveSupport::Cache::Store#delete_multi`.
*Adam Renberg Tamm*
- Print test names when running `rails test -v` for parallel tests.
*John Hawthorn*, *Abeid Ahmed*
- Deprecate `Benchmark.ms` core extension.
The `benchmark` gem will become bundled in Ruby 3.5
*Earlopain*
- `ActiveSupport::TimeWithZone#inspect` now uses ISO 8601 style time
like `Time#inspect`
*John Hawthorn*
- `ActiveSupport::ErrorReporter#report` now assigns a backtrace to
unraised exceptions.
Previously reporting an un-raised exception would result in an error
report without
a backtrace. Now it automatically generates one.
*Jean Boussier*
- Add `escape_html_entities` option to `ActiveSupport::JSON.encode`.
This allows for overriding the global configuration found at
`ActiveSupport.escape_html_entities_in_json` for specific calls to
`to_json`.
This should be usable from controllers in the following manner:
```ruby
class MyController < ApplicationController
def index
render json: { hello: "world" }, escape_html_entities: false
end
end
```
*Nigel Baillie*
- Raise when using key which can't respond to `#to_sym` in
`EncryptedConfiguration`.
As is the case when trying to use an Integer or Float as a key, which is
unsupported.
*zzak*
- Deprecate addition and since between two `Time` and
`ActiveSupport::TimeWithZone`.
Previously adding time instances together such as `10.days.ago +
10.days.ago` or `10.days.ago.since(10.days.ago)` produced a nonsensical
future date. This behavior is deprecated and will be removed in Rails
8.1.
*Nick Schwaderer*
- Support rfc2822 format for Time#to_fs & Date#to_fs.
*Akshay Birajdar*
- Optimize load time for `Railtie#initialize_i18n`. Filter
`I18n.load_path`s passed to the file watcher to only those
under `Rails.root`. Previously the watcher would grab all available
locales, including those in gems
which do not require a watcher because they won't change.
*Nick Schwaderer*
- Add a `filter` option to `in_order_of` to prioritize certain values in
the sorting without filtering the results
by these values.
*Igor Depolli*
- Improve error message when using `assert_difference` or
`assert_changes` with a
proc by printing the proc's source code (MRI only).
*Richard Böhme*, *Jean Boussier*
- Add a new configuration value `:zone` for
`ActiveSupport.to_time_preserves_timezone` and rename the previous
`true` value to `:offset`. The new default value is `:zone`.
*Jason Kim*, *John Hawthorn*
- Align instrumentation `payload[:key]` in ActiveSupport::Cache to
follow the same pattern, with namespaced and normalized keys.
*Frederik Erbs Spang Thomsen*
- Fix `travel_to` to set usec 0 when `with_usec` is `false` and the
given argument String or DateTime.
*mopp*
#### Active Model
- Add `:except_on` option for validations. Grants the ability to *skip*
validations in specified contexts.
```ruby
class User < ApplicationRecord
#...
validates :birthday, presence: { except_on: :admin }
#...
end
user = User.new(attributes except birthday)
user.save(context: :admin)
```
*Drew Bragg*
- Make `ActiveModel::Serialization#read_attribute_for_serialization`
public
*Sean Doyle*
- Add a default token generator for password reset tokens when using
`has_secure_password`.
```ruby
class User < ApplicationRecord
has_secure_password
end
user = User.create!(name: "david", password: "123",
password_confirmation: "123")
token = user.password_reset_token
User.find_by_password_reset_token(token) # returns user
```
### 16 minutes later...
User.find_by_password_reset_token(token) # returns nil
### raises ActiveSupport::MessageVerifier::InvalidSignature since the
token is expired
User.find_by_password_reset_token!(token)
```
*DHH*
- Add a load hook `active_model_translation` for
`ActiveModel::Translation`.
*Shouichi Kamiya*
- Add `raise_on_missing_translations` option to
`ActiveModel::Translation`.
When the option is set, `human_attribute_name` raises an error if a
translation of the given attribute is missing.
```ruby
```
### ActiveModel::Translation.raise_on_missing_translations = false
Post.human_attribute_name("title")
=> "Title"
### ActiveModel::Translation.raise_on_missing_translations = true
Post.human_attribute_name("title")
=> Translation missing. Options considered were:
(I18n::MissingTranslationData)
- en.activerecord.attributes.post.title
- en.attributes.title
raise exception.respond_to?(:to_exception) ? exception.to_exception :
exception
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
```
*Shouichi Kamiya*
- Introduce `ActiveModel::AttributeAssignment#attribute_writer_missing`
Provide instances with an opportunity to gracefully handle assigning to
an
unknown attribute:
```ruby
class Rectangle
include ActiveModel::AttributeAssignment
attr_accessor :length, :width
def attribute_writer_missing(name, value)
Rails.logger.warn "Tried to assign to unknown attribute #{name}"
end
end
rectangle = Rectangle.new
rectangle.assign_attributes(height: 10) # => Logs "Tried to assign to
unknown attribute 'height'"
```
*Sean Doyle*
#### Active Record
- Fix support for `query_cache: false` in `database.yml`.
`query_cache: false` would no longer entirely disable the Active Record
query cache.
*zzak*
- NULLS NOT DISTINCT works with UNIQUE CONSTRAINT as well as UNIQUE
INDEX.
*Ryuta Kamizono*
- The `db:prepare` task no longer loads seeds when a non-primary
database is created.
Previously, the `db:prepare` task would load seeds whenever a new
database
is created, leading to potential loss of data if a database is added to
an
existing environment.
Introduces a new database config property `seeds` to control whether
seeds
are loaded during `db:prepare` which defaults to `true` for primary
database
configs and `false` otherwise.
Fixes
[#​53348](https://redirect.github.com/rails/rails/issues/53348).
*Mike Dalessio*
- `PG::UnableToSend: no connection to the server` is now retryable as a
connection-related exception
*Kazuma Watanabe*
- Fix strict loading propagation even if statement cache is not used.
*Ryuta Kamizono*
- Allow `rename_enum` accepts two from/to name arguments as
`rename_table` does so.
*Ryuta Kamizono*
- Remove deprecated support to setting `ENV["SCHEMA_CACHE"]`.
*Rafael Mendonça França*
- Remove deprecated support to passing a database name to
`cache_dump_filename`.
*Rafael Mendonça França*
- Remove deprecated
`ActiveRecord::ConnectionAdapters::ConnectionPool#connection`.
*Rafael Mendonça França*
- Remove deprecated `config.active_record.sqlite3_deprecated_warning`.
*Rafael Mendonça França*
- Remove deprecated
`config.active_record.warn_on_records_fetched_greater_than`.
*Rafael Mendonça França*
- Remove deprecated support for defining `enum` with keyword arguments.
*Rafael Mendonça França*
- Remove deprecated support to finding database adapters that aren't
registered to Active Record.
*Rafael Mendonça França*
- Remove deprecated
`config.active_record.allow_deprecated_singular_associations_name`.
*Rafael Mendonça França*
- Remove deprecated
`config.active_record.commit_transaction_on_non_local_return`.
*Rafael Mendonça França*
- Fix incorrect SQL query when passing an empty hash to
`ActiveRecord::Base.insert`.
*David Stosik*
- Allow to save records with polymorphic join tables that have
`inverse_of`
specified.
*Markus Doits*
- Fix association scopes applying on the incorrect join when using a
polymorphic `has_many through:`.
*Joshua Young*
- Allow `ActiveRecord::Base#pluck` to accept hash arguments with symbol
and string values.
```ruby
Post.joins(:comments).pluck(:id, comments: :id)
Post.joins(:comments).pluck("id", "comments" => "id")
```
*Joshua Young*
- Make Float distinguish between `float4` and `float8` in PostgreSQL.
Fixes
[#​52742](https://redirect.github.com/rails/rails/issues/52742)
*Ryota Kitazawa*, *Takayuki Nagatomi*
- Allow `drop_table` to accept an array of table names.
This will let you to drop multiple tables in a single call.
```ruby
ActiveRecord::Base.lease_connection.drop_table(:users, :posts)
```
*Gabriel Sobrinho*
- Add support for PostgreSQL `IF NOT EXISTS` via the `:if_not_exists`
option
on the `add_enum_value` method.
*Ariel Rzezak*
- When running `db:migrate` on a fresh database, load the databases
schemas before running migrations.
*Andrew Novoselac*, *Marek Kasztelnik*
- Fix an issue where `.left_outer_joins` used with multiple associations
that have
the same child association but different parents does not join all
parents.
Previously, using `.left_outer_joins` with the same child association
would only join one of the parents.
Now it will correctly join both parents.
Fixes
[#​41498](https://redirect.github.com/rails/rails/issues/41498).
*Garrett Blehm*
- Deprecate `unsigned_float` and `unsigned_decimal` short-hand column
methods.
As of MySQL 8.0.17, the UNSIGNED attribute is deprecated for columns of
type FLOAT, DOUBLE,
and DECIMAL. Consider using a simple CHECK constraint instead for such
columns.
https://dev.mysql.com/doc/refman/8.0/en/numeric-type-syntax.html
*Ryuta Kamizono*
- Drop MySQL 5.5 support.
MySQL 5.5 is the only version that does not support datetime with
precision,
which we have supported in the core. Now we support MySQL 5.6.4 or
later, which
is the first version to support datetime with precision.
*Ryuta Kamizono*
- Make Active Record asynchronous queries compatible with transactional
fixtures.
Previously transactional fixtures would disable asynchronous queries,
because transactional
fixtures impose all queries use the same connection.
Now asynchronous queries will use the connection pinned by transactional
fixtures, and behave
much closer to production.
*Jean Boussier*
- Deserialize binary data before decrypting
This ensures that we call `PG::Connection.unescape_bytea` on PostgreSQL
before decryption.
*Donal McBreen*
- Ensure `ActiveRecord::Encryption.config` is always ready before
access.
Previously, `ActiveRecord::Encryption` configuration was deferred until
`ActiveRecord::Base`
was loaded. Therefore, accessing `ActiveRecord::Encryption.config`
properties before
`ActiveRecord::Base` was loaded would give incorrect results.
`ActiveRecord::Encryption` now has its own loading hook so that its
configuration is set as
soon as needed.
When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers
the loading of
`ActiveRecord::Encryption`, thus preserving the original behavior of
having its config ready
before any use of `ActiveRecord::Base`.
*Maxime Réty*
- Add `TimeZoneConverter#==` method, so objects will be properly
compared by
their type, scale, limit & precision.
Address
[#​52699](https://redirect.github.com/rails/rails/issues/52699).
*Ruy Rocha*
- Add support for SQLite3 full-text-search and other virtual tables.
Previously, adding sqlite3 virtual tables messed up `schema.rb`.
Now, virtual tables can safely be added using `create_virtual_table`.
*Zacharias Knudsen*
- Support use of alternative database interfaces via the `database_cli`
ActiveRecord configuration option.
```ruby
Rails.application.configure do
config.active_record.database_cli = { postgresql: "pgcli" }
end
```
*T S Vallender*
- Add support for dumping table inheritance and native partitioning
table definitions for PostgeSQL adapter
*Justin Talbott*
- Add support for `ActiveRecord::Point` type casts using `Hash` values
This allows `ActiveRecord::Point` to be cast or serialized from a hash
with `:x` and `:y` keys of numeric values, mirroring the functionality
of
existing casts for string and array values. Both string and symbol keys
are
supported.
```ruby
class PostgresqlPoint < ActiveRecord::Base
attribute :x, :point
attribute :y, :point
attribute :z, :point
end
val = PostgresqlPoint.new({
x: '(12.34, -43.21)',
y: [12.34, '-43.21'],
z: {x: '12.34', y: -43.21}
})
ActiveRecord::Point.new(12.32, -43.21) == val.x == val.y == val.z
```
*Stephen Drew*
- Replace `SQLite3::Database#busy_timeout` with
`#busy_handler_timeout=`.
Provides a non-GVL-blocking, fair retry interval busy handler
implementation.
*Stephen Margheim*
- SQLite3Adapter: Translate `SQLite3::BusyException` into
`ActiveRecord::StatementTimeout`.
*Matthew Nguyen*
- Include schema name in `enable_extension` statements in
`db/schema.rb`.
The schema dumper will now include the schema name in generated
`enable_extension` statements if they differ from the current schema.
For example, if you have a migration:
```ruby
enable_extension "heroku_ext.pgcrypto"
enable_extension "pg_stat_statements"
```
then the generated schema dump will also contain:
```ruby
enable_extension "heroku_ext.pgcrypto"
enable_extension "pg_stat_statements"
```
*Tony Novak*
- Fix `ActiveRecord::Encryption::EncryptedAttributeType#type` to return
actual cast type.
*Vasiliy Ermolovich*
- SQLite3Adapter: Bulk insert fixtures.
Previously one insert command was executed for each fixture, now they
are
aggregated in a single bulk insert command.
*Lázaro Nixon*
- PostgreSQLAdapter: Allow `disable_extension` to be called with
schema-qualified name.
For parity with `enable_extension`, the `disable_extension` method can
be called with a schema-qualified
name (e.g. `disable_extension "myschema.pgcrypto"`). Note that
PostgreSQL's `DROP EXTENSION` does not
actually take a schema name (unlike `CREATE EXTENSION`), so the
resulting SQL statement will only name
the extension, e.g. `DROP EXTENSION IF EXISTS "pgcrypto"`.
*Tony Novak*
- Make `create_schema` / `drop_schema` reversible in migrations.
Previously, `create_schema` and `drop_schema` were irreversible
migration operations.
*Tony Novak*
- Support batching using custom columns.
```ruby
Product.in_batches(cursor: [:shop_id, :id]) do |relation|
```
### do something with relation
end
```
*fatkodima*
- Use SQLite `IMMEDIATE` transactions when possible.
Transactions run against the SQLite3 adapter default to IMMEDIATE mode
to improve concurrency support and avoid busy exceptions.
*Stephen Margheim*
- Raise specific exception when a connection is not defined.
The new `ConnectionNotDefined` exception provides connection name, shard
and role accessors indicating the details of the connection that was
requested.
*Hana Harencarova*, *Matthew Draper*
- Delete the deprecated constant `ActiveRecord::ImmutableRelation`.
*Xavier Noria*
- Fix duplicate callback execution when child autosaves parent with
`has_one` and `belongs_to`.
Before, persisting a new child record with a new associated parent
record would run `before_validation`,
`after_validation`, `before_save` and `after_save` callbacks twice.
Now, these callbacks are only executed once as expected.
*Joshua Young*
- `ActiveRecord::Encryption::Encryptor` now supports a `:compressor`
option to customize the compression algorithm used.
```ruby
module ZstdCompressor
def self.deflate(data)
Zstd.compress(data)
end
def self.inflate(data)
Zstd.decompress(data)
end
end
class User
encrypts :name, compressor: ZstdCompressor
end
```
You disable compression by passing `compress: false`.
```ruby
class User
encrypts :name, compress: false
end
```
*heka1024*
- Add condensed `#inspect` for `ConnectionPool`, `AbstractAdapter`, and
`DatabaseConfig`.
*Hartley McGuire*
- Add `.shard_keys`, `.sharded?`, & `.connected_to_all_shards` methods.
```ruby
class ShardedBase < ActiveRecord::Base
self.abstract_class = true
connects_to shards: {
shard_one: { writing: :shard_one },
shard_two: { writing: :shard_two }
}
end
class ShardedModel < ShardedBase
end
ShardedModel.shard_keys => [:shard_one, :shard_two]
ShardedModel.sharded? => true
ShardedBase.connected_to_all_shards { ShardedModel.current_shard } =>
[:shard_one, :shard_two]
```
*Nony Dutton*
- Add a `filter` option to `in_order_of` to prioritize certain values in
the sorting without filtering the results
by these values.
*Igor Depolli*
- Fix an issue where the IDs reader method did not return expected
results
for preloaded associations in models using composite primary keys.
*Jay Ang*
- Allow to configure `strict_loading_mode` globally or within a model.
Defaults to `:all`, can be changed to `:n_plus_one_only`.
*Garen Torikian*
- Add `ActiveRecord::Relation#readonly?`.
Reflects if the relation has been marked as readonly.
*Theodor Tonum*
- Improve `ActiveRecord::Store` to raise a descriptive exception if the
column is not either
structured (e.g., PostgreSQL +hstore+/+json+, or MySQL +json+) or
declared serializable via
`ActiveRecord.store`.
Previously, a `NoMethodError` would be raised when the accessor was read
or written:
NoMethodError: undefined method `accessor' for an instance of
ActiveRecord::Type::Text
Now, a descriptive `ConfigurationError` is raised:
ActiveRecord::ConfigurationError: the column 'metadata' has not been
configured as a store.
Please make sure the column is declared serializable via
'ActiveRecord.store' or, if your
database supports it, use a structured column type like hstore or json.
*Mike Dalessio*
- Fix inference of association model on nested models with the same
demodularized name.
E.g. with the following setup:
```ruby
class Nested::Post < ApplicationRecord
has_one :post, through: :other
end
```
Before, `#post` would infer the model as `Nested::Post`, but now it
correctly infers `Post`.
*Joshua Young*
- Add public method for checking if a table is ignored by the schema
cache.
Previously, an application would need to reimplement `ignored_table?`
from the schema cache class to check if a table was set to be ignored.
This adds a public method to support this and updates the schema cache
to use that directly.
```ruby
ActiveRecord.schema_cache_ignored_tables = ["developers"]
ActiveRecord.schema_cache_ignored_table?("developers")
=> true
```
*Eileen M. Uchitelle*
#### Action View
- Remove deprecated support to passing a content to void tag elements on
the `tag` builder.
*Rafael Mendonça França*
- Remove deprecated support to passing `nil` to the `model:` argument of
`form_with`.
*Rafael Mendonça França*
- Enable DependencyTracker to evaluate renders with trailing
interpolation.
```erb
<%= render "maintenance_tasks/runs/info/#{run.status}" %>
```
Previously, the DependencyTracker would ignore this render, but now it
will
mark all partials in the "maintenance_tasks/runs/info" folder as
dependencies.
*Hartley McGuire*
- Rename `text_area` methods into `textarea`
Old names are still available as aliases.
*Sean Doyle*
- Rename `check_box*` methods into `checkbox*`.
Old names are still available as aliases.
*Jean Boussier*
#### Action Pack
- Fix routes with `::` in the path.
*Rafael Mendonça França*
- Maintain Rack 2 parameter parsing behaviour.
*Matthew Draper*
- Remove
`Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
*Rafael Mendonça França*
- Improve `ActionController::TestCase` to expose a binary encoded
`request.body`.
The rack spec clearly states:
> The input stream is an IO-like object which contains the raw HTTP POST
data.
> When applicable, its external encoding must be “ASCII-8BIT” and it
must be opened in binary mode.
Until now its encoding was generally UTF-8, which doesn't accurately
reflect production
behavior.
*Jean Boussier*
- Update `ActionController::AllowBrowser` to support passing method
names to `:block`
```ruby
class ApplicationController < ActionController::Base
allow_browser versions: :modern, block: :handle_outdated_browser
private
def handle_outdated_browser
render file: Rails.root.join("public/custom-error.html"), status:
:not_acceptable
end
end
```
*Sean Doyle*
- Raise an `ArgumentError` when invalid `:only` or `:except` options are
passed into `#resource` and `#resources`.
*Joshua Young*
- Fix non-GET requests not updating cookies in
`ActionController::TestCase`.
*Jon Moss*, *Hartley McGuire*
- Update `ActionController::Live` to use a thread-pool to reuse threads
across requests.
*Adam Renberg Tamm*
- Introduce safer, more explicit params handling method with
`params#expect` such that
`params.expect(table: [ :attr ])` replaces
`params.require(:table).permit(:attr)`
Ensures params are filtered with consideration for the expected
types of values, improving handling of params and avoiding ignorable
errors caused by params tampering.
```ruby
```
### If the url is altered to ?person=hacked
### Before
params.require(:person).permit(:name, :age, pets: [:name])
### raises NoMethodError, causing a 500 and potential error reporting
### After
params.expect(person: [ :name, :age, pets: [[:name]] ])
### raises ActionController::ParameterMissing, correctly returning a 400
error
```
You may also notice the new double array `[[:name]]`. In order to
declare when a param is expected to be an array of parameter hashes,
this new double array syntax is used to explicitly declare an array.
`expect` requires you to declare expected arrays in this way, and will
ignore arrays that are passed when, for example, `pet: [:name]` is used.
In order to preserve compatibility, `permit` does not adopt the new
double array syntax and is therefore more permissive about unexpected
types. Using `expect` everywhere is recommended.
We suggest replacing `params.require(:person).permit(:name, :age)`
with the direct replacement `params.expect(person: [:name, :age])`
to prevent external users from manipulating params to trigger 500
errors. A 400 error will be returned instead, using public/400.html
Usage of `params.require(:id)` should likewise be replaced with
`params.expect(:id)` which is designed to ensure that `params[:id]`
is a scalar and not an array or hash, also requiring the param.
```ruby
### Before
User.find(params.require(:id)) # allows an array, altering behavior
### After
User.find(params.expect(:id)) # expect only returns non-blank permitted
scalars (excludes Hash, Array, nil, "", etc)
```
*Martin Emde*
- System Testing: Disable Chrome's search engine choice by default in
system tests.
*glaszig*
- Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is
`nil`.
*Hartley McGuire*
- Remove `racc` dependency by manually writing
`ActionDispatch::Journey::Scanner`.
*Gannon McGibbon*
- Speed up `ActionDispatch::Routing::Mapper::Scope#[]` by merging frame
hashes.
*Gannon McGibbon*
- Allow bots to ignore `allow_browser`.
*Matthew Nguyen*
- Deprecate drawing routes with multiple paths to make routing faster.
You may use `with_options` or a loop to make drawing multiple paths
easier.
```ruby
```
### Before
get "/users", "/other_path", to: "users#index"
### After
get "/users", to: "users#index"
get "/other_path", to: "users#index"
```
*Gannon McGibbon*
- Make `http_cache_forever` use `immutable: true`
*Nate Matykiewicz*
- Add `config.action_dispatch.strict_freshness`.
When set to `true`, the `ETag` header takes precedence over the
`Last-Modified` header when both are present,
as specified by RFC 7232, Section 6.
Defaults to `false` to maintain compatibility with previous versions of
Rails, but is enabled as part of
Rails 8.0 defaults.
*heka1024*
- Support `immutable` directive in Cache-Control
```ruby
expires_in 1.minute, public: true, immutable: true
```
### Cache-Control: public, max-age=60, immutable
```
*heka1024*
- Add `:wasm_unsafe_eval` mapping for `content_security_policy`
```ruby
```
### Before
policy.script_src "'wasm-unsafe-eval'"
### After
policy.script_src :wasm_unsafe_eval
```
*Joe Haig*
- Add `display_capture` and `keyboard_map` in `permissions_policy`
*Cyril Blaecke*
- Add `connect` route helper.
*Samuel Williams*
#### Active Job
- Remove deprecated `config.active_job.use_big_decimal_serializer`.
*Rafael Mendonça França*
- Deprecate `sucker_punch` as an adapter option.
If you're using this adapter, change to `adapter: async` for the same
functionality.
*Dino Maric, zzak*
- Use `RAILS_MAX_THREADS` in `ActiveJob::AsyncAdapter`. If it is not
set, use 5 as default.
*heka1024*
#### Action Mailer
- No changes.
#### Action Cable
- Add an `identifier` to the event payload for the
ActiveSupport::Notification
`transmit_subscription_confirmation.action_cable` and
`transmit_subscription_rejection.action_cable`.
*Keith Schacht*
#### Active Storage
- Deprecate `ActiveStorage::Service::AzureStorageService`.
*zzak*
- Improve `ActiveStorage::Filename#sanitized` method to handle special
characters more effectively.
Replace the characters `"*?<>` with `-` if they exist in the Filename to
match the Filename convention of Win OS.
*Luong Viet Dung(Martin)*
- Improve InvariableError, UnpreviewableError and UnrepresentableError
message.
Include Blob ID and content_type in the messages.
*Petrik de Heus*
- Mark proxied files as `immutable` in their Cache-Control header
*Nate Matykiewicz*
#### Action Mailbox
- No changes.
#### Action Text
- Dispatch direct-upload events on attachment uploads
When using Action Text's rich textarea, it's possible to attach files to
the
editor. Previously, that action didn't dispatch any events, which made
it hard
to react to the file uploads. For instance, if an upload failed, there
was no
way to notify the user about it, or remove the attachment from the
editor.
This commits adds new events - `direct-upload:start`,
`direct-upload:progress`,
and `direct-upload:end` - similar to how Active Storage's direct uploads
work.
*Matheus Richard*, *Brad Rees*
- Add `store_if_blank` option to `has_rich_text`
Pass `store_if_blank: false` to not create `ActionText::RichText`
records when saving with a blank attribute, such as from an optional
form parameter.
```ruby
class Message
has_rich_text :content, store_if_blank: false
end
Message.create(content: "hi") # creates an ActionText::RichText
Message.create(content: "") # does not create an ActionText::RichText
```
*Alex Ghiculescu*
- Strip `content` attribute if the key is present but the value is empty
*Jeremy Green*
- Rename `rich_text_area` methods into `rich_textarea`
Old names are still available as aliases.
*Sean Doyle*
- Only sanitize `content` attribute when present in attachments.
*Petrik de Heus*
#### Railties
- Fix incorrect database.yml with `skip_solid`.
*Joé Dupuis*
- Set `Regexp.timeout` to `1`s by default to improve security over
Regexp Denial-of-Service attacks.
*Rafael Mendonça França*
- Remove deprecated support to extend Rails console through
`Rails::ConsoleMethods`.
*Rafael Mendonça França*
- Remove deprecated file `rails/console/helpers`.
*Rafael Mendonça França*
- Remove deprecated file `rails/console/app`.
*Rafael Mendonça França*
- Remove deprecated `config.read_encrypted_secrets`.
*Rafael Mendonça França*
- Add Kamal support for devcontainers
Previously generated devcontainer could not use docker and therefore
Kamal.
*Joé Dupuis*
- Exit `rails g` with code 1 if generator could not be found.
Previously `rails g` returned 0, which would make it harder to catch
typos in scripts calling `rails g`.
*Christopher Özbek*
- Remove `require_*` statements from application.css to align with the
transition from Sprockets to Propshaft.
With Propshaft as the default asset pipeline in Rails 8, the
require_tree and require_self clauses in application.css are no longer
necessary, as they were specific to Sprockets. Additionally, the comment
has been updated to clarify that CSS precedence now follows standard
cascading order without automatic prioritization by the asset pipeline.
*Eduardo Alencar*
- Do not include redis by default in generated Dev Containers.
Now that applications use the Solid Queue and Solid Cache gems by
default, we do not need to include redis
in the Dev Container. We will only include redis if `--skip-solid` is
used when generating an app that uses
Active Job or Action Cable.
When generating a Dev Container for an existing app, we will not include
redis if either of the solid gems
are in use.
*Andrew Novoselac*
- Use [Solid Cable](https://redirect.github.com/rails/solid_cable) as
the default Action Cable adapter in production, configured as a separate
queue database in config/database.yml. It keeps messages in a table and
continuously polls for updates. This makes it possible to drop the
common dependency on Redis, if it isn't needed for any other purpose.
Despite polling, the performance of Solid Cable is comparable to Redis
in most situations. And in all circumstances, it makes it easier to
deploy Rails when Redis is no longer a required dependency for Action
Cable functionality.
*DHH*
- Use [Solid Queue](https://redirect.github.com/rails/solid_queue) as
the default Active Job backend in production, configured as a separate
queue database in config/database.yml. In a single-server deployment,
it'll run as a Puma plugin. This is configured in `config/deploy.yml`
and can easily be changed to use a dedicated jobs machine.
*DHH*
- Use [Solid Cache](https://redirect.github.com/rails/solid_cache) as
the default Rails.cache backend in production, configured as a separate
cache database in config/database.yml.
*DHH*
- Add Rails::Rack::SilenceRequest middleware and use it via
`config.silence_healthcheck_path = path`
to silence requests to "/up". This prevents the Kamal-required health
checks from clogging up
the production logs.
*DHH*
- Introduce `mariadb-mysql` and `mariadb-trilogy` database options for
`rails new`
When used with the `--devcontainer` flag, these options will use
`mariadb` as the database for the
Dev Container. The original `mysql` and `trilogy` options will use
`mysql`. Users who are not
generating a Dev Container do not need to use the new options.
*Andrew Novoselac*
- Deprecate `::STATS_DIRECTORIES`.
The global constant `STATS_DIRECTORIES` has been deprecated in favor of
`Rails::CodeStatistics.register_directory`.
Add extra directories with
`Rails::CodeStatistics.register_directory(label, path)`:
```ruby
require "rails/code_statistics"
Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir')
```
*Petrik de Heus*
- Enable query log tags by default on development env
This can be used to trace troublesome SQL statements back to the
application
code that generated these statements. It is also useful when using
multiple
databases because the query logs can identify which database is being
used.
*Matheus Richard*
- Defer route drawing to the first request, or when url_helpers are
called
Executes the first routes reload in middleware, or when a route set's
url_helpers receives a route call / asked if it responds to a route.
Previously, this was executed unconditionally on boot, which can
slow down boot time unnecessarily for larger apps with lots of routes.
Environments like production that have `config.eager_load = true` will
continue to eagerly load routes on boot.
*Gannon McGibbon*
- Generate form helpers to use `textarea*` methods instead of
`text_area*` methods
*Sean Doyle*
- Add authentication generator to give a basic start to an
authentication system using database-tracked sessions and password
reset.
Generate with...
bin/rails generate authentication
Generated files:
app/models/current.rb
app/models/user.rb
app/models/session.rb
app/controllers/sessions_controller.rb
app/controllers/passwords_controller.rb
app/mailers/passwords_mailer.rb
app/views/sessions/new.html.erb
app/views/passwords/new.html.erb
app/views/passwords/edit.html.erb
app/views/passwords_mailer/reset.html.erb
app/views/passwords_mailer/reset.text.erb
db/migrate/xxxxxxx_create_users.rb
db/migrate/xxxxxxx_create_sessions.rb
test/mailers/previews/passwords_mailer_preview.rb
*DHH*
- Add not-null type modifier to migration attributes.
Generating with...
bin/rails generate migration CreateUsers email_address:string!:uniq
password_digest:string!
Produces:
```ruby
class CreateUsers < ActiveRecord::Migration[8.0]
def change
create_table :users do |t|
t.string :email_address, null: false
t.string :password_digest, null: false
t.timestamps
end
add_index :users, :email_address, unique: true
end
end
```
*DHH*
- Add a `script` folder to applications, and a scripts generator.
The new `script` folder is meant to hold one-off or general purpose
scripts,
such as data migration scripts, cleanup scripts, etc.
A new script generator allows you to create such scripts:
bin/rails generate script my_script
bin/rails generate script data/backfill
You can run the generated script using:
bundle exec ruby script/my_script.rb
bundle exec ruby script/data/backfill.rb
*Jerome Dalbert*, *Haroon Ahmed*
- Deprecate `bin/rake stats` in favor of `bin/rails stats`.
*Juan Vásquez*
- Add internal page `/rails/info/notes`, that displays the same
information as `bin/rails notes`.
*Deepak Mahakale*
- Add Rubocop and GitHub Actions to plugin generator.
This can be skipped using --skip-rubocop and --skip-ci.
*Chris Oliver*
- Use Kamal for deployment by default, which includes generating a
Rails-specific config/deploy.yml.
This can be skipped using --skip-kamal. See more:
https://kamal-deploy.org/
*DHH*
#### Guides
- The guide *Classic to Zeitwerk HOWTO* that documented how to migrate
from
the `classic` autoloader to Zeitwerk has been deleted.
The last version of this guide can be found
[here](https://guides.rubyonrails.org/v7.2/classic_to_zeitwerk_howto.html),
in case you need it.
*Petrik de Heus*
###
[`v7.2.2.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.2.1):
7.2.2.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.2...v7.2.2.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Add validation to content security policies to disallow spaces and
semicolons.
Developers should use multiple arguments, and different directive
methods instead.
\[CVE-2024-54133]
*Gannon McGibbon*
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Update vendored trix version to 2.1.10
*John Hawthorn*
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.2.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.2):
7.2.2
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.1.2...v7.2.2)
#### Active Support
- Include options when instrumenting
`ActiveSupport::Cache::Store#delete` and
`ActiveSupport::Cache::Store#delete_multi`.
*Adam Renberg Tamm*
- Print test names when running `rails test -v` for parallel tests.
*John Hawthorn*, *Abeid Ahmed*
#### Active Model
- Fix regression in `alias_attribute` to work with user defined methods.
`alias_attribute` would wrongly assume the attribute accessor was
generated by Active Model.
```ruby
class Person
include ActiveModel::AttributeMethods
define_attribute_methods :name
attr_accessor :name
alias_attribute :full_name, :name
end
person.full_name # => NoMethodError: undefined method `attribute' for an
instance of Person
```
*Jean Boussier*
#### Active Record
- Fix support for `query_cache: false` in `database.yml`.
`query_cache: false` would no longer entirely disable the Active Record
query cache.
*zzak*
- Set `.attributes_for_inspect` to `:all` by default.
For new applications it is set to `[:id]` in
config/environment/production.rb.
In the console all the attributes are always shown.
*Andrew Novoselac*
- `PG::UnableToSend: no connection to the server` is now retryable as a
connection-related exception
*Kazuma Watanabe*
- Fix marshalling of unsaved associated records in 7.1 format.
The 7.1 format would only marshal associated records if the association
was loaded.
But associations that would only contain unsaved records would be
skipped.
*Jean Boussier*
- Fix incorrect SQL query when passing an empty hash to
`ActiveRecord::Base.insert`.
*David Stosik*
- Allow to save records with polymorphic join tables that have
`inverse_of`
specified.
*Markus Doits*
- Fix association scopes applying on the incorrect join when using a
polymorphic `has_many through:`.
*Joshua Young*
- Fix `dependent: :destroy` for bi-directional has one through
association.
Fixes
[#​50948](https://redirect.github.com/rails/rails/issues/50948).
```ruby
class Left < ActiveRecord::Base
has_one :middle, dependent: :destroy
has_one :right, through: :middle
end
class Middle < ActiveRecord::Base
belongs_to :left, dependent: :destroy
belongs_to :right, dependent: :destroy
end
class Right < ActiveRecord::Base
has_one :middle, dependent: :destroy
has_one :left, through: :middle
end
```
In the above example `left.destroy` wouldn't destroy its associated
`Right`
record.
*Andy Stewart*
- Properly handle lazily pinned connection pools.
Fixes
[#​53147](https://redirect.github.com/rails/rails/issues/53147).
When using transactional fixtures with system tests to similar tools
such as capybara, it could happen that a connection end up pinned by the
server thread rather than the test thread, causing
`"Cannot expire connection, it is owned by a different thread"` errors.
*Jean Boussier*
- Fix `ActiveRecord::Base.with` to accept more than two sub queries.
Fixes
[#​53110](https://redirect.github.com/rails/rails/issues/53110).
```ruby
User.with(foo: [User.select(:id), User.select(:id),
User.select(:id)]).to_sql
undefined method `union' for an instance of Arel::Nodes::UnionAll
(NoMethodError)
```
The above now works as expected.
*fatkodima*
- Properly release pinned connections with non joinable connections.
Fixes
[#​52973](https://redirect.github.com/rails/rails/issues/52973)
When running system tests with transactional fixtures on, it could
happen that
the connection leased by the Puma thread wouldn't be properly released
back to the pool,
causing "Cannot expire connection, it is owned by a different thread"
errors in later tests.
*Jean Boussier*
- Make Float distinguish between `float4` and `float8` in PostgreSQL.
Fixes
[#​52742](https://redirect.github.com/rails/rails/issues/52742)
*Ryota Kitazawa*, *Takayuki Nagatomi*
- Fix an issue where `.left_outer_joins` used with multiple associations
that have
the same child association but different parents does not join all
parents.
Previously, using `.left_outer_joins` with the same child association
would only join one of the parents.
Now it will correctly join both parents.
Fixes
[#​41498](https://redirect.github.com/rails/rails/issues/41498).
*Garrett Blehm*
- Ensure `ActiveRecord::Encryption.config` is always ready before
access.
Previously, `ActiveRecord::Encryption` configuration was deferred until
`ActiveRecord::Base`
was loaded. Therefore, accessing `ActiveRecord::Encryption.config`
properties before
`ActiveRecord::Base` was loaded would give incorrect results.
`ActiveRecord::Encryption` now has its own loading hook so that its
configuration is set as
soon as needed.
When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers
the loading of
`ActiveRecord::Encryption`, thus preserving the original behavior of
having its config ready
before any use of `ActiveRecord::Base`.
*Maxime Réty*
- Add `TimeZoneConverter#==` method, so objects will be properly
compared by
their type, scale, limit & precision.
Address
[#​52699](https://redirect.github.com/rails/rails/issues/52699).
*Ruy Rocha*
#### Action View
- No changes.
#### Action Pack
- Fix non-GET requests not updating cookies in
`ActionController::TestCase`.
*Jon Moss*, *Hartley McGuire*
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- No changes.
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.2.1.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.2):
7.2.1.2
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.1.1...v7.2.1.2)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- No changes.
#### Active Job
- No changes.
#### Action Mailer
- Fix NoMethodError in `block_format` helper
*Michael Leimstaedtner*
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- No changes.
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.2.1.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.1):
7.2.1.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.1...v7.2.1.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Avoid regex backtracking in HTTP Token authentication
\[CVE-2024-47887]
- Avoid regex backtracking in query parameter filtering
\[CVE-2024-41128]
#### Active Job
- No changes.
#### Action Mailer
- Avoid regex backtracking in `block_format` helper
\[CVE-2024-47889]
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Avoid backtracing in plain_text_for_blockquote_node
\[CVE-2024-47888]
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.2.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1):
7.2.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.2.0...v7.2.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- Fix detection for `enum` columns with parallelized tests and
PostgreSQL.
*Rafael Mendonça França*
- Allow to eager load nested nil associations.
*fatkodima*
- Fix swallowing ignore order warning when batching using
`BatchEnumerator`.
*fatkodima*
- Fix memory bloat on the connection pool when using the Fiber
`IsolatedExecutionState`.
*Jean Boussier*
- Restore inferred association class with the same modularized name.
*Justin Ko*
- Fix `ActiveRecord::Base.inspect` to properly explain how to load
schema information.
*Jean Boussier*
- Check invalid `enum` options for the new syntax.
The options using `_` prefix in the old syntax are invalid in the new
syntax.
*Rafael Mendonça França*
- Fix `ActiveRecord::Encryption::EncryptedAttributeType#type` to return
actual cast type.
*Vasiliy Ermolovich*
- Fix `create_table` with `:auto_increment` option for MySQL adapter.
*fatkodima*
#### Action View
- No changes.
#### Action Pack
- Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is
`nil`.
*Hartley McGuire*
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Strip `content` attribute if the key is present but the value is empty
*Jeremy Green*
#### Railties
- Fix `rails console` for application with non default application
constant.
The wrongly assumed the Rails application would be named
`AppNamespace::Application`,
which is the default but not an obligation.
*Jean Boussier*
- Fix the default Dockerfile to include the full sqlite3 package.
Prior to this it only included `libsqlite3`, so it wasn't enough to
run `rails dbconsole`.
*Jerome Dalbert*
- Don't update public directory during `app:update` command for API-only
Applications.
*y-yagi*
- Don't add bin/brakeman if brakeman is not in bundle when upgrading an
application.
*Etienne Barrié*
- Remove PWA views and routes if its an API only project.
*Jean Boussier*
- Simplify generated Puma configuration
*DHH*, *Rafael Mendonça França*
###
[`v7.2.0`](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.2.0)
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.5.1...v7.2.0)
###
[`v7.1.5.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.5.1):
7.1.5.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.5...v7.1.5.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Add validation to content security policies to disallow spaces and
semicolons.
Developers should use multiple arguments, and different directive
methods instead.
\[CVE-2024-54133]
*Gannon McGibbon*
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Update vendored trix version to 2.1.10
*John Hawthorn*
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.1.5`](https://redirect.github.com/rails/rails/releases/tag/v7.1.5):
7.1.5
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.4.2...v7.1.5)
#### Active Support
- No changes.
#### Active Model
- Fix regression in `alias_attribute` to work with user defined methods.
`alias_attribute` would wrongly assume the attribute accessor was
generated by Active Model.
```ruby
class Person
include ActiveModel::AttributeMethods
define_attribute_methods :name
attr_accessor :name
alias_attribute :full_name, :name
end
person.full_name # => NoMethodError: undefined method `attribute' for an
instance of Person
```
*Jean Boussier*
#### Active Record
- Fix marshalling of unsaved associated records in 7.1 format.
The 7.1 format would only marshal associated records if the association
was loaded.
But associations that would only contain unsaved records would be
skipped.
*Jean Boussier*
- Fix an issue where `.left_outer_joins` used with multiple associations
that have
the same child association but different parents does not join all
parents.
Previously, using `.left_outer_joins` with the same child association
would only join one of the parents.
Now it will correctly join both parents.
Fixes
[#​41498](https://redirect.github.com/rails/rails/issues/41498).
*Garrett Blehm*
- Ensure `ActiveRecord::Encryption.config` is always ready before
access.
Previously, `ActiveRecord::Encryption` configuration was deferred until
`ActiveRecord::Base`
was loaded. Therefore, accessing `ActiveRecord::Encryption.config`
properties before
`ActiveRecord::Base` was loaded would give incorrect results.
`ActiveRecord::Encryption` now has its own loading hook so that its
configuration is set as
soon as needed.
When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers
the loading of
`ActiveRecord::Encryption`, thus preserving the original behavior of
having its config ready
before any use of `ActiveRecord::Base`.
*Maxime Réty*
- Add `TimeZoneConverter#==` method, so objects will be properly
compared by
their type, scale, limit & precision.
Address
[#​52699](https://redirect.github.com/rails/rails/issues/52699).
*Ruy Rocha*
#### Action View
- No changes.
#### Action Pack
- No changes.
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- No changes.
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.1.4.2`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.2):
7.1.4.2
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.4.1...v7.1.4.2)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- No changes.
#### Active Job
- No changes.
#### Action Mailer
- Fix NoMethodError in `block_format` helper
*Michael Leimstaedtner*
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- No changes.
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.1.4.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.1):
7.1.4.1
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.4...v7.1.4.1)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Avoid regex backtracking in HTTP Token authentication
\[CVE-2024-47887]
- Avoid regex backtracking in query parameter filtering
\[CVE-2024-41128]
#### Active Job
- No changes.
#### Action Mailer
- Avoid regex backtracking in `block_format` helper
\[CVE-2024-47889]
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Avoid backtracing in plain_text_for_blockquote_node
\[CVE-2024-47888]
#### Railties
- No changes.
#### Guides
- No changes.
###
[`v7.1.4`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4):
7.1.4
[Compare
Source](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.1.4)
#### Active Support
- Improve compatibility for `ActiveSupport::BroadcastLogger`.
*Máximo Mussini*
- Pass options along to write_entry in handle_expired_entry method.
*Graham Cooper*
- Fix Active Support configurations deprecations.
*fatkodima*
- Fix teardown callbacks.
*Tristan Starck*
- `BacktraceCleaner` silence core internal methods by default.
*Jean Boussier*
- Fix `delegate_missing_to allow_nil: true` when called with implict
self
```ruby
class Person
delegate_missing_to :address, allow_nil: true
def address
nil
end
def berliner?
city == "Berlin"
end
end
Person.new.city # => nil
Person.new.berliner? # undefined local variable or method `city' for an
instance of Person (NameError)
```
*Jean Boussier*
- Work around a Ruby bug that can cause a VM crash.
This would happen if using `TaggerLogger` with a Proc
formatter on which you called `object_id`.
[BUG] Object ID seen, but not in mapping table: proc
*Jean Boussier*
- Fix `ActiveSupport::Notifications.publish_event` to preserve units.
This solves the incorrect reporting of time spent running Active Record
asynchronous queries (by a factor `1000`).
*Jean Boussier*
#### Active Model
- No changes.
#### Active Record
- Allow to eager load nested nil associations.
*fatkodima*
- Fix `create_table` with `:auto_increment` option for MySQL adapter.
*fatkodima*
- Don't load has_one associations during autosave.
*Eugene Kenny*
- Fix migration ordering for `bin/rails db:prepare` across databases.
*fatkodima*
- Fix `alias_attribute` to ignore methods defined in parent classes.
*Jean Boussier*
- Fix a performance regression in attribute methods.
*Jean Boussier*
- Fix Active Record configs variable shadowing.
*Joel Lubrano*
- Fix running migrations on other databases when `database_tasks: false`
on primary.
*fatkodima*
- Fix non-partial inserts for models with composite identity primary
keys.
*fatkodima*
- Fix `ActiveRecord::Relation#touch_all` with custom attribute aliased
as attribute for update.
*fatkodima*
- Fix a crash when an Executor wrapped fork exit.
*Joé Dupuis*
- Fix `destroy_async` job for owners with composite primary keys.
*fatkodima*
- Ensure pre-7.1 migrations use legacy index names when using
`rename_table`.
*fatkodima*
- Allow `primary_key:` association option to be composite.
*Nikita Vasilevsky*
- Do not try to alias on key update when raw SQL is supplied.
*Gabriel Amaral*
- Memoize `key_provider` from `key` or deterministic `key_provider` if
any.
*Rosa Gutierrez*
- Fix `upsert` warning for MySQL.
*fatkodima*
- Fix predicate builder for polymorphic models referencing models with
composite primary keys.
*fatkodima*
- Fix `update_all/delete_all` on CPK model relation with join subquery.
*Nikita Vasilevsky*
- Remove memoization to accept `key_provider` overridden by
`with_encryption_context`.
*John Hawthorn*
- Raise error for Trilogy when prepared_statements is true.
Trilogy doesn't currently support prepared statements. The error that
applications would see is a `StatementInvalid` error. This doesn't quite
point
you to the fact this isn
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/powerhome/power-web-development-interview).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43LjEiLCJ1cGRhdGVkSW5WZXIiOiIzOS41OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>- Loading branch information
1 parent
0af6ac5
commit 0571a00