From 0571a00f7d609f798b3c412e010b4f25553989c4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:20:15 -0600 Subject: [PATCH] Update dependency rails to v8 (#185) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [rails](https://rubyonrails.org) ([source](https://redirect.github.com/rails/rails), [changelog](https://redirect.github.com/rails/rails/releases/tag/v8.0.0.1)) | `'~> 6.1.7.3'` -> `'~> 8.0.0.0'` | [![age](https://developer.mend.io/api/mc/badges/age/rubygems/rails/8.0.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/rubygems/rails/8.0.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/rubygems/rails/6.1.7.10/8.0.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/rubygems/rails/6.1.7.10/8.0.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
rails/rails (rails) ### [`v8.0.0.1`](https://redirect.github.com/rails/rails/releases/tag/v8.0.0.1): 8.0.0.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v8.0.0...v8.0.0.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead. \[CVE-2024-54133] *Gannon McGibbon* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Update vendored trix version to 2.1.10 *John Hawthorn* #### Railties - No changes. #### Guides - No changes. ### [`v8.0.0`](https://redirect.github.com/rails/rails/releases/tag/v8.0.0): 8.0.0 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.2.1...v8.0.0) #### Active Support - Remove deprecated support to passing an array of strings to `ActiveSupport::Deprecation#warn`. *Rafael Mendonça França* - Remove deprecated support to setting `attr_internal_naming_format` with a `@` prefix. *Rafael Mendonça França* - Remove deprecated `ActiveSupport::ProxyObject`. *Rafael Mendonça França* - Don't execute i18n watcher on boot. It shouldn't catch any file changes initially, and unnecessarily slows down boot of applications with lots of translations. *Gannon McGibbon*, *David Stosik* - Fix `ActiveSupport::HashWithIndifferentAccess#stringify_keys` to stringify all keys not just symbols. Previously: ```ruby { 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2 ``` After this change: ```ruby { 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2 ``` This change can be seen as a bug fix, but since it behaved like this for a very long time, we're deciding to not backport the fix and to make the change in a major release. *Jean Boussier* - Include options when instrumenting `ActiveSupport::Cache::Store#delete` and `ActiveSupport::Cache::Store#delete_multi`. *Adam Renberg Tamm* - Print test names when running `rails test -v` for parallel tests. *John Hawthorn*, *Abeid Ahmed* - Deprecate `Benchmark.ms` core extension. The `benchmark` gem will become bundled in Ruby 3.5 *Earlopain* - `ActiveSupport::TimeWithZone#inspect` now uses ISO 8601 style time like `Time#inspect` *John Hawthorn* - `ActiveSupport::ErrorReporter#report` now assigns a backtrace to unraised exceptions. Previously reporting an un-raised exception would result in an error report without a backtrace. Now it automatically generates one. *Jean Boussier* - Add `escape_html_entities` option to `ActiveSupport::JSON.encode`. This allows for overriding the global configuration found at `ActiveSupport.escape_html_entities_in_json` for specific calls to `to_json`. This should be usable from controllers in the following manner: ```ruby class MyController < ApplicationController def index render json: { hello: "world" }, escape_html_entities: false end end ``` *Nigel Baillie* - Raise when using key which can't respond to `#to_sym` in `EncryptedConfiguration`. As is the case when trying to use an Integer or Float as a key, which is unsupported. *zzak* - Deprecate addition and since between two `Time` and `ActiveSupport::TimeWithZone`. Previously adding time instances together such as `10.days.ago + 10.days.ago` or `10.days.ago.since(10.days.ago)` produced a nonsensical future date. This behavior is deprecated and will be removed in Rails 8.1. *Nick Schwaderer* - Support rfc2822 format for Time#to_fs & Date#to_fs. *Akshay Birajdar* - Optimize load time for `Railtie#initialize_i18n`. Filter `I18n.load_path`s passed to the file watcher to only those under `Rails.root`. Previously the watcher would grab all available locales, including those in gems which do not require a watcher because they won't change. *Nick Schwaderer* - Add a `filter` option to `in_order_of` to prioritize certain values in the sorting without filtering the results by these values. *Igor Depolli* - Improve error message when using `assert_difference` or `assert_changes` with a proc by printing the proc's source code (MRI only). *Richard Böhme*, *Jean Boussier* - Add a new configuration value `:zone` for `ActiveSupport.to_time_preserves_timezone` and rename the previous `true` value to `:offset`. The new default value is `:zone`. *Jason Kim*, *John Hawthorn* - Align instrumentation `payload[:key]` in ActiveSupport::Cache to follow the same pattern, with namespaced and normalized keys. *Frederik Erbs Spang Thomsen* - Fix `travel_to` to set usec 0 when `with_usec` is `false` and the given argument String or DateTime. *mopp* #### Active Model - Add `:except_on` option for validations. Grants the ability to *skip* validations in specified contexts. ```ruby class User < ApplicationRecord #... validates :birthday, presence: { except_on: :admin } #... end user = User.new(attributes except birthday) user.save(context: :admin) ``` *Drew Bragg* - Make `ActiveModel::Serialization#read_attribute_for_serialization` public *Sean Doyle* - Add a default token generator for password reset tokens when using `has_secure_password`. ```ruby class User < ApplicationRecord has_secure_password end user = User.create!(name: "david", password: "123", password_confirmation: "123") token = user.password_reset_token User.find_by_password_reset_token(token) # returns user ``` ### 16 minutes later... User.find_by_password_reset_token(token) # returns nil ### raises ActiveSupport::MessageVerifier::InvalidSignature since the token is expired User.find_by_password_reset_token!(token) ``` *DHH* - Add a load hook `active_model_translation` for `ActiveModel::Translation`. *Shouichi Kamiya* - Add `raise_on_missing_translations` option to `ActiveModel::Translation`. When the option is set, `human_attribute_name` raises an error if a translation of the given attribute is missing. ```ruby ``` ### ActiveModel::Translation.raise_on_missing_translations = false Post.human_attribute_name("title") => "Title" ### ActiveModel::Translation.raise_on_missing_translations = true Post.human_attribute_name("title") => Translation missing. Options considered were: (I18n::MissingTranslationData) - en.activerecord.attributes.post.title - en.attributes.title raise exception.respond_to?(:to_exception) ? exception.to_exception : exception ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ``` *Shouichi Kamiya* - Introduce `ActiveModel::AttributeAssignment#attribute_writer_missing` Provide instances with an opportunity to gracefully handle assigning to an unknown attribute: ```ruby class Rectangle include ActiveModel::AttributeAssignment attr_accessor :length, :width def attribute_writer_missing(name, value) Rails.logger.warn "Tried to assign to unknown attribute #{name}" end end rectangle = Rectangle.new rectangle.assign_attributes(height: 10) # => Logs "Tried to assign to unknown attribute 'height'" ``` *Sean Doyle* #### Active Record - Fix support for `query_cache: false` in `database.yml`. `query_cache: false` would no longer entirely disable the Active Record query cache. *zzak* - NULLS NOT DISTINCT works with UNIQUE CONSTRAINT as well as UNIQUE INDEX. *Ryuta Kamizono* - The `db:prepare` task no longer loads seeds when a non-primary database is created. Previously, the `db:prepare` task would load seeds whenever a new database is created, leading to potential loss of data if a database is added to an existing environment. Introduces a new database config property `seeds` to control whether seeds are loaded during `db:prepare` which defaults to `true` for primary database configs and `false` otherwise. Fixes [#​53348](https://redirect.github.com/rails/rails/issues/53348). *Mike Dalessio* - `PG::UnableToSend: no connection to the server` is now retryable as a connection-related exception *Kazuma Watanabe* - Fix strict loading propagation even if statement cache is not used. *Ryuta Kamizono* - Allow `rename_enum` accepts two from/to name arguments as `rename_table` does so. *Ryuta Kamizono* - Remove deprecated support to setting `ENV["SCHEMA_CACHE"]`. *Rafael Mendonça França* - Remove deprecated support to passing a database name to `cache_dump_filename`. *Rafael Mendonça França* - Remove deprecated `ActiveRecord::ConnectionAdapters::ConnectionPool#connection`. *Rafael Mendonça França* - Remove deprecated `config.active_record.sqlite3_deprecated_warning`. *Rafael Mendonça França* - Remove deprecated `config.active_record.warn_on_records_fetched_greater_than`. *Rafael Mendonça França* - Remove deprecated support for defining `enum` with keyword arguments. *Rafael Mendonça França* - Remove deprecated support to finding database adapters that aren't registered to Active Record. *Rafael Mendonça França* - Remove deprecated `config.active_record.allow_deprecated_singular_associations_name`. *Rafael Mendonça França* - Remove deprecated `config.active_record.commit_transaction_on_non_local_return`. *Rafael Mendonça França* - Fix incorrect SQL query when passing an empty hash to `ActiveRecord::Base.insert`. *David Stosik* - Allow to save records with polymorphic join tables that have `inverse_of` specified. *Markus Doits* - Fix association scopes applying on the incorrect join when using a polymorphic `has_many through:`. *Joshua Young* - Allow `ActiveRecord::Base#pluck` to accept hash arguments with symbol and string values. ```ruby Post.joins(:comments).pluck(:id, comments: :id) Post.joins(:comments).pluck("id", "comments" => "id") ``` *Joshua Young* - Make Float distinguish between `float4` and `float8` in PostgreSQL. Fixes [#​52742](https://redirect.github.com/rails/rails/issues/52742) *Ryota Kitazawa*, *Takayuki Nagatomi* - Allow `drop_table` to accept an array of table names. This will let you to drop multiple tables in a single call. ```ruby ActiveRecord::Base.lease_connection.drop_table(:users, :posts) ``` *Gabriel Sobrinho* - Add support for PostgreSQL `IF NOT EXISTS` via the `:if_not_exists` option on the `add_enum_value` method. *Ariel Rzezak* - When running `db:migrate` on a fresh database, load the databases schemas before running migrations. *Andrew Novoselac*, *Marek Kasztelnik* - Fix an issue where `.left_outer_joins` used with multiple associations that have the same child association but different parents does not join all parents. Previously, using `.left_outer_joins` with the same child association would only join one of the parents. Now it will correctly join both parents. Fixes [#​41498](https://redirect.github.com/rails/rails/issues/41498). *Garrett Blehm* - Deprecate `unsigned_float` and `unsigned_decimal` short-hand column methods. As of MySQL 8.0.17, the UNSIGNED attribute is deprecated for columns of type FLOAT, DOUBLE, and DECIMAL. Consider using a simple CHECK constraint instead for such columns. https://dev.mysql.com/doc/refman/8.0/en/numeric-type-syntax.html *Ryuta Kamizono* - Drop MySQL 5.5 support. MySQL 5.5 is the only version that does not support datetime with precision, which we have supported in the core. Now we support MySQL 5.6.4 or later, which is the first version to support datetime with precision. *Ryuta Kamizono* - Make Active Record asynchronous queries compatible with transactional fixtures. Previously transactional fixtures would disable asynchronous queries, because transactional fixtures impose all queries use the same connection. Now asynchronous queries will use the connection pinned by transactional fixtures, and behave much closer to production. *Jean Boussier* - Deserialize binary data before decrypting This ensures that we call `PG::Connection.unescape_bytea` on PostgreSQL before decryption. *Donal McBreen* - Ensure `ActiveRecord::Encryption.config` is always ready before access. Previously, `ActiveRecord::Encryption` configuration was deferred until `ActiveRecord::Base` was loaded. Therefore, accessing `ActiveRecord::Encryption.config` properties before `ActiveRecord::Base` was loaded would give incorrect results. `ActiveRecord::Encryption` now has its own loading hook so that its configuration is set as soon as needed. When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers the loading of `ActiveRecord::Encryption`, thus preserving the original behavior of having its config ready before any use of `ActiveRecord::Base`. *Maxime Réty* - Add `TimeZoneConverter#==` method, so objects will be properly compared by their type, scale, limit & precision. Address [#​52699](https://redirect.github.com/rails/rails/issues/52699). *Ruy Rocha* - Add support for SQLite3 full-text-search and other virtual tables. Previously, adding sqlite3 virtual tables messed up `schema.rb`. Now, virtual tables can safely be added using `create_virtual_table`. *Zacharias Knudsen* - Support use of alternative database interfaces via the `database_cli` ActiveRecord configuration option. ```ruby Rails.application.configure do config.active_record.database_cli = { postgresql: "pgcli" } end ``` *T S Vallender* - Add support for dumping table inheritance and native partitioning table definitions for PostgeSQL adapter *Justin Talbott* - Add support for `ActiveRecord::Point` type casts using `Hash` values This allows `ActiveRecord::Point` to be cast or serialized from a hash with `:x` and `:y` keys of numeric values, mirroring the functionality of existing casts for string and array values. Both string and symbol keys are supported. ```ruby class PostgresqlPoint < ActiveRecord::Base attribute :x, :point attribute :y, :point attribute :z, :point end val = PostgresqlPoint.new({ x: '(12.34, -43.21)', y: [12.34, '-43.21'], z: {x: '12.34', y: -43.21} }) ActiveRecord::Point.new(12.32, -43.21) == val.x == val.y == val.z ``` *Stephen Drew* - Replace `SQLite3::Database#busy_timeout` with `#busy_handler_timeout=`. Provides a non-GVL-blocking, fair retry interval busy handler implementation. *Stephen Margheim* - SQLite3Adapter: Translate `SQLite3::BusyException` into `ActiveRecord::StatementTimeout`. *Matthew Nguyen* - Include schema name in `enable_extension` statements in `db/schema.rb`. The schema dumper will now include the schema name in generated `enable_extension` statements if they differ from the current schema. For example, if you have a migration: ```ruby enable_extension "heroku_ext.pgcrypto" enable_extension "pg_stat_statements" ``` then the generated schema dump will also contain: ```ruby enable_extension "heroku_ext.pgcrypto" enable_extension "pg_stat_statements" ``` *Tony Novak* - Fix `ActiveRecord::Encryption::EncryptedAttributeType#type` to return actual cast type. *Vasiliy Ermolovich* - SQLite3Adapter: Bulk insert fixtures. Previously one insert command was executed for each fixture, now they are aggregated in a single bulk insert command. *Lázaro Nixon* - PostgreSQLAdapter: Allow `disable_extension` to be called with schema-qualified name. For parity with `enable_extension`, the `disable_extension` method can be called with a schema-qualified name (e.g. `disable_extension "myschema.pgcrypto"`). Note that PostgreSQL's `DROP EXTENSION` does not actually take a schema name (unlike `CREATE EXTENSION`), so the resulting SQL statement will only name the extension, e.g. `DROP EXTENSION IF EXISTS "pgcrypto"`. *Tony Novak* - Make `create_schema` / `drop_schema` reversible in migrations. Previously, `create_schema` and `drop_schema` were irreversible migration operations. *Tony Novak* - Support batching using custom columns. ```ruby Product.in_batches(cursor: [:shop_id, :id]) do |relation| ``` ### do something with relation end ``` *fatkodima* - Use SQLite `IMMEDIATE` transactions when possible. Transactions run against the SQLite3 adapter default to IMMEDIATE mode to improve concurrency support and avoid busy exceptions. *Stephen Margheim* - Raise specific exception when a connection is not defined. The new `ConnectionNotDefined` exception provides connection name, shard and role accessors indicating the details of the connection that was requested. *Hana Harencarova*, *Matthew Draper* - Delete the deprecated constant `ActiveRecord::ImmutableRelation`. *Xavier Noria* - Fix duplicate callback execution when child autosaves parent with `has_one` and `belongs_to`. Before, persisting a new child record with a new associated parent record would run `before_validation`, `after_validation`, `before_save` and `after_save` callbacks twice. Now, these callbacks are only executed once as expected. *Joshua Young* - `ActiveRecord::Encryption::Encryptor` now supports a `:compressor` option to customize the compression algorithm used. ```ruby module ZstdCompressor def self.deflate(data) Zstd.compress(data) end def self.inflate(data) Zstd.decompress(data) end end class User encrypts :name, compressor: ZstdCompressor end ``` You disable compression by passing `compress: false`. ```ruby class User encrypts :name, compress: false end ``` *heka1024* - Add condensed `#inspect` for `ConnectionPool`, `AbstractAdapter`, and `DatabaseConfig`. *Hartley McGuire* - Add `.shard_keys`, `.sharded?`, & `.connected_to_all_shards` methods. ```ruby class ShardedBase < ActiveRecord::Base self.abstract_class = true connects_to shards: { shard_one: { writing: :shard_one }, shard_two: { writing: :shard_two } } end class ShardedModel < ShardedBase end ShardedModel.shard_keys => [:shard_one, :shard_two] ShardedModel.sharded? => true ShardedBase.connected_to_all_shards { ShardedModel.current_shard } => [:shard_one, :shard_two] ``` *Nony Dutton* - Add a `filter` option to `in_order_of` to prioritize certain values in the sorting without filtering the results by these values. *Igor Depolli* - Fix an issue where the IDs reader method did not return expected results for preloaded associations in models using composite primary keys. *Jay Ang* - Allow to configure `strict_loading_mode` globally or within a model. Defaults to `:all`, can be changed to `:n_plus_one_only`. *Garen Torikian* - Add `ActiveRecord::Relation#readonly?`. Reflects if the relation has been marked as readonly. *Theodor Tonum* - Improve `ActiveRecord::Store` to raise a descriptive exception if the column is not either structured (e.g., PostgreSQL +hstore+/+json+, or MySQL +json+) or declared serializable via `ActiveRecord.store`. Previously, a `NoMethodError` would be raised when the accessor was read or written: NoMethodError: undefined method `accessor' for an instance of ActiveRecord::Type::Text Now, a descriptive `ConfigurationError` is raised: ActiveRecord::ConfigurationError: the column 'metadata' has not been configured as a store. Please make sure the column is declared serializable via 'ActiveRecord.store' or, if your database supports it, use a structured column type like hstore or json. *Mike Dalessio* - Fix inference of association model on nested models with the same demodularized name. E.g. with the following setup: ```ruby class Nested::Post < ApplicationRecord has_one :post, through: :other end ``` Before, `#post` would infer the model as `Nested::Post`, but now it correctly infers `Post`. *Joshua Young* - Add public method for checking if a table is ignored by the schema cache. Previously, an application would need to reimplement `ignored_table?` from the schema cache class to check if a table was set to be ignored. This adds a public method to support this and updates the schema cache to use that directly. ```ruby ActiveRecord.schema_cache_ignored_tables = ["developers"] ActiveRecord.schema_cache_ignored_table?("developers") => true ``` *Eileen M. Uchitelle* #### Action View - Remove deprecated support to passing a content to void tag elements on the `tag` builder. *Rafael Mendonça França* - Remove deprecated support to passing `nil` to the `model:` argument of `form_with`. *Rafael Mendonça França* - Enable DependencyTracker to evaluate renders with trailing interpolation. ```erb <%= render "maintenance_tasks/runs/info/#{run.status}" %> ``` Previously, the DependencyTracker would ignore this render, but now it will mark all partials in the "maintenance_tasks/runs/info" folder as dependencies. *Hartley McGuire* - Rename `text_area` methods into `textarea` Old names are still available as aliases. *Sean Doyle* - Rename `check_box*` methods into `checkbox*`. Old names are still available as aliases. *Jean Boussier* #### Action Pack - Fix routes with `::` in the path. *Rafael Mendonça França* - Maintain Rack 2 parameter parsing behaviour. *Matthew Draper* - Remove `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`. *Rafael Mendonça França* - Improve `ActionController::TestCase` to expose a binary encoded `request.body`. The rack spec clearly states: > The input stream is an IO-like object which contains the raw HTTP POST data. > When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode. Until now its encoding was generally UTF-8, which doesn't accurately reflect production behavior. *Jean Boussier* - Update `ActionController::AllowBrowser` to support passing method names to `:block` ```ruby class ApplicationController < ActionController::Base allow_browser versions: :modern, block: :handle_outdated_browser private def handle_outdated_browser render file: Rails.root.join("public/custom-error.html"), status: :not_acceptable end end ``` *Sean Doyle* - Raise an `ArgumentError` when invalid `:only` or `:except` options are passed into `#resource` and `#resources`. *Joshua Young* - Fix non-GET requests not updating cookies in `ActionController::TestCase`. *Jon Moss*, *Hartley McGuire* - Update `ActionController::Live` to use a thread-pool to reuse threads across requests. *Adam Renberg Tamm* - Introduce safer, more explicit params handling method with `params#expect` such that `params.expect(table: [ :attr ])` replaces `params.require(:table).permit(:attr)` Ensures params are filtered with consideration for the expected types of values, improving handling of params and avoiding ignorable errors caused by params tampering. ```ruby ``` ### If the url is altered to ?person=hacked ### Before params.require(:person).permit(:name, :age, pets: [:name]) ### raises NoMethodError, causing a 500 and potential error reporting ### After params.expect(person: [ :name, :age, pets: [[:name]] ]) ### raises ActionController::ParameterMissing, correctly returning a 400 error ``` You may also notice the new double array `[[:name]]`. In order to declare when a param is expected to be an array of parameter hashes, this new double array syntax is used to explicitly declare an array. `expect` requires you to declare expected arrays in this way, and will ignore arrays that are passed when, for example, `pet: [:name]` is used. In order to preserve compatibility, `permit` does not adopt the new double array syntax and is therefore more permissive about unexpected types. Using `expect` everywhere is recommended. We suggest replacing `params.require(:person).permit(:name, :age)` with the direct replacement `params.expect(person: [:name, :age])` to prevent external users from manipulating params to trigger 500 errors. A 400 error will be returned instead, using public/400.html Usage of `params.require(:id)` should likewise be replaced with `params.expect(:id)` which is designed to ensure that `params[:id]` is a scalar and not an array or hash, also requiring the param. ```ruby ### Before User.find(params.require(:id)) # allows an array, altering behavior ### After User.find(params.expect(:id)) # expect only returns non-blank permitted scalars (excludes Hash, Array, nil, "", etc) ``` *Martin Emde* - System Testing: Disable Chrome's search engine choice by default in system tests. *glaszig* - Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`. *Hartley McGuire* - Remove `racc` dependency by manually writing `ActionDispatch::Journey::Scanner`. *Gannon McGibbon* - Speed up `ActionDispatch::Routing::Mapper::Scope#[]` by merging frame hashes. *Gannon McGibbon* - Allow bots to ignore `allow_browser`. *Matthew Nguyen* - Deprecate drawing routes with multiple paths to make routing faster. You may use `with_options` or a loop to make drawing multiple paths easier. ```ruby ``` ### Before get "/users", "/other_path", to: "users#index" ### After get "/users", to: "users#index" get "/other_path", to: "users#index" ``` *Gannon McGibbon* - Make `http_cache_forever` use `immutable: true` *Nate Matykiewicz* - Add `config.action_dispatch.strict_freshness`. When set to `true`, the `ETag` header takes precedence over the `Last-Modified` header when both are present, as specified by RFC 7232, Section 6. Defaults to `false` to maintain compatibility with previous versions of Rails, but is enabled as part of Rails 8.0 defaults. *heka1024* - Support `immutable` directive in Cache-Control ```ruby expires_in 1.minute, public: true, immutable: true ``` ### Cache-Control: public, max-age=60, immutable ``` *heka1024* - Add `:wasm_unsafe_eval` mapping for `content_security_policy` ```ruby ``` ### Before policy.script_src "'wasm-unsafe-eval'" ### After policy.script_src :wasm_unsafe_eval ``` *Joe Haig* - Add `display_capture` and `keyboard_map` in `permissions_policy` *Cyril Blaecke* - Add `connect` route helper. *Samuel Williams* #### Active Job - Remove deprecated `config.active_job.use_big_decimal_serializer`. *Rafael Mendonça França* - Deprecate `sucker_punch` as an adapter option. If you're using this adapter, change to `adapter: async` for the same functionality. *Dino Maric, zzak* - Use `RAILS_MAX_THREADS` in `ActiveJob::AsyncAdapter`. If it is not set, use 5 as default. *heka1024* #### Action Mailer - No changes. #### Action Cable - Add an `identifier` to the event payload for the ActiveSupport::Notification `transmit_subscription_confirmation.action_cable` and `transmit_subscription_rejection.action_cable`. *Keith Schacht* #### Active Storage - Deprecate `ActiveStorage::Service::AzureStorageService`. *zzak* - Improve `ActiveStorage::Filename#sanitized` method to handle special characters more effectively. Replace the characters `"*?<>` with `-` if they exist in the Filename to match the Filename convention of Win OS. *Luong Viet Dung(Martin)* - Improve InvariableError, UnpreviewableError and UnrepresentableError message. Include Blob ID and content_type in the messages. *Petrik de Heus* - Mark proxied files as `immutable` in their Cache-Control header *Nate Matykiewicz* #### Action Mailbox - No changes. #### Action Text - Dispatch direct-upload events on attachment uploads When using Action Text's rich textarea, it's possible to attach files to the editor. Previously, that action didn't dispatch any events, which made it hard to react to the file uploads. For instance, if an upload failed, there was no way to notify the user about it, or remove the attachment from the editor. This commits adds new events - `direct-upload:start`, `direct-upload:progress`, and `direct-upload:end` - similar to how Active Storage's direct uploads work. *Matheus Richard*, *Brad Rees* - Add `store_if_blank` option to `has_rich_text` Pass `store_if_blank: false` to not create `ActionText::RichText` records when saving with a blank attribute, such as from an optional form parameter. ```ruby class Message has_rich_text :content, store_if_blank: false end Message.create(content: "hi") # creates an ActionText::RichText Message.create(content: "") # does not create an ActionText::RichText ``` *Alex Ghiculescu* - Strip `content` attribute if the key is present but the value is empty *Jeremy Green* - Rename `rich_text_area` methods into `rich_textarea` Old names are still available as aliases. *Sean Doyle* - Only sanitize `content` attribute when present in attachments. *Petrik de Heus* #### Railties - Fix incorrect database.yml with `skip_solid`. *Joé Dupuis* - Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. *Rafael Mendonça França* - Remove deprecated support to extend Rails console through `Rails::ConsoleMethods`. *Rafael Mendonça França* - Remove deprecated file `rails/console/helpers`. *Rafael Mendonça França* - Remove deprecated file `rails/console/app`. *Rafael Mendonça França* - Remove deprecated `config.read_encrypted_secrets`. *Rafael Mendonça França* - Add Kamal support for devcontainers Previously generated devcontainer could not use docker and therefore Kamal. *Joé Dupuis* - Exit `rails g` with code 1 if generator could not be found. Previously `rails g` returned 0, which would make it harder to catch typos in scripts calling `rails g`. *Christopher Özbek* - Remove `require_*` statements from application.css to align with the transition from Sprockets to Propshaft. With Propshaft as the default asset pipeline in Rails 8, the require_tree and require_self clauses in application.css are no longer necessary, as they were specific to Sprockets. Additionally, the comment has been updated to clarify that CSS precedence now follows standard cascading order without automatic prioritization by the asset pipeline. *Eduardo Alencar* - Do not include redis by default in generated Dev Containers. Now that applications use the Solid Queue and Solid Cache gems by default, we do not need to include redis in the Dev Container. We will only include redis if `--skip-solid` is used when generating an app that uses Active Job or Action Cable. When generating a Dev Container for an existing app, we will not include redis if either of the solid gems are in use. *Andrew Novoselac* - Use [Solid Cable](https://redirect.github.com/rails/solid_cable) as the default Action Cable adapter in production, configured as a separate queue database in config/database.yml. It keeps messages in a table and continuously polls for updates. This makes it possible to drop the common dependency on Redis, if it isn't needed for any other purpose. Despite polling, the performance of Solid Cable is comparable to Redis in most situations. And in all circumstances, it makes it easier to deploy Rails when Redis is no longer a required dependency for Action Cable functionality. *DHH* - Use [Solid Queue](https://redirect.github.com/rails/solid_queue) as the default Active Job backend in production, configured as a separate queue database in config/database.yml. In a single-server deployment, it'll run as a Puma plugin. This is configured in `config/deploy.yml` and can easily be changed to use a dedicated jobs machine. *DHH* - Use [Solid Cache](https://redirect.github.com/rails/solid_cache) as the default Rails.cache backend in production, configured as a separate cache database in config/database.yml. *DHH* - Add Rails::Rack::SilenceRequest middleware and use it via `config.silence_healthcheck_path = path` to silence requests to "/up". This prevents the Kamal-required health checks from clogging up the production logs. *DHH* - Introduce `mariadb-mysql` and `mariadb-trilogy` database options for `rails new` When used with the `--devcontainer` flag, these options will use `mariadb` as the database for the Dev Container. The original `mysql` and `trilogy` options will use `mysql`. Users who are not generating a Dev Container do not need to use the new options. *Andrew Novoselac* - Deprecate `::STATS_DIRECTORIES`. The global constant `STATS_DIRECTORIES` has been deprecated in favor of `Rails::CodeStatistics.register_directory`. Add extra directories with `Rails::CodeStatistics.register_directory(label, path)`: ```ruby require "rails/code_statistics" Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir') ``` *Petrik de Heus* - Enable query log tags by default on development env This can be used to trace troublesome SQL statements back to the application code that generated these statements. It is also useful when using multiple databases because the query logs can identify which database is being used. *Matheus Richard* - Defer route drawing to the first request, or when url_helpers are called Executes the first routes reload in middleware, or when a route set's url_helpers receives a route call / asked if it responds to a route. Previously, this was executed unconditionally on boot, which can slow down boot time unnecessarily for larger apps with lots of routes. Environments like production that have `config.eager_load = true` will continue to eagerly load routes on boot. *Gannon McGibbon* - Generate form helpers to use `textarea*` methods instead of `text_area*` methods *Sean Doyle* - Add authentication generator to give a basic start to an authentication system using database-tracked sessions and password reset. Generate with... bin/rails generate authentication Generated files: app/models/current.rb app/models/user.rb app/models/session.rb app/controllers/sessions_controller.rb app/controllers/passwords_controller.rb app/mailers/passwords_mailer.rb app/views/sessions/new.html.erb app/views/passwords/new.html.erb app/views/passwords/edit.html.erb app/views/passwords_mailer/reset.html.erb app/views/passwords_mailer/reset.text.erb db/migrate/xxxxxxx_create_users.rb db/migrate/xxxxxxx_create_sessions.rb test/mailers/previews/passwords_mailer_preview.rb *DHH* - Add not-null type modifier to migration attributes. Generating with... bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string! Produces: ```ruby class CreateUsers < ActiveRecord::Migration[8.0] def change create_table :users do |t| t.string :email_address, null: false t.string :password_digest, null: false t.timestamps end add_index :users, :email_address, unique: true end end ``` *DHH* - Add a `script` folder to applications, and a scripts generator. The new `script` folder is meant to hold one-off or general purpose scripts, such as data migration scripts, cleanup scripts, etc. A new script generator allows you to create such scripts: bin/rails generate script my_script bin/rails generate script data/backfill You can run the generated script using: bundle exec ruby script/my_script.rb bundle exec ruby script/data/backfill.rb *Jerome Dalbert*, *Haroon Ahmed* - Deprecate `bin/rake stats` in favor of `bin/rails stats`. *Juan Vásquez* - Add internal page `/rails/info/notes`, that displays the same information as `bin/rails notes`. *Deepak Mahakale* - Add Rubocop and GitHub Actions to plugin generator. This can be skipped using --skip-rubocop and --skip-ci. *Chris Oliver* - Use Kamal for deployment by default, which includes generating a Rails-specific config/deploy.yml. This can be skipped using --skip-kamal. See more: https://kamal-deploy.org/ *DHH* #### Guides - The guide *Classic to Zeitwerk HOWTO* that documented how to migrate from the `classic` autoloader to Zeitwerk has been deleted. The last version of this guide can be found [here](https://guides.rubyonrails.org/v7.2/classic_to_zeitwerk_howto.html), in case you need it. *Petrik de Heus* ### [`v7.2.2.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.2.1): 7.2.2.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.2...v7.2.2.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead. \[CVE-2024-54133] *Gannon McGibbon* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Update vendored trix version to 2.1.10 *John Hawthorn* #### Railties - No changes. #### Guides - No changes. ### [`v7.2.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.2): 7.2.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1.2...v7.2.2) #### Active Support - Include options when instrumenting `ActiveSupport::Cache::Store#delete` and `ActiveSupport::Cache::Store#delete_multi`. *Adam Renberg Tamm* - Print test names when running `rails test -v` for parallel tests. *John Hawthorn*, *Abeid Ahmed* #### Active Model - Fix regression in `alias_attribute` to work with user defined methods. `alias_attribute` would wrongly assume the attribute accessor was generated by Active Model. ```ruby class Person include ActiveModel::AttributeMethods define_attribute_methods :name attr_accessor :name alias_attribute :full_name, :name end person.full_name # => NoMethodError: undefined method `attribute' for an instance of Person ``` *Jean Boussier* #### Active Record - Fix support for `query_cache: false` in `database.yml`. `query_cache: false` would no longer entirely disable the Active Record query cache. *zzak* - Set `.attributes_for_inspect` to `:all` by default. For new applications it is set to `[:id]` in config/environment/production.rb. In the console all the attributes are always shown. *Andrew Novoselac* - `PG::UnableToSend: no connection to the server` is now retryable as a connection-related exception *Kazuma Watanabe* - Fix marshalling of unsaved associated records in 7.1 format. The 7.1 format would only marshal associated records if the association was loaded. But associations that would only contain unsaved records would be skipped. *Jean Boussier* - Fix incorrect SQL query when passing an empty hash to `ActiveRecord::Base.insert`. *David Stosik* - Allow to save records with polymorphic join tables that have `inverse_of` specified. *Markus Doits* - Fix association scopes applying on the incorrect join when using a polymorphic `has_many through:`. *Joshua Young* - Fix `dependent: :destroy` for bi-directional has one through association. Fixes [#​50948](https://redirect.github.com/rails/rails/issues/50948). ```ruby class Left < ActiveRecord::Base has_one :middle, dependent: :destroy has_one :right, through: :middle end class Middle < ActiveRecord::Base belongs_to :left, dependent: :destroy belongs_to :right, dependent: :destroy end class Right < ActiveRecord::Base has_one :middle, dependent: :destroy has_one :left, through: :middle end ``` In the above example `left.destroy` wouldn't destroy its associated `Right` record. *Andy Stewart* - Properly handle lazily pinned connection pools. Fixes [#​53147](https://redirect.github.com/rails/rails/issues/53147). When using transactional fixtures with system tests to similar tools such as capybara, it could happen that a connection end up pinned by the server thread rather than the test thread, causing `"Cannot expire connection, it is owned by a different thread"` errors. *Jean Boussier* - Fix `ActiveRecord::Base.with` to accept more than two sub queries. Fixes [#​53110](https://redirect.github.com/rails/rails/issues/53110). ```ruby User.with(foo: [User.select(:id), User.select(:id), User.select(:id)]).to_sql undefined method `union' for an instance of Arel::Nodes::UnionAll (NoMethodError) ``` The above now works as expected. *fatkodima* - Properly release pinned connections with non joinable connections. Fixes [#​52973](https://redirect.github.com/rails/rails/issues/52973) When running system tests with transactional fixtures on, it could happen that the connection leased by the Puma thread wouldn't be properly released back to the pool, causing "Cannot expire connection, it is owned by a different thread" errors in later tests. *Jean Boussier* - Make Float distinguish between `float4` and `float8` in PostgreSQL. Fixes [#​52742](https://redirect.github.com/rails/rails/issues/52742) *Ryota Kitazawa*, *Takayuki Nagatomi* - Fix an issue where `.left_outer_joins` used with multiple associations that have the same child association but different parents does not join all parents. Previously, using `.left_outer_joins` with the same child association would only join one of the parents. Now it will correctly join both parents. Fixes [#​41498](https://redirect.github.com/rails/rails/issues/41498). *Garrett Blehm* - Ensure `ActiveRecord::Encryption.config` is always ready before access. Previously, `ActiveRecord::Encryption` configuration was deferred until `ActiveRecord::Base` was loaded. Therefore, accessing `ActiveRecord::Encryption.config` properties before `ActiveRecord::Base` was loaded would give incorrect results. `ActiveRecord::Encryption` now has its own loading hook so that its configuration is set as soon as needed. When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers the loading of `ActiveRecord::Encryption`, thus preserving the original behavior of having its config ready before any use of `ActiveRecord::Base`. *Maxime Réty* - Add `TimeZoneConverter#==` method, so objects will be properly compared by their type, scale, limit & precision. Address [#​52699](https://redirect.github.com/rails/rails/issues/52699). *Ruy Rocha* #### Action View - No changes. #### Action Pack - Fix non-GET requests not updating cookies in `ActionController::TestCase`. *Jon Moss*, *Hartley McGuire* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.2): 7.2.1.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1.1...v7.2.1.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - Fix NoMethodError in `block_format` helper *Michael Leimstaedtner* #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.1): 7.2.1.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1...v7.2.1.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Avoid regex backtracking in HTTP Token authentication \[CVE-2024-47887] - Avoid regex backtracking in query parameter filtering \[CVE-2024-41128] #### Active Job - No changes. #### Action Mailer - Avoid regex backtracking in `block_format` helper \[CVE-2024-47889] #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Avoid backtracing in plain_text_for_blockquote_node \[CVE-2024-47888] #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1): 7.2.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.0...v7.2.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - Fix detection for `enum` columns with parallelized tests and PostgreSQL. *Rafael Mendonça França* - Allow to eager load nested nil associations. *fatkodima* - Fix swallowing ignore order warning when batching using `BatchEnumerator`. *fatkodima* - Fix memory bloat on the connection pool when using the Fiber `IsolatedExecutionState`. *Jean Boussier* - Restore inferred association class with the same modularized name. *Justin Ko* - Fix `ActiveRecord::Base.inspect` to properly explain how to load schema information. *Jean Boussier* - Check invalid `enum` options for the new syntax. The options using `_` prefix in the old syntax are invalid in the new syntax. *Rafael Mendonça França* - Fix `ActiveRecord::Encryption::EncryptedAttributeType#type` to return actual cast type. *Vasiliy Ermolovich* - Fix `create_table` with `:auto_increment` option for MySQL adapter. *fatkodima* #### Action View - No changes. #### Action Pack - Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`. *Hartley McGuire* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Strip `content` attribute if the key is present but the value is empty *Jeremy Green* #### Railties - Fix `rails console` for application with non default application constant. The wrongly assumed the Rails application would be named `AppNamespace::Application`, which is the default but not an obligation. *Jean Boussier* - Fix the default Dockerfile to include the full sqlite3 package. Prior to this it only included `libsqlite3`, so it wasn't enough to run `rails dbconsole`. *Jerome Dalbert* - Don't update public directory during `app:update` command for API-only Applications. *y-yagi* - Don't add bin/brakeman if brakeman is not in bundle when upgrading an application. *Etienne Barrié* - Remove PWA views and routes if its an API only project. *Jean Boussier* - Simplify generated Puma configuration *DHH*, *Rafael Mendonça França* ### [`v7.2.0`](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.2.0) [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.5.1...v7.2.0) ### [`v7.1.5.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.5.1): 7.1.5.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.5...v7.1.5.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead. \[CVE-2024-54133] *Gannon McGibbon* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Update vendored trix version to 2.1.10 *John Hawthorn* #### Railties - No changes. #### Guides - No changes. ### [`v7.1.5`](https://redirect.github.com/rails/rails/releases/tag/v7.1.5): 7.1.5 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4.2...v7.1.5) #### Active Support - No changes. #### Active Model - Fix regression in `alias_attribute` to work with user defined methods. `alias_attribute` would wrongly assume the attribute accessor was generated by Active Model. ```ruby class Person include ActiveModel::AttributeMethods define_attribute_methods :name attr_accessor :name alias_attribute :full_name, :name end person.full_name # => NoMethodError: undefined method `attribute' for an instance of Person ``` *Jean Boussier* #### Active Record - Fix marshalling of unsaved associated records in 7.1 format. The 7.1 format would only marshal associated records if the association was loaded. But associations that would only contain unsaved records would be skipped. *Jean Boussier* - Fix an issue where `.left_outer_joins` used with multiple associations that have the same child association but different parents does not join all parents. Previously, using `.left_outer_joins` with the same child association would only join one of the parents. Now it will correctly join both parents. Fixes [#​41498](https://redirect.github.com/rails/rails/issues/41498). *Garrett Blehm* - Ensure `ActiveRecord::Encryption.config` is always ready before access. Previously, `ActiveRecord::Encryption` configuration was deferred until `ActiveRecord::Base` was loaded. Therefore, accessing `ActiveRecord::Encryption.config` properties before `ActiveRecord::Base` was loaded would give incorrect results. `ActiveRecord::Encryption` now has its own loading hook so that its configuration is set as soon as needed. When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers the loading of `ActiveRecord::Encryption`, thus preserving the original behavior of having its config ready before any use of `ActiveRecord::Base`. *Maxime Réty* - Add `TimeZoneConverter#==` method, so objects will be properly compared by their type, scale, limit & precision. Address [#​52699](https://redirect.github.com/rails/rails/issues/52699). *Ruy Rocha* #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4.2`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.2): 7.1.4.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4.1...v7.1.4.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - Fix NoMethodError in `block_format` helper *Michael Leimstaedtner* #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.1): 7.1.4.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4...v7.1.4.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Avoid regex backtracking in HTTP Token authentication \[CVE-2024-47887] - Avoid regex backtracking in query parameter filtering \[CVE-2024-41128] #### Active Job - No changes. #### Action Mailer - Avoid regex backtracking in `block_format` helper \[CVE-2024-47889] #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Avoid backtracing in plain_text_for_blockquote_node \[CVE-2024-47888] #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4): 7.1.4 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.1.4) #### Active Support - Improve compatibility for `ActiveSupport::BroadcastLogger`. *Máximo Mussini* - Pass options along to write_entry in handle_expired_entry method. *Graham Cooper* - Fix Active Support configurations deprecations. *fatkodima* - Fix teardown callbacks. *Tristan Starck* - `BacktraceCleaner` silence core internal methods by default. *Jean Boussier* - Fix `delegate_missing_to allow_nil: true` when called with implict self ```ruby class Person delegate_missing_to :address, allow_nil: true def address nil end def berliner? city == "Berlin" end end Person.new.city # => nil Person.new.berliner? # undefined local variable or method `city' for an instance of Person (NameError) ``` *Jean Boussier* - Work around a Ruby bug that can cause a VM crash. This would happen if using `TaggerLogger` with a Proc formatter on which you called `object_id`. [BUG] Object ID seen, but not in mapping table: proc *Jean Boussier* - Fix `ActiveSupport::Notifications.publish_event` to preserve units. This solves the incorrect reporting of time spent running Active Record asynchronous queries (by a factor `1000`). *Jean Boussier* #### Active Model - No changes. #### Active Record - Allow to eager load nested nil associations. *fatkodima* - Fix `create_table` with `:auto_increment` option for MySQL adapter. *fatkodima* - Don't load has_one associations during autosave. *Eugene Kenny* - Fix migration ordering for `bin/rails db:prepare` across databases. *fatkodima* - Fix `alias_attribute` to ignore methods defined in parent classes. *Jean Boussier* - Fix a performance regression in attribute methods. *Jean Boussier* - Fix Active Record configs variable shadowing. *Joel Lubrano* - Fix running migrations on other databases when `database_tasks: false` on primary. *fatkodima* - Fix non-partial inserts for models with composite identity primary keys. *fatkodima* - Fix `ActiveRecord::Relation#touch_all` with custom attribute aliased as attribute for update. *fatkodima* - Fix a crash when an Executor wrapped fork exit. *Joé Dupuis* - Fix `destroy_async` job for owners with composite primary keys. *fatkodima* - Ensure pre-7.1 migrations use legacy index names when using `rename_table`. *fatkodima* - Allow `primary_key:` association option to be composite. *Nikita Vasilevsky* - Do not try to alias on key update when raw SQL is supplied. *Gabriel Amaral* - Memoize `key_provider` from `key` or deterministic `key_provider` if any. *Rosa Gutierrez* - Fix `upsert` warning for MySQL. *fatkodima* - Fix predicate builder for polymorphic models referencing models with composite primary keys. *fatkodima* - Fix `update_all/delete_all` on CPK model relation with join subquery. *Nikita Vasilevsky* - Remove memoization to accept `key_provider` overridden by `with_encryption_context`. *John Hawthorn* - Raise error for Trilogy when prepared_statements is true. Trilogy doesn't currently support prepared statements. The error that applications would see is a `StatementInvalid` error. This doesn't quite point you to the fact this isn
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/powerhome/power-web-development-interview). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 208 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 124 insertions(+), 86 deletions(-) diff --git a/Gemfile b/Gemfile index 6b32144..127238a 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,7 @@ gem 'coffee-rails', '~> 5.0' gem 'jbuilder', '~> 2.5' gem 'mysql2', '>= 0.4.4', '< 0.6.0' gem 'puma', '~> 6.0' -gem 'rails', '~> 6.1.7.3' +gem 'rails', '~> 8.0.0.0' gem 'sass-rails', '~> 6.0' gem 'turbolinks', '~> 5' gem 'uglifier', '>= 1.3.0' diff --git a/Gemfile.lock b/Gemfile.lock index 6b45b1c..763b813 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,68 +1,83 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.10) - actionpack (= 6.1.7.10) - activesupport (= 6.1.7.10) + actioncable (8.0.0.1) + actionpack (= 8.0.0.1) + activesupport (= 8.0.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.10) - actionpack (= 6.1.7.10) - activejob (= 6.1.7.10) - activerecord (= 6.1.7.10) - activestorage (= 6.1.7.10) - activesupport (= 6.1.7.10) - mail (>= 2.7.1) - actionmailer (6.1.7.10) - actionpack (= 6.1.7.10) - actionview (= 6.1.7.10) - activejob (= 6.1.7.10) - activesupport (= 6.1.7.10) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.7.10) - actionview (= 6.1.7.10) - activesupport (= 6.1.7.10) - rack (~> 2.0, >= 2.0.9) + zeitwerk (~> 2.6) + actionmailbox (8.0.0.1) + actionpack (= 8.0.0.1) + activejob (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) + mail (>= 2.8.0) + actionmailer (8.0.0.1) + actionpack (= 8.0.0.1) + actionview (= 8.0.0.1) + activejob (= 8.0.0.1) + activesupport (= 8.0.0.1) + mail (>= 2.8.0) + rails-dom-testing (~> 2.2) + actionpack (8.0.0.1) + actionview (= 8.0.0.1) + activesupport (= 8.0.0.1) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.10) - actionpack (= 6.1.7.10) - activerecord (= 6.1.7.10) - activestorage (= 6.1.7.10) - activesupport (= 6.1.7.10) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + useragent (~> 0.16) + actiontext (8.0.0.1) + actionpack (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.10) - activesupport (= 6.1.7.10) + actionview (8.0.0.1) + activesupport (= 8.0.0.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.10) - activesupport (= 6.1.7.10) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (8.0.0.1) + activesupport (= 8.0.0.1) globalid (>= 0.3.6) - activemodel (6.1.7.10) - activesupport (= 6.1.7.10) - activerecord (6.1.7.10) - activemodel (= 6.1.7.10) - activesupport (= 6.1.7.10) - activestorage (6.1.7.10) - actionpack (= 6.1.7.10) - activejob (= 6.1.7.10) - activerecord (= 6.1.7.10) - activesupport (= 6.1.7.10) + activemodel (8.0.0.1) + activesupport (= 8.0.0.1) + activerecord (8.0.0.1) + activemodel (= 8.0.0.1) + activesupport (= 8.0.0.1) + timeout (>= 0.4.0) + activestorage (8.0.0.1) + actionpack (= 8.0.0.1) + activejob (= 8.0.0.1) + activerecord (= 8.0.0.1) + activesupport (= 8.0.0.1) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (6.1.7.10) - concurrent-ruby (~> 1.0, >= 1.0.2) + activesupport (8.0.0.1) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.8.2) public_suffix (>= 2.0.2, < 6.0) awesome_print (1.9.2) + base64 (0.2.0) + benchmark (0.4.0) + bigdecimal (3.1.8) bindex (0.8.1) bootsnap (1.18.4) msgpack (~> 1.2) @@ -91,14 +106,16 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.3.4) + connection_pool (2.4.1) crass (1.0.6) - date (3.3.4) + date (3.4.1) diff-lcs (1.5.1) docile (1.4.0) dotenv (3.1.4) dotenv-rails (3.1.4) dotenv (= 3.1.4) railties (>= 6.1) + drb (2.2.1) erubi (1.13.0) execjs (2.8.1) factory_bot (6.4.6) @@ -107,17 +124,22 @@ GEM factory_bot (~> 6.4) railties (>= 5.0.0) ffi (1.16.3) - globalid (1.1.0) - activesupport (>= 5.0) + globalid (1.2.1) + activesupport (>= 6.1) i18n (1.14.6) concurrent-ruby (~> 1.0) + io-console (0.8.0) + irb (1.14.1) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jbuilder (2.13.0) actionview (>= 5.0.0) activesupport (>= 5.0.0) listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.22.0) + logger (1.6.2) + loofah (2.23.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -127,23 +149,23 @@ GEM net-smtp marcel (1.0.4) matrix (0.4.2) - method_source (1.0.0) + method_source (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.8) minitest (5.25.4) msgpack (1.7.2) mysql2 (0.5.6) - net-imap (0.3.7) + net-imap (0.5.1) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.2) timeout - net-smtp (0.3.4) + net-smtp (0.5.0) net-protocol nio4r (2.7.4) - nokogiri (1.16.8) + nokogiri (1.17.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) pry (0.14.2) @@ -154,30 +176,36 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.11) pry (>= 0.13.0) + psych (5.2.1) + date + stringio public_suffix (5.0.1) puma (6.5.0) nio4r (~> 2.0) racc (1.8.1) - rack (2.2.10) + rack (3.1.8) rack-proxy (0.7.6) rack + rack-session (2.0.0) + rack (>= 3.0.0) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.10) - actioncable (= 6.1.7.10) - actionmailbox (= 6.1.7.10) - actionmailer (= 6.1.7.10) - actionpack (= 6.1.7.10) - actiontext (= 6.1.7.10) - actionview (= 6.1.7.10) - activejob (= 6.1.7.10) - activemodel (= 6.1.7.10) - activerecord (= 6.1.7.10) - activestorage (= 6.1.7.10) - activesupport (= 6.1.7.10) + rackup (2.2.1) + rack (>= 3) + rails (8.0.0.1) + actioncable (= 8.0.0.1) + actionmailbox (= 8.0.0.1) + actionmailer (= 8.0.0.1) + actionpack (= 8.0.0.1) + actiontext (= 8.0.0.1) + actionview (= 8.0.0.1) + activejob (= 8.0.0.1) + activemodel (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) bundler (>= 1.15.0) - railties (= 6.1.7.10) - sprockets-rails (>= 2.0.0) + railties (= 8.0.0.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -185,17 +213,23 @@ GEM rails-html-sanitizer (1.6.1) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (6.1.7.10) - actionpack (= 6.1.7.10) - activesupport (= 6.1.7.10) - method_source + railties (8.0.0.1) + actionpack (= 8.0.0.1) + activesupport (= 8.0.0.1) + irb (~> 1.13) + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - rake (13.1.0) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) + rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) + rdoc (6.8.1) + psych (>= 4.0.0) regexp_parser (2.7.0) + reline (0.5.12) + io-console (~> 0.5) rexml (3.2.6) rspec-core (3.12.3) rspec-support (~> 3.12.0) @@ -225,6 +259,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.4.0) selenium-webdriver (4.10.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) @@ -247,13 +282,14 @@ GEM sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) + sprockets-rails (3.5.2) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) + stringio (3.1.2) thor (1.3.2) tilt (2.1.0) - timeout (0.3.2) + timeout (0.4.2) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -261,6 +297,8 @@ GEM concurrent-ruby (~> 1.0) uglifier (4.2.1) execjs (>= 0.3.0, < 3) + uri (1.0.2) + useragent (0.16.11) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -281,7 +319,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.18) + zeitwerk (2.7.1) PLATFORMS ruby @@ -300,7 +338,7 @@ DEPENDENCIES pry-byebug pry-rails puma (~> 6.0) - rails (~> 6.1.7.3) + rails (~> 8.0.0.0) rspec-rails (~> 6.0) sass-rails (~> 6.0) shoulda-matchers