Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency rails to v7.1.3.2 - autoclosed #335

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 13, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
rails (source, changelog) 7.0.7.2 -> 7.1.3.2 age adoption passing confidence

Release Notes

rails/rails (rails)

v7.1.3.2

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the
    translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v7.1.3.1: 7.1.3.1

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v7.1.3: 7.1.3

Compare Source

Active Support

  • Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

    Eugene Kenny

  • Fix ActiveSupport::JSON.encode to prevent duplicate keys.

    If the same key exist in both String and Symbol form it could
    lead to the same key being emitted twice.

    Manish Sharma

  • Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace
    and local cache strategy.

    Mark Oleson

  • Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

    There is a bug in the current implementation of #travel_to:
    it remembers a timezone of its argument, and all stubbed methods start
    returning results in that remembered timezone. However, the expected
    behaviour is to return results in a system timezone.

    Aleksei Chernenkov

  • Fix :unless_exist option for MemoryStore#write (et al) when using a
    cache namespace.

    S. Brent Faulkner

  • Fix ActiveSupport::Deprecation to handle blaming generated code.

    Jean Boussier, fatkodima

Active Model

  • No changes.

Active Record

  • Fix Migrations with versions older than 7.1 validating options given to
    add_reference.

    Hartley McGuire

  • Ensure reload sets correct owner for each association.

    Dmytro Savochkin

  • Fix view runtime for controllers with async queries.

    fatkodima

  • Fix load_async to work with query cache.

    fatkodima

  • Fix polymorphic belongs_to to correctly use parent's query_constraints.

    fatkodima

  • Fix Preloader to not generate a query for already loaded association with query_constraints.

    fatkodima

  • Fix multi-database polymorphic preloading with equivalent table names.

    When preloading polymorphic associations, if two models pointed to two
    tables with the same name but located in different databases, the
    preloader would only load one.

    Ari Summer

  • Fix encrypted_attribute? to take into account context properties passed to encrypts.

    Maxime Réty

  • Fix find_by to work correctly in presence of composite primary keys.

    fatkodima

  • Fix async queries sometimes returning a raw result if they hit the query cache.

    ShipPart.async_count could return a raw integer rather than a Promise
    if it found the result in the query cache.

    fatkodima

  • Fix Relation#transaction to not apply a default scope.

    The method was incorrectly setting a default scope around its block:

    Post.where(published: true).transaction do
      Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE;
    end

    Jean Boussier

  • Fix calling async_pluck on a none relation.

    Model.none.async_pluck(:id) was returning a naked value
    instead of a promise.

    Jean Boussier

  • Fix calling load_async on a none relation.

    Model.none.load_async was returning a broken result.

    Lucas Mazza

  • TrilogyAdapter: ignore host if socket parameter is set.

    This allows to configure a connection on a UNIX socket via DATABASE_URL:

    DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
    

    Jean Boussier

  • Fix has_secure_token calls the setter method on initialize.

    Abeid Ahmed

  • Allow using object_id as a database column name.
    It was available before rails 7.1 and may be used as a part of polymorphic relationship to object where object can be any other database record.

    Mikhail Doronin

  • Fix rails db:create:all to not touch databases before they are created.

    fatkodima

Action View

  • Better handle SyntaxError in Action View.

    Mario Caropreso

  • Fix word_wrap with empty string.

    Jonathan Hefner

  • Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

    Make RenderedViewContent inherit from String. Make private API with :nodoc:.

    Sean Doyle

  • Fix detection of required strict locals.

    Further fix render @​collection compatibility with strict locals

    Jean Boussier

Action Pack

  • Fix including Rails.application.routes.url_helpers directly in an
    ActiveSupport::Concern.

    Jonathan Hefner

  • Fix system tests when using a Chrome binary that has been downloaded by
    Selenium.

    Jonathan Hefner

Active Job

  • Do not trigger immediate loading of ActiveJob::Base when loading ActiveJob::TestHelper.

    Maxime Réty

  • Preserve the serialized timezone when deserializing ActiveSupport::TimeWithZone arguments.

    Joshua Young

  • Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers.

    fatkodima

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • Fix N+1 query when fetching preview images for non-image assets.

    Aaron Patterson & Justin Searls

  • Fix all Active Storage database related models to respect
    ActiveRecord::Base.table_name_prefix configuration.

    Chedli Bourguiba

  • Fix ActiveStorage::Representations::ProxyController not returning the proper
    preview image variant for previewable files.

    Chedli Bourguiba

  • Fix ActiveStorage::Representations::ProxyController to proxy untracked
    variants.

    Chedli Bourguiba

  • Fix direct upload forms when submit button contains nested elements.

    Marc Köhlbrugge

  • When using the preprocessed: true option, avoid enqueuing transform jobs
    for blobs that are not representable.

    Chedli Bourguiba

  • Process preview image variant when calling ActiveStorage::Preview#processed.
    For example, attached_pdf.preview(:thumb).processed will now immediately
    generate the full-sized preview image and the :thumb variant of it.
    Previously, the :thumb variant would not be generated until a further call
    to e.g. processed.url.

    Chedli Bourguiba and Jonathan Hefner

  • Prevent ActiveRecord::StrictLoadingViolationError when strict loading is
    enabled and the variant of an Active Storage preview has already been
    processed (for example, by calling ActiveStorage::Preview#url).

    Jonathan Hefner

  • Fix preprocessed: true option for named variants of previewable files.

    Nico Wenterodt

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • Make sure config.after_routes_loaded hook runs on boot.

    Rafael Mendonça França

  • Fix config.log_level not being respected when using a BroadcastLogger

    Édouard Chin

  • Fix isolated engines to take ActiveRecord::Base.table_name_prefix into consideration.
    This will allow for engine defined models, such as inside Active Storage, to respect
    Active Record table name prefix configuration.

    Chedli Bourguiba

  • The bin/rails app:template command will no longer add potentially unwanted
    gem platforms via bundle lock --add-platform=... commands.

    Jonathan Hefner

v7.1.2: 7.1.2

Compare Source

Active Support
  • Fix :expires_in option for RedisCacheStore#write_multi.

    fatkodima

  • Fix deserialization of non-string "purpose" field in Message serializer

    Jacopo Beschi

  • Prevent global cache options being overwritten when setting dynamic options
    inside a ActiveSupport::Cache::Store#fetch block.

    Yasha Krasnou

  • Fix missing require resulting in NoMethodError when running
    bin/rails secrets:show or bin/rails secrets:edit.

    Stephen Ierodiaconou

  • Ensure {down,up}case_first returns non-frozen string.

    Jonathan Hefner

  • Fix #to_fs(:human_size) to correctly work with negative numbers.

    Earlopain

  • Fix BroadcastLogger#dup so that it duplicates the logger's broadcasts.

    Andrew Novoselac

  • Fix issue where bootstrap.rb overwrites the level of a BroadcastLogger's broadcasts.

    Andrew Novoselac

  • Fix ActiveSupport::Cache to handle outdated Marshal payload from Rails 6.1 format.

    Active Support's Cache is supposed to treat a Marshal payload that can no longer be
    deserialized as a cache miss. It fail to do so for compressed payload in the Rails 6.1
    legacy format.

    Jean Boussier

  • Fix OrderedOptions#dig for array indexes.

    fatkodima

  • Fix time travel helpers to work when nested using with separate classes.

    fatkodima

  • Fix delete_matched for file cache store to work with keys longer than the
    max filename size.

    fatkodima and Jonathan Hefner

  • Fix compatibility with the semantic_logger gem.

    The semantic_logger gem doesn't behave exactly like stdlib logger in that
    SemanticLogger#level returns a Symbol while stdlib Logger#level returns an Integer.

    This caused the various LogSubscriber classes in Rails to break when assigned a
    SemanticLogger instance.

    Jean Boussier, ojab

Active Model
  • Make ==(other) method of AttributeSet safe.

    Dmitry Pogrebnoy

Active Record
  • Fix renaming primary key index when renaming a table with a UUID primary key
    in PostgreSQL.

    fatkodima

  • Fix where(field: values) queries when field is a serialized attribute
    (for example, when field uses ActiveRecord::Base.serialize or is a JSON
    column).

    João Alves

  • Prevent marking broken connections as verified.

    Daniel Colson

  • Don't mark Float::INFINITY as changed when reassigning it

    When saving a record with a float infinite value, it shouldn't mark as changed

    Maicol Bentancor

  • ActiveRecord::Base.table_name now returns nil instead of raising
    "undefined method abstract_class? for Object:Class".

    a5-stable

  • Fix upserting for custom :on_duplicate and :unique_by consisting of all
    inserts keys.

    fatkodima

  • Fixed an issue where saving a
    record could innappropriately dup its attributes.

    Jonathan Hefner

  • Dump schema only for a specific db for rollback/up/down tasks for multiple dbs.

    fatkodima

  • Fix NoMethodError when casting a PostgreSQL money value that uses a
    comma as its radix point and has no leading currency symbol. For example,
    when casting "3,50".

    Andreas Reischuck and Jonathan Hefner

  • Re-enable support for using enum with non-column-backed attributes.
    Non-column-backed attributes must be previously declared with an explicit
    type. For example:

    class Post < ActiveRecord::Base
      attribute :topic, :string
      enum topic: %i[science tech engineering math]
    end

    Jonathan Hefner

  • Raise on foreign_key: being passed as an array in associations

    Nikita Vasilevsky

  • Return back maximum allowed PostgreSQL table name to 63 characters.

    fatkodima

  • Fix detecting IDENTITY columns for PostgreSQL < 10.

    fatkodima

Action View
  • Fix the number_to_human_size view helper to correctly work with negative numbers.

    Earlopain

  • Automatically discard the implicit locals injected by collection rendering for template that can't accept them

    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.

    Now they are only passed if the template will actually accept them.

    Yasha Krasnou, Jean Boussier

  • Fix @rails/ujs calling start() an extra time when using bundlers

    Hartley McGuire, Ryunosuke Sato

  • Fix the capture view helper compatibility with HAML and Slim

    When a blank string was captured in HAML or Slim (and possibly other template engines)
    it would instead return the entire buffer.

    Jean Boussier

Action Pack
  • Fix a race condition that could cause a Text file busy - chromedriver
    error with parallel system tests

    Matt Brictson

  • Fix StrongParameters#extract_value to include blank values

    Otherwise composite parameters may not be parsed correctly when one of the
    component is blank.

    fatkodima, Yasha Krasnou, Matthias Eiglsperger

  • Add racc as a dependency since it will become a bundled gem in Ruby 3.4.0

    Hartley McGuire

  • Support handling Enumerator for non-buffered responses.

    Zachary Scott

Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • No changes.
Action Mailbox
  • No changes.
Action Text
  • Compile ESM package that can be used directly in the browser as actiontext.esm.js

    Matias Grunberg

  • Fix using actiontext.js with Sprockets

    Matias Grunberg

  • Upgrade Trix to 2.0.7

    Hartley McGuire

  • Fix using Trix with Sprockets

    Hartley McGuire

Railties
  • Fix running db:system:change when app has no Dockerfile.

    Hartley McGuire

  • If you accessed config.eager_load_paths and friends, later changes to
    config.paths were not reflected in the expected auto/eager load paths.
    Now, they are.

    This bug has been latent since Rails 3.

    Fixes #​49629.

    Xavier Noria

v7.1.1: 7.1.1

Compare Source

Active Support

  • Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger.

    Jenny Shen

  • NumberHelper: handle objects responding to_d.

    fatkodima

  • Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.

    This bug was only impacting Redis server older than 7.0.

    Thomas Countz

  • Fix MemoryStore to prevent race conditions when incrementing or decrementing.

    Pierre Jambet

Active Model

  • No changes.

Active Record

  • Fix auto populating IDENTITY columns for PostgreSQL.

    fatkodima

  • Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when
    down migrating rename_table in older migrations.

    fatkodima

  • Do not require the Action Text, Active Storage and Action Mailbox tables
    to be present when running when running test on CI.

    Rafael Mendonça França

Action View

  • Updated @rails/ujs files to ignore certain data-* attributes when element is contenteditable.

    This fix was already landed in >= 7.0.4.3, < 7.1.0.
    [CVE-2023-23913]

    Ryunosuke Sato

Action Pack

  • No changes.

Active Job

  • Don't log enqueuing details when the job wasn't enqueued.

    Dustin Brown

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • Ensures the Rails generated Dockerfile uses correct ruby version and matches Gemfile.

    Abhay Nikam

v7.1.0: 7.1.0

Compare Source

Active Support

  • Fix AS::MessagePack with ENV["RAILS_MAX_THREADS"].

    Jonathan Hefner

  • Add a new public API for broadcasting logs

    This feature existed for a while but was until now a private API.
    Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and
    is used by default in the development environment to write logs both on STDOUT and in the
    "development.log" file.

    Basic usage:

    stdout_logger = Logger.new(STDOUT)
    file_logger = Logger.new("development.log")
    broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger)
    
    broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file.

    Adding other sink(s) to the broadcast:

    broadcast = ActiveSupport::BroadcastLogger.new
    broadcast.broadcast_to(Logger.new(STDERR))

    Remove a sink from the broadcast:

    stdout_logger = Logger.new(STDOUT)
    broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger)
    
    broadcast.stop_broadcasting_to(stdout_logger)

    Edouard Chin

  • Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3

    Nobuyoshi Nakada, Shouichi Kamiya, Hartley McGuire

  • Use Ruby 3.3 Range#overlap? if available

    Yasuo Honda

  • Add bigdecimal as Active Support dependency that is a bundled gem candidate for Ruby 3.4.

    bigdecimal 3.1.4 or higher version will be installed.
    Ruby 2.7 and 3.0 users who want bigdecimal version 2.0.0 or 3.0.0 behavior as a default gem,
    pin the bigdecimal version in your application Gemfile.

    Koichi ITO

  • Add drb, mutex_m and base64 that are bundled gem candidates for Ruby 3.4

    Yasuo Honda

  • When using cache format version >= 7.1 or a custom serializer, expired and
    version-mismatched cache entries can now be detected without deserializing
    their values.

    Jonathan Hefner

  • Make all cache stores return a boolean for #delete

    Previously the RedisCacheStore#delete would return 1 if the entry
    exists and 0 otherwise. Now it returns true if the entry exists and false
    otherwise, just like the other stores.

    The FileStore would return nil if the entry doesn't exists and returns
    false now as well.

    Petrik de Heus

  • Active Support cache stores now support replacing the default compressor via
    a :compressor option. The specified compressor must respond to deflate
    and inflate. For example:

    module MyCompressor
      def self.deflate(string)

compression logic...

    end

    def self.inflate(compressed)

decompression logic...

    end
  end

  config.cache_store = :redis_cache_store, { compressor: MyCompressor }
  ```

*Jonathan Hefner*
  • Active Support cache stores now support a :serializer option. Similar to
    the :coder option, serializers must respond to dump and load. However,
    serializers are only responsible for serializing a cached value, whereas
    coders are responsible for serializing the entire ActiveSupport::Cache::Entry
    instance. Additionally, the output from serializers can be automatically
    compressed, whereas coders are responsible for their own compression.

    Specifying a serializer instead of a coder also enables performance
    optimizations, including the bare string optimization introduced by cache
    format version 7.1.

    The :serializer and :coder options are mutually exclusive. Specifying
    both will raise an ArgumentError.

    Jonathan Hefner

  • Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

    James Robinson

  • Don't show secrets for ActiveSupport::KeyGenerator#inspect.

    Before:

    ActiveSupport::KeyGenerator.new(secret).inspect
    "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

    After:

    ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
    "#<ActiveSupport::KeyGenerator:0x0000000104888038>"

    Petrik de Heus

  • Improve error message when EventedFileUpdateChecker is used without a
    compatible version of the Listen gem

    Hartley McGuire

  • Add :report behavior for Deprecation

    Setting config.active_support.deprecation = :report uses the error
    reporter to report deprecation warnings to ActiveSupport::ErrorReporter.

    Deprecations are reported as handled errors, with a severity of :warning.

    Useful to report deprecations happening in production to your bug tracker.

    Étienne Barrié

  • Rename Range#overlaps? to #overlap? and add alias for backwards compatibility

    Christian Schmidt

  • Fix EncryptedConfiguration returning incorrect values for some Hash
    methods

    Hartley McGuire

  • Don't show secrets for MessageEncryptor#inspect.

    Before:

    ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
    "#<ActiveSupport::MessageEncryptor:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

    After:

    ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
    "#<ActiveSupport::MessageEncryptor:0x0000000104888038>"

    Petrik de Heus

  • Don't show contents for EncryptedConfiguration#inspect.

    Before:

    Rails.application.credentials.inspect
    "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @&#8203;config={:secret=>\"something secret\"} ... @&#8203;key_file_contents=\"915e4ea054e011022398dc242\" ...>"

    After:

    Rails.application.credentials.inspect
    "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"

    Petrik de Heus

  • ERB::Util.html_escape_once always returns an html_safe string.

    This method previously maintained the html_safe? property of a string on the return
    value. Because this string has been escaped, however, not marking it as html_safe causes
    entities to be double-escaped.

    As an example, take this view snippet:

    <p><%= html_escape_once("this & that &amp; the other") %></p>

    Before this change, that would be double-escaped and render as:

    <p>this &amp;amp; that &amp;amp; the other</p>

    After this change, it renders correctly as:

    <p>this &amp; that &amp; the other</p>

    Fixes #​48256

    Mike Dalessio

  • Deprecate SafeBuffer#clone_empty.

    This method has not been used internally since Rails 4.2.0.

    Mike Dalessio

  • MessageEncryptor, MessageVerifier, and config.active_support.message_serializer
    now accept :message_pack and :message_pack_allow_marshal as serializers.
    These serializers require the msgpack gem
    (>= 1.7.0).

    The Message Pack format can provide improved performance and smaller payload
    sizes. It also supports round-tripping some Ruby types that are not supported
    by JSON. For example:

    verifier = ActiveSupport::MessageVerifier.new("secret")
    data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)]
    message = verifier.generate(data)

BEFORE with config.active_support.message_serializer = :json

  verifier.verified(message)

=> [{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"]

  verifier.verified(message).map(&:class)

=> [Hash, Hash, String, String]

AFTER with config.active_support.message_serializer = :message_pack

  verifier.verified(message)

=> [{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600]

  verifier.verified(message).map(&:class)

=> [Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time]

  ```

The `:message_pack` serializer can fall back to deserializing with
`ActiveSupport::JSON` when necessary, and the `:message_pack_allow_marshal`
serializer can fall back to deserializing with `Marshal` as well as
`ActiveSupport::JSON`. Additionally, the `:marshal`, `:json`, and
`:json_allow_marshal` serializers can now fall back to deserializing with
`ActiveSupport::MessagePack` when necessary. These behaviors ensure old
messages can still be read so that migration is easier.

*Jonathan Hefner*
  • A new 7.1 cache format is available which includes an optimization for
    bare string values such as view fragments.

    The 7.1 cache format is used by default for new apps, and existing apps
    can enable the format by setting config.load_defaults 7.1 or by setting
    config.active_support.cache_format_version = 7.1 in config/application.rb
    or a config/environments/*.rb file.

    Cache entries written using the 6.1 or 7.0 cache formats can be read
    when using the 7.1 format. To perform a rolling deploy of a Rails 7.1
    upgrade, wherein servers that have not yet been upgraded must be able to
    read caches from upgraded servers, leave the cache format unchanged on the
    first deploy, then enable the 7.1 cache format on a subsequent deploy.

    Jonathan Hefner

  • Active Support cache stores can now use a preconfigured serializer based on
    ActiveSupport::MessagePack via the :serializer option:

    config.cache_store = :redis_cache_store, { serializer: :message_pack }

    The :message_pack serializer can reduce cache entry sizes and improve
    performance, but requires the msgpack gem
    (>= 1.7.0).

    The :message_pack serializer can read cache entries written by the default
    serializer, and the default serializer can now read entries written by the
    :message_pack serializer. These behaviors make it easy to migrate between
    serializer without invalidating the entire cache.

    Jonathan Hefner

  • Object#deep_dup no longer duplicate named classes and modules.

    Before:

    hash = { class: Object, module: Kernel }
    hash.deep_dup # => {:class=>#<Class:0x00000001063ffc80>, :module=>#<Module:0x00000001063ffa00>}

    After:

    hash = { class: Object, module: Kernel }
    hash.deep_dup # => {:class=>Object, :module=>Kernel}

    Jean Boussier

  • Consistently raise an ArgumentError if the ActiveSupport::Cache key is blank.

    Joshua Young

  • Deprecate usage of the singleton ActiveSupport::Deprecation.

    All usage of ActiveSupport::Deprecation as a singleton is deprecated, the most common one being
    ActiveSupport::Deprecation.warn. Gem authors should now create their own deprecator (ActiveSupport::Deprecation
    object), and use it to emit deprecation warnings.

    Calling any of the following without specifying a deprecator argument is also deprecated:

    • Module.deprecate
    • deprecate_constant
    • DeprecatedObjectProxy
    • DeprecatedInstanceVariableProxy
    • DeprecatedConstantProxy
    • deprecation-related test assertions

    Use of ActiveSupport::Deprecation.silence and configuration methods like behavior=, disallowed_behavior=,
    disallowed_warnings= should now be aimed at the application's deprecators.

    Rails.application.deprecators.silence do

code that emits deprecation warnings

end
```

If your gem has a Railtie or Engine, it's encouraged to add your deprecator to the application's deprecators, that
way the deprecation related configuration options will apply to it as well, e.g.
`config.active_support.report_deprecations` set to `false` in the production environment will also disable your
deprecator.

```ruby
initializer "my_gem.deprecator" do |app|
  app.deprecators[:my_gem] = MyGem.deprecator
end
```

*Étienne Barrié*
  • Add Object#with to set and restore public attributes around a block

    client.timeout # => 5
    client.with(timeout: 1) do
      client.timeout # => 1
    end
    client.timeout # => 5

    Jean Boussier

  • Remove deprecated support to generate incorrect RFC 4122 UUIDs when providing a namespace ID that is not one of the
    constants defined on Digest::UUID.

    Rafael Mendonça França

  • Deprecate config.active_support.use_rfc4122_namespaced_uuids.

    Rafael Mendonça França

  • Remove implicit conversion of objects into String by ActiveSupport::SafeBuffer.

    Rafael Mendonça França

  • Remove deprecated active_support/core_ext/range/include_time_with_zone file.

    Rafael Mendonça França

  • Deprecate config.active_support.remove_deprecated_time_with_zone_name.

    Rafael Mendonça França

  • Remove deprecated override of ActiveSupport::TimeWithZone.name.

    Rafael Mendonça França

  • Deprecate config.active_support.disable_to_s_conversion.

    Rafael Mendonça França

  • Remove deprecated option to passing a format to #to_s in Array, Range, Date, DateTime, Time,
    BigDecimal, Float and, Integer.

    Rafael Mendonça França

  • Remove deprecated ActiveSupport::PerThreadRegistry.

    Rafael Mendonça França

  • Remove deprecated override of Enumerable#sum.

    Rafael Mendonça França

  • Deprecated initializing a ActiveSupport::Cache::MemCacheStore with an instance of Dalli::Client.

    Deprecate the undocumented option of providing an already-initialized instance of Dalli::Client to ActiveSupport::Cache::MemCacheStore. Such clients could be configured with unrecognized options, which could lead to unexpected behavior. Instead, provide addresses as documented.

    aledustet

  • Stub Time.new() in TimeHelpers#travel_to

    travel_to Time.new(2004, 11, 24) do

Inside the travel_to block Time.new is stubbed

    assert_equal 2004, Time.new.year
  end
  ```

*fatkodima*
  • Raise ActiveSupport::MessageEncryptor::InvalidMessage from
    ActiveSupport::MessageEncryptor#decrypt_and_verify regardless of cipher.
    Previously, when a MessageEncryptor was using a non-AEAD cipher such as
    AES-256-CBC, a corrupt or tampered message would raise
    ActiveSupport::MessageVerifier::InvalidSignature. Now, all ciphers raise
    the same error:

    encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-gcm")
    message = encryptor.encrypt_and_sign("message")
    encryptor.decrypt_and_verify(message.next)

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-cbc")
  message = encryptor.encrypt_and_sign("message")
  encryptor.decrypt_and_verify(message.next)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  ```

*Jonathan Hefner*
  • Support nil original values when using ActiveSupport::MessageVerifier#verify.
    Previously, MessageVerifier#verify did not work with nil original
    values, though both MessageVerifier#verified and
    MessageEncryptor#decrypt_and_verify do:

    encryptor = ActiveSupport::MessageEncryptor.new(secret)
    message = encryptor.encrypt_and_sign(nil)
    
    encryptor.decrypt_and_verify(message)

=> nil

  verifier = ActiveSupport::MessageVerifier.new(secret)
  message = verifier.generate(nil)

  verifier.verified(message)

=> nil

  verifier.verify(message)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> nil

  ```

*Jonathan Hefner*
  • Maintain html_safe? on html_safe strings when sliced with slice, slice!, or chr method.

    Previously, html_safe? was only maintained when the html_safe strings were sliced
    with [] method. Now, slice, slice!, and chr methods will maintain html_safe? like [] method.

    string = "<div>test</div>".html_safe
    string.slice(0, 1).html_safe? # => true
    string.slice!(0, 1).html_safe? # => true

maintain html_safe? after the slice!

string.html_safe? # => true
string.chr.html_safe? # => true
```

*Michael Go*
  • Add Object#in? support for open ranges.

    assert Date.today.in?(..Date.tomorrow)
    assert_not Date.today.in?(Date.tomorrow..)

    Ignacio Galindo

  • config.i18n.raise_on_missing_translations = true now raises on any missing translation.

    Previously it would only raise when called in a view or controller. Now it will raise
    anytime I18n.t is provided an unrecognised key.

    If you do not want this behaviour, you can customise the i18n exception handler. See the
    upgrading guide or i18n guide for more information.

    Alex Ghiculescu

  • ActiveSupport::CurrentAttributes now raises if a restricted attribute name is used.

    Attributes such as set and reset cannot be used as they clash with the
    CurrentAttributes public API.

    Alex Ghiculescu

  • HashWithIndifferentAccess#transform_keys now takes a Hash argument, just
    as Ruby's Hash#transform_keys does.

    Akira Matsuda

  • delegate now defines method with proper arity when delegating to a Class.
    With this change, it defines faster method (3.5x faster with no argument).
    However, in order to gain this benefit, the delegation target method has to
    be defined before declaring the delegation.

This defines 3.5 times faster method than before

class C
  def self.x() end
  delegate :x, to: :class
end

class C

This works but silently falls back to old behavior because

delegate cannot find the definition of x

  delegate :x, to: :class
  def self.x() end
end
```

*Akira Matsuda*
  • assert_difference message now includes what changed.

    This makes it easier to debug non-obvious failures.

    Before:

    "User.count" didn't change by 32.
    Expected: 1611
      Actual: 1579
    

    After:

    "User.count" didn't change by 32, but by 0.
    Expected: 1611
      Actual: 1579
    

    Alex Ghiculescu

  • Add ability to match exception messages to assert_raises assertion

    Instead of this

    error = assert_raises(ArgumentError) do
      perform_service(param: 'exception')
    end
    assert_match(/incorrect param/i, error.message)

    you can now write this

    assert_raises(ArgumentError, match: /incorrect param/i) do
      perform_service(param: 'exception')
    end

    fatkodima

  • Add Rails.env.local? shorthand for Rails.env.development? || Rails.env.test?.

    DHH

  • ActiveSupport::Testing::TimeHelpers now accepts named with_usec argument
    to freeze_time, travel, and travel_to methods. Passing true prevents
    truncating the destination time with change(usec: 0).

    KevSlashNull, and serprex

  • ActiveSupport::CurrentAttributes.resets now accepts a method name

    The block API is still the recommended approach, but now both APIs are supported:

    class Current < ActiveSupport::CurrentAttributes
      resets { Time.zone = nil }
      resets :clear_time_zone
    end

    Alex Ghiculescu

  • Ensure ActiveSupport::Testing::Isolation::Forking closes pipes

    Previously, Forking.run_in_isolation opened two ends of a pipe. The fork
    process closed the read end, wrote to it, and then terminated (which
    presumably closed the file descriptors on its end). The parent process
    closed the write end, read from it, and returned, never closing the read
    end.

    This resulted in an accumulation of open file descriptors, which could
    cause errors if the limit is reached.

    Sam Bostock

  • Fix Time#change and Time#advance for times around the end of Daylight
    Saving Time.

    Previously, when Time#change or Time#advance constructed a time inside
    the final stretch of Daylight Saving Time (DST), the non-DST offset would
    always be chosen for local times:

DST ended just before 2021-11-07 2:00:00 AM in US/Eastern.

ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0500

```

And the DST offset would always be chosen for times with a `TimeZone`
object:

```ruby
Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0400

```

Now, `Time#change` and `Time#advance` will choose the offset that matches
the original time's offset when possible:

```ruby
ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0400

Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0500

```

*Kevin Hall*, *Takayoshi Nishida*, and *Jonathan Hefner*
  • Fix MemoryStore to preserve entries TTL when incrementing or decrementing

    This is to be more consistent with how MemCachedStore and RedisCacheStore behaves.

    Jean Boussier

  • Rails.error.handle and Rails.error.record filter now by multiple error classes.

    Rails.error.handle(IOError, ArgumentError) do
      1 + '1' # raises TypeError
    end
    1 + 1 # TypeErrors are not IOErrors or ArgumentError, so this will *not* be handled

    Martin Spickermann

  • Class#subclasses and Class#descendants now automatically filter reloaded classes.

    Previously they could return old implementations of reloadable classes that have been
    dereferenced but not yet garbage collected.

    They now automatically filter such classes like DescendantTracker#subclasses and
    DescendantTracker#descendants.

    Jean Boussier

  • Rails.error.report now marks errors as reported to avoid reporting them twice.

    In some cases, users might want to report errors explicitly with some extra context
    before letting it bubble up.

    This also allows to safely catch and report errors outside of the execution context.

    Jean Boussier

  • Add assert_error_reported and assert_no_error_reported

    Allows to easily asserts an error happened but was handled

    report = assert_error_reported(IOError) do

...

end
assert_equal "Oops", report.error.message
assert_equal "admin", report.context[:section]
assert_equal :warning, report.severity
assert_predicate report, :handled?
```

*Jean Boussier*
  • ActiveSupport::Deprecation behavior callbacks can now receive the
    deprecator instance as an argument. This makes it easier for such callbacks
    to change their behavior based on the deprecator's state. For example,
    based on the deprecator's debug flag.

    3-arity and splat-args callbacks such as the following will now be passed
    the deprecator instance as their third argument:

    • ->(message, callstack, deprecator) { ... }
    • ->(*args) { ... }
    • ->(message, *other_args) { ... }

    2-arity and 4-arity callbacks such as the following will continue to behave
    the same as before:

    • ->(message, callstack) { ... }
    • ->(message, callstack, deprecation_horizon, gem_name) { ... }
    • ->(message, callstack, *deprecation_details) { ... }

    Jonathan Hefner

  • ActiveSupport::Deprecation#disallowed_warnings now affects the instance on
    which it is configured.

    This means that individual ActiveSupport::Deprecation instances can be
    configured with their own disallowed warnings, and the global
    ActiveSupport::Deprecation.disallowed_warnings now only affects the global
    ActiveSupport::Deprecation.warn.

    Before

    ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
    deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
    deprecator.disallowed_warnings = ["bar"]
    
    ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
    ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
    deprecator.warn("foo")                 # => raise ActiveSupport::DeprecationException
    deprecator.warn("bar")                 # => print "DEPRECATION WARNING: bar"

    After

    ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
    deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
    deprecator.disallowed_warnings = ["bar"]
    
    ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
    ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
    deprecator.warn("foo")                 # => print "DEPRECATION WARNING: foo"
    deprecator.warn("bar")                 # => raise ActiveSupport::DeprecationException

    Note that global ActiveSupport::Deprecation methods such as ActiveSupport::Deprecation.warn
    and ActiveSupport::Deprecation.disallowed_warnings have been deprecated.

    Jonathan Hefner

  • Add italic and underline support to ActiveSupport::LogSubscriber#color

    Previously, only bold text was supported via a positional argument.
    This allows for bold, italic, and underline options to be specified
    for colored logs.

    info color("Hello world!", :red, bold: true, underline: true)

    Gannon McGibbon

  • Add String#downcase_first method.

    This method is the corollary of String#upcase_first.

    Mark Schneider

  • thread_mattr_accessor will call .dup.freeze on non-frozen default values.

    This provides a basic level of protection against different threads trying
    to mutate a shared default object.

    Jonathan Hefner

  • Add raise_on_invalid_cache_expiration_time config to ActiveSupport::Cache::Store

    Specifies if an ArgumentError should be raised if Rails.cache fetch or
    write are given an invalid expires_at or expires_in time.

    Options are true, and false. If false, the exception will be reported
    as handled and logged instead. Defaults to true if config.load_defaults >= 7.1.

    Trevor Turk

  • ActiveSupport::Cache:Store#fetch now passes an options accessor to the block.

    It makes possible to override cache options:

    Rails.cache.fetch("3rd-party-token") do |name, options|
      token = fetch_token_from_remote
    

set cache's TTL to match token's TTL

      options.expires_in = token.expires_in
      token
    end

*Andrii Gladkyi*, *Jean Boussier*
  • default option of thread_mattr_accessor now applies through inheritance and
    also across new threads.

    Previously, the default value provided was set only at the moment of defining
    the attribute writer, which would cause the attribute to be uninitialized in
    descendants and in other threads.

    Fixes #​43312.

    Thierry Deo

  • Redis cache store is now compatible with redis-rb 5.0.

    Jean Boussier

  • Add skip_nil: support to ActiveSupport::Cache::Store#fetch_multi.

    Daniel Alfaro

  • Add quarter method to date/time

    Matt Swanson

  • Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

    ActiveSupport::Deprecation.behavior= was supposed to accept any object
    that responds to call, but in fact its internal implementation assumed that
    this object could respond to arity, so it was restricted to only Proc objects.

    This change removes this arity restriction of custom behaviors.

    Ryo Nakamura

  • Support :url_safe option for MessageEncryptor.

    The MessageEncryptor constructor now accepts a :url_safe option, similar
    to the MessageVerifier constructor. When enabled, this option ensures
    that messages use a URL-safe encoding.

    Jonathan Hefner

  • Add url_safe option to ActiveSupport::MessageVerifier initializer

    ActiveSupport::MessageVerifier.new now takes optional url_safe argument.
    It can generate URL-safe strings by passing url_safe: true.

    verifier = ActiveSupport::MessageVerifier.new(url_safe: true)
    message = verifier.generate(data) # => URL-safe string

    This option is false by default to be backwards compatible.

    Shouichi Kamiya

  • Enable connection pooling by default for MemCacheStore and RedisCacheStore.

    If you want to disable connection pooling, set :pool option to false when configuring the cache store:

    config.cache_store = :mem_cache_store, "cache.example.com", pool: false

    fatkodima

  • Add force: support to ActiveSupport::Cache::Store#fetch_multi.

    fatkodima

  • Deprecated :pool_size and :pool_timeout options for configuring connection pooling in cache stores.

    Use pool: true to enable pooling with default settings:

    config.cache_store = :redis_cache_store, pool: true

    Or pass individual options via :pool option:

    config.cache_store = :redis_cache_store, pool: { size: 10, timeout: 2 }

    fatkodima

  • Allow #increment and #decrement methods of ActiveSupport::Cache::Store
    subclasses to set new values.

    Previously incrementing or decrementing an unset key would fail and return
    nil. A default will now be assumed and the key will be created.

    Andrej Blagojević, Eugene Kenny

  • Add skip_nil: support to RedisCacheStore

    Joey Paris

  • ActiveSupport::Cache::MemoryStore#write(name, val, unless_exist:true) now
    correctly writes expired keys.

    Alan Savage

  • ActiveSupport::ErrorReporter now accepts and forward a source: parameter.

    This allow libraries to signal the origin of the errors, and reporters
    to easily ignore some sources.

    Jean Boussier

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters
    in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

  • Respect ActiveSupport::Logger.new's :formatter keyword argument

    The stdlib Logger::new allows passing a :formatter keyword argument to
    set the logger's formatter. Previously ActiveSupport::Logger.new ignored
    that argument by always setting the formatter to an instance of
    ActiveSupport::Logger::SimpleFormatter.

    Steven Harman

  • Deprecate preserving the pre-Ruby 2.4 behavior of to_time

    With Ruby 2.4+ the default for +to_time+ changed from converting to the
    local system time to preserving the offset of the receiver. At the time Rails
    supported older versions of Ruby so a compatibility layer was added to assist
    in the migration process. From Rails 5.0 new applications have defaulted to
    the Ruby 2.4+ behavior and since Rails 7.0 now only supports Ruby 2.7+
    this compatibility layer can be safely removed.

    To minimize any noise generated the deprecation warning only appears when the
    setting is configured to false as that is the only scenario where the
    removal of the compatibility layer has any effect.

    Andrew White

  • Pathname.blank? only returns true for Pathname.new("")

    Previously it would end up calling Pathname#empty? which returned true
    if the path existed and was an empty directory or file.

    That behavior was unlikely to be expected.

    Jean Boussier

  • Deprecate Notification::Event's #children and #parent_of?

    John Hawthorn

  • Change the default serializer of ActiveSupport::MessageVerifier from
    Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

    Messages serialized with Marshal can still be read, but new messages will
    be serialized with ActiveSupport::JSON. For more information, see
    https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

    Saba Kiaei, David Buckley, and Jonathan Hefner

  • Change the default serializer of ActiveSupport::MessageEncryptor from
    Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

    Messages serialized with Marshal can still be read, but new messages will
    be serialized with ActiveSupport::JSON. For more information, see
    https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

    Zack Deveau, Martin Gingras, and Jonathan Hefner

  • Add ActiveSupport::TestCase#stub_const to stub a constant for the duration of a yield.

    DHH

  • Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

    Stephen Sugden

  • Improve File.atomic_write error handling

    Daniel Pepper

  • Fix Class#descendants and DescendantsTracker#descendants compatibility with Ruby 3.1.

    The native Class#descendants was reverted prior to Ruby 3.1 release,
    but Class#subclasses was kept, breaking the feature detection.

    Jean Boussier

Active Model

  • Remove change in the typography of user facing error messages.
    For example, “can’t be blank” is again “can't be blank”.

    Rafael Mendonça França

  • Support composite identifiers in to_key

    to_key avoids wrapping #id value into an Array if #id already an array

    Nikita Vasilevsky

  • Add ActiveModel::Conversion.param_delimiter to configure delimiter being used in to_param

    Nikita Vasilevsky

  • undefine_attribute_methods undefines alias attribute methods along with attribute methods.

    Nikita Vasilevsky

  • Error.full_message now strips ":base" from the message.

    zzak

  • Add a load hook for ActiveModel::Model (named active_model) to match the load hook for
    ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

    Lewis Buckley

  • Improve password length validation in ActiveModel::SecurePassword to consider byte size for BCrypt
    compatibility.

    The previous password length validation only considered the character count, which may not
    accurately reflect the 72-byte size limit imposed by BCrypt. This change updates the validation
    to consider both character count and byte size while keeping the character length validation in place.

    user = User.new(password: "a" * 73)  # 73 characters
    user.valid? # => false
    user.errors[:password] # => ["is too long"]
    
    user = User.new(password: "あ" * 25)  # 25 characters, 75 bytes
    user.valid? # => false
    user.errors[:password] # => ["is too long"]

    ChatGPT, Guillermo Iguaran

  • has_secure_password now generates an #{attribute}_salt method that returns the salt
    used to compute the password digest. The salt will change whenever the password is changed,
    so it can be used to create single-use password reset tokens with generates_token_for:

    class User < ActiveRecord::Base
      has_secure_password
    
      generates_token_for :password_reset, expires_in: 15.minutes do
        password_salt&.last(10)
      end
    end

    Lázaro Nixon

  • Improve typography of user facing error messages. In English contractions,
    the Unicode APOSTROPHE (U+0027) is now RIGHT SINGLE QUOTATION MARK
    (U+2019). For example, "can't be blank" is now "can’t be blank".

    Jon Dufresne

  • Add class to ActiveModel::MissingAttributeError error message.

    Show which class is missing the attribute in the error message:

    user = User.first
    user.pets.select(:id).first.user_id

=> ActiveModel::MissingAttributeError: missing attribute 'user_id' for Pet

```

*Petrik de Heus*
  • Raise NoMethodError in ActiveModel::Type::Value#as_json to avoid unpredictable
    results.

    Vasiliy Ermolovich

  • Custom attribute types that inherit from Active Model built-in types and do
    not override the serialize method will now benefit from an optimization
    when serializing attribute values for the database.

    For example, with a custom type like the following:

    class DowncasedString < ActiveModel::Type::String
      def cast(value)
        super&.downcase
      end
    end
    
    ActiveRecord::Type.register(:downcased_string, DowncasedString)
    
    class User < ActiveRecord::Base
      attribute :email, :downcased_string
    end
    
    user = User.new(email: "[email protected]")

    Serializing the email attribute for the database will be roughly twice as
    fast. More expensive cast operations will likely see greater improvements.

    Jonathan Hefner

  • has_secure_password now supports password challenges via a
    password_challenge accessor and validation.

    A password challenge is a safeguard to verify that the current user is
    actually the password owner. It can be used when changing sensitive model
    fields, such as the password itself. It is different than a password
    confirmation, which is used to prevent password typos.

    When password_challenge is set, the validation checks that the value's
    digest matches the currently persisted password_digest (i.e.
    password_digest_was).

    This allows a password challenge to be done as part of a typical update
    call, just like a password confirmation. It also allows a password
    challenge error to be handled in the same way as other validation errors.

    For example, in the controller, instead of:

    password_params = params.require(:password).permit(
      :password_challenge,
      :password,
      :password_confirmation,
    )
    
    password_challenge = password_params.delete(:password_challenge)
    @&#8203;password_challenge_failed = !current_user.authenticate(password_challenge)
    
    if !@&#8203;password_challenge_failed && current_user.update(password_params)

...

end
```

You can now write:

```ruby
password_params = params.require(:password).permit(
  :password_challenge,
  :password,
  :password_confirmation,
).with_defaults(password_challenge: "")

if current_user.update(password_params)

...

end
```

And, in the view, instead of checking `@password_challenge_failed`, you can
render an error for the `password_challenge` field just as you would for
other form fields, including utilizing `config.action_view.field_error_proc`.

*Jonathan Hefner*
  • Support infinite ranges for LengthValidators :in/:within options

    validates_length_of :first_name, in: ..30

    fatkodima

  • Add support for beginless ranges to inclusivity/exclusivity validators:

    validates_inclusion_of :birth_date, in: -> { (..Date.today) }
    validates_exclusion_of :birth_date, in: -> { (..Date.today) }

    Bo Jeanes

  • Make validators accept lambdas without record argument

Before

validates_comparison_of :birth_date, le

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 13, 2023
@renovate renovate bot changed the title Update dependency rails to v7.0.8 Update dependency rails to v7.1.0 Oct 5, 2023
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 241d3fe to 67463f8 Compare October 5, 2023 10:10
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 67463f8 to af592e2 Compare November 6, 2023 08:02
@renovate renovate bot changed the title Update dependency rails to v7.1.0 Update dependency rails to v7.1.1 Nov 6, 2023
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from af592e2 to 9bf5b80 Compare November 11, 2023 00:51
@renovate renovate bot changed the title Update dependency rails to v7.1.1 Update dependency rails to v7.1.2 Nov 11, 2023
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 9bf5b80 to 87813d4 Compare January 17, 2024 00:34
@renovate renovate bot changed the title Update dependency rails to v7.1.2 Update dependency rails to v7.1.3 Jan 17, 2024
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 87813d4 to c8dcf85 Compare February 21, 2024 19:26
@renovate renovate bot changed the title Update dependency rails to v7.1.3 Update dependency rails to v7.1.3.1 Feb 21, 2024
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from c8dcf85 to c60eeae Compare February 22, 2024 01:55
@renovate renovate bot changed the title Update dependency rails to v7.1.3.1 Update dependency rails to v7.1.3.2 Feb 22, 2024
@renovate renovate bot changed the title Update dependency rails to v7.1.3.2 Update dependency rails to v7.1.3.2 - autoclosed Feb 28, 2024
@renovate renovate bot closed this Feb 28, 2024
@renovate renovate bot deleted the renovate/ruby-on-rails-packages branch February 28, 2024 01:46
@renovate renovate bot changed the title Update dependency rails to v7.1.3.2 - autoclosed Update dependency rails to v7.1.3.2 Mar 2, 2024
@renovate renovate bot reopened this Mar 2, 2024
@renovate renovate bot restored the renovate/ruby-on-rails-packages branch March 2, 2024 01:03
@renovate renovate bot changed the title Update dependency rails to v7.1.3.2 Update dependency rails to v7.1.3.2 - autoclosed Mar 22, 2024
@renovate renovate bot closed this Mar 22, 2024
@renovate renovate bot deleted the renovate/ruby-on-rails-packages branch March 22, 2024 00:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants