rails/rails (activesupport)
### [`v7.1.3.4`](https://togithub.com/rails/rails/releases/tag/v7.1.3.4): 7.1.3.4
[Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.3...v7.1.3.4)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- Include the HTTP Permissions-Policy on non-HTML Content-Types
\[CVE-2024-28103]
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Sanitize ActionText HTML ContentAttachment in Trix edit view
\[CVE-2024-32464]
#### Railties
- No changes.
### [`v7.1.3.3`](https://togithub.com/rails/rails/releases/tag/v7.1.3.3): 7.1.3.3
[Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.2...v7.1.3.3)
#### Active Support
- No changes.
#### Active Model
- No changes.
#### Active Record
- No changes.
#### Action View
- No changes.
#### Action Pack
- No changes.
#### Active Job
- No changes.
#### Action Mailer
- No changes.
#### Action Cable
- No changes.
#### Active Storage
- No changes.
#### Action Mailbox
- No changes.
#### Action Text
- Upgrade Trix to 2.1.1 to fix [CVE-2024-34341](https://togithub.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
*Rafael Mendonça França*
#### Railties
- No changes.
### [`v7.1.3.2`](https://togithub.com/rails/rails/releases/tag/v7.1.3.2)
[Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.1...v7.1.3.2)
##### Active Support
- No changes.
##### Active Model
- No changes.
##### Active Record
- No changes.
##### Action View
- No changes.
##### Action Pack
- Fix `raise_on_missing_translations` not working correctly with the
`translate` method in controllers after the patch for CVE-2024-26143.
##### Active Job
- No changes.
##### Action Mailer
- No changes.
##### Action Cable
- No changes.
##### Active Storage
- No changes.
##### Action Mailbox
- No changes.
##### Action Text
- No changes.
##### Railties
- No changes.
### [`v7.1.3.1`](https://togithub.com/rails/rails/releases/tag/v7.1.3.1): 7.1.3.1
[Compare Source](https://togithub.com/rails/rails/compare/v7.1.3...v7.1.3.1)
##### Active Support
- No changes.
##### Active Model
- No changes.
##### Active Record
- No changes.
##### Action View
- No changes.
##### Action Pack
- Fix possible XSS vulnerability with the `translate` method in controllers
CVE-2024-26143
- Fix ReDoS in Accept header parsing
CVE-2024-26142
##### Active Job
- No changes.
##### Action Mailer
- No changes.
##### Action Cable
- No changes.
##### Active Storage
- No changes.
##### Action Mailbox
- No changes.
##### Action Text
- No changes.
##### Railties
- No changes.
### [`v7.1.3`](https://togithub.com/rails/rails/releases/tag/v7.1.3): 7.1.3
[Compare Source](https://togithub.com/rails/rails/compare/v7.1.2...v7.1.3)
##### Active Support
- Handle nil `backtrace_locations` in `ActiveSupport::SyntaxErrorProxy`.
*Eugene Kenny*
- Fix `ActiveSupport::JSON.encode` to prevent duplicate keys.
If the same key exist in both String and Symbol form it could
lead to the same key being emitted twice.
*Manish Sharma*
- Fix `ActiveSupport::Cache::Store#read_multi` when using a cache namespace
and local cache strategy.
*Mark Oleson*
- Fix `Time.now/DateTime.now/Date.today` to return results in a system timezone after `#travel_to`.
There is a bug in the current implementation of #travel_to:
it remembers a timezone of its argument, and all stubbed methods start
returning results in that remembered timezone. However, the expected
behaviour is to return results in a system timezone.
*Aleksei Chernenkov*
- Fix `:unless_exist` option for `MemoryStore#write` (et al) when using a
cache namespace.
*S. Brent Faulkner*
- Fix ActiveSupport::Deprecation to handle blaming generated code.
*Jean Boussier*, *fatkodima*
##### Active Model
- No changes.
##### Active Record
- Fix Migrations with versions older than 7.1 validating options given to
`add_reference`.
*Hartley McGuire*
- Ensure `reload` sets correct owner for each association.
*Dmytro Savochkin*
- Fix view runtime for controllers with async queries.
*fatkodima*
- Fix `load_async` to work with query cache.
*fatkodima*
- Fix polymorphic `belongs_to` to correctly use parent's `query_constraints`.
*fatkodima*
- Fix `Preloader` to not generate a query for already loaded association with `query_constraints`.
*fatkodima*
- Fix multi-database polymorphic preloading with equivalent table names.
When preloading polymorphic associations, if two models pointed to two
tables with the same name but located in different databases, the
preloader would only load one.
*Ari Summer*
- Fix `encrypted_attribute?` to take into account context properties passed to `encrypts`.
*Maxime Réty*
- Fix `find_by` to work correctly in presence of composite primary keys.
*fatkodima*
- Fix async queries sometimes returning a raw result if they hit the query cache.
`ShipPart.async_count` could return a raw integer rather than a Promise
if it found the result in the query cache.
*fatkodima*
- Fix `Relation#transaction` to not apply a default scope.
The method was incorrectly setting a default scope around its block:
```ruby
Post.where(published: true).transaction do
Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE;
end
```
*Jean Boussier*
- Fix calling `async_pluck` on a `none` relation.
`Model.none.async_pluck(:id)` was returning a naked value
instead of a promise.
*Jean Boussier*
- Fix calling `load_async` on a `none` relation.
`Model.none.load_async` was returning a broken result.
*Lucas Mazza*
- TrilogyAdapter: ignore `host` if `socket` parameter is set.
This allows to configure a connection on a UNIX socket via DATABASE_URL:
DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
*Jean Boussier*
- Fix `has_secure_token` calls the setter method on initialize.
*Abeid Ahmed*
- Allow using `object_id` as a database column name.
It was available before rails 7.1 and may be used as a part of polymorphic relationship to `object` where `object` can be any other database record.
*Mikhail Doronin*
- Fix `rails db:create:all` to not touch databases before they are created.
*fatkodima*
##### Action View
- Better handle SyntaxError in Action View.
*Mario Caropreso*
- Fix `word_wrap` with empty string.
*Jonathan Hefner*
- Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`.
*Sean Doyle*
- Fix detection of required strict locals.
Further fix `render @collection` compatibility with strict locals
*Jean Boussier*
##### Action Pack
- Fix including `Rails.application.routes.url_helpers` directly in an
`ActiveSupport::Concern.`
*Jonathan Hefner*
- Fix system tests when using a Chrome binary that has been downloaded by
Selenium.
*Jonathan Hefner*
##### Active Job
- Do not trigger immediate loading of `ActiveJob::Base` when loading `ActiveJob::TestHelper`.
*Maxime Réty*
- Preserve the serialized timezone when deserializing `ActiveSupport::TimeWithZone` arguments.
*Joshua Young*
- Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers.
*fatkodima*
##### Action Mailer
- No changes.
##### Action Cable
- No changes.
##### Active Storage
- Fix N+1 query when fetching preview images for non-image assets.
*Aaron Patterson & Justin Searls*
- Fix all Active Storage database related models to respect
`ActiveRecord::Base.table_name_prefix` configuration.
*Chedli Bourguiba*
- Fix `ActiveStorage::Representations::ProxyController` not returning the proper
preview image variant for previewable files.
*Chedli Bourguiba*
- Fix `ActiveStorage::Representations::ProxyController` to proxy untracked
variants.
*Chedli Bourguiba*
- Fix direct upload forms when submit button contains nested elements.
*Marc Köhlbrugge*
- When using the `preprocessed: true` option, avoid enqueuing transform jobs
for blobs that are not representable.
*Chedli Bourguiba*
- Process preview image variant when calling `ActiveStorage::Preview#processed`.
For example, `attached_pdf.preview(:thumb).processed` will now immediately
generate the full-sized preview image and the `:thumb` variant of it.
Previously, the `:thumb` variant would not be generated until a further call
to e.g. `processed.url`.
*Chedli Bourguiba* and *Jonathan Hefner*
- Prevent `ActiveRecord::StrictLoadingViolationError` when strict loading is
enabled and the variant of an Active Storage preview has already been
processed (for example, by calling `ActiveStorage::Preview#url`).
*Jonathan Hefner*
- Fix `preprocessed: true` option for named variants of previewable files.
*Nico Wenterodt*
##### Action Mailbox
- No changes.
##### Action Text
- No changes.
##### Railties
- Make sure `config.after_routes_loaded` hook runs on boot.
*Rafael Mendonça França*
- Fix `config.log_level` not being respected when using a `BroadcastLogger`
*Édouard Chin*
- Fix isolated engines to take `ActiveRecord::Base.table_name_prefix` into consideration.
This will allow for engine defined models, such as inside Active Storage, to respect
Active Record table name prefix configuration.
*Chedli Bourguiba*
- The `bin/rails app:template` command will no longer add potentially unwanted
gem platforms via `bundle lock --add-platform=...` commands.
*Jonathan Hefner*
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
'>= 6.1.7.3', '< 7.1.3'->'>= 6.1.7.3', '< 7.1.4'Release Notes
rails/rails (activesupport)
### [`v7.1.3.4`](https://togithub.com/rails/rails/releases/tag/v7.1.3.4): 7.1.3.4 [Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.3...v7.1.3.4) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Include the HTTP Permissions-Policy on non-HTML Content-Types \[CVE-2024-28103] #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Sanitize ActionText HTML ContentAttachment in Trix edit view \[CVE-2024-32464] #### Railties - No changes. ### [`v7.1.3.3`](https://togithub.com/rails/rails/releases/tag/v7.1.3.3): 7.1.3.3 [Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.2...v7.1.3.3) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Upgrade Trix to 2.1.1 to fix [CVE-2024-34341](https://togithub.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99). *Rafael Mendonça França* #### Railties - No changes. ### [`v7.1.3.2`](https://togithub.com/rails/rails/releases/tag/v7.1.3.2) [Compare Source](https://togithub.com/rails/rails/compare/v7.1.3.1...v7.1.3.2) ##### Active Support - No changes. ##### Active Model - No changes. ##### Active Record - No changes. ##### Action View - No changes. ##### Action Pack - Fix `raise_on_missing_translations` not working correctly with the `translate` method in controllers after the patch for CVE-2024-26143. ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - No changes. ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - No changes. ### [`v7.1.3.1`](https://togithub.com/rails/rails/releases/tag/v7.1.3.1): 7.1.3.1 [Compare Source](https://togithub.com/rails/rails/compare/v7.1.3...v7.1.3.1) ##### Active Support - No changes. ##### Active Model - No changes. ##### Active Record - No changes. ##### Action View - No changes. ##### Action Pack - Fix possible XSS vulnerability with the `translate` method in controllers CVE-2024-26143 - Fix ReDoS in Accept header parsing CVE-2024-26142 ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - No changes. ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - No changes. ### [`v7.1.3`](https://togithub.com/rails/rails/releases/tag/v7.1.3): 7.1.3 [Compare Source](https://togithub.com/rails/rails/compare/v7.1.2...v7.1.3) ##### Active Support - Handle nil `backtrace_locations` in `ActiveSupport::SyntaxErrorProxy`. *Eugene Kenny* - Fix `ActiveSupport::JSON.encode` to prevent duplicate keys. If the same key exist in both String and Symbol form it could lead to the same key being emitted twice. *Manish Sharma* - Fix `ActiveSupport::Cache::Store#read_multi` when using a cache namespace and local cache strategy. *Mark Oleson* - Fix `Time.now/DateTime.now/Date.today` to return results in a system timezone after `#travel_to`. There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone. *Aleksei Chernenkov* - Fix `:unless_exist` option for `MemoryStore#write` (et al) when using a cache namespace. *S. Brent Faulkner* - Fix ActiveSupport::Deprecation to handle blaming generated code. *Jean Boussier*, *fatkodima* ##### Active Model - No changes. ##### Active Record - Fix Migrations with versions older than 7.1 validating options given to `add_reference`. *Hartley McGuire* - Ensure `reload` sets correct owner for each association. *Dmytro Savochkin* - Fix view runtime for controllers with async queries. *fatkodima* - Fix `load_async` to work with query cache. *fatkodima* - Fix polymorphic `belongs_to` to correctly use parent's `query_constraints`. *fatkodima* - Fix `Preloader` to not generate a query for already loaded association with `query_constraints`. *fatkodima* - Fix multi-database polymorphic preloading with equivalent table names. When preloading polymorphic associations, if two models pointed to two tables with the same name but located in different databases, the preloader would only load one. *Ari Summer* - Fix `encrypted_attribute?` to take into account context properties passed to `encrypts`. *Maxime Réty* - Fix `find_by` to work correctly in presence of composite primary keys. *fatkodima* - Fix async queries sometimes returning a raw result if they hit the query cache. `ShipPart.async_count` could return a raw integer rather than a Promise if it found the result in the query cache. *fatkodima* - Fix `Relation#transaction` to not apply a default scope. The method was incorrectly setting a default scope around its block: ```ruby Post.where(published: true).transaction do Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE; end ``` *Jean Boussier* - Fix calling `async_pluck` on a `none` relation. `Model.none.async_pluck(:id)` was returning a naked value instead of a promise. *Jean Boussier* - Fix calling `load_async` on a `none` relation. `Model.none.load_async` was returning a broken result. *Lucas Mazza* - TrilogyAdapter: ignore `host` if `socket` parameter is set. This allows to configure a connection on a UNIX socket via DATABASE_URL: DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock *Jean Boussier* - Fix `has_secure_token` calls the setter method on initialize. *Abeid Ahmed* - Allow using `object_id` as a database column name. It was available before rails 7.1 and may be used as a part of polymorphic relationship to `object` where `object` can be any other database record. *Mikhail Doronin* - Fix `rails db:create:all` to not touch databases before they are created. *fatkodima* ##### Action View - Better handle SyntaxError in Action View. *Mario Caropreso* - Fix `word_wrap` with empty string. *Jonathan Hefner* - Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`. Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`. *Sean Doyle* - Fix detection of required strict locals. Further fix `render @collection` compatibility with strict locals *Jean Boussier* ##### Action Pack - Fix including `Rails.application.routes.url_helpers` directly in an `ActiveSupport::Concern.` *Jonathan Hefner* - Fix system tests when using a Chrome binary that has been downloaded by Selenium. *Jonathan Hefner* ##### Active Job - Do not trigger immediate loading of `ActiveJob::Base` when loading `ActiveJob::TestHelper`. *Maxime Réty* - Preserve the serialized timezone when deserializing `ActiveSupport::TimeWithZone` arguments. *Joshua Young* - Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers. *fatkodima* ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - Fix N+1 query when fetching preview images for non-image assets. *Aaron Patterson & Justin Searls* - Fix all Active Storage database related models to respect `ActiveRecord::Base.table_name_prefix` configuration. *Chedli Bourguiba* - Fix `ActiveStorage::Representations::ProxyController` not returning the proper preview image variant for previewable files. *Chedli Bourguiba* - Fix `ActiveStorage::Representations::ProxyController` to proxy untracked variants. *Chedli Bourguiba* - Fix direct upload forms when submit button contains nested elements. *Marc Köhlbrugge* - When using the `preprocessed: true` option, avoid enqueuing transform jobs for blobs that are not representable. *Chedli Bourguiba* - Process preview image variant when calling `ActiveStorage::Preview#processed`. For example, `attached_pdf.preview(:thumb).processed` will now immediately generate the full-sized preview image and the `:thumb` variant of it. Previously, the `:thumb` variant would not be generated until a further call to e.g. `processed.url`. *Chedli Bourguiba* and *Jonathan Hefner* - Prevent `ActiveRecord::StrictLoadingViolationError` when strict loading is enabled and the variant of an Active Storage preview has already been processed (for example, by calling `ActiveStorage::Preview#url`). *Jonathan Hefner* - Fix `preprocessed: true` option for named variants of previewable files. *Nico Wenterodt* ##### Action Mailbox - No changes. ##### Action Text - No changes. ##### Railties - Make sure `config.after_routes_loaded` hook runs on boot. *Rafael Mendonça França* - Fix `config.log_level` not being respected when using a `BroadcastLogger` *Édouard Chin* - Fix isolated engines to take `ActiveRecord::Base.table_name_prefix` into consideration. This will allow for engine defined models, such as inside Active Storage, to respect Active Record table name prefix configuration. *Chedli Bourguiba* - The `bin/rails app:template` command will no longer add potentially unwanted gem platforms via `bundle lock --add-platform=...` commands. *Jonathan Hefner*Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.