Open renovate[bot] opened 2 months ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
Fetching gem metadata from https://rubygems.org/...........
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies....
Bundler could not find compatible versions for gem "ruby ":
In Gemfile:
ruby (~> 2.6.5.0)
rails (~> 7.2.0) was resolved to 7.2.1, which depends on
ruby (>= 3.1.0)
This PR contains the following updates:
'~> 6.0.1'
->'~> 7.2.0'
Release Notes
rails/rails (rails)
### [`v7.2.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.2): 7.2.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1.2...v7.2.2) #### Active Support - Include options when instrumenting `ActiveSupport::Cache::Store#delete` and `ActiveSupport::Cache::Store#delete_multi`. *Adam Renberg Tamm* - Print test names when running `rails test -v` for parallel tests. *John Hawthorn*, *Abeid Ahmed* #### Active Model - Fix regression in `alias_attribute` to work with user defined methods. `alias_attribute` would wrongly assume the attribute accessor was generated by Active Model. ```ruby class Person include ActiveModel::AttributeMethods define_attribute_methods :name attr_accessor :name alias_attribute :full_name, :name end person.full_name # => NoMethodError: undefined method `attribute' for an instance of Person ``` *Jean Boussier* #### Active Record - Fix support for `query_cache: false` in `database.yml`. `query_cache: false` would no longer entirely disable the Active Record query cache. *zzak* - Set `.attributes_for_inspect` to `:all` by default. For new applications it is set to `[:id]` in config/environment/production.rb. In the console all the attributes are always shown. *Andrew Novoselac* - `PG::UnableToSend: no connection to the server` is now retryable as a connection-related exception *Kazuma Watanabe* - Fix marshalling of unsaved associated records in 7.1 format. The 7.1 format would only marshal associated records if the association was loaded. But associations that would only contain unsaved records would be skipped. *Jean Boussier* - Fix incorrect SQL query when passing an empty hash to `ActiveRecord::Base.insert`. *David Stosik* - Allow to save records with polymorphic join tables that have `inverse_of` specified. *Markus Doits* - Fix association scopes applying on the incorrect join when using a polymorphic `has_many through:`. *Joshua Young* - Fix `dependent: :destroy` for bi-directional has one through association. Fixes [#50948](https://redirect.github.com/rails/rails/issues/50948). ```ruby class Left < ActiveRecord::Base has_one :middle, dependent: :destroy has_one :right, through: :middle end class Middle < ActiveRecord::Base belongs_to :left, dependent: :destroy belongs_to :right, dependent: :destroy end class Right < ActiveRecord::Base has_one :middle, dependent: :destroy has_one :left, through: :middle end ``` In the above example `left.destroy` wouldn't destroy its associated `Right` record. *Andy Stewart* - Properly handle lazily pinned connection pools. Fixes [#53147](https://redirect.github.com/rails/rails/issues/53147). When using transactional fixtures with system tests to similar tools such as capybara, it could happen that a connection end up pinned by the server thread rather than the test thread, causing `"Cannot expire connection, it is owned by a different thread"` errors. *Jean Boussier* - Fix `ActiveRecord::Base.with` to accept more than two sub queries. Fixes [#53110](https://redirect.github.com/rails/rails/issues/53110). ```ruby User.with(foo: [User.select(:id), User.select(:id), User.select(:id)]).to_sql undefined method `union' for an instance of Arel::Nodes::UnionAll (NoMethodError) ``` The above now works as expected. *fatkodima* - Properly release pinned connections with non joinable connections. Fixes [#52973](https://redirect.github.com/rails/rails/issues/52973) When running system tests with transactional fixtures on, it could happen that the connection leased by the Puma thread wouldn't be properly released back to the pool, causing "Cannot expire connection, it is owned by a different thread" errors in later tests. *Jean Boussier* - Make Float distinguish between `float4` and `float8` in PostgreSQL. Fixes [#52742](https://redirect.github.com/rails/rails/issues/52742) *Ryota Kitazawa*, *Takayuki Nagatomi* - Fix an issue where `.left_outer_joins` used with multiple associations that have the same child association but different parents does not join all parents. Previously, using `.left_outer_joins` with the same child association would only join one of the parents. Now it will correctly join both parents. Fixes [#41498](https://redirect.github.com/rails/rails/issues/41498). *Garrett Blehm* - Ensure `ActiveRecord::Encryption.config` is always ready before access. Previously, `ActiveRecord::Encryption` configuration was deferred until `ActiveRecord::Base` was loaded. Therefore, accessing `ActiveRecord::Encryption.config` properties before `ActiveRecord::Base` was loaded would give incorrect results. `ActiveRecord::Encryption` now has its own loading hook so that its configuration is set as soon as needed. When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers the loading of `ActiveRecord::Encryption`, thus preserving the original behavior of having its config ready before any use of `ActiveRecord::Base`. *Maxime Réty* - Add `TimeZoneConverter#==` method, so objects will be properly compared by their type, scale, limit & precision. Address [#52699](https://redirect.github.com/rails/rails/issues/52699). *Ruy Rocha* #### Action View - No changes. #### Action Pack - Fix non-GET requests not updating cookies in `ActionController::TestCase`. *Jon Moss*, *Hartley McGuire* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1.2`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.2): 7.2.1.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1.1...v7.2.1.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - Fix NoMethodError in `block_format` helper *Michael Leimstaedtner* #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1.1): 7.2.1.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.1...v7.2.1.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Avoid regex backtracking in HTTP Token authentication \[CVE-2024-47887] - Avoid regex backtracking in query parameter filtering \[CVE-2024-41128] #### Active Job - No changes. #### Action Mailer - Avoid regex backtracking in `block_format` helper \[CVE-2024-47889] #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Avoid backtracing in plain_text_for_blockquote_node \[CVE-2024-47888] #### Railties - No changes. #### Guides - No changes. ### [`v7.2.1`](https://redirect.github.com/rails/rails/releases/tag/v7.2.1): 7.2.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.2.0...v7.2.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - Fix detection for `enum` columns with parallelized tests and PostgreSQL. *Rafael Mendonça França* - Allow to eager load nested nil associations. *fatkodima* - Fix swallowing ignore order warning when batching using `BatchEnumerator`. *fatkodima* - Fix memory bloat on the connection pool when using the Fiber `IsolatedExecutionState`. *Jean Boussier* - Restore inferred association class with the same modularized name. *Justin Ko* - Fix `ActiveRecord::Base.inspect` to properly explain how to load schema information. *Jean Boussier* - Check invalid `enum` options for the new syntax. The options using `_` prefix in the old syntax are invalid in the new syntax. *Rafael Mendonça França* - Fix `ActiveRecord::Encryption::EncryptedAttributeType#type` to return actual cast type. *Vasiliy Ermolovich* - Fix `create_table` with `:auto_increment` option for MySQL adapter. *fatkodima* #### Action View - No changes. #### Action Pack - Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`. *Hartley McGuire* #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Strip `content` attribute if the key is present but the value is empty *Jeremy Green* #### Railties - Fix `rails console` for application with non default application constant. The wrongly assumed the Rails application would be named `AppNamespace::Application`, which is the default but not an obligation. *Jean Boussier* - Fix the default Dockerfile to include the full sqlite3 package. Prior to this it only included `libsqlite3`, so it wasn't enough to run `rails dbconsole`. *Jerome Dalbert* - Don't update public directory during `app:update` command for API-only Applications. *y-yagi* - Don't add bin/brakeman if brakeman is not in bundle when upgrading an application. *Etienne Barrié* - Remove PWA views and routes if its an API only project. *Jean Boussier* - Simplify generated Puma configuration *DHH*, *Rafael Mendonça França* ### [`v7.2.0`](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.2.0) [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.5...v7.2.0) ### [`v7.1.5`](https://redirect.github.com/rails/rails/releases/tag/v7.1.5): 7.1.5 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4.2...v7.1.5) #### Active Support - No changes. #### Active Model - Fix regression in `alias_attribute` to work with user defined methods. `alias_attribute` would wrongly assume the attribute accessor was generated by Active Model. ```ruby class Person include ActiveModel::AttributeMethods define_attribute_methods :name attr_accessor :name alias_attribute :full_name, :name end person.full_name # => NoMethodError: undefined method `attribute' for an instance of Person ``` *Jean Boussier* #### Active Record - Fix marshalling of unsaved associated records in 7.1 format. The 7.1 format would only marshal associated records if the association was loaded. But associations that would only contain unsaved records would be skipped. *Jean Boussier* - Fix an issue where `.left_outer_joins` used with multiple associations that have the same child association but different parents does not join all parents. Previously, using `.left_outer_joins` with the same child association would only join one of the parents. Now it will correctly join both parents. Fixes [#41498](https://redirect.github.com/rails/rails/issues/41498). *Garrett Blehm* - Ensure `ActiveRecord::Encryption.config` is always ready before access. Previously, `ActiveRecord::Encryption` configuration was deferred until `ActiveRecord::Base` was loaded. Therefore, accessing `ActiveRecord::Encryption.config` properties before `ActiveRecord::Base` was loaded would give incorrect results. `ActiveRecord::Encryption` now has its own loading hook so that its configuration is set as soon as needed. When `ActiveRecord::Base` is loaded, even lazily, it in turn triggers the loading of `ActiveRecord::Encryption`, thus preserving the original behavior of having its config ready before any use of `ActiveRecord::Base`. *Maxime Réty* - Add `TimeZoneConverter#==` method, so objects will be properly compared by their type, scale, limit & precision. Address [#52699](https://redirect.github.com/rails/rails/issues/52699). *Ruy Rocha* #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4.2`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.2): 7.1.4.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4.1...v7.1.4.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - Fix NoMethodError in `block_format` helper *Michael Leimstaedtner* #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4.1): 7.1.4.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.4...v7.1.4.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Avoid regex backtracking in HTTP Token authentication \[CVE-2024-47887] - Avoid regex backtracking in query parameter filtering \[CVE-2024-41128] #### Active Job - No changes. #### Action Mailer - Avoid regex backtracking in `block_format` helper \[CVE-2024-47889] #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Avoid backtracing in plain_text_for_blockquote_node \[CVE-2024-47888] #### Railties - No changes. #### Guides - No changes. ### [`v7.1.4`](https://redirect.github.com/rails/rails/releases/tag/v7.1.4): 7.1.4 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3.4...v7.1.4) #### Active Support - Improve compatibility for `ActiveSupport::BroadcastLogger`. *Máximo Mussini* - Pass options along to write_entry in handle_expired_entry method. *Graham Cooper* - Fix Active Support configurations deprecations. *fatkodima* - Fix teardown callbacks. *Tristan Starck* - `BacktraceCleaner` silence core internal methods by default. *Jean Boussier* - Fix `delegate_missing_to allow_nil: true` when called with implict self ```ruby class Person delegate_missing_to :address, allow_nil: true def address nil end def berliner? city == "Berlin" end end Person.new.city # => nil Person.new.berliner? # undefined local variable or method `city' for an instance of Person (NameError) ``` *Jean Boussier* - Work around a Ruby bug that can cause a VM crash. This would happen if using `TaggerLogger` with a Proc formatter on which you called `object_id`. [BUG] Object ID seen, but not in mapping table: proc *Jean Boussier* - Fix `ActiveSupport::Notifications.publish_event` to preserve units. This solves the incorrect reporting of time spent running Active Record asynchronous queries (by a factor `1000`). *Jean Boussier* #### Active Model - No changes. #### Active Record - Allow to eager load nested nil associations. *fatkodima* - Fix `create_table` with `:auto_increment` option for MySQL adapter. *fatkodima* - Don't load has_one associations during autosave. *Eugene Kenny* - Fix migration ordering for `bin/rails db:prepare` across databases. *fatkodima* - Fix `alias_attribute` to ignore methods defined in parent classes. *Jean Boussier* - Fix a performance regression in attribute methods. *Jean Boussier* - Fix Active Record configs variable shadowing. *Joel Lubrano* - Fix running migrations on other databases when `database_tasks: false` on primary. *fatkodima* - Fix non-partial inserts for models with composite identity primary keys. *fatkodima* - Fix `ActiveRecord::Relation#touch_all` with custom attribute aliased as attribute for update. *fatkodima* - Fix a crash when an Executor wrapped fork exit. *Joé Dupuis* - Fix `destroy_async` job for owners with composite primary keys. *fatkodima* - Ensure pre-7.1 migrations use legacy index names when using `rename_table`. *fatkodima* - Allow `primary_key:` association option to be composite. *Nikita Vasilevsky* - Do not try to alias on key update when raw SQL is supplied. *Gabriel Amaral* - Memoize `key_provider` from `key` or deterministic `key_provider` if any. *Rosa Gutierrez* - Fix `upsert` warning for MySQL. *fatkodima* - Fix predicate builder for polymorphic models referencing models with composite primary keys. *fatkodima* - Fix `update_all/delete_all` on CPK model relation with join subquery. *Nikita Vasilevsky* - Remove memoization to accept `key_provider` overridden by `with_encryption_context`. *John Hawthorn* - Raise error for Trilogy when prepared_statements is true. Trilogy doesn't currently support prepared statements. The error that applications would see is a `StatementInvalid` error. This doesn't quite point you to the fact this isn't supported. So raise a more appropriate error pointing to what to change. *Eileen M. Uchitelle* - Fix loading schema cache when all databases have disabled database tasks. *fatkodima* - Always request `primary_key` in `RETURNING` if no other columns requested. *Nikita Vasilevsky* - Handle records being loaded with Marshal without triggering schema load When using the old marshalling format for Active Record and loading a serialized instance, it didn't trigger loading the schema and defining attribute methods. *Jean Boussier* - Prevent some constant redefinition warnings when defining `inherited` on models. *Adrian Hirt* - Fix a memory perfomance regression in attribute methods. Attribute methods used much more memory and were slower to define than they should have been. *Jean Boussier* - Fix an issue that could cause database connection leaks. If Active Record successfully connected to the database, but then failed to read the server informations, the connection would be leaked until the Ruby garbage collector triggers. *Jean Boussier* - Fix an issue where the IDs reader method did not return expected results for preloaded associations in models using composite primary keys. *Jay Ang* - PostgreSQL `Cidr#change?` detects the address prefix change. *Taketo Takashima* - Fix Active Record serialization to not include instantiated but not loaded associations *Jean Boussier*, *Ben Kyriakou* - Allow `Sqlite3Adapter` to use `sqlite3` gem version `2.x` *Mike Dalessio* - Strict loading using `:n_plus_one_only` does not eagerly load child associations. With this change, child associations are no longer eagerly loaded, to match intended behavior and to prevent non-deterministic order issues caused by calling methods like `first` or `last`. As `first` and `last` don't cause an N+1 by themselves, calling child associations will no longer raise. Fixes [#49473](https://redirect.github.com/rails/rails/issues/49473). Before: ```ruby person = Person.find(1) person.strict_loading!(mode: :n_plus_one_only) person.posts.first ``` ### SELECT \* FROM posts WHERE person_id = 1; -- non-deterministic order person.posts.first.firm # raises ActiveRecord::StrictLoadingViolationError ``` After: ```ruby person = Person.find(1) person.strict_loading!(mode: :n_plus_one_only) person.posts.first # this is 1+1, not N+1 ### SELECT \* FROM posts WHERE person_id = 1 ORDER BY id LIMIT 1; person.posts.first.firm # no longer raises ``` *Reid Lynch* - Using `Model.query_constraints` with a single non-primary-key column used to raise as expected, but with an incorrect error message. This has been fixed to raise with a more appropriate error message. *Joshua Young* - Fix `has_one` association autosave setting the foreign key attribute when it is unchanged. This behaviour is also inconsistent with autosaving `belongs_to` and can have unintended side effects like raising an `ActiveRecord::ReadonlyAttributeError` when the foreign key attribute is marked as read-only. *Joshua Young* - Fix an issue where `ActiveRecord::Encryption` configurations are not ready before the loading of Active Record models, when an application is eager loaded. As a result, encrypted attributes could be misconfigured in some cases. *Maxime Réty* - Properly synchronize `Mysql2Adapter#active?` and `TrilogyAdapter#active?` As well as `disconnect!` and `verify!`. This generally isn't a big problem as connections must not be shared between threads, but is required when running transactional tests or system tests and could lead to a SEGV. *Jean Boussier* - Fix counter caches when the foreign key is composite. If the model holding the counter cache had a composite primary key, inserting a dependent record would fail with an `ArgumentError` `Expected corresponding value for...` *fatkodima* - Fix loading of schema cache for multiple databases. Before this change, if you have multiple databases configured in your application, and had schema cache present, Rails would load the same cache to all databases. *Rafael Mendonça França* - Fix eager loading of composite primary key associations. `relation.eager_load(:other_model)` could load the wrong records if `other_model` had a composite primary key. *Nikita Vasilevsky* - Fix async queries returning a doubly wrapped result when hitting the query cache. *fatkodima* - Fix single quote escapes on default generated MySQL columns MySQL 5.7.5+ supports generated columns, which can be used to create a column that is computed from an expression. Previously, the schema dump would output a string with double escapes for generated columns with single quotes in the default expression. This would result in issues when importing the schema on a fresh instance of a MySQL database. Now, the string will not be escaped and will be valid Ruby upon importing of the schema. *Yash Kapadia* - Fix Migrations with versions older than 7.1 validating options given to `t.references`. *Hartley McGuire* #### Action View - Action View Test Case `rendered` memoization. *Sean Doyle* - Restore the ability for templates to return any kind of object and not just strings *Jean Boussier* - Fix threading issue with strict locals. *Robert Fletcher* #### Action Pack - Resolve deprecation warning in latest `selenium-webdriver`. *Earlopain* - Don't preload Selenium browser when remote. *Noah Horton* - Fix crash for invalid Content-Type in ShowExceptions middleware. *Earlopain* - Fix inconsistent results of `params.deep_transform_keys`. *Iago Pimenta* - Do not report rendered errors except 500. *Nikita Vasilevsky* - Improve routes source location detection. *Jean Boussier* - Fix `Request#raw_post` raising `NoMethodError` when `rack.input` is `nil`. *Hartley McGuire* - Fix url generation in nested engine when script name is empty. *zzak* - Fix `Mime::Type.parse` handling type parameters for HTTP Accept headers. *Taylor Chaparro* - Fix the error page that is displayed when a view template is missing to account for nested controller paths in the suggested correct location for the missing template. *Joshua Young* - Fix a regression in 7.1.3 passing a `to:` option without a controller when the controller is already defined by a scope. ```ruby Rails.application.routes.draw do controller :home do get "recent", to: "recent_posts" end end ``` *Étienne Barrié* - Fix `ActionDispatch::Executor` middleware to report errors handled by `ActionDispatch::ShowExceptions` In the default production environment, `ShowExceptions` rescues uncaught errors and returns a response. Because of this the executor wouldn't report production errors with the default Rails configuration. *Jean Boussier* #### Active Job - Register autoload for `ActiveJob::Arguments`. *Rafael Mendonça França* #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - Fixes race condition for multiple preprocessed video variants. *Justin Searls* #### Action Mailbox - No changes. #### Action Text - Strip `content` attribute if the key is present but the value is empty *Jeremy Green* - Only sanitize `content` attribute when present in attachments. *Petrik de Heus* #### Railties - Preserve `--asset-pipeline propshaft` when running `app:update`. *Zacharias Knudsen* - Allow string keys for SQLCommenter. *Ngan Pham* - Fix derived foreign key to return correctly when association id is part of query constraints. *Varun Sharma* - Show warning for `secret_key_base` in development too. *fatkodima* - Fix sanitizer vendor configuration in 7.1 defaults. In apps where `rails-html-sanitizer` was not eagerly loaded, the sanitizer default could end up being Rails::HTML4::Sanitizer when it should be set to `Rails::HTML5::Sanitizer`. *Mike Dalessio*, *Rafael Mendonça França* - Revert the use of `Concurrent.physical_processor_count` in default Puma config While for many people this saves one config to set, for many others using a shared hosting solution, this cause the default configuration to spawn way more workers than reasonable. There is unfortunately no reliable way to detect how many cores an application can realistically use, and even then, assuming the application should use all the machine resources is often wrong. *Jean Boussier* ### [`v7.1.3.4`](https://redirect.github.com/rails/rails/releases/tag/v7.1.3.4): 7.1.3.4 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3.3...v7.1.3.4) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Include the HTTP Permissions-Policy on non-HTML Content-Types \[CVE-2024-28103] #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Sanitize ActionText HTML ContentAttachment in Trix edit view \[CVE-2024-32464] #### Railties - No changes. ### [`v7.1.3.3`](https://redirect.github.com/rails/rails/releases/tag/v7.1.3.3): 7.1.3.3 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3.2...v7.1.3.3) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - No changes. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - Upgrade Trix to 2.1.1 to fix [CVE-2024-34341](https://redirect.github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99). *Rafael Mendonça França* #### Railties - No changes. ### [`v7.1.3.2`](https://redirect.github.com/rails/rails/releases/tag/v7.1.3.2) [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3.1...v7.1.3.2) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Fix `raise_on_missing_translations` not working correctly with the `translate` method in controllers after the patch for CVE-2024-26143. #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v7.1.3.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.3.1): 7.1.3.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.3...v7.1.3.1) #### Active Support - No changes. #### Active Model - No changes. #### Active Record - No changes. #### Action View - No changes. #### Action Pack - Fix possible XSS vulnerability with the `translate` method in controllers CVE-2024-26143 - Fix ReDoS in Accept header parsing CVE-2024-26142 #### Active Job - No changes. #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - No changes. ### [`v7.1.3`](https://redirect.github.com/rails/rails/releases/tag/v7.1.3): 7.1.3 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.2...v7.1.3) #### Active Support - Handle nil `backtrace_locations` in `ActiveSupport::SyntaxErrorProxy`. *Eugene Kenny* - Fix `ActiveSupport::JSON.encode` to prevent duplicate keys. If the same key exist in both String and Symbol form it could lead to the same key being emitted twice. *Manish Sharma* - Fix `ActiveSupport::Cache::Store#read_multi` when using a cache namespace and local cache strategy. *Mark Oleson* - Fix `Time.now/DateTime.now/Date.today` to return results in a system timezone after `#travel_to`. There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone. *Aleksei Chernenkov* - Fix `:unless_exist` option for `MemoryStore#write` (et al) when using a cache namespace. *S. Brent Faulkner* - Fix ActiveSupport::Deprecation to handle blaming generated code. *Jean Boussier*, *fatkodima* #### Active Model - No changes. #### Active Record - Fix Migrations with versions older than 7.1 validating options given to `add_reference`. *Hartley McGuire* - Ensure `reload` sets correct owner for each association. *Dmytro Savochkin* - Fix view runtime for controllers with async queries. *fatkodima* - Fix `load_async` to work with query cache. *fatkodima* - Fix polymorphic `belongs_to` to correctly use parent's `query_constraints`. *fatkodima* - Fix `Preloader` to not generate a query for already loaded association with `query_constraints`. *fatkodima* - Fix multi-database polymorphic preloading with equivalent table names. When preloading polymorphic associations, if two models pointed to two tables with the same name but located in different databases, the preloader would only load one. *Ari Summer* - Fix `encrypted_attribute?` to take into account context properties passed to `encrypts`. *Maxime Réty* - Fix `find_by` to work correctly in presence of composite primary keys. *fatkodima* - Fix async queries sometimes returning a raw result if they hit the query cache. `ShipPart.async_count` could return a raw integer rather than a Promise if it found the result in the query cache. *fatkodima* - Fix `Relation#transaction` to not apply a default scope. The method was incorrectly setting a default scope around its block: ```ruby Post.where(published: true).transaction do Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE; end ``` *Jean Boussier* - Fix calling `async_pluck` on a `none` relation. `Model.none.async_pluck(:id)` was returning a naked value instead of a promise. *Jean Boussier* - Fix calling `load_async` on a `none` relation. `Model.none.load_async` was returning a broken result. *Lucas Mazza* - TrilogyAdapter: ignore `host` if `socket` parameter is set. This allows to configure a connection on a UNIX socket via DATABASE_URL: DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock *Jean Boussier* - Fix `has_secure_token` calls the setter method on initialize. *Abeid Ahmed* - Allow using `object_id` as a database column name. It was available before rails 7.1 and may be used as a part of polymorphic relationship to `object` where `object` can be any other database record. *Mikhail Doronin* - Fix `rails db:create:all` to not touch databases before they are created. *fatkodima* #### Action View - Better handle SyntaxError in Action View. *Mario Caropreso* - Fix `word_wrap` with empty string. *Jonathan Hefner* - Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`. Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`. *Sean Doyle* - Fix detection of required strict locals. Further fix `render @collection` compatibility with strict locals *Jean Boussier* #### Action Pack - Fix including `Rails.application.routes.url_helpers` directly in an `ActiveSupport::Concern.` *Jonathan Hefner* - Fix system tests when using a Chrome binary that has been downloaded by Selenium. *Jonathan Hefner* #### Active Job - Do not trigger immediate loading of `ActiveJob::Base` when loading `ActiveJob::TestHelper`. *Maxime Réty* - Preserve the serialized timezone when deserializing `ActiveSupport::TimeWithZone` arguments. *Joshua Young* - Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers. *fatkodima* #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - Fix N+1 query when fetching preview images for non-image assets. *Aaron Patterson & Justin Searls* - Fix all Active Storage database related models to respect `ActiveRecord::Base.table_name_prefix` configuration. *Chedli Bourguiba* - Fix `ActiveStorage::Representations::ProxyController` not returning the proper preview image variant for previewable files. *Chedli Bourguiba* - Fix `ActiveStorage::Representations::ProxyController` to proxy untracked variants. *Chedli Bourguiba* - Fix direct upload forms when submit button contains nested elements. *Marc Köhlbrugge* - When using the `preprocessed: true` option, avoid enqueuing transform jobs for blobs that are not representable. *Chedli Bourguiba* - Process preview image variant when calling `ActiveStorage::Preview#processed`. For example, `attached_pdf.preview(:thumb).processed` will now immediately generate the full-sized preview image and the `:thumb` variant of it. Previously, the `:thumb` variant would not be generated until a further call to e.g. `processed.url`. *Chedli Bourguiba* and *Jonathan Hefner* - Prevent `ActiveRecord::StrictLoadingViolationError` when strict loading is enabled and the variant of an Active Storage preview has already been processed (for example, by calling `ActiveStorage::Preview#url`). *Jonathan Hefner* - Fix `preprocessed: true` option for named variants of previewable files. *Nico Wenterodt* #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - Make sure `config.after_routes_loaded` hook runs on boot. *Rafael Mendonça França* - Fix `config.log_level` not being respected when using a `BroadcastLogger` *Édouard Chin* - Fix isolated engines to take `ActiveRecord::Base.table_name_prefix` into consideration. This will allow for engine defined models, such as inside Active Storage, to respect Active Record table name prefix configuration. *Chedli Bourguiba* - The `bin/rails app:template` command will no longer add potentially unwanted gem platforms via `bundle lock --add-platform=...` commands. *Jonathan Hefner* ### [`v7.1.2`](https://redirect.github.com/rails/rails/releases/tag/v7.1.2): 7.1.2 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.1...v7.1.2) ##### Active Support - Fix `:expires_in` option for `RedisCacheStore#write_multi`. *fatkodima* - Fix deserialization of non-string "purpose" field in Message serializer *Jacopo Beschi* - Prevent global cache options being overwritten when setting dynamic options inside a `ActiveSupport::Cache::Store#fetch` block. *Yasha Krasnou* - Fix missing `require` resulting in `NoMethodError` when running `bin/rails secrets:show` or `bin/rails secrets:edit`. *Stephen Ierodiaconou* - Ensure `{down,up}case_first` returns non-frozen string. *Jonathan Hefner* - Fix `#to_fs(:human_size)` to correctly work with negative numbers. *Earlopain* - Fix `BroadcastLogger#dup` so that it duplicates the logger's `broadcasts`. *Andrew Novoselac* - Fix issue where `bootstrap.rb` overwrites the `level` of a `BroadcastLogger`'s `broadcasts`. *Andrew Novoselac* - Fix `ActiveSupport::Cache` to handle outdated Marshal payload from Rails 6.1 format. Active Support's Cache is supposed to treat a Marshal payload that can no longer be deserialized as a cache miss. It fail to do so for compressed payload in the Rails 6.1 legacy format. *Jean Boussier* - Fix `OrderedOptions#dig` for array indexes. *fatkodima* - Fix time travel helpers to work when nested using with separate classes. *fatkodima* - Fix `delete_matched` for file cache store to work with keys longer than the max filename size. *fatkodima* and *Jonathan Hefner* - Fix compatibility with the `semantic_logger` gem. The `semantic_logger` gem doesn't behave exactly like stdlib logger in that `SemanticLogger#level` returns a Symbol while stdlib `Logger#level` returns an Integer. This caused the various `LogSubscriber` classes in Rails to break when assigned a `SemanticLogger` instance. *Jean Boussier*, *ojab* ##### Active Model - Make `==(other)` method of AttributeSet safe. *Dmitry Pogrebnoy* ##### Active Record - Fix renaming primary key index when renaming a table with a UUID primary key in PostgreSQL. *fatkodima* - Fix `where(field: values)` queries when `field` is a serialized attribute (for example, when `field` uses `ActiveRecord::Base.serialize` or is a JSON column). *João Alves* - Prevent marking broken connections as verified. *Daniel Colson* - Don't mark Float::INFINITY as changed when reassigning it When saving a record with a float infinite value, it shouldn't mark as changed *Maicol Bentancor* - `ActiveRecord::Base.table_name` now returns `nil` instead of raising "undefined method `abstract_class?` for Object:Class". *a5-stable* - Fix upserting for custom `:on_duplicate` and `:unique_by` consisting of all inserts keys. *fatkodima* - Fixed an [issue](https://redirect.github.com/rails/rails/issues/49809) where saving a record could innappropriately `dup` its attributes. *Jonathan Hefner* - Dump schema only for a specific db for rollback/up/down tasks for multiple dbs. *fatkodima* - Fix `NoMethodError` when casting a PostgreSQL `money` value that uses a comma as its radix point and has no leading currency symbol. For example, when casting `"3,50"`. *Andreas Reischuck* and *Jonathan Hefner* - Re-enable support for using `enum` with non-column-backed attributes. Non-column-backed attributes must be previously declared with an explicit type. For example: ```ruby class Post < ActiveRecord::Base attribute :topic, :string enum topic: %i[science tech engineering math] end ``` *Jonathan Hefner* - Raise on `foreign_key:` being passed as an array in associations *Nikita Vasilevsky* - Return back maximum allowed PostgreSQL table name to 63 characters. *fatkodima* - Fix detecting `IDENTITY` columns for PostgreSQL < 10. *fatkodima* ##### Action View - Fix the `number_to_human_size` view helper to correctly work with negative numbers. *Earlopain* - Automatically discard the implicit locals injected by collection rendering for template that can't accept them When rendering a collection, two implicit variables are injected, which breaks templates with strict locals. Now they are only passed if the template will actually accept them. *Yasha Krasnou*, *Jean Boussier* - Fix `@rails/ujs` calling `start()` an extra time when using bundlers *Hartley McGuire*, *Ryunosuke Sato* - Fix the `capture` view helper compatibility with HAML and Slim When a blank string was captured in HAML or Slim (and possibly other template engines) it would instead return the entire buffer. *Jean Boussier* ##### Action Pack - Fix a race condition that could cause a `Text file busy - chromedriver` error with parallel system tests *Matt Brictson* - Fix `StrongParameters#extract_value` to include blank values Otherwise composite parameters may not be parsed correctly when one of the component is blank. *fatkodima*, *Yasha Krasnou*, *Matthias Eiglsperger* - Add `racc` as a dependency since it will become a bundled gem in Ruby 3.4.0 *Hartley McGuire* - Support handling Enumerator for non-buffered responses. *Zachary Scott* ##### Active Job - No changes. ##### Action Mailer - No changes. ##### Action Cable - No changes. ##### Active Storage - No changes. ##### Action Mailbox - No changes. ##### Action Text - Compile ESM package that can be used directly in the browser as actiontext.esm.js *Matias Grunberg* - Fix using actiontext.js with Sprockets *Matias Grunberg* - Upgrade Trix to 2.0.7 *Hartley McGuire* - Fix using Trix with Sprockets *Hartley McGuire* ##### Railties - Fix running `db:system:change` when app has no Dockerfile. *Hartley McGuire* - If you accessed `config.eager_load_paths` and friends, later changes to `config.paths` were not reflected in the expected auto/eager load paths. Now, they are. This bug has been latent since Rails 3. Fixes [#49629](https://redirect.github.com/rails/rails/issues/49629). *Xavier Noria* ### [`v7.1.1`](https://redirect.github.com/rails/rails/releases/tag/v7.1.1): 7.1.1 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.1.0...v7.1.1) #### Active Support - Add support for keyword arguments when delegating calls to custom loggers from `ActiveSupport::BroadcastLogger`. *Jenny Shen* - `NumberHelper`: handle objects responding `to_d`. *fatkodima* - Fix RedisCacheStore to properly set the TTL when incrementing or decrementing. This bug was only impacting Redis server older than 7.0. *Thomas Countz* - Fix MemoryStore to prevent race conditions when incrementing or decrementing. *Pierre Jambet* #### Active Model - No changes. #### Active Record - Fix auto populating IDENTITY columns for PostgreSQL. *fatkodima* - Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when down migrating `rename_table` in older migrations. *fatkodima* - Do not require the Action Text, Active Storage and Action Mailbox tables to be present when running when running test on CI. *Rafael Mendonça França* #### Action View - Updated `@rails/ujs` files to ignore certain data-\* attributes when element is contenteditable. This fix was already landed in >= 7.0.4.3, < 7.1.0. \[[CVE-2023-23913](https://redirect.github.com/advisories/GHSA-xp5h-f8jf-rc8q)] *Ryunosuke Sato* #### Action Pack - No changes. #### Active Job - Don't log enqueuing details when the job wasn't enqueued. *Dustin Brown* #### Action Mailer - No changes. #### Action Cable - No changes. #### Active Storage - No changes. #### Action Mailbox - No changes. #### Action Text - No changes. #### Railties - Ensures the Rails generated Dockerfile uses correct ruby version and matches Gemfile. *Abhay Nikam* ### [`v7.1.0`](https://redirect.github.com/rails/rails/releases/tag/v7.1.0): 7.1.0 [Compare Source](https://redirect.github.com/rails/rails/compare/v7.0.8.6...v7.1.0) #### Active Support - Fix `AS::MessagePack` with `ENV["RAILS_MAX_THREADS"]`. *Jonathan Hefner* - Add a new public API for broadcasting logs This feature existed for a while but was until now a private API. Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and is used by default in the development environment to write logs both on STDOUT and in the "development.log" file. Basic usage: ```ruby stdout_logger = Logger.new(STDOUT) file_logger = Logger.new("development.log") broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger) broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file. ``` Adding other sink(s) to the broadcast: ```ruby broadcast = ActiveSupport::BroadcastLogger.new broadcast.broadcast_to(Logger.new(STDERR)) ``` Remove a sink from the broadcast: ```ruby stdout_logger = Logger.new(STDOUT) broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger) broadcast.stop_broadcasting_to(stdout_logger) ``` *Edouard Chin* - Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3 *Nobuyoshi Nakada*, *Shouichi Kamiya*, *Hartley McGuire* - Use Ruby 3.3 Range#overlap? if available *Yasuo Honda* - Add `bigdecimal` as Active Support dependency that is a bundled gem candidate for Ruby 3.4. `bigdecimal` 3.1.4 or higher version will be installed. Ruby 2.7 and 3.0 users who want `bigdecimal` version 2.0.0 or 3.0.0 behavior as a default gem, pin the `bigdecimal` version in your application Gemfile. *Koichi ITO* - Add `drb`, `mutex_m` and `base64` that are bundled gem candidates for Ruby 3.4 *Yasuo Honda* - When using cache format version >= 7.1 or a custom serializer, expired and version-mismatched cache entries can now be detected without deserializing their values. *Jonathan Hefner* - Make all cache stores return a boolean for `#delete` Previously the `RedisCacheStore#delete` would return `1` if the entry exists and `0` otherwise. Now it returns true if the entry exists and false otherwise, just like the other stores. The `FileStore` would return `nil` if the entry doesn't exists and returns `false` now as well. *Petrik de Heus* - Active Support cache stores now support replacing the default compressor via a `:compressor` option. The specified compressor must respond to `deflate` and `inflate`. For example: ```ruby module MyCompressor def self.deflate(string) ``` ### compression logic... end def self.inflate(compressed) ### decompression logic... end end config.cache_store = :redis_cache_store, { compressor: MyCompressor } ``` *Jonathan Hefner* - Active Support cache stores now support a `:serializer` option. Similar to the `:coder` option, serializers must respond to `dump` and `load`. However, serializers are only responsible for serializing a cached value, whereas coders are responsible for serializing the entire `ActiveSupport::Cache::Entry` instance. Additionally, the output from serializers can be automatically compressed, whereas coders are responsible for their own compression. Specifying a serializer instead of a coder also enables performance optimizations, including the bare string optimization introduced by cache format version 7.1. The `:serializer` and `:coder` options are mutually exclusive. Specifying both will raise an `ArgumentError`. *Jonathan Hefner* - Fix `ActiveSupport::Inflector.humanize(nil)` raising ``NoMethodError: undefined method `end_with?' for nil:NilClass``. *James Robinson* - Don't show secrets for `ActiveSupport::KeyGenerator#inspect`. Before: ```ruby ActiveSupport::KeyGenerator.new(secret).inspect "#<%= html_escape_once("this & that & the other") %>
``` Before this change, that would be double-escaped and render as: ```htmlthis & that & the other
``` After this change, it renders correctly as: ```htmlthis & that & the other
``` Fixes [#48256](https://redirect.github.com/rails/rails/issues/48256) *Mike Dalessio* - Deprecate `SafeBuffer#clone_empty`. This method has not been used internally since Rails 4.2.0. *Mike Dalessio* - `MessageEncryptor`, `MessageVerifier`, and `config.active_support.message_serializer` now accept `:message_pack` and `:message_pack_allow_marshal` as serializers. These serializers require the [`msgpack` gem](https://rubygems.org/gems/msgpack) (>= 1.7.0). The Message Pack format can provide improved performance and smaller payload sizes. It also supports round-tripping some Ruby types that are not supported by JSON. For example: ```ruby verifier = ActiveSupport::MessageVerifier.new("secret") data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)] message = verifier.generate(data) ``` ### BEFORE with config.active_support.message_serializer = :json verifier.verified(message) ### => \[{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"] verifier.verified(message).map(&:class) ### => \[Hash, Hash, String, String] ### AFTER with config.active_support.message_serializer = :message_pack verifier.verified(message) ### => \[{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600] verifier.verified(message).map(&:class) ### => \[Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time] ``` The `:message_pack` serializer can fall back to deserializing with `ActiveSupport::JSON` when necessary, and the `:message_pack_allow_marshal` serializer can fall back to deserializing with `Marshal` as well as `ActiveSupport::JSON`. Additionally, the `:marshal`, `:json`, and `:json_allow_marshal` serializers can now fall back to deserializing with `ActiveSupport::MessagePack` when necessary. These behaviors ensure old messages can still be read so that migration is easier. *Jonathan Hefner* - A new `7.1` cache format is available which includes an optimization for bare string values such as view fragments. The `7.1` cache format is used by default for new apps, and existing apps can enable the format by setting `config.load_defaults 7.1` or by setting `config.active_support.cache_format_version = 7.1` in `config/application.rb` or a `config/environments/*.rb` file. Cache entries written using the `6.1` or `7.0` cache formats can be read when using the `7.1` format. To perform a rolling deploy of a Rails 7.1 upgrade, wherein servers that have not yet been upgraded must be able to read caches from upgraded servers, leave the cache format unchanged on the first deploy, then enable the `7.1` cache format on a subsequent deploy. *Jonathan Hefner* - Active Support cache stores can now use a preconfigured serializer based on `ActiveSupport::MessagePack` via the `:serializer` option: ```ruby config.cache_store = :redis_cache_store, { serializer: :message_pack } ``` The `:message_pack` serializer can reduce cache entry sizes and improve performance, but requires the [`msgpack` gem](https://rubygems.org/gems/msgpack) (>= 1.7.0). The `:message_pack` serializer can read cache entries written by the default serializer, and the default serializer can now read entries written by the `:message_pack` serializer. These behaviors make it easy to migrate between serializer without invalidating the entire cache. *Jonathan Hefner* - `Object#deep_dup` no longer duplicate named classes and modules. Before: ```ruby hash = { class: Object, module: Kernel } hash.deep_dup # => {:class=>#Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.