Type cast #attribute_changed?:from and :to options.
Andrew Novoselac
Fix index_exists? when column is an array.
Eileen M. Uchitelle
Handle Date objects for PostgreSQL timestamptz columns.
Alex Ghiculescu
Fix collation for changing column to non-string.
Hartley McGuire
Map through subtype in PostgreSQL::OID::Array.
Jonathan Hefner
Store correct environment in internal_metadata when run rails db:prepare.
fatkodima
Make sure ActiveRecord::Relation#sum works with objects that implement #coerce without deprecation.
Alex Ghiculescu
Fix retrieving foreign keys referencing tables named like keywords in PostgreSQL and MySQL.
fatkodima
Support UUIDs in Disable Joins.
Samuel Cochran
Fix Active Record's explain for queries starting with comments.
fatkodima
Fix incorrectly preloading through association records when middle association has been loaded.
Joshua Young
Fix where.missing and where.associated for parent/child associations.
fatkodima
Fix Enumerable#in_order_of to preserve duplicates.
fatkodima
Fix autoincrement on primary key for mysql.
Eileen M. Uchitelle
Restore ability to redefine column in create_table for Rails 5.2 migrations.
fatkodima
Fix schema cache dumping of virtual columns.
fatkodima
Fix Active Record grouped calculations on joined tables on column present in both tables.
fatkodima
Fix mutation detection for serialized attributes backed by binary columns.
Jean Boussier
Fix a bug where using groups and counts with long table names would return incorrect results.
Shota Toguchi, Yusaku Ono
Use connection from #with_raw_connection in #quote_string.
Prior to this change, virtual datetime columns did not have the same
default precision as regular datetime columns, resulting in the following
being erroneously equivalent:
Fix cookie domain for domain: all on two letter single level TLD.
John Hawthorn
Don't double log the controller, action, or namespaced_controller when using ActiveRecord::QueryLog
Previously if you set config.active_record.query_log_tags to an array that included
:controller, :namespaced_controller, or :action, that item would get logged twice.
This bug has been fixed.
Alex Ghiculescu
Rescue EOFError exception from rack on a multipart request.
Nikita Vasilevsky
Rescue JSON::ParserError in Cookies json deserializer to discards marshal dumps:
Without this change, if action_dispatch.cookies_serializer is set to :json and
the app tries to read a :marshal serialized cookie, it would error out which wouldn't
clear the cookie and force app users to manually clear it in their browser.
Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]
Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.
Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:
Loofah.html5_document
Loofah.html5_fragment
Loofah.scrub_html5_document
Loofah.scrub_html5_fragment
These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.
⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.
⚠ HTML5 functionality is not available for JRuby. Please see this upstream Nokogiri issue if you're interested in helping implement and support HTML5 support.
Loofah::HTML4 module and namespace
Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4 parse methods still use libxml2's (or NekoHTML's) HTML4 parser.
Take special note that if you rely on the class name of an object in your code, objects will now report a class of Loofah::HTML4::Foo where they previously reported Loofah::HTML::Foo. Instead of relying on the string returned by Object#class, prefer Class#=== or Object#is_a? or Object#instance_of?.
Future releases of Nokogiri may deprecate HTML classes and methods or otherwise change this behavior, so please start using HTML4 in place of HTML.
Official support for JRuby
This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We've updated the test suite to accommodate those differences, and have added JRuby to the CI suite.
Since 2009, Nokogiri has configured libxml2 to use ruby_xmalloc et al for memory management. This has provided benefits for memory management, but comes with a performance penalty.
Users can now opt into using system malloc for libxml2 memory management by setting an environment variable:
# "default" here means "libxml2's default" which is system malloc
NOKOGIRI_LIBXML_MEMORY_MANAGEMENT=default
Benchmarks show that this setting will significantly improve performance, but be aware that the tradeoff may involve poorer memory management including bloated heap sizes and/or OOM conditions.
Encoding objects may now be passed to serialization methods like #to_xml, #to_html, #serialize, and #write_to to specify the output encoding. Previously only encoding names (strings) were accepted. [#2774, #2798] (Thanks, @ellaklara!)
[CRuby] Schema.from_document now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them. This prevents unsafe behavior in libxml2 from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this was addressed in v1.10.9 by raising an exception.
Fixed
[CRuby] XSLT.transform now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them and the template uses xsl:strip-spaces. This prevents unsafe behavior in libxslt from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this would allow unsafe memory access and potentially segfault. [#2800]
Improved
Nokogiri::XML::Node::SaveOptions#inspect now shows the names of the options set in the bitmask, similar to ParseOptions. [#2767]
#inspect and pretty-printing are improved for AttributeDecl, ElementContent, ElementDecl, and EntityDecl.
[CRuby] The C extension now uses Ruby's TypedData API for managing all the libxml2 structs. Write barriers may improve GC performance in some extreme cases. [#2808] (Thanks, @etiennebarrie and @byroot!)
[CRuby] ObjectSpace.memsize_of reports a pretty good guess of memory usage when called on Nokogiri::XML::Document objects. [#2807] (Thanks, @etiennebarrie and @byroot!)
[CRuby] Users installing the "ruby" platform gem and compiling libxml2 and libxslt from source will now be using a modern config.guess and config.sub that supports new architectures like loongarch64. [#2831] (Thanks, @zhangwenlong8911!)
[CRuby] HTML5 parser:
adjusts the specified attributes, adding xlink:arcrole and removing xml:base [#2841, #2842]
[JRuby] Node#first_element_child now returns nil if there are only non-element children. Previously a null pointer exception was raised. [#2808, #2844]
Documentation for Nokogiri::XSLT now has usage examples including custom function handlers.
Deprecated
Passing a Nokogiri::XML::Node as the first parameter to CDATA.new is deprecated and will generate a warning. This parameter should be a kind of Nokogiri::XML::Document. This will become an error in a future version of Nokogiri.
Passing a Nokogiri::XML::Node as the first parameter to Schema.from_document is deprecated and will generate a warning. This parameter should be a kind of Nokogiri::XML::Document. This will become an error in a future version of Nokogiri.
Passing a Nokogiri::XML::Node as the second parameter to Text.new is deprecated and will generate a warning. This parameter should be a kind of Nokogiri::XML::Document. This will become an error in a future version of Nokogiri.
[CRuby] Calling a custom XPath function without the nokogiri namespace is deprecated and will generate a warning. Support for non-namespaced functions will be removed in a future version of Nokogiri. (Note that JRuby has never supported non-namespaced custom XPath functions.)
Thank you!
The following people and organizations were kind enough to sponsor @flavorjones or the Nokogiri project during the development of v1.15.0:
To ensure that JRuby users on Java 8 can apply the security changes from v1.14.4, we're cutting this release on the v1.14.x branch. We don't expect to make any more v1.14.x releases.
Dependencies
[JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
Fixed
[JRuby] Java 8 support is restored, fixing a regression introduced in v1.14.0. [#2887]
[JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan release in nine years, and it was done to address CVE-2022-34169.
The Nokogiri maintainers wish to stress that Nokogiri users were not vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so upgrading is really at the discretion of users.
This release was cut primarily so that JRuby users of v1.14.x can avoid vulnerability scanner alerts on earlier versions of Xalan-J.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.
All Depfu comment commands
@depfu rebase
Rebases against your default branch and redoes this update
@depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@depfu cancel merge
Cancels automatic merging of this PR
@depfu close
Closes this PR and deletes the branch
@depfu reopen
Restores the branch and reopens this PR (if it's closed)
@depfu pause
Ignores all future updates for this dependency and closes this PR
@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ railties (7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable✳️ activemodel (7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable✳️ activerecord (7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable✳️ activesupport (7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable↗️ actionpack (indirect, 7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable↗️ actionview (indirect, 7.0.4.3 → 7.0.5) · Repo · Changelog
Release Notes
7.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Preparing for 7.0.5 releaseMerge pull request #48274 from Shopify/fix-serialized-blob-column-changed-in-placeMerge branch '7-0-4-sec' into 7-0-stable↗️ loofah (indirect, 2.19.1 → 2.21.3) · Repo · Changelog
Release Notes
2.21.3
2.21.2
2.21.1
2.21.0
2.20.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ nokogiri (indirect, 1.14.3 → 1.15.2) · Repo · Changelog
Release Notes
1.15.2
1.15.1
1.15.0
1.14.5
1.14.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands