Update dependency rails to '~> 7.2.0' (!162359) · Merge requests · GitLab.org / GitLab

This MR contains the following updates:

Package	Update	Change
rails (source, changelog)	minor	`'~> 7.0.8.4'` -> `'~> 7.2.0'`
rails (source, changelog)	minor	`'~> 7.1.3.4'` -> `'~> 7.2.0'`

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

rails/rails (rails)

`v7.2.0`: 7.2.0

Compare Source

Active Support

Fix delegate_missing_to allow_nil: true when called with implict self

class Person
  delegate_missing_to :address, allow_nil: true

  def address
    nil
  end

  def berliner?
    city == "Berlin"
  end
end

Person.new.city # => nil
Person.new.berliner? # undefined local variable or method `city' for an instance of Person (NameError)

Jean Boussier

Add logger as a dependency since it is a bundled gem candidate for Ruby 3.5

Earlopain
Define Digest::UUID.nil_uuid, which returns the so-called nil UUID.

Xavier Noria
Support duration type in ActiveSupport::XmlMini.

heka1024
Remove deprecated ActiveSupport::Notifications::Event#children and ActiveSupport::Notifications::Event#parent_of?.

Rafael Mendonça França
Remove deprecated support to call the following methods without passing a deprecator:
- deprecate
- deprecate_constant
- ActiveSupport::Deprecation::DeprecatedObjectProxy.new
- ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new
- ActiveSupport::Deprecation::DeprecatedConstantProxy.new
- assert_deprecated
- assert_not_deprecated
- collect_deprecations
Rafael Mendonça França
Remove deprecated ActiveSupport::Deprecation delegation to instance.

Rafael Mendonça França
Remove deprecated SafeBuffer#clone_empty.

Rafael Mendonça França
Remove deprecated #to_default_s from Array, Date, DateTime and Time.

Rafael Mendonça França
Remove deprecated support to passing Dalli::Client instances to MemCacheStore.

Rafael Mendonça França
Remove deprecated config.active_support.use_rfc4122_namespaced_uuids.

Rafael Mendonça França
Remove deprecated config.active_support.remove_deprecated_time_with_zone_name.

Rafael Mendonça França
Remove deprecated config.active_support.disable_to_s_conversion.

Rafael Mendonça França
Remove deprecated support to bolding log text with positional boolean in ActiveSupport::LogSubscriber#color.

Rafael Mendonça França
Remove deprecated constants ActiveSupport::LogSubscriber::CLEAR and ActiveSupport::LogSubscriber::BOLD.

Rafael Mendonça França
Remove deprecated support for config.active_support.cache_format_version = 6.1.

Rafael Mendonça França
Remove deprecated :pool_size and :pool_timeout options for the cache storage.

Rafael Mendonça França
Warn on tests without assertions.

ActiveSupport::TestCase now warns when tests do not run any assertions. This is helpful in detecting broken tests that do not perform intended assertions.

fatkodima
Support hexBinary type in ActiveSupport::XmlMini.

heka1024
Deprecate ActiveSupport::ProxyObject in favor of Ruby's built-in BasicObject.

Earlopain
stub_const now accepts a exists: false parameter to allow stubbing missing constants.

Jean Boussier
Make ActiveSupport::BacktraceCleaner copy filters and silencers on dup and clone.

Previously the copy would still share the internal silencers and filters array, causing state to leak.

Jean Boussier
Updating Astana with Western Kazakhstan TZInfo identifier.

Damian Nelson

Add filename support for ActiveSupport::Logger.logger_outputs_to?.

logger = Logger.new('/var/log/rails.log')
ActiveSupport::Logger.logger_outputs_to?(logger, '/var/log/rails.log')

Christian Schmidt

Include IPAddr#prefix when serializing an IPAddr using the ActiveSupport::MessagePack serializer.

This change is backward and forward compatible — old payloads can still be read, and new payloads will be readable by older versions of Rails.

Taiki Komaba

Add default: support for ActiveSupport::CurrentAttributes.attribute.

class Current < ActiveSupport::CurrentAttributes
  attribute :counter, default: 0
end

Sean Doyle

Yield instance to Object#with block.

client.with(timeout: 5_000) do |c|
  c.get("/commits")
end

Sean Doyle

Use logical core count instead of physical core count to determine the default number of workers when parallelizing tests.

Jonathan Hefner
Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behavior is to return results in a system timezone.

Aleksei Chernenkov

Add ErrorReported#unexpected to report precondition violations.

For example:

def edit
  if published?
    Rails.error.unexpected("[BUG] Attempting to edit a published article, that shouldn't be possible")
    return false
  end

...

end
```

The above will raise an error in development and test, but only report the error in production.

*Jean Boussier*

Make the order of read_multi and write_multi notifications for Cache::Store#fetch_multi operations match the order they are executed in.

Adam Renberg Tamm
Make return values of Cache::Store#write consistent.

The return value was not specified before. Now it returns true on a successful write, nil if there was an error talking to the cache backend, and false if the write failed for another reason (e.g. the key already exists and unless_exist: true was passed).

Sander Verdonschot
Fix logged cache keys not always matching actual key used by cache action.

Hartley McGuire
Improve error messages of assert_changes and assert_no_changes.

assert_changes error messages now display objects with .inspect to make it easier to differentiate nil from empty strings, strings from symbols, etc. assert_no_changes error messages now surface the actual value.

pcreux
Fix #to_fs(:human_size) to correctly work with negative numbers.

Earlopain
Fix BroadcastLogger#dup so that it duplicates the logger's broadcasts.

Andrew Novoselac
Fix issue where bootstrap.rb overwrites the level of a BroadcastLogger's broadcasts.

Andrew Novoselac
Fix compatibility with the semantic_logger gem.

The semantic_logger gem doesn't behave exactly like stdlib logger in that SemanticLogger#level returns a Symbol while stdlib Logger#level returns an Integer.

This caused the various LogSubscriber classes in Rails to break when assigned a SemanticLogger instance.

Jean Boussier, ojab
Fix MemoryStore to prevent race conditions when incrementing or decrementing.

Pierre Jambet
Implement HashWithIndifferentAccess#to_proc.

Previously, calling #to_proc on HashWithIndifferentAccess object used inherited #to_proc method from the Hash class, which was not able to access values using indifferent keys.

fatkodima

Active Model

Fix a bug where type casting of string to Time and DateTime doesn't calculate minus minute value in TZ offset correctly.

Akira Matsuda
Port the type_for_attribute method to Active Model. Classes that include ActiveModel::Attributes will now provide this method. This method behaves the same for Active Model as it does for Active Record.
```
class MyModel
  include ActiveModel::Attributes

  attribute :my_attribute, :integer
end

MyModel.type_for_attribute(:my_attribute) # => #<ActiveModel::Type::Integer ...>
```
Jonathan Hefner

Active Record

Handle commas in Sqlite3 default function definitions.

Stephen Margheim
Fixes validates_associated raising an exception when configured with a singular association and having index_nested_attribute_errors enabled.

Martin Spickermann
The constant ActiveRecord::ImmutableRelation has been deprecated because we want to reserve that name for a stronger sense of "immutable relation". Please use ActiveRecord::UnmodifiableRelation instead.

Xavier Noria
Add condensed #inspect for ConnectionPool, AbstractAdapter, and DatabaseConfig.

Hartley McGuire
Fixed a memory performance issue in Active Record attribute methods definition.

Jean Boussier
Define the new Active Support notification event start_transaction.active_record.

This event is fired when database transactions or savepoints start, and complements transaction.active_record, which is emitted when they finish.

The payload has the transaction (:transaction) and the connection (:connection).

Xavier Noria
Fix an issue where the IDs reader method did not return expected results for preloaded associations in models using composite primary keys.

Jay Ang
The payload of sql.active_record Active Support notifications now has the current transaction in the :transaction key.

Xavier Noria
The payload of transaction.active_record Active Support notifications now has the transaction the event is related to in the :transaction key.

Xavier Noria
Define ActiveRecord::Transaction#uuid, which returns a UUID for the database transaction. This may be helpful when tracing database activity. These UUIDs are generated only on demand.

Xavier Noria
Fix inference of association model on nested models with the same demodularized name.

E.g. with the following setup:
```
class Nested::Post < ApplicationRecord
  has_one :post, through: :other
end
```
Before, #post would infer the model as Nested::Post, but now it correctly infers Post.

Joshua Young
PostgreSQL Cidr#change? detects the address prefix change.

Taketo Takashima
Change BatchEnumerator#destroy_all to return the total number of affected rows.

Previously, it always returned nil.

fatkodima
Support touch_all in batches.
```
Post.in_batches.touch_all
```
fatkodima
Add support for :if_not_exists and :force options to create_schema.

fatkodima
Fix index_errors having incorrect index in association validation errors.

lulalala
Add index_errors: :nested_attributes_order mode.

This indexes the association validation errors based on the order received by nested attributes setter, and respects the reject_if configuration. This enables API to provide enough information to the frontend to map the validation errors back to their respective form fields.

lulalala
Add Rails.application.config.active_record.postgresql_adapter_decode_dates to opt out of decoding dates automatically with the postgresql adapter. Defaults to true.

Joé Dupuis
Association option query_constraints is deprecated in favor of foreign_key.

Nikita Vasilevsky
Add ENV["SKIP_TEST_DATABASE_TRUNCATE"] flag to speed up multi-process test runs on large DBs when all tests run within default transaction.

This cuts ~10s from the test run of HEY when run by 24 processes against the 178 tables, since ~4,000 table truncates can then be skipped.

DHH

Added support for recursive common table expressions.

Post.with_recursive(
  post_and_replies: [
    Post.where(id: 42),
    Post.joins('JOIN post_and_replies ON posts.in_reply_to_id = post_and_replies.id'),
  ]
)

Generates the following SQL:

WITH RECURSIVE "post_and_replies" AS (
  (SELECT "posts".* FROM "posts" WHERE "posts"."id" = 42)
  UNION ALL
  (SELECT "posts".* FROM "posts" JOIN post_and_replies ON posts.in_reply_to_id = post_and_replies.id)
)
SELECT "posts".* FROM "posts"

ClearlyClaire

validate_constraint can be called in a change_table block.

ex:

change_table :products do |t|
  t.check_constraint "price > discounted_price", name: "price_check", validate: false
  t.validate_check_constraint "price_check"
end

Cody Cutrer

PostgreSQLAdapter now decodes columns of type date to Date instead of string.

Ex:

ActiveRecord::Base.connection
     .select_value("select '2024-01-01'::date").class #=> Date

Joé Dupuis

Strict loading using :n_plus_one_only does not eagerly load child associations.

With this change, child associations are no longer eagerly loaded, to match intended behavior and to prevent non-deterministic order issues caused by calling methods like first or last. As first and last don't cause an N+1 by themselves, calling child associations will no longer raise. Fixes #49473.

Before:
```
person = Person.find(1)
person.strict_loading!(mode: :n_plus_one_only)
person.posts.first
```

SELECT * FROM posts WHERE person_id = 1; -- non-deterministic order

person.posts.first.firm # raises ActiveRecord::StrictLoadingViolationError
```

After:

```ruby
person = Person.find(1)
person.strict_loading!(mode: :n_plus_one_only)
person.posts.first # this is 1+1, not N+1

SELECT * FROM posts WHERE person_id = 1 ORDER BY id LIMIT 1;

person.posts.first.firm # no longer raises
```

*Reid Lynch*

Allow Sqlite3Adapter to use sqlite3 gem version 2.x.

Mike Dalessio
Allow ActiveRecord::Base#pluck to accept hash values.

Before

Post.joins(:comments).pluck("posts.id", "comments.id", "comments.body")

After

Post.joins(:comments).pluck(posts: [:id], comments: [:id, :body])
```

*fatkodima*

Raise an ActiveRecord::ActiveRecordError error when the MySQL database returns an invalid version string.

Kevin McPhillips

ActiveRecord::Base.transaction now yields an ActiveRecord::Transaction object.

This allows to register callbacks on it.

Article.transaction do |transaction|
  article.update(published: true)
  transaction.after_commit do
    PublishNotificationMailer.with(article: article).deliver_later
  end
end

Jean Boussier

Add ActiveRecord::Base.current_transaction.

Returns the current transaction, to allow registering callbacks on it.
```
Article.current_transaction.after_commit do
  PublishNotificationMailer.with(article: article).deliver_later
end
```
Jean Boussier
Add ActiveRecord.after_all_transactions_commit callback.

Useful for code that may run either inside or outside a transaction and needs to perform work after the state changes have been properly persisted.
```
def publish_article(article)
  article.update(published: true)
  ActiveRecord.after_all_transactions_commit do
    PublishNotificationMailer.with(article: article).deliver_later
  end
end
```
In the above example, the block is either executed immediately if called outside of a transaction, or called after the open transaction is committed.

If the transaction is rolled back, the block isn't called.

Jean Boussier
Add the ability to ignore counter cache columns until they are backfilled.

Starting to use counter caches on existing large tables can be troublesome, because the column values must be backfilled separately of the column addition (to not lock the table for too long) and before the use of :counter_cache (otherwise methods like size/any?/etc, which use counter caches internally, can produce incorrect results). People usually use database triggers or callbacks on child associations while backfilling before introducing a counter cache configuration to the association.

Now, to safely backfill the column, while keeping the column updated with child records added/removed, use:
```
class Comment < ApplicationRecord
  belongs_to :post, counter_cache: { active: false }
end
```
While the counter cache is not "active", the methods like size/any?/etc will not use it, but get the results directly from the database. After the counter cache column is backfilled, simply remove the { active: false } part from the counter cache definition, and it will now be used by the mentioned methods.

fatkodima
Retry known idempotent SELECT queries on connection-related exceptions.

SELECT queries we construct by walking the Arel tree and / or with known model attributes are idempotent and can safely be retried in the case of a connection error. Previously, adapters such as TrilogyAdapter would raise ActiveRecord::ConnectionFailed: Trilogy::EOFError when encountering a connection error mid-request.

Adrianna Chang
Allow association's foreign_key to be composite.

query_constraints option was the only way to configure a composite foreign key by passing an Array. Now it's possible to pass an Array value as foreign_key to achieve the same behavior of an association.

Nikita Vasilevsky
Allow association's primary_key to be composite.

Association's primary_key can be composite when derived from associated model primary_key or query_constraints. Now it's possible to explicitly set it as composite on the association.

Nikita Vasilevsky
Add config.active_record.permanent_connection_checkout setting.

Controls whether ActiveRecord::Base.connection raises an error, emits a deprecation warning, or neither.

ActiveRecord::Base.connection checkouts a database connection from the pool and keeps it leased until the end of the request or job. This behavior can be undesirable in environments that use many more threads or fibers than there is available connections.

This configuration can be used to track down and eliminate code that calls ActiveRecord::Base.connection and migrate it to use ActiveRecord::Base.with_connection instead.

The default behavior remains unchanged, and there is currently no plans to change the default.

Jean Boussier
Add dirties option to uncached.

This adds a dirties option to ActiveRecord::Base.uncached and ActiveRecord::ConnectionAdapters::ConnectionPool#uncached.

When set to true (the default), writes will clear all query caches belonging to the current thread. When set to false, writes to the affected connection pool will not clear any query cache.

This is needed by Solid Cache so that cache writes do not clear query caches.

Donal McBreen
Deprecate ActiveRecord::Base.connection in favor of .lease_connection.

The method has been renamed as lease_connection to better reflect that the returned connection will be held for the duration of the request or job.

This deprecation is a soft deprecation, no warnings will be issued and there is no current plan to remove the method.

Jean Boussier
Deprecate ActiveRecord::ConnectionAdapters::ConnectionPool#connection.

The method has been renamed as lease_connection to better reflect that the returned connection will be held for the duration of the request or job.

Jean Boussier

Expose a generic fixture accessor for fixture names that may conflict with Minitest.

assert_equal "Ruby on Rails", web_sites(:rubyonrails).name
assert_equal "Ruby on Rails", fixture(:web_sites, :rubyonrails).name

Jean Boussier

Using Model.query_constraints with a single non-primary-key column used to raise as expected, but with an incorrect error message.

This has been fixed to raise with a more appropriate error message.

Joshua Young
Fix has_one association autosave setting the foreign key attribute when it is unchanged.

This behavior is also inconsistent with autosaving belongs_to and can have unintended side effects like raising an ActiveRecord::ReadonlyAttributeError when the foreign key attribute is marked as read-only.

Joshua Young
Remove deprecated behavior that would rollback a transaction block when exited using return, break or throw.

Rafael Mendonça França
Deprecate Rails.application.config.active_record.commit_transaction_on_non_local_return.

Rafael Mendonça França
Remove deprecated support to pass rewhere to ActiveRecord::Relation#merge.

Rafael Mendonça França
Remove deprecated support to pass deferrable: true to add_foreign_key.

Rafael Mendonça França
Remove deprecated support to quote ActiveSupport::Duration.

Rafael Mendonça França
Remove deprecated #quote_bound_value.

Rafael Mendonça França
Remove deprecated ActiveRecord::ConnectionAdapters::ConnectionPool#connection_klass.

Rafael Mendonça França
Remove deprecated support to apply #connection_pool_list, #active_connections?, #clear_active_connections!, #clear_reloadable_connections!, #clear_all_connections! and #flush_idle_connections! to the connections pools for the current role when the role argument isn't provided.

Rafael Mendonça França
Remove deprecated #all_connection_pools.

Rafael Mendonça França
Remove deprecated ActiveRecord::ConnectionAdapters::SchemaCache#data_sources.

Rafael Mendonça França
Remove deprecated ActiveRecord::ConnectionAdapters::SchemaCache.load_from.

Rafael Mendonça França
Remove deprecated #all_foreign_keys_valid? from database adapters.

Rafael Mendonça França
Remove deprecated support to passing coder and class as second argument to serialize.

Rafael Mendonça França
Remove deprecated support to ActiveRecord::Base#read_attribute(:id) to return the custom primary key value.

Rafael Mendonça França
Remove deprecated TestFixtures.fixture_path.

Rafael Mendonça França
Remove deprecated behavior to support referring to a singular association by its plural name.

Rafael Mendonça França
Deprecate Rails.application.config.active_record.allow_deprecated_singular_associations_name.

Rafael Mendonça França
Remove deprecated support to passing SchemaMigration and InternalMetadata classes as arguments to ActiveRecord::MigrationContext.

Rafael Mendonça França
Remove deprecated ActiveRecord::Migration.check_pending! method.

Rafael Mendonça França
Remove deprecated ActiveRecord::LogSubscriber.runtime method.

Rafael Mendonça França
Remove deprecated ActiveRecord::LogSubscriber.runtime= method.

Rafael Mendonça França
Remove deprecated ActiveRecord::LogSubscriber.reset_runtime method.

Rafael Mendonça França
Remove deprecated support to define explain in the connection adapter with 2 arguments.

Rafael Mendonça França
Remove deprecated ActiveRecord::ActiveJobRequiredError.

Rafael Mendonça França
Remove deprecated ActiveRecord::Base.clear_active_connections!.

Rafael Mendonça França
Remove deprecated ActiveRecord::Base.clear_reloadable_connections!.

Rafael Mendonça França
Remove deprecated ActiveRecord::Base.clear_all_connections!.

Rafael Mendonça França
Remove deprecated ActiveRecord::Base.flush_idle_connections!.

Rafael Mendonça França
Remove deprecated name argument from ActiveRecord::Base.remove_connection.

Rafael Mendonça França
Remove deprecated support to call alias_attribute with non-existent attribute names.

Rafael Mendonça França
Remove deprecated Rails.application.config.active_record.suppress_multiple_database_warning.

Rafael Mendonça França
Add ActiveRecord::Encryption::MessagePackMessageSerializer.

Serialize data to the MessagePack format, for efficient storage in binary columns.

The binary encoding requires around 30% less space than the base64 encoding used by the default serializer.

Donal McBreen
Add support for encrypting binary columns.

Ensure encryption and decryption pass Type::Binary::Data around for binary data.

Previously encrypting binary columns with the ActiveRecord::Encryption::MessageSerializer incidentally worked for MySQL and SQLite, but not PostgreSQL.

Donal McBreen
Deprecated ENV["SCHEMA_CACHE"] in favor of schema_cache_path in the database configuration.

Rafael Mendonça França
Add ActiveRecord::Base.with_connection as a shortcut for leasing a connection for a short duration.

The leased connection is yielded, and for the duration of the block, any call to ActiveRecord::Base.connection will yield that same connection.

This is useful to perform a few database operations without causing a connection to be leased for the entire duration of the request or job.

Jean Boussier
Deprecate config.active_record.warn_on_records_fetched_greater_than now that sql.active_record notification includes :row_count field.

Jason Nochlin
The fix ensures that the association is joined using the appropriate join type (either inner join or left outer join) based on the existing joins in the scope.

This prevents unintentional overrides of existing join types and ensures consistency in the generated SQL queries.

Example:

`associated` will use `LEFT JOIN` instead of using `JOIN`

Post.left_joins(:author).where.associated(:author)
```

*Saleh Alhaddad*

Fix an issue where ActiveRecord::Encryption configurations are not ready before the loading of Active Record models, when an application is eager loaded. As a result, encrypted attributes could be misconfigured in some cases.

Maxime Réty
Deprecate defining an enum with keyword arguments.
```
class Function > ApplicationRecord
```

BAD

  enum color: [:red, :blue],
       type: [:instance, :class]

GOOD

  enum :color, [:red, :blue]
  enum :type, [:instance, :class]
end
```

*Hartley McGuire*

Add config.active_record.validate_migration_timestamps option for validating migration timestamps.

When set, validates that the timestamp prefix for a migration is no more than a day ahead of the timestamp associated with the current time. This is designed to prevent migrations prefixes from being hand-edited to future timestamps, which impacts migration generation and other migration commands.

Adrianna Chang
Properly synchronize Mysql2Adapter#active? and TrilogyAdapter#active?.

As well as disconnect! and verify!.

This generally isn't a big problem as connections must not be shared between threads, but is required when running transactional tests or system tests and could lead to a SEGV.

Jean Boussier
Support :source_location tag option for query log tags.
```
config.active_record.query_log_tags << :source_location
```
Calculating the caller location is a costly operation and should be used primarily in development (note, there is also a config.active_record.verbose_query_logs that serves the same purpose) or occasionally on production for debugging purposes.

fatkodima
Add an option to ActiveRecord::Encryption::Encryptor to disable compression.

Allow compression to be disabled by setting compress: false
```
  class User
    encrypts :name, encryptor: ActiveRecord::Encryption::Encryptor.new(compress: false)
  end
```
Donal McBreen
Deprecate passing strings to ActiveRecord::Tasks::DatabaseTasks.cache_dump_filename.

A ActiveRecord::DatabaseConfigurations::DatabaseConfig object should be passed instead.

Rafael Mendonça França
Add row_count field to sql.active_record notification.

This field returns the amount of rows returned by the query that emitted the notification.

This metric is useful in cases where one wants to detect queries with big result sets.

Marvin Bitterlich
Consistently raise an ArgumentError when passing an invalid argument to a nested attributes association writer.

Previously, this would only raise on collection associations and produce a generic error on singular associations.

Now, it will raise on both collection and singular associations.

Joshua Young
Fix single quote escapes on default generated MySQL columns.

MySQL 5.7.5+ supports generated columns, which can be used to create a column that is computed from an expression.

Previously, the schema dump would output a string with double escapes for generated columns with single quotes in the default expression.

This would result in issues when importing the schema on a fresh instance of a MySQL database.

Now, the string will not be escaped and will be valid Ruby upon importing of the schema.

Yash Kapadia
Fix Migrations with versions older than 7.1 validating options given to add_reference and t.references.

Hartley McGuire
Add <role>_types class method to ActiveRecord::DelegatedType so that the delegated types can be introspected.

JP Rosevear
Make schema_dump, query_cache, replica and database_tasks configurable via DATABASE_URL.

This wouldn't always work previously because boolean values would be interpreted as strings.

e.g. DATABASE_URL=postgres://localhost/foo?schema_dump=false now properly disable dumping the schema cache.

Mike Coutermarsh, Jean Boussier
Introduce ActiveRecord::Transactions::ClassMethods#set_callback.

It is identical to ActiveSupport::Callbacks::ClassMethods#set_callback but with support for after_commit and after_rollback callback options.

Joshua Young
Make ActiveRecord::Encryption::Encryptor agnostic of the serialization format used for encrypted data.

Previously, the encryptor instance only allowed an encrypted value serialized as a String to be passed to the message serializer.

Now, the encryptor lets the configured message_serializer decide which types of serialized encrypted values are supported. A custom serialiser is therefore allowed to serialize ActiveRecord::Encryption::Message objects using a type other than String.

The default ActiveRecord::Encryption::MessageSerializer already ensures that only String objects are passed for deserialization.

Maxime Réty
Fix encrypted_attribute? to take into account context properties passed to encrypts.

Maxime Réty
The object returned by explain now responds to pluck, first, last, average, count, maximum, minimum, and sum. Those new methods run EXPLAIN on the corresponding queries:
```
User.all.explain.count
```

EXPLAIN SELECT COUNT(*) FROM `users`

...

User.all.explain.maximum(:id)

EXPLAIN SELECT MAX(`users`.`id`) FROM `users`

...

```

*Petrik de Heus*

Fixes an issue where validates_associated :on option wasn't respected when validating associated records.

Austen Madden, Alex Ghiculescu, Rafał Brize
Allow overriding SQLite defaults from database.yml.

Any PRAGMA configuration set under the pragmas key in the configuration file takes precedence over Rails' defaults, and additional PRAGMAs can be set as well.
```
database: storage/development.sqlite3
timeout: 5000
pragmas:
  journal_mode: off
  temp_store: memory
```
Stephen Margheim
Remove warning message when running SQLite in production, but leave it unconfigured.

There are valid use cases for running SQLite in production. However, it must be done with care, so instead of a warning most users won't see anyway, it's preferable to leave the configuration commented out to force them to think about having the database on a persistent volume etc.

Jacopo Beschi, Jean Boussier
Add support for generated columns to the SQLite3 adapter.

Generated columns (both stored and dynamic) are supported since version 3.31.0 of SQLite. This adds support for those to the SQLite3 adapter.
```
create_table :users do |t|
  t.string :name
  t.virtual :name_upper, type: :string, as: 'UPPER(name)'
  t.virtual :name_lower, type: :string, as: 'LOWER(name)', stored: true
end
```
Stephen Margheim
TrilogyAdapter: ignore host if socket parameter is set.

This allows to configure a connection on a UNIX socket via DATABASE_URL:
```
DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
```
Jean Boussier
Make assert_queries_count, assert_no_queries, assert_queries_match, and assert_no_queries_match assertions public.

To assert the expected number of queries are made, Rails internally uses assert_queries_count and assert_no_queries. To assert that specific SQL queries are made, assert_queries_match and assert_no_queries_match are used. These assertions can now be used in applications as well.
```
class ArticleTest < ActiveSupport::TestCase
  test "queries are made" do
    assert_queries_count(1) { Article.first }
  end

  test "creates a foreign key" do
    assert_queries_match(/ADD FOREIGN KEY/i, include_schema: true) do
      @&#8203;connection.add_foreign_key(:comments, :posts)
    end
  end
end
```
Petrik de Heus, fatkodima
Fix has_secure_token calls the setter method on initialize.

Abeid Ahmed
When using a DATABASE_URL, allow for a configuration to map the protocol in the URL to a specific database adapter. This allows decoupling the adapter the application chooses to use from the database connection details set in the deployment environment.

ENV['DATABASE_URL'] = "mysql://localhost/example_database"

config.active_record.protocol_adapters.mysql = "trilogy"

will connect to MySQL using the trilogy adapter

```

*Jean Boussier*, *Kevin McPhillips*

In cases where MySQL returns warning_count greater than zero, but returns no warnings when the SHOW WARNINGS query is executed, ActiveRecord.db_warnings_action proc will still be called with a generic warning message rather than silently ignoring the warning(s).

Kevin McPhillips
DatabaseConfigurations#configs_for accepts a symbol in the name parameter.

Andrew Novoselac
Fix where(field: values) queries when field is a serialized attribute (for example, when field uses ActiveRecord::Base.serialize or is a JSON column).

João Alves
Make the output of ActiveRecord::Core#inspect configurable.

By default, calling inspect on a record will yield a formatted string including just the id.
```
Post.first.inspect #=> "#<Post id: 1>"
```
The attributes to be included in the output of inspect can be configured with ActiveRecord::Core#attributes_for_inspect.
```
Post.attributes_for_inspect = [:id, :title]
Post.first.inspect #=> "#<Post id: 1, title: "Hello, World!">"
```
With attributes_for_inspect set to :all, inspect will list all the record's attributes.
```
Post.attributes_for_inspect = :all
Post.first.inspect #=> "#<Post id: 1, title: "Hello, World!", published_at: "2023-10-23 14:28:11 +0000">"
```
In development and test mode, attributes_for_inspect will be set to :all by default.

You can also call full_inspect to get an inspection with all the attributes.

The attributes in attribute_for_inspect will also be used for pretty_print.

Andrew Novoselac
Don't mark attributes as changed when reassigned to Float::INFINITY or -Float::INFINITY.

Maicol Bentancor
Support the RETURNING clause for MariaDB.

fatkodima, Nikolay Kondratyev
The SQLite3 adapter now implements the supports_deferrable_constraints? contract.

Allows foreign keys to be deferred by adding the :deferrable key to the foreign_key options.
```
add_reference :person, :alias, foreign_key: { deferrable: :deferred }
add_reference :alias, :person, foreign_key: { deferrable: :deferred }
```
Stephen Margheim

Add the set_constraints helper to PostgreSQL connections.

Post.create!(user_id: -1) # => ActiveRecord::InvalidForeignKey

Post.transaction do
  Post.connection.set_constraints(:deferred)
  p = Post.create!(user_id: -1)
  u = User.create!
  p.user = u
  p.save!
end

Cody Cutrer

Include ActiveModel::API in ActiveRecord::Base.

Sean Doyle
Ensure #signed_id outputs url_safe strings.

Jason Meller
Add nulls_last and working desc.nulls_first for MySQL.

Tristan Fellows
Allow for more complex hash arguments for order which mimics where in ActiveRecord::Relation.
```
Topic.includes(:posts).order(posts: { created_at: :desc })
```
Myles Boone

Action View

Fix templates with strict locals to also include local_assigns.

Previously templates defining strict locals wouldn't receive the local_assigns hash.

Jean Boussier
Add queries count to template rendering instrumentation.

Before

Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms | Allocations: 112788)

After

Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms (2 queries, 1 cached) | Allocations: 112788)
```

*fatkodima*

Raise ArgumentError if :renderable object does not respond to #render_in.

Sean Doyle
Add the nonce: true option for stylesheet_link_tag helper to support automatic nonce generation for Content Security Policy.

Works the same way as javascript_include_tag nonce: true does.

Akhil G Krishnan, AJ Esler
Parse ActionView::TestCase#rendered HTML content as Nokogiri::XML::DocumentFragment instead of Nokogiri::XML::Document.

Sean Doyle
Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

Make RenderedViewContent inherit from String. Make private API with :nodoc:

Sean Doyle
Deprecate passing nil as value for the model: argument to the form_with method.

Collin Jilbert
Alias field_set_tag helper to fieldset_tag to match <fieldset> element.

Sean Doyle
Deprecate passing content to void elements when using tag.br type tag builders.

Hartley McGuire
Fix the number_to_human_size view helper to correctly work with negative numbers.

Earlopain
Automatically discard the implicit locals injected by collection rendering for template that can't accept them.

When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.

Now they are only passed if the template will actually accept them.

Yasha Krasnou, Jean Boussier
Fix @rails/ujs calling start() an extra time when using bundlers.

Hartley McGuire, Ryunosuke Sato
Fix the capture view helper compatibility with HAML and Slim.

When a blank string was captured in HAML or Slim (and possibly other template engines) it would instead return the entire buffer.

Jean Boussier
Updated @rails/ujs files to ignore certain data-* attributes when element is contenteditable.

This fix was already landed in >= 7.0.4.3, < 7.1.0. [CVE-2023-23913]

Ryunosuke Sato
Added validation for HTML tag names in the tag and content_tag helper method.

The tag and content_tag method now checks that the provided tag name adheres to the HTML specification. If an invalid HTML tag name is provided, the method raises an ArgumentError with an appropriate error message.

Examples:

Raises ArgumentError: Invalid HTML5 tag name: 12p

content_tag("12p") # Starting with a number

Raises ArgumentError: Invalid HTML5 tag name: ""

content_tag("") # Empty tag name

Raises ArgumentError: Invalid HTML5 tag name: div/

tag("div/") # Contains a solidus

Raises ArgumentError: Invalid HTML5 tag name: "image file"

tag("image file") # Contains a space
```

*Akhil G Krishnan*

Action Pack

Allow bots to ignore allow_browser.

Matthew Nguyen
Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Aaron Patterson, Zack Deveau
Fix Mime::Type.parse handling type parameters for HTTP Accept headers.

Taylor Chaparro
Fix the error page that is displayed when a view template is missing to account for nested controller paths in the suggested correct location for the missing template.

Joshua Young
Add save_and_open_page helper to IntegrationTest.

save_and_open_page is a helpful helper to keep a short feedback loop when working on system tests. A similar helper with matching signature has been added to integration tests.

Joé Dupuis
Fix a regression in 7.1.3 passing a to: option without a controller when the controller is already defined by a scope.
```
Rails.application.routes.draw do
  controller :home do
    get "recent", to: "recent_posts"
  end
end
```
Étienne Barrié
Request Forgery takes relative paths into account.

Stefan Wienert
Add ".test" as a default allowed host in development to ensure smooth golden-path setup with puma.dev.

DHH
Add allow_browser to set minimum browser versions for the application.

A browser that's blocked will by default be served the file in public/406-unsupported-browser.html with a HTTP status code of "406 Not Acceptable".
```
class ApplicationController < ActionController::Base
```

Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has

  allow_browser versions: :modern
end

class ApplicationController < ActionController::Base

All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+.

  allow_browser versions: { safari: 16.4, firefox: 121, ie: false }
end

class MessagesController < ApplicationController

In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action.

  allow_browser versions: { opera: 104, chrome: 119 }, only: :show
end
```

*DHH*

Add rate limiting API.

class SessionsController < ApplicationController
  rate_limit to: 10, within: 3.minutes, only: :create
end

class SignupsController < ApplicationController
  rate_limit to: 1000, within: 10.seconds,
    by: -> { request.domain }, with: -> { redirect_to busy_controller_url, alert: "Too many signups!" }, only: :new
end

DHH, Jean Boussier

Add image/svg+xml to the compressible content types of ActionDispatch::Static.

Georg Ledermann
Add instrumentation for ActionController::Live#send_stream.

Allows subscribing to send_stream events. The event payload contains the filename, disposition, and type.

Hannah Ramadan
Add support for with_routing test helper in ActionDispatch::IntegrationTest.

Gannon McGibbon
Remove deprecated support to set Rails.application.config.action_dispatch.show_exceptions to true and false.

Rafael Mendonça França
Remove deprecated speaker, vibrate, and vr permissions policy directives.

Rafael Mendonça França
Remove deprecated Rails.application.config.action_dispatch.return_only_request_media_type_on_content_type.

Rafael Mendonça França
Deprecate Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality.

Rafael Mendonça França
Remove deprecated comparison between ActionController::Parameters and Hash.

Rafael Mendonça França
Remove deprecated constant AbstractController::Helpers::MissingHelperError.

Rafael Mendonça França
Fix a race condition that could cause a Text file busy - chromedriver error with parallel system tests.

Matt Brictson
Add racc as a dependency since it will become a bundled gem in Ruby 3.4.0

Hartley McGuire
Remove deprecated constant ActionDispatch::IllegalStateError.

Rafael Mendonça França
Add parameter filter capability for redirect locations.

It uses the config.filter_parameters to match what needs to be filtered. The result would be like this:
```
Redirected to http://secret.foo.bar?username=roque&password=[FILTERED]
```
Fixes #14055.

Roque Pinel, Trevor Turk, tonytonyjan

Active Job

All tests now respect the active_job.queue_adapter config.

Previously if you had set config.active_job.queue_adapter in your config/application.rb or config/environments/test.rb file, the adapter you selected was previously not used consistently across all tests. In some tests your adapter would be used, but other tests would use the TestAdapter.

In Rails 7.2, all tests will respect the queue_adapter config if provided. If no config is provided, the TestAdapter will continue to be used.

See #48585 for more details.

Alex Ghiculescu
Make Active Job transaction aware when used conjointly with Active Record.

A common mistake with Active Job is to enqueue jobs from inside a transaction, causing them to potentially be picked and ran by another process, before the transaction is committed, which may result in various errors.
```
Topic.transaction do
  topic = Topic.create(...)
  NewTopicNotificationJob.perform_later(topic)
end
```
Now Active Job will automatically defer the enqueuing to after the transaction is committed, and drop the job if the transaction is rolled back.

Various queue implementations can choose to disable this behavior, and users can disable it, or force it on a per job basis:
```
class NewTopicNotificationJob < ApplicationJob
  self.enqueue_after_transaction_commit = :never # or `:always` or `:default`
end
```
Jean Boussier, Cristian Bica
Do not trigger immediate loading of ActiveJob::Base when loading ActiveJob::TestHelper.

Maxime Réty
Preserve the serialized timezone when deserializing ActiveSupport::TimeWithZone arguments.

Joshua Young
Remove deprecated :exponentially_longer value for the :wait in retry_on.

Rafael Mendonça França
Remove deprecated support to set numeric values to scheduled_at attribute.

Rafael Mendonça França
Deprecate Rails.application.config.active_job.use_big_decimal_serialize.

Rafael Mendonça França
Remove deprecated primitive serializer for BigDecimal arguments.

Rafael Mendonça França

Action Mailer

Remove deprecated params via :args for assert_enqueued_email_with.

Rafael Mendonça França
Remove deprecated config.action_mailer.preview_path.

Rafael Mendonça França

Action Cable

Bring ActionCable::Connection::TestCookieJar in alignment with ActionDispatch::Cookies::CookieJar in regards to setting the cookie value.

Before:
```
cookies[:foo] = { value: "bar" }
puts cookies[:foo] # => { value: "bar" }
```
After:
```
cookies[:foo] = { value: "bar" }
puts cookies[:foo] # => "bar"
```
Justin Ko
Record ping on every Action Cable message.

Previously only ping and welcome message types were keeping the connection active. Now every Action Cable message updates the pingedAt value, preventing the connection from being marked as stale.

yauhenininjia
Add two new assertion methods for Action Cable test cases: assert_has_no_stream and assert_has_no_stream_for.

These methods can be used to assert that a stream has been stopped, e.g. via stop_stream or stop_stream_for. They complement the already existing assert_has_stream and assert_has_stream_for methods.
```
assert_has_no_stream "messages"
assert_has_no_stream_for User.find(42)
```
Sebastian Pöll, Junichi Sato

Active Storage

Remove deprecated config.active_storage.silence_invalid_content_types_warning.

Rafael Mendonça França
Remove deprecated config.active_storage.replace_on_assign_to_many.

Rafael Mendonça França
Add support for custom key in ActiveStorage::Blob#compose.

Elvin Efendiev
Add image/webp to config.active_storage.web_image_content_types when load_defaults "7.2" is set.

Lewis Buckley
Fix JSON-encoding of ActiveStorage::Filename instances.

Jonathan del Strother
Fix N+1 query when fetching preview images for non-image assets.

Aaron Patterson & Justin Searls
Fix all Active Storage database related models to respect ActiveRecord::Base.table_name_prefix configuration.

Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController not returning the proper preview image variant for previewable files.

Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController to proxy untracked variants.

Chedli Bourguiba
When using the preprocessed: true option, avoid enqueuing transform jobs for blobs that are not representable.

Chedli Bourguiba
Prevent ActiveStorage::Blob#preview to generate a variant if an empty variation is passed.

Calls to #url, #key or #download will now use the original preview image instead of generating a variant with the exact same dimensions.

Chedli Bourguiba
Process preview image variant when calling ActiveStorage::Preview#processed.

For example, attached_pdf.preview(:thumb).processed will now immediately generate the full-sized preview image and the :thumb variant of it. Previously, the :thumb variant would not be generated until a further call to e.g. processed.url.

Chedli Bourguiba and Jonathan Hefner
Prevent ActiveRecord::StrictLoadingViolationError when strict loading is enabled and the variant of an Active Storage preview has already been processed (for example, by calling ActiveStorage::Preview#url).

Jonathan Hefner
Fix preprocessed: true option for named variants of previewable files.

Nico Wenterodt
Allow accepting service as a proc as well in has_one_attached and has_many_attached.

Yogesh Khater

Action Mailbox

Fix all Action Mailbox database related models to respect ActiveRecord::Base.table_name_prefix configuration.

Chedli Bourguiba

Action Text

Only sanitize content attribute when present in attachments.

Petrik de Heus
Sanitize ActionText HTML ContentAttachment in Trix edit view [CVE-2024-32464]

Aaron Patterson, Zack Deveau
Use includes instead of eager_load for with_all_rich_text.

Petrik de Heus

Delegate ActionText::Content#deconstruct to Nokogiri::XML::DocumentFragment#elements.

content = ActionText::Content.new <<~HTML
  <h1>Hello, world</h1>

  <div>The body</div>
HTML

content => [h1, div]

assert_pattern { h1 => { content: "Hello, world" } }
assert_pattern { div => { content: "The body" } }

Sean Doyle

Fix all Action Text database related models to respect ActiveRecord::Base.table_name_prefix configuration.

Chedli Bourguiba
Compile ESM package that can be used directly in the browser as actiontext.esm.js

Matias Grunberg
Fix using actiontext.js with Sprockets.

Matias Grunberg
Upgrade Trix to 2.0.7

Hartley McGuire
Fix using Trix with Sprockets.

Hartley McGuire

Railties

The new bin/rails boot command boots the application and exits. Supports the standard -e/--environment options.

Xavier Noria
Create a Dev Container Generator that generates a Dev Container setup based on the current configuration of the application. Usage:

bin/rails devcontainer

Andrew Novoselac
Add Rubocop and GitHub Actions to plugin generator. This can be skipped using --skip-rubocop and --skip-ci.

Chris Oliver
Remove support for oracle, sqlserver and JRuby specific database adapters from the rails new and rails db:system:change commands.

The supported options are sqlite3, mysql, postgresql and trilogy.

Andrew Novoselac
Add options to bin/rails app:update.

bin/rails app:update now supports the same generic options that generators do:
- --force: Accept all changes to existing files
- --skip: Refuse all changes to existing files
- --pretend: Don't make any changes
- --quiet: Don't output all changes made
Étienne Barrié
Implement Rails console commands and helpers with IRB v1.13's extension APIs.

Rails console users will now see helper, controller, new_session, and app under IRB help message's Helper methods category. And reload! command will be displayed under the new Rails console commands category.

Prior to this change, Rails console's commands and helper methods are added through IRB's private components and don't show up in its help message, which led to poor discoverability.

Stan Lo
Remove deprecated Rails::Generators::Testing::Behaviour.

Rafael Mendonça França
Remove deprecated find_cmd_and_exec console helper.

Rafael Mendonça França
Remove deprecated Rails.config.enable_dependency_loading.

Rafael Mendonça França
Remove deprecated Rails.application.secrets.

Rafael Mendonça França
Generated Gemfile will include require: "debug/prelude" for the debug gem.

Requiring debug gem directly automatically activates it, which could introduce additional overhead and memory usage even without entering a debugging session.

By making Bundler require debug/prelude instead, developers can keep their access to breakpoint methods like debugger or binding.break, but the debugger won't be activated until a breakpoint is hit.

Stan Lo
Skip generating a test job in ci.yml when a new application is generated with the --skip-test option.

Steve Polito
Update the .node-version file conditionally generated for new applications to 20.11.1

Steve Polito
Fix sanitizer vendor configuration in 7.1 defaults.

In apps where rails-html-sanitizer was not eagerly loaded, the sanitizer default could end up being Rails::HTML4::Sanitizer when it should be set to Rails::HTML5::Sanitizer.

Mike Dalessio, Rafael Mendonça França
Set action_mailer.default_url_options values in development and test.

Prior to this commit, new Rails applications would raise ActionView::Template::Error if a mailer included a url built with a *_path helper.

Steve Polito
Introduce Rails::Generators::Testing::Assertions#assert_initializer.

Compliments the existing initializer generator action.
```
assert_initializer "mail_interceptors.rb"
```
Steve Polito
Generate a .devcontainer folder and its contents when creating a new app.

The .devcontainer folder includes everything needed to boot the app and do development in a remote container.

The container setup includes:
- A redis container for Kredis, ActionCable etc.
- A database (SQLite, Postgres, MySQL or MariaDB)
- A Headless chrome container for system tests
- Active Storage configured to use the local disk and with preview features working
If any of these options are skipped in the app setup they will not be included in the container configuration.

These files can be skipped using the --skip-devcontainer option.

Andrew Novoselac & Rafael Mendonça França
Introduce SystemTestCase#served_by for configuring the System Test application server.

By default this is localhost. This method allows the host and port to be specified manually.
```
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
  served_by host: "testserver", port: 45678
end
```
Andrew Novoselac & Rafael Mendonça França
bin/rails test will no longer load files named *_test.rb if they are located in the fixtures folder.

Edouard Chin
Ensure logger tags configured with config.log_tags are still active in request.action_dispatch handlers.

KJ Tsanaktsidis
Setup jemalloc in the default Dockerfile for memory optimization.

Matt Almeida, Jean Boussier
Commented out lines in .railsrc file should not be treated as arguments when using rails new generator command. Update ARGVScrubber to ignore text after # symbols.

Willian Tenfen
Skip CSS when generating APIs.

Ruy Rocha
Rails console now indicates application name and the current Rails environment:
```
my-app(dev)> # for RAILS_ENV=development
my-app(test)> # for RAILS_ENV=test
my-app(prod)> # for RAILS_ENV=production
my-app(my_env)> # for RAILS_ENV=my_env
```
The application name is derived from the application's module name from config/application.rb. For example, MyApp will displayed as my-app in the prompt.

Additionally, the environment name will be colorized when the environment is development (blue), test (blue), or production (red), if your terminal supports it.

Stan Lo
Ensure autoload_paths, autoload_once_paths, eager_load_paths, and load_paths only have directories when initialized from engine defaults.

Previously, files under the app directory could end up there too.

Takumasa Ochi
Prevent unnecessary application reloads in development.

Previously, some files outside autoload paths triggered unnecessary reloads. With this fix, application reloads according to Rails.autoloaders.main.dirs, thereby preventing unnecessary reloads.

Takumasa Ochi
Use oven-sh/setup-bun in GitHub CI when generating an app with Bun.

TangRufus
Disable pidfile generation in the production environment.

Hans Schnedlitz
Set config.action_view.annotate_rendered_view_with_filenames to true in the development environment.

Adrian Marin
Support the BACKTRACE environment variable to turn off backtrace cleaning.

Useful for debugging framework code:
```
BACKTRACE=1 bin/rails server
```
Alex Ghiculescu
Raise ArgumentError when reading config.x.something with arguments:
```
config.x.this_works.this_raises true # raises ArgumentError
```
Sean Doyle
Add default PWA files for manifest and service-worker that are served from app/views/pwa and can be dynamically rendered through ERB. Mount these files explicitly at the root with default routes in the generated routes file.

DHH
Updated system tests to now use headless Chrome by default for the new applications.

DHH
Add GitHub CI files for Dependabot, Brakeman, RuboCop, and running tests by default. Can be skipped with --skip-ci.

DHH
Add Brakeman by default for static analysis of security vulnerabilities. Allow skipping with --skip-brakeman option.

vipulnsward
Add RuboCop with rules from rubocop-rails-omakase by default. Skip with --skip-rubocop.

DHH and zzak
Use bin/rails runner --skip-executor to not wrap the runner script with an Executor.

Ben Sheldon
Fix isolated engines to take ActiveRecord::Base.table_name_prefix into consideration.

This will allow for engine defined models, such as inside Active Storage, to respect Active Record table name prefix configuration.

Chedli Bourguiba
Fix running db:system:change when the app has no Dockerfile.

Hartley McGuire
In Action Mailer previews, list inline attachments separately from normal attachments.

For example, attachments that were previously listed like

Attachments: logo.png file1.pdf file2.pdf

will now be listed like

Attachments: file1.pdf file2.pdf (Inline: logo.png)

Christian Schmidt and Jonathan Hefner
In mailer preview, only show SMTP-To if it differs from the union of To, Cc and Bcc.

Christian Schmidt
Enable YJIT by default on new applications running Ruby 3.3+.

This can be disabled by setting Rails.application.config.yjit = false

Jean Boussier, Rafael Mendonça França
In Action Mailer previews, show date from message Date header if present.

Sampat Badhe
Exit with non-zero status when the migration generator fails.

Katsuhiko YOSHIDA
Use numeric UID and GID in Dockerfile template.

The Dockerfile generated by rails new sets the default user and group by name instead of UID:GID. This can cause the following error in Kubernetes:
```
container has runAsNonRoot and image has non-numeric user (rails), cannot verify user is non-root
```
This change sets default user and group by their numeric values.

Ivan Fedotov
Disallow invalid values for rails new options.

The --database, --asset-pipeline, --css, and --javascript options for rails new take different arguments. This change validates them.

Tony Drake, Akhil G Krishnan, Petrik de Heus
Conditionally print $stdout when invoking run_generator.

In an effort to improve the developer experience when debugging generator tests, we add the ability to conditionally print $stdout instead of capturing it.

This allows for calls to binding.irb and puts work as expected.
```
RAILS_LOG_TO_STDOUT=true ./bin/test test/generators/actions_test.rb
```
Steve Polito
Remove the option config.public_file_server.enabled from the generators for all environments, as the value is the same in all environments.

Adrian Hirt

`v7.1.3.4`: 7.1.3.4

Compare Source

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

Sanitize ActionText HTML ContentAttachment in Trix edit view [CVE-2024-32464]

Railties

No changes.

`v7.1.3.3`: 7.1.3.3

Compare Source

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

Upgrade Trix to 2.1.1 to fix CVE-2024-34341.

Rafael Mendonça França

Railties

No changes.

`v7.1.3.2`

Compare Source

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

`v7.1.3.1`: 7.1.3.1

Compare Source

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Fix possible XSS vulnerability with the translate method in controllers

CVE-2024-26143
Fix ReDoS in Accept header parsing

CVE-2024-26142

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

No changes.

`v7.1.3`: 7.1.3

Compare Source

Active Support

Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

Eugene Kenny
Fix ActiveSupport::JSON.encode to prevent duplicate keys.

If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.

Manish Sharma
Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace and local cache strategy.

Mark Oleson
Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.

Aleksei Chernenkov
Fix :unless_exist option for MemoryStore#write (et al) when using a cache namespace.

S. Brent Faulkner
Fix ActiveSupport::Deprecation to handle blaming generated code.

Jean Boussier, fatkodima

Active Model

No changes.

Active Record

Fix Migrations with versions older than 7.1 validating options given to add_reference.

Hartley McGuire
Ensure reload sets correct owner for each association.

Dmytro Savochkin
Fix view runtime for controllers with async queries.

fatkodima
Fix load_async to work with query cache.

fatkodima
Fix polymorphic belongs_to to correctly use parent's query_constraints.

fatkodima
Fix Preloader to not generate a query for already loaded association with query_constraints.

fatkodima
Fix multi-database polymorphic preloading with equivalent table names.

When preloading polymorphic associations, if two models pointed to two tables with the same name but located in different databases, the preloader would only load one.

Ari Summer
Fix encrypted_attribute? to take into account context properties passed to encrypts.

Maxime Réty
Fix find_by to work correctly in presence of composite primary keys.

fatkodima
Fix async queries sometimes returning a raw result if they hit the query cache.

ShipPart.async_count could return a raw integer rather than a Promise if it found the result in the query cache.

fatkodima
Fix Relation#transaction to not apply a default scope.

The method was incorrectly setting a default scope around its block:
```
Post.where(published: true).transaction do
  Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE;
end
```
Jean Boussier
Fix calling async_pluck on a none relation.

Model.none.async_pluck(:id) was returning a naked value instead of a promise.

Jean Boussier
Fix calling load_async on a none relation.

Model.none.load_async was returning a broken result.

Lucas Mazza
TrilogyAdapter: ignore host if socket parameter is set.

This allows to configure a connection on a UNIX socket via DATABASE_URL:
```
DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
```
Jean Boussier
Fix has_secure_token calls the setter method on initialize.

Abeid Ahmed
Allow using object_id as a database column name. It was available before rails 7.1 and may be used as a part of polymorphic relationship to object where object can be any other database record.

Mikhail Doronin
Fix rails db:create:all to not touch databases before they are created.

fatkodima

Action View

Better handle SyntaxError in Action View.

Mario Caropreso
Fix word_wrap with empty string.

Jonathan Hefner
Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

Make RenderedViewContent inherit from String. Make private API with :nodoc:.

Sean Doyle
Fix detection of required strict locals.

Further fix render @collection compatibility with strict locals

Jean Boussier

Action Pack

Fix including Rails.application.routes.url_helpers directly in an ActiveSupport::Concern.

Jonathan Hefner
Fix system tests when using a Chrome binary that has been downloaded by Selenium.

Jonathan Hefner

Active Job

Do not trigger immediate loading of ActiveJob::Base when loading ActiveJob::TestHelper.

Maxime Réty
Preserve the serialized timezone when deserializing ActiveSupport::TimeWithZone arguments.

Joshua Young
Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers.

fatkodima

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

Fix N+1 query when fetching preview images for non-image assets.

Aaron Patterson & Justin Searls
Fix all Active Storage database related models to respect ActiveRecord::Base.table_name_prefix configuration.

Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController not returning the proper preview image variant for previewable files.

Chedli Bourguiba
Fix ActiveStorage::Representations::ProxyController to proxy untracked variants.

Chedli Bourguiba
Fix direct upload forms when submit button contains nested elements.

Marc Köhlbrugge
When using the preprocessed: true option, avoid enqueuing transform jobs for blobs that are not representable.

Chedli Bourguiba
Process preview image variant when calling ActiveStorage::Preview#processed. For example, attached_pdf.preview(:thumb).processed will now immediately generate the full-sized preview image and the :thumb variant of it. Previously, the :thumb variant would not be generated until a further call to e.g. processed.url.

Chedli Bourguiba and Jonathan Hefner
Prevent ActiveRecord::StrictLoadingViolationError when strict loading is enabled and the variant of an Active Storage preview has already been processed (for example, by calling ActiveStorage::Preview#url).

Jonathan Hefner
Fix preprocessed: true option for named variants of previewable files.

Nico Wenterodt

Action Mailbox

No changes.

Action Text

No changes.

Railties

Make sure config.after_routes_loaded hook runs on boot.

Rafael Mendonça França
Fix config.log_level not being respected when using a BroadcastLogger

Édouard Chin
Fix isolated engines to take ActiveRecord::Base.table_name_prefix into consideration. This will allow for engine defined models, such as inside Active Storage, to respect Active Record table name prefix configuration.

Chedli Bourguiba
The bin/rails app:template command will no longer add potentially unwanted gem platforms via bundle lock --add-platform=... commands.

Jonathan Hefner

`v7.1.2`: 7.1.2

Compare Source

Active Support

Fix :expires_in option for RedisCacheStore#write_multi.

fatkodima
Fix deserialization of non-string "purpose" field in Message serializer

Jacopo Beschi
Prevent global cache options being overwritten when setting dynamic options inside a ActiveSupport::Cache::Store#fetch block.

Yasha Krasnou
Fix missing require resulting in NoMethodError when running bin/rails secrets:show or bin/rails secrets:edit.

Stephen Ierodiaconou
Ensure {down,up}case_first returns non-frozen string.

Jonathan Hefner
Fix #to_fs(:human_size) to correctly work with negative numbers.

Earlopain
Fix BroadcastLogger#dup so that it duplicates the logger's broadcasts.

Andrew Novoselac
Fix issue where bootstrap.rb overwrites the level of a BroadcastLogger's broadcasts.

Andrew Novoselac
Fix ActiveSupport::Cache to handle outdated Marshal payload from Rails 6.1 format.

Active Support's Cache is supposed to treat a Marshal payload that can no longer be deserialized as a cache miss. It fail to do so for compressed payload in the Rails 6.1 legacy format.

Jean Boussier
Fix OrderedOptions#dig for array indexes.

fatkodima
Fix time travel helpers to work when nested using with separate classes.

fatkodima
Fix delete_matched for file cache store to work with keys longer than the max filename size.

fatkodima and Jonathan Hefner
Fix compatibility with the semantic_logger gem.

The semantic_logger gem doesn't behave exactly like stdlib logger in that SemanticLogger#level returns a Symbol while stdlib Logger#level returns an Integer.

This caused the various LogSubscriber classes in Rails to break when assigned a SemanticLogger instance.

Jean Boussier, ojab

Active Model

Make ==(other) method of AttributeSet safe.

Dmitry Pogrebnoy

Active Record

Fix renaming primary key index when renaming a table with a UUID primary key in PostgreSQL.

fatkodima
Fix where(field: values) queries when field is a serialized attribute (for example, when field uses ActiveRecord::Base.serialize or is a JSON column).

João Alves
Prevent marking broken connections as verified.

Daniel Colson
Don't mark Float::INFINITY as changed when reassigning it

When saving a record with a float infinite value, it shouldn't mark as changed

Maicol Bentancor
ActiveRecord::Base.table_name now returns nil instead of raising "undefined method abstract_class? for Object:Class".

a5-stable
Fix upserting for custom :on_duplicate and :unique_by consisting of all inserts keys.

fatkodima
Fixed an issue where saving a record could innappropriately dup its attributes.

Jonathan Hefner
Dump schema only for a specific db for rollback/up/down tasks for multiple dbs.

fatkodima
Fix NoMethodError when casting a PostgreSQL money value that uses a comma as its radix point and has no leading currency symbol. For example, when casting "3,50".

Andreas Reischuck and Jonathan Hefner
Re-enable support for using enum with non-column-backed attributes. Non-column-backed attributes must be previously declared with an explicit type. For example:
```
class Post < ActiveRecord::Base
  attribute :topic, :string
  enum topic: %i[science tech engineering math]
end
```
Jonathan Hefner
Raise on foreign_key: being passed as an array in associations

Nikita Vasilevsky
Return back maximum allowed PostgreSQL table name to 63 characters.

fatkodima
Fix detecting IDENTITY columns for PostgreSQL < 10.

fatkodima

Action View

Fix the number_to_human_size view helper to correctly work with negative numbers.

Earlopain
Automatically discard the implicit locals injected by collection rendering for template that can't accept them

When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.

Now they are only passed if the template will actually accept them.

Yasha Krasnou, Jean Boussier
Fix @rails/ujs calling start() an extra time when using bundlers

Hartley McGuire, Ryunosuke Sato
Fix the capture view helper compatibility with HAML and Slim

When a blank string was captured in HAML or Slim (and possibly other template engines) it would instead return the entire buffer.

Jean Boussier

Action Pack

Fix a race condition that could cause a Text file busy - chromedriver error with parallel system tests

Matt Brictson
Fix StrongParameters#extract_value to include blank values

Otherwise composite parameters may not be parsed correctly when one of the component is blank.

fatkodima, Yasha Krasnou, Matthias Eiglsperger
Add racc as a dependency since it will become a bundled gem in Ruby 3.4.0

Hartley McGuire
Support handling Enumerator for non-buffered responses.

Zachary Scott

Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

Compile ESM package that can be used directly in the browser as actiontext.esm.js

Matias Grunberg
Fix using actiontext.js with Sprockets

Matias Grunberg
Upgrade Trix to 2.0.7

Hartley McGuire
Fix using Trix with Sprockets

Hartley McGuire

Railties

Fix running db:system:change when app has no Dockerfile.

Hartley McGuire
If you accessed config.eager_load_paths and friends, later changes to config.paths were not reflected in the expected auto/eager load paths. Now, they are.

This bug has been latent since Rails 3.

Fixes #49629.

Xavier Noria

`v7.1.1`: 7.1.1

Compare Source

Active Support

Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger.

Jenny Shen
NumberHelper: handle objects responding to_d.

fatkodima
Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.

This bug was only impacting Redis server older than 7.0.

Thomas Countz
Fix MemoryStore to prevent race conditions when incrementing or decrementing.

Pierre Jambet

Active Model

No changes.

Active Record

Fix auto populating IDENTITY columns for PostgreSQL.

fatkodima
Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when down migrating rename_table in older migrations.

fatkodima
Do not require the Action Text, Active Storage and Action Mailbox tables to be present when running when running test on CI.

Rafael Mendonça França

Action View

Updated @rails/ujs files to ignore certain data-* attributes when element is contenteditable.

This fix was already landed in >= 7.0.4.3, < 7.1.0. [CVE-2023-23913]

Ryunosuke Sato

Action Pack

No changes.

Active Job

Don't log enqueuing details when the job wasn't enqueued.

Dustin Brown

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.

Action Mailbox

No changes.

Action Text

No changes.

Railties

Ensures the Rails generated Dockerfile uses correct ruby version and matches Gemfile.

Abhay Nikam

`v7.1.0`: 7.1.0

Compare Source

Active Support

Fix AS::MessagePack with ENV["RAILS_MAX_THREADS"].

Jonathan Hefner

Add a new public API for broadcasting logs

This feature existed for a while but was until now a private API. Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and is used by default in the development environment to write logs both on STDOUT and in the "development.log" file.

Basic usage:

stdout_logger = Logger.new(STDOUT)
file_logger = Logger.new("development.log")
broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger)

broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file.

Adding other sink(s) to the broadcast:

broadcast = ActiveSupport::BroadcastLogger.new
broadcast.broadcast_to(Logger.new(STDERR))

Remove a sink from the broadcast:

stdout_logger = Logger.new(STDOUT)
broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger)

broadcast.stop_broadcasting_to(stdout_logger)

Edouard Chin

Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3

Nobuyoshi Nakada, Shouichi Kamiya, Hartley McGuire
Use Ruby 3.3 Range#overlap? if available

Yasuo Honda
Add bigdecimal as Active Support dependency that is a bundled gem candidate for Ruby 3.4.

bigdecimal 3.1.4 or higher version will be installed. Ruby 2.7 and 3.0 users who want bigdecimal version 2.0.0 or 3.0.0 behavior as a default gem, pin the bigdecimal version in your application Gemfile.

Koichi ITO
Add drb, mutex_m and base64 that are bundled gem candidates for Ruby 3.4

Yasuo Honda
When using cache format version >= 7.1 or a custom serializer, expired and version-mismatched cache entries can now be detected without deserializing their values.

Jonathan Hefner
Make all cache stores return a boolean for #delete

Previously the RedisCacheStore#delete would return 1 if the entry exists and 0 otherwise. Now it returns true if the entry exists and false otherwise, just like the other stores.

The FileStore would return nil if the entry doesn't exists and returns false now as well.

Petrik de Heus
Active Support cache stores now support replacing the default compressor via a :compressor option. The specified compressor must respond to deflate and inflate. For example:
```
module MyCompressor
  def self.deflate(string)
```

compression logic...

    end

    def self.inflate(compressed)

decompression logic...

    end
  end

  config.cache_store = :redis_cache_store, { compressor: MyCompressor }
  ```

*Jonathan Hefner*

Active Support cache stores now support a :serializer option. Similar to the :coder option, serializers must respond to dump and load. However, serializers are only responsible for serializing a cached value, whereas coders are responsible for serializing the entire ActiveSupport::Cache::Entry instance. Additionally, the output from serializers can be automatically compressed, whereas coders are responsible for their own compression.

Specifying a serializer instead of a coder also enables performance optimizations, including the bare string optimization introduced by cache format version 7.1.

The :serializer and :coder options are mutually exclusive. Specifying both will raise an ArgumentError.

Jonathan Hefner
Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

James Robinson

Don't show secrets for ActiveSupport::KeyGenerator#inspect.

Before:

ActiveSupport::KeyGenerator.new(secret).inspect
"#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

After:

ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
"#<ActiveSupport::KeyGenerator:0x0000000104888038>"

Petrik de Heus

Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem

Hartley McGuire
Add :report behavior for Deprecation

Setting config.active_support.deprecation = :report uses the error reporter to report deprecation warnings to ActiveSupport::ErrorReporter.

Deprecations are reported as handled errors, with a severity of :warning.

Useful to report deprecations happening in production to your bug tracker.

Étienne Barrié
Rename Range#overlaps? to #overlap? and add alias for backwards compatibility

Christian Schmidt
Fix EncryptedConfiguration returning incorrect values for some Hash methods

Hartley McGuire

Don't show secrets for MessageEncryptor#inspect.

Before:

ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
"#<ActiveSupport::MessageEncryptor:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

After:

ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
"#<ActiveSupport::MessageEncryptor:0x0000000104888038>"

Petrik de Heus

Don't show contents for EncryptedConfiguration#inspect.

Before:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @&#8203;config={:secret=>\"something secret\"} ... @&#8203;key_file_contents=\"915e4ea054e011022398dc242\" ...>"

After:

Rails.application.credentials.inspect
"#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"

Petrik de Heus

ERB::Util.html_escape_once always returns an html_safe string.

This method previously maintained the html_safe? property of a string on the return value. Because this string has been escaped, however, not marking it as html_safe causes entities to be double-escaped.

As an example, take this view snippet:
```
<p><%= html_escape_once("this & that &amp; the other") %></p>
```
Before this change, that would be double-escaped and render as:
```
<p>this &amp;amp; that &amp;amp; the other</p>
```
After this change, it renders correctly as:
```
<p>this &amp; that &amp; the other</p>
```
Fixes #48256

Mike Dalessio
Deprecate SafeBuffer#clone_empty.

This method has not been used internally since Rails 4.2.0.

Mike Dalessio
MessageEncryptor, MessageVerifier, and config.active_support.message_serializer now accept :message_pack and :message_pack_allow_marshal as serializers. These serializers require the msgpack gem (>= 1.7.0).

The Message Pack format can provide improved performance and smaller payload sizes. It also supports round-tripping some Ruby types that are not supported by JSON. For example:
```
verifier = ActiveSupport::MessageVerifier.new("secret")
data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)]
message = verifier.generate(data)
```

BEFORE with config.active_support.message_serializer = :json

  verifier.verified(message)

=> [{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"]

  verifier.verified(message).map(&:class)

=> [Hash, Hash, String, String]

AFTER with config.active_support.message_serializer = :message_pack

  verifier.verified(message)

=> [{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600]

  verifier.verified(message).map(&:class)

=> [Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time]

  ```

The `:message_pack` serializer can fall back to deserializing with
`ActiveSupport::JSON` when necessary, and the `:message_pack_allow_marshal`
serializer can fall back to deserializing with `Marshal` as well as
`ActiveSupport::JSON`. Additionally, the `:marshal`, `:json`, and
`:json_allow_marshal` serializers can now fall back to deserializing with
`ActiveSupport::MessagePack` when necessary. These behaviors ensure old
messages can still be read so that migration is easier.

*Jonathan Hefner*

A new 7.1 cache format is available which includes an optimization for bare string values such as view fragments.

The 7.1 cache format is used by default for new apps, and existing apps can enable the format by setting config.load_defaults 7.1 or by setting config.active_support.cache_format_version = 7.1 in config/application.rb or a config/environments/*.rb file.

Cache entries written using the 6.1 or 7.0 cache formats can be read when using the 7.1 format. To perform a rolling deploy of a Rails 7.1 upgrade, wherein servers that have not yet been upgraded must be able to read caches from upgraded servers, leave the cache format unchanged on the first deploy, then enable the 7.1 cache format on a subsequent deploy.

Jonathan Hefner
Active Support cache stores can now use a preconfigured serializer based on ActiveSupport::MessagePack via the :serializer option:
```
config.cache_store = :redis_cache_store, { serializer: :message_pack }
```
The :message_pack serializer can reduce cache entry sizes and improve performance, but requires the msgpack gem (>= 1.7.0).

The :message_pack serializer can read cache entries written by the default serializer, and the default serializer can now read entries written by the :message_pack serializer. These behaviors make it easy to migrate between serializer without invalidating the entire cache.

Jonathan Hefner

Object#deep_dup no longer duplicate named classes and modules.

Before:

hash = { class: Object, module: Kernel }
hash.deep_dup # => {:class=>#<Class:0x00000001063ffc80>, :module=>#<Module:0x00000001063ffa00>}

After:

hash = { class: Object, module: Kernel }
hash.deep_dup # => {:class=>Object, :module=>Kernel}

Jean Boussier

Consistently raise an ArgumentError if the ActiveSupport::Cache key is blank.

Joshua Young
Deprecate usage of the singleton ActiveSupport::Deprecation.

All usage of ActiveSupport::Deprecation as a singleton is deprecated, the most common one being ActiveSupport::Deprecation.warn. Gem authors should now create their own deprecator (ActiveSupport::Deprecation object), and use it to emit deprecation warnings.

Calling any of the following without specifying a deprecator argument is also deprecated:
- Module.deprecate
- deprecate_constant
- DeprecatedObjectProxy
- DeprecatedInstanceVariableProxy
- DeprecatedConstantProxy
- deprecation-related test assertions
Use of ActiveSupport::Deprecation.silence and configuration methods like behavior=, disallowed_behavior=, disallowed_warnings= should now be aimed at the application's deprecators.
```
Rails.application.deprecators.silence do
```

code that emits deprecation warnings

end
```

If your gem has a Railtie or Engine, it's encouraged to add your deprecator to the application's deprecators, that
way the deprecation related configuration options will apply to it as well, e.g.
`config.active_support.report_deprecations` set to `false` in the production environment will also disable your
deprecator.

```ruby
initializer "my_gem.deprecator" do |app|
  app.deprecators[:my_gem] = MyGem.deprecator
end
```

*Étienne Barrié*

Add Object#with to set and restore public attributes around a block

client.timeout # => 5
client.with(timeout: 1) do
  client.timeout # => 1
end
client.timeout # => 5

Jean Boussier

Remove deprecated support to generate incorrect RFC 4122 UUIDs when providing a namespace ID that is not one of the constants defined on Digest::UUID.

Rafael Mendonça França
Deprecate config.active_support.use_rfc4122_namespaced_uuids.

Rafael Mendonça França
Remove implicit conversion of objects into String by ActiveSupport::SafeBuffer.

Rafael Mendonça França
Remove deprecated active_support/core_ext/range/include_time_with_zone file.

Rafael Mendonça França
Deprecate config.active_support.remove_deprecated_time_with_zone_name.

Rafael Mendonça França
Remove deprecated override of ActiveSupport::TimeWithZone.name.

Rafael Mendonça França
Deprecate config.active_support.disable_to_s_conversion.

Rafael Mendonça França
Remove deprecated option to passing a format to #to_s in Array, Range, Date, DateTime, Time, BigDecimal, Float and, Integer.

Rafael Mendonça França
Remove deprecated ActiveSupport::PerThreadRegistry.

Rafael Mendonça França
Remove deprecated override of Enumerable#sum.

Rafael Mendonça França
Deprecated initializing a ActiveSupport::Cache::MemCacheStore with an instance of Dalli::Client.

Deprecate the undocumented option of providing an already-initialized instance of Dalli::Client to ActiveSupport::Cache::MemCacheStore. Such clients could be configured with unrecognized options, which could lead to unexpected behavior. Instead, provide addresses as documented.

aledustet
Stub Time.new() in TimeHelpers#travel_to
```
travel_to Time.new(2004, 11, 24) do
```

Inside the `travel_to` block `Time.new` is stubbed

    assert_equal 2004, Time.new.year
  end
  ```

*fatkodima*

Raise ActiveSupport::MessageEncryptor::InvalidMessage from ActiveSupport::MessageEncryptor#decrypt_and_verify regardless of cipher. Previously, when a MessageEncryptor was using a non-AEAD cipher such as AES-256-CBC, a corrupt or tampered message would raise ActiveSupport::MessageVerifier::InvalidSignature. Now, all ciphers raise the same error:
```
encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-gcm")
message = encryptor.encrypt_and_sign("message")
encryptor.decrypt_and_verify(message.next)
```

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-cbc")
  message = encryptor.encrypt_and_sign("message")
  encryptor.decrypt_and_verify(message.next)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  ```

*Jonathan Hefner*

Support nil original values when using ActiveSupport::MessageVerifier#verify. Previously, MessageVerifier#verify did not work with nil original values, though both MessageVerifier#verified and MessageEncryptor#decrypt_and_verify do:
```
encryptor = ActiveSupport::MessageEncryptor.new(secret)
message = encryptor.encrypt_and_sign(nil)

encryptor.decrypt_and_verify(message)
```

=> nil

  verifier = ActiveSupport::MessageVerifier.new(secret)
  message = verifier.generate(nil)

  verifier.verified(message)

=> nil

  verifier.verify(message)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> nil

  ```

*Jonathan Hefner*

Maintain html_safe? on html_safe strings when sliced with slice, slice!, or chr method.

Previously, html_safe? was only maintained when the html_safe strings were sliced with [] method. Now, slice, slice!, and chr methods will maintain html_safe? like [] method.
```
string = "<div>test</div>".html_safe
string.slice(0, 1).html_safe? # => true
string.slice!(0, 1).html_safe? # => true
```

maintain html_safe? after the slice!

string.html_safe? # => true
string.chr.html_safe? # => true
```

*Michael Go*

Add Object#in? support for open ranges.

assert Date.today.in?(..Date.tomorrow)
assert_not Date.today.in?(Date.tomorrow..)

Ignacio Galindo

config.i18n.raise_on_missing_translations = true now raises on any missing translation.

Previously it would only raise when called in a view or controller. Now it will raise anytime I18n.t is provided an unrecognised key.

If you do not want this behaviour, you can customise the i18n exception handler. See the upgrading guide or i18n guide for more information.

Alex Ghiculescu
ActiveSupport::CurrentAttributes now raises if a restricted attribute name is used.

Attributes such as set and reset cannot be used as they clash with the CurrentAttributes public API.

Alex Ghiculescu
HashWithIndifferentAccess#transform_keys now takes a Hash argument, just as Ruby's Hash#transform_keys does.

Akira Matsuda
delegate now defines method with proper arity when delegating to a Class. With this change, it defines faster method (3.5x faster with no argument). However, in order to gain this benefit, the delegation target method has to be defined before declaring the delegation.

This defines 3.5 times faster method than before

class C
  def self.x() end
  delegate :x, to: :class
end

class C

This works but silently falls back to old behavior because

`delegate` cannot find the definition of `x`

  delegate :x, to: :class
  def self.x() end
end
```

*Akira Matsuda*

assert_difference message now includes what changed.

This makes it easier to debug non-obvious failures.

Before:

"User.count" didn't change by 32.
Expected: 1611
  Actual: 1579

After:

"User.count" didn't change by 32, but by 0.
Expected: 1611
  Actual: 1579

Alex Ghiculescu

Add ability to match exception messages to assert_raises assertion

Instead of this

error = assert_raises(ArgumentError) do
  perform_service(param: 'exception')
end
assert_match(/incorrect param/i, error.message)

you can now write this

assert_raises(ArgumentError, match: /incorrect param/i) do
  perform_service(param: 'exception')
end

fatkodima

Add Rails.env.local? shorthand for Rails.env.development? || Rails.env.test?.

DHH
ActiveSupport::Testing::TimeHelpers now accepts named with_usec argument to freeze_time, travel, and travel_to methods. Passing true prevents truncating the destination time with change(usec: 0).

KevSlashNull, and serprex
ActiveSupport::CurrentAttributes.resets now accepts a method name

The block API is still the recommended approach, but now both APIs are supported:
```
class Current < ActiveSupport::CurrentAttributes
  resets { Time.zone = nil }
  resets :clear_time_zone
end
```
Alex Ghiculescu
Ensure ActiveSupport::Testing::Isolation::Forking closes pipes

Previously, Forking.run_in_isolation opened two ends of a pipe. The fork process closed the read end, wrote to it, and then terminated (which presumably closed the file descriptors on its end). The parent process closed the write end, read from it, and returned, never closing the read end.

This resulted in an accumulation of open file descriptors, which could cause errors if the limit is reached.

Sam Bostock
Fix Time#change and Time#advance for times around the end of Daylight Saving Time.

Previously, when Time#change or Time#advance constructed a time inside the final stretch of Daylight Saving Time (DST), the non-DST offset would always be chosen for local times:

DST ended just before 2021-11-07 2:00:00 AM in US/Eastern.

ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0500

```

And the DST offset would always be chosen for times with a `TimeZone`
object:

```ruby
Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0400

```

Now, `Time#change` and `Time#advance` will choose the offset that matches
the original time's offset when possible:

```ruby
ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0400

Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0500

```

*Kevin Hall*, *Takayoshi Nishida*, and *Jonathan Hefner*

Fix MemoryStore to preserve entries TTL when incrementing or decrementing

This is to be more consistent with how MemCachedStore and RedisCacheStore behaves.

Jean Boussier

Rails.error.handle and Rails.error.record filter now by multiple error classes.

Rails.error.handle(IOError, ArgumentError) do
  1 + '1' # raises TypeError
end
1 + 1 # TypeErrors are not IOErrors or ArgumentError, so this will *not* be handled

Martin Spickermann

Class#subclasses and Class#descendants now automatically filter reloaded classes.

Previously they could return old implementations of reloadable classes that have been dereferenced but not yet garbage collected.

They now automatically filter such classes like DescendantTracker#subclasses and DescendantTracker#descendants.

Jean Boussier
Rails.error.report now marks errors as reported to avoid reporting them twice.

In some cases, users might want to report errors explicitly with some extra context before letting it bubble up.

This also allows to safely catch and report errors outside of the execution context.

Jean Boussier
Add assert_error_reported and assert_no_error_reported

Allows to easily asserts an error happened but was handled
```
report = assert_error_reported(IOError) do
```

...

end
assert_equal "Oops", report.error.message
assert_equal "admin", report.context[:section]
assert_equal :warning, report.severity
assert_predicate report, :handled?
```

*Jean Boussier*

ActiveSupport::Deprecation behavior callbacks can now receive the deprecator instance as an argument. This makes it easier for such callbacks to change their behavior based on the deprecator's state. For example, based on the deprecator's debug flag.

3-arity and splat-args callbacks such as the following will now be passed the deprecator instance as their third argument:
- ->(message, callstack, deprecator) { ... }
- ->(*args) { ... }
- ->(message, *other_args) { ... }
2-arity and 4-arity callbacks such as the following will continue to behave the same as before:
- ->(message, callstack) { ... }
- ->(message, callstack, deprecation_horizon, gem_name) { ... }
- ->(message, callstack, *deprecation_details) { ... }
Jonathan Hefner

ActiveSupport::Deprecation#disallowed_warnings now affects the instance on which it is configured.

This means that individual ActiveSupport::Deprecation instances can be configured with their own disallowed warnings, and the global ActiveSupport::Deprecation.disallowed_warnings now only affects the global ActiveSupport::Deprecation.warn.

Before

ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
deprecator.disallowed_warnings = ["bar"]

ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
deprecator.warn("foo")                 # => raise ActiveSupport::DeprecationException
deprecator.warn("bar")                 # => print "DEPRECATION WARNING: bar"

After

ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
deprecator.disallowed_warnings = ["bar"]

ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
deprecator.warn("foo")                 # => print "DEPRECATION WARNING: foo"
deprecator.warn("bar")                 # => raise ActiveSupport::DeprecationException

Note that global ActiveSupport::Deprecation methods such as ActiveSupport::Deprecation.warn and ActiveSupport::Deprecation.disallowed_warnings have been deprecated.

Jonathan Hefner

Add italic and underline support to ActiveSupport::LogSubscriber#color

Previously, only bold text was supported via a positional argument. This allows for bold, italic, and underline options to be specified for colored logs.
```
info color("Hello world!", :red, bold: true, underline: true)
```
Gannon McGibbon
Add String#downcase_first method.

This method is the corollary of String#upcase_first.

Mark Schneider
thread_mattr_accessor will call .dup.freeze on non-frozen default values.

This provides a basic level of protection against different threads trying to mutate a shared default object.

Jonathan Hefner
Add raise_on_invalid_cache_expiration_time config to ActiveSupport::Cache::Store

Specifies if an ArgumentError should be raised if Rails.cache fetch or write are given an invalid expires_at or expires_in time.

Options are true, and false. If false, the exception will be reported as handled and logged instead. Defaults to true if config.load_defaults >= 7.1.

Trevor Turk
ActiveSupport::Cache:Store#fetch now passes an options accessor to the block.

It makes possible to override cache options:
```
Rails.cache.fetch("3rd-party-token") do |name, options|
  token = fetch_token_from_remote
```

set cache's TTL to match token's TTL

      options.expires_in = token.expires_in
      token
    end

*Andrii Gladkyi*, *Jean Boussier*

default option of thread_mattr_accessor now applies through inheritance and also across new threads.

Previously, the default value provided was set only at the moment of defining the attribute writer, which would cause the attribute to be uninitialized in descendants and in other threads.

Fixes #43312.

Thierry Deo
Redis cache store is now compatible with redis-rb 5.0.

Jean Boussier
Add skip_nil: support to ActiveSupport::Cache::Store#fetch_multi.

Daniel Alfaro
Add quarter method to date/time

Matt Swanson
Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

ActiveSupport::Deprecation.behavior= was supposed to accept any object that responds to call, but in fact its internal implementation assumed that this object could respond to arity, so it was restricted to only Proc objects.

This change removes this arity restriction of custom behaviors.

Ryo Nakamura
Support :url_safe option for MessageEncryptor.

The MessageEncryptor constructor now accepts a :url_safe option, similar to the MessageVerifier constructor. When enabled, this option ensures that messages use a URL-safe encoding.

Jonathan Hefner
Add url_safe option to ActiveSupport::MessageVerifier initializer

ActiveSupport::MessageVerifier.new now takes optional url_safe argument. It can generate URL-safe strings by passing url_safe: true.
```
verifier = ActiveSupport::MessageVerifier.new(url_safe: true)
message = verifier.generate(data) # => URL-safe string
```
This option is false by default to be backwards compatible.

Shouichi Kamiya
Enable connection pooling by default for MemCacheStore and RedisCacheStore.

If you want to disable connection pooling, set :pool option to false when configuring the cache store:
```
config.cache_store = :mem_cache_store, "cache.example.com", pool: false
```
fatkodima
Add force: support to ActiveSupport::Cache::Store#fetch_multi.

fatkodima
Deprecated :pool_size and :pool_timeout options for configuring connection pooling in cache stores.

Use pool: true to enable pooling with default settings:
```
config.cache_store = :redis_cache_store, pool: true
```
Or pass individual options via :pool option:
```
config.cache_store = :redis_cache_store, pool: { size: 10, timeout: 2 }
```
fatkodima
Allow #increment and #decrement methods of ActiveSupport::Cache::Store subclasses to set new values.

Previously incrementing or decrementing an unset key would fail and return nil. A default will now be assumed and the key will be created.

Andrej Blagojević, Eugene Kenny
Add skip_nil: support to RedisCacheStore

Joey Paris
ActiveSupport::Cache::MemoryStore#write(name, val, unless_exist:true) now correctly writes expired keys.

Alan Savage
ActiveSupport::ErrorReporter now accepts and forward a source: parameter.

This allow libraries to signal the origin of the errors, and reporters to easily ignore some sources.

Jean Boussier
Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

Álvaro Martín Fraguas
Respect ActiveSupport::Logger.new's :formatter keyword argument

The stdlib Logger::new allows passing a :formatter keyword argument to set the logger's formatter. Previously ActiveSupport::Logger.new ignored that argument by always setting the formatter to an instance of ActiveSupport::Logger::SimpleFormatter.

Steven Harman
Deprecate preserving the pre-Ruby 2.4 behavior of to_time

With Ruby 2.4+ the default for +to_time+ changed from converting to the local system time to preserving the offset of the receiver. At the time Rails supported older versions of Ruby so a compatibility layer was added to assist in the migration process. From Rails 5.0 new applications have defaulted to the Ruby 2.4+ behavior and since Rails 7.0 now only supports Ruby 2.7+ this compatibility layer can be safely removed.

To minimize any noise generated the deprecation warning only appears when the setting is configured to false as that is the only scenario where the removal of the compatibility layer has any effect.

Andrew White
Pathname.blank? only returns true for Pathname.new("")

Previously it would end up calling Pathname#empty? which returned true if the path existed and was an empty directory or file.

That behavior was unlikely to be expected.

Jean Boussier
Deprecate Notification::Event's #children and #parent_of?

John Hawthorn
Change the default serializer of ActiveSupport::MessageVerifier from Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

Messages serialized with Marshal can still be read, but new messages will be serialized with ActiveSupport::JSON. For more information, see https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

Saba Kiaei, David Buckley, and Jonathan Hefner
Change the default serializer of ActiveSupport::MessageEncryptor from Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

Messages serialized with Marshal can still be read, but new messages will be serialized with ActiveSupport::JSON. For more information, see https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

Zack Deveau, Martin Gingras, and Jonathan Hefner
Add ActiveSupport::TestCase#stub_const to stub a constant for the duration of a yield.

DHH
Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

Stephen Sugden
Improve File.atomic_write error handling

Daniel Pepper
Fix Class#descendants and DescendantsTracker#descendants compatibility with Ruby 3.1.

The native Class#descendants was reverted prior to Ruby 3.1 release, but Class#subclasses was kept, breaking the feature detection.

Jean Boussier

Active Model

Remove change in the typography of user facing error messages. For example, “can’t be blank” is again “can't be blank”.

Rafael Mendonça França
Support composite identifiers in to_key

to_key avoids wrapping #id value into an Array if #id already an array

Nikita Vasilevsky
Add ActiveModel::Conversion.param_delimiter to configure delimiter being used in to_param

Nikita Vasilevsky
undefine_attribute_methods undefines alias attribute methods along with attribute methods.

Nikita Vasilevsky
Error.full_message now strips ":base" from the message.

zzak
Add a load hook for ActiveModel::Model (named active_model) to match the load hook for ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Lewis Buckley
Improve password length validation in ActiveModel::SecurePassword to consider byte size for BCrypt compatibility.

The previous password length validation only considered the character count, which may not accurately reflect the 72-byte size limit imposed by BCrypt. This change updates the validation to consider both character count and byte size while keeping the character length validation in place.
```
user = User.new(password: "a" * 73)  # 73 characters
user.valid? # => false
user.errors[:password] # => ["is too long"]

user = User.new(password: "あ" * 25)  # 25 characters, 75 bytes
user.valid? # => false
user.errors[:password] # => ["is too long"]
```
ChatGPT, Guillermo Iguaran
has_secure_password now generates an #{attribute}_salt method that returns the salt used to compute the password digest. The salt will change whenever the password is changed, so it can be used to create single-use password reset tokens with generates_token_for:
```
class User < ActiveRecord::Base
  has_secure_password

  generates_token_for :password_reset, expires_in: 15.minutes do
    password_salt&.last(10)
  end
end
```
Lázaro Nixon
Improve typography of user facing error messages. In English contractions, the Unicode APOSTROPHE (U+0027) is now RIGHT SINGLE QUOTATION MARK (U+2019). For example, "can't be blank" is now "can’t be blank".

Jon Dufresne
Add class to ActiveModel::MissingAttributeError error message.

Show which class is missing the attribute in the error message:
```
user = User.first
user.pets.select(:id).first.user_id
```

=> ActiveModel::MissingAttributeError: missing attribute 'user_id' for Pet

```

*Petrik de Heus*

Raise NoMethodError in ActiveModel::Type::Value#as_json to avoid unpredictable results.

Vasiliy Ermolovich
Custom attribute types that inherit from Active Model built-in types and do not override the serialize method will now benefit from an optimization when serializing attribute values for the database.

For example, with a custom type like the following:
```
class DowncasedString < ActiveModel::Type::String
  def cast(value)
    super&.downcase
  end
end

ActiveRecord::Type.register(:downcased_string, DowncasedString)

class User < ActiveRecord::Base
  attribute :email, :downcased_string
end

user = User.new(email: "FooBar@example.com")
```
Serializing the email attribute for the database will be roughly twice as fast. More expensive cast operations will likely see greater improvements.

Jonathan Hefner
has_secure_password now supports password challenges via a password_challenge accessor and validation.

A password challenge is a safeguard to verify that the current user is actually the password owner. It can be used when changing sensitive model fields, such as the password itself. It is different than a password confirmation, which is used to prevent password typos.

When password_challenge is set, the validation checks that the value's digest matches the currently persisted password_digest (i.e. password_digest_was).

This allows a password challenge to be done as part of a typical update call, just like a password confirmation. It also allows a password challenge error to be handled in the same way as other validation errors.

For example, in the controller, instead of:
```
password_params = params.require(:password).permit(
  :password_challenge,
  :password,
  :password_confirmation,
)

password_challenge = password_params.delete(:password_challenge)
@&#8203;password_challenge_failed = !current_user.authenticate(password_challenge)

if !@&#8203;password_challenge_failed && current_user.update(password_params)
```

...

end
```

You can now write:

```ruby
password_params = params.require(:password).permit(
  :password_challenge,
  :password,
  :password_confirmation,
).with_defaults(password_challenge: "")

if current_user.update(password_params)

...

end
```

And, in the view, instead of checking `@password_challenge_failed`, you can
render an error for the `password_challenge` field just as you would for
other form fields, including utilizing `config.action_view.field_error_proc`.

*Jonathan Hefner*

Support infinite ranges for LengthValidators :in/:within options
```
validates_length_of :first_name, in: ..30
```
fatkodima

Add support for beginless ranges to inclusivity/exclusivity validators:

validates_inclusion_of :birth_date, in: -> { (..Date.today) }

validates_exclusion_of :birth_date, in: -> { (..Date.today) }

Bo Jeanes

Make validators accept lambdas without record argument

Before

validates_comparison_of :birth_date, less_than_or_equal_to: ->(_record) { Date.today }

After

validates_comparison_of :birth_date, less_than_or_equal_to: -> { Date.today }
```

*fatkodima*

Fix casting long strings to Date, Time or DateTime

fatkodima
Use different cache namespace for proxy calls

Models can currently have different attribute bodies for the same method names, leading to conflicts. Adding a new namespace :active_model_proxy fixes the issue.

Chris Salzberg

Active Record

Remove -shm and -wal SQLite files when rails db:drop is run.

Niklas Häusele
Revert the change to raise an ArgumentError when #accepts_nested_attributes_for is declared more than once for an association in the same class.

The reverted behavior broke the case where the #accepts_nested_attributes_for was defined in a concern and where overridden in the class that included the concern.

Rafael Mendonça França

Better naming for unique constraints support.

Naming unique keys leads to misunderstanding it's a short-hand of unique indexes. Just naming it unique constraints is not misleading.

In Rails 7.1.0.beta1 or before:

add_unique_key :sections, [:position], deferrable: :deferred, name: "unique_section_position"
remove_unique_key :sections, name: "unique_section_position"

Now:

add_unique_constraint :sections, [:position], deferrable: :deferred, name: "unique_section_position"
remove_unique_constraint :sections, name: "unique_section_position"

Ryuta Kamizono

Fix duplicate quoting for check constraint expressions in schema dump when using MySQL

A check constraint with an expression, that already contains quotes, lead to an invalid schema dump with the mysql2 adapter.

Fixes #42424.

Felix Tscheulin
Performance tune the SQLite3 adapter connection configuration

For Rails applications, the Write-Ahead-Log in normal syncing mode with a capped journal size, a healthy shared memory buffer and a shared cache will perform, on average, 2× better.

Stephen Margheim
Allow SQLite3 busy_handler to be configured with simple max number of retries

Retrying busy connections without delay is a preferred practice for performance-sensitive applications. Add support for a database.yml retries integer, which is used in a simple busy_handler function to retry busy connections without exponential backoff up to the max number of retries.

Stephen Margheim
The SQLite3 adapter now supports supports_insert_returning?

Implementing the full supports_insert_returning? contract means the SQLite3 adapter supports auto-populated columns (#48241) as well as custom primary keys.

Stephen Margheim
Ensure the SQLite3 adapter handles default functions with the || concatenation operator

Previously, this default function would produce the static string "'Ruby ' || 'on ' || 'Rails'". Now, the adapter will appropriately receive and use "Ruby on Rails".
```
change_column_default "test_models", "ruby_on_rails", -> { "('Ruby ' || 'on ' || 'Rails')" }
```
Stephen Margheim
Dump PostgreSQL schemas as part of the schema dump.

Lachlan Sylvester
Encryption now supports support_unencrypted_data being set per-attribute.

You can now opt out of support_unencrypted_data on a specific encrypted attribute. This only has an effect if ActiveRecord::Encryption.config.support_unencrypted_data == true.
```
class User < ActiveRecord::Base
  encrypts :name, deterministic: true, support_unencrypted_data: false
  encrypts :email, deterministic: true
end
```
Alex Ghiculescu
Add instrumentation for Active Record transactions

Allows subscribing to transaction events for tracking/instrumentation. The event payload contains the connection and the outcome (commit, rollback, restart, incomplete), as well as timing details.
```
ActiveSupport::Notifications.subscribe("transaction.active_record") do |event|
  puts "Transaction event occurred!"
  connection = event.payload[:connection]
  puts "Connection: #{connection.inspect}"
end
```
Daniel Colson, Ian Candy
Support composite foreign keys via migration helpers.

Assuming "carts" table has "(shop_id, user_id)" as a primary key.

add_foreign_key(:orders, :carts, primary_key: [:shop_id, :user_id])

remove_foreign_key(:orders, :carts, primary_key: [:shop_id, :user_id])
foreign_key_exists?(:orders, :carts, primary_key: [:shop_id, :user_id])
```

*fatkodima*

Adds support for if_not_exists when adding a check constraint.

add_check_constraint :posts, "post_type IN ('blog', 'comment', 'share')", if_not_exists: true

Cody Cutrer

Raise an ArgumentError when #accepts_nested_attributes_for is declared more than once for an association in the same class. Previously, the last declaration would silently override the previous one. Overriding in a subclass is still allowed.

Joshua Young
Deprecate rewhere argument on #merge.

The rewhere argument on #mergeis deprecated without replacement and will be removed in Rails 7.2.

Adam Hess

Fix unscope is not working in specific case

Before:

Post.where(id: 1...3).unscope(where: :id).to_sql # "SELECT `posts`.* FROM `posts` WHERE `posts`.`id` >= 1 AND `posts`.`id` < 3"

After:

Post.where(id: 1...3).unscope(where: :id).to_sql # "SELECT `posts`.* FROM `posts`"

Fixes #48094.

Kazuya Hatanaka

Change has_secure_token default to on: :initialize

Change the new default value from on: :create to on: :initialize

Can be controlled by the config.active_record.generate_secure_token_on configuration:
```
config.active_record.generate_secure_token_on = :create
```
Sean Doyle
Fix change_column not setting precision: 6 on datetime columns when using 7.0+ Migrations and SQLite.

Hartley McGuire
Support composite identifiers in to_key

to_key avoids wrapping #id value into an Array if #id already an array

Nikita Vasilevsky

Add validation option for enum

class Contract < ApplicationRecord
  enum :status, %w[in_progress completed], validate: true
end
Contract.new(status: "unknown").valid? # => false
Contract.new(status: nil).valid? # => false
Contract.new(status: "completed").valid? # => true

class Contract < ApplicationRecord
  enum :status, %w[in_progress completed], validate: { allow_nil: true }
end
Contract.new(status: "unknown").valid? # => false
Contract.new(status: nil).valid? # => true
Contract.new(status: "completed").valid? # => true

Edem Topuzov, Ryuta Kamizono

Allow batching methods to use already loaded relation if available

Calling batch methods on already loaded relations will use the records previously loaded instead of retrieving them from the database again.

Adam Hess
Deprecate read_attribute(:id) returning the primary key if the primary key is not :id.

Starting in Rails 7.2, read_attribute(:id) will return the value of the id column, regardless of the model's primary key. To retrieve the value of the primary key, use #id instead. read_attribute(:id) for composite primary key models will now return the value of the id column.

Adrianna Chang
Fix change_table setting datetime precision for 6.1 Migrations

Hartley McGuire
Fix change_column setting datetime precision for 6.1 Migrations

Hartley McGuire
Add ActiveRecord::Base#id_value alias to access the raw value of a record's id column.

This alias is only provided for models that declare an :id column.

Adrianna Chang
Fix previous change tracking for ActiveRecord::Store when using a column with JSON structured database type

Before, the methods to access the changes made during the last save #saved_change_to_key?, #saved_change_to_key, and #key_before_last_save did not work if the store was defined as a store_accessor on a column with a JSON structured database type

Robert DiMartino
Fully support NULLS [NOT] DISTINCT for PostgreSQL 15+ indexes.

Previous work was done to allow the index to be created in a migration, but it was not supported in schema.rb. Additionally, the matching for NULLS [NOT] DISTINCT was not in the correct order, which could have resulted in inconsistent schema detection.

Gregory Jones
Allow escaping of literal colon characters in sanitize_sql_* methods when named bind variables are used

Justin Bull
Fix #previously_new_record? to return true for destroyed records.

Before, if a record was created and then destroyed, #previously_new_record? would return true. Now, any UPDATE or DELETE to a record is considered a change, and will result in #previously_new_record? returning false.

Adrianna Chang

Specify callback in has_secure_token

class User < ApplicationRecord
  has_secure_token on: :initialize
end

User.new.token # => "abc123...."

Sean Doyle

Fix incrementation of in memory counter caches when associations overlap

When two associations had a similarly named counter cache column, Active Record could sometime increment the wrong one.

Jacopo Beschi, Jean Boussier

Don't show secrets for Active Record's Cipher::Aes256Gcm#inspect.

Before:

ActiveRecord::Encryption::Cipher::Aes256Gcm.new(secret).inspect
"#<ActiveRecord::Encryption::Cipher::Aes256Gcm:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

After:

ActiveRecord::Encryption::Cipher::Aes256Gcm(secret).inspect
"#<ActiveRecord::Encryption::Cipher::Aes256Gcm:0x0000000104888038>"

Petrik de Heus

Bring back the historical behavior of committing transaction on non-local return.
```
Model.transaction do
  model.save
  return
  other_model.save # not executed
end
```
Historically only raised errors would trigger a rollback, but in Ruby 2.3, the timeout library started using throw to interrupt execution which had the adverse effect of committing open transactions.

To solve this, in Active Record 6.1 the behavior was changed to instead rollback the transaction as it was safer than to potentially commit an incomplete transaction.

Using return, break or throw inside a transaction block was essentially deprecated from Rails 6.1 onwards.

However with the release of timeout 0.4.0, Timeout.timeout now raises an error again, and Active Record is able to return to its original, less surprising, behavior.

This historical behavior can now be opt-ed in via:
```
Rails.application.config.active_record.commit_transaction_on_non_local_return = true
```
And is the default for new applications created in Rails 7.1.

Jean Boussier
Deprecate name argument on #remove_connection.

The name argument is deprecated on #remove_connection without replacement. #remove_connection should be called directly on the class that established the connection.

Eileen M. Uchitelle
Fix has_one through singular building with inverse.

Allows building of records from an association with a has_one through a singular association with inverse. For belongs_to through associations, linking the foreign key to the primary key model isn't needed. For has_one, we cannot build records due to the association not being mutable.

Gannon McGibbon
Disable database prepared statements when query logs are enabled

Prepared Statements and Query Logs are incompatible features due to query logs making every query unique.

zzak, Jean Boussier
Support decrypting data encrypted non-deterministically with a SHA1 hash digest.

This adds a new Active Record encryption option to support decrypting data encrypted non-deterministically with a SHA1 hash digest:
```
Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = true
```
The new option addresses a problem when upgrading from 7.0 to 7.1. Due to a bug in how Active Record Encryption was getting initialized, the key provider used for non-deterministic encryption were using SHA-1 as its digest class, instead of the one configured globally by Rails via Rails.application.config.active_support.key_generator_hash_digest_class.

Cadu Ribeiro and Jorge Manrubia

Added PostgreSQL migration commands for enum rename, add value, and rename value.

rename_enum and rename_enum_value are reversible. Due to Postgres limitation, add_enum_value is not reversible since you cannot delete enum values. As an alternative you should drop and recreate the enum entirely.

rename_enum :article_status, to: :article_state

add_enum_value :article_state, "archived" # will be at the end of existing values
add_enum_value :article_state, "in review", before: "published"
add_enum_value :article_state, "approved", after: "in review"

rename_enum_value :article_state, from: "archived", to: "deleted"

Ray Faddis

Allow composite primary key to be derived from schema

Booting an application with a schema that contains composite primary keys will not issue warning and won't nilify the ActiveRecord::Base#primary_key value anymore.

Given a travel_routes table definition and a TravelRoute model like:
```
create_table :travel_routes, primary_key: [:origin, :destination], force: true do |t|
  t.string :origin
  t.string :destination
end

class TravelRoute < ActiveRecord::Base; end
```
The TravelRoute.primary_key value will be automatically derived to ["origin", "destination"]

Nikita Vasilevsky
Include the connection_pool with exceptions raised from an adapter.

The connection_pool provides added context such as the connection used that led to the exception as well as which role and shard.

Luan Vieira
Support multiple column ordering for find_each, find_in_batches and in_batches.

When find_each/find_in_batches/in_batches are performed on a table with composite primary keys, ascending or descending order can be selected for each key.
```
Person.find_each(order: [:desc, :asc]) do |person|
  person.party_all_night!
end
```
Takuya Kurimoto

Fix where on association with has_one/has_many polymorphic relations.

Before:

Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates")

Later:

Treasure.where(price_estimates: PriceEstimate.all)
#=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates" WHERE "price_estimates"."estimate_of_type" = 'Treasure')

Lázaro Nixon

Assign auto populated columns on Active Record record creation.

Changes record creation logic to allow for the auto_increment column to be assigned immediately after creation regardless of it's relation to the model's primary key.

The PostgreSQL adapter benefits the most from the change allowing for any number of auto-populated columns to be assigned on the object immediately after row insertion utilizing the RETURNING statement.

Nikita Vasilevsky
Use the first key in the shards hash from connected_to for the default_shard.

Some applications may not want to use :default as a shard name in their connection model. Unfortunately Active Record expects there to be a :default shard because it must assume a shard to get the right connection from the pool manager. Rather than force applications to manually set this, connects_to can infer the default shard name from the hash of shards and will now assume that the first shard is your default.

For example if your model looked like this:
```
class ShardRecord < ApplicationRecord
  self.abstract_class = true

  connects_to shards: {
    shard_one: { writing: :shard_one },
    shard_two: { writing: :shard_two }
  }
```
Then the default_shard for this class would be set to shard_one.

Fixes: #45390

Eileen M. Uchitelle
Fix mutation detection for serialized attributes backed by binary columns.

Jean Boussier
Add ActiveRecord.disconnect_all! method to immediately close all connections from all pools.

Jean Boussier
Discard connections which may have been left in a transaction.

There are cases where, due to an error, within_new_transaction may unexpectedly leave a connection in an open transaction. In these cases the connection may be reused, and the following may occur:
- Writes appear to fail when they actually succeed.
- Writes appear to succeed when they actually fail.
- Reads return stale or uncommitted data.
Previously, the following case was detected:
- An error is encountered during the transaction, then another error is encountered while attempting to roll it back.
Now, the following additional cases are detected:
- An error is encountered just after successfully beginning a transaction.
- An error is encountered while committing a transaction, then another error is encountered while attempting to roll it back.
- An error is encountered while rolling back a transaction.
Nick Dower
Active Record query cache now evicts least recently used entries

By default it only keeps the 100 most recently used queries.

The cache size can be configured via database.yml
```
development:
  adapter: mysql2
  query_cache: 200
```
It can also be entirely disabled:
```
development:
  adapter: mysql2
  query_cache: false
```
Jean Boussier
Deprecate check_pending! in favor of check_all_pending!.

check_pending! will only check for pending migrations on the current database connection or the one passed in. This has been deprecated in favor of check_all_pending! which will find all pending migrations for the database configurations in a given environment.

Eileen M. Uchitelle
Make increment_counter/decrement_counter accept an amount argument
```
Post.increment_counter(:comments_count, 5, by: 3)
```
fatkodima
Add support for Array#intersect? to ActiveRecord::Relation.

Array#intersect? is only available on Ruby 3.1 or later.

This allows the Rubocop Style/ArrayIntersect cop to work with ActiveRecord::Relation objects.

John Harry Kelly
The deferrable foreign key can be passed to t.references.

Hiroyuki Ishii
Deprecate deferrable: true option of add_foreign_key.

deferrable: true is deprecated in favor of deferrable: :immediate, and will be removed in Rails 7.2.

Because deferrable: true and deferrable: :deferred are hard to understand. Both true and :deferred are truthy values. This behavior is the same as the deferrable option of the add_unique_key method, added in #46192.

Hiroyuki Ishii
AbstractAdapter#execute and #exec_query now clear the query cache

If you need to perform a read only SQL query without clearing the query cache, use AbstractAdapter#select_all.

Jean Boussier

Make .joins / .left_outer_joins work with CTEs.

For example:

Post
 .with(commented_posts: Comment.select(:post_id).distinct)
 .joins(:commented_posts)
#=> WITH (...) SELECT ... INNER JOIN commented_posts on posts.id = commented_posts.post_id

Vladimir Dementyev

Add a load hook for ActiveRecord::ConnectionAdapters::Mysql2Adapter (named active_record_mysql2adapter) to allow for overriding aspects of the ActiveRecord::ConnectionAdapters::Mysql2Adapter class. This makes Mysql2Adapter consistent with PostgreSQLAdapter and SQLite3Adapter that already have load hooks.

fatkodima
Introduce adapter for Trilogy database client

Trilogy is a MySQL-compatible database client. Rails applications can use Trilogy by configuring their config/database.yml:
```
development:
adapter: trilogy
database: blog_development
pool: 5
```
Or by using the DATABASE_URL environment variable:
```
ENV['DATABASE_URL'] # => "trilogy://localhost/blog_development?pool=5"
```
Adrianna Chang

after_commit callbacks defined on models now execute in the correct order.

class User < ActiveRecord::Base
  after_commit { puts("this gets called first") }
  after_commit { puts("this gets called second") }
end

Previously, the callbacks executed in the reverse order. To opt in to the new behaviour:

config.active_record.run_after_transaction_callbacks_in_order_defined = true

This is the default for new apps.

Alex Ghiculescu

Infer foreign_key when inverse_of is present on has_one and has_many associations.
```
has_many :citations, foreign_key: "book1_id", inverse_of: :book
```
can be simplified to
```
has_many :citations, inverse_of: :book
```
and the foreign_key will be read from the corresponding belongs_to association.

Daniel Whitney
Limit max length of auto generated index names

Auto generated index names are now limited to 62 bytes, which fits within the default index name length limits for MySQL, Postgres and SQLite.

Any index name over the limit will fallback to the new short format.

Before (too long):
```
index_testings_on_foo_and_bar_and_first_name_and_last_name_and_administrator
```
After (short format):
```
idx_on_foo_bar_first_name_last_name_administrator_5939248142
```
The short format includes a hash to ensure the name is unique database-wide.

Mike Coutermarsh
Introduce a more stable and optimized Marshal serializer for Active Record models.

Can be enabled with config.active_record.marshalling_format_version = 7.1.

Jean Boussier
Allow specifying where clauses with column-tuple syntax.

Querying through #where now accepts a new tuple-syntax which accepts, as a key, an array of columns and, as a value, an array of corresponding tuples. The key specifies a list of columns, while the value is an array of ordered-tuples that conform to the column list.

For instance:

Cpk::Book => Cpk::Book(author_id: integer, number: integer, title: string, revision: integer)

Cpk::Book.primary_key => ["author_id", "number"]

book = Cpk::Book.create!(author_id: 1, number: 1)
Cpk::Book.where(Cpk::Book.primary_key => [[1, 2]]) # => [book]

Topic => Topic(id: integer, title: string, author_name: string...)

Topic.where([:title, :author_name] => [["The Alchemist", "Paulo Coelho"], ["Harry Potter", "J.K Rowling"]])
```

*Paarth Madan*

Allow warning codes to be ignore when reporting SQL warnings.

Active Record config that can ignore warning codes

Configure allowlist of warnings that should always be ignored

config.active_record.db_warnings_ignore = [
  "1062", # MySQL Error 1062: Duplicate entry
]
```

This is supported for the MySQL and PostgreSQL adapters.

*Nick Borromeo*

Introduce :active_record_fixtures lazy load hook.

Hooks defined with this name will be run whenever TestFixtures is included in a class.

ActiveSupport.on_load(:active_record_fixtures) do
  self.fixture_paths << "test/fixtures"
end

klass = Class.new
klass.include(ActiveRecord::TestFixtures)

klass.fixture_paths # => ["test/fixtures"]

Andrew Novoselac

Introduce TestFixtures#fixture_paths.

Multiple fixture paths can now be specified using the #fixture_paths accessor. Apps will continue to have test/fixtures as their one fixture path by default, but additional fixture paths can be specified.
```
ActiveSupport::TestCase.fixture_paths << "component1/test/fixtures"
ActiveSupport::TestCase.fixture_paths << "component2/test/fixtures"
```
TestFixtures#fixture_path is now deprecated.

Andrew Novoselac
Adds support for deferrable exclude constraints in PostgreSQL.

By default, exclude constraints in PostgreSQL are checked after each statement. This works for most use cases, but becomes a major limitation when replacing records with overlapping ranges by using multiple statements.
```
exclusion_constraint :users, "daterange(valid_from, valid_to) WITH &&", deferrable: :immediate
```
Passing deferrable: :immediate checks constraint after each statement, but allows manually deferring the check using SET CONSTRAINTS ALL DEFERRED within a transaction. This will cause the excludes to be checked after the transaction.

It's also possible to change the default behavior from an immediate check (after the statement), to a deferred check (after the transaction):
```
exclusion_constraint :users, "daterange(valid_from, valid_to) WITH &&", deferrable: :deferred
```
Hiroyuki Ishii
Respect foreign_type option to delegated_type for {role}_class method.

Usage of delegated_type with non-conventional {role}_type column names can now be specified with foreign_type option. This option is the same as foreign_type as forwarded to the underlying belongs_to association that delegated_type wraps.

Jason Karns
Add support for unique constraints (PostgreSQL-only).
```
add_unique_key :sections, [:position], deferrable: :deferred, name: "unique_section_position"
remove_unique_key :sections, name: "unique_section_position"
```
See PostgreSQL's Unique Constraints documentation for more on unique constraints.

By default, unique constraints in PostgreSQL are checked after each statement. This works for most use cases, but becomes a major limitation when replacing records with unique column by using multiple statements.

An example of swapping unique columns between records.

position is unique column

old_item = Item.create!(position: 1)
new_item = Item.create!(position: 2)

Item.transaction do
  old_item.update!(position: 2)
  new_item.update!(position: 1)
end
```

Using the default behavior, the transaction would fail when executing the
first `UPDATE` statement.

By passing the `:deferrable` option to the `add_unique_key` statement in
migrations, it's possible to defer this check.

```ruby
add_unique_key :items, [:position], deferrable: :immediate
```

Passing `deferrable: :immediate` does not change the behaviour of the previous example,
but allows manually deferring the check using `SET CONSTRAINTS ALL DEFERRED` within a transaction.
This will cause the unique constraints to be checked after the transaction.

It's also possible to adjust the default behavior from an immediate
check (after the statement), to a deferred check (after the transaction):

```ruby
add_unique_key :items, [:position], deferrable: :deferred
```

If you want to change an existing unique index to deferrable, you can use :using_index
to create deferrable unique constraints.

```ruby
add_unique_key :items, deferrable: :deferred, using_index: "index_items_on_position"
```

*Hiroyuki Ishii*

Remove deprecated Tasks::DatabaseTasks.schema_file_type.

Rafael Mendonça França
Remove deprecated config.active_record.partial_writes.

Rafael Mendonça França
Remove deprecated ActiveRecord::Base config accessors.

Rafael Mendonça França
Remove the :include_replicas argument from configs_for. Use :include_hidden argument instead.

Eileen M. Uchitelle
Allow applications to lookup a config via a custom hash key.

If you have registered a custom config or want to find configs where the hash matches a specific key, now you can pass config_key to configs_for. For example if you have a db_config with the key vitess you can look up a database configuration hash by matching that key.
```
ActiveRecord::Base.configurations.configs_for(env_name: "development", name: "primary", config_key: :vitess)
ActiveRecord::Base.configurations.configs_for(env_name: "development", config_key: :vitess)
```
Eileen M. Uchitelle
Allow applications to register a custom database configuration handler.

Adds a mechanism for registering a custom handler for cases where you want database configurations to respond to custom methods. This is useful for non-Rails database adapters or tools like Vitess that you may want to configure differently from a standard HashConfig or UrlConfig.

Given the following database YAML we want the animals db to create a CustomConfig object instead while the primary database will be a UrlConfig:
```
development:
  primary:
    url: postgres://localhost/primary
  animals:
    url: postgres://localhost/animals
    custom_config:
      sharded: 1
```
To register a custom handler first make a class that has your custom methods:
```
class CustomConfig < ActiveRecord::DatabaseConfigurations::UrlConfig
  def sharded?
    custom_config.fetch("sharded", false)
  end

  private
    def custom_config
      configuration_hash.fetch(:custom_config)
    end
end
```
Then register the config in an initializer:
```
ActiveRecord::DatabaseConfigurations.register_db_config_handler do |env_name, name, url, config|
  next unless config.key?(:custom_config)
  CustomConfig.new(env_name, name, url, config)
end
```
When the application is booted, configuration hashes with the :custom_config key will be CustomConfig objects and respond to sharded?. Applications must handle the condition in which Active Record should use their custom handler.

Eileen M. Uchitelle and John Crepezzi
ActiveRecord::Base.serialize no longer uses YAML by default.

YAML isn't particularly performant and can lead to security issues if not used carefully.

Unfortunately there isn't really any good serializers in Ruby's stdlib to replace it.

The obvious choice would be JSON, which is a fine format for this use case, however the JSON serializer in Ruby's stdlib isn't strict enough, as it fallback to casting unknown types to strings, which could lead to corrupted data.

Some third party JSON libraries like Oj have a suitable strict mode.

So it's preferable that users choose a serializer based on their own constraints.

The original default can be restored by setting config.active_record.default_column_serializer = YAML.

Jean Boussier
ActiveRecord::Base.serialize signature changed.

Rather than a single positional argument that accepts two possible types of values, serialize now accepts two distinct keyword arguments.

Before:
```
serialize :content, JSON
serialize :backtrace, Array
```
After:
```
serialize :content, coder: JSON
serialize :backtrace, type: Array
```
Jean Boussier
YAML columns use YAML.safe_dump if available.

As of psych 5.1.0, YAML.safe_dump can now apply the same permitted types restrictions than YAML.safe_load.

It's preferable to ensure the payload only use allowed types when we first try to serialize it, otherwise you may end up with invalid records in the database.

Jean Boussier
ActiveRecord::QueryLogs better handle broken encoding.

It's not uncommon when building queries with BLOB fields to contain binary data. Unless the call carefully encode the string in ASCII-8BIT it generally end up being encoded in UTF-8, and QueryLogs would end up failing on it.

ActiveRecord::QueryLogs no longer depend on the query to be properly encoded.

Jean Boussier
Fix a bug where ActiveRecord::Generators::ModelGenerator would not respect create_table_migration template overrides.
```
rails g model create_books title:string content:text
```
will now read from the create_table_migration.rb.tt template in the following locations in order:
```
lib/templates/active_record/model/create_table_migration.rb
lib/templates/active_record/migration/create_table_migration.rb
```
Spencer Neste
ActiveRecord::Relation#explain now accepts options.

For databases and adapters which support them (currently PostgreSQL and MySQL), options can be passed to explain to provide more detailed query plan analysis:
```
Customer.where(id: 1).joins(:orders).explain(:analyze, :verbose)
```
Reid Lynch
Multiple Arel::Nodes::SqlLiteral nodes can now be added together to form Arel::Nodes::Fragments nodes. This allows joining several pieces of SQL.

Matthew Draper, Ole Friis
ActiveRecord::Base#signed_id raises if called on a new record.

Previously it would return an ID that was not usable, since it was based on id = nil.

Alex Ghiculescu
Allow SQL warnings to be reported.

Active Record configs can be set to enable SQL warning reporting.

Configure action to take when SQL query produces warning

config.active_record.db_warnings_action = :raise

Configure allowlist of warnings that should always be ignored

config.active_record.db_warnings_ignore = [
  /Invalid utf8mb4 character string/,
  "An exact warning message",
]
```

This is supported for the MySQL and PostgreSQL adapters.

*Adrianna Chang*, *Paarth Madan*

Add #regroup query method as a short-hand for .unscope(:group).group(fields)

Example:
```
Post.group(:title).regroup(:author)
```

SELECT `posts`.`*` FROM `posts` GROUP BY `posts`.`author`

```

*Danielius Visockas*

PostgreSQL adapter method enable_extension now allows parameter to be [schema_name.]<extension_name> if the extension must be installed on another schema.

Example: enable_extension('heroku_ext.hstore')

Leonardo Luarte
Add :include option to add_index.

Add support for including non-key columns in indexes for PostgreSQL with the INCLUDE parameter.
```
add_index(:users, :email, include: [:id, :created_at])
```
will result in:
```
CREATE INDEX index_users_on_email USING btree (email) INCLUDE (id, created_at)
```
Steve Abrams
ActiveRecord::Relation’s #any?, #none?, and #one? methods take an optional pattern argument, more closely matching their Enumerable equivalents.

George Claghorn

Add ActiveRecord::Base.normalizes for declaring attribute normalizations.

An attribute normalization is applied when the attribute is assigned or updated, and the normalized value will be persisted to the database. The normalization is also applied to the corresponding keyword argument of query methods, allowing records to be queried using unnormalized values.

For example:

class User < ActiveRecord::Base
  normalizes :email, with: -> email { email.strip.downcase }
  normalizes :phone, with: -> phone { phone.delete("^0-9").delete_prefix("1") }
end

user = User.create(email: " CRUISE-CONTROL@EXAMPLE.COM\n")
user.email                  # => "cruise-control@example.com"

user = User.find_by(email: "\tCRUISE-CONTROL@EXAMPLE.COM ")
user.email                  # => "cruise-control@example.com"
user.email_before_type_cast # => "cruise-control@example.com"

User.where(email: "\tCRUISE-CONTROL@EXAMPLE.COM ").count         # => 1
User.where(["email = ?", "\tCRUISE-CONTROL@EXAMPLE.COM "]).count # => 0

User.exists?(email: "\tCRUISE-CONTROL@EXAMPLE.COM ")         # => true
User.exists?(["email = ?", "\tCRUISE-CONTROL@EXAMPLE.COM "]) # => false

User.normalize_value_for(:phone, "+1 (555) 867-5309") # => "5558675309"

Jonathan Hefner

Hide changes to before_committed! callback behaviour behind flag.

In #46525, behavior around before_committed! callbacks was changed so that callbacks would run on every enrolled record in a transaction, not just the first copy of a record. This change in behavior is now controlled by a configuration option, config.active_record.before_committed_on_all_records. It will be enabled by default on Rails 7.1.

Adrianna Chang
The namespaced_controller Query Log tag now matches the controller format

For example, a request processed by NameSpaced::UsersController will now log as:
```
:controller # "users"
:namespaced_controller # "name_spaced/users"
```
Alex Ghiculescu
Return only unique ids from ActiveRecord::Calculations#ids

Updated ActiveRecord::Calculations#ids to only return the unique ids of the base model when using eager_load, preload and includes.
```
Post.find_by(id: 1).comments.count
```

=> 5

Post.includes(:comments).where(id: 1).pluck(:id)

=> [1, 1, 1, 1, 1]

Post.includes(:comments).where(id: 1).ids

=> [1]

```

*Joshua Young*

Stop using LOWER() for case-insensitive queries on citext columns

Previously, LOWER() was added for e.g. uniqueness validations with case_sensitive: false. It wasn't mentioned in the documentation that the index without LOWER() wouldn't be used in this case.

Phil Pirozhkov
Extract #sync_timezone_changes method in AbstractMysqlAdapter to enable subclasses to sync database timezone changes without overriding #raw_execute.

Adrianna Chang, Paarth Madan
Do not write additional new lines when dumping sql migration versions

This change updates the insert_versions_sql function so that the database insert string containing the current database migration versions does not end with two additional new lines.

Misha Schwartz
Fix composed_of value freezing and duplication.

Previously composite values exhibited two confusing behaviors:
- When reading a compositve value it'd NOT be frozen, allowing it to get out of sync with its underlying database columns.
- When writing a compositve value the argument would be frozen, potentially confusing the caller.
Currently, composite values instantiated based on database columns are frozen (addressing the first issue) and assigned compositve values are duplicated and the duplicate is frozen (addressing the second issue).

Greg Navis
Fix redundant updates to the column insensitivity cache

Fixed redundant queries checking column capability for insensitive comparison.

Phil Pirozhkov
Allow disabling methods generated by ActiveRecord.enum.

Alfred Dominic
Avoid validating belongs_to association if it has not changed.

Previously, when updating a record, Active Record will perform an extra query to check for the presence of belongs_to associations (if the presence is configured to be mandatory), even if that attribute hasn't changed.

Currently, only belongs_to-related columns are checked for presence. It is possible to have orphaned records with this approach. To avoid this problem, you need to use a foreign key.

This behavior can be controlled by configuration:
```
config.active_record.belongs_to_required_validates_foreign_key = false
```
and will be disabled by default with config.load_defaults 7.1.

fatkodima
has_one and belongs_to associations now define a reset_association method on the owner model (where association is the name of the association). This method unloads the cached associate record, if any, and causes the next access to query it from the database.

George Claghorn
Allow per attribute setting of YAML permitted classes (safe load) and unsafe load.

Carlos Palhares
Add a build persistence method

Provides a wrapper for new, to provide feature parity with creates ability to create multiple records from an array of hashes, using the same notation as the build method on associations.

Sean Denny

Raise on assignment to readonly attributes

class Post < ActiveRecord::Base
  attr_readonly :content
end
Post.create!(content: "cannot be updated")
post.content # "cannot be updated"
post.content = "something else" # => ActiveRecord::ReadonlyAttributeError

Previously, assignment would succeed but silently not write to the database.

This behavior can be controlled by configuration:

config.active_record.raise_on_assign_to_attr_readonly = true

and will be enabled by default with config.load_defaults 7.1.

Alex Ghiculescu, Hartley McGuire

Allow unscoping of preload and eager_load associations

Added the ability to unscope preload and eager_load associations just like includes, joins, etc. See ActiveRecord::QueryMethods::VALID_UNSCOPING_VALUES for the full list of supported unscopable scopes.
```
query.unscope(:eager_load, :preload).group(:id).select(:id)
```
David Morehouse
Add automatic filtering of encrypted attributes on inspect

This feature is enabled by default but can be disabled with
```
config.active_record.encryption.add_to_filter_parameters = false
```
Hartley McGuire
Clear locking column on #dup

This change fixes not to duplicate locking_column like id and timestamps.
```
car = Car.create!
car.touch
car.lock_version #=> 1
car.dup.lock_version #=> 0
```
Shouichi Kamiya, Seonggi Yang, Ryohei UEDA
Invalidate transaction as early as possible

After rescuing a TransactionRollbackError exception Rails invalidates transactions earlier in the flow allowing the framework to skip issuing the ROLLBACK statement in more cases. Only affects adapters that have savepoint_errors_invalidate_transactions? configured as true, which at this point is only applicable to the mysql2 adapter.

Nikita Vasilevsky
Allow configuring columns list to be used in SQL queries issued by an ActiveRecord::Base object

It is now possible to configure columns list that will be used to build an SQL query clauses when updating, deleting or reloading an ActiveRecord::Base object
```
class Developer < ActiveRecord::Base
  query_constraints :company_id, :id
end
developer = Developer.first.update(name: "Bob")
```

=> UPDATE "developers" SET "name" = 'Bob' WHERE "developers"."company_id" = 1 AND "developers"."id" = 1

```

*Nikita Vasilevsky*

Adds validate to foreign keys and check constraints in schema.rb

Previously, schema.rb would not record if validate: false had been used when adding a foreign key or check constraint, so restoring a database from the schema could result in foreign keys or check constraints being incorrectly validated.

Tommy Graves
Adapter #execute methods now accept an allow_retry option. When set to true, the SQL statement will be retried, up to the database's configured connection_retries value, upon encountering connection-related errors.

Adrianna Chang
Only trigger after_commit :destroy callbacks when a database row is deleted.

This prevents after_commit :destroy callbacks from being triggered again when destroy is called multiple times on the same record.

Ben Sheldon
Fix ciphertext_for for yet-to-be-encrypted values.

Previously, ciphertext_for returned the cleartext of values that had not yet been encrypted, such as with an unpersisted record:
```
Post.encrypts :body

post = Post.create!(body: "Hello")
post.ciphertext_for(:body)
```

=> "{"p":"abc..."

  post.body = "World"
  post.ciphertext_for(:body)

=> "World"

  ```

Now, `ciphertext_for` will always return the ciphertext of encrypted
attributes:

  ```ruby
  Post.encrypts :body

  post = Post.create!(body: "Hello")
  post.ciphertext_for(:body)

=> "{"p":"abc..."

  post.body = "World"
  post.ciphertext_for(:body)

=> "{"p":"xyz..."

  ```

*Jonathan Hefner*

Fix a bug where using groups and counts with long table names would return incorrect results.

Shota Toguchi, Yusaku Ono
Fix encryption of column default values.

Previously, encrypted attributes that used column default values appeared to be encrypted on create, but were not:
```
Book.encrypts :name

book = Book.create!
book.name
```

=> ""

  book.name_before_type_cast

=> "{"p":"abc..."

  book.reload.name_before_type_cast

=> ""

  ```

Now, attributes with column default values are encrypted:

  ```ruby
  Book.encrypts :name

  book = Book.create!
  book.name

=> ""

  book.name_before_type_cast

=> "{"p":"abc..."

  book.reload.name_before_type_cast

=> "{"p":"abc..."

  ```

*Jonathan Hefner*

Deprecate delegation from Base to connection_handler.

Calling Base.clear_all_connections!, Base.clear_active_connections!, Base.clear_reloadable_connections! and Base.flush_idle_connections! is deprecated. Please call these methods on the connection handler directly. In future Rails versions, the delegation from Base to the connection_handler will be removed.

Eileen M. Uchitelle
Allow ActiveRecord::QueryMethods#reselect to receive hash values, similar to ActiveRecord::QueryMethods#select

Sampat Badhe
Validate options when managing columns and tables in migrations.

If an invalid option is passed to a migration method like create_table and add_column, an error will be raised instead of the option being silently ignored. Validation of the options will only be applied for new migrations that are created.

Guo Xiang Tan, George Wambold
Update query log tags to use the SQLCommenter format by default. See #46179

To opt out of SQLCommenter-formatted query log tags, set config.active_record.query_log_tags_format = :legacy. By default, this is set to :sqlcommenter.

Modulitos and Iheanyi
Allow any ERB in the database.yml when creating rake tasks.

Any ERB can be used in database.yml even if it accesses environment configurations.

Deprecates config.active_record.suppress_multiple_database_warning.

Eike Send
Add table to error for duplicate column definitions.

If a migration defines duplicate columns for a table, the error message shows which table it concerns.

Petrik de Heus
Fix erroneous nil default precision on virtual datetime columns.

Prior to this change, virtual datetime columns did not have the same default precision as regular datetime columns, resulting in the following being erroneously equivalent:
```
t.virtual :name, type: datetime,                 as: "expression"
t.virtual :name, type: datetime, precision: nil, as: "expression"
```
This change fixes the default precision lookup, so virtual and regular datetime column default precisions match.

Sam Bostock
Use connection from #with_raw_connection in #quote_string.

This ensures that the string quoting is wrapped in the reconnect and retry logic that #with_raw_connection offers.

Adrianna Chang
Add expires_at option to signed_id.

Shouichi Kamiya
Allow applications to set retry deadline for query retries.

Building on the work done in #44576 and #44591, we extend the logic that automatically reconnects database connections to take into account a timeout limit. We won't retry a query if a given amount of time has elapsed since the query was first attempted. This value defaults to nil, meaning that all retryable queries are retried regardless of time elapsed, but this can be changed via the retry_deadline option in the database config.

Adrianna Chang
Fix a case where the query cache can return wrong values. See #46044

Aaron Patterson
Support MySQL's ssl-mode option for MySQLDatabaseTasks.

Verifying the identity of the database server requires setting the ssl-mode option to VERIFY_CA or VERIFY_IDENTITY. This option was previously ignored for MySQL database tasks like creating a database and dumping the structure.

Petrik de Heus
Move ActiveRecord::InternalMetadata to an independent object.

ActiveRecord::InternalMetadata no longer inherits from ActiveRecord::Base and is now an independent object that should be instantiated with a connection. This class is private and should not be used by applications directly. If you want to interact with the schema migrations table, please access it on the connection directly, for example: ActiveRecord::Base.connection.schema_migration.

Eileen M. Uchitelle
Deprecate quoting ActiveSupport::Duration as an integer

Using ActiveSupport::Duration as an interpolated bind parameter in a SQL string template is deprecated. To avoid this warning, you should explicitly convert the duration to a more specific database type. For example, if you want to use a duration as an integer number of seconds:
```
Record.where("duration = ?", 1.hour.to_i)
```
If you want to use a duration as an ISO 8601 string:
```
Record.where("duration = ?", 1.hour.iso8601)
```
Aram Greenman

Allow QueryMethods#in_order_of to order by a string column name.

Post.in_order_of("id", [4,2,3,1]).to_a
Post.joins(:author).in_order_of("authors.name", ["Bob", "Anna", "John"]).to_a

Igor Kasyanchuk

Move ActiveRecord::SchemaMigration to an independent object.

ActiveRecord::SchemaMigration no longer inherits from ActiveRecord::Base and is now an independent object that should be instantiated with a connection. This class is private and should not be used by applications directly. If you want to interact with the schema migrations table, please access it on the connection directly, for example: ActiveRecord::Base.connection.schema_migration.

Eileen M. Uchitelle
Deprecate all_connection_pools and make connection_pool_list more explicit.

Following on #45924 all_connection_pools is now deprecated. connection_pool_list will either take an explicit role or applications can opt into the new behavior by passing :all.

Eileen M. Uchitelle
Fix connection handler methods to operate on all pools.

active_connections?, clear_active_connections!, clear_reloadable_connections!, clear_all_connections!, and flush_idle_connections! now operate on all pools by default. Previously they would default to using the current_role or :writing role unless specified.

Eileen M. Uchitelle

Allow ActiveRecord::QueryMethods#select to receive hash values.

Currently, select might receive only raw sql and symbols to define columns and aliases to select.

With this change we can provide hash as argument, for example:

Post.joins(:comments).select(posts: [:id, :title, :created_at], comments: [:id, :body, :author_id])
#=> "SELECT \"posts\".\"id\", \"posts\".\"title\", \"posts\".\"created_at\", \"comments\".\"id\", \"comments\".\"body\", \"comments\".\"author_id\"

FROM "posts" INNER JOIN "comments" ON "comments"."post_id" = "posts"."id""

Post.joins(:comments).select(posts: { id: :post_id, title: :post_title }, comments: { id: :comment_id, body: :comment_body })
#=> "SELECT posts.id as post_id, posts.title as post_title, comments.id as comment_id, comments.body as comment_body

FROM "posts" INNER JOIN "comments" ON "comments"."post_id" = "posts"."id""

```
*Oleksandr Holubenko*, *Josef Šimánek*, *Jean Boussier*

Adapts virtual attributes on ActiveRecord::Persistence#becomes.

When source and target classes have a different set of attributes adapts attributes such that the extra attributes from target are added.

class Person < ApplicationRecord
end

class WebUser < Person
  attribute :is_admin, :boolean
  after_initialize :set_admin

  def set_admin
    write_attribute(:is_admin, email =~ /@&#8203;ourcompany\.com$/)
  end
end

person = Person.find_by(email: "email@ourcompany.com")
person.respond_to? :is_admin

=> false

person.becomes(WebUser).is_admin?

=> true

```

*Jacopo Beschi*, *Sampson Crowley*

Fix ActiveRecord::QueryMethods#in_order_of to include nils, to match the behavior of Enumerable#in_order_of.

For example, Post.in_order_of(:title, [nil, "foo"]) will now include posts with nil titles, the same as Post.all.to_a.in_order_of(:title, [nil, "foo"]).

fatkodima

Optimize add_timestamps to use a single SQL statement.

add_timestamps :my_table

Now results in the following SQL:

ALTER TABLE "my_table" ADD COLUMN "created_at" datetime(6) NOT NULL, ADD COLUMN "updated_at" datetime(6) NOT NULL

Iliana Hadzhiatanasova

Add drop_enum migration command for PostgreSQL

This does the inverse of create_enum. Before dropping an enum, ensure you have dropped columns that depend on it.

Alex Ghiculescu
Adds support for if_exists option when removing a check constraint.

The remove_check_constraint method now accepts an if_exists option. If set to true an error won't be raised if the check constraint doesn't exist.

Margaret Parsa and Aditya Bhutani
find_or_create_by now try to find a second time if it hits a unicity constraint.

find_or_create_by always has been inherently racy, either creating multiple duplicate records or failing with ActiveRecord::RecordNotUnique depending on whether a proper unicity constraint was set.

create_or_find_by was introduced for this use case, however it's quite wasteful when the record is expected to exist most of the time, as INSERT require to send more data than SELECT and require more work from the database. Also on some databases it can actually consume a primary key increment which is undesirable.

So for case where most of the time the record is expected to exist, find_or_create_by can be made race-condition free by re-trying the find if the create failed with ActiveRecord::RecordNotUnique. This assumes that the table has the proper unicity constraints, if not, find_or_create_by will still lead to duplicated records.

Jean Boussier, Alex Kitchens
Introduce a simpler constructor API for ActiveRecord database adapters.

Previously the adapter had to know how to build a new raw connection to support reconnect, but also expected to be passed an initial already- established connection.

When manually creating an adapter instance, it will now accept a single config hash, and only establish the real connection on demand.

Matthew Draper
Avoid redundant SELECT 1 connection-validation query during DB pool checkout when possible.

If the first query run during a request is known to be idempotent, it can be used directly to validate the connection, saving a network round-trip.

Matthew Draper
Automatically reconnect broken database connections when safe, even mid-request.

When an error occurs while attempting to run a known-idempotent query, and not inside a transaction, it is safe to immediately reconnect to the database server and try again, so this is now the default behavior.

This new default should always be safe -- to support that, it's consciously conservative about which queries are considered idempotent -- but if necessary it can be disabled by setting the connection_retries connection option to 0.

Matthew Draper
Avoid removing a PostgreSQL extension when there are dependent objects.

Previously, removing an extension also implicitly removed dependent objects. Now, this will raise an error.

You can force removing the extension:
```
disable_extension :citext, force: :cascade
```
Fixes #29091.

fatkodima
Allow nested functions as safe SQL string

Michael Siegfried
Allow destroy_association_async_job= to be configured with a class string instead of a constant.

Defers an autoloading dependency between ActiveRecord::Base and ActiveJob::Base and moves the configuration of ActiveRecord::DestroyAssociationAsyncJob from ActiveJob to ActiveRecord.

Deprecates ActiveRecord::ActiveJobRequiredError and now raises a NameError if the job class is unloadable or an ActiveRecord::ConfigurationError if dependent: :destroy_async is declared on an association but there is no job class configured.

Ben Sheldon
Fix ActiveRecord::Store to serialize as a regular Hash

Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess which is wasteful and cause problem with YAML safe_load.

Jean Boussier
Add timestamptz as a time zone aware type for PostgreSQL

This is required for correctly parsing timestamp with time zone values in your database.

If you don't want this, you can opt out by adding this initializer:
```
ActiveRecord::Base.time_zone_aware_types -= [:timestamptz]
```
Alex Ghiculescu
Add new ActiveRecord::Base.generates_token_for API.

Currently, signed_id fulfills the role of generating tokens for e.g. resetting a password. However, signed IDs cannot reflect record state, so if a token is intended to be single-use, it must be tracked in a database at least until it expires.

With generates_token_for, a token can embed data from a record. When using the token to fetch the record, the data from the token and the current data from the record will be compared. If the two do not match, the token will be treated as invalid, the same as if it had expired. For example:
```
class User < ActiveRecord::Base
  has_secure_password

  generates_token_for :password_reset, expires_in: 15.minutes do
```

A password's BCrypt salt changes when the password is updated.

By embedding (part of) the salt in a token, the token will

expire when the password is updated.

    BCrypt::Password.new(password_digest).salt[-10..]
  end
end

user = User.first
token = user.generate_token_for(:password_reset)

User.find_by_token_for(:password_reset, token) # => user

user.update!(password: "new password")
User.find_by_token_for(:password_reset, token) # => nil
```

*Jonathan Hefner*

Optimize Active Record batching for whole table iterations.

Previously, in_batches got all the ids and constructed an IN-based query for each batch. When iterating over the whole tables, this approach is not optimal as it loads unneeded ids and IN queries with lots of items are slow.

Now, whole table iterations use range iteration (id >= x AND id <= y) by default which can make iteration several times faster. E.g., tested on a PostgreSQL table with 10 million records: querying (253s vs 30s), updating (288s vs 124s), deleting (268s vs 83s).

Only whole table iterations use this style of iteration by default. You can disable this behavior by passing use_ranges: false. If you iterate over the table and the only condition is, e.g., archived_at: nil (and only a tiny fraction of the records are archived), it makes sense to opt in to this approach:
```
Project.where(archived_at: nil).in_batches(use_ranges: true) do |relation|
```

do something

end
```

See #&#8203;45414 for more details.

*fatkodima*

.with query method added. Construct common table expressions with ease and get ActiveRecord::Relation back.
```
Post.with(posts_with_comments: Post.where("comments_count > ?", 0))
```

=> ActiveRecord::Relation

WITH posts_with_comments AS (SELECT * FROM posts WHERE (comments_count > 0)) SELECT * FROM posts

```

*Vlado Cingel*

Don't establish a new connection if an identical pool exists already.

Previously, if establish_connection was called on a class that already had an established connection, the existing connection would be removed regardless of whether it was the same config. Now if a pool is found with the same values as the new connection, the existing connection will be returned instead of creating a new one.

This has a slight change in behavior if application code is depending on a new connection being established regardless of whether it's identical to an existing connection. If the old behavior is desirable, applications should call ActiveRecord::Base#remove_connection before establishing a new one. Calling establish_connection with a different config works the same way as it did previously.

Eileen M. Uchitelle
Update db:prepare task to load schema when an uninitialized database exists, and dump schema after migrations.

Ben Sheldon
Fix supporting timezone awareness for tsrange and tstzrange array columns.

In database migrations

add_column :shops, :open_hours, :tsrange, array: true

In app config

ActiveRecord::Base.time_zone_aware_types += [:tsrange]

In the code times are properly converted to app time zone

Shop.create!(open_hours: [Time.current..8.hour.from_now])
```

*Wojciech Wnętrzak*

Introduce strategy pattern for executing migrations.

By default, migrations will use a strategy object that delegates the method to the connection adapter. Consumers can implement custom strategy objects to change how their migrations run.

Adrianna Chang
Add adapter option disallowing foreign keys

This adds a new option to be added to database.yml which enables skipping foreign key constraints usage even if the underlying database supports them.

Usage:
```
development:
    <<: *default
    database: storage/development.sqlite3
    foreign_keys: false
```
Paulo Barros
Add configurable deprecation warning for singular associations

This adds a deprecation warning when using the plural name of a singular associations in where. It is possible to opt into the new more performant behavior with config.active_record.allow_deprecated_singular_associations_name = false

Adam Hess
Run transactional callbacks on the freshest instance to save a given record within a transaction.

When multiple Active Record instances change the same record within a transaction, Rails runs after_commit or after_rollback callbacks for only one of them. config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction was added to specify how Rails chooses which instance receives the callbacks. The framework defaults were changed to use the new logic.

When config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction is true, transactional callbacks are run on the first instance to save, even though its instance state may be stale.

When it is false, which is the new framework default starting with version 7.1, transactional callbacks are run on the instances with the freshest instance state. Those instances are chosen as follows:
- In general, run transactional callbacks on the last instance to save a given record within the transaction.
- There are two exceptions:
  - If the record is created within the transaction, then updated by another instance, after_create_commit callbacks will be run on the second instance. This is instead of the after_update_commit callbacks that would naively be run based on that instance’s state.
  - If the record is destroyed within the transaction, then after_destroy_commit callbacks will be fired on the last destroyed instance, even if a stale instance subsequently performed an update (which will have affected 0 rows).
Cameron Bothner and Mitch Vollebregt
Enable strict strings mode for SQLite3Adapter.

Configures SQLite with a strict strings mode, which disables double-quoted string literals.

SQLite has some quirks around double-quoted string literals. It first tries to consider double-quoted strings as identifier names, but if they don't exist it then considers them as string literals. Because of this, typos can silently go unnoticed. For example, it is possible to create an index for a non existing column. See SQLite documentation for more details.

If you don't want this behavior, you can disable it via:

config/application.rb

config.active_record.sqlite3_adapter_strict_strings_by_default = false
```

Fixes #&#8203;27782.

*fatkodima*, *Jean Boussier*

Resolve issue where a relation cache_version could be left stale.

Previously, when reset was called on a relation object it did not reset the cache_versions ivar. This led to a confusing situation where despite having the correct data the relation still reported a stale cache_version.

Usage:
```
developers = Developer.all
developers.cache_version

Developer.update_all(updated_at: Time.now.utc + 1.second)

developers.cache_version # Stale cache_version
developers.reset
developers.cache_version # Returns the current correct cache_version
```
Fixes #45341.

Austen Madden

Add support for exclusion constraints (PostgreSQL-only).

add_exclusion_constraint :invoices, "daterange(start_date, end_date) WITH &&", using: :gist, name: "invoices_date_overlap"
remove_exclusion_constraint :invoices, name: "invoices_date_overlap"

See PostgreSQL's CREATE TABLE ... EXCLUDE ... documentation for more on exclusion constraints.

Alex Robbin

change_column_null raises if a non-boolean argument is provided

Previously if you provided a non-boolean argument, change_column_null would treat it as truthy and make your column nullable. This could be surprising, so now the input must be either true or false.
```
change_column_null :table, :column, true # good
change_column_null :table, :column, false # good
change_column_null :table, :column, from: true, to: false # raises (previously this made the column nullable)
```
Alex Ghiculescu
Enforce limit on table names length.

Fixes #45130.

fatkodima
Adjust the minimum MariaDB version for check constraints support.

Eddie Lebow
Fix Hstore deserialize regression.

edsharp

Add validity for PostgreSQL indexes.

connection.index_exists?(:users, :email, valid: true)
connection.indexes(:users).select(&:valid?)

fatkodima

Fix eager loading for models without primary keys.

Anmol Chopra, Matt Lawrence, and Jonathan Hefner
Avoid validating a unique field if it has not changed and is backed by a unique index.

Previously, when saving a record, Active Record will perform an extra query to check for the uniqueness of each attribute having a uniqueness validation, even if that attribute hasn't changed. If the database has the corresponding unique index, then this validation can never fail for persisted records, and we could safely skip it.

fatkodima
Stop setting sql_auto_is_null

Since version 5.5 the default has been off, we no longer have to manually turn it off.

Adam Hess
Fix touch to raise an error for readonly columns.

fatkodima
Add ability to ignore tables by regexp for SQL schema dumps.
```
ActiveRecord::SchemaDumper.ignore_tables = [/^_/]
```
fatkodima
Avoid queries when performing calculations on contradictory relations.

Previously calculations would make a query even when passed a contradiction, such as User.where(id: []).count. We no longer perform a query in that scenario.

This applies to the following calculations: count, sum, average, minimum and maximum

Luan Vieira, John Hawthorn and Daniel Colson

Allow using aliased attributes with insert_all/upsert_all.

class Book < ApplicationRecord
  alias_attribute :title, :name
end

Book.insert_all [{ title: "Remote", author_id: 1 }], returning: :title

fatkodima

Support encrypted attributes on columns with default db values.

This adds support for encrypted attributes defined on columns with default values. It will encrypt those values at creation time. Before, it would raise an error unless config.active_record.encryption.support_unencrypted_data was true.

Jorge Manrubia and Dima Fatko
Allow overriding reading_request? in DatabaseSelector::Resolver

The default implementation checks if a request is a get? or head?, but you can now change it to anything you like. If the method returns true, Resolver#read gets called meaning the request could be served by the replica database.

Alex Ghiculescu
Remove ActiveRecord.legacy_connection_handling.

Eileen M. Uchitelle
rails db:schema:{dump,load} now checks ENV["SCHEMA_FORMAT"] before config

Since rails db:structure:{dump,load} was deprecated there wasn't a simple way to dump a schema to both SQL and Ruby formats. You can now do this with an environment variable. For example:
```
SCHEMA_FORMAT=sql rake db:schema:dump
```
Alex Ghiculescu
Fixed MariaDB default function support.

Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

kaspernj
Add active_record.destroy_association_async_batch_size configuration

This allows applications to specify the maximum number of records that will be destroyed in a single background job by the dependent: :destroy_async association option. By default, the current behavior will remain the same: when a parent record is destroyed, all dependent records will be destroyed in a single background job. If the number of dependent records is greater than this configuration, the records will be destroyed in multiple background jobs.

Nick Holden
Fix remove_foreign_key with :if_exists option when foreign key actually exists.

fatkodima
Remove --no-comments flag in structure dumps for PostgreSQL

This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:
```
ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']
```
Alex Ghiculescu
Reduce the memory footprint of fixtures accessors.

Until now fixtures accessors were eagerly defined using define_method. So the memory usage was directly dependent of the number of fixtures and test suites.

Instead fixtures accessors are now implemented with method_missing, so they incur much less memory and CPU overhead.

Jean Boussier
Fix config.active_record.destroy_association_async_job configuration

config.active_record.destroy_association_async_job should allow applications to specify the job that will be used to destroy associated records in the background for has_many associations with the dependent: :destroy_async option. Previously, that was ignored, which meant the default ActiveRecord::DestroyAssociationAsyncJob always destroyed records in the background.

Nick Holden
Fix change_column_comment to preserve column's AUTO_INCREMENT in the MySQL adapter

fatkodima
Fix quoting of ActiveSupport::Duration and Rational numbers in the MySQL adapter.

Kevin McPhillips
Allow column name with COLLATE (e.g., title COLLATE "C") as safe SQL string

Shugo Maeda
Permit underscores in the VERSION argument to database rake tasks.

Eddie Lebow
Reversed the order of INSERT statements in structure.sql dumps

This should decrease the likelihood of merge conflicts. New migrations will now be added at the top of the list.

For existing apps, there will be a large diff the next time structure.sql is generated.

Alex Ghiculescu, Matt Larraz
Fix PG.connect keyword arguments deprecation warning on ruby 2.7

Fixes #44307.

Nikita Vasilevsky
Fix dropping DB connections after serialization failures and deadlocks.

Prior to 6.1.4, serialization failures and deadlocks caused rollbacks to be issued for both real transactions and savepoints. This breaks MySQL which disallows rollbacks of savepoints following a deadlock.

6.1.4 removed these rollbacks, for both transactions and savepoints, causing the DB connection to be left in an unknown state and thus discarded.

These rollbacks are now restored, except for savepoints on MySQL.

Thomas Morgan
Make ActiveRecord::ConnectionPool Fiber-safe

When ActiveSupport::IsolatedExecutionState.isolation_level is set to :fiber, the connection pool now supports multiple Fibers from the same Thread checking out connections from the pool.

Alex Matchneer

Add update_attribute! to ActiveRecord::Persistence

Similar to update_attribute, but raises ActiveRecord::RecordNotSaved when a before_* callback throws :abort.

class Topic < ActiveRecord::Base
  before_save :check_title

  def check_title
    throw(:abort) if title == "abort"
  end
end

topic = Topic.create(title: "Test Title")

#=> #<Topic title: "Test Title">

topic.update_attribute!(:title, "Another Title")

#=> #<Topic title: "Another Title">

topic.update_attribute!(:title, "abort")

raises ActiveRecord::RecordNotSaved

```

*Drew Tempelmeyer*

Avoid loading every record in ActiveRecord::Relation#pretty_print

Before

pp Foo.all # Loads the whole table.

After

pp Foo.all # Shows 10 items and an ellipsis.
```

*Ulysse Buonomo*

Change QueryMethods#in_order_of to drop records not listed in values.

in_order_of now filters down to the values provided, to match the behavior of the Enumerable version.

Kevin Newton
Allow named expression indexes to be revertible.

Previously, the following code would raise an error in a reversible migration executed while rolling back, due to the index name not being used in the index removal.
```
add_index(:settings, "(data->'property')", using: :gin, name: :index_settings_data_property)
```
Fixes #43331.

Oliver Günther
Fix incorrect argument in PostgreSQL structure dump tasks.

Updating the --no-comment argument added in Rails 7 to the correct --no-comments argument.

Alex Dent
Fix migration compatibility to create SQLite references/belongs_to column as integer when migration version is 6.0.

Reference/belongs_to in migrations with version 6.0 were creating columns as bigint instead of integer for the SQLite Adapter.

Marcelo Lauxen
Fix QueryMethods#in_order_of to handle empty order list.
```
Post.in_order_of(:id, []).to_a
```
Also more explicitly set the column as secondary order, so that any other value is still ordered.

Jean Boussier
Fix quoting of column aliases generated by calculation methods.

Since the alias is derived from the table name, we can't assume the result is a valid identifier.
```
class Test < ActiveRecord::Base
  self.table_name = '1abc'
end
Test.group(:id).count
```

syntax error at or near "1" (ActiveRecord::StatementInvalid)

LINE 1: SELECT COUNT(*) AS count_all, "1abc"."id" AS 1abc_id FROM "1...

```

*Jean Boussier*

Add authenticate_by when using has_secure_password.

authenticate_by is intended to replace code like the following, which returns early when a user with a matching email is not found:
```
User.find_by(email: "...")&.authenticate("...")
```
Such code is vulnerable to timing-based enumeration attacks, wherein an attacker can determine if a user account with a given email exists. After confirming that an account exists, the attacker can try passwords associated with that email address from other leaked databases, in case the user re-used a password across multiple sites (a common practice). Additionally, knowing an account email address allows the attacker to attempt a targeted phishing ("spear phishing") attack.

authenticate_by addresses the vulnerability by taking the same amount of time regardless of whether a user with a matching email is found:
```
User.authenticate_by(email: "...", password: "...")
```
Jonathan Hefner

Action View

Introduce ActionView::TestCase.register_parser

register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }

test "renders RSS" do
  article = Article.create!(title: "Hello, world")

  render formats: :rss, partial: article

  assert_equal "Hello, world", rendered.rss.items.last.title
end

By default, register parsers for :html and :json.

Sean Doyle

Fix simple_format with blank wrapper_tag option returns plain html tag

By default simple_format method returns the text wrapped with <p>. But if we explicitly specify the wrapper_tag: nil in the options, it returns the text wrapped with <></> tag.

Before:
```
simple_format("Hello World", {},  { wrapper_tag: nil })
```

<>Hello World</>

```

After:

```ruby
simple_format("Hello World", {},  { wrapper_tag: nil })

Hello World

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Update dependency rails to '~> 7.2.0'

Release Notes

v7.2.0: 7.2.0

Active Support

...

Active Model

Active Record

SELECT * FROM posts WHERE person_id = 1; -- non-deterministic order

SELECT * FROM posts WHERE person_id = 1 ORDER BY id LIMIT 1;

Before

After

associated will use LEFT JOIN instead of using JOIN

BAD

GOOD

EXPLAIN SELECT COUNT(*) FROM users

...

EXPLAIN SELECT MAX(users.id) FROM users

...

ENV['DATABASE_URL'] = "mysql://localhost/example_database"

will connect to MySQL using the trilogy adapter

Action View

Before

After

Raises ArgumentError: Invalid HTML5 tag name: 12p

Raises ArgumentError: Invalid HTML5 tag name: ""

Raises ArgumentError: Invalid HTML5 tag name: div/

Raises ArgumentError: Invalid HTML5 tag name: "image file"

Action Pack

Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has

All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+.

In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action.

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v7.1.3.4: 7.1.3.4

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v7.1.3.3: 7.1.3.3

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v7.1.3.2

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Active Storage

Action Mailbox

Action Text

Railties

v7.1.3.1: 7.1.3.1

Active Support

Active Model

`v7.2.0`: 7.2.0

`associated` will use `LEFT JOIN` instead of using `JOIN`

EXPLAIN SELECT COUNT(*) FROM `users`

EXPLAIN SELECT MAX(`users`.`id`) FROM `users`

`v7.1.3.4`: 7.1.3.4

`v7.1.3.3`: 7.1.3.3

`v7.1.3.2`

`v7.1.3.1`: 7.1.3.1

`v7.1.3`: 7.1.3

`v7.1.2`: 7.1.2

`v7.1.1`: 7.1.1

`v7.1.0`: 7.1.0

Inside the `travel_to` block `Time.new` is stubbed