- No changes.
-
Use a temporary file for storing unencrypted files while editing
[CVE-2023-38037]
-
Fix
Cache::NullStore
with local caching for repeated reads.fatkodima
-
Fix
to_s
with no arguments not respecting custom:default
formatsHartley McGuire
-
Fix
ActiveSupport::Inflector.humanize(nil)
raisingNoMethodError: undefined method `end_with?' for nil:NilClass
.James Robinson
-
Fix
Enumerable#sum
forEnumerator#lazy
.fatkodima, Matthew Draper, Jonathan Hefner
-
Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem
Hartley McGuire
-
Fix
EncryptedConfiguration
returning incorrect values for someHash
methodsHartley McGuire
-
Fix arguments being destructed
Enumerable#many?
with block.Andrew Novoselac
-
Fix humanize for strings ending with id.
fatkodima
- No changes.
-
Fixes TimeWithZone ArgumentError.
Niklas Häusele
-
Implement SafeBuffer#bytesplice
[CVE-2023-28120]
- No changes.
-
Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
-
Ensure
ActiveSupport::Testing::Isolation::Forking
closes pipesPreviously,
Forking.run_in_isolation
opened two ends of a pipe. The fork process closed the read end, wrote to it, and then terminated (which presumably closed the file descriptors on its end). The parent process closed the write end, read from it, and returned, never closing the read end.This resulted in an accumulation of open file descriptors, which could cause errors if the limit is reached.
Sam Bostock
-
Redis cache store is now compatible with redis-rb 5.0.
Jean Boussier
-
Fix
NoMethodError
on customActiveSupport::Deprecation
behavior.ActiveSupport::Deprecation.behavior=
was supposed to accept any object that responds tocall
, but in fact its internal implementation assumed that this object could respond toarity
, so it was restricted to onlyProc
objects.This change removes this
arity
restriction of custom behaviors.Ryo Nakamura
- No changes.
- No changes.
-
Fix and add protections for XSS in
ActionView::Helpers
andERB::Util
.Add the method
ERB::Util.xml_name_escape
to escape dangerous characters in names of tags and names of attributes, following the specification of XML.Álvaro Martín Fraguas
- No changes.
- Fix Reloader method signature to work with the new Executor signature
- No changes.
-
Fix
ActiveSupport::EncryptedConfiguration
to be compatible with Psych 4Stephen Sugden
-
Improve
File.atomic_write
error handling.Daniel Pepper
-
Fix
Class#descendants
andDescendantsTracker#descendants
compatibility with Ruby 3.1.The native
Class#descendants
was reverted prior to Ruby 3.1 release, butClass#subclasses
was kept, breaking the feature detection.Jean Boussier
-
Fix
ActiveSupport::Duration.build
to support negative values.The algorithm to collect the
parts
of theActiveSupport::Duration
ignored the sign of thevalue
and accumulated incorrect part values. This impactedActiveSupport::Duration#sum
(which is dependent onparts
) but notActiveSupport::Duration#eql?
(which is dependent onvalue
).Caleb Buxton, Braden Staudacher
- No changes.
- No changes.
-
Deprecate passing a format to
#to_s
in favor of#to_formatted_s
inArray
,Range
,Date
,DateTime
,Time
,BigDecimal
,Float
and,Integer
.Rafael Mendonça França
-
Document
ActiveSupport::Testing::Deprecation
.Sam Bostock & Sam Jordan
-
Add
Pathname#existence
.Pathname.new("file").existence&.read
Timo Schilling
-
Remove deprecate
ActiveSupport::Multibyte::Unicode.default_normalization_form
.Rafael Mendonça França
-
Remove deprecated support to use
Range#include?
to check the inclusion of a value in a date time range is deprecated.Rafael Mendonça França
-
Remove deprecated
URI.parser
.Rafael Mendonça França
-
Remove deprecated
config.active_support.use_sha1_digests
.Rafael Mendonça França
-
Invoking
Object#with_options
without a&block
argument returns theActiveSupport::OptionMerger
instance.Sean Doyle
-
Rails.application.executor
hooks can now be called around every testThis helps to better simulate request or job local state being reset around tests and prevents state leaking from one test to another.
However it requires the executor hooks executed in the test environment to be re-entrant.
To enable this, set
config.active_support.executor_around_test_case = true
(this is the default in Rails 7).Jean Boussier
-
ActiveSupport::DescendantsTracker
now mostly delegate toClass#descendants
on Ruby 3.1Ruby now provides a fast
Class#descendants
makingActiveSupport::DescendantsTracker
mostly useless.As a result the following methods are deprecated:
ActiveSupport::DescendantsTracker.direct_descendants
ActiveSupport::DescendantsTracker#direct_descendants
Jean Boussier
-
Fix the
Digest::UUID.uuid_from_hash
behavior for namespace IDs that are different from the ones defined onDigest::UUID
.The new behavior will be enabled by setting the
config.active_support.use_rfc4122_namespaced_uuids
option totrue
and is the default for new apps.The old behavior is the default for upgraded apps and will output a deprecation warning every time a value that is different than one of the constants defined on the
Digest::UUID
extension is used as the namespace ID.Alex Robbin, Erich Soares Machado, Eugene Kenny
-
ActiveSupport::Inflector::Inflections#clear(:acronyms)
is now supported, andinflector.clear
/inflector.clear(:all)
also clears acronyms.Alex Ghiculescu, Oliver Peate
- No changes.
-
ActiveSupport::Dependencies
no longer installs aconst_missing
hook. Before this, you could push to the autoload paths and have constants autoloaded. This feature, known as theclassic
autoloader, has been removed.Xavier Noria
-
Private internal classes of
ActiveSupport::Dependencies
have been deleted, likeActiveSupport::Dependencies::Reference
,ActiveSupport::Dependencies::Blamable
, and others.Xavier Noria
-
The private API of
ActiveSupport::Dependencies
has been deleted. That includes methods likehook!
,unhook!
,depend_on
,require_or_load
,mechanism
, and many others.Xavier Noria
-
Improves the performance of
ActiveSupport::NumberHelper
formatters by avoiding the use of exceptions as flow control.Mike Dalessio
-
Removed rescue block from
ActiveSupport::Cache::RedisCacheStore#handle_exception
Previously, if you provided a
error_handler
toredis_cache_store
, any errors thrown by the error handler would be rescued and logged only. Removed therescue
clause fromhandle_exception
to allow these to be thrown.Nicholas A. Stuart
-
Allow entirely opting out of deprecation warnings.
Previously if you did
app.config.active_support.deprecation = :silence
, some work would still be done on each call toActiveSupport::Deprecation.warn
. In very hot paths, this could cause performance issues.Now, you can make
ActiveSupport::Deprecation.warn
a no-op:config.active_support.report_deprecations = false
This is the default in production for new apps. It is the equivalent to:
config.active_support.deprecation = :silence config.active_support.disallowed_deprecation = :silence
but will take a more optimised code path.
Alex Ghiculescu
-
Faster tests by parallelizing only when overhead is justified by the number of them.
Running tests in parallel adds overhead in terms of database setup and fixture loading. Now, Rails will only parallelize test executions when there are enough tests to make it worth it.
This threshold is 50 by default, and is configurable via config setting in your test.rb:
config.active_support.test_parallelization_threshold = 100
It's also configurable at the test case level:
class ActiveSupport::TestCase parallelize threshold: 100 end
Jorge Manrubia
-
OpenSSL constants are now used for Digest computations.
Dirkjan Bussink
-
TimeZone.iso8601
now accepts valid ordinal values similar to Ruby'sDate._iso8601
method. A valid ordinal value will be converted to an instance ofTimeWithZone
using the:year
and:yday
fragments returned fromDate._iso8601
.twz = ActiveSupport::TimeZone["Eastern Time (US & Canada)"].iso8601("21087") twz.to_a[0, 6] == [0, 0, 0, 28, 03, 2021]
Steve Laing
-
Time#change
and methods that call it (e.g.Time#advance
) will now return aTime
with the timezone argument provided, if the caller was initialized with a timezone argument.Fixes #42467.
Alex Ghiculescu
-
Allow serializing any module or class to JSON by name.
Tyler Rick, Zachary Scott
-
Raise
ActiveSupport::EncryptedFile::MissingKeyError
when theRAILS_MASTER_KEY
environment variable is blank (e.g.""
).Sunny Ripert
-
The
from:
option is added toActiveSupport::TestCase#assert_no_changes
.It permits asserting on the initial value that is expected not to change.
assert_no_changes -> { Status.all_good? }, from: true do post :create, params: { status: { ok: true } } end
George Claghorn
-
Deprecate
ActiveSupport::SafeBuffer
's incorrect implicit conversion of objects into string.Except for a few methods like
String#%
, objects must implement#to_str
to be implicitly converted to a String in string operations. In some circumstancesActiveSupport::SafeBuffer
was incorrectly calling the explicit conversion method (#to_s
) on them. This behavior is now deprecated.Jean Boussier
-
Allow nested access to keys on
Rails.application.credentials
.Previously only top level keys in
credentials.yml.enc
could be accessed with method calls. Now any key can.For example, given these secrets:
aws: access_key_id: 123 secret_access_key: 345
Rails.application.credentials.aws.access_key_id
will now return the same thing asRails.application.credentials.aws[:access_key_id]
.Alex Ghiculescu
-
Added a faster and more compact
ActiveSupport::Cache
serialization format.It can be enabled with
config.active_support.cache_format_version = 7.0
orconfig.load_defaults 7.0
. Regardless of the configuration Active Support 7.0 can read cache entries serialized by Active Support 6.1 which allows to upgrade without invalidating the cache. However Rails 6.1 can't read the new format, so all readers must be upgraded before the new format is enabled.Jean Boussier
-
Add
Enumerable#sole
, perActiveRecord::FinderMethods#sole
. Returns the sole item of the enumerable, raising if no items are found, or if more than one is.Asherah Connor
-
Freeze
ActiveSupport::Duration#parts
and remove writer methods.Durations are meant to be value objects and should not be mutated.
Andrew White
-
Fix
ActiveSupport::TimeZone#utc_to_local
with fractional seconds.When
utc_to_local_returns_utc_offset_times
is false and the time instance had fractional seconds the new UTC time instance was out by a factor of 1,000,000 as theTime.utc
constructor takes a usec value and not a fractional second value.Andrew White
-
Add
expires_at
argument toActiveSupport::Cache
write
andfetch
to set a cache entry TTL as an absolute time.Rails.cache.write(key, value, expires_at: Time.now.at_end_of_hour)
Jean Boussier
-
Deprecate
ActiveSupport::TimeWithZone.name
so that from Rails 7.1 it will use the default implementation.Andrew White
-
Deprecates Rails custom
Enumerable#sum
andArray#sum
in favor of Ruby's native implementation which is considerably faster.Ruby requires an initializer for non-numeric type as per examples below:
%w[foo bar].sum('') # instead of %w[foo bar].sum [[1, 2], [3, 4, 5]].sum([]) # instead of [[1, 2], [3, 4, 5]].sum
Alberto Mota
-
Tests parallelization is now disabled when running individual files to prevent the setup overhead.
It can still be enforced if the environment variable
PARALLEL_WORKERS
is present and set to a value greater than 1.Ricardo Díaz
-
Fix proxying keyword arguments in
ActiveSupport::CurrentAttributes
.Marcin Kołodziej
-
Add
Enumerable#maximum
andEnumerable#minimum
to easily calculate the maximum or minimum from extracted elements of an enumerable.payments = [Payment.new(5), Payment.new(15), Payment.new(10)] payments.minimum(:price) # => 5 payments.maximum(:price) # => 15
This also allows passing enumerables to
fresh_when
andstale?
in Action Controller. See PR #41404 for an example.Ayrton De Craene
-
ActiveSupport::Cache::MemCacheStore
now accepts an explicitnil
for itsaddresses
argument.config.cache_store = :mem_cache_store, nil # is now equivalent to config.cache_store = :mem_cache_store # and is also equivalent to config.cache_store = :mem_cache_store, ENV["MEMCACHE_SERVERS"] || "localhost:11211" # which is the fallback behavior of Dalli
This helps those migrating from
:dalli_store
, where an explicitnil
was permitted.Michael Overmeyer
-
Add
Enumerable#in_order_of
to put an Enumerable in a certain order by a key.DHH
-
ActiveSupport::Inflector.camelize
behaves expected when provided a symbol:upper
or:lower
argument. MatchesString#camelize
behavior.Alex Ghiculescu
-
Raises an
ArgumentError
when the first argument ofActiveSupport::Notification.subscribe
is invalid.Vipul A M
-
HashWithIndifferentAccess#deep_transform_keys
now returns aHashWithIndifferentAccess
instead of aHash
.Nathaniel Woodthorpe
-
Consume dalli’s
cache_nils
configuration asActiveSupport::Cache
'sskip_nil
when usingMemCacheStore
.Ritikesh G
-
Add
RedisCacheStore#stats
method similar toMemCacheStore#stats
. Callsredis#info
internally.Ritikesh G
Please check 6-1-stable for previous changes.