rails changelog

This commit introduces a new except_on: option for validation callbacks, enhancing the flexibility of the validation process in the codebase. With this addition, developers can specify conditions under which certain validation callbacks should be skipped, allowing for more granular control over when validations are applied.

The implementation of the except_on: option aims to improve the usability of validation rules, making it easier to handle scenarios where specific validations may not be necessary. This change is expected to streamline the validation logic and reduce unnecessary validation checks, ultimately leading to cleaner and more efficient code.

Files changed

This commit introduces the use of the RuboCop plugin system, which was implemented in RuboCop version 1.72, as a follow-up to a previous pull request. The update involves modifying RuboCop extension gems to adopt this new plugin architecture, as detailed in the RuboCop plugin migration guide. While the rubocop-packaging gem has integrated plugin support, it has not yet been released, so it continues to utilize the older require method.

Additionally, the commit notes that the rubocop-rails-omakase gem has successfully transitioned to using the RuboCop plugin, with this change reflected in its release version 1.1.0. The commit links to the relevant pull request and release notes for rubocop-rails-omakase, highlighting the progress made in adopting the new plugin system across these projects.

Files changed

This commit introduces a new configuration option, content_security_policy_nonce_auto, which automates the inclusion of a nonce attribute in HTML tags affected by specified Content Security Policy (CSP) directives. The nonce will be added to tags such as javascript_tag, javascript_include_tag, and stylesheet_link_tag if the corresponding directives are defined in the content_security_policy_nonce_directives option. This feature enhances security by allowing developers to easily implement nonce-based CSP without manually adding nonce attributes to each tag, provided that the content_security_policy_nonce_generator is set.

The changes involve modifications to several files, including the addition of new attributes in the AssetTagHelper and JavaScriptHelper modules to support this functionality. Additionally, tests have been updated to verify the correct behavior of the auto-inclusion feature. Documentation has also been updated to include guidance on using this new configuration, emphasizing its utility in dynamic environments where nonces are generated per request, while also noting potential implications for caching strategies.

Files changed

• actionview/CHANGELOG.md
• actionview/lib/action_view/helpers/asset_tag_helper.rb
• actionview/lib/action_view/helpers/javascript_helper.rb
• actionview/lib/action_view/railtie.rb
• actionview/test/template/asset_tag_helper_test.rb
• actionview/test/template/javascript_helper_test.rb
• guides/source/configuring.md
• guides/source/security.md
• railties/lib/rails/application/configuration.rb
• railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt

The commit addresses an important issue in the Rails framework related to the deserialization of mutable default values. It emphasizes that mutable types, such as arrays or hashes, should not be deserialized directly to avoid unintended mutations that can lead to data inconsistency. Instead, these values should remain serialized in their default state. In contrast, immutable types like integers can be eagerly deserialized for better performance and correctness. The changes made in this commit involve modifications to various test files for PostgreSQL and SQLite3, where new tests were added to validate the behavior of default values, particularly focusing on the handling of mutable and immutable types.

The update includes the addition of a new column with a mutable default value in the database schema and corresponding tests to ensure that the default values are correctly represented before and after type casting. Additionally, adjustments were made in other test cases to ensure that integer defaults are treated as integers rather than strings. Overall, this commit enhances the reliability of default value handling in ActiveRecord, ensuring that the framework behaves correctly when dealing with different data types.

Files changed

• activerecord/test/cases/adapters/postgresql/json_test.rb
• activerecord/test/cases/adapters/sqlite3/json_test.rb
• activerecord/test/cases/adapters/sqlite3/sqlite3_adapter_test.rb
• activerecord/test/cases/migration/change_schema_test.rb
• activerecord/test/cases/migration/columns_test.rb
• activerecord/test/cases/migration_test.rb

This commit addresses an issue with the capture view helper by modifying it to correctly pass keyword arguments. The adjustments ensure that the helper can effectively handle and forward these arguments, improving its functionality and flexibility in various contexts.

By implementing this fix, developers can now utilize keyword arguments seamlessly within the capture view helper, enhancing the overall usability of the code and reducing potential errors related to argument handling. This change is expected to streamline development processes and improve the integration of the helper in different parts of the application.

Files changed

This commit optimizes the String#parameterize method by introducing a new implementation that reduces reliance on regular expressions, resulting in improved performance. The previous version utilized multiple regex operations to handle unwanted characters and manage separators, which could be a bottleneck. The new implementation simplifies this process by using string manipulation methods like squeeze, delete_prefix!, and delete_suffix!, allowing for more efficient handling of separators and unwanted characters.

Benchmark tests comparing the old and new methods demonstrate significant performance gains across various scenarios. The new method outperforms the old one in terms of iterations per second, with improvements ranging from 1.20x to 2.53x faster, depending on the length of the separator used. This enhancement not only streamlines the code but also provides a more efficient way to parameterize strings, making it a valuable update for users relying on this functionality.

Files changed

This commit addresses the issue of generating a bundler binstub in Rails applications, specifically in relation to an upcoming change in Bundler that will cease the creation of the bin/bundle binstub. The change is linked to a broader update in Bundler, as detailed in a related RubyGems pull request. The concern is that once this change is implemented, new Rails applications would produce a Bundler warning and the AuthenticationGenerator, which relies on the bin/bundle binstub, would malfunction.

To resolve this issue, the commit removes the generation of the bundler binstub and updates the AuthenticationGenerator to utilize the same bundler command as the rest of the Rails codebase. This ensures compatibility with future versions of Bundler and prevents potential disruptions in functionality for new Rails applications.

Files changed

This commit addresses an inconsistency in the ActiveRecord::Result#dup method by correcting how the @column_types instance variable is handled. Previously, the line @column_types = column_types.dup was deemed incorrect due to changes made in a prior pull request, which altered the behavior of the column_types method from a simple attribute reader to a more complex implementation.

To ensure that the duplication of ActiveRecord::Result objects accurately preserves all attributes, the commit introduces a new test case in result_test.rb. This test verifies that when an instance of ActiveRecord::Result is duplicated, all relevant attributes—such as column_types, columns, rows, and column_indexes—are correctly maintained, even after multiple duplications. The co-authorship of Jeremy Daer highlights collaborative efforts in refining this functionality.

Files changed

• activerecord/test/cases/result_test.rb

The commit focuses on the removal of the raw_column_types method from the ActiveRecord::Result class in the Rails framework, which was deemed unnecessary. This modification involved deleting five lines of code from the activerecord/lib/active_record/result.rb file, streamlining the codebase by eliminating unused functionality.

By removing the raw_column_types method, the commit enhances the clarity and maintainability of the ActiveRecord::Result class, as it no longer includes methods that are not utilized in the current implementation. This change is part of an ongoing effort to refine the Rails codebase, as indicated by the associated pull request link.

Files changed

• activerecord/lib/active_record/result.rb

The commit introduces a default configuration for bin/bundle-audit, a tool designed to identify known security vulnerabilities in the application's Gemfile. By including bundler-audit in the Gemfile and integrating it into the standard application generation process, the commit ensures that security audits become a part of every Continuous Integration (CI) workflow. The changes also involve creating a configuration file (config/bundler-audit.yml) that allows users to manage known vulnerabilities and customize the audit process.

Additionally, the commit enhances the overall project structure by generating necessary files if they are missing and updating the README and CHANGELOG to reflect these new features. It includes the bundler-audit scan as part of the default GitHub CI setup, ensuring that applications built with this framework will automatically check for gem vulnerabilities, thereby promoting a more secure development environment. Co-authored by David Heinemeier Hansson, this commit emphasizes the importance of security in modern software development practices.

Files changed

• Gemfile
• Gemfile.lock
• railties/CHANGELOG.md
• railties/lib/rails/generators/rails/app/app_generator.rb
• railties/lib/rails/generators/rails/app/templates/Gemfile.tt
• railties/lib/rails/generators/rails/app/templates/bin/bundler-audit.tt
• railties/lib/rails/generators/rails/app/templates/config/bundler-audit.yml.tt
• railties/lib/rails/generators/rails/app/templates/github/ci.yml.tt
• railties/test/generators/api_app_generator_test.rb
• railties/test/generators/app_generator_test.rb
• railties/test/generators/plugin_generator_test.rb