chore(deps): update dependency rails to v8

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Confidence
rails (source, changelog)	'~> 6.1.4' -> '~> 8.0.0'

---

Release Notes

rails/rails (rails)

v8.0.2.1: 8.0.2.1

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Call inspect on ids in RecordNotFound error

  [CVE-2025-55193]

  Gannon McGibbon, John Hawthorn

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

Remove dangerous transformations

[CVE-2025-24293]

*Zack Deveau*

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

Guides

• No changes.

v8.0.2: 8.0.2

Compare Source

Active Support

• Fix setting to_time_preserves_timezone from new_framework_defaults_8_0.rb.

  fatkodima

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }
  

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

  cache.fetch("key", expires_in: 1.hour, race_condition_ttl: 5.second) do
    "something"
  end
  

  In the above example, the final cache entry would have a 10 seconds TTL instead of the requested 1 hour.

  Dhia

• Better handle procs with splat arguments in set_callback.

  Radamés Roriz

• Fix String#mb_chars to not mutate the receiver.

  Previously it would call force_encoding on the receiver, now it dups the receiver first.

  Jean Boussier

• Improve ErrorSubscriber to also mark error causes as reported.

  This avoid some cases of errors being reported twice, notably in views because of how errors are wrapped in ActionView::Template::Error.

  Jean Boussier

• Fix Module#module_parent_name to return the correct name after the module has been named.

  When called on an anonymous module, the return value wouldn't change after the module was given a name later by being assigned to a constant.

  mod = Module.new
  mod.module_parent_name # => "Object"
  MyModule::Something = mod
  mod.module_parent_name # => "MyModule"
  

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix inverting rename_enum_value when :from/:to are provided.

  fatkodima

• Prevent persisting invalid record.

  Edouard Chin

• Fix inverting drop_table without options.

  fatkodima

• Fix count with group by qualified name on loaded relation.

  Ryuta Kamizono

• Fix sum with qualified name on loaded relation.

  Chris Gunther

• The SQLite3 adapter quotes non-finite Numeric values like "Infinity" and "NaN".

  Mike Dalessio

• Handle libpq returning a database version of 0 on no/bad connection in PostgreSQLAdapter.

  Before, this version would be cached and an error would be raised during connection configuration when comparing it with the minimum required version for the adapter. This meant that the connection could never be successfully configured on subsequent reconnection attempts.

  Now, this is treated as a connection failure consistent with libpq, raising a ActiveRecord::ConnectionFailed and ensuring the version isn't cached, which allows the version to be retrieved on the next connection attempt.

  Joshua Young, Rian McGuire

• Fix error handling during connection configuration.

  Active Record wasn't properly handling errors during the connection configuration phase. This could lead to a partially configured connection being used, resulting in various exceptions, the most common being with the PostgreSQLAdapter raising undefined method key?' for nilorTypeError: wrong argument type nil (expected PG::TypeMap)`.

  Jean Boussier

• Fix a case where a non-retryable query could be marked retryable.

  Hartley McGuire

• Handle circular references when autosaving associations.

  zzak

• PoolConfig no longer keeps a reference to the connection class.

  Keeping a reference to the class caused subtle issues when combined with reloading in development. Fixes #​54343.

  Mike Dalessio

• Fix SQL notifications sometimes not sent when using async queries.

  Post.async_count
  ActiveSupport::Notifications.subscribed(->(*) { "Will never reach here" }) do
    Post.count
  end
  

  In rare circumstances and under the right race condition, Active Support notifications would no longer be dispatched after using an asynchronous query. This is now fixed.

  Edouard Chin

• Fix support for PostgreSQL enum types with commas in their name.

  Arthur Hess

• Fix inserts on MySQL with no RETURNING support for a table with multiple auto populated columns.

  Nikita Vasilevsky

• Fix joining on a scoped association with string joins and bind parameters.

  class Instructor < ActiveRecord::Base
    has_many :instructor_roles, -> { active }
  end
  
  class InstructorRole < ActiveRecord::Base
    scope :active, -> {
      joins("JOIN students ON instructor_roles.student_id = students.id")
      .where(students { status: 1 })
    }
  end
  
  Instructor.joins(:instructor_roles).first
  

  The above example would result in ActiveRecord::StatementInvalid because the active scope bind parameters would be lost.

  Jean Boussier

• Fix a potential race condition with system tests and transactional fixtures.

  Sjoerd Lagarde

• Fix autosave associations to no longer validated unmodified associated records.

  Active Record was incorrectly performing validation on associated record that weren't created nor modified as part of the transaction:

  Post.create!(author: User.find(1)) # Fail if user is invalid
  

  Jean Boussier

• Remember when a database connection has recently been verified (for two seconds, by default), to avoid repeated reverifications during a single request.

  This should recreate a similar rate of verification as in Rails 7.1, where connections are leased for the duration of a request, and thus only verified once.

  Matthew Draper

Action View

• Respect html_options[:form] when collection_checkboxes generates the hidden <input>.

  Riccardo Odone

• Layouts have access to local variables passed to render.

  This fixes #​31680 which was a regression in Rails 5.1.

  Mike Dalessio

• Argument errors related to strict locals in templates now raise an ActionView::StrictLocalsError, and all other argument errors are reraised as-is.

  Previously, any ArgumentError raised during template rendering was swallowed during strict local error handling, so that an ArgumentError unrelated to strict locals (e.g., a helper method invoked with incorrect arguments) would be replaced by a similar ArgumentError with an unrelated backtrace, making it difficult to debug templates.

  Now, any ArgumentError unrelated to strict locals is reraised, preserving the original backtrace for developers.

  Also note that ActionView::StrictLocalsError is a subclass of ArgumentError, so any existing code that rescues ArgumentError will continue to work.

  Fixes #​52227.

  Mike Dalessio

• Fix stack overflow error in dependency tracker when dealing with circular dependencies

  Jean Boussier

Action Pack

• Improve with_routing test helper to not rebuild the middleware stack.

  Otherwise some middleware configuration could be lost.

  Édouard Chin

• Add resource name to the ArgumentError that's raised when invalid :only or :except options are given to #resource or #resources

  This makes it easier to locate the source of the problem, especially for routes drawn by gems.

  Before:

  :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
  

  After:

  Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
  

  Jeremy Green

• Fix url_for to handle :path_params gracefully when it's not a Hash.

  Prevents various security scanners from causing exceptions.

  Martin Emde

• Fix ActionDispatch::Executor to unwrap exceptions like other error reporting middlewares.

  Jean Boussier

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• A Blob will no longer autosave associated Attachment.

  This fixes an issue where a record with an attachment would have its dirty attributes reset, preventing your after commit callbacks on that record to behave as expected.

  Note that this change doesn't require any changes on your application and is supposed to be internal. Active Storage Attachment will continue to be autosaved (through a different relation).

  Edouard-chin

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Fix Rails console to load routes.

  Otherwise *_path and *url methods are missing on the app object.

  Édouard Chin

• Update rails new --minimal option

  Extend the --minimal flag to exclude recently added features: skip_brakeman, skip_ci, skip_docker, skip_kamal, skip_rubocop, skip_solid and skip_thruster.

  eelcoj

• Use secret_key_base from ENV or credentials when present locally.

  When ENV["SECRET_KEY_BASE"] or Rails.application.credentials.secret_key_base is set for test or development, it is used for the Rails.config.secret_key_base, instead of generating a tmp/local_secret.txt file.

  Petrik de Heus

Guides

• No changes.

v8.0.1: 8.0.1

Compare Source

Active Support

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

• Restore the ability to decorate methods generated by class_attribute.

  It always has been complicated to use Module#prepend or an alias method chain to decorate methods defined by class_attribute, but became even harder in 8.0.

  This capability is now supported for both reader and writer methods.

  Jean Boussier

Active Model

• No changes.

Active Record

• Fix removing foreign keys with :restrict action for MySQ

  fatkodima

• Fix a race condition in ActiveRecord::Base#method_missing when lazily defining attributes.

  If multiple thread were concurrently triggering attribute definition on the same model, it could result in a NoMethodError being raised.

  Jean Boussier

• Fix MySQL default functions getting dropped when changing a column's nullability.

  Bastian Bartmann

• Fix add_unique_constraint/add_check_constraint/add_foreign_key to be revertible when given invalid options.

  fatkodima

• Fix asynchronous destroying of polymorphic belongs_to associations.

  fatkodima

• Fix insert_all to not update existing records.

  fatkodima

• NOT VALID constraints should not dump in create_table.

  Ryuta Kamizono

• Fix finding by nil composite primary key association.

  fatkodima

• Properly reset composite primary key configuration when setting a primary key.

  fatkodima

• Fix Mysql2Adapter support for prepared statements

  Using prepared statements with MySQL could result in a NoMethodError exception.

  Jean Boussier, Leo Arnold, zzak

• Fix parsing of SQLite foreign key names when they contain non-ASCII characters

  Zacharias Knudsen

• Fix parsing of MySQL 8.0.16+ CHECK constraints when they contain new lines.

  Steve Hill

• Ensure normalized attribute queries use IS NULL consistently for nil and normalized nil values.

  Joshua Young

• Fix sum when performing a grouped calculation.

  User.group(:friendly).sum no longer worked. This is fixed.

  Edouard Chin

• Restore back the ability to pass only database name to DATABASE_URL.

  fatkodima

Action View

• Fix a crash in ERB template error highlighting when the error occurs on a line in the compiled template that is past the end of the source template.

  Martin Emde

• Improve reliability of ERB template error highlighting. Fix infinite loops and crashes in highlighting and improve tolerance for alternate ERB handlers.

  Martin Emde

Action Pack

• Add ActionDispatch::Request::Session#store method to conform Rack spec.

  Yaroslav

Active Job

• Avoid crashing in Active Job logger when logging enqueueing errors

  ActiveJob.perform_all_later could fail with a TypeError when all provided jobs failed to be enqueueed.

  Efstathios Stivaros

Action Mailer

• No changes.

Action Cable

• Ensure the Postgresql adapter always use a dedicated connection even during system tests.

  Fix an issue with the Action Cable Postgresql adapter causing deadlock or various weird pg client error during system tests.

  Jean Boussier

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Skip generation system tests related code for CI when --skip-system-test is given.

  fatkodima

• Don't add bin/thrust if thruster is not in Gemfile.

  Étienne Barrié

• Don't install a package for system test when applications don't use it.

  y-yagi

Guides

• No changes.

v8.0.0.1: 8.0.0.1

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

  [CVE-2024-54133]

  Gannon McGibbon

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Update vendored trix version to 2.1.10

  John Hawthorn

Railties

• No changes.

Guides

• No changes.

v8.0.0: 8.0.0

Compare Source

Active Support

• Remove deprecated support to passing an array of strings to ActiveSupport::Deprecation#warn.

  Rafael Mendonça França

• Remove deprecated support to setting attr_internal_naming_format with a @ prefix.

  Rafael Mendonça França

• Remove deprecated ActiveSupport::ProxyObject.

  Rafael Mendonça França

• Don't execute i18n watcher on boot. It shouldn't catch any file changes initially, and unnecessarily slows down boot of applications with lots of translations.

  Gannon McGibbon, David Stosik

• Fix ActiveSupport::HashWithIndifferentAccess#stringify_keys to stringify all keys not just symbols.

  Previously:

  { 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2
  

  After this change:

  { 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2
  

  This change can be seen as a bug fix, but since it behaved like this for a very long time, we're deciding to not backport the fix and to make the change in a major release.

  Jean Boussier

• Include options when instrumenting ActiveSupport::Cache::Store#delete and ActiveSupport::Cache::Store#delete_multi.

  Adam Renberg Tamm

• Print test names when running rails test -v for parallel tests.

  John Hawthorn, Abeid Ahmed

• Deprecate Benchmark.ms core extension.

  The benchmark gem will become bundled in Ruby 3.5

  Earlopain

• ActiveSupport::TimeWithZone#inspect now uses ISO 8601 style time like Time#inspect

  John Hawthorn

• ActiveSupport::ErrorReporter#report now assigns a backtrace to unraised exceptions.

  Previously reporting an un-raised exception would result in an error report without a backtrace. Now it automatically generates one.

  Jean Boussier

• Add escape_html_entities option to ActiveSupport::JSON.encode.

  This allows for overriding the global configuration found at ActiveSupport.escape_html_entities_in_json for specific calls to to_json.

  This should be usable from controllers in the following manner:

  class MyController < ApplicationController
    def index
      render json: { hello: "world" }, escape_html_entities: false
    end
  end
  

  Nigel Baillie

• Raise when using key which can't respond to #to_sym in EncryptedConfiguration.

  As is the case when trying to use an Integer or Float as a key, which is unsupported.

  zzak

• Deprecate addition and since between two Time and ActiveSupport::TimeWithZone.

  Previously adding time instances together such as 10.days.ago + 10.days.ago or 10.days.ago.since(10.days.ago) produced a nonsensical future date. This behavior is deprecated and will be removed in Rails 8.1.

  Nick Schwaderer

• Support rfc2822 format for Time#to_fs & Date#to_fs.

  Akshay Birajdar

• Optimize load time for Railtie#initialize_i18n. Filter I18n.load_paths passed to the file watcher to only those under Rails.root. Previously the watcher would grab all available locales, including those in gems which do not require a watcher because they won't change.

  Nick Schwaderer

• Add a filter option to in_order_of to prioritize certain values in the sorting without filtering the results by these values.

  Igor Depolli

• Improve error message when using assert_difference or assert_changes with a proc by printing the proc's source code (MRI only).

  Richard Böhme, Jean Boussier

• Add a new configuration value :zone for ActiveSupport.to_time_preserves_timezone and rename the previous true value to :offset. The new default value is :zone.

  Jason Kim, John Hawthorn

• Align instrumentation payload[:key] in ActiveSupport::Cache to follow the same pattern, with namespaced and normalized keys.

  Frederik Erbs Spang Thomsen

• Fix travel_to to set usec 0 when with_usec is false and the given argument String or DateTime.

  mopp

Active Model

• Add :except_on option for validations. Grants the ability to skip validations in specified contexts.

  class User < ApplicationRecord
      #...
      validates :birthday, presence: { except_on: :admin }
      #...
  end
  
  user = User.new(attributes except birthday)
  user.save(context: :admin)
  

  Drew Bragg

• Make ActiveModel::Serialization#read_attribute_for_serialization public

  Sean Doyle

• Add a default token generator for password reset tokens when using has_secure_password.

  class User < ApplicationRecord
    has_secure_password
  end
  
  user = User.create!(name: "david", password: "123", password_confirmation: "123")
  token = user.password_reset_token
  User.find_by_password_reset_token(token) # returns user
  

16 minutes later...

User.find_by_password_reset_token(token) # returns nil

raises ActiveSupport::MessageVerifier::InvalidSignature since the token is expired

User.find_by_password_reset_token!(token)
```

*DHH*

• Add a load hook active_model_translation for ActiveModel::Translation.

  Shouichi Kamiya

• Add raise_on_missing_translations option to ActiveModel::Translation. When the option is set, human_attribute_name raises an error if a translation of the given attribute is missing.

ActiveModel::Translation.raise_on_missing_translations = false

Post.human_attribute_name("title")
=> "Title"

ActiveModel::Translation.raise_on_missing_translations = true

Post.human_attribute_name("title")
=> Translation missing. Options considered were: (I18n::MissingTranslationData)
    - en.activerecord.attributes.post.title
    - en.attributes.title

            raise exception.respond_to?(:to_exception) ? exception.to_exception : exception
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
```

*Shouichi Kamiya*

• Introduce ActiveModel::AttributeAssignment#attribute_writer_missing

  Provide instances with an opportunity to gracefully handle assigning to an unknown attribute:

  class Rectangle
    include ActiveModel::AttributeAssignment
  
    attr_accessor :length, :width
  
    def attribute_writer_missing(name, value)
      Rails.logger.warn "Tried to assign to unknown attribute #{name}"
    end
  end
  
  rectangle = Rectangle.new
  rectangle.assign_attributes(height: 10) # => Logs "Tried to assign to unknown attribute 'height'"
  

  Sean Doyle

Active Record

• Fix support for query_cache: false in database.yml.

  query_cache: false would no longer entirely disable the Active Record query cache.

  zzak

• NULLS NOT DISTINCT works with UNIQUE CONSTRAINT as well as UNIQUE INDEX.

  Ryuta Kamizono

• The db:prepare task no longer loads seeds when a non-primary database is created.

  Previously, the db:prepare task would load seeds whenever a new database is created, leading to potential loss of data if a database is added to an existing environment.

  Introduces a new database config property seeds to control whether seeds are loaded during db:prepare which defaults to true for primary database configs and false otherwise.

  Fixes #​53348.

  Mike Dalessio

• PG::UnableToSend: no connection to the server is now retryable as a connection-related exception

  Kazuma Watanabe

• Fix strict loading propagation even if statement cache is not used.

  Ryuta Kamizono

• Allow rename_enum accepts two from/to name arguments as rename_table does so.

  Ryuta Kamizono

• Remove deprecated support to setting ENV["SCHEMA_CACHE"].

  Rafael Mendonça França

• Remove deprecated support to passing a database name to cache_dump_filename.

  Rafael Mendonça França

• Remove deprecated ActiveRecord::ConnectionAdapters::ConnectionPool#connection.

  Rafael Mendonça França

• Remove deprecated config.active_record.sqlite3_deprecated_warning.

  Rafael Mendonça França

• Remove deprecated config.active_record.warn_on_records_fetched_greater_than.

  Rafael Mendonça França

• Remove deprecated support for defining enum with keyword arguments.

  Rafael Mendonça França

• Remove deprecated support to finding database adapters that aren't registered to Active Record.

  Rafael Mendonça França

• Remove deprecated config.active_record.allow_deprecated_singular_associations_name.

  Rafael Mendonça França

• Remove deprecated config.active_record.commit_transaction_on_non_local_return.

  Rafael Mendonça França

• Fix incorrect SQL query when passing an empty hash to ActiveRecord::Base.insert.

  David Stosik

• Allow to save records with polymorphic join tables that have inverse_of specified.

  Markus Doits

• Fix association scopes applying on the incorrect join when using a polymorphic has_many through:.

  Joshua Young

• Allow ActiveRecord::Base#pluck to accept hash arguments with symbol and string values.

  Post.joins(:comments).pluck(:id, comments: :id)
  Post.joins(:comments).pluck("id", "comments" => "id")
  

  Joshua Young

• Make Float distinguish between float4 and float8 in PostgreSQL.

  Fixes #​52742

  Ryota Kitazawa, Takayuki Nagatomi

• Allow drop_table to accept an array of table names.

  This will let you to drop multiple tables in a single call.

  ActiveRecord::Base.lease_connection.drop_table(:users, :posts)
  

  Gabriel Sobrinho

• Add support for PostgreSQL IF NOT EXISTS via the :if_not_exists option on the add_enum_value method.

  Ariel Rzezak

• When running db:migrate on a fresh database, load the databases schemas before running migrations.

  Andrew Novoselac, Marek Kasztelnik

• Fix an issue where .left_outer_joins used with multiple associations that have the same child association but different parents does not join all parents.

  Previously, using .left_outer_joins with the same child association would only join one of the parents.

  Now it will correctly join both parents.

  Fixes #​41498.

  Garrett Blehm

• Deprecate unsigned_float and unsigned_decimal short-hand column methods.

  As of MySQL 8.0.17, the UNSIGNED attribute is deprecated for columns of type FLOAT, DOUBLE, and DECIMAL. Consider using a simple CHECK constraint instead for such columns.

  https://dev.mysql.com/doc/refman/8.0/en/numeric-type-syntax.html

  Ryuta Kamizono

• Drop MySQL 5.5 support.

  MySQL 5.5 is the only version that does not support datetime with precision, which we have supported in the core. Now we support MySQL 5.6.4 or later, which is the first version to support datetime with precision.

  Ryuta Kamizono

• Make Active Record asynchronous queries compatible with transactional fixtures.

  Previously transactional fixtures would disable asynchronous queries, because transactional fixtures impose all queries use the same connection.

  Now asynchronous queries will use the connection pinned by transactional fixtures, and behave much closer to production.

  Jean Boussier

• Deserialize binary data before decrypting

  This ensures that we call PG::Connection.unescape_bytea on PostgreSQL before decryption.

  Donal McBreen

• Ensure ActiveRecord::Encryption.config is always ready before access.

  Previously, ActiveRecord::Encryption configuration was deferred until ActiveRecord::Base was loaded. Therefore, accessing ActiveRecord::Encryption.config properties before ActiveRecord::Base was loaded would give incorrect results.

  ActiveRecord::Encryption now has its own loading hook so that its configuration is set as soon as needed.

  When ActiveRecord::Base is loaded, even lazily, it in turn triggers the loading of ActiveRecord::Encryption, thus preserving the original behavior of having its config ready before any use of ActiveRecord::Base.

  Maxime Réty

• Add TimeZoneConverter#== method, so objects will be properly compared by their type, scale, limit & precision.

  Address #​52699.

  Ruy Rocha

• Add support for SQLite3 full-text-search and other virtual tables.

  Previously, adding sqlite3 virtual tables messed up schema.rb.

  Now, virtual tables can safely be added using create_virtual_table.

  Zacharias Knudsen

• Support use of alternative database interfaces via the database_cli ActiveRecord configuration option.

  Rails.application.configure do
    config.active_record.database_cli = { postgresql: "pgcli" }
  end
  

  T S Vallender

• Add support for dumping table inheritance and native partitioning table definitions for PostgeSQL adapter

  Justin Talbott

• Add support for ActiveRecord::Point type casts using Hash values

  This allows ActiveRecord::Point to be cast or serialized from a hash with :x and :y keys of numeric values, mirroring the functionality of existing casts for string and array values. Both string and symbol keys are supported.

  class PostgresqlPoint < ActiveRecord::Base
    attribute :x, :point
    attribute :y, :point
    attribute :z, :point
  end
  
  val = PostgresqlPoint.new({
    x: '(12.34, -43.21)',
    y: [12.34, '-43.21'],
    z: {x: '12.34', y: -43.21}
  })
  ActiveRecord::Point.new(12.32, -43.21) == val.x == val.y == val.z
  

  Stephen Drew

• Replace SQLite3::Database#busy_timeout with #busy_handler_timeout=.

  Provides a non-GVL-blocking, fair retry interval busy handler implementation.

  Stephen Margheim

• SQLite3Adapter: Translate SQLite3::BusyException into ActiveRecord::StatementTimeout.

  Matthew Nguyen

• Include schema name in enable_extension statements in db/schema.rb.

  The schema dumper will now include the schema name in generated enable_extension statements if they differ from the current schema.

  For example, if you have a migration:

  enable_extension "heroku_ext.pgcrypto"
  enable_extension "pg_stat_statements"
  

  then the generated schema dump will also contain:

  enable_extension "heroku_ext.pgcrypto"
  enable_extension "pg_stat_statements"
  

  Tony Novak

• Fix ActiveRecord::Encryption::EncryptedAttributeType#type to return actual cast type.

  Vasiliy Ermolovich

• SQLite3Adapter: Bulk insert fixtures.

  Previously one insert command was executed for each fixture, now they are aggregated in a single bulk insert command.

  Lázaro Nixon

• PostgreSQLAdapter: Allow disable_extension to be called with schema-qualified name.

  For parity with enable_extension, the disable_extension method can be called with a schema-qualified name (e.g. disable_extension "myschema.pgcrypto"). Note that PostgreSQL's DROP EXTENSION does not actually take a schema name (unlike CREATE EXTENSION), so the resulting SQL statement will only name the extension, e.g. DROP EXTENSION IF EXISTS "pgcrypto".

  Tony Novak

• Make create_schema / drop_schema reversible in migrations.

  Previously, create_schema and drop_schema were irreversible migration operations.

  Tony Novak

• Support batching using custom columns.

  Product.in_batches(cursor: [:shop_id, :id]) do |relation|
  

do something with relation

end
```

*fatkodima*

• Use SQLite IMMEDIATE transactions when possible.

  Transactions run against the SQLite3 adapter default to IMMEDIATE mode to improve concurrency support and avoid busy exceptions.

  Stephen Margheim

• Raise specific exception when a connection is not defined.

  The new ConnectionNotDefined exception provides connection name, shard and role accessors indicating the details of the connection that was requested.

  Hana Harencarova, Matthew Draper

• Delete the deprecated constant ActiveRecord::ImmutableRelation.

  Xavier Noria

• Fix duplicate callback execution when child autosaves parent with has_one and belongs_to.

  Before, persisting a new child record with a new associated parent record would run before_validation, after_validation, before_save and after_save callbacks twice.

  Now, these callbacks are only executed once as expected.

  Joshua Young

• ActiveRecord::Encryption::Encryptor now supports a :compressor option to customize the compression algorithm used.

  module ZstdCompressor
    def self.deflate(data)
      Zstd.compress(data)
    end
  
    def self.inflate(data)
      Zstd.decompress(data)
    end
  end
  
  class User
    encrypts :name, compressor: ZstdCompressor
  end
  

  You disable compression by passing compress: false.

  class User
    encrypts :name, compress: false
  end
  

  heka1024

• Add condensed #inspect for ConnectionPool, AbstractAdapter, and DatabaseConfig.

  Hartley McGuire

• Add .shard_keys, .sharded?, & .connected_to_all_shards methods.

  class ShardedBase < ActiveRecord::Base
      self.abstract_class = true
  
      connects_to shards: {
        shard_one: { writing: :shard_one },
        shard_two: { writing: :shard_two }
      }
  end
  
  class ShardedModel < ShardedBase
  end
  
  ShardedModel.shard_keys => [:shard_one, :shard_two]
  ShardedModel.sharded? => true
  ShardedBase.connected_to_all_shards { ShardedModel.current_shard } => [:shard_one, :shard_two]
  

  Nony Dutton

• Add a filter option to in_order_of to prioritize certain values in the sorting without filtering the results by these values.

  Igor Depolli

• Fix an issue where the IDs reader method did not return expected results for preloaded associations in models using composite primary keys.

  Jay Ang

• Allow to configure strict_loading_mode globally or within a model.

  Defaults to :all, can be changed to :n_plus_one_only.

  Garen Torikian

• Add ActiveRecord::Relation#readonly?.

  Reflects if the relation has been marked as readonly.

  Theodor Tonum

• Improve ActiveRecord::Store to raise a descriptive exception if the column is not either structured (e.g., PostgreSQL +hstore+/+json+, or MySQL +json+) or declared serializable via ActiveRecord.store.

  Previously, a NoMethodError would be raised when the accessor was read or written:

  NoMethodError: undefined method `accessor' for an instance of ActiveRecord::Type::Text
  

  Now, a descriptive ConfigurationError is raised:

  ActiveRecord::ConfigurationError: the column 'metadata' has not been configured as a store.
    Please make sure the column is declared serializable via 'ActiveRecord.store' or, if your
    database supports it, use a structured column type like hstore or json.
  

  Mike Dalessio

• Fix inference of association model on nested models with the same demodularized name.

  E.g. with the following setup:

  class Nested::Post < ApplicationRecord
    has_one :post, through: :other
  end
  

  Before, #post would infer the model as Nested::Post, but now it correctly infers Post.

  Joshua Young

• Add public method for checking if a table is ignored by the schema cache.

  Previously, an application would need to reimplement ignored_table? from the schema cache class to check if a table was set to be ignored. This adds a public method to support this and updates the schema cache to use that directly.

  ActiveRecord.schema_cache_ignored_tables = ["developers"]
  ActiveRecord.schema_cache_ignored_table?("developers")
  => true
  

  Eileen M. Uchitelle

Action View

• Remove deprecated support to passing a content to void tag elements on the tag builder.

  Rafael Mendonça França

• Remove deprecated support to passing nil to the model: argument of form_with.

  Rafael Mendonça França

• Enable DependencyTracker to evaluate renders with trailing interpolation.

  <%= render "maintenance_tasks/runs/info/#{run.status}" %>
  

  Previously, the DependencyTracker would ignore this render, but now it will mark all partials in the "maintenance_tasks/runs/info" folder as dependencies.

  Hartley McGuire

• Rename text_area methods into textarea

  Old names are still available as aliases.

  Sean Doyle

• Rename check_box* methods into checkbox*.

  Old names are still available as aliases.

  Jean Boussier

Action Pack

• Fix routes with :: in the path.

  Rafael Mendonça França

• Maintain Rack 2 parameter parsing behaviour.

  Matthew Draper

• Remove Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality.

  Rafael Mendonça França

• Improve ActionController::TestCase to expose a binary encoded request.body.

  The rack spec clearly states:

  The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.

  Until now its encoding was generally UTF-8, which doesn't accurately reflect production behavior.

  Jean Boussier

• Update ActionController::AllowBrowser to support passing method names to :block

  class ApplicationController < ActionController::Base
    allow_browser versions: :modern, block: :handle_outdated_browser
  
    private
      def handle_outdated_browser
        render file: Rails.root.join("public/custom-error.html"), status: :not_acceptable
      end
  end
  

  Sean Doyle

• Raise an ArgumentError when invalid :only or :except options are passed into #resource and #resources.

  Joshua Young

• Fix non-GET requests not updating cookies in ActionController::TestCase.

  Jon Moss, Hartley McGuire

• Update ActionController::Live to use a thread-pool to reuse threads across requests.

  Adam Renberg Tamm

• Introduce safer, more explicit params handling method with params#expect such that params.expect(table: [ :attr ]) replaces params.require(:table).permit(:attr)

  Ensures params are filtered with consideration for the expected types of values, improving handling of params and avoiding ignorable errors caused by params tampering.

If the url is altered to ?person=hacked

Before

params.require(:person).permit(:name, :age, pets: [:name])

raises NoMethodError, causing a 500 and potential error reporting

After

params.expect(person: [ :name, :age, pets: [[:name]] ])

raises ActionController::ParameterMissing, correctly returning a 400 error

```

You may also notice the new double array `[[:name]]`. In order to
declare when a param is expected to be an array of parameter hashes,
this new double array syntax is used to explicitly declare an array.
`expect` requires you to declare expected arrays in this way, and will
ignore arrays that are passed when, for example, `pet: [:name]` is used.

In order to preserve compatibility, `permit` does not adopt the new
double array syntax and is therefore more permissive about unexpected
types. Using `expect` everywhere is recommended.

We suggest replacing `params.require(:person).permit(:name, :age)`
with the direct replacement `params.expect(person: [:name, :age])`
to prevent external users from manipulating params to trigger 500
errors. A 400 error will be returned instead, using public/400.html

Usage of `params.require(:id)` should likewise be replaced with
`params.expect(:id)` which is designed to ensure that `params[:id]`
is a scalar and not an array or hash, also requiring the param.

```ruby

Before

User.find(params.require(:id)) # allows an array, altering behavior

After

User.find(params.expect(:id)) # expect only returns non-blank permitted scalars (excludes Hash, Array, nil, "", etc)
```

*Martin Emde*

• System Testing: Disable Chrome's search engine choice by default in system tests.

  glaszig

• Fix Request#raw_post raising NoMethodError when rack.input is nil.

  Hartley McGuire

• Remove racc dependency by manually writing ActionDispatch::Journey::Scanner.

  Gannon McGibbon

• Speed up ActionDispatch::Routing::Mapper::Scope#[] by merging frame hashes.

  Gannon McGibbon

• Allow bots to ignore allow_browser.

  Matthew Nguyen

• Deprecate drawing routes with multiple paths to make routing faster. You may use with_options or a loop to make drawing multiple paths easier.

Before

get "/users", "/other_path", to: "users#index"

After

get "/users", to: "users#index"
get "/other_path", to: "users#index"
```

*Gannon McGibbon*

• Make http_cache_forever use immutable: true

  Nate Matykiewicz

• Add config.action_dispatch.strict_freshness.

  When set to true, the ETag header takes precedence over the Last-Modified header when both are present, as specified by RFC 7232, Section 6.

  Defaults to false to maintain compatibility with previous versions of Rails, but is enabled as part of Rails 8.0 defaults.

  heka1024

• Support immutable directive in Cache-Control

  expires_in 1.minute, public: true, immutable: true
  

Cache-Control: public, max-age=60, immutable

```

*heka1024*

• Add :wasm_unsafe_eval mapping for content_security_policy

Before

policy.script_src "'wasm-unsafe-eval'"

After

policy.script_src :wasm_unsafe_eval
```

*Joe Haig*

• Add display_capture and keyboard_map in permissions_policy

  Cyril Blaecke

• Add connect route helper.

  Samuel Williams

Active Job

• Remove deprecated config.active_job.use_big_decimal_serializer.

  Rafael Mendonça França

• Deprecate sucker_punch as an adapter option.

  If you're using this adapter, change to adapter: async for the same functionality.

  Dino Maric, zzak

• Use RAILS_MAX_THREADS in ActiveJob::AsyncAdapter. If it is not set, use 5 as default.

  heka1024

Action Mailer

• No changes.

Action Cable

• Add an identifier to the event payload for the ActiveSupport::Notification transmit_subscription_confirmation.action_cable and transmit_subscription_rejection.action_cable.

  Keith Schacht

Active Storage

• Deprecate ActiveStorage::Service::AzureStorageService.

  zzak

• Improve ActiveStorage::Filename#sanitized method to handle special characters more effectively. Replace the characters "*?<> with - if they exist in the Filename to match the Filename convention of Win OS.

  Luong Viet Dung(Martin)

• Improve InvariableError, UnpreviewableError and UnrepresentableError message.

  Include Blob ID and content_type in the messages.

  Petrik de Heus

• Mark proxied files as immutable in their Cache-Control header

  Nate Matykiewicz

Action Mailbox

• No changes.

Action Text

• Dispatch direct-upload events on attachment uploads

  When using Action Text's rich textarea, it's possible to attach files to the editor. Previously, that action didn't dispatch any events, which made it hard to react to the file uploads. For instance, if an upload failed, there was no way to notify the user about it, or remove the attachment from the editor.

  This commits adds new events - direct-upload:start, direct-upload:progress, and direct-upload:end - similar to how Active Storage's direct uploads work.

  Matheus Richard, Brad Rees

• Add store_if_blank option to has_rich_text

  Pass store_if_blank: false to not create ActionText::RichText records when saving with a blank attribute, such as from an optional form parameter.

  class Message
    has_rich_text :content, store_if_blank: false
  end
  
  Message.create(content: "hi") # creates an ActionText::RichText
  Message.create(content: "") # does not create an ActionText::RichText
  

  Alex Ghiculescu

• Strip content attribute if the key is present but the value is empty

  Jeremy Green

• Rename rich_text_area methods into rich_textarea

  Old names are still available as aliases.

  Sean Doyle

• Only sanitize content attribute when present in attachments.

  Petrik de Heus

Railties

• Fix incorrect database.yml with skip_solid.

  Joé Dupuis

• Set Regexp.timeout to 1s by default to improve security over Regexp Denial-of-Service attacks.

  Rafael Mendonça França

• Remove deprecated support to extend Rails console through Rails::ConsoleMethods.

  Rafael Mendonça França

• Remove deprecated file rails/console/helpers.

  Rafael Mendonça França

• Remove deprecated file rails/console/app.

  Rafael Mendonça França

• Remove deprecated config.read_encrypted_secrets.

  Rafael Mendonça França

• Add Kamal support for devcontainers

  Previously generated devcontainer could not use docker and therefore Kamal.

  Joé Dupuis

• Exit rails g with code 1 if generator could not be found.

  Previously rails g returned 0, which would make it harder to catch typos in scripts calling rails g.

  Christopher Özbek

• Remove require_* statements from application.css to align with the transition from Sprockets to Propshaft.

  With Propshaft as the default asset pipeline in Rails 8, the require_tree and require_self clauses in application.css are no longer necessary, as they were specific to Sprockets. Additionally, the comment has been updated to clarify that CSS precedence now follows standard cascading order without automatic prioritization by the asset pipeline.

  Eduardo Alencar

• Do not include redis by default in generated Dev Containers.

  Now that applications use the Solid Queue and Solid Cache gems by default, we do not need to include redis in the Dev Container. We will only include redis if --skip-solid is used when generating an app that uses Active Job or Action Cable.

  When generating a Dev Container for an existing app, we will not include redis if either of the solid gems are in use.

  Andrew Novoselac

• Use Solid Cable as the default Action Cable adapter in production, configured as a separate queue database in config/database.yml. It keeps messages in a table and continuously polls for updates. This makes it possible to drop the common dependency on Redis, if it isn't needed for any other purpose. Despite polling, the performance of Solid Cable is comparable to Redis in most situations. And in all circumstances, it makes it easier to deploy Rails when Redis is no longer a required dependency for Action Cable functionality.

  DHH

• Use Solid Queue as the default Active Job backend in production, configured as a separate queue database in config/database.yml. In a single-server deployment, it'll run as a Puma plugin. This is configured in config/deploy.yml and can easily be changed to use a dedicated jobs machine.

  DHH

• Use Solid Cache as the default Rails.cache backend in production, configured as a separate cache database in config/database.yml.

  DHH

• Add Rails::Rack::SilenceRequest middleware and use it via config.silence_healthcheck_path = path to silence requests to "/up". This prevents the Kamal-required health checks from clogging up the production logs.

  DHH

• Introduce mariadb-mysql and mariadb-trilogy database options for rails new

  When used with the --devcontainer flag, these options will use mariadb as the database for the Dev Container. The original mysql and trilogy options will use mysql. Users who are not generating a Dev Container do not need to use the new options.

  Andrew Novoselac

• Deprecate ::STATS_DIRECTORIES.

  The global constant STATS_DIRECTORIES has been deprecated in favor of Rails::CodeStatistics.register_directory.

  Add extra directories with Rails::CodeStatistics.register_directory(label, path):

  require "rails/code_statistics"
  Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir')
  

  Petrik de Heus

• Enable query log tags by default on development env

  This can be used to trace troublesome SQL statements back to the application code that generated these statements. It is also useful when using multiple databases because the query logs can identify which database is being used.

  Matheus Richard

• Defer route drawing to the first request, or when url_helpers are called

  Executes the first routes reload in middleware, or when a route set's url_helpers receives a route call / asked if it responds to a route. Previously, this was executed unconditionally on boot, which can slow down boot time unnecessarily for larger apps with lots of routes.

  Environments like production that have config.eager_load = true will continue to eagerly load routes on boot.

  Gannon McGibbon

• Generate form helpers to use textarea* methods instead of text_area* methods

  Sean Doyle

• Add authentication generator to give a basic start to an authentication system using database-tracked sessions and password reset.

  Generate with...

  bin/rails generate authentication
  

  Generated files:

  app/models/current.rb
  app/models/user.rb
  app/models/session.rb
  app/controllers/sessions_controller.rb
  app/controllers/passwords_controller.rb
  app/mailers/passwords_mailer.rb
  app/views/sessions/new.html.erb
  app/views/passwords/new.html.erb
  app/views/passwords/edit.html.erb
  app/views/passwords_mailer/reset.html.erb
  app/views/passwords_mailer/reset.text.erb
  db/migrate/xxxxxxx_create_users.rb
  db/migrate/xxxxxxx_create_sessions.rb
  test/mailers/previews/passwords_mailer_preview.rb
  

  DHH

• Add not-null type modifier to migration attributes.

  Generating with...

  bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string!
  

  Produces:

  class CreateUsers < ActiveRecord::Migration[8.0]
    def change
      create_table :users do |t|
        t.string :email_address, null: false
        t.string :password_digest, null: false
  
        t.timestamps
      end
      add_index :users, :email_address, unique: true
    end
  end
  

  DHH

• Add a script folder to applications, and a scripts generator.

  The new script folder is meant to hold one-off or general purpose scripts, such as data migration scripts, cleanup scripts, etc.

  A new script generator allows you to create such scripts:

  bin/rails generate script my_script
  bin/rails generate script data/backfill
  

  You can run the generated script using:

  bundle exec ruby script/my_script.rb
  bundle exec ruby script/data/backfill.rb
  

  Jerome Dalbert, Haroon Ahmed

• Deprecate bin/rake stats in favor of bin/rails stats.

  Juan Vásquez

• Add internal page /rails/info/notes, that displays the same information as bin/rails notes.

  Deepak Mahakale

• Add Rubocop and GitHub Actions to plugin generator. This can be skipped using --skip-rubocop and --skip-ci.

  Chris Oliver

• Use Kamal for deployment by default, which includes generating a Rails-specific config/deploy.yml. This can be skipped using --skip-kamal. See more: https://kamal-deploy.org/

  DHH

Guides

• The guide Classic to Zeitwerk HOWTO that documented how to migrate from the classic autoloader to Zeitwerk has been deleted.

  The last version of this guide can be found here, in case you need it.

  Petrik de Heus

v7.2.3: 7.2.3

Compare Source

Active Support

• Fix Enumerable#sole to return the full tuple instead of just the first element of the tuple.

  Olivier Bellone

• Fix parallel tests hanging when worker processes die abruptly.

  Previously, if a worker process was killed (e.g., OOM killed, kill -9) during parallel test execution, the test suite would hang forever waiting for the dead worker.

  Joshua Young

• ActiveSupport::FileUpdateChecker does not depend on Time.now to prevent unnecessary reloads with time travel test helpers

  Jan Grodowski

• Fix ActiveSupport::BroadcastLogger from executing a block argument for each logger (tagged, info, etc.).

  Jared Armstrong

• Fix ActiveSupport::HashWithIndifferentAccess#transform_keys! removing defaults.

  Hartley McGuire

• Fix ActiveSupport::HashWithIndifferentAccess#tranform_keys! to handle collisions.

  If the transformation would result in a key equal to another not yet transformed one, it would result in keys being lost.

  Before:

  >> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
  => {"c" => 1}
  

  After:

  >> {a: 1, b: 2}.with_indifferent_access.transform_keys!(&:succ)
  => {"c" => 1, "d" => 2}
  

  Jason T Johnson, Jean Boussier

• Fix ActiveSupport::Cache::MemCacheStore#read_multi to handle network errors.

  This method specifically wasn't handling network errors like other codepaths.

  Alessandro Dal Grande

• Fix Active Support Cache fetch_multi when local store is active.

  fetch_multi now properly yield to the provided block for missing entries that have been recorded as such in the local store.

  Jean Boussier

• Fix execution wrapping to report all exceptions, including Exception.

  If a more serious error like SystemStackError or NoMemoryError happens, the error reporter should be able to report these kinds of exceptions.

  Gannon McGibbon

• Fix RedisCacheStore and MemCacheStore to also handle connection pool related errors.

  These errors are rescued and reported to Rails.error.

  Jean Boussier

• Fix ActiveSupport::Cache#read_multi to respect version expiry when using local cache.

  zzak

• Fix ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor configuration of on_rotation callback.

  verifier.rotate(old_secret).on_rotation { ... }
  

  Now both work as documented.

  Jean Boussier

• Fix ActiveSupport::MessageVerifier to always be able to verify both URL-safe and URL-unsafe payloads.

  This is to allow transitioning seemlessly from either configuration without immediately invalidating all previously generated signed messages.

  Jean Boussier, Florent Beaurain, Ali Sepehri

• Fix cache.fetch to honor the provided expiry when :race_condition_ttl is used.

  cache.fetch("key", expires_in: 1.hour, race_condition_ttl: 5.second) do
    "something"
  end
  

  In the above example, the final cache entry would have a 10 seconds TTL instead of the requested 1 hour.

  Dhia

• Better handle procs with splat arguments in set_callback.

  Radamés Roriz

• Fix String#mb_chars to not mutate the receiver.

  Previously it would call force_encoding on the receiver, now it dups the receiver first.

  Jean Boussier

• Improve ErrorSubscriber to also mark error causes as reported.

  This avoid some cases of errors being reported twice, notably in views because of how errors are wrapped in ActionView::Template::Error.

  Jean Boussier

• Fix Module#module_parent_name to return the correct name after the module has been named.

  When called on an anonymous module, the return value wouldn't change after the module was given a name later by being assigned to a constant.

  mod = Module.new
  mod.module_parent_name # => "Object"
  MyModule::Something = mod
  mod.module_parent_name # => "MyModule"
  

  Jean Boussier

• Fix a bug in ERB::Util.tokenize that causes incorrect tokenization when ERB tags are preceeded by multibyte characters.

  Martin Emde

Active Model

• Fix has_secure_password to perform confirmation validation of the password even when blank.

  The validation was incorrectly skipped when the password only contained whitespace characters.

  Fabio Sangiovanni

• Handle missing attributes for ActiveModel::Translation#human_attribute_name.

  zzak

• Fix `ActiveModel::AttributeAssignment#assign_att

---

Configuration

📅 Schedule: Branch creation - "before 2am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate[bot]]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

[01:41:39.719] INFO (887): Installing tool [email protected]...
/usr/local/containerbase/tools/v2/ruby.sh: line 80: /etc/gemrc: Permission denied
[01:41:40.449] ERROR (887): Command failed with exit code 1: bash /usr/local/containerbase/bin/v2-install-tool.sh install ruby 3.0.3
[01:41:40.450] FATAL (887): Install tool ruby failed in 739ms.