actionpack 8.0.0.1 → 8.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9788d8055b6cde3b25a111756f7ca6ceb3016a0373fc7c0c93acbe4a617feb9
-  data.tar.gz: e991798032e8ae1c6e993d62d7da219fe1dd58ab7242f4805470888c330e3a7f
+  metadata.gz: 14abb1a6b812efa40da31cf30c3171405982457ed80984d231dae2af352f43f4
+  data.tar.gz: 3e934fe98cf59aa4727eb76b0f13567861fe01c04dbc6cd9c4e313b165a0a64e
 SHA512:
-  metadata.gz: 93ecb0819091de8e7792264cc49c0a3f4e6cc7ed18953c2064dfee14769e27fdffefd9c0eb36221a03be1fe20d930dcff1ebd2cba442169bcc74cad0727549fb
-  data.tar.gz: 154e96c7cd09af38ef3bd70db6c0f4c5da4d5c5daf292960b77032eb4c4687d5d0431413ca49893cb7fad9f22f5501da67c7ec6ba64ff11d560b9e496a8c51eb
+  metadata.gz: dde2e5f17a6d54ae692f64ec2d05a3dc8e54d4fb30d97dd4b1fa3e4c7363d1132facf04286c1b3f25ffdb78f8302eafa7a6c13d027b890589813e4e60e6f5e77
+  data.tar.gz: 773181339ec3539e73607f4e1588082893c3ac38d54e6c32a930ccf85bcffb41c95ad568a6bbe00bbc41967f98ed964d3200880a3c1f7b1dbfafeef405d8b1b5

data/CHANGELOG.md

@@ -1,3 +1,50 @@
+## Rails 8.0.2 (March 12, 2025) ##
+
+*   No changes.
+
+
+## Rails 8.0.2 (March 12, 2025) ##
+
+*   Improve `with_routing` test helper to not rebuild the middleware stack.
+
+    Otherwise some middleware configuration could be lost.
+
+    *Édouard Chin*
+
+*   Add resource name to the `ArgumentError` that's raised when invalid `:only` or `:except` options are given to `#resource` or `#resources`
+
+    This makes it easier to locate the source of the problem, especially for routes drawn by gems.
+
+    Before:
+    ```
+    :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+    ```
+
+    After:
+    ```
+    Route `resources :products` - :only and :except must include only [:index, :create, :new, :show, :update, :destroy, :edit], but also included [:foo, :bar]
+    ```
+
+    *Jeremy Green*
+
+*   Fix `url_for` to handle `:path_params` gracefully when it's not a `Hash`.
+
+    Prevents various security scanners from causing exceptions.
+
+    *Martin Emde*
+
+*   Fix `ActionDispatch::Executor` to unwrap exceptions like other error reporting middlewares.
+
+    *Jean Boussier*
+
+
+## Rails 8.0.1 (December 13, 2024) ##
+
+*   Add `ActionDispatch::Request::Session#store` method to conform Rack spec.
+
+    *Yaroslav*
+
+
 ## Rails 8.0.0.1 (December 10, 2024) ##
 
 *   Add validation to content security policies to disallow spaces and semicolons.

data/lib/action_controller/metal/data_streaming.rb

@@ -28,7 +28,8 @@ module ActionController # :nodoc:
       # `send_file(params[:path])` allows a malicious user to download any file on
       # your server.
       #
-      # Options:
+      # #### Options:
+      #
       # *   `:filename` - suggests a filename for the browser to use. Defaults to
       #     `File.basename(path)`.
       # *   `:type` - specifies an HTTP content type. You can specify either a string
@@ -90,7 +91,8 @@ module ActionController # :nodoc:
       # inline data. You may also set the content type, the file name, and other
       # things.
       #
-      # Options:
+      # #### Options:
+      #
       # *   `:filename` - suggests a filename for the browser to use.
       # *   `:type` - specifies an HTTP content type. Defaults to
       #     `application/octet-stream`. You can specify either a string or a symbol

data/lib/action_controller/metal/live.rb

@@ -58,7 +58,7 @@ module ActionController
 
     module ClassMethods
       def make_response!(request)
-        if request.get_header("HTTP_VERSION") == "HTTP/1.0"
+        if (request.get_header("SERVER_PROTOCOL") || request.get_header("HTTP_VERSION")) == "HTTP/1.0"
           super
         else
           Live::Response.new.tap do |res|
@@ -307,9 +307,8 @@ module ActionController
               error = e
             end
           ensure
-            # Ensure we clean up any thread locals we copied so that the thread can reused.
             ActiveSupport::IsolatedExecutionState.clear
-            locals.each { |k, _| t2[k] = nil }
+            clean_up_thread_locals(locals, t2)
 
             @_response.commit!
           end
@@ -332,7 +331,8 @@ module ActionController
     # or other running data where you don't want the entire file buffered in memory
     # first. Similar to send_data, but where the data is generated live.
     #
-    # Options:
+    # #### Options:
+    #
     # *   `:filename` - suggests a filename for the browser to use.
     # *   `:type` - specifies an HTTP content type. You can specify either a string
     #     or a symbol for a registered type with `Mime::Type.register`, for example
@@ -382,6 +382,11 @@ module ActionController
         end
       end
 
+      # Ensure we clean up any thread locals we copied so that the thread can reused.
+      def clean_up_thread_locals(locals, thread) # :nodoc:
+        locals.each { |k, _| thread[k] = nil }
+      end
+
       def self.live_thread_pool_executor
         @live_thread_pool_executor ||= Concurrent::CachedThreadPool.new(name: "action_controller.live")
       end

data/lib/action_controller/metal/params_wrapper.rb

@@ -198,14 +198,14 @@ module ActionController
       #       # enables the parameter wrapper for XML format
       #
       #     wrap_parameters :person
-      #       # wraps parameters into +params[:person]+ hash
+      #       # wraps parameters into params[:person] hash
       #
       #     wrap_parameters Person
       #       # wraps parameters by determining the wrapper key from Person class
-      #       # (+person+, in this case) and the list of attribute names
+      #       # (:person, in this case) and the list of attribute names
       #
       #     wrap_parameters include: [:username, :title]
-      #       # wraps only +:username+ and +:title+ attributes from parameters.
+      #       # wraps only :username and :title attributes from parameters.
       #
       #     wrap_parameters false
       #       # disables parameters wrapping for this controller altogether.

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -142,6 +142,7 @@ module ActionController # :nodoc:
       #
       #
       # Built-in unverified request handling methods are:
+      #
       # *   `:exception` - Raises ActionController::InvalidAuthenticityToken
       #     exception.
       # *   `:reset_session` - Resets the session.
@@ -170,6 +171,7 @@ module ActionController # :nodoc:
       #
       #
       # Built-in session token strategies are:
+      #
       # *   `:session` - Store the CSRF token in the session.  Used as default if
       #     `:store` option is not specified.
       # *   `:cookie` - Store the CSRF token in an encrypted cookie.
@@ -498,7 +500,7 @@ module ActionController # :nodoc:
       # Checks the client's masked token to see if it matches the session token.
       # Essentially the inverse of `masked_authenticity_token`.
       def valid_authenticity_token?(session, encoded_masked_token) # :doc:
-        if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
+        if !encoded_masked_token.is_a?(String) || encoded_masked_token.empty?
           return false
         end
 

data/lib/action_controller/metal/strong_parameters.rb

@@ -513,7 +513,7 @@ module ActionController
     # It is recommended to use `expect` instead:
     #
     #     def person_params
-    #       # params.expect(person: :name).require(:name)
+    #       params.expect(person: :name).require(:name)
     #     end
     #
     def require(key)
@@ -621,7 +621,7 @@ module ActionController
     #     })
     #
     #     params.permit(person: :contact).require(:person)
-    #     # => #<ActionController::Parameters {} permitted: true>
+    #     # => ActionController::ParameterMissing: param is missing or the value is empty or invalid: person
     #
     #     params.permit(person: { contact: :phone }).require(:person)
     #     # => #<ActionController::Parameters {"contact"=>#<ActionController::Parameters {"phone"=>"555-1234"} permitted: true>} permitted: true>
@@ -726,19 +726,19 @@ module ActionController
     # similar to the `.require.permit` pattern. If multiple root keys are
     # expected, they will all be required.
     #
-    #    params = ActionController::Parameters.new(name: "Martin", pies: [{ type: "dessert", flavor: "pumpkin"}])
-    #    name, pies = params.expect(:name, pies: [[:type, :flavor]])
-    #    name # => "Martin"
-    #    pies # => [#<ActionController::Parameters {"type"=>"dessert", "flavor"=>"pumpkin"} permitted: true>]
+    #     params = ActionController::Parameters.new(name: "Martin", pies: [{ type: "dessert", flavor: "pumpkin"}])
+    #     name, pies = params.expect(:name, pies: [[:type, :flavor]])
+    #     name # => "Martin"
+    #     pies # => [#<ActionController::Parameters {"type"=>"dessert", "flavor"=>"pumpkin"} permitted: true>]
     #
     # When called with a hash with multiple keys, `expect` will permit the
     # parameters and require the keys in the order they are given in the hash,
     # returning an array of the permitted parameters.
     #
-    #    params = ActionController::Parameters.new(subject: { name: "Martin" }, object: { pie: "pumpkin" })
-    #    subject, object = params.expect(subject: [:name], object: [:pie])
-    #    subject # => #<ActionController::Parameters {"name"=>"Martin"} permitted: true>
-    #    object  # => #<ActionController::Parameters {"pie"=>"pumpkin"} permitted: true>
+    #     params = ActionController::Parameters.new(subject: { name: "Martin" }, object: { pie: "pumpkin" })
+    #     subject, object = params.expect(subject: [:name], object: [:pie])
+    #     subject # => #<ActionController::Parameters {"name"=>"Martin"} permitted: true>
+    #     object  # => #<ActionController::Parameters {"pie"=>"pumpkin"} permitted: true>
     #
     # Besides being more strict about array vs hash params, `expect` uses permit
     # internally, so it will behave similarly.
@@ -765,7 +765,7 @@ module ActionController
     #
     #     params = ActionController::Parameters.new(tags: ["rails", "parameters"])
     #     permitted = params.expect(tags: [])
-    #     permitted.permitted?      # => true
+    #     permitted                 # => ["rails", "parameters"]
     #     permitted.is_a?(Array)    # => true
     #     permitted.size            # => 2
     #
@@ -1287,9 +1287,6 @@ module ActionController
         keys - params.keys - always_permitted_parameters
       end
 
-      #
-      # --- Filtering ----------------------------------------------------------
-      #
       # This is a list of permitted scalar types that includes the ones supported in
       # XML and JSON requests.
       #

data/lib/action_controller/test_case.rb

@@ -29,6 +29,14 @@ module ActionController
       yield
     end
 
+    # Because of the above, we need to prevent the clearing of thread locals, since
+    # no new thread is actually spawned in the test environment.
+    alias_method :original_clean_up_thread_locals, :clean_up_thread_locals
+
+    silence_redefinition_of_method :clean_up_thread_locals
+    def clean_up_thread_locals(*args) # :nodoc:
+    end
+
     # Avoid a deadlock from the queue filling up
     Buffer.queue_size = nil
   end

data/lib/action_dispatch/http/request.rb

@@ -139,7 +139,7 @@ module ActionDispatch
 
     # Populate the HTTP method lookup cache.
     HTTP_METHODS.each { |method|
-      HTTP_METHOD_LOOKUP[method] = method.underscore.to_sym
+      HTTP_METHOD_LOOKUP[method] = method.downcase.underscore.to_sym
     }
 
     alias raw_request_method request_method # :nodoc:
@@ -243,8 +243,9 @@ module ActionDispatch
     #
     #     send_early_hints("link" => "</style.css>; rel=preload; as=style,</script.js>; rel=preload")
     #
-    # If you are using `javascript_include_tag` or `stylesheet_link_tag` the Early
-    # Hints headers are included by default if supported.
+    # If you are using {javascript_include_tag}[rdoc-ref:ActionView::Helpers::AssetTagHelper#javascript_include_tag]
+    # or {stylesheet_link_tag}[rdoc-ref:ActionView::Helpers::AssetTagHelper#stylesheet_link_tag]
+    # the Early Hints headers are included by default if supported.
     def send_early_hints(links)
       env["rack.early_hints"]&.call(links)
     end

data/lib/action_dispatch/journey/formatter.rb

@@ -60,8 +60,13 @@ module ActionDispatch
 
       def generate(name, options, path_parameters)
         original_options = options.dup
-        path_params = options.delete(:path_params) || {}
-        options = path_params.merge(options)
+        path_params = options.delete(:path_params)
+        if path_params.is_a?(Hash)
+          options = path_params.merge(options)
+        else
+          path_params = nil
+          options = options.dup
+        end
         constraints = path_parameters.merge(options)
         missing_keys = nil
 
@@ -79,7 +84,7 @@ module ActionDispatch
             # top-level params' normal behavior of generating query_params should be
             # preserved even if the same key is also a bind_param
             parameterized_parts.key?(key) || route.defaults.key?(key) ||
-              (path_params.key?(key) && !original_options.key?(key))
+              (path_params&.key?(key) && !original_options.key?(key))
           end
 
           defaults       = route.defaults

data/lib/action_dispatch/middleware/executor.rb

@@ -21,8 +21,11 @@ module ActionDispatch
         end
 
         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
-      rescue => error
-        @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
+      rescue Exception => error
+        request = ActionDispatch::Request.new env
+        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, error)
+        @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
         state.complete! unless returned

data/lib/action_dispatch/request/session.rb

@@ -155,6 +155,7 @@ module ActionDispatch
         load_for_write!
         @delegate[key.to_s] = value
       end
+      alias store []=
 
       # Clears the session.
       def clear

data/lib/action_dispatch/routing/mapper.rb

@@ -840,7 +840,7 @@ module ActionDispatch
         #
         # Takes same options as `Base#match` and `Resources#resources`.
         #
-        #     # route /posts (without the prefix /admin) to +Admin::PostsController+
+        #     # route /posts (without the prefix /admin) to Admin::PostsController
         #     scope module: "admin" do
         #       resources :posts
         #     end
@@ -850,7 +850,7 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # prefix the routing helper name: +sekret_posts_path+ instead of +posts_path+
+        #     # prefix the routing helper name: sekret_posts_path instead of posts_path
         #     scope as: "sekret" do
         #       resources :posts
         #     end
@@ -949,12 +949,12 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # maps to +Sekret::PostsController+ rather than +Admin::PostsController+
+        #     # maps to Sekret::PostsController rather than Admin::PostsController
         #     namespace :admin, module: "sekret" do
         #       resources :posts
         #     end
         #
-        #     # generates +sekret_posts_path+ rather than +admin_posts_path+
+        #     # generates sekret_posts_path rather than admin_posts_path
         #     namespace :admin, as: "sekret" do
         #       resources :posts
         #     end
@@ -1181,7 +1181,8 @@ module ActionDispatch
 
             valid_actions = self.class.default_actions(false) # ignore api_only for this validation
             if invalid_actions = invalid_only_except_options(options, valid_actions).presence
-              raise ArgumentError, ":only and :except must include only #{valid_actions}, but also included #{invalid_actions}"
+              error_prefix = "Route `resource#{"s" unless singleton?} :#{entities}`"
+              raise ArgumentError, "#{error_prefix} - :only and :except must include only #{valid_actions}, but also included #{invalid_actions}"
             end
 
             @name       = entities.to_s
@@ -1509,7 +1510,7 @@ module ActionDispatch
         #
         # ### Examples
         #
-        #     # routes call +Admin::PostsController+
+        #     # routes call Admin::PostsController
         #     resources :posts, module: "admin"
         #
         #     # resource actions are at /admin/posts.

data/lib/action_dispatch/testing/assertions/routing.rb

@@ -5,6 +5,7 @@
 require "uri"
 require "active_support/core_ext/hash/indifferent_access"
 require "active_support/core_ext/string/access"
+require "active_support/core_ext/module/redefine_method"
 require "action_controller/metal/exceptions"
 
 module ActionDispatch
@@ -20,38 +21,43 @@ module ActionDispatch
         module ClassMethods
           def with_routing(&block)
             old_routes = nil
+            old_routes_call_method = nil
             old_integration_session = nil
 
             setup do
               old_routes = app.routes
+              old_routes_call_method = old_routes.method(:call)
               old_integration_session = integration_session
               create_routes(&block)
             end
 
             teardown do
-              reset_routes(old_routes, old_integration_session)
+              reset_routes(old_routes, old_routes_call_method, old_integration_session)
             end
           end
         end
 
         def with_routing(&block)
           old_routes = app.routes
+          old_routes_call_method = old_routes.method(:call)
           old_integration_session = integration_session
           create_routes(&block)
         ensure
-          reset_routes(old_routes, old_integration_session)
+          reset_routes(old_routes, old_routes_call_method, old_integration_session)
         end
 
         private
           def create_routes
             app = self.app
             routes = ActionDispatch::Routing::RouteSet.new
-            rack_app = app.config.middleware.build(routes)
+
+            @original_routes ||= app.routes
+            @original_routes.singleton_class.redefine_method(:call, &routes.method(:call))
+
             https = integration_session.https?
             host = integration_session.host
 
             app.instance_variable_set(:@routes, routes)
-            app.instance_variable_set(:@app, rack_app)
             @integration_session = Class.new(ActionDispatch::Integration::Session) do
               include app.routes.url_helpers
               include app.routes.mounted_helpers
@@ -63,11 +69,9 @@ module ActionDispatch
             yield routes
           end
 
-          def reset_routes(old_routes, old_integration_session)
-            old_rack_app = app.config.middleware.build(old_routes)
-
+          def reset_routes(old_routes, old_routes_call_method, old_integration_session)
             app.instance_variable_set(:@routes, old_routes)
-            app.instance_variable_set(:@app, old_rack_app)
+            @original_routes.singleton_class.redefine_method(:call, &old_routes_call_method)
             @integration_session = old_integration_session
             @routes = old_routes
           end

data/lib/action_dispatch/testing/integration.rb

@@ -549,7 +549,7 @@ module ActionDispatch
   #         https!(false)
   #         get "/articles/all"
   #         assert_response :success
-  #         assert_select 'h1', 'Articles'
+  #         assert_dom 'h1', 'Articles'
   #       end
   #     end
   #
@@ -588,7 +588,7 @@ module ActionDispatch
   #           def browses_site
   #             get "/products/all"
   #             assert_response :success
-  #             assert_select 'h1', 'Products'
+  #             assert_dom 'h1', 'Products'
   #           end
   #         end
   #

data/lib/action_dispatch/testing/test_process.rb

@@ -9,8 +9,7 @@ module ActionDispatch
   module TestProcess
     module FixtureFile
       # Shortcut for
-      # `Rack::Test::UploadedFile.new(File.join(ActionDispatch::IntegrationTest.file_f
-      # ixture_path, path), type)`:
+      # `Rack::Test::UploadedFile.new(File.join(ActionDispatch::IntegrationTest.file_fixture_path, path), type)`:
       #
       #     post :change_avatar, params: { avatar: file_fixture_upload('david.png', 'image/png') }
       #

data/lib/action_pack/gem_version.rb

@@ -11,8 +11,8 @@ module ActionPack
   module VERSION
     MAJOR = 8
     MINOR = 0
-    TINY  = 0
-    PRE   = "1"
+    TINY  = 2
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 8.0.0.1
+  version: 8.0.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-12-10 00:00:00.000000000 Z
+date: 2025-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -128,28 +127,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.1
+        version: 8.0.2
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -350,12 +349,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v8.0.0.1/actionpack/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v8.0.0.1/
+  changelog_uri: https://github.com/rails/rails/blob/v8.0.2/actionpack/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v8.0.2/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v8.0.0.1/actionpack
+  source_code_uri: https://github.com/rails/rails/tree/v8.0.2/actionpack
   rubygems_mfa_required: 'true'
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -371,8 +369,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.5.22
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []