activerecord 6.1.5.1 → 6.1.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +55 -3
- data/lib/active_record/coders/yaml_column.rb +14 -2
- data/lib/active_record/connection_adapters/abstract/schema_definitions.rb +4 -0
- data/lib/active_record/connection_adapters/postgresql_adapter.rb +2 -2
- data/lib/active_record/connection_adapters/schema_cache.rb +2 -2
- data/lib/active_record/core.rb +8 -0
- data/lib/active_record/gem_version.rb +2 -2
- data/lib/active_record/migration/compatibility.rb +6 -25
- data/lib/active_record/store.rb +6 -1
- data/lib/active_record/test_fixtures.rb +9 -5
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f11907365b78163229d5724a47f9a99b84ad5d8adbb8092b05d7fcc657b3068e
|
4
|
+
data.tar.gz: e495d26d1c679db2ab9a91e81112ae6b22d3466702601e645bfc43067166efa2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 688b39dd7ca026c860efd8311df6ed968abd37ed4655fd04816abd3aa03f625fe63026f66cbac20d3db3c60c449dd4fd0621e6705c8f22f5b68025f9fa83eee7
|
7
|
+
data.tar.gz: 58fdf458ec41d07a4eff8aee4f79b636d2347460f28a2bbc99fc475a96bb3ae0c4961f558603f237e3e838f3d69ba320d9583b8c5c78bfe470585561ff16f48c
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,55 @@
|
|
1
|
+
## Rails 6.1.7 (September 09, 2022) ##
|
2
|
+
|
3
|
+
* Symbol is allowed by default for YAML columns
|
4
|
+
|
5
|
+
*Étienne Barrié*
|
6
|
+
|
7
|
+
* Fix `ActiveRecord::Store` to serialize as a regular Hash
|
8
|
+
|
9
|
+
Previously it would serialize as an `ActiveSupport::HashWithIndifferentAccess`
|
10
|
+
which is wasteful and cause problem with YAML safe_load.
|
11
|
+
|
12
|
+
*Jean Boussier*
|
13
|
+
|
14
|
+
* Fix PG.connect keyword arguments deprecation warning on ruby 2.7
|
15
|
+
|
16
|
+
Fixes #44307.
|
17
|
+
|
18
|
+
*Nikita Vasilevsky*
|
19
|
+
|
20
|
+
## Rails 6.1.6.1 (July 12, 2022) ##
|
21
|
+
|
22
|
+
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
|
23
|
+
|
24
|
+
This adds two new configuration options The configuration options are as
|
25
|
+
follows:
|
26
|
+
|
27
|
+
* `config.active_storage.use_yaml_unsafe_load`
|
28
|
+
|
29
|
+
When set to true, this configuration option tells Rails to use the old
|
30
|
+
"unsafe" YAML loading strategy, maintaining the existing behavior but leaving
|
31
|
+
the possible escalation vulnerability in place. Setting this option to true
|
32
|
+
is *not* recommended, but can aid in upgrading.
|
33
|
+
|
34
|
+
* `config.active_record.yaml_column_permitted_classes`
|
35
|
+
|
36
|
+
The "safe YAML" loading method does not allow all classes to be deserialized
|
37
|
+
by default. This option allows you to specify classes deemed "safe" in your
|
38
|
+
application. For example, if your application uses Symbol and Time in
|
39
|
+
serialized data, you can add Symbol and Time to the allowed list as follows:
|
40
|
+
|
41
|
+
```
|
42
|
+
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
|
43
|
+
```
|
44
|
+
|
45
|
+
[CVE-2022-32224]
|
46
|
+
|
47
|
+
|
48
|
+
## Rails 6.1.6 (May 09, 2022) ##
|
49
|
+
|
50
|
+
* No changes.
|
51
|
+
|
52
|
+
|
1
53
|
## Rails 6.1.5.1 (April 26, 2022) ##
|
2
54
|
|
3
55
|
* No changes.
|
@@ -7,14 +59,14 @@
|
|
7
59
|
|
8
60
|
* Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.
|
9
61
|
|
10
|
-
Ruby 2.6 and 2.7 have slightly different implementations of the `String
|
11
|
-
In Ruby 2.6, the receiver of the `String
|
62
|
+
Ruby 2.6 and 2.7 have slightly different implementations of the `String#-@` method.
|
63
|
+
In Ruby 2.6, the receiver of the `String#-@` method is modified under certain circumstances.
|
12
64
|
This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
|
13
65
|
fixed in Ruby 2.7.
|
14
66
|
|
15
67
|
Before the changes in this commit, the
|
16
68
|
`ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
|
17
|
-
calls the `String
|
69
|
+
calls the `String#-@` method, could also modify an input string argument in Ruby 2.6 --
|
18
70
|
changing a tainted, unfrozen string into a tainted, frozen string.
|
19
71
|
|
20
72
|
Fixes #43056
|
@@ -47,11 +47,23 @@ module ActiveRecord
|
|
47
47
|
|
48
48
|
if YAML.respond_to?(:unsafe_load)
|
49
49
|
def yaml_load(payload)
|
50
|
-
|
50
|
+
if ActiveRecord::Base.use_yaml_unsafe_load
|
51
|
+
YAML.unsafe_load(payload)
|
52
|
+
elsif YAML.method(:safe_load).parameters.include?([:key, :permitted_classes])
|
53
|
+
YAML.safe_load(payload, permitted_classes: ActiveRecord::Base.yaml_column_permitted_classes, aliases: true)
|
54
|
+
else
|
55
|
+
YAML.safe_load(payload, ActiveRecord::Base.yaml_column_permitted_classes, [], true)
|
56
|
+
end
|
51
57
|
end
|
52
58
|
else
|
53
59
|
def yaml_load(payload)
|
54
|
-
|
60
|
+
if ActiveRecord::Base.use_yaml_unsafe_load
|
61
|
+
YAML.load(payload)
|
62
|
+
elsif YAML.method(:safe_load).parameters.include?([:key, :permitted_classes])
|
63
|
+
YAML.safe_load(payload, permitted_classes: ActiveRecord::Base.yaml_column_permitted_classes, aliases: true)
|
64
|
+
else
|
65
|
+
YAML.safe_load(payload, ActiveRecord::Base.yaml_column_permitted_classes, [], true)
|
66
|
+
end
|
55
67
|
end
|
56
68
|
end
|
57
69
|
end
|
@@ -198,6 +198,10 @@ module ActiveRecord
|
|
198
198
|
|
199
199
|
def index_options(table_name)
|
200
200
|
index_options = as_options(index)
|
201
|
+
|
202
|
+
# legacy reference index names are used on versions 6.0 and earlier
|
203
|
+
return index_options if options[:_uses_legacy_reference_index_name]
|
204
|
+
|
201
205
|
index_options[:name] ||= polymorphic_index_name(table_name) if polymorphic
|
202
206
|
index_options
|
203
207
|
end
|
@@ -75,7 +75,7 @@ module ActiveRecord
|
|
75
75
|
|
76
76
|
class << self
|
77
77
|
def new_client(conn_params)
|
78
|
-
PG.connect(conn_params)
|
78
|
+
PG.connect(**conn_params)
|
79
79
|
rescue ::PG::Error => error
|
80
80
|
if conn_params && conn_params[:dbname] && error.message.include?(conn_params[:dbname])
|
81
81
|
raise ActiveRecord::NoDatabaseError
|
@@ -247,7 +247,7 @@ module ActiveRecord
|
|
247
247
|
def initialize(connection, logger, connection_parameters, config)
|
248
248
|
super(connection, logger, config)
|
249
249
|
|
250
|
-
@connection_parameters = connection_parameters
|
250
|
+
@connection_parameters = connection_parameters || {}
|
251
251
|
|
252
252
|
# @local_tz is initialized as nil to avoid warnings when connect tries to use it
|
253
253
|
@local_tz = nil
|
@@ -207,8 +207,8 @@ module ActiveRecord
|
|
207
207
|
value.map { |i| deep_deduplicate(i) }
|
208
208
|
when String
|
209
209
|
if value.tainted?
|
210
|
-
# Ruby 2.6 and 2.7 have slightly different implementations of the String
|
211
|
-
# In Ruby 2.6, the receiver of the String
|
210
|
+
# Ruby 2.6 and 2.7 have slightly different implementations of the String#-@ method.
|
211
|
+
# In Ruby 2.6, the receiver of the String#-@ method is modified under certain
|
212
212
|
# circumstances, and this was later identified as a bug
|
213
213
|
# (https://bugs.ruby-lang.org/issues/15926) and only fixed in Ruby 2.7.
|
214
214
|
value = value.dup
|
data/lib/active_record/core.rb
CHANGED
@@ -155,6 +155,14 @@ module ActiveRecord
|
|
155
155
|
|
156
156
|
mattr_accessor :legacy_connection_handling, instance_writer: false, default: true
|
157
157
|
|
158
|
+
# Application configurable boolean that instructs the YAML Coder to use
|
159
|
+
# an unsafe load if set to true.
|
160
|
+
mattr_accessor :use_yaml_unsafe_load, instance_writer: false, default: false
|
161
|
+
|
162
|
+
# Application configurable array that provides additional permitted classes
|
163
|
+
# to Psych safe_load in the YAML Coder
|
164
|
+
mattr_accessor :yaml_column_permitted_classes, instance_writer: false, default: [Symbol]
|
165
|
+
|
158
166
|
self.filter_attributes = []
|
159
167
|
|
160
168
|
def self.connection_handler
|
@@ -22,27 +22,10 @@ module ActiveRecord
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
|
-
module SQLite3
|
26
|
-
module TableDefinition
|
27
|
-
def references(*args, **options)
|
28
|
-
args.each do |ref_name|
|
29
|
-
ReferenceDefinition.new(ref_name, type: :integer, **options).add_to(self)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
alias :belongs_to :references
|
33
|
-
|
34
|
-
def column(name, type, index: nil, **options)
|
35
|
-
options[:precision] ||= nil
|
36
|
-
super
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
25
|
module TableDefinition
|
42
26
|
def references(*args, **options)
|
43
|
-
|
44
|
-
|
45
|
-
end
|
27
|
+
options[:_uses_legacy_reference_index_name] = true
|
28
|
+
super
|
46
29
|
end
|
47
30
|
alias :belongs_to :references
|
48
31
|
end
|
@@ -73,12 +56,11 @@ module ActiveRecord
|
|
73
56
|
|
74
57
|
def add_reference(table_name, ref_name, **options)
|
75
58
|
if connection.adapter_name == "SQLite"
|
76
|
-
|
77
|
-
else
|
78
|
-
reference_definition = ReferenceDefinition.new(ref_name, **options)
|
59
|
+
options[:type] = :integer
|
79
60
|
end
|
80
61
|
|
81
|
-
|
62
|
+
options[:_uses_legacy_reference_index_name] = true
|
63
|
+
super
|
82
64
|
end
|
83
65
|
alias :add_belongs_to :add_reference
|
84
66
|
|
@@ -86,7 +68,6 @@ module ActiveRecord
|
|
86
68
|
def compatible_table_definition(t)
|
87
69
|
class << t
|
88
70
|
prepend TableDefinition
|
89
|
-
prepend SQLite3::TableDefinition
|
90
71
|
end
|
91
72
|
t
|
92
73
|
end
|
@@ -148,7 +129,7 @@ module ActiveRecord
|
|
148
129
|
class << t
|
149
130
|
prepend TableDefinition
|
150
131
|
end
|
151
|
-
|
132
|
+
super
|
152
133
|
end
|
153
134
|
|
154
135
|
def command_recorder
|
data/lib/active_record/store.rb
CHANGED
@@ -268,7 +268,7 @@ module ActiveRecord
|
|
268
268
|
end
|
269
269
|
|
270
270
|
def dump(obj)
|
271
|
-
@coder.dump
|
271
|
+
@coder.dump as_regular_hash(obj)
|
272
272
|
end
|
273
273
|
|
274
274
|
def load(yaml)
|
@@ -285,6 +285,11 @@ module ActiveRecord
|
|
285
285
|
ActiveSupport::HashWithIndifferentAccess.new
|
286
286
|
end
|
287
287
|
end
|
288
|
+
|
289
|
+
private
|
290
|
+
def as_regular_hash(obj)
|
291
|
+
obj.respond_to?(:to_hash) ? obj.to_hash : {}
|
292
|
+
end
|
288
293
|
end
|
289
294
|
end
|
290
295
|
end
|
@@ -134,7 +134,7 @@ module ActiveRecord
|
|
134
134
|
@connection_subscriber = ActiveSupport::Notifications.subscribe("!connection.active_record") do |_, _, _, _, payload|
|
135
135
|
spec_name = payload[:spec_name] if payload.key?(:spec_name)
|
136
136
|
shard = payload[:shard] if payload.key?(:shard)
|
137
|
-
setup_shared_connection_pool
|
137
|
+
setup_shared_connection_pool if ActiveRecord::Base.legacy_connection_handling
|
138
138
|
|
139
139
|
if spec_name
|
140
140
|
begin
|
@@ -143,10 +143,14 @@ module ActiveRecord
|
|
143
143
|
connection = nil
|
144
144
|
end
|
145
145
|
|
146
|
-
if connection
|
147
|
-
|
148
|
-
|
149
|
-
|
146
|
+
if connection
|
147
|
+
setup_shared_connection_pool unless ActiveRecord::Base.legacy_connection_handling
|
148
|
+
|
149
|
+
if !@fixture_connections.include?(connection)
|
150
|
+
connection.begin_transaction joinable: false, _lazy: false
|
151
|
+
connection.pool.lock_thread = true if lock_threads
|
152
|
+
@fixture_connections << connection
|
153
|
+
end
|
150
154
|
end
|
151
155
|
end
|
152
156
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.
|
4
|
+
version: 6.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 6.1.
|
19
|
+
version: 6.1.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 6.1.
|
26
|
+
version: 6.1.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activemodel
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 6.1.
|
33
|
+
version: 6.1.7
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 6.1.
|
40
|
+
version: 6.1.7
|
41
41
|
description: Databases on Rails. Build a persistent domain model by mapping database
|
42
42
|
tables to Ruby classes. Strong conventions for associations, validations, aggregations,
|
43
43
|
migrations, and testing come baked-in.
|
@@ -390,10 +390,10 @@ licenses:
|
|
390
390
|
- MIT
|
391
391
|
metadata:
|
392
392
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
393
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.1.
|
394
|
-
documentation_uri: https://api.rubyonrails.org/v6.1.
|
393
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.1.7/activerecord/CHANGELOG.md
|
394
|
+
documentation_uri: https://api.rubyonrails.org/v6.1.7/
|
395
395
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
396
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.1.
|
396
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.1.7/activerecord
|
397
397
|
rubygems_mfa_required: 'true'
|
398
398
|
post_install_message:
|
399
399
|
rdoc_options:
|
@@ -412,7 +412,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
412
412
|
- !ruby/object:Gem::Version
|
413
413
|
version: '0'
|
414
414
|
requirements: []
|
415
|
-
rubygems_version: 3.
|
415
|
+
rubygems_version: 3.3.3
|
416
416
|
signing_key:
|
417
417
|
specification_version: 4
|
418
418
|
summary: Object-relational mapper framework (part of Rails).
|