activerecord 7.0.3.1 → 7.0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f2f45fa92947b78ba64cfc800a729cfcab5b893255efef679b686a37c50cd00
-  data.tar.gz: 2bcca713bf8426cf4ffd22e1b832cde62a6cd6caad0f1f9b19996916e88922d5
+  metadata.gz: 3a5c0c6f9ce9d898d0ec937ec3d4c6ea37ae02637d8aee9cf219ac5acdec5236
+  data.tar.gz: 2d19932b94835dcbd398676c2528177c11f9437edc7068f44f314449ccb5abe0
 SHA512:
-  metadata.gz: 17fdc443b9f36e8dcba05e56b6c07e88e97266f7c12accb8ac084b37dbf2c134a696fc57b71171fc488ed10fc72fba952672960b7507d14762a1a41f25623df1
-  data.tar.gz: 4dc59bd725e08e3cdf63d5145f2038f6e5c65b5eb40e611a18ef422c516543aa2acfbc893b68f25f39d304111bafd70a131928c4c1e0692e4274e5fdb1567e53
+  metadata.gz: f3746715cb1a4b90ed3ce96f4826006657d450215af9f96179e53ad32b967dbad06d0328e6c18e0eedf3a576fe5efedc9c546c07149801b90c4e5eb537a3962c
+  data.tar.gz: a5cf64d8fbaf1023b35d22865468a824ae13a3c243b3c1084bbfafcad432a84df322346b9143a6e98273202da674bf0d3e521d903ad450209fc014998127e223

data/CHANGELOG.md

@@ -1,3 +1,131 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   Make sanitize_as_sql_comment more strict
+
+    Though this method was likely never meant to take user input, it was
+    attempting sanitization. That sanitization could be bypassed with
+    carefully crafted input.
+
+    This commit makes the sanitization more robust by replacing any
+    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
+    first pass to remove one surrounding comment to avoid compatibility
+    issues for users relying on the existing removal.
+
+    This also clarifies in the documentation of annotate that it should not
+    be provided user input.
+
+    [CVE-2023-22794]
+
+*   Added integer width check to PostgreSQL::Quoting
+
+    Given a value outside the range for a 64bit signed integer type
+    PostgreSQL will treat the column type as numeric. Comparing
+    integer values against numeric values can result in a slow
+    sequential scan.
+
+    This behavior is configurable via
+    ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
+
+    [CVE-2022-44566]
+
+
+## Rails 7.0.4 (September 09, 2022) ##
+
+*   Symbol is allowed by default for YAML columns
+
+    *Étienne Barrié*
+
+*   Fix `ActiveRecord::Store` to serialize as a regular Hash
+
+    Previously it would serialize as an `ActiveSupport::HashWithIndifferentAccess`
+    which is wasteful and cause problem with YAML safe_load.
+
+    *Jean Boussier*
+
+*   Add `timestamptz` as a time zone aware type for PostgreSQL
+
+    This is required for correctly parsing `timestamp with time zone` values in your database.
+
+    If you don't want this, you can opt out by adding this initializer:
+
+    ```ruby
+    ActiveRecord::Base.time_zone_aware_types -= [:timestamptz]
+    ```
+
+    *Alex Ghiculescu*
+
+*   Fix supporting timezone awareness for `tsrange` and `tstzrange` array columns.
+
+    ```ruby
+    # In database migrations
+    add_column :shops, :open_hours, :tsrange, array: true
+    # In app config
+    ActiveRecord::Base.time_zone_aware_types += [:tsrange]
+    # In the code times are properly converted to app time zone
+    Shop.create!(open_hours: [Time.current..8.hour.from_now])
+    ```
+
+    *Wojciech Wnętrzak*
+
+*   Resolve issue where a relation cache_version could be left stale.
+
+    Previously, when `reset` was called on a relation object it did not reset the cache_versions
+    ivar. This led to a confusing situation where despite having the correct data the relation
+    still reported a stale cache_version.
+
+    Usage:
+
+    ```ruby
+    developers = Developer.all
+    developers.cache_version
+
+    Developer.update_all(updated_at: Time.now.utc + 1.second)
+
+    developers.cache_version # Stale cache_version
+    developers.reset
+    developers.cache_version # Returns the current correct cache_version
+    ```
+
+    Fixes #45341.
+
+    *Austen Madden*
+
+*   Fix `load_async` when called on an association proxy.
+
+    Calling `load_async` directly an association would schedule
+    a query but never use it.
+
+    ```ruby
+    comments = post.comments.load_async # schedule a query
+    comments.to_a # perform an entirely new sync query
+    ```
+
+    Now it does use the async query, however note that it doesn't
+    cause the association to be loaded.
+
+    *Jean Boussier*
+
+*   Fix eager loading for models without primary keys.
+
+    *Anmol Chopra*, *Matt Lawrence*, and *Jonathan Hefner*
+
+*   `rails db:schema:{dump,load}` now checks `ENV["SCHEMA_FORMAT"]` before config
+
+    Since `rails db:structure:{dump,load}` was deprecated there wasn't a simple
+    way to dump a schema to both SQL and Ruby formats. You can now do this with
+    an environment variable. For example:
+
+    ```
+    SCHEMA_FORMAT=sql rake db:schema:dump
+    ```
+
+    *Alex Ghiculescu*
+
+*   Fix Hstore deserialize regression.
+
+    *edsharp*
+
+
 ## Rails 7.0.3.1 (July 12, 2022) ##
 
 *   Change ActiveRecord::Coders::YAMLColumn default to safe_load

data/lib/active_record/associations/collection_association.rb

@@ -320,7 +320,6 @@ module ActiveRecord
         #   * Otherwise, attributes should have the value found in the database
         def merge_target_lists(persisted, memory)
           return persisted if memory.empty?
-          return memory    if persisted.empty?
 
           persisted.map! do |record|
             if mem_record = memory.delete(record)

data/lib/active_record/associations/collection_proxy.rb

@@ -1108,7 +1108,7 @@ module ActiveRecord
       ].flat_map { |klass|
         klass.public_instance_methods(false)
       } - self.public_instance_methods(false) - [:select] + [
-        :scoping, :values, :insert, :insert_all, :insert!, :insert_all!, :upsert, :upsert_all
+        :scoping, :values, :insert, :insert_all, :insert!, :insert_all!, :upsert, :upsert_all, :load_async
       ]
 
       delegate(*delegate_methods, to: :scope)

data/lib/active_record/associations/has_many_association.rb

@@ -79,10 +79,13 @@ module ActiveRecord
             scope.count(:all)
           end
 
-          # If there's nothing in the database and @target has no new records
-          # we are certain the current target is an empty array. This is a
-          # documented side-effect of the method that may avoid an extra SELECT.
-          loaded! if count == 0
+          # If there's nothing in the database, @target should only contain new
+          # records or be an empty array. This is a documented side-effect of
+          # the method that may avoid an extra SELECT.
+          if count == 0
+            target.select!(&:new_record?)
+            loaded!
+          end
 
           [association_scope.limit_value, count].compact.min
         end

data/lib/active_record/associations/join_dependency.rb

@@ -252,35 +252,39 @@ module ActiveRecord
               next
             end
 
-            key = aliases.column_alias(node, node.primary_key)
-            id = row[key]
-            if id.nil?
+            if node.primary_key
+              key = aliases.column_alias(node, node.primary_key)
+              id = row[key]
+            else
+              key = aliases.column_alias(node, node.reflection.join_primary_key.to_s)
+              id = nil # Avoid id-based model caching.
+            end
+
+            if row[key].nil?
               nil_association = ar_parent.association(node.reflection.name)
               nil_association.loaded!
               next
             end
 
-            model = seen[ar_parent][node][id]
-
-            if model
-              construct(model, node, row, seen, model_cache, strict_loading_value)
-            else
+            unless model = seen[ar_parent][node][id]
               model = construct_model(ar_parent, node, row, model_cache, id, strict_loading_value)
-
-              seen[ar_parent][node][id] = model
-              construct(model, node, row, seen, model_cache, strict_loading_value)
+              seen[ar_parent][node][id] = model if id
             end
+
+            construct(model, node, row, seen, model_cache, strict_loading_value)
           end
         end
 
         def construct_model(record, node, row, model_cache, id, strict_loading_value)
           other = record.association(node.reflection.name)
 
-          model = model_cache[node][id] ||=
-            node.instantiate(row, aliases.column_aliases(node)) do |m|
+          unless model = model_cache[node][id]
+            model = node.instantiate(row, aliases.column_aliases(node)) do |m|
               m.strict_loading! if strict_loading_value
               other.set_inverse_instance(m)
             end
+            model_cache[node][id] = model if id
+          end
 
           if node.reflection.collection?
             other.target.push(model)

data/lib/active_record/associations.rb

@@ -628,15 +628,15 @@ module ActiveRecord
       #
       # Note: To trigger remove callbacks, you must use +destroy+ / +destroy_all+ methods. For example:
       #
-      #   * <tt>firm.clients.destroy(client)</tt>
-      #   * <tt>firm.clients.destroy(*clients)</tt>
-      #   * <tt>firm.clients.destroy_all</tt>
+      # * <tt>firm.clients.destroy(client)</tt>
+      # * <tt>firm.clients.destroy(*clients)</tt>
+      # * <tt>firm.clients.destroy_all</tt>
       #
       # +delete+ / +delete_all+ methods like the following do *not* trigger remove callbacks:
       #
-      #   * <tt>firm.clients.delete(client)</tt>
-      #   * <tt>firm.clients.delete(*clients)</tt>
-      #   * <tt>firm.clients.delete_all</tt>
+      # * <tt>firm.clients.delete(client)</tt>
+      # * <tt>firm.clients.delete(*clients)</tt>
+      # * <tt>firm.clients.delete_all</tt>
       #
       # == Association extensions
       #

data/lib/active_record/attribute_methods/time_zone_conversion.rb

@@ -19,6 +19,8 @@ module ActiveRecord
 
           if value.is_a?(Hash)
             set_time_zone_without_conversion(super)
+          elsif value.is_a?(Range)
+            Range.new(user_input_in_time_zone(value.begin), user_input_in_time_zone(value.end), value.exclude_end?)
           elsif value.respond_to?(:in_time_zone)
             begin
               super(user_input_in_time_zone(value)) || super
@@ -40,6 +42,8 @@ module ActiveRecord
               value.in_time_zone
             elsif value.respond_to?(:infinite?) && value.infinite?
               value
+            elsif value.is_a?(Range)
+              Range.new(convert_time_to_time_zone(value.begin), convert_time_to_time_zone(value.end), value.exclude_end?)
             else
               map_avoiding_infinite_recursion(value) { |v| convert_time_to_time_zone(v) }
             end

data/lib/active_record/coders/yaml_column.rb

@@ -45,14 +45,20 @@ module ActiveRecord
           raise ArgumentError, "Cannot serialize #{object_class}. Classes passed to `serialize` must have a 0 argument constructor."
         end
 
-        def yaml_load(payload)
-          if !ActiveRecord.use_yaml_unsafe_load
-            YAML.safe_load(payload, permitted_classes: ActiveRecord.yaml_column_permitted_classes, aliases: true)
-          else
-            if YAML.respond_to?(:unsafe_load)
+        if YAML.respond_to?(:unsafe_load)
+          def yaml_load(payload)
+            if ActiveRecord.use_yaml_unsafe_load
               YAML.unsafe_load(payload)
             else
+              YAML.safe_load(payload, permitted_classes: ActiveRecord.yaml_column_permitted_classes, aliases: true)
+            end
+          end
+        else
+          def yaml_load(payload)
+            if ActiveRecord.use_yaml_unsafe_load
               YAML.load(payload)
+            else
+              YAML.safe_load(payload, permitted_classes: ActiveRecord.yaml_column_permitted_classes, aliases: true)
             end
           end
         end

data/lib/active_record/connection_adapters/abstract/quoting.rb

@@ -146,7 +146,16 @@ module ActiveRecord
       end
 
       def sanitize_as_sql_comment(value) # :nodoc:
-        value.to_s.gsub(%r{ (/ (?: | \g<1>) \*) \+? \s* | \s* (\* (?: | \g<2>) /) }x, "")
+        # Sanitize a string to appear within a SQL comment
+        # For compatibility, this also surrounding "/*+", "/*", and "*/"
+        # charcacters, possibly with single surrounding space.
+        # Then follows that by replacing any internal "*/" or "/ *" with
+        # "* /" or "/ *"
+        comment = value.to_s.dup
+        comment.gsub!(%r{\A\s*/\*\+?\s?|\s?\*/\s*\Z}, "")
+        comment.gsub!("*/", "* /")
+        comment.gsub!("/*", "/ *")
+        comment
       end
 
       def column_name_matcher # :nodoc:

data/lib/active_record/connection_adapters/abstract_mysql_adapter.rb

@@ -139,7 +139,7 @@ module ActiveRecord
       end
 
       def field_ordered_value(column, values) # :nodoc:
-        field = Arel::Nodes::NamedFunction.new("FIELD", [column, values.reverse])
+        field = Arel::Nodes::NamedFunction.new("FIELD", [column, values.reverse.map { |value| Arel::Nodes.build_quoted(value) }])
         Arel::Nodes::Descending.new(field)
       end
 
@@ -711,6 +711,10 @@ module ActiveRecord
             options[:comment] = column.comment
           end
 
+          unless options.key?(:collation)
+            options[:collation] = column.collation
+          end
+
           unless options.key?(:auto_increment)
             options[:auto_increment] = column.auto_increment?
           end

data/lib/active_record/connection_adapters/mysql/schema_statements.rb

@@ -159,7 +159,7 @@ module ActiveRecord
           end
 
           def default_type(table_name, field_name)
-            match = create_table_info(table_name).match(/`#{field_name}` (.+) DEFAULT ('|\d+|[A-z]+)/)
+            match = create_table_info(table_name)&.match(/`#{field_name}` (.+) DEFAULT ('|\d+|[A-z]+)/)
             default_pre = match[2] if match
 
             if default_pre == "'"

data/lib/active_record/connection_adapters/postgresql/oid/hstore.rb

@@ -26,7 +26,7 @@ module ActiveRecord
                 raise(ArgumentError, ERROR % scanner.string.inspect)
               end
 
-              unless key = scanner.scan_until(/(?<!\\)(?=")/)
+              unless key = scanner.scan(/^(\\[\\"]|[^\\"])*?(?=")/)
                 raise(ArgumentError, ERROR % scanner.string.inspect)
               end
 
@@ -41,7 +41,7 @@ module ActiveRecord
                   raise(ArgumentError, ERROR % scanner.string.inspect)
                 end
 
-                unless value = scanner.scan_until(/(?<!\\)(?=")/)
+                unless value = scanner.scan(/^(\\[\\"]|[^\\"])*?(?=")/)
                   raise(ArgumentError, ERROR % scanner.string.inspect)
                 end
 

data/lib/active_record/connection_adapters/postgresql/quoting.rb

@@ -4,6 +4,12 @@ module ActiveRecord
   module ConnectionAdapters
     module PostgreSQL
       module Quoting
+        class IntegerOutOf64BitRange < StandardError
+          def initialize(msg)
+            super(msg)
+          end
+        end
+
         # Escapes binary strings for bytea input to the database.
         def escape_bytea(value)
           @connection.escape_bytea(value) if value
@@ -16,7 +22,27 @@ module ActiveRecord
           @connection.unescape_bytea(value) if value
         end
 
+        def check_int_in_range(value)
+          if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808
+            exception = <<~ERROR
+              Provided value outside of the range of a signed 64bit integer.
+
+              PostgreSQL will treat the column type in question as a numeric.
+              This may result in a slow sequential scan due to a comparison
+              being performed between an integer or bigint value and a numeric value.
+
+              To allow for this potentially unwanted behavior, set
+              ActiveRecord.raise_int_wider_than_64bit to false.
+            ERROR
+            raise IntegerOutOf64BitRange.new exception
+          end
+        end
+
         def quote(value) # :nodoc:
+          if ActiveRecord.raise_int_wider_than_64bit && value.is_a?(Integer)
+            check_int_in_range(value)
+          end
+
           case value
           when OID::Xml::Data
             "xml '#{quote_string(value.to_s)}'"

data/lib/active_record/connection_adapters/postgresql/referential_integrity.rb

@@ -45,8 +45,10 @@ Rails needs superuser privileges to disable referential integrity.
             BEGIN
             FOR r IN (
               SELECT FORMAT(
-                'UPDATE pg_constraint SET convalidated=false WHERE conname = ''%I''; ALTER TABLE %I VALIDATE CONSTRAINT %I;',
+                'UPDATE pg_constraint SET convalidated=false WHERE conname = ''%I'' AND connamespace::regnamespace = ''%I''::regnamespace; ALTER TABLE %I.%I VALIDATE CONSTRAINT %I;',
                 constraint_name,
+                table_schema,
+                table_schema,
                 table_name,
                 constraint_name
               ) AS constraint_check

data/lib/active_record/connection_adapters/postgresql_adapter.rb

@@ -1063,5 +1063,6 @@ module ActiveRecord
         ActiveRecord::Type.register(:vector, OID::Vector, adapter: :postgresql)
         ActiveRecord::Type.register(:xml, OID::Xml, adapter: :postgresql)
     end
+    ActiveSupport.run_load_hooks(:active_record_postgresqladapter, PostgreSQLAdapter)
   end
 end

data/lib/active_record/connection_adapters/sqlite3/schema_statements.rb

@@ -21,7 +21,7 @@ module ActiveRecord
               WHERE name = #{quote(row['name'])} AND type = 'index'
             SQL
 
-            /\bON\b\s*"?(\w+?)"?\s*\((?<expressions>.+?)\)(?:\s*WHERE\b\s*(?<where>.+))?\z/i =~ index_sql
+            /\bON\b\s*"?(\w+?)"?\s*\((?<expressions>.+?)\)(?:\s*WHERE\b\s*(?<where>.+))?(?:\s*\/\*.*\*\/)?\z/i =~ index_sql
 
             columns = exec_query("PRAGMA index_info(#{quote(row['name'])})", "SCHEMA").map do |col|
               col["name"]

data/lib/active_record/connection_adapters/sqlite3_adapter.rb

@@ -341,7 +341,7 @@ module ActiveRecord
       end
 
       def get_database_version # :nodoc:
-        SQLite3Adapter::Version.new(query_value("SELECT sqlite_version(*)"))
+        SQLite3Adapter::Version.new(query_value("SELECT sqlite_version(*)", "SCHEMA"))
       end
 
       def check_version # :nodoc:
@@ -477,8 +477,13 @@ module ActiveRecord
                  options[:rename][column.name.to_sym] ||
                  column.name) : column.name
 
+              if column.has_default?
+                type = lookup_cast_type_from_column(column)
+                default = type.deserialize(column.default)
+              end
+
               @definition.column(column_name, column.type,
-                limit: column.limit, default: column.default,
+                limit: column.limit, default: default,
                 precision: column.precision, scale: column.scale,
                 null: column.null, collation: column.collation,
                 primary_key: column_name == from_primary_key

data/lib/active_record/delegated_type.rb

@@ -136,7 +136,7 @@ module ActiveRecord
   #     end
   #   end
   #
-  # Now you can list a bunch of entries, call +Entry#title+, and polymorphism will provide you with the answer.
+  # Now you can list a bunch of entries, call <tt>Entry#title</tt>, and polymorphism will provide you with the answer.
   #
   # == Nested Attributes
   #

data/lib/active_record/encryption/message.rb

@@ -7,7 +7,7 @@ module ActiveRecord
     # * An encrypted payload
     # * A list of unencrypted headers
     #
-    # See +Encryptor#encrypt+
+    # See Encryptor#encrypt
     class Message
       attr_accessor :payload, :headers
 

data/lib/active_record/encryption/properties.rb

@@ -12,7 +12,7 @@ module ActiveRecord
     #
     #   message.headers.encrypted_data_key # instead of message.headers[:k]
     #
-    # See +Properties#DEFAULT_PROPERTIES+, +Key+, +Message+
+    # See +Properties::DEFAULT_PROPERTIES+, Key, Message
     class Properties
       ALLOWED_VALUE_CLASSES = [String, ActiveRecord::Encryption::Message, Numeric, TrueClass, FalseClass, Symbol, NilClass]
 

data/lib/active_record/gem_version.rb

@@ -9,7 +9,7 @@ module ActiveRecord
   module VERSION
     MAJOR = 7
     MINOR = 0
-    TINY  = 3
+    TINY  = 4
     PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/active_record/middleware/database_selector.rb

@@ -44,7 +44,7 @@ module ActiveRecord
     #   config.active_record.database_resolver_context = MyResolver::MySession
     #
     # Note: If you are using `rails new my_app --minimal` you will need to call
-    # `require "active_support/core_ext/integer/time"` to load the libaries
+    # `require "active_support/core_ext/integer/time"` to load the libraries
     # for +Time+.
     class DatabaseSelector
       def initialize(app, resolver_klass = nil, context_klass = nil, options = {})

data/lib/active_record/model_schema.rb

@@ -126,6 +126,27 @@ module ActiveRecord
     # +:immutable_string+. This setting does not affect the behavior of
     # <tt>attribute :foo, :string</tt>. Defaults to false.
 
+    ##
+    # :singleton-method: inheritance_column
+    # :call-seq: inheritance_column
+    #
+    # The name of the table column which stores the class name on single-table
+    # inheritance situations.
+    #
+    # The default inheritance column name is +type+, which means it's a
+    # reserved word inside Active Record. To be able to use single-table
+    # inheritance with another column name, or to use the column +type+ in
+    # your own model for something else, you can set +inheritance_column+:
+    #
+    #     self.inheritance_column = 'zoink'
+
+    ##
+    # :singleton-method: inheritance_column=
+    # :call-seq: inheritance_column=(column)
+    #
+    # Defines the name of the table column which will store the class name on single-table
+    # inheritance situations.
+
     included do
       class_attribute :primary_key_prefix_type, instance_writer: false
       class_attribute :table_name_prefix, instance_writer: false, default: ""
@@ -136,15 +157,6 @@ module ActiveRecord
       class_attribute :implicit_order_column, instance_accessor: false
       class_attribute :immutable_strings_by_default, instance_accessor: false
 
-      # Defines the name of the table column which will store the class name on single-table
-      # inheritance situations.
-      #
-      # The default inheritance column name is +type+, which means it's a
-      # reserved word inside Active Record. To be able to use single-table
-      # inheritance with another column name, or to use the column +type+ in
-      # your own model for something else, you can set +inheritance_column+:
-      #
-      #     self.inheritance_column = 'zoink'
       class_attribute :inheritance_column, instance_accessor: false, default: "type"
       singleton_class.class_eval do
         alias_method :_inheritance_column=, :inheritance_column=

data/lib/active_record/query_logs.rb

@@ -33,6 +33,8 @@ module ActiveRecord
   # want to add to the comment. Dynamic content can be created by setting a proc or lambda value in a hash,
   # and can reference any value stored in the +context+ object.
   #
+  # Escaping is performed on the string returned, however untrusted user input should not be used.
+  #
   # Example:
   #
   #    tags = [
@@ -109,7 +111,16 @@ module ActiveRecord
         end
 
         def escape_sql_comment(content)
-          content.to_s.gsub(%r{ (/ (?: | \g<1>) \*) \+? \s* | \s* (\* (?: | \g<2>) /) }x, "")
+          # Sanitize a string to appear within a SQL comment
+          # For compatibility, this also surrounding "/*+", "/*", and "*/"
+          # charcacters, possibly with single surrounding space.
+          # Then follows that by replacing any internal "*/" or "/ *" with
+          # "* /" or "/ *"
+          comment = content.to_s.dup
+          comment.gsub!(%r{\A\s*/\*\+?\s?|\s?\*/\s*\Z}, "")
+          comment.gsub!("*/", "* /")
+          comment.gsub!("/*", "/ *")
+          comment
         end
 
         def tag_content

data/lib/active_record/railtie.rb

@@ -78,6 +78,12 @@ module ActiveRecord
       end
     end
 
+    initializer "active_record.postgresql_time_zone_aware_types" do
+      ActiveSupport.on_load(:active_record_postgresqladapter) do
+        ActiveRecord::Base.time_zone_aware_types << :timestamptz
+      end
+    end
+
     initializer "active_record.logger" do
       ActiveSupport.on_load(:active_record) { self.logger ||= ::Rails.logger }
     end
@@ -94,22 +100,6 @@ module ActiveRecord
       end
     end
 
-    initializer "active_record.database_selector" do
-      if options = config.active_record.database_selector
-        resolver = config.active_record.database_resolver
-        operations = config.active_record.database_resolver_context
-        config.app_middleware.use ActiveRecord::Middleware::DatabaseSelector, resolver, operations, options
-      end
-    end
-
-    initializer "active_record.shard_selector" do
-      if resolver = config.active_record.shard_resolver
-        options = config.active_record.shard_selector || {}
-
-        config.app_middleware.use ActiveRecord::Middleware::ShardSelector, resolver, options
-      end
-    end
-
     initializer "Check for cache versioning support" do
       config.after_initialize do |app|
         ActiveSupport.on_load(:active_record) do
@@ -403,23 +393,5 @@ To keep using the current cache store, you can turn off cache versioning entirel
         end
       end
     end
-
-    initializer "active_record.use_yaml_unsafe_load" do |app|
-      config.after_initialize do
-        unless app.config.active_record.use_yaml_unsafe_load.nil?
-          ActiveRecord.use_yaml_unsafe_load =
-            app.config.active_record.use_yaml_unsafe_load
-        end
-      end
-    end
-
-    initializer "active_record.yaml_column_permitted_classes" do |app|
-      config.after_initialize do
-        unless app.config.active_record.yaml_column_permitted_classes.nil?
-          ActiveRecord.yaml_column_permitted_classes =
-            app.config.active_record.yaml_column_permitted_classes
-        end
-      end
-    end
   end
 end

data/lib/active_record/railties/databases.rake

@@ -452,30 +452,32 @@ db_namespace = namespace :db do
   end
 
   namespace :schema do
-    desc "Creates a database schema file (either db/schema.rb or db/structure.sql, depending on `config.active_record.schema_format`)"
+    desc "Creates a database schema file (either db/schema.rb or db/structure.sql, depending on `ENV['SCHEMA_FORMAT']` or `config.active_record.schema_format`)"
     task dump: :load_config do
       ActiveRecord::Base.configurations.configs_for(env_name: ActiveRecord::Tasks::DatabaseTasks.env).each do |db_config|
         if db_config.schema_dump
           ActiveRecord::Base.establish_connection(db_config)
-          ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config)
+          schema_format = ENV.fetch("SCHEMA_FORMAT", ActiveRecord.schema_format).to_sym
+          ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config, schema_format)
         end
       end
 
       db_namespace["schema:dump"].reenable
     end
 
-    desc "Loads a database schema file (either db/schema.rb or db/structure.sql, depending on `config.active_record.schema_format`) into the database"
+    desc "Loads a database schema file (either db/schema.rb or db/structure.sql, depending on `ENV['SCHEMA_FORMAT']` or `config.active_record.schema_format`) into the database"
     task load: [:load_config, :check_protected_environments] do
       ActiveRecord::Tasks::DatabaseTasks.load_schema_current(ActiveRecord.schema_format, ENV["SCHEMA"])
     end
 
     namespace :dump do
       ActiveRecord::Tasks::DatabaseTasks.for_each(databases) do |name|
-        desc "Creates a database schema file (either db/schema.rb or db/structure.sql, depending on `config.active_record.schema_format`) for #{name} database"
+        desc "Creates a database schema file (either db/schema.rb or db/structure.sql, depending on `ENV['SCHEMA_FORMAT']` or `config.active_record.schema_format`) for #{name} database"
         task name => :load_config do
           db_config = ActiveRecord::Base.configurations.configs_for(env_name: ActiveRecord::Tasks::DatabaseTasks.env, name: name)
           ActiveRecord::Base.establish_connection(db_config)
-          ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config)
+          schema_format = ENV.fetch("SCHEMA_FORMAT", ActiveRecord.schema_format).to_sym
+          ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config, schema_format)
           db_namespace["schema:dump:#{name}"].reenable
         end
       end
@@ -483,11 +485,12 @@ db_namespace = namespace :db do
 
     namespace :load do
       ActiveRecord::Tasks::DatabaseTasks.for_each(databases) do |name|
-        desc "Loads a database schema file (either db/schema.rb or db/structure.sql, depending on `config.active_record.schema_format`) into the #{name} database"
+        desc "Loads a database schema file (either db/schema.rb or db/structure.sql, depending on `ENV['SCHEMA_FORMAT']` or `config.active_record.schema_format`) into the #{name} database"
         task name => [:load_config, :check_protected_environments] do
           original_db_config = ActiveRecord::Base.connection_db_config
           db_config = ActiveRecord::Base.configurations.configs_for(env_name: ActiveRecord::Tasks::DatabaseTasks.env, name: name)
-          ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config)
+          schema_format = ENV.fetch("SCHEMA_FORMAT", ActiveRecord.schema_format).to_sym
+          ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config, schema_format)
         ensure
           ActiveRecord::Base.establish_connection(original_db_config) if original_db_config
         end
@@ -545,12 +548,13 @@ db_namespace = namespace :db do
       db_namespace["test:load_schema"].invoke
     end
 
-    # desc "Recreate the test database from an existent schema file (schema.rb or structure.sql, depending on `config.active_record.schema_format`)"
+    # desc "Recreate the test database from an existent schema file (schema.rb or structure.sql, depending on `ENV['SCHEMA_FORMAT']` or `config.active_record.schema_format`)"
     task load_schema: %w(db:test:purge) do
       should_reconnect = ActiveRecord::Base.connection_pool.active_connection?
       ActiveRecord::Schema.verbose = false
       ActiveRecord::Base.configurations.configs_for(env_name: "test").each do |db_config|
-        ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config)
+        schema_format = ENV.fetch("SCHEMA_FORMAT", ActiveRecord.schema_format).to_sym
+        ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config, schema_format)
       end
     ensure
       if should_reconnect
@@ -586,7 +590,8 @@ db_namespace = namespace :db do
           should_reconnect = ActiveRecord::Base.connection_pool.active_connection?
           ActiveRecord::Schema.verbose = false
           db_config = ActiveRecord::Base.configurations.configs_for(env_name: "test", name: name)
-          ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config)
+          schema_format = ENV.fetch("SCHEMA_FORMAT", ActiveRecord.schema_format).to_sym
+          ActiveRecord::Tasks::DatabaseTasks.load_schema(db_config, schema_format)
         ensure
           if should_reconnect
             ActiveRecord::Base.establish_connection(ActiveRecord::Tasks::DatabaseTasks.env.to_sym)

data/lib/active_record/relation/query_methods.rb

@@ -10,10 +10,10 @@ module ActiveRecord
   module QueryMethods
     include ActiveModel::ForbiddenAttributesProtection
 
-    # WhereChain objects act as placeholder for queries in which #where does not have any parameter.
-    # In this case, #where must be chained with #not to return a new relation.
+    # WhereChain objects act as placeholder for queries in which +where+ does not have any parameter.
+    # In this case, +where+ can be chained to return a new relation.
     class WhereChain
-      def initialize(scope)
+      def initialize(scope) # :nodoc:
         @scope = scope
       end
 
@@ -717,12 +717,26 @@ module ActiveRecord
     # === no argument
     #
     # If no argument is passed, #where returns a new instance of WhereChain, that
-    # can be chained with #not to return a new relation that negates the where clause.
+    # can be chained with WhereChain#not, WhereChain#missing, or WhereChain#associated.
+    #
+    # Chaining with WhereChain#not:
     #
     #    User.where.not(name: "Jon")
     #    # SELECT * FROM users WHERE name != 'Jon'
     #
-    # See WhereChain for more details on #not.
+    # Chaining with WhereChain#associated:
+    #
+    #    Post.where.associated(:author)
+    #    # SELECT "posts".* FROM "posts"
+    #    # INNER JOIN "authors" ON "authors"."id" = "posts"."author_id"
+    #    # WHERE "authors"."id" IS NOT NULL
+    #
+    # Chaining with WhereChain#missing:
+    #
+    #    Post.where.missing(:author)
+    #    # SELECT "posts".* FROM "posts"
+    #    # LEFT OUTER JOIN "authors" ON "authors"."id" = "posts"."author_id"
+    #    # WHERE "authors"."id" IS NULL
     #
     # === blank condition
     #
@@ -1202,6 +1216,8 @@ module ActiveRecord
     #   # SELECT "users"."name" FROM "users" /* selecting */ /* user */ /* names */
     #
     # The SQL block comment delimiters, "/*" and "*/", will be added automatically.
+    #
+    # Some escaping is performed, however untrusted user input should not be used.
     def annotate(*args)
       check_if_method_has_arguments!(__callee__, args)
       spawn.annotate!(*args)

data/lib/active_record/relation.rb

@@ -712,6 +712,7 @@ module ActiveRecord
       @to_sql = @arel = @loaded = @should_eager_load = nil
       @offsets = @take = nil
       @cache_keys = nil
+      @cache_versions = nil
       @records = nil
       self
     end

data/lib/active_record/scoping/default.rb

@@ -146,11 +146,13 @@ module ActiveRecord
               end
             elsif default_scopes.any?
               evaluate_default_scope do
-                default_scopes.inject(relation) do |default_scope, scope_obj|
+                default_scopes.inject(relation) do |combined_scope, scope_obj|
                   if execute_scope?(all_queries, scope_obj)
                     scope = scope_obj.scope.respond_to?(:to_proc) ? scope_obj.scope : scope_obj.scope.method(:call)
 
-                    default_scope.instance_exec(&scope) || default_scope
+                    combined_scope.instance_exec(&scope) || combined_scope
+                  else
+                    combined_scope
                   end
                 end
               end

data/lib/active_record/signed_id.rb

@@ -97,7 +97,7 @@ module ActiveRecord
 
     # Returns a signed id that's generated using a preconfigured +ActiveSupport::MessageVerifier+ instance.
     # This signed id is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
-    # It can further more be set to expire (the default is not to expire), and scoped down with a specific purpose.
+    # It can furthermore be set to expire (the default is not to expire), and scoped down with a specific purpose.
     # If the expiration date has been exceeded before +find_signed+ is called, the id won't find the designated
     # record. If a purpose is set, this too must match.
     #

data/lib/active_record/store.rb

@@ -59,7 +59,7 @@ module ActiveRecord
   #   u.color = 'green'
   #   u.color_changed? # => true
   #   u.color_was # => 'black'
-  #   u.color_change # => ['black', 'red']
+  #   u.color_change # => ['black', 'green']
   #
   #   # Add additional accessors to an existing store through store_accessor
   #   class SuperUser < User
@@ -268,7 +268,7 @@ module ActiveRecord
         end
 
         def dump(obj)
-          @coder.dump self.class.as_indifferent_hash(obj)
+          @coder.dump as_regular_hash(obj)
         end
 
         def load(yaml)
@@ -285,6 +285,11 @@ module ActiveRecord
             ActiveSupport::HashWithIndifferentAccess.new
           end
         end
+
+        private
+          def as_regular_hash(obj)
+            obj.respond_to?(:to_hash) ? obj.to_hash : {}
+          end
       end
   end
 end

data/lib/active_record/test_fixtures.rb

@@ -137,7 +137,7 @@ module ActiveRecord
         @connection_subscriber = ActiveSupport::Notifications.subscribe("!connection.active_record") do |_, _, _, _, payload|
           spec_name = payload[:spec_name] if payload.key?(:spec_name)
           shard = payload[:shard] if payload.key?(:shard)
-          setup_shared_connection_pool
+          setup_shared_connection_pool if ActiveRecord.legacy_connection_handling
 
           if spec_name
             begin
@@ -146,10 +146,14 @@ module ActiveRecord
               connection = nil
             end
 
-            if connection && !@fixture_connections.include?(connection)
-              connection.begin_transaction joinable: false, _lazy: false
-              connection.pool.lock_thread = true if lock_threads
-              @fixture_connections << connection
+            if connection
+              setup_shared_connection_pool unless ActiveRecord.legacy_connection_handling
+
+              if !@fixture_connections.include?(connection)
+                connection.begin_transaction joinable: false, _lazy: false
+                connection.pool.lock_thread = true if lock_threads
+                @fixture_connections << connection
+              end
             end
           end
         end

data/lib/active_record.rb

@@ -347,12 +347,20 @@ module ActiveRecord
   singleton_class.attr_accessor :use_yaml_unsafe_load
   self.use_yaml_unsafe_load = false
 
+  ##
+  # :singleton-method:
+  # Application configurable boolean that denotes whether or not to raise
+  # an exception when the PostgreSQLAdapter is provided with an integer that
+  # is wider than signed 64bit representation
+  singleton_class.attr_accessor :raise_int_wider_than_64bit
+  self.raise_int_wider_than_64bit = true
+
   ##
   # :singleton-method:
   # Application configurable array that provides additional permitted classes
   # to Psych safe_load in the YAML Coder
   singleton_class.attr_accessor :yaml_column_permitted_classes
-  self.yaml_column_permitted_classes = []
+  self.yaml_column_permitted_classes = [Symbol]
 
   def self.eager_load!
     super

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord
 version: !ruby/object:Gem::Version
-  version: 7.0.3.1
+  version: 7.0.4.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-12 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
 description: Databases on Rails. Build a persistent domain model by mapping database
   tables to Ruby classes. Strong conventions for associations, validations, aggregations,
   migrations, and testing come baked-in.
@@ -434,10 +434,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.3.1/activerecord/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.3.1/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.4.1/activerecord/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.4.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.3.1/activerecord
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.4.1/activerecord
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options:
@@ -456,7 +456,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.3
 signing_key:
 specification_version: 4
 summary: Object-relational mapper framework (part of Rails).