activesupport 6.1.0 → 7.1.5.1

data/lib/active_support/core_ext/date_time/conversions.rb

@@ -9,21 +9,21 @@ require "active_support/values/time_zone"
 class DateTime
   # Convert to a formatted string. See Time::DATE_FORMATS for predefined formats.
   #
-  # This method is aliased to <tt>to_s</tt>.
+  # This method is aliased to <tt>to_formatted_s</tt>.
   #
   # === Examples
   #   datetime = DateTime.civil(2007, 12, 4, 0, 0, 0, 0)   # => Tue, 04 Dec 2007 00:00:00 +0000
   #
-  #   datetime.to_formatted_s(:db)            # => "2007-12-04 00:00:00"
-  #   datetime.to_s(:db)                      # => "2007-12-04 00:00:00"
-  #   datetime.to_s(:number)                  # => "20071204000000"
-  #   datetime.to_formatted_s(:short)         # => "04 Dec 00:00"
-  #   datetime.to_formatted_s(:long)          # => "December 04, 2007 00:00"
-  #   datetime.to_formatted_s(:long_ordinal)  # => "December 4th, 2007 00:00"
-  #   datetime.to_formatted_s(:rfc822)        # => "Tue, 04 Dec 2007 00:00:00 +0000"
-  #   datetime.to_formatted_s(:iso8601)       # => "2007-12-04T00:00:00+00:00"
+  #   datetime.to_fs(:db)            # => "2007-12-04 00:00:00"
+  #   datetime.to_formatted_s(:db)   # => "2007-12-04 00:00:00"
+  #   datetime.to_fs(:number)        # => "20071204000000"
+  #   datetime.to_fs(:short)         # => "04 Dec 00:00"
+  #   datetime.to_fs(:long)          # => "December 04, 2007 00:00"
+  #   datetime.to_fs(:long_ordinal)  # => "December 4th, 2007 00:00"
+  #   datetime.to_fs(:rfc822)        # => "Tue, 04 Dec 2007 00:00:00 +0000"
+  #   datetime.to_fs(:iso8601)       # => "2007-12-04T00:00:00+00:00"
   #
-  # == Adding your own datetime formats to to_formatted_s
+  # == Adding your own datetime formats to to_fs
   # DateTime formats are shared with Time. You can add your own to the
   # Time::DATE_FORMATS hash. Use the format name as the hash key and
   # either a strftime string or Proc instance that takes a time or
@@ -32,15 +32,19 @@ class DateTime
   #   # config/initializers/time_formats.rb
   #   Time::DATE_FORMATS[:month_and_year] = '%B %Y'
   #   Time::DATE_FORMATS[:short_ordinal] = lambda { |time| time.strftime("%B #{time.day.ordinalize}") }
-  def to_formatted_s(format = :default)
+  def to_fs(format = :default)
     if formatter = ::Time::DATE_FORMATS[format]
       formatter.respond_to?(:call) ? formatter.call(self).to_s : strftime(formatter)
     else
-      to_default_s
+      to_s
     end
   end
-  alias_method :to_default_s, :to_s if instance_methods(false).include?(:to_s)
-  alias_method :to_s, :to_formatted_s
+  alias_method :to_formatted_s, :to_fs
+  if instance_methods(false).include?(:to_s)
+    alias_method :to_default_s, :to_s
+    deprecate to_default_s: :to_s, deprecator: ActiveSupport.deprecator
+  end
+
 
   # Returns a formatted string of the offset from UTC, or an alternative
   # string if the time zone is already UTC.
@@ -54,7 +58,7 @@ class DateTime
 
   # Overrides the default inspect method with a human readable one, e.g., "Mon, 21 Feb 2005 14:30:00 +0000".
   def readable_inspect
-    to_s(:rfc822)
+    to_fs(:rfc822)
   end
   alias_method :default_inspect, :inspect
   alias_method :inspect, :readable_inspect

data/lib/active_support/core_ext/digest/uuid.rb

@@ -1,29 +1,32 @@
 # frozen_string_literal: true
 
 require "securerandom"
+require "openssl"
 
 module Digest
   module UUID
-    DNS_NAMESPACE  = "k\xA7\xB8\x10\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" #:nodoc:
-    URL_NAMESPACE  = "k\xA7\xB8\x11\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" #:nodoc:
-    OID_NAMESPACE  = "k\xA7\xB8\x12\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" #:nodoc:
-    X500_NAMESPACE = "k\xA7\xB8\x14\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" #:nodoc:
+    DNS_NAMESPACE  = "k\xA7\xB8\x10\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" # :nodoc:
+    URL_NAMESPACE  = "k\xA7\xB8\x11\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" # :nodoc:
+    OID_NAMESPACE  = "k\xA7\xB8\x12\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" # :nodoc:
+    X500_NAMESPACE = "k\xA7\xB8\x14\x9D\xAD\x11\xD1\x80\xB4\x00\xC0O\xD40\xC8" # :nodoc:
 
     # Generates a v5 non-random UUID (Universally Unique IDentifier).
     #
-    # Using Digest::MD5 generates version 3 UUIDs; Digest::SHA1 generates version 5 UUIDs.
+    # Using OpenSSL::Digest::MD5 generates version 3 UUIDs; OpenSSL::Digest::SHA1 generates version 5 UUIDs.
     # uuid_from_hash always generates the same UUID for a given name and namespace combination.
     #
     # See RFC 4122 for details of UUID at: https://www.ietf.org/rfc/rfc4122.txt
-    def self.uuid_from_hash(hash_class, uuid_namespace, name)
-      if hash_class == Digest::MD5
+    def self.uuid_from_hash(hash_class, namespace, name)
+      if hash_class == Digest::MD5 || hash_class == OpenSSL::Digest::MD5
         version = 3
-      elsif hash_class == Digest::SHA1
+      elsif hash_class == Digest::SHA1 || hash_class == OpenSSL::Digest::SHA1
         version = 5
       else
-        raise ArgumentError, "Expected Digest::SHA1 or Digest::MD5, got #{hash_class.name}."
+        raise ArgumentError, "Expected OpenSSL::Digest::SHA1 or OpenSSL::Digest::MD5, got #{hash_class.name}."
       end
 
+      uuid_namespace = pack_uuid_namespace(namespace)
+
       hash = hash_class.new
       hash.update(uuid_namespace)
       hash.update(name)
@@ -35,19 +38,33 @@ module Digest
       "%08x-%04x-%04x-%04x-%04x%08x" % ary
     end
 
-    # Convenience method for uuid_from_hash using Digest::MD5.
+    # Convenience method for uuid_from_hash using OpenSSL::Digest::MD5.
     def self.uuid_v3(uuid_namespace, name)
-      uuid_from_hash(Digest::MD5, uuid_namespace, name)
+      uuid_from_hash(OpenSSL::Digest::MD5, uuid_namespace, name)
     end
 
-    # Convenience method for uuid_from_hash using Digest::SHA1.
+    # Convenience method for uuid_from_hash using OpenSSL::Digest::SHA1.
     def self.uuid_v5(uuid_namespace, name)
-      uuid_from_hash(Digest::SHA1, uuid_namespace, name)
+      uuid_from_hash(OpenSSL::Digest::SHA1, uuid_namespace, name)
     end
 
     # Convenience method for SecureRandom.uuid.
     def self.uuid_v4
       SecureRandom.uuid
     end
+
+    def self.pack_uuid_namespace(namespace)
+      if [DNS_NAMESPACE, OID_NAMESPACE, URL_NAMESPACE, X500_NAMESPACE].include?(namespace)
+        namespace
+      else
+        match_data = namespace.match(/\A(\h{8})-(\h{4})-(\h{4})-(\h{4})-(\h{4})(\h{8})\z/)
+
+        raise ArgumentError, "Only UUIDs are valid namespace identifiers" unless match_data.present?
+
+        match_data.captures.map { |s| s.to_i(16) }.pack("NnnnnN")
+      end
+    end
+
+    private_class_method :pack_uuid_namespace
   end
 end

data/lib/active_support/core_ext/enumerable.rb

@@ -1,47 +1,44 @@
 # frozen_string_literal: true
 
-module Enumerable
-  INDEX_WITH_DEFAULT = Object.new
-  private_constant :INDEX_WITH_DEFAULT
-
-  # Enumerable#sum was added in Ruby 2.4, but it only works with Numeric elements
-  # when we omit an identity.
-
-  # :stopdoc:
+module ActiveSupport
+  module EnumerableCoreExt # :nodoc:
+    module Constants
+      private
+        def const_missing(name)
+          if name == :SoleItemExpectedError
+            ::ActiveSupport::EnumerableCoreExt::SoleItemExpectedError
+          else
+            super
+          end
+        end
+    end
+  end
+end
 
-  # We can't use Refinements here because Refinements with Module which will be prepended
-  # doesn't work well https://bugs.ruby-lang.org/issues/13446
-  alias :_original_sum_with_required_identity :sum
-  private :_original_sum_with_required_identity
+module Enumerable
+  # Error generated by +sole+ when called on an enumerable that doesn't have
+  # exactly one item.
+  class SoleItemExpectedError < StandardError; end
 
-  # :startdoc:
+  # HACK: For performance reasons, Enumerable shouldn't have any constants of its own.
+  # So we move SoleItemExpectedError into ActiveSupport::EnumerableCoreExt.
+  ActiveSupport::EnumerableCoreExt::SoleItemExpectedError = remove_const(:SoleItemExpectedError)
+  singleton_class.prepend(ActiveSupport::EnumerableCoreExt::Constants)
 
-  # Calculates a sum from the elements.
-  #
-  #  payments.sum { |p| p.price * p.tax_rate }
-  #  payments.sum(&:price)
-  #
-  # The latter is a shortcut for:
-  #
-  #  payments.inject(0) { |sum, p| sum + p.price }
+  # Calculates the minimum from the extracted elements.
   #
-  # It can also calculate the sum without the use of a block.
-  #
-  #  [5, 15, 10].sum # => 30
-  #  ['foo', 'bar'].sum # => "foobar"
-  #  [[1, 2], [3, 1, 5]].sum # => [1, 2, 3, 1, 5]
-  #
-  # The default sum of an empty list is zero. You can override this default:
+  #   payments = [Payment.new(5), Payment.new(15), Payment.new(10)]
+  #   payments.minimum(:price) # => 5
+  def minimum(key)
+    map(&key).min
+  end
+
+  # Calculates the maximum from the extracted elements.
   #
-  #  [].sum(Payment.new(0)) { |i| i.amount } # => Payment.new(0)
-  def sum(identity = nil, &block)
-    if identity
-      _original_sum_with_required_identity(identity, &block)
-    elsif block_given?
-      map(&block).sum(identity)
-    else
-      inject(:+) || 0
-    end
+  #   payments = [Payment.new(5), Payment.new(15), Payment.new(10)]
+  #   payments.maximum(:price) # => 15
+  def maximum(key)
+    map(&key).max
   end
 
   # Convert an enumerable to a hash, using the block result as the key and the
@@ -75,17 +72,17 @@ module Enumerable
   #
   #   %i( created_at updated_at ).index_with(Time.now)
   #   # => { created_at: 2020-03-09 22:31:47, updated_at: 2020-03-09 22:31:47 }
-  def index_with(default = INDEX_WITH_DEFAULT)
+  def index_with(default = (no_default = true))
     if block_given?
       result = {}
       each { |elem| result[elem] = yield(elem) }
       result
-    elsif default != INDEX_WITH_DEFAULT
+    elsif no_default
+      to_enum(:index_with) { size if respond_to?(:size) }
+    else
       result = {}
       each { |elem| result[elem] = default }
       result
-    else
-      to_enum(:index_with) { size if respond_to?(:size) }
     end
   end
 
@@ -96,8 +93,8 @@ module Enumerable
   def many?
     cnt = 0
     if block_given?
-      any? do |element|
-        cnt += 1 if yield element
+      any? do |*args|
+        cnt += 1 if yield(*args)
         cnt > 1
       end
     else
@@ -136,11 +133,7 @@ module Enumerable
     elements.flatten!(1)
     reject { |element| elements.include?(element) }
   end
-
-  # Alias for #excluding.
-  def without(*elements)
-    excluding(*elements)
-  end
+  alias :without :excluding
 
   # Extract the given key from each element in the enumerable.
   #
@@ -178,81 +171,90 @@ module Enumerable
   # Returns a new +Array+ without the blank items.
   # Uses Object#blank? for determining if an item is blank.
   #
-  #    [1, "", nil, 2, " ", [], {}, false, true].compact_blank
-  #    # =>  [1, 2, true]
+  #   [1, "", nil, 2, " ", [], {}, false, true].compact_blank
+  #   # =>  [1, 2, true]
   #
-  #    Set.new([nil, "", 1, 2])
-  #    # => [2, 1] (or [1, 2])
+  #   Set.new([nil, "", 1, false]).compact_blank
+  #   # => [1]
   #
   # When called on a +Hash+, returns a new +Hash+ without the blank values.
   #
-  #    { a: "", b: 1, c: nil, d: [], e: false, f: true }.compact_blank
-  #    #=> { b: 1, f: true }
+  #   { a: "", b: 1, c: nil, d: [], e: false, f: true }.compact_blank
+  #   # => { b: 1, f: true }
   def compact_blank
     reject(&:blank?)
   end
+
+  # Returns a new +Array+ where the order has been set to that provided in the +series+, based on the +key+ of the
+  # objects in the original enumerable.
+  #
+  #   [ Person.find(5), Person.find(3), Person.find(1) ].in_order_of(:id, [ 1, 5, 3 ])
+  #   # => [ Person.find(1), Person.find(5), Person.find(3) ]
+  #
+  # If the +series+ include keys that have no corresponding element in the Enumerable, these are ignored.
+  # If the Enumerable has additional elements that aren't named in the +series+, these are not included in the result.
+  def in_order_of(key, series)
+    group_by(&key).values_at(*series).flatten(1).compact
+  end
+
+  # Returns the sole item in the enumerable. If there are no items, or more
+  # than one item, raises +Enumerable::SoleItemExpectedError+.
+  #
+  #   ["x"].sole          # => "x"
+  #   Set.new.sole        # => Enumerable::SoleItemExpectedError: no item found
+  #   { a: 1, b: 2 }.sole # => Enumerable::SoleItemExpectedError: multiple items found
+  def sole
+    case count
+    when 1   then return first # rubocop:disable Style/RedundantReturn
+    when 0   then raise ActiveSupport::EnumerableCoreExt::SoleItemExpectedError, "no item found"
+    when 2.. then raise ActiveSupport::EnumerableCoreExt::SoleItemExpectedError, "multiple items found"
+    end
+  end
 end
 
 class Hash
   # Hash#reject has its own definition, so this needs one too.
-  def compact_blank #:nodoc:
+  def compact_blank # :nodoc:
     reject { |_k, v| v.blank? }
   end
 
   # Removes all blank values from the +Hash+ in place and returns self.
   # Uses Object#blank? for determining if a value is blank.
   #
-  #    h = { a: "", b: 1, c: nil, d: [], e: false, f: true }
-  #    h.compact_blank!
-  #    # => { b: 1, f: true }
+  #   h = { a: "", b: 1, c: nil, d: [], e: false, f: true }
+  #   h.compact_blank!
+  #   # => { b: 1, f: true }
   def compact_blank!
     # use delete_if rather than reject! because it always returns self even if nothing changed
     delete_if { |_k, v| v.blank? }
   end
 end
 
-class Range #:nodoc:
+class Range # :nodoc:
   # Optimize range sum to use arithmetic progression if a block is not given and
   # we have a range of numeric values.
-  def sum(identity = nil)
+  def sum(initial_value = 0)
     if block_given? || !(first.is_a?(Integer) && last.is_a?(Integer))
       super
     else
       actual_last = exclude_end? ? (last - 1) : last
       if actual_last >= first
-        sum = identity || 0
+        sum = initial_value || 0
         sum + (actual_last - first + 1) * (actual_last + first) / 2
       else
-        identity || 0
+        initial_value || 0
       end
     end
   end
 end
 
-# Using Refinements here in order not to expose our internal method
-using Module.new {
-  refine Array do
-    alias :orig_sum :sum
-  end
-}
-
-class Array #:nodoc:
-  # Array#sum was added in Ruby 2.4 but it only works with Numeric elements.
-  def sum(init = nil, &block)
-    if init.is_a?(Numeric) || first.is_a?(Numeric)
-      init ||= 0
-      orig_sum(init, &block)
-    else
-      super
-    end
-  end
-
+class Array # :nodoc:
   # Removes all blank elements from the +Array+ in place and returns self.
   # Uses Object#blank? for determining if an item is blank.
   #
-  #    a = [1, "", nil, 2, " ", [], {}, false, true]
-  #    a.compact_blank!
-  #    # =>  [1, 2, true]
+  #   a = [1, "", nil, 2, " ", [], {}, false, true]
+  #   a.compact_blank!
+  #   # =>  [1, 2, true]
   def compact_blank!
     # use delete_if rather than reject! because it always returns self even if nothing changed
     delete_if(&:blank?)

data/lib/active_support/core_ext/erb/util.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require "erb"
+
+module ActiveSupport
+  module CoreExt
+    module ERBUtil
+      # HTML escapes strings but doesn't wrap them with an ActiveSupport::SafeBuffer.
+      # This method is not for public consumption! Seriously!
+      def html_escape(s) # :nodoc:
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          super(ActiveSupport::Multibyte::Unicode.tidy_bytes(s))
+        end
+      end
+      alias :unwrapped_html_escape :html_escape # :nodoc:
+
+      # A utility method for escaping HTML tag characters.
+      # This method is also aliased as <tt>h</tt>.
+      #
+      #   puts html_escape('is a > 0 & a < 10?')
+      #   # => is a &gt; 0 &amp; a &lt; 10?
+      def html_escape(s) # rubocop:disable Lint/DuplicateMethods
+        unwrapped_html_escape(s).html_safe
+      end
+      alias h html_escape
+    end
+
+    module ERBUtilPrivate
+      include ERBUtil
+      private :unwrapped_html_escape, :html_escape, :h
+    end
+  end
+end
+
+class ERB
+  module Util
+    HTML_ESCAPE = { "&" => "&amp;",  ">" => "&gt;",   "<" => "&lt;", '"' => "&quot;", "'" => "&#39;" }
+    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
+
+    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
+    TAG_NAME_START_CODEPOINTS = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
+                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
+                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
+    INVALID_TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_CODEPOINTS}]/
+    TAG_NAME_FOLLOWING_CODEPOINTS = "#{TAG_NAME_START_CODEPOINTS}\\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}"
+    INVALID_TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_FOLLOWING_CODEPOINTS}]/
+    SAFE_XML_TAG_NAME_REGEXP = /\A[#{TAG_NAME_START_CODEPOINTS}][#{TAG_NAME_FOLLOWING_CODEPOINTS}]*\z/
+    TAG_NAME_REPLACEMENT_CHAR = "_"
+
+    prepend ActiveSupport::CoreExt::ERBUtilPrivate
+    singleton_class.prepend ActiveSupport::CoreExt::ERBUtil
+
+    # A utility method for escaping HTML without affecting existing escaped entities.
+    #
+    #   html_escape_once('1 < 2 &amp; 3')
+    #   # => "1 &lt; 2 &amp; 3"
+    #
+    #   html_escape_once('&lt;&lt; Accept & Checkout')
+    #   # => "&lt;&lt; Accept &amp; Checkout"
+    def html_escape_once(s)
+      ActiveSupport::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE).html_safe
+    end
+
+    module_function :html_escape_once
+
+    # A utility method for escaping HTML entities in JSON strings. Specifically, the
+    # &, > and < characters are replaced with their equivalent unicode escaped form -
+    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
+    # escaped as they are treated as newline characters in some JavaScript engines.
+    # These sequences have identical meaning as the original characters inside the
+    # context of a JSON string, so assuming the input is a valid and well-formed
+    # JSON value, the output will have equivalent meaning when parsed:
+    #
+    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
+    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
+    #
+    #   json_escape(json)
+    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
+    #
+    #   JSON.parse(json) == JSON.parse(json_escape(json))
+    #   # => true
+    #
+    # The intended use case for this method is to escape JSON strings before including
+    # them inside a script tag to avoid XSS vulnerability:
+    #
+    #   <script>
+    #     var currentUser = <%= raw json_escape(current_user.to_json) %>;
+    #   </script>
+    #
+    # It is necessary to +raw+ the result of +json_escape+, so that quotation marks
+    # don't get converted to <tt>&quot;</tt> entities. +json_escape+ doesn't
+    # automatically flag the result as HTML safe, since the raw value is unsafe to
+    # use inside HTML attributes.
+    #
+    # If your JSON is being used downstream for insertion into the DOM, be aware of
+    # whether or not it is being inserted via <tt>html()</tt>. Most jQuery plugins do this.
+    # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
+    # content returned by your JSON.
+    #
+    # If you need to output JSON elsewhere in your HTML, you can just do something
+    # like this, as any unsafe characters (including quotation marks) will be
+    # automatically escaped for you:
+    #
+    #   <div data-user-info="<%= current_user.to_json %>">...</div>
+    #
+    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
+    # will open up serious XSS vulnerabilities. For example, if you replace the
+    # +current_user.to_json+ in the example above with user input instead, the browser
+    # will happily <tt>eval()</tt> that string as JavaScript.
+    #
+    # The escaping performed in this method is identical to those performed in the
+    # Active Support JSON encoder when +ActiveSupport.escape_html_entities_in_json+ is
+    # set to true. Because this transformation is idempotent, this helper can be
+    # applied even if +ActiveSupport.escape_html_entities_in_json+ is already true.
+    #
+    # Therefore, when you are unsure if +ActiveSupport.escape_html_entities_in_json+
+    # is enabled, or if you are unsure where your JSON string originated from, it
+    # is recommended that you always apply this helper (other libraries, such as the
+    # JSON gem, do not provide this kind of protection by default; also some gems
+    # might override +to_json+ to bypass Active Support's encoder).
+    def json_escape(s)
+      result = s.to_s.dup
+      result.gsub!(">", '\u003e')
+      result.gsub!("<", '\u003c')
+      result.gsub!("&", '\u0026')
+      result.gsub!("\u2028", '\u2028')
+      result.gsub!("\u2029", '\u2029')
+      s.html_safe? ? result.html_safe : result
+    end
+
+    module_function :json_escape
+
+    # A utility method for escaping XML names of tags and names of attributes.
+    #
+    #   xml_name_escape('1 < 2 & 3')
+    #   # => "1___2___3"
+    #
+    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
+    def xml_name_escape(name)
+      name = name.to_s
+      return "" if name.blank?
+      return name if name.match?(SAFE_XML_TAG_NAME_REGEXP)
+
+      starting_char = name[0]
+      starting_char.gsub!(INVALID_TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      return starting_char if name.size == 1
+
+      following_chars = name[1..-1]
+      following_chars.gsub!(INVALID_TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      starting_char << following_chars
+    end
+    module_function :xml_name_escape
+
+    # Tokenizes a line of ERB.  This is really just for error reporting and
+    # nobody should use it.
+    def self.tokenize(source) # :nodoc:
+      require "strscan"
+      source = StringScanner.new(source.chomp)
+      tokens = []
+
+      start_re = /<%(?:={1,2}|-|\#|%)?/m
+      finish_re = /(?:[-=])?%>/m
+
+      while !source.eos?
+        pos = source.pos
+        source.scan_until(/(?:#{start_re}|#{finish_re})/)
+        raise NotImplementedError if source.matched.nil?
+        len = source.pos - source.matched.bytesize - pos
+
+        case source.matched
+        when start_re
+          tokens << [:TEXT, source.string[pos, len]] if len > 0
+          tokens << [:OPEN, source.matched]
+          if source.scan(/(.*?)(?=#{finish_re}|\z)/m)
+            tokens << [:CODE, source.matched] unless source.matched.empty?
+            tokens << [:CLOSE, source.scan(finish_re)] unless source.eos?
+          else
+            raise NotImplementedError
+          end
+        when finish_re
+          tokens << [:CODE, source.string[pos, len]] if len > 0
+          tokens << [:CLOSE, source.matched]
+        else
+          raise NotImplementedError, source.matched
+        end
+      end
+
+      tokens
+    end
+  end
+end

data/lib/active_support/core_ext/file/atomic.rb

@@ -53,7 +53,7 @@ class File
   end
 
   # Private utility method.
-  def self.probe_stat_in(dir) #:nodoc:
+  def self.probe_stat_in(dir) # :nodoc:
     basename = [
       ".permissions_check",
       Thread.current.object_id,
@@ -64,6 +64,8 @@ class File
     file_name = join(dir, basename)
     FileUtils.touch(file_name)
     stat(file_name)
+  rescue Errno::ENOENT
+    file_name = nil
   ensure
     FileUtils.rm_f(file_name) if file_name
   end

data/lib/active_support/core_ext/hash/conversions.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/xml_mini"
 require "active_support/core_ext/object/blank"
 require "active_support/core_ext/object/to_param"
 require "active_support/core_ext/object/to_query"
@@ -69,7 +68,7 @@ class Hash
   #
   # By default the root node is "hash", but that's configurable via the <tt>:root</tt> option.
   #
-  # The default XML builder is a fresh instance of <tt>Builder::XmlMarkup</tt>. You can
+  # The default XML builder is a fresh instance of +Builder::XmlMarkup+. You can
   # configure your own builder with the <tt>:builder</tt> option. The method also accepts
   # options like <tt>:dasherize</tt> and friends, they are forwarded to the builder.
   def to_xml(options = {})

data/lib/active_support/core_ext/hash/deep_merge.rb

@@ -1,6 +1,14 @@
 # frozen_string_literal: true
 
+require "active_support/deep_mergeable"
+
 class Hash
+  include ActiveSupport::DeepMergeable
+
+  ##
+  # :method: deep_merge
+  # :call-seq: deep_merge(other_hash, &block)
+  #
   # Returns a new hash with +self+ and +other_hash+ merged recursively.
   #
   #   h1 = { a: true, b: { c: [1, 2, 3] } }
@@ -15,20 +23,20 @@ class Hash
   #   h2 = { b: 250, c: { c1: 200 } }
   #   h1.deep_merge(h2) { |key, this_val, other_val| this_val + other_val }
   #   # => { a: 100, b: 450, c: { c1: 300 } }
-  def deep_merge(other_hash, &block)
-    dup.deep_merge!(other_hash, &block)
-  end
+  #
+  #--
+  # Implemented by ActiveSupport::DeepMergeable#deep_merge.
+
+  ##
+  # :method: deep_merge!
+  # :call-seq: deep_merge!(other_hash, &block)
+  #
+  # Same as #deep_merge, but modifies +self+.
+  #
+  #--
+  # Implemented by ActiveSupport::DeepMergeable#deep_merge!.
 
-  # Same as +deep_merge+, but modifies +self+.
-  def deep_merge!(other_hash, &block)
-    merge!(other_hash) do |key, this_val, other_val|
-      if this_val.is_a?(Hash) && other_val.is_a?(Hash)
-        this_val.deep_merge(other_val, &block)
-      elsif block_given?
-        block.call(key, this_val, other_val)
-      else
-        other_val
-      end
-    end
+  def deep_merge?(other) # :nodoc:
+    other.is_a?(Hash)
   end
 end