activesupport 7.0.4 → 7.1.5.1

data/lib/active_support/core_ext/range/overlap.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+class Range
+  # Compare two ranges and see if they overlap each other
+  #  (1..5).overlap?(4..6) # => true
+  #  (1..5).overlap?(7..9) # => false
+  unless Range.method_defined?(:overlap?)
+    def overlap?(other)
+      raise TypeError unless other.is_a? Range
+
+      self_begin = self.begin
+      other_end = other.end
+      other_excl = other.exclude_end?
+
+      return false if _empty_range?(self_begin, other_end, other_excl)
+
+      other_begin = other.begin
+      self_end = self.end
+      self_excl = self.exclude_end?
+
+      return false if _empty_range?(other_begin, self_end, self_excl)
+      return true if self_begin == other_begin
+
+      return false if _empty_range?(self_begin, self_end, self_excl)
+      return false if _empty_range?(other_begin, other_end, other_excl)
+
+      true
+    end
+
+    private
+    def _empty_range?(b, e, excl)
+      return false if b.nil? || e.nil?
+
+      comp = b <=> e
+      comp.nil? || comp > 0 || (comp == 0 && excl)
+    end
+  end
+
+  alias :overlaps? :overlap?
+end

data/lib/active_support/core_ext/range.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/range/conversions"
-require "active_support/core_ext/range/deprecated_conversions" unless ENV["RAILS_DISABLE_DEPRECATED_TO_S_CONVERSION"]
 require "active_support/core_ext/range/compare_range"
-require "active_support/core_ext/range/overlaps"
+require "active_support/core_ext/range/overlap"
 require "active_support/core_ext/range/each"

data/lib/active_support/core_ext/securerandom.rb

@@ -16,12 +16,18 @@ module SecureRandom
   #
   #   p SecureRandom.base58 # => "4kUgL2pdQMSCQtjE"
   #   p SecureRandom.base58(24) # => "77TMHrHJFvFDwodq8w7Ev2m7"
-  def self.base58(n = 16)
-    SecureRandom.random_bytes(n).unpack("C*").map do |byte|
-      idx = byte % 64
-      idx = SecureRandom.random_number(58) if idx >= 58
-      BASE58_ALPHABET[idx]
-    end.join
+  if RUBY_VERSION >= "3.3"
+    def self.base58(n = 16)
+      SecureRandom.alphanumeric(n, chars: BASE58_ALPHABET)
+    end
+  else
+    def self.base58(n = 16)
+      SecureRandom.random_bytes(n).unpack("C*").map do |byte|
+        idx = byte % 64
+        idx = SecureRandom.random_number(58) if idx >= 58
+        BASE58_ALPHABET[idx]
+      end.join
+    end
   end
 
   # SecureRandom.base36 generates a random base36 string in lowercase.
@@ -35,11 +41,17 @@ module SecureRandom
   #
   #   p SecureRandom.base36 # => "4kugl2pdqmscqtje"
   #   p SecureRandom.base36(24) # => "77tmhrhjfvfdwodq8w7ev2m7"
-  def self.base36(n = 16)
-    SecureRandom.random_bytes(n).unpack("C*").map do |byte|
-      idx = byte % 64
-      idx = SecureRandom.random_number(36) if idx >= 36
-      BASE36_ALPHABET[idx]
-    end.join
+  if RUBY_VERSION >= "3.3"
+    def self.base36(n = 16)
+      SecureRandom.alphanumeric(n, chars: BASE36_ALPHABET)
+    end
+  else
+    def self.base36(n = 16)
+      SecureRandom.random_bytes(n).unpack("C*").map do |byte|
+        idx = byte % 64
+        idx = SecureRandom.random_number(36) if idx >= 36
+        BASE36_ALPHABET[idx]
+      end.join
+    end
   end
 end

data/lib/active_support/core_ext/string/filters.rb

@@ -45,7 +45,7 @@ class String
     self
   end
 
-  # Truncates a given +text+ after a given <tt>length</tt> if +text+ is longer than <tt>length</tt>:
+  # Truncates a given +text+ to length <tt>truncate_to</tt> if +text+ is longer than <tt>truncate_to</tt>:
   #
   #   'Once upon a time in a world far far away'.truncate(27)
   #   # => "Once upon a time in a wo..."
@@ -58,16 +58,20 @@ class String
   #   'Once upon a time in a world far far away'.truncate(27, separator: /\s/)
   #   # => "Once upon a time in a..."
   #
-  # The last characters will be replaced with the <tt>:omission</tt> string (defaults to "...")
-  # for a total length not exceeding <tt>length</tt>:
+  # The last characters will be replaced with the <tt>:omission</tt> string (defaults to "...").
+  # The total length will not exceed <tt>truncate_to</tt> unless both +text+ and <tt>:omission</tt>
+  # are longer than <tt>truncate_to</tt>:
   #
   #   'And they found that many people were sleeping better.'.truncate(25, omission: '... (continued)')
   #   # => "And they f... (continued)"
-  def truncate(truncate_at, options = {})
-    return dup unless length > truncate_at
+  #
+  #   'And they found that many people were sleeping better.'.truncate(4, omission: '... (continued)')
+  #   # => "... (continued)"
+  def truncate(truncate_to, options = {})
+    return dup unless length > truncate_to
 
     omission = options[:omission] || "..."
-    length_with_room_for_omission = truncate_at - omission.length
+    length_with_room_for_omission = truncate_to - omission.length
     stop = \
       if options[:separator]
         rindex(options[:separator], length_with_room_for_omission) || length_with_room_for_omission
@@ -78,7 +82,7 @@ class String
     +"#{self[0, stop]}#{omission}"
   end
 
-  # Truncates +text+ to at most <tt>bytesize</tt> bytes in length without
+  # Truncates +text+ to at most <tt>truncate_to</tt> bytes in length without
   # breaking string encoding by splitting multibyte characters or breaking
   # grapheme clusters ("perceptual characters") by truncating at combining
   # characters.
@@ -91,20 +95,22 @@ class String
   #   => "🔪🔪🔪🔪…"
   #
   # The truncated text ends with the <tt>:omission</tt> string, defaulting
-  # to "…", for a total length not exceeding <tt>bytesize</tt>.
-  def truncate_bytes(truncate_at, omission: "…")
+  # to "…", for a total length not exceeding <tt>truncate_to</tt>.
+  #
+  # Raises +ArgumentError+ when the bytesize of <tt>:omission</tt> exceeds <tt>truncate_to</tt>.
+  def truncate_bytes(truncate_to, omission: "…")
     omission ||= ""
 
     case
-    when bytesize <= truncate_at
+    when bytesize <= truncate_to
       dup
-    when omission.bytesize > truncate_at
-      raise ArgumentError, "Omission #{omission.inspect} is #{omission.bytesize}, larger than the truncation length of #{truncate_at} bytes"
-    when omission.bytesize == truncate_at
+    when omission.bytesize > truncate_to
+      raise ArgumentError, "Omission #{omission.inspect} is #{omission.bytesize}, larger than the truncation length of #{truncate_to} bytes"
+    when omission.bytesize == truncate_to
       omission.dup
     else
       self.class.new.tap do |cut|
-        cut_at = truncate_at - omission.bytesize
+        cut_at = truncate_to - omission.bytesize
 
         each_grapheme_cluster do |grapheme|
           if cut.bytesize + grapheme.bytesize <= cut_at

data/lib/active_support/core_ext/string/indent.rb

@@ -24,7 +24,7 @@ class String
   #
   # The second argument, +indent_string+, specifies which indent string to
   # use. The default is +nil+, which tells the method to make a guess by
-  # peeking at the first indented line, and fallback to a space if there is
+  # peeking at the first indented line, and fall back to a space if there is
   # none.
   #
   #   "  foo".indent(2)        # => "    foo"

data/lib/active_support/core_ext/string/inflections.rb

@@ -97,8 +97,6 @@ class String
   #   'active_record/errors'.camelize         # => "ActiveRecord::Errors"
   #   'active_record/errors'.camelize(:lower) # => "activeRecord::Errors"
   #
-  # +camelize+ is also aliased as +camelcase+.
-  #
   # See ActiveSupport::Inflector.camelize.
   def camelize(first_letter = :upper)
     case first_letter
@@ -114,7 +112,7 @@ class String
 
   # Capitalizes all the words and replaces some characters in the string to create
   # a nicer looking title. +titleize+ is meant for creating pretty output. It is not
-  # used in the Rails internals.
+  # used in the \Rails internals.
   #
   # The trailing '_id','Id'.. can be kept and capitalized by setting the
   # optional parameter +keep_id_suffix+ to true.
@@ -124,8 +122,6 @@ class String
   #   'x-men: the last stand'.titleize                        # => "X Men: The Last Stand"
   #   'string_ending_with_id'.titleize(keep_id_suffix: true)  # => "String Ending With Id"
   #
-  # +titleize+ is also aliased as +titlecase+.
-  #
   # See ActiveSupport::Inflector.titleize.
   def titleize(keep_id_suffix: false)
     ActiveSupport::Inflector.titleize(self, keep_id_suffix: keep_id_suffix)
@@ -220,7 +216,7 @@ class String
     ActiveSupport::Inflector.parameterize(self, separator: separator, preserve_case: preserve_case, locale: locale)
   end
 
-  # Creates the name of a table like Rails does for models to table names. This method
+  # Creates the name of a table like \Rails does for models to table names. This method
   # uses the +pluralize+ method on the last word in the string.
   #
   #   'RawScaledScorer'.tableize # => "raw_scaled_scorers"
@@ -232,7 +228,7 @@ class String
     ActiveSupport::Inflector.tableize(self)
   end
 
-  # Creates a class name from a plural table name like Rails does for table names to models.
+  # Creates a class name from a plural table name like \Rails does for table names to models.
   # Note that this returns a string and not a class. (To convert to an actual class
   # follow +classify+ with +constantize+.)
   #
@@ -244,7 +240,7 @@ class String
     ActiveSupport::Inflector.classify(self)
   end
 
-  # Capitalizes the first word, turns underscores into spaces, and (by default)strips a
+  # Capitalizes the first word, turns underscores into spaces, and (by default) strips a
   # trailing '_id' if present.
   # Like +titleize+, this is meant for creating pretty output.
   #
@@ -267,7 +263,7 @@ class String
     ActiveSupport::Inflector.humanize(self, capitalize: capitalize, keep_id_suffix: keep_id_suffix)
   end
 
-  # Converts just the first character to uppercase.
+  # Converts the first character to uppercase.
   #
   #   'what a Lovely Day'.upcase_first # => "What a Lovely Day"
   #   'w'.upcase_first                 # => "W"
@@ -278,6 +274,17 @@ class String
     ActiveSupport::Inflector.upcase_first(self)
   end
 
+  # Converts the first character to lowercase.
+  #
+  #   'If they enjoyed The Matrix'.downcase_first # => "if they enjoyed The Matrix"
+  #   'I'.downcase_first                          # => "i"
+  #   ''.downcase_first                           # => ""
+  #
+  # See ActiveSupport::Inflector.downcase_first.
+  def downcase_first
+    ActiveSupport::Inflector.downcase_first(self)
+  end
+
   # Creates a foreign key name from a class name.
   # +separate_class_name_and_id_with_underscore+ sets whether
   # the method should put '_' between the name and 'id'.

data/lib/active_support/core_ext/string/output_safety.rb

@@ -1,151 +1,8 @@
 # frozen_string_literal: true
 
-require "erb"
-require "active_support/core_ext/module/redefine_method"
+require "active_support/core_ext/erb/util"
 require "active_support/multibyte/unicode"
 
-class ERB
-  module Util
-    HTML_ESCAPE = { "&" => "&amp;",  ">" => "&gt;",   "<" => "&lt;", '"' => "&quot;", "'" => "&#39;" }
-    JSON_ESCAPE = { "&" => '\u0026', ">" => '\u003e', "<" => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
-    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
-    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
-
-    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
-    TAG_NAME_START_REGEXP_SET = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
-                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
-                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
-    TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
-    TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
-    TAG_NAME_REPLACEMENT_CHAR = "_"
-
-    # A utility method for escaping HTML tag characters.
-    # This method is also aliased as <tt>h</tt>.
-    #
-    #   puts html_escape('is a > 0 & a < 10?')
-    #   # => is a &gt; 0 &amp; a &lt; 10?
-    def html_escape(s)
-      unwrapped_html_escape(s).html_safe
-    end
-
-    silence_redefinition_of_method :h
-    alias h html_escape
-
-    module_function :h
-
-    singleton_class.silence_redefinition_of_method :html_escape
-    module_function :html_escape
-
-    # HTML escapes strings but doesn't wrap them with an ActiveSupport::SafeBuffer.
-    # This method is not for public consumption! Seriously!
-    def unwrapped_html_escape(s) # :nodoc:
-      s = s.to_s
-      if s.html_safe?
-        s
-      else
-        CGI.escapeHTML(ActiveSupport::Multibyte::Unicode.tidy_bytes(s))
-      end
-    end
-    module_function :unwrapped_html_escape
-
-    # A utility method for escaping HTML without affecting existing escaped entities.
-    #
-    #   html_escape_once('1 < 2 &amp; 3')
-    #   # => "1 &lt; 2 &amp; 3"
-    #
-    #   html_escape_once('&lt;&lt; Accept & Checkout')
-    #   # => "&lt;&lt; Accept &amp; Checkout"
-    def html_escape_once(s)
-      result = ActiveSupport::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE)
-      s.html_safe? ? result.html_safe : result
-    end
-
-    module_function :html_escape_once
-
-    # A utility method for escaping HTML entities in JSON strings. Specifically, the
-    # &, > and < characters are replaced with their equivalent unicode escaped form -
-    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
-    # escaped as they are treated as newline characters in some JavaScript engines.
-    # These sequences have identical meaning as the original characters inside the
-    # context of a JSON string, so assuming the input is a valid and well-formed
-    # JSON value, the output will have equivalent meaning when parsed:
-    #
-    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
-    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
-    #
-    #   json_escape(json)
-    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
-    #
-    #   JSON.parse(json) == JSON.parse(json_escape(json))
-    #   # => true
-    #
-    # The intended use case for this method is to escape JSON strings before including
-    # them inside a script tag to avoid XSS vulnerability:
-    #
-    #   <script>
-    #     var currentUser = <%= raw json_escape(current_user.to_json) %>;
-    #   </script>
-    #
-    # It is necessary to +raw+ the result of +json_escape+, so that quotation marks
-    # don't get converted to <tt>&quot;</tt> entities. +json_escape+ doesn't
-    # automatically flag the result as HTML safe, since the raw value is unsafe to
-    # use inside HTML attributes.
-    #
-    # If your JSON is being used downstream for insertion into the DOM, be aware of
-    # whether or not it is being inserted via <tt>html()</tt>. Most jQuery plugins do this.
-    # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
-    # content returned by your JSON.
-    #
-    # If you need to output JSON elsewhere in your HTML, you can just do something
-    # like this, as any unsafe characters (including quotation marks) will be
-    # automatically escaped for you:
-    #
-    #   <div data-user-info="<%= current_user.to_json %>">...</div>
-    #
-    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
-    # will open up serious XSS vulnerabilities. For example, if you replace the
-    # +current_user.to_json+ in the example above with user input instead, the browser
-    # will happily <tt>eval()</tt> that string as JavaScript.
-    #
-    # The escaping performed in this method is identical to those performed in the
-    # Active Support JSON encoder when +ActiveSupport.escape_html_entities_in_json+ is
-    # set to true. Because this transformation is idempotent, this helper can be
-    # applied even if +ActiveSupport.escape_html_entities_in_json+ is already true.
-    #
-    # Therefore, when you are unsure if +ActiveSupport.escape_html_entities_in_json+
-    # is enabled, or if you are unsure where your JSON string originated from, it
-    # is recommended that you always apply this helper (other libraries, such as the
-    # JSON gem, do not provide this kind of protection by default; also some gems
-    # might override +to_json+ to bypass Active Support's encoder).
-    def json_escape(s)
-      result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
-      s.html_safe? ? result.html_safe : result
-    end
-
-    module_function :json_escape
-
-    # A utility method for escaping XML names of tags and names of attributes.
-    #
-    #   xml_name_escape('1 < 2 & 3')
-    #   # => "1___2___3"
-    #
-    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
-    def xml_name_escape(name)
-      name = name.to_s
-      return "" if name.blank?
-
-      starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      return starting_char if name.size == 1
-
-      following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      starting_char + following_chars
-    end
-    module_function :xml_name_escape
-  end
-end
-
 class Object
   def html_safe?
     false
@@ -162,7 +19,7 @@ module ActiveSupport # :nodoc:
   class SafeBuffer < String
     UNSAFE_STRING_METHODS = %w(
       capitalize chomp chop delete delete_prefix delete_suffix
-      downcase lstrip next reverse rstrip scrub slice squeeze strip
+      downcase lstrip next reverse rstrip scrub squeeze strip
       succ swapcase tr tr_s unicode_normalize upcase
     )
 
@@ -174,7 +31,7 @@ module ActiveSupport # :nodoc:
     # Raised when ActiveSupport::SafeBuffer#safe_concat is called on unsafe buffers.
     class SafeConcatError < StandardError
       def initialize
-        super "Could not concatenate to the buffer because it is not html safe."
+        super "Could not concatenate to the buffer because it is not HTML safe."
       end
     end
 
@@ -184,13 +41,26 @@ module ActiveSupport # :nodoc:
 
         return unless new_string
 
-        new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
-        new_safe_buffer.instance_variable_set :@html_safe, true
-        new_safe_buffer
+        string_into_safe_buffer(new_string, true)
       else
         to_str[*args]
       end
     end
+    alias_method :slice, :[]
+
+    def slice!(*args)
+      new_string = super
+
+      return new_string if !html_safe? || new_string.nil?
+
+      string_into_safe_buffer(new_string, true)
+    end
+
+    def chr
+      return super unless html_safe?
+
+      string_into_safe_buffer(super, true)
+    end
 
     def safe_concat(value)
       raise SafeConcatError unless html_safe?
@@ -207,7 +77,10 @@ module ActiveSupport # :nodoc:
       @html_safe = other.html_safe?
     end
 
-    def clone_empty
+    def clone_empty # :nodoc:
+      ActiveSupport.deprecator.warn <<~EOM
+        ActiveSupport::SafeBuffer#clone_empty is deprecated and will be removed in Rails 7.2.
+      EOM
       self[0, 0]
     end
 
@@ -219,6 +92,10 @@ module ActiveSupport # :nodoc:
     end
     alias << concat
 
+    def bytesplice(*args, value)
+      super(*args, implicit_html_escape_interpolated_argument(value))
+    end
+
     def insert(index, value)
       super(index, implicit_html_escape_interpolated_argument(value))
     end
@@ -231,11 +108,11 @@ module ActiveSupport # :nodoc:
       super(implicit_html_escape_interpolated_argument(value))
     end
 
-    def []=(*args)
-      if args.length == 3
-        super(args[0], args[1], implicit_html_escape_interpolated_argument(args[2]))
+    def []=(arg1, arg2, arg3 = nil)
+      if arg3
+        super(arg1, arg2, implicit_html_escape_interpolated_argument(arg3))
       else
-        super(args[0], implicit_html_escape_interpolated_argument(args[1]))
+        super(arg1, implicit_html_escape_interpolated_argument(arg2))
       end
     end
 
@@ -243,7 +120,7 @@ module ActiveSupport # :nodoc:
       dup.concat(other)
     end
 
-    def *(*)
+    def *(_)
       new_string = super
       new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
       new_safe_buffer.instance_variable_set(:@html_safe, @html_safe)
@@ -261,9 +138,9 @@ module ActiveSupport # :nodoc:
       self.class.new(super(escaped_args))
     end
 
-    def html_safe?
-      defined?(@html_safe) && @html_safe
-    end
+    attr_reader :html_safe
+    alias_method :html_safe?, :html_safe
+    remove_method :html_safe
 
     def to_s
       self
@@ -328,22 +205,7 @@ module ActiveSupport # :nodoc:
         if !html_safe? || arg.html_safe?
           arg
         else
-          arg_string = begin
-            arg.to_str
-          rescue NoMethodError => error
-            if error.name == :to_str
-              str = arg.to_s
-              ActiveSupport::Deprecation.warn <<~MSG.squish
-                Implicit conversion of #{arg.class} into String by ActiveSupport::SafeBuffer
-                is deprecated and will be removed in Rails 7.1.
-                You must explicitly cast it to a String.
-              MSG
-              str
-            else
-              raise
-            end
-          end
-          CGI.escapeHTML(arg_string)
+          CGI.escapeHTML(arg.to_str)
         end
       end
 
@@ -352,6 +214,12 @@ module ActiveSupport # :nodoc:
       rescue ArgumentError
         # Can't create binding from C level Proc
       end
+
+      def string_into_safe_buffer(new_string, is_html_safe)
+        new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
+        new_safe_buffer.instance_variable_set :@html_safe, is_html_safe
+        new_safe_buffer
+      end
   end
 end
 

data/lib/active_support/core_ext/thread/backtrace/location.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Thread::Backtrace::Location # :nodoc:
+  if defined?(ErrorHighlight) && Gem::Version.new(ErrorHighlight::VERSION) >= Gem::Version.new("0.4.0")
+    def spot(ex)
+      ErrorHighlight.spot(ex, backtrace_location: self)
+    end
+  else
+    def spot(ex)
+    end
+  end
+end

data/lib/active_support/core_ext/time/calculations.rb

@@ -160,9 +160,25 @@ class Time
     elsif utc?
       ::Time.utc(new_year, new_month, new_day, new_hour, new_min, new_sec)
     elsif zone&.respond_to?(:utc_to_local)
-      ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
+      new_time = ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
+
+      # When there are two occurrences of a nominal time due to DST ending,
+      # `Time.new` chooses the first chronological occurrence (the one with a
+      # larger UTC offset). However, for `change`, we want to choose the
+      # occurrence that matches this time's UTC offset.
+      #
+      # If the new time's UTC offset is larger than this time's UTC offset, the
+      # new time might be a first chronological occurrence. So we add the offset
+      # difference to fast-forward the new time, and check if the result has the
+      # desired UTC offset (i.e. is the second chronological occurrence).
+      offset_difference = new_time.utc_offset - utc_offset
+      if offset_difference > 0 && (new_time_2 = new_time + offset_difference).utc_offset == utc_offset
+        new_time_2
+      else
+        new_time
+      end
     elsif zone
-      ::Time.local(new_year, new_month, new_day, new_hour, new_min, new_sec)
+      ::Time.local(new_sec, new_min, new_hour, new_day, new_month, new_year, nil, nil, isdst, nil)
     else
       ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, utc_offset)
     end
@@ -179,6 +195,10 @@ class Time
   #   Time.new(2015, 8, 1, 14, 35, 0).advance(hours: 1)   # => 2015-08-01 15:35:00 -0700
   #   Time.new(2015, 8, 1, 14, 35, 0).advance(days: 1)    # => 2015-08-02 14:35:00 -0700
   #   Time.new(2015, 8, 1, 14, 35, 0).advance(weeks: 1)   # => 2015-08-08 14:35:00 -0700
+  #
+  # Just like Date#advance, increments are applied in order of time units from
+  # largest to smallest. This order can affect the result around the end of a
+  # month.
   def advance(options)
     unless options[:weeks].nil?
       options[:weeks], partial_weeks = options[:weeks].divmod(1)

data/lib/active_support/core_ext/time/conversions.rb

@@ -54,12 +54,12 @@ class Time
     if formatter = DATE_FORMATS[format]
       formatter.respond_to?(:call) ? formatter.call(self).to_s : strftime(formatter)
     else
-      # Change to `to_s` when deprecation is gone. Also deprecate `to_default_s`.
-      to_default_s
+      to_s
     end
   end
   alias_method :to_formatted_s, :to_fs
   alias_method :to_default_s, :to_s
+  deprecate to_default_s: :to_s, deprecator: ActiveSupport.deprecator
 
   # Returns a formatted string of the offset from UTC, or an alternative
   # string if the time zone is already UTC.

data/lib/active_support/core_ext/time/zones.rb

@@ -19,10 +19,10 @@ class Time
     #
     # This method accepts any of the following:
     #
-    # * A Rails TimeZone object.
-    # * An identifier for a Rails TimeZone object (e.g., "Eastern Time (US & Canada)", <tt>-5.hours</tt>).
-    # * A <tt>TZInfo::Timezone</tt> object.
-    # * An identifier for a <tt>TZInfo::Timezone</tt> object (e.g., "America/New_York").
+    # * A \Rails TimeZone object.
+    # * An identifier for a \Rails TimeZone object (e.g., "Eastern Time (US & Canada)", <tt>-5.hours</tt>).
+    # * A +TZInfo::Timezone+ object.
+    # * An identifier for a +TZInfo::Timezone+ object (e.g., "America/New_York").
     #
     # Here's an example of how you might set <tt>Time.zone</tt> on a per request basis and reset it when the request is done.
     # <tt>current_user.time_zone</tt> just needs to return a string identifying the user's preferred time zone:
@@ -49,10 +49,9 @@ class Time
     #     around_action :set_time_zone
     #
     #     private
-    #
-    #     def set_time_zone
-    #       Time.use_zone(current_user.timezone) { yield }
-    #     end
+    #       def set_time_zone
+    #         Time.use_zone(current_user.timezone) { yield }
+    #       end
     #   end
     #
     # NOTE: This won't affect any ActiveSupport::TimeWithZone

data/lib/active_support/core_ext/time.rb

@@ -4,5 +4,4 @@ require "active_support/core_ext/time/acts_like"
 require "active_support/core_ext/time/calculations"
 require "active_support/core_ext/time/compatibility"
 require "active_support/core_ext/time/conversions"
-require "active_support/core_ext/time/deprecated_conversions" unless ENV["RAILS_DISABLE_DEPRECATED_TO_S_CONVERSION"]
 require "active_support/core_ext/time/zones"