activesupport 7.0.8.1 → 7.2.2.1

data/lib/active_support/core_ext/string/output_safety.rb

@@ -1,151 +1,8 @@
 # frozen_string_literal: true
 
-require "erb"
-require "active_support/core_ext/module/redefine_method"
+require "active_support/core_ext/erb/util"
 require "active_support/multibyte/unicode"
 
-class ERB
-  module Util
-    HTML_ESCAPE = { "&" => "&amp;",  ">" => "&gt;",   "<" => "&lt;", '"' => "&quot;", "'" => "&#39;" }
-    JSON_ESCAPE = { "&" => '\u0026', ">" => '\u003e', "<" => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
-    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
-    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
-
-    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
-    TAG_NAME_START_REGEXP_SET = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
-                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
-                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
-    TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
-    TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
-    TAG_NAME_REPLACEMENT_CHAR = "_"
-
-    # A utility method for escaping HTML tag characters.
-    # This method is also aliased as <tt>h</tt>.
-    #
-    #   puts html_escape('is a > 0 & a < 10?')
-    #   # => is a &gt; 0 &amp; a &lt; 10?
-    def html_escape(s)
-      unwrapped_html_escape(s).html_safe
-    end
-
-    silence_redefinition_of_method :h
-    alias h html_escape
-
-    module_function :h
-
-    singleton_class.silence_redefinition_of_method :html_escape
-    module_function :html_escape
-
-    # HTML escapes strings but doesn't wrap them with an ActiveSupport::SafeBuffer.
-    # This method is not for public consumption! Seriously!
-    def unwrapped_html_escape(s) # :nodoc:
-      s = s.to_s
-      if s.html_safe?
-        s
-      else
-        CGI.escapeHTML(ActiveSupport::Multibyte::Unicode.tidy_bytes(s))
-      end
-    end
-    module_function :unwrapped_html_escape
-
-    # A utility method for escaping HTML without affecting existing escaped entities.
-    #
-    #   html_escape_once('1 < 2 &amp; 3')
-    #   # => "1 &lt; 2 &amp; 3"
-    #
-    #   html_escape_once('&lt;&lt; Accept & Checkout')
-    #   # => "&lt;&lt; Accept &amp; Checkout"
-    def html_escape_once(s)
-      result = ActiveSupport::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE)
-      s.html_safe? ? result.html_safe : result
-    end
-
-    module_function :html_escape_once
-
-    # A utility method for escaping HTML entities in JSON strings. Specifically, the
-    # &, > and < characters are replaced with their equivalent unicode escaped form -
-    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
-    # escaped as they are treated as newline characters in some JavaScript engines.
-    # These sequences have identical meaning as the original characters inside the
-    # context of a JSON string, so assuming the input is a valid and well-formed
-    # JSON value, the output will have equivalent meaning when parsed:
-    #
-    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
-    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
-    #
-    #   json_escape(json)
-    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
-    #
-    #   JSON.parse(json) == JSON.parse(json_escape(json))
-    #   # => true
-    #
-    # The intended use case for this method is to escape JSON strings before including
-    # them inside a script tag to avoid XSS vulnerability:
-    #
-    #   <script>
-    #     var currentUser = <%= raw json_escape(current_user.to_json) %>;
-    #   </script>
-    #
-    # It is necessary to +raw+ the result of +json_escape+, so that quotation marks
-    # don't get converted to <tt>&quot;</tt> entities. +json_escape+ doesn't
-    # automatically flag the result as HTML safe, since the raw value is unsafe to
-    # use inside HTML attributes.
-    #
-    # If your JSON is being used downstream for insertion into the DOM, be aware of
-    # whether or not it is being inserted via <tt>html()</tt>. Most jQuery plugins do this.
-    # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
-    # content returned by your JSON.
-    #
-    # If you need to output JSON elsewhere in your HTML, you can just do something
-    # like this, as any unsafe characters (including quotation marks) will be
-    # automatically escaped for you:
-    #
-    #   <div data-user-info="<%= current_user.to_json %>">...</div>
-    #
-    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
-    # will open up serious XSS vulnerabilities. For example, if you replace the
-    # +current_user.to_json+ in the example above with user input instead, the browser
-    # will happily <tt>eval()</tt> that string as JavaScript.
-    #
-    # The escaping performed in this method is identical to those performed in the
-    # Active Support JSON encoder when +ActiveSupport.escape_html_entities_in_json+ is
-    # set to true. Because this transformation is idempotent, this helper can be
-    # applied even if +ActiveSupport.escape_html_entities_in_json+ is already true.
-    #
-    # Therefore, when you are unsure if +ActiveSupport.escape_html_entities_in_json+
-    # is enabled, or if you are unsure where your JSON string originated from, it
-    # is recommended that you always apply this helper (other libraries, such as the
-    # JSON gem, do not provide this kind of protection by default; also some gems
-    # might override +to_json+ to bypass Active Support's encoder).
-    def json_escape(s)
-      result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
-      s.html_safe? ? result.html_safe : result
-    end
-
-    module_function :json_escape
-
-    # A utility method for escaping XML names of tags and names of attributes.
-    #
-    #   xml_name_escape('1 < 2 & 3')
-    #   # => "1___2___3"
-    #
-    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
-    def xml_name_escape(name)
-      name = name.to_s
-      return "" if name.blank?
-
-      starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      return starting_char if name.size == 1
-
-      following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      starting_char + following_chars
-    end
-    module_function :xml_name_escape
-  end
-end
-
 class Object
   def html_safe?
     false
@@ -162,7 +19,7 @@ module ActiveSupport # :nodoc:
   class SafeBuffer < String
     UNSAFE_STRING_METHODS = %w(
       capitalize chomp chop delete delete_prefix delete_suffix
-      downcase lstrip next reverse rstrip scrub slice squeeze strip
+      downcase lstrip next reverse rstrip scrub squeeze strip
       succ swapcase tr tr_s unicode_normalize upcase
     )
 
@@ -174,7 +31,7 @@ module ActiveSupport # :nodoc:
     # Raised when ActiveSupport::SafeBuffer#safe_concat is called on unsafe buffers.
     class SafeConcatError < StandardError
       def initialize
-        super "Could not concatenate to the buffer because it is not html safe."
+        super "Could not concatenate to the buffer because it is not HTML safe."
       end
     end
 
@@ -184,13 +41,26 @@ module ActiveSupport # :nodoc:
 
         return unless new_string
 
-        new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
-        new_safe_buffer.instance_variable_set :@html_safe, true
-        new_safe_buffer
+        string_into_safe_buffer(new_string, true)
       else
         to_str[*args]
       end
     end
+    alias_method :slice, :[]
+
+    def slice!(*args)
+      new_string = super
+
+      return new_string if !html_safe? || new_string.nil?
+
+      string_into_safe_buffer(new_string, true)
+    end
+
+    def chr
+      return super unless html_safe?
+
+      string_into_safe_buffer(super, true)
+    end
 
     def safe_concat(value)
       raise SafeConcatError unless html_safe?
@@ -207,10 +77,6 @@ module ActiveSupport # :nodoc:
       @html_safe = other.html_safe?
     end
 
-    def clone_empty
-      self[0, 0]
-    end
-
     def concat(value)
       unless value.nil?
         super(implicit_html_escape_interpolated_argument(value))
@@ -235,11 +101,11 @@ module ActiveSupport # :nodoc:
       super(implicit_html_escape_interpolated_argument(value))
     end
 
-    def []=(*args)
-      if args.length == 3
-        super(args[0], args[1], implicit_html_escape_interpolated_argument(args[2]))
+    def []=(arg1, arg2, arg3 = nil)
+      if arg3
+        super(arg1, arg2, implicit_html_escape_interpolated_argument(arg3))
       else
-        super(args[0], implicit_html_escape_interpolated_argument(args[1]))
+        super(arg1, implicit_html_escape_interpolated_argument(arg2))
       end
     end
 
@@ -247,7 +113,7 @@ module ActiveSupport # :nodoc:
       dup.concat(other)
     end
 
-    def *(*)
+    def *(_)
       new_string = super
       new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
       new_safe_buffer.instance_variable_set(:@html_safe, @html_safe)
@@ -265,9 +131,9 @@ module ActiveSupport # :nodoc:
       self.class.new(super(escaped_args))
     end
 
-    def html_safe?
-      defined?(@html_safe) && @html_safe
-    end
+    attr_reader :html_safe
+    alias_method :html_safe?, :html_safe
+    remove_method :html_safe
 
     def to_s
       self
@@ -332,22 +198,7 @@ module ActiveSupport # :nodoc:
         if !html_safe? || arg.html_safe?
           arg
         else
-          arg_string = begin
-            arg.to_str
-          rescue NoMethodError => error
-            if error.name == :to_str
-              str = arg.to_s
-              ActiveSupport::Deprecation.warn <<~MSG.squish
-                Implicit conversion of #{arg.class} into String by ActiveSupport::SafeBuffer
-                is deprecated and will be removed in Rails 7.1.
-                You must explicitly cast it to a String.
-              MSG
-              str
-            else
-              raise
-            end
-          end
-          CGI.escapeHTML(arg_string)
+          CGI.escapeHTML(arg.to_str)
         end
       end
 
@@ -356,6 +207,12 @@ module ActiveSupport # :nodoc:
       rescue ArgumentError
         # Can't create binding from C level Proc
       end
+
+      def string_into_safe_buffer(new_string, is_html_safe)
+        new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
+        new_safe_buffer.instance_variable_set :@html_safe, is_html_safe
+        new_safe_buffer
+      end
   end
 end
 

data/lib/active_support/core_ext/thread/backtrace/location.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Thread::Backtrace::Location # :nodoc:
+  if defined?(ErrorHighlight) && Gem::Version.new(ErrorHighlight::VERSION) >= Gem::Version.new("0.4.0")
+    def spot(ex)
+      ErrorHighlight.spot(ex, backtrace_location: self)
+    end
+  else
+    def spot(ex)
+    end
+  end
+end

data/lib/active_support/core_ext/time/calculations.rb

@@ -42,20 +42,20 @@ class Time
 
     # Layers additional behavior on Time.at so that ActiveSupport::TimeWithZone and DateTime
     # instances can be used when called with a single argument
-    def at_with_coercion(*args, **kwargs)
-      return at_without_coercion(*args, **kwargs) if args.size != 1 || !kwargs.empty?
-
-      # Time.at can be called with a time or numerical value
-      time_or_number = args.first
-
-      if time_or_number.is_a?(ActiveSupport::TimeWithZone)
-        at_without_coercion(time_or_number.to_r).getlocal
-      elsif time_or_number.is_a?(DateTime)
-        at_without_coercion(time_or_number.to_f).getlocal
+    def at_with_coercion(time_or_number, *args)
+      if args.empty?
+        if time_or_number.is_a?(ActiveSupport::TimeWithZone)
+          at_without_coercion(time_or_number.to_r).getlocal
+        elsif time_or_number.is_a?(DateTime)
+          at_without_coercion(time_or_number.to_f).getlocal
+        else
+          at_without_coercion(time_or_number)
+        end
       else
-        at_without_coercion(time_or_number)
+        at_without_coercion(time_or_number, *args)
       end
     end
+    ruby2_keywords :at_with_coercion
     alias_method :at_without_coercion, :at
     alias_method :at, :at_with_coercion
 
@@ -108,21 +108,6 @@ class Time
     subsec
   end
 
-  unless Time.method_defined?(:floor)
-    def floor(precision = 0)
-      change(nsec: 0) + subsec.floor(precision)
-    end
-  end
-
-  # Restricted Ruby version due to a bug in `Time#ceil`
-  # See https://bugs.ruby-lang.org/issues/17025 for more details
-  if RUBY_VERSION <= "2.8"
-    remove_possible_method :ceil
-    def ceil(precision = 0)
-      change(nsec: 0) + subsec.ceil(precision)
-    end
-  end
-
   # Returns a new Time where one or more of the elements have been changed according
   # to the +options+ parameter. The time options (<tt>:hour</tt>, <tt>:min</tt>,
   # <tt>:sec</tt>, <tt>:usec</tt>, <tt>:nsec</tt>) reset cascadingly, so if only
@@ -159,10 +144,26 @@ class Time
       ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, new_offset)
     elsif utc?
       ::Time.utc(new_year, new_month, new_day, new_hour, new_min, new_sec)
-    elsif zone&.respond_to?(:utc_to_local)
-      ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
+    elsif zone.respond_to?(:utc_to_local)
+      new_time = ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, zone)
+
+      # When there are two occurrences of a nominal time due to DST ending,
+      # `Time.new` chooses the first chronological occurrence (the one with a
+      # larger UTC offset). However, for `change`, we want to choose the
+      # occurrence that matches this time's UTC offset.
+      #
+      # If the new time's UTC offset is larger than this time's UTC offset, the
+      # new time might be a first chronological occurrence. So we add the offset
+      # difference to fast-forward the new time, and check if the result has the
+      # desired UTC offset (i.e. is the second chronological occurrence).
+      offset_difference = new_time.utc_offset - utc_offset
+      if offset_difference > 0 && (new_time_2 = new_time + offset_difference).utc_offset == utc_offset
+        new_time_2
+      else
+        new_time
+      end
     elsif zone
-      ::Time.local(new_year, new_month, new_day, new_hour, new_min, new_sec)
+      ::Time.local(new_sec, new_min, new_hour, new_day, new_month, new_year, nil, nil, isdst, nil)
     else
       ::Time.new(new_year, new_month, new_day, new_hour, new_min, new_sec, utc_offset)
     end
@@ -318,7 +319,12 @@ class Time
     if other.class == Time
       compare_without_coercion(other)
     elsif other.is_a?(Time)
-      compare_without_coercion(other.to_time)
+      # also avoid ActiveSupport::TimeWithZone#to_time before Rails 8.0
+      if other.respond_to?(:comparable_time)
+        compare_without_coercion(other.comparable_time)
+      else
+        compare_without_coercion(other.to_time)
+      end
     else
       to_datetime <=> other
     end

data/lib/active_support/core_ext/time/compatibility.rb

@@ -13,4 +13,20 @@ class Time
   def to_time
     preserve_timezone ? self : getlocal
   end
+
+  def preserve_timezone # :nodoc:
+    active_support_local_zone == zone || super
+  end
+
+  private
+    @@active_support_local_tz = nil
+
+    def active_support_local_zone
+      @@active_support_local_zone = nil if @@active_support_local_tz != ENV["TZ"]
+      @@active_support_local_zone ||=
+        begin
+          @@active_support_local_tz = ENV["TZ"]
+          Time.new.zone
+        end
+    end
 end

data/lib/active_support/core_ext/time/conversions.rb

@@ -54,12 +54,10 @@ class Time
     if formatter = DATE_FORMATS[format]
       formatter.respond_to?(:call) ? formatter.call(self).to_s : strftime(formatter)
     else
-      # Change to `to_s` when deprecation is gone. Also deprecate `to_default_s`.
-      to_default_s
+      to_s
     end
   end
   alias_method :to_formatted_s, :to_fs
-  alias_method :to_default_s, :to_s
 
   # Returns a formatted string of the offset from UTC, or an alternative
   # string if the time zone is already UTC.

data/lib/active_support/core_ext/time/zones.rb

@@ -19,10 +19,10 @@ class Time
     #
     # This method accepts any of the following:
     #
-    # * A Rails TimeZone object.
-    # * An identifier for a Rails TimeZone object (e.g., "Eastern Time (US & Canada)", <tt>-5.hours</tt>).
-    # * A <tt>TZInfo::Timezone</tt> object.
-    # * An identifier for a <tt>TZInfo::Timezone</tt> object (e.g., "America/New_York").
+    # * A \Rails TimeZone object.
+    # * An identifier for a \Rails TimeZone object (e.g., "Eastern \Time (US & Canada)", <tt>-5.hours</tt>).
+    # * A +TZInfo::Timezone+ object.
+    # * An identifier for a +TZInfo::Timezone+ object (e.g., "America/New_York").
     #
     # Here's an example of how you might set <tt>Time.zone</tt> on a per request basis and reset it when the request is done.
     # <tt>current_user.time_zone</tt> just needs to return a string identifying the user's preferred time zone:

data/lib/active_support/core_ext/time.rb

@@ -4,5 +4,4 @@ require "active_support/core_ext/time/acts_like"
 require "active_support/core_ext/time/calculations"
 require "active_support/core_ext/time/compatibility"
 require "active_support/core_ext/time/conversions"
-require "active_support/core_ext/time/deprecated_conversions" unless ENV["RAILS_DISABLE_DEPRECATED_TO_S_CONVERSION"]
 require "active_support/core_ext/time/zones"

data/lib/active_support/core_ext.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
 Dir.glob(File.expand_path("core_ext/*.rb", __dir__)).sort.each do |path|
-  next if path.end_with?("core_ext/uri.rb")
   require path
 end

data/lib/active_support/current_attributes.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require "active_support/callbacks"
+require "active_support/core_ext/object/with"
 require "active_support/core_ext/enumerable"
 require "active_support/core_ext/module/delegation"
 
 module ActiveSupport
+  # = Current Attributes
+  #
   # Abstract super class that provides a thread-isolated attributes singleton, which resets automatically
   # before and after each request. This allows you to keep all the per-request attributes easily
   # available to the whole system.
@@ -90,6 +93,10 @@ module ActiveSupport
     include ActiveSupport::Callbacks
     define_callbacks :reset
 
+    INVALID_ATTRIBUTE_NAMES = [:set, :reset, :resets, :instance, :before_reset, :after_reset, :reset_all, :clear_all] # :nodoc:
+
+    NOT_SET = Object.new.freeze # :nodoc:
+
     class << self
       # Returns singleton instance for this class in this thread. If none exists, one is created.
       def instance
@@ -97,7 +104,19 @@ module ActiveSupport
       end
 
       # Declares one or more attributes that will be given both class and instance accessor methods.
-      def attribute(*names)
+      #
+      # ==== Options
+      #
+      # * <tt>:default</tt> - The default value for the attributes. If the value
+      # is a proc or lambda, it will be called whenever an instance is
+      # constructed. Otherwise, the value will be duplicated with +#dup+.
+      # Default values are re-assigned when the attributes are reset.
+      def attribute(*names, default: NOT_SET)
+        invalid_attribute_names = names.map(&:to_sym) & INVALID_ATTRIBUTE_NAMES
+        if invalid_attribute_names.any?
+          raise ArgumentError, "Restricted attribute names: #{invalid_attribute_names.join(", ")}"
+        end
+
         ActiveSupport::CodeGenerator.batch(generated_attribute_methods, __FILE__, __LINE__) do |owner|
           names.each do |name|
             owner.define_cached_method(name, namespace: :current_attributes) do |batch|
@@ -115,32 +134,20 @@ module ActiveSupport
           end
         end
 
-        ActiveSupport::CodeGenerator.batch(singleton_class, __FILE__, __LINE__) do |owner|
-          names.each do |name|
-            owner.define_cached_method(name, namespace: :current_attributes_delegation) do |batch|
-              batch <<
-                "def #{name}" <<
-                "instance.#{name}" <<
-                "end"
-            end
-            owner.define_cached_method("#{name}=", namespace: :current_attributes_delegation) do |batch|
-              batch <<
-                "def #{name}=(value)" <<
-                "instance.#{name} = value" <<
-                "end"
-            end
-          end
-        end
+        Delegation.generate(singleton_class, names, to: :instance, nilable: false, signature: "")
+        Delegation.generate(singleton_class, names.map { |n| "#{n}=" }, to: :instance, nilable: false, signature: "value")
+
+        self.defaults = defaults.merge(names.index_with { default })
       end
 
-      # Calls this block before #reset is called on the instance. Used for resetting external collaborators that depend on current values.
-      def before_reset(&block)
-        set_callback :reset, :before, &block
+      # Calls this callback before #reset is called on the instance. Used for resetting external collaborators that depend on current values.
+      def before_reset(*methods, &block)
+        set_callback :reset, :before, *methods, &block
       end
 
-      # Calls this block after #reset is called on the instance. Used for resetting external collaborators, like Time.zone.
-      def resets(&block)
-        set_callback :reset, :after, &block
+      # Calls this callback after #reset is called on the instance. Used for resetting external collaborators, like Time.zone.
+      def resets(*methods, &block)
+        set_callback :reset, :after, *methods, &block
       end
       alias_method :after_reset, :resets
 
@@ -168,25 +175,29 @@ module ActiveSupport
           @current_instances_key ||= name.to_sym
         end
 
-        def method_missing(name, *args, &block)
-          # Caches the method definition as a singleton method of the receiver.
-          #
-          # By letting #delegate handle it, we avoid an enclosure that'll capture args.
-          singleton_class.delegate name, to: :instance
-
-          send(name, *args, &block)
+        def method_missing(name, ...)
+          instance.public_send(name, ...)
         end
-        ruby2_keywords(:method_missing)
 
         def respond_to_missing?(name, _)
-          super || instance.respond_to?(name)
+          instance.respond_to?(name) || super
+        end
+
+        def method_added(name)
+          super
+          return if name == :initialize
+          return unless public_method_defined?(name)
+          return if respond_to?(name, true)
+          Delegation.generate(singleton_class, [name], to: :instance, as: self, nilable: false)
         end
     end
 
+    class_attribute :defaults, instance_writer: false, default: {}.freeze
+
     attr_accessor :attributes
 
     def initialize
-      @attributes = {}
+      @attributes = resolve_defaults
     end
 
     # Expose one or more attributes within a block. Old values are returned after the block concludes.
@@ -199,28 +210,24 @@ module ActiveSupport
     #       end
     #     end
     #   end
-    def set(set_attributes)
-      old_attributes = compute_attributes(set_attributes.keys)
-      assign_attributes(set_attributes)
-      yield
-    ensure
-      assign_attributes(old_attributes)
+    def set(attributes, &block)
+      with(**attributes, &block)
     end
 
     # Reset all attributes. Should be called before and after actions, when used as a per-request singleton.
     def reset
       run_callbacks :reset do
-        self.attributes = {}
+        self.attributes = resolve_defaults
       end
     end
 
     private
-      def assign_attributes(new_attributes)
-        new_attributes.each { |key, value| public_send("#{key}=", value) }
-      end
-
-      def compute_attributes(keys)
-        keys.index_with { |key| public_send(key) }
+      def resolve_defaults
+        defaults.each_with_object({}) do |(key, value), result|
+          if value != NOT_SET
+            result[key] = Proc === value ? value.call : value.dup
+          end
+        end
       end
   end
 end

data/lib/active_support/deep_mergeable.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module ActiveSupport
+  # Provides +deep_merge+ and +deep_merge!+ methods. Expects the including class
+  # to provide a <tt>merge!(other, &block)</tt> method.
+  module DeepMergeable # :nodoc:
+    # Returns a new instance with the values from +other+ merged recursively.
+    #
+    #   class Hash
+    #     include ActiveSupport::DeepMergeable
+    #   end
+    #
+    #   hash_1 = { a: true, b: { c: [1, 2, 3] } }
+    #   hash_2 = { a: false, b: { x: [3, 4, 5] } }
+    #
+    #   hash_1.deep_merge(hash_2)
+    #   # => { a: false, b: { c: [1, 2, 3], x: [3, 4, 5] } }
+    #
+    # A block can be provided to merge non-<tt>DeepMergeable</tt> values:
+    #
+    #   hash_1 = { a: 100, b: 200, c: { c1: 100 } }
+    #   hash_2 = { b: 250, c: { c1: 200 } }
+    #
+    #   hash_1.deep_merge(hash_2) do |key, this_val, other_val|
+    #     this_val + other_val
+    #   end
+    #   # => { a: 100, b: 450, c: { c1: 300 } }
+    #
+    def deep_merge(other, &block)
+      dup.deep_merge!(other, &block)
+    end
+
+    # Same as #deep_merge, but modifies +self+.
+    def deep_merge!(other, &block)
+      merge!(other) do |key, this_val, other_val|
+        if this_val.is_a?(DeepMergeable) && this_val.deep_merge?(other_val)
+          this_val.deep_merge(other_val, &block)
+        elsif block_given?
+          block.call(key, this_val, other_val)
+        else
+          other_val
+        end
+      end
+    end
+
+    # Returns true if +other+ can be deep merged into +self+. Classes may
+    # override this method to restrict or expand the domain of deep mergeable
+    # values. Defaults to checking that +other+ is of type +self.class+.
+    def deep_merge?(other)
+      other.is_a?(self.class)
+    end
+  end
+end