RubyGems - railties - Versions diffs - 8.0.0.rc1 → 8.0.0 - Mend

railties 8.0.0.rc1 → 8.0.0

Files changed (19) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48dcbad64d0cf8be785e5a5a80d210e4f0c77ab14abb4b623c3631607e304c0e
-  data.tar.gz: afe11b82be536134605bbd67230361f11d547108f3e6fc32c66462922038d9c4
+  metadata.gz: 98b996fe16bdc5403b3bc164f4020af94fdebd90ad6564e43a3da0c23ae5c074
+  data.tar.gz: 7f2e8333f29178df6e5d57362747d654fb8191b9243d1ad177d610b56e8e34db
 SHA512:
-  metadata.gz: 3467d3b3d227a967abf2aae1399900f6fdccba995e139e5d5efd9ba0eaa694e60909122de013fd8670d4c757fb5d294e3b4e8c257e50632c686e1155185521cc
-  data.tar.gz: 16972421f0101f97d3425a105507e886d5d588a48539ba6a4c32af7675281653268bd6b47df8a7370d5837b106f0a832bc35f54dcfdd1f5d12c1bb7408ba8dd1
+  metadata.gz: 4981c730953983dc395b6ba77ad9c3b9a9e81ba89e94b32614f6c46737da43092f650fd12eb23ecd62048b7ad9ec58118cfe5723ad02f38f443336ba67809f21
+  data.tar.gz: 93bda06707eebb1f93f6d9b3b97e70a297d87cb34e5efe6215803ea0e1178ec0ae82ccc090c158d651d5f970ad1c0bd7b1d3e8b6de000dfee8a79376d92159ed

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,19 @@
+## Rails 8.0.0 (November 07, 2024) ##
+*   No changes.
+## Rails 8.0.0.rc2 (October 30, 2024) ##
+*   Fix incorrect database.yml with `skip_solid`.
+    *Joé Dupuis*
+*   Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
+    *Rafael Mendonça França*
 ## Rails 8.0.0.rc1 (October 19, 2024) ##
 *   Remove deprecated support to extend Rails console through `Rails::ConsoleMethods`.

data/lib/rails/application/configuration.rb CHANGED Viewed

@@ -344,6 +344,8 @@ module Rails
           if respond_to?(:action_dispatch)
             action_dispatch.strict_freshness = true
           end
+          Regexp.timeout ||= 1
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end

data/lib/rails/application/routes_reloader.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Rails
       attr_reader :route_sets, :paths, :external_routes, :loaded
       attr_accessor :eager_load
       attr_writer :run_after_load_paths # :nodoc:
-      delegate :execute_if_updated, :execute, :updated?, to: :updater
+      delegate :execute_if_updated, :updated?, to: :updater
       def initialize
         @paths      = []
@@ -21,7 +21,6 @@ module Rails
       end
       def reload!
-        @loaded = true
         clear!
         load_paths
         finalize!
@@ -30,6 +29,11 @@ module Rails
         revert
       end
+      def execute
+        @loaded = true
+        updater.execute
+      end
       def execute_unless_loaded
         unless @loaded
           execute

data/lib/rails/backtrace_cleaner.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require "active_support/core_ext/string/access"
 module Rails
   class BacktraceCleaner < ActiveSupport::BacktraceCleaner # :nodoc:
-    APP_DIRS_PATTERN = /\A(?:\.\/)?(?:app|config|lib|test|\(\w*\))/
+    APP_DIRS_PATTERN = /\A(?:\.\/)?(?:app|config|lib|test|\(\w+(?:-\w+)*\))/
     RENDER_TEMPLATE_PATTERN = /:in [`'].*_\w+_{2,3}\d+_\d+'/
     def initialize
@@ -27,14 +27,14 @@ module Rails
     end
     def clean(backtrace, kind = :silent)
-      kind = nil if ENV["BACKTRACE"]
+      return backtrace if ENV["BACKTRACE"]
       super(backtrace, kind)
     end
     alias_method :filter, :clean
     def clean_frame(frame, kind = :silent)
-      kind = nil if ENV["BACKTRACE"]
+      return frame if ENV["BACKTRACE"]
       super(frame, kind)
     end

data/lib/rails/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Rails
     MAJOR = 8
     MINOR = 0
     TINY  = 0
-    PRE   = "rc1"
+    PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/rails/generators/actions.rb CHANGED Viewed

@@ -516,9 +516,9 @@ module Rails
         def route_namespace_pattern(namespace)
           namespace.each_with_index.reverse_each.reduce(nil) do |pattern, (name, i)|
-            cummulative_margin = "\\#{i + 1}[ ]{2}"
-            blank_or_indented_line = "^[ ]*\n|^#{cummulative_margin}.*\n"
-            "(?:(?:#{blank_or_indented_line})*?^(#{cummulative_margin})namespace :#{name} do\n#{pattern})?"
+            cumulative_margin = "\\#{i + 1}[ ]{2}"
+            blank_or_indented_line = "^[ ]*\n|^#{cumulative_margin}.*\n"
+            "(?:(?:#{blank_or_indented_line})*?^(#{cumulative_margin})namespace :#{name} do\n#{pattern})?"
           end.then do |pattern|
             /^([ ]*).+\.routes\.draw do[ ]*\n#{pattern}/
           end

data/lib/rails/generators/app_base.rb CHANGED Viewed

@@ -110,7 +110,7 @@ module Rails
                                            desc: "Skip Kamal setup"
         class_option :skip_solid,          type: :boolean, default: nil,
-                                           desc: "Skip Solid Cache & Queue setup"
+                                           desc: "Skip Solid Cache, Queue, and Cable setup"
         class_option :dev,                 type: :boolean, default: nil,
                                            desc: "Set up the #{name} with Gemfile pointing to your Rails checkout"

data/lib/rails/generators/rails/app/app_generator.rb CHANGED Viewed

@@ -271,7 +271,8 @@ module Rails
         active_storage: !options[:skip_active_storage],
         dev: options[:dev],
         node: using_node?,
-        app_name: app_name
+        app_name: app_name,
+        skip_solid: options[:skip_solid]
       }
       Rails::Generators::DevcontainerGenerator.new([], devcontainer_options).invoke_all

data/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_8_0.rb.tt CHANGED Viewed

@@ -23,3 +23,8 @@
 # If set to `false` both conditions need to be satisfied.
 #++
 # Rails.application.config.action_dispatch.strict_freshness = true
+###
+# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
+#++
+# Regexp.timeout = 1

data/lib/rails/generators/rails/app/templates/github/ci.yml.tt CHANGED Viewed

@@ -131,6 +131,7 @@ jobs:
         <%- else -%>
         run: bin/rails db:test:prepare test test:system
         <%- end -%>
+      <%- unless options[:api] -%>
       - name: Keep screenshots from failed system tests
         uses: actions/upload-artifact@v4
@@ -139,4 +140,5 @@ jobs:
           name: screenshots
           path: ${{ github.workspace }}/tmp/screenshots
           if-no-files-found: ignore
+      <%- end -%>
 <% end -%>

data/lib/rails/generators/rails/authentication/authentication_generator.rb CHANGED Viewed

@@ -19,6 +19,8 @@ module Rails
         template "app/controllers/concerns/authentication.rb"
         template "app/controllers/passwords_controller.rb"
+        template "app/channels/application_cable/connection.rb" if defined?(ActionCable::Engine)
         template "app/mailers/passwords_mailer.rb"
         template "app/views/passwords_mailer/reset.html.erb"

data/lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt ADDED Viewed

@@ -0,0 +1,16 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :current_user
+    def connect
+      set_current_user || reject_unauthorized_connection
+    end
+    private
+      def set_current_user
+        if session = Session.find_by(id: cookies.signed[:session_id])
+          self.current_user = session.user
+        end
+      end
+  end
+end

data/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt CHANGED Viewed

@@ -33,7 +33,7 @@ module Authentication
     def request_authentication
       session[:return_to_after_authenticating] = request.url
-      redirect_to new_session_url
+      redirect_to new_session_path
     end
     def after_authentication_url

data/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt CHANGED Viewed

@@ -10,7 +10,7 @@ class PasswordsController < ApplicationController
       PasswordsMailer.reset(user).deliver_later
     end
-    redirect_to new_session_url, notice: "Password reset instructions sent (if user with that email address exists)."
+    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
   end
   def edit
@@ -18,9 +18,9 @@ class PasswordsController < ApplicationController
   def update
     if @user.update(params.permit(:password, :password_confirmation))
-      redirect_to new_session_url, notice: "Password has been reset."
+      redirect_to new_session_path, notice: "Password has been reset."
     else
-      redirect_to edit_password_url(params[:token]), alert: "Passwords did not match."
+      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
     end
   end
@@ -28,6 +28,6 @@ class PasswordsController < ApplicationController
     def set_user_by_token
       @user = User.find_by_password_reset_token!(params[:token])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_url, alert: "Password reset link is invalid or has expired."
+      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
     end
 end

data/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt CHANGED Viewed

@@ -10,12 +10,12 @@ class SessionsController < ApplicationController
       start_new_session_for user
       redirect_to after_authentication_url
     else
-      redirect_to new_session_url, alert: "Try another email address or password."
+      redirect_to new_session_path, alert: "Try another email address or password."
     end
   end
   def destroy
     terminate_session
-    redirect_to new_session_url
+    redirect_to new_session_path
   end
 end

data/lib/rails/generators/rails/devcontainer/devcontainer_generator.rb CHANGED Viewed

@@ -29,6 +29,9 @@ module Rails
       class_option :kamal, type: :boolean, default: true,
                     desc: "Include configuration for Kamal"
+      class_option :skip_solid, type: :boolean, default: nil,
+                    desc: "Skip Solid Cache, Queue, and Cable setup"
       source_paths << File.expand_path(File.join(base_name, "app", "templates"), base_root)
       def create_devcontainer

data/lib/rails/generators/rails/devcontainer/templates/devcontainer/devcontainer.json.tt CHANGED Viewed

@@ -1,5 +1,5 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/ruby
+// For format details, see https://containers.dev/implementors/json_reference/.
+// For config options, see the README at: https://github.com/devcontainers/templates/tree/main/src/ruby
 {
   "name": "<%= options[:app_name] %>",
   "dockerComposeFile": "compose.yaml",
@@ -23,7 +23,7 @@
   // Configure tool-specific properties.
   // "customizations": {},
-  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+  // Uncomment to connect as root instead. More info: https://containers.dev/implementors/json_reference/#remoteUser.
   // "remoteUser": "root",
 <%- if !mounts.empty? -%>

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: railties
 version: !ruby/object:Gem::Version
-  version: 8.0.0.rc1
+  version: 8.0.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-19 00:00:00.000000000 Z
+date: 2024-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
 - !ruby/object:Gem::Dependency
   name: rackup
   requirement: !ruby/object:Gem::Requirement
@@ -120,14 +120,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0
 description: 'Rails internals: application bootup, plugins, generators, and rake tasks.'
 email: david@loudthinking.com
 executables:
@@ -318,6 +318,7 @@ files:
 - lib/rails/generators/rails/application_record/application_record_generator.rb
 - lib/rails/generators/rails/authentication/USAGE
 - lib/rails/generators/rails/authentication/authentication_generator.rb
+- lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt
@@ -490,10 +491,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc1/railties/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v8.0.0.rc1/
+  changelog_uri: https://github.com/rails/rails/blob/v8.0.0/railties/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v8.0.0/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc1/railties
+  source_code_uri: https://github.com/rails/rails/tree/v8.0.0/railties
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options:
@@ -512,7 +513,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Tools for creating, working with, and running Rails applications.