railties 8.0.0 → 8.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +126 -137
  3. data/README.rdoc +1 -1
  4. data/lib/minitest/rails_plugin.rb +56 -13
  5. data/lib/rails/application/bootstrap.rb +6 -3
  6. data/lib/rails/application/configuration.rb +36 -16
  7. data/lib/rails/application/default_middleware_stack.rb +1 -1
  8. data/lib/rails/application/finisher.rb +2 -1
  9. data/lib/rails/application/routes_reloader.rb +1 -2
  10. data/lib/rails/application.rb +18 -13
  11. data/lib/rails/application_controller.rb +2 -0
  12. data/lib/rails/code_statistics.rb +6 -3
  13. data/lib/rails/command/base.rb +0 -2
  14. data/lib/rails/command/environment_argument.rb +0 -1
  15. data/lib/rails/command.rb +1 -1
  16. data/lib/rails/commands/app/update_command.rb +5 -0
  17. data/lib/rails/commands/console/irb_console.rb +7 -16
  18. data/lib/rails/commands/credentials/credentials_command.rb +25 -5
  19. data/lib/rails/commands/devcontainer/devcontainer_command.rb +1 -0
  20. data/lib/rails/commands/encrypted/encrypted_command.rb +0 -1
  21. data/lib/rails/commands/test/test_command.rb +0 -2
  22. data/lib/rails/engine/lazy_route_set.rb +8 -11
  23. data/lib/rails/engine.rb +0 -1
  24. data/lib/rails/gem_version.rb +2 -2
  25. data/lib/rails/generators/actions.rb +9 -6
  26. data/lib/rails/generators/app_base.rb +72 -45
  27. data/lib/rails/generators/bundle_helper.rb +34 -0
  28. data/lib/rails/generators/database.rb +1 -1
  29. data/lib/rails/generators/erb/authentication/authentication_generator.rb +2 -0
  30. data/lib/rails/generators/erb/scaffold/templates/partial.html.erb.tt +2 -2
  31. data/lib/rails/generators/generated_attribute.rb +1 -1
  32. data/lib/rails/generators/migration.rb +0 -1
  33. data/lib/rails/generators/rails/app/app_generator.rb +31 -11
  34. data/lib/rails/generators/rails/app/templates/Dockerfile.tt +28 -16
  35. data/lib/rails/generators/rails/app/templates/Gemfile.tt +8 -3
  36. data/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt +5 -0
  37. data/lib/rails/generators/rails/app/templates/app/views/layouts/application.html.erb.tt +1 -0
  38. data/lib/rails/generators/rails/app/templates/bin/bundler-audit.tt +5 -0
  39. data/lib/rails/generators/rails/app/templates/bin/ci.tt +5 -0
  40. data/lib/rails/generators/rails/app/templates/bin/rubocop.tt +1 -1
  41. data/lib/rails/generators/rails/app/templates/bin/setup.tt +1 -0
  42. data/lib/rails/generators/rails/app/templates/config/bundler-audit.yml.tt +5 -0
  43. data/lib/rails/generators/rails/app/templates/config/ci.rb.tt +40 -0
  44. data/lib/rails/generators/rails/app/templates/config/databases/mysql.yml.tt +10 -2
  45. data/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml.tt +10 -2
  46. data/lib/rails/generators/rails/app/templates/config/databases/sqlite3.yml.tt +11 -2
  47. data/lib/rails/generators/rails/app/templates/config/databases/trilogy.yml.tt +16 -6
  48. data/lib/rails/generators/rails/app/templates/config/deploy.yml.tt +25 -18
  49. data/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt +8 -0
  50. data/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt +10 -2
  51. data/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt +4 -0
  52. data/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_8_1.rb.tt +74 -0
  53. data/lib/rails/generators/rails/app/templates/config/puma.rb.tt +3 -2
  54. data/lib/rails/generators/rails/app/templates/config/storage.yml.tt +0 -7
  55. data/lib/rails/generators/rails/app/templates/docker-entrypoint.tt +0 -6
  56. data/lib/rails/generators/rails/app/templates/dockerignore.tt +6 -0
  57. data/lib/rails/generators/rails/app/templates/github/ci.yml.tt +111 -23
  58. data/lib/rails/generators/rails/app/templates/github/dependabot.yml +2 -2
  59. data/lib/rails/generators/rails/app/templates/kamal-secrets.tt +4 -1
  60. data/lib/rails/generators/rails/app/templates/public/400.html +26 -5
  61. data/lib/rails/generators/rails/app/templates/public/404.html +27 -6
  62. data/lib/rails/generators/rails/app/templates/public/406-unsupported-browser.html +25 -4
  63. data/lib/rails/generators/rails/app/templates/public/422.html +26 -5
  64. data/lib/rails/generators/rails/app/templates/public/500.html +27 -6
  65. data/lib/rails/generators/rails/app/templates/ruby-version.tt +1 -1
  66. data/lib/rails/generators/rails/authentication/authentication_generator.rb +14 -10
  67. data/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt +1 -4
  68. data/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt +6 -0
  69. data/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt +2 -2
  70. data/lib/rails/generators/rails/authentication/templates/app/views/passwords_mailer/reset.html.erb.tt +3 -1
  71. data/lib/rails/generators/rails/authentication/templates/app/views/passwords_mailer/reset.text.erb.tt +3 -1
  72. data/lib/rails/generators/rails/benchmark/USAGE +1 -1
  73. data/lib/rails/generators/rails/benchmark/templates/benchmark.rb.tt +0 -2
  74. data/lib/rails/generators/rails/db/system/change/change_generator.rb +1 -1
  75. data/lib/rails/generators/rails/devcontainer/devcontainer_generator.rb +8 -1
  76. data/lib/rails/generators/rails/devcontainer/templates/devcontainer/Dockerfile.tt +4 -0
  77. data/lib/rails/generators/rails/devcontainer/templates/devcontainer/compose.yaml.tt +2 -2
  78. data/lib/rails/generators/rails/devcontainer/templates/devcontainer/devcontainer.json.tt +1 -1
  79. data/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb +17 -5
  80. data/lib/rails/generators/rails/master_key/master_key_generator.rb +0 -12
  81. data/lib/rails/generators/rails/plugin/plugin_generator.rb +1 -0
  82. data/lib/rails/generators/rails/plugin/templates/Rakefile.tt +0 -4
  83. data/lib/rails/generators/rails/plugin/templates/github/ci.yml.tt +23 -11
  84. data/lib/rails/generators/rails/plugin/templates/github/dependabot.yml +2 -2
  85. data/lib/rails/generators/rails/scaffold_controller/templates/api_controller.rb.tt +2 -2
  86. data/lib/rails/generators/rails/scaffold_controller/templates/controller.rb.tt +2 -2
  87. data/lib/rails/generators/rails/script/USAGE +1 -1
  88. data/lib/rails/generators/test_unit/authentication/authentication_generator.rb +17 -0
  89. data/lib/rails/generators/test_unit/authentication/templates/test/controllers/passwords_controller_test.rb.tt +67 -0
  90. data/lib/rails/generators/test_unit/authentication/templates/test/controllers/sessions_controller_test.rb +33 -0
  91. data/lib/rails/generators/test_unit/authentication/templates/test/models/user_test.rb.tt +4 -3
  92. data/lib/rails/generators/test_unit/authentication/templates/test/test_helpers/session_test_helper.rb.tt +19 -0
  93. data/lib/rails/generators/test_unit/model/templates/fixtures.yml.tt +1 -1
  94. data/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb +8 -2
  95. data/lib/rails/generators/test_unit/scaffold/templates/application_system_test_case.rb.tt +5 -0
  96. data/lib/rails/generators/testing/behavior.rb +0 -3
  97. data/lib/rails/generators.rb +8 -6
  98. data/lib/rails/health_controller.rb +10 -2
  99. data/lib/rails/info.rb +4 -4
  100. data/lib/rails/info_controller.rb +4 -5
  101. data/lib/rails/initializable.rb +63 -19
  102. data/lib/rails/rack/silence_request.rb +5 -2
  103. data/lib/rails/railtie/configurable.rb +0 -1
  104. data/lib/rails/railtie.rb +0 -1
  105. data/lib/rails/source_annotation_extractor.rb +6 -2
  106. data/lib/rails/tasks/statistics.rake +3 -21
  107. data/lib/rails/tasks.rb +1 -3
  108. data/lib/rails/templates/rails/info/notes.html.erb +23 -0
  109. data/lib/rails/templates/rails/mailers/email.html.erb +3 -2
  110. data/lib/rails/templates/rails/welcome/index.html.erb +19 -3
  111. data/lib/rails/test_unit/line_filtering.rb +24 -3
  112. data/lib/rails/test_unit/reporter.rb +12 -6
  113. data/lib/rails/test_unit/runner.rb +15 -8
  114. data/lib/rails/test_unit/test_parser.rb +18 -15
  115. data/lib/rails.rb +9 -2
  116. metadata +37 -21
  117. data/lib/rails/console/methods.rb +0 -7
  118. data/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_8_0.rb.tt +0 -30
  119. data/lib/rails/generators/test_unit/plugin/plugin_generator.rb +0 -15
  120. data/lib/rails/generators/test_unit/plugin/templates/%file_name%_test.rb.tt +0 -7
  121. data/lib/rails/generators/test_unit/plugin/templates/test_helper.rb +0 -2
  122. /data/lib/rails/generators/{rails → test_unit}/authentication/templates/test/mailers/previews/passwords_mailer_preview.rb.tt +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 98b996fe16bdc5403b3bc164f4020af94fdebd90ad6564e43a3da0c23ae5c074
4
- data.tar.gz: 7f2e8333f29178df6e5d57362747d654fb8191b9243d1ad177d610b56e8e34db
3
+ metadata.gz: ca3632394597a25e87e2bc8fe4df39a8c6866a3b27ddeafc405e71517eac81d4
4
+ data.tar.gz: '02469d5ca0b08fa86f9cdc182c33188694db329c49cdb4728fe8b7f3516d75ed'
5
5
  SHA512:
6
- metadata.gz: 4981c730953983dc395b6ba77ad9c3b9a9e81ba89e94b32614f6c46737da43092f650fd12eb23ecd62048b7ad9ec58118cfe5723ad02f38f443336ba67809f21
7
- data.tar.gz: 93bda06707eebb1f93f6d9b3b97e70a297d87cb34e5efe6215803ea0e1178ec0ae82ccc090c158d651d5f970ad1c0bd7b1d3e8b6de000dfee8a79376d92159ed
6
+ metadata.gz: f7f7f4ed53efe93f3adda429e8b43ef0e9436d821046dad05d6af7df49508e10a6341d84091a80d55081a73737245780ea850c24dae6ff3d5f52589d4abb9122
7
+ data.tar.gz: 0e657ed1142b0f74c2cf15eff6be224a67949ec65b14251536351bbe444eda45c9468aa6bdf68b10e930ec994933ad1c363f9d04d117f9a51542af539d1acea1
data/CHANGELOG.md CHANGED
@@ -1,226 +1,215 @@
1
- ## Rails 8.0.0 (November 07, 2024) ##
1
+ ## Rails 8.1.2 (January 08, 2026) ##
2
2
 
3
- * No changes.
3
+ * Skip all system test files on app generation.
4
4
 
5
+ *Eileen M. Uchitelle*
5
6
 
6
- ## Rails 8.0.0.rc2 (October 30, 2024) ##
7
+ * Fix `db:system:change` to correctly update Dockerfile base packages.
7
8
 
8
- * Fix incorrect database.yml with `skip_solid`.
9
+ *Josiah Smith*
9
10
 
10
- *Joé Dupuis*
11
-
12
- * Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
11
+ * Fix devcontainer volume mount when app name differs from folder name.
13
12
 
14
13
  *Rafael Mendonça França*
15
14
 
15
+ * Fixed the `rails notes` command to properly extract notes in CSS files.
16
16
 
17
- ## Rails 8.0.0.rc1 (October 19, 2024) ##
17
+ *David White*
18
18
 
19
- * Remove deprecated support to extend Rails console through `Rails::ConsoleMethods`.
19
+ * Fixed the default Dockerfile to properly include the `vendor/` directory during `bundle install`.
20
20
 
21
- *Rafael Mendonça França*
21
+ *Zhong Sheng*
22
22
 
23
- * Remove deprecated file `rails/console/helpers`.
24
23
 
25
- *Rafael Mendonça França*
24
+ ## Rails 8.1.1 (October 28, 2025) ##
26
25
 
27
- * Remove deprecated file `rails/console/app`.
26
+ * Do not assume and force SSL in production by default when using Kamal, to allow for out of the box Kamal deployments.
28
27
 
29
- *Rafael Mendonça França*
28
+ It is still recommended to assume and force SSL in production as soon as you can.
30
29
 
31
- * Remove deprecated `config.read_encrypted_secrets`.
30
+ *Jerome Dalbert*
32
31
 
33
- *Rafael Mendonça França*
32
+ ## Rails 8.1.0 (October 22, 2025) ##
34
33
 
35
- * Add Kamal support for devcontainers
34
+ * Suggest `bin/rails action_text:install` from Action Dispatch error page
36
35
 
37
- Previously generated devcontainer could not use docker and therefore Kamal.
36
+ *Sean Doyle*
38
37
 
39
- *Joé Dupuis*
38
+ * Remove deprecated `STATS_DIRECTORIES`.
40
39
 
40
+ *Rafael Mendonça França*
41
41
 
42
- ## Rails 8.0.0.beta1 (September 26, 2024) ##
42
+ * Remove deprecated `bin/rake stats` command.
43
43
 
44
- * Exit `rails g` with code 1 if generator could not be found.
44
+ *Rafael Mendonça França*
45
45
 
46
- Previously `rails g` returned 0, which would make it harder to catch typos in scripts calling `rails g`.
46
+ * Remove deprecated `rails/console/methods.rb` file.
47
47
 
48
- *Christopher Özbek*
48
+ *Rafael Mendonça França*
49
49
 
50
- * Remove `require_*` statements from application.css to align with the transition from Sprockets to Propshaft.
50
+ * Don't generate system tests by default.
51
51
 
52
- With Propshaft as the default asset pipeline in Rails 8, the require_tree and require_self clauses in application.css are no longer necessary, as they were specific to Sprockets. Additionally, the comment has been updated to clarify that CSS precedence now follows standard cascading order without automatic prioritization by the asset pipeline.
52
+ Rails scaffold generator will no longer generate system tests by default. To enable this pass `--system-tests=true` or generate them with `bin/rails generate system_test name_of_test`.
53
53
 
54
- *Eduardo Alencar*
54
+ *Eileen M. Uchitelle*
55
55
 
56
- * Do not include redis by default in generated Dev Containers.
56
+ * Optionally skip bundler-audit.
57
57
 
58
- Now that applications use the Solid Queue and Solid Cache gems by default, we do not need to include redis
59
- in the Dev Container. We will only include redis if `--skip-solid` is used when generating an app that uses
60
- Active Job or Action Cable.
58
+ Skips adding the `bin/bundler-audit` & `config/bundler-audit.yml` if the gem is not installed when `bin/rails app:update` runs.
61
59
 
62
- When generating a Dev Container for an existing app, we will not include redis if either of the solid gems
63
- are in use.
60
+ Passes an option to `--skip-bundler-audit` when new apps are generated & adds that same option to the `--minimal` generator flag.
64
61
 
65
- *Andrew Novoselac*
62
+ *Jill Klang*
66
63
 
67
- * Use [Solid Cable](https://github.com/rails/solid_cable) as the default Action Cable adapter in production, configured as a separate queue database in config/database.yml. It keeps messages in a table and continuously polls for updates. This makes it possible to drop the common dependency on Redis, if it isn't needed for any other purpose. Despite polling, the performance of Solid Cable is comparable to Redis in most situations. And in all circumstances, it makes it easier to deploy Rails when Redis is no longer a required dependency for Action Cable functionality.
64
+ * Show engine routes in `/rails/info/routes` as well.
68
65
 
69
- *DHH*
66
+ *Petrik de Heus*
70
67
 
71
- * Use [Solid Queue](https://github.com/rails/solid_queue) as the default Active Job backend in production, configured as a separate queue database in config/database.yml. In a single-server deployment, it'll run as a Puma plugin. This is configured in `config/deploy.yml` and can easily be changed to use a dedicated jobs machine.
68
+ * Exclude `asset_path` configuration from Kamal `deploy.yml` for API applications.
72
69
 
73
- *DHH*
70
+ API applications don't serve assets, so the `asset_path` configuration in `deploy.yml`
71
+ is not needed and can cause 404 errors on in-flight requests. The asset_path is now
72
+ only included for regular Rails applications that serve assets.
74
73
 
75
- * Use [Solid Cache](https://github.com/rails/solid_cache) as the default Rails.cache backend in production, configured as a separate cache database in config/database.yml.
74
+ *Saiqul Haq*
76
75
 
77
- *DHH*
76
+ * Reverted the incorrect default `config.public_file_server.headers` config.
78
77
 
79
- * Add Rails::Rack::SilenceRequest middleware and use it via `config.silence_healthcheck_path = path`
80
- to silence requests to "/up". This prevents the Kamal-required health checks from clogging up
81
- the production logs.
78
+ If you created a new application using Rails `8.1.0.beta1`, make sure to regenerate
79
+ `config/environments/production.rb`, or to manually edit the `config.public_file_server.headers`
80
+ configuration to just be:
82
81
 
83
- *DHH*
82
+ ```ruby
83
+ # Cache assets for far-future expiry since they are all digest stamped.
84
+ config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" }
85
+ ```
84
86
 
85
- * Introduce `mariadb-mysql` and `mariadb-trilogy` database options for `rails new`
87
+ *Jean Boussier*
86
88
 
87
- When used with the `--devcontainer` flag, these options will use `mariadb` as the database for the
88
- Dev Container. The original `mysql` and `trilogy` options will use `mysql`. Users who are not
89
- generating a Dev Container do not need to use the new options.
89
+ * Add command `rails credentials:fetch PATH` to get the value of a credential from the credentials file.
90
90
 
91
- *Andrew Novoselac*
91
+ ```bash
92
+ $ bin/rails credentials:fetch kamal_registry.password
93
+ ```
92
94
 
93
- * Deprecate `::STATS_DIRECTORIES`.
95
+ *Matthew Nguyen*, *Jean Boussier*
94
96
 
95
- The global constant `STATS_DIRECTORIES` has been deprecated in favor of
96
- `Rails::CodeStatistics.register_directory`.
97
+ * Generate static BCrypt password digests in fixtures instead of dynamic ERB expressions.
97
98
 
98
- Add extra directories with `Rails::CodeStatistics.register_directory(label, path)`:
99
+ Previously, fixtures with password digest attributes used `<%= BCrypt::Password.create("secret") %>`,
100
+ which regenerated the hash on each test run. Now generates a static hash with a comment
101
+ showing how to recreate it.
99
102
 
100
- ```ruby
101
- require "rails/code_statistics"
102
- Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir')
103
- ```
103
+ *Nate Smith*, *Cassia Scheffer*
104
104
 
105
- *Petrik de Heus*
105
+ * Broaden the `.gitignore` entry when adding a credentials key to ignore all key files.
106
106
 
107
- * Enable query log tags by default on development env
107
+ *Greg Molnar*
108
108
 
109
- This can be used to trace troublesome SQL statements back to the application
110
- code that generated these statements. It is also useful when using multiple
111
- databases because the query logs can identify which database is being used.
109
+ * Remove unnecessary `ruby-version` input from `ruby/setup-ruby`
112
110
 
113
- *Matheus Richard*
111
+ *TangRufus*
114
112
 
115
- * Defer route drawing to the first request, or when url_helpers are called
113
+ * Add --reset option to bin/setup which will call db:reset as part of the setup.
116
114
 
117
- Executes the first routes reload in middleware, or when a route set's
118
- url_helpers receives a route call / asked if it responds to a route.
119
- Previously, this was executed unconditionally on boot, which can
120
- slow down boot time unnecessarily for larger apps with lots of routes.
115
+ *DHH*
121
116
 
122
- Environments like production that have `config.eager_load = true` will
123
- continue to eagerly load routes on boot.
117
+ * Add RuboCop cache restoration to RuboCop job in GitHub Actions workflow templates.
124
118
 
125
- *Gannon McGibbon*
119
+ *Lovro Bikić*
126
120
 
127
- * Generate form helpers to use `textarea*` methods instead of `text_area*` methods
121
+ * Skip generating mailer-related files in authentication generator if the application does
122
+ not use ActionMailer
128
123
 
129
- *Sean Doyle*
124
+ *Rami Massoud*
130
125
 
131
- * Add authentication generator to give a basic start to an authentication system using database-tracked sessions and password reset.
126
+ * Introduce `bin/ci` for running your tests, style checks, and security audits locally or in the cloud.
132
127
 
133
- Generate with...
128
+ The specific steps are defined by a new DSL in `config/ci.rb`.
134
129
 
135
- ```
136
- bin/rails generate authentication
130
+ ```ruby
131
+ ActiveSupport::ContinuousIntegration.run do
132
+ step "Setup", "bin/setup --skip-server"
133
+ step "Style: Ruby", "bin/rubocop"
134
+ step "Security: Gem audit", "bin/bundler-audit"
135
+ step "Tests: Rails", "bin/rails test test:system"
136
+ end
137
137
  ```
138
138
 
139
- Generated files:
139
+ Optionally use [gh-signoff](https://github.com/basecamp/gh-signoff) to
140
+ set a green PR status - ready for merge.
140
141
 
141
- ```
142
- app/models/current.rb
143
- app/models/user.rb
144
- app/models/session.rb
145
- app/controllers/sessions_controller.rb
146
- app/controllers/passwords_controller.rb
147
- app/mailers/passwords_mailer.rb
148
- app/views/sessions/new.html.erb
149
- app/views/passwords/new.html.erb
150
- app/views/passwords/edit.html.erb
151
- app/views/passwords_mailer/reset.html.erb
152
- app/views/passwords_mailer/reset.text.erb
153
- db/migrate/xxxxxxx_create_users.rb
154
- db/migrate/xxxxxxx_create_sessions.rb
155
- test/mailers/previews/passwords_mailer_preview.rb
156
- ```
142
+ *Jeremy Daer*, *DHH*
143
+
144
+ * Generate session controller tests when running the authentication generator.
145
+
146
+ *Jerome Dalbert*
147
+
148
+ * Add bin/bundler-audit and config/bundler-audit.yml for discovering and managing known security problems with app gems.
157
149
 
158
150
  *DHH*
159
151
 
152
+ * Rails no longer generates a `bin/bundle` binstub when creating new applications.
160
153
 
161
- * Add not-null type modifier to migration attributes.
154
+ The `bin/bundle` binstub used to help activate the right version of bundler.
155
+ This is no longer necessary as this mechanism is now part of Rubygem itself.
162
156
 
163
- Generating with...
157
+ *Edouard Chin*
164
158
 
165
- ```
166
- bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string!
167
- ```
159
+ * Add a `SessionTestHelper` module with `sign_in_as(user)` and `sign_out` test helpers when
160
+ running `rails g authentication`. Simplifies authentication in integration tests.
168
161
 
169
- Produces:
162
+ *Bijan Rahnema*
170
163
 
171
- ```ruby
172
- class CreateUsers < ActiveRecord::Migration[8.0]
173
- def change
174
- create_table :users do |t|
175
- t.string :email_address, null: false
176
- t.string :password_digest, null: false
177
-
178
- t.timestamps
179
- end
180
- add_index :users, :email_address, unique: true
181
- end
182
- end
183
- ```
164
+ * Rate limit password resets in authentication generator
184
165
 
185
- *DHH*
166
+ This helps mitigate abuse from attackers spamming the password reset form.
167
+
168
+ *Chris Oliver*
186
169
 
187
- * Add a `script` folder to applications, and a scripts generator.
170
+ * Update `rails new --minimal` option
188
171
 
189
- The new `script` folder is meant to hold one-off or general purpose scripts,
190
- such as data migration scripts, cleanup scripts, etc.
172
+ Extend the `--minimal` flag to exclude recently added features:
173
+ `skip_brakeman`, `skip_ci`, `skip_docker`, `skip_kamal`, `skip_rubocop`, `skip_solid` and `skip_thruster`.
191
174
 
192
- A new script generator allows you to create such scripts:
175
+ *eelcoj*
193
176
 
194
- ```
195
- bin/rails generate script my_script
196
- bin/rails generate script data/backfill
197
- ```
177
+ * Add `application-name` metadata to application layout
198
178
 
199
- You can run the generated script using:
179
+ The following metatag will be added to `app/views/layouts/application.html.erb`
200
180
 
201
- ```
202
- bundle exec ruby script/my_script.rb
203
- bundle exec ruby script/data/backfill.rb
181
+ ```html
182
+ <meta name="application-name" content="Name of Rails Application">
204
183
  ```
205
184
 
206
- *Jerome Dalbert*, *Haroon Ahmed*
185
+ *Steve Polito*
207
186
 
208
- * Deprecate `bin/rake stats` in favor of `bin/rails stats`.
187
+ * Use `secret_key_base` from ENV or credentials when present locally.
209
188
 
210
- *Juan Vásquez*
189
+ When ENV["SECRET_KEY_BASE"] or
190
+ `Rails.application.credentials.secret_key_base` is set for test or
191
+ development, it is used for the `Rails.config.secret_key_base`,
192
+ instead of generating a `tmp/local_secret.txt` file.
211
193
 
212
- * Add internal page `/rails/info/notes`, that displays the same information as `bin/rails notes`.
194
+ *Petrik de Heus*
213
195
 
214
- *Deepak Mahakale*
196
+ * Introduce `RAILS_MASTER_KEY` placeholder in generated ci.yml files
215
197
 
216
- * Add Rubocop and GitHub Actions to plugin generator.
217
- This can be skipped using --skip-rubocop and --skip-ci.
198
+ *Steve Polito*
218
199
 
219
- *Chris Oliver*
200
+ * Colorize the Rails console prompt even on non standard environments.
220
201
 
221
- * Use Kamal for deployment by default, which includes generating a Rails-specific config/deploy.yml.
222
- This can be skipped using --skip-kamal. See more: https://kamal-deploy.org/
202
+ *Lorenzo Zabot*
223
203
 
224
- *DHH*
204
+ * Don't enable YJIT in development and test environments
205
+
206
+ Development and test environments tend to reload code and redefine methods (e.g. mocking),
207
+ hence YJIT isn't generally faster in these environments.
208
+
209
+ *Ali Ismayilov*, *Jean Boussier*
210
+
211
+ * Only include PermissionsPolicy::Middleware if policy is configured.
212
+
213
+ *Petrik de Heus*
225
214
 
226
- Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/railties/CHANGELOG.md) for previous changes.
215
+ Please check [8-0-stable](https://github.com/rails/rails/blob/8-0-stable/railties/CHANGELOG.md) for previous changes.
data/README.rdoc CHANGED
@@ -34,6 +34,6 @@ Bug reports can be filed for the Ruby on \Rails project here:
34
34
 
35
35
  * https://github.com/rails/rails/issues
36
36
 
37
- Feature requests should be discussed on the rails-core mailing list here:
37
+ Feature requests should be discussed on the rubyonrails-core forum here:
38
38
 
39
39
  * https://discuss.rubyonrails.org/c/rubyonrails-core
@@ -25,7 +25,9 @@ module Minitest
25
25
  end
26
26
  end
27
27
 
28
- class ProfileReporter < StatisticsReporter
28
+ class ProfileReporter < Reporter
29
+ attr_accessor :results
30
+
29
31
  def initialize(io = $stdout, options = {})
30
32
  super
31
33
  @results = []
@@ -33,26 +35,49 @@ module Minitest
33
35
  end
34
36
 
35
37
  def record(result)
36
- @results << result
38
+ if output_file = ENV["RAILTIES_OUTPUT_FILE"]
39
+ File.open(output_file, "a") do |f|
40
+ # Round-trip for re-serialization
41
+ data = JSON.parse(result.to_json)
42
+ data[:location] = result.location
43
+ f.puts(data.to_json)
44
+ end
45
+ else
46
+ @results << result
47
+ end
48
+ end
49
+
50
+ def passed?
51
+ true
37
52
  end
38
53
 
39
54
  def report
40
- total_time = @results.sum(&:time)
55
+ # Skip if we're outputting to a file
56
+ return if ENV["RAILTIES_OUTPUT_FILE"]
57
+ print_summary
58
+ end
59
+
60
+ def summary
61
+ print_summary
62
+ end
63
+
64
+ private
65
+ def print_summary
66
+ total_time = @results.sum(&:time)
41
67
 
42
- @results.sort! { |a, b| b.time <=> a.time }
43
- slow_results = @results.take(@count)
44
- slow_tests_total_time = slow_results.sum(&:time)
68
+ @results.sort! { |a, b| b.time <=> a.time }
69
+ slow_results = @results.take(@count)
70
+ slow_tests_total_time = slow_results.sum(&:time)
45
71
 
46
- ratio = (total_time == 0) ? 0.0 : (slow_tests_total_time / total_time) * 100
72
+ ratio = (total_time == 0) ? 0.0 : (slow_tests_total_time / total_time) * 100
47
73
 
48
- io.puts("\nTop %d slowest tests (%.2f seconds, %.1f%% of total time):\n" % [slow_results.size, slow_tests_total_time, ratio])
49
- slow_results.each do |result|
50
- io.puts(" %s\n %.4f seconds %s\n" % [result.location, result.time, source_location(result)])
74
+ io.puts("\nTop %d slowest tests (%.2f seconds, %.1f%% of total time):\n" % [slow_results.size, slow_tests_total_time, ratio])
75
+ slow_results.each do |result|
76
+ io.puts(" %s\n %.4f seconds %s\n" % [result.location, result.time, source_location(result)])
77
+ end
78
+ io.puts("\n")
51
79
  end
52
- io.puts("\n")
53
- end
54
80
 
55
- private
56
81
  def source_location(result)
57
82
  filename, line = result.source_location
58
83
  return "" unless filename
@@ -80,6 +105,13 @@ module Minitest
80
105
  options[:fail_fast] = true
81
106
  end
82
107
 
108
+ if Minitest::VERSION > "6" then
109
+ opts.on "-n", "--name PATTERN", "Include /regexp/ or string for run." do |a|
110
+ warn "Please switch from -n/--name to -i/--include"
111
+ options[:include] = a
112
+ end
113
+ end
114
+
83
115
  opts.on("-c", "--[no-]color", "Enable color in the output") do |value|
84
116
  options[:color] = value
85
117
  end
@@ -102,8 +134,19 @@ module Minitest
102
134
  options[:profile] = count
103
135
  end
104
136
 
137
+ opts.on(/^[^-]/) do |test_file|
138
+ options[:test_files] ||= []
139
+ options[:test_files] << test_file
140
+ end
141
+
105
142
  options[:color] = true
106
143
  options[:output_inline] = true
144
+
145
+ opts.on do
146
+ if ::Rails::TestUnit::Runner.load_test_files
147
+ ::Rails::TestUnit::Runner.load_tests(options.fetch(:test_files, []))
148
+ end
149
+ end
107
150
  end
108
151
 
109
152
  # Owes great inspiration to test runner trailblazers like RSpec,
@@ -59,9 +59,7 @@ module Rails
59
59
  end
60
60
  else
61
61
  Rails.logger.level = ActiveSupport::Logger.const_get(config.log_level.to_s.upcase)
62
- broadcast_logger = ActiveSupport::BroadcastLogger.new(Rails.logger)
63
- broadcast_logger.formatter = Rails.logger.formatter
64
- Rails.logger = broadcast_logger
62
+ Rails.logger = ActiveSupport::BroadcastLogger.new(Rails.logger)
65
63
  end
66
64
  end
67
65
 
@@ -73,6 +71,11 @@ module Rails
73
71
  end
74
72
  end
75
73
 
74
+ initializer :initialize_event_reporter, group: :all do
75
+ Rails.event.raise_on_error = config.consider_all_requests_local
76
+ Rails.event.debug_mode = Rails.env.development?
77
+ end
78
+
76
79
  # Initialize cache early in the stack so railties can make use of it.
77
80
  initializer :initialize_cache, group: :all do
78
81
  cache_format_version = config.active_support.delete(:cache_format_version)
@@ -21,6 +21,7 @@ module Rails
21
21
  :beginning_of_week, :filter_redirect, :x,
22
22
  :content_security_policy_report_only,
23
23
  :content_security_policy_nonce_generator, :content_security_policy_nonce_directives,
24
+ :content_security_policy_nonce_auto,
24
25
  :require_master_key, :credentials, :disable_sandbox, :sandbox_by_default,
25
26
  :add_autoload_paths_to_load_path, :rake_eager_load, :server_timing, :log_file_size,
26
27
  :dom_testing_default_html_version, :yjit
@@ -72,6 +73,7 @@ module Rails
72
73
  @content_security_policy_report_only = false
73
74
  @content_security_policy_nonce_generator = nil
74
75
  @content_security_policy_nonce_directives = nil
76
+ @content_security_policy_nonce_auto = false
75
77
  @require_master_key = false
76
78
  @loaded_config_version = nil
77
79
  @credentials = ActiveSupport::InheritableOptions.new(credentials_defaults)
@@ -115,10 +117,6 @@ module Rails
115
117
  action_controller.forgery_protection_origin_check = true
116
118
  end
117
119
 
118
- if respond_to?(:active_support)
119
- active_support.to_time_preserves_timezone = :offset
120
- end
121
-
122
120
  if respond_to?(:active_record)
123
121
  active_record.belongs_to_required_by_default = true
124
122
  end
@@ -265,7 +263,7 @@ module Rails
265
263
  end
266
264
 
267
265
  if respond_to?(:action_controller)
268
- action_controller.raise_on_open_redirects = true
266
+ action_controller.action_on_open_redirect = :raise
269
267
  action_controller.wrap_parameters_by_default = true
270
268
  end
271
269
  when "7.1"
@@ -337,15 +335,39 @@ module Rails
337
335
  when "8.0"
338
336
  load_defaults "7.2"
339
337
 
338
+ if respond_to?(:action_dispatch)
339
+ action_dispatch.strict_freshness = true
340
+ end
341
+
342
+ Regexp.timeout ||= 1 if Regexp.respond_to?(:timeout=)
343
+ when "8.1"
344
+ load_defaults "8.0"
345
+
346
+ # Development and test environments tend to reload code and
347
+ # redefine methods (e.g. mocking), hence YJIT isn't generally
348
+ # faster in these environments.
349
+ self.yjit = !Rails.env.local?
350
+
351
+ if respond_to?(:action_controller)
352
+ action_controller.escape_json_responses = false
353
+ action_controller.action_on_path_relative_redirect = :raise
354
+ end
355
+
356
+ if respond_to?(:active_record)
357
+ active_record.raise_on_missing_required_finder_order_columns = true
358
+ end
359
+
340
360
  if respond_to?(:active_support)
341
- active_support.to_time_preserves_timezone = :zone
361
+ active_support.escape_js_separators_in_json = false
342
362
  end
343
363
 
344
- if respond_to?(:action_dispatch)
345
- action_dispatch.strict_freshness = true
364
+ if respond_to?(:action_view)
365
+ action_view.render_tracker = :ruby
346
366
  end
347
367
 
348
- Regexp.timeout ||= 1
368
+ if respond_to?(:action_view)
369
+ action_view.remove_hidden_field_autocomplete = true
370
+ end
349
371
  else
350
372
  raise "Unknown version #{target_version.to_s.inspect}"
351
373
  end
@@ -503,16 +525,18 @@ module Rails
503
525
 
504
526
  def secret_key_base
505
527
  @secret_key_base || begin
506
- self.secret_key_base = if generate_local_secret?
528
+ self.secret_key_base = if ENV["SECRET_KEY_BASE_DUMMY"]
507
529
  generate_local_secret
508
530
  else
509
- ENV["SECRET_KEY_BASE"] || Rails.application.credentials.secret_key_base
531
+ ENV["SECRET_KEY_BASE"] ||
532
+ Rails.application.credentials.secret_key_base ||
533
+ (Rails.env.local? && generate_local_secret)
510
534
  end
511
535
  end
512
536
  end
513
537
 
514
538
  def secret_key_base=(new_secret_key_base)
515
- if new_secret_key_base.nil? && generate_local_secret?
539
+ if new_secret_key_base.nil? && Rails.env.local?
516
540
  @secret_key_base = generate_local_secret
517
541
  elsif new_secret_key_base.is_a?(String) && new_secret_key_base.present?
518
542
  @secret_key_base = new_secret_key_base
@@ -640,10 +664,6 @@ module Rails
640
664
 
641
665
  File.binread(key_file)
642
666
  end
643
-
644
- def generate_local_secret?
645
- Rails.env.local? || ENV["SECRET_KEY_BASE_DUMMY"]
646
- end
647
667
  end
648
668
  end
649
669
  end
@@ -83,7 +83,7 @@ module Rails
83
83
  unless config.api_only
84
84
  middleware.use ::ActionDispatch::Flash
85
85
  middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware
86
- middleware.use ::ActionDispatch::PermissionsPolicy::Middleware
86
+ middleware.use ::ActionDispatch::PermissionsPolicy::Middleware if config.permissions_policy
87
87
  end
88
88
 
89
89
  middleware.use ::Rack::Head
@@ -229,7 +229,8 @@ module Rails
229
229
 
230
230
  initializer :enable_yjit do
231
231
  if config.yjit && defined?(RubyVM::YJIT.enable)
232
- RubyVM::YJIT.enable
232
+ options = config.yjit.is_a?(Hash) ? config.yjit : {}
233
+ RubyVM::YJIT.enable(**options)
233
234
  end
234
235
  end
235
236
  end
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "active_support/core_ext/module/delegation"
4
3
 
5
4
  module Rails
6
5
  class Application
@@ -9,7 +8,7 @@ module Rails
9
8
 
10
9
  attr_reader :route_sets, :paths, :external_routes, :loaded
11
10
  attr_accessor :eager_load
12
- attr_writer :run_after_load_paths # :nodoc:
11
+ attr_writer :run_after_load_paths, :loaded # :nodoc:
13
12
  delegate :execute_if_updated, :updated?, to: :updater
14
13
 
15
14
  def initialize