RubyGems - railties - Versions diffs - 8.0.2.1 → 8.1.0.beta1 - Mend

railties 8.0.2.1 → 8.1.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3eb763dc516ac3300434d14aa683eb8b41447184c95f1f8639667f06cc4a8fce
-  data.tar.gz: 643a8608aaf46744b0cabf0390f621c00b70d807c629ec3640c303a410daeab5
+  metadata.gz: f96d0bd7304aebd3f5b4067354bd24c00ad034b34b03454275124bda2ef80371
+  data.tar.gz: 2d8e046700f53160f821f70ceb11f6cf8799fc9654ba8f4b73d283240d8f7259
 SHA512:
-  metadata.gz: f2100e27ffeed2deb6e797b67492b0dbb5f00dd7ef7ba2add542f22d7e9938d901b0be88902557be2fdba6419ccc49114c80bbd2f8f2049ebef9eb903112cfe9
-  data.tar.gz: ef2ca4d16f7cbfcc8150ceecc83f2e162b3b9e3cf39bd1ec3eb4692d51b70c5681d658266de0a8d6fbe501af9ee2156f78f6cc025f390d8edecab342564bfe1b
+  metadata.gz: 031c43f3c487649f1d6a83622afd3d438aa437e259864372c685b5e720b8b636cecbf7bf083afb58219b20120059c85ebf9bdfdb756afdbd59e713d7443a6f98
+  data.tar.gz: 0d2eb2b9519a859362aa6eda717ba8b0a9ef54fa975824f76c295f84e1750d2c30a3d5b9b0983e075c8bf1b89a2d80c6c3b469952920bd5537ed728d4b140e62

data/CHANGELOG.md CHANGED Viewed

@@ -1,281 +1,129 @@
-## Rails 8.0.2.1 (August 13, 2025) ##
+## Rails 8.1.0.beta1 (September 04, 2025) ##
-*   No changes.
+*   Add command `rails credentials:fetch PATH` to get the value of a credential from the credentials file.
+    ```bash
+    $ bin/rails credentials:fetch kamal_registry.password
+    ```
-## Rails 8.0.2 (March 12, 2025) ##
-*   No changes.
-## Rails 8.0.2 (March 12, 2025) ##
-*   Fix Rails console to load routes.
-    Otherwise `*_path` and `*url` methods are missing on the `app` object.
-    *Édouard Chin*
-*   Update `rails new --minimal` option
-    Extend the `--minimal` flag to exclude recently added features:
-    `skip_brakeman`, `skip_ci`, `skip_docker`, `skip_kamal`, `skip_rubocop`, `skip_solid` and `skip_thruster`.
-    *eelcoj*
-*   Use `secret_key_base` from ENV or credentials when present locally.
-    When ENV["SECRET_KEY_BASE"] or
-    `Rails.application.credentials.secret_key_base` is set for test or
-    development, it is used for the `Rails.config.secret_key_base`,
-    instead of generating a `tmp/local_secret.txt` file.
-    *Petrik de Heus*
-## Rails 8.0.1 (December 13, 2024) ##
-*   Skip generation system tests related code for CI when `--skip-system-test` is given.
-    *fatkodima*
-*   Don't add bin/thrust if thruster is not in Gemfile.
-    *Étienne Barrié*
-*   Don't install a package for system test when applications don't use it.
-    *y-yagi*
-## Rails 8.0.0.1 (December 10, 2024) ##
-*   No changes.
-## Rails 8.0.0 (November 07, 2024) ##
-*   No changes.
-## Rails 8.0.0.rc2 (October 30, 2024) ##
-*   Fix incorrect database.yml with `skip_solid`.
-    *Joé Dupuis*
-*   Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
-    *Rafael Mendonça França*
-## Rails 8.0.0.rc1 (October 19, 2024) ##
-*   Remove deprecated support to extend Rails console through `Rails::ConsoleMethods`.
-    *Rafael Mendonça França*
-*   Remove deprecated file `rails/console/helpers`.
-    *Rafael Mendonça França*
-*   Remove deprecated file `rails/console/app`.
-    *Rafael Mendonça França*
-*   Remove deprecated `config.read_encrypted_secrets`.
-    *Rafael Mendonça França*
-*   Add Kamal support for devcontainers
-    Previously generated devcontainer could not use docker and therefore Kamal.
-    *Joé Dupuis*
-## Rails 8.0.0.beta1 (September 26, 2024) ##
-*   Exit `rails g` with code 1 if generator could not be found.
-    Previously `rails g` returned 0, which would make it harder to catch typos in scripts calling `rails g`.
-    *Christopher Özbek*
+    *Matthew Nguyen*, *Jean Boussier*
-*   Remove `require_*` statements from application.css to align with the transition from Sprockets to Propshaft.
+*   Generate static BCrypt password digests in fixtures instead of dynamic ERB expressions.
-    With Propshaft as the default asset pipeline in Rails 8, the require_tree and require_self clauses in application.css are no longer necessary, as they were specific to Sprockets. Additionally, the comment has been updated to clarify that CSS precedence now follows standard cascading order without automatic prioritization by the asset pipeline.
+    Previously, fixtures with password digest attributes used `<%= BCrypt::Password.create("secret") %>`,
+    which regenerated the hash on each test run. Now generates a static hash with a comment
+    showing how to recreate it.
-    *Eduardo Alencar*
+    *Nate Smith*, *Cassia Scheffer*
-*   Do not include redis by default in generated Dev Containers.
+*   Broaden the `.gitignore` entry when adding a credentials key to ignore all key files.
-    Now that applications use the Solid Queue and Solid Cache gems by default, we do not need to include redis
-    in the Dev Container. We will only include redis if `--skip-solid` is used when generating an app that uses
-    Active Job or Action Cable.
+    *Greg Molnar*
-    When generating a Dev Container for an existing app, we will not include redis if either of the solid gems
-    are in use.
+*   Remove unnecessary `ruby-version` input from `ruby/setup-ruby`
-    *Andrew Novoselac*
+    *TangRufus*
-*   Use [Solid Cable](https://github.com/rails/solid_cable) as the default Action Cable adapter in production, configured as a separate queue database in config/database.yml. It keeps messages in a table and continuously polls for updates. This makes it possible to drop the common dependency on Redis, if it isn't needed for any other purpose. Despite polling, the performance of Solid Cable is comparable to Redis in most situations. And in all circumstances, it makes it easier to deploy Rails when Redis is no longer a required dependency for Action Cable functionality.
+*   Add --reset option to bin/setup which will call db:reset as part of the setup.
     *DHH*
-*   Use [Solid Queue](https://github.com/rails/solid_queue) as the default Active Job backend in production, configured as a separate queue database in config/database.yml. In a single-server deployment, it'll run as a Puma plugin. This is configured in `config/deploy.yml` and can easily be changed to use a dedicated jobs machine.
-    *DHH*
+*   Add RuboCop cache restoration to RuboCop job in GitHub Actions workflow templates.
-*   Use [Solid Cache](https://github.com/rails/solid_cache) as the default Rails.cache backend in production, configured as a separate cache database in config/database.yml.
+    *Lovro Bikić*
-    *DHH*
-*   Add Rails::Rack::SilenceRequest middleware and use it via `config.silence_healthcheck_path = path`
-    to silence requests to "/up". This prevents the Kamal-required health checks from clogging up
-    the production logs.
-    *DHH*
+*   Skip generating mailer-related files in authentication generator if the application does
+    not use ActionMailer
-*   Introduce `mariadb-mysql` and `mariadb-trilogy` database options for `rails new`
+    *Rami Massoud*
-    When used with the `--devcontainer` flag, these options will use `mariadb` as the database for the
-    Dev Container. The original `mysql` and `trilogy` options will use `mysql`. Users who are not
-    generating a Dev Container do not need to use the new options.
+*   Introduce `bin/ci` for running your tests, style checks, and security audits locally or in the cloud.
-    *Andrew Novoselac*
-*   Deprecate `::STATS_DIRECTORIES`.
-    The global constant `STATS_DIRECTORIES` has been deprecated in favor of
-    `Rails::CodeStatistics.register_directory`.
-    Add extra directories with `Rails::CodeStatistics.register_directory(label, path)`:
+    The specific steps are defined by a new DSL in `config/ci.rb`.
     ```ruby
-    require "rails/code_statistics"
-    Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir')
+    ActiveSupport::ContinuousIntegration.run do
+      step "Setup", "bin/setup --skip-server"
+      step "Style: Ruby", "bin/rubocop"
+      step "Security: Gem audit", "bin/bundler-audit"
+      step "Tests: Rails", "bin/rails test test:system"
+    end
     ```
-    *Petrik de Heus*
-*   Enable query log tags by default on development env
-    This can be used to trace troublesome SQL statements back to the application
-    code that generated these statements. It is also useful when using multiple
-    databases because the query logs can identify which database is being used.
+    Optionally use [gh-signoff](https://github.com/basecamp/gh-signoff) to
+    set a green PR status - ready for merge.
-    *Matheus Richard*
+    *Jeremy Daer*, *DHH*
-*   Defer route drawing to the first request, or when url_helpers are called
+*   Generate session controller tests when running the authentication generator.
-    Executes the first routes reload in middleware, or when a route set's
-    url_helpers receives a route call / asked if it responds to a route.
-    Previously, this was executed unconditionally on boot, which can
-    slow down boot time unnecessarily for larger apps with lots of routes.
+    *Jerome Dalbert*
-    Environments like production that have `config.eager_load = true` will
-    continue to eagerly load routes on boot.
+*   Add bin/bundler-audit and config/bundler-audit.yml for discovering and managing known security problems with app gems.
-    *Gannon McGibbon*
+    *DHH*
-*   Generate form helpers to use `textarea*` methods instead of `text_area*` methods
+*   Rails no longer generates a `bin/bundle` binstub when creating new applications.
-    *Sean Doyle*
+    The `bin/bundle` binstub used to help activate the right version of bundler.
+    This is no longer necessary as this mechanism is now part of Rubygem itself.
-*   Add authentication generator to give a basic start to an authentication system using database-tracked sessions and password reset.
+    *Edouard Chin*
-    Generate with...
+*   Add a `SessionTestHelper` module with `sign_in_as(user)` and `sign_out` test helpers when
+    running `rails g authentication`. Simplifies authentication in integration tests.
-    ```
-    bin/rails generate authentication
-    ```
+    *Bijan Rahnema*
-    Generated files:
+*   Rate limit password resets in authentication generator
-    ```
-    app/models/current.rb
-    app/models/user.rb
-    app/models/session.rb
-    app/controllers/sessions_controller.rb
-    app/controllers/passwords_controller.rb
-    app/mailers/passwords_mailer.rb
-    app/views/sessions/new.html.erb
-    app/views/passwords/new.html.erb
-    app/views/passwords/edit.html.erb
-    app/views/passwords_mailer/reset.html.erb
-    app/views/passwords_mailer/reset.text.erb
-    db/migrate/xxxxxxx_create_users.rb
-    db/migrate/xxxxxxx_create_sessions.rb
-    test/mailers/previews/passwords_mailer_preview.rb
-    ```
+    This helps mitigate abuse from attackers spamming the password reset form.
-    *DHH*
+    *Chris Oliver*
+*   Update `rails new --minimal` option
-*   Add not-null type modifier to migration attributes.
+    Extend the `--minimal` flag to exclude recently added features:
+    `skip_brakeman`, `skip_ci`, `skip_docker`, `skip_kamal`, `skip_rubocop`, `skip_solid` and `skip_thruster`.
-    Generating with...
+    *eelcoj*
-    ```
-    bin/rails generate migration CreateUsers email_address:string!:uniq password_digest:string!
-    ```
+*   Add `application-name` metadata to application layout
-    Produces:
+    The following metatag will be added to `app/views/layouts/application.html.erb`
-    ```ruby
-    class CreateUsers < ActiveRecord::Migration[8.0]
-      def change
-        create_table :users do |t|
-          t.string :email_address, null: false
-          t.string :password_digest, null: false
-          t.timestamps
-        end
-        add_index :users, :email_address, unique: true
-      end
-    end
+    ```html
+    <meta name="application-name" content="Name of Rails Application">
     ```
-    *DHH*
-*   Add a `script` folder to applications, and a scripts generator.
-    The new `script` folder is meant to hold one-off or general purpose scripts,
-    such as data migration scripts, cleanup scripts, etc.
-    A new script generator allows you to create such scripts:
+    *Steve Polito*
-    ```
-    bin/rails generate script my_script
-    bin/rails generate script data/backfill
-    ```
+*   Use `secret_key_base` from ENV or credentials when present locally.
-    You can run the generated script using:
+    When ENV["SECRET_KEY_BASE"] or
+    `Rails.application.credentials.secret_key_base` is set for test or
+    development, it is used for the `Rails.config.secret_key_base`,
+    instead of generating a `tmp/local_secret.txt` file.
-    ```
-    bundle exec ruby script/my_script.rb
-    bundle exec ruby script/data/backfill.rb
-    ```
+    *Petrik de Heus*
-    *Jerome Dalbert*, *Haroon Ahmed*
+*   Introduce `RAILS_MASTER_KEY` placeholder in generated ci.yml files
-*   Deprecate `bin/rake stats` in favor of `bin/rails stats`.
+    *Steve Polito*
-    *Juan Vásquez*
+*   Colorize the Rails console prompt even on non standard environments.
-*   Add internal page `/rails/info/notes`, that displays the same information as `bin/rails notes`.
+    *Lorenzo Zabot*
-    *Deepak Mahakale*
+*   Don't enable YJIT in development and test environments
-*   Add Rubocop and GitHub Actions to plugin generator.
-    This can be skipped using --skip-rubocop and --skip-ci.
+    Development and test environments tend to reload code and redefine methods (e.g. mocking),
+    hence YJIT isn't generally faster in these environments.
-    *Chris Oliver*
+    *Ali Ismayilov*, *Jean Boussier*
-*   Use Kamal for deployment by default, which includes generating a Rails-specific config/deploy.yml.
-    This can be skipped using --skip-kamal. See more: https://kamal-deploy.org/
+*   Only include PermissionsPolicy::Middleware if policy is configured.
-    *DHH*
+    *Petrik de Heus*
-Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/railties/CHANGELOG.md) for previous changes.
+Please check [8-0-stable](https://github.com/rails/rails/blob/8-0-stable/railties/CHANGELOG.md) for previous changes.

data/README.rdoc CHANGED Viewed

@@ -34,6 +34,6 @@ Bug reports can be filed for the Ruby on \Rails project here:
 * https://github.com/rails/rails/issues
-Feature requests should be discussed on the rails-core mailing list here:
+Feature requests should be discussed on the rubyonrails-core forum here:
 * https://discuss.rubyonrails.org/c/rubyonrails-core

data/lib/minitest/rails_plugin.rb CHANGED Viewed

@@ -26,6 +26,8 @@ module Minitest
   end
   class ProfileReporter < Reporter
+    attr_accessor :results
     def initialize(io = $stdout, options = {})
       super
       @results = []
@@ -33,26 +35,49 @@ module Minitest
     end
     def record(result)
-      @results << result
+      if output_file = ENV["RAILTIES_OUTPUT_FILE"]
+        File.open(output_file, "a") do |f|
+          # Round-trip for re-serialization
+          data = JSON.parse(result.to_json)
+          data[:location] = result.location
+          f.puts(data.to_json)
+        end
+      else
+        @results << result
+      end
+    end
+    def passed?
+      true
     end
     def report
-      total_time = @results.sum(&:time)
+      # Skip if we're outputting to a file
+      return if ENV["RAILTIES_OUTPUT_FILE"]
+      print_summary
+    end
-      @results.sort! { |a, b| b.time <=> a.time }
-      slow_results = @results.take(@count)
-      slow_tests_total_time = slow_results.sum(&:time)
+    def summary
+      print_summary
+    end
+    private
+      def print_summary
+        total_time = @results.sum(&:time)
-      ratio = (total_time == 0) ? 0.0 : (slow_tests_total_time / total_time) * 100
+        @results.sort! { |a, b| b.time <=> a.time }
+        slow_results = @results.take(@count)
+        slow_tests_total_time = slow_results.sum(&:time)
-      io.puts("\nTop %d slowest tests (%.2f seconds, %.1f%% of total time):\n" % [slow_results.size, slow_tests_total_time, ratio])
-      slow_results.each do |result|
-        io.puts("  %s\n    %.4f seconds %s\n" % [result.location, result.time, source_location(result)])
+        ratio = (total_time == 0) ? 0.0 : (slow_tests_total_time / total_time) * 100
+        io.puts("\nTop %d slowest tests (%.2f seconds, %.1f%% of total time):\n" % [slow_results.size, slow_tests_total_time, ratio])
+        slow_results.each do |result|
+          io.puts("  %s\n    %.4f seconds %s\n" % [result.location, result.time, source_location(result)])
+        end
+        io.puts("\n")
       end
-      io.puts("\n")
-    end
-    private
       def source_location(result)
         filename, line = result.source_location
         return "" unless filename
@@ -102,8 +127,19 @@ module Minitest
       options[:profile] = count
     end
+    opts.on(/^[^-]/) do |test_file|
+      options[:test_files] ||= []
+      options[:test_files] << test_file
+    end
     options[:color] = true
     options[:output_inline] = true
+    opts.on do
+      if ::Rails::TestUnit::Runner.load_test_files
+        ::Rails::TestUnit::Runner.load_tests(options.fetch(:test_files, []))
+      end
+    end
   end
   # Owes great inspiration to test runner trailblazers like RSpec,

data/lib/rails/application/bootstrap.rb CHANGED Viewed

@@ -59,9 +59,7 @@ module Rails
           end
         else
           Rails.logger.level = ActiveSupport::Logger.const_get(config.log_level.to_s.upcase)
-          broadcast_logger = ActiveSupport::BroadcastLogger.new(Rails.logger)
-          broadcast_logger.formatter = Rails.logger.formatter
-          Rails.logger = broadcast_logger
+          Rails.logger = ActiveSupport::BroadcastLogger.new(Rails.logger)
         end
       end
@@ -73,6 +71,11 @@ module Rails
         end
       end
+      initializer :initialize_event_reporter, group: :all do
+        Rails.event.raise_on_error = config.consider_all_requests_local
+        Rails.event.debug_mode = config.consider_all_requests_local
+      end
       # Initialize cache early in the stack so railties can make use of it.
       initializer :initialize_cache, group: :all do
         cache_format_version = config.active_support.delete(:cache_format_version)

data/lib/rails/application/configuration.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module Rails
                     :beginning_of_week, :filter_redirect, :x,
                     :content_security_policy_report_only,
                     :content_security_policy_nonce_generator, :content_security_policy_nonce_directives,
+                    :content_security_policy_nonce_auto,
                     :require_master_key, :credentials, :disable_sandbox, :sandbox_by_default,
                     :add_autoload_paths_to_load_path, :rake_eager_load, :server_timing, :log_file_size,
                     :dom_testing_default_html_version, :yjit
@@ -72,6 +73,7 @@ module Rails
         @content_security_policy_report_only     = false
         @content_security_policy_nonce_generator = nil
         @content_security_policy_nonce_directives = nil
+        @content_security_policy_nonce_auto      = false
         @require_master_key                      = false
         @loaded_config_version                   = nil
         @credentials                             = ActiveSupport::InheritableOptions.new(credentials_defaults)
@@ -346,6 +348,30 @@ module Rails
           end
           Regexp.timeout ||= 1 if Regexp.respond_to?(:timeout=)
+        when "8.1"
+          load_defaults "8.0"
+          # Development and test environments tend to reload code and
+          # redefine methods (e.g. mocking), hence YJIT isn't generally
+          # faster in these environments.
+          self.yjit = !Rails.env.local?
+          if respond_to?(:action_controller)
+            action_controller.escape_json_responses = false
+            action_controller.action_on_path_relative_redirect = :raise
+          end
+          if respond_to?(:active_record)
+            active_record.raise_on_missing_required_finder_order_columns = true
+          end
+          if respond_to?(:action_view)
+            action_view.render_tracker = :ruby
+          end
+          if respond_to?(:action_view)
+            action_view.remove_hidden_field_autocomplete = true
+          end
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end

data/lib/rails/application/default_middleware_stack.rb CHANGED Viewed

@@ -83,7 +83,7 @@ module Rails
           unless config.api_only
             middleware.use ::ActionDispatch::Flash
             middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware
-            middleware.use ::ActionDispatch::PermissionsPolicy::Middleware
+            middleware.use ::ActionDispatch::PermissionsPolicy::Middleware if config.permissions_policy
           end
           middleware.use ::Rack::Head

data/lib/rails/application/finisher.rb CHANGED Viewed

@@ -229,7 +229,8 @@ module Rails
       initializer :enable_yjit do
         if config.yjit && defined?(RubyVM::YJIT.enable)
-          RubyVM::YJIT.enable
+          options = config.yjit.is_a?(Hash) ? config.yjit : {}
+          RubyVM::YJIT.enable(**options)
         end
       end
     end

data/lib/rails/application/routes_reloader.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require "active_support/core_ext/module/delegation"
 module Rails
   class Application
@@ -9,7 +8,7 @@ module Rails
       attr_reader :route_sets, :paths, :external_routes, :loaded
       attr_accessor :eager_load
-      attr_writer :run_after_load_paths # :nodoc:
+      attr_writer :run_after_load_paths, :loaded # :nodoc:
       delegate :execute_if_updated, :updated?, to: :updater
       def initialize

data/lib/rails/application.rb CHANGED Viewed

@@ -2,10 +2,8 @@
 require "yaml"
 require "active_support/core_ext/hash/keys"
-require "active_support/core_ext/object/blank"
 require "active_support/key_generator"
 require "active_support/message_verifiers"
-require "active_support/deprecation"
 require "active_support/encrypted_configuration"
 require "active_support/hash_with_indifferent_access"
 require "active_support/configuration_file"
@@ -158,7 +156,11 @@ module Rails
     # Reload application routes regardless if they changed or not.
     def reload_routes!
-      routes_reloader.reload!
+      if routes_reloader.execute_unless_loaded
+        routes_reloader.loaded = false
+      else
+        routes_reloader.reload!
+      end
     end
     def reload_routes_unless_loaded # :nodoc:
@@ -612,7 +614,7 @@ module Rails
     end
     def railties_initializers(current) # :nodoc:
-      initializers = []
+      initializers = Initializable::Collection.new
       ordered_railties.reverse.flatten.each do |r|
         if r == self
           initializers += current

data/lib/rails/application_controller.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "action_controller"
 class Rails::ApplicationController < ActionController::Base # :nodoc:
   prepend_view_path File.expand_path("templates", __dir__)
   layout "application"

data/lib/rails/command/base.rb CHANGED Viewed

@@ -3,8 +3,6 @@
 require "thor"
 require "erb"
-require "active_support/core_ext/class/attribute"
-require "active_support/core_ext/module/delegation"
 require "active_support/core_ext/string/inflections"
 require "rails/command/actions"

data/lib/rails/command/environment_argument.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require "active_support"
-require "active_support/core_ext/class/attribute"
 module Rails
   module Command

data/lib/rails/command.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 require "active_support"
+require "active_support/rails"
 require "active_support/core_ext/enumerable"
-require "active_support/core_ext/object/blank"
 require "rails/deprecator"
 require "thor"