sequel 5.71.0 → 5.72.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17fbd14a63974634d39c289194210ea773d5e2017ad24ac3f6a5c89cc6eb481d
-  data.tar.gz: 390a9c664bf0a7710bb341ef8699e53b0ed2ea4d4fd2c221f7e140393d52047e
+  metadata.gz: 9e135f19f0f4fb1b78f2c3d0c542ca3db937fa6e1e4960d11120e36a0f6ca314
+  data.tar.gz: f1550faa63cfda46f2fc2c4142e009e19357ce961f8e63542874cabdefbaf597
 SHA512:
-  metadata.gz: 0af7a0afdad27b270d69eb8248e734408c0c132d209c111f03957a14d1fc2ef44fc4a6da66eaa4986dadf1565f428a140dc9b807bb0215117b015b69057445a1
-  data.tar.gz: a2aade8559d69fe43306b6834069e976f57809170e1a9102501e4031d899dd046119de95f485712024e68aa5b077cf63cccc74b7a77b244e821a2c42b87a09a3
+  metadata.gz: '093c3ca50f23e97bc3a10b1b0b2a4dea3f79e9cc85bff92801676709fad00e36dd8a84156a5179758bf091fe9e1486d65fc3de300a2b8038f181f36d16481918'
+  data.tar.gz: db0f0c8c81e1fa33b80dbc2e45d477997392965c5aca8a32fc92125843cff4b49045d3d83bd182c9b8bdf980336e1dc97c47a1a32e186e6ef01e5b7d98bbd0a5

data/CHANGELOG

@@ -1,3 +1,13 @@
+=== 5.72.0 (2023-09-01)
+
+* Sort caches before marshalling when using schema_caching, index_caching, static_cache_cache, and pg_auto_constraint_validations (jeremyevans)
+
+* Change the defaults_setter plugin do a deep-copy of database default hash/array values and delegates (jeremyevans) (#2069)
+
+* Add pg_auto_parameterize_in_array extension, for converting IN/NOT IN to = ANY or != ALL for more types (jeremyevans)
+
+* Fix literalization of infinite and NaN float values in PostgreSQL array bound variables (jeremyevans)
+
 === 5.71.0 (2023-08-01)
 
 * Support ILIKE ANY on PostgreSQL by not forcing the use of ESCAPE for ILIKE (gilesbowkett) (#2066)

data/README.rdoc

@@ -825,7 +825,7 @@ You can dynamically customize eager loads for both +eager+ and +eager_graph+ whi
 
 === Joining with Associations
 
-You can use the +association_join+ method to add a join to the model's dataset based on the assocation:
+You can use the +association_join+ method to add a join to the model's dataset based on the association:
 
   Post.association_join(:author)
   # SELECT * FROM posts

data/doc/mass_assignment.rdoc

@@ -48,7 +48,7 @@ If you want to change mass assignment so it ignores attempts to access restricte
 Since mass assignment by default allows modification of all column values except for primary key columns, it can be a security risk in some cases.
 If you are dealing with untrusted input, you are generally going to want to restrict what should be updated.
 
-Sequel has <tt>Model#set_fields</tt> and <tt>Model#update_fields</tt> methods, which are designed to be used with untrused input.
+Sequel has <tt>Model#set_fields</tt> and <tt>Model#update_fields</tt> methods, which are designed to be used with untrusted input.
 These methods take two arguments, the untrusted hash as the first argument, and a trusted array of field names as the second argument:
 
   post.set_fields({title: 'T', body: 'B'}, [:title, :body])

data/doc/release_notes/5.72.0.txt

@@ -0,0 +1,33 @@
+= New Features
+
+* A pg_auto_parameterize_in_array extension has been added, which
+  handles conversion of IN/NOT IN to = ANY or != ALL for more types.
+  The pg_auto_parameterize extension only handles integer types by
+  default, because other types require the pg_array extension. This
+  new extension adds handling for Float, BigDecimal, Date, Time,
+  DateTime, Sequel::SQLTime, and Sequel::SQL::Blob types.  It can
+  also handle String types if the :treat_string_list_as_text_array
+  Database option is present, using the text type for that. Handling
+  String values as text is not the default because that may cause
+  issues for some queries.
+
+= Other Improvements
+
+* The defaults_setter plugin now does a deep copy of database
+  default values that are hash/array or delegates to hash/array.
+  This fixes cases where the database default values are mutated.
+
+* Sequel now correctly handles infinite and NaN float values used
+  inside PostgreSQL array bound variables.
+
+* The data in the cache files used by the schema_caching and
+  index_caching extensions and static_cache_cache and
+  pg_auto_constraint_validations plugins are now sorted before the
+  cache file is saved, increasing consistency between runs.
+
+* bigdecimal has been added as a dependency.  bigdecimal is currently
+  a default gem in Ruby from 1.9 to 3.2, but it will move to a
+  bundled gem in Ruby 3.4, and there will be warnings in Ruby 3.3
+  for cases that will break in Ruby 3.4.  Adding bigdecimal as a
+  dependency should avoid warnings when using bundler in Ruby 3.3,
+  and should avoid errors in Ruby 3.4.

data/doc/testing.rdoc

@@ -176,7 +176,7 @@ SEQUEL_MODEL_PREPARED_STATEMENTS :: Use the prepared_statements plugin when runn
 SEQUEL_MODEL_THROW_FAILURES :: Use the throw_failures plugin when running the specs
 SEQUEL_NO_CACHE_ASSOCIATIONS :: Don't cache association metadata when running the specs
 SEQUEL_NO_PENDING :: Don't skip any specs, try running all specs (note, can cause lockups for some adapters)
-SEQUEL_PG_AUTO_PARAMETERIZE :: Use the pg_auto_parameterize extension when running the postgres specs
+SEQUEL_PG_AUTO_PARAMETERIZE :: Use the pg_auto_parameterize extension when running the postgres specs.  Value can be +in_array+ to test the pg_auto_parameterize_in_array extension, and +in_array_string+ to test the pg_auto_parameterize_in_array extension with the +:treat_in_string_list_as_text_array+ Database option set.
 SEQUEL_PG_TIMESTAMPTZ :: Use the pg_timestamptz extension when running the postgres specs
 SEQUEL_PRIMARY_KEY_LOOKUP_CHECK_VALUES :: Use the primary_key_lookup_check_values extension when running the adapter or integration specs
 SEQUEL_QUERY_PER_ASSOCIATION_DB_0_URL :: Run query-per-association integration tests with multiple databases (all 4 must be set to run)

data/lib/sequel/extensions/index_caching.rb

@@ -56,7 +56,11 @@ module Sequel
     
     # Dump the index cache to the filename given in Marshal format.
     def dump_index_cache(file)
-      File.open(file, 'wb'){|f| f.write(Marshal.dump(@indexes))}
+      indexes = {}
+      @indexes.sort.each do |k, v|
+        indexes[k] = v
+      end
+      File.open(file, 'wb'){|f| f.write(Marshal.dump(indexes))}
       nil
     end
 

data/lib/sequel/extensions/pg_array.rb

@@ -233,6 +233,14 @@ module Sequel
             a
           when String
             bound_variable_array_string(a)
+          when Float
+            if a.infinite?
+              a > 0 ? '"Infinity"' : '"-Infinity"'
+            elsif a.nan?
+              '"NaN"'
+            else
+              literal(a)
+            end
           else
             if (s = bound_variable_arg(a, nil)).is_a?(String)
               bound_variable_array_string(s)

data/lib/sequel/extensions/pg_auto_parameterize_in_array.rb

@@ -0,0 +1,110 @@
+# frozen-string-literal: true
+#
+# The pg_auto_parameterize_in_array extension builds on the pg_auto_parameterize
+# extension, adding support for handling additional types when converting from
+# IN to = ANY and NOT IN to != ALL:
+#
+#   DB[:table].where(column: [1.0, 2.0, ...])
+#   # Without extension: column IN ($1::numeric, $2:numeric, ...) # bound variables: 1.0, 2.0, ...
+#   # With extension:    column = ANY($1::numeric[]) # bound variables: [1.0, 2.0, ...]
+#
+# This prevents the use of an unbounded number of bound variables based on the
+# size of the array, as well as using different SQL for different array sizes.
+#
+# The following types are supported when doing the conversions, with the database
+# type used:
+#
+# Float :: if any are infinite or NaN, double precision, otherwise numeric
+# BigDecimal :: numeric
+# Date :: date
+# Time :: timestamp (or timestamptz if pg_timestamptz extension is used)
+# DateTime :: timestamp (or timestamptz if pg_timestamptz extension is used)
+# Sequel::SQLTime :: time
+# Sequel::SQL::Blob :: bytea
+# 
+# String values are also supported using the +text+ type, but only if the 
+# +:treat_string_list_as_text_array+ Database option is used. This is because
+# treating strings as text can break programs, since the type for
+# literal strings in PostgreSQL is +unknown+, not +text+.
+#
+# The conversion is only done for single dimensional arrays that have more
+# than two elements, where all elements are of the same class (other than
+# nil values).
+#
+# Related module: Sequel::Postgres::AutoParameterizeInArray
+
+module Sequel
+  module Postgres
+    # Enable automatically parameterizing queries.
+    module AutoParameterizeInArray
+      # Transform column IN (...) expressions into column = ANY($)
+      # and column NOT IN (...) expressions into column != ALL($)
+      # using an array bound variable for the ANY/ALL argument,
+      # if all values inside the predicate are of the same type and
+      # the type is handled by the extension.
+      # This is the same optimization PostgreSQL performs internally,
+      # but this reduces the number of bound variables.
+      def complex_expression_sql_append(sql, op, args)
+        case op
+        when :IN, :"NOT IN"
+          l, r = args
+          if auto_param?(sql) && (type = _bound_variable_type_for_array(r))
+            if op == :IN 
+              op = :"="
+              func = :ANY
+            else
+              op = :!=
+              func = :ALL
+            end
+            args = [l, Sequel.function(func, Sequel.pg_array(r, type))]
+          end
+        end
+
+        super
+      end
+
+      private
+
+      # The bound variable type string to use for the bound variable array.
+      # Returns nil if a bound variable should not be used for the array.
+      def _bound_variable_type_for_array(r)
+        return unless Array === r && r.size > 1
+        classes = r.map(&:class)
+        classes.uniq!
+        classes.delete(NilClass)
+        return unless classes.size == 1
+
+        klass = classes[0]
+        if klass == Integer
+          # This branch is not taken on Ruby <2.4, because of the Fixnum/Bignum split.
+          # However, that causes no problems as pg_auto_parameterize handles integer
+          # arrays natively (though the SQL used is different)
+          "int8"
+        elsif klass == String
+          "text" if db.typecast_value(:boolean, db.opts[:treat_string_list_as_text_array])
+        elsif klass == BigDecimal
+          "numeric"
+        elsif klass == Date
+          "date"
+        elsif klass == Time
+          @db.cast_type_literal(Time)
+        elsif klass == Float
+          # PostgreSQL treats literal floats as numeric, not double precision
+          # But older versions of PostgreSQL don't handle Infinity/NaN in numeric
+          r.all?{|v| v.nil? || v.finite?} ? "numeric" : "double precision"
+        elsif klass == Sequel::SQLTime
+          "time"
+        elsif klass == DateTime
+          @db.cast_type_literal(DateTime)
+        elsif klass == Sequel::SQL::Blob
+          "bytea"
+        end
+      end
+    end
+  end
+
+  Database.register_extension(:pg_auto_parameterize_in_array) do |db|
+    db.extension(:pg_array, :pg_auto_parameterize)
+    db.extend_datasets(Postgres::AutoParameterizeInArray)
+  end
+end

data/lib/sequel/extensions/schema_caching.rb

@@ -52,7 +52,7 @@ module Sequel
     # Dump the cached schema to the filename given in Marshal format.
     def dump_schema_cache(file)
       sch = {}
-      @schemas.each do |k,v|
+      @schemas.sort.each do |k,v|
         sch[k] = v.map do |c, h|
           h = Hash[h]
           h.delete(:callable_default)

data/lib/sequel/plugins/defaults_setter.rb

@@ -1,5 +1,7 @@
 # frozen-string-literal: true
 
+require 'delegate'
+
 module Sequel
   module Plugins
     # The defaults_setter plugin makes the column getter methods return the default
@@ -106,6 +108,20 @@ module Sequel
             lambda{Date.today}
           when Sequel::CURRENT_TIMESTAMP
             lambda{dataset.current_datetime}
+          when Hash, Array
+            v = Marshal.dump(v).freeze
+            lambda{Marshal.load(v)}
+          when Delegator
+            # DelegateClass returns an anonymous case, which cannot be marshalled, so marshal the
+            # underlying object and create a new instance of the class with the unmarshalled object.
+            klass = v.class
+            case o = v.__getobj__
+            when Hash, Array
+              v = Marshal.dump(o).freeze
+              lambda{klass.new(Marshal.load(v))}
+            else
+              v
+            end
           else
             v
           end

data/lib/sequel/plugins/pg_auto_constraint_validations.rb

@@ -133,7 +133,11 @@ module Sequel
         # Dump the in-memory cached metadata to the cache file.
         def dump_pg_auto_constraint_validations_cache
           raise Error, "No pg_auto_constraint_validations setup" unless file = @pg_auto_constraint_validations_cache_file
-          File.open(file, 'wb'){|f| f.write(Marshal.dump(@pg_auto_constraint_validations_cache))}
+          pg_auto_constraint_validations_cache = {}
+          @pg_auto_constraint_validations_cache.sort.each do |k, v|
+            pg_auto_constraint_validations_cache[k] = v
+          end
+          File.open(file, 'wb'){|f| f.write(Marshal.dump(pg_auto_constraint_validations_cache))}
           nil
         end
 

data/lib/sequel/plugins/static_cache_cache.rb

@@ -26,7 +26,11 @@ module Sequel
       module ClassMethods
         # Dump the in-memory cached rows to the cache file.
         def dump_static_cache_cache
-          File.open(@static_cache_cache_file, 'wb'){|f| f.write(Marshal.dump(@static_cache_cache))}
+          static_cache_cache = {}
+          @static_cache_cache.sort.each do |k, v|
+            static_cache_cache[k] = v
+          end
+          File.open(@static_cache_cache_file, 'wb'){|f| f.write(Marshal.dump(static_cache_cache))}
           nil
         end
 

data/lib/sequel/version.rb

@@ -6,7 +6,7 @@ module Sequel
 
   # The minor version of Sequel.  Bumped for every non-patch level
   # release, generally around once a month.
-  MINOR = 71
+  MINOR = 72
 
   # The tiny version of Sequel.  Usually 0, only bumped for bugfix
   # releases that fix regressions from previous versions.

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: sequel
 version: !ruby/object:Gem::Version
-  version: 5.71.0
+  version: 5.72.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-01 00:00:00.000000000 Z
+date: 2023-09-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -204,6 +218,7 @@ extra_rdoc_files:
 - doc/release_notes/5.7.0.txt
 - doc/release_notes/5.70.0.txt
 - doc/release_notes/5.71.0.txt
+- doc/release_notes/5.72.0.txt
 - doc/release_notes/5.8.0.txt
 - doc/release_notes/5.9.0.txt
 files:
@@ -303,6 +318,7 @@ files:
 - doc/release_notes/5.7.0.txt
 - doc/release_notes/5.70.0.txt
 - doc/release_notes/5.71.0.txt
+- doc/release_notes/5.72.0.txt
 - doc/release_notes/5.8.0.txt
 - doc/release_notes/5.9.0.txt
 - doc/schema_modification.rdoc
@@ -445,6 +461,7 @@ files:
 - lib/sequel/extensions/pg_array.rb
 - lib/sequel/extensions/pg_array_ops.rb
 - lib/sequel/extensions/pg_auto_parameterize.rb
+- lib/sequel/extensions/pg_auto_parameterize_in_array.rb
 - lib/sequel/extensions/pg_enum.rb
 - lib/sequel/extensions/pg_extended_date_support.rb
 - lib/sequel/extensions/pg_extended_integer_support.rb