Update dependency rails to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
rails (source, changelog)	'~> 6.1.7', '>= 6.1.7.7' -> '~> 7.1.3', '>= 7.1.3.3'

---

Release Notes

rails/rails (rails)

v7.1.3.3: 7.1.3.3

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Upgrade Trix to 1.3.2 to fix CVE-2024-34341.

  Rafael Mendonça França

Railties

• No changes.

v7.1.3.2

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix raise_on_missing_translations not working correctly with the
  translate method in controllers after the patch for CVE-2024-26143.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

v7.1.3.1: 7.1.3.1

Compare Source

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

v7.1.3: 7.1.3

Compare Source

Active Support

• Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

  Eugene Kenny

• Fix ActiveSupport::JSON.encode to prevent duplicate keys.

  If the same key exist in both String and Symbol form it could
  lead to the same key being emitted twice.

  Manish Sharma

• Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace
  and local cache strategy.

  Mark Oleson

• Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

  There is a bug in the current implementation of #travel_to:
  it remembers a timezone of its argument, and all stubbed methods start
  returning results in that remembered timezone. However, the expected
  behaviour is to return results in a system timezone.

  Aleksei Chernenkov

• Fix :unless_exist option for MemoryStore#write (et al) when using a
  cache namespace.

  S. Brent Faulkner

• Fix ActiveSupport::Deprecation to handle blaming generated code.

  Jean Boussier, fatkodima

Active Model

• No changes.

Active Record

• Fix Migrations with versions older than 7.1 validating options given to
  add_reference.

  Hartley McGuire

• Ensure reload sets correct owner for each association.

  Dmytro Savochkin

• Fix view runtime for controllers with async queries.

  fatkodima

• Fix load_async to work with query cache.

  fatkodima

• Fix polymorphic belongs_to to correctly use parent's query_constraints.

  fatkodima

• Fix Preloader to not generate a query for already loaded association with query_constraints.

  fatkodima

• Fix multi-database polymorphic preloading with equivalent table names.

  When preloading polymorphic associations, if two models pointed to two
  tables with the same name but located in different databases, the
  preloader would only load one.

  Ari Summer

• Fix encrypted_attribute? to take into account context properties passed to encrypts.

  Maxime Réty

• Fix find_by to work correctly in presence of composite primary keys.

  fatkodima

• Fix async queries sometimes returning a raw result if they hit the query cache.

  ShipPart.async_count could return a raw integer rather than a Promise
  if it found the result in the query cache.

  fatkodima

• Fix Relation#transaction to not apply a default scope.

  The method was incorrectly setting a default scope around its block:

  Post.where(published: true).transaction do
    Post.count # SELECT COUNT(*) FROM posts WHERE published = FALSE;
  end

  Jean Boussier

• Fix calling async_pluck on a none relation.

  Model.none.async_pluck(:id) was returning a naked value
  instead of a promise.

  Jean Boussier

• Fix calling load_async on a none relation.

  Model.none.load_async was returning a broken result.

  Lucas Mazza

• TrilogyAdapter: ignore host if socket parameter is set.

  This allows to configure a connection on a UNIX socket via DATABASE_URL:

  DATABASE_URL=trilogy://does-not-matter/my_db_production?socket=/var/run/mysql.sock
  

  Jean Boussier

• Fix has_secure_token calls the setter method on initialize.

  Abeid Ahmed

• Allow using object_id as a database column name.
  It was available before rails 7.1 and may be used as a part of polymorphic relationship to object where object can be any other database record.

  Mikhail Doronin

• Fix rails db:create:all to not touch databases before they are created.

  fatkodima

Action View

• Better handle SyntaxError in Action View.

  Mario Caropreso

• Fix word_wrap with empty string.

  Jonathan Hefner

• Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

  Make RenderedViewContent inherit from String. Make private API with :nodoc:.

  Sean Doyle

• Fix detection of required strict locals.

  Further fix render @​collection compatibility with strict locals

  Jean Boussier

Action Pack

• Fix including Rails.application.routes.url_helpers directly in an
  ActiveSupport::Concern.

  Jonathan Hefner

• Fix system tests when using a Chrome binary that has been downloaded by
  Selenium.

  Jonathan Hefner

Active Job

• Do not trigger immediate loading of ActiveJob::Base when loading ActiveJob::TestHelper.

  Maxime Réty

• Preserve the serialized timezone when deserializing ActiveSupport::TimeWithZone arguments.

  Joshua Young

• Fix ActiveJob arguments serialization to correctly serialize String subclasses having custom serializers.

  fatkodima

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• Fix N+1 query when fetching preview images for non-image assets.

  Aaron Patterson & Justin Searls

• Fix all Active Storage database related models to respect
  ActiveRecord::Base.table_name_prefix configuration.

  Chedli Bourguiba

• Fix ActiveStorage::Representations::ProxyController not returning the proper
  preview image variant for previewable files.

  Chedli Bourguiba

• Fix ActiveStorage::Representations::ProxyController to proxy untracked
  variants.

  Chedli Bourguiba

• Fix direct upload forms when submit button contains nested elements.

  Marc Köhlbrugge

• When using the preprocessed: true option, avoid enqueuing transform jobs
  for blobs that are not representable.

  Chedli Bourguiba

• Process preview image variant when calling ActiveStorage::Preview#processed.
  For example, attached_pdf.preview(:thumb).processed will now immediately
  generate the full-sized preview image and the :thumb variant of it.
  Previously, the :thumb variant would not be generated until a further call
  to e.g. processed.url.

  Chedli Bourguiba and Jonathan Hefner

• Prevent ActiveRecord::StrictLoadingViolationError when strict loading is
  enabled and the variant of an Active Storage preview has already been
  processed (for example, by calling ActiveStorage::Preview#url).

  Jonathan Hefner

• Fix preprocessed: true option for named variants of previewable files.

  Nico Wenterodt

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Make sure config.after_routes_loaded hook runs on boot.

  Rafael Mendonça França

• Fix config.log_level not being respected when using a BroadcastLogger

  Édouard Chin

• Fix isolated engines to take ActiveRecord::Base.table_name_prefix into consideration.
  This will allow for engine defined models, such as inside Active Storage, to respect
  Active Record table name prefix configuration.

  Chedli Bourguiba

• The bin/rails app:template command will no longer add potentially unwanted
  gem platforms via bundle lock --add-platform=... commands.

  Jonathan Hefner

v7.1.2: 7.1.2

Compare Source

Active Support

• Fix :expires_in option for RedisCacheStore#write_multi.

  fatkodima

• Fix deserialization of non-string "purpose" field in Message serializer

  Jacopo Beschi

• Prevent global cache options being overwritten when setting dynamic options
  inside a ActiveSupport::Cache::Store#fetch block.

  Yasha Krasnou

• Fix missing require resulting in NoMethodError when running
  bin/rails secrets:show or bin/rails secrets:edit.

  Stephen Ierodiaconou

• Ensure {down,up}case_first returns non-frozen string.

  Jonathan Hefner

• Fix #to_fs(:human_size) to correctly work with negative numbers.

  Earlopain

• Fix BroadcastLogger#dup so that it duplicates the logger's broadcasts.

  Andrew Novoselac

• Fix issue where bootstrap.rb overwrites the level of a BroadcastLogger's broadcasts.

  Andrew Novoselac

• Fix ActiveSupport::Cache to handle outdated Marshal payload from Rails 6.1 format.

  Active Support's Cache is supposed to treat a Marshal payload that can no longer be
  deserialized as a cache miss. It fail to do so for compressed payload in the Rails 6.1
  legacy format.

  Jean Boussier

• Fix OrderedOptions#dig for array indexes.

  fatkodima

• Fix time travel helpers to work when nested using with separate classes.

  fatkodima

• Fix delete_matched for file cache store to work with keys longer than the
  max filename size.

  fatkodima and Jonathan Hefner

• Fix compatibility with the semantic_logger gem.

  The semantic_logger gem doesn't behave exactly like stdlib logger in that
  SemanticLogger#level returns a Symbol while stdlib Logger#level returns an Integer.

  This caused the various LogSubscriber classes in Rails to break when assigned a
  SemanticLogger instance.

  Jean Boussier, ojab

Active Model

• Make ==(other) method of AttributeSet safe.

  Dmitry Pogrebnoy

Active Record

• Fix renaming primary key index when renaming a table with a UUID primary key
  in PostgreSQL.

  fatkodima

• Fix where(field: values) queries when field is a serialized attribute
  (for example, when field uses ActiveRecord::Base.serialize or is a JSON
  column).

  João Alves

• Prevent marking broken connections as verified.

  Daniel Colson

• Don't mark Float::INFINITY as changed when reassigning it

  When saving a record with a float infinite value, it shouldn't mark as changed

  Maicol Bentancor

• ActiveRecord::Base.table_name now returns nil instead of raising
  "undefined method abstract_class? for Object:Class".

  a5-stable

• Fix upserting for custom :on_duplicate and :unique_by consisting of all
  inserts keys.

  fatkodima

• Fixed an issue where saving a
  record could innappropriately dup its attributes.

  Jonathan Hefner

• Dump schema only for a specific db for rollback/up/down tasks for multiple dbs.

  fatkodima

• Fix NoMethodError when casting a PostgreSQL money value that uses a
  comma as its radix point and has no leading currency symbol. For example,
  when casting "3,50".

  Andreas Reischuck and Jonathan Hefner

• Re-enable support for using enum with non-column-backed attributes.
  Non-column-backed attributes must be previously declared with an explicit
  type. For example:

  class Post < ActiveRecord::Base
    attribute :topic, :string
    enum topic: %i[science tech engineering math]
  end

  Jonathan Hefner

• Raise on foreign_key: being passed as an array in associations

  Nikita Vasilevsky

• Return back maximum allowed PostgreSQL table name to 63 characters.

  fatkodima

• Fix detecting IDENTITY columns for PostgreSQL < 10.

  fatkodima

Action View

• Fix the number_to_human_size view helper to correctly work with negative numbers.

  Earlopain

• Automatically discard the implicit locals injected by collection rendering for template that can't accept them

  When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.

  Now they are only passed if the template will actually accept them.

  Yasha Krasnou, Jean Boussier

• Fix @rails/ujs calling start() an extra time when using bundlers

  Hartley McGuire, Ryunosuke Sato

• Fix the capture view helper compatibility with HAML and Slim

  When a blank string was captured in HAML or Slim (and possibly other template engines)
  it would instead return the entire buffer.

  Jean Boussier

Action Pack

• Fix a race condition that could cause a Text file busy - chromedriver
  error with parallel system tests

  Matt Brictson

• Fix StrongParameters#extract_value to include blank values

  Otherwise composite parameters may not be parsed correctly when one of the
  component is blank.

  fatkodima, Yasha Krasnou, Matthias Eiglsperger

• Add racc as a dependency since it will become a bundled gem in Ruby 3.4.0

  Hartley McGuire

• Support handling Enumerator for non-buffered responses.

  Zachary Scott

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Compile ESM package that can be used directly in the browser as actiontext.esm.js

  Matias Grunberg

• Fix using actiontext.js with Sprockets

  Matias Grunberg

• Upgrade Trix to 2.0.7

  Hartley McGuire

• Fix using Trix with Sprockets

  Hartley McGuire

Railties

• Fix running db:system:change when app has no Dockerfile.

  Hartley McGuire

• If you accessed config.eager_load_paths and friends, later changes to
  config.paths were not reflected in the expected auto/eager load paths.
  Now, they are.

  This bug has been latent since Rails 3.

  Fixes #​49629.

  Xavier Noria

v7.1.1: 7.1.1

Compare Source

Active Support

• Add support for keyword arguments when delegating calls to custom loggers from ActiveSupport::BroadcastLogger.

  Jenny Shen

• NumberHelper: handle objects responding to_d.

  fatkodima

• Fix RedisCacheStore to properly set the TTL when incrementing or decrementing.

  This bug was only impacting Redis server older than 7.0.

  Thomas Countz

• Fix MemoryStore to prevent race conditions when incrementing or decrementing.

  Pierre Jambet

Active Model

• No changes.

Active Record

• Fix auto populating IDENTITY columns for PostgreSQL.

  fatkodima

• Fix "ArgumentError: wrong number of arguments (given 3, expected 2)" when
  down migrating rename_table in older migrations.

  fatkodima

• Do not require the Action Text, Active Storage and Action Mailbox tables
  to be present when running when running test on CI.

  Rafael Mendonça França

Action View

• Updated @rails/ujs files to ignore certain data-* attributes when element is contenteditable.

  This fix was already landed in >= 7.0.4.3, < 7.1.0.
  [CVE-2023-23913]

  Ryunosuke Sato

Action Pack

• No changes.

Active Job

• Don't log enqueuing details when the job wasn't enqueued.

  Dustin Brown

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Ensures the Rails generated Dockerfile uses correct ruby version and matches Gemfile.

  Abhay Nikam

v7.1.0: 7.1.0

Compare Source

Active Support

• Fix AS::MessagePack with ENV["RAILS_MAX_THREADS"].

  Jonathan Hefner

• Add a new public API for broadcasting logs

  This feature existed for a while but was until now a private API.
  Broadcasting log allows to send log message to difference sinks (STDOUT, a file ...) and
  is used by default in the development environment to write logs both on STDOUT and in the
  "development.log" file.

  Basic usage:

  stdout_logger = Logger.new(STDOUT)
  file_logger = Logger.new("development.log")
  broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger, file_logger)
  
  broadcast.info("Hello!") # The "Hello!" message is written on STDOUT and in the log file.

  Adding other sink(s) to the broadcast:

  broadcast = ActiveSupport::BroadcastLogger.new
  broadcast.broadcast_to(Logger.new(STDERR))

  Remove a sink from the broadcast:

  stdout_logger = Logger.new(STDOUT)
  broadcast = ActiveSupport::BroadcastLogger.new(stdout_logger)
  
  broadcast.stop_broadcasting_to(stdout_logger)

  Edouard Chin

• Fix Range#overlap? not taking empty ranges into account on Ruby < 3.3

  Nobuyoshi Nakada, Shouichi Kamiya, Hartley McGuire

• Use Ruby 3.3 Range#overlap? if available

  Yasuo Honda

• Add bigdecimal as Active Support dependency that is a bundled gem candidate for Ruby 3.4.

  bigdecimal 3.1.4 or higher version will be installed.
  Ruby 2.7 and 3.0 users who want bigdecimal version 2.0.0 or 3.0.0 behavior as a default gem,
  pin the bigdecimal version in your application Gemfile.

  Koichi ITO

• Add drb, mutex_m and base64 that are bundled gem candidates for Ruby 3.4

  Yasuo Honda

• When using cache format version >= 7.1 or a custom serializer, expired and
  version-mismatched cache entries can now be detected without deserializing
  their values.

  Jonathan Hefner

• Make all cache stores return a boolean for #delete

  Previously the RedisCacheStore#delete would return 1 if the entry
  exists and 0 otherwise. Now it returns true if the entry exists and false
  otherwise, just like the other stores.

  The FileStore would return nil if the entry doesn't exists and returns
  false now as well.

  Petrik de Heus

• Active Support cache stores now support replacing the default compressor via
  a :compressor option. The specified compressor must respond to deflate
  and inflate. For example:

  module MyCompressor
    def self.deflate(string)

compression logic...

    end

    def self.inflate(compressed)

decompression logic...

    end
  end

  config.cache_store = :redis_cache_store, { compressor: MyCompressor }
  ```

*Jonathan Hefner*

• Active Support cache stores now support a :serializer option. Similar to
  the :coder option, serializers must respond to dump and load. However,
  serializers are only responsible for serializing a cached value, whereas
  coders are responsible for serializing the entire ActiveSupport::Cache::Entry
  instance. Additionally, the output from serializers can be automatically
  compressed, whereas coders are responsible for their own compression.

  Specifying a serializer instead of a coder also enables performance
  optimizations, including the bare string optimization introduced by cache
  format version 7.1.

  The :serializer and :coder options are mutually exclusive. Specifying
  both will raise an ArgumentError.

  Jonathan Hefner

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Don't show secrets for ActiveSupport::KeyGenerator#inspect.

  Before:

  ActiveSupport::KeyGenerator.new(secret).inspect
  "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

  After:

  ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
  "#<ActiveSupport::KeyGenerator:0x0000000104888038>"

  Petrik de Heus

• Improve error message when EventedFileUpdateChecker is used without a
  compatible version of the Listen gem

  Hartley McGuire

• Add :report behavior for Deprecation

  Setting config.active_support.deprecation = :report uses the error
  reporter to report deprecation warnings to ActiveSupport::ErrorReporter.

  Deprecations are reported as handled errors, with a severity of :warning.

  Useful to report deprecations happening in production to your bug tracker.

  Étienne Barrié

• Rename Range#overlaps? to #overlap? and add alias for backwards compatibility

  Christian Schmidt

• Fix EncryptedConfiguration returning incorrect values for some Hash
  methods

  Hartley McGuire

• Don't show secrets for MessageEncryptor#inspect.

  Before:

  ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
  "#<ActiveSupport::MessageEncryptor:0x0000000104888038 ... @&#8203;secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"

  After:

  ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm").inspect
  "#<ActiveSupport::MessageEncryptor:0x0000000104888038>"

  Petrik de Heus

• Don't show contents for EncryptedConfiguration#inspect.

  Before:

  Rails.application.credentials.inspect
  "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8 ... @&#8203;config={:secret=>\"something secret\"} ... @&#8203;key_file_contents=\"915e4ea054e011022398dc242\" ...>"

  After:

  Rails.application.credentials.inspect
  "#<ActiveSupport::EncryptedConfiguration:0x000000010d2b38e8>"

  Petrik de Heus

• ERB::Util.html_escape_once always returns an html_safe string.

  This method previously maintained the html_safe? property of a string on the return
  value. Because this string has been escaped, however, not marking it as html_safe causes
  entities to be double-escaped.

  As an example, take this view snippet:

  <p><%= html_escape_once("this & that &amp; the other") %></p>

  Before this change, that would be double-escaped and render as:

  <p>this &amp;amp; that &amp;amp; the other</p>

  After this change, it renders correctly as:

  <p>this &amp; that &amp; the other</p>

  Fixes #​48256

  Mike Dalessio

• Deprecate SafeBuffer#clone_empty.

  This method has not been used internally since Rails 4.2.0.

  Mike Dalessio

• MessageEncryptor, MessageVerifier, and config.active_support.message_serializer
  now accept :message_pack and :message_pack_allow_marshal as serializers.
  These serializers require the msgpack gem
  (>= 1.7.0).

  The Message Pack format can provide improved performance and smaller payload
  sizes. It also supports round-tripping some Ruby types that are not supported
  by JSON. For example:

  verifier = ActiveSupport::MessageVerifier.new("secret")
  data = [{ a: 1 }, { b: 2 }.with_indifferent_access, 1.to_d, Time.at(0, 123)]
  message = verifier.generate(data)

BEFORE with config.active_support.message_serializer = :json

  verifier.verified(message)

=> [{"a"=>1}, {"b"=>2}, "1.0", "1969-12-31T18:00:00.000-06:00"]

  verifier.verified(message).map(&:class)

=> [Hash, Hash, String, String]

AFTER with config.active_support.message_serializer = :message_pack

  verifier.verified(message)

=> [{:a=>1}, {"b"=>2}, 0.1e1, 1969-12-31 18:00:00.000123 -0600]

  verifier.verified(message).map(&:class)

=> [Hash, ActiveSupport::HashWithIndifferentAccess, BigDecimal, Time]

  ```

The `:message_pack` serializer can fall back to deserializing with
`ActiveSupport::JSON` when necessary, and the `:message_pack_allow_marshal`
serializer can fall back to deserializing with `Marshal` as well as
`ActiveSupport::JSON`. Additionally, the `:marshal`, `:json`, and
`:json_allow_marshal` serializers can now fall back to deserializing with
`ActiveSupport::MessagePack` when necessary. These behaviors ensure old
messages can still be read so that migration is easier.

*Jonathan Hefner*

• A new 7.1 cache format is available which includes an optimization for
  bare string values such as view fragments.

  The 7.1 cache format is used by default for new apps, and existing apps
  can enable the format by setting config.load_defaults 7.1 or by setting
  config.active_support.cache_format_version = 7.1 in config/application.rb
  or a config/environments/*.rb file.

  Cache entries written using the 6.1 or 7.0 cache formats can be read
  when using the 7.1 format. To perform a rolling deploy of a Rails 7.1
  upgrade, wherein servers that have not yet been upgraded must be able to
  read caches from upgraded servers, leave the cache format unchanged on the
  first deploy, then enable the 7.1 cache format on a subsequent deploy.

  Jonathan Hefner

• Active Support cache stores can now use a preconfigured serializer based on
  ActiveSupport::MessagePack via the :serializer option:

  config.cache_store = :redis_cache_store, { serializer: :message_pack }

  The :message_pack serializer can reduce cache entry sizes and improve
  performance, but requires the msgpack gem
  (>= 1.7.0).

  The :message_pack serializer can read cache entries written by the default
  serializer, and the default serializer can now read entries written by the
  :message_pack serializer. These behaviors make it easy to migrate between
  serializer without invalidating the entire cache.

  Jonathan Hefner

• Object#deep_dup no longer duplicate named classes and modules.

  Before:

  hash = { class: Object, module: Kernel }
  hash.deep_dup # => {:class=>#<Class:0x00000001063ffc80>, :module=>#<Module:0x00000001063ffa00>}

  After:

  hash = { class: Object, module: Kernel }
  hash.deep_dup # => {:class=>Object, :module=>Kernel}

  Jean Boussier

• Consistently raise an ArgumentError if the ActiveSupport::Cache key is blank.

  Joshua Young

• Deprecate usage of the singleton ActiveSupport::Deprecation.

  All usage of ActiveSupport::Deprecation as a singleton is deprecated, the most common one being
  ActiveSupport::Deprecation.warn. Gem authors should now create their own deprecator (ActiveSupport::Deprecation
  object), and use it to emit deprecation warnings.

  Calling any of the following without specifying a deprecator argument is also deprecated:

  • Module.deprecate
  • deprecate_constant
  • DeprecatedObjectProxy
  • DeprecatedInstanceVariableProxy
  • DeprecatedConstantProxy
  • deprecation-related test assertions

  Use of ActiveSupport::Deprecation.silence and configuration methods like behavior=, disallowed_behavior=,
  disallowed_warnings= should now be aimed at the application's deprecators.

  Rails.application.deprecators.silence do

code that emits deprecation warnings

end
```

If your gem has a Railtie or Engine, it's encouraged to add your deprecator to the application's deprecators, that
way the deprecation related configuration options will apply to it as well, e.g.
`config.active_support.report_deprecations` set to `false` in the production environment will also disable your
deprecator.

```ruby
initializer "my_gem.deprecator" do |app|
  app.deprecators[:my_gem] = MyGem.deprecator
end
```

*Étienne Barrié*

• Add Object#with to set and restore public attributes around a block

  client.timeout # => 5
  client.with(timeout: 1) do
    client.timeout # => 1
  end
  client.timeout # => 5

  Jean Boussier

• Remove deprecated support to generate incorrect RFC 4122 UUIDs when providing a namespace ID that is not one of the
  constants defined on Digest::UUID.

  Rafael Mendonça França

• Deprecate config.active_support.use_rfc4122_namespaced_uuids.

  Rafael Mendonça França

• Remove implicit conversion of objects into String by ActiveSupport::SafeBuffer.

  Rafael Mendonça França

• Remove deprecated active_support/core_ext/range/include_time_with_zone file.

  Rafael Mendonça França

• Deprecate config.active_support.remove_deprecated_time_with_zone_name.

  Rafael Mendonça França

• Remove deprecated override of ActiveSupport::TimeWithZone.name.

  Rafael Mendonça França

• Deprecate config.active_support.disable_to_s_conversion.

  Rafael Mendonça França

• Remove deprecated option to passing a format to #to_s in Array, Range, Date, DateTime, Time,
  BigDecimal, Float and, Integer.

  Rafael Mendonça França

• Remove deprecated ActiveSupport::PerThreadRegistry.

  Rafael Mendonça França

• Remove deprecated override of Enumerable#sum.

  Rafael Mendonça França

• Deprecated initializing a ActiveSupport::Cache::MemCacheStore with an instance of Dalli::Client.

  Deprecate the undocumented option of providing an already-initialized instance of Dalli::Client to ActiveSupport::Cache::MemCacheStore. Such clients could be configured with unrecognized options, which could lead to unexpected behavior. Instead, provide addresses as documented.

  aledustet

• Stub Time.new() in TimeHelpers#travel_to

  travel_to Time.new(2004, 11, 24) do

Inside the travel_to block Time.new is stubbed

    assert_equal 2004, Time.new.year
  end
  ```

*fatkodima*

• Raise ActiveSupport::MessageEncryptor::InvalidMessage from
  ActiveSupport::MessageEncryptor#decrypt_and_verify regardless of cipher.
  Previously, when a MessageEncryptor was using a non-AEAD cipher such as
  AES-256-CBC, a corrupt or tampered message would raise
  ActiveSupport::MessageVerifier::InvalidSignature. Now, all ciphers raise
  the same error:

  encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-gcm")
  message = encryptor.encrypt_and_sign("message")
  encryptor.decrypt_and_verify(message.next)

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  encryptor = ActiveSupport::MessageEncryptor.new("x" * 32, cipher: "aes-256-cbc")
  message = encryptor.encrypt_and_sign("message")
  encryptor.decrypt_and_verify(message.next)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> raises ActiveSupport::MessageEncryptor::InvalidMessage

  ```

*Jonathan Hefner*

• Support nil original values when using ActiveSupport::MessageVerifier#verify.
  Previously, MessageVerifier#verify did not work with nil original
  values, though both MessageVerifier#verified and
  MessageEncryptor#decrypt_and_verify do:

  encryptor = ActiveSupport::MessageEncryptor.new(secret)
  message = encryptor.encrypt_and_sign(nil)
  
  encryptor.decrypt_and_verify(message)

=> nil

  verifier = ActiveSupport::MessageVerifier.new(secret)
  message = verifier.generate(nil)

  verifier.verified(message)

=> nil

  verifier.verify(message)

BEFORE:

=> raises ActiveSupport::MessageVerifier::InvalidSignature

AFTER:

=> nil

  ```

*Jonathan Hefner*

• Maintain html_safe? on html_safe strings when sliced with slice, slice!, or chr method.

  Previously, html_safe? was only maintained when the html_safe strings were sliced
  with [] method. Now, slice, slice!, and chr methods will maintain html_safe? like [] method.

  string = "<div>test</div>".html_safe
  string.slice(0, 1).html_safe? # => true
  string.slice!(0, 1).html_safe? # => true

maintain html_safe? after the slice!

string.html_safe? # => true
string.chr.html_safe? # => true
```

*Michael Go*

• Add Object#in? support for open ranges.

  assert Date.today.in?(..Date.tomorrow)
  assert_not Date.today.in?(Date.tomorrow..)

  Ignacio Galindo

• config.i18n.raise_on_missing_translations = true now raises on any missing translation.

  Previously it would only raise when called in a view or controller. Now it will raise
  anytime I18n.t is provided an unrecognised key.

  If you do not want this behaviour, you can customise the i18n exception handler. See the
  upgrading guide or i18n guide for more information.

  Alex Ghiculescu

• ActiveSupport::CurrentAttributes now raises if a restricted attribute name is used.

  Attributes such as set and reset cannot be used as they clash with the
  CurrentAttributes public API.

  Alex Ghiculescu

• HashWithIndifferentAccess#transform_keys now takes a Hash argument, just
  as Ruby's Hash#transform_keys does.

  Akira Matsuda

• delegate now defines method with proper arity when delegating to a Class.
  With this change, it defines faster method (3.5x faster with no argument).
  However, in order to gain this benefit, the delegation target method has to
  be defined before declaring the delegation.

This defines 3.5 times faster method than before

class C
  def self.x() end
  delegate :x, to: :class
end

class C

This works but silently falls back to old behavior because

delegate cannot find the definition of x

  delegate :x, to: :class
  def self.x() end
end
```

*Akira Matsuda*

• assert_difference message now includes what changed.

  This makes it easier to debug non-obvious failures.

  Before:

  "User.count" didn't change by 32.
  Expected: 1611
    Actual: 1579
  

  After:

  "User.count" didn't change by 32, but by 0.
  Expected: 1611
    Actual: 1579
  

  Alex Ghiculescu

• Add ability to match exception messages to assert_raises assertion

  Instead of this

  error = assert_raises(ArgumentError) do
    perform_service(param: 'exception')
  end
  assert_match(/incorrect param/i, error.message)

  you can now write this

  assert_raises(ArgumentError, match: /incorrect param/i) do
    perform_service(param: 'exception')
  end

  fatkodima

• Add Rails.env.local? shorthand for Rails.env.development? || Rails.env.test?.

  DHH

• ActiveSupport::Testing::TimeHelpers now accepts named with_usec argument
  to freeze_time, travel, and travel_to methods. Passing true prevents
  truncating the destination time with change(usec: 0).

  KevSlashNull, and serprex

• ActiveSupport::CurrentAttributes.resets now accepts a method name

  The block API is still the recommended approach, but now both APIs are supported:

  class Current < ActiveSupport::CurrentAttributes
    resets { Time.zone = nil }
    resets :clear_time_zone
  end

  Alex Ghiculescu

• Ensure ActiveSupport::Testing::Isolation::Forking closes pipes

  Previously, Forking.run_in_isolation opened two ends of a pipe. The fork
  process closed the read end, wrote to it, and then terminated (which
  presumably closed the file descriptors on its end). The parent process
  closed the write end, read from it, and returned, never closing the read
  end.

  This resulted in an accumulation of open file descriptors, which could
  cause errors if the limit is reached.

  Sam Bostock

• Fix Time#change and Time#advance for times around the end of Daylight
  Saving Time.

  Previously, when Time#change or Time#advance constructed a time inside
  the final stretch of Daylight Saving Time (DST), the non-DST offset would
  always be chosen for local times:

DST ended just before 2021-11-07 2:00:00 AM in US/Eastern.

ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0500

```

And the DST offset would always be chosen for times with a `TimeZone`
object:

```ruby
Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0400

```

Now, `Time#change` and `Time#advance` will choose the offset that matches
the original time's offset when possible:

```ruby
ENV["TZ"] = "US/Eastern"

time = Time.local(2021, 11, 07, 00, 59, 59) + 1

=> 2021-11-07 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0400

time = Time.local(2021, 11, 06, 01, 00, 00)

=> 2021-11-06 01:00:00 -0400

time.change(day: 07)

=> 2021-11-07 01:00:00 -0400

time.advance(days: 1)

=> 2021-11-07 01:00:00 -0400

Time.zone = "US/Eastern"

time = Time.new(2021, 11, 07, 02, 00, 00, Time.zone) - 3600

=> 2021-11-07 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(seconds: 0)

=> 2021-11-07 01:00:00 -0500

time = Time.new(2021, 11, 8, 01, 00, 00, Time.zone)

=> 2021-11-08 01:00:00 -0500

time.change(day: 07)

=> 2021-11-07 01:00:00 -0500

time.advance(days: -1)

=> 2021-11-07 01:00:00 -0500

```

*Kevin Hall*, *Takayoshi Nishida*, and *Jonathan Hefner*

• Fix MemoryStore to preserve entries TTL when incrementing or decrementing

  This is to be more consistent with how MemCachedStore and RedisCacheStore behaves.

  Jean Boussier

• Rails.error.handle and Rails.error.record filter now by multiple error classes.

  Rails.error.handle(IOError, ArgumentError) do
    1 + '1' # raises TypeError
  end
  1 + 1 # TypeErrors are not IOErrors or ArgumentError, so this will *not* be handled

  Martin Spickermann

• Class#subclasses and Class#descendants now automatically filter reloaded classes.

  Previously they could return old implementations of reloadable classes that have been
  dereferenced but not yet garbage collected.

  They now automatically filter such classes like DescendantTracker#subclasses and
  DescendantTracker#descendants.

  Jean Boussier

• Rails.error.report now marks errors as reported to avoid reporting them twice.

  In some cases, users might want to report errors explicitly with some extra context
  before letting it bubble up.

  This also allows to safely catch and report errors outside of the execution context.

  Jean Boussier

• Add assert_error_reported and assert_no_error_reported

  Allows to easily asserts an error happened but was handled

  report = assert_error_reported(IOError) do

...

end
assert_equal "Oops", report.error.message
assert_equal "admin", report.context[:section]
assert_equal :warning, report.severity
assert_predicate report, :handled?
```

*Jean Boussier*

• ActiveSupport::Deprecation behavior callbacks can now receive the
  deprecator instance as an argument. This makes it easier for such callbacks
  to change their behavior based on the deprecator's state. For example,
  based on the deprecator's debug flag.

  3-arity and splat-args callbacks such as the following will now be passed
  the deprecator instance as their third argument:

  • ->(message, callstack, deprecator) { ... }
  • ->(*args) { ... }
  • ->(message, *other_args) { ... }

  2-arity and 4-arity callbacks such as the following will continue to behave
  the same as before:

  • ->(message, callstack) { ... }
  • ->(message, callstack, deprecation_horizon, gem_name) { ... }
  • ->(message, callstack, *deprecation_details) { ... }

  Jonathan Hefner

• ActiveSupport::Deprecation#disallowed_warnings now affects the instance on
  which it is configured.

  This means that individual ActiveSupport::Deprecation instances can be
  configured with their own disallowed warnings, and the global
  ActiveSupport::Deprecation.disallowed_warnings now only affects the global
  ActiveSupport::Deprecation.warn.

  Before

  ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
  deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
  deprecator.disallowed_warnings = ["bar"]
  
  ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
  ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
  deprecator.warn("foo")                 # => raise ActiveSupport::DeprecationException
  deprecator.warn("bar")                 # => print "DEPRECATION WARNING: bar"

  After

  ActiveSupport::Deprecation.disallowed_warnings = ["foo"]
  deprecator = ActiveSupport::Deprecation.new("2.0", "MyCoolGem")
  deprecator.disallowed_warnings = ["bar"]
  
  ActiveSupport::Deprecation.warn("foo") # => raise ActiveSupport::DeprecationException
  ActiveSupport::Deprecation.warn("bar") # => print "DEPRECATION WARNING: bar"
  deprecator.warn("foo")                 # => print "DEPRECATION WARNING: foo"
  deprecator.warn("bar")                 # => raise ActiveSupport::DeprecationException

  Note that global ActiveSupport::Deprecation methods such as ActiveSupport::Deprecation.warn
  and ActiveSupport::Deprecation.disallowed_warnings have been deprecated.

  Jonathan Hefner

• Add italic and underline support to ActiveSupport::LogSubscriber#color

  Previously, only bold text was supported via a positional argument.
  This allows for bold, italic, and underline options to be specified
  for colored logs.

  info color("Hello world!", :red, bold: true, underline: true)

  Gannon McGibbon

• Add String#downcase_first method.

  This method is the corollary of String#upcase_first.

  Mark Schneider

• thread_mattr_accessor will call .dup.freeze on non-frozen default values.

  This provides a basic level of protection against different threads trying
  to mutate a shared default object.

  Jonathan Hefner

• Add raise_on_invalid_cache_expiration_time config to ActiveSupport::Cache::Store

  Specifies if an ArgumentError should be raised if Rails.cache fetch or
  write are given an invalid expires_at or expires_in time.

  Options are true, and false. If false, the exception will be reported
  as handled and logged instead. Defaults to true if config.load_defaults >= 7.1.

  Trevor Turk

• ActiveSupport::Cache:Store#fetch now passes an options accessor to the block.

  It makes possible to override cache options:

  Rails.cache.fetch("3rd-party-token") do |name, options|
    token = fetch_token_from_remote
  

set cache's TTL to match token's TTL

      options.expires_in = token.expires_in
      token
    end

*Andrii Gladkyi*, *Jean Boussier*

• default option of thread_mattr_accessor now applies through inheritance and
  also across new threads.

  Previously, the default value provided was set only at the moment of defining
  the attribute writer, which would cause the attribute to be uninitialized in
  descendants and in other threads.

  Fixes #​43312.

  Thierry Deo

• Redis cache store is now compatible with redis-rb 5.0.

  Jean Boussier

• Add skip_nil: support to ActiveSupport::Cache::Store#fetch_multi.

  Daniel Alfaro

• Add quarter method to date/time

  Matt Swanson

• Fix NoMethodError on custom ActiveSupport::Deprecation behavior.

  ActiveSupport::Deprecation.behavior= was supposed to accept any object
  that responds to call, but in fact its internal implementation assumed that
  this object could respond to arity, so it was restricted to only Proc objects.

  This change removes this arity restriction of custom behaviors.

  Ryo Nakamura

• Support :url_safe option for MessageEncryptor.

  The MessageEncryptor constructor now accepts a :url_safe option, similar
  to the MessageVerifier constructor. When enabled, this option ensures
  that messages use a URL-safe encoding.

  Jonathan Hefner

• Add url_safe option to ActiveSupport::MessageVerifier initializer

  ActiveSupport::MessageVerifier.new now takes optional url_safe argument.
  It can generate URL-safe strings by passing url_safe: true.

  verifier = ActiveSupport::MessageVerifier.new(url_safe: true)
  message = verifier.generate(data) # => URL-safe string

  This option is false by default to be backwards compatible.

  Shouichi Kamiya

• Enable connection pooling by default for MemCacheStore and RedisCacheStore.

  If you want to disable connection pooling, set :pool option to false when configuring the cache store:

  config.cache_store = :mem_cache_store, "cache.example.com", pool: false

  fatkodima

• Add force: support to ActiveSupport::Cache::Store#fetch_multi.

  fatkodima

• Deprecated :pool_size and :pool_timeout options for configuring connection pooling in cache stores.

  Use pool: true to enable pooling with default settings:

  config.cache_store = :redis_cache_store, pool: true

  Or pass individual options via :pool option:

  config.cache_store = :redis_cache_store, pool: { size: 10, timeout: 2 }

  fatkodima

• Allow #increment and #decrement methods of ActiveSupport::Cache::Store
  subclasses to set new values.

  Previously incrementing or decrementing an unset key would fail and return
  nil. A default will now be assumed and the key will be created.

  Andrej Blagojević, Eugene Kenny

• Add skip_nil: support to RedisCacheStore

  Joey Paris

• ActiveSupport::Cache::MemoryStore#write(name, val, unless_exist:true) now
  correctly writes expired keys.

  Alan Savage

• ActiveSupport::ErrorReporter now accepts and forward a source: parameter.

  This allow libraries to signal the origin of the errors, and reporters
  to easily ignore some sources.

  Jean Boussier

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters
  in names of tags and names of attributes, following the specification of XML.

  Álvaro Martín Fraguas

• Respect ActiveSupport::Logger.new's :formatter keyword argument

  The stdlib Logger::new allows passing a :formatter keyword argument to
  set the logger's formatter. Previously ActiveSupport::Logger.new ignored
  that argument by always setting the formatter to an instance of
  ActiveSupport::Logger::SimpleFormatter.

  Steven Harman

• Deprecate preserving the pre-Ruby 2.4 behavior of to_time

  With Ruby 2.4+ the default for +to_time+ changed from converting to the
  local system time to preserving the offset of the receiver. At the time Rails
  supported older versions of Ruby so a compatibility layer was added to assist
  in the migration process. From Rails 5.0 new applications have defaulted to
  the Ruby 2.4+ behavior and since Rails 7.0 now only supports Ruby 2.7+
  this compatibility layer can be safely removed.

  To minimize any noise generated the deprecation warning only appears when the
  setting is configured to false as that is the only scenario where the
  removal of the compatibility layer has any effect.

  Andrew White

• Pathname.blank? only returns true for Pathname.new("")

  Previously it would end up calling Pathname#empty? which returned true
  if the path existed and was an empty directory or file.

  That behavior was unlikely to be expected.

  Jean Boussier

• Deprecate Notification::Event's #children and #parent_of?

  John Hawthorn

• Change the default serializer of ActiveSupport::MessageVerifier from
  Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

  Messages serialized with Marshal can still be read, but new messages will
  be serialized with ActiveSupport::JSON. For more information, see
  https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

  Saba Kiaei, David Buckley, and Jonathan Hefner

• Change the default serializer of ActiveSupport::MessageEncryptor from
  Marshal to ActiveSupport::JSON when using config.load_defaults 7.1.

  Messages serialized with Marshal can still be read, but new messages will
  be serialized with ActiveSupport::JSON. For more information, see
  https://guides.rubyonrails.org/v7.1/configuring.html#config-active-support-message-serializer.

  Zack Deveau, Martin Gingras, and Jonathan Hefner

• Add ActiveSupport::TestCase#stub_const to stub a constant for the duration of a yield.

  DHH

• Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

  Stephen Sugden

• Improve File.atomic_write error handling

  Daniel Pepper

• Fix Class#descendants and DescendantsTracker#descendants compatibility with Ruby 3.1.

  The native Class#descendants was reverted prior to Ruby 3.1 release,
  but Class#subclasses was kept, breaking the feature detection.

  Jean Boussier

Active Model

• Remove change in the typography of user facing error messages.
  For example, “can’t be blank” is again “can't be blank”.

  Rafael Mendonça França

• Support composite identifiers in to_key

  to_key avoids wrapping #id value into an Array if #id already an array

  Nikita Vasilevsky

• Add ActiveModel::Conversion.param_delimiter to configure delimiter being used in to_param

  Nikita Vasilevsky

• undefine_attribute_methods undefines alias attribute methods along with attribute methods.

  Nikita Vasilevsky

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for
  ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

  Lewis Buckley

• Improve password length validation in ActiveModel::SecurePassword to consider byte size for BCrypt
  compatibility.

  The previous password length validation only considered the character count, which may not
  accurately reflect the 72-byte size limit imposed by BCrypt. This change updates the validation
  to consider both character count and byte size while keeping the character length validation in place.

  user = User.new(password: "a" * 73)  # 73 characters
  user.valid? # => false
  user.errors[:password] # => ["is too long"]
  
  user = User.new(password: "あ" * 25)  # 25 characters, 75 bytes
  user.valid? # => false
  user.errors[:password] # => ["is too long"]

  ChatGPT, Guillermo Iguaran

• has_secure_password now generates an #{attribute}_salt method that returns the salt
  used to compute the password digest. The salt will change whenever the password is changed,
  so it can be used to create single-use password reset tokens with generates_token_for:

  class User < ActiveRecord::Base
    has_secure_password
  
    generates_token_for :password_reset, expires_in: 15.minutes do
      password_salt&.last(10)
    end
  end

  Lázaro Nixon

• Improve typography of user facing error messages. In English contractions,
  the Unicode APOSTROPHE (U+0027) is now RIGHT SINGLE QUOTATION MARK
  (U+2019). For example, "can't be blank" is now "can’t be blank".

  Jon Dufresne

• Add class to ActiveModel::MissingAttributeError error message.

  Show which class is missing the attribute in the error message:

  user = User.first
  user.pets.select(:id).first.user_id

=> ActiveModel::MissingAttributeError: missing attribute 'user_id' for Pet

```

*Petrik de Heus*

• Raise NoMethodError in ActiveModel::Type::Value#as_json to avoid unpredictable
  results.

  Vasiliy Ermolovich

• Custom attribute types that inherit from Active Model built-in types and do
  not override the serialize method will now benefit from an optimization
  when serializing attribute values for the database.

  For example, with a custom type like the following:

  class DowncasedString < ActiveModel::Type::String
    def cast(value)
      super&.downcase
    end
  end
  
  ActiveRecord::Type.register(:downcased_string, DowncasedString)
  
  class User < ActiveRecord::Base
    attribute :email, :downcased_string
  end
  
  user = User.new(email: "FooBar@example.com")

  Serializing the email attribute for the database will be roughly twice as
  fast. More expensive cast operations will likely see greater improvements.

  Jonathan Hefner

• has_secure_password now supports password challenges via a
  password_challenge accessor and validation.

  A password challenge is a safeguard to verify that the current user is
  actually the password owner. It can be used when changing sensitive model
  fields, such as the password itself. It is different than a password
  confirmation, which is used to prevent password typos.

  When password_challenge is set, the validation checks that the value's
  digest matches the currently persisted password_digest (i.e.
  password_digest_was).

  This allows a password challenge to be done as part of a typical update
  call, just like a password confirmation. It also allows a password
  challenge error to be handled in the same way as other validation errors.

  For example, in the controller, instead of:

  password_params = params.require(:password).permit(
    :password_challenge,
    :password,
    :password_confirmation,
  )
  
  password_challenge = password_params.delete(:password_challenge)
  @​password_challenge_failed = !current_user.authenticate(password_challenge)
  
  if !@​password_challenge_failed && current_user.update(password_params)

...

end
```

You can now write:

```ruby
password_params = params.require(:password).permit(
  :password_challenge,
  :password,
  :password_confirmation,
).with_defaults(password_challenge: "")

---

Configuration

📅 Schedule: Branch creation - "after 9am and before 1pm on Saturday" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.