Active Model’s has_secure_password now supports different password hashing algorithms.
Add built-in Argon2 support for has_secure_password
Building on top of the previous PR, you can now add gem "argon2" and then call has_secure_password algorithm: :argon2. Unlike BCrypt’s 72-byte restriction, Argon2 has no password length limit.
Support international characters in humanize
Calling ActiveSupport::Inflector.humanize("аБВГДЕ") now correctly returns “Абвгде”.
Add ability to use a block when rendering a collection
When using a partial that yields, we could already use this partial with render partial: or render @model. Now we can do that with collections as well, writing code like this:
// index.html.erb <%= render @posts do |post| %> <%= link_to "Edit", [:edit, post] %> <% end %> // _post.html.erb <article class="post"> <h1><%= post.title %></h1> <%= yield post if block_given? %> </article>
Introduce Parameter Object: QueryIntent
A thorough improvement to Active Record internals which results in the deprecation of exec_update, exec_delete, and exec_insert in favor of update, delete, and insert.
Make Rails 8.1 schema cache backward-compatible
Rails 8.1 changed how the default value for a column is assigned. This PR ensures that a schema cache produced by Rails 8.1 can be deserialized by Rails 8.0 without any errors.
Prevent duplicates when eager-loading models with a composite primary key
The code in JoinDependency#instantiate was not properly handling models with a composite primary key, resulting in duplicate records being returned.
Fix the stylesheet_link_tag generated by rails new
stylesheet_link_tag "application" will be used when generating Rails apps with CSS bundling (for instance: rails new myapp --css tailwind --js esbuild).
Fix double filtering rescue_from_handled backtrace
ActionController::StructuredEventSubscriber was taking the first frame of the backtrace and removing the Rails root. However, the event being consumed already did this, so the backtrace output was a single character. This commit fixes the issue by removing the duplicate backtrace filtering.
Use -infinity for lower value of unbounded PG time ranges
In PostgreSQL if you have a time range column (daterange, tstzrange, etc.) and save a record with a Ruby range that begins or ends with nil you were getting an unexpected behavior:
Product.create(period: Time.utc(2000)...nil) # => ["2000-01-01 00:00:00",infinity) Product.create(period: nil...Time.utc(2000)) # => (NULL,"2000-01-01 00:00:00")
The behavior has now been fixed to use -infinity rather than NULL for the lower value.
Fix content_security_policy_nonce error in mailers
Fixes an error that you would get invoking stylesheet_link_tag in a mailer view with the default content_security_policy.rb enabled.
You can view the whole list of changes here.
We had 22 contributors to the Rails codebase this past week!
Until next time!