@rails/actioncable 6.1.5

on Node.js Yarn

Active Support

• Fix ActiveSupport::Duration.build to support negative values.

  The algorithm to collect the parts of the ActiveSupport::Duration
  ignored the sign of the value and accumulated incorrect part values. This
  impacted ActiveSupport::Duration#sum (which is dependent on parts) but
  not ActiveSupport::Duration#eql? (which is dependent on value).

  Caleb Buxton, Braden Staudacher

• Time#change and methods that call it (eg. Time#advance) will now
  return a Time with the timezone argument provided, if the caller was
  initialized with a timezone argument.

  Fixes #42467.

  Alex Ghiculescu

• Clone to keep extended Logger methods for tagged logger.

  Orhan Toy

• assert_changes works on including ActiveSupport::Assertions module.

  Pedro Medeiros

Active Model

• Clear secure password cache if password is set to nil

  Before:

  user.password = 'something'
  user.password = nil

  user.password # => 'something'

  Now:

  user.password = 'something'
  user.password = nil

  user.password # => nil

  Markus Doits

• Fix delegation in ActiveModel::Type::Registry#lookup and ActiveModel::Type.lookup

  Passing a last positional argument {} would be incorrectly considered as keyword argument.

  Benoit Daloze

• Fix to_json after changes_applied for ActiveModel::Dirty object.

  Ryuta Kamizono

Active Record

• Fix ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate for Ruby 2.6.

  Ruby 2.6 and 2.7 have slightly different implementations of the String#@- method.
  In Ruby 2.6, the receiver of the String#@- method is modified under certain circumstances.
  This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
  fixed in Ruby 2.7.

  Before the changes in this commit, the
  ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate method, which internally
  calls the String#@- method, could also modify an input string argument in Ruby 2.6 --
  changing a tainted, unfrozen string into a tainted, frozen string.

  Fixes #43056

  Eric O'Hanlon

• Fix migration compatibility to create SQLite references/belongs_to column as integer when
  migration version is 6.0.

  reference/belongs_to in migrations with version 6.0 were creating columns as
  bigint instead of integer for the SQLite Adapter.

  Marcelo Lauxen

• Fix dbconsole for 3-tier config.

  Eileen M. Uchitelle

• Better handle SQL queries with invalid encoding.

  Post.create(name: "broken \xC8 UTF-8")

  Would cause all adapters to fail in a non controlled way in the code
  responsible to detect write queries.

  The query is now properly passed to the database connection, which might or might
  not be able to handle it, but will either succeed or failed in a more correct way.

  Jean Boussier

• Ignore persisted in-memory records when merging target lists.

  Kevin Sjöberg

• Fix regression bug that caused ignoring additional conditions for preloading
  has_many through relations.

  Fixes #43132

  Alexander Pauly

• Fix ActiveRecord::InternalMetadata to not be broken by
  config.active_record.record_timestamps = false

  Since the model always create the timestamp columns, it has to set them, otherwise it breaks
  various DB management tasks.

  Fixes #42983

  Jean Boussier

• Fix duplicate active record objects on inverse_of.

  Justin Carvalho

• Fix duplicate objects stored in has many association after save.

  Fixes #42549.

  Alex Ghiculescu

• Fix performance regression in CollectionAssocation#build.

  Alex Ghiculescu

• Fix retrieving default value for text column for MariaDB.

  fatkodima

Action View

• preload_link_tag properly inserts as attributes for files with image MIME
  types, such as JPG or SVG.

  Nate Berkopec

• Add autocomplete="off" to all generated hidden fields.

  Fixes #42610.

  Ryan Baumann

• Fix current_page? when URL has trailing slash.

  This fixes the current_page? helper when the given URL has a trailing slash,
  and is an absolute URL or also has query params.

  Fixes #33956.

  Jonathan Hefner

Action Pack

• Fix content_security_policy returning invalid directives.

  Directives such as self, unsafe-eval and few others were not
  single quoted when the directive was the result of calling a lambda
  returning an array.

  content_security_policy do |policy|
    policy.frame_ancestors lambda { [:self, "https://example.com"] }
  end

  With this fix the policy generated from above will now be valid.

  Edouard Chin

• Update HostAuthorization middleware to render debug info only
  when config.consider_all_requests_local is set to true.

  Also, blocked host info is always logged with level error.

  Fixes #42813.

  Nikita Vyrko

• Dup arrays that get "converted".

  Fixes #43681.

  Aaron Patterson

• Don't show deprecation warning for equal paths.

  Anton Rieder

• Fix crash in ActionController::Instrumentation with invalid HTTP formats.

  Fixes #43094.

  Alex Ghiculescu

• Add fallback host for SystemTestCase driven by RackTest.

  Fixes #42780.

  Petrik de Heus

• Add more detail about what hosts are allowed.

  Alex Ghiculescu

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• The Action Cable client now ensures successful channel subscriptions:

  • The client maintains a set of pending subscriptions until either
    the server confirms the subscription or the channel is torn down.
  • Rectifies the race condition where an unsubscribe is rapidly followed
    by a subscribe (on the same channel identifier) and the requests are
    handled out of order by the ActionCable server, thereby ignoring the
    subscribe command.

  Daniel Spinosa

• Truncate broadcast logging messages.

  J Smith

Active Storage

• Attachments can be deleted after their association is no longer defined.

  Fixes #42514

  Don Sisco

Action Mailbox

• Add attachments to the list of permitted parameters for inbound emails conductor.

  When using the conductor to test inbound emails with attachments, this prevents an
  unpermitted parameter warning in default configurations, and prevents errors for
  applications that set:

  config.action_controller.action_on_unpermitted_parameters = :raise

  David Jones, Dana Henke

Action Text

• Fix Action Text extra trix content wrapper.

  Alexandre Ruban

Railties

• In zeitwerk mode, setup the once autoloader first, and the main autoloader after it.
  This order plays better with shared namespaces.

  Xavier Noria

• Handle paths with spaces when editing credentials.

  Alex Ghiculescu

• Support Psych 4 when loading secrets.

  Nat Morcos