Hi, it is Greg, bringing you the latest changes in Rails. The framework turned 20 years old this past week. Happy Birthday Ruby on Rails! Let’s explore this week’s changes in the Rails codebase.

Nominations open for the 2024 Rails Luminary Awards
Last year the Rails Foundation started the Rails Luminary Awards acknowledging people who’ve contributed to the Rails ecosystem and community with exceptional code, documentation, enthusiasm, or assistance, thereby helping others do more, learn more, or be inspired. You can submit your 2024 Rails Luminary nomination here.

Implement new maintenance policy
The Rails maintenance policy was updated last week. The main changes are:

• Releases are maintained by a pre-defined, fixed period of time. One year for bug fixes and two years for security fixes.
• Distinction between severe security issues and regular security issues is removed.
• Npm versioning is updated to match not use the pre-release - separator.

Add password reset to authentication generator
This pull request adds a basic password reset flow to the new Rails generator to show use of signed ids with a mailer.
Also, The generator was renamed to “authentication” this past week.

Add a default password reset token to has_secure_password
This pull request adds a default configuration for a 15-minute password reset token when using has_secure_password:

class User < ApplicationRecord
  has_secure_password
end

user = User.create!(name: "david", password: "123", password_confirmation: "123")
token = user.password_reset_token
User.find_by_password_reset_token(token) # returns user in the next 15 minutes.

Implement the bin/rails boot command
The new bin/rails boot command boots the application and exits. Supports the standard -e/--environment options. It can be handy when you want to test the boot logic of a Rails app or when benchmarking something.

Rename check_box helpers to checkbox
This pull request renamed the check_box helper methods to checkbox and kept the old names as aliases.
The same change was done to text_area in another pull request.

Generate errors when running a Docker build with warnings
Docker introduced Docker build checks and by default, running a Docker build with warnings will not cause the build to fail (return a non-zero exit code). To raise errors on warnings # check=error=true declaration should be added to the Dockerfile, and this pull request did that.

Change Active Model’s human_attribute_name to raise an error
When config.i18n.raise_on_missing_translations is set to true, controllers and views raise an error on missing translations. However, models won’t. This pull request changes models to raise an error when raise_on_missing_translations is true.

Deprecate hash key path mapping
This pull request deprecates drawing routes with hash key paths to make routing faster.

# Before
get "/users" => "users#index"
post "/logout" => :sessions
mount MyApp => "/my_app"

# After
get "/users", to: "users#index"
post "/logout", to: "sessions#logout"
mount MyApp, at: "/my_app"

Deprecate multiple path route mapping
Drawing routes with multiple paths was also deprecated to make routing faster. You may use with_options or a loop to make drawing multiple paths easier.

# Before
get "/users", "/other_path", to: "users#index"

# After
get "/users", to: "users#index"
get "/other_path", to: "users#index"

Introduce ActiveModel::AttributeAssignment#attribute_writer_missing
This pull request introduces ActiveModel::AttributeAssignment#attribute_writer_missing to provide instances with an opportunity to gracefully handle assigning to an unknown attribute:

class Rectangle
  include ActiveModel::AttributeAssignment

  attr_accessor :length, :width

  def attribute_writer_missing(name, value)
    Rails.logger.warn "Tried to assign to unknown attribute #{name}"
  end
end

rectangle = Rectangle.new
rectangle.assign_attributes(height: 10) # => Logs "Tried to assign to unknown attribute 'height'"

Add cvv and cvc as default parameters to filter out in new apps
In general you should not be posting credit card details to your server, but if you make a mistake in your form and do post a user’s credit card number, those details will get logged by default, even if your server doesn’t use them. This pull request adds cvv and cvc to the defaults for ActiveSupport::ParameterFilter for new apps. This means that params with those names will not get logged by default. This just changes the template for new apps; there’s no changes made to existing apps.

Support Active Record batching using custom columns
This pull request adds support to Active Record batching to be used with custom columns.

Product.in_batches(cursor: [:shop_id, :id]) do |relation|
  # do something with relation
end

Reallow setting secret_key_base to nil in local environments
Previously, secret_key_base was allowed to be set to nil in local environments (or with SECRET_KEY_BASE_DUMMY) because validation would only happen on usage and not on the setter. This was recently changed to make it easier to identify exactly where a secret_key_base was being set to an invalid value.
However, this change broke some applications which unconditionally set secret_key_base to some external value in dev/test. Before the change, the set value could be nil and fall back to the generated local secret on usage. This pull request restores that behavior.

Ensure SQLite transaction defaults to IMMEDIATE mode
This pull request changes Active Record to Use SQLite IMMEDIATE transactions when possible. With this change, transactions run against the SQLite3 adapter default to IMMEDIATE mode to improve concurrency support and avoid busy exceptions.

You can view the whole list of changes here. We had 31 contributors to the Rails codebase this past week!

Until next time!

Subscribe to get these updates mailed to you.