Hi, it’s Claudio Baccigalupo. Let’s explore this week’s changes in the Rails codebase.
Add :algorithm option to has_secure_password
Active Model’s has_secure_password now supports different password hashing algorithms.
Add built-in Argon2 support for has_secure_password
Building on top of the previous PR, you can now add gem "argon2" and then call has_secure_password algorithm: :argon2.
Unlike BCrypt’s 72-byte restriction, Argon2 has no password length limit.
New guides for Rails Engines
After months of rewriting, the brand new Rails Engines guides are live!
Support international characters in humanize
Calling ActiveSupport::Inflector.humanize("аБВГДЕ") now correctly returns “Абвгде”.
Add ability to use a block when rendering a collection
When using a partial that yields, we could already use this partial with render partial: or render @model.
Now we can do that with collections as well, writing code like this:
// index.html.erb
<%= render @posts do |post| %>
<%= link_to "Edit", [:edit, post] %>
<% end %>
// _post.html.erb
<article class="post">
<h1><%= post.title %></h1>
<%= yield post if block_given? %>
</article>
Introduce Parameter Object: QueryIntent
A thorough improvement to Active Record internals which results in the deprecation of exec_update, exec_delete, and exec_insert in favor of update, delete, and insert.
Make Rails 8.1 schema cache backward-compatible
Rails 8.1 changed how the default value for a column is assigned.
This PR ensures that a schema cache produced by Rails 8.1 can be deserialized by Rails 8.0 without any errors.
Prevent duplicates when eager-loading models with a composite primary key
The code in JoinDependency#instantiate was not properly handling models with a composite primary key, resulting in duplicate records being returned.
Fix the stylesheet_link_tag generated by rails new
stylesheet_link_tag "application" will be used when generating Rails apps with CSS bundling (for instance: rails new myapp --css tailwind --js esbuild).
Fix double filtering rescue_from_handled backtrace
ActionController::StructuredEventSubscriber was taking the first frame of the backtrace and removing the Rails root.
However, the event being consumed already did this, so the backtrace output was a single character.
This commit fixes the issue by removing the duplicate backtrace filtering.
Use -infinity for lower value of unbounded PG time ranges
In PostgreSQL if you have a time range column (daterange, tstzrange, etc.) and save a record with a Ruby range that begins or ends with nil you were getting an unexpected behavior:
Product.create(period: Time.utc(2000)...nil) # => ["2000-01-01 00:00:00",infinity)
Product.create(period: nil...Time.utc(2000)) # => (NULL,"2000-01-01 00:00:00")
The behavior has now been fixed to use -infinity rather than NULL for the lower value.
Fix content_security_policy_nonce error in mailers
Fixes an error that you would get invoking stylesheet_link_tag in a mailer view with the default content_security_policy.rb enabled.
You can view the whole list of changes here.
We had 22 contributors to the Rails codebase this past week!
Until next time!
Subscribe to get these updates mailed to you.