RubyGems - railties - Versions diffs - 8.0.0.rc1 → 8.0.0.rc2 - Mend

railties 8.0.0.rc1 → 8.0.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48dcbad64d0cf8be785e5a5a80d210e4f0c77ab14abb4b623c3631607e304c0e
-  data.tar.gz: afe11b82be536134605bbd67230361f11d547108f3e6fc32c66462922038d9c4
+  metadata.gz: 8f9ae335123309d95f081a813b7383b2c9b2a5ae07de08a1231fed3fe6098f0f
+  data.tar.gz: 298788a77ad6b1c9cbeb484a33e494e2352e61bc23c75ca3b1c7b76c4deb40ef
 SHA512:
-  metadata.gz: 3467d3b3d227a967abf2aae1399900f6fdccba995e139e5d5efd9ba0eaa694e60909122de013fd8670d4c757fb5d294e3b4e8c257e50632c686e1155185521cc
-  data.tar.gz: 16972421f0101f97d3425a105507e886d5d588a48539ba6a4c32af7675281653268bd6b47df8a7370d5837b106f0a832bc35f54dcfdd1f5d12c1bb7408ba8dd1
+  metadata.gz: 780d46ca2607f8ba26fae821f958516ce71a2f74f14a39f3324231e49d8e2574426fbfd59517b0eb0d9059bfb06563417ac209dd92eb4ec7bf4872a870044616
+  data.tar.gz: 35cce2a67578153c350a8d493d95fdfb8f0fdc1b62bbe240dd0ffdd1a9daa509f49cc8fd617ac48d463afd53c97b8225b2a400d1bf27dd0c4f3070fc8a77ec89

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,14 @@
+## Rails 8.0.0.rc2 (October 30, 2024) ##
+*   Fix incorrect database.yml with `skip_solid`.
+    *Joé Dupuis*
+*   Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
+    *Rafael Mendonça França*
 ## Rails 8.0.0.rc1 (October 19, 2024) ##
 *   Remove deprecated support to extend Rails console through `Rails::ConsoleMethods`.

data/lib/rails/application/configuration.rb CHANGED Viewed

@@ -344,6 +344,8 @@ module Rails
           if respond_to?(:action_dispatch)
             action_dispatch.strict_freshness = true
           end
+          Regexp.timeout ||= 1
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end

data/lib/rails/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Rails
     MAJOR = 8
     MINOR = 0
     TINY  = 0
-    PRE   = "rc1"
+    PRE   = "rc2"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/rails/generators/rails/app/app_generator.rb CHANGED Viewed

@@ -271,7 +271,8 @@ module Rails
         active_storage: !options[:skip_active_storage],
         dev: options[:dev],
         node: using_node?,
-        app_name: app_name
+        app_name: app_name,
+        skip_solid: options[:skip_solid]
       }
       Rails::Generators::DevcontainerGenerator.new([], devcontainer_options).invoke_all

data/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_8_0.rb.tt CHANGED Viewed

@@ -23,3 +23,8 @@
 # If set to `false` both conditions need to be satisfied.
 #++
 # Rails.application.config.action_dispatch.strict_freshness = true
+###
+# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
+#++
+# Regexp.timeout = 1

data/lib/rails/generators/rails/authentication/authentication_generator.rb CHANGED Viewed

@@ -19,6 +19,8 @@ module Rails
         template "app/controllers/concerns/authentication.rb"
         template "app/controllers/passwords_controller.rb"
+        template "app/channels/application_cable/connection.rb" if defined?(ActionCable::Engine)
         template "app/mailers/passwords_mailer.rb"
         template "app/views/passwords_mailer/reset.html.erb"

data/lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt ADDED Viewed

@@ -0,0 +1,16 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :current_user
+    def connect
+      set_current_user || reject_unauthorized_connection
+    end
+    private
+      def set_current_user
+        if session = Session.find_by(id: cookies.signed[:session_id])
+          self.current_user = session.user
+        end
+      end
+  end
+end

data/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt CHANGED Viewed

@@ -33,7 +33,7 @@ module Authentication
     def request_authentication
       session[:return_to_after_authenticating] = request.url
-      redirect_to new_session_url
+      redirect_to new_session_path
     end
     def after_authentication_url

data/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt CHANGED Viewed

@@ -10,7 +10,7 @@ class PasswordsController < ApplicationController
       PasswordsMailer.reset(user).deliver_later
     end
-    redirect_to new_session_url, notice: "Password reset instructions sent (if user with that email address exists)."
+    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
   end
   def edit
@@ -18,9 +18,9 @@ class PasswordsController < ApplicationController
   def update
     if @user.update(params.permit(:password, :password_confirmation))
-      redirect_to new_session_url, notice: "Password has been reset."
+      redirect_to new_session_path, notice: "Password has been reset."
     else
-      redirect_to edit_password_url(params[:token]), alert: "Passwords did not match."
+      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
     end
   end
@@ -28,6 +28,6 @@ class PasswordsController < ApplicationController
     def set_user_by_token
       @user = User.find_by_password_reset_token!(params[:token])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_url, alert: "Password reset link is invalid or has expired."
+      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
     end
 end

data/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt CHANGED Viewed

@@ -10,12 +10,12 @@ class SessionsController < ApplicationController
       start_new_session_for user
       redirect_to after_authentication_url
     else
-      redirect_to new_session_url, alert: "Try another email address or password."
+      redirect_to new_session_path, alert: "Try another email address or password."
     end
   end
   def destroy
     terminate_session
-    redirect_to new_session_url
+    redirect_to new_session_path
   end
 end

data/lib/rails/generators/rails/devcontainer/devcontainer_generator.rb CHANGED Viewed

@@ -29,6 +29,9 @@ module Rails
       class_option :kamal, type: :boolean, default: true,
                     desc: "Include configuration for Kamal"
+      class_option :skip_solid, type: :boolean, default: nil,
+                    desc: "Skip Solid Cache & Queue setup"
       source_paths << File.expand_path(File.join(base_name, "app", "templates"), base_root)
       def create_devcontainer

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: railties
 version: !ruby/object:Gem::Version
-  version: 8.0.0.rc1
+  version: 8.0.0.rc2
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-19 00:00:00.000000000 Z
+date: 2024-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
 - !ruby/object:Gem::Dependency
   name: rackup
   requirement: !ruby/object:Gem::Requirement
@@ -120,14 +120,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.0.rc1
+        version: 8.0.0.rc2
 description: 'Rails internals: application bootup, plugins, generators, and rake tasks.'
 email: david@loudthinking.com
 executables:
@@ -318,6 +318,7 @@ files:
 - lib/rails/generators/rails/application_record/application_record_generator.rb
 - lib/rails/generators/rails/authentication/USAGE
 - lib/rails/generators/rails/authentication/authentication_generator.rb
+- lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt
 - lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt
@@ -490,10 +491,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc1/railties/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v8.0.0.rc1/
+  changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc2/railties/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v8.0.0.rc2/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc1/railties
+  source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc2/railties
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: