Transactions run against the SQLite3 adapter default to IMMEDIATE mode to
improve concurrency support and avoid busy exceptions.
Fixture transactions use DEFERRED mode transactions as all `joinable`
transactions become DEFERRED transactions.
In general you should not be posting credit card details to your server,
you should be using a processor like Stripe or Braintree.
But if you make a mistake in your form and *do* post a user's credit card number,
those details will get logged by default, even if your server doesn't use them.
Now you're potentially "storing card data" and so you have a whole bunch more legal
requirements to do it securely.
This PR adds `cvv` and `cvc` to the defaults for
[`ActiveSupport::ParameterFilter`](https://api.rubyonrails.org/v7.1.3.4/classes/ActiveSupport/ParameterFilter.html) for new apps.
This means that params with those names will not get logged by default.
This just changes the template for new apps; there's no changes made to existing apps.
Drawing routes with multiple paths complicates route drawing enough to
warrant deprecation. Transitioning the routing mapper to use keywords
would result in a 1.25-1.5x improvement in speed, and it would be
substantially easier to do if we drop this feature. Most developers draw
one path per route, so this feature is likely seldom used. Developers
may also leverage with_options or a loop to make drawing easier.
```ruby
get "/users", "/other_path", to: "users#index"
get "/users", to: "users#index"
get "/other_path", to: "users#index"
```
Followup: https://github.com/rails/rails/pull/51005
We should only do the DidYouMean search if the file we failed
to load was the actual test file, not an underlying `require` call.
Also we should still raise an error so that the exit code is 1,
not 0.
Previously we were trying to clear the extra results in a
with_raw_connection block, which caused some issues.
We never want to connect or reconnect here, we just need to drop any
results from a multi-statement query and that only makes sense to do on
the same connection we'd already used for the query.
Previously when a query was run which hit the query cache on a fresh,
non-sticky connection, the connection would perform its `verfiy!` before
calling next_result, resulting in a network round trip.
Tags and taggings build a cache when they are assigned, which means we
cannot support them being mutated. This freezes tags and taggings to
ensure they aren't changed after assignment.
This may not cover all cases, and per the previous PR we intend this to
be configured mostly via application.config, but it covers a case we
were making in our test suite and so should hopefully cover a mistake
users are somewhat likely to make.
I noticed it showed up quite a bit on our production allocation
profiles. I tried to not break the interface, but in reality most
of it is private and it should only be configured through `application.config`.
main:
```
ruby 3.3.3 (2024-06-12 revision f1c7b6f435) +YJIT [arm64-darwin23]
Total allocated: 1440 bytes (18 objects)
Calculating -------------------------------------
tag 521.552k (± 2.0%) i/s - 2.652M in 5.087518s
```
this branch:
```
ruby 3.3.3 (2024-06-12 revision f1c7b6f435) +YJIT [arm64-darwin23]
Total allocated: 840 bytes (7 objects)
Calculating -------------------------------------
tag 1.070M (± 1.9%) i/s - 5.379M in 5.026878s
```
Benchmark:
```ruby
require 'bundler/inline'
gemfile(true) do
source "https://rubygems.org"
gem "benchmark-ips"
gem "memory_profiler"
gem "rails"
end
require "active_record"
ActiveRecord::QueryLogs.taggings = {
some_handler: -> { "Handler" }
}
ActiveRecord::QueryLogs.tags = [
:application,
:some_handler,
fixed_string: "fixed string",
callback: ->(context) { "callback" },
]
ActiveSupport::ExecutionContext[:application] = "SuperApp"
ActiveRecord::QueryLogs.singleton_class.class_eval { public(:tag_content) }
ActiveRecord::QueryLogs.tag_content(:__connection__)
report = MemoryProfiler.report do
ActiveRecord::QueryLogs.tag_content(:__connection__)
end
report.pretty_print
Benchmark.ips do |x|
x.report("tag") { ActiveRecord::QueryLogs.tag_content(:__connection__) }
end
```
When calling + or since between two time objects we should avoid
emitting two deprecation messages and avoiding any deprecation messages
if the deprecated fallback raises an exception.
Ref: #52343
`Time.now.since(Time.now)` does not fail, but it returns a random future
date (currently in 2079).
This commit deprecates passing a Time object to Time#since until Rails
8.0, where it will raise a TypeError.
Co-authored-by: Eileen M. Uchitelle <eileencodes@users.noreply.github.com>
Co-authored-by: John Hawthorn <john@hawthorn.email>
Ref: #52084
Subtracting two time instances results in a Float representing the
time between the instances.
Adding two time instances should not work, but it does.
```ruby
10.days.ago + 10.days.ago
```
[This change](https://github.com/rails/rails/pull/52084/files#diff-aa0ae5ccf92f812f874b632afe70375c52772636f927fe6e34ffeaebf54af9d1L303) removed the rescue statement that had made this possible.
Now, it is a breaking change to have made that easy mistake. This commit
instead deprecates this change until Rails 8.0 and raises a deprecation
warning when adding two Time instances.
Ref: https://bugs.ruby-lang.org/issues/20641
Granted it's an upstream bug, but even without the bug `require`
isn't cheap. `ConfigurationFile` isn't that hot of a spot in
production, but in Active Record test suite it's called for
almost every test so with this Ruby 3.3 bug it account for significant
part of the test suite runtime.
Some Ruby versions have a bug when creating a Time object backed by a
timezone object where they create a fractional-second UTC offset.
For the added test, without this workaround, on Ruby 3.3.0:
1) Failure:
TimeExtCalculationsTest#test_change_preserves_fractional_seconds_on_zoned_time [./test/core_ext/time_ext_test.rb:528]:
--- expected
+++ actual
@@ -1 +1,3 @@
-"2005-01-30 00:00:00.99 -0500"
+# encoding: US-ASCII
+# valid: true
+"2005-01-30 00:00:00.99 -045959"
This is fixed in Ruby 3.3.1 and 3.2.4. We can remove the workaround when
we expect users to be on those versions or newer.
Stephen Margheim