Ruby on Rails?—?June 2024
Sajjad Umar
Senior Backend Engineer | Ruby on Rails | Manager RubyConf. Pakistan | Author of Ruby on Rails for Agile Web Development | Desi Developer | Building adex.world
The only Ruby on Rails Newsletter you will ever need!
Welcome to the latest edition of the Ruby on Rails Monthly Newsletter! I’m Sajjad Umar , your own Desi Developer , and I’m thrilled to bring you a fresh batch of insights, updates, and community highlights from the world of Rails. Whether you’re a seasoned developer or just starting your journey with Rails, my goal is to keep you informed and inspired with the latest trends, and stories from around the globe. Discover what’s new in the Rails ecosystem, and see how Rails continues to evolve and empower developers to build amazing applications. Let’s jump right in!
The CFP for RubyConf 2024 is?open
We have a few themes that we are looking for this year, but please submit anything that relates to Ruby. It can be a non-technical talk as well. The themes are as follows:
CFP closes on 08 Jul 2024, read all about RubyConf 2024 here.
Development of Rails 8.0 starts?now
The development of Rails 8 has officially started.
Here is the relevant commit.
Rails 8 will Target Ruby 3.3+ only for new?apps
Here is the relevant commit.
Added Kamal by default to Rails?8
Rails should have a default answer for deploying applications out of the box to the cloud or bare metal. Kamal is the answer. Rails 8 will configure it automatically as far as it can, but allow an opt-out with --skip-kamal.
Read all the details here.
7.0.8.2 and 7.1.3.3 have been?released
There were some vulnerabilities in the Trix Editor , these updates are to upgrade Trix to fixed versions.
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application.
Vulnerable Versions:
Fixed Versions:
Read all the details here.
Rails Security?Releases
Rails Versions 6.1.7.8, 7.0.8.4, 7.1.3.4, and 7.2.0.beta2 have been released! These are security releases, so please upgrade at your earliest convenience.
Read all the details here .
Quickly Create Customized QR Codes With QR Maker ( Sponsored by me?:D?)
Spoiler Alet?—?this is my app, QRmaker helps you create customized QR codes for FREE https://www.qrmaker.top .
Features:
I just uploaded a new video on my Desi Developer YouTube channel on how I secured public URLs for the QRmaker app. Here is the link to the video if you are interested in watching.?
Added support for?:if_not_exists and?:force options to create_schema
create_schema for PostgreSQL does not support convenient?:force and?:if_not_exists options. While drop_schema supports?:if_exists. This PR adds support for create_schema as well.
Read all the details here.
Fixed ActiveRecord::Relation#touch_all with custom attribute aliased as attribute for?update
If we have something like:
create_table :users do |t|
t.timestamp :legacy_updated_at
end
class User < ActiveRecord::Base
alias_attribute :updated_at, :legacy_updated_at
end
User.touch_all(:updated_at)
then ActiveRecord will not resolve updated_at to its alias correctly and result in a query that updates the same column twice. This PR fixes the issue.
Read all the details here.
ActiveSupport::XmlMini now Supports?duration
This Pull Request adds duration parser and formatter on ActiveSupport::XmlMini, using ActiveSupport::Duration.
Read all the details here.
Supported touch_all in?batches
Previously, ActiveRecord is missing the ability to run touch_all via batches (compared to update_all/delete_all/etc).
Post.in_batches.touch_all
This PR adds support for touch_all in batches.
Read all the details here.
Rails now raise a descriptive error when a Store column is misconfigured
If a developer has neglected to use a structured column type (hstore or json) or to declare a serializer with ActiveRecord.store :
class User < ActiveRecord::Base
store_accessor :settings, :notifications
end
then a ConfigurationError will now be raised with a descriptive error message when the accessor is read or written:
puts user.notifications
# ActiveRecord::ConfigurationError: the column 'settings' has not
# been configured as a store. Please make sure the column is
# declared serializable via 'ActiveRecord.store' or, if your
# database supports it, use a structured column type like hstore or
# json.
Previously, in this situation, a NoMethodError was raised when the accessor was read or written:
puts user.notifications
# NoMethodError: undefined method `accessor' for an instance of ActiveRecord::Type::Text
Raising a descriptive exception should help developers understand more quickly what’s wrong and how to fix it.
Read all the details here.
Added rubocop and GitHub Actions to plugin generator
This Pull Request updates the plugin generator to include templates for GitHub Actions and rubocop. It also updated a couple of files to ensure they passed the rubocop linting.
Read all the details here.
领英推荐
automatically_invert_plural_associations is not enabled by default moving?forward
Due to its potential to cause numerous hard-to-detect issues, automatically_invert_plural_associations is turned off by default. However, you can choose to opt in if you wish to give it a try.
Read all the details here.
Made devcontainers opt-in and created a devcontainer command
This Pull Request has been created because Rails 7.2 dev containers will be an opt-in feature. So, new apps will only get a devcontainer if you pass the --devcontainer flag to rails new. Additionally, you will be able to generate a devcontainer for an existing app with bin/rails devcontainer.
Read all the details here.
Added a new public method for schema_cache_ignored_tables?
Previously we only had a method to set the ignored schema cache tables, but there was no way to ask if a table was ignored by the schema cache. Applications may want to implement their own schema cache, or at least run this check. Rather than forcing them to implement an internal method, this adds a way to ask whether a table is ignored by the schema cache code.
Usage:
ActiveRecord.schema_cache_ignored_tables = ["developers"]
ActiveRecord.schema_cache_ignored_tables?("developers")
Read all the details here.
Don’t configure Kamal storage volume if not?needed
This Pull Request has been created because configuring a Docker persistent storage volume in Kamal seems to be only needed for sqlite or ActiveStorage. If using a different database and the --skip-active-storage option, configuration can be skipped.
Read all the details here.
Fixed issue with IDs reader on preloaded associations for composite primary?keys
When using composite primary keys in a model, the primary_key will be an array. This raises an issue when calling the <association>_ids method on a preloaded association. Internally, Rails uses the pluck method from Enumerable to retrieve the preloaded results. However, the pluck method does not accept an array as its argument. To accommodate that, we need to use the splat operator to split the array into multiple arguments dynamically.
Now calling an example association with composite primary keys user.posts.ids works as expected.
Read all the details here.
Allowed to set strict_loading_mode globally
This Pull Request adds a new class_attribute?:strict_loading_mode, defaulted to?:all. If it's set to?:n_plus_one_only, that mode is used by default when doing strict loading checks.
Read all the details here.
Defered route drawing to the first request, or when url_helpers called
This Pull Request has been created because apps with lots of routes take a long time to boot. A developer could boot an app for reasons that don’t involve routes at all (like running unit tests, migrations, rake tasks, etc.) so I think this should be deferred in dev and test.
This Pull Request changes engine and app route sets to a Rails::Engine::RouteSet, which knows about the current Rails application. The default middleware stack has also changed to include a Rails::Rack::LoadRoutes middleware that loads routes if needed. This PR loads routes under the following circumstances:
In dev/test:
In production:
If, for some reason, a developer wishes to revert to the previous behaviour, they could add an initializer with Rails.application.reload_routes!.
Read all the details here.
Included the current transaction in sql.active_record event?payloads
Use case is to allow tracing database activity including the ability to group queries by transaction, thanks to the recently added ActiveRecord::Transaction#uuid.
Read all the details here.
Re-rolled deprecation of to_time_preserves_timezone
The previous deprecation hadn’t been warning for all users, so proceeding to removal could cause an un-warned change in behaviour.
This Pull Request restores the previous deprecation, then adds an additional once-off warning the first time to_time is called [if the config setting has not already been set].
Read all the details here.
Added an explicit dependency on the logger?gem
Logger is a bundled gem candidate for Ruby 3.5, so it would start to warn without it.
Read all the details here.
Only sanitize content attribute when present in attachments
A recent security update implemented sanitization for the content attribute of ActionText::Attachable::ContentAttachment. As a side effect, this update always sets the attribute, even when it’s missing, which prevents Trix from displaying the image preview. This pull request addresses and resolves that issue.
Read all the details here.
Added an internal route for bin/rails notes
Inspired by the rails/info/routes route a rails/info/notes internal route has been added.
This will be same as doing:
$ bin/rails notes
app/controllers/posts_controller.rb:
* [ 9] [TODO] Move this logic to a concern
* [18] [FIXME] Refactor this method
app/models/post.rb:
* [ 2] [TODO] Refactor this validation
Added an internal route for the bin/rails notes so we can check the notes on UI.
Read all the details here.
Brought back puma.rb to target of app:update
Rails has improved puma.rb in the past a few times, rails app:update will update the file in the future releases.
Read all the details here.
Defined the new start_transaction.active_record event
With this change, a new start_transaction.active_record event will be emitted whenever a transaction begins. This event complements the existing transaction.active_record event, which is triggered when transactions are completed.
Read all the details here.
ActiveRecord: Added option filter on in_order_of
This Pull Request has been created because currently, in_order_of method always use where clause to filter the results only with the values specified in values. Sometimes, we only want to put some values as priority in the sorting but we want the entire search scope without caring about the rest of the sorting. The propose here is add an option to specify to filter scope by values or not.
This Pull Request changes:
order = [3, 4, 1]
# Without specify option
Post.in_order_of(:id, order).to_sql
# SELECT
# "posts".* FROM "posts"
# WHERE
# "posts"."id" IN (3, 4, 1)
# ORDER BY
# CASE WHEN "posts"."id" = 3 THEN 1 WHEN "posts"."id" = 4 THEN 2 WHEN "posts"."id" = 1 THEN 3 END ASC
# With option set to false
Post.in_order_of(:id, order, filter: false).to_sql
# SELECT
# "posts".* FROM "posts"
# ORDER BY
# CASE WHEN "posts"."id" = 3 THEN 1 WHEN "posts"."id" = 4 THEN 2 WHEN "posts"."id" = 1 THEN 3 ELSE 4 END ASC
Read all the details here.
Thank you for joining me in this edition of the Ruby on Rails Monthly Newsletter! I hope you found the insights and updates valuable. Don’t forget to subscribe to stay informed and inspired with the latest in the Rails ecosystem. I’ll be back next month with more exciting news and updates. Happy coding!