Ruby on Rails - May 2022

Hey folks - Updates for May 2022

Async aggregate & find_by queries

Active Record async support was limited to loading collections, but among the not-so-fast queries that would benefit from asynchronicity you often find aggregates as well as hand-crafted find_by_sql queries.

Ruby now supports the following methods as well (learn more)

async_coun
async_sum
async_minimum
async_maximum
async_average
async_pluck
async_pick
async_find_by_sql
async_count_by_sqlt

        

CSRF tokens can now be stored outside of the session

This is useful in cases where sessions are not stored in cookies. For example, when using a Redis session store, millions of sessions may be created for unauthenticated users where the session contains nothing but the CSRF token. In such cases, the cache may be thrashing, constantly evicting old sessions. This new configuration parameter will make it possible to store the CSRF token somewhere other than the session (i.e. in an encrypted cookie), making it possible for the session store to store only sessions for authenticated users.

Learn more.

Support encrypted attributes on columns with default values

Encrypted columns with default values are now automatically encrypted on object creation.

Before, it was failing to read these columns because their contents were not encrypted unless you enable

config.active_record.encryption.support_unencrypted_data
        

Now, it will encrypt those values at the record-creation time, learn more.

PRs on Rails repo won't be closed automatically

While the idea of cleaning up the the PRs list by nudging reviewers
with the stale message and closing PRs that didn't got a review in time
cloud work for the maintainers, in practice it discourages contributors
to submit contributions.
        

The autoclosing of PR has been stopped until the community comes up with a different solution.

Pattern Matching is not supported for ActiveModel

This provides the Ruby 2.7+ pattern matching interface for hash patterns, which allows the user to pattern match against anything that includes the ActiveModel::AttributeMethods module (e.g., ActiveRecord::Base). e.g.

case Current.user
in { superuser: true }
  "Thanks for logging in. You are a superuser."
in { admin: true, name: }
  "Thanks for logging in, admin #{name}!"
in { name: }
  "Welcome, #{name}!"
end
        

learn more.

Avoid query from calculations on contradictory relations

This PR avoids making a query to the database when the relation used for the count, sum, average, minimum, and maximum is a contradiction.

Previously calculations would make a query even when passed a contradiction, such as User.where(id: []).count. Rails no longer perform a query in that scenario.

learn more.

Added --name option to application generator

Now rails new generator supports --name option. Using this option will allow assigning a different name to the application than the folder name. i.e.

rails new my-app-folder --name=my-actual-app-name
        

learn more.

Ruby YJIT has been ported to Rust - Most likely coming with ruby 3.2.

Whats YJIT?

The new Rust version of YJIT has reached parity with the C version, in that it passes all the CRuby tests, is able to run all of the YJIT benchmarks, and performs similarly to the C version (because it works the same way and largely generates the same machine code). They have even incorporated some design improvements, such as a more fine-grained constant invalidation mechanism which we expect will make a big difference in Ruby on Rails applications (learn more).

Ruby 3.1 Introduces Variable Width Allocation for Strings

This is some deep stuff you might not need to know or understand but it is very good to know that a lot of work is being done to make Ruby more efficient.

In short - Variable Width Allocation helps in reducing the bottlenecks and total memory usage while still maintaining similar?performance.

Want to know how? click here.

Security Updates, Improvements & more...

1. Credentials leaking has been prevented by reducing the huge output when you call inspect on Rails::Appliccation class to just class name (learn more).
2. Body content from redirect responses has been removed - Modern browsers don’t render the body content for redirects. The delivered bytes are therefore a small waste (learn more).
3. Now you can implement a password challenge with the same ease as a password confirmation, re-using the same error handling logic in the view, and the controller by using has_secure_password (learn more).
4. Now it’s possible to write video_tag(user.video_file) instead of video_tag(polymorphic_path(user.video_file)) (learn more).
5. Now you can specify the maximum number of records destroyed in a single background job by the?dependent::destroy_async?association option. If the number of dependent records is greater than this configuration, the records will be destroyed in multiple background jobs (learn more).
6. MySQL build rake task can now automatically use root user with no password when you create MySQL databases - this removes the tedious activity of creating the database user and granting privileges every time you need to set up Rails locally on a new computer (learn more).

And that's all for now, please subscribe to this newsletter to stay up to date with the latest stuff from the Ruby on Rails world.

This is Sajjad Umar (your own Desi Developer), Signing off...