File rubygem-activerecord-6.1.changes of Package rubygem-activerecord-6.1
-------------------------------------------------------------------
Mon Nov  4 15:59:55 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- ## Rails 6.1.7.10 (October 23, 2024) ##
*   No changes.
## Rails 6.1.7.9 (October 15, 2024) ##
*   No changes.
-------------------------------------------------------------------
Fri Jun 21 09:14:59 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- ## Rails 6.1.7.8 (June 04, 2024) ##
*   No changes.
## Rails 6.1.7.7 (February 21, 2024) ##
*   No changes.
-------------------------------------------------------------------
Thu Nov  2 15:33:49 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>
- ## Rails 6.1.7.6 (August 22, 2023) ##
*   No changes.
## Rails 6.1.7.5 (August 22, 2023) ##
*   No changes.
## Rails 6.1.7.4 (June 26, 2023) ##
*   No changes.
## Rails 6.1.7.3 (March 13, 2023) ##
*   No changes.
## Rails 6.1.7.2 (January 24, 2023) ##
*   No changes.
## Rails 6.1.7.1 (January 17, 2023) ##
*   Make sanitize_as_sql_comment more strict
    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.
    This commit makes the sanitization more robust by replacing any
    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.
    This also clarifies in the documentation of annotate that it should not
    be provided user input.
    [CVE-2023-22794]
*   Added integer width check to PostgreSQL::Quoting
    Given a value outside the range for a 64bit signed integer type
    PostgreSQL will treat the column type as numeric. Comparing
    integer values against numeric values can result in a slow
    sequential scan.
    This behavior is configurable via
    ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
    [CVE-2022-44566]
-------------------------------------------------------------------
Mon Oct 10 12:54:04 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.7
 see installed CHANGELOG.md
  ## Rails 6.1.7 (September 09, 2022) ##
  
  *   Symbol is allowed by default for YAML columns
  
      *Étienne Barrié*
  
  *   Fix `ActiveRecord::Store` to serialize as a regular Hash
  
      Previously it would serialize as an `ActiveSupport::HashWithIndifferentAccess`
      which is wasteful and cause problem with YAML safe_load.
  
      *Jean Boussier*
  
  *   Fix PG.connect keyword arguments deprecation warning on ruby 2.7
  
      Fixes #44307.
  
      *Nikita Vasilevsky*
  
-------------------------------------------------------------------
Thu Aug  4 12:52:21 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.6.1
 see installed CHANGELOG.md
  ## Rails 6.1.6.1 (July 12, 2022) ##
  
  *   Change ActiveRecord::Coders::YAMLColumn default to safe_load
  
      This adds two new configuration options The configuration options are as
      follows:
      
      * `config.active_storage.use_yaml_unsafe_load`
      
      When set to true, this configuration option tells Rails to use the old
      "unsafe" YAML loading strategy, maintaining the existing behavior but leaving
      the possible escalation vulnerability in place.  Setting this option to true
      is *not* recommended, but can aid in upgrading.
      
      * `config.active_record.yaml_column_permitted_classes`
      
      The "safe YAML" loading method does not allow all classes to be deserialized
      by default.  This option allows you to specify classes deemed "safe" in your
      application.  For example, if your application uses Symbol and Time in
      serialized data, you can add Symbol and Time to the allowed list as follows:
      
      ```
      config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
      ```
  
      [CVE-2022-32224]
  
  
-------------------------------------------------------------------
Thu Apr 28 05:14:05 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.5.1
 see installed CHANGELOG.md
  ## Rails 6.1.5.1 (April 26, 2022) ##
  
  *   No changes.
  
  
  ## Rails 6.1.5 (March 09, 2022) ##
  
  *   Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.
  
      Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` method.
      In Ruby 2.6, the receiver of the `String#@-` method is modified under certain circumstances.
      This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
      fixed in Ruby 2.7.
  
      Before the changes in this commit, the
      `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
      calls the `String#@-` method, could also modify an input string argument in Ruby 2.6 --
      changing a tainted, unfrozen string into a tainted, frozen string.
  
      Fixes #43056
  
      *Eric O'Hanlon*
  
  *   Fix migration compatibility to create SQLite references/belongs_to column as integer when
      migration version is 6.0.
  
      `reference`/`belongs_to` in migrations with version 6.0 were creating columns as
      bigint instead of integer for the SQLite Adapter.
  
      *Marcelo Lauxen*
  
  *   Fix dbconsole for 3-tier config.
  
      *Eileen M. Uchitelle*
  
  *   Better handle SQL queries with invalid encoding.
  
      ```ruby
      Post.create(name: "broken \xC8 UTF-8")
      ```
  
      Would cause all adapters to fail in a non controlled way in the code
      responsible to detect write queries.
  
      The query is now properly passed to the database connection, which might or might
      not be able to handle it, but will either succeed or failed in a more correct way.
  
      *Jean Boussier*
  
  *   Ignore persisted in-memory records when merging target lists.
  
      *Kevin Sjöberg*
  
  *   Fix regression bug that caused ignoring additional conditions for preloading
      `has_many` through relations.
  
      Fixes #43132
  
      *Alexander Pauly*
  
  *   Fix `ActiveRecord::InternalMetadata` to not be broken by
      `config.active_record.record_timestamps = false`
  
      Since the model always create the timestamp columns, it has to set them, otherwise it breaks
      various DB management tasks.
  
      Fixes #42983
  
      *Jean Boussier*
  
  *   Fix duplicate active record objects on `inverse_of`.
  
      *Justin Carvalho*
  
  *   Fix duplicate objects stored in has many association after save.
  
      Fixes #42549.
  
      *Alex Ghiculescu*
  
  *   Fix performance regression in `CollectionAssocation#build`.
  
      *Alex Ghiculescu*
  
  *   Fix retrieving default value for text column for MariaDB.
  
      *fatkodima*
  
  
  ## Rails 6.1.4.7 (March 08, 2022) ##
  
  *   No changes.
  
  
-------------------------------------------------------------------
Tue Feb 15 07:11:51 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.4.6
 see installed CHANGELOG.md
  ## Rails 6.1.4.6 (February 11, 2022) ##
  
  *   No changes.
  
  
  ## Rails 6.1.4.5 (February 11, 2022) ##
  
  *   No changes.
  
  
-------------------------------------------------------------------
Tue Jan 25 06:24:41 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 6.1.4.4
 see installed CHANGELOG.md
  ## Rails 6.1.4.4 (December 15, 2021) ##
  
  *   No changes.
  
  
  ## Rails 6.1.4.3 (December 14, 2021) ##
  
  *   No changes.
  
  
  ## Rails 6.1.4.2 (December 14, 2021) ##
  
  *   No changes.
  
  
-------------------------------------------------------------------
Wed Aug 25 05:01:56 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.4.1
  * no changes
-------------------------------------------------------------------
Fri Jul  9 12:26:59 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.4
  *   Do not try to rollback transactions that failed due to a `ActiveRecord::TransactionRollbackError`.
      *Jamie McCarthy*
  *   Raise an error if `pool_config` is `nil` in `set_pool_config`.
      *Eileen M. Uchitelle*
  *   Fix compatibility with `psych >= 4`.
      Starting in Psych 4.0.0 `YAML.load` behaves like `YAML.safe_load`. To preserve compatibility
      Active Record's schema cache loader and `YAMLColumn` now uses `YAML.unsafe_load` if available.
      *Jean Boussier*
  *   Support using replicas when using `rails dbconsole`.
      *Christopher Thornton*
  *   Restore connection pools after transactional tests.
      *Eugene Kenny*
  *   Change `upsert_all` to fails cleanly for MySQL when `:unique_by` is used.
      *Bastian Bartmann*
  *   Fix user-defined `self.default_scope` to respect table alias.
      *Ryuta Kamizono*
  *   Clear `@cache_keys` cache after `update_all`, `delete_all`, `destroy_all`.
      *Ryuta Kamizono*
  *   Changed Arel predications `contains` and `overlaps` to use
      `quoted_node` so that PostgreSQL arrays are quoted properly.
      *Bradley Priest*
  *   Fix `merge` when the `where` clauses have string contents.
      *Ryuta Kamizono*
  *   Fix rollback of parent destruction with nested `dependent: :destroy`.
      *Jacopo Beschi*
  *   Fix binds logging for `"WHERE ... IN ..."` statements.
      *Ricardo Díaz*
  *   Handle `false` in relation strict loading checks.
      Previously when a model had strict loading set to true and then had a
      relation set `strict_loading` to false the false wasn't considered when
      deciding whether to raise/warn about strict loading.
      ```
      class Dog < ActiveRecord::Base
        self.strict_loading_by_default = true
        has_many :treats, strict_loading: false
      end
      ```
      In the example, `dog.treats` would still raise even though
      `strict_loading` was set to false. This is a bug effecting more than
      Active Storage which is why I made this PR superceeding #41461. We need
      to fix this for all applications since the behavior is a little
      surprising. I took the test from ##41461 and the code suggestion from #41453
      with some additions.
      *Eileen M. Uchitelle*, *Radamés Roriz*
  *   Fix numericality validator without precision.
      *Ryuta Kamizono*
  *   Fix aggregate attribute on Enum types.
      *Ryuta Kamizono*
  *   Fix `CREATE INDEX` statement generation for PostgreSQL.
      *eltongo*
  *   Fix where clause on enum attribute when providing array of strings.
      *Ryuta Kamizono*
  *   Fix `unprepared_statement` to work it when nesting.
      *Ryuta Kamizono*
-------------------------------------------------------------------
Fri May 14 15:55:53 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3.2
  * no changes
-------------------------------------------------------------------
Tue Apr 20 12:58:40 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3.1
  * no changes
-------------------------------------------------------------------
Mon Mar 15 04:11:37 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.3
  *   Fix the MySQL adapter to always set the right collation and charset
      to the connection session.
      *Rafael Mendonça França*
  *   Fix MySQL adapter handling of time objects when prepared statements
      are enabled.
      *Rafael Mendonça França*
  *   Fix scoping in enum fields using conditions that would generate
      an `IN` clause.
      *Ryuta Kamizono*
  *   Skip optimised #exist? query when #include? is called on a relation
      with a having clause
      Relations that have aliased select values AND a having clause that
      references an aliased select value would generate an error when
      #include? was called, due to an optimisation that would generate
      call #exists? on the relation instead, which effectively alters
      the select values of the query (and thus removes the aliased select
      values), but leaves the having clause intact. Because the having
      clause is then referencing an aliased column that is no longer
      present in the simplified query, an ActiveRecord::InvalidStatement
      error was raised.
      An sample query affected by this problem:
      ```ruby
      Author.select('COUNT(*) as total_posts', 'authors.*')
            .joins(:posts)
            .group(:id)
            .having('total_posts > 2')
            .include?(Author.first)
      ```
      This change adds an addition check to the condition that skips the
      simplified #exists? query, which simply checks for the presence of
      a having clause.
      Fixes #41417
      *Michael Smart*
  *   Increment postgres prepared statement counter before making a prepared statement, so if the statement is aborted
      without Rails knowledge (e.g., if app gets kill -9d during long-running query or due to Rack::Timeout), app won't end
      up in perpetual crash state for being inconsistent with Postgres.
      *wbharding*, *Martin Tepper*
-------------------------------------------------------------------
Mon Feb 15 10:30:05 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.2.1
  ## Rails 6.1.2.1 (February 10, 2021) ##
  *   Fix possible DoS vector in PostgreSQL money type
      Carefully crafted input can cause a DoS via the regular expressions used
      for validating the money format in the PostgreSQL adapter.  This patch
      fixes the regexp.
      Thanks to @dee-see from Hackerone for this patch!
      [CVE-2021-22880]
      *Aaron Patterson*
  ## Rails 6.1.2 (February 09, 2021) ##
  *   Fix timestamp type for sqlite3.
      *Eileen M. Uchitelle*
  *   Make destroy async transactional.
      An active record rollback could occur while enqueuing a job. In this
      case the job would enqueue even though the database deletion
      rolledback putting things in a funky state.
      Now the jobs are only enqueued until after the db transaction has been committed.
      *Cory Gwin*
  *   Fix malformed packet error in MySQL statement for connection configuration.
      *robinroestenburg*
  *   Connection specification now passes the "url" key as a configuration for the
      adapter if the "url" protocol is "jdbc", "http", or "https". Previously only
      urls with the "jdbc" prefix were passed to the Active Record Adapter, others
      are assumed to be adapter specification urls.
      Fixes #41137.
      *Jonathan Bracy*
  *   Fix granular connection swapping when there are multiple abstract classes.
      *Eileen M. Uchitelle*
  *   Fix `find_by` with custom primary key for belongs_to association.
      *Ryuta Kamizono*
  *   Add support for `rails console --sandbox` for multiple database applications.
      *alpaca-tc*
  *   Fix `where` on polymorphic association with empty array.
      *Ryuta Kamizono*
  *   Fix preventing writes for `ApplicationRecord`.
      *Eileen M. Uchitelle*
-------------------------------------------------------------------
Wed Jan 20 07:11:47 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 6.1.1
  *   Fix fixtures loading when strict loading is enabled for the association.
      *Alex Ghiculescu*
  *   Fix `where` with custom primary key for belongs_to association.
      *Ryuta Kamizono*
  *   Fix `where` with aliased associations.
      *Ryuta Kamizono*
  *   Fix `composed_of` with symbol mapping.
      *Ryuta Kamizono*
  *   Don't skip money's type cast for pluck and calculations.
      *Ryuta Kamizono*
  *   Fix `where` on polymorphic association with non Active Record object.
      *Ryuta Kamizono*
  *   Make sure `db:prepare` works even the schema file doesn't exist.
      *Rafael Mendonça França*
  *   Fix complicated `has_many :through` with nested where condition.
      *Ryuta Kamizono*
  *   Handle STI models for `has_many dependent: :destroy_async`.
      *Muhammad Usman*
  *   Restore possibility of passing `false` to :polymorphic option of `belongs_to`.
      Previously, passing `false` would trigger the option validation logic
      to throw an error saying :polymorphic would not be a valid option.
      *glaszig*
  *   Allow adding nonnamed expression indexes to be revertible.
      Fixes #40732.
      Previously, the following code would raise an error, when executed while rolling back,
      and the index name should be specified explicitly. Now, the index name is inferred
      automatically.
      ```ruby
      add_index(:items, "to_tsvector('english', description)")
      ```
      *fatkodima*
-------------------------------------------------------------------
Fri Dec 11 02:45:25 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com>
- removed build flags for Ruby 2.6 and 2.7 only
  We need to have Ruby 2.5 binaries as well.
- removed disable_docs gem2rpm option (not available)
-------------------------------------------------------------------
Wed Dec  9 23:53:23 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- update to version 6.1.0:
  https://weblog.rubyonrails.org/2020/12/9/Rails-6-1-0-release/
-------------------------------------------------------------------
Mon Nov  2 23:22:55 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- initial package