|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "PostgreSQL 18 warnings, secure password improvements and more!" |
| 4 | +categories: news |
| 5 | +author: vipulnsward |
| 6 | +og_image: assets/images/this-week-in-rails.png |
| 7 | +published: true |
| 8 | +date: 2025-07-25 |
| 9 | +--- |
| 10 | + |
| 11 | +Hi, it's [Vipul](https://www.saeloun.com/team/vipul/). Let's explore this week's changes in the Rails codebase. |
| 12 | + |
| 13 | +[Avoid dynamic encrypting in generated fixtures](https://github.com/rails/rails/pull/55387) |
| 14 | +Fixtures for passwords now generate a static hash. Previously, fixtures with password digest attributes regenerated the hash on each test run. |
| 15 | + |
| 16 | +[Don't add bundler platforms for JRuby](https://github.com/rails/rails/pull/55383) |
| 17 | +Fixes Rails Apps on JRuby by not adding extra platforms that cause problems when installing gems. |
| 18 | + |
| 19 | +[Make `ActiveSupport::Gzip.compress` deterministic](https://github.com/rails/rails/pull/55382) |
| 20 | +`ActiveSupport::Gzip.compress` now produces consistent output by always setting the gzip timestamp to zero, which eliminates flaky tests while comparing compressed data. |
| 21 | + |
| 22 | +[Fix HashWithIndifferentAccess#transform_keys! to avoid collisions](https://github.com/rails/rails/pull/55376) |
| 23 | +Fixes a bug where changing keys in a hash could accidentally lose some keys if they clashed. |
| 24 | + |
| 25 | +[Emit a warning when `pg` gem < 1.6.0 is used with PostgreSQL 18+](https://github.com/rails/rails/pull/55368) |
| 26 | +Adds a warning if a Rails project uses PostgreSQL 18+ with an outdated pg gem(< 1.6.0) to prevent compatibility issues of `PG::Connection#cancel`. |
| 27 | + |
| 28 | +[Fix Action Cable compatibility with redis-rb 5.4.1](https://github.com/rails/rails/pull/55359) |
| 29 | +Makes Action Cable compatible with redis-rb 5.4.1, as an incompatibility bug in `redis-rb` is now resolved. |
| 30 | + |
| 31 | +[Remove unnecessary calls to the GCP metadata server](https://github.com/rails/rails/pull/55353) |
| 32 | +Cuts out redundant calls to GCP's metadata server within auth logic, reducing potential latency and server load. |
| 33 | + |
| 34 | +[Add load-hooks for Active Model autoloaded constants referenced in initializers](https://github.com/rails/rails/pull/55347) |
| 35 | +This change added load hooks for `active_model_error` and `active_model_secure_password`, making it easier for initializers to reference Active Model constants that should be autoloaded. |
| 36 | + |
| 37 | +[`has_secure_password`: fix password validation.](https://github.com/rails/rails/pull/55232) |
| 38 | +Ensures password confirmation is validated even if the original password contains only whitespace, making `has_secure_password` behavior more consistent. |
| 39 | + |
| 40 | +[Add render json to health](https://github.com/rails/rails/pull/55092) |
| 41 | +Enables Rails health controller to respond in JSON, improving support for API-only applications. |
| 42 | + |
| 43 | +[Add ActiveRecord::Tasks::AbstractTasks for subclassing per adapter behavior](https://github.com/rails/rails/pull/54879) |
| 44 | +Introduces a base class that allows database adapters to customize task behavior, thereby improving adapter-specific handling. |
| 45 | + |
| 46 | +[Avoid purging the test database when loading a schema](https://github.com/rails/rails/pull/54853) |
| 47 | +Prevents purging of the test database while loading a database schema, improving test suite reliability. |
| 48 | + |
| 49 | +[gitignore all key files in config/credentials](https://github.com/rails/rails/pull/54774) |
| 50 | +Configures `.gitignore` to exclude all files in `config/credentials`, protecting key files from accidental commits. |
| 51 | + |
| 52 | +[Make `nonce: false` remove the nonce attribute for `javascript_tag`, `javascript_include_tag` and `stylesheet_link_tag`](https://github.com/rails/rails/pull/54724) |
| 53 | +Setting `nonce: false` now removes the `nonce` attribute for `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag`. |
| 54 | + |
| 55 | +[Allow custom domain extractor class on ActionDispatch::Http::URL](https://github.com/rails/rails/pull/50763) |
| 56 | +Allows the use of a custom class for domain and subdomain extraction. If no custom extractor is set, a new default extractor, `ActionDispatch::Http::URL::DomainExtractor`, processes domains. |
| 57 | + |
| 58 | +[Read `ActionText::Attachment.tag_name` in Action Text Fixtures](https://github.com/rails/rails/pull/50472) |
| 59 | +Updates Action Text fixture to use the right tag name for Action Text attachments if `config.action_text.attachment_tag_name` is set. |
| 60 | + |
| 61 | +[Action View: Reduce public API of `tag` helper](https://github.com/rails/rails/pull/49369) |
| 62 | +Cleans up the public API surface of the tag helper for maintainability and clarity. |
| 63 | + |
| 64 | + --- |
| 65 | + |
| 66 | +_You can view the whole list of changes [here](https://github.com/rails/rails/compare/@%7B2025-07-18%7D...main@%7B2025-07-25%7D)._ |
| 67 | +_We had [29 contributors](https://contributors.rubyonrails.org/contributors/in-time-window/20250718-20250725) to the Rails codebase this past week!_ |
| 68 | + |
| 69 | +Until next time! |
| 70 | + |
| 71 | +_[Subscribe](https://world.hey.com/this.week.in.rails) to get these updates mailed to you._ |
0 commit comments