Bump the bundler group across 1 directory with 12 updates

[dependabot]

Bumps the bundler group with 3 updates in the / directory: devise, jquery-rails and carrierwave.

Updates devise from 3.2.4 to 5.0.2

Release notes

Sourced from devise's releases.

v5.0.2

https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18

v5.0.1

https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13

v5.0.0

https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23

v5.0.0.rc

https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31

v4.9.4

https://github.com/heartcombo/devise/blob/v4.9.4/CHANGELOG.md#494---2024-04-10

v4.9.3

https://github.com/heartcombo/devise/blob/v4.9.3/CHANGELOG.md#493---2023-10-11

v4.9.2

https://github.com/heartcombo/devise/blob/v4.9.2/CHANGELOG.md#unreleased

v4.9.1

https://github.com/heartcombo/devise/blob/v4.9.1/CHANGELOG.md#491---2023-03-31

v4.9.0

https://github.com/heartcombo/devise/blob/v4.9.0/CHANGELOG.md#490---2023-02-17

v4.8.1

No release notes provided.

v4.8.0

No release notes provided.

v4.7.1

No release notes provided.

v4.7.0

No release notes provided.

v4.6.2

No release notes provided.

v4.6.1

No release notes provided.

v4.6.0

No release notes provided.

v4.5.0

No release notes provided.

... (truncated)

Changelog

Sourced from devise's changelog.

5.0.2 - 2026-02-18

• enhancements
  • Allow resource class scopes to override the global configuration for sign_in_after_change_password behaviour. #5825
  • Add sign_in_after_reset_password? check hook to passwords controller, to allow it to be customized by users. #5826

5.0.1 - 2026-02-13

• bug fixes
  • Fix translation issue with German E-Mail on invalid authentication messages caused by previous fix for incorrect grammar #5822

5.0.0 - 2026-01-23

no changes

5.0.0.rc - 2025-12-31

• breaking changes

  • Drop support to Ruby < 2.7

  • Drop support to Rails < 7.0

  • Remove deprecated :bypass option from sign_in helper, use bypass_sign_in instead. #5803

  • Remove deprecated devise_error_messages! helper, use render "devise/shared/error_messages", resource: resource instead. #5803

  • Remove deprecated scope second argument from sign_in(resource, :admin) controller test helper, use sign_in(resource, scope: :admin) instead. #5803

  • Remove deprecated Devise::TestHelpers, use Devise::Test::ControllerHelpers instead. #5803

  • Remove deprecated Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION #5598

  • Remove deprecated Devise.activerecord51? method.

  • Remove SecretKeyFinder and use app.secret_key_base as the default secret key for Devise.secret_key if a custom Devise.secret_key is not provided.

    This is potentially a breaking change because Devise previously used the following order to find a secret key:

    app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base
    

    Now, it always uses application.secret_key_base. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for recoverable, lockable, and confirmable will be invalid. #5645

  • Change password instructions button label on devise view from Send me reset password instructions to Send me password reset instructions #5515

  • Change <br> tags separating form elements to wrapping them in <p> tags #5494

  • Replace [data-turbo-cache=false] with [data-turbo-temporary] on devise/shared/error_messages partial. This has been deprecated by Turbo since v7.3.0 (released on Mar 1, 2023).

    If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to [data-turbo-cache=false].

• enhancements

  • Add Rails 8 support.

    • Routes are lazy-loaded by default in test and development environments now so Devise loads them before Devise.mappings call. #5728

  • New apps using Rack 3.1+ will be generated using config.responder.error_status = :unprocessable_content, since :unprocessable_entity has been deprecated by Rack.

    Latest versions of Rails transparently convert :unprocessable_entity -> :unprocessable_content, and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with :unprocessable_entity. They can also simply change their error_status to :unprocessable_content in latest Rack versions to avoid the warning.

  • Add Ruby 3.4 and 4.0 support.

  • Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. #5568

... (truncated)

Commits

• 5b008ed Release v5.0.2
• 916f94e Add sign_in_after_reset_password? check hook to passwords controller (#5826)
• 1befcb5 Stop building both branch & PR with pushes
• bb2b4ec Allow model config to override sign_in_after_change_password (#5825)
• e5ffdc4 Update missed generator to use correct grammar for "send password reset" butt...
• 1054ef8 Release v5.0.1
• 03c419e Only downcase first letter of each auth key, not the entire string (#5822)
• dbc1bb2 Fix minitest name (#5821)
• c51da69 Release v5, no changes since RC
• e9c534d Fix "Test is missing assertions" warnings
• Additional commits viewable in compare view

Updates jquery-rails from 3.1.0 to 4.6.1

Changelog

Sourced from jquery-rails's changelog.

4.6.1

• update jquery to 3.7.1

4.6.0

• update jquery to 3.7.0

4.5.1

• update jquery to 3.6.1
• update jquery-ujs to 1.2.3

4.5.0

• update jquery to 3.6.0

4.4.0

• update jquery to 3.5.1 (note: 3.5.0 contains important security updates)
• unescape dollar signs and backticks in assert_select_jquery to match Rails updated behavior.

4.3.5

• update jquery to 3.4.1

4.3.4

• update jquery to 3.4.0

4.3.3

• update jquery to 3.3.1

4.3.2

• update jquery to 3.3.0
• Add possibility to test HTML: all, attribute prefix, attribute contains, attribute ends with, child, and class selectors
• Fix matching multiple calls for the same selector/function exception

4.3.1

• update jquery to 3.2.1

4.3.0

• update jquery to 3.2.0
• Add possibility to test HTML attribute selectors

... (truncated)

Commits

• 0342960 Release v4.6.1 with jQuery v3.7.1
• 039b12e Update jquery to v3.7.1 (#305)
• 12869da Release v4.6.0 with jQuery v3.7.0
• 65a9c73 Update jquery to 3.7.0
• fb5a7a8 Merge pull request #293 from MichaelHoste/patch-1
• d9dfbe1 Merge pull request #296 from okuramasafumi/patch-1
• f34a439 Update CHANGELOG.md
• b9e5aa7 Fix typo in CHANGELOG.md (usj => ujs)
• de8792d Release v4.5.1 with jquery 3.6.1 and jquery-ujs 1.2.3
• 7e6f508 Update jquery-ujs to latest v1.2.3
• Additional commits viewable in compare view

Updates carrierwave from 0.10.0 to 2.2.6

Release notes

Sourced from carrierwave's releases.

2.2.6

Security

• Fix Content-Type allowlist bypass vulnerability remained (@​mshibuya 4317871, GHSA-vfmv-jfc5-pjjw)

2.2.5

Security

• Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@​mshibuya 39b282d, GHSA-gxhx-g4fq-49hj)

2.2.4

Fixed

• Fix Ruby 2.7 keyword argument warning in uploader process (@​SuperTux88 #2665, #2636, #2635)

2.2.3

Fixed

• Add workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@​mshibuya c74579d, #2628)
• Add workaround for the API change in ssrf_filter 1.1 (@​BrianHawley #2629, #2625)

2.2.2

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

... (truncated)

Changelog

Sourced from carrierwave's changelog.

2.2.6 - 2024-03-23

Security

• Fix Content-Type allowlist bypass vulnerability remained (@​mshibuya 4317871, GHSA-vfmv-jfc5-pjjw)

2.2.5 - 2023-11-29

Security

• Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@​mshibuya 39b282d, GHSA-gxhx-g4fq-49hj)

2.2.4 - 2023-06-10

Fixed

• Fix Ruby 2.7 keyword argument warning in uploader process (@​SuperTux88 #2665, #2636, #2635)

2.2.3 - 2022-11-21

Fixed

• Add workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@​mshibuya c74579d, #2628)
• Add workaround for the API change in ssrf_filter 1.1 (@​BrianHawley #2629, #2625)

2.2.2 - 2021-05-28

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1 - 2021-03-30

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0 - 2021-02-23

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

... (truncated)

Commits

• eb6359e Version 2.2.6
• 4317871 Fix Content-Type allowlist bypass vulnerability remained
• 0fcff94 Version 2.2.5
• 39b282d Fix Content-Type allowlist bypass vulnerability
• 2f91bee Version 2.2.4
• 2f2d77a Merge pull request #2665 from SuperTux88/backport-kwargs-fix
• 52237f4 fix: ruby 2.7 kwarg warning in uploader process
• bdb0be0 File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2
• ed8c518 Forward to 1.x changelog for older changes
• baf5df7 Version 2.2.3
• Additional commits viewable in compare view

Updates actionmailer from 4.1.1 to 8.1.2

Release notes

Sourced from actionmailer's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from actionmailer's changelog.

Rails 8.1.2 (January 08, 2026)

• No changes.

Rails 8.1.1 (October 28, 2025)

• No changes.

Rails 8.1.0 (October 22, 2025)

• Add structured events for Action Mailer:

  • action_mailer.delivered
  • action_mailer.processed

  Gannon McGibbon

• Add deliver_all_later to enqueue multiple emails at once.

  user_emails = User.all.map { |user| Notifier.welcome(user) }
  ActionMailer.deliver_all_later(user_emails)
  use a custom queue
  ActionMailer.deliver_all_later(user_emails, queue: :my_queue)

  This can greatly reduce the number of round-trips to the queue datastore. For queue adapters that do not implement the enqueue_all method, we fall back to enqueuing email jobs indvidually.

  fatkodima

Please check 8-0-stable for previous changes.

Commits

• d7c8ae6 Preparing for 8.1.2 release
• dc94813 Merge pull request #56050 from jclusso/fix-stylesheet-tag-nonce-mailer
• 90a1eaa Preparing for 8.1.1 release
• df9f432 Allow methods starting with underscore to be action methods.
• 53c4ed8 Merge pull request #55973 from rails/fix-ci
• f77a1c3 Require 'rails' at the top of railltie files to ensure Rails is loaded first
• 1cdd190 Preparing for 8.1.0 release
• 1ace683 Preparing for 8.1.0.rc1 release
• d6f9f62 Make the Structured Event Subscriber emit events in format that are useful fo...
• d2518fa Merge pull request #55748 from Shopify/event_with_debug_helper
• Additional commits viewable in compare view

Updates actionpack from 4.1.1 to 8.1.2

Release notes

Sourced from actionpack's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.1.2 (January 08, 2026)

• Add config.action_controller.live_streaming_excluded_keys to control execution state sharing in ActionController::Live.

  When using ActionController::Live, actions are executed in a separate thread that shares state from the parent thread. This new configuration allows applications to opt-out specific state keys that should not be shared.

  This is useful when streaming inside a connected_to block, where you may want the streaming thread to use its own database connection context.

  # config/application.rb
  config.action_controller.live_streaming_excluded_keys = [:active_record_connected_to_stack]

  By default, all keys are shared.

  Eileen M. Uchitelle

• Fix IpSpoofAttackError message to include Forwarded header content.

  Without it, the error message may be misleading.

  zzak

Rails 8.1.1 (October 28, 2025)

• Allow methods starting with underscore to be action methods.

  Disallowing methods starting with an underscore from being action methods was an unintended side effect of the performance optimization in 207a254.

  Fixes #55985.

  Rafael Mendonça França

Rails 8.1.0 (October 22, 2025)

• Submit test requests using as: :html with Content-Type: x-www-form-urlencoded

  Sean Doyle

• Add link-local IP ranges to ActionDispatch::RemoteIp default proxies.

  Link-local addresses (169.254.0.0/16 for IPv4 and fe80::/10 for IPv6) are now included in the default trusted proxy list, similar to private IP ranges.

... (truncated)

Commits

• d7c8ae6 Preparing for 8.1.2 release
• df98a0d Merge pull request #56440 from zzak/ac-live-streaming-keys-typo
• 0f8014a [8-1-stable] Minitest 6 support
• 991ccf3 Merge pull request #56393 from rails/add-exclude-keys-to-live-controller
• 662609d Merge pull request #56252 from callmesangio/fix-testing-docs
• 81dca9c Merge pull request #56285 from markokajzer/main
• c98c994 Merge pull request #56256 from zzak/re-56186
• 4388688 Fix redirect_test leaking subscription state
• 13589db Fix dependency on Rails constant
• 27e709a Merge pull request #56059 from Shopify/hm-zpvonttrlztqnryl
• Additional commits viewable in compare view

Updates actionview from 4.1.1 to 8.1.2

Release notes

Sourced from actionview's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 8.1.2 (January 08, 2026)

• Fix file_field to join mime types with a comma when provided as Array

  file_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])

  Now behaves likes:

  file_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')
  

  Bogdan Gusiev

• Fix strict locals parsing to handle multiline definitions.

  Said Kaldybaev

• Fix content_security_policy_nonce error in mailers when using content_security_policy_nonce_auto setting.

  The content_security_policy_nonce helper is provided by ActionController::ContentSecurityPolicy, and it relies on request.content_security_policy_nonce. Mailers lack both the module and the request object.

  Jarrett Lusso

Rails 8.1.1 (October 28, 2025)

• Respect remove_hidden_field_autocomplete config in form builder hidden_field.

  Rafael Mendonça França

Rails 8.1.0 (October 22, 2025)

• The BEGIN template annotation/comment was previously printed on the same line as the following element. We now insert a newline inside the comment so it spans two lines without adding visible whitespace to the HTML output to enhance readability.

  Before:

  <!-- BEGIN /Users/siaw23/Desktop/rails/actionview/test/fixtures/actionpack/test/greeting.html.erb --><p>This is grand!</p>
  

  After:

  <!-- BEGIN /Users/siaw23/Desktop/rails/actionview/test/fixtures/actionpack/test/greeting.html.erb
  --><p>This is grand!</p>
  

  Emmanuel Hayford

... (truncated)

Commits

• d7c8ae6 Preparing for 8.1.2 release
• 27aa94f Merge pull request #56389 from bogdan/semantic-file-input-accept
• 7cf18e0 Merge pull request #56316 from shivabhusal/support-closing_parenthesis-in-nex...
• 160db66 Merge pull request #56270 from Saidbek/fix-multiline-strict-locals-parsing
• 386004e Add CHANGELOG entry for #56050
• dc94813 Merge pull request #56050 from jclusso/fix-stylesheet-tag-nonce-mailer
• 90a1eaa Preparing for 8.1.1 release
• 271acd5 Sync CHANGELOG
• ae6c5a2 Merge pull request #55989 from rails/rm-fix-remove_hidden_field_autocomplete
• 53c4ed8 Merge pull request #55973 from rails/fix-ci
• Additional commits viewable in compare view

Updates activerecord from 4.1.1 to 8.1.2

Release notes

Sourced from activerecord's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 8.1.2 (January 08, 2026)

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

  fatkodima

• Fix merging relations with arel equality predicates with null relations.

  fatkodima

• Fix SQLite3 schema dump for non-autoincrement integer primary keys.

  Previously, schema.rb should incorrectly restore that table with an auto incrementing primary key.

  Chris Hasiński

• Fix PostgreSQL schema_search_path not being reapplied after reset! or reconnect!.

  The schema_search_path configured in database.yml is now correctly reapplied instead of falling back to PostgreSQL defaults.

  Tobias Egli

• Restore the ability of enum to be foats.

  enum :rating, { low: 0.0, medium: 0.5, high: 1.0 },

  In Rails 8.1.0, enum values are eagerly validated, and floats weren't expected.

  Said Kaldybaev

• Ensure batched preloaded associations accounts for klass when grouping to avoid issues with STI.

  zzak, Stjepan Hadjic

• Fix ActiveRecord::SoleRecordExceeded#record to return the relation.

  This was the case until Rails 7.2, but starting from 8.0 it started mistakenly returning the model class.

  Jean Boussier

• Improve PostgreSQLAdapter resilience to Timeout.timeout.

  Better handle asynchronous exceptions being thrown inside the reconnect! method.

... (truncated)

Commits

• d7c8ae6 Preparing for 8.1.2 release
• 3ea2701 CHANGELOG sync
• 53e82ef Merge pull request #56534 from khasinski/fix-sqlite3-schema-dump-default-nil
• adcface Fix PostgreSQL schema_search_path after reconnect and reset
• 13952d5 Merge pull request #56447 from Saidbek/fix-enum-float-values-support
• 642baed Merge pull request #56482 from fatkodima/fix-merge-arel-equality-and-null
• 49a1f72 Merge pull request #56415 from zzak/re-56047
• 1b2a755 Fix CI rerun command for active record tests
• 186d51e Merge pull request #56304 from fatkodima/fix-dumping-views-indexes
• 7acf8b3 Merge pull request #56287 from byroot/fix-sole-error-record
• Additional commits viewable in compare view

Updates activesupport from 4.1.1 to 8.1.2

Release notes

Sourced from activesupport's releases.

8.1.2

Active Support

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Active Model

• No changes.

Active Record

• Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.1.2 (January 08, 2026)

• Make delegate and delegate_missing_to work in BasicObject subclasses.

  Rafael Mendonça França

• Fix Inflectors when using a locale that fallbacks to :en.

  Said Kaldybaev

• Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

  Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

  Now the method consistently always return UTF-8 strings.

  Jean Boussier

• Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

  Previously it would return an invalid time.

  Dmytro Rymar

• Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

  Mikey Gough

• Fix ActiveSupport::Inflector.humanize with international characters.

  ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
  ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"

  Jose Luis Duran

Rails 8.1.1 (October 28, 2025)

• No changes.

Rails 8.1.0 (October 22, 2025)

• Remove deprecated passing a Time object to Time#since.

  Rafael Mendonça França

... (truncated)

Commits

• d7c8ae6 Preparing for 8.1.2 release
• 3ea2701 CHANGELOG sync
• 0f8014a [8-1-stable] Minitest 6 support
• 991ccf3 Merge pull request #56393 from rails/add-exclude-keys-to-live-controller
• c86465f Merge pull request #56353 from rails/rmf-delegation-basic-object
• fce726b Merge pull request #56344 from Saidbek/fix-inflections-fallback-to-en-locale
• efd9bd9 Merge pull request #56324 from jeremyevans/activesupport-uri-require
• 81dca9c Merge pull request #56285 from markokajzer/main
• a5c1af3 Merge pull request #56294 from fatkodima/fix-mem_cache_store-newer-connection...
• 923f8e9 Merge pull request #56292 from fatkodima/fix-redis_cache_store-newer-connecti...
• Additional commits viewable in compare view
Description has been truncated