Skip to content

Bump activerecord from 7.2.2.1 to 8.0.2.1#3382

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/activerecord-8.0.2.1
Closed

Bump activerecord from 7.2.2.1 to 8.0.2.1#3382
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/activerecord-8.0.2.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Aug 14, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps activerecord from 7.2.2.1 to 8.0.2.1.

Release notes

Sourced from activerecord's releases.

8.0.2.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Call inspect on ids in RecordNotFound error

    [CVE-2025-55193]

    Gannon McGibbon, John Hawthorn

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

Remove dangerous transformations

[CVE-2025-24293]

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 8.0.2.1 (August 13, 2025)

  • Call inspect on ids in RecordNotFound error

    [CVE-2025-55193]

    Gannon McGibbon, John Hawthorn

Rails 8.0.2 (March 12, 2025)

  • No changes.

Rails 8.0.2 (March 12, 2025)

  • Fix inverting rename_enum_value when :from/:to are provided.

    fatkodima

  • Prevent persisting invalid record.

    Edouard Chin

  • Fix inverting drop_table without options.

    fatkodima

  • Fix count with group by qualified name on loaded relation.

    Ryuta Kamizono

  • Fix sum with qualified name on loaded relation.

    Chris Gunther

  • The SQLite3 adapter quotes non-finite Numeric values like "Infinity" and "NaN".

    Mike Dalessio

  • Handle libpq returning a database version of 0 on no/bad connection in PostgreSQLAdapter.

    Before, this version would be cached and an error would be raised during connection configuration when comparing it with the minimum required version for the adapter. This meant that the connection could never be successfully configured on subsequent reconnection attempts.

    Now, this is treated as a connection failure consistent with libpq, raising a ActiveRecord::ConnectionFailed and ensuring the version isn't cached, which allows the version to be retrieved on the next connection attempt.

    Joshua Young, Rian McGuire

... (truncated)

Commits
  • b0c813b Preparing for 8.0.2.1 release
  • a6d50ae Update CHANGELOGs
  • 568c0bc Call inspect on ids in RecordNotFound error
  • 3235827 Preparing for 8.0.2 release
  • e2b9a41 Sync CHANGELOG
  • 4bf434c Merge pull request #54735 from flavorjones/flavorjones-sqlite-adapter-quote-i...
  • f1611d6 Merge pull request #54713 from joshuay03/handle-libpq-server-version-0
  • 7e4716b Merge pull request #54711 from byroot/ensure-configured-connection
  • 13183c6 Merge pull request #54645 from fatkodima/fix-async-aggregations-for-contradic...
  • 6644442 Merge pull request #54617 from byroot/move-strict-warnings
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests for Ruby compatibility labels Aug 14, 2025
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 14, 2025 13:41 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from eaa7cb4 to c67056d Compare August 21, 2025 00:45
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 21, 2025 00:45 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from c67056d to cbcd769 Compare August 21, 2025 00:50
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 21, 2025 00:50 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from cbcd769 to 6d6eec7 Compare August 21, 2025 00:54
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 21, 2025 00:54 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 6d6eec7 to 3ac5107 Compare August 21, 2025 01:21
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 21, 2025 01:21 Failure
@zinduolis

zinduolis commented Aug 21, 2025

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 3ac5107 to b24a042 Compare August 21, 2025 01:28
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 21, 2025 01:28 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from b24a042 to 9e3b57b Compare August 21, 2025 01:30
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request August 21, 2025 01:30 Inactive
@zinduolis zinduolis requested a review from Copilot August 21, 2025 04:10
Copilot AI reviewed Aug 21, 2025
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR upgrades ActiveRecord from version 7.2.2.1 to 8.0.2.1, representing a major version bump that includes security fixes for CVE-2025-55193 and CVE-2025-24293. The upgrade brings improvements to error handling, database adapter fixes, and various bug fixes across the Rails ecosystem.

Key changes:

  • Major version upgrade from ActiveRecord 7.2 to 8.0
  • Includes critical security patches for RecordNotFound error handling and Active Storage transformations
  • Incorporates various database adapter improvements and bug fixes

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread Gemfile
gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
gem 'rake', '~> 13.3'
gem 'activerecord', '~> 7.2'
gem 'activerecord', '~> 8.0'

Copilot AI Aug 21, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This major version upgrade from ActiveRecord 7.2 to 8.0 may introduce breaking changes that could affect application functionality. Consider reviewing the Rails 8.0 upgrade guide and testing thoroughly, especially for deprecated features, changed APIs, and compatibility with other gems in the bundle.

Suggested change
gem 'activerecord', '~> 8.0'
gem 'activerecord', '~> 7.2'

Copilot uses AI. Check for mistakes.
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 9e3b57b to 0560897 Compare August 24, 2025 09:32
@dependabot dependabot Bot had a problem deploying to Integrate Pull Request August 24, 2025 09:32 Failure
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 0560897 to bf90270 Compare September 7, 2025 09:34
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 7, 2025 09:34 Inactive
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from bf90270 to 72b30cb Compare September 7, 2025 09:39
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 7, 2025 09:39 Inactive
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 72b30cb to 09f71ed Compare September 7, 2025 09:43
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 7, 2025 09:43 Inactive
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from 09f71ed to fd15e0d Compare September 7, 2025 09:51
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 7, 2025 09:51 Inactive
@zinduolis

zinduolis commented Sep 7, 2025

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from fd15e0d to d19321c Compare September 7, 2025 10:06
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 7, 2025 10:06 Inactive
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from d19321c to d52ce4f Compare September 9, 2025 22:14
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 9, 2025 22:14 Inactive
@dependabot
Bump activerecord from 7.2.2.1 to 8.0.2.1
7ad4f08 
Bumps [activerecord](https://github.com/rails/rails) from 7.2.2.1 to 8.0.2.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.2.1/activerecord/CHANGELOG.md)
- [Commits](rails/rails@v7.2.2.1...v8.0.2.1)

---
updated-dependencies:
- dependency-name: activerecord
  dependency-version: 8.0.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/activerecord-8.0.2.1 branch from d52ce4f to 7ad4f08 Compare September 11, 2025 13:08
@dependabot dependabot Bot temporarily deployed to Integrate Pull Request September 11, 2025 13:08 Inactive
@dependabot @github

dependabot Bot commented on behalf of github Sep 23, 2025

Copy link
Copy Markdown
Contributor Author

Superseded by #3405.

@dependabot dependabot Bot closed this Sep 23, 2025
@dependabot dependabot Bot deleted the dependabot/bundler/activerecord-8.0.2.1 branch September 23, 2025 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests for Ruby compatibility

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zinduolis