Skip to content

Upgrade from Rails 8.0 to 8.1 defaults#6427

Open
larouxn wants to merge 1 commit intorubygems:masterfrom
larouxn:rails_8.1_defaults
Open

Upgrade from Rails 8.0 to 8.1 defaults#6427
larouxn wants to merge 1 commit intorubygems:masterfrom
larouxn:rails_8.1_defaults

Conversation

@larouxn
Copy link
Copy Markdown
Contributor

@larouxn larouxn commented Apr 15, 2026
edited
Loading

Description

As a best practice for long-term health and maintenance, proposing we upgrade from Rails 8.0 to 8.1 defaults.

Follow up to:

Testing

After reading through the following new defaults file and concluding it looks like the codebase will not be affected, though ideally we can toss this in a staging environment first, plus running tests both locally and via CI while enabling various new defaults from 1 to all 6, this upgrade should go smoothly.

rubygems.org/config/initializers/new_framework_defaults_8_1.rb

Lines 1 to 76 in 0107fd4

# frozen_string_literal: true
# Be sure to restart your server when you modify this file.
#
# This file eases your Rails 8.1 framework defaults upgrade.
#
# Uncomment each configuration one by one to switch to the new default.
# Once your application is ready to run with all new defaults, you can remove
# this file and set the `config.load_defaults` to `8.1`.
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
###
# Skips escaping HTML entities and line separators. When set to `false`, the
# JSON renderer no longer escapes these to improve performance.
#
# Example:
# class PostsController < ApplicationController
# def index
# render json: { key: "\u2028\u2029<>&" }
# end
# end
#
# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":" <>&"}` with the config
# set to `false`.
#
# Applications that want to keep the escaping behavior can set the config to `true`.
#++
# Rails.configuration.action_controller.escape_json_responses = false
###
# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.
#
# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019.
# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset.
#++
# Rails.configuration.active_support.escape_js_separators_in_json = false
###
# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values
# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or
# `primary_key`) to fall back on.
#
# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in
# Rails 8.2.
#++
# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true
###
# Controls how Rails handles path relative URL redirects.
# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError`
# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities.
#
# Example:
# redirect_to "example.com" # Raises UnsafeRedirectError
# redirect_to "@attacker.com" # Raises UnsafeRedirectError
# redirect_to "/safe/path" # Works correctly
#
# Applications that want to allow these redirects can set the config to `:log` (previous default)
# to only log warnings, or `:notify` to send ActiveSupport notifications.
#++
# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise
###
# Use a Ruby parser to track dependencies between Action View templates
#++
# Rails.configuration.action_view.render_tracker = :ruby
###
# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields
# included in `button_to` forms will omit the `autocomplete="off"` attribute.
#
# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`.
#++
# Rails.configuration.action_view.remove_hidden_field_autocomplete = true

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.51%. Comparing base (0107fd4) to head (d602354).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6427      +/-   ##
==========================================
- Coverage   97.07%   94.51%   -2.56%     
==========================================
  Files         494      494              
  Lines       10514    10573      +59     
==========================================
- Hits        10206     9993     -213     
- Misses        308      580     +272

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@larouxn larouxn changed the title Upgrade from Rails 8 to 8.1 defaults Upgrade from Rails 8.0 to 8.1 defaults Apr 15, 2026
@larouxn larouxn force-pushed the rails_8.1_defaults branch from 6ab6f4d to 54380a4 Compare April 15, 2026 04:53
@larouxn larouxn mentioned this pull request Apr 15, 2026
Open
@larouxn larouxn force-pushed the rails_8.1_defaults branch from 54380a4 to d602354 Compare April 15, 2026 05:35
@larouxn larouxn marked this pull request as ready for review April 15, 2026 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

RubyGems.org Pull Requests
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@larouxn