From d0ef12744cbcb9f28a1b673703eacf9b81a38b11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 05:51:08 +0000 Subject: [PATCH 1/7] Bump rails from 8.0.4 to 8.1.2 Bumps [rails](https://github.com/rails/rails) from 8.0.4 to 8.1.2. - [Release notes](https://github.com/rails/rails/releases) - [Commits](https://github.com/rails/rails/compare/v8.0.4...v8.1.2) --- updated-dependencies: - dependency-name: rails dependency-version: 8.1.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 148 ++++++++++++++++++++++++++------------------------- 2 files changed, 77 insertions(+), 73 deletions(-) diff --git a/Gemfile b/Gemfile index cea6d80f8ca..f3e086054da 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem "activemodel-serializers-xml", "~> 1.0.1" gem "activerecord-import", "~> 2.2.0" gem "activerecord-session_store", "~> 2.2.0" gem "ox" -gem "rails", "~> 8.0.4" +gem "rails", "~> 8.1.2" gem "responders", "~> 3.2" gem "ffi", "~> 1.15" diff --git a/Gemfile.lock b/Gemfile.lock index 829c7f04ded..434aa3e694d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -223,29 +223,31 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (2.0.1) - actioncable (8.0.4) - actionpack (= 8.0.4) - activesupport (= 8.0.4) + action_text-trix (2.1.16) + railties + actioncable (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.0.4) - actionpack (= 8.0.4) - activejob (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + actionmailbox (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) - actionmailer (8.0.4) - actionpack (= 8.0.4) - actionview (= 8.0.4) - activejob (= 8.0.4) - activesupport (= 8.0.4) + actionmailer (8.1.2) + actionpack (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.0.4) - actionview (= 8.0.4) - activesupport (= 8.0.4) + actionpack (8.1.2) + actionview (= 8.1.2) + activesupport (= 8.1.2) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -256,33 +258,34 @@ GEM actionpack-xml_parser (2.0.1) actionpack (>= 5.0) railties (>= 5.0) - actiontext (8.0.4) - actionpack (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + actiontext (8.1.2) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.0.4) - activesupport (= 8.0.4) + actionview (8.1.2) + activesupport (= 8.1.2) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) active_record_doctor (2.0.1) activerecord (>= 7.0.0) - activejob (8.0.4) - activesupport (= 8.0.4) + activejob (8.1.2) + activesupport (= 8.1.2) globalid (>= 0.3.6) - activemodel (8.0.4) - activesupport (= 8.0.4) + activemodel (8.1.2) + activesupport (= 8.1.2) activemodel-serializers-xml (1.0.3) activemodel (>= 5.0.0.a) activesupport (>= 5.0.0.a) builder (~> 3.1) - activerecord (8.0.4) - activemodel (= 8.0.4) - activesupport (= 8.0.4) + activerecord (8.1.2) + activemodel (= 8.1.2) + activesupport (= 8.1.2) timeout (>= 0.4.0) activerecord-import (2.2.0) activerecord (>= 4.2) @@ -294,20 +297,20 @@ GEM cgi (>= 0.3.6) rack (>= 2.0.8, < 4) railties (>= 7.0) - activestorage (8.0.4) - actionpack (= 8.0.4) - activejob (= 8.0.4) - activerecord (= 8.0.4) - activesupport (= 8.0.4) + activestorage (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activesupport (= 8.1.2) marcel (~> 1.0) - activesupport (8.0.4) + activesupport (8.1.2) base64 - benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json logger (>= 1.4.2) minitest (>= 5.1) securerandom (>= 0.3) @@ -1106,7 +1109,7 @@ GEM prawn-table (0.2.2) prawn (>= 1.3.0, < 3.0.0) prettyprint (0.2.0) - prism (1.8.0) + prism (1.9.0) prometheus-client-mmap (1.5.0) base64 bigdecimal @@ -1199,20 +1202,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (8.0.4) - actioncable (= 8.0.4) - actionmailbox (= 8.0.4) - actionmailer (= 8.0.4) - actionpack (= 8.0.4) - actiontext (= 8.0.4) - actionview (= 8.0.4) - activejob (= 8.0.4) - activemodel (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + rails (8.1.2) + actioncable (= 8.1.2) + actionmailbox (= 8.1.2) + actionmailer (= 8.1.2) + actionpack (= 8.1.2) + actiontext (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activemodel (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) bundler (>= 1.15.0) - railties (= 8.0.4) + railties (= 8.1.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -1227,9 +1230,9 @@ GEM rails-i18n (8.1.0) i18n (>= 0.7, < 2) railties (>= 8.0.0, < 9) - railties (8.0.4) - actionpack (= 8.0.4) - activesupport (= 8.0.4) + railties (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -1423,7 +1426,7 @@ GEM unicode-display_width (>= 1.1.1, < 4) test-prof (1.4.4) text-hyphen (1.5.0) - thor (1.4.0) + thor (1.5.0) thread_safe (0.3.6) timecop (0.9.10) timeout (0.6.0) @@ -1686,7 +1689,7 @@ DEPENDENCIES rack-test (~> 2.2.0) rack-timeout (~> 0.7.0) rack_session_access - rails (~> 8.0.4) + rails (~> 8.1.2) rails-controller-testing (~> 1.0.2) rails-i18n (~> 8.1.0) rbtrace @@ -1756,23 +1759,24 @@ DEPENDENCIES CHECKSUMS Ascii85 (2.0.1) sha256=15cb5d941808543cbb9e7e6aea3c8ec3877f154c3461e8b3673e97f7ecedbe5a - actioncable (8.0.4) sha256=aadb2bf2977b666cfeaa7dee66fd50e147559f78a8d55f6169e913502475e09f - actionmailbox (8.0.4) sha256=ed0b634a502fb63d1ba01ae025772e9d0261b7ba12e66389c736fcf4635cd80f - actionmailer (8.0.4) sha256=3b9270d8e19f0afb534b11c52f439937dc30028adcbbae2b244f3383ce75de4b - actionpack (8.0.4) sha256=0364c7582f32c8f404725fa30d3f6853f834c5f4964afd4a072b848c8a23cddb + action_text-trix (2.1.16) sha256=f645a2c21821b8449fd1d6770708f4031c91a2eedf9ef476e9be93c64e703a8a + actioncable (8.1.2) sha256=dc31efc34cca9cdefc5c691ddb8b4b214c0ea5cd1372108cbc1377767fb91969 + actionmailbox (8.1.2) sha256=058b2fb1980e5d5a894f675475fcfa45c62631103d5a2596d9610ec81581889b + actionmailer (8.1.2) sha256=f4c1d2060f653bfe908aa7fdc5a61c0e5279670de992146582f2e36f8b9175e9 + actionpack (8.1.2) sha256=ced74147a1f0daafaa4bab7f677513fd4d3add574c7839958f7b4f1de44f8423 actionpack-xml_parser (2.0.1) sha256=40cb461ee99445314ab580a783fb7413580deb8b28113c9e70ecd7c1b334d5e6 - actiontext (8.0.4) sha256=40b3970268ac29b865685456b2586df5052d068fd0cb04acb2291e737cea2340 - actionview (8.0.4) sha256=5bd3c41ee7a59e14cf062bb5e4ee53c9a253d12fc13c8754cae368012e1a1648 + actiontext (8.1.2) sha256=0bf57da22a9c19d970779c3ce24a56be31b51c7640f2763ec64aa72e358d2d2d + actionview (8.1.2) sha256=80455b2588911c9b72cec22d240edacb7c150e800ef2234821269b2b2c3e2e5b active_record_doctor (2.0.1) sha256=7af0ac02195385c8f2f67d0e4ebe72b1fc79d65eaaf329e0db07f4d12a84069a - activejob (8.0.4) sha256=cbc8a85d0e168cb90a5629c8a36fe2d08ba840103d3aed3eee0c7beb784fccce - activemodel (8.0.4) sha256=8f4e4fac3cd104b1bf30419c3745206f6f724c0e2902a939b4113f4c90730dfd + activejob (8.1.2) sha256=908dab3713b101859536375819f4156b07bdf4c232cc645e7538adb9e302f825 + activemodel (8.1.2) sha256=e21358c11ce68aed3f9838b7e464977bc007b4446c6e4059781e1d5c03bcf33e activemodel-serializers-xml (1.0.3) sha256=fa1b16305e7254cc58a59c68833e3c0a593a59c8ab95d3be5aaea7cd9416c397 - activerecord (8.0.4) sha256=bda32c171799e5ca5460447d3b7272ed14447244e2497abf2107f87fc44cbf32 + activerecord (8.1.2) sha256=acfbe0cadfcc50fa208011fe6f4eb01cae682ebae0ef57145ba45380c74bcc44 activerecord-import (2.2.0) sha256=f8ca99b196e50775723d1f1d192c379f656378dc9f5628240992a0d78807fa4b activerecord-nulldb-adapter (1.2.2) sha256=01e0b2e49af11ad56a92e274a3d8c9fb3c50a12a5460218c4c4b45355d9ef968 activerecord-session_store (2.2.0) sha256=65918054573683bf4f87af89e765e1fece14c9d71cfac1f11abe4687c96e2743 - activestorage (8.0.4) sha256=47f312962fc898c1669f20cf7448d19668a5547f4a5f64e59a837d9d3f64a043 - activesupport (8.0.4) sha256=894a3a6c7733b5fae5a7df3acd76c4b563f38687df8a04fa3cbd25360f3fe95a + activestorage (8.1.2) sha256=8a63a48c3999caeee26a59441f813f94681fc35cc41aba7ce1f836add04fba76 + activesupport (8.1.2) sha256=88842578ccd0d40f658289b0e8c842acfe9af751afee2e0744a7873f50b6fdae acts_as_list (1.2.6) sha256=8345380900b7bee620c07ad00991ccee59af3d8c9e8574f426e321da2865fdc8 acts_as_tree (2.9.1) sha256=b869eb10a8de38616b64ffcf9e882d3d99c8e06909c4057078a76c3b89a9a2f3 addressable (2.8.8) sha256=7c13b8f9536cf6364c03b9d417c19986019e28f7c00ac8132da4eb0fe393b057 @@ -2119,7 +2123,7 @@ CHECKSUMS prawn (2.4.0) sha256=82062744f7126c2d77501da253a154271790254dfa8c309b8e52e79bc5de2abd prawn-table (0.2.2) sha256=336d46e39e003f77bf973337a958af6a68300b941c85cb22288872dc2b36addb prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193 - prism (1.8.0) sha256=84453a16ef5530ea62c5f03ec16b52a459575ad4e7b9c2b360fd8ce2c39c1254 + prism (1.9.0) sha256=7b530c6a9f92c24300014919c9dcbc055bf4cdf51ec30aed099b06cd6674ef85 prometheus-client-mmap (1.5.0) sha256=361eb98d6c19ae0f44ae5e02f9e6750436fd92d1c501d1c69843609c1daf0117 prometheus-client-mmap (1.5.0-aarch64-linux-gnu) sha256=e7fe1a630dda83a237efb0eb4a29ee3da37922722fc89ecac6057a1187372c5d prometheus-client-mmap (1.5.0-aarch64-linux-musl) sha256=897fa5d82150ddcb3bc30dfa7af0deb85930655500e71bd8879daa86b5e690ff @@ -2149,12 +2153,12 @@ CHECKSUMS rack-timeout (0.7.0) sha256=757337e9793cca999bb73a61fe2a7d4280aa9eefbaf787ce3b98d860749c87d9 rack_session_access (0.2.0) sha256=03eb98f2027429ccbbeb18556006dfb6d928b0557ad3770783b8e2f368198d6b rackup (1.0.1) sha256=ba86604a28989fe1043bff20d819b360944ca08156406812dca6742b24b3c249 - rails (8.0.4) sha256=364494a32d2dc3f9d5c135d036ce47e7776684bc6add73f1037ac2b1007962db + rails (8.1.2) sha256=5069061b23dfa8706b9f0159ae8b9d35727359103178a26962b868a680ba7d95 rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94 rails-dom-testing (2.3.0) sha256=8acc7953a7b911ca44588bf08737bc16719f431a1cc3091a292bca7317925c1d rails-html-sanitizer (1.6.2) sha256=35fce2ca8242da8775c83b6ba9c1bcaad6751d9eb73c1abaa8403475ab89a560 rails-i18n (8.1.0) sha256=52d5fd6c0abef28d84223cc05647f6ae0fd552637a1ede92deee9545755b6cf3 - railties (8.0.4) sha256=8203d853dcffab4abcdd05c193f101676a92068075464694790f6d8f72d5cb47 + railties (8.1.2) sha256=1289ece76b4f7668fc46d07e55cc992b5b8751f2ad85548b7da351b8c59f8055 rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a rake (13.3.1) sha256=8c9e89d09f66a26a01264e7e3480ec0607f0c497a861ef16063604b1b08eb19c rake-compiler-dock (1.11.0) sha256=eab51f2cd533eb35cea6b624a75281f047123e70a64c58b607471bb49428f8c2 @@ -2237,7 +2241,7 @@ CHECKSUMS terminal-table (4.0.0) sha256=f504793203f8251b2ea7c7068333053f0beeea26093ec9962e62ea79f94301d2 test-prof (1.4.4) sha256=1a59513ed9d33a1f5ca17c0b89da4e70f60a91c83ec62e9a873dbb99141353ef text-hyphen (1.5.0) sha256=c44a4533b8a554e7ff7c955e131bcccc78a0b4c56ce1d73f2c8c11f43b075a06 - thor (1.4.0) sha256=8763e822ccb0f1d7bee88cde131b19a65606657b847cc7b7b4b82e772bcd8a3d + thor (1.5.0) sha256=e3a9e55fe857e44859ce104a84675ab6e8cd59c650a49106a05f55f136425e73 thread_safe (0.3.6) sha256=9ed7072821b51c57e8d6b7011a8e282e25aeea3a4065eab326e43f66f063b05a timecop (0.9.10) sha256=12ba45ce57cdcf6b1043cb6cdffa6381fd89ce10d369c28a7f6f04dc1b0cd8eb timeout (0.6.0) sha256=6d722ad619f96ee383a0c557ec6eb8c4ecb08af3af62098a0be5057bf00de1af From f74adbc405f25d71edf46e6760e054e5f1da35ae Mon Sep 17 00:00:00 2001 From: ulferts Date: Fri, 6 Feb 2026 14:49:55 +0100 Subject: [PATCH 2/7] adapt overwritten method to changes in rails 8.1 --- app/models/journable/historic_active_record_relation.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/journable/historic_active_record_relation.rb b/app/models/journable/historic_active_record_relation.rb index 97ea5cbe8ef..a28902cb9a1 100644 --- a/app/models/journable/historic_active_record_relation.rb +++ b/app/models/journable/historic_active_record_relation.rb @@ -101,7 +101,7 @@ class Journable::HistoricActiveRecordRelation < ActiveRecord::Relation # # SELECT * from work_packages - def build_arel(connection, aliases = nil) + def build_arel(aliases = nil) substitute_join_tables_in_where_clause(self) # Based on the previous modifications, build the algebra object and prepend From 303447ecb812f8937a4bb84e0b8c6e4a9f203c78 Mon Sep 17 00:00:00 2001 From: ulferts Date: Fri, 6 Feb 2026 15:16:13 +0100 Subject: [PATCH 3/7] activate seemingly safe options in rails framework 8.1 --- bin/rubocop | 2 +- .../new_framework_defaults_8_1.rb | 79 +++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 config/initializers/new_framework_defaults_8_1.rb diff --git a/bin/rubocop b/bin/rubocop index 40330c0ff1c..5a20504716c 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -2,7 +2,7 @@ require "rubygems" require "bundler/setup" -# explicit rubocop config increases performance slightly while avoiding config confusion. +# Explicit RuboCop config increases performance slightly while avoiding config confusion. ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) load Gem.bin_path("rubocop", "rubocop") diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 00000000000..ddb34d8f1fd --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -0,0 +1,79 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.1 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.1`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Skips escaping HTML entities and line separators. When set to `false`, the +# JSON renderer no longer escapes these to improve performance. +# +# Example: +# class PostsController < ApplicationController +# def index +# render json: { key: "\u2028\u2029<>&" } +# end +# end +# +# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"

<>&"}` with the config +# set to `false`. +# +# Applications that want to keep the escaping behavior can set the config to `true`. +#++ +# OpenProject should not be affected by this change. At least the vast majority of JSON responses +# are rendered in the APIv3 which do not use the JSON renderer of ActionController. +# But keeping it set to true does not cost anything. +Rails.configuration.action_controller.escape_json_responses = true + +### +# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. +# +# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. +# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. +#++ +Rails.configuration.active_support.escape_js_separators_in_json = false + +### +# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values +# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or +# `primary_key`) to fall back on. +# +# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in +# Rails 8.2. +#++ +# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true + +### +# Controls how Rails handles path relative URL redirects. +# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` +# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. +# +# Example: +# redirect_to "example.com" # Raises UnsafeRedirectError +# redirect_to "@attacker.com" # Raises UnsafeRedirectError +# redirect_to "/safe/path" # Works correctly +# +# Applications that want to allow these redirects can set the config to `:log` (previous default) +# to only log warnings, or `:notify` to send ActiveSupport notifications. +#++ +# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise + +### +# Use a Ruby parser to track dependencies between Action View templates +#++ +Rails.configuration.action_view.render_tracker = :ruby + +### +# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields +# included in `button_to` forms will omit the `autocomplete="off"` attribute. +# +# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. +#++ +Rails.configuration.action_view.remove_hidden_field_autocomplete = true From c116e31b215d4fb0be15b6762ec471eea5af6af1 Mon Sep 17 00:00:00 2001 From: ulferts Date: Fri, 6 Feb 2026 15:17:17 +0100 Subject: [PATCH 4/7] activate raising on unsafe redirects --- config/initializers/new_framework_defaults_8_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb index ddb34d8f1fd..5988fa85158 100644 --- a/config/initializers/new_framework_defaults_8_1.rb +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -63,7 +63,7 @@ Rails.configuration.active_support.escape_js_separators_in_json = false # Applications that want to allow these redirects can set the config to `:log` (previous default) # to only log warnings, or `:notify` to send ActiveSupport notifications. #++ -# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise +Rails.configuration.action_controller.action_on_path_relative_redirect = :raise ### # Use a Ruby parser to track dependencies between Action View templates From 3fb692d36bd0b60f22b47cca01f171661eb69cea Mon Sep 17 00:00:00 2001 From: ulferts Date: Fri, 6 Feb 2026 15:58:47 +0100 Subject: [PATCH 5/7] adapt specs to changes in 8.1 --- .rubocop.yml | 5 +++++ .../all_meetings/handle_ical_response_service_spec.rb | 2 +- .../subject_configuration_tab_controller_spec.rb | 4 ++-- spec/mailers/smtp_settings_spec.rb | 8 +++++--- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 9165e7eba82..17dd3fbeb3f 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -197,6 +197,11 @@ Rails/I18nLocaleAssignment: Exclude: - "spec/**/*.rb" +Rails/I18nLocaleTexts: + Enabled: true + Exclude: + - "spec/**/*.rb" + # We have config.active_record.belongs_to_required_by_default = false , # which means, we do have to declare presence validators on belongs_to relations. Rails/RedundantPresenceValidationOnBelongsTo: diff --git a/modules/meeting/spec/services/all_meetings/handle_ical_response_service_spec.rb b/modules/meeting/spec/services/all_meetings/handle_ical_response_service_spec.rb index 669f8a038a9..e68d9d41465 100644 --- a/modules/meeting/spec/services/all_meetings/handle_ical_response_service_spec.rb +++ b/modules/meeting/spec/services/all_meetings/handle_ical_response_service_spec.rb @@ -302,7 +302,7 @@ RSpec.describe AllMeetings::HandleICalResponseService, type: :model do expect(subject).to be_success expect(Rails.logger).to have_received(:warn).with( "[iCal Meeting Response] No attendee found for user #{user.mail} " \ - "in event #{recurring_meeting.uid} with recurrence ID #{recurrence_id.iso8601}" + "in event #{recurring_meeting.uid} with recurrence ID #{recurrence_id.utc.strftime('%Y-%m-%dT%H:%M:%S+00:00')}" ) end end diff --git a/spec/controllers/work_package_types/subject_configuration_tab_controller_spec.rb b/spec/controllers/work_package_types/subject_configuration_tab_controller_spec.rb index ac25c82c22e..e609c40ec8b 100644 --- a/spec/controllers/work_package_types/subject_configuration_tab_controller_spec.rb +++ b/spec/controllers/work_package_types/subject_configuration_tab_controller_spec.rb @@ -65,8 +65,8 @@ module WorkPackageTypes end context "if form data is invalid" do - let(:form_data) { { subject_configuration: "generated", pattern: nil } } - let(:expected_pattern_data) { { subject: { blueprint: "", enabled: true } } } + let(:form_data) { { subject_configuration: "generated", pattern: "{{invalid_token}}" } } + let(:expected_pattern_data) { { subject: { blueprint: "{{invalid_token}}", enabled: true } } } let(:service_result) { ServiceResult.failure } it "renders the edit template" do diff --git a/spec/mailers/smtp_settings_spec.rb b/spec/mailers/smtp_settings_spec.rb index b3d6fc62467..6cf0f6d8889 100644 --- a/spec/mailers/smtp_settings_spec.rb +++ b/spec/mailers/smtp_settings_spec.rb @@ -59,9 +59,11 @@ RSpec.describe "SMTP settings" do end def send_mail - ActionMailer::Base - .mail(from: "test@op.com", to: "foo@bar.com", subject: "Test mail", body: "body") - .deliver_now + Class.new(ActionMailer::Base) do # rubocop:disable Rails/ApplicationMailer + def test_mail + mail(from: "test@op.com", to: "foo@bar.com", subject: "Test mail", body: "body") + end + end.test_mail.deliver_now end describe "enable_starttls_auto" do From 33ce92b4e06e6774436f0100c7a477014be27a73 Mon Sep 17 00:00:00 2001 From: ulferts Date: Fri, 6 Feb 2026 16:43:16 +0100 Subject: [PATCH 6/7] activate raising on missing finder order columns --- config/initializers/new_framework_defaults_8_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb index 5988fa85158..af849867498 100644 --- a/config/initializers/new_framework_defaults_8_1.rb +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -48,7 +48,7 @@ Rails.configuration.active_support.escape_js_separators_in_json = false # The current behavior of not raising an error has been deprecated, and this configuration option will be removed in # Rails 8.2. #++ -# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true +Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true ### # Controls how Rails handles path relative URL redirects. From cf241951eb5d32787a87bb2fde7d8b187d6f6fb9 Mon Sep 17 00:00:00 2001 From: ulferts Date: Tue, 10 Feb 2026 18:34:39 +0100 Subject: [PATCH 7/7] fix custom field params broken by rails 8.1 leading bracket change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rails 8.1 removed deprecated support for stripping leading brackets in parameter names (rails/rails#53471). Previously, a form field named `[custom_field_values][123]` was parsed as `{ "custom_field_values" => { "123" => "" } }`. In Rails 8.1, it is parsed as `{ "[custom_field_values]" => { "123" => "" } }`, making the custom field values invisible to `params.fetch(:custom_field_values, {})`. `custom_field_tag_for_bulk_edit` was called with an empty string as the `name` prefix (e.g. in the work package move form), producing field names like `[custom_field_values][42]` — starting with a leading bracket. This caused required custom field validation to be silently skipped during moves, allowing work packages to be moved without filling in required fields. The fix avoids the leading bracket by emitting `custom_field_values[42]` when no name prefix is given. --- app/helpers/custom_fields_helper.rb | 2 +- spec/features/work_packages/bulk/move_work_package_spec.rb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/app/helpers/custom_fields_helper.rb b/app/helpers/custom_fields_helper.rb index 3b83bf35ab4..b5f68de591d 100644 --- a/app/helpers/custom_fields_helper.rb +++ b/app/helpers/custom_fields_helper.rb @@ -72,7 +72,7 @@ module CustomFieldsHelper end def custom_field_tag_for_bulk_edit(name, custom_field, project = nil) # rubocop:disable Metrics/AbcSize - field_name = "#{name}[custom_field_values][#{custom_field.id}]" + field_name = name.present? ? "#{name}[custom_field_values][#{custom_field.id}]" : "custom_field_values[#{custom_field.id}]" field_id = "#{name}_custom_field_values_#{custom_field.id}" field_format = OpenProject::CustomFieldFormat.find_by(name: custom_field.field_format) diff --git a/spec/features/work_packages/bulk/move_work_package_spec.rb b/spec/features/work_packages/bulk/move_work_package_spec.rb index d06e6fb494c..d4eacbc5553 100644 --- a/spec/features/work_packages/bulk/move_work_package_spec.rb +++ b/spec/features/work_packages/bulk/move_work_package_spec.rb @@ -162,6 +162,8 @@ RSpec.describe "Moving a work package through Rails view", :js do it "does not moves the work package when the required field is missing" do select "Risk", from: "Type" expect(page).to have_field(required_cf.name) + project_autocompleter = find_test_selector("new_project_id") + expect_current_autocompleter_value(project_autocompleter, "Target") # Clicking move and follow might be broken due to the location.href # in the refresh-on-form-changes component