This is the first minor release after the project rebranding that happened a few months ago.
We waited so long to release this version in order to have the largest possible feedback cycle. (Actually, the longest gap in releases since this project was started four years ago!) We've had a lot of new contributions: new features, bug fixes, and real world experiences. At this point we're really close to 1.0.
As result of this collaboration, today we can ship a new, powerful validation syntax based on dry-validation.
This new powerful syntax overcomes the limitations that we have reached with the old design: no control on the order of execution and lack of extensibility. We realized that complex validation rules are hard to describe with DSL options, so we made it possible to express these rules with Ruby macros.
The results are astonishing: besides being more expressive, we can now guarantee type safety and we've seen performance improvements.
# apps/web/controllers/books/create.rb module Web::Controllers::Books class Create include Web::Action params do required(:book).schema do required(:title).filled(:str?) required(:price).filled(:float?, gt?: 0.0) optional(:sale).filled(:bool?) end end def call(params) if params.valid? # persist else self.status = 422 end end end end
# apps/web/views/books/create.rb module Web::Views::Books class Create include Web::View template 'books/new' end end
# apps/web/templates/books/new.html.erb <% unless params.valid? %> <div> <p>There was a problem</p> <ul> <% params.error_messages.each do |message| %> <li><%= message %></li> <% end %> </ul> </div> <% end %>
To solve this problem, browsers vendors introduced a defense called Subresource Integrity.
When enabled, the browser verifies that the checksum of the downloaded file, matches with the declared one.
If we're using jQuery from their CDN, we should find the checksum of the
.js file on their website and write:
The output will be:
As a defense against this security problem, Hanami enables Subresource Integrity by default in production.
When we precompile assets at deploy time, Hanami calculates the checksum of all our assets and it adds a special HTML attribute
integrity to our asset tags like
We've updated our default security settings to support Content Security Policy 1.1 and 2.0 (1.0 is still supported).
Along with this improvement, we have now turned on two extra security HTTP headers:
New settings for logging: Hanami now supports per-environment stream (standard output, file, etc..), level and formatter. Because of JSON parseability, for the production environment, there is now a JSON formatter for the logger.
Hanami no longer supports Ruby 2.0 and 2.1
paramscan now be accessed only with
:symbols, not 'strings'. That is, we have removed indifferent access.
Please have a look at the upgrade notes for v0.8.0.
We're grateful for each person who contributed to this release. These lovely people are:
- Alexander Gräfe
- Alexandr Subbotin
- Andrew De Ponte
- Andrey Deryabin
- Andrey Morskov
- Anton Davydov
- Ariejan de Vroom
- Artem Nistratov
- Bernardo Farah
- Bruz Marzolf
- Cang Ta
- Dane Balia
- Eric Freese
- Erol Fornoles
- Felipe Espinoza
- Hiếu Nguyễn
- Josh Bodah
- Kadu Ribeiro
- Karim Tarek
- Leonardo Saraiva
- Luca Guidi
- Lucas Amorim
- Marcello Rocha
- Matt McFarland
- Matthew Gibbons
- Maxim Dorofienko
- Neil Matatall
- Nicola Racco
- Nikita Shilnikov
- Nikolay Shebanov
- Ozawa Sakuro
- Pascal Betz
- Rogério Ramos
- Rogério Zambon
- Sean Collins
- Sebastjan Hribar
- Semyon Pupkov
- Steve Hook
- Tran Duy Khoa
- Trung Lê
- Vasilis Spilka
Thank you all!