Merge branch 'main' into fix_security_issue_on_update_user_email

phoenixframework · Dec 9, 2024 · 5e0f357 · 5e0f357
2 parents 8e10b6f + 4580d47
commit 5e0f357
Show file tree

Hide file tree

Showing 126 changed files with 1,173 additions and 615 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,8 +22,8 @@ jobs:
           - elixir: 1.14.5
             otp: 25.3.2.9
 
-          - elixir: 1.17.2
-            otp: 27.0
+          - elixir: 1.17.3
+            otp: 27.1
             lint: true
             installer: true
 
@@ -111,13 +111,13 @@ jobs:
       matrix:
         include:
           # look for correct alpine image here: https://hub.docker.com/r/hexpm/elixir/tags
-          - elixir: 1.14.5
-            otp: 25.3.2.12
-            suffix: "alpine-3.19.1"
+          - elixir: 1.15.8
+            otp: 24.3.4.17
+            suffix: "alpine-3.20.3"
 
-          - elixir: 1.16.2
-            otp: 26.2.5
-            suffix: "alpine-3.19.1"
+          - elixir: 1.17.3
+            otp: 27.1.2
+            suffix: "alpine-3.20.3"
 
     container:
       image: hexpm/elixir:${{ matrix.elixir }}-erlang-${{ matrix.otp }}-${{ matrix.suffix }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -74,7 +74,7 @@ future styling).
 
 ### Enhancements
   * [phx.gen.auth] Add enhanced session fixation protection.
-    For applications whichs previously used `phx.gen.auth`, the following line can be added to the `renew_session` function in the auth module:
+    For applications which previously used `phx.gen.auth`, the following line can be added to the `renew_session` function in the auth module:
 
     ```diff
       defp renew_session(conn) do
@@ -231,7 +231,7 @@ future styling).
   * [Router] Add `Phoenix.VerifiedRoutes` for `~p`-based route generation with compile-time verification.
   * [Router] Support `helpers: false` to `use Phoenix.Router` to disable helper generation
   * [Router] Add `--info [url]` switch to `phx.routes` to get route information about a url/path
-  * [Flash] Add `Phoenix.Flash` for unfied flash access
+  * [Flash] Add `Phoenix.Flash` for unified flash access
 
 ### JavaScript Client Bug Fixes
   * Fix heartbeat being sent after disconnect and causing abnormal disconnects

diff --git a/README.md b/README.md
@@ -1,4 +1,8 @@
-![phoenix logo](https://raw.githubusercontent.com/phoenixframework/phoenix/main/priv/static/phoenix.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./priv/static/phoenix-orange.png" />
+  <source media="(prefers-color-scheme: light)" srcset="./priv/static/phoenix.png" />
+  <img src="./priv/static/phoenix.png" alt="Phoenix logo" />
+</picture>
 
 > Peace of mind from prototype to production.
 
@@ -10,8 +14,6 @@ See the official site at <https://www.phoenixframework.org/>.
 
 Install the latest version of Phoenix by following the instructions at <https://hexdocs.pm/phoenix/installation.html#phoenix>.
 
-Phoenix requires Elixir v1.11+ & Erlang v22.1+.
-
 ## Documentation
 
 API documentation is available at <https://hexdocs.pm/phoenix>.
@@ -44,29 +46,31 @@ defp deps do
 
 To create projects outside of the `installer/` directory, add the latest archive to your machine by following the instructions in [installer/README.md](https://github.com/phoenixframework/phoenix/blob/main/installer/README.md)
 
-To build the documentation from source:
+### Building from source
+
+To build the documentation:
 
 ```bash
 npm install --prefix assets
 MIX_ENV=docs mix docs
 ```
 
-To build Phoenix from source:
+To build Phoenix:
 
 ```bash
 mix deps.get
 mix compile
 ```
 
-To build the Phoenix installer from source:
+To build the Phoenix installer:
 
 ```bash
 mix deps.get
 mix compile
 mix archive.build
 ```
 
-### Building phoenix.js
+To build Phoenix.js:
 
 ```bash
 cd assets

diff --git a/RELEASE.md b/RELEASE.md
@@ -1,6 +1,6 @@
 # Release Instructions
 
-  1. Check related deps for required version bumps and compatibility (`phoenix_ecto`, `phoenix_pubsub_redis`, `phoenix_html`)
+  1. Check related deps for required version bumps and compatibility (`phoenix_ecto`, `phoenix_html`)
   2. Bump version in related files below
   3. Bump external dependency version in related external files below
   4. Run tests:
@@ -10,7 +10,8 @@
   6. Publish `phx_new` and `phoenix` packages and docs after pruning any extraneous uncommitted files
   7. Test installer by generating a new app, running `mix deps.get`, and compiling
   8. Publish to `npm` with `npm publish`
-  9. Start -dev version in related files below
+  9. Update Elixir and Erlang/OTP versions on new.phoenixframework.org
+  10. Start -dev version in related files below
 
 ## Files with version
 
@@ -21,5 +22,6 @@
   * `assets/package.json`
 
 ## Files with external dependency versions
+
   * `priv/templates/phx.gen.release/Docker.eex` (debian)
   * `priv/templates/phx.gen.release/Docker.eex` (esbuild)
diff --git a/guides/authentication/api_authentication.md b/guides/authentication/api_authentication.md
@@ -63,7 +63,7 @@ To make sure our new functions work, let's write tests. Open up `test/my_app/acc
 
 If you run the tests, they will actually fail. Something similar to this:
 
-```elixir
+```console
 1) test create_user_api_token/1 and fetch_user_by_api_token/1 creates and verify token (Demo.AccountsTest)
    test/demo/accounts_test.exs:21
    ** (FunctionClauseError) no function clause matching in Demo.Accounts.UserToken.days_for_context/1

diff --git a/guides/authentication/mix_phx_gen_auth.md b/guides/authentication/mix_phx_gen_auth.md
@@ -1,12 +1,14 @@
 # mix phx.gen.auth
 
+> This guide assumes that you have gone through the [introductory guides](overview.html) and have a Phoenix application [up and running](up_and_running.html).
+
 The `mix phx.gen.auth` command generates a flexible, pre-built authentication system into your Phoenix app. This generator allows you to quickly move past the task of adding authentication to your codebase and stay focused on the real-world problem your application is trying to solve.
 
 ## Getting started
 
 > Before running this command, consider committing your work as it generates multiple files.
 
-Let's start by running the following command from the root of our app (or `apps/my_app_web` in an umbrella app):
+Let's start by running the following command from the root of our app:
 
 ```console
 $ mix phx.gen.auth Accounts User users
@@ -28,10 +30,10 @@ Since this generator installed additional dependencies in `mix.exs`, let's fetch
 $ mix deps.get
 ```
 
-Now we need to verify the database connection details for the development and test environments in `config/` so the migrator and tests can run properly. Then run the following to create the database:
+Now run the pending repository migrations:
 
 ```console
-$ mix ecto.setup
+$ mix ecto.migrate
 ```
 
 Let's run the tests to make sure our new authentication system works as expected.
@@ -40,7 +42,7 @@ Let's run the tests to make sure our new authentication system works as expected
 $ mix test
 ```
 
-And finally, let's start our Phoenix server and try it out.
+And finally, let's start our Phoenix server and try it out (note the new `Register` and `Log in` links at the top right of the default page).
 
 ```console
 $ mix phx.server

diff --git a/guides/components.md b/guides/components.md
@@ -56,44 +56,43 @@ We declared the attributes we accept via the `attr/3` macro provided by `Phoenix
 
 Next we need to update `show.html.heex`:
 
-```elixir
+```heex
 <section>
   <.greet messenger={@messenger} />
 </section>
 ```
 
-When we reload `http://localhost:4000/hello/Frank`, we should see the same content as before.
-
-Since templates are embedded inside the `HelloHTML` module, we were able to invoke the view function simply as `<.greet messenger="..." />`.
-
-If the component was defined elsewhere, we can also type `<HelloWeb.HelloHTML.greet messenger="..." />`.
+When we reload `http://localhost:4000/hello/Frank`, we should see the same content as before. Since the `show.html.heex` template is embedded within the `HelloHTML` module, we were able to invoke the function component directly as `<.greet messenger="..." />`. If the component was defined elsewhere, we would need to give its full name: `<HelloWeb.HelloHTML.greet messenger="..." />`.
 
 By declaring attributes as required, Phoenix will warn at compile time if we call the `<.greet />` component without passing attributes. If an attribute is optional, you can specify the `:default` option with a value:
 
 ```
 attr :messenger, :string, default: nil
 ```
 
-Although this is a quick example, it shows the different roles function components play in Phoenix:
-
-* Function components can be defined as functions that receive `assigns` as argument and call the `~H` sigil, as we did in `greet/1`
+Overall, function components are the essential building block of Phoenix rendering stack. The majority of the times, they are functions that receive a single argument called `assigns` and call the `~H` sigil, as we did in `greet/1`. They can also be invoked from templates, with compile-time validation of its attributes declared via `attr`.
 
-* Function components can be embedded from template files, that's how we load `show.html.heex` into `HelloWeb.HelloHTML`
+In fact, every template embedded into `HelloHTML` is a function component in itself. `show.html.heex` simply becomes a function component named `show`. This also means you can directly render function components directly from the controller, skipping the `show.html.heex` template:
 
-* Function components can declare which attributes are expected, which are validated at compilation time
-
-* Function components can be directly rendered from controllers
+```elixir
+def HelloWeb.HelloController do
+  use HelloWeb, :controller
 
-* Function components can be directly rendered from other function components, as we called `<.greet messenger={@messenger} />` from `show.html.heex`
+  def show(conn, %{"messenger" => messenger}) do
+    # Render the HelloWeb.HelloHTML.greet/1 component
+    render(conn, :greet, messenger: messenger)
+  end
+end
+```
 
-And there's more. Before we go deeper, let's fully understand the expressive power behind the HEEx template language.
+Next, let's fully understand the expressive power behind the HEEx template language.
 
 ## HEEx
 
 Function components and templates files are powered by [the HEEx template language](https://hexdocs.pm/phoenix_live_view/Phoenix.Component.html#sigil_H/2), which stands for  "HTML+EEx". EEx is an Elixir library that uses `<%= expression %>` to execute Elixir expressions and interpolate their results into the template. This is frequently used to display assigns we have set by way of the `@` shortcut. In your controller, if you invoke:
 
 ```elixir
-  render(conn, :show, username: "joe")
+render(conn, :show, username: "joe")
 ```
 
 Then you can access said username in the templates as `<%= @username %>`. In addition to displaying assigns and functions, we can use pretty much any Elixir expression. For example, in order to have conditionals: