[CVE-2020-8167]

[CVE-2020-8166]

The same value for the `raw` option should be provided for both reading and
writing to avoid Marshal.load being called on untrusted data.

[CVE-2020-8165]

Dalli is already being used for marshalling, so we should also rely
on it for unmarshalling. Since Dalli tags the cache value as marshalled
it can avoid unmarshalling a raw string which might have come from
an untrusted source.

[CVE-2020-8165]

[CVE-2020-8164]

[CVE-2020-8162]

This commit escapes dollar signs and backticks to prevent JS XSS issues
when using the `j` or `javascript_escape` helper

CVE-2020-5267

The `ActionDispatch::Session::MemcacheStore` is still vulnerable
given it requires the gem dalli to be updated as well.

CVE-2019-16782

We no longer link JS by default, we need to modify manifest.js for that
now.

We no longer link all js by default, so we should do this test with a
css instead (we don't care about that specifics of the dir just that its
in the manifest and in this dir).

Fix Active Job Sidekiq integration tests

Check that entire collection has been loaded before short circuiting

Address test_statement_cache_with_in_clause failure

Fix "NameError: undefined local variable or method `primary' for #<ApplicationTests::ServerTest:0x000055df43b391d8>"

Merge pull request #37489 from giraffate/fix_random_ci_failure_due_to_non-deterministic_sorting_order

Fix random CI failure due to non-deterministic sorting order

https://travis-ci.org/rails/rails/jobs/491045821#L1528-L1531

Address occasional test_pluck_columns_with_same_name failure

https://buildkite.com/rails/rails/builds/64281#b6f8859b-ee39-40d7-8f0a-d0ba78efbf03/1001-1012

https://travis-ci.org/rails/rails/jobs/375326992#L1160-L1166

Fix activestorage CI failure due to ffprove version differece

Update test to avoid Puma output format change

Maintain extra joins for string or complex arel conditions

See parent commit for more info.