Firefox fires click events on left-, right-
and scroll-wheel (any non-primary mouse key) clicks while other browsers don't.

Allow aliased attributes in update

Do nothing when the same block is included again

Allow aliased attributes to be used in `#update_columns` and `#update`.

If the same block is included multiple times, we no longer raise an exception
or overwrite the included block instance variable.

Fixes #14802.

[Mark J. Titorenko + Vlad Bokov]

Add a Delayed Job project link.

Delayed Job is mentioned multiple times in the document, but it is not linked from anywhere.

Improve ActiveRecord::Querying documentation [ci skip]

Log exceptions atomically

* Break up long sentences
* Reword some sentences to clarify subject, predicate, and object
* Explain drawbacks of using count_by_sql

Allow spaces in postgres table names

Fixes issue where "user post" is misinterpreted as "\"user\".\"post\""
when quoting table names with the postgres adapter.

Clarify scope body requirements

The error can be reproduced with

    require "bundler/setup"
    require "action_controller"

    AbstractController::ActionNotFound

Patch load error in case GemSpecError

Fix `ArgumentError` when uploading to amazon s3

When distributed over multiple logger calls the lines can become
intermixed with other log statements. Combining them into a single
logger call makes sure they always get logged together.

Parallel execution of `ForkingExecutor` is the same approach as
`Testing::Parallelization`. So do not need to have own code inside
Action Pack. Let's use an already existing feature.

This prevents the array from being dumped as a DRbObject so we can reduce
communication with the server.

In DRb, if `Marshal.dump` fails, `Marshal.dump` is executed again after
converting the object to `DRbObject`. This also possible to reduce the
execution of `Marshal.dump` by converting to a format that can be
marshalized in advance using `DRbObject`.
This is the same approach to Action Pack's parallel test. Ref: 5751b7ea

Fix broken ASt build

Use raw time string from DB to generate ActiveRecord#cache_version

`ActiveStorage::Filename#parameters` was removed by #33829.

Since 06ab7b27,
`GCSServiceTest#test_signed_URL_response_headers` is broken.
https://travis-ci.org/rails/rails/jobs/460454477#L7084-L7087

This seems to be due to lack of `content_type` at upload.
This is solved by specifying `conten_type`.

However, since the same content is also tested with `test_upload_with_content_type`,
it will be duplicated content, so I think that can remove `test_signed_URL_response_headers`.

Fix minor Active Storage docs typo [ci skip]

* Force content-type to binary on service urls for relevant content types

We have a list of content types that must be forcibly served as binary,
but in practice this only means to serve them as attachment always. We
should also set the Content-Type to the configured binary type.

As a bonus: add text/cache-manifest to the list of content types to be
served as binary by default.

* Store content-disposition and content-type in GCS

Forcing these in the service_url when serving the file works fine for S3
and Azure, since these services include params in the signature.
However, GCS specifically excludes response-content-disposition and
response-content-type from the signature, which means an attacker can
modify these and have files that should be served as text/plain attachments
served as inline HTML for example. This makes our attempt to force
specific files to be served as binary and as attachment can be easily
bypassed.

The only way this can be forced in GCS is by storing
content-disposition and content-type in the object metadata.

* Update GCS object metadata after identifying blob

In some cases we create the blob and upload the data before identifying
the content-type, which means we can't store that in GCS right when
uploading. In these, after creating the attachment, we enqueue a job to
identify the blob, and set the content-type.

In other cases, files are uploaded to the storage service via direct
upload link. We create the blob before the direct upload, which happens
independently from the blob creation itself. We then mark the blob as
identified, but we have already the content-type we need without having
put it in the service.

In these two cases, then, we need to update the metadata in the GCS
service.

* Include content-type and disposition in the verified key for disk service

This prevents an attacker from modifying these params in the service
signed URL, which is particularly important when we want to force them
to have specific values for security reasons.

* Allow only a list of specific content types to be served inline

This is different from the content types that must be served as binary
in the sense that any content type not in this list will be always
served as attachment but with its original content type. Only types in
this list are allowed to be served either inline or as attachment.

Apart from forcing this in the service URL, for GCS we need to store the
disposition in the metadata.

Fix CVE-2018-16477.

Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.

Fix CVE-2018-16476.

Additional types of ResultSet should not contain keys of #attributes_to_define_after_schema_loads

Follow up ba4e68f5.

This reverts commit f2ab8b64, reversing
changes made to b9c7305d.

Reason: `scope.take` is not the same with `scope.to_a.first`.

Reuse code in AR::Association#find_target

Make it possible to override the implicit order column

Before this patch, singular and collection associations
had different implementations of the #find_target method.
This patch reuses the code properly through extending the low level
methods.