Instance level writers can have an impact on how the Active Model /
Record objects are saved.  Specifically, they can be used to bypass
validations.  This is a problem if mass assignment protection is
disabled and specific attributes are passed to the constructor.

CVE-2016-0753

CVE-2016-0752

When updating an associated record via nested attribute hashes the
reject_if proc could be bypassed if the _destroy flag was set in the
attribute hash and allow_destroy was set to false.

The fix is to only short-circuit if the _destroy flag is set and the
option allow_destroy is set to true. It also fixes an issue where
a new record wasn't created if _destroy was set and the option
allow_destroy was set to false.

CVE-2015-7577

Unknown mime types should not be cached globally.  This global cache
leads to a memory leak and a denial of service vulnerability.

CVE-2016-0751

this will avoid timing attacks against applications that use basic auth.

CVE-2015-7576

wrapping i18n missing keys made optional

`I18n.translate` helper will wrap the missing translation keys
in a <span> tag only if `debug_missing_translation` configuration has
a truthy value. Default value is `true`. For example in `application.rb`:

    # in order to turn off missing key wrapping
    config.action_view.debug_missing_translation = false

🎉 🍻

Fix `receive` spelling

Handle specified schemas when removing a Postgres index

[ActionCable] Test invalid action on channel

Found `recieve` next to the correctly spelled method name, fixed it.

Also we prefer a one space padding within hashes, add that.

[ActionCable] test perform action with default action

This test needs to have a require for the Listen gem or else it returns
an error when run by itself or with a certain order in the Active
Support tests. We use `silence_warnings` because Listen has some
warnings about private methods. It's already silenced when it's required
in Active Support EventedFileUpdateChecker.

```
1) Error:
EventedFileUpdateCheckerTest#test_should_not_execute_the_block_if_no_paths_are_given:
NameError: uninitialized constant EventedFileUpdateCheckerTest::Listen
    test/evented_file_update_checker_test.rb:21:in `teardown'
```

The test was was in here twice so we were seeing this error:

```
activesupport/test/caching_test.rb:658:
warning: method redefined; discarding old test_local_cache_of_read_nil
activesupport/test/caching_test.rb:634:
warning: previous definition of test_local_cache_of_read_nil was here
```

Fix "instance variable not initialized" in tests

Prevent ActionController::Parameters in url_for

add line break between method of generated channel js

[ActionCable] Test available actions on Channel

Our logic is complex now and we don't need to check the version to asset
the behavior so I'm removing the checking here.

Allow normal version updates within a release series

Still more to do. Please assist!

We went back to `Thread.current[]` in 33e11e59.

[ci skip] Fix grammar