Methods created by views should always be evaluated against an AV::Base
instance.  This way we can extract and refactor things in to classes.

This pulls the "output buffer existence" conditional up.  Instead of
evaling the same conditional over and over, we can pull it in to "only
compiled once" Ruby code.

Fixes #33083

I reverted the wrong commit. Damn it.

This reverts commit f66a977f.

We had a discussion on the Core team and we don't want to expose this information
as a JSON endpoint and not by default.

It doesn't make sense to expose this JSON locally and this controller is only
accessible in dev, so the proposed access from a production app seems off.

This reverts commit 8eaffe7e, reversing
changes made to b6e4305c.

The `#csrf_meta_tags` and `#token_tag` Action View helper methods are
expecting the class in which are included to explicitly define the
method `#protect_against_forgery?` or else they will fail with
`NoMethodError`.

This is a problem if you want to use Action View outside of Rails
applications. For example, in #34788 I used the `#button_to` helper
inside of the error pages templates that have a custom
`ActionView::Base` subclass, which did not defined
`#protect_against_forgery?` and trying to call the button failed.

I had to dig inside of Action View to find-out what's was going on. I
think we should either set a default method implementation in the
helpers or check for the method definition, but don't explicitly require
the presence of `#protect_against_forgery?` in every `ActionViews::Base`
subclass as the errors are hard to figure out.

Because method arguments are different in the methods provided by form
helpers and form builders, I think these are necessary to prevent
confusion.

Fixes #34787

* Fix integer regex deprecation warnings for Ruby 2.6.0
* Define =~ in FakeZone to avoid warnings from Ruby 2.6.0

Currently we sometimes find a redundant begin block in code review
(e.g. https://github.com/rails/rails/pull/33604#discussion_r209784205).

I'd like to enable `Style/RedundantBegin` cop to avoid that, since
rescue/else/ensure are allowed inside do/end blocks in Ruby 2.5
(https://bugs.ruby-lang.org/issues/12906), so we'd probably meets with
that situation than before.

https://bugs.ruby-lang.org/issues/14133

Generally followed the pattern for https://github.com/rails/rails/pull/32034

* Removes needless CI configs for 2.4
* Targets 2.5 in rubocop
* Updates existing CHANGELOG entries for fewer merge conflicts
* Removes Hash#slice extension as that's inlined on Ruby 2.5.
* Removes the need for send on define_method in MethodCallAssertions.

[ci skip]

[ci skip]

Firefox fires click events on left-, right-
and scroll-wheel (any non-primary mouse key) clicks while other browsers don't.

side of long lines; Fixes #34487

And remove trailing spaces.

Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.

[ci skip]

[ci skip]

The usage of maxlength in the text_field helper adds a size attribute
to the generated text_field input with the same value as the maxlength.
This implicit addition of size attribute by the method gives a false
impression that it may be bug. By adding the implementation of the
maxlength to the api docs, we explicitly tell the reader referring the
api doc that addition of size along with maxlength is the expected behaviour.

[ci skip]

This PR adds the allocations to the instrumentation for template and
partial rendering.

Before:

```
  Rendering posts/new.html.erb within layouts/application
  Rendered posts/_form.html.erb (9.7ms)
  Rendered posts/new.html.erb within layouts/application (10.9ms)
Completed 200 OK in 902ms (Views: 890.8ms | ActiveRecord: 0.8ms)
```

After:

```
  Rendering posts/new.html.erb within layouts/application
  Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
  Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
```

Fixes: `Layout/TrailingWhitespace: Trailing whitespace detected.

See https://codeclimate.com/github/rails/rails/issues

Releted to b707a6d0

The url_for method is now extracting the path_only option in order to determine if polymorphic_path or polymorphic_url should be called.

If the path_only option is not set it will be set to true unless the host option is set. This behaviour is the same as when a Hash or Params object is passed.

To support this unifying the code responsible for setting this default value has been extracted into a private method

make actionview templates marshalable so that they can be serialized during the parallel tests (#34030)

Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.

* Exclude these files not to auto correct false positive `Regexp#freeze`
 - 'actionpack/lib/action_dispatch/journey/router/utils.rb'
 - 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'

It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.

* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required

 - 'actionpack/test/controller/test_case_test.rb'
 - 'activemodel/test/cases/type/string_test.rb'
 - 'activesupport/lib/active_support/core_ext/string/strip.rb'
 - 'activesupport/test/core_ext/string_ext_test.rb'
 - 'railties/test/generators/actions_test.rb'

Fixes #29473.

This commit removes a deprecated catch-all route in the AV tests.  It
defines and includes the necessary routes for each test such that we
don't need the catch-all anymore.

This also helps push us toward #33970

In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`.

```ruby
# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  gem "benchmark-ips"
end

Benchmark.ips do |x|
  x.report('+@') { +"" }
  x.report('dup') { "".dup }
  x.compare!
end
```

```
$ ruby -v benchmark.rb
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
Warming up --------------------------------------
                  +@   282.289k i/100ms
                 dup   187.638k i/100ms
Calculating -------------------------------------
                  +@      6.775M (± 3.6%) i/s -     33.875M in   5.006253s
                 dup      3.320M (± 2.2%) i/s -     16.700M in   5.032125s

Comparison:
                  +@:  6775299.3 i/s
                 dup:  3320400.7 i/s - 2.04x  slower

```

This brings `escape_javascript` in line with the behavior of `json_escape` and
allows other value types to be output without needing explicit casting in the
view template.

Example:

    <%= javascript_tag do %>
      var locale = '<%== j I18n.locale %>'; // locale is a symbol
    <% end %>