[bundler] Bump activemodel from 8.0.3 to 8.1.0

[dependabot]

Bumps activemodel from 8.0.3 to 8.1.0.

Release notes

Sourced from activemodel's releases.

8.1.0

Active Support

• Remove deprecated passing a Time object to Time#since.

  Rafael Mendonça França

• Remove deprecated Benchmark.ms method. It is now defined in the benchmark gem.

  Rafael Mendonça França

• Remove deprecated addition for Time instances with ActiveSupport::TimeWithZone.

  Rafael Mendonça França

• Remove deprecated support for to_time to preserve the system local time. It will now always preserve the receiver timezone.

  Rafael Mendonça França

• Deprecate config.active_support.to_time_preserves_timezone.

  Rafael Mendonça França

• Standardize event name formatting in assert_event_reported error messages.

  The event name in failure messages now uses .inspect (e.g., name: "user.created") to match assert_events_reported and provide type clarity between strings and symbols. This only affects tests that assert on the failure message format itself.

  George Ma

• Fix Enumerable#sole to return the full tuple instead of just the first element of the tuple.

  Olivier Bellone

• Fix parallel tests hanging when worker processes die abruptly.

  Previously, if a worker process was killed (e.g., OOM killed, kill -9) during parallel test execution, the test suite would hang forever waiting for the dead worker.

  Joshua Young

• Add config.active_support.escape_js_separators_in_json.

  Introduce a new framework default to skip escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.

  Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset.

... (truncated)

Changelog

Sourced from activemodel's changelog.

Rails 8.1.0 (October 22, 2025)

• Add reset_token: { expires_in: ... } option to has_secure_password.

  Allows configuring the expiry duration of password reset tokens (default remains 15 minutes for backwards compatibility).

  has_secure_password reset_token: { expires_in: 1.hour }

  Jevin Sew, Abeid Ahmed

• Add except_on: option for validation callbacks.

  Ben Sheldon

• Backport ActiveRecord::Normalization to ActiveModel::Attributes::Normalization

  class User
    include ActiveModel::Attributes
    include ActiveModel::Attributes::Normalization
  attribute :email, :string
  normalizes :email, with: -> email { email.strip.downcase }
  end
  user = User.new
  user.email =    " CRUISE-CONTROL@EXAMPLE.COM\n"
  user.email # => "cruise-control@example.com"

  Sean Doyle

Please check 8-0-stable for previous changes.

Commits

• 1cdd190 Preparing for 8.1.0 release
• 1ace683 Preparing for 8.1.0.rc1 release
• b182bc6 Give credit to the first author of this feature
• d0486d0 Merge pull request #55574 from jevin/feature/reset-password-token-duration
• ee29930 ActiveModel::SecurePassword: configurable reset token expiry
• 2446a70 Removing the string option for validations
• 80827ca Preparing for 8.1.0.beta1 release
• 842200c Use comment for example return values [ci-skip]
• 9a10a82 Replace "mailing list" with "forum" [ci-skip]
• aa69684 Link using rdoc-ref instead of rdoc-label [ci-skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #26.