Properly cast input in `update_all`

The documentation claims that given values go through "normal AR type
casting and serialization", which to me implies
`serialize(cast(value))`, not just serialization. The docs were changed
to use this wording in #22492. The tests I cited in that PR (which is
the same test modified in this commit), is worded in a way that implies
it should be using `cast` as well.

It's possible that I originally meant "normal type casting" to imply
just the call to `serialize`, but given that `update_all(archived:
params['archived'])` seems to be pretty common, I'm inclined to make
this change as long as no tests are broken from it.

1 files changed, 2 insertions, 1 deletions

diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 1c3099f55c..90cc3373fb 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -110,7 +110,8 @@ module ActiveRecord
         def sanitize_sql_hash_for_assignment(attrs, table) # :doc:
           c = connection
           attrs.map do |attr, value|
-            value = type_for_attribute(attr.to_s).serialize(value)
+            type = type_for_attribute(attr.to_s)
+            value = type.serialize(type.cast(value))
             "#{c.quote_table_name_for_assignment(table, attr)} = #{c.quote(value)}"
           end.join(", ")
         end