activesupport 7.0.8.7 → 7.1.5.1

data/lib/active_support/core_ext/erb/util.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require "erb"
+
+module ActiveSupport
+  module CoreExt
+    module ERBUtil
+      # HTML escapes strings but doesn't wrap them with an ActiveSupport::SafeBuffer.
+      # This method is not for public consumption! Seriously!
+      def html_escape(s) # :nodoc:
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          super(ActiveSupport::Multibyte::Unicode.tidy_bytes(s))
+        end
+      end
+      alias :unwrapped_html_escape :html_escape # :nodoc:
+
+      # A utility method for escaping HTML tag characters.
+      # This method is also aliased as <tt>h</tt>.
+      #
+      #   puts html_escape('is a > 0 & a < 10?')
+      #   # => is a &gt; 0 &amp; a &lt; 10?
+      def html_escape(s) # rubocop:disable Lint/DuplicateMethods
+        unwrapped_html_escape(s).html_safe
+      end
+      alias h html_escape
+    end
+
+    module ERBUtilPrivate
+      include ERBUtil
+      private :unwrapped_html_escape, :html_escape, :h
+    end
+  end
+end
+
+class ERB
+  module Util
+    HTML_ESCAPE = { "&" => "&amp;",  ">" => "&gt;",   "<" => "&lt;", '"' => "&quot;", "'" => "&#39;" }
+    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
+
+    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
+    TAG_NAME_START_CODEPOINTS = "@:A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
+                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
+                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
+    INVALID_TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_CODEPOINTS}]/
+    TAG_NAME_FOLLOWING_CODEPOINTS = "#{TAG_NAME_START_CODEPOINTS}\\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}"
+    INVALID_TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_FOLLOWING_CODEPOINTS}]/
+    SAFE_XML_TAG_NAME_REGEXP = /\A[#{TAG_NAME_START_CODEPOINTS}][#{TAG_NAME_FOLLOWING_CODEPOINTS}]*\z/
+    TAG_NAME_REPLACEMENT_CHAR = "_"
+
+    prepend ActiveSupport::CoreExt::ERBUtilPrivate
+    singleton_class.prepend ActiveSupport::CoreExt::ERBUtil
+
+    # A utility method for escaping HTML without affecting existing escaped entities.
+    #
+    #   html_escape_once('1 < 2 &amp; 3')
+    #   # => "1 &lt; 2 &amp; 3"
+    #
+    #   html_escape_once('&lt;&lt; Accept & Checkout')
+    #   # => "&lt;&lt; Accept &amp; Checkout"
+    def html_escape_once(s)
+      ActiveSupport::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE).html_safe
+    end
+
+    module_function :html_escape_once
+
+    # A utility method for escaping HTML entities in JSON strings. Specifically, the
+    # &, > and < characters are replaced with their equivalent unicode escaped form -
+    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
+    # escaped as they are treated as newline characters in some JavaScript engines.
+    # These sequences have identical meaning as the original characters inside the
+    # context of a JSON string, so assuming the input is a valid and well-formed
+    # JSON value, the output will have equivalent meaning when parsed:
+    #
+    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
+    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
+    #
+    #   json_escape(json)
+    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
+    #
+    #   JSON.parse(json) == JSON.parse(json_escape(json))
+    #   # => true
+    #
+    # The intended use case for this method is to escape JSON strings before including
+    # them inside a script tag to avoid XSS vulnerability:
+    #
+    #   <script>
+    #     var currentUser = <%= raw json_escape(current_user.to_json) %>;
+    #   </script>
+    #
+    # It is necessary to +raw+ the result of +json_escape+, so that quotation marks
+    # don't get converted to <tt>&quot;</tt> entities. +json_escape+ doesn't
+    # automatically flag the result as HTML safe, since the raw value is unsafe to
+    # use inside HTML attributes.
+    #
+    # If your JSON is being used downstream for insertion into the DOM, be aware of
+    # whether or not it is being inserted via <tt>html()</tt>. Most jQuery plugins do this.
+    # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
+    # content returned by your JSON.
+    #
+    # If you need to output JSON elsewhere in your HTML, you can just do something
+    # like this, as any unsafe characters (including quotation marks) will be
+    # automatically escaped for you:
+    #
+    #   <div data-user-info="<%= current_user.to_json %>">...</div>
+    #
+    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
+    # will open up serious XSS vulnerabilities. For example, if you replace the
+    # +current_user.to_json+ in the example above with user input instead, the browser
+    # will happily <tt>eval()</tt> that string as JavaScript.
+    #
+    # The escaping performed in this method is identical to those performed in the
+    # Active Support JSON encoder when +ActiveSupport.escape_html_entities_in_json+ is
+    # set to true. Because this transformation is idempotent, this helper can be
+    # applied even if +ActiveSupport.escape_html_entities_in_json+ is already true.
+    #
+    # Therefore, when you are unsure if +ActiveSupport.escape_html_entities_in_json+
+    # is enabled, or if you are unsure where your JSON string originated from, it
+    # is recommended that you always apply this helper (other libraries, such as the
+    # JSON gem, do not provide this kind of protection by default; also some gems
+    # might override +to_json+ to bypass Active Support's encoder).
+    def json_escape(s)
+      result = s.to_s.dup
+      result.gsub!(">", '\u003e')
+      result.gsub!("<", '\u003c')
+      result.gsub!("&", '\u0026')
+      result.gsub!("\u2028", '\u2028')
+      result.gsub!("\u2029", '\u2029')
+      s.html_safe? ? result.html_safe : result
+    end
+
+    module_function :json_escape
+
+    # A utility method for escaping XML names of tags and names of attributes.
+    #
+    #   xml_name_escape('1 < 2 & 3')
+    #   # => "1___2___3"
+    #
+    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
+    def xml_name_escape(name)
+      name = name.to_s
+      return "" if name.blank?
+      return name if name.match?(SAFE_XML_TAG_NAME_REGEXP)
+
+      starting_char = name[0]
+      starting_char.gsub!(INVALID_TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      return starting_char if name.size == 1
+
+      following_chars = name[1..-1]
+      following_chars.gsub!(INVALID_TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
+
+      starting_char << following_chars
+    end
+    module_function :xml_name_escape
+
+    # Tokenizes a line of ERB.  This is really just for error reporting and
+    # nobody should use it.
+    def self.tokenize(source) # :nodoc:
+      require "strscan"
+      source = StringScanner.new(source.chomp)
+      tokens = []
+
+      start_re = /<%(?:={1,2}|-|\#|%)?/m
+      finish_re = /(?:[-=])?%>/m
+
+      while !source.eos?
+        pos = source.pos
+        source.scan_until(/(?:#{start_re}|#{finish_re})/)
+        raise NotImplementedError if source.matched.nil?
+        len = source.pos - source.matched.bytesize - pos
+
+        case source.matched
+        when start_re
+          tokens << [:TEXT, source.string[pos, len]] if len > 0
+          tokens << [:OPEN, source.matched]
+          if source.scan(/(.*?)(?=#{finish_re}|\z)/m)
+            tokens << [:CODE, source.matched] unless source.matched.empty?
+            tokens << [:CLOSE, source.scan(finish_re)] unless source.eos?
+          else
+            raise NotImplementedError
+          end
+        when finish_re
+          tokens << [:CODE, source.string[pos, len]] if len > 0
+          tokens << [:CLOSE, source.matched]
+        else
+          raise NotImplementedError, source.matched
+        end
+      end
+
+      tokens
+    end
+  end
+end

data/lib/active_support/core_ext/hash/conversions.rb

@@ -68,7 +68,7 @@ class Hash
   #
   # By default the root node is "hash", but that's configurable via the <tt>:root</tt> option.
   #
-  # The default XML builder is a fresh instance of <tt>Builder::XmlMarkup</tt>. You can
+  # The default XML builder is a fresh instance of +Builder::XmlMarkup+. You can
   # configure your own builder with the <tt>:builder</tt> option. The method also accepts
   # options like <tt>:dasherize</tt> and friends, they are forwarded to the builder.
   def to_xml(options = {})

data/lib/active_support/core_ext/hash/deep_merge.rb

@@ -1,6 +1,14 @@
 # frozen_string_literal: true
 
+require "active_support/deep_mergeable"
+
 class Hash
+  include ActiveSupport::DeepMergeable
+
+  ##
+  # :method: deep_merge
+  # :call-seq: deep_merge(other_hash, &block)
+  #
   # Returns a new hash with +self+ and +other_hash+ merged recursively.
   #
   #   h1 = { a: true, b: { c: [1, 2, 3] } }
@@ -15,20 +23,20 @@ class Hash
   #   h2 = { b: 250, c: { c1: 200 } }
   #   h1.deep_merge(h2) { |key, this_val, other_val| this_val + other_val }
   #   # => { a: 100, b: 450, c: { c1: 300 } }
-  def deep_merge(other_hash, &block)
-    dup.deep_merge!(other_hash, &block)
-  end
+  #
+  #--
+  # Implemented by ActiveSupport::DeepMergeable#deep_merge.
+
+  ##
+  # :method: deep_merge!
+  # :call-seq: deep_merge!(other_hash, &block)
+  #
+  # Same as #deep_merge, but modifies +self+.
+  #
+  #--
+  # Implemented by ActiveSupport::DeepMergeable#deep_merge!.
 
-  # Same as +deep_merge+, but modifies +self+.
-  def deep_merge!(other_hash, &block)
-    merge!(other_hash) do |key, this_val, other_val|
-      if this_val.is_a?(Hash) && other_val.is_a?(Hash)
-        this_val.deep_merge(other_val, &block)
-      elsif block_given?
-        block.call(key, this_val, other_val)
-      else
-        other_val
-      end
-    end
+  def deep_merge?(other) # :nodoc:
+    other.is_a?(Hash)
   end
 end

data/lib/active_support/core_ext/module/attribute_accessors.rb

@@ -43,6 +43,7 @@ class Module
   #
   #   module HairColors
   #     mattr_reader :hair_colors, default: [:brown, :black, :blonde, :red]
+  #     mattr_reader(:hair_styles) { [:long, :short] }
   #   end
   #
   #   class Person
@@ -50,6 +51,7 @@ class Module
   #   end
   #
   #   Person.new.hair_colors # => [:brown, :black, :blonde, :red]
+  #   Person.new.hair_styles # => [:long, :short]
   def mattr_reader(*syms, instance_reader: true, instance_accessor: true, default: nil, location: nil)
     raise TypeError, "module attributes should be defined directly on class, not singleton" if singleton_class?
     location ||= caller_locations(1, 1).first
@@ -107,6 +109,7 @@ class Module
   #
   #   module HairColors
   #     mattr_writer :hair_colors, default: [:brown, :black, :blonde, :red]
+  #     mattr_writer(:hair_styles) { [:long, :short] }
   #   end
   #
   #   class Person
@@ -114,6 +117,7 @@ class Module
   #   end
   #
   #   Person.class_variable_get("@@hair_colors") # => [:brown, :black, :blonde, :red]
+  #   Person.class_variable_get("@@hair_styles") # => [:long, :short]
   def mattr_writer(*syms, instance_writer: true, instance_accessor: true, default: nil, location: nil)
     raise TypeError, "module attributes should be defined directly on class, not singleton" if singleton_class?
     location ||= caller_locations(1, 1).first
@@ -192,6 +196,7 @@ class Module
   #
   #   module HairColors
   #     mattr_accessor :hair_colors, default: [:brown, :black, :blonde, :red]
+  #     mattr_accessor(:hair_styles) { [:long, :short] }
   #   end
   #
   #   class Person
@@ -199,6 +204,7 @@ class Module
   #   end
   #
   #   Person.class_variable_get("@@hair_colors") # => [:brown, :black, :blonde, :red]
+  #   Person.class_variable_get("@@hair_styles") # => [:long, :short]
   def mattr_accessor(*syms, instance_reader: true, instance_writer: true, instance_accessor: true, default: nil, &blk)
     location = caller_locations(1, 1).first
     mattr_reader(*syms, instance_reader: instance_reader, instance_accessor: instance_accessor, default: default, location: location, &blk)

data/lib/active_support/core_ext/module/attribute_accessors_per_thread.rb

@@ -42,14 +42,32 @@ class Module
     syms.each do |sym|
       raise NameError.new("invalid attribute name: #{sym}") unless /^[_A-Za-z]\w*$/.match?(sym)
 
-      # The following generated method concatenates `name` because we want it
-      # to work with inheritance via polymorphism.
-      class_eval(<<-EOS, __FILE__, __LINE__ + 1)
-        def self.#{sym}
-          @__thread_mattr_#{sym} ||= "attr_\#{name}_#{sym}"
-          ::ActiveSupport::IsolatedExecutionState[@__thread_mattr_#{sym}]
-        end
-      EOS
+      # The following generated method concatenates `object_id` because we want
+      # subclasses to maintain independent values.
+      if default.nil?
+        class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+          def self.#{sym}
+            @__thread_mattr_#{sym} ||= "attr_#{sym}_\#{object_id}"
+            ::ActiveSupport::IsolatedExecutionState[@__thread_mattr_#{sym}]
+          end
+        EOS
+      else
+        default = default.dup.freeze unless default.frozen?
+        singleton_class.define_method("#{sym}_default_value") { default }
+
+        class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+          def self.#{sym}
+            @__thread_mattr_#{sym} ||= "attr_#{sym}_\#{object_id}"
+            value = ::ActiveSupport::IsolatedExecutionState[@__thread_mattr_#{sym}]
+
+            if value.nil? && !::ActiveSupport::IsolatedExecutionState.key?(@__thread_mattr_#{sym})
+              ::ActiveSupport::IsolatedExecutionState[@__thread_mattr_#{sym}] = #{sym}_default_value
+            else
+              value
+            end
+          end
+        EOS
+      end
 
       if instance_reader && instance_accessor
         class_eval(<<-EOS, __FILE__, __LINE__ + 1)
@@ -58,8 +76,6 @@ class Module
           end
         EOS
       end
-
-      ::ActiveSupport::IsolatedExecutionState["attr_#{name}_#{sym}"] = default unless default.nil?
     end
   end
   alias :thread_cattr_reader :thread_mattr_reader
@@ -82,15 +98,15 @@ class Module
   #   end
   #
   #   Current.new.user = "DHH" # => NoMethodError
-  def thread_mattr_writer(*syms, instance_writer: true, instance_accessor: true, default: nil) # :nodoc:
+  def thread_mattr_writer(*syms, instance_writer: true, instance_accessor: true) # :nodoc:
     syms.each do |sym|
       raise NameError.new("invalid attribute name: #{sym}") unless /^[_A-Za-z]\w*$/.match?(sym)
 
-      # The following generated method concatenates `name` because we want it
-      # to work with inheritance via polymorphism.
+      # The following generated method concatenates `object_id` because we want
+      # subclasses to maintain independent values.
       class_eval(<<-EOS, __FILE__, __LINE__ + 1)
         def self.#{sym}=(obj)
-          @__thread_mattr_#{sym} ||= "attr_\#{name}_#{sym}"
+          @__thread_mattr_#{sym} ||= "attr_#{sym}_\#{object_id}"
           ::ActiveSupport::IsolatedExecutionState[@__thread_mattr_#{sym}] = obj
         end
       EOS
@@ -102,8 +118,6 @@ class Module
           end
         EOS
       end
-
-      public_send("#{sym}=", default) unless default.nil?
     end
   end
   alias :thread_cattr_writer :thread_mattr_writer
@@ -149,6 +163,10 @@ class Module
   #
   #   Current.new.user = "DHH"  # => NoMethodError
   #   Current.new.user          # => NoMethodError
+  #
+  # A default value may be specified using the +:default+ option. Because
+  # multiple threads can access the default value, non-frozen default values
+  # will be <tt>dup</tt>ed and frozen.
   def thread_mattr_accessor(*syms, instance_reader: true, instance_writer: true, instance_accessor: true, default: nil)
     thread_mattr_reader(*syms, instance_reader: instance_reader, instance_accessor: instance_accessor, default: default)
     thread_mattr_writer(*syms, instance_writer: instance_writer, instance_accessor: instance_accessor)

data/lib/active_support/core_ext/module/concerning.rb

@@ -3,7 +3,7 @@
 require "active_support/concern"
 
 class Module
-  # = Bite-sized separation of concerns
+  # == Bite-sized separation of concerns
   #
   # We often find ourselves with a medium-sized chunk of behavior that we'd
   # like to extract, but only mix in to a single class.
@@ -18,9 +18,9 @@ class Module
   # with a comment, as a least-bad alternative. Using modules in separate files
   # means tedious sifting to get a big-picture view.
   #
-  # = Dissatisfying ways to separate small concerns
+  # == Dissatisfying ways to separate small concerns
   #
-  # == Using comments:
+  # === Using comments:
   #
   #   class Todo < ApplicationRecord
   #     # Other todo implementation
@@ -37,7 +37,7 @@ class Module
   #       end
   #   end
   #
-  # == With an inline module:
+  # === With an inline module:
   #
   # Noisy syntax.
   #
@@ -61,7 +61,7 @@ class Module
   #     include EventTracking
   #   end
   #
-  # == Mix-in noise exiled to its own file:
+  # === Mix-in noise exiled to its own file:
   #
   # Once our chunk of behavior starts pushing the scroll-to-understand-it
   # boundary, we give in and move it to a separate file. At this size, the
@@ -75,7 +75,7 @@ class Module
   #     include TodoEventTracking
   #   end
   #
-  # = Introducing Module#concerning
+  # == Introducing Module#concerning
   #
   # By quieting the mix-in noise, we arrive at a natural, low-ceremony way to
   # separate bite-sized concerns.

data/lib/active_support/core_ext/module/delegation.rb

@@ -7,9 +7,9 @@ class Module
   # option is not used.
   class DelegationError < NoMethodError; end
 
-  RUBY_RESERVED_KEYWORDS = %w(alias and BEGIN begin break case class def defined? do
-  else elsif END end ensure false for if in module next nil not or redo rescue retry
-  return self super then true undef unless until when while yield)
+  RUBY_RESERVED_KEYWORDS = %w(__ENCODING__ __LINE__ __FILE__ alias and BEGIN begin break
+  case class def defined? do else elsif END end ensure false for if in module next nil
+  not or redo rescue retry return self super then true undef unless until when while yield)
   DELEGATION_RESERVED_KEYWORDS = %w(_ arg args block)
   DELEGATION_RESERVED_METHOD_NAMES = Set.new(
     RUBY_RESERVED_KEYWORDS + DELEGATION_RESERVED_KEYWORDS
@@ -187,19 +187,49 @@ class Module
     location = caller_locations(1, 1).first
     file, line = location.path, location.lineno
 
-    to = to.to_s
-    to = "self.#{to}" if DELEGATION_RESERVED_METHOD_NAMES.include?(to)
+    receiver = to.to_s
+    receiver = "self.#{receiver}" if DELEGATION_RESERVED_METHOD_NAMES.include?(receiver)
 
     method_def = []
     method_names = []
 
-    methods.map do |method|
+    method_def << "self.private" if private
+
+    methods.each do |method|
       method_name = prefix ? "#{method_prefix}#{method}" : method
       method_names << method_name.to_sym
 
       # Attribute writer methods only accept one argument. Makes sure []=
       # methods still accept two arguments.
-      definition = /[^\]]=\z/.match?(method) ? "arg" : "..."
+      definition = \
+        if /[^\]]=\z/.match?(method)
+          "arg"
+        else
+          method_object =
+            begin
+              if to.is_a?(Module)
+                to.method(method)
+              elsif receiver == "self.class"
+                method(method)
+              end
+            rescue NameError
+              # Do nothing. Fall back to `"..."`
+            end
+
+          if method_object
+            parameters = method_object.parameters
+
+            if (parameters.map(&:first) & [:opt, :rest, :keyreq, :key, :keyrest]).any?
+              "..."
+            else
+              defn = parameters.filter_map { |type, arg| arg if type == :req }
+              defn << "&block"
+              defn.join(", ")
+            end
+          else
+            "..."
+          end
+        end
 
       # The following generated method calls the target exactly once, storing
       # the returned value in a dummy variable.
@@ -213,7 +243,7 @@ class Module
 
         method_def <<
           "def #{method_name}(#{definition})" <<
-          "  _ = #{to}" <<
+          "  _ = #{receiver}" <<
           "  if !_.nil? || nil.respond_to?(:#{method})" <<
           "    _.#{method}(#{definition})" <<
           "  end" <<
@@ -224,11 +254,11 @@ class Module
 
         method_def <<
           "def #{method_name}(#{definition})" <<
-          "  _ = #{to}" <<
+          "  _ = #{receiver}" <<
           "  _.#{method}(#{definition})" <<
           "rescue NoMethodError => e" <<
           "  if _.nil? && e.name == :#{method}" <<
-          %(   raise DelegationError, "#{self}##{method_name} delegated to #{to}.#{method}, but #{to} is nil: \#{self.inspect}") <<
+          %(   raise DelegationError, "#{self}##{method_name} delegated to #{receiver}.#{method}, but #{receiver} is nil: \#{self.inspect}") <<
           "  else" <<
           "    raise" <<
           "  end" <<
@@ -236,7 +266,6 @@ class Module
       end
     end
     module_eval(method_def.join(";"), file, line)
-    private(*method_names) if private
     method_names
   end
 
@@ -288,37 +317,52 @@ class Module
   # of <tt>object</tt> add or remove instance variables.
   def delegate_missing_to(target, allow_nil: nil)
     target = target.to_s
-    target = "self.#{target}" if DELEGATION_RESERVED_METHOD_NAMES.include?(target)
+    target = "self.#{target}" if DELEGATION_RESERVED_METHOD_NAMES.include?(target) || target == "__target"
 
-    module_eval <<-RUBY, __FILE__, __LINE__ + 1
-      def respond_to_missing?(name, include_private = false)
-        # It may look like an oversight, but we deliberately do not pass
-        # +include_private+, because they do not get delegated.
+    if allow_nil
+      module_eval <<~RUBY, __FILE__, __LINE__ + 1
+        def respond_to_missing?(name, include_private = false)
+          # It may look like an oversight, but we deliberately do not pass
+          # +include_private+, because they do not get delegated.
 
-        return false if name == :marshal_dump || name == :_dump
-        #{target}.respond_to?(name) || super
-      end
+          return false if name == :marshal_dump || name == :_dump
+          #{target}.respond_to?(name) || super
+        end
 
-      def method_missing(method, *args, &block)
-        if #{target}.respond_to?(method)
-          #{target}.public_send(method, *args, &block)
-        else
-          begin
+        def method_missing(method, *args, &block)
+          __target = #{target}
+          if __target.nil? && !nil.respond_to?(method)
+            nil
+          elsif __target.respond_to?(method)
+            __target.public_send(method, *args, &block)
+          else
             super
-          rescue NoMethodError
-            if #{target}.nil?
-              if #{allow_nil == true}
-                nil
-              else
-                raise DelegationError, "\#{method} delegated to #{target}, but #{target} is nil"
-              end
-            else
-              raise
-            end
           end
         end
-      end
-      ruby2_keywords(:method_missing)
-    RUBY
+        ruby2_keywords(:method_missing)
+      RUBY
+    else
+      module_eval <<~RUBY, __FILE__, __LINE__ + 1
+        def respond_to_missing?(name, include_private = false)
+          # It may look like an oversight, but we deliberately do not pass
+          # +include_private+, because they do not get delegated.
+
+          return false if name == :marshal_dump || name == :_dump
+          #{target}.respond_to?(name) || super
+        end
+
+        def method_missing(method, *args, &block)
+          __target = #{target}
+          if __target.nil? && !nil.respond_to?(method)
+            raise DelegationError, "\#{method} delegated to #{target}, but #{target} is nil"
+          elsif __target.respond_to?(method)
+            __target.public_send(method, *args, &block)
+          else
+            super
+          end
+        end
+        ruby2_keywords(:method_missing)
+      RUBY
+    end
   end
 end

data/lib/active_support/core_ext/module/deprecation.rb

@@ -1,17 +1,12 @@
 # frozen_string_literal: true
 
 class Module
-  #   deprecate :foo
-  #   deprecate bar: 'message'
-  #   deprecate :foo, :bar, baz: 'warning!', qux: 'gone!'
+  #   deprecate :foo, deprecator: MyLib.deprecator
+  #   deprecate :foo, bar: "warning!", deprecator: MyLib.deprecator
   #
-  # You can also use custom deprecator instance:
-  #
-  #   deprecate :foo, deprecator: MyLib::Deprecator.new
-  #   deprecate :foo, bar: "warning!", deprecator: MyLib::Deprecator.new
-  #
-  # \Custom deprecators must respond to <tt>deprecation_warning(deprecated_method_name, message, caller_backtrace)</tt>
-  # method where you can implement your custom warning behavior.
+  # A deprecator is typically an instance of ActiveSupport::Deprecation, but you can also pass any object that responds
+  # to <tt>deprecation_warning(deprecated_method_name, message, caller_backtrace)</tt> where you can implement your
+  # custom warning behavior.
   #
   #   class MyLib::Deprecator
   #     def deprecation_warning(deprecated_method_name, message, caller_backtrace = nil)
@@ -19,7 +14,15 @@ class Module
   #       Kernel.warn message
   #     end
   #   end
-  def deprecate(*method_names)
-    ActiveSupport::Deprecation.deprecate_methods(self, *method_names)
+  def deprecate(*method_names, deprecator: nil, **options)
+    if deprecator.is_a?(ActiveSupport::Deprecation)
+      deprecator.deprecate_methods(self, *method_names, **options)
+    elsif deprecator
+      # we just need any instance to call deprecate_methods, but the deprecation will be emitted by deprecator
+      ActiveSupport.deprecator.deprecate_methods(self, *method_names, **options, deprecator: deprecator)
+    else
+      ActiveSupport.deprecator.warn("Module.deprecate without a deprecator is deprecated")
+      ActiveSupport::Deprecation._instance.deprecate_methods(self, *method_names, **options)
+    end
   end
 end

data/lib/active_support/core_ext/module/introspection.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/string/filters"
 require "active_support/inflector"
 
 class Module