paper_trail 12.2.0 → 15.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d64732632c8d2b579619cb3e4ec4f754a3bd82310f464aa715d79709fc0ba58d
-  data.tar.gz: 245ca1378370715e907ef2c7c9eaad6375a77aef0306729e98c2a046d4cb7c89
+  metadata.gz: 3a343a4be31774100a8713280696dcfad46cd119b04de6884de7b6a1b34acd13
+  data.tar.gz: 120dfe293f08004ee33bb09a0db23d3004ea2dadfaff56e8992283564458df28
 SHA512:
-  metadata.gz: 85ff44a62d2ca043e38805e510ac7bea9b5b2faba00e3e75b79262404b422730a2810e0e95adc0a30e867dd8d20fa21eb63d0b329908934272a591a14df0ce03
-  data.tar.gz: 8454773dd1a683fed0f79f6464a4d2f9944c399b81e4ce3ec205720a27db17ee4daade6793cddf5fe63e8422c3f6564893721ad02bef6abbd42d8e6e8a881b08
+  metadata.gz: 8401d4f39db71320590dab474b8782a4f52843394869d12aa3cb5270d25170df8435af7a1c97cdcb3b1acbd8841eacdfd0c905c681b6e1173b2e6c0a69e37af9
+  data.tar.gz: 0ec02b4a9ab72e45741ba79c8c4b09c524a02dc01de35b7763322eea5612112ae0be36e4a6dcf50c297b8bf8f0c5b96d78719d2f7839352b8d57c383d6fd250a

data/lib/generators/paper_trail/install/install_generator.rb

@@ -20,6 +20,12 @@ module PaperTrail
       default: false,
       desc: "Store changeset (diff) with each version"
     )
+    class_option(
+      :uuid,
+      type: :boolean,
+      default: false,
+      desc: "Use uuid instead of bigint for item_id type (use only if tables use UUIDs)"
+    )
 
     desc "Generates (but does not run) a migration to add a versions table." \
          "  See section 5.c. Generators in README.md for more information."
@@ -28,7 +34,9 @@ module PaperTrail
       add_paper_trail_migration(
         "create_versions",
         item_type_options: item_type_options,
-        versions_table_options: versions_table_options
+        versions_table_options: versions_table_options,
+        item_id_type_options: item_id_type_options,
+        version_table_primary_key_type: version_table_primary_key_type
       )
       if options.with_changes?
         add_paper_trail_migration("add_object_changes_to_versions")
@@ -37,13 +45,27 @@ module PaperTrail
 
     private
 
+    # To use uuid instead of integer for primary key
+    def item_id_type_options
+      options.uuid? ? "string" : "bigint"
+    end
+
+    # To use uuid for version table primary key
+    def version_table_primary_key_type
+      if options.uuid?
+        ", id: :uuid"
+      else
+        ""
+      end
+    end
+
     # MySQL 5.6 utf8mb4 limit is 191 chars for keys used in indexes.
     # See https://github.com/paper-trail-gem/paper_trail/issues/651
     def item_type_options
       if mysql?
-        ", { null: false, limit: 191 }"
+        ", null: false, limit: 191"
       else
-        ", { null: false }"
+        ", null: false"
       end
     end
 

data/lib/generators/paper_trail/install/templates/create_versions.rb.erb

@@ -9,9 +9,9 @@ class CreateVersions < ActiveRecord::Migration<%= migration_version %>
   TEXT_BYTES = 1_073_741_823
 
   def change
-    create_table :versions<%= versions_table_options %> do |t|
+    create_table :versions<%= versions_table_options %><%= version_table_primary_key_type %> do |t|
       t.string   :item_type<%= item_type_options %>
-      t.bigint   :item_id,   null: false
+      t.<%= item_id_type_options %>   :item_id,   null: false
       t.string   :event,     null: false
       t.string   :whodunnit
       t.text     :object, limit: TEXT_BYTES
@@ -28,11 +28,11 @@ class CreateVersions < ActiveRecord::Migration<%= migration_version %>
       # MySQL users should also upgrade to at least rails 4.2, which is the first
       # version of ActiveRecord with support for fractional seconds in MySQL.
       # (https://github.com/rails/rails/pull/14359)
-      # 
+      #
       # MySQL users should use the following line for `created_at`
-      # t.datetime :created_at, limit: 6                                        
+      # t.datetime :created_at, limit: 6
       t.datetime :created_at
     end
-    add_index :versions, %i(item_type item_id)
+    add_index :versions, %i[item_type item_id]
   end
 end

data/lib/paper_trail/attribute_serializers/cast_attribute_serializer.rb

@@ -32,7 +32,7 @@ module PaperTrail
         if defined_enums[attr] && val.is_a?(::String)
           # Because PT 4 used to save the string version of enums to `object_changes`
           val
-        elsif PaperTrail::RAILS_GTE_7_0 && val.is_a?(ActiveRecord::Type::Time::Value)
+        elsif PaperTrail.active_record_gte_7_0? && val.is_a?(ActiveRecord::Type::Time::Value)
           # Because Rails 7 time attribute throws a delegation error when you deserialize
           # it with the factory.
           # See ActiveRecord::Type::Time::Value crashes when loaded from YAML on rails 7.0

data/lib/paper_trail/attribute_serializers/object_attribute.rb

@@ -8,6 +8,12 @@ module PaperTrail
     class ObjectAttribute
       def initialize(model_class)
         @model_class = model_class
+
+        # ActiveRecord since 7.0 has a built-in encryption mechanism
+        @encrypted_attributes =
+          if PaperTrail.active_record_gte_7_0?
+            @model_class.encrypted_attributes&.map(&:to_s)
+          end
       end
 
       def serialize(attributes)
@@ -23,14 +29,18 @@ module PaperTrail
       # Modifies `attributes` in place.
       # TODO: Return a new hash instead.
       def alter(attributes, serialization_method)
-        # Don't serialize before values before inserting into columns of type
+        # Don't serialize non-encrypted before values before inserting into columns of type
         # `JSON` on `PostgreSQL` databases.
-        return attributes if object_col_is_json?
+        attributes_to_serialize =
+          object_col_is_json? ? attributes.slice(*@encrypted_attributes) : attributes
+        return attributes if attributes_to_serialize.blank?
 
         serializer = CastAttributeSerializer.new(@model_class)
-        attributes.each do |key, value|
+        attributes_to_serialize.each do |key, value|
           attributes[key] = serializer.send(serialization_method, key, value)
         end
+
+        attributes
       end
 
       def object_col_is_json?

data/lib/paper_trail/attribute_serializers/object_changes_attribute.rb

@@ -8,6 +8,12 @@ module PaperTrail
     class ObjectChangesAttribute
       def initialize(item_class)
         @item_class = item_class
+
+        # ActiveRecord since 7.0 has a built-in encryption mechanism
+        @encrypted_attributes =
+          if PaperTrail.active_record_gte_7_0?
+            @item_class.encrypted_attributes&.map(&:to_s)
+          end
       end
 
       def serialize(changes)
@@ -23,17 +29,21 @@ module PaperTrail
       # Modifies `changes` in place.
       # TODO: Return a new hash instead.
       def alter(changes, serialization_method)
-        # Don't serialize before values before inserting into columns of type
+        # Don't serialize non-encrypted before values before inserting into columns of type
         # `JSON` on `PostgreSQL` databases.
-        return changes if object_changes_col_is_json?
+        changes_to_serialize =
+          object_changes_col_is_json? ? changes.slice(*@encrypted_attributes) : changes.clone
+        return changes if changes_to_serialize.blank?
 
         serializer = CastAttributeSerializer.new(@item_class)
-        changes.clone.each do |key, change|
+        changes_to_serialize.each do |key, change|
           # `change` is an Array with two elements, representing before and after.
           changes[key] = Array(change).map do |value|
             serializer.send(serialization_method, key, value)
           end
         end
+
+        changes
       end
 
       def object_changes_col_is_json?

data/lib/paper_trail/compatibility.rb

@@ -17,7 +17,7 @@ module PaperTrail
   # newer rails versions. Most PT users should avoid incompatible rails
   # versions.
   module Compatibility
-    ACTIVERECORD_GTE = ">= 5.2" # enforced in gemspec
+    ACTIVERECORD_GTE = ">= 6.1" # enforced in gemspec
     ACTIVERECORD_LT = "< 7.1" # not enforced in gemspec
 
     E_INCOMPATIBLE_AR = <<-EOS

data/lib/paper_trail/events/base.rb

@@ -22,6 +22,19 @@ module PaperTrail
     #
     # @api private
     class Base
+      E_FORBIDDEN_METADATA_KEY = <<-EOS.squish
+        Forbidden metadata key: %s. As of PT 14, the following metadata keys are
+        forbidden: %s
+      EOS
+      FORBIDDEN_METADATA_KEYS = %i[
+        created_at
+        id
+        item_id
+        item_subtype
+        item_type
+        updated_at
+      ].freeze
+
       # @api private
       def initialize(record, in_after_callback)
         @record = record
@@ -44,6 +57,13 @@ module PaperTrail
 
       private
 
+      # @api private
+      def assert_metadatum_key_is_permitted(key)
+        return unless FORBIDDEN_METADATA_KEYS.include?(key.to_sym)
+        raise PaperTrail::InvalidOption,
+          format(E_FORBIDDEN_METADATA_KEY, key, FORBIDDEN_METADATA_KEYS)
+      end
+
       # Rails 5.1 changed the API of `ActiveRecord::Dirty`. See
       # https://github.com/paper-trail-gem/paper_trail/pull/899
       #
@@ -175,7 +195,9 @@ module PaperTrail
       #
       # @api private
       def merge_metadata_from_controller_into(data)
-        data.merge(PaperTrail.request.controller_info || {})
+        metadata = PaperTrail.request.controller_info || {}
+        metadata.keys.each { |k| assert_metadatum_key_is_permitted(k) }
+        data.merge(metadata)
       end
 
       # Updates `data` from the model's `meta` option.
@@ -183,6 +205,7 @@ module PaperTrail
       # @api private
       def merge_metadata_from_model_into(data)
         @record.paper_trail_options[:meta].each do |k, v|
+          assert_metadatum_key_is_permitted(k)
           data[k] = model_metadatum(v, data[:event])
         end
       end
@@ -221,7 +244,7 @@ module PaperTrail
       # @api private
       def notable_changes
         changes_in_latest_version.delete_if { |k, _v|
-          !notably_changed.include?(k)
+          notably_changed.exclude?(k)
         }
       end
 

data/lib/paper_trail/events/update.rb

@@ -29,9 +29,6 @@ module PaperTrail
           event: @record.paper_trail_event || "update",
           whodunnit: PaperTrail.request.whodunnit
         }
-        if @record.respond_to?(:updated_at)
-          data[:created_at] = @record.updated_at
-        end
         if record_object?
           data[:object] = recordable_object(@is_touch)
         end
@@ -40,6 +37,20 @@ module PaperTrail
         merge_metadata_into(data)
       end
 
+      # If it is a touch event, and changed are empty, it is assumed to be
+      # implicit `touch` mutation, and will a version is created.
+      #
+      # See https://github.com/rails/rails/commit/dcb825902d79d0f6baba956f7c6ec5767611353e
+      #
+      # @api private
+      def changed_notably?
+        if @is_touch && changes_in_latest_version.empty?
+          true
+        else
+          super
+        end
+      end
+
       private
 
       # @api private

data/lib/paper_trail/has_paper_trail.rb

@@ -53,6 +53,10 @@ module PaperTrail
       #   - A Hash - options passed to `has_many`, plus `name:` and `scope:`.
       # - :version - The name to use for the method which returns the version
       #   the instance was reified from. Default is `:version`.
+      # - :synchronize_version_creation_timestamp - By default, paper trail
+      #   sets the `created_at` field for a new Version equal to the `updated_at`
+      #   column of the model being updated. If you instead want `created_at` to
+      #   populate with the current timestamp, set this option to `false`.
       #
       # Plugins like the experimental `paper_trail-association_tracking` gem
       # may accept additional options.

data/lib/paper_trail/model_config.rb

@@ -82,8 +82,9 @@ module PaperTrail
 
     # Adds a callback that records a version after a "touch" event.
     #
-    # Rails < 6.0 has a bug where dirty-tracking does not occur during
-    # a `touch`. (https://github.com/rails/rails/issues/33429) See also:
+    # Rails < 6.0 (no longer supported by PT) had a bug where dirty-tracking
+    # did not occur during a `touch`.
+    # (https://github.com/rails/rails/issues/33429) See also:
     # https://github.com/paper-trail-gem/paper_trail/issues/1121
     # https://github.com/paper-trail-gem/paper_trail/issues/1161
     # https://github.com/paper-trail-gem/paper_trail/pull/1285
@@ -93,7 +94,7 @@ module PaperTrail
       @model_class.after_touch { |r|
         if r.paper_trail.save_version?
           r.paper_trail.record_update(
-            force: RAILS_LT_6_0,
+            force: false,
             in_after_callback: true,
             is_touch: true
           )
@@ -121,9 +122,6 @@ module PaperTrail
 
     private
 
-    RAILS_LT_6_0 = ::ActiveRecord.gem_version < ::Gem::Version.new("6.0.0")
-    private_constant :RAILS_LT_6_0
-
     # @api private
     def append_option_uniquely(option, value)
       collection = @model_class.paper_trail_options.fetch(option)

data/lib/paper_trail/queries/versions/where_object_changes.rb

@@ -15,7 +15,7 @@ module PaperTrail
           @version_model_class = version_model_class
 
           # Currently, this `deep_dup` is necessary because the `jsonb` branch
-          # modifies `@attributes`, and that would be a nasty suprise for
+          # modifies `@attributes`, and that would be a nasty surprise for
           # consumers of this class.
           # TODO: Stop modifying `@attributes`, then remove `deep_dup`.
           @attributes = attributes.deep_dup

data/lib/paper_trail/record_trail.rb

@@ -25,14 +25,6 @@ module PaperTrail
       @record.send("#{@record.class.version_association_name}=", nil)
     end
 
-    # Is PT enabled for this particular record?
-    # @api private
-    def enabled?
-      PaperTrail.enabled? &&
-        PaperTrail.request.enabled? &&
-        PaperTrail.request.enabled_for_model?(@record.class)
-    end
-
     # Returns true if this instance is the current, live one;
     # returns false if this instance came from a previous version.
     def live?
@@ -75,13 +67,6 @@ module PaperTrail
       end
     end
 
-    # PT-AT extends this method to add its transaction id.
-    #
-    # @api private
-    def data_for_create
-      {}
-    end
-
     # `recording_order` is "after" or "before". See ModelConfig#on_destroy.
     #
     # @api private
@@ -105,14 +90,12 @@ module PaperTrail
       end
     end
 
-    # PT-AT extends this method to add its transaction id.
-    #
-    # @api private
-    def data_for_destroy
-      {}
-    end
-
     # @api private
+    # @param force [boolean] Insert a `Version` even if `@record` has not
+    #   `changed_notably?`.
+    # @param in_after_callback [boolean] True when called from an `after_update`
+    #   or `after_touch` callback.
+    # @param is_touch [boolean] True when called from an `after_touch` callback.
     # @return - The created version object, so that plugins can use it, e.g.
     # paper_trail-association_tracking
     def record_update(force:, in_after_callback:, is_touch:)
@@ -136,40 +119,6 @@ module PaperTrail
       end
     end
 
-    # PT-AT extends this method to add its transaction id.
-    #
-    # @api private
-    def data_for_update
-      {}
-    end
-
-    # @api private
-    # @return - The created version object, so that plugins can use it, e.g.
-    # paper_trail-association_tracking
-    def record_update_columns(changes)
-      return unless enabled?
-      event = Events::Update.new(@record, false, false, changes)
-
-      # Merge data from `Event` with data from PT-AT. We no longer use
-      # `data_for_update_columns` but PT-AT still does.
-      data = event.data.merge(data_for_update_columns)
-
-      versions_assoc = @record.send(@record.class.versions_association_name)
-      version = versions_assoc.create(data)
-      if version.errors.any?
-        log_version_errors(version, :update)
-      else
-        version
-      end
-    end
-
-    # PT-AT extends this method to add its transaction id.
-    #
-    # @api private
-    def data_for_update_columns
-      {}
-    end
-
     # Invoked via callback when a user attempts to persist a reified
     # `Version`.
     def reset_timestamp_attrs_for_update_if_needed
@@ -194,15 +143,17 @@ module PaperTrail
     # Save, and create a version record regardless of options such as `:on`,
     # `:if`, or `:unless`.
     #
-    # Arguments are passed to `save`.
+    # `in_after_callback`: Indicates if this method is being called within an
+    #                      `after` callback. Defaults to `false`.
+    # `options`: Optional arguments passed to `save`.
     #
     # This is an "update" event. That is, we record the same data we would in
     # the case of a normal AR `update`.
-    def save_with_version(**options)
+    def save_with_version(in_after_callback: false, **options)
       ::PaperTrail.request(enabled: false) do
         @record.save(**options)
       end
-      record_update(force: true, in_after_callback: false, is_touch: false)
+      record_update(force: true, in_after_callback: in_after_callback, is_touch: false)
     end
 
     # Like the `update_column` method from `ActiveRecord::Persistence`, but also
@@ -267,11 +218,23 @@ module PaperTrail
     def build_version_on_update(force:, in_after_callback:, is_touch:)
       event = Events::Update.new(@record, in_after_callback, is_touch, nil)
       return unless force || event.changed_notably?
+      data = event.data
+
+      # Copy the (recently set) `updated_at` from the record to the `created_at`
+      # of the `Version`. Without this feature, these two timestamps would
+      # differ by a few milliseconds. To some people, it seems a little
+      # unnatural to tamper with creation timestamps in this way. But, this
+      # feature has existed for a long time, almost a decade now, and some users
+      # may rely on it now.
+      if @record.respond_to?(:updated_at) &&
+          @record.paper_trail_options[:synchronize_version_creation_timestamp] != false
+        data[:created_at] = @record.updated_at
+      end
 
       # Merge data from `Event` with data from PT-AT. We no longer use
       # `data_for_update` but PT-AT still does. To save memory, we use `merge!`
       # instead of `merge`.
-      data = event.data.merge!(data_for_update)
+      data.merge!(data_for_update)
 
       # Using `version_class.new` reduces memory usage compared to
       # `versions_assoc.build`. It's a trade-off though. We have to clear
@@ -280,6 +243,42 @@ module PaperTrail
       @record.class.paper_trail.version_class.new(data)
     end
 
+    # PT-AT extends this method to add its transaction id.
+    #
+    # @api public
+    def data_for_create
+      {}
+    end
+
+    # PT-AT extends this method to add its transaction id.
+    #
+    # @api public
+    def data_for_destroy
+      {}
+    end
+
+    # PT-AT extends this method to add its transaction id.
+    #
+    # @api public
+    def data_for_update
+      {}
+    end
+
+    # PT-AT extends this method to add its transaction id.
+    #
+    # @api public
+    def data_for_update_columns
+      {}
+    end
+
+    # Is PT enabled for this particular record?
+    # @api private
+    def enabled?
+      PaperTrail.enabled? &&
+        PaperTrail.request.enabled? &&
+        PaperTrail.request.enabled_for_model?(@record.class)
+    end
+
     def log_version_errors(version, action)
       version.logger&.warn(
         "Unable to create version for #{action} of #{@record.class.name}" \
@@ -287,6 +286,26 @@ module PaperTrail
       )
     end
 
+    # @api private
+    # @return - The created version object, so that plugins can use it, e.g.
+    # paper_trail-association_tracking
+    def record_update_columns(changes)
+      return unless enabled?
+      data = Events::Update.new(@record, false, false, changes).data
+
+      # Merge data from `Event` with data from PT-AT. We no longer use
+      # `data_for_update_columns` but PT-AT still does.
+      data.merge!(data_for_update_columns)
+
+      versions_assoc = @record.send(@record.class.versions_association_name)
+      version = versions_assoc.create(data)
+      if version.errors.any?
+        log_version_errors(version, :update)
+      else
+        version
+      end
+    end
+
     def version
       @record.public_send(@record.class.version_association_name)
     end

data/lib/paper_trail/request.rb

@@ -75,28 +75,6 @@ module PaperTrail
           !!store.fetch(:"enabled_for_#{model}", true)
       end
 
-      # @api private
-      def merge(options)
-        options.to_h.each do |k, v|
-          store[k] = v
-        end
-      end
-
-      # @api private
-      def set(options)
-        store.clear
-        merge(options)
-      end
-
-      # Returns a deep copy of the internal hash from our RequestStore. Keys are
-      # all symbols. Values are mostly primitives, but whodunnit can be a Proc.
-      # We cannot use Marshal.dump here because it doesn't support Proc. It is
-      # unclear exactly how `deep_dup` handles a Proc, but it doesn't complain.
-      # @api private
-      def to_h
-        store.deep_dup
-      end
-
       # Temporarily set `options` and execute a block.
       # @api private
       def with(options)
@@ -133,6 +111,19 @@ module PaperTrail
 
       private
 
+      # @api private
+      def merge(options)
+        options.to_h.each do |k, v|
+          store[k] = v
+        end
+      end
+
+      # @api private
+      def set(options)
+        store.clear
+        merge(options)
+      end
+
       # Returns a Hash, initializing with default values if necessary.
       # @api private
       def store
@@ -141,6 +132,15 @@ module PaperTrail
         }
       end
 
+      # Returns a deep copy of the internal hash from our RequestStore. Keys are
+      # all symbols. Values are mostly primitives, but whodunnit can be a Proc.
+      # We cannot use Marshal.dump here because it doesn't support Proc. It is
+      # unclear exactly how `deep_dup` handles a Proc, but it doesn't complain.
+      # @api private
+      def to_h
+        store.deep_dup
+      end
+
       # Provide a helpful error message if someone has a typo in one of their
       # option keys. We don't validate option values here. That's traditionally
       # been handled with casting (`to_s`, `!!`) in the accessor method.

data/lib/paper_trail/serializers/yaml.rb

@@ -9,13 +9,23 @@ module PaperTrail
       extend self # makes all instance methods become module methods as well
 
       def load(string)
-        ::YAML.respond_to?(:unsafe_load) ? ::YAML.unsafe_load(string) : ::YAML.load(string)
+        if use_safe_load?
+          ::YAML.safe_load(
+            string,
+            permitted_classes: yaml_column_permitted_classes,
+            aliases: true
+          )
+        elsif ::YAML.respond_to?(:unsafe_load)
+          ::YAML.unsafe_load(string)
+        else
+          ::YAML.load(string)
+        end
       end
 
       # @param object (Hash | HashWithIndifferentAccess) - Coming from
       # `recordable_object` `object` will be a plain `Hash`. However, due to
-      # recent [memory optimizations](https://git.io/fjeYv), when coming from
-      # `recordable_object_changes`, it will be a `HashWithIndifferentAccess`.
+      # recent [memory optimizations](https://github.com/paper-trail-gem/paper_trail/pull/1189),
+      # when coming from `recordable_object_changes`, it will be a `HashWithIndifferentAccess`.
       def dump(object)
         object = object.to_hash if object.is_a?(HashWithIndifferentAccess)
         ::YAML.dump object
@@ -26,6 +36,33 @@ module PaperTrail
       def where_object_condition(arel_field, field, value)
         arel_field.matches("%\n#{field}: #{value}\n%")
       end
+
+      private
+
+      def use_safe_load?
+        if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
+          # `use_yaml_unsafe_load` may be removed in the future, at which point
+          # safe loading will be the default.
+          !defined?(ActiveRecord.use_yaml_unsafe_load) || !ActiveRecord.use_yaml_unsafe_load
+        elsif defined?(ActiveRecord::Base.use_yaml_unsafe_load)
+          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
+          !ActiveRecord::Base.use_yaml_unsafe_load
+        else
+          false
+        end
+      end
+
+      def yaml_column_permitted_classes
+        if defined?(ActiveRecord.yaml_column_permitted_classes)
+          # Rails >= 7.0.3.1
+          ActiveRecord.yaml_column_permitted_classes
+        elsif defined?(ActiveRecord::Base.yaml_column_permitted_classes)
+          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
+          ActiveRecord::Base.yaml_column_permitted_classes
+        else
+          []
+        end
+      end
     end
   end
 end

data/lib/paper_trail/version_concern.rb

@@ -15,6 +15,12 @@ module PaperTrail
   module VersionConcern
     extend ::ActiveSupport::Concern
 
+    E_YAML_PERMITTED_CLASSES = <<-EOS.squish.freeze
+      PaperTrail encountered a Psych::DisallowedClass error during
+      deserialization of YAML column, indicating that
+      yaml_column_permitted_classes has not been configured correctly. %s
+    EOS
+
     included do
       belongs_to :item, polymorphic: true, optional: true, inverse_of: false
       validates_presence_of :event
@@ -348,7 +354,10 @@ module PaperTrail
       else
         begin
           PaperTrail.serializer.load(object_changes)
-        rescue StandardError # TODO: Rescue something more specific
+        rescue StandardError => e
+          if defined?(::Psych::Exception) && e.instance_of?(::Psych::Exception)
+            ::Kernel.warn format(E_YAML_PERMITTED_CLASSES, e)
+          end
           {}
         end
       end

data/lib/paper_trail/version_number.rb

@@ -7,8 +7,8 @@ module PaperTrail
   # because of this confusion, but it's not worth the breaking change.
   # People are encouraged to use `PaperTrail.gem_version` instead.
   module VERSION
-    MAJOR = 12
-    MINOR = 2
+    MAJOR = 15
+    MINOR = 0
     TINY = 0
 
     # Set PRE to nil unless it's a pre-release (beta, rc, etc.)

data/lib/paper_trail.rb

@@ -8,6 +8,12 @@
 # can revisit this decision.
 require "active_support/all"
 
+# We used to `require "active_record"` here, but that was [replaced with a
+# Railtie](https://github.com/paper-trail-gem/paper_trail/pull/1281) in PT 12.
+# As a result, we cannot reference `ActiveRecord` in this file (ie. until our
+# Railtie has loaded). If we did, it would cause [problems with non-Rails
+# projects](https://github.com/paper-trail-gem/paper_trail/pull/1401).
+
 require "paper_trail/errors"
 require "paper_trail/cleaner"
 require "paper_trail/compatibility"
@@ -26,8 +32,6 @@ module PaperTrail
     named created_at.
   EOS
 
-  RAILS_GTE_7_0 = ::ActiveRecord.gem_version >= ::Gem::Version.new("7.0.0")
-
   extend PaperTrail::Cleaner
 
   class << self
@@ -98,7 +102,7 @@ module PaperTrail
 
     # Returns PaperTrail's global configuration object, a singleton. These
     # settings affect all threads.
-    # @api private
+    # @api public
     def config
       @config ||= PaperTrail::Config.instance
       yield @config if block_given?
@@ -106,9 +110,14 @@ module PaperTrail
     end
     alias configure config
 
+    # @api public
     def version
       VERSION::STRING
     end
+
+    def active_record_gte_7_0?
+      @active_record_gte_7_0 ||= ::ActiveRecord.gem_version >= ::Gem::Version.new("7.0.0")
+    end
   end
 end
 

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: paper_trail
 version: !ruby/object:Gem::Version
-  version: 12.2.0
+  version: 15.0.0
 platform: ruby
 authors:
 - Andy Stewart
 - Ben Atkins
 - Jared Beck
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-21 00:00:00.000000000 Z
+date: 2023-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -18,28 +18,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: request_store
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -116,14 +116,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -352,7 +352,7 @@ homepage: https://github.com/paper-trail-gem/paper_trail
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -360,15 +360,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.2.22
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Track changes to your models.
 test_files: []