protected_attributes_continued 1.2.4 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 56c3f71108cf6ddd82e5741e05fcec365779f2e3
-  data.tar.gz: ea0bc67a868cdb1a851c7049c0f0dd089311f8c7
+SHA256:
+  metadata.gz: 4cc976fa47e5942c610f0ba64d976c46e83797255c60fd504f79e30677164632
+  data.tar.gz: 3127f37fc4fb6222ed6fbef07fedbe449a65fd5caa919d3a43bc65c17f86c2c2
 SHA512:
-  metadata.gz: b13e67349efef0c75fa9f6661048245185e4c4996a07d9c1a31f338078cb9eaea1054de1687c2d1cfcd0e965d217a91278d8e4a8b710860a767d2e6c57896823
-  data.tar.gz: 3e5a645d5fd009a65c8071198696afab5a5548ebe60afe3012952a2260e26d5c0382aa78a368603e2fa6a35db0f0c94528dc555e914ab393cba05a77aaa8dcd1
+  metadata.gz: f7776d77b1898ee1b0b9713102a1be01c9de945f7cb23160a00a3af4f205f15f05ca9e6f58bc5510e4cb68606174fe1d6a835a9a2756ff866cd7849a54fcadaf
+  data.tar.gz: c821bb84db6db202e524a535c7b098e2976cd423946e95325fc421f88d35077e645e166ae10f9f01f82de0e52d2decdb1781690806392a661ea9d8fecd8444de

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2012-2016 Guillermo Iguaran
+Copyright (c) 2012-2017 Guillermo Iguaran
 
 MIT License
 

data/README.md

@@ -1,25 +1,26 @@
 # Protected Attributes Continued
+<a href="https://badge.fury.io/rb/protected_attributes_continued" target="_blank"><img height="21" style='border:0px;height:21px;' border='0' src="https://badge.fury.io/rb/protected_attributes_continued.svg" alt="Gem Version"></a>
+<a href='https://travis-ci.com/westonganger/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master' border='0' alt='Build Status' /></a>
+<a href='https://rubygems.org/gems/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://ruby-gem-downloads-badge.herokuapp.com/protected_attributes_continued?label=rubygems&type=total&total_label=downloads&color=brightgreen' border='0' alt='RubyGems Downloads' /></a>
 
-[![Build Status](https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master)](https://travis-ci.org/westonganger/protected_attributes_continued)
-
-This is the community continued version of `protected_attributes`. I have created this new repo and changed the name because the Rails team refuses to support the `protected_attributes` gem for Rails 5. For people who would like to continue using this feature in their Rails 5 apps lets continue here. I am currently_using this successfully in number of Rails 5 production apps. 
-
-Protect attributes from mass-assignment in Active Record models.
-
-This plugin adds the class methods `attr_accessible` and `attr_protected` to your models to be able to declare white or black lists of attributes.
-
+> This is the community continued version of [`protected_attributes`](https://github.com/rails/protected_attributes) for Rails 5+. I recommend you only use it to support legacy portions of your application that you do not want to upgrade. The Rails team dropped this feature and switched to `strong_parameters` because of security issues. However some applications simply cannot be upgraded or security like this is a non-issue. To continue supporting this feature going forward lets continue the work here.
 
+Protect attributes from mass-assignment in Active Record models. This gem adds the class methods `attr_accessible` and `attr_protected` to declare white or black lists of attributes.
 
 
 ## Installation
 
 Add this line to your application's `Gemfile`:
 
-    gem 'protected_attributes_continued'
+```ruby
+gem 'protected_attributes_continued'
+```
 
 And then execute:
 
-    bundle install
+```ruby
+bundle install
+```
 
 ## Usage
 
@@ -32,19 +33,19 @@ attr_protected :admin
 `attr_protected` also optionally takes a role option using `:as` which allows you to define multiple mass-assignment groupings. If no role is defined then attributes will be added to the `:default` role.
 
 ```ruby
-attr_protected :last_login, :as => :admin
+attr_protected :last_login, as: :admin
 ```
 A much better way, because it follows the whitelist-principle, is the `attr_accessible` method. It is the exact opposite of `attr_protected`, because it takes a list of attributes that will be mass-assigned if present. Any other attributes will be ignored. This way you won’t forget to protect attributes when adding new ones in the course of development. Here is an example:
 
 ```ruby
 attr_accessible :name
-attr_accessible :name, :is_admin, :as => :admin
+attr_accessible :name, :is_admin, as: :admin
 ```
 
 If you want to set a protected attribute, you will have to assign it individually:
 
 ```ruby
-params[:user] # => {:name => "owned", :is_admin => true}
+params[:user] # => {name: "owned", is_admin: true}
 @user = User.new(params[:user])
 @user.is_admin # => false, not mass-assigned
 @user.is_admin = true
@@ -58,15 +59,15 @@ You can also bypass mass-assignment security by using the `:without_protection`
 ```ruby
 @user = User.new
 
-@user.assign_attributes(:name => 'Josh', :is_admin => true)
+@user.assign_attributes(name: 'Josh', is_admin: true)
 @user.name # => Josh
 @user.is_admin # => false
 
-@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
+@user.assign_attributes({ name: 'Josh', is_admin: true }, as: :admin)
 @user.name # => Josh
 @user.is_admin # => true
 
-@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
+@user.assign_attributes({ name: 'Josh', is_admin: true }, without_protection: true)
 @user.name # => Josh
 @user.is_admin # => true
 ```
@@ -74,18 +75,18 @@ You can also bypass mass-assignment security by using the `:without_protection`
 In a similar way, `new`, `create`, `create!`, `update_attributes` and `update_attributes!` methods all respect mass-assignment security and accept either `:as` or `:without_protection` options. For example:
 
 ```ruby
-@user = User.new({ :name => 'Sebastian', :is_admin => true }, :as => :admin)
+@user = User.new({ name: 'Sebastian', is_admin: true }, as: :admin)
 @user.name # => Sebastian
 @user.is_admin # => true
 
-@user = User.create({ :name => 'Sebastian', :is_admin => true }, :without_protection => true)
+@user = User.create({ name: 'Sebastian', is_admin: true }, without_protection: true)
 @user.name # => Sebastian
 @user.is_admin # => true
 ```
 
 By default the gem will use the strong parameters protection when assigning attribute, unless your model has `attr_accessible` or `attr_protected` calls.
 
-### Errors
+## Errors
 
 By default, attributes in the params hash which are not allowed to be updated are just ignored. If you prefer an exception to be raised configure:
 
@@ -97,8 +98,47 @@ Any protected attributes violation raises `ActiveModel::MassAssignmentSecurity::
 
 ## Contributing
 
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+For quicker feedback during gem development or debugging feel free to use the provided `rake console` task. It is defined within the [`Rakefile`](https://github.com/westonganger/protected_attributes_continued/blob/master/Rakefile).
+
+We test multiple versions of `Rails` using the `appraisal` gem. Please use the following steps to test using `appraisal`.
+
+1. `bundle exec appraisal install`
+2. `bundle exec appraisal rake test`
+
+## Credits
+
+Created & Maintained by [Weston Ganger](https://westonganger.com) - [@westonganger](https://github.com/westonganger)
+
+Originally forked from the dead/unmaintained [`protected_attributes`](https://github.com/rails/protected_attributes) gem by the Rails team.
+
+## A Simple and Similar strong_params Alternative
+
+While I do utilize this gem in some legacy projects. The latest approach I have adopted is similar to this gem but only utilizes Rails built-in `strong_params` which is a much more future proof way of doing things. The following is an example implementation.
+
+```ruby
+### Model
+class Post < ActiveRecord::Base
+  def self.strong_params(params)
+    params.permit(:post).permit(:name, :content, :published_at)
+  end
+end
+
+### Controller
+class PostsController < ApplicationController
+  def create
+    @post = Post.new(Post.strong_params(params))
+    
+    @post.save
+
+    respond_with @post
+  end
+
+  def update
+    @post = Post.find(params[:id])
+
+    @post.update(Post.strong_params(params))
+
+    respond_with @post
+  end
+end
+```

data/lib/active_model/mass_assignment_security.rb

@@ -323,11 +323,7 @@ module ActiveModel
       #   customer.assign_attributes(name: 'David')
       #   # => StandardError: StandardError
       def mass_assignment_sanitizer=(value)
-        self._mass_assignment_sanitizer = if value.is_a?(Symbol)
-          const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
-        else
-          value
-        end
+        self._mass_assignment_sanitizer = value.is_a?(Symbol) ? const_get(:"#{value.to_s.camelize}Sanitizer").new(self) : value
       end
 
       private

data/lib/active_record/mass_assignment_security.rb

@@ -1,9 +1,5 @@
 require "active_record"
 
-def active_record_40?
-  ActiveRecord::VERSION::MAJOR == 4 && ActiveRecord::VERSION::MINOR == 0
-end
-
 require "active_record/mass_assignment_security/associations"
 require "active_record/mass_assignment_security/attribute_assignment"
 require "active_record/mass_assignment_security/core"
@@ -11,6 +7,7 @@ require "active_record/mass_assignment_security/nested_attributes"
 require "active_record/mass_assignment_security/persistence"
 require "active_record/mass_assignment_security/reflection"
 require "active_record/mass_assignment_security/relation"
+require "active_record/mass_assignment_security/association_relation"
 require "active_record/mass_assignment_security/validations"
 require "active_record/mass_assignment_security/associations"
 require "active_record/mass_assignment_security/inheritance"

data/lib/active_record/mass_assignment_security/association_relation.rb

@@ -0,0 +1,27 @@
+if ActiveRecord::VERSION::MAJOR >= 6
+
+  module ActiveRecord
+    class AssociationRelation
+      undef :new
+      undef :create
+      undef :create!
+
+      def build(attributes = nil, options = {}, &block)
+        block = _deprecated_scope_block("new", &block)
+        scoping { @association.build(attributes, options, &block) }
+      end
+      alias new build
+
+      def create(attributes = nil, options = {}, &block)
+        block = _deprecated_scope_block("create", &block)
+        scoping { @association.create(attributes, options, &block) }
+      end
+
+      def create!(attributes = nil, options = {}, &block)
+        block = _deprecated_scope_block("create!", &block)
+        scoping { @association.create!(attributes, options, &block) }
+      end
+    end
+  end
+
+end

data/lib/active_record/mass_assignment_security/associations.rb

@@ -1,3 +1,5 @@
+### Original Rails Code - https://github.com/rails/rails/tree/master/activerecord/lib/active_record/associations
+
 module ActiveRecord
   module Associations
     class Association
@@ -5,11 +7,11 @@ module ActiveRecord
 
       def build_record(attributes, options)
         reflection.build_association(attributes, options) do |record|
-          attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
+          the_scope = (ActiveRecord::VERSION::STRING.to_f >= 5.2 ? scope_for_create : create_scope)
+          attributes = the_scope.except(*(record.changed - [reflection.foreign_key]))
           record.assign_attributes(attributes, without_protection: true)
         end
       end
-
       private :build_record
     end
 
@@ -52,7 +54,6 @@ module ActiveRecord
           end
         end
       end
-
       private :create_record
     end
 
@@ -75,26 +76,41 @@ module ActiveRecord
     end
 
     module ThroughAssociation
-      undef :build_record if respond_to?(:build_record, false)
+      ### Cant use respond_to?(method, true) because its a module instead of a class
+      undef :build_record if self.private_instance_methods.include?(:build_record)
+      def build_record(attributes, options={})
+        inverse = source_reflection.inverse_of
+        target = through_association.target
 
-      private
+        if inverse && target && !target.is_a?(Array)
+          attributes[inverse.foreign_key] = target.id
+        end
 
-        def build_record(attributes, options={})
-          inverse = source_reflection.inverse_of
-          target = through_association.target
+        super(attributes, options)
+      end
+      private :build_record
+    end
 
-          if inverse && target && !target.is_a?(Array)
-            attributes[inverse.foreign_key] = target.id
+    class HasManyThroughAssociation
+      if ActiveRecord.version >= Gem::Version.new('5.2.3')
+        undef :build_through_record
+        def build_through_record(record)
+          @through_records[record.object_id] ||= begin
+            ensure_mutable
+
+            attributes = through_scope_attributes
+            attributes[source_reflection.name] = record
+            attributes[source_reflection.foreign_type] = options[:source_type] if options[:source_type]
+
+            # Pass in `without_protection: true` here because `options_for_through_record`
+            # was removed in https://github.com/rails/rails/pull/35799
+            through_association.build(attributes, without_protection: true)
           end
-
-          super(attributes, options)
         end
-    end
+        private :build_through_record
+      end
 
-    class HasManyThroughAssociation
       undef :build_record
-      undef :options_for_through_record if respond_to?(:options_for_through_record, false)
-
       def build_record(attributes, options = {})
         ensure_not_nested
 
@@ -113,6 +129,7 @@ module ActiveRecord
       end
       private :build_record
 
+      undef :options_for_through_record if respond_to?(:options_for_through_record, true)
       def options_for_through_record
         [through_scope_attributes, without_protection: true]
       end

data/lib/active_record/mass_assignment_security/core.rb

@@ -2,6 +2,21 @@ module ActiveRecord
   module MassAssignmentSecurity
     module Core
 
+      def initialize(attributes = nil, options = {})
+        @new_record = true
+        self.class.define_attribute_methods
+        @attributes = self.class._default_attributes.deep_dup
+
+        init_internals
+        initialize_internals_callback
+
+        # +options+ argument is only needed to make protected_attributes gem easier to hook.
+        init_attributes(attributes, options) if attributes
+
+        yield self if block_given?
+        _run_initialize_callbacks
+      end
+
       private
 
       def init_attributes(attributes, options)
@@ -12,6 +27,7 @@ module ActiveRecord
         super
         @mass_assignment_options = nil
       end
+
     end
   end
 end

data/lib/active_record/mass_assignment_security/inheritance.rb

@@ -4,18 +4,41 @@ module ActiveRecord
       extend ActiveSupport::Concern
 
       module ClassMethods
-      private
+  
+        private
+
         # Detect the subclass from the inheritance column of attrs. If the inheritance column value
         # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound
-        # If this is a StrongParameters hash, and access to inheritance_column is not permitted,
-        # this will ignore the inheritance column and return nil
-        def subclass_from_attributes?(attrs)
+        def subclass_from_attributes(attrs)
           active_authorizer[:default].deny?(inheritance_column) ? nil : super
         end
+      end
+    end
+  end
+end
 
-        # Support Active Record <= 4.0.3, which uses the old method signature.
-        def subclass_from_attrs(attrs)
-          active_authorizer[:default].deny?(inheritance_column) ? nil : super
+module ActiveRecord
+  module Inheritance
+    module ClassMethods
+      undef :new
+
+      def new(attributes = nil, options = {}, &block)
+        if abstract_class? || self == Base
+          raise NotImplementedError, "#{self} is an abstract class and cannot be instantiated."
+        end
+
+        if has_attribute?(inheritance_column)
+          subclass = subclass_from_attributes(attributes)
+
+          if respond_to?(:column_defaults) && subclass.nil? && base_class == self
+            subclass = subclass_from_attributes(column_defaults)
+          end
+        end
+
+        if subclass && subclass != self
+          subclass.new(attributes, options, &block)
+        else
+          super
         end
       end
     end

data/lib/active_record/mass_assignment_security/nested_attributes.rb

@@ -15,7 +15,7 @@ module ActiveRecord
 
           attr_names.each do |association_name|
             if reflection = reflect_on_association(association_name)
-              if active_record_40?
+              if ActiveRecord::VERSION::MAJOR == 4 && ActiveRecord::VERSION::MINOR == 0
                 reflection.options[:autosave] = true
               else
                 reflection.autosave = true
@@ -28,7 +28,7 @@ module ActiveRecord
 
               type = (reflection.collection? ? :collection : :one_to_one)
 
-              generated_methods_module = active_record_40? ? generated_feature_methods : generated_association_methods
+              generated_methods_module = (ActiveRecord::VERSION::MAJOR == 4 && ActiveRecord::VERSION::MINOR == 0) ? generated_feature_methods : generated_association_methods
 
               # def pirate_attributes=(attributes)
               #   assign_nested_attributes_for_one_to_one_association(:pirate, attributes, mass_assignment_options)
@@ -54,10 +54,16 @@ module ActiveRecord
 
       def assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {})
         options = self.nested_attributes_options[association_name]
+
+        if attributes.class.name == 'ActionController::Parameters'
+          attributes = attributes.to_unsafe_h
+        elsif !attributes.is_a?(Hash) && !attributes.is_a?(Array)
+          raise ArgumentError, "ActionController::Parameters or Hash or Array expected, got #{attributes.class.name} (#{attributes.inspect})"
+        end
+
         attributes = attributes.with_indifferent_access
 
-        if  (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) &&
-            (options[:update_only] || record.id.to_s == attributes['id'].to_s)
+        if (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) && (options[:update_only] || record.id.to_s == attributes['id'].to_s)
           assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes)
 
         elsif attributes['id'].present? && !assignment_opts[:without_protection]
@@ -116,6 +122,12 @@ module ActiveRecord
         end
 
         attributes_collection.each do |attributes|
+          if attributes.class.name == 'ActionController::Parameters'
+            attributes = attributes.to_unsafe_h
+          elsif !attributes.is_a?(Hash) && !attributes.is_a?(Array)
+            raise ArgumentError, "ActionController::Parameters or Hash or Array expected, got #{attributes.class.name} (#{attributes.inspect})"
+          end
+          
           attributes = attributes.with_indifferent_access
 
           if attributes['id'].blank?

data/lib/active_record/mass_assignment_security/relation.rb

@@ -1,5 +1,8 @@
 module ActiveRecord
   class Relation
+    undef :new
+    undef :create
+    undef :create!
     undef :first_or_create
     undef :first_or_create!
     undef :first_or_initialize
@@ -7,6 +10,32 @@ module ActiveRecord
     undef :find_or_create_by
     undef :find_or_create_by!
 
+    def new(attributes = nil, options = {}, &block)
+      attrs = respond_to?(:values_for_create) ? values_for_create(attributes) : attributes
+
+      scoping { klass.new(attrs, options, &block) }
+    end
+
+    def create(attributes = nil, options = {}, &block)
+      if attributes.is_a?(Array)
+        attributes.collect { |attr| create(attr, options, &block) }
+      else
+        attrs = respond_to?(:values_for_create) ? values_for_create(attributes) : attributes
+
+        scoping { klass.create(attrs, options, &block) }
+      end
+    end
+
+    def create!(attributes = nil, options = {}, &block)
+      if attributes.is_a?(Array)
+        attributes.collect { |attr| create!(attr, options, &block) }
+      else
+        attrs = respond_to?(:values_for_create) ? values_for_create(attributes) : attributes
+
+        scoping { klass.create!(attrs, options, &block) }
+      end
+    end
+
     # Tries to load the first record; if it fails, then <tt>create</tt> is called with the same arguments as this method.
     #
     # Expects arguments in the same format as +Base.create+.
@@ -50,15 +79,15 @@ module ActiveRecord
     end
 
     def find_or_initialize_by(attributes, options = {}, &block)
-      find_by(attributes) || new(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || new(attributes, options, &block)
     end
 
     def find_or_create_by(attributes, options = {}, &block)
-      find_by(attributes) || create(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || create(attributes, options, &block)
     end
 
     def find_or_create_by!(attributes, options = {}, &block)
-      find_by(attributes) || create!(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || create!(attributes, options, &block)
     end
   end
 

data/lib/protected_attributes.rb

@@ -1,4 +1,3 @@
-require 'active_record/core'
 require "active_model/mass_assignment_security"
 require "protected_attributes/railtie" if defined? Rails::Railtie
 require "protected_attributes/version"

data/lib/protected_attributes/version.rb

@@ -1,3 +1,3 @@
 module ProtectedAttributes
-  VERSION = "1.2.4"
+  VERSION = "1.7.0".freeze
 end

data/lib/protected_attributes_continued.rb

@@ -1,19 +1 @@
 require "protected_attributes"
-
-module ActiveRecord
-  module Core
-    def initialize(attributes = nil, options = {})
-      @attributes = self.class._default_attributes.dup
-      self.class.define_attribute_methods
-
-      init_internals
-      initialize_internals_callback
-
-      # +options+ argument is only needed to make protected_attributes gem easier to hook.
-      init_attributes(attributes, options) if attributes
-
-      yield self if block_given?
-      _run_initialize_callbacks
-    end
-  end
-end

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protected_attributes_continued
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.7.0
 platform: ruby
 authors:
-- David Heinemeier Hansson
 - Weston Ganger
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-22 00:00:00.000000000 Z
+date: 2020-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -17,80 +16,56 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +82,20 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -121,8 +110,7 @@ dependencies:
         version: '0'
 description: Protect attributes from mass assignment
 email:
-- david@loudthinking.com
-- westonganger@gmail.com
+- weston@westonganger.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -134,6 +122,7 @@ files:
 - lib/active_model/mass_assignment_security/permission_set.rb
 - lib/active_model/mass_assignment_security/sanitizer.rb
 - lib/active_record/mass_assignment_security.rb
+- lib/active_record/mass_assignment_security/association_relation.rb
 - lib/active_record/mass_assignment_security/associations.rb
 - lib/active_record/mass_assignment_security/attribute_assignment.rb
 - lib/active_record/mass_assignment_security/core.rb
@@ -166,8 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Protect attributes from mass assignment in Active Record models