Skip to content

Fixes several ActionController::Parameters deprecations

Jasper Maes requested to merge jlemaes/gitlab-ce:actioncontroller-parameters-deprecations into master

What does this MR do?

Fixes several ActionController::Parameters related deprecations.

Method reverse_merge is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.7.1/classes/ActionController/Parameters.html (called from initialize at /builds/jlemaes/gitlab-ce/app/finders/group_descendants_finder.rb:28)
#to_hash unexpectedly ignores parameter filtering, and will change to enforce it in Rails 5.1. Enable `raise_on_unfiltered_parameters` to respect parameter filtering, which is the default in new applications. For the existing deprecated behaviour, call #to_unsafe_h instead. (called from block (4 levels) in <class:Application> at /builds/jlemaes/gitlab-ce/config/application.rb:230)
Method with_indifferent_access is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.7.1/classes/ActionController/Parameters.html (called from initialize at /builds/jlemaes/gitlab-ce/app/services/labels/update_service.rb:6)
Method with_indifferent_access is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.7.1/classes/ActionController/Parameters.html (called from initialize at /builds/jlemaes/gitlab-ce/app/services/labels/create_service.rb:6)
Method any? is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.7.1/classes/ActionController/Parameters.html (called from assign_attributes at /builds/jlemaes/gitlab-ce/app/services/users/update_service.rb:58)
Method compact is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.7.1/classes/ActionController/Parameters.html (called from find_locks at /builds/jlemaes/gitlab-ce/app/services/lfs/locks_finder_service.rb:15)
#to_hash unexpectedly ignores parameter filtering, and will change to enforce it in Rails 5.1. Enable `raise_on_unfiltered_parameters` to respect parameter filtering, which is the default in new applications. For the existing deprecated behaviour, call #to_unsafe_h instead. (called from new at /builds/jlemaes/gitlab-ce/app/controllers/projects/blob_controller.rb:96)

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports