Audit `hashie-forbidden_attributes`
https://github.com/Maxim-Filimonov/hashie-forbidden_attributes
This gem was last updated 5 years ago. It doesn't have any active CI, but has tests you could run locally. Although it is lightweight, it is still concerning.
Essentially, it's Hashie::Mash
monkey patch: https://github.com/Maxim-Filimonov/hashie-forbidden_attributes/blob/master/lib/hashie-forbidden_attributes/hashie/mash.rb
The description states:
If you're using Rails 4 strong parameters, you will get a ForbiddenAttributesProtection exceptions when mass-assigning attributes. This gem allows mass assignment. It prevents Mash from responding to :permitted? and therefore triggering this behavior in ForbiddenAttributesProtection.
We need to figure out if still need this dependency or if we could avoid pulling it.