DEPRECATION WARNING..

[ohimy]

This issue is a (choose one):

• Problem/bug report.
• Feature request.
• [* ] Request for support. Note: Please try to avoid submitting issues for support requests. Use Gitter instead.

Checklist before submitting:

• [* ] I've searched for an existing issue.
• I've asked my question on Gitter and have not received a satisfactory answer.
• I've included a complete bug report template. This step helps us and allows us to see the bug without trying to reproduce the problem from your description. It helps you because you will frequently detect if it's a problem specific to your project.
• The feature I'm asking for is compliant with the JSON:API spec.

Description

.DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "users.id AS users_id". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from find_fragments at /Users/betang/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/bundler/gems/jsonapi-resources-7c0c7abf355d/lib/jsonapi/active_relation_resource_finder.rb:83)

Bug reports:

Features:

Please replace this line with a clear writeup of your feature request. Features that break compliance with the JSON:API spec will probably be closed.

[kbroderick]

I'm seeing the same warnings and would love to make them go away cleanly, but having taken a cursory look at the code generating them, I don't think I'm comfortable tackling that myself (I don't want to errantly wrap something that isn't safe in Arel.sql).

[olleolleolle]

This is fixed, now, right?

[kbroderick]

@olleolleolle it seems to be addressed in master (commit 18cb4f6) but has not yet been released in a numbered version.