New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rails 5.2 #1771

wants to merge 20 commits into
base: master
Jump to file or symbol
Failed to load files and symbols.
+3 −3
Diff settings


Just for now

Viewing a subset of changes. View all

Fix deprecated query methods.

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s):
"number, platform, sha256, info_checksum, required_ruby_version, required_rubygems_version, versions.created_at, string_agg(dependencies.requirements, '@' ORDER BY, string_agg(coalesce(, '0'), ',' ORDER BY AS dep_name".

Non-attribute arguments will be disallowed in Rails 6.0.

This method should not be called with user-provided values, such as request parameters or model attributes.

Known-safe values can be passed by wrapping them in Arel.sql().
  • Loading branch information...
thomasdziedzic committed Aug 24, 2018
commit 75523b6275d6ce7d9c6fc008c3273d54fb01c2cf
Copy path View file
@@ -123,8 +123,8 @@ def requirements_and_dependencies
ON = dependencies.rubygem_id
AND dependencies.scope = 'runtime'")
.where(" = ? AND indexed = true", @rubygem_name)
.order("versions.created_at, number, platform, dep_name")
.pluck("#{group_by_columns}, #{dep_req_agg}, #{dep_name_agg}")
.order(Arel.sql("versions.created_at, number, platform, dep_name"))
.pluck(Arel.sql("#{group_by_columns}, #{dep_req_agg}, #{dep_name_agg}"))
ProTip! Use n and p to navigate between commits in a pull request.