Arel Deprecation Warning with Rails 5.2
Closed this issue · 2 comments
wollistik commented
Issue
I am encountering Arel Deprecation warning with Rails 5.2. and baby_squeel 1.2.1. when using #plucking method with multiple attributes to fetch. The message is a follows:
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): [#<struct Arel::Attributes::Attribute relation=#<Arel::Table:0x000055f549e86428 @name="teams", @type_caster=#<ActiveRecord::TypeCaster::Map:0x000055f549e86630 @types=Team(id: integer, identifier: string, phone: string, email: string, contact: string, user_comment: string, old_id: integer, mobile: string, ticket_email: string, ticket_queue: string, assigned_location: string, description: text, active: boolean, assign_permission: integer, allowed_non_methadon_team: boolean)>, @table_alias=nil>, name="id">]. Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().
I tried to figure out where exactly this happens, but I got stuck somewher in the DSL...
Reproduction
require 'bundler/inline'
require 'minitest/spec'
require 'minitest/autorun'
gemfile true do
source 'https://rubygems.org'
gem 'activerecord', '~> 5.2.0' # which Active Record version?
gem 'sqlite3'
gem 'baby_squeel', github: 'rzane/baby_squeel'
end
ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
ActiveRecord::Schema.define do
create_table :dogs, force: true do |t|
t.string :name
end
end
class Dog < ActiveRecord::Base
end
class BabySqueelTest < Minitest::Spec
it 'works without warning' do
Dog.all.plucking { id }
end
it 'prints out deprecation warning' do
Dog.all.plucking { [id] }
end
endrzane commented
Thanks for the detailed report. I found the source the problem. Active Record expects the arguments to pluck to be splat, instead of an array. Working on a fix over here: #91.
The warning can be safely ignored in the meantime. This query above is safe and has been whitelisted.
rzane commented
Just released 1.3.0, which fixes this issue.