* A string in the example lacked quotes.

* The tests asserted stuff about :last_name, whereas
  test params do not have that key.

* But, the first one passed, why? After hitting my head against
  the wall and doing some obscure rituals realized the new
  #require had an important typo, wanted to iterate over the
  array argument (key), but it ran over its own hash keys
  (method #keys).

* Modified the test to prevent the same typo to happen again.

* The second test assigned to an unused variable safe_params
  that has been therefore removed.

* Grammar of the second test description.

* Since I was on it, reworded both test descriptions.

This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this:

```ruby
params.require(:person).require(:first_name)
params.require(:person).require(:last_name)
```

Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line:

```ruby
params.require(:person).require([:first_name, :last_name])
```

Comments welcome

there is no reason to `convert_hashes_to_parameters` with an assignemt
flag.  The caller knows whether or not it wants the value assigned.  We
should just change the uncommon case (not writing to the underlying
hash) to just call the conversion method and return that value.

only hashes are converted to parameter objects, so lets add a branch for
them.  This also removes a is_a? test for Parameters so we can be
abstracted from the class.

When executing an `ActionController::Parameters#fetch` with a block
that raises a `KeyError` the raised `KeyError` will be rescued and
converted to an `ActionController::ParameterMissing` exception,
covering up the original exception.

[Jonas Schubert Erlandsson & Roque Pinel]

this way we don't need to call `to_unsafe_h` to get access to ask
questions about the underlying hash

now `hash_filter` doesn't need to know about the `Parameters` class

Since we proved that `element` is always of type `Parameter`, we know
that it will always respond to `permit`, so lets remove this conditional

`element` can never be a hash because:

1. `slice` returns a Parameters object and calls each on it: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L656
2. `each` which is implemented by `each_pair` will call `convert_hashes_to_parameters` on the value: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L192-197
3. `convert_hashes_to_parameters` will convert any hash objects in to parameters objects: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L550-566

Now that the value is cached on the stack,
`array_of_permitted_scalars_filter` is exactly the same as
`array_of_permitted_scalars?`, so lets just have one

this way the method doesn't have to know what the new params object is,
it just yields to a block.  This change also caches the value of
`self[key]` on the stack

We should disconnect `array_of_permitted_scalars_filter` from the
instance so that we can make hash filtering functional.  For now, pull
the conditional up out of that method

`ActionController::Parameters#to_h` returns a hash, so lets have
`ActionController::Parameters#to_unsafe_h` return a hash instead of
an `ActiveSupport::HashWithIndifferentAccess` for consistency.

This is another take at #14384 as we decided to wait until `master` is
targeting Rails 5.0. This commit is implementation-complete, as it
guarantees that all the public methods on the hash-inherited Parameters
are still working (based on test case). We can decide to follow-up later
if we want to remove some methods out from Parameters.

The current implementation of ActionController::Parameters.const_missing
returns `ActionController::Parameters.always_permitted_parameters` even
if its `super` returns a constant without raising error. This prevents its
subclass in a autoloading module/class from taking advantage of
autoloading constants.

    class SomeParameters < ActionController::Parameters
      def do_something
        DefinedSomewhere.do_something
      end
    end

In the code above, `DefinedSomewhere` is to be autoloaded with
`Module.const_missing` but `ActionController::Parameters.const_missing`
returns `always_permitted_parameters` instead of the autoloaded
constant.

This pull request fixes the issue respecting `const_missing`'s `super`.

Removed non-standard and unused require 'active_support/deprecation' from parts out of active_support.

This reverts commit da5cc10e.

Fixes #18091

See also https://github.com/rails/rails/pull/18003#commitcomment-9030909

As suggested in #16299([1]), this method should be a new public API for
retrieving unfiltered parameters from `ActionController::Parameters`
object, given that `Parameters#to_hash` will no longer work in Rails
5.0+ as we stop inheriting `Parameters` from `Hash`.

[1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919

As discussed in #16299[1], this attribute is not thread safe and could
potentially create a security issue.

[1]: https://github.com/rails/rails/pull/16299#discussion_r15424533

The current style for warning messages without newlines uses
concatenation of string literals with manual trailing spaces
where needed.

Heredocs have better readability, and with `squish` we can still
produce a single line.

This is a similar use case to the one that motivated defining
`strip_heredoc`, heredocs are super clean.

Ruby 1.9.3 does not implement Hash#to_h, so we can't call `super` on it.

* `each`
* `each_pair`
* `delete`
* `select!`

This is to make sure that `permitted` status is maintained on the
resulting object.

I found these methods that needs to be redefined by looking for
`self.class.new` in the code.

* extract!
* transform_keys
* transform_values

`ActionController::Parameters#to_h` now returns a `Hash` with
unpermitted keys removed. This change is to reflect on a security
concern where some method performed on an `ActionController::Parameters`
may yield a `Hash` object which does not maintain `permitted?` status.
If you would like to get a `Hash` with all the keys intact, duplicate
and mark it as permitted before calling `#to_h`.

    params = ActionController::Parameters.new(name: 'Senjougahara Hitagi')
    params.to_h # => {}

    unsafe_params = params.dup.permit!
    unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"}

    safe_params = params.permit(:name)
    safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}

This change is consider a stopgap as we cannot chage the code to stop
`ActionController::Parameters` to inherit from
`HashWithIndifferentAccess` in the next minor release.

Also, adding a CHANGELOG entry to mention that
`ActionController::Parameters` will not inheriting from
`HashWithIndifferentAccess` in the next major version.

* General style fixes.
* Add changes to configuration guide.
* Add missing tests.

* This commit adds back the always_permitted_parameters
  configuration option to strong paramaters.
* The initial pull requests where this feature was added
  are the following:
  - https://github.com/rails/rails/pull/12682
  - https://github.com/rails/strong_parameters/pull/174

Fixes #15685.

We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.

In a forthcoming commit I am going to add a test that covers why we need
to cache by value.

Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.

I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.

This reverts commit e63be276.

Per convention, underscore-only argument names should be used for unused parameters.

memory leak demonstrated on @tenderlove's latest blog post:

http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html

- accepts_nested_attribute_for -> accepts_nested_attributes_for

Simple Sungularize ActionController::UnpermittedParameters error in case when only 1 parameter is unpermitted.