How do I resolve the deprecation warning "Method to_hash is deprecated and will be removed in Rails 5.1"

Use .to_h

You can call .to_h to get a safe hash, according to a comment on the Rails PR.

There are now three methods for converting parameters to a hash.

• .to_h means "if I haven't called .permit, assume nothing is allowed."
• .to_unsafe_h means "if I haven't called .permit, assume everything is allowed."
• .to_hash is now ambiguous. Rails treats it like .to_unsafe_h, but prints a warning because you haven't explicitly said which of the two options above you wanted.

First, let's see what happens if you haven't called .permit. In a Rails 5.0 console:

> params = ActionController::Parameters.new({yes: "y", no: "n"})> params.to_h{} # empty hash because nothing has been permitted> params.to_unsafe_h{"yes"=>"y", "no"=>"n"} # raw values with no warning; you asked for it> params.to_hash# (puts deprecation warning - if you want unsafe values, say so){"yes"=>"y", "no"=>"n"} # returns raw values

However, if you call .permit first, there will be no way to get the non-permitted values.

> params = ActionController::Parameters.new({yes: "y", no: "n"})> params = params.permit(:yes)# (puts warning about unpermitted parameter :no)> params.to_h{"yes"=>"y"} # permitted values only> params.to_unsafe_h{"yes"=>"y"} # permitted values only> params.to_hash# (puts deprecation warning, but still safe){"yes"=>"y"} # permitted values only

So:

1. Always use .permit to whitelist the values you expect
2. Use .to_h to ensure that if you forgot step 1, nothing will get through
3. If you really want the raw values, don't call .permit and call .to_unsafe_hash
4. Don't call .to_hash because that's now ambiguous