From 6808c6c227fd429649bec4f16da399a90e17c0cb Mon Sep 17 00:00:00 2001
From: Mina Slater <slater.mina@gmail.com>
Date: Fri, 17 May 2024 09:28:49 -0500
Subject: [PATCH 1/8] Remove Hound README badge (#1020)

Clearance no longer uses Hound review as a linting tool. Remove the
success/failure badge from README.
---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index bdce3e7f..8e67fa04 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,6 @@
 [![Build Status](https://github.com/thoughtbot/clearance/actions/workflows/tests.yml/badge.svg)]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
 [![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
 [![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=main)](https://inch-ci.org/github/thoughtbot/clearance)
-[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
 Rails authentication with email & password.
 

From 3ab1852df82b6c2d719e5c5a5c1ff9c7c2fc5a40 Mon Sep 17 00:00:00 2001
From: James Robey <james.robey@gmail.com>
Date: Fri, 17 May 2024 07:45:22 -0700
Subject: [PATCH 2/8] Update README.md (#977)

Recommend checking against `Rails.configuration.force_ssl` boolean value in the example configuration.  That way it is off in development & test environment by default.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8e67fa04..970ea5fd 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ Clearance.configure do |config|
   config.url_after_denied_access_when_signed_out = nil
   config.rotate_csrf_on_sign_in = true
   config.same_site = nil
-  config.secure_cookie = false
+  config.secure_cookie = Rails.configuration.force_ssl
   config.signed_cookie = false
   config.sign_in_guards = []
   config.user_model = "User"

From 82e6f733ca62fd569dfe97a4fabeeeb87a4661cf Mon Sep 17 00:00:00 2001
From: Manuel Meurer <manuel@meurer.io>
Date: Fri, 17 May 2024 16:48:17 +0200
Subject: [PATCH 3/8] fix validating email in strict mode (#976)

To enable strict mode in email validation, mode: :strict should be used, not strict_mode: true.
---
 lib/clearance/user.rb    | 2 +-
 spec/models/user_spec.rb | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/clearance/user.rb b/lib/clearance/user.rb
index 68512bf2..7597452f 100644
--- a/lib/clearance/user.rb
+++ b/lib/clearance/user.rb
@@ -150,7 +150,7 @@ module Validations
 
       included do
         validates :email,
-          email: { strict_mode: true },
+          email: { mode: :strict },
           presence: true,
           uniqueness: { allow_blank: true, case_sensitive: true },
           unless: :email_optional?
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index d9adc323..dd6b2bd0 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -5,15 +5,13 @@
   it { is_expected.to have_db_index(:remember_token) }
   it { is_expected.to validate_presence_of(:email) }
   it { is_expected.to validate_presence_of(:password) }
-  it { is_expected.to allow_value("foo;@example.com").for(:email) }
-  it { is_expected.to allow_value("foo@.example.com").for(:email) }
-  it { is_expected.to allow_value("foo@example..com").for(:email) }
   it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
   it { is_expected.to allow_value("foo@example.com").for(:email) }
   it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
   it { is_expected.not_to allow_value("example.com").for(:email) }
   it { is_expected.not_to allow_value("foo").for(:email) }
   it { is_expected.not_to allow_value("foo@").for(:email) }
+  it { is_expected.not_to allow_value("foo@bar").for(:email) }
 
   describe "#email" do
     it "stores email in down case and removes whitespace" do

From 4bc064fb9e1c12c22aa8b5b12eface7cbb1d7eb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dorian=20Mari=C3=A9?= <dorian@dorianmarie.com>
Date: Fri, 17 May 2024 16:58:11 +0200
Subject: [PATCH 4/8] Create SECURITY.md (#972)

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..8847f77d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+We will provide security updates for the latest 3 versions.
+
+| Version | Security updates |
+| - | - |
+| 2.7.x   | ✅ |
+| 2.6.x   | ✅ |
+| 2.5.x   | ✅ |
+| < 2.5.0 | :x: |
+
+## Reporting a Vulnerability
+
+You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.

From 13bc29afc00def26c658c890ef076caa1339e3ad Mon Sep 17 00:00:00 2001
From: Hamed Asghari <hasghari@gmail.com>
Date: Fri, 7 Jun 2024 09:27:19 -1000
Subject: [PATCH 5/8] Add specs for email validator strict mode (#1001)

---
 spec/models/user_spec.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index dd6b2bd0..ccaf1f54 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -12,6 +12,9 @@
   it { is_expected.not_to allow_value("foo").for(:email) }
   it { is_expected.not_to allow_value("foo@").for(:email) }
   it { is_expected.not_to allow_value("foo@bar").for(:email) }
+  it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@example..com").for(:email) }
 
   describe "#email" do
     it "stores email in down case and removes whitespace" do

From e65b7c666306c8c7f1588110f28572b375c00489 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 7 Jun 2024 15:28:33 -0400
Subject: [PATCH 6/8] docs: documentation files updated (#1024)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 970ea5fd..872763c6 100644
--- a/README.md
+++ b/README.md
@@ -496,4 +496,18 @@ redistributed under the terms specified in the [`LICENSE`] file.
 [`LICENSE`]: /LICENSE
 
 <!-- START /templates/footer.md -->
+## About thoughtbot
+
+![thoughtbot](https://thoughtbot.com/thoughtbot-logo-for-readmes.svg)
+
+This repo is maintained and funded by thoughtbot, inc.
+The names and logos for thoughtbot are trademarks of thoughtbot, inc.
+
+We love open source software!
+See [our other projects][community].
+We are [available for hire][hire].
+
+[community]: https://thoughtbot.com/community?utm_source=github
+[hire]: https://thoughtbot.com/hire-us?utm_source=github
+
 <!-- END /templates/footer.md -->

From 8af6ec091811864baeb4ea6fb406fa98fe53b1ef Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 7 Jun 2024 15:30:19 -0400
Subject: [PATCH 7/8] docs: documentation files updated (#1026)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 872763c6..9698f393 100644
--- a/README.md
+++ b/README.md
@@ -510,4 +510,5 @@ We are [available for hire][hire].
 [community]: https://thoughtbot.com/community?utm_source=github
 [hire]: https://thoughtbot.com/hire-us?utm_source=github
 
+
 <!-- END /templates/footer.md -->

From 1df5cf803a11028d854658ce4f0cb6c09a1e7096 Mon Sep 17 00:00:00 2001
From: Alex Kholodniak <alexandrkholodniak@gmail.com>
Date: Fri, 28 Jun 2024 10:27:20 -0500
Subject: [PATCH 8/8] Fix method redefinition and circular require issues
 (#1027)

Closes #999

This PR addresses two issues:

Method Redefinition: The user_parameter method was being defined multiple times
in lib/clearance/configuration.rb. This has been fixed by changing attr_accessor
to attr_writer, ensuring the method is defined only once.

Circular Require: Circular dependencies between lib/clearance.rb and
lib/clearance/engine.rb have been resolved by rearranging the require statements
to avoid circular loading.
---
 lib/clearance.rb               | 2 +-
 lib/clearance/configuration.rb | 2 +-
 lib/clearance/engine.rb        | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/clearance.rb b/lib/clearance.rb
index 1b92beeb..197b4d37 100644
--- a/lib/clearance.rb
+++ b/lib/clearance.rb
@@ -5,9 +5,9 @@
 require 'clearance/back_door'
 require 'clearance/controller'
 require 'clearance/user'
-require 'clearance/engine'
 require 'clearance/password_strategies'
 require 'clearance/constraints'
+require 'clearance/engine'
 
 module Clearance
 end
diff --git a/lib/clearance/configuration.rb b/lib/clearance/configuration.rb
index b5f21eeb..8a2c7028 100644
--- a/lib/clearance/configuration.rb
+++ b/lib/clearance/configuration.rb
@@ -135,7 +135,7 @@ class Configuration
     # The parameter for user routes. By default this is derived from the user
     # model.
     # @return [Symbol]
-    attr_accessor :user_parameter
+    attr_writer :user_parameter
 
     # Controls wether users are automatically signed in after successfully
     # resetting their password.
diff --git a/lib/clearance/engine.rb b/lib/clearance/engine.rb
index 2ee8687b..bc1ba314 100644
--- a/lib/clearance/engine.rb
+++ b/lib/clearance/engine.rb
@@ -1,4 +1,3 @@
-require "clearance"
 require "rails/engine"
 
 module Clearance