From fcb1f863461538b8eef273276ae2bbb7cbacb8be Mon Sep 17 00:00:00 2001
From: Geremia Taglialatela <tagliala.dev@gmail.com>
Date: Fri, 21 Jul 2023 18:29:21 +0200
Subject: [PATCH 1/4] Fix CI badge

The old badge was pointing to Travis.

This commits uses the GitHub generated markdown code for ruby workflow

[ci skip]
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 75f549cfc..fa1c3214b 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # RubyMoney - Money-Rails
 
 [![Gem Version](https://badge.fury.io/rb/money-rails.svg)](http://badge.fury.io/rb/money-rails)
-[![Build Status](https://secure.travis-ci.org/RubyMoney/money-rails.svg?branch=master)](http://travis-ci.org/RubyMoney/money-rails)
+[![Ruby](https://github.com/RubyMoney/money-rails/actions/workflows/ruby.yml/badge.svg)](https://github.com/RubyMoney/money-rails/actions/workflows/ruby.yml)
 [![License](http://img.shields.io/:license-mit-green.svg?style=flat)](http://opensource.org/licenses/MIT)
 
 ## Introduction

From 604b7de3c2a3973095ea472bb0c9dd26f92c12cb Mon Sep 17 00:00:00 2001
From: Graham Rogers <graham@ophelos.com>
Date: Wed, 23 Aug 2023 13:52:51 +0100
Subject: [PATCH 2/4] Document raise_error_on_money_parsing

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 75f549cfc..cb1b78798 100644
--- a/README.md
+++ b/README.md
@@ -474,6 +474,12 @@ MoneyRails.configure do |config|
   #   symbol: nil,
   #   sign_before_symbol: nil
   # }
+
+  # Set whether an error should be raised when parsing money values
+  # This includes assigning to a monetized field with the wrong currency
+  # Default value is false
+  #
+  # config.raise_error_on_money_parsing = true
 end
 ```
 
@@ -493,6 +499,7 @@ end
 * `amount_column`: Provide values for the amount column (holding the fractional part of a money object).
 * `currency_column`: Provide default values or even disable (`present: false`) the currency column.
 * `rounding_mode`: Set `Money.rounding_mode` to one of the BigDecimal constants.
+* `raise_error_on_money_parsing`: Set whether errors should be raised when parsing money values
 
 ### Helpers
 

From 42a50242d730dd08ac8dbd0ce73fe84d1a99b3cb Mon Sep 17 00:00:00 2001
From: Neilos <neil.atkinson@smartpension.co.uk>
Date: Mon, 27 Nov 2023 16:31:16 +0000
Subject: [PATCH 3/4] Fix monetized_attributes class discrepancy

Suppose we have a model

```ruby
class Investment < ActiveRecord::Base
  monetize :value
  monetize :discounted_value
end
```

and a subclass

```ruby
class BadInvestment < Investment
end
```

When we check the monetized_attributes of both the `Product` and `SpecialProduct` we get seemingly the same result:

```ruby
Investment.monetized_attributes
# => {
  value: value_cents,
  discounted_value: discounted_value_cents,
}

BadInvestment.monetized_attributes
# => {
  value: value_cents,
  discounted_value: discounted_value_cents,
}
```

...but when we check the class of the `monetized_attributes` we can see that one is a `ActiveSupport::HashWithIndifferentAccess` while the other is a `Hash`.

This commit fixes the discrepancy, ensuring both are a `ActiveSupport::HashWithIndifferentAccess`.
---
 lib/money-rails/active_record/monetizable.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/money-rails/active_record/monetizable.rb b/lib/money-rails/active_record/monetizable.rb
index 8bebfc5b6..0e429e584 100644
--- a/lib/money-rails/active_record/monetizable.rb
+++ b/lib/money-rails/active_record/monetizable.rb
@@ -10,7 +10,7 @@ class ReadOnlyCurrencyException < MoneyRails::Error; end
 
       module ClassMethods
         def monetized_attributes
-          monetized_attributes = @monetized_attributes || {}
+          monetized_attributes = @monetized_attributes || {}.with_indifferent_access
 
           if superclass.respond_to?(:monetized_attributes)
             monetized_attributes.merge(superclass.monetized_attributes)

From a39c42527f95f82c5cacc8d855a7564aa2343863 Mon Sep 17 00:00:00 2001
From: Geremia Taglialatela <tagliala.dev@gmail.com>
Date: Fri, 8 Mar 2024 14:56:10 +0100
Subject: [PATCH 4/4] Opt-in for MFA requirement

Make the gem more secure by requiring that all privileged operations by
any of the owners require OTP.

Ref: https://guides.rubygems.org/mfa-requirement-opt-in/
---
 money-rails.gemspec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/money-rails.gemspec b/money-rails.gemspec
index bd73c2d86..4d0a05eed 100644
--- a/money-rails.gemspec
+++ b/money-rails.gemspec
@@ -42,5 +42,6 @@ Gem::Specification.new do |s|
     s.metadata['changelog_uri'] = 'https://github.com/RubyMoney/money-rails/blob/master/CHANGELOG.md'
     s.metadata['source_code_uri'] = 'https://github.com/RubyMoney/money-rails/'
     s.metadata['bug_tracker_uri'] = 'https://github.com/RubyMoney/money-rails/issues'
+    s.metadata['rubygems_mfa_required'] = 'true'
   end
 end