gitlab-styles 9.2.0 → 10.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e3e06ef1557da413f41116af9b5b01733a309e35bcd2717e8d8ec2473470589
-  data.tar.gz: 704feb3fc08d96cde2a0cdadc8dbe5bbdde1bcb3b18a010f6b964462ec0f33aa
+  metadata.gz: 0cd204f5572b14a03cd4f6faec35d9973f07dcab0579cf17ebb5fc10d56ac6b0
+  data.tar.gz: 7a126190155bc1b39eea832c88e4636306f0fafb09f4b6c2c12c9fb275032a8c
 SHA512:
-  metadata.gz: 1dcbe74347c735155eed09bfd24923dff24013454269d8edc7d5e62c4b35ebf7413958bd3b4cff55192bdc51f01dbdfdf438f853dfab322e20b96f6ed283142c
-  data.tar.gz: 74ce09358878dd2deca30b2af8698eb46f3417b9f041794c00ee5e97bda90719548fb86250ef8718a7969c23361d256e7acf5669abaaaf6d60ed23eb5608e516
+  metadata.gz: ef80fd1223c28800de324bb2e71bc1c4e381137ddf7e4a4605e7d1e6e301cca3fc5cee69146a80fe23213a77c8c459d7037e305372242702d4cc8c9bb2b08c0b
+  data.tar.gz: 4f60365ef4232d584eb8ec18f99f8ac5537bd4bf933777d5125c4fb2f71423e7c487dd61f18e9e4e40738c4d02949d9291d7fda7a66fa88442bcdeb8854621c0

data/.gitignore

@@ -1,7 +1,7 @@
+/_yardoc/
 /.bundle/
+/.byebug_history
 /.yardoc
-/Gemfile.lock
-/_yardoc/
 /coverage/
 /pkg/
 /spec/reports/
@@ -11,4 +11,4 @@
 .rspec_status
 
 # Ignore IDE specific files
-.idea/
+.idea/

data/.gitlab/merge_request_templates/Release.md

@@ -1,13 +1,26 @@
-<!-- Replace `<PREVIOUS_VERSION>` with the previous version number here, `<COMMIT_UPDATING_VERSION>` with the latest
+<!-- Replace `<PREVIOUS_VERSION>` with the previous version number, `<COMMIT_UPDATING_VERSION>` with the latest
 commit from this merge request, and `<NEW_VERSION>` with the upcoming version number. -->
 ## Diff
 
-https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/compare/v<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
+https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/compare/v<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
 
 ## Checklist
 
-- [ ] Diff link is up-to-date.
-- [ ] Check the release notes: https://gitlab.com/api/v4/projects/4176070/repository/changelog?version=<NEW_VERSION>
-- [ ] Based on the diff and the release notes, `version.rb` is updated, according to [SemVer](https://semver.org).
+- [ ] Change the `VERSION` constant to a minor version in  `lib/gitlab/styles/version.rb` (you might have to change the version number in the next steps according to [SemVer](https://semver.org)).
+- [ ] Ensure the diff link above is up-to-date.
+- [ ] Add release notes to the [Changelog](#changelog) section below.
+- [ ] Based on the diff and the release notes, update the `version.rb` according to [SemVer](https://semver.org).
+- [ ] Create an MR on `gitlab-org/gitlab` project [with the `New Version of gitlab-styles.md` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/New%20Version%20of%20gitlab-styles.md) to test the new version of `gitlab-styles`, and follow the MR instructions.
+
+## Changelog
+
+<!--
+Paste output of:
+
+curl https://gitlab.com/api/v4/projects/4176070/repository/changelog?version=<NEW_VERSION> | jq -r ".notes"
+
+NOTE: Skip `v` in `<NEW_VERSION>`. For example, Use `version=10.0.0` instead of `version=v10.0.0`.
+
+-->
 
 /label ~"type::maintenance" ~"static code analysis"

data/.gitlab-ci.yml

@@ -10,6 +10,9 @@ default:
     - bundle --version
     - bundle install
 
+variables:
+  BUNDLE_FROZEN: 'true'
+
 workflow:
   rules:
     # For merge requests, create a pipeline.
@@ -25,15 +28,27 @@ styles:
     - bundle exec rubocop --debug --parallel
   parallel:
     matrix:
-      - RUBY_VERSION: ['2.7', '3.0']
+      - RUBY_VERSION: ['2.7', '3.0', '3.1', '3.2']
 
 specs:
   stage: test
   script:
+    # Disable simplecov for all Ruby version other than 3.0
+    - if [[ "$RUBY_VERSION" != "3.0" ]]; then export SIMPLECOV=0; fi
     - bundle exec rspec
   parallel:
     matrix:
-      - RUBY_VERSION: ['2.7', '3.0']
+      - RUBY_VERSION: ['2.7', '3.0', '3.1', '3.2']
+  artifacts:
+    name: coverage
+    expire_in: 31d
+    paths:
+      - coverage/index.html
+      - coverage/assets/
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage/coverage.xml
 
 include:
   - project: 'gitlab-org/quality/pipeline-common'

data/.rubocop.yml

@@ -1,12 +1,17 @@
 inherit_from:
   - rubocop-default.yml
+  - .rubocop_todo.yml
 
 require:
   - rubocop/cop/internal_affairs
+  - rubocop-rake
 
 AllCops:
   NewCops: disable # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/40
-  SuggestExtensions: false # https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/39
+
+Gemspec/DevelopmentDependencies:
+  EnforcedStyle: gemspec
+  Enabled: true
 
 InternalAffairs/DeprecateCopHelper:
   Enabled: true

data/.rubocop_todo.yml

@@ -0,0 +1,36 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2023-06-05 10:15:47 UTC using RuboCop version 1.50.2.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+InternalAffairs/InheritDeprecatedCopClass:
+  Exclude:
+    - 'lib/rubocop/cop/gitlab_security/json_serialization.rb'
+
+# Offense count: 11
+InternalAffairs/MissingCopDepartment:
+  Exclude:
+    - 'lib/rubocop/cop/active_record_dependent.rb'
+    - 'lib/rubocop/cop/active_record_serialize.rb'
+    - 'lib/rubocop/cop/avoid_return_from_blocks.rb'
+    - 'lib/rubocop/cop/custom_error_class.rb'
+    - 'lib/rubocop/cop/gem_fetcher.rb'
+    - 'lib/rubocop/cop/in_batches.rb'
+    - 'lib/rubocop/cop/line_break_after_guard_clauses.rb'
+    - 'lib/rubocop/cop/line_break_around_conditional_block.rb'
+    - 'lib/rubocop/cop/polymorphic_associations.rb'
+    - 'lib/rubocop/cop/redirect_with_status.rb'
+    - 'lib/rubocop/cop/without_reactive_cache.rb'
+
+# Offense count: 5
+InternalAffairs/UseRestrictOnSend:
+  Exclude:
+    - 'lib/rubocop/cop/active_record_dependent.rb'
+    - 'lib/rubocop/cop/active_record_serialize.rb'
+    - 'lib/rubocop/cop/in_batches.rb'
+    - 'lib/rubocop/cop/polymorphic_associations.rb'
+    - 'lib/rubocop/cop/without_reactive_cache.rb'

data/.tests_mapping.yml

@@ -0,0 +1,10 @@
+---
+mapping:
+  - source: 'lib/(.+)\.rb'
+    test: 'spec/%s_spec.rb'
+
+  - source: 'rubocop-.*\.yml'
+    test: 'spec/yml_spec.rb'
+
+  - source: '(spec/.*_spec\.rb)'
+    test: '%s'

data/Gemfile

@@ -4,14 +4,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in gitlab-rubocop.gemspec
 gemspec
-
-group :development do
-  gem "lefthook", require: false
-end
-
-group :test do
-  # Pin these dependencies, otherwise a new rule could break the CI pipelines
-  gem 'rubocop', '1.38.0'
-  gem 'rubocop-rspec', '2.15.0'
-  gem 'rspec-parameterized', '0.5.2', require: false
-end

data/Gemfile.lock

@@ -0,0 +1,227 @@
+PATH
+  remote: .
+  specs:
+    gitlab-styles (10.1.0)
+      rubocop (~> 1.50.2)
+      rubocop-graphql (~> 0.18)
+      rubocop-performance (~> 1.15)
+      rubocop-rails (~> 2.17)
+      rubocop-rspec (~> 2.22)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    binding_of_caller (1.0.0)
+      debug_inspector (>= 0.0.1)
+    byebug (11.1.3)
+    claide (1.1.0)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    coderay (1.1.3)
+    colored2 (3.1.2)
+    concurrent-ruby (1.2.2)
+    cork (0.3.0)
+      colored2 (~> 3.1)
+    danger (9.3.0)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored2 (~> 3.1)
+      cork (~> 0.1)
+      faraday (>= 0.9.0, < 3.0)
+      faraday-http-cache (~> 2.0)
+      git (~> 1.13.0)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.0)
+      no_proxy_fix
+      octokit (~> 5.0)
+      terminal-table (>= 1, < 4)
+    danger-gitlab (8.0.0)
+      danger
+      gitlab (~> 4.2, >= 4.2.0)
+    debug_inspector (1.1.0)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    faraday (1.10.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.0)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      faraday-retry (~> 1.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-http-cache (2.5.0)
+      faraday (>= 0.8)
+    faraday-httpclient (1.0.1)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    faraday-retry (1.0.3)
+    git (1.13.2)
+      addressable (~> 2.8)
+      rchardet (~> 1.8)
+    gitlab (4.19.0)
+      httparty (~> 0.20)
+      terminal-table (>= 1.5.1)
+    gitlab-dangerfiles (3.6.7)
+      danger (>= 8.4.5)
+      danger-gitlab (>= 8.0.0)
+      rake
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
+      multi_xml (>= 0.5.2)
+    i18n (1.13.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    lefthook (1.3.13)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    minitest (5.18.0)
+    multi_xml (0.6.0)
+    multipart-post (2.3.0)
+    nap (1.1.0)
+    no_proxy_fix (0.1.2)
+    octokit (5.6.1)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    open4 (1.3.4)
+    parallel (1.23.0)
+    parser (3.2.2.1)
+      ast (~> 2.4.1)
+    proc_to_ast (0.1.0)
+      coderay
+      parser
+      unparser
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
+    public_suffix (5.0.1)
+    rack (3.0.7)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rchardet (1.8.0)
+    regexp_parser (2.8.0)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-parameterized-core (1.0.0)
+      parser
+      proc_to_ast
+      rspec (>= 2.13, < 4)
+      unparser
+    rspec-parameterized-table_syntax (1.0.0)
+      binding_of_caller
+      rspec-parameterized-core (< 2)
+    rspec-support (3.12.0)
+    rubocop (1.50.2)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.1)
+      parser (>= 3.2.1.0)
+    rubocop-capybara (2.18.0)
+      rubocop (~> 1.41)
+    rubocop-factory_bot (2.23.0)
+      rubocop (~> 1.33)
+    rubocop-graphql (0.19.0)
+      rubocop (>= 0.87, < 2)
+    rubocop-performance (1.17.1)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.19.1)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.33.0, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.22.0)
+      rubocop (~> 1.33)
+      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-cobertura (2.1.0)
+      rexml
+      simplecov (~> 0.19)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    test_file_finder (0.1.4)
+      faraday (~> 1.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    unparser (0.6.7)
+      diff-lcs (~> 1.3)
+      parser (>= 3.2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.1)
+  gitlab-dangerfiles (~> 3.6.7)
+  gitlab-styles!
+  lefthook (~> 1.3.13)
+  pry-byebug (~> 3.10)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rspec-parameterized-table_syntax (~> 1.0.0)
+  rubocop-rake (~> 0.6)
+  simplecov (~> 0.22.0)
+  simplecov-cobertura (~> 2.1.0)
+  simplecov-html (~> 0.12.3)
+  test_file_finder (~> 0.1.4)
+
+BUNDLED WITH
+   2.4.13

data/README.md

@@ -91,7 +91,6 @@ To release a new version:
 1. Create a Merge Request.
 1. Use Merge Request template [Release.md](https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/blob/master/.gitlab/merge_request_templates/Release.md).
 1. Follow the instructions.
-1. (Optional, but appreciated) Create an MR on `gitlab-org/gitlab` project [with the `New Version of gitlab-styles.md` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/New%20Version%20of%20gitlab-styles.md) to test the new version of `gitlab-styles`, and follow the MR instructions.
 1. After the Merge Request has been merged, a new gem version is [published automatically](https://gitlab.com/gitlab-org/quality/pipeline-common/-/blob/master/ci/gem-release.yml)
 
 See [!123](https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/merge_requests/123) as an example.

data/gitlab-styles.gemspec

@@ -22,15 +22,22 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rubocop', '~> 1.38.0'
-  spec.add_dependency 'rubocop-gitlab-security', '~> 0.1.1'
-  spec.add_dependency 'rubocop-graphql', '~> 0.14'
-  spec.add_dependency 'rubocop-performance', '~> 1.14'
-  spec.add_dependency 'rubocop-rails', '~> 2.15'
-  spec.add_dependency 'rubocop-rspec', '~> 2.15'
+  spec.add_dependency 'rubocop', '~> 1.50.2'
+  spec.add_dependency 'rubocop-graphql', '~> 0.18'
+  spec.add_dependency 'rubocop-performance', '~> 1.15'
+  spec.add_dependency 'rubocop-rails', '~> 2.17'
+  spec.add_dependency 'rubocop-rspec', '~> 2.22'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
-  spec.add_development_dependency 'gitlab-dangerfiles', '~> 2.11.0'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'gitlab-dangerfiles', '~> 3.6.7'
+  spec.add_development_dependency 'lefthook', '~> 1.3.13'
+  spec.add_development_dependency 'pry-byebug', '~> 3.10'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec-parameterized-table_syntax', '~> 1.0.0'
+  spec.add_development_dependency 'rubocop-rake', '~> 0.6'
+  spec.add_development_dependency 'simplecov', '~> 0.22.0'
+  spec.add_development_dependency 'simplecov-cobertura', '~> 2.1.0'
+  spec.add_development_dependency 'simplecov-html', '~> 0.12.3'
+  spec.add_development_dependency 'test_file_finder', '~> 0.1.4'
 end

data/lefthook.yml

@@ -10,7 +10,15 @@ pre-push:
       glob: '*.{rb,rake}'
       run: bundle exec rubocop --parallel --force-exclusion {files}
 
-    # Run all tests (warn if there are any missing tools required for tests).
+    # Run only relevant specs.
     rspec:
-      run: bundle exec rspec -f progress
-      glob: '*.rb'
+      files: git diff --name-only --diff-filter=d $(git merge-base origin/master HEAD)..HEAD
+      run: |
+        tests=$(tff --mapping-file .tests_mapping.yml {files})
+        if [ "$tests" != "" ]; then
+          echo "bundle exec rspec --format progress $tests"
+          bundle exec rspec --format progress $tests
+        else
+          echo "No specs to run."
+          exit 0
+        fi

data/lib/gitlab/styles/rubocop/migration_helpers.rb

@@ -7,7 +7,7 @@ module Gitlab
       module MigrationHelpers
         # Returns true if the given node originated from the db/migrate directory.
         def in_migration?(node)
-          dirname = File.dirname(node.location.expression.source_buffer.name)
+          dirname = File.dirname(node.source_range.source_buffer.name)
 
           dirname.end_with?(
             'db/migrate',

data/lib/gitlab/styles/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Styles
-    VERSION = '9.2.0'
+    VERSION = '10.1.0'
   end
 end

data/lib/rubocop/cop/active_record_dependent.rb

@@ -1,13 +1,9 @@
 # frozen_string_literal: true
 
-require_relative '../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     # Cop that prevents the use of `dependent: ...` in ActiveRecord models.
     class ActiveRecordDependent < RuboCop::Cop::Base
-      include Gitlab::Styles::Rubocop::ModelHelpers
-
       MSG = 'Do not use `dependent:` to remove associated data, ' \
             'use foreign keys with cascading deletes instead.'
 
@@ -15,7 +11,6 @@ module Rubocop
       ALLOWED_OPTIONS = [:restrict_with_error].freeze
 
       def on_send(node)
-        return unless in_model?(node)
         return unless METHOD_NAMES.include?(node.children[1])
 
         node.children.last.each_node(:pair) do |pair|

data/lib/rubocop/cop/active_record_serialize.rb

@@ -1,18 +1,12 @@
 # frozen_string_literal: true
 
-require_relative '../../gitlab/styles/rubocop/model_helpers'
-
 module Rubocop
   module Cop
     # Cop that prevents the use of `serialize` in ActiveRecord models.
     class ActiveRecordSerialize < RuboCop::Cop::Base
-      include Gitlab::Styles::Rubocop::ModelHelpers
-
       MSG = 'Do not store serialized data in the database, use separate columns and/or tables instead'
 
       def on_send(node)
-        return unless in_model?(node)
-
         add_offense(node.loc.selector) if node.children[1] == :serialize
       end
     end

data/lib/rubocop/cop/avoid_return_from_blocks.rb

@@ -23,7 +23,7 @@ module Rubocop
     class AvoidReturnFromBlocks < RuboCop::Cop::Base
       MSG = 'Do not return from a block, use next or break instead.'
       DEF_METHODS = %i[define_method lambda].freeze
-      WHITELISTED_METHODS = %i[each each_filename times loop].freeze
+      ALLOWED_METHODS = %i[each each_filename times loop].freeze
 
       def on_block(node)
         block_body = node.body
@@ -32,7 +32,7 @@ module Rubocop
         return unless top_block?(node)
 
         block_body.each_node(:return) do |return_node|
-          next if parent_blocks(node, return_node).all? { |block| whitelisted?(block) }
+          next if parent_blocks(node, return_node).all? { |block| allowed?(block) }
 
           add_offense(return_node)
         end
@@ -71,8 +71,8 @@ module Rubocop
           (node.block_type? && DEF_METHODS.include?(node.method_name))
       end
 
-      def whitelisted?(block_node)
-        WHITELISTED_METHODS.include?(block_node.method_name)
+      def allowed?(block_node)
+        ALLOWED_METHODS.include?(block_node.method_name)
       end
     end
   end

data/lib/rubocop/cop/custom_error_class.rb

@@ -36,7 +36,7 @@ module Rubocop
 
           replacement = "#{class_name_from_node(klass)} = Class.new(#{class_name_from_node(parent)})"
 
-          corrector.replace(node.source_range, replacement)
+          corrector.replace(node, replacement)
         end
       end
 

data/lib/rubocop/cop/gem_fetcher.rb

@@ -14,7 +14,7 @@ module Rubocop
 
       # @!method gem_option(node)
       def_node_matcher :gem_option, <<~PATTERN
-        (send nil? :gem _
+        (send nil? :gem _ ...
           (hash
             <$(pair (sym {#{GIT_SOURCES.map(&:inspect).join(' ')}}) _)
             ...>

data/lib/rubocop/cop/gitlab_security/deep_munge.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GitlabSecurity
+      # Checks for disabling the deep munge security control.
+      #
+      # Disabling this security setting can leave the application open to unsafe
+      # query generation
+      #
+      # @example
+      #
+      #   # bad
+      #   config.action_dispatch.perform_deep_munge = false
+      #
+      # See CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
+      class DeepMunge < RuboCop::Cop::Base
+        MSG = 'Never disable the deep munge security option.'
+
+        # @!method disable_deep_munge?(node)
+        def_node_matcher :disable_deep_munge?, <<-PATTERN
+          (send
+            (send (send nil? :config) :action_dispatch) :perform_deep_munge=
+              { (false) (send true :!) }
+          )
+        PATTERN
+
+        def on_send(node)
+          return unless disable_deep_munge?(node)
+
+          add_offense(node.loc.selector)
+        end
+      end
+    end
+  end
+end