RubyGems - rubocop-rails - Versions diffs - 2.35.3 → 2.35.4 - Mend

rubocop-rails 2.35.3 → 2.35.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/rubocop/cop/rails/strong_parameters_expect.rb +23 -3
data/lib/rubocop/rails/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a93c373c0dc8f85fb3b81807cd6971588d148c6f02f4baac770c4a842cd59281
-  data.tar.gz: b54098494c0900a297281fed2eb634e38867ed0e3e14f84536765d9ccdc8ed6d
+  metadata.gz: 45b000a9e63ce4154fb6b1acbb97c84253448ead8bac7539aa773dbc1a7e3f8b
+  data.tar.gz: 26646956ab4da49c53a4d9105771e83658b07c65912799e5eea7f4d88e5f399f
 SHA512:
-  metadata.gz: 9d3a419adf9b427d3cba678db098a08a0bbc69b8e7c5ec668108bede4217bdff67f1b8724e22e674ad653e2512dcb49483933f4b064d3f46a4c676d179bb0265
-  data.tar.gz: e2da63cb8261679f1fd9333f78ef278fc46bd2f06120a66b1ff8f4ddde1562f008f07246cea76cd0cb67ed8ba44c5e575493a44bc9ef43e9050f2258f0039c72
+  metadata.gz: f8e1594a6edae31940c736c45a37966d09d02ada59afad3146b8941c4668b500c288e30da7293ae34d6ee38d1e2fc47b69900c8afa8f7e598da92e91d55f4d46
+  data.tar.gz: 15994ecea386276d46a19c17ec5bc962138a1476b4508f36353a9fb10e20f6fb30a1b1d78f837d9beef9980103a9786160d50b1fc610f06a092bc874b9621050

data/lib/rubocop/cop/rails/strong_parameters_expect.rb CHANGED Viewed

@@ -23,6 +23,18 @@ module RuboCop
       #   incompatibility introduced for valid reasons by the `expect` method, which aligns better with
       #   strong parameter conventions.
       #
+      #   It is also unsafe because `expect` is stricter about the structure of the parameters than
+      #   `require`/`permit`. Nested attributes that hold an array of records need an extra array wrapper,
+      #   such as `expect(user: [{ pets_attributes: [[:name]] }])`. The cop cannot tell a single nested hash
+      #   from an array of nested hashes, so it always generates the single-hash form, which can turn
+      #   a previously successful request into a failure.
+      #
+      #   It is also unsafe when `params[:key]` is passed to a finder method such as `find`, because
+      #   `find` accepts an array of IDs. `Model.find(params[:id])` loads every record for an array of IDs,
+      #   but the corrected `Model.find(params.expect(:id))` raises `ActionController::ParameterMissing`
+      #   for an array value, since `expect` requires a scalar. The cop cannot tell a scalar ID from
+      #   an array of IDs, so the autocorrection can turn a previously successful request into a failure.
+      #
       # @example
       #
       #   # bad
@@ -62,7 +74,7 @@ module RuboCop
         IGNORED_METHODS = %i[
           ! blank? compact compact! compact_blank compact_blank! deep_merge deep_merge!
           delete delete_if dig each except exclude? extract! fetch has_key? has_value?
-          include? instance_of? is_a? keep_if key? keys kind_of? member? merge merge!
+          include? inspect instance_of? is_a? keep_if key? keys kind_of? member? merge merge!
           nil? presence present? reverse_merge reverse_merge! slice stringify_keys
           to_a to_f to_h to_hash to_i to_s to_unsafe_h to_unsafe_hash
           transform_keys transform_keys! transform_values transform_values! try try!
@@ -76,10 +88,18 @@ module RuboCop
           (send (send nil? :params) :[] $_)
         PATTERN
+        # `require` with an array literal expects multiple top-level keys and has no single `expect` equivalent,
+        # so such calls are excluded to avoid generating broken code.
+        # A single dynamic argument to `permit` (such as a method call or variable that may return an array)
+        # has no safe `expect` rewrite, because the cop cannot tell whether the value is a list of attributes
+        # or a nested hash. Such calls are excluded to avoid generating broken code.
         def_node_matcher :params_require_permit, <<~PATTERN
-          $(call
+          [
             $(call
-              (send nil? :params) :require _) :permit _+)
+              $(call
+                (send nil? :params) :require !array) :permit _+)
+            !(call _ :permit {call lvar ivar cvar gvar const})
+          ]
         PATTERN
         def_node_matcher :params_permit_require, <<~PATTERN

data/lib/rubocop/rails/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module RuboCop
   module Rails
     # This module holds the RuboCop Rails version information.
     module Version
-      STRING = '2.35.3'
+      STRING = '2.35.4'
       def self.document_version
         STRING.match('\d+\.\d+').to_s

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-rails
 version: !ruby/object:Gem::Version
-  version: 2.35.3
+  version: 2.35.4
 platform: ruby
 authors:
 - Bozhidar Batsov