From 81ee370ff734292b7db1c1076f2f63862a5e94bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jun 2026 09:24:32 +0000 Subject: [PATCH 1/2] Bump rubocop-rails from 2.34.3 to 2.35.3 Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.34.3 to 2.35.3. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.34.3...v2.35.3) --- updated-dependencies: - dependency-name: rubocop-rails dependency-version: 2.35.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index db5b6456a..f280cf10b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -478,7 +478,7 @@ GEM lint_roller (~> 1.1) rubocop (>= 1.75.0, < 2.0) rubocop-ast (>= 1.47.1, < 2.0) - rubocop-rails (2.34.3) + rubocop-rails (2.35.3) activesupport (>= 4.2.0) lint_roller (~> 1.1) rack (>= 1.1) From 5938b9abc335b58b8a61839baebe65a453cfcf59 Mon Sep 17 00:00:00 2001 From: Chris Zetter <253059100+zetter-rpf@users.noreply.github.com> Date: Mon, 15 Jun 2026 15:37:49 +0100 Subject: [PATCH 2/2] Follow rubocop recommendations for using params I've reviewed all these changes and they look like the params are always required https://redirect.github.com/rubocop/rubocop-rails/pull/1583 --- app/controllers/admin/projects_controller.rb | 2 +- app/controllers/api/feedback_controller.rb | 2 +- app/controllers/api/join_controller.rb | 2 +- app/controllers/api/projects/images_controller.rb | 4 ++-- app/controllers/api/projects/remixes_controller.rb | 2 +- app/controllers/api/school_classes_controller.rb | 14 +++++++------- app/controllers/api/school_projects_controller.rb | 2 +- app/controllers/api/schools_controller.rb | 2 +- app/controllers/api/scratch/projects_controller.rb | 2 +- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index cbeb2249c..dcebed9c9 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -9,7 +9,7 @@ def scoped_resource end def destroy_image - image = requested_resource.images.find(params[:image_id]) + image = requested_resource.images.find(params.expect(:image_id)) image.purge redirect_back_or_to(requested_resource) end diff --git a/app/controllers/api/feedback_controller.rb b/app/controllers/api/feedback_controller.rb index 3ff8fb681..1de9ff130 100644 --- a/app/controllers/api/feedback_controller.rb +++ b/app/controllers/api/feedback_controller.rb @@ -31,7 +31,7 @@ def create end def set_read - feedback = Feedback.find(params[:id]) + feedback = Feedback.find(params.expect(:id)) result = Feedback::SetRead.call(feedback: feedback) if result.success? diff --git a/app/controllers/api/join_controller.rb b/app/controllers/api/join_controller.rb index 00dadf7d7..fef9662f3 100644 --- a/app/controllers/api/join_controller.rb +++ b/app/controllers/api/join_controller.rb @@ -30,7 +30,7 @@ def create private def find_school_and_class - @school_class = SchoolClass.find_by!(join_code: JoinCodeGenerator.normalize(params[:join_code])) + @school_class = SchoolClass.find_by!(join_code: JoinCodeGenerator.normalize(params.expect(:join_code))) @school = @school_class.school end diff --git a/app/controllers/api/projects/images_controller.rb b/app/controllers/api/projects/images_controller.rb index bb55f4ecb..c1e3dd864 100644 --- a/app/controllers/api/projects/images_controller.rb +++ b/app/controllers/api/projects/images_controller.rb @@ -6,13 +6,13 @@ class ImagesController < ApiController before_action :authorize_user, only: %i[create] def show - @project = Project.find_by!(identifier: params[:project_id]) + @project = Project.find_by!(identifier: params.expect(:project_id)) authorize! :show, @project render '/api/projects/images', formats: [:json] end def create - @project = Project.find_by!(identifier: params[:project_id]) + @project = Project.find_by!(identifier: params.expect(:project_id)) authorize! :update, @project @project.images.attach(params[:images]) render '/api/projects/images', formats: [:json] diff --git a/app/controllers/api/projects/remixes_controller.rb b/app/controllers/api/projects/remixes_controller.rb index a38928728..1f0a17cd7 100644 --- a/app/controllers/api/projects/remixes_controller.rb +++ b/app/controllers/api/projects/remixes_controller.rb @@ -45,7 +45,7 @@ def create private def project - @project ||= Project.find_by!(identifier: params[:project_id]) + @project ||= Project.find_by!(identifier: params.expect(:project_id)) end def load_and_authorize_remix diff --git a/app/controllers/api/school_classes_controller.rb b/app/controllers/api/school_classes_controller.rb index c7476ba21..8ac48e14a 100644 --- a/app/controllers/api/school_classes_controller.rb +++ b/app/controllers/api/school_classes_controller.rb @@ -60,7 +60,7 @@ def import end def update - school_class = @school.classes.find(params[:id]) + school_class = @school.classes.find(params.expect(:id)) result = SchoolClass::Update.call(school_class:, school_class_params:) if result.success? @@ -176,25 +176,25 @@ def assign_students_to_class(school_class, school_students) end def load_and_authorize_school - @school = if params[:school_id].match?(/\d\d-\d\d-\d\d/) + @school = if params.expect(:school_id).match?(/\d\d-\d\d-\d\d/) School.find_by(code: params[:school_id]) else - School.find(params[:school_id]) + School.find(params.expect(:school_id)) end authorize! :read, @school end def load_and_authorize_school_class if %w[index create import].include?(params[:action]) - authorize! params[:action].to_sym, SchoolClass + authorize! params.expect(:action).to_sym, SchoolClass else - @school_class = if params[:id].match?(/\d\d-\d\d-\d\d/) + @school_class = if params.expect(:id).match?(/\d\d-\d\d-\d\d/) @school.classes.find_by(code: params[:id]) else - @school.classes.find(params[:id]) + @school.classes.find(params.expect(:id)) end - authorize! params[:action].to_sym, @school_class + authorize! params.expect(:action).to_sym, @school_class end end diff --git a/app/controllers/api/school_projects_controller.rb b/app/controllers/api/school_projects_controller.rb index 5c4e0c0db..cf62abb3d 100644 --- a/app/controllers/api/school_projects_controller.rb +++ b/app/controllers/api/school_projects_controller.rb @@ -74,7 +74,7 @@ def set_finished private def project - @project ||= Project.find_by!(identifier: params[:id]) + @project ||= Project.find_by!(identifier: params.expect(:id)) end def school_project diff --git a/app/controllers/api/schools_controller.rb b/app/controllers/api/schools_controller.rb index 7e954ccfd..9bc829bb8 100644 --- a/app/controllers/api/schools_controller.rb +++ b/app/controllers/api/schools_controller.rb @@ -31,7 +31,7 @@ def create end def update - school = School.find(params[:id]) + school = School.find(params.expect(:id)) result = School::Update.call(school:, school_params: update_params) if result.success? diff --git a/app/controllers/api/scratch/projects_controller.rb b/app/controllers/api/scratch/projects_controller.rb index 7e5ecb5a5..b8c61cb86 100644 --- a/app/controllers/api/scratch/projects_controller.rb +++ b/app/controllers/api/scratch/projects_controller.rb @@ -101,7 +101,7 @@ def move_pending_scratch_upload_to_remix(pending_upload, remix_project) end def load_project - @project = Project.find_by!(identifier: params[:id], project_type: Project::Types::CODE_EDITOR_SCRATCH) + @project = Project.find_by!(identifier: params.expect(:id), project_type: Project::Types::CODE_EDITOR_SCRATCH) end end end