diff --git a/.codespellrc b/.codespellrc
index 125d89125..6d54395c9 100644
--- a/.codespellrc
+++ b/.codespellrc
@@ -7,4 +7,4 @@ ignore-regex = mis à jour
# Suh - name
# projets - French used in a test
# requestor - as requested in the original PR
-ignore-words-list = reenable,rouge,suh,projets,requestor
+ignore-words-list = reenable,rouge,suh,projets,requestor,secur
diff --git a/.rubocop.yml b/.rubocop.yml
index 70201dbdc..464c48182 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -262,3 +262,5 @@ Style/RequireOrder:
Enabled: false
Style/YodaExpression:
Enabled: false
+Metrics/BlockLength:
+ Max: 36
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e9f64267d..3688ee748 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -234,7 +234,7 @@ If you want to propose specific *changes* to a translation, and you are
not a trusted translator, there are two main options:
* The usual option is to open an issue and simply propose the text changes.
- Make sure you tell us which locale you're referrring to!
+ Make sure you tell us which locale you're referring to!
* You *can* propose changes as edits to the appropriate files in
`config/locales`, but unlike most changes that will not work directly.
One of the trusted translators will then need to hand-copy
diff --git a/Gemfile b/Gemfile
index 193d26b48..040bbf1b2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,9 +126,9 @@ group :development, :test do
gem 'pronto-rails_best_practices', '0.11.0'
gem 'pronto-rubocop', '0.11.5'
# gem 'railroader', '4.3.8' # Security static analyzer. OSS fork of Brakeman
- gem 'rubocop', '1.50.1', require: false # Style checker
- gem 'rubocop-performance', '1.17.1', require: false # Performance cops
- gem 'rubocop-rails', '2.19.0', require: false # Rails-specific cops
+ gem 'rubocop', '1.56.4', require: false # Style checker
+ gem 'rubocop-performance', '1.19.1', require: false # Performance cops
+ gem 'rubocop-rails', '2.21.2', require: false # Rails-specific cops
gem 'ruby-graphviz', '1.2.5' # This is used for bundle viz
gem 'spring', '~> 4.1'
# Do NOT upgrade to vcr 6.*, as that is not OSS:
diff --git a/Gemfile.lock b/Gemfile.lock
index 316cbae1c..908acf919 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -76,6 +76,7 @@ GEM
autoprefixer-rails (10.4.15.0)
execjs (~> 2)
awesome_print (1.9.2)
+ base64 (0.1.1)
bcrypt (3.1.19)
bindex (0.8.1)
blind_index (2.3.2)
@@ -90,7 +91,7 @@ GEM
railties (>= 3.1)
bootstrap_form (2.7.0)
builder (3.2.4)
- bullet (7.0.7)
+ bullet (7.1.1)
activesupport (>= 3.0.0)
uniform_notifier (~> 1.11)
bundler-audit (0.9.1)
@@ -109,7 +110,7 @@ GEM
capybara-slow_finder_errors (0.1.5)
capybara (~> 3.0)
chartkick (4.2.1)
- chef-utils (18.2.7)
+ chef-utils (18.3.0)
concurrent-ruby
code_analyzer (0.5.5)
sexp_processor
@@ -133,14 +134,15 @@ GEM
execjs
multi_json (>= 1.3)
rake
- execjs (2.8.1)
- faraday (2.7.10)
+ execjs (2.9.1)
+ faraday (2.7.11)
+ base64
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-net_http (3.0.2)
faraday-retry (2.2.0)
faraday (~> 2.0)
- ffi (1.15.5)
+ ffi (1.16.3)
font-awesome-rails (4.7.0.8)
railties (>= 3.2, < 8.0)
forwardable (1.3.3)
@@ -182,6 +184,7 @@ GEM
rexml
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
+ language_server-protocol (3.17.0.3)
license_finder (7.1.0)
bundler
rubyzip (>= 1, < 3)
@@ -190,12 +193,12 @@ GEM
with_env (= 1.1.0)
xml-simple (~> 1.1.9)
locale (2.1.3)
- lograge (0.13.0)
+ lograge (0.14.0)
actionpack (>= 4)
activesupport (>= 4)
railties (>= 4)
request_store (~> 1.0)
- loofah (2.21.3)
+ loofah (2.21.4)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
mail (2.8.1)
@@ -229,14 +232,14 @@ GEM
msgpack (1.7.2)
multi_json (1.15.0)
multi_xml (0.6.0)
- net-imap (0.3.7)
+ net-imap (0.4.1)
date
net-protocol
net-pop (0.1.2)
net-protocol
net-protocol (0.2.1)
timeout
- net-smtp (0.3.3)
+ net-smtp (0.4.0)
net-protocol
nio4r (2.5.9)
nokogiri (1.15.4-x86_64-linux)
@@ -264,13 +267,13 @@ GEM
omniauth-rails_csrf_protection (1.0.1)
actionpack (>= 4.2)
omniauth (~> 2.0)
- pagy (6.0.4)
+ pagy (6.1.0)
paleta (0.3.0)
paper_trail (12.3.0)
activerecord (>= 5.2)
request_store (~> 1.1)
parallel (1.23.0)
- parser (3.2.2.3)
+ parser (3.2.2.4)
ast (~> 2.4.1)
racc
pg (1.5.4)
@@ -304,7 +307,7 @@ GEM
byebug (~> 11.0)
pry (>= 0.13, < 0.15)
public_suffix (5.0.3)
- puma (6.3.1)
+ puma (6.4.0)
nio4r (~> 2.0)
puma_worker_killer (0.3.1)
get_process_mem (~> 0.2)
@@ -375,27 +378,29 @@ GEM
rb-inotify (0.10.1)
ffi (~> 1.0)
redcarpet (3.6.0)
- regexp_parser (2.8.1)
+ regexp_parser (2.8.2)
request_store (1.5.1)
rack (>= 1.4)
require_all (3.0.0)
rexml (3.2.6)
- rubocop (1.50.1)
+ rubocop (1.56.4)
+ base64 (~> 0.1.1)
json (~> 2.3)
+ language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
- parser (>= 3.2.0.0)
+ parser (>= 3.2.2.3)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
- rubocop-ast (>= 1.28.0, < 2.0)
+ rubocop-ast (>= 1.28.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.29.0)
parser (>= 3.2.1.0)
- rubocop-performance (1.17.1)
+ rubocop-performance (1.19.1)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
- rubocop-rails (2.19.0)
+ rubocop-rails (2.21.2)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.33.0, < 2.0)
@@ -456,7 +461,7 @@ GEM
unicode-display_width (>= 1.1.1, < 3)
text (1.3.1)
thor (1.2.2)
- tilt (2.2.0)
+ tilt (2.3.0)
timeout (0.4.0)
tomlrb (2.0.3)
translation (1.37)
@@ -465,7 +470,7 @@ GEM
concurrent-ruby (~> 1.0)
uglifier (4.2.0)
execjs (>= 0.3.0, < 3)
- unicode-display_width (2.4.2)
+ unicode-display_width (2.5.0)
uniform_notifier (1.16.0)
vcr (5.0.0)
version_gem (1.1.3)
@@ -482,7 +487,7 @@ GEM
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
- websocket (1.2.9)
+ websocket (1.2.10)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
@@ -492,7 +497,7 @@ GEM
xpath (3.2.0)
nokogiri (~> 1.8)
yaml-lint (0.1.2)
- zeitwerk (2.6.11)
+ zeitwerk (2.6.12)
PLATFORMS
x86_64-linux
@@ -561,9 +566,9 @@ DEPENDENCIES
rails_12factor (~> 0.0.3)
railties (~> 7.0.7)
redcarpet (~> 3.5)
- rubocop (= 1.50.1)
- rubocop-performance (= 1.17.1)
- rubocop-rails (= 2.19.0)
+ rubocop (= 1.56.4)
+ rubocop-performance (= 1.19.1)
+ rubocop-rails (= 2.21.2)
ruby-graphviz (= 1.2.5)
sass-rails (~> 5.1)
scout_apm
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 17fcd08d6..aa5c9430e 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -752,7 +752,7 @@ def set_valid_query_url
# rubocop:disable Metrics/AbcSize
def sort_projects
# Sort, if there is a requested order (otherwise use default created_at)
- return unless params[:sort].present? && ALLOWED_SORT.include?(params[:sort])
+ return if params[:sort].blank? || ALLOWED_SORT.exclude?(params[:sort])
sort_direction = params[:sort_direction] == 'desc' ? ' desc' : ' asc'
sort_index = ALLOWED_SORT.index(params[:sort])
diff --git a/app/lib/blank_detective.rb b/app/lib/blank_detective.rb
index 0f5fd5887..f38e21bee 100644
--- a/app/lib/blank_detective.rb
+++ b/app/lib/blank_detective.rb
@@ -14,14 +14,14 @@ class BlankDetective < Detective
# Individual detectives must identify their inputs, outputs
INPUTS = [].freeze # Input Hash required for Search
OUTPUTS = [].freeze # Output Hash required to set database values. Please see
- # database schema for allowed valuses to be set.
+ # database schema for allowed values to be set.
# Setup and major work goes here. Do not attempt to return anything from this
# part of the code as it causes crashes.
def analyze(_evidence, _current)
{
# Your return has to go here. This reformats the hashed return into
- # chief understands. Remember the output must corrospond to one of the
+ # chief understands. Remember the output must correspond to one of the
# values in the database structure.
# Typically This would be in the form.
diff --git a/app/lib/chief.rb b/app/lib/chief.rb
index d30bee49e..9478c94df 100644
--- a/app/lib/chief.rb
+++ b/app/lib/chief.rb
@@ -143,7 +143,7 @@ def propose_changes
# rubocop:disable Metrics/PerceivedComplexity
def apply_changes(project, changes)
changes.each do |key, data|
- next unless ALLOWED_FIELDS.include?(key)
+ next if ALLOWED_FIELDS.exclude?(key)
next unless update_value?(project, key, data)
# Store change:
diff --git a/app/mailers/report_mailer.rb b/app/mailers/report_mailer.rb
index e5f8fc00b..e078edd1f 100644
--- a/app/mailers/report_mailer.rb
+++ b/app/mailers/report_mailer.rb
@@ -64,7 +64,7 @@ def email_owner(project, old_badge_level, new_badge_level, lost_level)
user = User.find(project.user_id)
return if user.nil?
return unless user.email?
- return unless user.email.include?('@')
+ return if user.email.exclude?('@')
@project_info_url =
project_url(@project, locale: user.preferred_locale.to_sym)
@@ -95,7 +95,7 @@ def email_reminder_owner(project)
user = User.find(project.user_id)
return if user.nil?
return unless user.email?
- return unless user.email.include?('@')
+ return if user.email.exclude?('@')
@project_info_url =
project_url(@project, locale: user.preferred_locale.to_sym)
@@ -163,7 +163,7 @@ def email_new_project_owner(project)
user = User.find(project.user_id)
return if user.nil?
return unless user.email?
- return unless user.email.include?('@')
+ return if user.email.exclude?('@')
@project_info_url =
project_url(@project, locale: user.preferred_locale.to_sym)
diff --git a/app/models/project.rb b/app/models/project.rb
index 0f0a9f7a1..8755394e4 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -606,7 +606,7 @@ def justification_good?(justification)
end
def need_a_base_url
- return unless repo_url.blank? && homepage_url.blank?
+ return if repo_url.present? || homepage_url.present?
errors.add :base, I18n.t('error_messages.need_home_page_or_url')
end
diff --git a/app/models/project_stat.rb b/app/models/project_stat.rb
index ccc3eb763..71d55cb96 100644
--- a/app/models/project_stat.rb
+++ b/app/models/project_stat.rb
@@ -141,10 +141,10 @@ def stamp
# returns nil if no ProjectStat is available in that month.
# Note that created_at is an index, so this should be extremely fast.
def self.last_in_month(query_date)
- ProjectStat.all
- .where('created_at >= ?', query_date.beginning_of_month)
- .where('created_at <= ?', query_date.end_of_month)
- .reorder(:created_at).last
+ ProjectStat
+ .where('created_at >= ?', query_date.beginning_of_month)
+ .where('created_at <= ?', query_date.end_of_month)
+ .reorder(:created_at).last
end
# Return the name of the field for a given level 0..2
@@ -167,7 +167,7 @@ def self.percent_field_name(level, percentage)
# system reports instead of user interaction.
# rubocop:disable Metrics/MethodLength
def self.percent_field_description(level, percentage)
- return "Bad level #{level}" unless Project::LEVEL_IDS.include?(level.to_s)
+ return "Bad level #{level}" if Project::LEVEL_IDS.exclude?(level.to_s)
level_i = level.to_i
percentage_i = percentage.to_i
diff --git a/config/locales/en.yml b/config/locales/en.yml
index cfbcc06f3..a7b50b9f8 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2207,7 +2207,7 @@ en:
details: >-
The project might not achieve the roadmap, and that's
fine; the purpose of the roadmap is to help potential
- users and constributors understand the intended direction
+ users and contributors understand the intended direction
of the project. It need not be detailed.
documentation_architecture:
description: >-
diff --git a/config/routes.rb b/config/routes.rb
index 59b8ce121..5bb7cd229 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,7 +11,7 @@
# See how all your routes lay out with "rake routes".
# This regex defines all legal locale values:
-LEGAL_LOCALE = /(?:#{I18n.available_locales.join("|")})/.freeze
+LEGAL_LOCALE = /(?:#{I18n.available_locales.join('|')})/.freeze
# This regex is used to verify criteria levels in routes:
VALID_CRITERIA_LEVEL = /[0-2]/.freeze
diff --git a/docs/implementation.md b/docs/implementation.md
index e1af0fd38..2f0d253ec 100644
--- a/docs/implementation.md
+++ b/docs/implementation.md
@@ -1101,7 +1101,7 @@ ALL_DETECTIVES =
HardenedSitesDetective (Name1Detective)
].freeze
- where Name1Detective corrosponds to the new class created in name1_detective. Without following the naming convention chief will not run the new detective.
+ where Name1Detective corresponds to the new class created in name1_detective. Without following the naming convention chief will not run the new detective.
A template detective called blank_detective.rb is supplied with the project with internal documentation as to how to use it.
diff --git a/docs/other.md b/docs/other.md
index 15aec452d..0ad84b395 100644
--- a/docs/other.md
+++ b/docs/other.md
@@ -358,7 +358,7 @@ Upgrade some "passing" level SHOULD and SUGGESTED:
*Details*: The project might not achieve the roadmap,
and that's fine; the purpose of the roadmap is to help potential
- users and constributors understand the intended direction of the
+ users and contributors understand the intended direction of the
project. It need not be detailed.
*
diff --git a/lib/tasks/default.rake b/lib/tasks/default.rake
index 1cb59b97c..e5f9c8fd9 100644
--- a/lib/tasks/default.rake
+++ b/lib/tasks/default.rake
@@ -419,22 +419,22 @@ end
def normalize_string(value, locale)
# Remove trailing whitespace
value.sub!(/\s+$/, '')
- return value unless value.include?('<')
+ return value if value.exclude?('<')
# Google Translate generates html text that has predictable errors.
# The last entry mitigates the target=... vulnerability. We don't need
# to "counter" attacks from ourselves, but it does no harm and it's
# easier to protect against everything.
- value.gsub(/< a /, '/, '')
- .gsub(//, '')
+ .gsub('', '')
+ .gsub('', '')
.gsub(/ Href *=/, 'href=')
- .gsub(/href = /, 'href=')
- .gsub(/class = /, 'class=')
- .gsub(/target = /, 'target=')
- .gsub(/target="_ blank">/, 'target="_blank">')
+ .gsub('href = ', 'href=')
+ .gsub('class = ', 'class=')
+ .gsub('target = ', 'target=')
+ .gsub('target="_ blank">', 'target="_blank">')
.gsub(/target="_blank" *>/, 'target="_blank" rel="noopener">')
.gsub(%r{https: // }, 'https://')
.gsub(%r{href="/en/}, "href=\"/#{locale}/")
@@ -608,7 +608,7 @@ task :create_project_insertion_command do
project_id = data_hash['id']
puts "Inserting project id #{project_id}"
# Escape JSON using SQL escape ' -> '', so we can use it in a SQL command
- escaped_json = "'" + file_contents.gsub(/'/, "''") + "'"
+ escaped_json = "'" + file_contents.gsub("'", "''") + "'"
sql_command = 'insert into projects select * from ' + "json_populate_record(NULL::projects, #{escaped_json});"
File.write('project.sql', sql_command)
puts 'File project.sql created. To use this, do the following (examples):'
diff --git a/test/models/translations_test.rb b/test/models/translations_test.rb
index 047e885bc..f9a679fba 100644
--- a/test/models/translations_test.rb
+++ b/test/models/translations_test.rb
@@ -48,7 +48,7 @@ def simple_type(x)
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
# rubocop:disable Metrics/AbcSize, Metrics/MethodLength
def acceptable_html_string(text)
- return true unless text.include?('<') # Can't be a problem, no '<'
+ return true if text.exclude?('<') # Can't be a problem, no '<'
# First, detect common mistakes.
# Require HTML tags to start in a lowercase Latin letter.