update gems, rails 7.0.8, puma 6.4, latest rubocops

.codespellrc

@@ -7,4 +7,4 @@ ignore-regex = mis à jour
 # Suh - name
 # projets - French used in a test
 # requestor - as requested in the original PR
-ignore-words-list = reenable,rouge,suh,projets,requestor
+ignore-words-list = reenable,rouge,suh,projets,requestor,secur

.rubocop.yml

@@ -262,3 +262,5 @@ Style/RequireOrder:
   Enabled: false
 Style/YodaExpression:
   Enabled: false
+Metrics/BlockLength:
+  Max: 36

CONTRIBUTING.md

@@ -234,7 +234,7 @@ If you want to propose specific *changes* to a translation, and you are
 not a trusted translator, there are two main options:
 
 * The usual option is to open an issue and simply propose the text changes.
-  Make sure you tell us which locale you're referrring to!
+  Make sure you tell us which locale you're referring to!
 * You *can* propose changes as edits to the appropriate files in
   `config/locales`, but unlike most changes that will not work directly.
   One of the trusted translators will then need to hand-copy

Gemfile

@@ -126,9 +126,9 @@ group :development, :test do
   gem 'pronto-rails_best_practices', '0.11.0'
   gem 'pronto-rubocop', '0.11.5'
   # gem 'railroader', '4.3.8' # Security static analyzer. OSS fork of Brakeman
-  gem 'rubocop', '1.50.1', require: false # Style checker
-  gem 'rubocop-performance', '1.17.1', require: false # Performance cops
-  gem 'rubocop-rails', '2.19.0', require: false # Rails-specific cops
+  gem 'rubocop', '1.56.4', require: false # Style checker
+  gem 'rubocop-performance', '1.19.1', require: false # Performance cops
+  gem 'rubocop-rails', '2.21.2', require: false # Rails-specific cops
   gem 'ruby-graphviz', '1.2.5' # This is used for bundle viz
   gem 'spring', '~> 4.1'
   # Do NOT upgrade to vcr 6.*, as that is not OSS:

Gemfile.lock

@@ -76,6 +76,7 @@ GEM
     autoprefixer-rails (10.4.15.0)
       execjs (~> 2)
     awesome_print (1.9.2)
+    base64 (0.1.1)
     bcrypt (3.1.19)
     bindex (0.8.1)
     blind_index (2.3.2)
@@ -90,7 +91,7 @@ GEM
       railties (>= 3.1)
     bootstrap_form (2.7.0)
     builder (3.2.4)
-    bullet (7.0.7)
+    bullet (7.1.1)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
     bundler-audit (0.9.1)
@@ -109,7 +110,7 @@ GEM
     capybara-slow_finder_errors (0.1.5)
       capybara (~> 3.0)
     chartkick (4.2.1)
-    chef-utils (18.2.7)
+    chef-utils (18.3.0)
       concurrent-ruby
     code_analyzer (0.5.5)
       sexp_processor
@@ -133,14 +134,15 @@ GEM
       execjs
       multi_json (>= 1.3)
       rake
-    execjs (2.8.1)
-    faraday (2.7.10)
+    execjs (2.9.1)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
     faraday-retry (2.2.0)
       faraday (~> 2.0)
-    ffi (1.15.5)
+    ffi (1.16.3)
     font-awesome-rails (4.7.0.8)
       railties (>= 3.2, < 8.0)
     forwardable (1.3.3)
@@ -182,6 +184,7 @@ GEM
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
+    language_server-protocol (3.17.0.3)
     license_finder (7.1.0)
       bundler
       rubyzip (>= 1, < 3)
@@ -190,12 +193,12 @@ GEM
       with_env (= 1.1.0)
       xml-simple (~> 1.1.9)
     locale (2.1.3)
-    lograge (0.13.0)
+    lograge (0.14.0)
       actionpack (>= 4)
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
-    loofah (2.21.3)
+    loofah (2.21.4)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -229,14 +232,14 @@ GEM
     msgpack (1.7.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    net-imap (0.3.7)
+    net-imap (0.4.1)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0)
       net-protocol
     nio4r (2.5.9)
     nokogiri (1.15.4-x86_64-linux)
@@ -264,13 +267,13 @@ GEM
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    pagy (6.0.4)
+    pagy (6.1.0)
     paleta (0.3.0)
     paper_trail (12.3.0)
       activerecord (>= 5.2)
       request_store (~> 1.1)
     parallel (1.23.0)
-    parser (3.2.2.3)
+    parser (3.2.2.4)
       ast (~> 2.4.1)
       racc
     pg (1.5.4)
@@ -304,7 +307,7 @@ GEM
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
     public_suffix (5.0.3)
-    puma (6.3.1)
+    puma (6.4.0)
       nio4r (~> 2.0)
     puma_worker_killer (0.3.1)
       get_process_mem (~> 0.2)
@@ -375,27 +378,29 @@ GEM
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.6.0)
-    regexp_parser (2.8.1)
+    regexp_parser (2.8.2)
     request_store (1.5.1)
       rack (>= 1.4)
     require_all (3.0.0)
     rexml (3.2.6)
-    rubocop (1.50.1)
+    rubocop (1.56.4)
+      base64 (~> 0.1.1)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.2.2.3)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
-    rubocop-performance (1.17.1)
+    rubocop-performance (1.19.1)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.19.0)
+    rubocop-rails (2.21.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
@@ -456,7 +461,7 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     text (1.3.1)
     thor (1.2.2)
-    tilt (2.2.0)
+    tilt (2.3.0)
     timeout (0.4.0)
     tomlrb (2.0.3)
     translation (1.37)
@@ -465,7 +470,7 @@ GEM
       concurrent-ruby (~> 1.0)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (2.4.2)
+    unicode-display_width (2.5.0)
     uniform_notifier (1.16.0)
     vcr (5.0.0)
     version_gem (1.1.3)
@@ -482,7 +487,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    websocket (1.2.9)
+    websocket (1.2.10)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -492,7 +497,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yaml-lint (0.1.2)
-    zeitwerk (2.6.11)
+    zeitwerk (2.6.12)
 
 PLATFORMS
   x86_64-linux
@@ -561,9 +566,9 @@ DEPENDENCIES
   rails_12factor (~> 0.0.3)
   railties (~> 7.0.7)
   redcarpet (~> 3.5)
-  rubocop (= 1.50.1)
-  rubocop-performance (= 1.17.1)
-  rubocop-rails (= 2.19.0)
+  rubocop (= 1.56.4)
+  rubocop-performance (= 1.19.1)
+  rubocop-rails (= 2.21.2)
   ruby-graphviz (= 1.2.5)
   sass-rails (~> 5.1)
   scout_apm

app/controllers/projects_controller.rb

@@ -752,7 +752,7 @@ def set_valid_query_url
   # rubocop:disable Metrics/AbcSize
   def sort_projects
     # Sort, if there is a requested order (otherwise use default created_at)
-    return unless params[:sort].present? && ALLOWED_SORT.include?(params[:sort])
+    return if params[:sort].blank? || ALLOWED_SORT.exclude?(params[:sort])
 
     sort_direction = params[:sort_direction] == 'desc' ? ' desc' : ' asc'
     sort_index = ALLOWED_SORT.index(params[:sort])

app/lib/blank_detective.rb

@@ -14,14 +14,14 @@ class BlankDetective < Detective
   # Individual detectives must identify their inputs, outputs
   INPUTS = [].freeze  # Input Hash required for Search
   OUTPUTS = [].freeze # Output Hash required to set database values.  Please see
-  # database schema for allowed valuses to be set.
+  # database schema for allowed values to be set.
   # Setup and major work goes here.  Do not attempt to return anything from this
   # part of the code as it causes crashes.
 
   def analyze(_evidence, _current)
     {
       # Your return has to go here.  This reformats the hashed return into
-      # chief understands.  Remember the output must corrospond to one of the
+      # chief understands.  Remember the output must correspond to one of the
       # values in the database structure.
       # Typically This would be in the form.
 

app/lib/chief.rb

@@ -143,7 +143,7 @@ def propose_changes
   # rubocop:disable Metrics/PerceivedComplexity
   def apply_changes(project, changes)
     changes.each do |key, data|
-      next unless ALLOWED_FIELDS.include?(key)
+      next if ALLOWED_FIELDS.exclude?(key)
       next unless update_value?(project, key, data)
 
       # Store change:

app/mailers/report_mailer.rb

@@ -64,7 +64,7 @@
     user = User.find(project.user_id)
     return if user.nil?
     return unless user.email?
-    return unless user.email.include?('@')
+    return if user.email.exclude?('@')
 
     @project_info_url =
       project_url(@project, locale: user.preferred_locale.to_sym)
@@ -95,7 +95,7 @@
     user = User.find(project.user_id)
     return if user.nil?
     return unless user.email?
-    return unless user.email.include?('@')
+    return if user.email.exclude?('@')
 
     @project_info_url =
       project_url(@project, locale: user.preferred_locale.to_sym)
@@ -163,7 +163,7 @@
     user = User.find(project.user_id)
     return if user.nil?
     return unless user.email?
-    return unless user.email.include?('@')
+    return if user.email.exclude?('@')
 
     @project_info_url =
       project_url(@project, locale: user.preferred_locale.to_sym)

app/models/project.rb

@@ -606,7 +606,7 @@ def justification_good?(justification)
   end
 
   def need_a_base_url
-    return unless repo_url.blank? && homepage_url.blank?
+    return if repo_url.present? || homepage_url.present?
 
     errors.add :base, I18n.t('error_messages.need_home_page_or_url')
   end

app/models/project_stat.rb

@@ -141,10 +141,10 @@
   # returns nil if no ProjectStat is available in that month.
   # Note that created_at is an index, so this should be extremely fast.
   def self.last_in_month(query_date)
-    ProjectStat.all
-               .where('created_at >= ?', query_date.beginning_of_month)
-               .where('created_at <= ?', query_date.end_of_month)
-               .reorder(:created_at).last
+    ProjectStat
+      .where('created_at >= ?', query_date.beginning_of_month)
+      .where('created_at <= ?', query_date.end_of_month)
+      .reorder(:created_at).last
   end
 
   # Return the name of the field for a given level 0..2
@@ -167,7 +167,7 @@
   # system reports instead of user interaction.
   # rubocop:disable Metrics/MethodLength
   def self.percent_field_description(level, percentage)
-    return "Bad level #{level}" unless Project::LEVEL_IDS.include?(level.to_s)
+    return "Bad level #{level}" if Project::LEVEL_IDS.exclude?(level.to_s)
 
     level_i = level.to_i
     percentage_i = percentage.to_i

config/locales/en.yml

@@ -2207,7 +2207,7 @@ en:
         details: >-
           The project might not achieve the roadmap, and that's
           fine; the purpose of the roadmap is to help potential
-          users and constributors understand the intended direction
+          users and contributors understand the intended direction
           of the project. It need not be detailed.
       documentation_architecture:
         description: >-

config/routes.rb

@@ -11,7 +11,7 @@
 # See how all your routes lay out with "rake routes".
 
 # This regex defines all legal locale values:
-LEGAL_LOCALE = /(?:#{I18n.available_locales.join("|")})/.freeze
+LEGAL_LOCALE = /(?:#{I18n.available_locales.join('|')})/.freeze
 
 # This regex is used to verify criteria levels in routes:
 VALID_CRITERIA_LEVEL = /[0-2]/.freeze

docs/implementation.md

@@ -1101,7 +1101,7 @@ ALL_DETECTIVES =
     HardenedSitesDetective (Name1Detective)
   ].freeze
 
-  where Name1Detective corrosponds to the new class created in name1_detective.  Without following the naming convention chief will not run the new detective.
+  where Name1Detective corresponds to the new class created in name1_detective.  Without following the naming convention chief will not run the new detective.
 
   A template detective called blank_detective.rb is supplied with the project with internal documentation as to how to use it.
 

docs/other.md

@@ -358,7 +358,7 @@ Upgrade some "passing" level SHOULD and SUGGESTED:
 
     *Details*: The project might not achieve the roadmap,
     and that's fine; the purpose of the roadmap is to help potential
-    users and constributors understand the intended direction of the
+    users and contributors understand the intended direction of the
     project. It need not be detailed.
 
 *   <a name="documentation_architecture"></a>

lib/tasks/default.rake

@@ -419,22 +419,22 @@ end
 def normalize_string(value, locale)
   # Remove trailing whitespace
   value.sub!(/\s+$/, '')
-  return value unless value.include?('<')
+  return value if value.exclude?('<')
 
   # Google Translate generates html text that has predictable errors.
   # The last entry mitigates the target=... vulnerability.  We don't need
   # to "counter" attacks from ourselves, but it does no harm and it's
   # easier to protect against everything.
-  value.gsub(/< a /, '<a ')
+  value.gsub('< a ', '<a ')
        .gsub(/< \057/, '</')
        .gsub(/<\057 /, '</')
-       .gsub(/<Strong>/, '<strong>')
-       .gsub(/<Em>/, '<em>')
+       .gsub('<Strong>', '<strong>')
+       .gsub('<Em>', '<em>')
        .gsub(/ Href *=/, 'href=')
-       .gsub(/href = /, 'href=')
-       .gsub(/class = /, 'class=')
-       .gsub(/target = /, 'target=')
-       .gsub(/target="_ blank">/, 'target="_blank">')
+       .gsub('href = ', 'href=')
+       .gsub('class = ', 'class=')
+       .gsub('target = ', 'target=')
+       .gsub('target="_ blank">', 'target="_blank">')
        .gsub(/target="_blank" *>/, 'target="_blank" rel="noopener">')
        .gsub(%r{https: // }, 'https://')
        .gsub(%r{href="/en/}, "href=\"/#{locale}/")
@@ -608,7 +608,7 @@ task :create_project_insertion_command do
   project_id = data_hash['id']
   puts "Inserting project id #{project_id}"
   # Escape JSON using SQL escape ' -> '', so we can use it in a SQL command
-  escaped_json = "'" + file_contents.gsub(/'/, "''") + "'"
+  escaped_json = "'" + file_contents.gsub("'", "''") + "'"
   sql_command = 'insert into projects select * from ' + "json_populate_record(NULL::projects, #{escaped_json});"
   File.write('project.sql', sql_command)
   puts 'File project.sql created. To use this, do the following (examples):'