Skip to content

build(deps-dev): bump rubocop-rails from 2.34.3 to 2.35.4#5156

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubocop-rails-2.35.4
Open

build(deps-dev): bump rubocop-rails from 2.34.3 to 2.35.4#5156
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubocop-rails-2.35.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps rubocop-rails from 2.34.3 to 2.35.4.

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.35.4

Bug fixes

  • #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). (@​koic)
  • #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). (@​koic)
  • #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. (@​jdelStrother)

RuboCop Rails v2.35.3

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. (@​koic)
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. (@​lucasmazza)

RuboCop Rails v2.35.2

Bug fixes

  • #1625: Fix false positives in Rails/StrongParametersExpect when using collection methods (such as delete, keys, merge, slice, dig, fetch, or transform_values) on params[:key], as well as block-style calls such as params[:key].each { ... } or params[:key].map(&:to_s). (@​koic)
  • #1627: Fix false positives in Rails/StrongParametersExpect for usages like params[:key].try(:method) and params[:key].try!(:method). (@​nicholasdower)

RuboCop Rails v2.35.1

Bug fixes

  • #1616: Fix false positives in Rails/StrongParametersExpect when using nil-safe conversion methods such as to_i, to_s, to_a, to_f, and to_h on params[:key]. (@​koic)
  • #1622: Fix false positives in Rails/StrongParametersExpect when using key-check methods such as key?, has_key?, include?, and member? on params[:key]. (@​koic)
  • #1620: Fix false positives in Rails/StrongParametersExpect when using type-check methods such as is_a?, kind_of?, and instance_of? on params[:key]. (@​koic)

RuboCop Rails v2.35.0

Bug fixes

  • #1595: Fix a false negative for Rails/I18nLocaleTexts when using redirect_back_or_to with a flash message. ([@​55728][])
  • #1587: Fix false positives for Rails/Presence with operator methods like <<, =~, and others. ([@​eugeneius][])
  • #1586: Don't add unnecessary parentheses in Rails/Presence. ([@​eugeneius][])
  • #1602: Fix an error in Rails/SelectMap when .select appears inside a subquery in an argument. (@​koic)
  • #1604: Allow DatabaseTypeResolvable to fall back to an adapter configuration specified in a shared key. ([@​codergeek121][])
  • #1582: Fix a false negative where local was incorrectly treated as a known environment name when using == comparison in Rails/UnknownEnv. ([@​lovro-bikic][])

Changes

... (truncated)

Changelog

Sourced from rubocop-rails's changelog.

2.35.4 (2026-06-07)

Bug fixes

  • #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). ([@​koic][])
  • #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). ([@​koic][])
  • #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. ([@​jdelStrother][])

2.35.3 (2026-05-27)

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. ([@​koic][])
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. ([@​lucasmazza][])

2.35.2 (2026-05-19)

Bug fixes

  • #1625: Fix false positives in Rails/StrongParametersExpect when using collection methods (such as delete, keys, merge, slice, dig, fetch, or transform_values) on params[:key], as well as block-style calls such as params[:key].each { ... } or params[:key].map(&:to_s). ([@​koic][])
  • #1627: Fix false positives in Rails/StrongParametersExpect for usages like params[:key].try(:method) and params[:key].try!(:method). ([@​nicholasdower][])

2.35.1 (2026-05-17)

Bug fixes

  • #1616: Fix false positives in Rails/StrongParametersExpect when using nil-safe conversion methods such as to_i, to_s, to_a, to_f, and to_h on params[:key]. ([@​koic][])
  • #1622: Fix false positives in Rails/StrongParametersExpect when using key-check methods such as key?, has_key?, include?, and member? on params[:key]. ([@​koic][])
  • #1620: Fix false positives in Rails/StrongParametersExpect when using type-check methods such as is_a?, kind_of?, and instance_of? on params[:key]. ([@​koic][])

2.35.0 (2026-05-09)

Bug fixes

  • #1595: Fix a false negative for Rails/I18nLocaleTexts when using redirect_back_or_to with a flash message. ([@​55728][])
  • #1587: Fix false positives for Rails/Presence with operator methods like <<, =~, and others. ([@​eugeneius][])
  • #1586: Don't add unnecessary parentheses in Rails/Presence. ([@​eugeneius][])
  • #1602: Fix an error in Rails/SelectMap when .select appears inside a subquery in an argument. ([@​koic][])
  • #1604: Allow DatabaseTypeResolvable to fall back to an adapter configuration specified in a shared key. ([@​codergeek121][])
  • #1582: Fix a false negative where local was incorrectly treated as a known environment name when using == comparison in Rails/UnknownEnv. ([@​lovro-bikic][])

Changes

  • #1571: Add more detection patterns on Rails/ResponseParsedBody. ([@​r7kamura][])
  • #1583: Extend Rails/StrongParametersExpect to detect params[:key] in method calls and raising finder methods. ([@​koic][])
  • #1584: Add support for case statements to Rails/UnknownEnv. ([@​lovro-bikic][])
  • #1592: Fix false negative for != comparison in Rails/UnknownEnv. ([@​lovro-bikic][])
  • #1598: Use glob patterns compatible with Engine or Packwerk for cops targeting spec/ and test/ directories. ([@​y-yagi][])
Commits
  • a4d53a5 Cut 2.35.4
  • e9e592d Update Changelog
  • 84eb5fe [Doc] Update the doc for Rails/StrongParametersExpect
  • 5490e3e Merge pull request #1636 from koic/fix_strong_parameters_expect_dynamic_permi...
  • cfe75e9 [Fix #1574] Fix an invalid autocorrection for Rails/StrongParametersExpect
  • 4817d57 Merge pull request #1633 from koic/doc_strong_parameters_expect_safety
  • d9824c6 Merge pull request #1634 from koic/fix_strong_parameters_expect_array_require
  • e30a80b Merge pull request #1635 from jdelStrother/params-inspect
  • 70651a0 Allow inspect in Rails/StrongParametersExpect
  • a8f6e0c [Doc] Document additional unsafety of Rails/StrongParametersExpect
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump rubocop-rails from 2.34.3 to 2.35.4
4950fc8 
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.34.3 to 2.35.4.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rails@v2.34.3...v2.35.4)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-version: 2.35.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 8, 2026
@dependabot dependabot Bot mentioned this pull request Jun 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants