fix: solve semgrep issues to avoid warnings

Author: Bulletdev

app/modules/meta_intelligence/controllers/builds_controller.rb

@@ -123,10 +123,9 @@ def apply_filters(scope)
       end
 
       def build_create_params
-        # nosemgrep: ruby.lang.security.model-attr-accessible.model-attr-accessible
         # :role is the LoL champion role (adc/jungle/mid/etc.), not a user authorization role.
         # SavedBuild has no admin/banned/account_id fields — mass assignment risk does not apply.
-        params.require(:build).permit(
+        params.require(:build).permit( # nosemgrep: ruby.lang.security.model-attr-accessible.model-attr-accessible
           :champion, :role, :patch_version, :title, :notes, :is_public,
           :primary_rune_tree, :secondary_rune_tree,
           :summoner_spell_1, :summoner_spell_2, :trinket,

app/views/user_mailer/password_reset.html.erb

@@ -7,9 +7,8 @@
 <p>Click the button below to reset your password:</p>
 
 <p style="text-align: center;">
-  <%# nosemgrep: ruby.rails.security.audit.xss.templates.var-in-href.var-in-href
-      @reset_url is validated in UserMailer#password_reset to be http/https only (URI::HTTP check) %>
-  <a href="<%= @reset_url %>" class="button">Reset Password</a>
+  <%# @reset_url is validated in UserMailer#password_reset to be http/https only (URI::HTTP check) %>
+  <a href="<%= @reset_url %>" class="button">Reset Password</a><%# nosemgrep: ruby.rails.security.audit.xss.templates.var-in-href.var-in-href %>
 </p>
 
 <p>Or copy and paste this link into your browser:</p>