Skip to content

Bump rubocop-rails from 2.35.0 to 2.35.4 in the rubocop group#421

Open
dependabot[bot] wants to merge 1 commit into
stagingfrom
dependabot/bundler/rubocop-45d2eb50df
Open

Bump rubocop-rails from 2.35.0 to 2.35.4 in the rubocop group#421
dependabot[bot] wants to merge 1 commit into
stagingfrom
dependabot/bundler/rubocop-45d2eb50df

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown

Bumps the rubocop group with 1 update: rubocop-rails.

Updates rubocop-rails from 2.35.0 to 2.35.4

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails v2.35.4

Bug fixes

  • #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). (@​koic)
  • #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). (@​koic)
  • #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. (@​jdelStrother)

RuboCop Rails v2.35.3

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. (@​koic)
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. (@​lucasmazza)

RuboCop Rails v2.35.2

Bug fixes

  • #1625: Fix false positives in Rails/StrongParametersExpect when using collection methods (such as delete, keys, merge, slice, dig, fetch, or transform_values) on params[:key], as well as block-style calls such as params[:key].each { ... } or params[:key].map(&:to_s). (@​koic)
  • #1627: Fix false positives in Rails/StrongParametersExpect for usages like params[:key].try(:method) and params[:key].try!(:method). (@​nicholasdower)

RuboCop Rails v2.35.1

Bug fixes

  • #1616: Fix false positives in Rails/StrongParametersExpect when using nil-safe conversion methods such as to_i, to_s, to_a, to_f, and to_h on params[:key]. (@​koic)
  • #1622: Fix false positives in Rails/StrongParametersExpect when using key-check methods such as key?, has_key?, include?, and member? on params[:key]. (@​koic)
  • #1620: Fix false positives in Rails/StrongParametersExpect when using type-check methods such as is_a?, kind_of?, and instance_of? on params[:key]. (@​koic)
Changelog

Sourced from rubocop-rails's changelog.

2.35.4 (2026-06-07)

Bug fixes

  • #1418: Fix a false positive for Rails/StrongParametersExpect when require is given an array literal, such as params.require([:foo, :bar]).permit(:baz). ([@​koic][])
  • #1574: Fix an invalid autocorrection for Rails/StrongParametersExpect when permit receives a single dynamic argument, such as params.require(:user).permit(permitted_attributes). ([@​koic][])
  • #1635: Fix Rails/StrongParametersExpect to allow params[:foo].inspect. ([@​jdelStrother][])

2.35.3 (2026-05-27)

Bug fixes

  • #1630: Fix a false positive in Rails/StrongParametersExpect when negating params[:key] with !, such as !params[:key]. ([@​koic][])
  • #1629: Fix false positives in Rails/StrongParametersExpect when using the safe navigation operator (&.) on params[:key]. Autocorrecting params[:key]&.downcase to params.expect(:key).downcase silently changes behavior — a missing param goes from returning nil to raising ActionController::ParameterMissing. ([@​lucasmazza][])

2.35.2 (2026-05-19)

Bug fixes

  • #1625: Fix false positives in Rails/StrongParametersExpect when using collection methods (such as delete, keys, merge, slice, dig, fetch, or transform_values) on params[:key], as well as block-style calls such as params[:key].each { ... } or params[:key].map(&:to_s). ([@​koic][])
  • #1627: Fix false positives in Rails/StrongParametersExpect for usages like params[:key].try(:method) and params[:key].try!(:method). ([@​nicholasdower][])

2.35.1 (2026-05-17)

Bug fixes

  • #1616: Fix false positives in Rails/StrongParametersExpect when using nil-safe conversion methods such as to_i, to_s, to_a, to_f, and to_h on params[:key]. ([@​koic][])
  • #1622: Fix false positives in Rails/StrongParametersExpect when using key-check methods such as key?, has_key?, include?, and member? on params[:key]. ([@​koic][])
  • #1620: Fix false positives in Rails/StrongParametersExpect when using type-check methods such as is_a?, kind_of?, and instance_of? on params[:key]. ([@​koic][])
Commits
  • a4d53a5 Cut 2.35.4
  • e9e592d Update Changelog
  • 84eb5fe [Doc] Update the doc for Rails/StrongParametersExpect
  • 5490e3e Merge pull request #1636 from koic/fix_strong_parameters_expect_dynamic_permi...
  • cfe75e9 [Fix #1574] Fix an invalid autocorrection for Rails/StrongParametersExpect
  • 4817d57 Merge pull request #1633 from koic/doc_strong_parameters_expect_safety
  • d9824c6 Merge pull request #1634 from koic/fix_strong_parameters_expect_array_require
  • e30a80b Merge pull request #1635 from jdelStrother/params-inspect
  • 70651a0 Allow inspect in Rails/StrongParametersExpect
  • a8f6e0c [Doc] Document additional unsafety of Rails/StrongParametersExpect
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump rubocop-rails from 2.35.0 to 2.35.4 in the rubocop group
8ed319c 
Bumps the rubocop group with 1 update: [rubocop-rails](https://github.com/rubocop/rubocop-rails).


Updates `rubocop-rails` from 2.35.0 to 2.35.4
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rails@v2.35.0...v2.35.4)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-version: 2.35.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants