Fix 'DEPRECATION WARNING: Dangerous query method' for order_votes
What does this MR do?
Overview
This fixes a deprecation warning that would appear when running ./spec/controllers/projects/issues_controller_spec.rb
:
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "COUNT(award_emoji.id) DESC". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from order_votes at /Users/allisonbrowne/gitlab/gdk2/gitlab/app/models/concerns/awardable.rb:70)
Implementation
This passes an Arel::Nodes::SqlLiteral
object rather than a string which removes the deprecation warning.
It is safe to wrap this with the Arel.sql method since there are no user provided inputs in the reorder clause.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team