Enable Rubocop Rule to Freeze Constants

.rubocop.yml

@@ -1218,6 +1218,10 @@ Style/MultilineMemoization:
 Style/MultilineWhenThen:
   Enabled: true
 
+Style/MutableConstant:
+  Enabled: true
+  EnforcedStyle: strict
+
 Style/NegatedWhile:
   Enabled: true
 

Gemfile

@@ -115,7 +115,7 @@ group :development, :test do
   gem 'psych'
   gem 'rspec', '~> 3.12.0'
   gem 'rspec-rails', '~> 6.0'
-  gem 'rubocop', '~> 1.59.0', require: false
+  gem 'rubocop', '~> 1.62.0', require: false
   gem 'rubocop-performance', '~> 1.20.2', require: false
   gem 'rubocop-rails', '>= 2.5.2', require: false
   gem 'rubocop-rspec', require: false

Gemfile.lock

@@ -456,7 +456,7 @@ GEM
       openssl (> 2.0, < 3.1)
     orm_adapter (0.5.0)
     parallel (1.24.0)
-    parser (3.3.0.0)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
       racc
     pg (1.5.4)
@@ -611,19 +611,19 @@ GEM
     rspec-support (3.12.1)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (1.59.0)
+    rubocop (1.62.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.30.0)
-      parser (>= 3.2.1.0)
+    rubocop-ast (1.31.2)
+      parser (>= 3.3.0.4)
     rubocop-capybara (2.19.0)
       rubocop (~> 1.41)
     rubocop-factory_bot (2.24.0)
@@ -842,7 +842,7 @@ DEPENDENCIES
   rspec-rails (~> 6.0)
   rspec-retry
   rspec_junit_formatter
-  rubocop (~> 1.59.0)
+  rubocop (~> 1.62.0)
   rubocop-performance (~> 1.20.2)
   rubocop-rails (>= 2.5.2)
   rubocop-rspec

app/components/alert_icon_component.rb

@@ -8,7 +8,7 @@ class AlertIconComponent < BaseComponent
     personal_key: 'status/personal-key.svg',
     info_question: 'status/info-question.svg',
     delete: 'status/delete.svg',
-  }
+  }.freeze
   DEFAULT_WIDTH = 88
   DEFAULT_HEIGHT = 88
 

app/components/one_time_code_input_component.rb

@@ -16,7 +16,7 @@ class OneTimeCodeInputComponent < BaseComponent
   alias_method :autofocus?, :autofocus
 
   # @see https://tc39.es/ecma262/#prod-SyntaxCharacter
-  JS_REGEXP_SYNTAX_CHARACTER = Regexp.union(%w[^ $ \ . * + ? ( ) [ ] { } |])
+  JS_REGEXP_SYNTAX_CHARACTER = Regexp.union(%w[^ $ \ . * + ? ( ) [ ] { } |]).freeze
 
   # @param [FormBuilder] form Form builder instance.
   # @param [Symbol] name Field name. Defaults to `:code`.

app/components/spinner_button_component.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class SpinnerButtonComponent < BaseComponent
-  DEFAULT_LONG_WAIT_DURATION = 15.seconds
+  DEFAULT_LONG_WAIT_DURATION = 15.seconds.freeze
 
   attr_reader :action_message,
               :button_options,

app/controllers/analytics_events_controller.rb

@@ -6,7 +6,7 @@ class AnalyticsEventsController < ApplicationController
   prepend_before_action :skip_session_expiration
   skip_before_action :disable_caching
 
-  JSON_FILE = Rails.public_path.join('api', '_analytics-events.json')
+  JSON_FILE = Rails.public_path.join('api', '_analytics-events.json').freeze
 
   def index
     if File.exist?(JSON_FILE)

app/controllers/concerns/two_factor_authenticatable.rb

@@ -9,7 +9,7 @@ module TwoFactorAuthenticatable
   DIRECT_OTP_LENGTH = 6
   PROOFING_DIRECT_OTP_LENGTH = 6
   ALLOWED_OTP_DRIFT_SECONDS = 30
-  DIRECT_OTP_VALID_FOR_MINUTES = IdentityConfig.store.otp_valid_for
+  DIRECT_OTP_VALID_FOR_MINUTES = IdentityConfig.store.otp_valid_for.freeze
   DIRECT_OTP_VALID_FOR_SECONDS = DIRECT_OTP_VALID_FOR_MINUTES * 60
   REMEMBER_2FA_COOKIE = 'remember_tfa'
 

app/controllers/idv/please_call_controller.rb

@@ -9,7 +9,7 @@ class PleaseCallController < ApplicationController
     before_action :handle_fraud_rejection
     before_action :confirm_fraud_pending
 
-    FRAUD_REVIEW_CONTACT_WITHIN_DAYS = 14.days
+    FRAUD_REVIEW_CONTACT_WITHIN_DAYS = 14.days.freeze
 
     def show
       analytics.idv_please_call_visited

app/controllers/idv/unavailable_controller.rb

@@ -2,7 +2,7 @@
 
 module Idv
   class UnavailableController < ApplicationController
-    ALLOWED_FROM_LOCATIONS = [SignUp::RegistrationsController::CREATE_ACCOUNT]
+    ALLOWED_FROM_LOCATIONS = [SignUp::RegistrationsController::CREATE_ACCOUNT].freeze
 
     before_action :redirect_if_idv_available_and_from_create_account
 

app/forms/idv/doc_pii_form.rb

@@ -78,7 +78,8 @@ def self.present_error(existing_errors)
 
     private
 
-    PII_ERROR_KEYS = %i[name dob address1 state zipcode jurisdiction state_id_number dob_min_age]
+    PII_ERROR_KEYS = %i[name dob address1 state zipcode jurisdiction state_id_number
+                        dob_min_age].freeze
 
     attr_reader :pii_from_doc
 

app/forms/openid_connect_token_form.rb

@@ -5,7 +5,7 @@ class OpenidConnectTokenForm
   include ActionView::Helpers::TranslationHelper
   include Rails.application.routes.url_helpers
 
-  ISSUED_AT_LEEWAY_SECONDS = 10.seconds.to_i
+  ISSUED_AT_LEEWAY_SECONDS = 10.seconds.to_i.freeze
 
   ATTRS = %i[
     client_assertion

app/jobs/get_usps_proofing_results_job.rb

@@ -11,10 +11,10 @@ class GetUspsProofingResultsJob < ApplicationJob
   SUPPORTED_ID_TYPES = [
     "State driver's license",
     "State non-driver's identification card",
-  ]
+  ].freeze
   SUPPORTED_SECONDARY_ID_TYPES = [
     'Visual Inspection of Name and Address on Primary ID Match',
-  ]
+  ].freeze
 
   queue_as :long_running
 
@@ -57,8 +57,8 @@ def perform(_now)
   attr_accessor :enrollment_outcomes
 
   DEFAULT_EMAIL_DELAY_IN_HOURS = 1
-  REQUEST_DELAY_IN_SECONDS = IdentityConfig.store.
-    get_usps_proofing_results_job_request_delay_milliseconds / MILLISECONDS_PER_SECOND
+  REQUEST_DELAY_IN_SECONDS = (IdentityConfig.store.
+    get_usps_proofing_results_job_request_delay_milliseconds / MILLISECONDS_PER_SECOND).freeze
 
   def proofer
     @proofer ||= UspsInPersonProofing::EnrollmentHelper.usps_proofer

app/models/gpo_confirmation.rb

@@ -3,7 +3,7 @@
 class GpoConfirmation < ApplicationRecord
   self.table_name = 'usps_confirmations'
 
-  ENTRY_ATTRIBUTES = %i[otp address1 city state zipcode]
+  ENTRY_ATTRIBUTES = %i[otp address1 city state zipcode].freeze
   ENTRY_ATTRIBUTES.each do |attr|
     define_method(:"entry_#{attr}") do
       entry[attr]

app/models/service_provider_identity.rb

@@ -18,7 +18,7 @@ class ServiceProviderIdentity < ApplicationRecord
 
   scope :not_deleted, -> { where(deleted_at: nil) }
 
-  CONSENT_EXPIRATION = 1.year
+  CONSENT_EXPIRATION = 1.year.freeze
 
   def deactivate
     update!(session_uuid: nil)

app/presenters/account_show_presenter.rb

@@ -89,7 +89,7 @@ def totp_content
     :dob,
     :phone,
     keyword_init: true,
-  )
+  ).freeze
 
   def obfuscated_pii_accessor
     PiiAccessor.new(

app/presenters/idv/in_person/ready_to_verify_presenter.rb

@@ -4,7 +4,7 @@ module Idv
   module InPerson
     class ReadyToVerifyPresenter
       # WILLFIX: With LG-6881, confirm timezone or use deadline from enrollment response.
-      USPS_SERVER_TIMEZONE = ActiveSupport::TimeZone['America/New_York']
+      USPS_SERVER_TIMEZONE = ActiveSupport::TimeZone['America/New_York'].dup.freeze
 
       attr_reader :barcode_image_url
 

app/presenters/idv/in_person/verification_results_email_presenter.rb

@@ -8,7 +8,7 @@ class VerificationResultsEmailPresenter
       attr_reader :enrollment, :url_options
 
       # update to user's time zone when out of pilot
-      USPS_SERVER_TIMEZONE = ActiveSupport::TimeZone['America/New_York']
+      USPS_SERVER_TIMEZONE = ActiveSupport::TimeZone['America/New_York'].dup.freeze
 
       def initialize(enrollment:, url_options:)
         @enrollment = enrollment

app/services/browser_cache.rb

@@ -2,7 +2,9 @@
 
 class BrowserCache
   @cache = LruRedux::Cache.new(1_000)
+  # rubocop:disable Style/MutableConstant
   DEFAULT_BROWSER = Browser.new(nil)
+  # rubocop:enable Style/MutableConstant
   USER_AGENT_SIZE = Browser.user_agent_size_limit - 1
 
   # Detects browser attributes from User-Agent, truncated to 2047 bytes due

app/services/doc_auth/error_generator.rb

@@ -11,7 +11,7 @@ def handle(response_info)
   class IdTypeErrorHandler < ErrorHandler
     SUPPORTED_ID_CLASSNAME = ['Identification Card', 'Drivers License'].freeze
     ACCEPTED_ISSUER_TYPES = [DocAuth::LexisNexis::IssuerTypes::STATE_OR_PROVINCE.name,
-                             DocAuth::LexisNexis::IssuerTypes::UNKNOWN.name]
+                             DocAuth::LexisNexis::IssuerTypes::UNKNOWN.name].freeze
     def handle(response_info)
       get_id_type_errors(response_info[:classification_info])
     end
@@ -114,14 +114,15 @@ def is_generic_selfie_error?(error)
       error == Errors::SELFIE_FAILURE
     end
 
-    SELFIE_GENERAL_FAILURE_ERROR =
+    def selfie_general_failure_error
       {
         general: [Errors::SELFIE_FAILURE],
         front: [Errors::MULTIPLE_FRONT_ID_FAILURES],
         back: [Errors::MULTIPLE_BACK_ID_FAILURES],
         selfie: [Errors::SELFIE_FAILURE],
         hints: false,
       }
+    end
 
     private
 
@@ -252,7 +253,7 @@ class ErrorGenerator
     GENERAL = :general
 
     ACCEPTED_ISSUER_TYPES = [DocAuth::LexisNexis::IssuerTypes::STATE_OR_PROVINCE.name,
-                             DocAuth::LexisNexis::IssuerTypes::UNKNOWN.name]
+                             DocAuth::LexisNexis::IssuerTypes::UNKNOWN.name].freeze
 
     ERROR_KEYS = [
       ID,
@@ -317,7 +318,7 @@ def generate_doc_auth_errors(response_info)
 
       # if selfie itself is ok, but we have selfie related error
       if selfie_error_handler.is_generic_selfie_error?(selfie_error)
-        return SelfieErrorHandler::SELFIE_GENERAL_FAILURE_ERROR
+        return selfie_error_handler.selfie_general_failure_error
       end
 
       # other vendor response detail error

app/services/doc_auth/errors.rb

@@ -123,7 +123,7 @@ module Errors
       SELFIE_FAILURE => { long_msg: SELFIE_FAILURE, field_msg: SELFIE_FAILURE, hints: false },
       SELFIE_NOT_LIVE => { long_msg: SELFIE_NOT_LIVE, field_msg: SELFIE_FAILURE, hints: false },
       SELFIE_POOR_QUALITY => { long_msg: SELFIE_POOR_QUALITY, field_msg: SELFIE_FAILURE, hints: false },
-    }
+    }.transform_values(&:freeze).freeze
     # rubocop:enable Layout/LineLength
   end
 end

app/services/doc_auth/lexis_nexis/config.rb

@@ -39,6 +39,6 @@ def validate!
         raise 'config missing base_url' if !base_url
         raise 'config missing locale' if !locale
       end
-    end
+    end.freeze
   end
 end

app/services/doc_auth/mock/config.rb

@@ -13,6 +13,6 @@ module Mock
         :sharpness_threshold,
         :glare_threshold,
       ],
-    )
+    ).freeze
   end
 end

app/services/doc_auth/response.rb

@@ -10,7 +10,7 @@ class Response
     ID_TYPE_SLUGS = {
       'Identification Card' => 'state_id_card',
       'Drivers License' => 'drivers_license',
-    }
+    }.freeze
 
     def initialize(
       success:,

app/services/doc_auth/selfie_concern.rb

@@ -33,13 +33,13 @@ def selfie_check_performed?
 
   private
 
-    SELFIE_PERFORMED_STATUSES = %i[success fail]
+    SELFIE_PERFORMED_STATUSES = %i[success fail].freeze
 
     ERROR_TEXTS = {
       success: 'Successful. Liveness: Live',
       not_live: 'Liveness: NotLive',
       poor_quality: 'Liveness: PoorQuality',
-    }
+    }.freeze
 
     # @param [Object] portrait_match_results trueid portait match info
     def get_portrait_error(portrait_match_results)

app/services/document_capture_session_result.rb

@@ -45,4 +45,4 @@ def selfie_status
       return self[member_name]&.include?(fingerprint)
     end
   end
-end
+end.freeze

app/services/encryption/contextless_kms_client.rb

@@ -12,7 +12,7 @@ class ContextlessKmsClient
         instance_profile_credentials_timeout: 1, # defaults to 1 second
         instance_profile_credentials_retries: 5, # defaults to 0 retries
       )
-    end
+    end.freeze
 
     KEY_TYPE = {
       KMS: 'KMSx',

app/services/encryption/encryptors/pii_encryptor.rb

@@ -33,7 +33,7 @@ def self.extract_encrypted_data(parsed_json)
           )
           decode(encoded_encrypted_data)
         end
-      end
+      end.freeze
 
       def initialize(password)
         @password = password

app/services/encryption/kms_client.rb

@@ -22,7 +22,7 @@ class KmsClient
         instance_profile_credentials_retries: 5, # defaults to 0 retries
         region: IdentityConfig.store.aws_region, # The region in which the client is being instantiated
       )
-    end
+    end.freeze
     # rubocop:enable Layout/LineLength
 
     attr_reader :kms_key_id

app/services/encryption/password_verifier.rb

@@ -29,7 +29,7 @@ def to_s
       def uak_password_digest?
         encryption_key.present?
       end
-    end
+    end.freeze
 
     def initialize
       @aes_cipher = AesCipher.new

app/services/encryption/regional_ciphertext_pair.rb

@@ -10,4 +10,4 @@ def to_ary
   def multi_or_single_region_ciphertext
     multi_region_ciphertext.presence || single_region_ciphertext
   end
-end
+end.freeze

app/services/encryption/uak_password_verifier.rb

@@ -28,7 +28,7 @@ def to_s
           password_cost: password_cost,
         }.to_json
       end
-    end
+    end.freeze
 
     def self.digest(password)
       salt = SecureRandom.hex(32)