13 files changed, 27 insertions, 19 deletions

diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 0d2d71e336a..c4c0fdda665 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -122,7 +122,7 @@ module API
         error_classes = [MissingTokenError, TokenNotFoundError,
                          ExpiredError, RevokedError, InsufficientScopeError]
 
-        base.send :rescue_from, *error_classes, oauth2_bearer_token_error_handler
+        base.__send__(:rescue_from, *error_classes, oauth2_bearer_token_error_handler) # rubocop:disable GitlabSecurity/PublicSend
       end
 
       def oauth2_bearer_token_error_handler
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index f7e251736ab..3e27761f033 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -83,7 +83,7 @@ module API
       expose :created_at, :last_activity_at
     end
 
-    class Project < BasicProjectDetails 
+    class Project < BasicProjectDetails
       include ::API::Helpers::RelatedResourcesHelpers
 
       expose :_links do
@@ -541,8 +541,9 @@ module API
         target_url    = "namespace_project_#{target_type}_url"
         target_anchor = "note_#{todo.note_id}" if todo.note_id?
 
-        Gitlab::Routing.url_helpers.public_send(target_url,
-          todo.project.namespace, todo.project, todo.target, anchor: target_anchor)
+        Gitlab::Routing
+          .url_helpers
+          .public_send(target_url, todo.project.namespace, todo.project, todo.target, anchor: target_anchor) # rubocop:disable GitlabSecurity/PublicSend
       end
 
       expose :body
diff --git a/lib/api/files.rb b/lib/api/files.rb
index 450334fee84..e2ac7142bc4 100644
--- a/lib/api/files.rb
+++ b/lib/api/files.rb
@@ -1,5 +1,8 @@
 module API
   class Files < Grape::API
+    # Prevents returning plain/text responses for files with .txt extension
+    after_validation { content_type "application/json" }
+
     helpers do
       def commit_params(attrs)
         {
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3582ed81b0f..b56fd2388b3 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -290,7 +290,7 @@ module API
 
     def uploaded_file(field, uploads_path)
       if params[field]
-        bad_request!("#{field} is not a file") unless params[field].respond_to?(:filename)
+        bad_request!("#{field} is not a file") unless params[field][:filename]
         return params[field]
       end
 
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index 8a67de10bca..a40018b214e 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -16,9 +16,9 @@ module API
                              case scope
                              when String
                                [scope]
-                             when Hashie::Mash
+                             when ::Hash
                                scope.values
-                             when Hashie::Array
+                             when ::Array
                                scope
                              else
                                ['unknown']
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 89dda88d3f5..15c3832b032 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -351,6 +351,8 @@ module API
 
         if user_project.forked_from_project.nil?
           user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id)
+
+          ::Projects::ForksCountService.new(forked_from_project).refresh_cache
         else
           render_api_error!("Project already forked", 409)
         end
diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb
index d742f2e18d0..dccf4fa27a7 100644
--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -61,7 +61,7 @@ module API
         service_args = [user_project, current_user, protected_branch_params]
 
         protected_branch = ::ProtectedBranches::CreateService.new(*service_args).execute
-        
+
         if protected_branch.persisted?
           present protected_branch, with: Entities::ProtectedBranch, project: user_project
         else
diff --git a/lib/api/runners.rb b/lib/api/runners.rb
index 5bf5a18e42f..31f940fe96b 100644
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -153,7 +153,7 @@ module API
           render_api_error!('Scope contains invalid value', 400)
         end
 
-        runners.send(scope)
+        runners.public_send(scope) # rubocop:disable GitlabSecurity/PublicSend
       end
 
       def get_runner(id)
diff --git a/lib/api/templates.rb b/lib/api/templates.rb
index 0fc13b35d5b..f70bc0622b7 100644
--- a/lib/api/templates.rb
+++ b/lib/api/templates.rb
@@ -57,7 +57,7 @@ module API
     end
     get "templates/licenses" do
       options = {
-        featured: declared(params).popular.present? ? true : nil
+        featured: declared(params)[:popular].present? ? true : nil
       }
       licences = ::Kaminari.paginate_array(Licensee::License.all(options))
       present paginate(licences), with: Entities::RepoLicense
@@ -71,7 +71,7 @@ module API
       requires :name, type: String, desc: 'The name of the template'
     end
     get "templates/licenses/:name", requirements: { name: /[\w\.-]+/ } do
-      not_found!('License') unless Licensee::License.find(declared(params).name)
+      not_found!('License') unless Licensee::License.find(declared(params)[:name])
 
       template = parsed_license_template
 
@@ -102,7 +102,7 @@ module API
         requires :name, type: String, desc: 'The name of the template'
       end
       get "templates/#{template_type}/:name" do
-        new_template = klass.find(declared(params).name)
+        new_template = klass.find(declared(params)[:name])
 
         render_response(template_type, new_template)
       end
diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb
index 93ad9eb26b8..c189d486f50 100644
--- a/lib/api/v3/builds.rb
+++ b/lib/api/v3/builds.rb
@@ -16,7 +16,7 @@ module API
                              coerce_with: ->(scope) {
                                             if scope.is_a?(String)
                                               [scope]
-                                            elsif   scope.is_a?(Hashie::Mash)
+                                            elsif   scope.is_a?(::Hash)
                                               scope.values
                                             else
                                               ['unknown']
diff --git a/lib/api/v3/notes.rb b/lib/api/v3/notes.rb
index 23fe95e42e4..d49772b92f2 100644
--- a/lib/api/v3/notes.rb
+++ b/lib/api/v3/notes.rb
@@ -22,7 +22,7 @@ module API
             use :pagination
           end
           get ":id/#{noteables_str}/:noteable_id/notes" do
-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend
 
             if can?(current_user, noteable_read_ability_name(noteable), noteable)
               # We exclude notes that are cross-references and that cannot be viewed
@@ -50,7 +50,7 @@ module API
             requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
           end
           get ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend
             note = noteable.notes.find(params[:note_id])
             can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user)
 
@@ -76,7 +76,7 @@ module API
               noteable_id: params[:noteable_id]
             }
 
-            noteable = user_project.send(noteables_str.to_sym).find(params[:noteable_id])
+            noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend
 
             if can?(current_user, noteable_read_ability_name(noteable), noteable)
               if params[:created_at] && (current_user.admin? || user_project.owner == current_user)
diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb
index eb090453b48..449876c10d9 100644
--- a/lib/api/v3/projects.rb
+++ b/lib/api/v3/projects.rb
@@ -388,6 +388,8 @@ module API
 
           if user_project.forked_from_project.nil?
             user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id)
+
+            ::Projects::ForksCountService.new(forked_from_project).refresh_cache
           else
             render_api_error!("Project already forked", 409)
           end
diff --git a/lib/api/v3/templates.rb b/lib/api/v3/templates.rb
index 4c577a8d2b7..2a2fb59045c 100644
--- a/lib/api/v3/templates.rb
+++ b/lib/api/v3/templates.rb
@@ -59,7 +59,7 @@ module API
         end
         get route do
           options = {
-            featured: declared(params).popular.present? ? true : nil
+            featured: declared(params)[:popular].present? ? true : nil
           }
           present Licensee::License.all(options), with: ::API::Entities::RepoLicense
         end
@@ -76,7 +76,7 @@ module API
           requires :name, type: String, desc: 'The name of the template'
         end
         get route, requirements: { name: /[\w\.-]+/ } do
-          not_found!('License') unless Licensee::License.find(declared(params).name)
+          not_found!('License') unless Licensee::License.find(declared(params)[:name])
 
           template = parsed_license_template
 
@@ -111,7 +111,7 @@ module API
             requires :name, type: String, desc: 'The name of the template'
           end
           get route do
-            new_template = klass.find(declared(params).name)
+            new_template = klass.find(declared(params)[:name])
 
             render_response(template_type, new_template)
           end