avoid metadata mutation in request_factory

rswag-specs/lib/rswag/specs/request_factory.rb

@@ -29,15 +29,11 @@ module Rswag
         path_item_params = metadata[:path_item][:parameters] || []
         security_params = derive_security_params(metadata, swagger_doc)
 
-        operation_params = operation_params
+        # NOTE: Use of + instead of concat to avoid mutation of the metadata object
-          .concat(path_item_params)
+        (operation_params + path_item_params + security_params)
-          .concat(security_params)
           .map { |p| p['$ref'] ? resolve_parameter(p['$ref'], swagger_doc) : p }
           .uniq { |p| p[:name] }
           .reject { |p| p[:required] == false && !example.respond_to?(p[:name]) }
-
-        metadata[:operation][:parameters] = operation_params unless operation_params.empty?
-        operation_params
       end
 
       def derive_security_params(metadata, swagger_doc)

rswag-specs/spec/rswag/specs/request_factory_spec.rb

@@ -236,17 +236,6 @@ module Rswag
             end
           end
 
-          context 'in header with no other params' do
-            let(:key_location) { :header }
-
-            it 'adds name and example value to the headers' do
-              expect(request[:headers]).to eq('api_key' => 'foobar')
-              expect(metadata[:operation][:parameters]).to(
-                include(name: 'api_key', in: :header, type: :string, required: true)
-              )
-            end
-          end
-
           context 'in header with auth param already added' do
             let(:key_location) { :header }
             before do