linter fixes

miguelgrinberg · miguelgrinberg · commit 51affce94819 · 2025-07-31T15:17:05.000+01:00
diff --git a/docs/reference/esql-query-builder.md b/docs/reference/esql-query-builder.md
@@ -207,7 +207,7 @@ query = (
 
 ES|QL, like most query languages, is vulnerable to [code injection attacks](https://en.wikipedia.org/wiki/Code_injection) if untrusted data provided by users is added to a query. To eliminate this risk, ES|QL allows untrusted data to be given separately from the query as parameters.
 
-Continuing with the example above, let's assume that the application needs a `find_employee_by_name()` function that searches for the name given as an argument. If this argument is received by the application from users, then it is considered untrusted and cannot be added to the query directly. Here is how to code the function in a secure manner:
+Continuing with the example above, let's assume that the application needs a `find_employee_by_name()` function that searches for the name given as an argument. If this argument is received by the application from users, then it is considered untrusted and should not be added to the query directly. Here is how to code the function in a secure manner:
 
 ```python
 def find_employee_by_name(name):
@@ -219,7 +219,7 @@ def find_employee_by_name(name):
     return client.esql.query(query=str(query), params=[name])
 ```
 
-Here the part of the query in which the untrusted data needs to be inserted is replaced with a parameter, which in ES|QL is defined by the question mark. In Python the parameter is given as `E("?")` so that it is treated as an expression and not as a literal string.
+Here the part of the query in which the untrusted data needs to be inserted is replaced with a parameter, which in ES|QL is defined by the question mark. When using Python expressions, the parameter must be given as `E("?")` so that it is treated as an expression and not as a literal string.
 
 The list of values given in the `params` argument to the query endpoint are assigned in order to the parameters defined in the query.
 
diff --git a/elasticsearch/esql/esql.py b/elasticsearch/esql/esql.py
@@ -117,7 +117,7 @@ def _format_index(index: IndexType) -> str:
         return index._index._name if hasattr(index, "_index") else str(index)
 
     @staticmethod
-    def _format_id(id: FieldType, allow_patterns=False) -> str:
+    def _format_id(id: FieldType, allow_patterns: bool = False) -> str:
         s = str(id)  # in case it is an InstrumentedField
         if allow_patterns and "*" in s:
             return s  # patterns cannot be escaped
@@ -696,7 +696,7 @@ def _render_internal(self) -> str:
         names = (
             ""
             if not self._type_name and not self._pvalue_name
-            else f' AS {self._format_id(self._type_name) or "type"}, {self._format_id(self._pvalue_name) or "pvalue"}'
+            else f' AS {self._format_id(self._type_name or "type")}, {self._format_id(self._pvalue_name or "pvalue")}'
         )
         return f"CHANGE_POINT {self._value}{key}{names}"
 
