Merge pull request #131 from nebolsin/security/rubocop-upgrade

dblock · web-flow · commit 8c044acb5d2f · 2017-10-03T15:31:05.000-04:00
Upgrade to Rubocop 0.50.0 (fixes CVE-2017-8418)
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -1,2 +1,7 @@
 inherit_from: .rubocop_todo.yml
 
+AllCops:
+  TargetRubyVersion: 2.2
+
+Metrics/BlockLength:
+  ExcludedMethods: [it, describe]
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2017-08-26 18:01:43 +0100 using RuboCop version 0.42.0.
+# on 2017-10-01 22:20:54 +0300 using RuboCop version 0.50.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -12,7 +12,7 @@ Metrics/ClassLength:
   Max: 110
 
 # Offense count: 97
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes.
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
 # URISchemes: http, https
 Metrics/LineLength:
   Max: 142
@@ -27,11 +27,6 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Max: 398
 
-# Offense count: 1
-Style/AsciiComments:
-  Exclude:
-    - 'lib/hyperclient/collection.rb'
-
 # Offense count: 2
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: nested, compact
@@ -56,25 +51,7 @@ Style/DoubleNegation:
     - 'lib/hyperclient/curie.rb'
     - 'lib/hyperclient/link.rb'
 
-# Offense count: 5
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, SupportedStyles.
-# SupportedStyles: line_count_dependent, lambda, literal
-Style/Lambda:
-  Exclude:
-    - 'test/hyperclient/entry_point_test.rb'
-    - 'test/hyperclient/link_test.rb'
-    - 'test/hyperclient/resource_test.rb'
-
 # Offense count: 1
 Style/MethodMissing:
   Exclude:
     - 'lib/hyperclient/collection.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, SupportedStyles, AllowInnerSlashes.
-# SupportedStyles: slashes, percent_r, mixed
-Style/RegexpLiteral:
-  Exclude:
-    - 'features/support/api.rb'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ### 0.8.7 (Next)
 
+* [#131](https://github.com/codegram/hyperclient/pull/131): Upgrade to Rubocop 0.50.0, fix Bundler's insecure git source warning - [@nebolsin](https://github.com/nebolsin).
 * Your contribution here.
 
 ### 0.8.6 (August 27, 2017)
diff --git a/Gemfile b/Gemfile
@@ -1,3 +1,6 @@
+# NOTE: this is temporary until Bundler 2.0 changes how github: references work.
+git_source(:github) { |repo| "https://github.com/#{repo['/'] ? repo : "#{repo}/#{repo}"}.git" }
+
 source 'https://rubygems.org'
 
 gemspec
@@ -12,20 +15,20 @@ group :development do
 end
 
 group :development, :test do
-  gem 'yard', '~> 0.8'
-  gem 'yard-tomdoc'
   gem 'rake'
+  gem 'rubocop', '~> 0.50.0', require: false
   gem 'simplecov', require: false
-  gem 'rubocop', '~> 0.42.0', require: false
+  gem 'yard', '~> 0.8'
+  gem 'yard-tomdoc'
 end
 
 group :test do
-  gem 'futuroscope', github: 'codegram/futuroscope'
   gem 'danger-changelog', '~> 0.1'
+  gem 'futuroscope', github: 'codegram/futuroscope'
   gem 'minitest'
-  gem 'turn'
-  gem 'webmock'
   gem 'mocha'
   gem 'rack-test'
   gem 'spinach'
+  gem 'turn'
+  gem 'webmock'
 end
diff --git a/Rakefile b/Rakefile
@@ -17,7 +17,7 @@ require 'yard'
 YARD::Config.load_plugin('yard-tomdoc')
 YARD::Rake::YardocTask.new do |t|
   t.files   = ['lib/**/*.rb']
-  t.options = %w(-r README.md)
+  t.options = %w[-r README.md]
 end
 
 require 'rake/testtask'
@@ -38,4 +38,4 @@ end
 require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop)
 
-task default: [:test, :spinach, :rubocop]
+task default: %i[test spinach rubocop]
diff --git a/features/steps/api_navigation.rb b/features/steps/api_navigation.rb
@@ -18,7 +18,7 @@ class Spinach::Features::ApiNavigation < Spinach::FeatureSteps
   end
 
   step 'I search for posts by tag with a templated link' do
-    api._links.tagged._expand(tags: %w(foo bar))._resource
+    api._links.tagged._expand(tags: %w[foo bar])._resource
   end
 
   step 'the API should receive the request for posts by tag with all the params' do
diff --git a/features/support/api.rb b/features/support/api.rb
@@ -7,7 +7,7 @@ module API
   before do
     WebMock::Config.instance.query_values_notation = :flat_array
 
-    stub_request(:any, %r{api.example.org*}).to_return(body: root_response, headers: { 'Content-Type' => 'application/hal+json' })
+    stub_request(:any, /api.example.org*/).to_return(body: root_response, headers: { 'Content-Type' => 'application/hal+json' })
     stub_request(:get, 'api.example.org/posts').to_return(body: posts_response, headers: { 'Content-Type' => 'application/hal+json' })
     stub_request(:get, 'api.example.org/posts/1').to_return(body: post_response, headers: { 'Content-Type' => 'application/hal+json' })
     stub_request(:get, 'api.example.org/page2').to_return(body: page2_response, headers: { 'Content-Type' => 'application/hal+json' })
diff --git a/hyperclient.gemspec b/hyperclient.gemspec
@@ -1,4 +1,4 @@
-# -*- encoding: utf-8 -*-
+
 require File.expand_path('../lib/hyperclient/version', __FILE__)
 
 Gem::Specification.new do |gem|
diff --git a/lib/hyperclient/collection.rb b/lib/hyperclient/collection.rb
@@ -35,7 +35,7 @@ def include?(key)
     end
 
     # Public: Returns a value from the collection for the given key.
-    # If the key can’t be found, there are several options:
+    # If the key can't be found, there are several options:
     # With no other arguments, it will raise an KeyError exception;
     # if default is given, then that will be returned;
     #
diff --git a/lib/hyperclient/resource.rb b/lib/hyperclient/resource.rb
@@ -109,7 +109,7 @@ def method_missing(method, *args, &block)
       if args.any? && args.first.is_a?(Hash)
         _links.send(method, [], &block)._expand(*args)
       elsif !Array.method_defined?(method)
-        [:_attributes, :_embedded, :_links].each do |target|
+        %i[_attributes _embedded _links].each do |target|
           target = send(target)
           return target.send(method, *args, &block) if target.respond_to?(method.to_s)
         end
@@ -120,7 +120,7 @@ def method_missing(method, *args, &block)
     # Internal: Accessory method to allow the resource respond to
     # methods that will hit method_missing.
     def respond_to_missing?(method, include_private = false)
-      [:_attributes, :_embedded, :_links].each do |target|
+      %i[_attributes _embedded _links].each do |target|
         return true if send(target).respond_to?(method, include_private)
       end
       false
diff --git a/test/hyperclient/collection_test.rb b/test/hyperclient/collection_test.rb
@@ -32,7 +32,7 @@ module Hyperclient
         name
       end
 
-      names.must_equal %w(_links title description permitted _hidden_attribute _embedded)
+      names.must_equal %w[_links title description permitted _hidden_attribute _embedded]
     end
 
     describe '#to_hash' do
diff --git a/test/hyperclient/entry_point_test.rb b/test/hyperclient/entry_point_test.rb
@@ -45,12 +45,12 @@ module Hyperclient
 
         it 'raises a  ConnectionAlreadyInitializedError if attempting to modify headers' do
           entry_point.connection.must_be_kind_of Faraday::Connection
-          lambda { entry_point.headers = {} }.must_raise ConnectionAlreadyInitializedError
+          -> { entry_point.headers = {} }.must_raise ConnectionAlreadyInitializedError
         end
 
         it 'raises a  ConnectionAlreadyInitializedError if attempting to modify the faraday block' do
           entry_point.connection.must_be_kind_of Faraday::Connection
-          lambda { entry_point.connection {} }.must_raise ConnectionAlreadyInitializedError
+          -> { entry_point.connection {} }.must_raise ConnectionAlreadyInitializedError
         end
       end
 
diff --git a/test/hyperclient/link_test.rb b/test/hyperclient/link_test.rb
@@ -7,7 +7,7 @@ module Hyperclient
       EntryPoint.new('http://api.example.org/')
     end
 
-    %w(type deprecation name profile title hreflang).each do |prop|
+    %w[type deprecation name profile title hreflang].each do |prop|
       describe prop do
         it 'returns the property value' do
           link = Link.new('key', { prop => 'value' }, entry_point)
@@ -39,7 +39,7 @@ module Hyperclient
       it 'returns a list of required variables' do
         link = Link.new('key', { 'href' => '/orders{?id,owner}', 'templated' => true }, entry_point)
 
-        link._variables.must_equal %w(id owner)
+        link._variables.must_equal %w[id owner]
       end
 
       it 'returns an empty array for untemplated links' do
@@ -161,7 +161,7 @@ module Hyperclient
           stub.get('http://api.example.org/productions/1') { [400, {}, nil] }
         end
 
-        lambda { link._get }.must_raise Faraday::ClientError
+        -> { link._get }.must_raise Faraday::ClientError
       end
 
       it 'executes requests asynchronously using futuroscope' do
@@ -531,7 +531,7 @@ module Hyperclient
         end
 
         it 'raises an error when the method does not exist in the resource' do
-          lambda { link.this_method_does_not_exist }.must_raise NoMethodError
+          -> { link.this_method_does_not_exist }.must_raise NoMethodError
         end
 
         it 'responds to missing methods' do
diff --git a/test/hyperclient/resource_test.rb b/test/hyperclient/resource_test.rb
@@ -100,7 +100,7 @@ module Hyperclient
           resource._attributes.expects('respond_to?').with('foo').returns(false)
           resource._links.expects('respond_to?').with('foo').returns(false)
           resource._embedded.expects('respond_to?').with('foo').returns(false)
-          lambda { resource.foo }.must_raise NoMethodError
+          -> { resource.foo }.must_raise NoMethodError
         end
 
         it 'delegates []' do

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# -- encoding: utf-8 --`
	`1`	`+`
`2`	`2`	`require File.expand_path('../lib/hyperclient/version', __FILE__)`
`3`	`3`
`4`	`4`	`Gem::Specification.new do \|gem\|`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ def include?(key)`
`35`	`35`	`end`
`36`	`36`
`37`	`37`	`# Public: Returns a value from the collection for the given key.`
`38`		`- # If the key can’t be found, there are several options:`
	`38`	`+ # If the key can't be found, there are several options:`
`39`	`39`	`# With no other arguments, it will raise an KeyError exception;`
`40`	`40`	`# if default is given, then that will be returned;`
`41`	`41`	`#`