color 2.1.0 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40ce91bfc8f772f3a22829e81620a7ed6b5cbc0c17b2b779c2680811df98adfb
-  data.tar.gz: c694153e0f54a6b310df3412379e2b57beaf393b72a70e659d6ce5b4489ab9e2
+  metadata.gz: 192b04db62242c8531c1ed8f20f9d024b5e0c57c0a97a6452d481ea5f6ca3e77
+  data.tar.gz: c588cfff08831c11fe0e977bcc536140ee5c9c765f24be4360fad3f9e71c56cd
 SHA512:
-  metadata.gz: f6276623790aed0ec56a46e3e86cd00e76d5579bb8d71044f3d58532af59c834c55ce15202ff2a64514a817810236b01f1fe22484a54ea9ee093e0f997312323
-  data.tar.gz: 3207d0833c0a85159e77816b71d9c312c5d78f40c5f5fe00022d615ecbe19f24fd06bcbfbce9562085a925473544d2ced2e4ce472ee8d456f5d310f9ff6261db
+  metadata.gz: 0c38775facf0b320eee6b7ae6774cab01297bb63b4483fc35270f8a4e05c12ea3307bd60e0200c1dce203eb9010cfe5ab8b755a69ec5f9259fdb336a4acd34f7
+  data.tar.gz: 1d01a276bcf0048b0ca9e2bfba6f0559fb4dbaf30c712f4cc91d9022a4da333627ffbe051cd31b3e47b4468d5018f27914984d5a77504a9901651bf0f129861f

data/CHANGELOG.md

@@ -1,4 +1,39 @@
-# Changelog
+# color Changelog
+
+## 2.1.2 / 2025-12-30
+
+- Updated to Contributor Covenant 3.0 and applied updates to several support
+  documents.
+
+- Full coverage of conversion tests. Adds CIELAB `to_yiq` and Grayscale `to_xyz`
+  methods. Only YIQ now lacks conversions support. Fixed in [#69][pr-69].
+
+- Fix an incorrect conversion of CIELAB colors with low lightness to XYZ, which
+  caused the Y component to be ~903 times larger than correct. In practice, this
+  returned unexpectedly bright colours.
+
+  This also affected conversion from CIELAB to RGB, CMYK, HSL, YIQ, and
+  grayscale, which convert from CIELAB to XYZ as an intermediate step.
+
+  Reported by @alexwlchan in [#95][issue-95] and fixed in [#96][pr-96].
+
+- Fix an incorrect comparison when converting CIE XYZ colors to RGB that could
+  raise a `NoMethodError` when constructing the RGB value. The conversion
+  incorrectly compared the absolute value of an intermediate value against the
+  0.0031308 threshold instead of comparing the original value, causing certain
+  negative values to follow the wrong branch and return complex RGB components.
+
+  This also affected conversion from XYZ to CMYK, HSL, and YIK, and from CIELAB
+  to RGB, HSL, YIQ, and Grayscale -- all of which convert from XYZ to RGB as an
+  intermediate step.
+
+  Reported by @alexwlchan in [#92][issue-92] and fixed in [#93][pr-93].
+
+## 2.1.1 / 2025-08-08
+
+Color 2.1.1 fixes a bug where `Color::RGB::Black` and `Color::RGB::White` are no
+longer defined automatically because they are part of `color/rgb/colors`.
+Internally, this defines `Color::RGB::Black000` and `Color::RGB::WhiteFFF`.
 
 ## 2.1.0 / 2025-07-20
 
@@ -332,8 +367,13 @@ ownership to contribute it to this project under the licence terms.
 [issue-10]: https://github.com/halostatue/color/issues/10
 [issue-30]: https://github.com/halostatue/color/issues/30
 [issue-45]: https://github.com/halostatue/color/issues/45
+[issue-92]: https://github.com/halostatue/color/issues/92
+[issue-95]: https://github.com/halostatue/color/issues/95
+[pr-8]: https://github.com/halostatue/color/pulls/8
 [pr-11]: https://github.com/halostatue/color/pull/11
 [pr-36]: https://github.com/halostatue/color/pull/36
-[pr-46]: https://github.com/halostatue/pull/46
-[pr-8]: https://github.com/halostatue/color/pulls/8
+[pr-46]: https://github.com/halostatue/color/pull/46
+[pr-69]: https://github.com/halostatue/color/pull/69
+[pr-93]: https://github.com/halostatue/color/pull/93
+[pr-96]: https://github.com/halostatue/color/pull/96
 [wp-std-illuminant]: https://en.wikipedia.org/wiki/Standard_illuminant#White_points_of_standard_illuminants

data/CODE_OF_CONDUCT.md

@@ -1,128 +1,166 @@
-# Contributor Covenant Code of Conduct
+# Contributor Covenant 3.0 Code of Conduct
 
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-- Demonstrating empathy and kindness toward other people
-- Being respectful of differing opinions, viewpoints, and experiences
-- Giving and gracefully accepting constructive feedback
-- Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-- Focusing on what is best not just for us as individuals, but for the overall
-  community
-
-Examples of unacceptable behavior include:
-
-- The use of sexualized language or imagery, and sexual attention or advances of
-  any kind
-- Trolling, insulting or derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or email address,
-  without their explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
+We pledge to make our community welcoming, safe, and equitable for all.
+
+We are committed to fostering an environment that respects and promotes the
+dignity, rights, and contributions of all individuals, regardless of
+characteristics including race, ethnicity, caste, color, age, physical
+characteristics, neurodiversity, disability, sex or gender, gender identity or
+expression, sexual orientation, language, philosophy or religion, national or
+social origin, socio-economic position, level of education, or other status. The
+same privileges of participation are extended to everyone who participates in
+good faith and in accordance with this Covenant.
+
+## Encouraged Behaviors
+
+While acknowledging differences in social norms, we all strive to meet our
+community's expectations for positive behavior. We also understand that our
+words and actions may be interpreted differently than we intend based on
+culture, background, or native language.
+
+With these considerations in mind, we agree to behave mindfully toward each
+other and act in ways that center our shared values, including:
+
+1. Respecting the **purpose of our community**, our activities, and our ways of
+   gathering.
+2. Engaging **kindly and honestly** with others.
+3. Respecting **different viewpoints** and experiences.
+4. **Taking responsibility** for our actions and contributions.
+5. Gracefully giving and accepting **constructive feedback**.
+6. Committing to **repairing harm** when it occurs.
+7. Behaving in other ways that promote and sustain the **well-being of our
+   community**.
+
+## Restricted Behaviors
+
+We agree to restrict the following behaviors in our community. Instances,
+threats, and promotion of these behaviors are violations of this Code of
+Conduct.
+
+1. **Harassment.** Violating explicitly expressed boundaries or engaging in
+   unnecessary personal attention after any clear request to stop.
+2. **Character attacks.** Making insulting, demeaning, or pejorative comments
+   directed at a community member or group of people.
+3. **Stereotyping or discrimination.** Characterizing anyone’s personality or
+   behavior on the basis of immutable identities or traits.
+4. **Sexualization.** Behaving in a way that would generally be considered
+   inappropriately intimate in the context or purpose of the community.
+5. **Violating confidentiality**. Sharing or acting on someone's personal or
+   private information without their permission.
+6. **Endangerment.** Causing, encouraging, or threatening violence or other harm
+   toward any person or group.
+7. Behaving in other ways that **threaten the well-being** of our community.
+
+### Other Restrictions
+
+1. **Misleading identity.** Impersonating someone else for any reason, or
+   pretending to be someone else to evade enforcement actions.
+2. **Failing to credit sources.** Not properly crediting the sources of content
+   you contribute.
+3. **Promotional materials**. Sharing marketing or other commercial content in a
+   way that is outside the norms of the community.
+4. **Irresponsible communication.** Failing to responsibly present content which
+   includes, links or describes any other restricted behaviors.
+
+## Reporting an Issue
+
+Tensions can occur between community members even when they are trying their
+best to collaborate. Not every conflict represents a code of conduct violation,
+and this Code of Conduct reinforces encouraged behaviors and norms that can help
+avoid conflicts and minimize harm.
+
+When an incident does occur, it is important to report it promptly. To report a
+possible violation, create a [private security advisory][advisory] — violations
+of this code of conduct are considered security vulnerabilities.
+
+Community Moderators take reports of violations seriously and will make every
+effort to respond in a timely manner. They will investigate all reports of code
+of conduct violations, reviewing messages, logs, and recordings, or interviewing
+witnesses and other participants. Community Moderators will keep investigation
+and enforcement actions as transparent as possible while prioritizing safety and
+confidentiality. In order to honor these values, enforcement actions are carried
+out in private with the involved parties, but communicating to the whole
+community may be part of a mutually agreed upon resolution.
+
+## Addressing and Repairing Harm
+
+If an investigation by the Community Moderators finds that this Code of Conduct
+has been violated, the following enforcement ladder may be used to determine how
+best to repair harm, based on the incident's impact on the individuals involved
+and the community as a whole. Depending on the severity of a violation, lower
+rungs on the ladder may be skipped.
+
+1. Warning
+   1. Event: A violation involving a single incident or series of incidents.
+   2. Consequence: A private, written warning from the Community Moderators.
+   3. Repair: Examples of repair include a private written apology,
+      acknowledgement of responsibility, and seeking clarification on
+      expectations.
+
+2. Temporarily Limited Activities
+   1. Event: A repeated incidence of a violation that previously resulted in a
+      warning, or the first incidence of a more serious violation.
+   2. Consequence: A private, written warning with a time-limited cooldown
+      period designed to underscore the seriousness of the situation and give
+      the community members involved time to process the incident. The cooldown
+      period may be limited to particular communication channels or interactions
+      with particular community members.
+   3. Repair: Examples of repair may include making an apology, using the
+      cooldown period to reflect on actions and impact, and being thoughtful
+      about re-entering community spaces after the period is over.
+
+3. Temporary Suspension
+   1. Event: A pattern of repeated violation which the Community Moderators have
+      tried to address with warnings, or a single serious violation.
+   2. Consequence: A private written warning with conditions for return from
+      suspension. In general, temporary suspensions give the person being
+      suspended time to reflect upon their behavior and possible corrective
+      actions.
+   3. Repair: Examples of repair include respecting the spirit of the
+      suspension, meeting the specified conditions for return, and being
+      thoughtful about how to reintegrate with the community when the suspension
+      is lifted.
+
+4. Permanent Ban
+   1. Event: A pattern of repeated code of conduct violations that other steps
+      on the ladder have failed to resolve, or a violation so serious that the
+      Community Moderators determine there is no way to keep the community safe
+      with this person as a member.
+   2. Consequence: Access to all community spaces, tools, and communication
+      channels is removed. In general, permanent bans should be rarely used,
+      should have strong reasoning behind them, and should only be resorted to
+      if working through other remedies has failed to change the behavior.
+   3. Repair: There is no possible repair in cases of this severity.
+
+This enforcement ladder is intended as a guideline. It does not limit the
+ability of Community Managers to use their discretion and judgment, in keeping
+with the best interests of our community.
 
 ## Scope
 
 This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official email address,
-posting via an official social media account, or acting as an appointed
+an individual is officially representing the community in public or other
+spaces. Examples of representing our community include using an official email
+address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
 
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at [INSERT CONTACT
-METHOD]. All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of
-actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the
-community.
-
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.1, available at
-<https://www.contributor-covenant.org/version/2/1/code_of_conduct.html>.
+This Code of Conduct is adapted from the Contributor Covenant, version 3.0,
+permanently available at <https://www.contributor-covenant.org/version/3/0/>.
 
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+Contributor Covenant is stewarded by the Organization for Ethical Source and
+licensed under CC BY-SA 4.0. To view a copy of this license, visit
+<https://creativecommons.org/licenses/by-sa/4.0/>.
 
-For answers to common questions about this code of conduct, see the FAQ at
-<https://www.contributor-covenant.org/faq>. Translations are available at
-<https://www.contributor-covenant.org/translations>.
+For answers to common questions about Contributor Covenant, see the FAQ at
+<https://www.contributor-covenant.org/faq>. Translations are provided at
+<https://www.contributor-covenant.org/translations>. Additional enforcement and
+community guideline resources can be found at
+<https://www.contributor-covenant.org/resources>. The enforcement ladder was
+inspired by the work of [Mozilla’s code of conduct team][inclusion].
 
-[homepage]: https://www.contributor-covenant.org
-[Mozilla CoC]: https://github.com/mozilla/diversity
+[advisory]: https://github.com/halostatue/color/security/advisories/new
+[inclusion]: https://github.com/mozilla/inclusion

data/CONTRIBUTING.md

@@ -1,84 +1,122 @@
 # Contributing
 
-Contribution to color is encouraged: bug reports, feature requests, or code
-contributions. There are a few DOs and DON'Ts that should be followed.
+Contribution to Color is encouraged: bug reports, feature requests, or code
+contributions. New features should be proposed and discussed in an
+[issue][issues].
 
-## DO
+Before contributing patches, please read the [Licence](./LICENCE.md).
 
-- Keep the coding style that already exists for any updated Ruby code (support
-  or otherwise). I use [Standard Ruby][standardrb] for linting and formatting.
+Color is governed under the [Contributor Covenant Code of Conduct][cccoc].
 
-- Use thoughtfully-named topic branches for contributions. Rebase your commits
-  into logical chunks as necessary.
+## Code Guidelines
 
-- Use [quality commit messages][qcm].
+I have several guidelines to contributing code through pull requests:
 
-- Add your name or GitHub handle to `CONTRIBUTORS.md` and a record in the
-  `CHANGELOG.md` as a separate commit from your main change. (Follow the style
-  in the `CHANGELOG.md` and provide a link to your PR.)
+- All code changes require tests. In most cases, this will be added or updated
+  unit tests. I use [Minitest][minitest].
 
-- Add or update tests as appropriate for your change. The test suite is written
-  with [minitest][minitest].
+- I use code formatters, static analysis tools, and linting to ensure consistent
+  styles and formatting. There should be no warning output from test run
+  processes. I use [Standard Ruby][standardrb].
 
-- Add or update documentation as appropriate for your change. The documentation
-  is RDoc; color does not use extensions that may be present in alternative
-  documentation generators.
+- Proposed changes should be on a thoughtfully-named topic branch and organized
+  into logical commit chunks as appropriate.
 
-## DO NOT
+- Use [Conventional Commits][conventional] with my
+  [conventions](#commit-conventions).
 
-- Modify `VERSION` in `lib/color/version.rb`. When your patch is accepted and a
-  release is made, the version will be updated at that point.
+- Versions must not be updated in pull requests. This means that you must not:
 
-- Modify `color.gemspec`; it is a generated file. (You _may_ use `rake gemspec`
-  to regenerate it if your change involves metadata related to gem itself).
+  - Modify `VERSION` in `lib/color/version.rb`. When your patch is accepted and
+    a release is made, the version will be updated at that point.
 
-- Modify the `Gemfile`.
+  - Modify `color.gemspec`; it is a generated file. (You _may_ use
+    `rake gemspec` to regenerate it if your change involves metadata related to
+    gem itself).
 
-## LLM-Generated Contribution Policy
+  - Modify the `Gemfile`.
 
-Color is a library full of complex math and subtle decisions (some of them
-possibly even wrong). It is extremely important that any issues or pull requests
-be well understood by the submitter and that, especially for pull requests, the
-developer can attest to the [Developer Certificate of Origin][dco] for each pull
-request (see [LICENCE](LICENCE.md)).
+- Documentation should be added or updated as appropriate for new or updated
+  functionality. The documentation is RDoc; color does not use extensions that
+  may be present in alternative documentation generators.
+
+- All GitHub Actions checks marked as required must pass before a pull request
+  may be accepted and merged.
+
+- Add your name or GitHub handle to `CONTRIBUTORS.md` and a record in the
+  `CHANGELOG.md` as a separate commit from your main change. (Follow the style
+  in the `CHANGELOG.md` and provide a link to your PR.)
 
-If LLM assistance is used in writing pull requests, this must be documented in
-the commit message and pull request. If there is evidence of LLM assistance
-without such declaration, the pull request **will be declined**.
+- Include your DCO sign-off in each commit message (see [LICENCE](LICENCE.md)).
 
-Any contribution (bug, feature request, or pull request) that uses unreviewed
-LLM output will be rejected.
+## AI Contribution Policy
+
+Color is a library full of complex math and subtle decisions (some of them
+possibly even wrong). It is extremely important that contributions of any sort
+be well understood by the submitter and that the developer can attest to the
+[Developer Certificate of Origin][dco] for each pull request (see
+[LICENCE](LICENCE.md)).
+
+Any contribution (bug, feature request, or pull request) that uses undeclared AI
+output will be rejected.
 
 ## Test Dependencies
 
-color uses Ryan Davis's [Hoe][Hoe] to manage the release process, and it adds a
+Color uses Ryan Davis's [Hoe][Hoe] to manage the release process, and it adds a
 number of rake tasks. You will mostly be interested in `rake`, which runs the
 tests the same way that `rake test` will do.
 
-To assist with the installation of the development dependencies for mime-types,
-I have provided the simplest possible Gemfile pointing to the (generated)
+To assist with the installation of the development dependencies for color, I
+have provided the simplest possible Gemfile pointing to the (generated)
 `color.gemspec` file. This will permit you to do `bundle install` to get the
 development dependencies.
 
 You can run tests with code coverage analysis by running `rake coverage`.
 
-## Workflow
+## Commit Conventions
+
+Color has adopted a variation of the Conventional Commits format for commit
+messages. The following types are permitted:
+
+| Type    | Purpose                                               |
+| ------- | ----------------------------------------------------- |
+| `feat`  | A new feature                                         |
+| `fix`   | A bug fix                                             |
+| `chore` | A code change that is neither a bug fix nor a feature |
+| `docs`  | Documentation updates                                 |
+| `deps`  | Dependency updates, including GitHub Actions.         |
+
+I encourage the use of [Tim Pope's][tpope-qcm] or [Chris Beam's][cbeams]
+guidelines on the writing of commit messages
+
+I require the use of [git][trailers1] [trailers][trailers2] for specific
+additional metadata and strongly encourage it for others. The conditionally
+required metadata trailers are:
+
+- `Breaking-Change`: if the change is a breaking change. **Do not** use the
+  shorthand form (`feat!(scope)`) or `BREAKING CHANGE`.
+
+- `Signed-off-by`: this is required for all developers except me, as outlined in
+  the [Licence](./LICENCE.md#developer-certificate-of-origin).
 
-Here's the most direct way to get your work merged into the project:
+- `Fixes` or `Resolves`: If a change fixes one or more open [issues][issues],
+  that issue must be included in the `Fixes` or `Resolves` trailer. Multiple
+  issues should be listed comma separated in the same trailer:
+  `Fixes: #1, #5, #7`, but _may_ appear in separate trailers. While both `Fixes`
+  and `Resolves` are synonyms, only _one_ should be used in a given commit or
+  pull request.
 
-- Fork the project.
-- Clone down your fork (`git clone git://github.com/<username>/color.git`).
-- Create a topic branch to contain your change
-  (`git checkout -b my_awesome_feature`).
-- Hack away, add tests. Not necessarily in that order.
-- Make sure everything still passes by running `rake`.
-- If necessary, rebase your commits into logical chunks, without errors.
-- Push the branch up (`git push origin my_awesome_feature`).
-- Create a pull request against halostatue/color and describe what your change
-  does and the why you think it should be merged.
+- `Related to`: If a change does not fix an issue, those issue references should
+  be included in this trailer.
 
+[cbeams]: https://cbea.ms/git-commit/
+[cccoc]: ./CODE_OF_CONDUCT.md
+[conventional]: https://www.conventionalcommits.org/en/v1.0.0/
 [dco]: licences/dco.txt
 [hoe]: https://github.com/seattlerb/hoe
+[issues]: https://github.com/halostatue/color/issues
 [minitest]: https://github.com/seattlerb/minitest
-[qcm]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
 [standardrb]: https://github.com/standardrb/standard
+[tpope-qcm]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[trailers1]: https://git-scm.com/docs/git-interpret-trailers
+[trailers2]: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---trailerlttokengtltvaluegt

data/CONTRIBUTORS.md

@@ -10,3 +10,5 @@
 - @r-plus
 - Matthew Draper
 - Charles Nutter
+- Paul Gallagher
+- Alex Chan

data/README.md

@@ -22,11 +22,9 @@ reliably converted to relative color spaces (like RGB) without color profiles.
 When necessary for conversions, Color provides D65 and D50 reference white
 values in Color::XYZ.
 
-Color 2.1 fixes a Color::XYZ bug where the values were improperly clamped and
-adds more Color::XYZ white points for standard illuminants. It builds on the
-Color 2.0 major release, dropping support for all versions of Ruby prior to 3.2
-as well as removing or renaming a number of features. The main breaking changes
-are:
+Color 2.1 fixes multiple Color::XYZ bugs. It builds on the Color 2.0 major
+release, dropping support for all versions of Ruby prior to 3.2 as well as
+removing or renaming a number of features. The main breaking changes are:
 
 - Color classes are immutable Data objects; they are no longer mutable.
 - RGB named colors are no longer loaded on gem startup, but must be required

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rubygems"
 require "hoe"
 require "rake/clean"
@@ -30,17 +32,15 @@ hoe = Hoe.spec "color" do
 
   extra_dev_deps << ["hoe", "~> 4.0"]
   extra_dev_deps << ["hoe-halostatue", "~> 2.1", ">= 2.1.1"]
-  extra_dev_deps << ["hoe-git", "~> 1.6"]
-  extra_dev_deps << ["minitest", "~> 5.8"]
+  extra_dev_deps << ["json", ">= 0.0"]
+  extra_dev_deps << ["minitest", "~> 5.16"]
   extra_dev_deps << ["minitest-autotest", "~> 1.0"]
   extra_dev_deps << ["minitest-focus", "~> 1.1"]
-  extra_dev_deps << ["minitest-moar", "~> 0.0"]
   extra_dev_deps << ["rake", ">= 10.0", "< 14"]
   extra_dev_deps << ["rdoc", ">= 0.0", "< 7"]
-  extra_dev_deps << ["standard", "~> 1.0"]
-  extra_dev_deps << ["json", ">= 0.0"]
   extra_dev_deps << ["simplecov", "~> 0.22"]
   extra_dev_deps << ["simplecov-lcov", "~> 0.8"]
+  extra_dev_deps << ["standard", "~> 1.0"]
 end
 
 Minitest::TestTask.create :test

data/SECURITY.md

@@ -1,4 +1,4 @@
-# color Security
+# color Security Policy
 
 ## LLM-Generated Security Report Policy
 
@@ -8,32 +8,33 @@ agents.
 ## Supported Versions
 
 Security reports are accepted for the most recent major release and the previous
-version for a limited time after the initial major release version. After a
-major release, the previous version will receive full support for three months
-and security support for an additional three months (for a total of six months).
+version for a limited time after the initial major release version.
+
+After a major release, the previous version will receive full support for three
+months and security support for an additional three months (for a total of six
+months).
 
 Because color 1.x supports a wide range of Ruby versions that are themselves end
 of life, security reports will only be accepted when they can be demonstrated on
 Ruby 3.2 or higher.
 
-> | Version | Release Date | Support Ends   | Security Support Ends |
-> | ------- | ------------ | -------------- | --------------------- |
-> | 1.x     | 2015-10-26   | 2.x + 3 months | 2.x + 6 months        |
-> | 2.x     | 2025-MM-DD   | -              | -                     |
+> | Version | Release Date | Support Ends | Security Support Ends |
+> | ------- | ------------ | ------------ | --------------------- |
+> | 1.x     | 2015-10-26   | 2025-11-07   | 2026-02-07            |
+> | 2.x     | 2025-08-07   | -            | -                     |
 
 ## Reporting a Vulnerability
 
-By preference, use the [Tidelift security contact][tidelift]. Tidelift will
-coordinate the fix and disclosure.
-
-Alternatively, Send an email to [color@halostatue.ca][email] with the text
-`Color` in the subject. Emails sent to this address should be encrypted using
-[age][age] with the following public key:
+Prefer creating a [private vulnerability report][advisory] with GitHub.
+Alternatively, send an email to [security@ruby.halostatue.ca][email] with the
+text `Color` in the subject. Emails sent to this address should be encrypted
+using [age][age] with the following public key: [age][age] with the following
+public key:
 
 ```
 age1fc6ngxmn02m62fej5cl30lrvwmxn4k3q2atqu53aatekmnqfwumqj4g93w
 ```
 
-[tidelift]: https://tidelift.com/security
-[email]: mailto:color@halostatue.ca
+[advisory]: https://github.com/halostatue/color/security/advisories/new
 [age]: https://github.com/FiloSottile/age
+[email]: mailto:color@ruby.halostatue.ca