manageiq-style 1.5.4 → 1.5.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c53a743c920fb4713516c400e68d36d71473eb4d7593130e5d452889435d47f
-  data.tar.gz: 8b6aa5ec3342efb309c8735e2e054506c19fe95b88be029571f9e0f8f37b645d
+  metadata.gz: cdd5f5d5a452be065b331314f4b3a1e790905fcdab4136277a4b80035e5742d8
+  data.tar.gz: b8d1428103e0fd9561971c6c0e65f32514e532f7c1a130b2484d38888c1f4478
 SHA512:
-  metadata.gz: 728953d1b2cfcb5566e737795371e5d7d371ede563c08415ce374f8cad7c34762dbe811972a19724983d125125b9bb50d2fd5fd1302bb30167433f44efdcdefc
-  data.tar.gz: 7dfdd24a96bda5833c6435df16494411916365a409de91bdfef4cc56015461c3e5761c25a5f78344ee78dc138af0fd92fd96eb4878ec3735f2c12065bd4cb42e
+  metadata.gz: 33cf9650d3c42dc11cb077cebb99fa6ce1563f6a43936005b697b3e51b9c6e8965802ad2a28e12d12d74c4b76b44c592cbad765ef8e807f74f4efc96a82f66a9
+  data.tar.gz: 40507d235eb75ef4f764d2add9e998dc632b2bc57b609c1adc1f43dd20ff9dda7dd70c0bc79fd71729ebaf35482dce7bc4485c9e7e2c94f4699dd9a894b82fc4

data/.github/workflows/ci.yaml

@@ -19,7 +19,7 @@ jobs:
     env:
       CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

data/CHANGELOG.md

@@ -4,6 +4,20 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [1.5.7] - 2025-09-22
+### Changed
+- Bump minimum for rexml for CVE-2025-58767 [[#65](https://github.com/ManageIQ/manageiq-style/pull/65)]
+- Drop require_nested and include_concern [[#63](https://github.com/ManageIQ/manageiq-style/pull/63)]
+
+## [1.5.6] - 2025-07-03
+### Changed
+- Lockdown rubocop-ast to the last version before the deprecation warnings [[#62](https://github.com/ManageIQ/manageiq-style/pull/62)]
+- Revert rack individual exclusion in favor of a simple minimum [[#61](https://github.com/ManageIQ/manageiq-style/pull/61)]
+
+## [1.5.5] - 2025-03-14
+### Changed
+- Loosen rack dependency down to the 2.2 range, but only to safe versions [[#60](https://github.com/ManageIQ/manageiq-style/pull/60)]
+
 ## [1.5.4] - 2025-03-13
 ### Changed
 - Enforce a minimum version for rack for CVEs [[#59](https://github.com/ManageIQ/manageiq-style/pull/59)]
@@ -46,7 +60,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [1.0.1] - 2020-06-19
 ## [1.0.0] - 2020-05-19
 
-[Unreleased]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.4...HEAD
+[Unreleased]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.7...HEAD
+[1.5.7]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.6...v1.5.7
+[1.5.6]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.5...v1.5.6
+[1.5.5]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.4...v1.5.5
 [1.5.4]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.3...v1.5.4
 [1.5.3]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.2...v1.5.3
 [1.5.2]: https://github.com/ManageIQ/manageiq-style/compare/v1.5.1...v1.5.2

data/lib/manageiq/style/version.rb

@@ -1,5 +1,5 @@
 module ManageIQ
   module Style
-    VERSION = "1.5.4".freeze
+    VERSION = "1.5.7".freeze
   end
 end

data/manageiq-style.gemspec

@@ -26,11 +26,18 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "more_core_extensions"
   spec.add_runtime_dependency "optimist"
   spec.add_runtime_dependency "rubocop", "= 1.56.3"
+  spec.add_runtime_dependency "rubocop-ast", "~> 1.40.0"
   spec.add_runtime_dependency "rubocop-performance"
   spec.add_runtime_dependency "rubocop-rails"
 
-  spec.add_runtime_dependency "rexml", ">= 3.3.9"  # rubocop depends on rexml. Enforce a minimum for CVE-2024-49761
-  spec.add_runtime_dependency "rack", ">= 3.1.12"  # rubocop-rails depends on rack. Enforce a minimum for CVE-2025-27610
+  spec.add_runtime_dependency "rexml", ">= 3.4.4"  # rubocop depends on rexml. Enforce a minimum for CVE-2025-58767
+
+  # rubocop-rails depends on rack. Enforce a minimum of 2.2.17, 3.0.18, or 3.1.16 for various CVEs
+  #
+  # NOTE: Previously we locked down to exclude many specific versions, but due to
+  # https://github.com/rubygems/rubygems.org/issues/5541 we can't release the gem.
+  # For now, we just lock down to at least the minimum rack.
+  spec.add_runtime_dependency "rack", ">= 2.2.17", "< 4"
 
   spec.add_development_dependency "rake",      "~> 12.0"
   spec.add_development_dependency "rspec",     "~> 3.0"

data/styles/base.yml

@@ -241,8 +241,6 @@ Style/MethodCallWithArgsParentheses:
     - deprecate_attribute
     - drop_trigger
     - encrypt_column
-    - include_concern
-    - require_nested
     - signal
     - supports
     - supports_not

data/test.rb

@@ -0,0 +1,5 @@
+begin
+  puts "Hi"
+ensure
+  puts "There"
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: manageiq-style
 version: !ruby/object:Gem::Version
-  version: 1.5.4
+  version: 1.5.7
 platform: ruby
 authors:
 - ManageIQ Authors
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-03-13 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: more_core_extensions
@@ -52,6 +51,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 1.56.3
+- !ruby/object:Gem::Dependency
+  name: rubocop-ast
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.40.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.40.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -86,28 +99,34 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.3.9
+        version: 3.4.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.3.9
+        version: 3.4.4
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.12
+        version: 2.2.17
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.12
+        version: 2.2.17
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -151,7 +170,6 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.21.2
 description: Style and linting configuration for ManageIQ projects.
-email:
 executables:
 - manageiq-style
 extensions: []
@@ -185,6 +203,7 @@ files:
 - renovate.json
 - styles/base.yml
 - styles/cc_base.yml
+- test.rb
 homepage: https://github.com/ManageIQ/manageiq-style
 licenses:
 - MIT
@@ -192,7 +211,6 @@ metadata:
   homepage_uri: https://github.com/ManageIQ/manageiq-style
   rubygems_mfa_required: 'true'
   source_code_uri: https://github.com/ManageIQ/manageiq-style
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -207,8 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.7.1
 specification_version: 4
 summary: Style and linting configuration for ManageIQ projects.
 test_files: []