ruby_dep 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 139539b2a5db649646809eb696ded2cdc83f22de
4
- data.tar.gz: 2b0ba1b76e1c066696672d43faff2d77bf841e7c
3
+ metadata.gz: 782eb4ea6e3f9bdef3c0fc6e8aa591e9c8f7c5f6
4
+ data.tar.gz: fccceb0ba3fd479097d7d7d3389ef020dbb97576
5
5
  SHA512:
6
- metadata.gz: c7e5f69acb5b96a247fcd7dcab013a54a2141b31241e3e6cbbc047d519189ae7bab7d50a0d1ebdd1c5fa32ccb90753d8ffbdaeae48aefe172ba4fd3504b61dd9
7
- data.tar.gz: fc40843fe82fd96af98ea6762134a8c8d31f89b6ab0732bc8f60cb4b2a328fb14ec3176c23221f528e1e4fa1e00280cf46ca60d2e95f591dae24daa25e5834d5
6
+ metadata.gz: 54fa44582f5e69b391f3916314e7761325969c3d4aea0975fd9cdc8a73b4713956a9b52b78463af42373aab1b1c2cf8911a0b57d6c5a708ba0ff053a4fd3a0c3
7
+ data.tar.gz: 014bb073e3835e97dc4a5cfe8ad451a825b5966bf2609bed1b71a3bb9da276bbd6fb5ec72a21bc23593d2cc0062291dec9913ff4d0a485ee72a2e61e6ea1b356
@@ -2,6 +2,8 @@ sudo: false
2
2
  language: ruby
3
3
  bundler_args: --without development
4
4
  rvm:
5
+ - 2.0.0
6
+ - 2.1.9
5
7
  - 2.2.4
6
8
  - jruby-9.0.5.0
7
9
  before_install: gem install bundler -v 1.12.1
data/README.md CHANGED
@@ -2,44 +2,50 @@
2
2
 
3
3
  [![Gem Version](https://img.shields.io/gem/v/ruby_dep.svg?style=flat)](https://rubygems.org/gems/ruby_dep) [![Build Status](https://travis-ci.org/e2/ruby_dep.svg)](https://travis-ci.org/e2/ruby_dep)
4
4
 
5
- ## The problem
5
+ ## Description
6
6
 
7
- Your gem shouldn't (and likely doesn't) support all possible Ruby versions.
7
+ RubyDep helps users avoid incompatible, buggy and insecure Ruby versions.
8
8
 
9
- (And not all Ruby versions are secure to even be installed).
9
+ It's for gem owners to add to their runtime dependencies in their gemspec.
10
10
 
11
- You need a way to protect users who don't know about this. So, you need to tell users which Ruby versions you support in:
11
+ 1. It automatically sets your gemspec's `required_ruby_version` based on rubies tested in your `.travis-yml`
12
+ 2. It warns users of your project if they're using a buggy or vulnerable version of Ruby
12
13
 
13
- 1. Your gemspec
14
- 2. Your README
15
- 3. Your .travis.yml file
16
- 4. Any issues you get about which version of Ruby is supported or not
14
+ NOTE: RubyDep uses it's own approach on itself. This means it can only be installed on Ruby versions tested here: [check out the Travis build status](https://travis-ci.org/e2/ruby_dep). If you need support for an different/older version of Ruby, open an issue with "backport" in the title and provide a compelling case for supporting the version of Ruby you need.
15
+ When in doubt, open a new issue or [read the FAQ on the Wiki](https://github.com/e2/ruby_dep/wiki/FAQ).
17
16
 
18
- But, maintaning that information in 4 different places breaks the principle of
19
- single responsibility.
20
17
 
21
- And users often don't really "read" a README if they can avoid it.
18
+ ## Problem 1: "Which version of Ruby does your project support?"
22
19
 
20
+ Your gem shouldn't (and likely doesn't) support all possible Ruby versions.
23
21
 
24
- ## The solution
22
+ So you have to tell users which versions your gem supports.
25
23
 
26
- This gem helps you and your project users avoid Ruby version problems by:
24
+ But, there are at least 3 places where you list the Rubies you support:
27
25
 
28
- - warning users if their Ruby is seriously outdated or contains serious vulnerabilities
29
- - helps you manage which Ruby versions you actually support (and prevents installing other versions)
26
+ 1. Your gemspec
27
+ 2. Your README
28
+ 3. Your .travis.yml file
29
+
30
+ That breaks the principle of single responsibility.
30
31
 
31
- How? This gems detects which Ruby version users are using and which ones your project supports.
32
+ Is it possible to just list the supported Rubies in just one place?
32
33
 
33
- It assumes you are using Travis and the versions listed in your `.travis.yml` are supported.
34
+ Yes. That's what RubyDep helps with.
34
35
 
35
- This helps you limit the Ruby versions you support - just by adding/removing entries in your Travis configuration file.
36
+ ## Solution to problem 1
36
37
 
37
- Also, you it can warn users if they are using an outdated version of Ruby.
38
+ Since Travis doesn't allow generated `.travis.yml` files, option 3 is the only choice.
38
39
 
39
- (Or one with security vulnerabilities).
40
+ With RubyDep, your gemspec's `required_ruby_version` can be automatically set based on which Rubies you test your gem on.
40
41
 
42
+ What about the README? Well, just insert a link to your Travis build status page!
41
43
 
42
- ## Usage
44
+ If you're running Travis builds on a Ruby you support (and it's not in the "allow failures" section), it means you support that version of Ruby, right?
45
+
46
+ RubyDep intelligently creates a version constraint to encompass Rubies listed in your `.travis.yml`.
47
+
48
+ ## Usage (to solve Problem 1)
43
49
 
44
50
  ### E.g. in your gemspec file:
45
51
 
@@ -62,32 +68,59 @@ If users see their Ruby version "green" on Travis, it suggests it's supported, r
62
68
 
63
69
  (Or, you can point to the rubygems.org site where the required Ruby version is listed).
64
70
 
71
+ ### In your `.travis.yml`:
72
+
73
+ To add a "supported Ruby", simply add it to the Travis build.
74
+
75
+ To test a Ruby version, but not treat it as "supported", simply add that version to the `allowed_failures` section.
76
+
77
+
78
+ ## Problem 2: Users don't know they're using an obsolete/buggy/insecure version of Ruby
79
+
80
+ Users don't track news updates on https://ruby-lang.org, so they may not know their ruby has known bugs or even serious security vulnerabilities.
65
81
 
66
- ### In your library:
82
+ And sometimes, that outdated/insecure Ruby is bundled by their operation system to begin with!
83
+
84
+ ## The solution to problem 2
85
+
86
+ RubyDep has a small "database" of Ruby versions with information about which are buggy and insecure.
87
+
88
+ If you like, your gem can use RubyDep to show those warnings - to encourage users to upgrade and protect them from nasty bugs or bad security holes.
89
+
90
+ This way, when most of the Ruby community has switched to newer versions, everyone can be more productive by having faster, more stable and more feature-rich tools. And less time will be wasted supporting obsolete versions that users simply don't know are worth upgrading.
91
+
92
+ This also helps users understand that they should nudge their hosting providers, managers and package maintainers to provided up-to-date versions of Ruby to that everyone can benefit.
93
+
94
+ ### Usage (to solve Problem 2)
95
+
96
+ In your gemspec:
97
+
98
+ ```ruby
99
+ s.add_runtime_dependency 'ruby_dep', '~> 1.1'
100
+ ```
101
+
102
+ Somewhere in your library:
67
103
 
68
104
  ```ruby
69
105
  require 'ruby_dep/warnings'
70
106
  RubyDep::Warning.show_warnings
107
+ ENV['RUBY_DEP_GEM_SILENCE_WARNINGS'] = '1' # to ignore repeating the warning if other gems use `ruby_dep` too
71
108
  ```
72
109
 
73
- ## Tips
110
+ That way, as soon as there's a severe vulnerability discovered in Ruby (and RubyDep is updated), users will be notified quickly.
74
111
 
75
- To disable warnings, just set the following environment variable:
76
112
 
77
- `RUBY_DEP_GEM_SILENCE_WARNINGS=1`
78
-
79
- You can follow these rules of thumb:
113
+ ## Tips
80
114
 
81
- 1. Avoid changing major version numbers, even if you're dropping a major version of Ruby (e.g. 1.9.2)
82
- 2. If you want to support a current version, add it to your `.travis.yml` (e.g. Ruby 2.3.1)
115
+ 1. To disable warnings, just set the following environment variable: `RUBY_DEP_GEM_SILENCE_WARNINGS=1`
116
+ 2. If you want to support a newer version of Ruby, just add it to your `.travis.yml` (e.g. ruby-2.3.1)
83
117
  3. To support an earlier version of Ruby, add it to your `.travis.yml` and release a new gem version.
84
- 4. If you want to support a range of Rubies, include the whole range without gaps in minor version numbers (e.g. 2.0.0, 2.1.0, 2.2.0, 2.3.0)
85
- 5. If you just want to test a Ruby version (but not actually support it), put it into the "allow failures" part of your Travis build matrix.
86
- 6. If you want to drop support for a Ruby, remove it from the `.travis.yml` and just bump your gem's minor number.
118
+ 4. If you want to support a range of Rubies, include the whole range without gaps in minor version numbers (e.g. 2.0, 2.1, 2.2, 2.3) and ruby_dep will use the whole range. (If there's a gap, older versions will be considered "unsupported").
119
+ 5. If you want to drop support for a Ruby, remove it from the `.travis.yml` and just bump your gem's minor number (Yes! Bumping just the minor if fine according to SemVer).
120
+ 5. If you just want to test a Ruby version (but not actually support it), put it into the `allow failures` part of your Travis build matrix. (ruby_dep ignores versions there).
87
121
 
88
122
  When in doubt, open an issue and just ask.
89
123
 
90
-
91
124
  ## Roadmap
92
125
 
93
126
  Pull Requests are welcome.
@@ -1,3 +1,3 @@
1
1
  module RubyDep
2
- VERSION = '1.2.0'.freeze
2
+ VERSION = '1.3.0'.freeze
3
3
  end
@@ -1,21 +1,22 @@
1
1
  module RubyDep
2
2
  class Warning
3
- MSG_BUGGY = 'RubyDep: WARNING: your Ruby is outdated/buggy.'\
4
- ' Please upgrade.'.freeze
5
-
6
- MSG_INSECURE = 'RubyDep: WARNING: your Ruby has security vulnerabilities!'\
7
- ' Please upgrade!'.freeze
3
+ PREFIX = 'RubyDep: WARNING: '.freeze
4
+ MSG_BUGGY = 'Your Ruby is outdated/buggy.'.freeze
5
+ MSG_INSECURE = 'Your Ruby has security vulnerabilities!'.freeze
8
6
 
9
7
  MSG_HOW_TO_DISABLE = ' (To disable warnings, set'\
10
8
  ' RUBY_DEP_GEM_SILENCE_WARNINGS=1)'.freeze
11
9
 
10
+ OPEN_ISSUE_FOR_UNRECOGNIZED = 'If this version is important,'\
11
+ ' please open an issue at http://github.com/e2/ruby_dep'.freeze
12
+
12
13
  def show_warnings
13
14
  return if silenced?
14
- case check_ruby
15
+ case (status = check_ruby)
15
16
  when :insecure
16
- STDERR.puts MSG_INSECURE + MSG_HOW_TO_DISABLE
17
+ warn_ruby(MSG_INSECURE, status)
17
18
  when :buggy
18
- STDERR.puts MSG_BUGGY + MSG_HOW_TO_DISABLE
19
+ warn_ruby(MSG_BUGGY, status)
19
20
  when :unknown
20
21
  else
21
22
  raise "Unknown problem type: #{problem.inspect}"
@@ -43,8 +44,7 @@ module RubyDep
43
44
 
44
45
  def check_ruby
45
46
  version = Gem::Version.new(RUBY_VERSION)
46
- info = VERSION_INFO[RUBY_ENGINE] || {}
47
- info.each do |ruby, status|
47
+ current_ruby_info.each do |ruby, status|
48
48
  return status if version >= Gem::Version.new(ruby)
49
49
  end
50
50
  :insecure
@@ -54,5 +54,43 @@ module RubyDep
54
54
  value = ENV['RUBY_DEP_GEM_SILENCE_WARNINGS']
55
55
  (value || '0') !~ /^0|false|no|n$/
56
56
  end
57
+
58
+ def warn_ruby(msg, status)
59
+ STDERR.puts PREFIX + msg + MSG_HOW_TO_DISABLE
60
+ STDERR.puts PREFIX + recommendation(status)
61
+ end
62
+
63
+ def recommendation(status)
64
+ msg = "Your Ruby is: #{RUBY_VERSION}"
65
+ return msg + recommendation_for_unknown unless recognized?
66
+
67
+ msg += " (#{status})."
68
+ msg += " Recommendation: install #{recommended(:unknown).join(' or ')}."
69
+ return msg unless status == :insecure
70
+
71
+ msg + " (Or, at least to #{recommended(:buggy).join(' or ')})"
72
+ end
73
+
74
+ def recommended(status)
75
+ current = Gem::Version.new(RUBY_VERSION)
76
+ current_ruby_info.select do |key, value|
77
+ value == status && Gem::Version.new(key) > current
78
+ end.keys.reverse
79
+ end
80
+
81
+ def current_ruby_info
82
+ VERSION_INFO[RUBY_ENGINE] || {}
83
+ end
84
+
85
+ def recognized?
86
+ current_ruby_info.any?
87
+ end
88
+
89
+ def recommendation_for_unknown
90
+ format(
91
+ " '%s' (unrecognized). %s", RUBY_ENGINE,
92
+ OPEN_ISSUE_FOR_UNRECOGNIZED
93
+ )
94
+ end
57
95
  end
58
96
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_dep
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cezary Baginski
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-05-02 00:00:00.000000000 Z
11
+ date: 2016-05-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -55,10 +55,10 @@ required_ruby_version: !ruby/object:Gem::Requirement
55
55
  requirements:
56
56
  - - "~>"
57
57
  - !ruby/object:Gem::Version
58
- version: '2.2'
58
+ version: '2.0'
59
59
  - - ">="
60
60
  - !ruby/object:Gem::Version
61
- version: 2.2.3
61
+ version: 2.0.0
62
62
  required_rubygems_version: !ruby/object:Gem::Requirement
63
63
  requirements:
64
64
  - - ">="