ruby_dep 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 139539b2a5db649646809eb696ded2cdc83f22de
-  data.tar.gz: 2b0ba1b76e1c066696672d43faff2d77bf841e7c
+  metadata.gz: 782eb4ea6e3f9bdef3c0fc6e8aa591e9c8f7c5f6
+  data.tar.gz: fccceb0ba3fd479097d7d7d3389ef020dbb97576
 SHA512:
-  metadata.gz: c7e5f69acb5b96a247fcd7dcab013a54a2141b31241e3e6cbbc047d519189ae7bab7d50a0d1ebdd1c5fa32ccb90753d8ffbdaeae48aefe172ba4fd3504b61dd9
-  data.tar.gz: fc40843fe82fd96af98ea6762134a8c8d31f89b6ab0732bc8f60cb4b2a328fb14ec3176c23221f528e1e4fa1e00280cf46ca60d2e95f591dae24daa25e5834d5
+  metadata.gz: 54fa44582f5e69b391f3916314e7761325969c3d4aea0975fd9cdc8a73b4713956a9b52b78463af42373aab1b1c2cf8911a0b57d6c5a708ba0ff053a4fd3a0c3
+  data.tar.gz: 014bb073e3835e97dc4a5cfe8ad451a825b5966bf2609bed1b71a3bb9da276bbd6fb5ec72a21bc23593d2cc0062291dec9913ff4d0a485ee72a2e61e6ea1b356

data/.travis.yml

@@ -2,6 +2,8 @@ sudo: false
 language: ruby
 bundler_args: --without development
 rvm:
+  - 2.0.0
+  - 2.1.9
   - 2.2.4
   - jruby-9.0.5.0
 before_install: gem install bundler -v 1.12.1

data/README.md

@@ -2,44 +2,50 @@
 
 [![Gem Version](https://img.shields.io/gem/v/ruby_dep.svg?style=flat)](https://rubygems.org/gems/ruby_dep) [![Build Status](https://travis-ci.org/e2/ruby_dep.svg)](https://travis-ci.org/e2/ruby_dep)
 
-## The problem
+## Description
 
-Your gem shouldn't (and likely doesn't) support all possible Ruby versions.
+RubyDep helps users avoid incompatible, buggy and insecure Ruby versions.
 
-(And not all Ruby versions are secure to even be installed).
+It's for gem owners to add to their runtime dependencies in their gemspec.
 
-You need a way to protect users who don't know about this. So, you need to tell users which Ruby versions you support in:
+1. It automatically sets your gemspec's `required_ruby_version` based on rubies tested in your `.travis-yml`
+2. It warns users of your project if they're using a buggy or vulnerable version of Ruby
 
-1. Your gemspec
-2. Your README
-3. Your .travis.yml file
-4. Any issues you get about which version of Ruby is supported or not
+NOTE: RubyDep uses it's own approach on itself. This means it can only be installed on Ruby versions tested here: [check out the Travis build status](https://travis-ci.org/e2/ruby_dep). If you need support for an different/older version of Ruby, open an issue with "backport" in the title and provide a compelling case for supporting the version of Ruby you need. 
+When in doubt, open a new issue or [read the FAQ on the Wiki](https://github.com/e2/ruby_dep/wiki/FAQ).
 
-But, maintaning that information in 4 different places breaks the principle of
-single responsibility.
 
-And users often don't really "read" a README if they can avoid it.
+## Problem 1: "Which version of Ruby does your project support?"
 
+Your gem shouldn't (and likely doesn't) support all possible Ruby versions.
 
-## The solution
+So you have to tell users which versions your gem supports.
 
-This gem helps you and your project users avoid Ruby version problems by:
+But, there are at least 3 places where you list the Rubies you support:
 
-- warning users if their Ruby is seriously outdated or contains serious vulnerabilities
-- helps you manage which Ruby versions you actually support (and prevents installing other versions)
+1. Your gemspec
+2. Your README
+3. Your .travis.yml file
+ 
+That breaks the principle of single responsibility.
 
-How? This gems detects which Ruby version users are using and which ones your project supports.
+Is it possible to just list the supported Rubies in just one place?
 
-It assumes you are using Travis and the versions listed in your `.travis.yml` are supported.
+Yes. That's what RubyDep helps with.
 
-This helps you limit the Ruby versions you support - just by adding/removing entries in your Travis configuration file.
+## Solution to problem 1
 
-Also, you it can warn users if they are using an outdated version of Ruby.
+Since Travis doesn't allow generated `.travis.yml` files, option 3 is the only choice.
 
-(Or one with security vulnerabilities).
+With RubyDep, your gemspec's `required_ruby_version` can be automatically set based on which Rubies you test your gem on.
 
+What about the README? Well, just insert a link to your Travis build status page!
 
-## Usage
+If you're running Travis builds on a Ruby you support (and it's not in the "allow failures" section), it means you support that version of Ruby, right?
+
+RubyDep intelligently creates a version constraint to encompass Rubies listed in your `.travis.yml`.
+
+## Usage (to solve Problem 1)
 
 ### E.g. in your gemspec file:
 
@@ -62,32 +68,59 @@ If users see their Ruby version "green" on Travis, it suggests it's supported, r
 
 (Or, you can point to the rubygems.org site where the required Ruby version is listed).
 
+### In your `.travis.yml`:
+
+To add a "supported Ruby", simply add it to the Travis build. 
+
+To test a Ruby version, but not treat it as "supported", simply add that version to the `allowed_failures` section.
+
+
+## Problem 2: Users don't know they're using an obsolete/buggy/insecure version of Ruby
+
+Users don't track news updates on https://ruby-lang.org, so they may not know their ruby has known bugs or even serious security vulnerabilities.
 
-### In your library:
+And sometimes, that outdated/insecure Ruby is bundled by their operation system to begin with!
+
+## The solution to problem 2
+
+RubyDep has a small "database" of Ruby versions with information about which are buggy and insecure.
+
+If you like, your gem can use RubyDep to show those warnings - to encourage users to upgrade and protect them from nasty bugs or bad security holes.
+
+This way, when most of the Ruby community has switched to newer versions, everyone can be more productive by having faster, more stable and more feature-rich tools. And less time will be wasted supporting obsolete versions that users simply don't know are worth upgrading.
+
+This also helps users understand that they should nudge their hosting providers, managers and package maintainers to provided up-to-date versions of Ruby to that everyone can benefit.
+
+### Usage (to solve Problem 2)
+
+In your gemspec:
+
+```ruby
+s.add_runtime_dependency 'ruby_dep', '~> 1.1'
+```
+
+Somewhere in your library: 
 
 ```ruby
 require 'ruby_dep/warnings'
 RubyDep::Warning.show_warnings
+ENV['RUBY_DEP_GEM_SILENCE_WARNINGS'] = '1' # to ignore repeating the warning if other gems use `ruby_dep` too
 ```
 
-## Tips
+That way, as soon as there's a severe vulnerability discovered in Ruby (and RubyDep is updated), users will be notified quickly.
 
-To disable warnings, just set the following environment variable:
 
-`RUBY_DEP_GEM_SILENCE_WARNINGS=1`
-
-You can follow these rules of thumb:
+## Tips
 
-1. Avoid changing major version numbers, even if you're dropping a major version of Ruby (e.g. 1.9.2)
-2. If you want to support a current version, add it to your `.travis.yml` (e.g. Ruby 2.3.1)
+1. To disable warnings, just set the following environment variable: `RUBY_DEP_GEM_SILENCE_WARNINGS=1`
+2. If you want to support a newer version of Ruby, just add it to your `.travis.yml` (e.g. ruby-2.3.1)
 3. To support an earlier version of Ruby, add it to your `.travis.yml` and release a new gem version.
-4. If you want to support a range of Rubies, include the whole range without gaps in minor version numbers (e.g. 2.0.0, 2.1.0, 2.2.0, 2.3.0)
-5. If you just want to test a Ruby version (but not actually support it), put it into the "allow failures" part of your Travis build matrix.
-6. If you want to drop support for a Ruby, remove it from the `.travis.yml` and just bump your gem's minor number.
+4. If you want to support a range of Rubies, include the whole range without gaps in minor version numbers (e.g. 2.0, 2.1, 2.2, 2.3) and ruby_dep will use the whole range. (If there's a gap, older versions will be considered "unsupported").
+5. If you want to drop support for a Ruby, remove it from the `.travis.yml` and just bump your gem's minor number (Yes! Bumping just the minor if fine according to SemVer).
+5. If you just want to test a Ruby version (but not actually support it), put it into the `allow failures` part of your Travis build matrix. (ruby_dep ignores versions there).
 
 When in doubt, open an issue and just ask.
 
-
 ## Roadmap
 
 Pull Requests are welcome.

data/lib/ruby_dep/version.rb

@@ -1,3 +1,3 @@
 module RubyDep
-  VERSION = '1.2.0'.freeze
+  VERSION = '1.3.0'.freeze
 end

data/lib/ruby_dep/warning.rb

@@ -1,21 +1,22 @@
 module RubyDep
   class Warning
-    MSG_BUGGY = 'RubyDep: WARNING: your Ruby is outdated/buggy.'\
-      ' Please upgrade.'.freeze
-
-    MSG_INSECURE = 'RubyDep: WARNING: your Ruby has security vulnerabilities!'\
-      ' Please upgrade!'.freeze
+    PREFIX = 'RubyDep: WARNING: '.freeze
+    MSG_BUGGY = 'Your Ruby is outdated/buggy.'.freeze
+    MSG_INSECURE = 'Your Ruby has security vulnerabilities!'.freeze
 
     MSG_HOW_TO_DISABLE = ' (To disable warnings, set'\
       ' RUBY_DEP_GEM_SILENCE_WARNINGS=1)'.freeze
 
+    OPEN_ISSUE_FOR_UNRECOGNIZED = 'If this version is important,'\
+      ' please open an issue at http://github.com/e2/ruby_dep'.freeze
+
     def show_warnings
       return if silenced?
-      case check_ruby
+      case (status = check_ruby)
       when :insecure
-        STDERR.puts MSG_INSECURE + MSG_HOW_TO_DISABLE
+        warn_ruby(MSG_INSECURE, status)
       when :buggy
-        STDERR.puts MSG_BUGGY + MSG_HOW_TO_DISABLE
+        warn_ruby(MSG_BUGGY, status)
       when :unknown
       else
         raise "Unknown problem type: #{problem.inspect}"
@@ -43,8 +44,7 @@ module RubyDep
 
     def check_ruby
       version = Gem::Version.new(RUBY_VERSION)
-      info = VERSION_INFO[RUBY_ENGINE] || {}
-      info.each do |ruby, status|
+      current_ruby_info.each do |ruby, status|
         return status if version >= Gem::Version.new(ruby)
       end
       :insecure
@@ -54,5 +54,43 @@ module RubyDep
       value = ENV['RUBY_DEP_GEM_SILENCE_WARNINGS']
       (value || '0') !~ /^0|false|no|n$/
     end
+
+    def warn_ruby(msg, status)
+      STDERR.puts PREFIX + msg + MSG_HOW_TO_DISABLE
+      STDERR.puts PREFIX + recommendation(status)
+    end
+
+    def recommendation(status)
+      msg = "Your Ruby is: #{RUBY_VERSION}"
+      return msg + recommendation_for_unknown unless recognized?
+
+      msg += " (#{status})."
+      msg += " Recommendation: install #{recommended(:unknown).join(' or ')}."
+      return msg unless status == :insecure
+
+      msg + " (Or, at least to #{recommended(:buggy).join(' or ')})"
+    end
+
+    def recommended(status)
+      current = Gem::Version.new(RUBY_VERSION)
+      current_ruby_info.select do |key, value|
+        value == status && Gem::Version.new(key) > current
+      end.keys.reverse
+    end
+
+    def current_ruby_info
+      VERSION_INFO[RUBY_ENGINE] || {}
+    end
+
+    def recognized?
+      current_ruby_info.any?
+    end
+
+    def recommendation_for_unknown
+      format(
+        " '%s' (unrecognized). %s", RUBY_ENGINE,
+        OPEN_ISSUE_FOR_UNRECOGNIZED
+      )
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_dep
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Cezary Baginski
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-05-02 00:00:00.000000000 Z
+date: 2016-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -55,10 +55,10 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.0'
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.3
+      version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="