snaky_hash 2.0.4 → 2.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +43 -3
- data/CITATION.cff +9 -12
- data/CODE_OF_CONDUCT.md +3 -4
- data/CONTRIBUTING.md +198 -65
- data/FUNDING.md +74 -0
- data/LICENSE.md +10 -0
- data/README.md +344 -296
- data/RUBOCOP.md +71 -0
- data/SECURITY.md +11 -15
- data/certs/pboling.pem +27 -0
- data/lib/snaky_hash/extensions.rb +0 -0
- data/lib/snaky_hash/serializer.rb +0 -0
- data/lib/snaky_hash/snake.rb +0 -0
- data/lib/snaky_hash/string_keyed.rb +0 -0
- data/lib/snaky_hash/symbol_keyed.rb +0 -0
- data/lib/snaky_hash/version.rb +1 -7
- data/lib/snaky_hash.rb +0 -0
- data/sig/snaky_hash/version.rbs +6 -0
- data/sig/snaky_hash.rbs +0 -1
- data.tar.gz.sig +0 -0
- metadata +61 -35
- metadata.gz.sig +0 -0
- data/IRP.md +0 -107
- data/LICENSE.txt +0 -21
- data/REEK +0 -27
data/RUBOCOP.md
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# RuboCop Usage Guide
|
|
2
|
+
|
|
3
|
+
## Overview
|
|
4
|
+
|
|
5
|
+
A tale of two RuboCop plugin gems.
|
|
6
|
+
|
|
7
|
+
### RuboCop Gradual
|
|
8
|
+
|
|
9
|
+
This project uses `rubocop_gradual` instead of vanilla RuboCop for code style checking. The `rubocop_gradual` tool allows for gradual adoption of RuboCop rules by tracking violations in a lock file.
|
|
10
|
+
|
|
11
|
+
### RuboCop LTS
|
|
12
|
+
|
|
13
|
+
This project uses `rubocop-lts` to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
|
|
14
|
+
RuboCop rules are meticulously configured by the `rubocop-lts` family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.
|
|
15
|
+
|
|
16
|
+
## Checking RuboCop Violations
|
|
17
|
+
|
|
18
|
+
To check for RuboCop violations in this project, always use:
|
|
19
|
+
|
|
20
|
+
```bash
|
|
21
|
+
bundle exec rake rubocop_gradual:check
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
**Do not use** the standard RuboCop commands like:
|
|
25
|
+
- `bundle exec rubocop`
|
|
26
|
+
- `rubocop`
|
|
27
|
+
|
|
28
|
+
## Understanding the Lock File
|
|
29
|
+
|
|
30
|
+
The `.rubocop_gradual.lock` file tracks all current RuboCop violations in the project. This allows the team to:
|
|
31
|
+
|
|
32
|
+
1. Prevent new violations while gradually fixing existing ones
|
|
33
|
+
2. Track progress on code style improvements
|
|
34
|
+
3. Ensure CI builds don't fail due to pre-existing violations
|
|
35
|
+
|
|
36
|
+
## Common Commands
|
|
37
|
+
|
|
38
|
+
- **Check violations**
|
|
39
|
+
- `bundle exec rake rubocop_gradual`
|
|
40
|
+
- `bundle exec rake rubocop_gradual:check`
|
|
41
|
+
- **(Safe) Autocorrect violations, and update lockfile if no new violations**
|
|
42
|
+
- `bundle exec rake rubocop_gradual:autocorrect`
|
|
43
|
+
- **Force update the lock file (w/o autocorrect) to match violations present in code**
|
|
44
|
+
- `bundle exec rake rubocop_gradual:force_update`
|
|
45
|
+
|
|
46
|
+
## Workflow
|
|
47
|
+
|
|
48
|
+
1. Before submitting a PR, run `bundle exec rake rubocop_gradual:autocorrect`
|
|
49
|
+
a. or just the default `bundle exec rake`, as autocorrection is a pre-requisite of the default task.
|
|
50
|
+
2. If there are new violations, either:
|
|
51
|
+
- Fix them in your code
|
|
52
|
+
- Run `bundle exec rake rubocop_gradual:force_update` to update the lock file (only for violations you can't fix immediately)
|
|
53
|
+
3. Commit the updated `.rubocop_gradual.lock` file along with your changes
|
|
54
|
+
|
|
55
|
+
## Never add inline RuboCop disables
|
|
56
|
+
|
|
57
|
+
Do not add inline `rubocop:disable` / `rubocop:enable` comments anywhere in the codebase (including specs, except when following the few existing `rubocop:disable` patterns for a rule already being disabled elsewhere in the code). We handle exceptions in two supported ways:
|
|
58
|
+
|
|
59
|
+
- Permanent/structural exceptions: prefer adjusting the RuboCop configuration (e.g., in `.rubocop.yml`) to exclude a rule for a path or file pattern when it makes sense project-wide.
|
|
60
|
+
- Temporary exceptions while improving code: record the current violations in `.rubocop_gradual.lock` via the gradual workflow:
|
|
61
|
+
- `bundle exec rake rubocop_gradual:autocorrect` (preferred; will autocorrect what it can and update the lock only if no new violations were introduced)
|
|
62
|
+
- If needed, `bundle exec rake rubocop_gradual:force_update` (as a last resort when you cannot fix the newly reported violations immediately)
|
|
63
|
+
|
|
64
|
+
In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect `described_class` to be used in specs that target a specific class under test.
|
|
65
|
+
|
|
66
|
+
## Benefits of rubocop_gradual
|
|
67
|
+
|
|
68
|
+
- Allows incremental adoption of code style rules
|
|
69
|
+
- Prevents CI failures due to pre-existing violations
|
|
70
|
+
- Provides a clear record of code style debt
|
|
71
|
+
- Enables focused efforts on improving code quality over time
|
data/SECURITY.md
CHANGED
|
@@ -2,24 +2,20 @@
|
|
|
2
2
|
|
|
3
3
|
## Supported Versions
|
|
4
4
|
|
|
5
|
-
| Version
|
|
6
|
-
|
|
7
|
-
| 2.0.
|
|
8
|
-
| 1.0.x | | | |
|
|
5
|
+
| Version | Supported |
|
|
6
|
+
|----------|-----------|
|
|
7
|
+
| 2.0.latest | ✅ |
|
|
9
8
|
|
|
10
|
-
|
|
9
|
+
## Security contact information
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
## Reporting a Vulnerability
|
|
15
|
-
|
|
16
|
-
To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
|
|
11
|
+
To report a security vulnerability, please use the
|
|
12
|
+
[Tidelift security contact](https://tidelift.com/security).
|
|
17
13
|
Tidelift will coordinate the fix and disclosure.
|
|
18
14
|
|
|
19
|
-
##
|
|
20
|
-
|
|
21
|
-
Available as part of the Tidelift Subscription.
|
|
15
|
+
## Additional Support
|
|
22
16
|
|
|
23
|
-
|
|
17
|
+
If you are interested in support for versions older than the latest release,
|
|
18
|
+
please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
|
|
19
|
+
or find other sponsorship links in the [README].
|
|
24
20
|
|
|
25
|
-
[
|
|
21
|
+
[README]: README.md
|
data/certs/pboling.pem
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
|
2
|
+
MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
|
|
3
|
+
ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
|
|
4
|
+
A2NvbTAeFw0yNTA1MDQxNTMzMDlaFw00NTA0MjkxNTMzMDlaMEMxFTATBgNVBAMM
|
|
5
|
+
DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
|
|
6
|
+
LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAruUoo0WA
|
|
7
|
+
uoNuq6puKWYeRYiZekz/nsDeK5x/0IEirzcCEvaHr3Bmz7rjo1I6On3gGKmiZs61
|
|
8
|
+
LRmQ3oxy77ydmkGTXBjruJB+pQEn7UfLSgQ0xa1/X3kdBZt6RmabFlBxnHkoaGY5
|
|
9
|
+
mZuZ5+Z7walmv6sFD9ajhzj+oIgwWfnEHkXYTR8I6VLN7MRRKGMPoZ/yvOmxb2DN
|
|
10
|
+
coEEHWKO9CvgYpW7asIihl/9GMpKiRkcYPm9dGQzZc6uTwom1COfW0+ZOFrDVBuV
|
|
11
|
+
FMQRPswZcY4Wlq0uEBLPU7hxnCL9nKK6Y9IhdDcz1mY6HZ91WImNslOSI0S8hRpj
|
|
12
|
+
yGOWxQIhBT3fqCBlRIqFQBudrnD9jSNpSGsFvbEijd5ns7Z9ZMehXkXDycpGAUj1
|
|
13
|
+
to/5cuTWWw1JqUWrKJYoifnVhtE1o1DZ+LkPtWxHtz5kjDG/zR3MG0Ula0UOavlD
|
|
14
|
+
qbnbcXPBnwXtTFeZ3C+yrWpE4pGnl3yGkZj9SMTlo9qnTMiPmuWKQDatAgMBAAGj
|
|
15
|
+
fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQE8uWvNbPVNRXZ
|
|
16
|
+
HlgPbc2PCzC4bjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
|
|
17
|
+
A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
|
|
18
|
+
ggGBAJbnUwfJQFPkBgH9cL7hoBfRtmWiCvdqdjeTmi04u8zVNCUox0A4gT982DE9
|
|
19
|
+
wmuN12LpdajxZONqbXuzZvc+nb0StFwmFYZG6iDwaf4BPywm2e/Vmq0YG45vZXGR
|
|
20
|
+
L8yMDSK1cQXjmA+ZBKOHKWavxP6Vp7lWvjAhz8RFwqF9GuNIdhv9NpnCAWcMZtpm
|
|
21
|
+
GUPyIWw/Cw/2wZp74QzZj6Npx+LdXoLTF1HMSJXZ7/pkxLCsB8m4EFVdb/IrW/0k
|
|
22
|
+
kNSfjtAfBHO8nLGuqQZVH9IBD1i9K6aSs7pT6TW8itXUIlkIUI2tg5YzW6OFfPzq
|
|
23
|
+
QekSkX3lZfY+HTSp/o+YvKkqWLUV7PQ7xh1ZYDtocpaHwgxe/j3bBqHE+CUPH2vA
|
|
24
|
+
0V/FwdTRWcwsjVoOJTrYcff8pBZ8r2MvtAc54xfnnhGFzeRHfcltobgFxkAXdE6p
|
|
25
|
+
DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt
|
|
26
|
+
L9nRqA==
|
|
27
|
+
-----END CERTIFICATE-----
|
|
File without changes
|
|
File without changes
|
data/lib/snaky_hash/snake.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/lib/snaky_hash/version.rb
CHANGED
|
@@ -1,14 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module SnakyHash
|
|
4
|
-
# Defines the version information for SnakyHash
|
|
5
|
-
#
|
|
6
|
-
# @api public
|
|
7
4
|
module Version
|
|
8
|
-
|
|
9
|
-
#
|
|
10
|
-
# @return [String] the current version in semantic versioning format
|
|
11
|
-
VERSION = "2.0.4"
|
|
5
|
+
VERSION = "2.0.6"
|
|
12
6
|
end
|
|
13
7
|
VERSION = Version::VERSION # Traditional Constant Location
|
|
14
8
|
end
|
data/lib/snaky_hash.rb
CHANGED
|
File without changes
|
data/sig/snaky_hash.rbs
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: snaky_hash
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- Peter Boling
|
|
7
|
+
- Peter H. Boling
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain:
|
|
10
10
|
- |
|
|
@@ -83,28 +83,34 @@ dependencies:
|
|
|
83
83
|
requirements:
|
|
84
84
|
- - "~>"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
|
-
version: '2.
|
|
86
|
+
version: '2.2'
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: 2.2.3
|
|
87
90
|
type: :development
|
|
88
91
|
prerelease: false
|
|
89
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
90
93
|
requirements:
|
|
91
94
|
- - "~>"
|
|
92
95
|
- !ruby/object:Gem::Version
|
|
93
|
-
version: '2.
|
|
96
|
+
version: '2.2'
|
|
97
|
+
- - ">="
|
|
98
|
+
- !ruby/object:Gem::Version
|
|
99
|
+
version: 2.2.3
|
|
94
100
|
- !ruby/object:Gem::Dependency
|
|
95
101
|
name: bundler-audit
|
|
96
102
|
requirement: !ruby/object:Gem::Requirement
|
|
97
103
|
requirements:
|
|
98
104
|
- - "~>"
|
|
99
105
|
- !ruby/object:Gem::Version
|
|
100
|
-
version: 0.9.
|
|
106
|
+
version: 0.9.3
|
|
101
107
|
type: :development
|
|
102
108
|
prerelease: false
|
|
103
109
|
version_requirements: !ruby/object:Gem::Requirement
|
|
104
110
|
requirements:
|
|
105
111
|
- - "~>"
|
|
106
112
|
- !ruby/object:Gem::Version
|
|
107
|
-
version: 0.9.
|
|
113
|
+
version: 0.9.3
|
|
108
114
|
- !ruby/object:Gem::Dependency
|
|
109
115
|
name: rake
|
|
110
116
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -145,40 +151,60 @@ dependencies:
|
|
|
145
151
|
requirements:
|
|
146
152
|
- - "~>"
|
|
147
153
|
- !ruby/object:Gem::Version
|
|
148
|
-
version: '3.
|
|
154
|
+
version: '3.1'
|
|
149
155
|
- - ">="
|
|
150
156
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: 3.
|
|
157
|
+
version: 3.1.1
|
|
152
158
|
type: :development
|
|
153
159
|
prerelease: false
|
|
154
160
|
version_requirements: !ruby/object:Gem::Requirement
|
|
155
161
|
requirements:
|
|
156
162
|
- - "~>"
|
|
157
163
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: '3.
|
|
164
|
+
version: '3.1'
|
|
159
165
|
- - ">="
|
|
160
166
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 3.
|
|
167
|
+
version: 3.1.1
|
|
162
168
|
- !ruby/object:Gem::Dependency
|
|
163
169
|
name: kettle-test
|
|
164
170
|
requirement: !ruby/object:Gem::Requirement
|
|
165
171
|
requirements:
|
|
166
172
|
- - "~>"
|
|
167
173
|
- !ruby/object:Gem::Version
|
|
168
|
-
version: '
|
|
174
|
+
version: '2.0'
|
|
169
175
|
- - ">="
|
|
170
176
|
- !ruby/object:Gem::Version
|
|
171
|
-
version:
|
|
177
|
+
version: 2.0.5
|
|
172
178
|
type: :development
|
|
173
179
|
prerelease: false
|
|
174
180
|
version_requirements: !ruby/object:Gem::Requirement
|
|
175
181
|
requirements:
|
|
176
182
|
- - "~>"
|
|
177
183
|
- !ruby/object:Gem::Version
|
|
178
|
-
version: '
|
|
184
|
+
version: '2.0'
|
|
179
185
|
- - ">="
|
|
180
186
|
- !ruby/object:Gem::Version
|
|
181
|
-
version:
|
|
187
|
+
version: 2.0.5
|
|
188
|
+
- !ruby/object:Gem::Dependency
|
|
189
|
+
name: turbo_tests2
|
|
190
|
+
requirement: !ruby/object:Gem::Requirement
|
|
191
|
+
requirements:
|
|
192
|
+
- - "~>"
|
|
193
|
+
- !ruby/object:Gem::Version
|
|
194
|
+
version: '3.1'
|
|
195
|
+
- - ">="
|
|
196
|
+
- !ruby/object:Gem::Version
|
|
197
|
+
version: 3.1.2
|
|
198
|
+
type: :development
|
|
199
|
+
prerelease: false
|
|
200
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
201
|
+
requirements:
|
|
202
|
+
- - "~>"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: '3.1'
|
|
205
|
+
- - ">="
|
|
206
|
+
- !ruby/object:Gem::Version
|
|
207
|
+
version: 3.1.2
|
|
182
208
|
- !ruby/object:Gem::Dependency
|
|
183
209
|
name: ruby-progressbar
|
|
184
210
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -219,20 +245,20 @@ dependencies:
|
|
|
219
245
|
requirements:
|
|
220
246
|
- - "~>"
|
|
221
247
|
- !ruby/object:Gem::Version
|
|
222
|
-
version: '
|
|
248
|
+
version: '2.0'
|
|
223
249
|
- - ">="
|
|
224
250
|
- !ruby/object:Gem::Version
|
|
225
|
-
version:
|
|
251
|
+
version: 2.0.1
|
|
226
252
|
type: :development
|
|
227
253
|
prerelease: false
|
|
228
254
|
version_requirements: !ruby/object:Gem::Requirement
|
|
229
255
|
requirements:
|
|
230
256
|
- - "~>"
|
|
231
257
|
- !ruby/object:Gem::Version
|
|
232
|
-
version: '
|
|
258
|
+
version: '2.0'
|
|
233
259
|
- - ">="
|
|
234
260
|
- !ruby/object:Gem::Version
|
|
235
|
-
version:
|
|
261
|
+
version: 2.0.1
|
|
236
262
|
- !ruby/object:Gem::Dependency
|
|
237
263
|
name: backports
|
|
238
264
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -253,10 +279,9 @@ dependencies:
|
|
|
253
279
|
- - ">="
|
|
254
280
|
- !ruby/object:Gem::Version
|
|
255
281
|
version: 3.25.1
|
|
256
|
-
description: "\
|
|
282
|
+
description: "\U0001F52E A Hashie::Mash joint to make #snakelife better"
|
|
257
283
|
email:
|
|
258
284
|
- floss@galtzo.com
|
|
259
|
-
- oauth-ruby@googlegroups.com
|
|
260
285
|
executables: []
|
|
261
286
|
extensions: []
|
|
262
287
|
extra_rdoc_files:
|
|
@@ -264,21 +289,22 @@ extra_rdoc_files:
|
|
|
264
289
|
- CITATION.cff
|
|
265
290
|
- CODE_OF_CONDUCT.md
|
|
266
291
|
- CONTRIBUTING.md
|
|
267
|
-
-
|
|
268
|
-
- LICENSE.
|
|
292
|
+
- FUNDING.md
|
|
293
|
+
- LICENSE.md
|
|
269
294
|
- README.md
|
|
270
|
-
-
|
|
295
|
+
- RUBOCOP.md
|
|
271
296
|
- SECURITY.md
|
|
272
297
|
files:
|
|
273
298
|
- CHANGELOG.md
|
|
274
299
|
- CITATION.cff
|
|
275
300
|
- CODE_OF_CONDUCT.md
|
|
276
301
|
- CONTRIBUTING.md
|
|
277
|
-
-
|
|
278
|
-
- LICENSE.
|
|
302
|
+
- FUNDING.md
|
|
303
|
+
- LICENSE.md
|
|
279
304
|
- README.md
|
|
280
|
-
-
|
|
305
|
+
- RUBOCOP.md
|
|
281
306
|
- SECURITY.md
|
|
307
|
+
- certs/pboling.pem
|
|
282
308
|
- lib/snaky_hash.rb
|
|
283
309
|
- lib/snaky_hash/extensions.rb
|
|
284
310
|
- lib/snaky_hash/serializer.rb
|
|
@@ -287,24 +313,24 @@ files:
|
|
|
287
313
|
- lib/snaky_hash/symbol_keyed.rb
|
|
288
314
|
- lib/snaky_hash/version.rb
|
|
289
315
|
- sig/snaky_hash.rbs
|
|
316
|
+
- sig/snaky_hash/version.rbs
|
|
290
317
|
homepage: https://github.com/ruby-oauth/snaky_hash
|
|
291
318
|
licenses:
|
|
292
319
|
- MIT
|
|
293
320
|
metadata:
|
|
294
|
-
homepage_uri: https://
|
|
295
|
-
source_code_uri: https://github.com/ruby-oauth/snaky_hash/tree/v2.0.
|
|
296
|
-
changelog_uri: https://github.com/ruby-oauth/snaky_hash/blob/v2.0.
|
|
321
|
+
homepage_uri: https://structuredmerge.org
|
|
322
|
+
source_code_uri: https://github.com/ruby-oauth/snaky_hash/tree/v2.0.6
|
|
323
|
+
changelog_uri: https://github.com/ruby-oauth/snaky_hash/blob/v2.0.6/CHANGELOG.md
|
|
297
324
|
bug_tracker_uri: https://github.com/ruby-oauth/snaky_hash/issues
|
|
298
|
-
documentation_uri: https://www.rubydoc.info/gems/snaky_hash/2.0.
|
|
299
|
-
mailing_list_uri: https://groups.google.com/g/oauth-ruby
|
|
325
|
+
documentation_uri: https://www.rubydoc.info/gems/snaky_hash/2.0.6
|
|
300
326
|
funding_uri: https://github.com/sponsors/pboling
|
|
301
|
-
wiki_uri: https://
|
|
327
|
+
wiki_uri: https://github.com/ruby-oauth/snaky_hash/wiki
|
|
302
328
|
news_uri: https://www.railsbling.com/tags/snaky_hash
|
|
303
329
|
discord_uri: https://discord.gg/3qme4XHNKN
|
|
304
330
|
rubygems_mfa_required: 'true'
|
|
305
331
|
rdoc_options:
|
|
306
332
|
- "--title"
|
|
307
|
-
- "snaky_hash - \
|
|
333
|
+
- "snaky_hash - \U0001F52E A very snaky hash"
|
|
308
334
|
- "--main"
|
|
309
335
|
- README.md
|
|
310
336
|
- "--exclude"
|
|
@@ -325,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
325
351
|
- !ruby/object:Gem::Version
|
|
326
352
|
version: '0'
|
|
327
353
|
requirements: []
|
|
328
|
-
rubygems_version: 4.0.
|
|
354
|
+
rubygems_version: 4.0.10
|
|
329
355
|
specification_version: 4
|
|
330
|
-
summary: "\
|
|
356
|
+
summary: "\U0001F52E A very snaky hash"
|
|
331
357
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|
data/IRP.md
DELETED
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
# Incident Response Plan (IRP)
|
|
2
|
-
|
|
3
|
-
Status: Draft
|
|
4
|
-
|
|
5
|
-
## Purpose
|
|
6
|
-
|
|
7
|
-
This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the `snaky_hash` gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
|
|
8
|
-
|
|
9
|
-
## Scope
|
|
10
|
-
|
|
11
|
-
Applies to security incidents that affect the `snaky_hash` codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
|
|
12
|
-
|
|
13
|
-
## Key assumptions
|
|
14
|
-
- This project is maintained primarily by a single maintainer.
|
|
15
|
-
- Public vulnerability disclosure is handled via Tidelift (see `SECURITY.md`).
|
|
16
|
-
- The maintainer will act as incident commander unless otherwise delegated.
|
|
17
|
-
|
|
18
|
-
## Contact & Roles
|
|
19
|
-
|
|
20
|
-
- Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
|
|
21
|
-
- Secondary Contact: (optional) A trusted collaborator or organization contact if available.
|
|
22
|
-
|
|
23
|
-
### If you are an external reporter
|
|
24
|
-
- Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
|
|
25
|
-
- See `SECURITY.md` for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in `SECURITY.md` (if available) or email the maintainer contact listed in the repository.
|
|
26
|
-
|
|
27
|
-
## Incident Handling Workflow (high level)
|
|
28
|
-
1. Identification & Reporting
|
|
29
|
-
- Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
|
|
30
|
-
- Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
|
|
31
|
-
|
|
32
|
-
2. Triage & Initial Assessment (first 72 hours)
|
|
33
|
-
- Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
|
|
34
|
-
- Verify the issue against the codebase and reproduce locally if possible.
|
|
35
|
-
- Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
|
|
36
|
-
|
|
37
|
-
3. Containment & Mitigation
|
|
38
|
-
- If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
|
|
39
|
-
- If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
|
|
40
|
-
|
|
41
|
-
4. Remediation & Patch
|
|
42
|
-
- Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
|
|
43
|
-
- Include tests that reproduce the faulty behavior and demonstrate the fix.
|
|
44
|
-
- Hardening: add fuzz tests, input validation, or additional checks as appropriate.
|
|
45
|
-
|
|
46
|
-
5. Release & Disclosure
|
|
47
|
-
- Coordinate disclosure through Tidelift per `SECURITY.md` timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
|
|
48
|
-
- Publish a patch release (increment gem version) and an advisory via Tidelift.
|
|
49
|
-
- Update `CHANGELOG.md` and repository release notes with non-sensitive details.
|
|
50
|
-
|
|
51
|
-
6. Post-Incident
|
|
52
|
-
- Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
|
|
53
|
-
- Add/adjust tests and CI checks to prevent regressions.
|
|
54
|
-
- If credentials or infrastructure were compromised, rotate secrets and audit access.
|
|
55
|
-
|
|
56
|
-
## Severity classification (guidance)
|
|
57
|
-
- High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
|
|
58
|
-
- Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
|
|
59
|
-
- Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
|
|
60
|
-
|
|
61
|
-
## Preservation of evidence
|
|
62
|
-
- Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
|
|
63
|
-
- Do not publish evidence that would enable exploitation before coordinated disclosure.
|
|
64
|
-
|
|
65
|
-
## Communication templates
|
|
66
|
-
Acknowledgement (to reporter)
|
|
67
|
-
|
|
68
|
-
"Thank you for reporting this issue. I've received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project's security policy."
|
|
69
|
-
|
|
70
|
-
Public advisory (after patch is ready)
|
|
71
|
-
|
|
72
|
-
"A security advisory for snaky_hash (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations."
|
|
73
|
-
|
|
74
|
-
## Runbook: Quick steps for a maintainer to patch and release
|
|
75
|
-
1. Create a branch: `git checkout -b fix/security-brief-description`
|
|
76
|
-
2. Reproduce the issue locally and add a regression spec in `spec/`.
|
|
77
|
-
3. Implement the fix and run the test suite: `bundle exec rspec` (or the project's preferred test command).
|
|
78
|
-
4. Bump version in `lib/snaky_hash/version.rb` following semantic versioning.
|
|
79
|
-
5. Update `CHANGELOG.md` with an entry describing the fix (avoid exploit details).
|
|
80
|
-
6. Commit and push the branch, open a PR, and merge after approvals.
|
|
81
|
-
7. Build and push the gem: `gem build snaky_hash.gemspec && gem push pkg/...` (coordinate with Tidelift before public push if disclosure is coordinated).
|
|
82
|
-
8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
|
|
83
|
-
|
|
84
|
-
## Operational notes
|
|
85
|
-
- Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
|
|
86
|
-
- Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
|
|
87
|
-
|
|
88
|
-
## Legal & regulatory
|
|
89
|
-
- If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications.
|
|
90
|
-
|
|
91
|
-
## Retrospective & continuous improvement
|
|
92
|
-
After an incident, perform a brief post-incident review covering:
|
|
93
|
-
- What happened and why
|
|
94
|
-
- What was done to contain and remediate
|
|
95
|
-
- What tests or process changes will prevent recurrence
|
|
96
|
-
- Assign owners and deadlines for follow-up tasks
|
|
97
|
-
|
|
98
|
-
## References
|
|
99
|
-
- See `SECURITY.md` for the project's official disclosure channel (Tidelift).
|
|
100
|
-
|
|
101
|
-
## Appendix: Example checklist for an incident
|
|
102
|
-
- [ ] Acknowledge report to reporter (24-72 hours)
|
|
103
|
-
- [ ] Reproduce and classify severity
|
|
104
|
-
- [ ] Prepare and test a fix in a branch
|
|
105
|
-
- [ ] Coordinate disclosure via Tidelift
|
|
106
|
-
- [ ] Publish patch release and advisory
|
|
107
|
-
- [ ] Postmortem and follow-up actions
|
data/LICENSE.txt
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
The MIT License (MIT)
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2022, 2025-2026 Peter Boling
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
-
in the Software without restriction, including without limitation the rights
|
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
-
furnished to do so, subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in
|
|
13
|
-
all copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
21
|
-
THE SOFTWARE.
|
data/REEK
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
spec/snaky_hash/snake_spec.rb -- 1 warning:
|
|
2
|
-
[4]:IrresponsibleModule: TheSnakedHash has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
|
|
3
|
-
lib/snaky_hash/extensions.rb -- 1 warning:
|
|
4
|
-
[11]:InstanceVariableAssumption: SnakyHash::Extensions assumes too much for instance variable '@extensions' [https://github.com/troessner/reek/blob/v6.5.0/docs/Instance-Variable-Assumption.md]
|
|
5
|
-
lib/snaky_hash/serializer.rb -- 7 warnings:
|
|
6
|
-
[132]:NilCheck: SnakyHash::Serializer#blank? performs a nil-check [https://github.com/troessner/reek/blob/v6.5.0/docs/Nil-Check.md]
|
|
7
|
-
[180]:TooManyStatements: SnakyHash::Serializer#load_hash has approx 6 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
|
|
8
|
-
[99]:TooManyStatements: SnakyHash::Serializer::BackportedInstanceMethods#transform_values has approx 7 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
|
|
9
|
-
[58]:TooManyStatements: SnakyHash::Serializer::Modulizer#to_extended_mod has approx 13 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
|
|
10
|
-
[170]:UncommunicativeVariableName: SnakyHash::Serializer#dump_value has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
|
|
11
|
-
[214]:UncommunicativeVariableName: SnakyHash::Serializer#load_value has the variable name 'v' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
|
|
12
|
-
[131]:UtilityFunction: SnakyHash::Serializer#blank? doesn't depend on instance state (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Utility-Function.md]
|
|
13
|
-
lib/snaky_hash/snake.rb -- 11 warnings:
|
|
14
|
-
[30]:BooleanParameter: SnakyHash::Snake#initialize has boolean parameter 'serializer' [https://github.com/troessner/reek/blob/v6.5.0/docs/Boolean-Parameter.md]
|
|
15
|
-
[69, 75]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'define_method(:convert_key)' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
16
|
-
[69, 75]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'key.respond_to?(:to_sym)' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
17
|
-
[69, 75]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'key.to_s' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
18
|
-
[87, 91]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'self.class' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
19
|
-
[69, 75]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'underscore_string(key.to_s)' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
20
|
-
[88, 90]:DuplicateMethodCall: SnakyHash::Snake::SnakyModulizer#to_mod calls 'val.dup' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
|
|
21
|
-
[69, 75]:ManualDispatch: SnakyHash::Snake::SnakyModulizer#to_mod manually dispatches method call [https://github.com/troessner/reek/blob/v6.5.0/docs/Manual-Dispatch.md]
|
|
22
|
-
[93]:NestedIterators: SnakyHash::Snake::SnakyModulizer#to_mod contains iterators nested 2 deep [https://github.com/troessner/reek/blob/v6.5.0/docs/Nested-Iterators.md]
|
|
23
|
-
[56]:TooManyStatements: SnakyHash::Snake::SnakyModulizer#to_mod has approx 17 statements [https://github.com/troessner/reek/blob/v6.5.0/docs/Too-Many-Statements.md]
|
|
24
|
-
[93]:UncommunicativeVariableName: SnakyHash::Snake::SnakyModulizer#to_mod has the variable name 'e' [https://github.com/troessner/reek/blob/v6.5.0/docs/Uncommunicative-Variable-Name.md]
|
|
25
|
-
.yard_gfm_support.rb -- 1 warning:
|
|
26
|
-
[9, 9]:FeatureEnvy: KramdownGfmDocument#initialize refers to 'options' more than self (maybe move it to another class?) [https://github.com/troessner/reek/blob/v6.5.0/docs/Feature-Envy.md]
|
|
27
|
-
21 total warnings
|