🚨 [security] Update rubocop-rspec 3.0.2 → 3.6.0 (minor) #898
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ rubocop-rspec (3.0.2 → 3.6.0) · Repo · Changelog
Release Notes
3.6.0
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.5
3.0.4
3.0.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 10 commits:
Bump version.
Update CI matrix, remove redundant `context`s from specs (#42)
Replace bacon with rspec (#41)
Use latest ruby versions on test job (#39)
Bump actions/checkout (#38)
Use `require_relative` instead of `require` (#37)
Update Rubies in CI (#35)
Fix usage example for Sexp (#36)
Fix broken link
Fixnum is now spelled Integer (#33)
Security Advisories 🚨
🚨 Out-of-bounds Read in Ruby JSON Parser
Release Notes
2.10.2
2.10.1 (from changelog)
2.10.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 73 commits:
Release 2.10.2
Merge commit from fork
Fix potential out of bound read in `json_string_unescape`.
Merge pull request #762 from byroot/invalid-escape
Raise a ParserError on all incomplete unicode escape sequence.
Avoid fast-path IO writes when IO has ext enc
Merge pull request #757 from rahim/fix-generator-error-no-method-error
Fix JSON::GeneratorError#detailed_message with Ruby < 3.2
Merge pull request #756 from byroot/utf8-snippets
Ensure parser error snippets are valid UTF-8
Merge pull request #753 from ioquatix/json-dump-options
Pass through all options if present.
Release 2.10.1
Merge pull request #749 from byroot/fix-state-roundtrip
Fix a compatibility issue with `MultiJson.dump(obj, pretty: true)`
Update changelog
Release 2.10.0
Apply recent C optimizations to Java encoder (#725)
Skip installing ragel on CI
Merge pull request #745 from etiennebarrie/optimize-symbol-generation
Merge pull request #746 from etiennebarrie/fix-json-coder-NaN-Infinity
Optimize Symbol generation in strict mode
Fix JSON::Coder to call as_json proc for NaN and Infinity
Merge pull request #744 from eregon/optimize-utf8_to_json
Optimize and cleanup #utf8_to_json
Refactor further to expose the simpler escape search possible
Merge pull request #742 from byroot/refactor-convert-utf8
Refactor convert_UTF8_to_JSON to split searching and escaping code
Merge pull request #741 from nobu/ctype-plain-char
Avoid plain char for ctype macros
Merge pull request #740 from Edouard-chin/ec-minor-fixed
Few doc tweaks:
Make benchmarks JRuby compatible
Update changelog
Merge pull request #718 from etiennebarrie/json-coder
Allow JSON::Fragment to be used even in strict mode
Introduce JSON::Coder
Update gemspec URIs
Add some JSON::Fragment documentation
Merge pull request #735 from tompng/fix_invalid_number
Reject invalid number: `-` `-.1` `-e0`
Merge pull request #734 from tompng/error_on_invalid_comments
Merge pull request #733 from tompng/unicode_escape_fix
Raise parse error on invalid comments
Fix parsing incomplete unicode escape "\uaaa"
Fix JSON::Fragment#to_json signature
Merge pull request #732 from etiennebarrie/fragment
Introduce JSON::Fragment
Fix a regression in the parser with leading /
Merge pull request #731 from byroot/arm64-ci
Test on aarch64 Ubuntu
json_string_unescape: use memchr to search for backslashes
Cleanup json_decode_float
parser.c: Pass the JSON_ParserConfig pointer
Use RSTRING_END
Replace fbuffer by stack buffers or RB_ALLOCV in parser.c
Implement write barriers for ParserConfig objects
Cleanup c ext Rakefile
Merge pull request #729 from byroot/handrolled
Finalize Kevin's handrolled parser.
Initial handrolled parser
Refactor JSONFixturesTest
Removed unnecessary sections
Fix a method redefinition warning in C parser
Merge pull request #728 from byroot/refactor-parser
Refactor JSON::Ext::Parser to split configuration and parsing state
Merge pull request #727 from etiennebarrie/remove-State-_generate
Remove Generator::State#_generate
Merge pull request #726 from ruby/support-bundled-gems
Refactor to omit JSON::GenericObject tests
Require "date"
Merge pull request #724 from byroot/lookup-3
Improve lookup tables for string escaping.
Release Notes
3.17.0.4 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 4 commits:
v1.27.0
Merge pull request #355 from grosser/grosser/34
skip
ruby 3.4
Release Notes
3.3.8.0 (from changelog)
3.3.7.4 (from changelog)
3.3.7.3 (from changelog)
3.3.7.2 (from changelog)
3.3.7.1 (from changelog)
3.3.7.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 43 commits:
Bump version
Update changelog.
Update changelog.
Bump version
* Bump maintenance branches to 3.3.8 (#1077)
* YARD docs for Parser::CurrentRuby and Parser::Base#version (#1076)
Update README to specify Ruby version compatibility
Update changelog.
Update changelog.
Bump version
- lexer-strings.rb: Avoid an exception on utf8 surrogate pair codepoints (#1051)
- builder.rb: emit `kwargs` node for `indexasgn` when opted in (#1053)
- builder.rb: correctly handle `...` forwarding to super with explicit block (#1049)
Supress warnings during parsing (#1013)
- numbered parameters are valid for pattern matching pinning (#1060)
Update changelog.
Update changelog.
Bump version
* Bump maintenance branches to 3.2.8 and 3.1.7 (#1074)
Tweak a terminology
Document parser/prism migration path
Update changelog.
Update changelog.
Bump version.
+ add prism-specific node types (#1071)
Document the current state of the project in the readme (#1069)
- builder.rb: fix hash value omission considering some local vars as constants (#1064)
Update changelog.
Update changelog.
Bump version.
* parser/current: add -dev prefix to 3.4 branch (#1067)
* parser/current: bump 3.2 branch to 3.2.7 (#1066)
Update changelog.
Update changelog.
Bump version.
update CI config (bump JRuby version, drop MRI 3.0 branch) (#1062)
* Bump maintenance branches to 3.3.7 (#1061)
Revert "* bump 3.4 branch, remove 3.0 from CI (EOL) (#1057)" (#1058)
* bump 3.4 branch, remove 3.0 from CI (EOL) (#1057)
* assert that version-specific checks actually run against at least one version (#1050)
+ ruby34.y: reject `return` in singleton class (#1048)
- Fix `ruby-parse` with a folder ending in `.rb` (#1047)
Update changelog.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.44.1
1.44.0
1.43.0
1.42.0
1.41.0
1.40.0
1.39.0 (from changelog)
1.38.1 (from changelog)
1.38.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 72 commits:
Cut 1.44.1
Update Changelog
Fix `flip-flop` operator possible children nodes count
Restore docs/antora.yml
Cut 1.44.0
Update Changelog
Add support `RuboCop::AST::Node#any_def_type?` method (#377)
Restore docs/antora.yml
Add release notes
Cut 1.43.0
Update Changelog
Use the `prism` translation layer to analyze Ruby 3.4 by default
Add `prism` as a dependency
Restore docs/antora.yml
Cut 1.42.0
Update Changelog
Support `Prism::Translation::Parser35` for Ruby 3.5 parser
Remove a bit of backwards compat code
Remove prism skips in tests
Stop using `Parser::CurrentRuby`
Restore docs/antora.yml
Cut 1.41.0
Update Changelog
Add support for `itblock` node for Ruby 3.4 (#365)
Revert "Don't show a deprecation warning for `EnsureNode#branch` just yet"
Restore docs/antora.yml
Cut 1.40.0
Update Changelog
Enforce a minimum version for prism
Use the custom builder provided by prism
Add a release note of 1.39.0
Restore docs/antora.yml
Cut 1.39.0
Update Changelog
Modify `def_callback` code to be easier to understand
Enable reusable Prism parse result (#359)
[Fix #348] Automate the process of GitHub release creation
Fix current Rubocop offenses (#362)
Restore docs/antora.yml
Cut 1.38.1
Update Changelog
[Fix #360] Fix an error when the `Array` core class contains a writer method
Fix a build error
Use RuboCop RSpec 3.5 for development
Suppress RuboCop's warnings
Fix a build error
Suppress RuboCop's offenses
Restore docs/antora.yml
Cut 1.38.0
Update Changelog
Update to use `Node#loc?`
Add `Node#loc?` to determine if a node has a given location
Add `Node#any_block_type?` to determine if a node is either a block or numblock
Disable `InternalAffairs/LocationExpression` cop
Test main specs against prism as well
[Fix #323] Fix node captures inside of `?`, `+`, and `*` repetition
Support node groups in `Node#each_descendant` and similar traversal methods
Remove windows-specific CI step
Simplify `internal_investigation`
Add newlines between different jobs
Use `bundler-cache` for `ruby/setup-ruby`
Remove `TEST_QUEUE_WORKERS`
Consistent naming of steps
Import RuboCop spellcheck workflow
Doc
CI against an older RuboCop version
Fix typo
Better handle `LoadError`s from prism
CI against Ruby 3.4 (#351)
Fix current RuboCop offenses (#350)
Refactor `ArrayNode#percent_literal?`
Restore docs/antora.yml
🆕 lint_roller (added, 1.1.0)
🆕 prism (added, 1.4.0)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands