Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Rubocop 0.50.0 (fixes CVE-2017-8418) #131

Merged
merged 1 commit into from
Oct 3, 2017
Merged

Upgrade to Rubocop 0.50.0 (fixes CVE-2017-8418) #131

merged 1 commit into from
Oct 3, 2017

Conversation

nebolsin
Copy link
Contributor

@nebolsin nebolsin commented Oct 1, 2017

Rubocop versions up to 0.49.1 are affected by CVE-2017-8418 (rubocop/rubocop#4336).

Although it's a pretty minor issue, it makes Gemnasium unhappy: Dependency Status

This PR:

  • upgrades Rubocop dependency to ~> 0.50.0
  • fixes correctable offences with rubocop --auto-correct
  • fixes Style/AsciiComments offence in lib/hyperclient/collection.rb
  • updates .rubocop_todo.yml with rubocop --auto-gen-config
  • fixes insecure git source warning from Bundler

@nebolsin nebolsin force-pushed the security/rubocop-upgrade branch from 0766a16 to 9459a1a Compare October 1, 2017 20:16
dblock
dblock reviewed Oct 2, 2017
View reviewed changes
Gemfile
gem 'danger-changelog', '~> 0.1'
gem 'futuroscope', github: 'codegram/futuroscope'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need a reference into the HEAD of futuroscope? I suspect not and i would kill the whole git_source thing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the latest released futuroscope version on Rubygems is 0.1.11 from February 23, 2014. And there's a bunch of commits in master since then, including Futuroscope::Pools::NoPool implementation which is used in hyperclient test suite.

@dblock dblock merged commit 8c044ac into codegram:master Oct 3, 2017
@dblock
Copy link
Collaborator

dblock commented Oct 3, 2017

Merged thanks

@nebolsin nebolsin deleted the security/rubocop-upgrade branch October 4, 2017 02:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dblock dblock dblock left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nebolsin @dblock