orc icon indicating copy to clipboard operation
orc copied to clipboard
verified publisher icon tim-group

[Security] Bump rubocop from 0.32.1 to 0.65.0

Open dependabot-preview[bot] opened this issue 7 years ago • 0 comments

Bumps rubocop from 0.32.1 to 0.65.0. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Ruby Advisory Database.

RuboCop: insecure use of /tmp RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

Patched versions: >= 0.49.0 Unaffected versions: none

Release notes

Sourced from rubocop's releases.

RuboCop 0.65

New features

  • #6126: Add an experimental strict mode to Style/MutableConstant that will freeze all constants, rather than just literals. (@​rrosenblum)

Bug fixes

  • #6765: Fix false positives in keyword arguments for Style/MethodCallWithArgsParentheses omit_parentheses. (@​gsamokovarov)
  • #6763: Fix false positives in range literals for Style/MethodCallWithArgsParentheses omit_parentheses. (@​gsamokovarov)
  • #6748: Fix Style/RaiseArgs auto-correction breaking in contexts that require parentheses. (@​drenmi)
  • #6751: Prevent Style/OneLineConditional from breaking on retry and break keywords. (@​drenmi)
  • #6755: Prevent Style/TrailingCommaInArgument from breaking when a safe method call is chained on the offending method. (@​drenmi, @​hoshinotsuyoshi)

Changes

  • #6766: Drop support for Ruby 2.2.0 and 2.2.1. (@​pocke)
  • #6733: Warn duplicated keys in .rubocop.yml. (@​pocke)
  • #6613: Mark Style/ModuleFunction as SafeAutocorrect: false and disable autocorrect by default. (@​dduugg)

RuboCop 0.64

New features

  • #6704: Add new Rails/ReflectionClassName cop. ([@​Bhacaz][])
  • #6643: Support AllowParenthesesInCamelCaseMethod option on Style/MethodCallWithArgsParentheses omit_parentheses. ([@​dazuma][])

Bug fixes

  • #6254: Fix Layout/RescueEnsureAlignment for non-local assignments. ([@​marcotc][])
  • #6648: Fix auto-correction of Style/EmptyLiteral when Hash.new is passed as the first argument to super. (@​rrosenblum)
  • #6351: Fix a false positive for Layout/ClosingParenthesisIndentation when first argument is multiline. ([@​antonzaytsev][])
  • #6689: Support more complex argument patterns on Rails/Validation auto-correction. ([@​r7kamura][])
  • #6668: Fix autocorrection for Style/UnneededCondition when conditional has the unless form. ([@​mvz][])
  • #6382: Fix Layout/IndentationWidth with Layout/EndAlignment set to start_of_line. ([@​dischorde][], [@​siegfault][], [@​mhelmetag][])
  • #6710: Fix Naming/MemoizedInstanceVariableName on method starts with underscore. (@​pocke)
  • #6722: Fix an error for Style/OneLineConditional when then branch has no body. ([@​koic][])
  • #6702: Fix TrailingComma regression where heredoc with commas caused false positives. ([@​abrom][])
  • #6737: Fix an incorrect auto-correct for Rails/LinkToBlank when link_to method arguments are enclosed in parentheses. ([@​koic][])
  • #6720: Fix detection of :native line ending for Layout/EndOfLine on JRuby. ([@​enkessler][])

Changes

  • #6597: Style/LineEndConcatenation is now known to be unsafe for auto-correct. ([@​jaredbeck][])
  • #6725: Mark Style/SymbolProc as unsafe for auto-correct. (@​drenmi)
... (truncated)
Changelog

Sourced from rubocop's changelog.

0.65.0 (2019-02-19)

New features

  • #6126: Add an experimental strict mode to Style/MutableConstant that will freeze all constants, rather than just literals. (@​rrosenblum)

Bug fixes

  • #6765: Fix false positives in keyword arguments for Style/MethodCallWithArgsParentheses omit_parentheses. (@​gsamokovarov)
  • #6763: Fix false positives in range literals for Style/MethodCallWithArgsParentheses omit_parentheses. (@​gsamokovarov)
  • #6748: Fix Style/RaiseArgs auto-correction breaking in contexts that require parentheses. (@​drenmi)
  • #6751: Prevent Style/OneLineConditional from breaking on retry and break keywords. (@​drenmi)
  • #6755: Prevent Style/TrailingCommaInArgument from breaking when a safe method call is chained on the offending method. (@​drenmi, @​hoshinotsuyoshi)

Changes

  • #6766: Drop support for Ruby 2.2.0 and 2.2.1. (@​pocke)
  • #6733: Warn duplicated keys in .rubocop.yml. (@​pocke)
  • #6613: Mark Style/ModuleFunction as SafeAutocorrect: false and disable autocorrect by default. (@​dduugg)

0.64.0 (2019-02-10)

New features

  • #6704: Add new Rails/ReflectionClassName cop. ([@​Bhacaz][])
  • #6643: Support AllowParenthesesInCamelCaseMethod option on Style/MethodCallWithArgsParentheses omit_parentheses. ([@​dazuma][])

Bug fixes

  • #6254: Fix Layout/RescueEnsureAlignment for non-local assignments. ([@​marcotc][])
  • #6648: Fix auto-correction of Style/EmptyLiteral when Hash.new is passed as the first argument to super. (@​rrosenblum)
  • #6351: Fix a false positive for Layout/ClosingParenthesisIndentation when first argument is multiline. ([@​antonzaytsev][])
  • #6689: Support more complex argument patterns on Rails/Validation auto-correction. ([@​r7kamura][])
  • #6668: Fix autocorrection for Style/UnneededCondition when conditional has the unless form. ([@​mvz][])
  • #6382: Fix Layout/IndentationWidth with Layout/EndAlignment set to start_of_line. ([@​dischorde][], [@​siegfault][], [@​mhelmetag][])
  • #6710: Fix Naming/MemoizedInstanceVariableName on method starts with underscore. (@​pocke)
  • #6722: Fix an error for Style/OneLineConditional when then branch has no body. ([@​koic][])
  • #6702: Fix TrailingComma regression where heredoc with commas caused false positives. ([@​abrom][])
  • #6737: Fix an incorrect auto-correct for Rails/LinkToBlank when link_to method arguments are enclosed in parentheses. ([@​koic][])
  • #6720: Fix detection of :native line ending for Layout/EndOfLine on JRuby. ([@​enkessler][])

Changes

  • #6597: Style/LineEndConcatenation is now known to be unsafe for auto-correct. ([@​jaredbeck][])
  • #6725: Mark Style/SymbolProc as unsafe for auto-correct. (@​drenmi)
  • #6708: Make Style/CommentedKeyword allow the :yields: RDoc comment. ([@​bquorning][])
  • #6749: Make some cops aware of safe navigation operator. (@​hoshinotsuyoshi)

0.63.1 (2019-01-22)

... (truncated)
Commits
  • 2e52af0 Merge pull request #6776 from Drenmi/release/0-65-0
  • a1796a1 Cut 0.65.0
  • 8fe4946 Merge pull request #6757 from Drenmi/bugfix/trailing-comma-in-arguments-cop
  • e81e7a2 [Fix #6755] Prevent Style/TrailingCommaInArgument from breaking when a safe m...
  • 1f51e4c Merge pull request #6775 from pocke/fix-changelog-stype
  • ff34759 Fix invalid links in CHANGELOG
  • b10af4f Merge pull request #6773 from koic/add_range_type_predicate_method
  • 4105b22 Add range_type? which means irange_type? and erange_type?
  • 333d650 Merge pull request #6756 from Drenmi/bugfix/retry-node
  • 508b051 Merge pull request #6765 from gsamokovarov/omit-parentheses-kwargs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

dependabot-preview[bot] avatar Feb 20 '19 05:02 dependabot-preview[bot]