artsy / watt

Watt is a shared js/css/img asset library for Artsy Rails apps.
https://github.com/artsy/watt
MIT License
0 stars 1 forks source link

[Security] Bump rubocop from 0.41.2 to 0.74.0 #294

Closed dependabot-preview[bot] closed 5 years ago

dependabot-preview[bot] commented 5 years ago

Bumps rubocop from 0.41.2 to 0.74.0. This update includes a security fix.

Vulnerabilities fixed *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubocop/CVE-2017-8418.yml).* > **RuboCop: insecure use of /tmp** > RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local > users to exploit this to tamper with cache files belonging to other users. > > Patched versions: >= 0.49.0 > Unaffected versions: none
Release notes *Sourced from [rubocop's releases](https://github.com/rubocop-hq/rubocop/releases).* > ## RuboCop 0.74 > ### New features > > * [#7219](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7219): Support auto-correct for `Lint/ErbNewArguments`. ([@​koic][]) > > ### Bug fixes > > * [#7217](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7217): Make `Style/TrailingMethodEndStatement` work on more than the first `def`. ([@​buehmann][]) > * [#7190](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7190): Support lower case drive letters on Windows. ([@​jonas054][]) > * Fix the auto-correction of `Lint/UnneededSplatExpansion` when the splat expansion of `Array.new` with a block is assigned to a variable. ([@​rrosenblum][]) > * [#5628](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5628): Fix an error of `Layout/SpaceInsideStringInterpolation` on interpolations with multiple statements. ([@​buehmann][]) > * [#7128](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7128): Make `Metrics/LineLength` aware of shebang. ([@​koic][]) > * [#6861](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/6861): Fix a false positive for `Layout/IndentationWidth` when using `EnforcedStyle: outdent` of `Layout/AccessModifierIndentation`. ([@​koic][]) > * [#7235](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7235): Fix an error where `Style/ConditionalAssignment` would swallow a nested `if` condition. ([@​buehmann][]) > * [#7242](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7242): Make `Style/ConstantVisibility` work on non-trivial class and module bodies. ([@​buehmann][]) > > ### Changes > > * [#5265](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5265): Improved `Layout/ExtraSpacing` cop to handle nested consecutive assignments. ([@​jfelchner][]) > * [#7215](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7215): Make it clear what's wrong in the message from `Style/GuardClause`. ([@​jonas054][]) > * [#7245](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7245): Make cops detect string interpolations in more contexts: inside of backticks, regular expressions, and symbols. ([@​buehmann][]) > > [@​koic]: https://github.com/koic > [@​buehmann]: https://github.com/buehmann > [@​jonas054]: https://github.com/jonas054 > [@​rrosenblum]: https://github.com/rrosenblum > [@​jfelchner]: https://github.com/jfelchner > > ## RuboCop 0.73 > ### New features > > * Add `AllowDoxygenCommentStyle` configuration on `Layout/LeadingCommentSpace`. ([@​anthony-robin][]) > * [#7114](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7114): Add `MultilineWhenThen` cop. ([@​okuramasafumi][]) > * [#4127](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/4127): Add `--disable-uncorrectable` flag to generate `rubocop:disable` comments. ([@​vergenzt][], [@​jonas054][]) > > ### Bug fixes > > * [#7170](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7170): Fix a false positive for `Layout/RescueEnsureAlignment` when def line is preceded with `private_class_method`. ([@​tatsuyafw][]) > * [#7186](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7186): Fix a false positive for `Style/MixinUsage` when using inside multiline block and `if` condition is after `include`. ([@​koic][]) > * [#7099](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7099): Fix an error of `Layout/RescueEnsureAlignment` on assigned blocks. ([@​tatsuyafw][]) > * [#5088](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5088): Fix an error of `Layout/MultilineMethodCallIndentation` on method chains inside an argument. ([@​buehmann][]) > * [#4719](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/4719): Make `Layout/Tab` detect tabs between string literals. ([@​buehmann][]) > * [#7203](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7203): Fix an infinite loop error for `Layout/SpaceInsideBlockBraces` when `EnforcedStyle: no_space` with `SpaceBeforeBlockParameters: false` are set in multiline block. ([@​koic][]) > * [#6653](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/6653): Fix a bug where `Layout/IndentHeredoc` would remove empty lines when autocorrecting heredocs. ([@​buehmann][]) > > ### Changes > > * [#7181](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7181): Sort analyzed file alphabetically. ([@​pocke][]) > * [#7188](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7188): Include inspected file location in auto-correction error. ([@​pocke][]) > > ... (truncated)
Changelog *Sourced from [rubocop's changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md).* > ## 0.74.0 (2019-07-31) > > ### New features > > * [#7219](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7219): Support auto-correct for `Lint/ErbNewArguments`. ([@​koic][]) > > ### Bug fixes > > * [#7217](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7217): Make `Style/TrailingMethodEndStatement` work on more than the first `def`. ([@​buehmann][]) > * [#7190](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7190): Support lower case drive letters on Windows. ([@​jonas054][]) > * Fix the auto-correction of `Lint/UnneededSplatExpansion` when the splat expansion of `Array.new` with a block is assigned to a variable. ([@​rrosenblum][]) > * [#5628](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5628): Fix an error of `Layout/SpaceInsideStringInterpolation` on interpolations with multiple statements. ([@​buehmann][]) > * [#7128](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7128): Make `Metrics/LineLength` aware of shebang. ([@​koic][]) > * [#6861](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/6861): Fix a false positive for `Layout/IndentationWidth` when using `EnforcedStyle: outdent` of `Layout/AccessModifierIndentation`. ([@​koic][]) > * [#7235](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7235): Fix an error where `Style/ConditionalAssignment` would swallow a nested `if` condition. ([@​buehmann][]) > * [#7242](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7242): Make `Style/ConstantVisibility` work on non-trivial class and module bodies. ([@​buehmann][]) > > ### Changes > > * [#5265](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5265): Improved `Layout/ExtraSpacing` cop to handle nested consecutive assignments. ([@​jfelchner][]) > * [#7215](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7215): Make it clear what's wrong in the message from `Style/GuardClause`. ([@​jonas054][]) > * [#7245](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7245): Make cops detect string interpolations in more contexts: inside of backticks, regular expressions, and symbols. ([@​buehmann][]) > > ## 0.73.0 (2019-07-16) > > ### New features > > * Add `AllowDoxygenCommentStyle` configuration on `Layout/LeadingCommentSpace`. ([@​anthony-robin][]) > * [#7114](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7114): Add `MultilineWhenThen` cop. ([@​okuramasafumi][]) > * [#4127](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/4127): Add `--disable-uncorrectable` flag to generate `rubocop:disable` comments. ([@​vergenzt][], [@​jonas054][]) > > ### Bug fixes > > * [#7170](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7170): Fix a false positive for `Layout/RescueEnsureAlignment` when def line is preceded with `private_class_method`. ([@​tatsuyafw][]) > * [#7186](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7186): Fix a false positive for `Style/MixinUsage` when using inside multiline block and `if` condition is after `include`. ([@​koic][]) > * [#7099](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7099): Fix an error of `Layout/RescueEnsureAlignment` on assigned blocks. ([@​tatsuyafw][]) > * [#5088](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/5088): Fix an error of `Layout/MultilineMethodCallIndentation` on method chains inside an argument. ([@​buehmann][]) > * [#4719](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/4719): Make `Layout/Tab` detect tabs between string literals. ([@​buehmann][]) > * [#7203](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7203): Fix an infinite loop error for `Layout/SpaceInsideBlockBraces` when `EnforcedStyle: no_space` with `SpaceBeforeBlockParameters: false` are set in multiline block. ([@​koic][]) > * [#6653](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/6653): Fix a bug where `Layout/IndentHeredoc` would remove empty lines when autocorrecting heredocs. ([@​buehmann][]) > > ### Changes > > * [#7181](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7181): Sort analyzed file alphabetically. ([@​pocke][]) > * [#7188](https://github-redirect.dependabot.com/rubocop-hq/rubocop/pull/7188): Include inspected file location in auto-correction error. ([@​pocke][]) > > ## 0.72.0 (2019-06-25) > > ### New features > > ... (truncated)
Commits - [`96b090f`](https://github.com/rubocop-hq/rubocop/commit/96b090f1a2b04fca2bf57b370f461ee5f1a4bd91) Cut 0.74 - [`55bae8c`](https://github.com/rubocop-hq/rubocop/commit/55bae8c1f02d6bbd09faefbc50ad7eeab42031b3) Detect more interpolations - [`1642711`](https://github.com/rubocop-hq/rubocop/commit/16427114b8d80ff15909c68c0f2ac83a3a6271bd) [Fix [#7242](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7242)] Make Style/ConstantVisibility work - [`11656e1`](https://github.com/rubocop-hq/rubocop/commit/11656e17c768cd0715540b0bee15afa837a80e9f) Add a description for `Metrics/LineLength` - [`f51c53c`](https://github.com/rubocop-hq/rubocop/commit/f51c53c0be3c16b47407c947d85beb3db21e86ac) Remove unused node matchers in Node - [`f1eaf7f`](https://github.com/rubocop-hq/rubocop/commit/f1eaf7f7141ca98d1ea42c85090dbe797fde1136) Simplify Style/CommentedKeyword - [`1065300`](https://github.com/rubocop-hq/rubocop/commit/10653005e7e617c150a542a5a78ba0959b7ea627) Remove unused node matchers - [`07d6223`](https://github.com/rubocop-hq/rubocop/commit/07d6223027b2165e18449d57458aeb96301fb09c) Fix autocorrection of UnneededSplatExpasion when Array.new with a block is as... - [`3062a72`](https://github.com/rubocop-hq/rubocop/commit/3062a72ca0a18488b677f973c8bf12b58c5afdb3) [Fix [#7235](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/7235)] Tell `elsif` from nested `if` in ConditionalAssignment - [`95dd998`](https://github.com/rubocop-hq/rubocop/commit/95dd9989a01a64652ba38de4320542163ff9cf37) Merge pull request [#6866](https://github-redirect.dependabot.com/rubocop-hq/rubocop/issues/6866) from koic/fix_false_positive_for_layout_indentation_... - Additional commits viewable in [compare view](https://github.com/rubocop-hq/rubocop/compare/v0.41.2...v0.74.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.
dependabot-preview[bot] commented 5 years ago

Superseded by #300.