Maintenance

.github/workflows/test.yml

@@ -12,7 +12,7 @@ jobs:
   test:
     strategy:
       matrix:
-        ruby_version: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, 3.3]
+        ruby_version: [3.1, 3.2, 3.3]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -21,8 +21,6 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby_version }}
           bundler-cache: true
-      - name: Install dependencies
-        run: bundle install --jobs=3 --retry=3
       - name: Initialize submodule
         run: git submodule update --init
       - name: Run tests

.rubocop.yml

@@ -1,8 +1,11 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 3.1
   NewCops: enable
   SuggestExtensions: false
 
+Gemspec/DevelopmentDependencies:
+  EnforcedStyle: gemspec
+
 Layout/LineLength:
   Exclude:
     - 'ruby_audit.gemspec'
@@ -11,7 +14,7 @@ Metrics/MethodLength:
   Max: 15
 
 Metrics/BlockLength:
-  IgnoredMethods:
+  AllowedMethods:
     - describe
 
 Style/Documentation:

.ruby-version

@@ -1 +1 @@
-3.3.0
+3.3.1

CHANGELOG.md

@@ -5,6 +5,16 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Changed
+
+* Bumped Rubocop dependency to 1.64.0
+* Require MFA for rubygems operations
+
+### Removed
+
+* Removed support for Ruby 2.5 through 3.0
+* Removed Timecop dependency
+
 ## [2.3.1] - 2024-05-17
 
 ### Removed
@@ -108,7 +118,8 @@ Look for rubygems advisories in the correct directory of the ruby-advisory-db
 
 * Initial Release
 
-[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.1...HEAD
+[2.3.1]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...v2.3.1
 [2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
 [2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
 [2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0

README.md

@@ -57,7 +57,7 @@ $ ruby-audit check -n
 
 After checking out the repo, run `bin/setup` to install dependencies.
 You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
-submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
+submodule in `/vendor` that is used for testing. Then, run `rake` to run linting and tests.
 You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.

lib/ruby_audit/database.rb

@@ -10,12 +10,12 @@ def advisories_for(name, type)
       end
     end
 
-    def check_ruby(ruby, &block)
-      check(ruby, 'rubies', &block)
+    def check_ruby(ruby, &)
+      check(ruby, 'rubies', &)
     end
 
-    def check_rubygems(rubygems, &block)
-      check(rubygems, 'gems', &block)
+    def check_rubygems(rubygems, &)
+      check(rubygems, 'gems', &)
     end
 
     def check(object, type = 'gems')
@@ -28,12 +28,12 @@ def check(object, type = 'gems')
 
     protected
 
-    def each_advisory_path(&block)
-      Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
+    def each_advisory_path(&)
+      Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &)
     end
 
-    def each_advisory_path_for(name, type = 'gems', &block)
-      Dir.glob(File.join(@path, type, name, '*.yml'), &block)
+    def each_advisory_path_for(name, type = 'gems', &)
+      Dir.glob(File.join(@path, type, name, '*.yml'), &)
     end
   end
 end

lib/ruby_audit/scanner.rb

@@ -25,19 +25,19 @@ def scan(options = {}, &block)
       self
     end
 
-    def scan_ruby(options = {}, &block)
+    def scan_ruby(options = {}, &)
       version = if RUBY_PATCHLEVEL < 0
                   ruby_version
                 else
                   "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
                 end
       specs = [Version.new(RUBY_ENGINE, version)]
-      scan_inner(specs, 'ruby', options, &block)
+      scan_inner(specs, 'ruby', options, &)
     end
 
-    def scan_rubygems(options = {}, &block)
+    def scan_rubygems(options = {}, &)
       specs = [Version.new('rubygems-update', rubygems_version)]
-      scan_inner(specs, 'rubygems', options, &block)
+      scan_inner(specs, 'rubygems', options, &)
     end
 
     private
@@ -61,7 +61,7 @@ def scan_inner(specs, type, options = {})
       ignore += options[:ignore] if options[:ignore]
 
       specs.each do |spec|
-        @database.send("check_#{type}".to_sym, spec) do |advisory|
+        @database.send(:"check_#{type}", spec) do |advisory|
           unless ignore.intersect?(advisory.identifiers.to_set)
             yield Bundler::Audit::Results::UnpatchedGem.new(spec, advisory)
           end

ruby_audit.gemspec

@@ -7,6 +7,7 @@ Gem::Specification.new do |spec|
   spec.version       = RubyAudit::VERSION
   spec.authors       = ['Jeff Cousens, Mike Saelim', 'John Zhang', 'Cristina Muñoz']
   spec.email         = ['[email protected]']
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   spec.summary       = 'Checks Ruby and RubyGems against known vulnerabilities.'
   spec.description   = 'RubyAudit checks your current version of Ruby and ' \
@@ -17,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/civisanalytics/ruby_audit'
   spec.license       = 'GPL-3.0-or-later'
 
-  spec.required_ruby_version = ['>= 2.5', '< 3.4']
+  spec.required_ruby_version = ['>= 3.1', '< 3.4']
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
@@ -27,6 +28,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'pry', '~> 0.14.1'
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.9'
-  spec.add_development_dependency 'rubocop', '~> 1.9.1'
-  spec.add_development_dependency 'timecop', '~> 0.9.1'
+  spec.add_development_dependency 'rubocop', '~> 1.64.0'
 end

spec/database_spec.rb

@@ -17,7 +17,7 @@
                  advisory.is_a?(Bundler::Audit::Advisory)
                end).to be_truthy
         expect(advisories.map(&:id)).to include('CVE-2015-3900')
-        expect(advisories.map(&:path).reject { |p| p =~ /rubygems-update/ })
+        expect(advisories.map(&:path).grep_v(/rubygems-update/))
           .to be_empty
       end
     end
@@ -45,7 +45,7 @@
                  advisory.is_a?(Bundler::Audit::Advisory)
                end).to be_truthy
         expect(advisories.map(&:id)).to include('CVE-2015-1855')
-        expect(advisories.map(&:path).reject { |p| p =~ /rubies/ }).to be_empty
+        expect(advisories.map(&:path).grep_v(/rubies/)).to be_empty
       end
     end
 

spec/spec_helper.rb

@@ -1,7 +1,6 @@
 $LOAD_PATH.unshift File.expand_path('../lib', __dir__)
 require 'pry'
 require 'ruby_audit'
-require 'timecop'
 
 RSpec.configure do |config|
   config.before(:each) do