From 64b9d5ebd260c93764074e26bc7e1bc637eb68aa Mon Sep 17 00:00:00 2001 From: Vincent Prigent Date: Sun, 10 Nov 2024 13:10:57 +1300 Subject: [PATCH 1/3] Remove lockfile https://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/ The intent here is to avoid the multiple dev dependencies from raising security issues for consumers of the gem --- .ruby-style.yml | 4 +- Changelog.md | 3 + Gemfile.lock | 192 ------------------------------------------------ 3 files changed, 5 insertions(+), 194 deletions(-) delete mode 100644 Gemfile.lock diff --git a/.ruby-style.yml b/.ruby-style.yml index 3f847606..9fe5c55e 100644 --- a/.ruby-style.yml +++ b/.ruby-style.yml @@ -1,5 +1,5 @@ AllCops: - TargetRubyVersion: 2.4 + TargetRubyVersion: 3.1 Include: - "**/*.podspec" - "**/*.jbuilder" @@ -1058,4 +1058,4 @@ Style/FrozenStringLiteralComment: Layout/SpaceBeforeFirstArg: Enabled: false Style/FormatStringToken: - Enabled: false \ No newline at end of file + Enabled: false diff --git a/Changelog.md b/Changelog.md index 5d3f4052..439b0c63 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,8 @@ # Changelog +# Unreleased +- Remove committed Gemfile.lock + # 11.1.0 - Allow multiple data migration paths https://github.com/ilyakatz/data-migrate/pull/331 - Fix db:prepare:with_data task on [Rails 7.2](https://github.com/ilyakatz/data-migrate/pull/339) diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index fa0b5ae1..00000000 --- a/Gemfile.lock +++ /dev/null @@ -1,192 +0,0 @@ -PATH - remote: . - specs: - data_migrate (11.1.0) - activerecord (>= 6.1) - railties (>= 6.1) - -GEM - remote: http://rubygems.org/ - specs: - actionpack (7.1.4.1) - actionview (= 7.1.4.1) - activesupport (= 7.1.4.1) - nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4) - rack-session (>= 1.0.1) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.2) - rails-html-sanitizer (~> 1.6) - actionview (7.1.4.1) - activesupport (= 7.1.4.1) - builder (~> 3.1) - erubi (~> 1.11) - rails-dom-testing (~> 2.2) - rails-html-sanitizer (~> 1.6) - activemodel (7.1.4.1) - activesupport (= 7.1.4.1) - activerecord (7.1.4.1) - activemodel (= 7.1.4.1) - activesupport (= 7.1.4.1) - timeout (>= 0.4.0) - activesupport (7.1.4.1) - base64 - bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) - connection_pool (>= 2.2.5) - drb - i18n (>= 1.6, < 2) - minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) - appraisal (2.5.0) - bundler - rake - thor (>= 0.14.0) - ast (2.4.2) - base64 (0.2.0) - bigdecimal (3.1.8) - builder (3.3.0) - childprocess (5.1.0) - logger (~> 1.5) - coderay (1.1.3) - concurrent-ruby (1.3.4) - connection_pool (2.4.1) - crass (1.0.6) - diff-lcs (1.5.1) - drb (2.2.1) - erubi (1.13.0) - i18n (1.14.6) - concurrent-ruby (~> 1.0) - iniparse (1.5.0) - io-console (0.7.2) - irb (1.14.1) - rdoc (>= 4.0.0) - reline (>= 0.4.2) - json (2.7.2) - language_server-protocol (3.17.0.3) - logger (1.6.1) - loofah (2.22.0) - crass (~> 1.0.2) - nokogiri (>= 1.12.0) - method_source (1.1.0) - minitest (5.25.1) - mutex_m (0.2.0) - nokogiri (1.16.7-aarch64-linux) - racc (~> 1.4) - nokogiri (1.16.7-arm64-darwin) - racc (~> 1.4) - nokogiri (1.16.7-x86_64-darwin) - racc (~> 1.4) - nokogiri (1.16.7-x86_64-linux) - racc (~> 1.4) - overcommit (0.63.0) - childprocess (>= 0.6.3, < 6) - iniparse (~> 1.4) - rexml (~> 3.2) - parallel (1.26.3) - parser (3.3.5.0) - ast (~> 2.4.1) - racc - pry (0.14.2) - coderay (~> 1.1) - method_source (~> 1.0) - psych (5.1.2) - stringio - racc (1.8.1) - rack (3.1.8) - rack-session (2.0.0) - rack (>= 3.0.0) - rack-test (2.1.0) - rack (>= 1.3) - rackup (2.1.0) - rack (>= 3) - webrick (~> 1.8) - rails-dom-testing (2.2.0) - activesupport (>= 5.0.0) - minitest - nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) - loofah (~> 2.21) - nokogiri (~> 1.14) - railties (7.1.4.1) - actionpack (= 7.1.4.1) - activesupport (= 7.1.4.1) - irb - rackup (>= 1.0.0) - rake (>= 12.2) - thor (~> 1.0, >= 1.2.2) - zeitwerk (~> 2.6) - rainbow (3.1.1) - rake (13.1.0) - rb-readline (0.5.5) - rdoc (6.7.0) - psych (>= 4.0.0) - regexp_parser (2.9.2) - reline (0.5.10) - io-console (~> 0.5) - rexml (3.3.9) - rspec (3.13.0) - rspec-core (~> 3.13.0) - rspec-expectations (~> 3.13.0) - rspec-mocks (~> 3.13.0) - rspec-core (3.13.0) - rspec-support (~> 3.13.0) - rspec-expectations (3.13.3) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.13.0) - rspec-mocks (3.13.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.13.0) - rspec-support (3.13.1) - rubocop (1.60.2) - json (~> 2.3) - language_server-protocol (>= 3.17.0) - parallel (~> 1.10) - parser (>= 3.3.0.2) - rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.30.0, < 2.0) - ruby-progressbar (~> 1.7) - unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.32.3) - parser (>= 3.3.1.0) - ruby-progressbar (1.13.0) - sqlite3 (1.7.2-aarch64-linux) - sqlite3 (1.7.2-arm64-darwin) - sqlite3 (1.7.2-x86_64-darwin) - sqlite3 (1.7.2-x86_64-linux) - stringio (3.1.1) - thor (1.3.2) - timecop (0.9.8) - timeout (0.4.1) - tzinfo (2.0.6) - concurrent-ruby (~> 1.0) - unicode-display_width (2.6.0) - webrick (1.8.2) - zeitwerk (2.7.0) - -PLATFORMS - aarch64-linux - arm64-darwin-22 - arm64-darwin-23 - x86_64-darwin-22 - x86_64-linux - -DEPENDENCIES - appraisal - data_migrate! - overcommit - pry - rake - rb-readline - rspec - rspec-core - rubocop - sqlite3 - timecop - -BUNDLED WITH - 2.4.17 From 48bb4b2b6ed1decd21cd357e044407fad74843eb Mon Sep 17 00:00:00 2001 From: Vincent Prigent Date: Sun, 10 Nov 2024 15:20:44 +1300 Subject: [PATCH 2/3] Extend work by limiting files required for bundling gem --- .gitignore | 1 + data_migrate.gemspec | 11 +++++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 136b8a80..8ed33a63 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ spec/db/data_schema.rb .ruby-version .idea/ vendor/ +Gemfile.lock diff --git a/data_migrate.gemspec b/data_migrate.gemspec index 22e9cb4f..e05ec5f9 100644 --- a/data_migrate.gemspec +++ b/data_migrate.gemspec @@ -15,6 +15,11 @@ Gem::Specification.new do |s| s.rubyforge_project = "data_migrate" + s.files = Dir["{lib,tasks}/**/*", "Changelog.md", "LICENSE", "README.md"] + s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") + s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } + s.require_paths = ["lib"] + %w[ activerecord railties @@ -32,10 +37,4 @@ Gem::Specification.new do |s| s.add_development_dependency "timecop" s.add_development_dependency "rubocop" s.add_development_dependency "overcommit" - - - s.files = `git ls-files`.split("\n") - s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") - s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } - s.require_paths = ["lib"] end From b17ee07a8d0c80b096a62e248a715f6abfae5c62 Mon Sep 17 00:00:00 2001 From: Vincent Prigent Date: Sun, 10 Nov 2024 15:26:13 +1300 Subject: [PATCH 3/3] Add missing changelog entries --- Changelog.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 439b0c63..438bf063 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,7 +1,11 @@ # Changelog # Unreleased -- Remove committed Gemfile.lock + +- Remove committed Gemfile.lock, reduce bundled file list when running `gem install` https://github.com/ilyakatz/data-migrate/pull/351 +- [Bump actionpack from 7.1.3.4 to 7.1.4.1](https://github.com/ilyakatz/data-migrate/pull/348) +- [Bump rexml from 3.3.6 to 3.3.9](https://github.com/ilyakatz/data-migrate/pull/349) +- Fix db_config_with_versions arity change and backport https://github.com/ilyakatz/data-migrate/pull/337 # 11.1.0 - Allow multiple data migration paths https://github.com/ilyakatz/data-migrate/pull/331