Gem updates#131
Merged
Merged
Conversation
SuperTux88
force-pushed
the
gem-updates
branch
2 times, most recently
from
e4b5471 to
f47d9c8
Compare
Allow Rails up to version 8.x (< 9) in the gemspec and dropping Rails 5.2. Use rspec-rails ~> 6.1 for rails 6.x and rspec-rails ~> 7.1 for everything else (required for rails 7+). Fix the webfinger controller spec regex to accommodate the updated ActionController::ParameterMissing error message in Rails 8.x, which now includes 'or invalid' in the message string.
Fix all new offenses introduced by new cops in the updated versions:
- Lint/UselessConstantScoping: move NS constant before private in
xrd_document.rb
- Style/MapIntoArray: use map(&:content) instead of each with << in
xrd_document.rb
- Style/PredicateWithKind: add disable comment in entity.rb
(instance_of? is intentionally stricter than is_a?)
- Style/ReduceToHash: use to_h { } instead of each_with_object in
entity.rb
- Lint/SharedMutableDefault: fix Hash.new({}) bug in test dummy
entity model
- Add rubocop.yml exclusions for: Style/OneClassPerFile in
validators.rb, Rails/FindByOrAssignmentMemoization in spec/support,
Naming/PredicateMethod and Rails/Output in test/dummy
- Switch from require: to plugins: syntax for rubocop-rails and
rubocop-rake (new plugin architecture)
- Suppress extension suggestions with SuggestExtensions: false
Update fabrication from 2.30.0 to 2.31.0 (staying on 2.x since fabrication 3.0 dropped support for Rails 7.0 and below, which is still supported here).
Update simplecov-rcov from 0.3.1 to 0.3.7 which fixes the Ruby 3.2+ ERB deprecation warnings about using the old 3-argument ERB.new API.
- Drop Ruby 2.7 (EOL; fabrication 2.31 already requires >= 3.0)
- Add Ruby 3.3, 3.4, 4.0 to CI matrix
- Bump required_ruby_version to >= 3.0 in all four gemspecs
- Update .ruby-version to 3.4
Ruby 3.4 changed Hash#inspect to use the new hash syntax for
symbol keys: {regex: /foo/} instead of {:regex=>/foo/}. The
validation error message includes hash params via #inspect, so
the spec regex needs to match both formats for compatibility
across Ruby versions.
The lint workflow uses pull_request_target to lint PRs with write access to the repo. For security, it installs gems from the target branch and restores Gemfile/Gemfile.lock from the target branch after checking out the PR's HEAD. However, Bundler's deployment mode also validates that the path gemspecs (*.gemspec) match what was recorded in the Gemfile.lock. When a PR modifies any gemspec, Bundler aborts with "The gemspecs for path gems changed", preventing pronto from running at all. Fix by also restoring the gemspec files from the target branch. This is consistent with the existing security model: pronto lints the PR's code but runs against the target branch's dependency configuration, preventing a PR from injecting malicious gem dependencies into the authenticated lint job.
skyschub
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Most relevant changes:
Everything else is just updating all the gems to the latest versions.