From a867851912233014004d25c22663284e0549895a Mon Sep 17 00:00:00 2001 From: Marcio Horoiwa Date: Mon, 28 Apr 2025 13:58:12 +1000 Subject: [PATCH 1/5] Update `byebug` to v11.1.3 --- Gemfile.lock | 4 ++-- zendesk_apps_support.gemspec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1d7764d5..c0d12d22 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ GEM specs: ast (2.4.2) bump (0.5.4) - byebug (9.0.6) + byebug (11.1.3) concurrent-ruby (1.2.2) crass (1.0.6) diff-lcs (1.5.0) @@ -91,7 +91,7 @@ PLATFORMS DEPENDENCIES bump (~> 0.5.1) bundler (~> 2.2) - byebug (~> 9.0.6) + byebug faker parallel (= 1.12.1) rake diff --git a/zendesk_apps_support.gemspec b/zendesk_apps_support.gemspec index 065d2248..27c954f0 100644 --- a/zendesk_apps_support.gemspec +++ b/zendesk_apps_support.gemspec @@ -28,7 +28,7 @@ Gem::Specification.new do |s| s.add_development_dependency 'bump', '~> 0.5.1' s.add_development_dependency 'faker' s.add_development_dependency 'rubocop' - s.add_development_dependency 'byebug', '~> 9.0.6' + s.add_development_dependency 'byebug' s.add_development_dependency 'bundler', '~> 2.2' s.add_development_dependency 'parallel', '1.12.1' s.add_development_dependency 'rake' From 693e7d2c57215c2a5c3081056dadec354bdf0a96 Mon Sep 17 00:00:00 2001 From: Marcio Horoiwa Date: Mon, 28 Apr 2025 14:40:02 +1000 Subject: [PATCH 2/5] Drop support for EOL ruby versions --- .github/workflows/actions.yml | 3 --- .ruby-version | 2 +- Gemfile.lock | 2 +- zendesk_apps_support.gemspec | 2 +- 4 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 2b424640..3c25aa59 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -14,9 +14,6 @@ jobs: fail-fast: false matrix: ruby-version: - - '2.7' - - '3.0' - - '3.1' - '3.2' - '3.3' steps: diff --git a/.ruby-version b/.ruby-version index 6a81b4c8..f092941a 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.8 +3.2.8 diff --git a/Gemfile.lock b/Gemfile.lock index c0d12d22..65c761c6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -100,4 +100,4 @@ DEPENDENCIES zendesk_apps_support! BUNDLED WITH - 2.4.12 + 2.4.19 diff --git a/zendesk_apps_support.gemspec b/zendesk_apps_support.gemspec index 27c954f0..258d29c0 100644 --- a/zendesk_apps_support.gemspec +++ b/zendesk_apps_support.gemspec @@ -10,7 +10,7 @@ Gem::Specification.new do |s| s.summary = 'Support to help you develop Zendesk Apps.' s.description = s.summary - s.required_ruby_version = Gem::Requirement.new('>= 2.7') + s.required_ruby_version = Gem::Requirement.new('>= 3.2') s.required_rubygems_version = '>= 1.3.6' s.add_runtime_dependency 'i18n', '>= 1.7.1' From 2e6b4788caedea8ecba1d056df7d13b74159ad8b Mon Sep 17 00:00:00 2001 From: Marcio Horoiwa Date: Mon, 28 Apr 2025 15:24:07 +1000 Subject: [PATCH 3/5] Update `rubocop` to v1.75.3 --- .rubocop.yml | 14 +++---- .rubocop_todo.yml | 2 +- Gemfile.lock | 38 +++++++++++-------- Rakefile | 4 +- .../validations/secrets.rb | 4 +- .../validations/translations.rb | 2 +- 6 files changed, 36 insertions(+), 28 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index ce033bd4..0e8f3539 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,18 +1,18 @@ AllCops: - TargetRubyVersion: 2.6 + NewCops: enable Include: - 'Gemfile' - 'Rakefile' Exclude: - 'vendor/**/*' -ClassLength: +Metrics/ClassLength: Enabled: false -Documentation: +Style/Documentation: Enabled: false -MethodLength: +Metrics/MethodLength: Enabled: false Style/Alias: @@ -21,10 +21,10 @@ Style/Alias: Layout/FirstArrayElementIndentation: Enabled: false -HashSyntax: +Style/HashSyntax: EnforcedStyle: ruby19 -Metrics/LineLength: +Layout/LineLength: Max: 120 Metrics/BlockLength: @@ -35,7 +35,7 @@ Metrics/ModuleLength: CountComments: false # count full line comments? Max: 200 -CommentAnnotation: +Style/CommentAnnotation: Keywords: - TODO - FIXME diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index ed0966c9..4e74ed83 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -53,7 +53,7 @@ Naming/BinaryOperatorParameterName: # NamePrefix: is_, has_, have_ # NamePrefixBlacklist: is_, has_, have_ # NameWhitelist: is_a? -Style/PredicateName: +Naming/PredicateName: Exclude: - 'spec/**/*' - 'lib/zendesk_apps_support/package.rb' diff --git a/Gemfile.lock b/Gemfile.lock index 65c761c6..3aa76c41 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,7 +17,7 @@ PATH GEM remote: https://rubygems.org/ specs: - ast (2.4.2) + ast (2.4.3) bump (0.5.4) byebug (11.1.3) concurrent-ruby (1.2.2) @@ -32,6 +32,8 @@ GEM image_size (2.0.2) ipaddress_2 (0.13.0) json (2.6.3) + language_server-protocol (3.17.0.4) + lint_roller (1.1.0) loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) @@ -41,16 +43,17 @@ GEM mini_portile2 (~> 2.8.0) racc (~> 1.4) parallel (1.12.1) - parser (3.0.2.0) + parser (3.3.8.0) ast (~> 2.4.1) + racc + prism (1.4.0) racc (1.6.2) - rainbow (3.0.0) + rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.11.2) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) - regexp_parser (2.1.1) - rexml (3.3.9) + regexp_parser (2.10.0) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -64,18 +67,21 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) - rubocop (1.20.0) + rubocop (1.75.3) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.9.1, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.44.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.11.0) - parser (>= 3.0.1.1) - ruby-progressbar (1.11.0) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.44.1) + parser (>= 3.3.7.2) + prism (~> 1.4) + ruby-progressbar (1.13.0) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -83,7 +89,9 @@ GEM rb-inotify (~> 0.9, >= 0.9.7) sassc (2.4.0) ffi (~> 1.9) - unicode-display_width (2.0.0) + unicode-display_width (3.1.4) + unicode-emoji (~> 4.0, >= 4.0.4) + unicode-emoji (4.0.4) PLATFORMS ruby diff --git a/Rakefile b/Rakefile index b30b3664..397b1925 100644 --- a/Rakefile +++ b/Rakefile @@ -27,10 +27,10 @@ standard_i18n_file = project_root.join('config/locales/en.yml') file standard_i18n_file => zendesk_i18n_file do |task| header = "# This is a generated file. Do NOT edit directly.\n# To update, run 'bundle exec rake i18n:standardize'.\n" - input = YAML.safe_load(File.read(task.prerequisites.first)) + input = YAML.safe_load_file(task.prerequisites.first) translations = input['parts'].map { |part| part['translation'] } yaml = YAML.dump('en' => array_to_nested_hash(translations)) - File.open(task.name, 'w') { |f| f << header + yaml } + File.open(task.name, 'w') { |f| f << (header + yaml) } end namespace :i18n do diff --git a/lib/zendesk_apps_support/validations/secrets.rb b/lib/zendesk_apps_support/validations/secrets.rb index bde3bf7b..f81d54e7 100644 --- a/lib/zendesk_apps_support/validations/secrets.rb +++ b/lib/zendesk_apps_support/validations/secrets.rb @@ -9,7 +9,7 @@ module Secrets ].freeze APPLICATION_SECRETS = { - # rubocop:disable Metrics/LineLength + # rubocop:disable Layout/LineLength 'Slack Token' => /(xox[p|b|o|a]-*.[a-z0-9])/, 'RSA Private Key' => /-----BEGIN RSA PRIVATE KEY-----/, 'SSH Private Key (OpenSSH)' => /-----BEGIN OPENSSH PRIVATE KEY-----/, @@ -45,7 +45,7 @@ module Secrets 'Attachment Token Key' => /(attachment_token_key.*.[0-9a-f]{24,72})/, 'Password' => /([pP][aA][sS][sS][wW][oO][rR][dD].*.[0-9a-zA-Z+_.-]{4,156})/, 'Token' => /([tT][oO][kK][eE][nN]( [:\"=-]|[:\"=-]).*.[0-9a-zA-Z+_.-]{4,156})/ - # rubocop:enable Metrics/LineLength + # rubocop:enable Layout/LineLength }.freeze class << self diff --git a/lib/zendesk_apps_support/validations/translations.rb b/lib/zendesk_apps_support/validations/translations.rb index afc3126b..6fce0a4e 100644 --- a/lib/zendesk_apps_support/validations/translations.rb +++ b/lib/zendesk_apps_support/validations/translations.rb @@ -19,7 +19,7 @@ def call(package, opts = {}) errors << locale_error(file, path_match[1]) << json_error(file) << format_error(file) next unless errors.compact.empty? if file.relative_path == 'translations/en.json' - # rubocop:disable Metrics/LineLength + # rubocop:disable Layout/LineLength errors.push(*validate_marketplace_content(file, package, opts.fetch(:skip_marketplace_translations, false))) end end.compact From 7e03606eadf00da9643390e74cf7c5345538153f Mon Sep 17 00:00:00 2001 From: Marcio Horoiwa Date: Mon, 28 Apr 2025 14:40:33 +1000 Subject: [PATCH 4/5] Add ruby v3.4 support --- .github/workflows/actions.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 3c25aa59..f0675923 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -16,6 +16,7 @@ jobs: ruby-version: - '3.2' - '3.3' + - '3.4' steps: - uses: zendesk/checkout@v3 - uses: zendesk/setup-ruby@v1 From e50041d1f4429d24c7adc1a08f909aea05766c99 Mon Sep 17 00:00:00 2001 From: Marcio Horoiwa Date: Mon, 28 Apr 2025 15:03:25 +1000 Subject: [PATCH 5/5] Update `nokogiri` to v1.18.8 Fix: - CVE-2025-24855 - CVE-2024-55549 - CVE-2024-25062 - CVE-2024-25062 - CVE-2025-32414 - CVE-2025-32415 - CVE-2025-24928 - CVE-2024-56171 - CVE-2024-34459 --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3aa76c41..fe0abc61 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,16 +38,16 @@ GEM crass (~> 1.0.2) nokogiri (>= 1.5.9) marcel (1.0.2) - mini_portile2 (2.8.2) - nokogiri (1.14.3) - mini_portile2 (~> 2.8.0) + mini_portile2 (2.8.8) + nokogiri (1.18.8) + mini_portile2 (~> 2.8.2) racc (~> 1.4) parallel (1.12.1) parser (3.3.8.0) ast (~> 2.4.1) racc prism (1.4.0) - racc (1.6.2) + racc (1.8.1) rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.11.2)