Update Dockerfile ruby and brakeman versions (#14)

* Update Dockerfile ruby and brakeman versions * Update gemfile.lock * Update workflow versions * Use RC version
cookpad · Oct 10, 2024 · f788a3f · f788a3f
1 parent 9342d01
commit f788a3f
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 54 deletions.
diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml
@@ -13,18 +13,18 @@ jobs:
   brakeman:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up Ruby 2.7.5
+      - uses: actions/checkout@v4
+      - name: Set up Ruby 3.3.5
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.5
+          ruby-version: 3.3.5
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
       - name: Brakeman report
         run: |
           bundle exec brakeman -A -q --force -f json -o tmp/${{ github.event.pull_request.head.sha }}-brakeman.json
       - name: Send Brakeman report to Github if it has warnings
         if: failure()
-        uses: cookpad/brakeman-linter-action@v2.0.0
+        uses: cookpad/brakeman-linter-action@v2.2.0-rc
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
           REPORT_PATH: tmp/${{ github.event.pull_request.head.sha }}-brakeman.json

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -1,6 +1,6 @@
 # Dependency Review Action
 #
-# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v1
+        uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/rubocop.yml b/.github/workflows/rubocop.yml
@@ -18,10 +18,10 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@master
-      - name: Set up Ruby 2.7.5
+      - name: Set up Ruby 3.3.5
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.5
+          ruby-version: 3.3.5
       - name: Bundle
         run: |
           gem install bundler

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,11 +17,11 @@ jobs:
     name: Rspec Test Action
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@master
-      - name: Set up Ruby 2.7.5
+      - uses: actions/checkout@4
+      - name: Set up Ruby 3.3.5
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.5
+          ruby-version: 3.3.5
       - name: Bundle
         run: |
           gem install bundler

diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /tmp/
 /.vscode/
+.ruby-version
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## v2.1.0
 
-- Shows a relevant error when an issue is detected outside the current PR 
+- Shows a relevant error when an issue is detected outside the current PR
 - Does not run forever when there aren't any annotations (thanks @dlackty!)
 
 ## v2.0.0

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-FROM ruby:2.7.5-alpine
+FROM ruby:3.3.5-alpine
 
-RUN gem install brakeman -v 5.2.2
+RUN gem install brakeman -v 6.2.1
 
 COPY lib /action/lib
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,61 +1,70 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
-    brakeman (5.2.1)
+    bigdecimal (3.1.8)
+    brakeman (6.2.1)
+      racc
     coderay (1.1.3)
-    crack (0.4.5)
+    crack (1.0.0)
+      bigdecimal
       rexml
-    diff-lcs (1.5.0)
-    hashdiff (1.0.1)
-    method_source (1.0.0)
-    parallel (1.22.0)
-    parser (3.1.1.0)
+    diff-lcs (1.5.1)
+    hashdiff (1.1.1)
+    json (2.7.2)
+    language_server-protocol (3.17.0.3)
+    method_source (1.1.0)
+    parallel (1.26.3)
+    parser (3.3.5.0)
       ast (~> 2.4.1)
-    pry (0.14.1)
+      racc
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.6)
+    public_suffix (6.0.1)
+    racc (1.8.1)
     rainbow (3.1.1)
-    regexp_parser (2.2.1)
-    rexml (3.2.5)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    regexp_parser (2.9.2)
+    rexml (3.3.8)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.1)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    rubocop (1.26.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.66.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.16.0, < 2.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rubocop-ast (>= 1.32.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.16.0)
-      parser (>= 3.1.1.0)
-    rubocop-performance (1.13.3)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    ruby-progressbar (1.11.0)
-    unicode-display_width (2.1.0)
-    webmock (3.14.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.32.3)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.22.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    ruby-progressbar (1.13.0)
+    unicode-display_width (2.6.0)
+    webmock (3.24.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
 
 PLATFORMS
+  arm64-darwin-23
   ruby
 
 DEPENDENCIES
@@ -67,4 +76,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.3.10
+   2.5.21