Update rubocop to v0.52.1 for Slack plugin #59
Conversation
The last commit removed support for Ruby 2.0
|
Thanks for your contribution to Sensu plugins! Without people like you submitting PRs we couldn't run the project. I will review it shortly. Special kudos for picking up security issues. |
| @@ -5,6 +5,10 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ## [3.0.1] - 2018-01-21 | |||
There was a problem hiding this comment.
Per our changelog conventions all submitted changes go under ### [Unreleased] there are a couple of reasons for this:
- There is no guarantee when a maintainer will review so the release date will likely be wrong unless we get to it in the same day
- There is no guarantee on the review/merge order, bumping the version prior to acceptance is pretty much guaranteed to need to have the submitter rebase
- Maintainer may disagree on how you interpret the change, for example in this case you versioned a as a patch when in fact it is a breaking change as you drop a version of ruby being supported. Even when an update is in the name of security we generally follow semver unless there is a very good reason not to such as putting the consumer at extreme risk. This is outlined as it relates to security here if you are interested in understanding how we handle these edgecases.
| @@ -5,6 +5,10 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ## [3.0.1] - 2018-01-21 | |||
| ### Changed | |||
| - Bumped Rubocop to 0.52.1 in response to CVE-2017-8418 (@nicoleheejin) | |||
There was a problem hiding this comment.
To keep things consistent with the other PR's we should bump it to ~> 0.51.0 which satisfies the requirement to patch the vulnerability and reduces the number of new cops to satisfy.
| @@ -5,6 +5,10 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ## [3.0.1] - 2018-01-21 | |||
| ### Changed | |||
There was a problem hiding this comment.
This should actually go under a ### Security header rather than changed as it makes it clear to consumers that this update is important and should be prioritized over pulling in other types of changes.
| @@ -2,7 +2,7 @@ module SensuPluginsSlack | |||
| module Version | |||
| MAJOR = 3 | |||
| MINOR = 0 | |||
| PATCH = 0 | |||
| PATCH = 1 | |||
There was a problem hiding this comment.
see above comment regarding versioning pre-acceptance.
| s.add_development_dependency 'rspec', '~> 3.1' | ||
| s.add_development_dependency 'rubocop', '~> 0.52.1' |
There was a problem hiding this comment.
This needs to be called out in the changelog under ### Breaking Changes so that we inform users on the impact and make it more obvious to reviewers and maintainers so it can be evaluated and versioned appropriately.
|
awesome! I will address these changes shortly and will continue working through the list! Thank you for the feedback! |
|
@nicoleheejin checking back to see if you can make those changes so we can get this merged and released. Also looks like you now need a rebase to fix conflicts, let me know if you need help. |
|
closing due to inactivity and merge conflicts. |
Pull Request Checklist
Is this in reference to an existing issue?
Yeah! sensu-plugins/community#77
General
Update Changelog following the conventions laid out here
Update README with any necessary configuration snippets
Binstubs are created if needed
RuboCop passes
Existing tests pass
Purpose
Known Compatibility Issues