From a8c528abeaffc68adab8c4ae005d5e31b3b90e82 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Wed, 24 Jun 2026 14:47:15 -0500 Subject: [PATCH] Update Ruby version and Gems to secure versions * Ruby 3.0 is EOL; update to the standard 3.3 we're using everywhere. * Ensure Docker image is ruby:3.3-slim to match version update. * Update the Gems to fix CVEs. * Update RuboCop to a version that supports Ruby 3.3. * Fix new RuboCop issues (because we went > 3.1 for new syntax). --- .ruby-version | 2 +- Dockerfile | 2 +- Gemfile.lock | 56 +++++++++++-------- .../sftp_handler/downloader/base.rb | 6 +- .../sftp_handler/downloader/gobi.rb | 2 +- .../sftp_handler/downloader/lbnl.rb | 4 +- 6 files changed, 42 insertions(+), 30 deletions(-) diff --git a/.ruby-version b/.ruby-version index 282895a..0ddaf4d 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.0.3 \ No newline at end of file +~> 3.3 diff --git a/Dockerfile b/Dockerfile index fd4dc92..22f8033 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ # The base stage scaffolds elements which are common to building and running # the application, such as installing ca-certificates, creating the app user, # and installing runtime system dependencies. -FROM ruby:3.0.3-slim AS base +FROM ruby:3.3-slim AS base # ------------------------------------------------------------ # Create the application user/group and installation directory diff --git a/Gemfile.lock b/Gemfile.lock index 51ad66d..faaf729 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - ast (2.4.2) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + ast (2.4.3) berkeley_library-docker (0.1.1) chronic (0.10.2) colorize (0.8.1) @@ -11,16 +11,22 @@ GEM rexml diff-lcs (1.5.0) hashdiff (1.0.1) + json (2.20.0) + language_server-protocol (3.17.0.5) + lint_roller (1.1.0) net-sftp (3.0.0) net-ssh (>= 5.0.0, < 7.0.0) net-ssh (6.1.0) - parallel (1.21.0) - parser (3.1.1.0) + parallel (2.1.0) + parser (3.3.11.1) ast (~> 2.4.1) - public_suffix (4.0.6) + racc + prism (1.9.0) + public_suffix (7.0.5) + racc (1.8.1) rainbow (3.1.1) - regexp_parser (2.2.1) - rexml (3.2.5) + regexp_parser (2.12.0) + rexml (3.4.4) rspec (3.11.0) rspec-core (~> 3.11.0) rspec-expectations (~> 3.11.0) @@ -39,23 +45,28 @@ GEM rspec-support (3.11.0) rspec_junit_formatter (0.5.1) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.26.0) - parallel (~> 1.10) - parser (>= 3.1.0.0) + rubocop (1.88.0) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) + parallel (>= 1.10) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.16.0, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.16.0) - parser (>= 3.1.1.0) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.49.1) + parser (>= 3.3.7.2) + prism (~> 1.7) rubocop-checkstyle_formatter (0.5.0) rubocop (>= 1.14.0) - ruby-progressbar (1.11.0) - thor (1.2.1) + ruby-progressbar (1.13.0) + thor (1.5.0) timecop (0.9.5) - unicode-display_width (2.1.0) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.2.0) webmock (3.14.0) addressable (>= 2.8.0) crack (>= 0.3.2) @@ -63,6 +74,7 @@ GEM PLATFORMS aarch64-linux + arm64-darwin-24 x86_64-darwin-19 x86_64-linux @@ -81,7 +93,7 @@ DEPENDENCIES webmock RUBY VERSION - ruby 3.0.3p157 + ruby 3.3.11 BUNDLED WITH - 2.2.32 + 4.0.9 diff --git a/lib/berkeley_library/sftp_handler/downloader/base.rb b/lib/berkeley_library/sftp_handler/downloader/base.rb index ff4c5da..f50f7bd 100644 --- a/lib/berkeley_library/sftp_handler/downloader/base.rb +++ b/lib/berkeley_library/sftp_handler/downloader/base.rb @@ -28,9 +28,9 @@ def initialize(host: nil, username: nil, password: nil, keys: nil, key_data: nil @key_data = key_data.is_a?(Array) ? key_data : [key_data].compact end - def connect(&block) + def connect(&) puts "Connecting to sftp://#{@username}@#{@host}" - Net::SFTP.start(@host, @username, ssh_options, sftp_options, &block) + Net::SFTP.start(@host, @username, ssh_options, sftp_options, &) end def ssh_options @@ -53,7 +53,7 @@ def sftp_options # Helper method for pulling default initializer values from the environment def default_for(option, fallback = nil) envvar = "#{config_prefix}#{option.to_s.upcase}" - getter = "default_#{option}".to_sym + getter = :"default_#{option}" ENV.fetch(envvar, respond_to?(getter) ? send(getter) : fallback) end diff --git a/lib/berkeley_library/sftp_handler/downloader/gobi.rb b/lib/berkeley_library/sftp_handler/downloader/gobi.rb index b5a9934..d79e4e4 100644 --- a/lib/berkeley_library/sftp_handler/downloader/gobi.rb +++ b/lib/berkeley_library/sftp_handler/downloader/gobi.rb @@ -43,7 +43,7 @@ def default_host end def default_username - ENV['LIT_GOBI_USERNAME'] + ENV.fetch('LIT_GOBI_USERNAME', nil) end def ssh_options diff --git a/lib/berkeley_library/sftp_handler/downloader/lbnl.rb b/lib/berkeley_library/sftp_handler/downloader/lbnl.rb index 1c9e1ae..08952a2 100644 --- a/lib/berkeley_library/sftp_handler/downloader/lbnl.rb +++ b/lib/berkeley_library/sftp_handler/downloader/lbnl.rb @@ -35,11 +35,11 @@ def default_host end def default_username - ENV['LIT_LBNL_USERNAME'] + ENV.fetch('LIT_LBNL_USERNAME', nil) end def default_filename - @default_filename ||= "#{ENV['LBNL_FILENAME']}_#{most_recent_monday.strftime('%Y%m%d')}.zip" + @default_filename ||= "#{ENV.fetch('LBNL_FILENAME', nil)}_#{most_recent_monday.strftime('%Y%m%d')}.zip" end def most_recent_monday