From 0203f2acc595d2081b4b3475e9ebfd9bd5fb7ea4 Mon Sep 17 00:00:00 2001 From: Djordje Lacmanovic Date: Sun, 27 Jul 2025 21:43:36 +0200 Subject: [PATCH 1/4] Resolve CVEs --- .github/workflows/spec.yml | 2 +- .ruby-version | 2 +- Gemfile.lock | 37 +++++++++++++++++++------------------ 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml index 03f1400..95e053d 100644 --- a/.github/workflows/spec.yml +++ b/.github/workflows/spec.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-18.04 strategy: matrix: - ruby: [2.5, 2.6, 2.7, 3.0] + ruby: [2.5, 2.6, 2.7, 3.0, 3.1] steps: - uses: actions/checkout@v2 diff --git a/.ruby-version b/.ruby-version index b502146..fd2a018 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.0.2 +3.1.0 diff --git a/Gemfile.lock b/Gemfile.lock index 25d5b30..65e5b36 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,18 +8,18 @@ PATH GEM remote: https://rubygems.org/ specs: - actionview (6.1.4.1) - activesupport (= 6.1.4.1) + actionview (6.1.7.10) + activesupport (= 6.1.7.10) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (6.1.4.1) - activesupport (= 6.1.4.1) - activerecord (6.1.4.1) - activemodel (= 6.1.4.1) - activesupport (= 6.1.4.1) - activesupport (6.1.4.1) + activemodel (6.1.7.10) + activesupport (= 6.1.7.10) + activerecord (6.1.7.10) + activemodel (= 6.1.7.10) + activesupport (= 6.1.7.10) + activesupport (6.1.7.10) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -50,14 +50,14 @@ GEM kaminari-core (= 1.2.1) kaminari-core (1.2.1) lefthook (0.7.6) - loofah (2.12.0) + loofah (2.24.1) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) method_source (1.0.0) - mini_portile2 (2.6.1) + mini_portile2 (2.8.9) minitest (5.14.4) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.18.9) + mini_portile2 (~> 2.8.2) racc (~> 1.4) pagy (3.11.0) parallel (1.21.0) @@ -70,12 +70,12 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) - loofah (~> 2.3) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) rainbow (3.0.0) rake (13.0.6) regexp_parser (2.1.1) - rexml (3.2.5) + rexml (3.4.1) rspec (3.10.0) rspec-core (~> 3.10.0) rspec-expectations (~> 3.10.0) @@ -106,13 +106,14 @@ GEM rubocop-rspec (2.5.0) rubocop (~> 1.19) ruby-progressbar (1.11.0) - sqlite3 (1.4.2) + sqlite3 (1.7.3) + mini_portile2 (~> 2.8.0) standard (1.3.0) rubocop (= 1.20.0) rubocop-performance (= 1.11.5) standardrb (1.0.0) standard - thor (1.1.0) + thor (1.4.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) unicode-display_width (2.1.0) From 5e725023ae5ad2fc990997b172714d98932c859e Mon Sep 17 00:00:00 2001 From: Djordje Lacmanovic Date: Sun, 27 Jul 2025 22:08:02 +0200 Subject: [PATCH 2/4] Run CI on ubuntu-latest Set Ruby matrix versions as strings Setting 3.0 as float sets up latest Ruby 3.x --- .github/workflows/lint.yml | 4 ++-- .github/workflows/spec.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7f9069a..a06b77c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,7 +8,7 @@ on: jobs: standardrb: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -19,7 +19,7 @@ jobs: run: bundle exec standardrb rubocop-rspec: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml index 95e053d..17b9cbf 100644 --- a/.github/workflows/spec.yml +++ b/.github/workflows/spec.yml @@ -8,10 +8,10 @@ on: jobs: rake-spec: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest strategy: matrix: - ruby: [2.5, 2.6, 2.7, 3.0, 3.1] + ruby: ['2.5', '2.6', '2.7', '3.0', '3.1'] steps: - uses: actions/checkout@v2 From 2f96a50b520c8ef3cf18309fdb7c2b640b7614cb Mon Sep 17 00:00:00 2001 From: Djordje Lacmanovic Date: Fri, 5 Sep 2025 09:52:39 +0200 Subject: [PATCH 3/4] Drop Ruby < 3.2 and Rails < 7.2 support Update standardb and resolve lint issues --- .github/workflows/spec.yml | 2 +- .ruby-version | 2 +- Gemfile.lock | 123 ++++++++++++------ jsonapi-query_builder.gemspec | 4 +- lefthook.yml | 5 +- .../errors/unpermitted_sort_parameters.rb | 6 +- lib/jsonapi/query_builder/paginator/pagy.rb | 4 +- .../jsonapi/query_builder/mixins/sort_spec.rb | 2 +- .../query_builder/paginator/kaminari_spec.rb | 10 +- 9 files changed, 97 insertions(+), 61 deletions(-) diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml index 17b9cbf..1981fbe 100644 --- a/.github/workflows/spec.yml +++ b/.github/workflows/spec.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - ruby: ['2.5', '2.6', '2.7', '3.0', '3.1'] + ruby: ['3.2', '3.3', '3.4'] steps: - uses: actions/checkout@v2 diff --git a/.ruby-version b/.ruby-version index fd2a018..4f5e697 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.1.0 +3.4.5 diff --git a/Gemfile.lock b/Gemfile.lock index 65e5b36..a5ed408 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,41 +2,55 @@ PATH remote: . specs: jsonapi-query_builder (0.3.0) - activerecord (>= 5) + activerecord (>= 7.2) pagy (>= 3.5) GEM remote: https://rubygems.org/ specs: - actionview (6.1.7.10) - activesupport (= 6.1.7.10) + actionview (8.0.2.1) + activesupport (= 8.0.2.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (6.1.7.10) - activesupport (= 6.1.7.10) - activerecord (6.1.7.10) - activemodel (= 6.1.7.10) - activesupport (= 6.1.7.10) - activesupport (6.1.7.10) - concurrent-ruby (~> 1.0, >= 1.0.2) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activemodel (8.0.2.1) + activesupport (= 8.0.2.1) + activerecord (8.0.2.1) + activemodel (= 8.0.2.1) + activesupport (= 8.0.2.1) + timeout (>= 0.4.0) + activesupport (8.0.2.1) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) ast (2.4.2) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.2.3) builder (3.2.4) bundler-audit (0.9.0.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) coderay (1.1.3) - concurrent-ruby (1.1.9) + concurrent-ruby (1.3.5) + connection_pool (2.5.4) crass (1.0.6) diff-lcs (1.4.4) - erubi (1.10.0) + drb (2.2.3) + erubi (1.13.1) i18n (1.8.10) concurrent-ruby (~> 1.0) + json (2.13.2) kaminari (1.2.1) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.1) @@ -49,7 +63,10 @@ GEM activerecord kaminari-core (= 1.2.1) kaminari-core (1.2.1) + language_server-protocol (3.17.0.5) lefthook (0.7.6) + lint_roller (1.1.0) + logger (1.7.0) loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -61,21 +78,24 @@ GEM racc (~> 1.4) pagy (3.11.0) parallel (1.21.0) - parser (3.0.2.0) + parser (3.3.9.0) ast (~> 2.4.1) + racc + prism (1.4.0) pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) racc (1.5.2) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) + rails-html-sanitizer (1.6.2) + loofah (~> 2.21) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) rainbow (3.0.0) rake (13.0.6) - regexp_parser (2.1.1) - rexml (3.4.1) + regexp_parser (2.11.2) rspec (3.10.0) rspec-core (~> 3.10.0) rspec-expectations (~> 3.10.0) @@ -89,35 +109,52 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-support (3.10.2) - rubocop (1.20.0) + rubocop (1.80.2) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.9.1, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.46.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.12.0) - parser (>= 3.0.1.1) - rubocop-performance (1.11.5) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.46.0) + parser (>= 3.3.7.2) + prism (~> 1.4) + rubocop-performance (1.25.0) + lint_roller (~> 1.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.38.0, < 2.0) rubocop-rspec (2.5.0) rubocop (~> 1.19) ruby-progressbar (1.11.0) - sqlite3 (1.7.3) + securerandom (0.4.1) + sqlite3 (2.7.3) mini_portile2 (~> 2.8.0) - standard (1.3.0) - rubocop (= 1.20.0) - rubocop-performance (= 1.11.5) + standard (1.51.0) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.80.2) + standard-custom (~> 1.0.0) + standard-performance (~> 1.8) + standard-custom (1.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.50) + standard-performance (1.8.0) + lint_roller (~> 1.1) + rubocop-performance (~> 1.25.0) standardrb (1.0.0) standard thor (1.4.0) - tzinfo (2.0.4) + timeout (0.4.3) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unicode-display_width (2.1.0) - zeitwerk (2.4.2) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.1.0) + uri (1.0.3) PLATFORMS ruby @@ -138,4 +175,4 @@ DEPENDENCIES standardrb BUNDLED WITH - 2.2.22 + 2.7.2 diff --git a/jsonapi-query_builder.gemspec b/jsonapi-query_builder.gemspec index 0837f1d..9e9e855 100644 --- a/jsonapi-query_builder.gemspec +++ b/jsonapi-query_builder.gemspec @@ -36,9 +36,9 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] - spec.required_ruby_version = ">= 2.5" + spec.required_ruby_version = ">= 3.2" - spec.add_runtime_dependency "activerecord", ">= 5" + spec.add_runtime_dependency "activerecord", ">= 7.2" spec.add_runtime_dependency "pagy", ">= 3.5" spec.add_development_dependency "bundler", "~> 2.0" diff --git a/lefthook.yml b/lefthook.yml index 5dd1124..ba27ee8 100644 --- a/lefthook.yml +++ b/lefthook.yml @@ -2,7 +2,7 @@ lint: commands: &lint lint-frozen-strings: glob: "*.rb" - run: bundle exec rubocop --only Style/FrozenStringLiteralComment,Layout/EmptyLineAfterMagicComment --format quiet --auto-correct + run: bundle exec rubocop --only Style/FrozenStringLiteralComment,Layout/EmptyLineAfterMagicComment --format quiet --autocorrect rubocop: commands: &rubocop @@ -13,8 +13,7 @@ rubocop: pre-commit: parallel: true commands: - <<: *lint - <<: *rubocop + <<: [*lint, *rubocop] standardrb: glob: "*.rb" run: bundle exec standardrb {staged_files} diff --git a/lib/jsonapi/query_builder/errors/unpermitted_sort_parameters.rb b/lib/jsonapi/query_builder/errors/unpermitted_sort_parameters.rb index 1a50103..10d169a 100644 --- a/lib/jsonapi/query_builder/errors/unpermitted_sort_parameters.rb +++ b/lib/jsonapi/query_builder/errors/unpermitted_sort_parameters.rb @@ -5,11 +5,11 @@ module QueryBuilder module Errors class UnpermittedSortParameters < ArgumentError def initialize(unpermitted_parameters) - super [ + super([ unpermitted_parameters.to_sentence, - unpermitted_parameters.count == 1 ? "is not a" : "are not", + (unpermitted_parameters.count == 1) ? "is not a" : "are not", "permitted sort attribute".pluralize(unpermitted_parameters.count) - ].join(" ") + ].join(" ")) end end end diff --git a/lib/jsonapi/query_builder/paginator/pagy.rb b/lib/jsonapi/query_builder/paginator/pagy.rb index 2d3c2f8..d851b7e 100644 --- a/lib/jsonapi/query_builder/paginator/pagy.rb +++ b/lib/jsonapi/query_builder/paginator/pagy.rb @@ -13,8 +13,8 @@ def paginate(page_params) @params = {page: page_params} pagination_details, records = pagy collection, page: page_params[:number], - items: page_params[:size], - outset: page_params[:offset] + items: page_params[:size], + outset: page_params[:offset] [records, pagination_details] end diff --git a/spec/jsonapi/query_builder/mixins/sort_spec.rb b/spec/jsonapi/query_builder/mixins/sort_spec.rb index e424a6b..6236f84 100644 --- a/spec/jsonapi/query_builder/mixins/sort_spec.rb +++ b/spec/jsonapi/query_builder/mixins/sort_spec.rb @@ -93,7 +93,7 @@ unique_sort_attribute id: :asc sorts_by :last_name sorts_by :first_name, ->(collection, direction) { collection.order(name: direction) } - sorts_by :'address.street', StreetSort + sorts_by :"address.street", StreetSort def initialize(collection, params) @collection = collection diff --git a/spec/jsonapi/query_builder/paginator/kaminari_spec.rb b/spec/jsonapi/query_builder/paginator/kaminari_spec.rb index dc5343e..818f1ce 100644 --- a/spec/jsonapi/query_builder/paginator/kaminari_spec.rb +++ b/spec/jsonapi/query_builder/paginator/kaminari_spec.rb @@ -9,11 +9,11 @@ let(:collection) { instance_double "collection" } let(:paged_collection) do instance_double "paged-collection", current_page: 2, - limit_value: 20, - total_count: 35, - total_pages: 2, - next_page: nil, - prev_page: 1 + limit_value: 20, + total_count: 35, + total_pages: 2, + next_page: nil, + prev_page: 1 end before do From 52698a701dac7d574211ce9efe211865a7a927d9 Mon Sep 17 00:00:00 2001 From: Djordje Lacmanovic Date: Thu, 11 Sep 2025 08:28:37 +0200 Subject: [PATCH 4/4] Pin Ubuntu version --- .github/workflows/lint.yml | 4 ++-- .github/workflows/spec.yml | 2 +- lib/jsonapi/query_builder/paginator/pagy.rb | 5 ++--- spec/jsonapi/query_builder/paginator/kaminari_spec.rb | 4 ++-- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a06b77c..2e9071b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,7 +8,7 @@ on: jobs: standardrb: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v2 @@ -19,7 +19,7 @@ jobs: run: bundle exec standardrb rubocop-rspec: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml index 1981fbe..374b748 100644 --- a/.github/workflows/spec.yml +++ b/.github/workflows/spec.yml @@ -8,7 +8,7 @@ on: jobs: rake-spec: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: ruby: ['3.2', '3.3', '3.4'] diff --git a/lib/jsonapi/query_builder/paginator/pagy.rb b/lib/jsonapi/query_builder/paginator/pagy.rb index d851b7e..dd108c3 100644 --- a/lib/jsonapi/query_builder/paginator/pagy.rb +++ b/lib/jsonapi/query_builder/paginator/pagy.rb @@ -12,9 +12,8 @@ class Pagy < BasePaginator def paginate(page_params) @params = {page: page_params} - pagination_details, records = pagy collection, page: page_params[:number], - items: page_params[:size], - outset: page_params[:offset] + pagination_details, records = pagy(collection, page: page_params[:number], items: page_params[:size], outset: page_params[:offset]) + [records, pagination_details] end diff --git a/spec/jsonapi/query_builder/paginator/kaminari_spec.rb b/spec/jsonapi/query_builder/paginator/kaminari_spec.rb index 818f1ce..8249c88 100644 --- a/spec/jsonapi/query_builder/paginator/kaminari_spec.rb +++ b/spec/jsonapi/query_builder/paginator/kaminari_spec.rb @@ -8,12 +8,12 @@ let(:collection) { instance_double "collection" } let(:paged_collection) do - instance_double "paged-collection", current_page: 2, + instance_double("paged-collection", current_page: 2, limit_value: 20, total_count: 35, total_pages: 2, next_page: nil, - prev_page: 1 + prev_page: 1) end before do