Technical/Update application dependencies (#78)

* Updated runtime/development dependencies
* Changed Ruby version to 3.1.2
* Updated rubocop/circleci configs
* Updated version, changelog

Author: bestwebua

.circleci/config.yml

@@ -1,7 +1,7 @@
 defaults: &defaults
   working_directory: ~/truemail-server
   docker:
-    - image: cimg/ruby:3.1.1
+    - image: cimg/ruby:3.1.2
 
 references:
   install_bundler: &install_bundler

.codeclimate.yml

@@ -7,7 +7,7 @@ checks:
 plugins:
   rubocop:
     enabled: true
-    channel: rubocop-1-25
+    channel: rubocop-1-30
 
   reek:
     enabled: true

.rubocop.yml

@@ -148,6 +148,24 @@ Style/FileWrite:
 Style/MapToHash:
   Enabled: true
 
+Style/EnvHome:
+  Enabled: true
+
+Style/FetchEnvVar:
+  Enabled: false
+
+Style/MapCompactWithConditionalBlock:
+  Enabled: true
+
+Style/NestedFileDirname:
+  Enabled: true
+
+Style/ObjectThen:
+  Enabled: true
+
+Style/RedundantInitialize:
+  Enabled: true
+
 # Metrics ---------------------------------------------------------------------
 
 Layout/LineLength:
@@ -324,15 +342,24 @@ Lint/RequireRelativeSelfPath:
 Lint/UselessRuby2Keywords:
   Enabled: true
 
+Lint/RefinementImportMethods:
+  Enabled: true
+
 Gemspec/DateAssignment:
   Enabled: true
 
 Gemspec/RequireMFA:
   Enabled: false
 
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
 Security/IoMethods:
   Enabled: true
 
+Security/CompoundHash:
+  Enabled: true
+
 # Performance -----------------------------------------------------------------
 
 Performance/AncestorsInclude:
@@ -432,3 +459,9 @@ RSpec/BeEq:
 
 RSpec/BeNil:
   Enabled: true
+
+RSpec/ChangeByZero:
+  Enabled: true
+
+RSpec/VerifiedDoubleReference:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-ruby-3.1.1
+ruby-3.1.2

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.4.1] - 2022-06-01
+
+### Fixed
+
+- Fixed security vulnerability issue [CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2), [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr)
+
+### Changed
+
+- Updated application dependencies (rack 2.2.3.1, truemail 2.7.3)
+- Updated Ruby version to 3.1.2
+- Updated development dependencies
+- Updated application version
+- Updated readme
+
 ## [0.4.0] - 2022-03-08
 
 ### Added

Gemfile

@@ -6,23 +6,23 @@ ruby(::File.read(::File.join(::File.dirname(__FILE__), '.ruby-version')).strip[/
 
 gem 'dry-struct', '~> 1.4'
 gem 'net-smtp', '~> 0.3.1'
-gem 'rack', '~> 2.2', '>= 2.2.3'
+gem 'rack', '~> 2.2', '>= 2.2.3.1'
 gem 'thin', '~> 1.8', '>= 1.8.1'
-gem 'truemail', '~> 2.7', '>= 2.7.1'
+gem 'truemail', '~> 2.7', '>= 2.7.3'
 
 group :development, :test do
   gem 'pry-byebug', '~> 3.9'
   gem 'rack-test', '~> 1.1'
   gem 'rspec', '~> 3.11'
 
   # Code quality
-  gem 'bundler-audit', '~> 0.9.0.1', require: false
-  gem 'fasterer', '~> 0.9.0', require: false
-  gem 'overcommit', '~> 0.58.0', require: false
-  gem 'reek', '~> 6.1', require: false
-  gem 'rubocop', '~> 1.25', '>= 1.25.1', require: false
-  gem 'rubocop-performance', '~> 1.13', '>= 1.13.3', require: false
-  gem 'rubocop-rspec', '~> 2.9', require: false
+  gem 'bundler-audit', '~> 0.9.1', require: false
+  gem 'fasterer', '~> 0.10.0', require: false
+  gem 'overcommit', '~> 0.59.1', require: false
+  gem 'reek', '~> 6.1', '>= 6.1.1', require: false
+  gem 'rubocop', '~> 1.30', require: false
+  gem 'rubocop-performance', '~> 1.14', require: false
+  gem 'rubocop-rspec', '~> 2.11', '>= 2.11.1', require: false
 end
 
 group :test do

Gemfile.lock

@@ -2,19 +2,19 @@ GEM
   remote: https://rubygems.org/
   specs:
     ast (2.4.2)
-    bundler-audit (0.9.0.1)
+    bundler-audit (0.9.1)
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     byebug (11.1.3)
     childprocess (4.1.0)
     coderay (1.1.3)
     colorize (0.8.1)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     daemons (1.4.1)
     diff-lcs (1.5.0)
     digest (3.1.0)
     docile (1.4.0)
-    dry-configurable (0.14.0)
+    dry-configurable (0.15.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.6)
     dry-container (0.9.0)
@@ -37,46 +37,44 @@ GEM
       dry-inflector (~> 0.1, >= 0.1.2)
       dry-logic (~> 1.0, >= 1.0.2)
     eventmachine (1.2.7)
-    fasterer (0.9.0)
+    fasterer (0.10.0)
       colorize (~> 0.7)
-      ruby_parser (>= 3.14.1)
+      ruby_parser (>= 3.19.1)
     ice_nine (0.11.2)
     iniparse (1.5.0)
-    io-wait (0.2.1)
     json_matchers (0.11.1)
       json_schema
     json_schema (0.21.0)
     kwalify (0.7.2)
     method_source (1.0.0)
-    net-protocol (0.1.2)
-      io-wait
+    net-protocol (0.1.3)
       timeout
     net-smtp (0.3.1)
       digest
       net-protocol
       timeout
-    overcommit (0.58.0)
+    overcommit (0.59.1)
       childprocess (>= 0.6.3, < 5)
       iniparse (~> 1.4)
       rexml (~> 3.2)
-    parallel (1.21.0)
-    parser (3.1.1.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
       ast (~> 2.4.1)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-byebug (3.9.0)
       byebug (~> 11.0)
       pry (~> 0.13.0)
-    rack (2.2.3)
+    rack (2.2.3.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rainbow (3.1.1)
-    reek (6.1.0)
+    reek (6.1.1)
       kwalify (~> 0.7.0)
       parser (~> 3.1.0)
       rainbow (>= 2.0, < 4.0)
-    regexp_parser (2.2.1)
+    regexp_parser (2.5.0)
     rexml (3.2.5)
     rspec (3.11.0)
       rspec-core (~> 3.11.0)
@@ -87,30 +85,30 @@ GEM
     rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
     rspec-support (3.11.0)
-    rubocop (1.25.1)
+    rubocop (1.30.0)
       parallel (~> 1.10)
       parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.16.0)
+    rubocop-ast (1.18.0)
       parser (>= 3.1.1.0)
-    rubocop-performance (1.13.3)
+    rubocop-performance (1.14.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    rubocop-rspec (2.9.0)
+    rubocop-rspec (2.11.1)
       rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
-    ruby_parser (3.18.1)
+    ruby_parser (3.19.1)
       sexp_processor (~> 4.16)
-    sexp_processor (4.16.0)
+    sexp_processor (4.16.1)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -124,38 +122,38 @@ GEM
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
     thor (1.2.1)
-    timeout (0.2.0)
-    truemail (2.7.1)
+    timeout (0.3.0)
+    truemail (2.7.3)
       simpleidn (~> 0.2.1)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8)
+    unf_ext (0.0.8.2)
     unicode-display_width (2.1.0)
 
 PLATFORMS
   x86_64-darwin-20
 
 DEPENDENCIES
-  bundler-audit (~> 0.9.0.1)
+  bundler-audit (~> 0.9.1)
   dry-struct (~> 1.4)
-  fasterer (~> 0.9.0)
+  fasterer (~> 0.10.0)
   json_matchers (~> 0.11.1)
   net-smtp (~> 0.3.1)
-  overcommit (~> 0.58.0)
+  overcommit (~> 0.59.1)
   pry-byebug (~> 3.9)
-  rack (~> 2.2, >= 2.2.3)
+  rack (~> 2.2, >= 2.2.3.1)
   rack-test (~> 1.1)
-  reek (~> 6.1)
+  reek (~> 6.1, >= 6.1.1)
   rspec (~> 3.11)
-  rubocop (~> 1.25, >= 1.25.1)
-  rubocop-performance (~> 1.13, >= 1.13.3)
-  rubocop-rspec (~> 2.9)
+  rubocop (~> 1.30)
+  rubocop-performance (~> 1.14)
+  rubocop-rspec (~> 2.11, >= 2.11.1)
   simplecov (~> 0.21.2)
   thin (~> 1.8, >= 1.8.1)
-  truemail (~> 2.7, >= 2.7.1)
+  truemail (~> 2.7, >= 2.7.3)
 
 RUBY VERSION
-   ruby 3.1.1p18
+   ruby 3.1.2p20
 
 BUNDLED WITH
-   2.3.8
+   2.3.15

README.md

@@ -77,7 +77,7 @@ Run Truemail server with command as in example below:
 VERIFIER_EMAIL=your_email@example.com ACCESS_TOKENS=a262d915-15bc-417c-afeb-842c63b54154 rackup
 
 # =>
-# Thin web server (v1.8.0 codename Possessed Pickle)
+# Thin web server (v1.8.1 codename Infinite Smoothie)
 # Maximum connections set to 1024
 # Listening on localhost:9292, CTRL+C to stop
 ```
@@ -103,7 +103,7 @@ LOG_STDOUT=true \
 thin -R config.ru -a 0.0.0.0 -p 9292 -e production start
 
 # =>
-# Thin web server (v1.8.0 codename Possessed Pickle)
+# Thin web server (v1.8.1 codename Infinite Smoothie)
 # Maximum connections set to 1024
 # Listening on localhost:9292, CTRL+C to stop
 # 127.0.0.1 - - [26/Feb/2020:16:41:13 +0200] "GET /?email=admin%40bestweb.com.ua HTTP/1.1" 200 - 0.9195

app/truemail_server/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TruemailServer
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end