Update YARD to silence CVE, as well as other Gems

Gems updated include bundler, github-markup, rake, reek, redcarpet,
rubocop, simplecov. and yard.

The Rubocop update took us from 0.65.0 to 0.74.0. Predictably, this
caused some previously-blessed source code to be flagged; it also caused
a demanded variable name (by RuboCop) to be flagged as uncommunicative
by Reek (in either version). Disabling the
`Naming/RescuedExceptionsVariableName` RuboCop cop for each of the
affected methods restored peace between the two tools. 😩

To be released as Gem version 0.2.6.

86 tests, 113 assertions, 0 failures, 0 errors, 0 skips
Coverage: 1012 / 1012 LOC (100.0%) covered.
RuboCop: 11 files inspected, no offenses detected
Flay: Total score 0
Flog: Total 326.5; method average 4.7; max 8.4 (CryptIdent::SignUp#create_result)
Reek: 0 total warnings
Inch: Nothing to suggest

.rbenv-gemsets

@@ -0,0 +1 @@
+./tmp/gemset

.ruby-version

@@ -1 +1 @@
-2.6.1
+2.6.3

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    crypt_ident (0.2.5)
+    crypt_ident (0.2.6)
       bcrypt
       dry-matcher
       dry-monads
@@ -16,34 +16,35 @@ GEM
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
-    bcrypt (3.1.12)
+    bcrypt (3.1.13)
     builder (3.2.3)
-    byebug (11.0.0)
+    byebug (11.0.1)
     codeclimate-engine-rb (0.4.1)
       virtus (~> 1.0)
     coderay (1.1.2)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.1.4)
+    concurrent-ruby (1.1.5)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    docile (1.3.1)
-    dry-configurable (0.8.2)
+    docile (1.3.2)
+    dry-configurable (0.8.3)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.4, >= 0.4.7)
-    dry-container (0.7.0)
+    dry-container (0.7.2)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 0.1, >= 0.1.3)
-    dry-core (0.4.7)
+    dry-core (0.4.8)
       concurrent-ruby (~> 1.0)
-    dry-equalizer (0.2.1)
+    dry-equalizer (0.2.2)
     dry-initializer (1.4.1)
     dry-logic (0.4.2)
       dry-container (~> 0.2, >= 0.2.6)
       dry-core (~> 0.2)
       dry-equalizer (~> 0.2)
-    dry-matcher (0.7.0)
-    dry-monads (1.1.0)
+    dry-matcher (0.8.0)
+      dry-core (>= 0.4.7)
+    dry-monads (1.3.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.4, >= 0.4.4)
       dry-equalizer
@@ -63,7 +64,7 @@ GEM
       inflecto (~> 0.0.0, >= 0.0.2)
     equalizer (0.0.11)
     erubis (2.7.0)
-    ffi (1.10.0)
+    ffi (1.11.1)
     flay (2.12.0)
       erubis (~> 2.7.0)
       path_expander (~> 1.0)
@@ -74,7 +75,7 @@ GEM
       ruby_parser (~> 3.1, > 3.1.0)
       sexp_processor (~> 4.8)
     formatador (0.2.5)
-    github-markup (3.0.3)
+    github-markup (3.0.4)
     guard (2.15.0)
       formatador (>= 0.2.4)
       listen (>= 2.7, < 4.0)
@@ -97,14 +98,15 @@ GEM
     guard-shell (0.7.1)
       guard (>= 2.0.0)
       guard-compat (~> 1.0)
-    hanami-model (1.3.0)
+    hanami-model (1.3.2)
       concurrent-ruby (~> 1.0)
+      dry-logic (~> 0.4.2, < 0.5)
       dry-types (~> 0.11.0)
       hanami-utils (~> 1.3)
       rom (~> 3.3, >= 3.3.3)
       rom-repository (~> 1.4)
       rom-sql (~> 1.3, >= 1.3.5)
-    hanami-utils (1.3.1)
+    hanami-utils (1.3.2)
       concurrent-ruby (~> 1.0)
       transproc (~> 1.0)
     ice_nine (0.11.2)
@@ -114,7 +116,7 @@ GEM
       term-ansicolor
       yard (~> 0.9.12)
     inflecto (0.0.2)
-    jaro_winkler (1.5.2)
+    jaro_winkler (1.5.3)
     json (2.2.0)
     kwalify (0.7.2)
     listen (3.1.5)
@@ -136,14 +138,13 @@ GEM
     minitest-tagz (1.7.0)
       minitest (~> 5)
     nenv (0.3.0)
-    notiffany (0.1.1)
+    notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    parallel (1.14.0)
-    parser (2.6.0.0)
+    parallel (1.17.0)
+    parser (2.6.3.0)
       ast (~> 2.4.0)
-    path_expander (1.0.3)
-    powerpack (0.1.2)
+    path_expander (1.0.4)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
@@ -155,12 +156,12 @@ GEM
       yard (~> 0.9.11)
     psych (3.1.0)
     rainbow (3.0.0)
-    rake (12.3.2)
+    rake (12.3.3)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.0)
       ffi (~> 1.0)
-    redcarpet (3.4.0)
-    reek (5.3.1)
+    redcarpet (3.5.0)
+    reek (5.4.0)
       codeclimate-engine-rb (~> 0.4.0)
       kwalify (~> 0.7.0)
       parser (>= 2.5.0.0, < 2.7, != 2.5.1.1)
@@ -188,43 +189,41 @@ GEM
       dry-types (~> 0.11.0)
       rom (~> 3.2, >= 3.2.2)
       sequel (~> 4.43)
-    rubocop (0.65.0)
+    rubocop (0.74.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      powerpack (~> 0.1)
-      psych (>= 3.1.0)
+      parser (>= 2.6)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.4.0)
-    ruby-progressbar (1.10.0)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    ruby-progressbar (1.10.1)
     ruby_dep (1.5.0)
-    ruby_parser (3.12.0)
+    ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
     sequel (4.49.0)
-    sexp_processor (4.11.0)
+    sexp_processor (4.12.1)
     shellany (0.0.1)
-    simplecov (0.16.1)
+    simplecov (0.17.0)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
     sparkr (0.4.1)
-    sqlite3 (1.4.0)
+    sqlite3 (1.4.1)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
     thor (0.20.3)
     thread_safe (0.3.6)
     timecop (0.9.1)
-    tins (1.20.2)
-    transproc (1.0.3)
-    unicode-display_width (1.4.1)
+    tins (1.21.1)
+    transproc (1.1.0)
+    unicode-display_width (1.6.0)
     virtus (1.0.5)
       axiom-types (~> 0.1)
       coercible (~> 1.0)
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
-    yard (0.9.18)
+    yard (0.9.20)
     yard-classmethods (1.0.0)
       yard
 
@@ -236,7 +235,7 @@ DEPENDENCIES
   crypt_ident!
   flay (= 2.12.0)
   flog (= 4.6.2)
-  github-markup (= 3.0.3)
+  github-markup (= 3.0.4)
   guard (= 2.15.0)
   guard-minitest (= 2.4.6)
   guard-rake (= 1.0.0)
@@ -250,15 +249,15 @@ DEPENDENCIES
   minitest-tagz (= 1.7.0)
   pry-byebug (= 3.7.0)
   pry-doc (= 1.0.0)
-  rake (>= 12.3.2)
-  redcarpet (= 3.4.0)
-  reek (= 5.3.1)
-  rubocop (= 0.65.0)
-  simplecov (= 0.16.1)
+  rake (>= 12.3.3)
+  redcarpet (= 3.5.0)
+  reek (= 5.4.0)
+  rubocop (= 0.74.0)
+  simplecov (= 0.17.0)
   sqlite3
   timecop (= 0.9.1)
-  yard (= 0.9.18)
+  yard (= 0.9.20)
   yard-classmethods (= 1.0.0)
 
 BUNDLED WITH
-   2.0.1
+   2.0.2

HISTORY.md

@@ -1,5 +1,9 @@
 # CryptIdent Version History
 
+## 0.2.6 (5 August 2019)
+
+This updates several Gems, eliminating a Gem version (`yard`) which had a CVE open against it. We also took the opportunity to update other outdated direct Gem dependency versions. No functional changes to code or tests were made.
+
 ## 0.2.5 (1 March 2019)
 
 This is what should have been 0.2.3. That version attempted to resolve `UserRepository`, used in the `CryptIdent.included` method, at `require` time; instead, by using `Object#const_get`, we now do it at the time the module is included in another (by which time `UserRepository` can be expected to be defined). Meh.

bin/bundle

@@ -11,7 +11,7 @@
 require "rubygems"
 
 m = Module.new do
-    module_function
+  module_function
 
   def invoked_as_script?
     File.expand_path($0) == File.expand_path(__FILE__)

crypt_ident.gemspec

@@ -48,7 +48,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency "bundler", '>= 1.17.2'
-  spec.add_development_dependency "rake", '>= 12.3.2'
+  spec.add_development_dependency "rake", '>= 12.3.3'
   spec.add_development_dependency "minitest", '5.11.3'
   spec.add_development_dependency 'flay', '2.12.0'
   spec.add_development_dependency 'flog', '4.6.2'
@@ -63,14 +63,14 @@ Gem::Specification.new do |spec|
   # spec.add_development_dependency 'monotime' #, '0.6.1'
   spec.add_development_dependency 'pry-byebug', '3.7.0'
   spec.add_development_dependency 'pry-doc', '1.0.0'
-  spec.add_development_dependency 'reek', '5.3.1'
-  spec.add_development_dependency 'rubocop', '0.65.0'
-  spec.add_development_dependency 'simplecov', '0.16.1'
+  spec.add_development_dependency 'reek', '5.4.0'
+  spec.add_development_dependency 'rubocop', '0.74.0'
+  spec.add_development_dependency 'simplecov', '0.17.0'
   spec.add_development_dependency 'timecop', '0.9.1'
-  spec.add_development_dependency 'yard', '0.9.18'
+  spec.add_development_dependency 'yard', '0.9.20'
   spec.add_development_dependency 'yard-classmethods', '1.0.0'
-  spec.add_development_dependency 'github-markup', '3.0.3'
-  spec.add_development_dependency 'redcarpet', '3.4.0'
+  spec.add_development_dependency 'github-markup', '3.0.4'
+  spec.add_development_dependency 'redcarpet', '3.5.0'
 
   spec.add_development_dependency 'guard', '2.15.0'
   spec.add_development_dependency 'guard-minitest', '2.4.6'

lib/crypt_ident/change_password.rb

@@ -121,13 +121,15 @@ def initialize(user:)
       @user = user_from_param(user)
     end
 
+    # rubocop:disable Naming/RescuedExceptionsVariableName
     def call(current_password, new_password)
       verify_preconditions(current_password)
 
       success_result(new_password)
-    rescue LogicError => error
-      failure_result(error.message)
+    rescue LogicError => err
+      failure_result(err.message)
     end
+    # rubocop:enable Naming/RescuedExceptionsVariableName
 
     private
 

lib/crypt_ident/generate_reset_token.rb

@@ -132,15 +132,17 @@ def initialize
       @user_name = :unassigned
     end
 
+    # rubocop:disable Naming/RescuedExceptionsVariableName
     def call(user_name, current_user: nil)
       init_ivars(user_name, current_user)
       Success(user: updated_user)
-    rescue LogicError => error
+    rescue LogicError => err
       # rubocop:disable Security/MarshalLoad
-      error_data = Marshal.load(error.message)
+      error_data = Marshal.load(err.message)
       # rubocop:enable Security/MarshalLoad
       Failure(error_data)
     end
+    # rubocop:enable Naming/RescuedExceptionsVariableName
 
     private
 

lib/crypt_ident/reset_password.rb

@@ -129,14 +129,16 @@ def initialize
       @current_user = :unassigned
     end
 
+    # rubocop:disable Naming/RescuedExceptionsVariableName
     def call(token, new_password, current_user: nil)
       init_ivars(current_user)
       verify_no_current_user(token)
       user = verify_token(token)
       Success(user: update(user, new_password))
-    rescue LogicError => error
-      report_failure(error)
+    rescue LogicError => err
+      report_failure(err)
     end
+    # rubocop:enable Naming/RescuedExceptionsVariableName
 
     private
 

lib/crypt_ident/sign_in.rb

@@ -136,13 +136,15 @@ class SignIn
     # As a reminder, calling `Failure` *does not* interrupt control flow *or*
     # prevent a future `Success` call from overriding the result. This is one
     # case where raising *and catching* an exception is Useful
+    # rubocop:disable Naming/RescuedExceptionsVariableName
     def call(user:, password:, current_user: nil)
       set_ivars(user, password, current_user)
       validate_call_params
       Success(user: user)
-    rescue LogicError => error
-      Failure(code: error.message.to_sym)
+    rescue LogicError => err
+      Failure(code: err.message.to_sym)
     end
+    # rubocop:enable Naming/RescuedExceptionsVariableName
 
     private
 

lib/crypt_ident/version.rb

@@ -2,5 +2,5 @@
 
 module CryptIdent
   # Version number for Gem. Uses Semantic Versioning.
-  VERSION = '0.2.5'
+  VERSION = '0.2.6'
 end