This requires updating to Rubocop 0.49.0 which will require some fixes
to rules, in Homebrew/brew and Homebrew/homebrew-core but opening this
for now so I remember.
Don't try to `fetch --depth=1` unless we've confirmed the repository is
already shallow. Otherwise this can discard history from a full clone.
Additionally, if the repository wasn't shallow but there's no tags found
assume that Git is too old and try a naive sort if on Linux where `sort`
is able to sort versions.
This fixes an issue where audit would prompt for the creation
of an already existing versioned alias while at the same time
declaring the existing alias invalid.
Instead of trying to do this all with a single regex give up and do a
two stage process. Eventually I'll end up implementing a full ruby
parser here 🧌.
Check that a required versioned alias has a valid name (rather than
assuming it’s fine based on it’s existence alone) and check for
the presence of invalid version aliases.
This should handle the case where someone bumps a formula but forgets
to rename the alias that’s mentioned in #2596.
Homebrew's actually ended up using a fair few gems. While we want to
avoid Bundler at runtime (and this PR still does that, in fact uses
Bundler even less at runtime than it did before) writing our own version
to use at build-time seems redundant.
When auditing new formulae without `--new-formula` the
`audit_revision_and_version_scheme` method fails ungracefully. Instead,
set some better defaults so fewer checks are needed.
Fixes#2551.
Another attempt at fixing `brew audit` issues around detecting
`revision` and `version_scheme` changes correctly. First done in #1754
and #2086 (reverted in #2099 and #2100).
To ease future debugging a `ph` helper has been added to print a hash
and a series of RSpec tests to verify that the `revision`,
`version_scheme` and `version` formula version audits behave as
expected.
Fixes#1731.
Hide these tokens to avoid malicious subprocesses e.g. sending them
over the network. Also, support using these tokens with environment
filtering and clear `HOMEBREW_PATH` from subprocesses to stop them
sniffing it. Finally, use `HOMEBREW_PATH` to detect Homebrew’s user’s
PATH for e.g. `brew doctor` etc.
Deprecate more methods. Internal APIs have been verified to be unused
elsewhere and removed. External APIs have had deprecation methods added.
Existing deprecations have been either upgraded to produce warnings or
no longer deprecated and the reasoning documented.
Now that both the primary and mirror URLs use HTTPS we can flip these
around so the primary URL is the primary URL and we don't have problems
with waiting for mirror propagation.
