Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update json to 2.3.0 #52

Merged
merged 1 commit into from
Nov 13, 2020
Merged

update json to 2.3.0 #52

merged 1 commit into from
Nov 13, 2020

Conversation

xiaowei-routific
Copy link
Contributor

@xiaowei-routific xiaowei-routific commented Oct 22, 2020

Description

This is the PR to addresses security vulnerability CVE-2020-10663 as suggested in
#51 by @mauromorales

All tests passed.

bundle exec rspec spec

RoutificApi::Break
  valid parameters
    has id
    has start
    has end
    has in_transit
    #as_json
      has id
      has start
      has end
      has in_transit
  missing id
    raises an ArgumentError
  missing start
    raises an ArgumentError
  missing end
    raises an ArgumentError
  missing in transit
    does not raise any error

RoutificApi::Job
  valid parameters
    has id
    has has status
    has input
    fetch
      updates status
      updates created_at
      updates finished_at
      updates route

RoutificApi::Location
  valid parameters
    has name
    has latitude
    has longitude
    #as_json
      can be reconverted to JSON
      has name
      has lat
      has lng
  missing 'lat' parameter
    raises ArgumentError
  missing 'lng' parameter
    raises ArgumentError
  missing 'name' parameter
    does not raise any errors
    #as_json
      does not have name

RoutificApi::Options
  valid parameters
    has traffic
    has min_visits_per_vehicle
    has balance
    has min_vehicles
    has shortest_distance
    has squash_durations
    has max_vehicle_overtime
    has max_visit_lateness
    #as_json
      has traffic
      has min_visits_per_vehicle
      has balance
      has min_vehicles
      has shortest_distance
      has squash_durations
      has max_vehicle_overtime
      has max_visit_lateness
  provided invalid parameters
    raises an ArgumentError

RoutificApi::Route
  has status
  has unserved
  has num_unserved
  has distances
  has total_distance
  has total_working_time
  has total_travel_time
  has total_break_time
  has total_idle_time
  has total_visit_lateness
  has num_late_visits
  has vehicle_overtime
  has total_vehicle_overtime
  parses solution hash into waypoints
    has status
    has unserved
    has num_unserved
    has distances
    has total_distance
    has total_working_time
    has total_travel_time
    has total_break_time
    has total_idle_time
    has total_visit_lateness
    has num_late_visits
    has vehicle_overtime
    has total_vehicle_overtime
    has vehicle_routes
  #vehicle_routes
    is a Hash
  #add_way_point
    creates a new key in vehicle_routes
    stores new waypoint into vehicle_routes

Routific
  without token
    cannot be instantiated without token
  instance objects
    has token
    #visits
      is instance of a Hash
    #fleet
      is instance of a Hash
    #options
      is instance of a Routific::Options
    #set_visit
      adds location 1 into visits
      location 1 in visits is instances of Visit
    #set_vehicle
      adds vehicle into fleet
      vehicle in fleet is instances of Vehicle
    #set_options
      adds an options hash into options
      options is instance of RoutificApi::Options
    #get_route
      returns a Route instance
      attaches optional data hash
    #get_route_async
      returns a Job instance
  class methods
    .set_token
      sets Routific API token
      sets Routific API token, prefixing "bearer" if absent
      throws an ArgumentError if token is not passed in

RoutificApi::Vehicle
  valid parameters
    has id
    has start_location
    has end_location
    has shift_start
    has shift_end
    has capacity
    has strict_start
    has min_visits
    has speed
    has breaks
    has type
    #as_json
      has start_location
      has end_location
      has shift_start
      has shift_end
      has capacity
      has strict_start
      has min_visits
      has speed
      has breaks
      has type
  valid multiple type
    has type
    #as_json
      has type
  missing 'start_location' parameter
    raises an ArgumentError
  missing optional parameters
    does not raise any errors
    #as_json
      has start_location
      does not have end_location
      does not have shift_start
      does not have shift_end
      does not have capacity
      does not have strict_start
      does not have min_visits
      does not have speed
      does not have breaks

RoutificApi::Location
  valid parameters
    has id
    has start
    has end
    has duration
    has demand
    has priority
    has type
    has time_windows
    #as_json
      can be reconverted to JSON
      has start
      has end
      has duration
      has demand
      has priority
      has type
      has time_windows
  valid multiple type
    has type
    #as_json
      has type
  missing location
    raises an error
  missing optional parameters
    does not raise any errors
    #as_json
      does not have start
      does not have end
      does not have duration
      does not have demand
      does not have priority
      has location

RoutificApi::Vehicle
  valid parameters
    has location_id
    has arrival_time
    has finish_time
    has a location name
    has idle_time
  break
    has id
    has break
    has arrival_time
    has finish_time
    has start
    has end
    has in_transit
  lateness
    has too_late
    has late_by

Finished in 12.84 seconds (files took 1.22 seconds to load)
168 examples, 0 failures

@rakibulislam
Copy link

A much needed PR 👍

Copy link
Contributor

@rogertsui0923 rogertsui0923 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@rakibulislam
Copy link

@xiaowei-routific Any plan on merging this and releasing a new version of the gem this week? Thanks!

@xiaowei-routific
Copy link
Contributor Author

@rakibulislam
This PR will be merged by the end of this week. Thank you.

@rakibulislam
Copy link

@rakibulislam
This PR will be merged by the end of this week. Thank you.

Thank you @xiaowei-routific Looking forward to it 🥇

@mauromorales
Copy link

sorry to be so negative but the way you guys communicate is quite negative for open source.

  1. I had to approach you via Twitter to get a response even if I opened a PR here
  2. Instead of requesting changes you close and create a new PR with only the version as a difference
  3. You take a very long time to respond here and to merge

In the meantime we as paying customers keep exposed for this vulnerability so our only option is to have to maintain an internal version of the gem.

I hope you re-evaluate how you work on this repository and with the community, specially with clients

@xiaowei-routific xiaowei-routific merged commit 156186c into master Nov 13, 2020
@rakibulislam
Copy link

@xiaowei-routific Thanks for merging this PR. Any plan on releasing a new version of the gem anytime soon? Otherwise, we have to use directly from the github master branch! Please let us know. Thanks!

@xiaowei-routific
Copy link
Contributor Author

@rakibulislam
We released the new version(1.7.4) right after merging the PR. Please see https://rubygems.org/gems/routific and the version 1.7.4 is the latest release with json updated.

Sorry to get back to you a little late.

@kvvok
Copy link

kvvok commented Nov 19, 2020

sorry to be so negative but the way you guys communicate is quite negative for open source.

  1. I had to approach you via Twitter to get a response even if I opened a PR here
  2. Instead of requesting changes you close and create a new PR with only the version as a difference
  3. You take a very long time to respond here and to merge

In the meantime we as paying customers keep exposed for this vulnerability so our only option is to have to maintain an internal version of the gem.

I hope you re-evaluate how you work on this repository and with the community, specially with clients

@mauromorales just wanted to say thanks for your feedback here. Your feedback helped trigger an internal discussion and we agreed we've been pretty lousy with maintaining some of these open source projects in the past. We're taking steps to more actively manage these projects in our day to day activities.

We value what the open source community embodies and are committed to being better players in it.

@mauromorales
Copy link

@kvvok I'm really glad this is the case :) Also, for security updates I'd recommend setting up GitHub's dependabot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants