Check that a required versioned alias has a valid name (rather than
assuming it’s fine based on it’s existence alone) and check for
the presence of invalid version aliases.
This should handle the case where someone bumps a formula but forgets
to rename the alias that’s mentioned in #2596.
Homebrew's actually ended up using a fair few gems. While we want to
avoid Bundler at runtime (and this PR still does that, in fact uses
Bundler even less at runtime than it did before) writing our own version
to use at build-time seems redundant.
When auditing new formulae without `--new-formula` the
`audit_revision_and_version_scheme` method fails ungracefully. Instead,
set some better defaults so fewer checks are needed.
Fixes#2551.
Another attempt at fixing `brew audit` issues around detecting
`revision` and `version_scheme` changes correctly. First done in #1754
and #2086 (reverted in #2099 and #2100).
To ease future debugging a `ph` helper has been added to print a hash
and a series of RSpec tests to verify that the `revision`,
`version_scheme` and `version` formula version audits behave as
expected.
Fixes#1731.
Now that both the primary and mirror URLs use HTTPS we can flip these
around so the primary URL is the primary URL and we don't have problems
with waiting for mirror propagation.
Make `brew audit` complain about language module requirements because
they provide a crappy user experience compared to vendoring and we’re
not really fixing bugs in them any more.
Also check for `ENV.universal_binary` and `build.universal?`. The prior
is still required for `wine` and the latter should never be required any
longer.
This has known issues with our `ghostscript` formula, we can't test it
on CI and is a ludicrously heavy dependency that in many cases can be
avoided by upstream providing prebuilt documentation.
Previously, the http_content_headers_and_checksum method always
downloaded the entire url, including headers. These downloads
periodically hang, outputting false positives or wreaking havoc on
the CI. Therefore, use curl's --max-time arg to prevent this by
setting a hard limit of 600 seconds when the entire file is going
to be used to detect whether the url can be changed to use the HTTPS
protocol instead of HTTP. Otherwise, if the url already is HTTPS, limit
the download time to 25 seconds since only the headers, not contents, matter.