Bump authlogic from 4.1.1 to 4.4.2

[dependabot-preview]

Bumps authlogic from 4.1.1 to 4.4.2.

Changelog

Sourced from authlogic's changelog.

4.4.2 (2018-09-23)

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • Improved instructions in deprecation warning for validations

4.4.1 (2018-09-21)

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • The methods for disabling Authlogic's "special" validations,
    eg. validate_email_field = false are actually deprecated, but should
    not produce a deprecation warning.
  • Only produce deprecation warning when configuring a validation, not when
    performing actual validation.

4.4.0 (2018-09-21)

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • None
• Deprecation
  • #627 -
    Deprecate authenticates_many without replacement
  • #623 -
    Deprecate unnecessary validation features, use normal rails validation
    instead

4.3.0 (2018-08-12)

• Breaking Changes
  • None
• Added
  • None
• Fixed
  • None
• Dependencies
  • Drop support for ruby 2.2, which reached EoL on 2018-06-20

4.2.0 (2018-07-18)

... (truncated)

Commits

• ed17ba0 Release 4.4.2
• 4587666 Improve deprecation warning re: validations
• 4d25b83 Release 4.4.1
• 2f072e1 Tests: Configure SCrypt to be as fast as possible
• 71c2b0d Only warn when configuring, not using deprecated validation
• abb34bf Do not produce warning when disabling deprecated validations
• 62d7ec9 Release 4.4.0
• dfebebf Backport: Deprecate unnecessary validation features
• 36fb593 Backport: Deprecate authenticates_many
• e747554 Release 4.3.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[welcome]

Thanks for opening this pull request! This space is protected by our Code of Conduct - and we're here to help.
Dangerbot will test out your code and reply in a bit with some pointers and requests.
There may be some errors, but don't worry! We'll work through them with you! 👍🎉😄
Also, can you tell us your Twitter handle so we can thank you properly?

[plotsbot]

	1 Message
📖	@dependabot[bot] Thank you for your pull request! I’m here to help with some tips and recommendations. Please take a look at the list provided and help us review and accept your contribution! And don’t be discouraged if you see errors – we’re here to help.

Generated by 🚫 Danger

[jywarren]

@greysteil anything to watch out for here either? This is also a pretty common gem. Is there anywhere we can look to see if this caused issues in other repositories? We have pretty good testing, but... you never know. Any data on how often these fail (i'm assuming pretty low, but just being extra cautious!)

Thank you!!!!! This is cool!!!! 🎉

[greysteil]

I'm surprised we don't have better data on this one - look like Dependabot has done very few updates of it (according to this screen). Again, though - I think you can be pretty confident here - the changelog suggests its only deprecations and fixes that have been shipped, except for a removal of Ruby 2.2 support (that won't affect this repo).

[jywarren]

OK! So, https://dependabot.com/compatibility-score/?dependency-name=authlogic&package-manager=bundler&version-scheme=semver is kind of like using /everyone else's/ tests to see how much this breaks stuff? That's a great feature. Have you considered including a link to that in Dependabot's message, like:

See how this upgrade did on other peoples' projects (and if it passed their tests too!) although maybe this is more specific info than what you're showing. Even more awesome would be showing a particular version transition and how many other repos' tests it broke, if any.

[jywarren]

Actually i like the language on that page! I guess it'd be neat to see a bit more of it on the message, especially as a first-time dependabot user, as I didn't know what the badge meant. But thank you for helping me with it!

[jywarren]

We should be OK, indeed - we test the Authlogic authentication both in functional and integration tests, i believe:

https://github.com/publiclab/plots2/blob/master/test/functional/user_sessions_controller_test.rb

[greysteil]

Actually i like the language on that page! I guess it'd be neat to see a bit more of it on the message, especially as a first-time dependabot user, as I didn't know what the badge meant.

Useful feedback - thanks!

[jywarren]

https://github.com/publiclab/plots2/blob/master/test/integration/login_flow_test.rb

Its kind of cool to think that our tests might substantially increase confidence in someone else running this upgrade! It's an additional incentive to help out, you know?

[jywarren]

Could you also provide links to the PRs where it broke the build, so if the score is low enough, we could look at the discussions of whoever else had issues with it?

Sorry, i hope these are helpful suggestions -- i'm excited by your service! Don't mean to sound demanding! 😄

[greysteil]

Its kind of cool to think that our tests might substantially increase confidence in someone else running this upgrade! It's an additional incentive to help out, you know?

Yeah! That's totally how I want people to feel about Dependabot! It's funny, having built it it's hard to put myself 100% in the shoes of users, but I really want it to help everyone help each other.

Could you also provide links to the PRs where it broke the build, so if the score is low enough, we could look at the discussions of whoever else had issues with it?

We do! Check out https://dependabot.com/compatibility-score/?dependency-name=rails&package-manager=bundler&previous-version=5.2.0&new-version=5.2.1 for example! Should get better and better with more data 😄

[jywarren]

ohhhhhh cooool! was authlogic not showing that bc it was private repos?

…

On Thu, Oct 25, 2018 at 6:54 PM Grey Baker ***@***.***> wrote: Its kind of cool to think that our tests might substantially increase confidence in someone else running this upgrade! It's an additional incentive to help out, you know? Yeah! That's totally how I want people to feel about Dependabot! It's funny, having built it it's hard to put myself 100% in the shoes of users, but I really want it to help everyone help each other. Could you also provide links to the PRs where it broke the build, so if the score is low enough, we could look at the discussions of whoever else had issues with it? We do! Check out https://dependabot.com/compatibility-score/?dependency-name=rails&package-manager=bundler&previous-version=5.2.0&new-version=5.2.1 for example! Should get better and better with more data 😄 — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#3778 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJxt94jHysIP4Qd8iTlWzh0_ozMY5ks5uokDsgaJpZM4X7K1z> .

[greysteil]

Yep - exactly.

[jywarren]

awesome, thanks again! I'll schedule time to run another batch tomorrow. If we do 10 or more per week, i hope we can catch up... maybe we schedule time for even more until we do...

…

On Thu, Oct 25, 2018 at 6:59 PM Grey Baker ***@***.***> wrote: Yep - exactly. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#3778 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJwOeldUxlh_w1vE4-vSGd1v6__hNks5uokIhgaJpZM4X7K1z> .

[greysteil]

Yeah I don't think you're too far behind, and once you catch up it'll only be 1-2 patch release PRs a week.

[jywarren]

Hmm, I'm seeing:

https://travis-ci.org/publiclab/plots2/builds/446422257#L2500

ERROR["test_create_a_user_with_omniauth_if_email_prefix_does_not_exist_in_db", Minitest::Result, 85.96736158299996]
 test_create_a_user_with_omniauth_if_email_prefix_does_not_exist_in_db#Minitest::Result (85.97s)
NoMethodError:         NoMethodError: undefined method `using_open_id?' for nil:NilClass
            lib/authlogic_openid/authlogic_openid/session.rb:78:in `authenticating_with_openid?'
            app/models/user.rb:454:in `block in create_with_omniauth'
            app/models/user.rb:447:in `create_with_omniauth'
            test/unit/user_test.rb:207:in `block in <class:UserTest>'
ERROR["test_user_creation", Minitest::Result, 86.85488324100004]
 test_user_creation#Minitest::Result (86.86s)
NoMethodError:         NoMethodError: undefined method `using_open_id?' for nil:NilClass
            lib/authlogic_openid/authlogic_openid/session.rb:78:in `authenticating_with_openid?'
            lib/authlogic_openid/authlogic_openid/acts_as_authentic.rb:74:in `save'
            test/unit/user_test.rb:10:in `block in <class:UserTest>'

In a subsequent PR test run. I don't know why it wouldn't have failed here but I'll investigate in the morning!

[jywarren]

Hmm, it's intermittent -- latest master branch passed. It is also related to authlogic_openid so I"ll look into that interfering with new authlogic gem - i also don't think we need authlogic_openid either so maybe it can just be removed.

[jywarren]

OK, i'm attempting to remove those old plugins in a new PR, here: #3803

[greysteil]

👍 - removing unnecessary dependencies is much better than updating them! Wish Dependabot coud do that for you. One day...