diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..cacadf22
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,3 @@
+# Vox Pupuli Security Policy
+
+Our vulnerabilities reporting process is at https://voxpupuli.org/security/
diff --git a/.msync.yml b/.msync.yml
index 8864fc09..4c7999c4 100644
--- a/.msync.yml
+++ b/.msync.yml
@@ -1 +1 @@
-modulesync_config_version: '2.12.0'
+modulesync_config_version: '3.0.0'
diff --git a/.rubocop.yml b/.rubocop.yml
index c2ebc88d..316e4ec1 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -528,6 +528,9 @@ RSpec/RepeatedDescription:
 RSpec/NestedGroups:
   Enabled: False
 
+RSpec/MultipleExpectations:
+  Enabled: false
+
 # this is broken on ruby1.9
 Layout/IndentHeredoc:
   Enabled: False
diff --git a/.travis.yml b/.travis.yml
index 0f54ffae..cc3bf302 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,5 @@
 ---
+os: linux
 dist: bionic
 language: ruby
 cache: bundler
@@ -7,7 +8,7 @@ before_install:
   - bundle --version
 script:
   - 'bundle exec rake $CHECK'
-matrix:
+jobs:
   fast_finish: true
   include:
   - rvm: 2.4.4
@@ -60,7 +61,7 @@ notifications:
       - "chat.freenode.org#voxpupuli-notifications"
 deploy:
   provider: puppetforge
-  user: puppet
+  username: puppet
   password:
     secure: "iItNJ/PlMvdSiYjtXWJkS69mF/4XUriTRC6axFoiTgX8BzGNWA1U/anENNyzmhRKcH/Nc0erVeau+RX8vyJ0HmIJOCvYfq5Q/SQWex1fDXLe/UYJkAEWwmeIOVSF2nTEUPDvDn/d6bNEdULw5yrNn1dT8eLqIIXl6/nThdpiS917BX6CeYdojr/mISrLsvihuB5DQRdVzH+hK1bXcECihnOfNH9lQ0lZ2v2ohJiLJL0DadDg0YMMeJMlP7CnBZzRs7fhTPdLMjzCvysef9nqBYRlGBRUn+CaQ4VoQZlWB1JchJup4qCGeU9ANkb8gdKYTy1kFkBrEDuqlUUuuTTMhDpQ+2fGF32zgnXCSnVY8AIriFfO9c1ljxL6k6vaHpfnsPcMrxuQXNeOPGYpVjNGi/Hz8OjuZ3IT07c8SmZgmGaNp+ZIKErJQV0eob0NeA/1P7HheRS5aPEiN8vj/ZGuIGa+BhbTp2riJ599urrSqGDcJ0YzNeW2BvBZQoXs953X4N4yROz4xKMNqPz/jhyGM9w5SBJ/uLiIvKTu+bSsJ2VNyrOOu25eYqzH1zKc71fKiWa1ZOTHKVM24chlmoq3tZTSpSn6OxpptKLxAYZG0IUdFSMy66m8nss1AxL2djScAptugsqpfLqziMArAoN9iWXCeGiWz1qLRl+5AlMrmMY="
   on:
diff --git a/Gemfile b/Gemfile
index 32c31146..8592cd61 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,9 +11,9 @@ def location_for(place, fake_version = nil)
 end
 
 group :test do
-  gem 'voxpupuli-test', '>= 1.0.0',  :require => false
-  gem 'coveralls',                   :require => false
-  gem 'simplecov-console',           :require => false
+  gem 'voxpupuli-test', '~> 2.0',  :require => false
+  gem 'coveralls',                 :require => false
+  gem 'simplecov-console',         :require => false
 end
 
 group :development do
diff --git a/functions/bool2num_hash_recursive.pp b/functions/bool2num_hash_recursive.pp
index 7906c9d6..a60eed13 100644
--- a/functions/bool2num_hash_recursive.pp
+++ b/functions/bool2num_hash_recursive.pp
@@ -34,7 +34,7 @@ function yum::bool2num_hash_recursive($arg) {
       Hash    => yum::bool2num_hash_recursive($value),
       default => $value,
     }
-    Hash({ $key => $return_value })
+    Hash( { $key => $return_value })
   }.reduce |$attrs_memo, $kv| {
     merge($attrs_memo, $kv)
   }
diff --git a/manifests/clean.pp b/manifests/clean.pp
index deefcff0..82b9ff3b 100644
--- a/manifests/clean.pp
+++ b/manifests/clean.pp
@@ -1,9 +1,7 @@
 # A $(yum clean all) Exec to be notified if desired.
 class yum::clean {
-
-  exec{'yum_clean_all':
+  exec { 'yum_clean_all':
     command     => '/usr/bin/yum clean all',
     refreshonly => true,
   }
-
 }
diff --git a/manifests/config.pp b/manifests/config.pp
index 241796f4..45a8dd9d 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -25,7 +25,6 @@
   Variant[Boolean, Integer, Enum['absent'], String] $ensure,
   String                                            $key     = $title,
 ) {
-
   $_ensure = $ensure ? {
     Boolean => bool2num($ensure),
     default => $ensure,
diff --git a/manifests/gpgkey.pp b/manifests/gpgkey.pp
index 3ffefc9a..772575f3 100644
--- a/manifests/gpgkey.pp
+++ b/manifests/gpgkey.pp
@@ -35,7 +35,6 @@
   String                    $group   = 'root',
   String                    $mode    = '0644'
 ) {
-
   $_creators = [$content, $source]
   $_used_creators = $_creators.filter |$value| { !empty($value) }
 
diff --git a/manifests/group.pp b/manifests/group.pp
index 8a84fed0..18113f75 100644
--- a/manifests/group.pp
+++ b/manifests/group.pp
@@ -23,7 +23,6 @@
   Enum['present', 'installed', 'latest', 'absent', 'purged'] $ensure   = 'present',
   Optional[Integer] $timeout                                           = undef,
 ) {
-
   Exec {
     path        => '/bin:/usr/bin:/sbin:/usr/sbin',
     environment => 'LC_ALL=C',
diff --git a/manifests/init.pp b/manifests/init.pp
index ca35397a..4fd9a653 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -96,7 +96,7 @@
 class yum (
   Boolean $clean_old_kernels = true,
   Boolean $keep_kernel_devel = false,
-  Hash[String, Variant[String, Integer, Boolean, Hash[String, Variant[String, Integer, Boolean]]]] $config_options = { },
+  Hash[String, Variant[String, Integer, Boolean, Hash[String, Variant[String, Integer, Boolean]]]] $config_options = {},
   Optional[Hash[String, Optional[Hash[String, Variant[String, Integer, Boolean]]]]] $repos = {},
   Array[String] $managed_repos = [],
   Boolean $manage_os_default_repos = false,
@@ -105,7 +105,6 @@
   Hash[String, Hash[String, String]] $gpgkeys = {},
   String $utils_package_name = 'yum-utils',
 ) {
-
   $module_metadata            = load_module_metadata($module_name)
   $supported_operatingsystems = $module_metadata['operatingsystem_support']
   $supported_os_names         = $supported_operatingsystems.map |$os| {
@@ -162,8 +161,8 @@
       }
 
       $_normalized_ensure = $_ensure ? {
-        Boolean => Hash({ ensure => bool2num($_ensure) }), # lint:ignore:unquoted_string_in_selector
-        default => Hash({ ensure => $_ensure }), # lint:ignore:unquoted_string_in_selector
+        Boolean => Hash( { 'ensure' => bool2num($_ensure) }),
+        default => Hash( { ensure => $_ensure }), # lint:ignore:unquoted_string_in_selector
       }
 
       $_normalized_attrs = $attrs ? {
@@ -171,7 +170,7 @@
         default => $_normalized_ensure,
       }
 
-      Hash({ $key => $_normalized_attrs })
+      Hash( { $key => $_normalized_attrs })
     }.reduce |$memo, $cfg_opt_hash| {
       merge($memo, $cfg_opt_hash)
     }
diff --git a/manifests/install.pp b/manifests/install.pp
index 458bbf8e..ac107ac9 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -25,7 +25,6 @@
   Enum['present', 'installed', 'absent', 'purged'] $ensure  = 'present',
   Optional[Integer]                                $timeout = undef,
 ) {
-
   Exec {
     path        => '/bin:/usr/bin:/sbin:/usr/sbin',
     environment => 'LC_ALL=C',
diff --git a/manifests/plugin/versionlock.pp b/manifests/plugin/versionlock.pp
index dcecb4cc..3cd9e862 100644
--- a/manifests/plugin/versionlock.pp
+++ b/manifests/plugin/versionlock.pp
@@ -18,7 +18,6 @@
   String                    $path   = '/etc/yum/pluginconf.d/versionlock.list',
   Boolean                   $clean  = false,
 ) {
-
   yum::plugin { 'versionlock':
     ensure  => $ensure,
   }
diff --git a/manifests/versionlock.pp b/manifests/versionlock.pp
index d3de7b0c..4f7e1403 100644
--- a/manifests/versionlock.pp
+++ b/manifests/versionlock.pp
@@ -68,15 +68,12 @@
   }
 
   if $facts['package_provider'] == 'yum' and $version =~ Undef {
-
     assert_type(Yum::VersionlockString, $name) |$_expected, $actual | {
       fail("Package name must be formatted as %{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}, not \'${actual}\'. See Yum::Versionlock documentation for details.")
     }
 
     $_versionlock = "${line_prefix}${name}"
-
   } else {
-
     assert_type(Yum::RpmName, $name) |$_expected, $actual | {
       fail("Package name must be formatted as Yum::RpmName, not \'${actual}\'. See Yum::Rpmname documentation for details.")
     }
@@ -89,7 +86,6 @@
       'yum'   => "${line_prefix}${epoch}:${name}-${version}-${release}.${arch}",
       default => "${line_prefix}${name}-${epoch}:${version}-${release}.${arch}",
     }
-
   }
 
   unless $ensure == 'absent' {
diff --git a/spec/defines/versionlock_spec.rb b/spec/defines/versionlock_spec.rb
index aafe0f75..027efe94 100644
--- a/spec/defines/versionlock_spec.rb
+++ b/spec/defines/versionlock_spec.rb
@@ -99,10 +99,10 @@
     end
 
     let(:title) { 'bash' }
+    let(:params) { { version: '4.3' } }
 
     context 'with version set' do
       it { is_expected.to compile.with_all_deps }
-      let(:params) { { version: '4.3' } }
 
       it 'contains a well-formed Concat::Fragment' do
         is_expected.to contain_concat__fragment("yum-versionlock-#{title}").with_content("0:bash-4.3-*.*\n")
@@ -110,7 +110,6 @@
     end
 
     context 'with version, release, epoch and arch set' do
-      it { is_expected.to compile.with_all_deps }
       let(:params) do
         {
           version: '4.3',
@@ -120,8 +119,11 @@
         }
       end
 
-      it 'contains a well-formed Concat::Fragment' do
-        is_expected.to contain_concat__fragment("yum-versionlock-#{title}").with_content("42:bash-4.3-3.2.arm\n")
+      context 'it works' do
+        it { is_expected.to compile.with_all_deps }
+        it 'contains a well-formed Concat::Fragment' do
+          is_expected.to contain_concat__fragment("yum-versionlock-#{title}").with_content("42:bash-4.3-3.2.arm\n")
+        end
       end
     end
   end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index ffbdaf47..bec34fdd 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -1,3 +1,6 @@
+# This file is completely managed via modulesync
 require 'voxpupuli/acceptance/spec_helper_acceptance'
 
 configure_beaker
+
+Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f }