v3.0.1

3.0.1 - 2026-02-06

• TAG: v3.0.1
• COVERAGE: 77.11% -- 603/782 lines in 27 files
• BRANCH COVERAGE: 83.96% -- 89/106 branches in 27 files
• 43.03% documented

Added

• Support for ore-light as an alternative gem manager via --gem-manager=ore CLI option
  • New GemManager::OreAdapter class implementing ore-light integration
  • New GemManager::BundlerAdapter class (extracted from existing bundler logic)
  • New GemManager::Factory class for creating gem manager adapters
  • New GemManager::Base abstract base class defining the gem manager interface
  • New OreNotAvailableError and UnknownGemManagerError error classes
  • Acceptance tests for ore install and update commands (tagged with :ore metadata for conditional execution)
  • Unit tests for all gem manager adapter classes
  • README documentation for ore usage, including installation, CLI options, and example workflows
• New -g / --gem-manager CLI option to select gem manager (bundler or ore) for install/update commands
• New Appraisal::Customize.reset! class method to reset customization state (useful for testing)
• Improved test coverage from 66.7% to 76.4% line coverage, 61.5% to 77.4% branch coverage
  • New unit tests for BundlerDSL class (including APPRAISAL_INDENTER variations)
  • New unit tests for Command class
  • New unit tests for Conditional class
  • New unit tests for Source class
  • New unit tests for Git class
  • New unit tests for Path class
  • New unit tests for OrderedHash class
  • New unit tests for Dependency class
  • New unit tests for Group class
  • New unit tests for Platform class
  • New unit tests for GemManager::Factory class
  • New unit tests for error classes (AppraisalsNotFound, OreNotAvailableError, UnknownGemManagerError)
  • Enhanced DependencyList tests with edge cases
  • Enhanced Gemfile tests with load/run/dup edge cases
• Added documentation on hostile takeover of RubyGems
  • https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo
• CLI configs for RuboCop, RubyGems, YARD, and JRuby (for local development only)

Changed

• Improved test isolation for acceptance tests to prevent modification of parent project's Gemfile.lock
  • Added BUNDLE_APP_CONFIG isolation to prevent reading/writing parent's .bundle/config
  • Added explicit BUNDLE_GEMFILE prefix to all bundle commands in tests
  • Added BUNDLE_LOCKFILE environment variable to explicitly control where lockfiles are written
  • Set BUNDLE_IGNORE_FUNDING_REQUESTS and BUNDLE_DISABLE_SHARED_GEMS for cleaner test output
  • Added BUNDLE_USER_CACHE isolation to prevent polluting user's gem cache
  • Fixed overly broad File stubs in unit tests that interfered with RSpec error formatting
  • Changed bundle_without_spec.rb to use skip_for instead of pending_for to prevent test setup from running on unsupported Ruby versions (which was polluting the project Gemfile.lock with test gems)
• YARD CLI config switch from custom Kramdown support to yard-fence

Fixed

• Fixed BundlerAdapter#install not passing gemfile_path to Command.new, which caused bundler to potentially write to the wrong Gemfile.lock when Bundler.with_original_env reset the environment
• Fixed ore-light adapter path resolution: ore now runs from the gemfile's directory so relative path dependencies resolve correctly (ore resolves paths relative to working directory, not gemfile location)
• Fixed Thor invoke(:generate, []) call in update command to pass empty options hash, preventing argument leakage

Security

• Ore adapter now uses array-based command construction for Kernel.system calls instead of string interpolation, preventing potential shell injection vulnerabilities

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?