Upgrade rubocop

[geigerj]

What

Currently, we pin rubocop to <= 0.35.1. Upgrade to the latest version. This will require a review of our configuration and/or updating the many files that fail the linter under the latest version. This might be a good backlog item for a fixit.

Why

This has a low-severity vulnerability in which other users on a shared filesystem may be able to corrupt local rubocop output, and GitHub is recommending an upgrade to ~> 0.49.0. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418, rubocop/rubocop#4336.

Progress

• gcloud
• google-cloud
• google-cloud-bigquery
• google-cloud-bigtable
• google-cloud-container
• google-cloud-core
• google-cloud-dataproc
• google-cloud-datastore
• google-cloud-debugger
• google-cloud-dlp
• google-cloud-dns
• google-cloud-env
• google-cloud-error_reporting
• google-cloud-firestore
• google-cloud-language
• google-cloud-logging
• google-cloud-monitoring
• google-cloud-os_login
• google-cloud-pubsub
• google-cloud-resource_manager
• google-cloud-spanner
• google-cloud-speech
• google-cloud-storage
• google-cloud-trace
• google-cloud-translate
• google-cloud-video_intelligence
• google-cloud-vision
• stackdriver
• stackdriver-core

[quartzmo]

Just for the record, Rubocop was pinned around Jan 14, 2016 in #522 with this comment:

The latest rubocop release added a large number of new rules, and several of them break on our code. I 100% support the move to pin the dependency on the previous release so we can take time to evaluate the new rules and make the changes needed, or disable them.

So it seems safe enough to finally move forward with this upgrade.

[blowmage]

@geigerj The latest Rubocop drops support for Ruby 2.0. We have already dropped Ruby 2.0 from Travis-CI because we can't find an OS vm that will run the most current and 2.0. What are your thoughts about dropping Ruby 2.0 from the CI builds as part of fixing this issue?

[geigerj]

@blowmage Did you end up dropping support in the end? IIRC we retained Ruby 2.0 support only because it continued to be the default system Ruby on OS X.

[blowmage]

@geigerj I ended up downgrading from Rubocop 0.52.1 to 0.50.0, which is the last release that still supports Ruby 2.0.

FWIW, I would expect more and more gems to start dropping Ruby 2.0, as it was EOL'd nearly a year ago.

https://www.ruby-lang.org/en/news/2016/02/24/support-plan-of-ruby-2-0-0-and-2-1/

[geigerj]

@blowmage Right, in general, we should not commit to supporting EOL versions of Ruby; this was an exceptional case due to OS X.

@frankyn Could you weigh in on the importance of continued support for Ruby 2.0 due to OS X?

[frankyn]

I'm okay with dropping support for EOL Ruby 2.0. Mac OS X High Sierra updated the system Ruby to 2.3.3.

I didn't mean to reopen.

[dazuma]

Ditto on dropping Ruby 2.0. I'm also okay with generally promoting a best practice of using a custom Ruby install instead of the system Ruby, for those actually doing Ruby development work on OSX.