[Fix #7669] Add Bundler/GemVersion cop

[timlkelly]

• Bundler/GemVersion enforces that gem version declarations are either required or prohibited in the Gemfile.
• Bundler/GemVersion is disabled by default.
• Gems can be omitted from this check by adding the gem to the AllowedGems configuration option.

I originally wrote this cop for a private repository and then added more configuration options after seeing issue #7669.

The AST checks and regex caught everything I could throw at it, but I realize that is probably limited compared to the larger Ruby ecosystem as a whole. I would appreciate any feedback you may have on those checks.

References:
#9720
#7669

---

Before submitting the PR make sure the following are checked:

• The PR relates to only one subject with a clear title and description in grammatically correct, complete sentences.
• Wrote good commit messages.
• Commit message starts with [Fix #issue-number] (if the related issue exists).
• Feature branch is up-to-date with master (if not - rebase it).
• Squashed related commits together.
• Added tests.
• Ran bundle exec rake default. It executes all tests and runs RuboCop on its own code.
• Added an entry (file) to the changelog folder named {change_type}_{change_description}.md if the new code introduces user-observable changes. See changelog entry format for details.

[timlkelly]

I saw that other Bundler cops also include *.gemfile and gems.rb. I've personally never worked with this format of gem file, so I was unsure what exactly to test.

[bbatsov]

The format is exactly the same, it's just a different filename.

[timlkelly]

The CircleCI builds do not provide a link to check their status. Is there a way I can check on their status? They seem to be queued but haven't been processed as far as I can tell.

[bbatsov]

declaration -> specification.

[bbatsov]

I think we've typically used "forbidden" in the codebase, but you'll have to check this.

[timlkelly]

Forbidden definitely seems to be more common than prohibited, good to know!

[bbatsov]

Lately I've favoured more names like "AllowedGems" instead of "IgnoredGems". Sadly, our use of both is a bit inconsistent.

[dvandersluis]

+1 for AllowedGems.

[bbatsov]

I'd probably name this just "GemVersion" or something like this. Overall, I think that's a nice cop to have.

[dvandersluis]

Suggested change

	VERSION_DECLARATION_REGEX = /^[~<>=]*\s?[0-9.]+/.freeze
	VERSION_DECLARATION_REGEX = /^\s*[~<>=]*\s*[0-9.]+/.freeze

Multiple spaces are valid in bundler before and after the operator. We also could be more specific about the format here, but it probably doesn't really matter.

[timlkelly]

I've added the suggested change.

We also could be more specific about the format here

Do you mind detailing what you mean by this? Or is it the change you provided?

[dvandersluis]

What I mean is the Regexp will match ...... or >>>>> 7 or other random strings that aren’t version specifications, but again it probably doesn't really matter.

It could be more strict with something like ^\s*(?:~>|[<>]?=?)?\s*[0-9]+(\.[0-9]+)*

[dvandersluis]

This method is in Bundler::GemComment as well, it might be useful to extract them to a shared mixin.

[timlkelly]

Yup, definitely. I did copy this from Bundler::GemComment to get it working originally. But I completely agree that a mixin will DRY this up.

[bbatsov]

Great work! Thanks!