Skip to content

🚀 Modernize thaw gem with comprehensive safety system and C extension#1

Merged
voltechs merged 9 commits intomainfrom
develop
Aug 3, 2025
Merged

🚀 Modernize thaw gem with comprehensive safety system and C extension#1
voltechs merged 9 commits intomainfrom
develop

Conversation

@voltechs
Copy link
Copy Markdown
Member

@voltechs voltechs commented Jul 30, 2025

Summary

This PR completely modernizes the thaw Ruby gem while maintaining backward compatibility and adding extensive safety measures. The gem now supports Ruby 2.7+ through multiple implementations with comprehensive warnings about the dangers of unfreezing objects.

Key Changes

  • 🏗️ Modern Infrastructure: Migrated from Travis CI to GitHub Actions with multi-Ruby testing (2.7-3.3)
  • 📊 Quality Tools: Switched from Code Climate to qlty.sh for maintainability and coverage tracking
  • 🛡️ Safety System: Implemented multi-layered safety system that warns users and skips dangerous functionality by default
  • 🔧 Native C Extension: Added experimental C extension for users who absolutely need this functionality (with extreme warnings)
  • 📚 Accurate Documentation: Updated README with clear compatibility information and strong recommendations for Object#dup

Implementation Modes

The gem now supports three modes:

  1. Safe Mode (Default): Loads safely, shows warnings, guides users to better alternatives
  2. Native C Extension: THAW_BUILD_NATIVE=true - Attempts to support modern Ruby (has compilation issues)
  3. Ruby Fallback: THAW_FORCE_LOAD=true - Original dangerous implementation (crashes Ruby 2.7+)

Safety Features

  • Build-time warnings: C extension requires explicit environment variable to compile
  • Load-time warnings: Multiple warnings when gem loads with dangerous functionality
  • Runtime warnings: Each dangerous operation shows warnings about risks
  • Clear guidance: Strong recommendations to use Object#dup instead
  • Documentation: Extensive warnings in README about all the dangers

Breaking Changes

  • Minimum Ruby version: Updated from 2.0 to 2.7 (older versions not tested in CI)
  • Default behavior: No longer loads dangerous functionality by default on Ruby 2.7+
  • Dependencies: Updated to modern versions (bundler >= 2.0, rake ~> 13.0, rspec ~> 3.10)

Test Coverage

  • Enhanced test suite with safety mode tests
  • Native extension tests (when available)
  • Version validation and security checks
  • Environment variable requirement validation
  • Coverage reporting with JSON output for qlty integration

Commits

  • 📦 Modernize gemspec: Updated Ruby version support and dependencies
  • 🧹 Clean up Gemfile: Formatting improvements
  • 📊 Enhance test coverage: Added qlty integration and JSON coverage
  • 🔧 Add native C extension: Dangerous but requested C implementation with extensive warnings
  • 🚀 Migrate to GitHub Actions: Modern CI/CD with comprehensive workflows
  • 📚 Fix documentation: Accurate compatibility info and corrected repository references

Testing

All tests pass in safe mode across Ruby 2.7-3.3. The dangerous functionality is deliberately not tested in CI to prevent crashes, but extensive warnings ensure users understand the risks.

Compatibility

This maintains backward compatibility for users who explicitly opt-in to dangerous functionality while providing a safe default experience for new users.

⚠️ Important: This gem remains extremely dangerous and is maintained primarily for historical purposes and to demonstrate proper deprecation practices. Users should use Object#dup instead.

@voltechs
Add dependency badge
2bc66c0
@voltechs
📦 Modernize gemspec for Ruby 2.7+ support
22ad62c 
- Update minimum Ruby version from 2.0 to 2.7
- Add modern development dependencies (bundler >= 2.0, rake ~> 13.0, rspec ~> 3.10)
- Add simplecov_json_formatter for qlty coverage integration
- Include C extension files in gem package
- Configure native extension build system
@voltechs
🧹 Clean up Gemfile formatting
c908668 
- Remove extra whitespace and blank lines
- Maintain simplecov and rspec test dependencies
@voltechs
🔧 Add native C extension for dangerous object unfreezing
bc79fea 
- Implement native C extension using Ruby's internal C API
- Add extensive safety warnings at build, load, and runtime
- Require THAW_BUILD_NATIVE=true environment variable to compile
- Include comprehensive documentation about risks and platform issues
- Provide ThawNative module with version and safety information

⚠️ WARNING: This extension is extremely dangerous and will likely crash
modern Ruby versions. It's provided only for users who understand the
risks and have no other alternatives.
@voltechs
📊 Enhance test coverage configuration
f5ff986 
- Add qlty integration with JSON coverage formatter
- Include StringIO for test warning capture
- Gracefully handle missing JSON formatter dependency
- Configure multi-format coverage output (HTML + JSON)
@voltechs
🚀 Migrate from Travis CI to GitHub Actions
57c7389 
- Add comprehensive CI workflow with multi-Ruby testing (2.7-3.3)
- Include security scanning with bundle audit
- Add qlty integration for code quality and coverage
- Implement automated gem building with artifact storage
- Add manual release workflow with safety confirmations
- Support GitHub Packages deployment with production environment controls
@voltechs
📚 Fix documentation accuracy and repository references
27850df 
- Clarify that gem supports Ruby 2.7+ through multiple implementations
- Document three modes: safe (default), native C extension, Ruby fallback
- Switch from Code Climate to qlty badges and links
- Fix incorrect GitHub repository references (active_record-framing → thaw)
- Correct typos in installation section
- Add comprehensive warnings about dangers of all implementations
- Emphasize Object#dup as the strongly recommended alternative
@voltechs
🔖 Release v0.2.0 with RubyGems safety warnings
64213a9 
- Bump version to 0.2.0 for modernized release
- Add post-install warning message displayed on gem installation
- Update summary and description with danger warnings
- Provide clear guidance toward Object#dup alternative
- Ensure all RubyGems users see prominent safety notices
@voltechs
🧪 Add cross-platform testing matrix
c98d72a 
- Test across Linux, Windows, and macOS
- Maintain Ruby 2.7-3.3 testing on all platforms
- Optimize coverage/RuboCop to run only on Ubuntu + Ruby 3.3
- Ensure gem works reliably across different operating systems
- Total test matrix: 15 combinations (3 OS × 5 Ruby versions)
@voltechs voltechs force-pushed the develop branch 6 times, most recently from 796f3dd to c98d72a Compare August 3, 2025 06:02
@voltechs voltechs merged commit 21159f5 into main Aug 3, 2025
39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@voltechs