Hello community, here is the log from the commit of package rubygem-faraday_middleware for openSUSE:Factory checked in at 2017-09-26 21:13:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-faraday_middleware (Old) and /work/SRC/openSUSE:Factory/.rubygem-faraday_middleware.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-faraday_middleware" Tue Sep 26 21:13:19 2017 rev:11 rq:514935 version:0.12.2 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-faraday_middleware/rubygem-faraday_middleware.changes 2017-04-11 09:31:00.369070516 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-faraday_middleware.new/rubygem-faraday_middleware.changes 2017-09-26 21:13:32.365845712 +0200 @@ -1,0 +2,6 @@ +Thu Aug 3 19:13:07 UTC 2017 - co...@suse.com + +- updated to version 0.12.2 + no changelog found + +------------------------------------------------------------------- Old: ---- faraday_middleware-0.11.0.1.gem New: ---- faraday_middleware-0.12.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-faraday_middleware.spec ++++++ --- /var/tmp/diff_new_pack.6kiJrq/_old 2017-09-26 21:13:33.057748418 +0200 +++ /var/tmp/diff_new_pack.6kiJrq/_new 2017-09-26 21:13:33.061747855 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-faraday_middleware -Version: 0.11.0.1 +Version: 0.12.2 Release: 0 %define mod_name faraday_middleware %define mod_full_name %{mod_name}-%{version} ++++++ faraday_middleware-0.11.0.1.gem -> faraday_middleware-0.12.2.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2017-01-23 11:08:47.000000000 +0100 +++ new/README.md 2017-08-03 17:43:53.000000000 +0200 @@ -15,7 +15,7 @@ * FaradayMiddleware::ParseXml: "multi_xml" * FaradayMiddleware::OAuth: "simple_oauth" * FaradayMiddleware::Mashify: "hashie" -* FaradayMiddleware::Rashify: "rash" +* FaradayMiddleware::Rashify: "rash_alt" (Make sure to uninstall original rash gem to avoid conflict) * FaradayMiddleware::Instrumentation: "activesupport" Examples Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/caching.rb new/lib/faraday_middleware/response/caching.rb --- old/lib/faraday_middleware/response/caching.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/caching.rb 2017-08-03 17:43:53.000000000 +0200 @@ -27,6 +27,9 @@ # :ignore_params - String name or Array names of query params # that should be ignored when forming the cache # key (default: []). + # :write_options - Hash of settings that should be passed as the third + # options parameter to the cache's #write method. If not + # specified, no options parameter will be passed. # # Yields if no cache is given. The block should return a cache object. def initialize(app, cache = nil, options = {}) @@ -46,10 +49,7 @@ key = cache_key(env) unless response = cache.read(key) and response response = @app.call(env) - - if CACHEABLE_STATUS_CODES.include?(response.status) - cache.write(key, response) - end + store_response_in_cache(key, response) end finalize_response(response, env) end @@ -80,14 +80,22 @@ else # response.status is nil at this point, any checks need to be done inside on_complete block @app.call(env).on_complete do |response_env| - if CACHEABLE_STATUS_CODES.include?(response_env.status) - cache.write(key, response_env.response) - end + store_response_in_cache(key, response_env.response) response_env end end end + def store_response_in_cache(key, response) + return unless CACHEABLE_STATUS_CODES.include?(response.status) + + if @options[:write_options] + cache.write(key, response, @options[:write_options]) + else + cache.write(key, response) + end + end + def finalize_response(response, env) response = response.dup if response.frozen? env[:response] = response diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/follow_redirects.rb new/lib/faraday_middleware/response/follow_redirects.rb --- old/lib/faraday_middleware/response/follow_redirects.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/follow_redirects.rb 2017-08-03 17:43:53.000000000 +0200 @@ -89,7 +89,7 @@ end def update_env(env, request_body, response) - env[:url] += safe_escape(response['location']) + env[:url] += safe_escape(response['location'] || '') if convert_to_get?(response) env[:method] = :get diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/parse_json.rb new/lib/faraday_middleware/response/parse_json.rb --- old/lib/faraday_middleware/response/parse_json.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/parse_json.rb 2017-08-03 17:43:53.000000000 +0200 @@ -7,8 +7,8 @@ require 'json' unless defined?(::JSON) end - define_parser do |body| - ::JSON.parse body unless body.strip.empty? + define_parser do |body, parser_options| + ::JSON.parse(body, parser_options || {}) unless body.strip.empty? end # Public: Override the content-type of the response with "application/json" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/parse_marshal.rb new/lib/faraday_middleware/response/parse_marshal.rb --- old/lib/faraday_middleware/response/parse_marshal.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/parse_marshal.rb 2017-08-03 17:43:53.000000000 +0200 @@ -4,7 +4,7 @@ # Public: Restore marshalled Ruby objects in response bodies. class ParseMarshal < ResponseMiddleware define_parser do |body| - ::Marshal.load body unless body.empty? + ::Marshal.load(body) unless body.empty? end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/parse_xml.rb new/lib/faraday_middleware/response/parse_xml.rb --- old/lib/faraday_middleware/response/parse_xml.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/parse_xml.rb 2017-08-03 17:43:53.000000000 +0200 @@ -5,8 +5,8 @@ class ParseXml < ResponseMiddleware dependency 'multi_xml' - define_parser do |body| - ::MultiXml.parse(body) + define_parser do |body, parser_options| + ::MultiXml.parse(body, parser_options || {}) end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/parse_yaml.rb new/lib/faraday_middleware/response/parse_yaml.rb --- old/lib/faraday_middleware/response/parse_yaml.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/parse_yaml.rb 2017-08-03 17:43:53.000000000 +0200 @@ -3,27 +3,35 @@ module FaradayMiddleware # Public: Parse response bodies as YAML. # - # Warning: this uses `YAML.load()` by default and as such is not safe against - # code injection or DoS attacks. If you're loading resources from an - # untrusted host or over HTTP, you should subclass this middleware and - # redefine it to use `safe_load()` if you're using a Psych version that - # supports it: + # Warning: This is not backwards compatible with versions of this middleware prior to + # faraday_middleware v0.12 - prior to this version, we used YAML.load rather than + # YAMl.safe_load, which exposes serious remote code execution risks - see + # https://github.com/ruby/psych/issues/119 for details. If you're sure you can trust + # YAML you're passing, you can set up an unsafe version of this middleware as follows: + # + # class UnsafelyParseYaml < FaradayMiddleware::ResponseMiddleware + # dependency do + # require 'yaml' + # end # - # class SafeYaml < FaradayMiddleware::ParseYaml # define_parser do |body| - # YAML.safe_load(body) + # YAML.load body # end # end # # Faraday.new(..) do |config| - # config.use SafeYaml + # config.use UnsafelyParseYaml # ... # end class ParseYaml < ResponseMiddleware - dependency 'yaml' + dependency 'safe_yaml/load' - define_parser do |body| - ::YAML.load body + define_parser do |body, parser_options| + if SafeYAML::YAML_ENGINE == 'psych' + SafeYAML.load(body, nil, parser_options || {}) + else + SafeYAML.load(body, parser_options || {}) + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response/rashify.rb new/lib/faraday_middleware/response/rashify.rb --- old/lib/faraday_middleware/response/rashify.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response/rashify.rb 2017-08-03 17:43:53.000000000 +0200 @@ -6,7 +6,7 @@ class Rashify < Mashify dependency do require 'rash' - self.mash_class = ::Hashie::Rash + self.mash_class = ::Hashie::Mash::Rash end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/response_middleware.rb new/lib/faraday_middleware/response_middleware.rb --- old/lib/faraday_middleware/response_middleware.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/response_middleware.rb 2017-08-03 17:43:53.000000000 +0200 @@ -23,6 +23,7 @@ def initialize(app = nil, options = {}) super(app) @options = options + @parser_options = options[:parser_options] @content_types = Array(options[:content_type]) end @@ -47,7 +48,7 @@ def parse(body) if self.class.parser begin - self.class.parser.call(body) + self.class.parser.call(body, @parser_options) rescue StandardError, SyntaxError => err raise err if err.is_a? SyntaxError and err.class.name != 'Psych::SyntaxError' raise Faraday::Error::ParsingError, err diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/faraday_middleware/version.rb new/lib/faraday_middleware/version.rb --- old/lib/faraday_middleware/version.rb 2017-01-23 11:08:47.000000000 +0100 +++ new/lib/faraday_middleware/version.rb 2017-08-03 17:43:53.000000000 +0200 @@ -1,3 +1,3 @@ module FaradayMiddleware - VERSION = "0.11.0.1" unless defined?(FaradayMiddleware::VERSION) + VERSION = '0.12.2' unless defined?(FaradayMiddleware::VERSION) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2017-01-23 11:08:47.000000000 +0100 +++ new/metadata 2017-08-03 17:43:53.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: faraday_middleware version: !ruby/object:Gem::Version - version: 0.11.0.1 + version: 0.12.2 platform: ruby authors: - Erik Michaels-Ober @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2017-01-23 00:00:00.000000000 Z +date: 2017-08-03 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: faraday @@ -83,7 +83,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.4.5 +rubygems_version: 2.6.11 signing_key: specification_version: 4 summary: Various middleware for Faraday