actionpack 6.1.4 → 6.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ecbd6190263018a55d9baa5737fbb8cadbcfe576eab8a37abe85f243bf7280f
-  data.tar.gz: 3eb5afac5cae0df74480ded35e48956a41b4017e43f9dfb7e895557ebf2efd02
+  metadata.gz: 7a2f02888e57e64ad85dfcfc9213950eee9865cbdd3b24f934effb6e088f8a7b
+  data.tar.gz: 0e41e7615fcfa9507bd6417b8529b3e9c6b0f68db7098fb885a0a7407d83d93a
 SHA512:
-  metadata.gz: d25fc0df75affc20fce6891e4da46226a851b48f4379b491fa887b194866a0d2f25f619f0401ffa524bd14369a0f5705f3ae8d12ea513976c48a3101f1327925
-  data.tar.gz: e7bc0083bb78130cbb4d2b0d421fdc69c146b7040e64da4d2ed0c18715f0a94b1c5d9dc2447439c31c7e63682dab1b03e5d0db0c6a14bb020e99a5da44ae9728
+  metadata.gz: 9471647861818ff5a98d2d3fd51c90b47e13ca09a10bc69e6818db299edd8d0f53e5613aa89b2a1fecf9cc880597daad62202743bc18fd25fbb63e29160b9b9c
+  data.tar.gz: fac080a19dc8f4638efbbe2470e5ac181f0708e87449923aedd5d23d016ad5e58648fb278d370150dded2abba57cd62016bdac5fdb77969df27f6910c8977605

data/CHANGELOG.md

@@ -1,3 +1,104 @@
+## Rails 6.1.5.1 (April 26, 2022) ##
+
+*   Allow Content Security Policy DSL to generate for API responses.
+
+    *Tim Wade*
+
+## Rails 6.1.5 (March 09, 2022) ##
+
+*   Fix `content_security_policy` returning invalid directives.
+
+    Directives such as `self`, `unsafe-eval` and few others were not
+    single quoted when the directive was the result of calling a lambda
+    returning an array.
+
+    ```ruby
+    content_security_policy do |policy|
+      policy.frame_ancestors lambda { [:self, "https://example.com"] }
+    end
+    ```
+
+    With this fix the policy generated from above will now be valid.
+
+    *Edouard Chin*
+
+*   Update `HostAuthorization` middleware to render debug info only
+    when `config.consider_all_requests_local` is set to true.
+
+    Also, blocked host info is always logged with level `error`.
+
+    Fixes #42813.
+
+    *Nikita Vyrko*
+
+*   Dup arrays that get "converted".
+
+    Fixes #43681.
+
+    *Aaron Patterson*
+
+*   Don't show deprecation warning for equal paths.
+
+    *Anton Rieder*
+
+*   Fix crash in `ActionController::Instrumentation` with invalid HTTP formats.
+
+    Fixes #43094.
+
+    *Alex Ghiculescu*
+
+*   Add fallback host for SystemTestCase driven by RackTest.
+
+    Fixes #42780.
+
+    *Petrik de Heus*
+
+*   Add more detail about what hosts are allowed.
+
+    *Alex Ghiculescu*
+
+
+## Rails 6.1.4.7 (March 08, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.6 (February 11, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.4.5 (February 11, 2022) ##
+
+*   Under certain circumstances, the middleware isn't informed that the
+    response body has been fully closed which result in request state not
+    being fully reset before the next request
+
+    [CVE-2022-23633]
+
+
+## Rails 6.1.4.4 (December 15, 2021) ##
+
+*   Fix issue with host protection not allowing host with port in development.
+
+
+## Rails 6.1.4.3 (December 14, 2021) ##
+
+*    Fix issue with host protection not allowing localhost in development.
+
+
+## Rails 6.1.4.2 (December 14, 2021) ##
+
+*   Fix X_FORWARDED_HOST protection.  [CVE-2021-44528]
+
+## Rails 6.1.4.1 (August 19, 2021) ##
+
+*   [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware.
+
+    Specially crafted "X-Forwarded-Host" headers in combination with certain
+    "allowed host" formats can cause the Host Authorization middleware in Action
+    Pack to redirect users to a malicious website.
+
 ## Rails 6.1.4 (June 24, 2021) ##
 
 *   Ignore file fixtures on `db:fixtures:load`

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2020 David Heinemeier Hansson
+Copyright (c) 2004-2022 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -18,4 +18,3 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-

data/lib/abstract_controller/collector.rb

@@ -10,6 +10,7 @@ module AbstractController
         def #{sym}(*args, &block)
           custom(Mime[:#{sym}], *args, &block)
         end
+        ruby2_keywords(:#{sym}) if respond_to?(:ruby2_keywords, true)
       RUBY
     end
 
@@ -22,7 +23,7 @@ module AbstractController
     end
 
   private
-    def method_missing(symbol, &block)
+    def method_missing(symbol, *args, &block)
       unless mime_constant = Mime[symbol]
         raise NoMethodError, "To respond to a custom format, register it as a MIME type first: " \
           "https://guides.rubyonrails.org/action_controller_overview.html#restful-downloads. " \
@@ -33,10 +34,11 @@ module AbstractController
 
       if Mime::SET.include?(mime_constant)
         AbstractController::Collector.generate_method_for_mime(mime_constant)
-        send(symbol, &block)
+        public_send(symbol, *args, &block)
       else
         super
       end
     end
+    ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
   end
 end

data/lib/action_controller/metal/http_authentication.rb

@@ -2,6 +2,7 @@
 
 require "base64"
 require "active_support/security_utils"
+require "active_support/core_ext/array/access"
 
 module ActionController
   # Makes it dead easy to do HTTP Basic, Digest and Token authentication.

data/lib/action_controller/metal/strong_parameters.rb

@@ -940,7 +940,7 @@ module ActionController
         when Array
           return value if converted_arrays.member?(value)
           converted = value.map { |_| convert_value_to_parameters(_) }
-          converted_arrays << converted
+          converted_arrays << converted.dup
           converted
         when Hash
           self.class.new(value)

data/lib/action_dispatch/http/content_security_policy.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/object/deep_dup"
+require "active_support/core_ext/array/wrap"
 
 module ActionDispatch #:nodoc:
   class ContentSecurityPolicy
@@ -17,7 +18,6 @@ module ActionDispatch #:nodoc:
         request = ActionDispatch::Request.new env
         _, headers, _ = response = @app.call(env)
 
-        return response unless html_response?(headers)
         return response if policy_present?(headers)
 
         if policy = request.content_security_policy
@@ -31,12 +31,6 @@ module ActionDispatch #:nodoc:
       end
 
       private
-        def html_response?(headers)
-          if content_type = headers[CONTENT_TYPE]
-            /html/.match?(content_type)
-          end
-        end
-
         def header_name(request)
           if request.content_security_policy_report_only
             POLICY_REPORT_ONLY
@@ -272,7 +266,7 @@ module ActionDispatch #:nodoc:
             raise RuntimeError, "Missing context for the dynamic content security policy source: #{source.inspect}"
           else
             resolved = context.instance_exec(&source)
-            resolved.is_a?(Symbol) ? apply_mapping(resolved) : resolved
+            apply_mappings(Array.wrap(resolved))
           end
         else
           raise RuntimeError, "Unexpected content security policy source: #{source.inspect}"

data/lib/action_dispatch/http/response.rb

@@ -88,13 +88,13 @@ module ActionDispatch # :nodoc:
 
     def self.return_only_media_type_on_content_type=(*)
       ActiveSupport::Deprecation.warn(
-        ".return_only_media_type_on_content_type= is dreprecated with no replacement and will be removed in 6.2."
+        ".return_only_media_type_on_content_type= is dreprecated with no replacement and will be removed in 7.0."
       )
     end
 
     def self.return_only_media_type_on_content_type
       ActiveSupport::Deprecation.warn(
-        ".return_only_media_type_on_content_type is dreprecated with no replacement and will be removed in 6.2."
+        ".return_only_media_type_on_content_type is dreprecated with no replacement and will be removed in 7.0."
       )
     end
 

data/lib/action_dispatch/middleware/executor.rb

@@ -9,7 +9,7 @@ module ActionDispatch
     end
 
     def call(env)
-      state = @executor.run!
+      state = @executor.run!(reset: true)
       begin
         response = @app.call(env)
         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }

data/lib/action_dispatch/middleware/host_authorization.rb

@@ -13,8 +13,22 @@ module ActionDispatch
   #
   # When a request comes to an unauthorized host, the +response_app+
   # application will be executed and rendered. If no +response_app+ is given, a
-  # default one will run, which responds with <tt>403 Forbidden</tt>.
+  # default one will run.
+  # The default response app logs blocked host info with level 'error' and
+  # responds with <tt>403 Forbidden</tt>. The body of the response contains debug info
+  # if +config.consider_all_requests_local+ is set to true, otherwise the body is empty.
   class HostAuthorization
+    ALLOWED_HOSTS_IN_DEVELOPMENT = [".localhost", IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0")]
+    PORT_REGEX = /(?::\d+)/ # :nodoc:
+    IPV4_HOSTNAME = /(?<host>\d+\.\d+\.\d+\.\d+)#{PORT_REGEX}?/ # :nodoc:
+    IPV6_HOSTNAME = /(?<host>[a-f0-9]*:[a-f0-9.:]+)/i # :nodoc:
+    IPV6_HOSTNAME_WITH_PORT = /\[#{IPV6_HOSTNAME}\]#{PORT_REGEX}/i # :nodoc:
+    VALID_IP_HOSTNAME = Regexp.union( # :nodoc:
+      /\A#{IPV4_HOSTNAME}\z/,
+      /\A#{IPV6_HOSTNAME}\z/,
+      /\A#{IPV6_HOSTNAME_WITH_PORT}\z/,
+    )
+
     class Permissions # :nodoc:
       def initialize(hosts)
         @hosts = sanitize_hosts(hosts)
@@ -26,11 +40,17 @@ module ActionDispatch
 
       def allows?(host)
         @hosts.any? do |allowed|
-          allowed === host
-        rescue
-          # IPAddr#=== raises an error if you give it a hostname instead of
-          # IP. Treat similar errors as blocked access.
-          false
+          if allowed.is_a?(IPAddr)
+            begin
+              allowed === extract_hostname(host)
+            rescue
+              # IPAddr#=== raises an error if you give it a hostname instead of
+              # IP. Treat similar errors as blocked access.
+              false
+            end
+          else
+            allowed === host
+          end
         end
       end
 
@@ -46,29 +66,59 @@ module ActionDispatch
         end
 
         def sanitize_regexp(host)
-          /\A#{host}\z/
+          /\A#{host}#{PORT_REGEX}?\z/
         end
 
         def sanitize_string(host)
           if host.start_with?(".")
-            /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/i
+            /\A([a-z0-9-]+\.)?#{Regexp.escape(host[1..-1])}#{PORT_REGEX}?\z/i
           else
-            /\A#{Regexp.escape host}\z/i
+            /\A#{Regexp.escape host}#{PORT_REGEX}?\z/i
           end
         end
+
+        def extract_hostname(host)
+          host.slice(VALID_IP_HOSTNAME, "host") || host
+        end
     end
 
-    DEFAULT_RESPONSE_APP = -> env do
-      request = Request.new(env)
+    class DefaultResponseApp # :nodoc:
+      RESPONSE_STATUS = 403
+
+      def call(env)
+        request = Request.new(env)
+        format = request.xhr? ? "text/plain" : "text/html"
 
-      format = request.xhr? ? "text/plain" : "text/html"
-      template = DebugView.new(host: request.host)
-      body = template.render(template: "rescues/blocked_host", layout: "rescues/layout")
+        log_error(request)
+        response(format, response_body(request))
+      end
+
+      private
+        def response_body(request)
+          return "" unless request.get_header("action_dispatch.show_detailed_exceptions")
 
-      [403, {
-        "Content-Type" => "#{format}; charset=#{Response.default_charset}",
-        "Content-Length" => body.bytesize.to_s,
-      }, [body]]
+          template = DebugView.new(host: request.host)
+          template.render(template: "rescues/blocked_host", layout: "rescues/layout")
+        end
+
+        def response(format, body)
+          [RESPONSE_STATUS,
+           { "Content-Type" => "#{format}; charset=#{Response.default_charset}",
+             "Content-Length" => body.bytesize.to_s },
+           [body]]
+        end
+
+        def log_error(request)
+          logger = available_logger(request)
+
+          return unless logger
+
+          logger.error("[#{self.class.name}] Blocked host: #{request.host}")
+        end
+
+        def available_logger(request)
+          request.logger || ActionView::Base.logger
+        end
     end
 
     def initialize(app, hosts, deprecated_response_app = nil, exclude: nil, response_app: nil)
@@ -78,14 +128,14 @@ module ActionDispatch
 
       unless deprecated_response_app.nil?
         ActiveSupport::Deprecation.warn(<<-MSG.squish)
-          `action_dispatch.hosts_response_app` is deprecated and will be ignored in Rails 6.2.
+          `action_dispatch.hosts_response_app` is deprecated and will be ignored in Rails 7.0.
           Use the Host Authorization `response_app` setting instead.
         MSG
 
         response_app ||= deprecated_response_app
       end
 
-      @response_app = response_app || DEFAULT_RESPONSE_APP
+      @response_app = response_app || DefaultResponseApp.new
     end
 
     def call(env)
@@ -103,20 +153,10 @@ module ActionDispatch
 
     private
       def authorized?(request)
-        valid_host = /
-          \A
-          (?<host>[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\])
-          (:\d+)?
-          \z
-        /x
-
-        origin_host = valid_host.match(
-          request.get_header("HTTP_HOST").to_s.downcase)
-        forwarded_host = valid_host.match(
-          request.x_forwarded_host.to_s.split(/,\s?/).last)
-
-        origin_host && @permissions.allows?(origin_host[:host]) && (
-          forwarded_host.nil? || @permissions.allows?(forwarded_host[:host]))
+        origin_host = request.get_header("HTTP_HOST")
+        forwarded_host = request.x_forwarded_host&.split(/,\s?/)&.last
+
+        @permissions.allows?(origin_host) && (forwarded_host.blank? || @permissions.allows?(forwarded_host))
       end
 
       def excluded?(request)

data/lib/action_dispatch/middleware/show_exceptions.rb

@@ -47,6 +47,7 @@ module ActionDispatch
         request.set_header "action_dispatch.exception", wrapper.unwrapped_exception
         request.set_header "action_dispatch.original_path", request.path_info
         request.set_header "action_dispatch.original_request_method", request.raw_request_method
+        fallback_to_html_format_if_invalid_mime_type(request)
         request.path_info = "/#{status}"
         request.request_method = "GET"
         response = @exceptions_app.call(request.env)
@@ -56,6 +57,15 @@ module ActionDispatch
         FAILSAFE_RESPONSE
       end
 
+      def fallback_to_html_format_if_invalid_mime_type(request)
+        # If the MIME type for the request is invalid then the
+        # @exceptions_app may not be able to handle it. To make it
+        # easier to handle, we switch to HTML.
+        request.formats
+      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
+        request.set_header "HTTP_ACCEPT", "text/html"
+      end
+
       def pass_response(status)
         [status, { "Content-Type" => "text/html; charset=#{Response.default_charset}", "Content-Length" => "0" }, []]
       end

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb

@@ -2,6 +2,6 @@
   <h1>Blocked host: <%= @host %></h1>
 </header>
 <div id="container">
-  <h2>To allow requests to <%= @host %>, add the following to your environment configuration:</h2>
+  <h2>To allow requests to <%= @host %> make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:</h2>
   <pre>config.hosts &lt;&lt; "<%= @host %>"</pre>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb

@@ -1,5 +1,5 @@
 Blocked host: <%= @host %>
 
-To allow requests to <%= @host %>, add the following to your environment configuration:
+To allow requests to <%= @host %> make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:
 
   config.hosts << "<%= @host %>"

data/lib/action_dispatch/routing/route_set.rb

@@ -597,14 +597,14 @@ module ActionDispatch
         if route.segment_keys.include?(:controller)
           ActiveSupport::Deprecation.warn(<<-MSG.squish)
             Using a dynamic :controller segment in a route is deprecated and
-            will be removed in Rails 6.2.
+            will be removed in Rails 7.0.
           MSG
         end
 
         if route.segment_keys.include?(:action)
           ActiveSupport::Deprecation.warn(<<-MSG.squish)
             Using a dynamic :action segment in a route is deprecated and
-            will be removed in Rails 6.2.
+            will be removed in Rails 7.0.
           MSG
         end
 

data/lib/action_dispatch/system_test_case.rb

@@ -115,6 +115,8 @@ module ActionDispatch
     include SystemTesting::TestHelpers::SetupAndTeardown
     include SystemTesting::TestHelpers::ScreenshotHelper
 
+    DEFAULT_HOST = "http://127.0.0.1"
+
     def initialize(*) # :nodoc:
       super
       self.class.driven_by(:selenium) unless self.class.driver?
@@ -166,7 +168,11 @@ module ActionDispatch
               include ActionDispatch.test_app.routes.mounted_helpers
 
               def url_options
-                default_url_options.reverse_merge(host: Capybara.app_host || Capybara.current_session.server_url)
+                default_url_options.reverse_merge(host: app_host)
+              end
+
+              def app_host
+                Capybara.app_host || Capybara.current_session.server_url || DEFAULT_HOST
               end
             end.new
           end

data/lib/action_dispatch/testing/test_process.rb

@@ -25,18 +25,21 @@ module ActionDispatch
           if !self.class.file_fixture_path
             ActiveSupport::Deprecation.warn(<<~EOM)
               Passing a path to `fixture_file_upload` relative to `fixture_path` is deprecated.
-              In Rails 6.2, the path needs to be relative to `file_fixture_path` which you
+              In Rails 7.0, the path needs to be relative to `file_fixture_path` which you
               haven't set yet. Set `file_fixture_path` to discard this warning.
             EOM
           elsif path.exist?
             non_deprecated_path = Pathname(File.absolute_path(path)).relative_path_from(Pathname(File.absolute_path(self.class.file_fixture_path)))
-            ActiveSupport::Deprecation.warn(<<~EOM)
-              Passing a path to `fixture_file_upload` relative to `fixture_path` is deprecated.
-              In Rails 6.2, the path needs to be relative to `file_fixture_path`.
 
-              Please modify the call from
-              `fixture_file_upload("#{original_path}")` to `fixture_file_upload("#{non_deprecated_path}")`.
-            EOM
+            if Pathname(original_path) != non_deprecated_path
+              ActiveSupport::Deprecation.warn(<<~EOM)
+                Passing a path to `fixture_file_upload` relative to `fixture_path` is deprecated.
+                In Rails 7.0, the path needs to be relative to `file_fixture_path`.
+
+                Please modify the call from
+                `fixture_file_upload("#{original_path}")` to `fixture_file_upload("#{non_deprecated_path}")`.
+              EOM
+            end
           else
             path = file_fixture(original_path)
           end

data/lib/action_dispatch.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2004-2020 David Heinemeier Hansson
+# Copyright (c) 2004-2022 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

data/lib/action_pack/gem_version.rb

@@ -9,7 +9,7 @@ module ActionPack
   module VERSION
     MAJOR = 6
     MINOR = 1
-    TINY  = 4
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/action_pack.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2004-2020 David Heinemeier Hansson
+# Copyright (c) 2004-2022 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 6.1.4
+  version: 6.1.6
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-24 00:00:00.000000000 Z
+date: 2022-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.1.6
 description: Web apps on Rails. Simple, battle-tested conventions for building and
   testing MVC web applications. Works with any Rack-compatible server.
 email: david@loudthinking.com
@@ -309,11 +309,12 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.4/actionpack/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.4/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.6/actionpack/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.6/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.4/actionpack
-post_install_message: 
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.6/actionpack
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -329,8 +330,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []