RubyGems - activeitem - Versions diffs - 0.0.4 → 0.0.5 - Mend

activeitem 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +12 -0
data/README.md +7 -0
data/certs/stowzilla.pem +31 -0
data/lib/active_item/base.rb +1 -3
data/lib/active_item/relation.rb +4 -0
data/lib/active_item/validations.rb +7 -0
data/lib/active_item/version.rb +1 -2
data.tar.gz.sig +0 -0
metadata +36 -3
metadata.gz.sig +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b4a582341eb5177faf5ba9b5f9cc6883eea2040075d373d4e2ede609be7d6ec0
-  data.tar.gz: 506579d0a2a6489a786255a912f008f2866f51171607552143fce35bc8a25dd0
+  metadata.gz: eb93b14273a49d3d4c7fa9c9ffb51164eaa504f031f66cafeec853cabda2742d
+  data.tar.gz: b94e92229ce16523f029d7695a70cfcb1db2c90b6e4d0641ccb865b5e84a5301
 SHA512:
-  metadata.gz: bba9b51bb78625e884f5902f6428c319f98ade1898a6c738911f4c960c45b9fe3833ce8f1f49cd90a571653988ad7da1868064f579f515f31572d2cf769df1b2
-  data.tar.gz: 5400dd3538af63d2f128d7a11d20045513e148a93c3513280281cdde5a7b4f5c5bdab6030902e7014a840066b8c1f3dd0588ea75a744ca9b2e0f7f5cb003ecac
+  metadata.gz: 4c5a15aa9fdfd5b8079f53d3a57225ed3622559256f6df129a44c1d822b6d0cdf5b380e130f28cd34ba328baa4113bda48dfcf4c0e9949a4f5d1bbab922060ad
+  data.tar.gz: 2d66cf596eb64088d2e0758e9d967947e26708188e7b1fe4d0dddded8290a2e0b03c4a691668414b7e29a2b4310f25cb592b77430c6855e9bc5af87e2b1fb86f

checksums.yaml.gz.sig ADDED Viewed

Binary file

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 0.0.5
+### Fixed
+- Fix RuboCop offenses: merge nested conditional in `Base`, remove trailing newline in `version.rb`
+### Infrastructure
+- Fix CI workflow to trigger on `master` branch (was incorrectly set to `main`)
+- Add bundler-audit security scanning to CI pipeline
+- Add gem signing with certificate chain for consumer verification
 ## 0.0.4
 ### Fixed

data/README.md CHANGED Viewed

@@ -8,6 +8,13 @@ ActiveRecord-like ORM for AWS DynamoDB.
 gem 'activeitem'
 ```
+To install with signature verification:
+```bash
+gem cert --add <(curl -Ls https://raw.githubusercontent.com/stowzilla/activeitem/master/certs/stowzilla.pem)
+gem install activeitem -P MediumSecurity
+```
 ## Configuration
 ```ruby

data/certs/stowzilla.pem ADDED Viewed

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIUax444kioC0RHJ7r5iympSbt4GOEwDQYJKoZIhvcNAQEL
+BQAwRDESMBAGA1UEAwwJc3Rvd3ppbGxhMRkwFwYKCZImiZPyLGQBGRYJc3Rvd3pp
+bGxhMRMwEQYKCZImiZPyLGQBGRYDY29tMB4XDTI2MDUyNjE1MDMzMloXDTI3MDUy
+NjE1MDMzMlowRDESMBAGA1UEAwwJc3Rvd3ppbGxhMRkwFwYKCZImiZPyLGQBGRYJ
+c3Rvd3ppbGxhMRMwEQYKCZImiZPyLGQBGRYDY29tMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAmLd7XtS7QkSvRl7eHVJwwvUTWG4Rk/uHRGZR09Cb/Hr3
+ehCdHQvcVxyotmg3qZh4yyf7jZfiESMlm3iXqPsjm7IyVKHBky0n9WB7xFDZe5fh
+gZwXAA5OXA0RGCaqMSnps3WJIzvUZkOZ2dnSH+oF2mK/7i4SUMN1nVMXdzu1bM3b
+jwhMbhsYztQSuypugDKV/87RitsHHN+1qDFP6DJRhSgXy9tFzYconRJBgIag/Kyy
+PQmAOTPfCoZeMmNllOJsd3F2W2u++bSKIGCJ2JD86lmggLwI+8kT1b9nOD8ULEGu
+GcPrqHWShn3lVDXCQHJVU1pGN2DybtCVO88+Sf4UxT61TPKAYj/dMYMyYta1aYfK
+u4RtgGkUD7eJYzJ4QSpNJgr+eUQXMirwn7xPRhBIWIZx4QbnAmZRfNpLjoPRiC9k
+V6/rjMYAeJU6z2jnOySZGN97cTbTNK7m9QyR5U0U5WQi0IBpB+0xe6c8ihKyPOeC
+hsLkZ7VxuO0gqfUDKG9DqX4/+xSqNKO8bwYa+nbBtZPjPWFyHQGQWKXOLLFK/VHk
+0+6V6HosjoaRW4M1gVlu+vGWHcpmdPOmfPShkqNgZQkvhhrdg2U/xyFzLrHoRTG3
+9JsjpfIGO+PAK3LPNy3YjZJcLnk8rLaaksUt691d1KH0y6e411vKoqxmZ3pHeu8C
+AwEAAaNTMFEwHQYDVR0OBBYEFJdJFQTOcHjR+03ZWZ7p9nnCVRBRMB8GA1UdIwQY
+MBaAFJdJFQTOcHjR+03ZWZ7p9nnCVRBRMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAFVHepD8diydFHg62HRWf7lETEoupJC7bUvSamgWi9r5svKK
+AhhRErJu5JJIcFsS0tQQNVucbJXbaEVfuQ0jHpIT1TnVQGKALE9nIFt90epjAlzB
+IrWWn4CgEWG8ek/81vvJZ7nBBq+BS11/yi2sx/j/eSArY/5ElM6rEnKrG/E7YnZD
+eCnF794rc17PdbNmLkjUWK99EA/v0424L7l8RU/2FvgHXa57xuZcY7LqpQIwaKIU
+uDBvSASNCzuBe+XXx5eEIpvEpBysDrGtIZ99IkJe+6XtAXnJRefq3fEJCaEzUPky
+qoZFv1pK+U+ziCXTVH33+daPpDa+UqUAfhX+qGj7ZyKKP5i3tHi76DtVAqA4rkHE
+riNRHVNH6TJnvBA9MPDNGy1AzgccqwKlWNz9l0WoMxkP8xfJbsTlc2AKjNOjx/RB
+Xv+HRgTnsHUgDEIFx23dsFsl71ULMii8GrarJf0GfCAYv8WNJWchWMhSaNpZGBPa
++4NJEsWBK1Rof5oTH3SS8FyWdbt1hbQ2XW5BQ94xCtsybxJYlfEkYflIg6ROlCZO
+mR0ObwJ14vsQVbJibq0eRHIg8G4yV19pvEdJCli02eLl1+451M63HZAqBNuyJ9Ny
+I1fxbbEBAzf7WHfoKdwFMuRZq7hpdLykCA8YQJFlLLFoXT0g41ug9iOKBtGg
+-----END CERTIFICATE-----

data/lib/active_item/base.rb CHANGED Viewed

@@ -105,9 +105,7 @@ module ActiveItem
           define_method("#{attr_name}=") do |value|
             old_value = instance_variable_get("@#{attr_name}")
-            if old_value != value
-              send("#{attr_name}_will_change!") unless changed_attributes.key?(attr_name)
-            end
+            send("#{attr_name}_will_change!") if (old_value != value) && !changed_attributes.key?(attr_name)
             instance_variable_set("@#{attr_name}", value)
           end
         end

data/lib/active_item/relation.rb CHANGED Viewed

@@ -1346,6 +1346,10 @@ module ActiveItem
     # Each query is a lightweight indexed count — no data transfer, just a number.
     # Uses thread pool for parallel execution when multiple parent IDs exist.
     #
+    # Thread safety: Aws::DynamoDB::Client is thread-safe — it uses internal
+    # connection pooling (Net::HTTP persistent connections per thread). The Mutex
+    # here protects only the shared `counts` hash, not the client itself.
+    #
     # @param assoc_class [Class] The associated model class
     # @param index_name [String] GSI index name
     # @param dynamo_fk [String] The DynamoDB attribute name for the foreign key

data/lib/active_item/validations.rb CHANGED Viewed

@@ -5,6 +5,13 @@ require 'active_model'
 module ActiveItem
   # ActiveModel validator that checks attribute uniqueness by querying
   # DynamoDB, with optional scope and custom condition support.
+  #
+  # IMPORTANT LIMITATIONS:
+  # - TOCTOU race condition: DynamoDB is eventually consistent, so a check-then-write
+  #   cannot guarantee uniqueness under concurrent writes. For strong uniqueness, use
+  #   a DynamoDB conditional put (attribute_not_exists) at the persistence layer instead.
+  # - DoS vector: without an index, uniqueness checks fall back to table scans. Always
+  #   ensure validated attributes have a GSI to avoid full-table scans on write paths.
   class UniquenessValidator < ActiveModel::EachValidator
     def validate_each(record, attribute, value)
       return if value.nil? || value.to_s.empty?

data/lib/active_item/version.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 module ActiveItem
-  VERSION = '0.0.4'
+  VERSION = '0.0.5'
 end

data.tar.gz.sig ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,15 +1,47 @@
 --- !ruby/object:Gem::Specification
 name: activeitem
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Andy Davis
 - Adam Dalton
 autorequire:
 bindir: bin
-cert_chain: []
-date: 2026-05-23 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIFaTCCA1GgAwIBAgIUax444kioC0RHJ7r5iympSbt4GOEwDQYJKoZIhvcNAQEL
+  BQAwRDESMBAGA1UEAwwJc3Rvd3ppbGxhMRkwFwYKCZImiZPyLGQBGRYJc3Rvd3pp
+  bGxhMRMwEQYKCZImiZPyLGQBGRYDY29tMB4XDTI2MDUyNjE1MDMzMloXDTI3MDUy
+  NjE1MDMzMlowRDESMBAGA1UEAwwJc3Rvd3ppbGxhMRkwFwYKCZImiZPyLGQBGRYJ
+  c3Rvd3ppbGxhMRMwEQYKCZImiZPyLGQBGRYDY29tMIICIjANBgkqhkiG9w0BAQEF
+  AAOCAg8AMIICCgKCAgEAmLd7XtS7QkSvRl7eHVJwwvUTWG4Rk/uHRGZR09Cb/Hr3
+  ehCdHQvcVxyotmg3qZh4yyf7jZfiESMlm3iXqPsjm7IyVKHBky0n9WB7xFDZe5fh
+  gZwXAA5OXA0RGCaqMSnps3WJIzvUZkOZ2dnSH+oF2mK/7i4SUMN1nVMXdzu1bM3b
+  jwhMbhsYztQSuypugDKV/87RitsHHN+1qDFP6DJRhSgXy9tFzYconRJBgIag/Kyy
+  PQmAOTPfCoZeMmNllOJsd3F2W2u++bSKIGCJ2JD86lmggLwI+8kT1b9nOD8ULEGu
+  GcPrqHWShn3lVDXCQHJVU1pGN2DybtCVO88+Sf4UxT61TPKAYj/dMYMyYta1aYfK
+  u4RtgGkUD7eJYzJ4QSpNJgr+eUQXMirwn7xPRhBIWIZx4QbnAmZRfNpLjoPRiC9k
+  V6/rjMYAeJU6z2jnOySZGN97cTbTNK7m9QyR5U0U5WQi0IBpB+0xe6c8ihKyPOeC
+  hsLkZ7VxuO0gqfUDKG9DqX4/+xSqNKO8bwYa+nbBtZPjPWFyHQGQWKXOLLFK/VHk
+  0+6V6HosjoaRW4M1gVlu+vGWHcpmdPOmfPShkqNgZQkvhhrdg2U/xyFzLrHoRTG3
+  9JsjpfIGO+PAK3LPNy3YjZJcLnk8rLaaksUt691d1KH0y6e411vKoqxmZ3pHeu8C
+  AwEAAaNTMFEwHQYDVR0OBBYEFJdJFQTOcHjR+03ZWZ7p9nnCVRBRMB8GA1UdIwQY
+  MBaAFJdJFQTOcHjR+03ZWZ7p9nnCVRBRMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+  hvcNAQELBQADggIBAFVHepD8diydFHg62HRWf7lETEoupJC7bUvSamgWi9r5svKK
+  AhhRErJu5JJIcFsS0tQQNVucbJXbaEVfuQ0jHpIT1TnVQGKALE9nIFt90epjAlzB
+  IrWWn4CgEWG8ek/81vvJZ7nBBq+BS11/yi2sx/j/eSArY/5ElM6rEnKrG/E7YnZD
+  eCnF794rc17PdbNmLkjUWK99EA/v0424L7l8RU/2FvgHXa57xuZcY7LqpQIwaKIU
+  uDBvSASNCzuBe+XXx5eEIpvEpBysDrGtIZ99IkJe+6XtAXnJRefq3fEJCaEzUPky
+  qoZFv1pK+U+ziCXTVH33+daPpDa+UqUAfhX+qGj7ZyKKP5i3tHi76DtVAqA4rkHE
+  riNRHVNH6TJnvBA9MPDNGy1AzgccqwKlWNz9l0WoMxkP8xfJbsTlc2AKjNOjx/RB
+  Xv+HRgTnsHUgDEIFx23dsFsl71ULMii8GrarJf0GfCAYv8WNJWchWMhSaNpZGBPa
+  +4NJEsWBK1Rof5oTH3SS8FyWdbt1hbQ2XW5BQ94xCtsybxJYlfEkYflIg6ROlCZO
+  mR0ObwJ14vsQVbJibq0eRHIg8G4yV19pvEdJCli02eLl1+451M63HZAqBNuyJ9Ny
+  I1fxbbEBAzf7WHfoKdwFMuRZq7hpdLykCA8YQJFlLLFoXT0g41ug9iOKBtGg
+  -----END CERTIFICATE-----
+date: 2026-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -135,6 +167,7 @@ files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
+- certs/stowzilla.pem
 - lib/active_item/associations.rb
 - lib/active_item/base.rb
 - lib/active_item/composed_of.rb

metadata.gz.sig ADDED Viewed

Binary file