activerecord-session_store 2.0.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e3618fed7f080158309e682f1906af4d056b65fdbf687c7f562677cecaf17d05
-  data.tar.gz: 314cfae6877c80c6d73512f082765f083b733fcb5eb532b490b89033f37fd3aa
+  metadata.gz: a59c796a95093cdbf0b0239be6b391e6319aa15892c5eaa88a4f0cd21f71f730
+  data.tar.gz: 512857df11dfe09153779282bc6924ba09e5052cc027bfcdc49911cf448eaa57
 SHA512:
-  metadata.gz: cd976a3e033d38632598f9ab5f47eee88c9e72fd624c470f385976361eba83b58e9b0e44241a7ce994f76b79ed3b71f142ce0d6547b10a04d5af4ed75812596d
-  data.tar.gz: 273a6fbec6eb0a9426d66963ee8008f91281a454fa8722d52a1f1179c1f39c68bf6a37e25ecd5db2c2031a8f344c5375121d52c8fc02fb3595654b1015057178
+  metadata.gz: c14348425cf37d14be0562e9c0c60b77d4279a77daa5edd1482cff8cf4757757c923dd8740a8779abc0401bfd3b761a46da541a50771c558cfd8836e4b25daf5
+  data.tar.gz: f9357eb83b033c69010cc36fae85e5cd72db780562749aa9512aa78d7440f32666bf6c260e12177bd07c813eb8a8049478e391d0476c29c0d7956f21f99989e2

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 2.2.0
+
+* Drop dependency on `multi_json`.

data/README.md

@@ -38,7 +38,7 @@ been updated in the last 30 days. The 30 days cutoff can be changed using the
 Configuration
 --------------
 
-The default assumes a `sessions` tables with columns:
+The default assumes a `sessions` table with columns:
 
 *  `id` (numeric primary key),
 *  `session_id` (string, usually varchar; maximum length is 255), and
@@ -79,7 +79,7 @@ for free if you add `created_at` and `updated_at` datetime columns to
 the `sessions` table, making periodic session expiration a snap.
 
 You may provide your own session class implementation, whether a
-feature-packed Active Record or a bare-metal high-performance SQL
+feature-packed Active Record, or a bare-metal high-performance SQL
 store, by setting
 
 ```ruby
@@ -99,17 +99,23 @@ The example SqlBypass class is a generic SQL session store. You may
 use it as a basis for high-performance database-specific stores.
 
 Please note that you will need to manually include the silencer module to your
-custom logger if you are using a logger other than `Logger` and `Syslog::Logger`
-and their subclasses:
+custom logger if you are using a logger other than `ActiveSupport::Logger` and
+its subclasses:
 
 ```ruby
-MyLogger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
+MyLogger.include ActiveSupport::LoggerSilence
+```
+
+Or if you are using Rails 5.2 or older:
+
+```ruby
+MyLogger.include ::LoggerSilence
 ```
 
 This silencer is being used to silence the logger and not leaking private
 information into the log, and it is required for security reason.
 
-CVE-2015-9284 mitigation
+CVE-2019-25025 mitigation
 --------------
 
 Sessions that were created by Active Record Session Store version 1.x are

data/lib/action_dispatch/session/active_record_store.rb

@@ -55,7 +55,7 @@ module ActionDispatch
     class ActiveRecordStore < ActionDispatch::Session::AbstractSecureStore
       # The class used for session storage. Defaults to
       # ActiveRecord::SessionStore::Session
-      cattr_accessor :session_class
+      class_attribute :session_class
 
       SESSION_RECORD_KEY = 'rack.session.record'
       ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS
@@ -67,7 +67,7 @@ module ActionDispatch
             # If the sid was nil or if there is no pre-existing session under the sid,
             # force the generation of a new sid and associate a new session associated with the new sid
             sid = generate_sid
-            session = @@session_class.new(:session_id => sid.private_id, :data => {})
+            session = session_class.new(:session_id => sid.private_id, :data => {})
           end
           request.env[SESSION_RECORD_KEY] = session
           [sid, session.data]
@@ -106,7 +106,7 @@ module ActionDispatch
             new_sid = generate_sid
 
             if options[:renew]
-              new_model = @@session_class.new(:session_id => new_sid.private_id, :data => data)
+              new_model = session_class.new(:session_id => new_sid.private_id, :data => data)
               new_model.save
               request.env[SESSION_RECORD_KEY] = new_model
             end
@@ -120,7 +120,7 @@ module ActionDispatch
           model = get_session_with_fallback(id)
           unless model
             id = generate_sid
-            model = @@session_class.new(:session_id => id.private_id, :data => {})
+            model = session_class.new(:session_id => id.private_id, :data => {})
             model.save
           end
           if request.env[ENV_SESSION_OPTIONS_KEY][:id].nil?
@@ -134,9 +134,9 @@ module ActionDispatch
 
       def get_session_with_fallback(sid)
         if sid && !self.class.private_session_id?(sid.public_id)
-          if (secure_session = @@session_class.find_by_session_id(sid.private_id))
+          if (secure_session = session_class.find_by_session_id(sid.private_id))
             secure_session
-          elsif (insecure_session = @@session_class.find_by_session_id(sid.public_id))
+          elsif (insecure_session = session_class.find_by_session_id(sid.public_id))
             insecure_session.session_id = sid.private_id # this causes the session to be secured
             insecure_session
           end

data/lib/active_record/session_store/version.rb

@@ -1,5 +1,5 @@
 module ActiveRecord
   module SessionStore
-    VERSION = "2.0.0".freeze
+    VERSION = "2.2.0".freeze
   end
 end

data/lib/active_record/session_store.rb

@@ -2,7 +2,7 @@ require 'active_record'
 require 'active_record/session_store/version'
 require 'action_dispatch/session/active_record_store'
 require 'active_support/core_ext/hash/keys'
-require 'multi_json'
+require 'json'
 
 module ActiveRecord
   module SessionStore
@@ -62,12 +62,12 @@ module ActiveRecord
       # Uses built-in JSON library to encode/decode session
       class JsonSerializer
         def self.load(value)
-          hash = MultiJson.load(value)
+          hash = JSON.parse(value)
           hash.is_a?(Hash) ? hash.with_indifferent_access[:value] : hash
         end
 
         def self.dump(value)
-          MultiJson.dump(value: value)
+          JSON.dump(value: value)
         end
       end
 

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: activerecord-session_store
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2025-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -16,42 +15,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.4.1
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -61,7 +60,7 @@ dependencies:
         version: 2.0.8
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -71,48 +70,28 @@ dependencies:
         version: 2.0.8
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '4'
 - !ruby/object:Gem::Dependency
-  name: multi_json
+  name: cgi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.11.2
+        version: 0.3.6
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.11.2
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-description:
+        version: 0.3.6
 email: david@loudthinking.com
 executables: []
 extensions: []
 extra_rdoc_files:
 - README.md
 files:
+- CHANGELOG.md
 - MIT-LICENSE
 - README.md
 - lib/action_dispatch/session/active_record_store.rb
@@ -128,8 +107,10 @@ files:
 homepage: https://github.com/rails/activerecord-session_store
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  homepage_uri: https://github.com/rails/activerecord-session_store
+  source_code_uri: https://github.com/rails/activerecord-session_store
+  changelog_uri: https://github.com/rails/activerecord-session_store/blob/master/CHANGELOG.md
 rdoc_options:
 - "--main"
 - README.md
@@ -139,15 +120,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: An Action Dispatch session store backed by an Active Record class.
 test_files: []