RubyGems - activity_notification - Versions diffs - 2.2.3 → 2.3.0 - Mend

activity_notification 2.2.3 → 2.3.0

Files changed (19) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yml +18 -17
data/CHANGELOG.md +14 -0
data/Gemfile +3 -2
data/Rakefile +2 -2
data/activity_notification.gemspec +3 -3
data/docs/Setup.md +16 -0
data/gemfiles/Gemfile.rails-5.0 +1 -1
data/gemfiles/Gemfile.rails-5.1 +2 -1
data/gemfiles/Gemfile.rails-5.2 +1 -1
data/gemfiles/Gemfile.rails-6.0 +2 -1
data/gemfiles/Gemfile.rails-6.1 +1 -1
data/gemfiles/Gemfile.rails-7.0 +1 -6
data/gemfiles/Gemfile.rails-7.1 +23 -0
data/lib/activity_notification/models.rb +23 -1
data/lib/activity_notification/version.rb +1 -1
data/spec/concerns/renderable_spec.rb +1 -1
data/spec/spec_helper.rb +1 -0
metadata +18 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30c5b3d148d4606e3ebd7c26a14a746180f2ccde5c6197bf28c95aaeceba8d48
-  data.tar.gz: 63454217d875157c64d22dd0e15e947912a73d7f6a1bba371cba05a0973ba680
+  metadata.gz: f3601a2256b7e6c6d029c5eaa66474a1786e590e09e461a01b25359a53a62fff
+  data.tar.gz: 1531fc01a13f15e74cecf7466b2cbfa365c70172fe5c25659f138ce01d0cf537
 SHA512:
-  metadata.gz: 2c7c724cdf1acb560ed8d02c56f80bc5cddee91fc0537779480efae64a40108f14fdcd55850ca121bf766416dad818dc664bdad196c17ef6ebe38d31c18ed2f2
-  data.tar.gz: 604d78217049389797f3508f621b54e0efd0962c075cf8c500d2b957c52e677584f1ec1eeea326bb12570cbe953c02581b248b9dfff54a80328bbf509b9871ee
+  metadata.gz: aaaad2eda74f02ad52c3cfc7ad34c3b1ecd43367ae6431d64dac8c13461c8764917db6a3a64a2059e3a2ce0ab5e2400e6ec7f7662cbbde4d41521077aae4aa89
+  data.tar.gz: eaded5b0d4c439e618c70a57e9ec6d868917819006c32923dde11c419a86d082d2ba7c2183037d094a59ff60dc1a9fdad97514aaf44337ae22130bfc1f8a43d1

data/.github/workflows/build.yml CHANGED Viewed

@@ -3,8 +3,8 @@ name: build
 on:
   push:
     branches:
-      - '**'
-      - '!images'
+      - 'master'
+      - 'development'
   pull_request:
     branches:
       - '**'
@@ -23,6 +23,7 @@ jobs:
           - gemfiles/Gemfile.rails-6.0
           - gemfiles/Gemfile.rails-6.1
           - gemfiles/Gemfile.rails-7.0
+          - gemfiles/Gemfile.rails-7.1
         orm:
           - active_record
           - mongoid
@@ -30,27 +31,29 @@ jobs:
         include:
           # https://www.ruby-lang.org/en/downloads
           - gemfile: gemfiles/Gemfile.rails-5.0
-            ruby-version: 2.7.5
+            ruby-version: 2.7.7
           - gemfile: gemfiles/Gemfile.rails-5.1
-            ruby-version: 2.7.5
+            ruby-version: 2.7.7
           - gemfile: gemfiles/Gemfile.rails-5.2
-            ruby-version: 2.7.5
+            ruby-version: 2.7.7
           - gemfile: gemfiles/Gemfile.rails-6.0
-            ruby-version: 3.0.3
+            ruby-version: 2.7.7
           - gemfile: gemfiles/Gemfile.rails-6.1
-            ruby-version: 3.0.3
+            ruby-version: 2.7.7
           - gemfile: gemfiles/Gemfile.rails-7.0
-            ruby-version: 3.0.3
+            ruby-version: 3.1.6
+          - gemfile: gemfiles/Gemfile.rails-7.1
+            ruby-version: 3.2.4
           - gemfile: Gemfile
-            ruby-version: 3.0.3
+            ruby-version: 3.3.3
             orm: active_record
             test-db: mysql
           - gemfile: Gemfile
-            ruby-version: 3.0.3
+            ruby-version: 3.3.3
             orm: active_record
             test-db: postgresql
           - gemfile: Gemfile
-            ruby-version: 3.0.3
+            ruby-version: 3.3.3
             orm: mongoid
             test-db: mongodb
           - gemfile: Gemfile
@@ -64,6 +67,8 @@ jobs:
             orm: dynamoid
           - gemfile: gemfiles/Gemfile.rails-7.0
             orm: dynamoid
+          - gemfile: gemfiles/Gemfile.rails-7.1
+            orm: dynamoid
     env:
       RAILS_ENV: test
@@ -97,19 +102,15 @@ jobs:
           - 27017:27017
         env:
           MONGO_INITDB_DATABASE: activity_notification_test
-        options: --health-cmd mongo --health-interval 10s --health-timeout 5s --health-retries 5
+        options: --health-cmd mongosh --health-interval 10s --health-timeout 5s --health-retries 5
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version }}
           bundler-cache: true
-      - name: Install dependencies
-        run: |
-          bundle install
-          bundle update
       - name: Setup Amazon DynamoDB Local
         if: matrix.orm == 'dynamoid'
         run: |

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+## 2.3.0 / 2024-06-02
+[Full Changelog](http://github.com/simukappu/activity_notification/compare/v2.2.4...v2.3.0)
+Enhancements:
+* Allow use with Rails 7.1 - [#173](https://github.com/simukappu/activity_notification/issues/173) [#177](https://github.com/simukappu/activity_notification/pull/177)
+## 2.2.4 / 2023-03-20
+[Full Changelog](http://github.com/simukappu/activity_notification/compare/v2.2.3...v2.2.4)
+Bug Fixes:
+* Fix broken serialization with Rails security patch - [#166](https://github.com/simukappu/activity_notification/issues/166) [#167](https://github.com/simukappu/activity_notification/pull/167)
 ## 2.2.3 / 2022-02-12
 [Full Changelog](http://github.com/simukappu/activity_notification/compare/v2.2.2...v2.2.3)

data/Gemfile CHANGED Viewed

@@ -2,9 +2,10 @@ source 'https://rubygems.org'
 gemspec
-gem 'rails', '~> 6.0.0'
+gem 'rails', '~> 7.1.0'
 group :production do
+  gem 'sprockets-rails'
   gem 'puma'
   gem 'pg'
   gem 'devise'
@@ -20,7 +21,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/Rakefile CHANGED Viewed

@@ -24,5 +24,5 @@ end
 Bundler::GemHelper.install_tasks
-require File.expand_path('../spec/rails_app/config/application', __FILE__)
-Rails.application.load_tasks
+#require File.expand_path('../spec/rails_app/config/application', __FILE__)
+#Rails.application.load_tasks

data/activity_notification.gemspec CHANGED Viewed

@@ -20,16 +20,16 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.required_ruby_version = '>= 2.1.0'
-  s.add_dependency 'railties', '>= 5.0.0', '< 7.1'
+  s.add_dependency 'railties', '>= 5.0.0', '< 7.2'
   s.add_dependency 'i18n', '>= 0.5.0'
   s.add_dependency 'jquery-rails', '>= 3.1.1'
   s.add_dependency 'swagger-blocks', '>= 3.0.0'
   s.add_development_dependency 'puma', '>= 3.12.0'
-  s.add_development_dependency 'sqlite3', '>= 1.3.13'
+  s.add_development_dependency 'sqlite3', '>= 1.3.13', '< 2.0'
   s.add_development_dependency 'mysql2', '>= 0.5.2'
   s.add_development_dependency 'pg', '>= 1.0.0'
-  s.add_development_dependency 'mongoid', '>= 4.0.0'
+  s.add_development_dependency 'mongoid', '>= 4.0.0', '< 9.0'
   s.add_development_dependency 'dynamoid', '3.1.0'
   s.add_development_dependency 'rspec-rails', '>= 3.8.0'
   s.add_development_dependency 'factory_bot_rails', '>= 4.11.0', '< 5.0.0'

data/docs/Setup.md CHANGED Viewed

@@ -46,6 +46,22 @@ The same can be done for the subscription table name, e.g., if you're using the
 config.subscription_table_name = "notifications_subscriptions"
 ```
+If you're redefining `yaml_column_permitted_classes` in *config/application.rb*, then you need to add a few classes to the whitelist to make sure *activity_notification* still works as expected.
+```ruby
+config.active_record.yaml_column_permitted_classes ||= []
+# your override(s), e.g: MyWhitelistedClass
+config.active_record.yaml_column_permitted_classes << MyWhitelistedClass
+# overrides required for activity_notification to work
+config.yaml_column_permitted_classes << ActiveSupport::HashWithIndifferentAccess
+config.yaml_column_permitted_classes << ActiveSupport::TimeWithZone
+config.yaml_column_permitted_classes << ActiveSupport::TimeZone
+config.yaml_column_permitted_classes << Symbol
+config.yaml_column_permitted_classes << Time
+```
 #### Using Mongoid ORM
 When you use *activity_notification* with [Mongoid](http://mongoid.org) ORM, set **AN_ORM** environment variable to **mongoid**:

data/gemfiles/Gemfile.rails-5.0 CHANGED Viewed

@@ -17,7 +17,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/gemfiles/Gemfile.rails-5.1 CHANGED Viewed

@@ -16,9 +16,10 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
+  gem 'mongoid', '>= 4.0.0', '< 8.0'
 end
 gem 'dotenv-rails', groups: [:development, :test]

data/gemfiles/Gemfile.rails-5.2 CHANGED Viewed

@@ -16,7 +16,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/gemfiles/Gemfile.rails-6.0 CHANGED Viewed

@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '../'
 gem 'rails', '~> 6.0.0'
+gem 'psych', '< 4'
 group :development do
   gem 'bullet'
@@ -14,7 +15,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/gemfiles/Gemfile.rails-6.1 CHANGED Viewed

@@ -14,7 +14,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/gemfiles/Gemfile.rails-7.0 CHANGED Viewed

@@ -3,11 +3,6 @@ source 'https://rubygems.org'
 gemspec path: '../'
 gem 'rails', '~> 7.0.0'
-# https://github.com/lynndylanhurley/devise_token_auth/pull/1517
-gem 'devise_token_auth', git: 'https://github.com/lynndylanhurley/devise_token_auth.git'
-# https://jira.mongodb.org/browse/MONGOID-5193
-gem 'mongoid', git: 'https://github.com/mongodb/mongoid.git'
 gem 'sprockets-rails'
 group :development do
@@ -20,7 +15,7 @@ group :test do
   gem 'ammeter'
   gem 'timecop'
   gem 'committee'
-  gem 'committee-rails'
+  gem 'committee-rails', '< 0.6'
   # gem 'coveralls', require: false
   gem 'coveralls_reborn', require: false
 end

data/gemfiles/Gemfile.rails-7.1 ADDED Viewed

@@ -0,0 +1,23 @@
+source 'https://rubygems.org'
+gemspec path: '../'
+gem 'rails', '~> 7.1.0'
+gem 'sprockets-rails'
+group :development do
+  gem 'bullet'
+  gem 'rack-cors'
+end
+group :test do
+  gem 'rails-controller-testing'
+  gem 'ammeter'
+  gem 'timecop'
+  gem 'committee'
+  gem 'committee-rails', '< 0.6'
+  # gem 'coveralls', require: false
+  gem 'coveralls_reborn', require: false
+end
+gem 'dotenv-rails', groups: [:development, :test]

data/lib/activity_notification/models.rb CHANGED Viewed

@@ -17,4 +17,26 @@ module ActivityNotification
   end
 end
-ActiveRecord::Base.class_eval { include ActivityNotification::Models } if defined?(ActiveRecord::Base)
+if defined?(ActiveRecord::Base)
+  ActiveRecord::Base.class_eval { include ActivityNotification::Models }
+  # https://github.com/simukappu/activity_notification/issues/166
+  # https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
+  if (Gem::Version.new("5.2.8.1") <= Rails.gem_version && Rails.gem_version < Gem::Version.new("6.0")) ||
+    (Gem::Version.new("6.0.5.1") <= Rails.gem_version && Rails.gem_version < Gem::Version.new("6.1")) ||
+    (Gem::Version.new("6.1.6.1") <= Rails.gem_version && Rails.gem_version < Gem::Version.new("7.0"))
+    ActiveRecord::Base.yaml_column_permitted_classes ||= []
+    ActiveRecord::Base.yaml_column_permitted_classes << ActiveSupport::HashWithIndifferentAccess
+    ActiveRecord::Base.yaml_column_permitted_classes << ActiveSupport::TimeWithZone
+    ActiveRecord::Base.yaml_column_permitted_classes << ActiveSupport::TimeZone
+    ActiveRecord::Base.yaml_column_permitted_classes << Symbol
+    ActiveRecord::Base.yaml_column_permitted_classes << Time
+  elsif Gem::Version.new("7.0.3.1") <= Rails.gem_version
+    ActiveRecord.yaml_column_permitted_classes ||= []
+    ActiveRecord.yaml_column_permitted_classes << ActiveSupport::HashWithIndifferentAccess
+    ActiveRecord.yaml_column_permitted_classes << ActiveSupport::TimeWithZone
+    ActiveRecord.yaml_column_permitted_classes << ActiveSupport::TimeZone
+    ActiveRecord.yaml_column_permitted_classes << Symbol
+    ActiveRecord.yaml_column_permitted_classes << Time
+  end
+end

data/lib/activity_notification/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ActivityNotification
-  VERSION = "2.2.3"
+  VERSION = "2.3.0"
 end

data/spec/concerns/renderable_spec.rb CHANGED Viewed

@@ -77,7 +77,7 @@ shared_examples_for :renderable do
               test_instance.target = create(:admin)
               test_instance.key = "notification.#{simple_text_key}"
               expect(test_instance.text)
-                .to eq("translation missing: en.notification.admin.#{simple_text_key}.text")
+                .to eq("Translation missing: en.notification.admin.#{simple_text_key}.text")
             end
           end

data/spec/spec_helper.rb CHANGED Viewed

@@ -46,6 +46,7 @@ def clean_database
 end
 RSpec.configure do |config|
+  config.expect_with  :minitest, :rspec
   config.include FactoryBot::Syntax::Methods
   config.before(:each) do
     FactoryBot.reload

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activity_notification
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.3.0
 platform: ruby
 authors:
 - Shota Yamazaki
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-12 00:00:00.000000000 Z
+date: 2024-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -19,7 +19,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
@@ -93,6 +93,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.13
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -100,6 +103,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.13
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
@@ -135,6 +141,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -142,6 +151,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: dynamoid
   requirement: !ruby/object:Gem::Requirement
@@ -391,6 +403,7 @@ files:
 - gemfiles/Gemfile.rails-6.0
 - gemfiles/Gemfile.rails-6.1
 - gemfiles/Gemfile.rails-7.0
+- gemfiles/Gemfile.rails-7.1
 - lib/activity_notification.rb
 - lib/activity_notification/apis/notification_api.rb
 - lib/activity_notification/apis/subscription_api.rb
@@ -683,7 +696,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: Integrated user activity notifications for Ruby on Rails