addressable 2.5.2 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 609a17c9f46ce684482d241232f11a9b9fc81c81
-  data.tar.gz: 5d2febfcf1ecfc3deafe09afb18f8d423a917597
+SHA256:
+  metadata.gz: 03a21b1eab156a16e90bd7963af85980edfbddc8f3dbe052766303dba76cc000
+  data.tar.gz: 03eca5d86f4c70f9320000f36e3cff4fd8023342a4e0ac855d0ef1ec89ee6183
 SHA512:
-  metadata.gz: c2643f4006865f0d7654ed88b925bd46a75fc3fc3eaf46dea2b7a57f72ffe7c2b90560bae9ce06ecca4d4a528db4fb8a28e24fdd882bc5d602177d2099ec1b6f
-  data.tar.gz: 2dcaa8fad9dfe031485391dec12e42bd9a45e105a1486c8e1ba9faeaa6f3600f9742b43e557776bfec9424c16e0dd0a1e22bc219da0e8c80559bfcf04ac405d8
+  metadata.gz: d504f9475ad823f5bb077b9c039a2c91c83e52c20896247a7289b61725c61b1ddefe8ae06155fb018fc67087cf04276081b42105a18394b45e2374ad0b2fadb0
+  data.tar.gz: b81766fbcb9335d5ca94403b62d3b2a6fae31b66cd3c05f48e1885eaf07883bfa1321b6930271fe1415135aec687af51312a26ce27bd4b83b2ac6424dec597c9

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+# Addressable 2.8.0
+- fixes ReDoS vulnerability in Addressable::Template#match
+- no longer replaces `+` with spaces in queries for non-http(s) schemes
+- fixed encoding ipv6 literals
+- the `:compacted` flag for `normalized_query` now dedupes parameters
+- fix broken `escape_component` alias
+- dropping support for Ruby 2.0 and 2.1
+- adding Ruby 3.0 compatibility for development tasks
+- drop support for `rack-mount` and remove Addressable::Template#generate
+- performance improvements
+- switch CI/CD to GitHub Actions
+
+# Addressable 2.7.0
+- added `:compacted` flag to `normalized_query`
+- `heuristic_parse` handles `mailto:` more intuitively
+- dropped explicit support for JRuby 9.0.5.0
+- compatibility w/ public_suffix 4.x
+- performance improvements
+
+# Addressable 2.6.0
+- added `tld=` method to allow assignment to the public suffix
+- most `heuristic_parse` patterns are now case-insensitive
+- `heuristic_parse` handles more `file://` URI variations
+- fixes bug in `heuristic_parse` when uri starts with digit
+- fixes bug in `request_uri=` with query strings
+- fixes template issues with `nil` and `?` operator
+- `frozen_string_literal` pragmas added
+- minor performance improvements in regexps
+- fixes to eliminate warnings
+
 # Addressable 2.5.2
 - better support for frozen string literals
 - fixed bug w/ uppercase characters in scheme

data/Gemfile

@@ -1,10 +1,17 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
-gemspec
+gemspec(path: __FILE__ == "(eval)" ? ".." : ".")
 
 group :test do
-  gem 'rspec', '~> 3.0'
-  gem 'rspec-its', '~> 1.1'
+  gem 'rspec', '~> 3.8'
+  gem 'rspec-its', '~> 1.3'
+end
+
+group :coverage do
+  gem "coveralls", "> 0.7", require: false, platforms: :mri
+  gem "simplecov", require: false
 end
 
 group :development do
@@ -14,19 +21,8 @@ group :development do
 end
 
 group :test, :development do
-  gem 'rake', '> 10.0', '< 12'
-  gem 'simplecov', :require => false
-  gem 'coveralls', :require => false, :platforms => [
-    :ruby_20, :ruby_21, :ruby_22, :ruby_23
-  ]
-  # Used to test compatibility.
-  gem 'rack-mount', git: 'https://github.com/sporkmonger/rack-mount.git', require: 'rack/mount'
-
-  if RUBY_VERSION.start_with?('2.0', '2.1')
-    gem 'rack', '< 2', :require => false
-  else
-    gem 'rack', :require => false
-  end
+  gem 'memory_profiler'
+  gem "rake", ">= 12.3.3"
 end
 
-gem 'idn-ruby', :platform => [:mri_20, :mri_21, :mri_22, :mri_23, :mri_24]
+gem "idn-ruby", platform: :mri

data/README.md

@@ -7,23 +7,23 @@
   <dt>License</dt><dd>Apache 2.0</dd>
 </dl>
 
-[![Gem Version](http://img.shields.io/gem/dt/addressable.svg)][gem]
-[![Build Status](https://secure.travis-ci.org/sporkmonger/addressable.svg?branch=master)][travis]
-[![Dependency Status](https://gemnasium.com/sporkmonger/addressable.svg?travis)][gemnasium]
+[![Gem Version](https://img.shields.io/gem/dt/addressable.svg)][gem]
+[![Build Status](https://github.com/sporkmonger/addressable/workflows/CI/badge.svg)][actions]
 [![Test Coverage Status](https://img.shields.io/coveralls/sporkmonger/addressable.svg)][coveralls]
-[![Documentation Coverage Status](http://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
+[![Documentation Coverage Status](https://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
 
 [gem]: https://rubygems.org/gems/addressable
-[travis]: http://travis-ci.org/sporkmonger/addressable
-[gemnasium]: https://gemnasium.com/sporkmonger/addressable
+[actions]: https://github.com/sporkmonger/addressable/actions
 [coveralls]: https://coveralls.io/r/sporkmonger/addressable
-[inch]: http://inch-ci.org/github/sporkmonger/addressable
+[inch]: https://inch-ci.org/github/sporkmonger/addressable
 
 # Description
 
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to RFC 3986, RFC 3987, and
-RFC 6570 (level 4), providing support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation
+that is part of Ruby's standard library. It is flexible, offers heuristic
+parsing, and additionally provides extensive support for IRIs and URI templates.
+
+Addressable closely conforms to RFC 3986, RFC 3987, and RFC 6570 (level 4).
 
 # Reference
 
@@ -58,7 +58,7 @@ For more details, see [RFC 6570](https://www.rfc-editor.org/rfc/rfc6570.txt).
 
 require "addressable/template"
 
-template = Addressable::Template.new("http://example.com/{?query*}/")
+template = Addressable::Template.new("http://example.com/{?query*}")
 template.expand({
   "query" => {
     'foo' => 'bar',
@@ -98,19 +98,19 @@ You may optionally turn on native IDN support by installing libidn and the
 idn gem:
 
 ```console
-$ sudo apt-get install idn # Debian/Ubuntu
+$ sudo apt-get install libidn11-dev # Debian/Ubuntu
 $ brew install libidn # OS X
 $ gem install idn-ruby
 ```
 
 # Semantic Versioning
 
-This project uses sementic versioning. You can (and should) specify your
+This project uses [Semantic Versioning](https://semver.org/). You can (and should) specify your
 dependency using a pessimistic version constraint covering the major and minor
 values:
 
 ```ruby
-spec.add_dependency 'addressable', '~> 2.5'
+spec.add_dependency 'addressable', '~> 2.7'
 ```
 
 If you need a specific bug fix, you can also specify minimum tiny versions

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rubygems'
 require 'rake'
 
@@ -12,9 +14,9 @@ RELEASE_NAME       = "REL #{PKG_VERSION}"
 
 PKG_SUMMARY        = "URI Implementation"
 PKG_DESCRIPTION    = <<-TEXT
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to the relevant RFCs and
-adds support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation that is
+part of Ruby's standard library. It is flexible, offers heuristic parsing, and
+additionally provides extensive support for IRIs and URI templates.
 TEXT
 
 PKG_FILES = FileList[

data/addressable.gemspec

@@ -0,0 +1,37 @@
+# -*- encoding: utf-8 -*-
+# stub: addressable 2.8.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "addressable".freeze
+  s.version = "2.8.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Bob Aman".freeze]
+  s.date = "2021-07-03"
+  s.description = "Addressable is an alternative implementation to the URI implementation that is\npart of Ruby's standard library. It is flexible, offers heuristic parsing, and\nadditionally provides extensive support for IRIs and URI templates.\n".freeze
+  s.email = "bob@sporkmonger.com".freeze
+  s.extra_rdoc_files = ["README.md".freeze]
+  s.files = ["CHANGELOG.md".freeze, "Gemfile".freeze, "LICENSE.txt".freeze, "README.md".freeze, "Rakefile".freeze, "addressable.gemspec".freeze, "data/unicode.data".freeze, "lib/addressable.rb".freeze, "lib/addressable/idna.rb".freeze, "lib/addressable/idna/native.rb".freeze, "lib/addressable/idna/pure.rb".freeze, "lib/addressable/template.rb".freeze, "lib/addressable/uri.rb".freeze, "lib/addressable/version.rb".freeze, "spec/addressable/idna_spec.rb".freeze, "spec/addressable/net_http_compat_spec.rb".freeze, "spec/addressable/security_spec.rb".freeze, "spec/addressable/template_spec.rb".freeze, "spec/addressable/uri_spec.rb".freeze, "spec/spec_helper.rb".freeze, "tasks/clobber.rake".freeze, "tasks/gem.rake".freeze, "tasks/git.rake".freeze, "tasks/metrics.rake".freeze, "tasks/profile.rake".freeze, "tasks/rspec.rake".freeze, "tasks/yard.rake".freeze]
+  s.homepage = "https://github.com/sporkmonger/addressable".freeze
+  s.licenses = ["Apache-2.0".freeze]
+  s.rdoc_options = ["--main".freeze, "README.md".freeze]
+  s.required_ruby_version = Gem::Requirement.new(">= 2.0".freeze)
+  s.rubygems_version = "3.0.3".freeze
+  s.summary = "URI Implementation".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+      s.add_development_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+    else
+      s.add_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+      s.add_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+    end
+  else
+    s.add_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+    s.add_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+  end
+end

data/lib/addressable.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'addressable/uri'
 require 'addressable/template'

data/lib/addressable/idna.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # encoding:utf-8
 #--
 # Copyright (C) Bob Aman

data/lib/addressable/idna/native.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # encoding:utf-8
 #--
 # Copyright (C) Bob Aman

data/lib/addressable/idna/pure.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # encoding:utf-8
 #--
 # Copyright (C) Bob Aman
@@ -133,7 +135,7 @@ module Addressable
       unpacked.map! { |codepoint| lookup_unicode_lowercase(codepoint) }
       return unpacked.pack("U*")
     end
-    (class <<self; private :unicode_downcase; end)
+    private_class_method :unicode_downcase
 
     def self.unicode_compose(unpacked)
       unpacked_result = []
@@ -146,22 +148,19 @@ module Addressable
       starter_cc = 256 if starter_cc != 0
       for i in 1...length
         ch = unpacked[i]
-        cc = lookup_unicode_combining_class(ch)
 
         if (starter_cc == 0 &&
             (composite = unicode_compose_pair(starter, ch)) != nil)
           starter = composite
-          startercc = lookup_unicode_combining_class(composite)
         else
           unpacked_result << starter
           starter = ch
-          startercc = cc
         end
       end
       unpacked_result << starter
       return unpacked_result
     end
-    (class <<self; private :unicode_compose; end)
+    private_class_method :unicode_compose
 
     def self.unicode_compose_pair(ch_one, ch_two)
       if ch_one >= HANGUL_LBASE && ch_one < HANGUL_LBASE + HANGUL_LCOUNT &&
@@ -179,43 +178,45 @@ module Addressable
       end
 
       p = []
-      ucs4_to_utf8 = lambda do |ch|
-        if ch < 128
-          p << ch
-        elsif ch < 2048
-          p << (ch >> 6 | 192)
-          p << (ch & 63 | 128)
-        elsif ch < 0x10000
-          p << (ch >> 12 | 224)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x200000
-          p << (ch >> 18 | 240)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x4000000
-          p << (ch >> 24 | 248)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x80000000
-          p << (ch >> 30 | 252)
-          p << (ch >> 24 & 63 | 128)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        end
-      end
 
-      ucs4_to_utf8.call(ch_one)
-      ucs4_to_utf8.call(ch_two)
+      ucs4_to_utf8(ch_one, p)
+      ucs4_to_utf8(ch_two, p)
 
       return lookup_unicode_composition(p)
     end
-    (class <<self; private :unicode_compose_pair; end)
+    private_class_method :unicode_compose_pair
+
+    def self.ucs4_to_utf8(char, buffer)
+      if char < 128
+        buffer << char
+      elsif char < 2048
+        buffer << (char >> 6 | 192)
+        buffer << (char & 63 | 128)
+      elsif char < 0x10000
+        buffer << (char >> 12 | 224)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x200000
+        buffer << (char >> 18 | 240)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x4000000
+        buffer << (char >> 24 | 248)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x80000000
+        buffer << (char >> 30 | 252)
+        buffer << (char >> 24 & 63 | 128)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      end
+    end
+    private_class_method :ucs4_to_utf8
 
     def self.unicode_sort_canonical(unpacked)
       unpacked = unpacked.dup
@@ -239,7 +240,7 @@ module Addressable
       end
       return unpacked
     end
-    (class <<self; private :unicode_sort_canonical; end)
+    private_class_method :unicode_sort_canonical
 
     def self.unicode_decompose(unpacked)
       unpacked_result = []
@@ -260,7 +261,7 @@ module Addressable
       end
       return unpacked_result
     end
-    (class <<self; private :unicode_decompose; end)
+    private_class_method :unicode_decompose
 
     def self.unicode_decompose_hangul(codepoint)
       sindex = codepoint - HANGUL_SBASE;
@@ -277,7 +278,7 @@ module Addressable
       end
       return l, v, t
     end
-    (class <<self; private :unicode_decompose_hangul; end)
+    private_class_method :unicode_decompose_hangul
 
     def self.lookup_unicode_combining_class(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -285,14 +286,14 @@ module Addressable
         (codepoint_data[UNICODE_DATA_COMBINING_CLASS] || 0) :
         0)
     end
-    (class <<self; private :lookup_unicode_combining_class; end)
+    private_class_method :lookup_unicode_combining_class
 
     def self.lookup_unicode_compatibility(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
       (codepoint_data ?
         codepoint_data[UNICODE_DATA_COMPATIBILITY] : nil)
     end
-    (class <<self; private :lookup_unicode_compatibility; end)
+    private_class_method :lookup_unicode_compatibility
 
     def self.lookup_unicode_lowercase(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -300,12 +301,12 @@ module Addressable
         (codepoint_data[UNICODE_DATA_LOWERCASE] || codepoint) :
         codepoint)
     end
-    (class <<self; private :lookup_unicode_lowercase; end)
+    private_class_method :lookup_unicode_lowercase
 
     def self.lookup_unicode_composition(unpacked)
       return COMPOSITION_TABLE[unpacked]
     end
-    (class <<self; private :lookup_unicode_composition; end)
+    private_class_method :lookup_unicode_composition
 
     HANGUL_SBASE =  0xac00
     HANGUL_LBASE =  0x1100
@@ -342,7 +343,7 @@ module Addressable
     end
 
     COMPOSITION_TABLE = {}
-    for codepoint, data in UNICODE_DATA
+    UNICODE_DATA.each do |codepoint, data|
       canonical = data[UNICODE_DATA_CANONICAL]
       exclusion = data[UNICODE_DATA_EXCLUSION]
 
@@ -501,7 +502,7 @@ module Addressable
 
       output[0..outlen].map { |x| x.chr }.join("").sub(/\0+\z/, "")
     end
-    (class <<self; private :punycode_encode; end)
+    private_class_method :punycode_encode
 
     def self.punycode_decode(punycode)
       input = []
@@ -623,22 +624,22 @@ module Addressable
 
       output.pack("U*")
     end
-    (class <<self; private :punycode_decode; end)
+    private_class_method :punycode_decode
 
     def self.punycode_basic?(codepoint)
       codepoint < 0x80
     end
-    (class <<self; private :punycode_basic?; end)
+    private_class_method :punycode_basic?
 
     def self.punycode_delimiter?(codepoint)
       codepoint == PUNYCODE_DELIMITER
     end
-    (class <<self; private :punycode_delimiter?; end)
+    private_class_method :punycode_delimiter?
 
     def self.punycode_encode_digit(d)
       d + 22 + 75 * ((d < 26) ? 1 : 0)
     end
-    (class <<self; private :punycode_encode_digit; end)
+    private_class_method :punycode_encode_digit
 
     # Returns the numeric value of a basic codepoint
     # (for use in representing integers) in the range 0 to
@@ -654,7 +655,7 @@ module Addressable
         PUNYCODE_BASE
       end
     end
-    (class <<self; private :punycode_decode_digit; end)
+    private_class_method :punycode_decode_digit
 
     # Bias adaptation method
     def self.punycode_adapt(delta, numpoints, firsttime)
@@ -671,7 +672,7 @@ module Addressable
 
       k + (difference + 1) * delta / (delta + PUNYCODE_SKEW)
     end
-    (class <<self; private :punycode_adapt; end)
+    private_class_method :punycode_adapt
   end
   # :startdoc:
 end