addressable 2.8.1 → 2.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ddda72232f6aef9f6f4311c2855f1b3fea9acc80f51c4e5e90bd23820b0d74e
-  data.tar.gz: 88f208cb2d73dec64663e6e3c1710dc08b188402937038fefce6a2d47debc97d
+  metadata.gz: ffaab8b78df30a2126058a425f168d76b26bc33e60849cabc1a6beabae24464d
+  data.tar.gz: 841ab2bd18fbcf3ff746cb85ea1661e628e278e6c7bc5ad96cd480e36a54f067
 SHA512:
-  metadata.gz: 4e1b0c83fc2f2e54cba6804f3840c8bb29f0d73259979d5bf678ebd5d32257b91585d9b71a780321427835d10f98b9c07969267878f0b032c53d031c30202a4c
-  data.tar.gz: 35abc3652c8ff92032411e4daad7133b7c4649aff4a1a25fe622cf1c9b661d56f096a1084392e053788baea79f551a9d4a448d16c9e61e23bf4d9692a6728bf3
+  metadata.gz: f5884313cb2c68ea73d25e8f7f0a76200030bb3fb7abad8b31532180b1ae3c1df10f8db614a273dba115c87860682d227fdf046c743370e020a577cae667d026
+  data.tar.gz: c97dd91446991ce20400e9b4c2586aefbc1dca9fd1d49efca9606fc505ff0d49807686ab1fdfd7d4dba447c9c4bf8fb6c0bbd5a1d3d69a4952207d035e912dc2

data/CHANGELOG.md

@@ -1,20 +1,84 @@
-# Addressable 2.8.1
+# Changelog
+
+## Addressable 2.9.0 <a name="v2.9.0">
+- fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete
+  remediation in 2.8.10)
+
+## Addressable 2.8.10 <a name="v2.8.10">
+- fixes ReDoS vulnerability in Addressable::Template#match
+
+## Addressable 2.8.9 <a name="v2.8.9">
+- Reduce gem size by excluding test files ([#569])
+- No need for bundler as development dependency ([#571], [5fc1d93](https://github.com/sporkmonger/addressable/commit/5fc1d93))
+- idna/pure: stop building the useless `COMPOSITION_TABLE` (removes the `Addressable::IDNA::COMPOSITION_TABLE` constant) ([#564])
+
+[#569]: https://github.com/sporkmonger/addressable/pull/569
+[#571]: https://github.com/sporkmonger/addressable/pull/571
+[#564]: https://github.com/sporkmonger/addressable/pull/564
+
+## Addressable 2.8.8 <a name="v2.8.8">
+- Replace the `unicode.data` blob by a ruby constant ([#561])
+- Allow `public_suffix` 7 ([#558])
+
+[#561]: https://github.com/sporkmonger/addressable/pull/561
+[#558]: https://github.com/sporkmonger/addressable/pull/558
+
+## Addressable 2.8.7 <a name="v2.8.7">
+- Allow `public_suffix` 6 ([#535])
+
+[#535]: https://github.com/sporkmonger/addressable/pull/535
+
+## Addressable 2.8.6 <a name="v2.8.6">
+- Memoize regexps for common character classes ([#524])
+
+[#524]: https://github.com/sporkmonger/addressable/pull/524
+
+## Addressable 2.8.5 <a name="v2.8.5">
+- Fix thread safety issue with encoding tables ([#515])
+- Define URI::NONE as a module to avoid serialization issues ([#509])
+- Fix YAML serialization ([#508])
+
+[#508]: https://github.com/sporkmonger/addressable/pull/508
+[#509]: https://github.com/sporkmonger/addressable/pull/509
+[#515]: https://github.com/sporkmonger/addressable/pull/515
+
+## Addressable 2.8.4 <a name="v2.8.4">
+- Restore `Addressable::IDNA.unicode_normalize_kc` as a deprecated method ([#504])
+
+[#504]: https://github.com/sporkmonger/addressable/pull/504
+
+## Addressable 2.8.3 <a name="v2.8.3">
+- Fix template expand level 2 hash support for non-string objects ([#499], [#498])
+
+[#499]: https://github.com/sporkmonger/addressable/pull/499
+[#498]: https://github.com/sporkmonger/addressable/pull/498
+
+## Addressable 2.8.2 <a name="v2.8.2">
+- Improve cache hits and JIT friendliness ([#486](https://github.com/sporkmonger/addressable/pull/486))
+- Improve code style and test coverage ([#482](https://github.com/sporkmonger/addressable/pull/482))
+- Ensure reset of deferred validation ([#481](https://github.com/sporkmonger/addressable/pull/481))
+- Resolve normalization differences between `IDNA::Native` and `IDNA::Pure` ([#408](https://github.com/sporkmonger/addressable/issues/408), [#492])
+- Remove redundant colon in `Addressable::URI::CharacterClasses::AUTHORITY` regex ([#438](https://github.com/sporkmonger/addressable/pull/438)) (accidentally reverted by [#449] merge but [added back](https://github.com/sporkmonger/addressable/pull/492#discussion_r1105125280) in [#492])
+
+[#492]: https://github.com/sporkmonger/addressable/pull/492
+
+## Addressable 2.8.1 <a name="v2.8.1">
 - refactor `Addressable::URI.normalize_path` to address linter offenses ([#430](https://github.com/sporkmonger/addressable/pull/430))
-- remove redundant colon in `Addressable::URI::CharacterClasses::AUTHORITY` regex ([#438](https://github.com/sporkmonger/addressable/pull/438))
 - update gemspec to reflect supported Ruby versions ([#466], [#464], [#463])
 - compatibility w/ public_suffix 5.x ([#466], [#465], [#460])
 - fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters ([#459](https://github.com/sporkmonger/addressable/pull/459))
-- `Ractor` compatibility ([#449](https://github.com/sporkmonger/addressable/pull/449))
+- `Ractor` compatibility ([#449])
 - use the whole string instead of a single line for template match ([#431](https://github.com/sporkmonger/addressable/pull/431))
 - force UTF-8 encoding only if needed ([#341](https://github.com/sporkmonger/addressable/pull/341))
 
+[#449]: https://github.com/sporkmonger/addressable/pull/449
 [#460]: https://github.com/sporkmonger/addressable/pull/460
 [#463]: https://github.com/sporkmonger/addressable/pull/463
 [#464]: https://github.com/sporkmonger/addressable/pull/464
 [#465]: https://github.com/sporkmonger/addressable/pull/465
 [#466]: https://github.com/sporkmonger/addressable/pull/466
 
-# Addressable 2.8.0
+## Addressable 2.8.0 <a name="v2.8.0">
 - fixes ReDoS vulnerability in Addressable::Template#match
 - no longer replaces `+` with spaces in queries for non-http(s) schemes
 - fixed encoding ipv6 literals
@@ -26,14 +90,14 @@
 - performance improvements
 - switch CI/CD to GitHub Actions
 
-# Addressable 2.7.0
+## Addressable 2.7.0 <a name="v2.7.0">
 - added `:compacted` flag to `normalized_query`
 - `heuristic_parse` handles `mailto:` more intuitively
 - dropped explicit support for JRuby 9.0.5.0
 - compatibility w/ public_suffix 4.x
 - performance improvements
 
-# Addressable 2.6.0
+## Addressable 2.6.0 <a name="v2.6.0">
 - added `tld=` method to allow assignment to the public suffix
 - most `heuristic_parse` patterns are now case-insensitive
 - `heuristic_parse` handles more `file://` URI variations
@@ -44,17 +108,17 @@
 - minor performance improvements in regexps
 - fixes to eliminate warnings
 
-# Addressable 2.5.2
+## Addressable 2.5.2 <a name="v2.5.2">
 - better support for frozen string literals
 - fixed bug w/ uppercase characters in scheme
 - IDNA errors w/ emoji URLs
 - compatibility w/ public_suffix 3.x
 
-# Addressable 2.5.1
+## Addressable 2.5.1 <a name="v2.5.1">
 - allow unicode normalization to be disabled for URI Template expansion
 - removed duplicate test
 
-# Addressable 2.5.0
+## Addressable 2.5.0 <a name="v2.5.0">
 - dropping support for Ruby 1.9
 - adding support for Ruby 2.4 preview
 - add support for public suffixes and tld; first runtime dependency
@@ -68,7 +132,7 @@
 - host parts longer than 63 bytes will be ignored and not passed to libidn
 - normalized values always encoded as UTF-8
 
-# Addressable 2.4.0
+## Addressable 2.4.0 <a name="v2.4.0">
 - support for 1.8.x dropped
 - double quotes in a host now raises an error
 - newlines in host will no longer get unescaped during normalization
@@ -80,17 +144,17 @@
 - fixed minor bug where an exception would be thrown for a missing ACE suffix
 - better partial expansion of URI templates
 
-# Addressable 2.3.8
+## Addressable 2.3.8 <a name="v2.3.8">
 - fix warnings
 - update dependency gems
 - support for 1.8.x officially deprecated
 
-# Addressable 2.3.7
+## Addressable 2.3.7 <a name="v2.3.7">
 - fix scenario in which invalid URIs don't get an exception until inspected
 - handle hostnames with two adjacent periods correctly
 - upgrade of RSpec
 
-# Addressable 2.3.6
+## Addressable 2.3.6 <a name="v2.3.6">
 - normalization drops empty query string
 - better handling in template extract for missing values
 - template modifier for `'?'` now treated as optional
@@ -99,19 +163,19 @@
 - added `:sorted` option to normalization of query strings
 - fixed issue with normalization of hosts given in `'example.com.'` form
 
-# Addressable 2.3.5
+## Addressable 2.3.5 <a name="v2.3.5">
 - added Addressable::URI#empty? method
 - Addressable::URI#hostname methods now strip square brackets from IPv6 hosts
 - compatibility with Net::HTTP in Ruby 2.0.0
 - Addressable::URI#route_from should always give relative URIs
 
-# Addressable 2.3.4
+## Addressable 2.3.4 <a name="v2.3.4">
 - fixed issue with encoding altering its inputs
 - query string normalization now leaves ';' characters alone
 - FakeFS is detected before attempting to load unicode tables
 - additional testing to ensure frozen objects don't cause problems
 
-# Addressable 2.3.3
+## Addressable 2.3.3 <a name="v2.3.3">
 - fixed issue with converting common primitives during template expansion
 - fixed port encoding issue
 - removed a few warnings
@@ -120,59 +184,59 @@
 - no template match should now result in nil instead of an empty MatchData
 - added license information to gemspec
 
-# Addressable 2.3.2
+## Addressable 2.3.2 <a name="v2.3.2">
 - added Addressable::URI#default_port method
 - fixed issue with Marshalling Unicode data on Windows
 - improved heuristic parsing to better handle IPv4 addresses
 
-# Addressable 2.3.1
+## Addressable 2.3.1 <a name="v2.3.1">
 - fixed missing unicode data file
 
-# Addressable 2.3.0
+## Addressable 2.3.0 <a name="v2.3.0">
 - updated Addressable::Template to use RFC 6570, level 4
 - fixed compatibility problems with some versions of Ruby
 - moved unicode tables into a data file for performance reasons
 - removing support for multiple query value notations
 
-# Addressable 2.2.8
+## Addressable 2.2.8 <a name="v2.2.8">
 - fixed issues with dot segment removal code
 - form encoding can now handle multiple values per key
 - updated development environment
 
-# Addressable 2.2.7
+## Addressable 2.2.7 <a name="v2.2.7">
 - fixed issues related to Addressable::URI#query_values=
 - the Addressable::URI.parse method is now polymorphic
 
-# Addressable 2.2.6
+## Addressable 2.2.6 <a name="v2.2.6">
 - changed the way ambiguous paths are handled
 - fixed bug with frozen URIs
 - https supported in heuristic parsing
 
-# Addressable 2.2.5
+## Addressable 2.2.5 <a name="v2.2.5">
 - 'parsing' a pre-parsed URI object is now a dup operation
 - introduced conditional support for libidn
 - fixed normalization issue on ampersands in query strings
 - added additional tests around handling of query strings
 
-# Addressable 2.2.4
+## Addressable 2.2.4 <a name="v2.2.4">
 - added origin support from draft-ietf-websec-origin-00
 - resolved issue with attempting to navigate below root
 - fixed bug with string splitting in query strings
 
-# Addressable 2.2.3
+## Addressable 2.2.3 <a name="v2.2.3">
 - added :flat_array notation for query strings
 
-# Addressable 2.2.2
+## Addressable 2.2.2 <a name="v2.2.2">
 - fixed issue with percent escaping of '+' character in query strings
 
-# Addressable 2.2.1
+## Addressable 2.2.1 <a name="v2.2.1">
 - added support for application/x-www-form-urlencoded.
 
-# Addressable 2.2.0
+## Addressable 2.2.0 <a name="v2.2.0">
 - added site methods
 - improved documentation
 
-# Addressable 2.1.2
+## Addressable 2.1.2 <a name="v2.1.2">
 - added HTTP request URI methods
 - better handling of Windows file paths
 - validation_deferred boolean replaced with defer_validation block
@@ -180,14 +244,14 @@
 - fixed issue with constructing URIs with relative paths
 - fixed warnings
 
-# Addressable 2.1.1
+## Addressable 2.1.1 <a name="v2.1.1">
 - more type checking changes
 - fixed issue with unicode normalization
 - added method to find template defaults
 - symbolic keys are now allowed in template mappings
 - numeric values and symbolic values are now allowed in template mappings
 
-# Addressable 2.1.0
+## Addressable 2.1.0 <a name="v2.1.0x">
 - refactored URI template support out into its own class
 - removed extract method due to being useless and unreliable
 - removed Addressable::URI.expand_template
@@ -201,15 +265,15 @@
 - worked around issue with freezing URIs
 - improved specs
 
-# Addressable 2.0.2
+## Addressable 2.0.2 <a name="v2.0.2">
 - fixed issue with URI template expansion
 - fixed issue with percent escaping characters 0-15
 
-# Addressable 2.0.1
+## Addressable 2.0.1 <a name="v2.0.1">
 - fixed issue with query string assignment
 - fixed issue with improperly encoded components
 
-# Addressable 2.0.0
+## Addressable 2.0.0 <a name="v2.0.0">
 - the initialize method now takes an options hash as its only parameter
 - added query_values method to URI class
 - completely replaced IDNA implementation with pure Ruby
@@ -224,20 +288,20 @@
 - updated URI Template code to match v 03 of the draft spec
 - added a bunch of new specifications
 
-# Addressable 1.0.4
+## Addressable 1.0.4 <a name="v1.0.4">
 - switched to using RSpec's pending system for specs that rely on IDN
 - fixed issue with creating URIs with paths that are not prefixed with '/'
 
-# Addressable 1.0.3
+## Addressable 1.0.3 <a name="v1.0.3">
 - implemented a hash method
 
-# Addressable 1.0.2
+## Addressable 1.0.2 <a name="v1.0.2">
 - fixed minor bug with the extract_mapping method
 
-# Addressable 1.0.1
+## Addressable 1.0.1 <a name="v1.0.1">
 - fixed minor bug with the extract_mapping method
 
-# Addressable 1.0.0
+## Addressable 1.0.0 <a name="v1.0.0">
 - heuristic parse method added
 - parsing is slightly more strict
 - replaced to_h with to_hash
@@ -246,16 +310,16 @@
 - improved heckle rake task
 - no surviving heckle mutations
 
-# Addressable 0.1.2
+## Addressable 0.1.2 <a name="v0.1.2">
 - improved normalization
 - fixed bug in joining algorithm
 - updated specifications
 
-# Addressable 0.1.1
+## Addressable 0.1.1 <a name="v0.1.1">
 - updated documentation
 - added URI Template variable extraction
 
-# Addressable 0.1.0
+## Addressable 0.1.0 <a name="v0.1.0">
 - initial release
 - implementation based on RFC 3986, 3987
 - support for IRIs via libidn

data/README.md

@@ -17,7 +17,7 @@
 [coveralls]: https://coveralls.io/r/sporkmonger/addressable
 [inch]: https://inch-ci.org/github/sporkmonger/addressable
 
-# Description
+## Description
 
 Addressable is an alternative implementation to the URI implementation
 that is part of Ruby's standard library. It is flexible, offers heuristic
@@ -25,12 +25,12 @@ parsing, and additionally provides extensive support for IRIs and URI templates.
 
 Addressable closely conforms to RFC 3986, RFC 3987, and RFC 6570 (level 4).
 
-# Reference
+## Reference
 
 - {Addressable::URI}
 - {Addressable::Template}
 
-# Example usage
+## Example usage
 
 ```ruby
 require "addressable/uri"
@@ -49,7 +49,7 @@ uri.normalize
 ```
 
 
-# URI Templates
+## URI Templates
 
 For more details, see [RFC 6570](https://www.rfc-editor.org/rfc/rfc6570.txt).
 
@@ -88,7 +88,7 @@ template.extract(uri)
 # }
 ```
 
-# Install
+## Install
 
 ```console
 $ gem install addressable
@@ -103,7 +103,7 @@ $ brew install libidn # OS X
 $ gem install idn-ruby
 ```
 
-# Semantic Versioning
+## Semantic Versioning
 
 This project uses [Semantic Versioning](https://semver.org/). You can (and should) specify your
 dependency using a pessimistic version constraint covering the major and minor

data/lib/addressable/idna/native.rb

@@ -29,8 +29,14 @@ module Addressable
        IDN::Punycode.decode(value.to_s)
      end
 
-    def self.unicode_normalize_kc(value)
-      IDN::Stringprep.nfkc_normalize(value.to_s)
+    class << self
+      # @deprecated Use {String#unicode_normalize(:nfkc)} instead
+      def unicode_normalize_kc(value)
+        value.to_s.unicode_normalize(:nfkc)
+      end
+
+      extend Gem::Deprecate
+      deprecate :unicode_normalize_kc, "String#unicode_normalize(:nfkc)", 2023, 4
     end
 
     def self.to_ascii(value)