auth-sanitizer 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 633789bb7c954fcea43d081527da59affeb9e4859773ccb94ba98b6a5dc767c5
-  data.tar.gz: dd4f09c0461cee4cc31ee4900771e34c5349f2a7cb43028c582753cd055d5c7d
+  metadata.gz: e553dcb05812a620438872bb9726ae4b87806b78e4a188f475db2962fb3ace16
+  data.tar.gz: c6f928c8ede605a82cce0bb88238eb855529d5464b0655372b6662b90770f537
 SHA512:
-  metadata.gz: bde13e5621861e7361f273917922ece5353a87178addca4b835b00d879c30aea7dd3fe1b8e16db3bd88dde05a1164d52c19bde07ca7785d7de45bed7e0660bba
-  data.tar.gz: 463eecc6672abdaadc05b0d8c0b22e8ab0a05793265fdfe76ac3ccd4d49bf26b1b4bd9b7011ac23cfeee69c1d8e2eeb55f8f82546cc0e7a7eb651b95d870eb52
+  metadata.gz: '018736223d93b251e19b6b47f87ade2c70dd033762a97830cd73c13ea40dce3c175d4629140ca151d04ee64672fc3a46423ab70ea25d59b5e368078cbf119f3b'
+  data.tar.gz: '0897d315fefb00a8fd951e58a8a9ed0e85f97444394357b2a98d0e4b122cbff788da6fef4250512170eb18ee03bd5ba263bc6cb6512328527b7de0d1e9ad80bd'

data/CHANGELOG.md

@@ -30,6 +30,24 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [0.2.2] - 2026-06-18
+
+- TAG: [v0.2.2][0.2.2t]
+- COVERAGE: 100.00% -- 145/145 lines in 6 files
+- BRANCH COVERAGE: 100.00% -- 28/28 branches in 6 files
+- 84.62% documented
+
+### Changed
+
+- Documented the released `anonymous_loader` gem as the preferred reusable
+  helper for zero-`auth-sanitizer`-namespace loading.
+
+### Fixed
+
+- Documented the `$LOAD_PATH` fallback needed by isolated loader consumers when
+  Bundler standalone setup provides `auth_sanitizer/loader.rb` without a
+  matching `Gem.loaded_specs` or `GEM_PATH` entry.
+
 ## [0.2.1] - 2026-06-06
 
 - TAG: [v0.2.1][0.2.1t]
@@ -151,7 +169,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 - Initial release
 
-[Unreleased]: https://github.com/ruby-oauth/auth-sanitizer/compare/v0.2.1...HEAD
+[Unreleased]: https://github.com/ruby-oauth/auth-sanitizer/compare/v0.2.2...HEAD
+[0.2.2]: https://github.com/ruby-oauth/auth-sanitizer/compare/v0.2.1...v0.2.2
+[0.2.2t]: https://github.com/ruby-oauth/auth-sanitizer/releases/tag/v0.2.2
 [0.2.1]: https://github.com/ruby-oauth/auth-sanitizer/compare/v0.2.0...v0.2.1
 [0.2.1t]: https://github.com/ruby-oauth/auth-sanitizer/releases/tag/v0.2.1
 [0.2.0]: https://github.com/ruby-oauth/auth-sanitizer/compare/v0.1.5...v0.2.0

data/README.md

@@ -63,6 +63,11 @@ The returned module is an anonymously namespaced `Auth::Sanitizer`, suitable for
 Use `require: false` in gems that want to avoid every new top-level namespace, including `AuthSanitizer`; see
 [Zero Top-Level Namespace Additions](#zero-top-level-namespace-additions).
 
+Consumers that want a reusable resolver for that stricter loading mode can use
+[`anonymous_loader`](https://github.com/ruby-oauth/anonymous_loader). It handles
+explicit paths, RubyGems metadata, and `$LOAD_PATH` fallback resolution while evaluating
+the loader under an anonymous namespace.
+
 This gem is used by the following libraries to ensure clean output:
 
 - oauth
@@ -205,27 +210,26 @@ gem "auth-sanitizer", require: "auth_sanitizer/loader"
 Use `require: false` when the consuming library will decide which loading mode to use internally. Use
 `require: "auth_sanitizer/loader"` when Bundler should make the isolated loader available during `Bundler.require`.
 
+When Bundler standalone setup is loaded directly, a dependency can be present on `$LOAD_PATH` without a matching
+`Gem.loaded_specs` entry or `GEM_PATH` entry. Consumers that locate the isolated loader themselves should therefore
+use `AnonymousLoader.load_path`, or otherwise fall back to `Gem.find_files("auth_sanitizer/loader.rb")`, before failing.
+
 #### Zero Top-Level Namespace Additions
 
-A gem that needs zero new top-level namespaces from this dependency can load the loader itself inside an anonymous
-namespace. On Ruby 3.1+, use `Kernel.load(path, module)`:
+For a gem that needs zero new top-level namespaces from `auth-sanitizer`, use `anonymous_loader` to evaluate
+`auth_sanitizer/loader.rb` inside an anonymous namespace, then call `AuthSanitizer::Loader.load_isolated` from that
+anonymous namespace:
 
 ```ruby
-auth_sanitizer_requirement = Gem::Requirement.new("~> 0.1", ">= 0.1.3")
-auth_sanitizer_spec = Gem.loaded_specs["auth-sanitizer"]
-unless auth_sanitizer_spec && auth_sanitizer_requirement.satisfied_by?(auth_sanitizer_spec.version)
-  auth_sanitizer_spec = Gem::Specification.find_by_name("auth-sanitizer", auth_sanitizer_requirement)
-end
-auth_sanitizer_loader_path = File.join(
-  auth_sanitizer_spec.full_gem_path,
-  "lib/auth_sanitizer/loader.rb"
+require "anonymous_loader"
+
+auth_sanitizer_requirement = Gem::Requirement.new("~> 0.2", ">= 0.2.1")
+auth_sanitizer_loader_namespace = AnonymousLoader.load_path(
+  gem_name: "auth-sanitizer",
+  require_path: "auth_sanitizer/loader.rb",
+  version_requirement: auth_sanitizer_requirement,
+  version_file: "auth/sanitizer/version.rb"
 )
-unless File.file?(auth_sanitizer_loader_path)
-  raise LoadError, "auth-sanitizer #{auth_sanitizer_requirement} loader not found at #{auth_sanitizer_loader_path}"
-end
-
-auth_sanitizer_loader_namespace = Module.new
-Kernel.load(auth_sanitizer_loader_path, auth_sanitizer_loader_namespace)
 
 AUTH_SANITIZER = auth_sanitizer_loader_namespace
   .const_get(:AuthSanitizer)
@@ -234,42 +238,26 @@ AUTH_SANITIZER = auth_sanitizer_loader_namespace
 ```
 
 That pattern leaves both `Auth` and `AuthSanitizer` undefined at top level. The consuming gem should assign the returned
-module under its own namespace and use that internal constant.
+module under its own namespace and use that internal constant. It does define `AnonymousLoader`, whose namespace is
+specific to the resolver gem and intentionally much less collision-prone than `Auth`.
 
-<details markdown="1">
-  <summary>Ruby 2.2-compatible zero-top-level loading</summary>
-
-Ruby 2.2 through Ruby 3.0 do not support `Kernel.load(path, module)`. For those versions, evaluate the loader source
-inside an anonymous namespace with `Module#module_eval`:
+Declare both dependencies with `require: false` when the consuming library owns its loading path:
 
 ```ruby
-auth_sanitizer_requirement = Gem::Requirement.new("~> 0.1", ">= 0.1.3")
-auth_sanitizer_spec = Gem.loaded_specs["auth-sanitizer"]
-unless auth_sanitizer_spec && auth_sanitizer_requirement.satisfied_by?(auth_sanitizer_spec.version)
-  auth_sanitizer_spec = Gem::Specification.find_by_name("auth-sanitizer", auth_sanitizer_requirement)
-end
-auth_sanitizer_loader_path = File.join(
-  auth_sanitizer_spec.full_gem_path,
-  "lib/auth_sanitizer/loader.rb"
-)
-unless File.file?(auth_sanitizer_loader_path)
-  raise LoadError, "auth-sanitizer #{auth_sanitizer_requirement} loader not found at #{auth_sanitizer_loader_path}"
-end
+gem "anonymous_loader", "~> 0.1", ">= 0.1.0", require: false
+gem "auth-sanitizer", "~> 0.2", ">= 0.2.1", require: false
+```
 
-auth_sanitizer_loader_namespace = Module.new
-auth_sanitizer_loader_namespace.module_eval(
-  File.read(auth_sanitizer_loader_path),
-  auth_sanitizer_loader_path,
-  1
-)
+If the host application uses `Bundler.require`, use:
 
-AUTH_SANITIZER = auth_sanitizer_loader_namespace
-  .const_get(:AuthSanitizer)
-  .const_get(:Loader)
-  .load_isolated
+```ruby
+gem "anonymous_loader", "~> 0.1", ">= 0.1.0"
+gem "auth-sanitizer", "~> 0.2", ">= 0.2.1", require: false
 ```
 
-</details>
+`AnonymousLoader.load_path` raises `AnonymousLoader::FileNotFoundError` when it cannot resolve the loader, and
+`AnonymousLoader::VersionMismatchError` when it finds a load-path candidate whose adjacent version file does not satisfy
+the requested range.
 
 ### Filtered Label
 
@@ -424,7 +412,7 @@ require "auth/sanitizer"
 ```
 
 Or load it without defining top-level `Auth`. This still defines top-level `AuthSanitizer`; see
-[Zero Top-Level Namespace Additions](#zero-top-level-namespace-additions) for the stricter loading pattern.
+[Zero Top-Level Namespace Additions](#zero-top-level-namespace-additions) for the stricter `anonymous_loader` pattern.
 
 ```ruby
 require "auth_sanitizer/loader"
@@ -587,6 +575,10 @@ NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day
 
 <!-- OPENCOLLECTIVE-ORGANIZATIONS:START -->
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+[Bill Woika](https://opencollective.com/bill-woika) [Philipp Ebneter](https://opencollective.com/guest-e77282f7) [Grigoriy](https://opencollective.com/guest-c93e0c48)
 <!-- OPENCOLLECTIVE-ORGANIZATIONS:END -->
 
 [kettle-readme-backers]: https://github.com/ruby-oauth/auth-sanitizer/blob/main/exe/kettle-readme-backers

data/lib/auth/sanitizer/version.rb

@@ -3,7 +3,7 @@
 module Auth
   module Sanitizer
     module Version
-      VERSION = "0.2.1"
+      VERSION = "0.2.2"
     end
     VERSION = Version::VERSION # Traditional Constant Location
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth-sanitizer
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Peter H. Boling
@@ -279,10 +279,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://auth-sanitizer.galtzo.com
-  source_code_uri: https://github.com/ruby-oauth/auth-sanitizer/tree/v0.2.1
-  changelog_uri: https://github.com/ruby-oauth/auth-sanitizer/blob/v0.2.1/CHANGELOG.md
+  source_code_uri: https://github.com/ruby-oauth/auth-sanitizer/tree/v0.2.2
+  changelog_uri: https://github.com/ruby-oauth/auth-sanitizer/blob/v0.2.2/CHANGELOG.md
   bug_tracker_uri: https://github.com/ruby-oauth/auth-sanitizer/issues
-  documentation_uri: https://www.rubydoc.info/gems/auth-sanitizer/0.2.1
+  documentation_uri: https://www.rubydoc.info/gems/auth-sanitizer/0.2.2
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/ruby-oauth/auth-sanitizer/wiki
   news_uri: https://www.railsbling.com/tags/auth-sanitizer

metadata.gz.sig

@@ -1,2 +1,2 @@
-���������؛v:�Ζ��~?~P�"Dc0�+Uu���2�VI��J�j��8�pVd�c�"Iׂ�0��25�l.�x�V�e���6D�EcݒK5�ͧwc�J�u
-<�r������Ʒkdq^w9
�W��ّ�����G����V�R���'�:�p�_�����?C[Wa-�L��_�A���J
+W�&WTJ�u��̕R�T`ap�5���Z
+��I�Pd��l��H�T����m8L� �ߘ�JGCڼ������K
��sC(���N1Fqu�ꧨ�	I�ri5�N7aE�O��P�Caj����B�A��)8h_P���)�S�<Or�