chartkick 3.4.0 → 3.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5afacd4c10d0cfddc6a2a660efead206ee042e80d48dd749f9de79feb365c1fd
-  data.tar.gz: c7fc99b0b2b467a6326df99f5832de2b3674f5f80415749cf57177142eecfc45
+  metadata.gz: 5791c4748533e3fa0eaa1b2e1c6fbbffc726f8ab663f4590edfd0b9555894909
+  data.tar.gz: fb3e99507dcdf7934cf1bfc25052ba14f8c109af05379a45b47fda728c2eb3b7
 SHA512:
-  metadata.gz: 75b1793b427c5d9d4604b813773253adb864b6134fad48f952c72377f75da40c8daa19eaf06fd7ce0b2da31a1ba436cfe54bde318ac849ec2080652582ac7076
-  data.tar.gz: 8f47e12f6e9c746871d02f0d5bd3093da1017c5a222837696b5b0d7b7e4008c400c8556e4f85ec7b0ccd79c15a9cb510a91a7d9ecf896d1a106b7c82e68ddc36
+  metadata.gz: e417d6dcc2ae547cd63c7ded309329b112cfc9b6195c29c08d6192e3dbba4c630695815cc65f3d23e3b3833bdafc46bb04809b708362de8d98ee5f04568fbca3
+  data.tar.gz: 730f4f49ced271c3f7e15e3a3e57d5f3f81c08d5a2bd0de3792ec6e2747c433bd37b185bd38db2dfaede7aa0c5ab0ad63255d30a675379e7035182df898bf836

data/CHANGELOG.md

@@ -1,6 +1,10 @@
+## 3.4.1 (2020-10-06)
+
+- Relaxed validation for `width` and `height` options
+
 ## 3.4.0 (2020-08-04)
 
-- Fixed CSS injection with `width` and `height` options
+- Fixed CSS injection with `width` and `height` options - [more info](https://github.com/ankane/chartkick/issues/546)
 
 ## 3.3.2 (2020-07-23)
 
@@ -9,7 +13,7 @@
 ## 3.3.1 (2019-12-26)
 
 - Updated Chart.js to 2.9.3
-- Fixed deprecating warnings in Ruby 2.7
+- Fixed deprecation warnings in Ruby 2.7
 
 ## 3.3.0 (2019-11-09)
 
@@ -27,7 +31,7 @@
 
 ## 3.2.0 (2019-06-04)
 
-- Fixed XSS vulnerability - see [#488](https://github.com/ankane/chartkick/issues/488)
+- Fixed XSS vulnerability - [more info](https://github.com/ankane/chartkick/issues/488)
 
 ## 3.1.0 (2019-05-26)
 

data/README.md

@@ -4,7 +4,7 @@ Create beautiful JavaScript charts with one line of Ruby. No more fighting with
 
 [See it in action](https://chartkick.com)
 
-:fire: For admin charts and dashboards, check out [Blazer](https://github.com/ankane/blazer/)
+:fire: For admin charts and dashboards, check out [Blazer](https://github.com/ankane/blazer/), and for advanced visualizations, check out [Vega](https://github.com/ankane/vega)
 
 :two_hearts: A perfect companion to [Groupdate](https://github.com/ankane/groupdate), [Hightop](https://github.com/ankane/hightop), and [ActiveMedian](https://github.com/ankane/active_median)
 

data/lib/chartkick.rb

@@ -1,3 +1,5 @@
+# modules
+require "chartkick/enumerable"
 require "chartkick/helper"
 require "chartkick/version"
 
@@ -18,29 +20,3 @@ module Chartkick
   end
   self.options = {}
 end
-
-# for multiple series
-# use Enumerable so it can be called on arrays
-module Enumerable
-  def chart_json
-    if is_a?(Hash)
-      if (key = keys.first) && key.is_a?(Array) && key.size == 2
-        group_by { |k, _v| k[0] }.map do |name, data|
-          {name: name, data: data.map { |k, v| [k[1], v] }}
-        end
-      else
-        to_a
-      end
-    elsif is_a?(Array)
-      map do |v|
-        if v.is_a?(Hash) && v[:data].is_a?(Hash)
-          v = v.dup
-          v[:data] = v[:data].to_a
-        end
-        v
-      end
-    else
-      self
-    end.to_json
-  end
-end

data/lib/chartkick/enumerable.rb

@@ -0,0 +1,25 @@
+# for both multiple series and
+# making sure hash order is preserved in JavaScript
+module Enumerable
+  def chart_json
+    if is_a?(Hash)
+      if (key = keys.first) && key.is_a?(Array) && key.size == 2
+        group_by { |k, _v| k[0] }.map do |name, data|
+          {name: name, data: data.map { |k, v| [k[1], v] }}
+        end
+      else
+        to_a
+      end
+    elsif is_a?(Array)
+      map do |v|
+        if v.is_a?(Hash) && v[:data].is_a?(Hash)
+          v = v.dup
+          v[:data] = v[:data].to_a
+        end
+        v
+      end
+    else
+      self
+    end.to_json
+  end
+end

data/lib/chartkick/helper.rb

@@ -77,7 +77,8 @@ module Chartkick
       css_vars.each_key do |k|
         # limit to alphanumeric and % for simplicity
         # this prevents things like calc() but safety is the priority
-        raise ArgumentError, "Invalid #{k}" unless css_vars[k] =~ /\A[a-zA-Z0-9%]*\z/
+        # dot does not need escaped in square brackets
+        raise ArgumentError, "Invalid #{k}" unless css_vars[k] =~ /\A[a-zA-Z0-9%.]*\z/
         # we limit above, but escape for safety as fail-safe
         # to prevent XSS injection in worse-case scenario
         css_vars[k] = ERB::Util.html_escape(css_vars[k])

data/lib/chartkick/version.rb

@@ -1,3 +1,3 @@
 module Chartkick
-  VERSION = "3.4.0"
+  VERSION = "3.4.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chartkick
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.4.1
 platform: ruby
 authors:
 - Andrew Kane
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-04 00:00:00.000000000 Z
+date: 2020-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,7 +52,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email: andrew@chartkick.com
 executables: []
 extensions: []
@@ -63,6 +63,7 @@ files:
 - README.md
 - lib/chartkick.rb
 - lib/chartkick/engine.rb
+- lib/chartkick/enumerable.rb
 - lib/chartkick/helper.rb
 - lib/chartkick/sinatra.rb
 - lib/chartkick/version.rb
@@ -72,7 +73,7 @@ homepage: https://chartkick.com
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -87,8 +88,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Create beautiful JavaScript charts with one line of Ruby
 test_files: []