RubyGems - cognito_token_verifier - Versions diffs - 0.5.0 → 0.7.0 - Mend

cognito_token_verifier 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/.github/workflows/codeql-analysis.yml +70 -0
data/.github/workflows/gem-push.yml +41 -0
data/.github/workflows/ruby-ci.yml +30 -0
data/.tool-versions +1 -0
data/CHANGELOG.md +13 -0
data/Gemfile.lock +100 -58
data/README.md +1 -1
data/cognito_token_verifier.gemspec +2 -2
data/gemfiles/{rails52.gemfile → rails7.gemfile} +2 -2
data/gemfiles/{rails6.gemfile → rails71.gemfile} +2 -2
data/lib/cognito_token_verifier/version.rb +1 -1
metadata +17 -26
data/.travis.yml +0 -17

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1cdcaef0b4d5ca7837dfedbaae4205e218675defa5318cbb9f99d9ed8eced3e
-  data.tar.gz: 195886dac29323c2f739333807ca256cc86576963bf8cfd0ff87d7ab7d858518
+  metadata.gz: 834f890adf4f2ff175abe5e980144d499e6e7f9d758ddf4fb3c1ad6c61195944
+  data.tar.gz: 78107cc16b7ac3ef2c2bbd4aa591eafd98a1287214a5890d6ce1e22363393c86
 SHA512:
-  metadata.gz: 8cd7ad61ad6e589a7d440a0ef2f395a6fded8f5c7d6656954231b851930dd332bb4aae2fad43a6affecda83c9374b469877678f10463520e79cb7de9905c4bfa
-  data.tar.gz: 5be66162f09998b41dc691cfbaf12af71a597cedfc91925c8d3def18c3bba92b09d62fe48ce8807d667a14c685f3aedec88aaad6c22ddd128f5840e19496544e
+  metadata.gz: b89b280f553aae1528751b4fd77158ad4d772616f53b5cf93750ba16c1747ee1b35b9e3e601d95000a1d59a2793e6f4bf1208b9872eb6f3caff809520b9d8b14
+  data.tar.gz: f27fff2a4f6a8d14e6fa71f5822370809f5321cb0fff5382e4ae0ea4838fa51dfb3f802c9d3b8c3da8821d71b63d1b6bc602d750707a414b6752b07959233140

data/.github/workflows/codeql-analysis.yml ADDED Viewed

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '35 20 * * 6'
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+    #- run: |
+    #   make bootstrap
+    #   make release
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

data/.github/workflows/gem-push.yml ADDED Viewed

@@ -0,0 +1,41 @@
+name: Ruby Gem
+on:
+  push:
+    tags:
+      - v*
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 3.1
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.1
+    - name: Publish to GPR
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+      env:
+        GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        OWNER: ${{ github.repository_owner }}
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"

data/.github/workflows/ruby-ci.yml ADDED Viewed

@@ -0,0 +1,30 @@
+name: Ruby CI
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  test:
+    name: "Ruby ${{ matrix.ruby }}, Gemfile ${{ matrix.gemfile }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby: ['3.3', '3.2', '3.1']
+        gemfile: ['rails61', 'rails7', 'rails71']
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec

data/.tool-versions ADDED Viewed

	@@ -0,0 +1 @@
1	+ ruby 3.3.0

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,18 @@
 # CHANGELOG
+## 0.7.0 (2024-02-28)
+  - Add Rails 7.1 support
+  - Test against Ruby 3.2 and 3.3
+  - Remove official support for Rails 5.2
+  - Remove official support for Rails 6.0
+  - Remove testing for Ruby 2.7 & 3.0
+## 0.6.0 (2022-02-24)
+  - Add Rails 7 support
+  - Test against Ruby 3.1
 ## 0.5.0 (2021-01-27)
   - Update `nokogiri` version to 1.11 for security patch in gem development

data/Gemfile.lock CHANGED Viewed

@@ -1,89 +1,130 @@
 PATH
   remote: .
   specs:
-    cognito_token_verifier (0.5.0)
-      activesupport (>= 5.2, < 6.2)
+    cognito_token_verifier (0.7.0)
+      activesupport (>= 6.1)
       json-jwt (~> 1.11)
       rest-client (~> 2.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.1.1)
-      actionview (= 6.1.1)
-      activesupport (= 6.1.1)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.1.3.2)
+      actionview (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.1)
-      activesupport (= 6.1.1)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.3.2)
+      activesupport (= 7.1.3.2)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (6.1.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activesupport (7.1.3.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
     aes_key_wrap (1.1.0)
-    bindata (2.4.8)
+    base64 (0.2.0)
+    bigdecimal (3.1.6)
+    bindata (2.5.0)
     builder (3.2.4)
     byebug (11.1.3)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
     crass (1.0.6)
-    diff-lcs (1.4.4)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    erubi (1.10.0)
+    diff-lcs (1.5.1)
+    domain_name (0.6.20240107)
+    drb (2.2.0)
+      ruby2_keywords
+    erubi (1.12.0)
+    faraday (2.9.0)
+      faraday-net_http (>= 2.0, < 3.2)
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
+    faraday-net_http (3.1.0)
+      net-http
     http-accept (1.7.0)
-    http-cookie (1.0.3)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
-    i18n (1.8.7)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    json-jwt (1.13.0)
+    io-console (0.7.2)
+    irb (1.11.2)
+      rdoc
+      reline (>= 0.4.2)
+    json-jwt (1.16.5)
       activesupport (>= 4.2)
       aes_key_wrap
+      base64
       bindata
-    loofah (2.9.0)
+      faraday (~> 2.0)
+      faraday-follow_redirects
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    method_source (1.0.0)
-    mime-types (3.3.1)
+      nokogiri (>= 1.12.0)
+    mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0512)
-    mini_portile2 (2.5.0)
-    minitest (5.14.3)
+    mime-types-data (3.2024.0206)
+    mini_portile2 (2.8.5)
+    minitest (5.22.2)
+    mutex_m (0.2.0)
+    net-http (0.4.1)
+      uri
     netrc (0.11.0)
-    nokogiri (1.11.1)
-      mini_portile2 (~> 2.5.0)
+    nokogiri (1.16.2)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    racc (1.5.2)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    psych (5.1.2)
+      stringio
+    racc (1.7.3)
+    rack (3.0.9.1)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (6.1.1)
-      actionpack (= 6.1.1)
-      activesupport (= 6.1.1)
-      method_source
-      rake (>= 0.8.7)
-      thor (~> 1.0)
-    rake (13.0.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.3.2)
+      actionpack (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
+      irb
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.1.0)
+    rdoc (6.6.2)
+      psych (>= 4.0.0)
+    reline (0.4.3)
+      io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rspec-core (3.9.2)
+    rspec-core (3.9.3)
       rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec-expectations (3.9.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
@@ -97,20 +138,21 @@ GEM
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.3)
-    thor (1.1.0)
-    tzinfo (2.0.4)
+    rspec-support (3.9.4)
+    ruby2_keywords (0.0.5)
+    stringio (3.1.0)
+    thor (1.3.1)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.7)
-    zeitwerk (2.4.2)
+    uri (0.13.0)
+    webrick (1.8.1)
+    zeitwerk (2.6.13)
 PLATFORMS
   ruby
 DEPENDENCIES
-  actionpack (>= 5.2, < 6.2)
+  actionpack (>= 6.1)
   bundler (~> 2.0)
   byebug (~> 11.0)
   cognito_token_verifier!

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# CognitoTokenVerifier [![Build Status](https://travis-ci.com/CodingAnarchy/cognito_token_verifier.svg?branch=master)](https://travis-ci.com/CodingAnarchy/cognito_token_verifier)
+# CognitoTokenVerifier ![Build Status](https://github.com/CodingAnarchy/cognito_token_verifier/actions/workflows/ruby-ci.yml/badge.svg)
 Verify and decode AWS Cognito tokens for use in your Rails 5.2+ application. Rails versions <= 5.2 are incompatible with the required gemspec as of  0.4+, as they are no longer supported for security fixes by the Rails team.

data/cognito_token_verifier.gemspec CHANGED Viewed

@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_runtime_dependency "activesupport", [">= 5.2", "< 6.2"]
+  spec.add_runtime_dependency "activesupport", [">= 6.1"]
   spec.add_runtime_dependency "json-jwt", "~> 1.11"
   spec.add_runtime_dependency "rest-client", "~> 2.0"
@@ -39,5 +39,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", [">= 10.0", "< 14.0"]
   spec.add_development_dependency "rspec-rails", "~> 3.0"
-  spec.add_development_dependency "actionpack", [">= 5.2", "< 6.2"]
+  spec.add_development_dependency "actionpack", [">= 6.1"]
 end

data/gemfiles/{rails52.gemfile → rails7.gemfile} RENAMED Viewed

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
-gem "activesupport", "~> 5.2.0"
+gem "activesupport", "~> 7.0.0"
 gem "json-jwt", "~> 1.11"
 gem "rest-client", "~> 2.0"
@@ -8,4 +8,4 @@ gem "byebug"
 gem "bundler", "~> 2.0"
 gem "rake", "~> 12.0"
 gem "rspec-rails", "~> 3.0"
-gem "actionpack", "~> 5.2.0"
+gem "actionpack", "~> 7.0.0"

data/gemfiles/{rails6.gemfile → rails71.gemfile} RENAMED Viewed

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
-gem "activesupport", "~> 6.0.0"
+gem "activesupport", "~> 7.1.0"
 gem "json-jwt", "~> 1.11"
 gem "rest-client", "~> 2.0"
@@ -8,4 +8,4 @@ gem "byebug"
 gem "bundler", "~> 2.0"
 gem "rake", "~> 12.0"
 gem "rspec-rails", "~> 3.0"
-gem "actionpack", "~> 6.0.0"
+gem "actionpack", "~> 7.1.0"

data/lib/cognito_token_verifier/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CognitoTokenVerifier
-  VERSION = "0.5.0"
+  VERSION = "0.7.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cognito_token_verifier
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Matt Tanous
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-01-28 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,20 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.2'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
@@ -126,30 +120,27 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.2'
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.2'
-description:
+        version: '6.1'
+description:
 email:
 - mtanous22@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/codeql-analysis.yml"
+- ".github/workflows/gem-push.yml"
+- ".github/workflows/ruby-ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".tool-versions"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -159,9 +150,9 @@ files:
 - bin/console
 - bin/setup
 - cognito_token_verifier.gemspec
-- gemfiles/rails52.gemfile
-- gemfiles/rails6.gemfile
 - gemfiles/rails61.gemfile
+- gemfiles/rails7.gemfile
+- gemfiles/rails71.gemfile
 - lib/cognito_token_verifier.rb
 - lib/cognito_token_verifier/config.rb
 - lib/cognito_token_verifier/controller_macros.rb
@@ -175,7 +166,7 @@ metadata:
   homepage_uri: https://github.com/CodingAnarchy/cognito_token_verifier
   source_code_uri: https://github.com/CodingAnarchy/cognito_token_verifier
   changelog_uri: https://github.com/CodingAnarchy/cognito_token_verifier/blob/master/CHANGELOG.md
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -190,8 +181,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: Verify and parse AWS Cognito JWTs to authenticate endpoints
 test_files: []

data/.travis.yml DELETED Viewed

@@ -1,17 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.6
-  - 2.7.2
-  - 3.0.0
-before_install: gem install bundler
-gemfile:
-  - Gemfile
-  - gemfiles/rails52.gemfile
-  - gemfiles/rails6.gemfile
-  - gemfiles/rails61.gemfile
-# jobs:
-#   exclude: