faraday 1.10.5 → 1.10.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6c99ff059f5fdb0926b754a976809c5fe7db068c288a1ac5e0c3d70c26986f6f
|
|
4
|
+
data.tar.gz: 1ca17845876218b7d70805f8898da7fa1c520dc37030ccadbc3753d0f92866a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7b5206b7e57f8ab2755de596c244807ed990067c240e23d18cf9a613a948edd0d83d131aa95eb79ec55a83787b0a360615ed0abf2cbc7a9ef27ddb45ae458150
|
|
7
|
+
data.tar.gz: d86797dcf2c0f154dbf8f4ad557665d8cd4f3b86940e15480cc107151fa2d7db8a8efd081dc1a9ae3e56303d7ecdba6fc373c380e5b5e0e32d6cb7c453a6e437
|
|
@@ -100,6 +100,8 @@ module Faraday
|
|
|
100
100
|
|
|
101
101
|
def decode_pair(key, value, context)
|
|
102
102
|
subkeys = key.scan(SUBKEYS_REGEX)
|
|
103
|
+
validate_params_depth!(subkeys.length)
|
|
104
|
+
|
|
103
105
|
subkeys.each_with_index do |subkey, i|
|
|
104
106
|
is_array = subkey =~ /[\[\]]+\Z/
|
|
105
107
|
subkey = $` if is_array
|
|
@@ -139,6 +141,12 @@ module Faraday
|
|
|
139
141
|
is_array ? context << value : context[subkey] = value
|
|
140
142
|
end
|
|
141
143
|
|
|
144
|
+
def validate_params_depth!(depth)
|
|
145
|
+
return unless @param_depth_limit && depth > @param_depth_limit
|
|
146
|
+
|
|
147
|
+
raise Faraday::Error, "exceeded nested parameter depth limit of #{@param_depth_limit}"
|
|
148
|
+
end
|
|
149
|
+
|
|
142
150
|
# Internal: convert a nested hash with purely numeric keys into an array.
|
|
143
151
|
# FIXME: this is not compatible with Rack::Utils.parse_nested_query
|
|
144
152
|
# @!visibility private
|
|
@@ -161,7 +169,7 @@ module Faraday
|
|
|
161
169
|
# for your requests.
|
|
162
170
|
module NestedParamsEncoder
|
|
163
171
|
class << self
|
|
164
|
-
attr_accessor :sort_params
|
|
172
|
+
attr_accessor :sort_params, :param_depth_limit
|
|
165
173
|
|
|
166
174
|
extend Forwardable
|
|
167
175
|
def_delegators :'Faraday::Utils', :escape, :unescape
|
|
@@ -169,6 +177,7 @@ module Faraday
|
|
|
169
177
|
|
|
170
178
|
# Useful default for OAuth and caching.
|
|
171
179
|
@sort_params = true
|
|
180
|
+
@param_depth_limit = 100
|
|
172
181
|
|
|
173
182
|
extend EncodeMethods
|
|
174
183
|
extend DecodeMethods
|
data/lib/faraday/version.rb
CHANGED
|
@@ -355,6 +355,19 @@ RSpec.describe Faraday::Connection do
|
|
|
355
355
|
url = conn.build_url(nil, b: 2, c: 3)
|
|
356
356
|
expect(url.to_s).to eq('http://sushi.com/nigiri?a=1&b=2&c=3')
|
|
357
357
|
end
|
|
358
|
+
|
|
359
|
+
it 'raises a controlled error when URL query params exceed the nested depth limit' do
|
|
360
|
+
original_param_depth_limit = Faraday::NestedParamsEncoder.param_depth_limit
|
|
361
|
+
begin
|
|
362
|
+
Faraday::NestedParamsEncoder.param_depth_limit = 2
|
|
363
|
+
expect { conn.build_url('/nigiri?a[b][c]=1') }.to raise_error(
|
|
364
|
+
Faraday::Error,
|
|
365
|
+
'exceeded nested parameter depth limit of 2'
|
|
366
|
+
)
|
|
367
|
+
ensure
|
|
368
|
+
Faraday::NestedParamsEncoder.param_depth_limit = original_param_depth_limit
|
|
369
|
+
end
|
|
370
|
+
end
|
|
358
371
|
end
|
|
359
372
|
|
|
360
373
|
describe '#build_request' do
|
|
@@ -5,6 +5,15 @@ require 'rack/utils'
|
|
|
5
5
|
RSpec.describe Faraday::NestedParamsEncoder do
|
|
6
6
|
it_behaves_like 'a params encoder'
|
|
7
7
|
|
|
8
|
+
around do |example|
|
|
9
|
+
original_param_depth_limit = described_class.param_depth_limit
|
|
10
|
+
begin
|
|
11
|
+
example.run
|
|
12
|
+
ensure
|
|
13
|
+
described_class.param_depth_limit = original_param_depth_limit
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
8
17
|
it 'decodes arrays' do
|
|
9
18
|
query = 'a[1]=one&a[2]=two&a[3]=three'
|
|
10
19
|
expected = { 'a' => %w[one two three] }
|
|
@@ -59,6 +68,27 @@ RSpec.describe Faraday::NestedParamsEncoder do
|
|
|
59
68
|
expect(subject.decode(query)).to eq(expected)
|
|
60
69
|
end
|
|
61
70
|
|
|
71
|
+
it 'allows nested params within the configured depth limit' do
|
|
72
|
+
described_class.param_depth_limit = 3
|
|
73
|
+
|
|
74
|
+
expect(subject.decode('a[b][c]=1')).to eq({ 'a' => { 'b' => { 'c' => '1' } } })
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it 'raises a controlled error when nested params exceed the depth limit' do
|
|
78
|
+
described_class.param_depth_limit = 2
|
|
79
|
+
|
|
80
|
+
expect { subject.decode('a[b][c]=1') }.to raise_error(
|
|
81
|
+
Faraday::Error,
|
|
82
|
+
'exceeded nested parameter depth limit of 2'
|
|
83
|
+
)
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
it 'allows disabling the nested params depth limit' do
|
|
87
|
+
described_class.param_depth_limit = nil
|
|
88
|
+
|
|
89
|
+
expect(subject.decode('a[b][c][d]=1')).to eq({ 'a' => { 'b' => { 'c' => { 'd' => '1' } } } })
|
|
90
|
+
end
|
|
91
|
+
|
|
62
92
|
it 'encodes rack compat' do
|
|
63
93
|
params = { a: [{ one: '1', two: '2' }, '3', ''] }
|
|
64
94
|
result = Faraday::Utils.unescape(Faraday::NestedParamsEncoder.encode(params)).split('&')
|
data/spec/faraday_spec.rb
CHANGED
|
@@ -18,10 +18,14 @@ RSpec.describe Faraday do
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
it 'uses method_missing on Faraday if there is no proxyable method' do
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
21
|
+
expected_message =
|
|
22
|
+
if RUBY_VERSION >= '3.3'
|
|
23
|
+
"undefined method `this_method_does_not_exist' for module Faraday"
|
|
24
|
+
else
|
|
25
|
+
"undefined method `this_method_does_not_exist' for Faraday:Module"
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
expect { Faraday.this_method_does_not_exist }.to raise_error(NoMethodError, expected_message)
|
|
25
29
|
end
|
|
26
30
|
|
|
27
31
|
it 'proxied methods can be accessed' do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: faraday
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.10.
|
|
4
|
+
version: 1.10.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- "@technoweenie"
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2026-
|
|
13
|
+
date: 2026-06-24 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: faraday-em_http
|
|
@@ -268,7 +268,7 @@ licenses:
|
|
|
268
268
|
- MIT
|
|
269
269
|
metadata:
|
|
270
270
|
homepage_uri: https://lostisland.github.io/faraday
|
|
271
|
-
changelog_uri: https://github.com/lostisland/faraday/releases/tag/v1.10.
|
|
271
|
+
changelog_uri: https://github.com/lostisland/faraday/releases/tag/v1.10.6
|
|
272
272
|
source_code_uri: https://github.com/lostisland/faraday
|
|
273
273
|
bug_tracker_uri: https://github.com/lostisland/faraday/issues
|
|
274
274
|
post_install_message:
|