RubyGems - github-authentication - Versions diffs - 1.3.1 → 1.3.4 - Mend

github-authentication 1.3.1 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +7 -1
data/Gemfile.lock +1 -1
data/lib/github_authentication/environment.rb +2 -0
data/lib/github_authentication/generator/app.rb +4 -3
data/lib/github_authentication/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5d1f405a1d8680e371ec7630ecf71d5aed38bf1ddfa8cc5b8801d87540013c8
-  data.tar.gz: 01cf8cf5217d077f9551a10110bf5ac65434ad3e64da5e6303df951b680d5047
+  metadata.gz: ba0d4206f9bcaa96756dd3817703472bdc47ea61c0c091a2d2b859bbfd992400
+  data.tar.gz: 8e78e70468b9a325c2e4cf175c6468cfffe0ff25d8548f8f7da3cd38f947acb4
 SHA512:
-  metadata.gz: a0751d30f569862d44602b2d0fbd2a835b14f734cbdf2abc9ff2b9ce544671f9d7f7a68118c531517aa88976cbf9fd9fcde9a684af471e6674debf7a33d2ac92
-  data.tar.gz: 54f30dfd8d38f12c716af4e6489af5ddeb25abafeee3342d74a24604135b3f47b0c7a45ca1eea2f3b4b34940487a8b6ac8416794d715b537347f8c0de36ebb7c
+  metadata.gz: 59310f4f541a6bc63916d833638a0ea9445145a2637d3cf0d6c25c3b914cf7815507c70ccdb2faa389c3e16e1e3dde1d73738421c38b8e02d95964d6181889c1
+  data.tar.gz: 268d665d20955c79d2d21ca973900477288e6baeeb282587c9966d60668c91b505de4f76bbcf45107e2d30afdc27b4dbc21b30bb28302b00d248fffce6a64e72

data/CHANGELOG.md CHANGED Viewed

@@ -2,8 +2,14 @@
 ...
+### 1.3.4
+- Set JWT `iat` 60 seconds in the past to avoid clock drift issues with GitHub API
+### 1.3.2
+- Add missing requires for active_support/cache to environment.rb
 ### 1.3.1
-- Fixed activesupport to be a runtime dependency, not a development dependency
+- Fixed active_support to be a runtime dependency, not a development dependency
 ### 1.3.0
 - Add `GithubAuthentication.provider(org:, env:)` as a high-level entrypoint for Ruby code that needs GitHub App tokens without manually wiring up Environment, Generator, Cache, and Provider

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    github-authentication (1.3.1)
+    github-authentication (1.3.4)
       activesupport (> 7)
       jwt (~> 2.2)

data/lib/github_authentication/environment.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 require "active_support/core_ext/object/blank.rb"
+require "active_support/cache"
+require "active_support/notifications"
 module GithubAuthentication
   class Environment

data/lib/github_authentication/generator/app.rb CHANGED Viewed

@@ -35,11 +35,12 @@ module GithubAuthentication
       private
       def jwt
+        iat = Time.now.utc.to_i - 60
         payload = {
-          # issued at time
-          iat: Time.now.utc.to_i,
+          # issued at time, 60 seconds in the past to allow for clock drift
+          iat: iat,
           # JWT expiration time (10 minute maximum)
-          exp: Time.now.utc.to_i + (10 * 60),
+          exp: iat + (10 * 60),
           # GitHub App's identifier
           iss: app_id,
         }

data/lib/github_authentication/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module GithubAuthentication
-  VERSION = "1.3.1"
+  VERSION = "1.3.4"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: github-authentication
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.4
 platform: ruby
 authors:
 - Frederik Dudzik
@@ -195,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.8
 specification_version: 4
 summary: GitHub Authetication
 test_files: []