gollum-lib 5.2.2-java → 5.2.4-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/HISTORY.md +11 -0
  3. data/LATEST_CHANGES.md +3 -0
  4. data/README.md +1 -1
  5. data/Rakefile +2 -2
  6. data/gemspec.rb +1 -0
  7. data/gollum-lib.gemspec +2 -2
  8. data/lib/gollum-lib/filter/toc.rb +1 -1
  9. data/lib/gollum-lib/macro/video.rb +4 -2
  10. data/lib/gollum-lib/sanitization.rb +1 -1
  11. data/lib/gollum-lib/version.rb +1 -1
  12. data/lib/gollum-lib/wiki.rb +1 -1
  13. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b143e2df33dc9dc9b02d92e03157ffb7e95a04e2ee642e4fc96d504252fc8666
4
- data.tar.gz: 8f7f128aeeb398dc199130c2f0dad1e5006d9fedf59c772225a41f1287c65552
3
+ metadata.gz: 48b93e28c86be16f0f22a60841419bf01cca94c4bb965063aa0c60af3fe34d68
4
+ data.tar.gz: cc9aac74db4af15d4943663ec1b3ab02dd451c77a728db20dcd87b4580736d39
5
5
  SHA512:
6
- metadata.gz: cf52a1dcfc52a2fc8aaf20b3234920e017decc049a5ca1af3a3990771191a4389655d8ac3e0a3e424f8a6a427b214a527cffba399eb479b6a2633e7fe81488d3
7
- data.tar.gz: 4c34de87bd2b06d653c0e2dfea5bd013602c2c6b24e95611eff479e848ba389ef501c9bd44e860ea7b1c06cd262dbe974e132f85b86e742eb23e1d316d5433df
6
+ metadata.gz: b186da0a8c8af4e1b0306025f2634b3d07437b36a4e2afa0db5f5bed4f2a4f76eb6dc8af91de8e4790a3e0d18602426834d3226d87e5cf911c4cef940f06a924
7
+ data.tar.gz: '029d5f5f42f759e8827871cc80ccb4d3308f794dd3d7bffe5c0c7286d1acd3fc40f6c644c57ca975c49c63d7085bfb14a5bef0887599db5bafc78978434ea622'
data/HISTORY.md CHANGED
@@ -1,3 +1,14 @@
1
+ # 5.2.3 / 2023-03-13
2
+
3
+ * Bugfix release: update adapter dependencies for Ruby 3.2 support.
4
+
5
+
6
+
7
+ # 5.2.2 / 2023-01-18
8
+
9
+ * Bugfix release: set Nokogiri default XHTML conversion options more relaibly. See https://github.com/sparklemotion/nokogiri/issues/2761
10
+
11
+
1
12
  # 5.2.1 / 2022-09-13
2
13
 
3
14
  * Fixed: 'controls' attribute in audio and video tags should not be sanitized. #430 (@dometto)
data/LATEST_CHANGES.md ADDED
@@ -0,0 +1,3 @@
1
+ # 5.2.4 / 2023-03-22
2
+
3
+ * Bugfix release: address XSS vulnerability ( @6661620a, @dometto)
data/README.md CHANGED
@@ -3,7 +3,7 @@ gollum lib -- A wiki built on top of Git
3
3
 
4
4
  [![Gem Version](https://badge.fury.io/rb/gollum-lib.svg)](http://badge.fury.io/rb/gollum-lib)
5
5
  [![Ruby Build](https://github.com/gollum/gollum-lib/actions/workflows/test.yaml/badge.svg)](https://github.com/gollum/gollum-lib/actions/workflows/test.yaml)
6
- [![Cutting Edge Dependency Status](https://dometto-cuttingedge.herokuapp.com/github/gollum/gollum-lib/svg 'Cutting Edge Dependency Status')](https://dometto-cuttingedge.herokuapp.com/github/gollum/gollum-lib/info)
6
+ [![Cutting Edge Dependency Status](https://cuttingedge.onrender.com/github/gollum/gollum-lib/svg 'Cutting Edge Dependency Status')](https://cuttingedge.onrender.com/github/gollum/gollum-lib/info)
7
7
 
8
8
  ## DESCRIPTION
9
9
 
data/Rakefile CHANGED
@@ -126,7 +126,7 @@ task :release => :build do
126
126
  Rake::Task[:changelog].execute
127
127
  sh "git commit --allow-empty -a -m 'Release #{version}'"
128
128
  sh "git pull --rebase origin master"
129
- sh "git tag -n v#{version}"
129
+ sh "git tag v#{version} -m 'Release v#{version}'"
130
130
  sh "git push origin master"
131
131
  sh "git push origin v#{version}"
132
132
  sh "gem push pkg/#{name}-#{version}.gem"
@@ -189,7 +189,7 @@ end
189
189
  desc 'Build changlog'
190
190
  task :changelog do
191
191
  [latest_changes_file, history_file].each do |f|
192
- unless File.exists?(f)
192
+ unless File.exist?(f)
193
193
  puts "#{f} does not exist but is required to build a new release."
194
194
  exit!
195
195
  end
data/gemspec.rb CHANGED
@@ -56,6 +56,7 @@ def specification(version, default_adapter, platform = nil)
56
56
  Gemfile
57
57
  Guardfile
58
58
  HISTORY.md
59
+ LATEST_CHANGES.md
59
60
  LICENSE
60
61
  README.md
61
62
  Rakefile
data/gollum-lib.gemspec CHANGED
@@ -3,8 +3,8 @@ require File.join(File.dirname(__FILE__), 'lib', 'gollum-lib', 'version.rb')
3
3
  # This file needs to conditionally define the default adapter for MRI and Java, because this is the file that is included from the Gemfile.
4
4
  # In addition, the default Java adapter needs to be defined in gollum-lib_java.gemspec beause that file is used to *build* the Java gem.
5
5
  if RUBY_PLATFORM == 'java' then
6
- default_adapter = ['gollum-rjgit_adapter', '~> 0.6']
6
+ default_adapter = ['gollum-rjgit_adapter', '~> 1.0']
7
7
  else
8
- default_adapter = ['gollum-rugged_adapter', '~> 1.0']
8
+ default_adapter = ['gollum-rugged_adapter', '~> 2.0']
9
9
  end
10
10
  Gem::Specification.new &specification(Gollum::Lib::VERSION, default_adapter)
data/lib/gollum-lib/filter/toc.rb CHANGED
@@ -157,7 +157,7 @@ class Gollum::Filter::TOC < Gollum::Filter
157
157
  end
158
158
 
159
159
  # % -> %25 so anchors work on Firefox. See issue #475
160
- @tail.add_child(%Q{<a href="##{name}">#{header.content}</a>})
160
+ @tail.add_child(%Q{<a href="##{name}">#{CGI.escapeHTML(header.content)}</a>})
161
161
  end
162
162
 
163
163
  # Increments the number of anchors with the given name
data/lib/gollum-lib/macro/video.rb CHANGED
@@ -1,8 +1,10 @@
1
1
  module Gollum
2
2
  class Macro
3
3
  class Video < Gollum::Macro
4
- def render (fname)
5
- "<video width=\"100%\" height=\"100%\" src=\"#{CGI::escapeHTML(fname)}\" controls=\"true\"> HTML5 video is not supported on this Browser.</video>"
4
+ def render(fname, auto=false)
5
+ escaped_fname = CGI.escapeHTML(fname)
6
+ properties = auto ? "autoplay='true' playsinline='true' muted='true' loop='true'" : "controls='true'"
7
+ "<video width='100%' height='100%' src='#{escaped_fname}' #{properties}>HTML5 video is not supported on this browser.</video>"
6
8
  end
7
9
  end
8
10
  end
data/lib/gollum-lib/sanitization.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  ::Loofah::HTML5::SafeList::ACCEPTABLE_PROTOCOLS.add('apt')
2
- ::Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES.add('controls')
2
+ ::Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES.merge(%w[controls loop muted playsinline autoplay])
3
3
 
4
4
  module Gollum
5
5
  class Sanitization
data/lib/gollum-lib/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Gollum
2
2
  module Lib
3
- VERSION = '5.2.2'
3
+ VERSION = '5.2.4'
4
4
  end
5
5
  end
data/lib/gollum-lib/wiki.rb CHANGED
@@ -152,7 +152,7 @@ module Gollum
152
152
  @per_page_uploads = options.fetch :per_page_uploads, false
153
153
  @metadata = options.fetch :metadata, {}
154
154
  @filter_chain = options.fetch :filter_chain,
155
- [:YAML, :BibTeX, :PlainText, :CriticMarkup, :TOC, :RemoteCode, :Code, :Macro, :Emoji, :Sanitize, :PlantUML, :Tags, :PandocBib, :Render]
155
+ [:YAML, :BibTeX, :PlainText, :CriticMarkup, :TOC, :Sanitize, :RemoteCode, :Code, :Macro, :Emoji, :PlantUML, :Tags, :PandocBib, :Render]
156
156
  @filter_chain.delete(:Emoji) unless options.fetch :emoji, false
157
157
  @filter_chain.delete(:PandocBib) unless ::Gollum::MarkupRegisterUtils.using_pandoc?
158
158
  @filter_chain.delete(:CriticMarkup) unless options.fetch :critic_markup, false
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gollum-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.2
4
+ version: 5.2.4
5
5
  platform: java
6
6
  authors:
7
7
  - Tom Preston-Werner
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-01-18 00:00:00.000000000 Z
12
+ date: 2023-03-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: gollum-rjgit_adapter
@@ -400,6 +400,7 @@ files:
400
400
  - Gemfile
401
401
  - Guardfile
402
402
  - HISTORY.md
403
+ - LATEST_CHANGES.md
403
404
  - LICENSE
404
405
  - README.md
405
406
  - Rakefile
@@ -469,7 +470,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
469
470
  - !ruby/object:Gem::Version
470
471
  version: '0'
471
472
  requirements: []
472
- rubygems_version: 3.2.32
473
+ rubygems_version: 3.2.3
473
474
  signing_key:
474
475
  specification_version: 4
475
476
  summary: A simple, Git-powered wiki.