google-cloud-firestore 3.1.0 → 3.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 791bfbf175ebfc435afa810200d9345d6faa8de259687c1013f31b775cd3c704
-  data.tar.gz: ad58d22b57213e43771e4c22ad17555120e99a63419a9a50c5a7571e89a08d00
+  metadata.gz: eadae80e15a9c84121d9d2966f27c4698b84582f1c3e4b8124d5676bf9583ffb
+  data.tar.gz: 688e905687f52e469da3325d60b7eb30112082bd8487a501743d3463b27ac0fb
 SHA512:
-  metadata.gz: 4f45cf2d0a38b4bfb799842a4feac370d7f7d06b27d3cb9104e49f2fb2d3be76357e8d5c2191ab8a8b313ac77b23aacb8ddd50f9a714bb63a04c022ffa82124b
-  data.tar.gz: 7a4e35af0173d3a4bed5f70fb77d5c27a11bcb143e30f0f75db49059f1c89f85239640ebee68a5c36a149bcefc97961a9a11e8dbd734a77dfe948bcddbb5d311
+  metadata.gz: 4ea41f51137087f2e3a415b2fa5db3d5ca32f642be8ec60121f10fb4d685f44dd14d4ec12483f71740ff5bae9fe865cbad8ac2949fcb8c6a6eb4c6446509c66a
+  data.tar.gz: 9c704585160b7bfa428bb8e1da76309c2d033f873a6fa67739cc1459ccdd484e33dbbc377a6591755dbe22498734e012225c16c191e21388527427d22fe57fdb

data/AUTHENTICATION.md

@@ -46,6 +46,12 @@ code.
 
 **Credentials** are discovered in the following order:
 
+> [!WARNING]
+> If you accept a credential configuration (JSON file or Hash) from an
+> external source for authentication to Google Cloud, you must validate it before
+> providing it to a Google API client library. Providing an unvalidated credential
+> configuration to Google APIs can compromise the security of your systems and data.
+
 1. Specify credentials in method arguments
 2. Specify credentials in configuration
 3. Discover credentials path in environment variables
@@ -99,11 +105,16 @@ The **Project ID** and the path to the **Credentials JSON** file can be configur
 instead of placing them in environment variables or providing them as arguments.
 
 ```ruby
+require "googleauth"
 require "google/cloud/firestore"
 
+credentials = ::Google::Auth::ServiceAccountCredentials.make_creds(
+  json_key_io: ::File.open("/path/to/keyfile.json")
+)
+
 Google::Cloud::Firestore.configure do |config|
   config.project_id  = "my-project-id"
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = credentials
 end
 
 client = Google::Cloud::Firestore.new

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Release History
 
+### 3.1.1 (2025-10-31)
+
+#### Documentation
+
+* add warning about loading unvalidated credentials ([#32121](https://github.com/googleapis/google-cloud-ruby/issues/32121)) 
+
 ### 3.1.0 (2025-08-07)
 
 #### Features

data/lib/google/cloud/firestore/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Firestore
-      VERSION = "3.1.0".freeze
+      VERSION = "3.1.1".freeze
     end
   end
 end

data/lib/google/cloud/firestore.rb

@@ -43,9 +43,27 @@ module Google
       #
       # @param [String] project_id Identifier for a Firestore project. If not
       #   present, the default project for the credentials is used.
-      # @param [String, Hash, Google::Auth::Credentials] credentials The path to
-      #   the keyfile as a String, the contents of the keyfile as a Hash, or a
-      #   Google::Auth::Credentials object. (See {Firestore::Credentials})
+      # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials
+      #   object. (See {Firestore::Credentials})
+      #   @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials
+      #     is deprecated. Providing an unvalidated credential configuration to
+      #     Google APIs can compromise the security of your systems and data.
+      #
+      #   @example
+      #
+      #     # The recommended way to provide credentials is to use the `make_creds` method
+      #     # on the appropriate credentials class for your environment.
+      #
+      #     require "googleauth"
+      #
+      #     credentials = ::Google::Auth::ServiceAccountCredentials.make_creds(
+      #       json_key_io: ::File.open("/path/to/keyfile.json")
+      #     )
+      #
+      #     firestore = Google::Cloud::Firestore.new(
+      #       project_id: "my-project-id",
+      #       credentials: credentials
+      #     )
       # @param [String, Array<String>] scope The OAuth 2.0 scopes controlling
       #   the set of resources and operations that the connection can access.
       #   See [Using OAuth 2.0 to Access Google

data/lib/google-cloud-firestore.rb

@@ -91,9 +91,25 @@ module Google
     #
     # @param [String] project_id Identifier for a Firestore project. If not
     #   present, the default project for the credentials is used.
-    # @param [String, Hash, Google::Auth::Credentials] credentials The path to
-    #   the keyfile as a String, the contents of the keyfile as a Hash, or a
-    #   Google::Auth::Credentials object. (See {Firestore::Credentials})
+    # @param [Google::Auth::Credentials] credentials A Google::Auth::Credentials
+    #   object. (See {Firestore::Credentials})
+    #   @note Warning: Passing a `String` to a keyfile path or a `Hash` of credentials
+    #     is deprecated. Providing an unvalidated credential configuration to
+    #     Google APIs can compromise the security of your systems and data.
+    #
+    #   @example
+    #
+    #     # The recommended way to provide credentials is to use the `make_creds` method
+    #     # on the appropriate credentials class for your environment.
+    #
+    #     credentials = ::Google::Auth::ServiceAccountCredentials.make_creds(
+    #       json_key_io: ::File.open("/path/to/keyfile.json")
+    #     )
+    #
+    #     firestore = Google::Cloud::Firestore.new(
+    #       project_id: "my-project-id",
+    #       credentials: credentials
+    #     )
     # @param [String, Array<String>] scope The OAuth 2.0 scopes controlling the
     #   set of resources and operations that the connection can access. See
     #   [Using OAuth 2.0 to Access Google

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-firestore
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Google Inc