RubyGems - icalendar - Versions diffs - 2.12.1 → 2.12.3 - Mend

icalendar 2.12.1 → 2.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/workflows/main.yml +2 -1
data/CHANGELOG.md +7 -0
data/benchmarks/memory_per_event_ical.rb +27 -0
data/icalendar.gemspec +1 -1
data/lib/icalendar/has_properties.rb +5 -7
data/lib/icalendar/values/uri.rb +2 -1
data/lib/icalendar/version.rb +1 -1
data/spec/values/uri_spec.rb +43 -0
metadata +9 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c581285bbacae9839202046bea20f80be28315865013f9f59e50851fbbed7a34
-  data.tar.gz: 8be871aab3ba233a56a6442783f6a32cbf138ae145fc777bed68fdf4beff0826
+  metadata.gz: 7c417db33a0e54ccf03627a5e966cf86206e55e032dc66ba4aaf3f5ac9ec690a
+  data.tar.gz: cebd6eb2f86f758e92b23fb0dc990032b866f0d1ccc825b05d823c4a56927e04
 SHA512:
-  metadata.gz: e847fc2a27df55033006bfc9b9d1572563a9a9bafc8cf286959e82e4a47f0c64fcda9a7b7470e37031e635a1e9b086eda769b75108a02e020782c1683fad763e
-  data.tar.gz: 3a8f8503ace1467d352d586ede3e4c8c91b7ab5d1fec5271c5add7658014a1cc61fc4b2f2ec32b09d481746ff14139fb83b7d14f63b23526056b183bb9133de6
+  metadata.gz: e4674fc5afbca40a1852ffd90a8e7d4b13364c4b9c4a7c966ab4cc4bd1ec06abf3df9bf9651bd99fd6083710717ef72af2520c4dcc75a252bd84ce73e281096c
+  data.tar.gz: 835f7c88d1af3248ba9c57e7a68a8fc1198a3ed6cd73c540ca83f8e2fb831cebf364128f28d08384005df11f62c05d64462e60ced3a1cfbc799fee2effa7a0c7

data/.github/workflows/main.yml CHANGED Viewed

@@ -22,9 +22,10 @@ jobs:
           - 3.2
           - 3.3
           - 3.4
+          - "4.0"
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,12 @@
 ## Unreleased
+## 2.12.3 - 2026-05-13
+- Memory use optimization - Jared Menard
+- Run CI against Ruby 4.0 - Artem Chubchenko
+## 2.12.2 - 2026-03-21
+- Fix a potential property injection issue through escaping control characters in URI values - Wes Ring
 ## 2.12.1 - 2025-10-19
 - Fix a problem with invalid ics generation for calendars with custom properties that include a `tzid` parameter.

data/benchmarks/memory_per_event_ical.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require 'memory_profiler'
+require 'icalendar'
+# Profiles the per-event calendar wrapping pattern:
+#   cal = Icalendar::Calendar.new
+#   ical_event.parent&.timezones&.each { |tz| cal.add_timezone tz }
+#   cal.add_event(ical_event)
+#   cal.to_ical
+cal_string = File.read(File.join(__dir__, '..', 'spec/fixtures/timezone.ics'))
+source_calendar = Icalendar::Calendar.parse(cal_string).first
+events = source_calendar.events
+ITERATIONS = 1000
+report = MemoryProfiler.report do
+  ITERATIONS.times do
+    events.each do |ical_event|
+      cal = Icalendar::Calendar.new
+      ical_event.parent&.timezones&.each { |tz| cal.add_timezone tz }
+      cal.add_event(ical_event)
+      cal.to_ical
+    end
+  end
+end
+report.pretty_print(scale_bytes: true, top: 20)

data/icalendar.gemspec CHANGED Viewed

@@ -37,7 +37,7 @@ ActiveSupport is required for TimeWithZone support, but not required for general
   s.add_dependency 'ostruct'
   s.add_development_dependency 'rake', '~> 13.0'
-  s.add_development_dependency 'bundler', '~> 2.0'
+  s.add_development_dependency 'bundler'
   # test with all groups of tzinfo dependencies
   # tzinfo 2.x

data/lib/icalendar/has_properties.rb CHANGED Viewed

@@ -172,13 +172,11 @@ module Icalendar
     private
     def map_property_value(value, klass, multi_valued, new_property)
-      params = {}
-      if new_property
-        params.merge!('VALUE': klass.value_type)
-      end
-      if value.nil? || value.is_a?(Icalendar::Value)
-        value
-      elsif value.is_a? ::Array
+      return value if value.nil? || value.is_a?(Icalendar::Value)
+      params = new_property ? {'VALUE': klass.value_type} : {}
+      if value.is_a? ::Array
         Icalendar::Values::Helpers::Array.new value, klass, params, {delimiter: (multi_valued ? ',' : ';')}
       else
         klass.new value, params

data/lib/icalendar/values/uri.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Icalendar
   module Values
     class Uri < Value
+      CONTROL_BYTES_REGEX = /[\x00-\x1F\x7F]/.freeze
       def initialize(value, *args)
         parsed = URI.parse(value) rescue value
@@ -13,7 +14,7 @@ module Icalendar
       end
       def value_ical
-        value.to_s
+        value.to_s.gsub(CONTROL_BYTES_REGEX) { |char| "%%%02X" % char.ord }
       end
     end

data/lib/icalendar/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Icalendar
-  VERSION = '2.12.1'
+  VERSION = '2.12.3'
 end

data/spec/values/uri_spec.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require 'spec_helper'
+describe Icalendar::Values::Uri do
+  describe '#value_ical' do
+    it 'percent-encodes CRLF to prevent content-line injection' do
+      value = described_class.new("https://a.example/ok\r\nATTENDEE:mailto:evil@example.com")
+      expect(value.value_ical).to eq('https://a.example/ok%0D%0AATTENDEE:mailto:evil@example.com')
+    end
+    it 'percent-encodes the full ASCII control range' do
+      raw = "https://example.com/a\tb\f#{0.chr}#{127.chr}"
+      value = described_class.new(raw)
+      expect(value.value_ical).to eq('https://example.com/a%09b%0C%00%7F')
+    end
+    it 'leaves valid printable URI characters unchanged' do
+      raw = 'https://example.com/a-path?q=one%20two&x=@tag#frag'
+      value = described_class.new(raw)
+      expect(value.value_ical).to eq(raw)
+    end
+  end
+  describe '#to_ical' do
+    it 'serializes injected CRLF on the same content line' do
+      value = described_class.new("https://a.example/ok\r\nATTENDEE:mailto:evil@example.com")
+      expect(value.to_ical(Icalendar::Values::Text)).to eq(
+        ';VALUE=URI:https://a.example/ok%0D%0AATTENDEE:mailto:evil@example.com'
+      )
+    end
+  end
+end
+describe Icalendar::Values::CalAddress do
+  it 'inherits URI control-byte encoding' do
+    value = described_class.new("mailto:user@example.com\r\nORGANIZER:mailto:evil@example.com")
+    expect(value.value_ical).to eq('mailto:user@example.com%0D%0AORGANIZER:mailto:evil@example.com')
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: icalendar
 version: !ruby/object:Gem::Version
-  version: 2.12.1
+  version: 2.12.3
 platform: ruby
 authors:
 - Ryan Ahearn
@@ -83,16 +83,16 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -209,6 +209,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- benchmarks/memory_per_event_ical.rb
 - icalendar.gemspec
 - lib/icalendar.rb
 - lib/icalendar/alarm.rb
@@ -292,6 +293,7 @@ files:
 - spec/values/period_spec.rb
 - spec/values/recur_spec.rb
 - spec/values/text_spec.rb
+- spec/values/uri_spec.rb
 - spec/values/utc_offset_spec.rb
 homepage: https://github.com/icalendar/icalendar
 licenses:
@@ -318,7 +320,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 4.0.6
 specification_version: 4
 summary: A ruby implementation of the iCalendar specification (RFC-5545).
 test_files:
@@ -361,4 +363,5 @@ test_files:
 - spec/values/period_spec.rb
 - spec/values/recur_spec.rb
 - spec/values/text_spec.rb
+- spec/values/uri_spec.rb
 - spec/values/utc_offset_spec.rb