launchdarkly-server-sdk-otel 1.1.1 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.release-please-manifest.json +1 -1
- data/CHANGELOG.md +7 -0
- data/PROVENANCE.md +27 -21
- data/SECURITY.md +5 -2
- data/launchdarkly-server-sdk-otel.gemspec +1 -1
- data/lib/ldclient-otel/version.rb +1 -1
- data/release-please-config.json +4 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fec2b48bdca2958b0049e343905f479741aa191f200eab72a3c0fa54767dc444
|
|
4
|
+
data.tar.gz: 80bcd06df3797502b1a21268ab4cf3d31e20e85d2b5d69949ea5675db6ffcd52
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc267ba931e252cd737b6dbe6ef5e96210936795283273f570c4d3b98a5242c85a2a3756bb0f5d132d8296e2fce07978ea882f659db3b8ddd77337ff9633d25e
|
|
7
|
+
data.tar.gz: 7889606131e5ae9834cbe6b29168183cdaad227ded276622ea25d5482c91817d5bcb4fd17bcc6b7886dcfbc01f2b360d320b1ce32e435cd97ae080c47dc3f0ff
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.1.2](https://github.com/launchdarkly/ruby-server-sdk-otel/compare/1.1.1...1.1.2) (2026-06-04)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* Loosen launchdarkly-server-sdk constraint to ~> 8.4 ([#25](https://github.com/launchdarkly/ruby-server-sdk-otel/issues/25)) ([160c165](https://github.com/launchdarkly/ruby-server-sdk-otel/commit/160c165d928b87ada6fcc53614953ede6054884f))
|
|
9
|
+
|
|
3
10
|
## [1.1.1](https://github.com/launchdarkly/ruby-server-sdk-otel/compare/1.1.0...1.1.1) (2025-10-29)
|
|
4
11
|
|
|
5
12
|
|
data/PROVENANCE.md
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
## Verifying SDK build provenance with
|
|
1
|
+
## Verifying SDK build provenance with GitHub artifact attestations
|
|
2
2
|
|
|
3
|
-
LaunchDarkly uses
|
|
3
|
+
LaunchDarkly uses [GitHub artifact attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
LaunchDarkly publishes provenance about our SDK package builds using [GitHub's `actions/attest` action](https://github.com/actions/attest). These attestations are stored in GitHub's attestation API and can be verified using the [GitHub CLI](https://cli.github.com/).
|
|
6
6
|
|
|
7
|
-
To verify
|
|
7
|
+
To verify build provenance attestations, we recommend using the [GitHub CLI `attestation verify` command](https://cli.github.com/manual/gh_attestation_verify). Example usage for verifying SDK packages is included below:
|
|
8
8
|
|
|
9
9
|
<!-- x-release-please-start-version -->
|
|
10
10
|
```
|
|
11
|
-
# Set the version of the
|
|
12
|
-
VERSION=1.1.
|
|
11
|
+
# Set the version of the library to verify
|
|
12
|
+
VERSION=1.1.2
|
|
13
13
|
```
|
|
14
14
|
<!-- x-release-please-end -->
|
|
15
15
|
|
|
@@ -17,27 +17,33 @@ VERSION=1.1.1
|
|
|
17
17
|
# Download gem
|
|
18
18
|
$ gem fetch launchdarkly-server-sdk-otel -v $VERSION
|
|
19
19
|
|
|
20
|
-
#
|
|
21
|
-
$
|
|
22
|
-
https://github.com/launchdarkly/ruby-server-sdk-otel/releases/download/${VERSION}/launchdarkly-server-sdk-otel-${VERSION}.gem.intoto.jsonl
|
|
23
|
-
|
|
24
|
-
# Run slsa-verifier to verify provenance against package artifacts
|
|
25
|
-
$ slsa-verifier verify-artifact \
|
|
26
|
-
--provenance-path launchdarkly-server-sdk-otel-${VERSION}.gem.intoto.jsonl \
|
|
27
|
-
--source-uri github.com/launchdarkly/ruby-server-sdk-otel \
|
|
28
|
-
launchdarkly-server-sdk-otel-${VERSION}.gem
|
|
20
|
+
# Verify provenance using the GitHub CLI
|
|
21
|
+
$ gh attestation verify launchdarkly-server-sdk-otel-${VERSION}.gem --owner launchdarkly
|
|
29
22
|
```
|
|
30
23
|
|
|
31
24
|
Below is a sample of expected output.
|
|
32
25
|
|
|
33
26
|
```
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
27
|
+
Loaded digest sha256:... for file://launchdarkly-server-sdk-otel-1.1.1.gem
|
|
28
|
+
Loaded 1 attestation from GitHub API
|
|
29
|
+
|
|
30
|
+
The following policy criteria will be enforced:
|
|
31
|
+
- Predicate type must match:................ https://slsa.dev/provenance/v1
|
|
32
|
+
- Source Repository Owner URI must match:... https://github.com/launchdarkly
|
|
33
|
+
- Subject Alternative Name must match regex: (?i)^https://github.com/launchdarkly/
|
|
34
|
+
- OIDC Issuer must match:................... https://token.actions.githubusercontent.com
|
|
35
|
+
|
|
36
|
+
✓ Verification succeeded!
|
|
37
|
+
|
|
38
|
+
The following 1 attestation matched the policy criteria
|
|
37
39
|
|
|
38
|
-
|
|
40
|
+
- Attestation #1
|
|
41
|
+
- Build repo:..... launchdarkly/ruby-server-sdk-otel
|
|
42
|
+
- Build workflow:. .github/workflows/release-please.yml
|
|
43
|
+
- Signer repo:.... launchdarkly/ruby-server-sdk-otel
|
|
44
|
+
- Signer workflow: .github/workflows/release-please.yml
|
|
39
45
|
```
|
|
40
46
|
|
|
41
|
-
|
|
47
|
+
For more information, see [GitHub's documentation on verifying artifact attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli).
|
|
42
48
|
|
|
43
|
-
**Note:** These instructions do not apply when building our libraries from source.
|
|
49
|
+
**Note:** These instructions do not apply when building our libraries from source.
|
data/SECURITY.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# Reporting and Fixing Security Issues
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
**Do not open Issues or Pull Requests for security issues.**
|
|
4
|
+
This will make potential issues publicly visible before LaunchDarkly's Security Team can address them, which could lead to a compromise of the platform and negatively impact our customers.
|
|
4
5
|
|
|
5
|
-
|
|
6
|
+
Security issues must be reported through our [Bug Bounty program](https://bugcrowd.com/engagements/launchdarkly-mbb-og), following the program policy, for triage and remediation by the LaunchDarkly Security Team. Valid security issues may be eligible for a bounty.
|
|
7
|
+
|
|
8
|
+
Please do not attempt to directly contact members of LaunchDarkly staff.
|
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
|
29
29
|
spec.require_paths = ["lib"]
|
|
30
30
|
|
|
31
|
-
spec.add_runtime_dependency "launchdarkly-server-sdk", "~> 8.4
|
|
31
|
+
spec.add_runtime_dependency "launchdarkly-server-sdk", "~> 8.4"
|
|
32
32
|
spec.add_runtime_dependency "opentelemetry-sdk", "~> 1.0", ">= 1.4.0"
|
|
33
33
|
|
|
34
34
|
spec.add_development_dependency 'rake', '~> 13.0'
|
data/release-please-config.json
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: launchdarkly-server-sdk-otel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- LaunchDarkly
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - "~>"
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 8.4
|
|
18
|
+
version: '8.4'
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - "~>"
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 8.4
|
|
25
|
+
version: '8.4'
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: opentelemetry-sdk
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|