letsencrypt-rails-heroku 1.2.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c3f97585c884a70e519fdc84a79276ab7abb845e
-  data.tar.gz: 04ecb09cedcc720fbfb2eb87175f68165eab842f
+SHA256:
+  metadata.gz: e19d5080608ad213dfa35f80bbbca7d8aefcfeb7724b0d94efef50e56208f749
+  data.tar.gz: 8567453f9e4d49488692a81bcfe64299a342c8e2cc8c9395116ff7c518842cb8
 SHA512:
-  metadata.gz: 9b52c79ddaf3970f102d6c24b4baa210fb78ec162a83e44ee1cf858dbdfd5acef0498d5a0e2f8050d83442b6abecc1d34f39753bd8ef8643083138ecd4729208
-  data.tar.gz: c9d16e37682bfd2649b9e5a42aa587e574e31fc9aff5f6e4454bcf41092931998ebe3bd2362c7f6c37ffc2b7690483035a2b12fba462a641e04f549b6a6edade
+  metadata.gz: e6e647b7ccffae1ea0690a3711bbb37ed773aa9a09c54fcfeb6d7d964ad097cc59524f222dd314e1af4c9ad066319d87feca72af7833055cf2d8e346e42cec7e
+  data.tar.gz: 91e1769ca76f84c11de507dce46da2c56c431186ef6793f6ff12b934c664403255721bba2b5dcc99bdbf1530f21f2d219dba0d540e2016a64e9caaae85bb2560

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+# 1.2.1
+
+ - Update `rack` and `nokogiri` dependencies due to reported vulnerabilities
+   in those libraries. Note that these don't affect letsencrypt-rails-heroku
+   directly.
+   [CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471),
+   [CVE-2016-4658](https://nvd.nist.gov/vuln/detail/CVE-2016-4658),
+   [CVE-2017-5029](https://nvd.nist.gov/vuln/detail/CVE-2017-5029),
+   [CVE-2018-14404](https://nvd.nist.gov/vuln/detail/CVE-2018-14404),
+   [CVE-2017-18258](https://nvd.nist.gov/vuln/detail/CVE-2017-18258),
+   [CVE-2017-9050](https://nvd.nist.gov/vuln/detail/CVE-2017-9050).
+
+ - Stop using [jalada/platform-api](https://github.com/jalada/platform-api) 
+   because the newer version of the official version supports the API endpoints
+   we need now.
+
 # 1.2.0
 
  - Support SSL Endpoint configuration, as well as the default SNI.

data/Gemfile

@@ -1,9 +1,7 @@
 source "https://rubygems.org"
 
 gem 'acme-client', '~> 0.4.0'
-# SNI endpoints not supported yet:
-# <https://github.com/heroku/platform-api/issues/49>
-gem 'platform-api', github: 'jalada/platform-api', branch: 'master'
+gem 'platform-api', '~> 2.2'
 
 group :development do
   gem "shoulda", ">= 0"

data/Gemfile.lock

@@ -1,11 +1,3 @@
-GIT
-  remote: git://github.com/jalada/platform-api.git
-  revision: 45ddb3c1a7e2c7f85d979c0791db18e99affb237
-  branch: master
-  specs:
-    platform-api (0.8.0)
-      heroics (~> 0.0.17)
-
 GEM
   remote: https://rubygems.org/
   specs:
@@ -23,7 +15,7 @@ GEM
       thread_safe (~> 0.3, >= 0.3.1)
     docile (1.1.5)
     erubis (2.7.0)
-    excon (0.51.0)
+    excon (0.62.0)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
     git (1.3.0)
@@ -34,15 +26,14 @@ GEM
       hashie (>= 3.4)
       oauth2 (~> 1.0)
     hashie (3.4.6)
-    heroics (0.0.17)
+    heroics (0.0.25)
       erubis (~> 2.0)
       excon
       moneta
       multi_json (>= 1.9.2)
-      netrc
     highline (1.7.8)
     i18n (0.7.0)
-    json (1.8.3)
+    json (1.8.6)
     juwelier (2.1.3)
       builder
       bundler (>= 1.13)
@@ -54,22 +45,24 @@ GEM
       rdoc
       semver
     jwt (1.5.6)
-    mini_portile2 (2.1.0)
+    mini_portile2 (2.4.0)
     minitest (5.9.0)
-    moneta (0.8.0)
-    multi_json (1.12.1)
+    moneta (1.0.0)
+    multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
-    netrc (0.11.0)
-    nokogiri (1.6.8.1)
-      mini_portile2 (~> 2.1.0)
+    nokogiri (1.10.2)
+      mini_portile2 (~> 2.4.0)
     oauth2 (1.2.0)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    rack (2.0.1)
+    platform-api (2.2.0)
+      heroics (~> 0.0.25)
+      moneta (~> 1.0.0)
+    rack (2.0.7)
     rake (12.0.0)
     rdoc (3.12.2)
       json (~> 1.4)
@@ -96,10 +89,10 @@ DEPENDENCIES
   acme-client (~> 0.4.0)
   bundler (~> 1.0)
   juwelier (~> 2.1.0)
-  platform-api!
+  platform-api (~> 2.2)
   rdoc (~> 3.12)
   shoulda
   simplecov
 
 BUNDLED WITH
-   1.13.6
+   1.16.6

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2016 Pixie Labs
+Copyright (c) 2019 Pixie Labs
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,5 +1,8 @@
 # LetsEncrypt & Rails & Heroku
 
+### Deprecated: Heroku now support [free automated SSL certificates for paid dynos](https://devcenter.heroku.com/articles/automated-certificate-management), you should use that instead of this gem unless your situation is covered by the [known limitations](https://devcenter.heroku.com/articles/automated-certificate-management#known-limitations) of ACM, e.g. your app runs in Heroku Private Spaces.
+
+
 [![Gem Version](https://badge.fury.io/rb/letsencrypt-rails-heroku.svg)](https://badge.fury.io/rb/letsencrypt-rails-heroku)
 
 This gem is a complete solution for securing your Ruby on Rails application
@@ -14,7 +17,9 @@ repository.
 
 ## Requirements
 
- - You must be using hobby or professional dynos to use free SNI-based SSL. Find out more on [Heroku's documentation page about SSL](https://devcenter.heroku.com/articles/ssl).
+ - You must be using hobby or professional dynos to use free SNI-based SSL.
+   Find out more on [Heroku's documentation page about
+   SSL](https://devcenter.heroku.com/articles/ssl).
 
  - You should have already configured your app DNS as per [Heroku's
    documentation](https://devcenter.heroku.com/articles/custom-domains).
@@ -24,10 +29,6 @@ repository.
 Add the gem to your Gemfile:
 
 ```
-# Until the new API calls are generally available, you must manually specify my fork
-# of the Heroku API gem:
-gem 'platform-api', git: 'https://github.com/jalada/platform-api', branch: 'master'
-
 gem 'letsencrypt-rails-heroku', group: 'production'
 ```
 
@@ -126,10 +127,13 @@ You can see these details by typing `heroku domains`.
 
 ## Adding a scheduled task
 
-You should add a scheduled task on Heroku to renew the certificate. The
-scheduled task should be configured to run `rake letsencrypt:renew` as often
-as you want to renew your certificate. Letsencrypt certificates are valid for
-90 days, but there's no harm renewing them more frequently than that.
+You should add a scheduled task on Heroku to renew the certificate. If you 
+are unfamiliar with how to do this, take a look at [Heroku's documentation
+on their scheduler addon](https://devcenter.heroku.com/articles/scheduler).
+
+The scheduled task should be configured to run `rake letsencrypt:renew` as
+often as you want to renew your certificate. Letsencrypt certificates are valid
+for 90 days, but there's no harm renewing them more frequently than that.
 
 Heroku Scheduler only lets you run a task as infrequently as once a day, but
 you don't want to renew your SSL certificate every day (you will hit
@@ -138,7 +142,7 @@ run less frequently using a shell control statement. For example to renew your
 certificate on the 1st day of every month:
 
 ```
-if [ "$(date +%d)" = 01 ]; then rake letsencrypt:renew; fi
+if [ "$(date +%d)" = 01 ]; then bundle exec rake letsencrypt:renew; fi
 ```
 
 Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-monthly-tasks/)
@@ -148,12 +152,13 @@ Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-m
 Suggestions and pull requests are welcome in improving the situation with the
 following security considerations:
 
- - When configuring this gem you must add a non-expiring Heroku API token
-   into your application environment. Your collaborators could use this
-   token to impersonate the account it was created with when accessing
-   the Heroku API. This is important if your account has access to other apps
-   that your collaborators don’t. Additionally, if your application environment was
-   leaked this would give the attacker access to the Heroku API as your user account. 
+ - When configuring this gem you must add a non-expiring Heroku API token into
+   your application environment. Your collaborators could use this token to
+   impersonate the account it was created with when accessing the Heroku API.
+   This is important if your account has access to other apps that your
+   collaborators don’t. Additionally, if your application environment was
+   leaked this would give the attacker access to the Heroku API as your user
+   account. 
    [More information about Heroku’s API and oAuth](https://devcenter.heroku.com/articles/oauth#direct-authorization).
 
    You should create the API token from a suitably locked-down account.
@@ -170,17 +175,17 @@ following security considerations:
 
 ### Common name invalid errors (security certificate is from *.herokuapp.com)
 
-Your domain is still configured as a CNAME or ALIAS to `your-app.herokuapp.com`. Check the output of `heroku domains` matches your DNS configuration. When you add an SNI cert to an app for the first time [the DNS target changes](https://devcenter.heroku.com/articles/custom-domains#view-existing-domains).
+Your domain is still configured as a CNAME or ALIAS to
+`your-app.herokuapp.com`. Check the output of `heroku domains` matches your DNS
+configuration. When you add an SNI cert to an app for the first time
+[the DNS target changes](https://devcenter.heroku.com/articles/custom-domains#view-existing-domains).
 
 ## To-do list
 
 - Persist account key, or at least give the option of using an existing one, so
   we don’t register with LetsEncrypt over and over.
 
-- Stop using a fork of the `platform-api` gem once it supports the SNI endpoint
-  API calls. [See issue #49 of the platform-api gem](https://github.com/heroku/platform-api/issues/49).
-
-- Provide instructions for running the gem decoupled from the app it is 
+- Provide instructions for running the gem decoupled from the app it is
   securing, for the paranoid.
 
 ## Contributing
@@ -202,4 +207,5 @@ Your domain is still configured as a CNAME or ALIAS to `your-app.herokuapp.com`.
 
 1. Bump the version: `rake version:bump:{major,minor,patch}`.
 2. Update `CHANGELOG.md` & commit.
-3. Use `rake release` to regenerate gemspec, push a tag to git, and push a new `.gem` to rubygems.org
+3. Use `rake release` to regenerate gemspec, push a tag to git, and push a new
+   `.gem` to rubygems.org.

data/VERSION

@@ -1 +1 @@
-1.2.0
+1.2.1

data/letsencrypt-rails-heroku.gemspec

@@ -2,18 +2,18 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: letsencrypt-rails-heroku 1.2.0 ruby lib
+# stub: letsencrypt-rails-heroku 1.2.1 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "letsencrypt-rails-heroku"
-  s.version = "1.2.0"
+  s.name = "letsencrypt-rails-heroku".freeze
+  s.version = "1.2.1"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["Pixie Labs", "David Somers", "Abigail McPhillips"]
-  s.date = "2017-03-03"
-  s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account."
-  s.email = "team@pixielabs.io"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Pixie Labs".freeze, "David Somers".freeze, "Abigail McPhillips".freeze]
+  s.date = "2019-04-12"
+  s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account.".freeze
+  s.email = "team@pixielabs.io".freeze
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.md"
@@ -35,39 +35,39 @@ Gem::Specification.new do |s|
     "lib/letsencrypt-rails-heroku/railtie.rb",
     "lib/tasks/letsencrypt.rake"
   ]
-  s.homepage = "https://github.com/pixielabs/letsencrypt-rails-heroku"
-  s.licenses = ["MIT"]
-  s.rubygems_version = "2.5.1"
-  s.summary = "Automatic LetsEncrypt certificates in your Rails app on Heroku"
+  s.homepage = "https://github.com/pixielabs/letsencrypt-rails-heroku".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.7.8".freeze
+  s.summary = "Automatic LetsEncrypt certificates in your Rails app on Heroku".freeze
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<acme-client>, ["~> 0.4.0"])
-      s.add_runtime_dependency(%q<platform-api>, [">= 0"])
-      s.add_development_dependency(%q<shoulda>, [">= 0"])
-      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_development_dependency(%q<juwelier>, ["~> 2.1.0"])
-      s.add_development_dependency(%q<simplecov>, [">= 0"])
+      s.add_runtime_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
+      s.add_runtime_dependency(%q<platform-api>.freeze, ["~> 2.2"])
+      s.add_development_dependency(%q<shoulda>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>.freeze, ["~> 1.0"])
+      s.add_development_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
     else
-      s.add_dependency(%q<acme-client>, ["~> 0.4.0"])
-      s.add_dependency(%q<platform-api>, [">= 0"])
-      s.add_dependency(%q<shoulda>, [">= 0"])
-      s.add_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_dependency(%q<juwelier>, ["~> 2.1.0"])
-      s.add_dependency(%q<simplecov>, [">= 0"])
+      s.add_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
+      s.add_dependency(%q<platform-api>.freeze, ["~> 2.2"])
+      s.add_dependency(%q<shoulda>.freeze, [">= 0"])
+      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
+      s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
     end
   else
-    s.add_dependency(%q<acme-client>, ["~> 0.4.0"])
-    s.add_dependency(%q<platform-api>, [">= 0"])
-    s.add_dependency(%q<shoulda>, [">= 0"])
-    s.add_dependency(%q<rdoc>, ["~> 3.12"])
-    s.add_dependency(%q<bundler>, ["~> 1.0"])
-    s.add_dependency(%q<juwelier>, ["~> 2.1.0"])
-    s.add_dependency(%q<simplecov>, [">= 0"])
+    s.add_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
+    s.add_dependency(%q<platform-api>.freeze, ["~> 2.2"])
+    s.add_dependency(%q<shoulda>.freeze, [">= 0"])
+    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
+    s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt-rails-heroku
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Pixie Labs
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-03 00:00:00.000000000 Z
+date: 2019-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -30,16 +30,16 @@ dependencies:
   name: platform-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: shoulda
   requirement: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: Automatic LetsEncrypt certificates in your Rails app on Heroku