RubyGems - mitre-settingslogic - Versions diffs - 3.0.0 → 3.0.1 - Mend

mitre-settingslogic 3.0.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cabca9894cc72e6bf4207679d3847b539f15ba2c99cbd30165271b3988568b86
-  data.tar.gz: 1dead53a7b4c408796cb7439bf15fce7a3cef28e868a755ec595d759def19252
+  metadata.gz: f220b7a09d14593b9e256f459bc087b3c56b05e620fde2dc2d6ecc995a509259
+  data.tar.gz: 83df8f3359310b6807d62a3e59d60a83131f3f869d22749da0931cf03a407f23
 SHA512:
-  metadata.gz: 70ed779744d55559bbc1db46ec27700b6406f93c88e82e157de222b30b1264361e702d1c55d9012d234f94de2f3e541f13606d36b30893530b96f76efd2cb030
-  data.tar.gz: f920eadd8d2e1191209d1bab0497b845978a690a0e1b03da0f4ef29189221dad2c2638a1522023bb6e4cf6e25fe4727849c533b287f1f57e9a65fa420f28e8fe
+  metadata.gz: fc9a9dc6ff07a634b8dd02b45ad6d212ff6ba508b00dc53b4c38835818bfa3a13b24daca5c195c3830948c8e6f9d75913992acf3fd5772d025cdc97ba6cd6149
+  data.tar.gz: 4d31cd680ed132f7131ae31ea4ac1b1b0cd5de89170fd29c2b67d07aa0d36626c5e462b96fa7070736e3155f40653dec7657f60b87636cf828ad12ae92a1a6f9

data/CHANGELOG.md CHANGED Viewed

@@ -5,63 +5,127 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [3.0.0] - 2025-01-11
+## [3.0.1] - 2025-08-11
-### 🔒 Security (BREAKING CHANGES)
+### Added
-- **Critical**: Replace `YAML.unsafe_load` with `YAML.safe_load` to prevent arbitrary code execution
-- Default permitted YAML classes: `Symbol, Date, Time, DateTime, BigDecimal`
-- Replace vulnerable `open-uri` with `Net::HTTP` for URL loading
-- Add protocol validation to block dangerous URI schemes (file://, ftp://, etc.)
+- Add MkDocs Material documentation site
-### ✨ Features
+### Documentation
-- Add Ruby 3.x compatibility (3.0, 3.1, 3.2, 3.3, 3.4)
-- Add Rails 7.x and 8.x compatibility
-- Add Psych 4 support with YAML alias handling
-- Add configurable permitted classes via `Settingslogic.yaml_permitted_classes`
-- Add migration path with deprecated `Settingslogic.use_yaml_unsafe_load` flag
-- Add helpful error messages with migration instructions
+- Prepare for master to main branch rename
-### 🐛 Fixes
+### Fixed
-- Fix RSpec Array#flatten issues with `to_ary` method
-- Fix deprecated `has_key?` usage (now `key?`)
-- Fix eval security with proper `__FILE__` and `__LINE__` tracking
-- Fix Ruby 3.4 compatibility with explicit bigdecimal dependency
-- Fix CI issues with Ruby 2.7 + Rails 6.1 zeitwerk conflict
+- Update documentation and license references
+- Update Gemfile.lock with correct gem name
+- Update rake task to use single quotes for version string
-### 📦 Infrastructure
+### Miscellaneous Tasks
-- Add comprehensive test suite (94.63% coverage)
-- Add RuboCop linting with rubocop-rspec and rubocop-performance
-- Add GitHub Actions CI for all Ruby/Rails combinations
-- Add automated release tooling with version management
-- Add security testing suite (19 security-specific tests)
+- Finalize branch rename cleanup
+- Add GitHub Pages documentation deployment workflow
-### 📚 Documentation
+## [3.0.0] - 2025-08-11
-- Add comprehensive README with migration guide
-- Add SECURITY.md with vulnerability reporting process
-- Add ROADMAP.md for future development plans
-- Add CONTRIBUTING.md for contribution guidelines
-- Update all documentation for v3.0.0
+### Added
-### ⚠️ Breaking Changes
+- Add Ruby 3.x and Psych 4 compatibility
+- Add configurability and migration path for YAML security fix
-- YAML files can no longer instantiate arbitrary Ruby objects by default
-- To allow custom classes: `Settingslogic.yaml_permitted_classes += [MyClass]`
-- Temporary opt-out available: `Settingslogic.use_yaml_unsafe_load = true` (deprecated)
+### Documentation
-### 📝 Notes
+- Add comprehensive documentation for v3.0.0 release
+- Finalize v3.0.0 release preparation
-This is a major security release addressing CVE-2022-32224-like vulnerabilities. All users should upgrade and review their YAML files for compatibility with safe_load restrictions.
+### Fixed
-## [2.0.9] - 2012-10-19
+- Resolve CI test failures
+- Critical security vulnerability - replace YAML.unsafe_load with safe_load
+- Specify bounded bigdecimal dependency
-Last release of the original gem by Ben Johnson (binarylogic).
+### Miscellaneous Tasks
----
+- Add development tooling and release automation
+- Update dependencies and gemspec for v3.0.0
+- Update gitignore for session and archive files
+- Update changelog generation configuration
+- Update Gemfile.lock for bigdecimal dependency
-Maintained by MITRE Corporation
-Primary maintainer: Aaron Lippold <lippold@gmail.com>
+### Security
+- Add Ruby 3.x and Psych 4 compatibility
+- Add parse_yaml_content method to handle Psych 4's disabled aliases
+- Use YAML.unsafe_load for Ruby 3.1+ with fallback to YAML.load
+- Add to_ary method to fix RSpec Array#flatten issues
+- Update deprecated has_key? to key?
+- Add frozen string literal pragma
+- Improve eval security with file/line tracking
+- Fix RSpec be_false deprecation in tests
+- Bump version to 3.0.0
+Authored by: Aaron Lippold <lippold@gmail.com>
+- Comprehensive Ruby 3.x compatibility and security update
+- Add full Ruby 3.x support (3.0, 3.1, 3.2, 3.3, 3.4)
+- Fix Psych 4 YAML alias compatibility for Ruby 3.1+
+- Update all dependencies to latest secure versions
+- Add bundler-audit for security monitoring
+- Implement stringify_keys for Rails compatibility
+- Add to_ary for RSpec compatibility
+- Improve symbolize_keys for nested hashes
+- Fix deprecated methods (has_key? → key?)
+- Add frozen string literals throughout
+- Improve eval security with file/line tracking
+- Add comprehensive GitHub Actions CI
+- Add MITRE standard project files
+- Add security documentation and policies
+- Acknowledge contributions from community forks
+All tests passing, no known CVEs in dependencies.
+Authored by: Aaron Lippold <lippold@gmail.com>
+### Styling
+- Fix RuboCop offenses in Rakefile
+### Testing
+- Reorganize tests and improve coverage to 92%
+## [2.0.8] - 2012-01-09
+### Fixed
+- Fix jewler
+- Fix conflicts
+## [2.0.7] - 2012-01-06
+### Fixed
+- Fixes settingslogic #11
+## [2.0.6] - 2010-02-13
+## [2.0.5] - 2010-02-01
+## [2.0.4] - 2010-01-29
+## [2.0.3] - 2009-09-02
+### Refactoring
+- NodeDefinder module was introduced.
+## [2.0.2] - 2009-08-22
+## [2.0.1] - 2009-08-22
+## [2.0.0] - 2009-08-22
+## [1.0.4] - 2009-06-28
+<!-- generated by git-cliff -->

data/CONTRIBUTING.md CHANGED Viewed

@@ -40,7 +40,7 @@ bundle exec rubocop
 ## 📝 Making Changes
 1. **Fork the repository** on GitHub
-2. **Create a feature branch** from `master`
+2. **Create a feature branch** from `main`
    ```bash
    git checkout -b feature/my-new-feature
    ```

data/LICENSE.md CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: License
-description: Apache 2.0 license for the cyber-trackr-live project
+description: Apache 2.0 license for the mitre-settingslogic project
 layout: doc
 sidebar: true
 ---

data/README.md CHANGED Viewed

@@ -21,7 +21,7 @@ Add this to your Gemfile:
 ```ruby
 # Use the MITRE fork for Ruby 3.x compatibility
-gem 'settingslogic', github: 'mitre/settingslogic', branch: 'master'
+gem 'settingslogic', github: 'mitre/settingslogic', branch: 'main'
 ```
 Or if we publish to RubyGems:

data/ROADMAP.md CHANGED Viewed

@@ -9,7 +9,7 @@
 - ✅ 94%+ test coverage with reorganized specs
 ## Version 3.x (Maintenance)
-- Rename master branch to main (v3.0.1 or v3.1)
+- ✅ Rename master branch to main (completed in v3.0.1)
 - Test gem autopublishing workflow
 - Bug fixes as needed
 - Maintain compatibility with new Ruby/Rails releases

data/lib/settingslogic/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 class Settingslogic < Hash
-  VERSION = '3.0.0'
+  VERSION = '3.0.1'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mitre-settingslogic
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.1
 platform: ruby
 authors:
 - Ben Johnson
@@ -142,13 +142,13 @@ files:
 - lib/settingslogic/version.rb
 homepage: https://github.com/mitre/settingslogic
 licenses:
-- MIT
+- Apache-2.0
 metadata:
   homepage_uri: https://github.com/mitre/settingslogic
   source_code_uri: https://github.com/mitre/settingslogic
   changelog_uri: https://github.com/mitre/settingslogic/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/mitre/settingslogic/issues
-  documentation_uri: https://www.rubydoc.info/gems/settingslogic
+  documentation_uri: https://www.rubydoc.info/gems/mitre-settingslogic
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -165,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: A simple settings solution using YAML and a singleton pattern