RubyGems - mitre-settingslogic - Versions diffs - 3.0.0 → 3.0.2 - Mend

mitre-settingslogic 3.0.0 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cabca9894cc72e6bf4207679d3847b539f15ba2c99cbd30165271b3988568b86
-  data.tar.gz: 1dead53a7b4c408796cb7439bf15fce7a3cef28e868a755ec595d759def19252
+  metadata.gz: 8c9768d547c39600718529b6957ec4d15e1270ee27520b034ca5cd56316b4c98
+  data.tar.gz: a4e1608370d04f88233459941c19a876bfcabfcf5bc6e027c5628047e317691d
 SHA512:
-  metadata.gz: 70ed779744d55559bbc1db46ec27700b6406f93c88e82e157de222b30b1264361e702d1c55d9012d234f94de2f3e541f13606d36b30893530b96f76efd2cb030
-  data.tar.gz: f920eadd8d2e1191209d1bab0497b845978a690a0e1b03da0f4ef29189221dad2c2638a1522023bb6e4cf6e25fe4727849c533b287f1f57e9a65fa420f28e8fe
+  metadata.gz: 8bced130632449facb6ca167d821735cfa5fb7b00541759f2c4d9db1c0d4a40648510ca03cdbf2e51a12a0a0f75b43ccc89173849df7f3b7dc2044ef19de2c0f
+  data.tar.gz: 91d8eeadf2e622a8694ab67c1a23e1c6baeccaba49c9272ea8b37dd555d005d7882f68cd244c49136746c53aec35c22a0bb335c15729e2e9b741dfe3f3ef0907

data/CHANGELOG.md CHANGED Viewed

@@ -5,63 +5,138 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [3.0.0] - 2025-01-11
+## [3.0.2] - 2025-08-11
-### 🔒 Security (BREAKING CHANGES)
+### Documentation
-- **Critical**: Replace `YAML.unsafe_load` with `YAML.safe_load` to prevent arbitrary code execution
-- Default permitted YAML classes: `Symbol, Date, Time, DateTime, BigDecimal`
-- Replace vulnerable `open-uri` with `Net::HTTP` for URL loading
-- Add protocol validation to block dangerous URI schemes (file://, ftp://, etc.)
+- Update documentation_uri to point to GitHub Pages
-### ✨ Features
+## [3.0.1] - 2025-08-11
-- Add Ruby 3.x compatibility (3.0, 3.1, 3.2, 3.3, 3.4)
-- Add Rails 7.x and 8.x compatibility
-- Add Psych 4 support with YAML alias handling
-- Add configurable permitted classes via `Settingslogic.yaml_permitted_classes`
-- Add migration path with deprecated `Settingslogic.use_yaml_unsafe_load` flag
-- Add helpful error messages with migration instructions
+### Added
-### 🐛 Fixes
+- Add MkDocs Material documentation site
-- Fix RSpec Array#flatten issues with `to_ary` method
-- Fix deprecated `has_key?` usage (now `key?`)
-- Fix eval security with proper `__FILE__` and `__LINE__` tracking
-- Fix Ruby 3.4 compatibility with explicit bigdecimal dependency
-- Fix CI issues with Ruby 2.7 + Rails 6.1 zeitwerk conflict
+### Documentation
-### 📦 Infrastructure
+- Prepare for master to main branch rename
-- Add comprehensive test suite (94.63% coverage)
-- Add RuboCop linting with rubocop-rspec and rubocop-performance
-- Add GitHub Actions CI for all Ruby/Rails combinations
-- Add automated release tooling with version management
-- Add security testing suite (19 security-specific tests)
+### Fixed
-### 📚 Documentation
+- Update documentation and license references
+- Update Gemfile.lock with correct gem name
+- Update rake task to use single quotes for version string
+- Update Gemfile.lock for version 3.0.1
+- Auto-update Gemfile.lock after version bump in rake task
+- Add RuboCop autocorrect to release process
+- Improve release process to handle all modified files
+- Remove trailing whitespace from Rakefile
-- Add comprehensive README with migration guide
-- Add SECURITY.md with vulnerability reporting process
-- Add ROADMAP.md for future development plans
-- Add CONTRIBUTING.md for contribution guidelines
-- Update all documentation for v3.0.0
+### Miscellaneous Tasks
-### ⚠️ Breaking Changes
+- Finalize branch rename cleanup
+- Add GitHub Pages documentation deployment workflow
-- YAML files can no longer instantiate arbitrary Ruby objects by default
-- To allow custom classes: `Settingslogic.yaml_permitted_classes += [MyClass]`
-- Temporary opt-out available: `Settingslogic.use_yaml_unsafe_load = true` (deprecated)
+## [3.0.0] - 2025-08-11
-### 📝 Notes
+### Added
-This is a major security release addressing CVE-2022-32224-like vulnerabilities. All users should upgrade and review their YAML files for compatibility with safe_load restrictions.
+- Add Ruby 3.x and Psych 4 compatibility
+- Add configurability and migration path for YAML security fix
-## [2.0.9] - 2012-10-19
+### Documentation
-Last release of the original gem by Ben Johnson (binarylogic).
+- Add comprehensive documentation for v3.0.0 release
+- Finalize v3.0.0 release preparation
----
+### Fixed
-Maintained by MITRE Corporation
-Primary maintainer: Aaron Lippold <lippold@gmail.com>
+- Resolve CI test failures
+- Critical security vulnerability - replace YAML.unsafe_load with safe_load
+- Specify bounded bigdecimal dependency
+### Miscellaneous Tasks
+- Add development tooling and release automation
+- Update dependencies and gemspec for v3.0.0
+- Update gitignore for session and archive files
+- Update changelog generation configuration
+- Update Gemfile.lock for bigdecimal dependency
+### Security
+- Add Ruby 3.x and Psych 4 compatibility
+- Add parse_yaml_content method to handle Psych 4's disabled aliases
+- Use YAML.unsafe_load for Ruby 3.1+ with fallback to YAML.load
+- Add to_ary method to fix RSpec Array#flatten issues
+- Update deprecated has_key? to key?
+- Add frozen string literal pragma
+- Improve eval security with file/line tracking
+- Fix RSpec be_false deprecation in tests
+- Bump version to 3.0.0
+Authored by: Aaron Lippold <lippold@gmail.com>
+- Comprehensive Ruby 3.x compatibility and security update
+- Add full Ruby 3.x support (3.0, 3.1, 3.2, 3.3, 3.4)
+- Fix Psych 4 YAML alias compatibility for Ruby 3.1+
+- Update all dependencies to latest secure versions
+- Add bundler-audit for security monitoring
+- Implement stringify_keys for Rails compatibility
+- Add to_ary for RSpec compatibility
+- Improve symbolize_keys for nested hashes
+- Fix deprecated methods (has_key? → key?)
+- Add frozen string literals throughout
+- Improve eval security with file/line tracking
+- Add comprehensive GitHub Actions CI
+- Add MITRE standard project files
+- Add security documentation and policies
+- Acknowledge contributions from community forks
+All tests passing, no known CVEs in dependencies.
+Authored by: Aaron Lippold <lippold@gmail.com>
+### Styling
+- Fix RuboCop offenses in Rakefile
+### Testing
+- Reorganize tests and improve coverage to 92%
+## [2.0.8] - 2012-01-09
+### Fixed
+- Fix jewler
+- Fix conflicts
+## [2.0.7] - 2012-01-06
+### Fixed
+- Fixes settingslogic #11
+## [2.0.6] - 2010-02-13
+## [2.0.5] - 2010-02-01
+## [2.0.4] - 2010-01-29
+## [2.0.3] - 2009-09-02
+### Refactoring
+- NodeDefinder module was introduced.
+## [2.0.2] - 2009-08-22
+## [2.0.1] - 2009-08-22
+## [2.0.0] - 2009-08-22
+## [1.0.4] - 2009-06-28
+<!-- generated by git-cliff -->

data/CONTRIBUTING.md CHANGED Viewed

@@ -40,7 +40,7 @@ bundle exec rubocop
 ## 📝 Making Changes
 1. **Fork the repository** on GitHub
-2. **Create a feature branch** from `master`
+2. **Create a feature branch** from `main`
    ```bash
    git checkout -b feature/my-new-feature
    ```

data/LICENSE.md CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: License
-description: Apache 2.0 license for the cyber-trackr-live project
+description: Apache 2.0 license for the mitre-settingslogic project
 layout: doc
 sidebar: true
 ---

data/README.md CHANGED Viewed

@@ -21,7 +21,7 @@ Add this to your Gemfile:
 ```ruby
 # Use the MITRE fork for Ruby 3.x compatibility
-gem 'settingslogic', github: 'mitre/settingslogic', branch: 'master'
+gem 'settingslogic', github: 'mitre/settingslogic', branch: 'main'
 ```
 Or if we publish to RubyGems:

data/ROADMAP.md CHANGED Viewed

@@ -9,7 +9,7 @@
 - ✅ 94%+ test coverage with reorganized specs
 ## Version 3.x (Maintenance)
-- Rename master branch to main (v3.0.1 or v3.1)
+- ✅ Rename master branch to main (completed in v3.0.1)
 - Test gem autopublishing workflow
 - Bug fixes as needed
 - Maintain compatibility with new Ruby/Rails releases

data/lib/settingslogic/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 class Settingslogic < Hash
-  VERSION = '3.0.0'
+  VERSION = '3.0.2'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mitre-settingslogic
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.2
 platform: ruby
 authors:
 - Ben Johnson
@@ -142,13 +142,13 @@ files:
 - lib/settingslogic/version.rb
 homepage: https://github.com/mitre/settingslogic
 licenses:
-- MIT
+- Apache-2.0
 metadata:
   homepage_uri: https://github.com/mitre/settingslogic
   source_code_uri: https://github.com/mitre/settingslogic
   changelog_uri: https://github.com/mitre/settingslogic/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/mitre/settingslogic/issues
-  documentation_uri: https://www.rubydoc.info/gems/settingslogic
+  documentation_uri: https://mitre.github.io/settingslogic/
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -165,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: A simple settings solution using YAML and a singleton pattern