oauth2 2.0.19 → 2.0.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 97a922901552727c225711855a88d45f56ad167b063ecb87477ac62db76e95e2
-  data.tar.gz: 6c31edbef7059f4644c46c273959c4c6e08f522d99306e94207bce8e82b10dc6
+  metadata.gz: a50435455bab3e2cbebb651d7b88494ee04268367f1f8ab3dbacb479f1637b65
+  data.tar.gz: f9b36d98b44a56fbfc6e73b59c44829aa6f28eb24c16141c5052e23019145dcc
 SHA512:
-  metadata.gz: 3a7ba7628e83cfc87d88bdcd1531256f85d5c053640444e76defda2c796b4d57c8c31aeee16784fc4d5c60c78ddeae5e99c44e91091c8fbd6927d6225101e60a
-  data.tar.gz: 206901137a350739ba8957bc65a2bf5ed3be2e85c7d2e03346320386b5901ed6178a359bbfb3a610d98c54bce4eda2cb8bffd657a87c2e567e80333cefc0d896
+  metadata.gz: 119ecedc64f4a158dcc0507b2da837ef2d44e6129803da0ebd383409a12670b43c892e596d2183a6e1095535ef0ed0e04769d4556f3111e392b12307a0c45e3c
+  data.tar.gz: 43bd592fbe5945d846b9791297ea307fe505a64e79b029b24302fe69fa246b57e7d279e1e87c1bf2c1cdc9e787a5d26e8fdbef15978dcfbb2efe277267d1628f

data/CHANGELOG.md

@@ -30,6 +30,29 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [2.0.20] - 2026-05-20
+
+- TAG: [v2.0.20][2.0.20t]
+- COVERAGE: 99.62% -- 525/527 lines in 15 files
+- BRANCH COVERAGE: 98.88% -- 176/178 branches in 15 files
+- 88.35% documented
+
+### Added
+
+- OAuth2::VERSION (Traditional Constant Location)
+
+### Changed
+
+- auth-sanitizer v0.1.3
+
+### Fixed
+
+- [gh!721][gh!721] Load `auth-sanitizer` through an internal isolated loader so requiring `oauth2` does not add top-level `Auth` or `AuthSanitizer` constants that may collide with downstream applications by @pboling
+
+### Security
+
+[gh!721]: https://github.com/ruby-oauth/oauth2/pull/721
+
 ## [2.0.19] - 2026-05-15
 
 - TAG: [v2.0.19][2.0.19t]
@@ -763,7 +786,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.19...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.20...HEAD
+[2.0.20]: https://github.com/ruby-oauth/oauth2/compare/v2.0.19...v2.0.20
+[2.0.20t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.20
 [2.0.19]: https://github.com/ruby-oauth/oauth2/compare/v2.0.18...v2.0.19
 [2.0.19t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.19
 [2.0.18]: https://github.com/ruby-oauth/oauth2/compare/v2.0.17...v2.0.18

data/README.md

@@ -1514,7 +1514,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]: https://gitmoji.dev
 [📌gitmoji-img]: https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.515-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.527-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [🔐irp]: IRP.md

data/REEK

@@ -1,2 +1,2 @@
-./reek: 1: Error:: not found
-./reek: 2: Error:: not found
+./reek: 1: ./reek:: not found
+./reek: 2: ./reek:: not found

data/lib/oauth2/auth_sanitizer.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module OAuth2
+  AUTH_SANITIZER = begin
+    auth_sanitizer_requirement = Gem::Requirement.new("~> 0.1", ">= 0.1.3")
+    auth_sanitizer_spec = Gem.loaded_specs["auth-sanitizer"]
+    unless auth_sanitizer_spec && auth_sanitizer_requirement.satisfied_by?(auth_sanitizer_spec.version)
+      # :nocov:
+      auth_sanitizer_spec = Gem::Specification.find_by_name("auth-sanitizer", auth_sanitizer_requirement)
+      # :nocov:
+    end
+
+    auth_sanitizer_loader_path = File.join(
+      auth_sanitizer_spec.full_gem_path,
+      "lib/auth_sanitizer/loader.rb",
+    )
+    unless File.file?(auth_sanitizer_loader_path)
+      # :nocov:
+      raise LoadError, "oauth2 requires auth-sanitizer #{auth_sanitizer_requirement}; " \
+        "loader not found at #{auth_sanitizer_loader_path}"
+      # :nocov:
+    end
+
+    auth_sanitizer_loader_namespace = Module.new
+    auth_sanitizer_loader_namespace.module_eval(
+      File.read(auth_sanitizer_loader_path),
+      auth_sanitizer_loader_path,
+      1,
+    )
+
+    auth_sanitizer_loader_namespace.
+      const_get(:AuthSanitizer).
+      const_get(:Loader).
+      load_isolated
+  end
+end

data/lib/oauth2/client.rb

@@ -42,7 +42,7 @@ module OAuth2
     # @option options [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday
     # @option options [Boolean] :raise_errors (true) whether to raise an OAuth2::Error on responses with 400+ status codes
     # @option options [Integer] :max_redirects (5) maximum number of redirects to follow
-    # @option options [Logger] :logger (::Logger.new($stdout)) Logger instance for HTTP request/response output; requires OAUTH_DEBUG to be true. When debug logging is enabled, sensitive values are filtered using {Auth::Sanitizer::SanitizedLogger} initialized from `OAuth2.config[:filtered_label]` and the key names in `OAuth2.config[:filtered_debug_keys]`.
+    # @option options [Logger] :logger (::Logger.new($stdout)) Logger instance for HTTP request/response output; requires OAUTH_DEBUG to be true. When debug logging is enabled, sensitive values are filtered using {OAuth2::AUTH_SANITIZER::SanitizedLogger} initialized from `OAuth2.config[:filtered_label]` and the key names in `OAuth2.config[:filtered_debug_keys]`.
     # @option options [Class] :access_token_class (AccessToken) class to use for access tokens; you can subclass OAuth2::AccessToken, @version 2.0+
     # @option options [Hash] :ssl SSL options for Faraday
     #
@@ -565,7 +565,7 @@ module OAuth2
     def oauth_debug_logging(builder)
       builder.response(
         :logger,
-        Auth::Sanitizer::SanitizedLogger.new(
+        OAuth2::AUTH_SANITIZER::SanitizedLogger.new(
           options[:logger],
           filtered_keys: OAuth2.config[:filtered_debug_keys],
           label: OAuth2.config[:filtered_label],

data/lib/oauth2/filtered_attributes.rb

@@ -1,13 +1,10 @@
 # frozen_string_literal: true
 
 module OAuth2
-  # Permanent alias for {Auth::Sanitizer::FilteredAttributes}.
+  # Permanent alias for {OAuth2::AUTH_SANITIZER::FilteredAttributes}.
   #
   # This constant is intentionally kept in the `OAuth2` namespace because it
   # was part of the public API before the implementation was extracted into the
   # `auth-sanitizer` gem.  It will **not** be deprecated or removed.
-  #
-  # New code that does not need the `OAuth2::` namespace can use
-  # {Auth::Sanitizer::FilteredAttributes} directly.
-  FilteredAttributes = Auth::Sanitizer::FilteredAttributes
+  FilteredAttributes = OAuth2::AUTH_SANITIZER::FilteredAttributes
 end

data/lib/oauth2/version.rb

@@ -2,6 +2,7 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.19"
+    VERSION = "2.0.20"
   end
+  VERSION = Version::VERSION # Traditional Constant Location
 end

data/lib/oauth2.rb

@@ -5,12 +5,12 @@ require "cgi/escape"
 require "time"
 
 # third party gems
-require "auth/sanitizer"
 require "snaky_hash"
 require "version_gem"
 
 # includes gem files
 require_relative "oauth2/version"
+require_relative "oauth2/auth_sanitizer"
 require_relative "oauth2/filtered_attributes"
 require_relative "oauth2/error"
 require_relative "oauth2/authenticator"
@@ -92,10 +92,10 @@ module OAuth2
   end
 end
 
-# Wire Auth::Sanitizer's label provider to read from OAuth2.config so that
-# FilteredAttributes-bearing objects and Auth::Sanitizer::SanitizedLogger instances
+# Wire OAuth2::AUTH_SANITIZER's label provider to read from OAuth2.config so that
+# FilteredAttributes-bearing objects and OAuth2::AUTH_SANITIZER::SanitizedLogger instances
 # pick up OAuth2.config[:filtered_label] at their initialization time.
-Auth::Sanitizer.filtered_label_provider = -> { OAuth2.config[:filtered_label] }
+OAuth2::AUTH_SANITIZER.filtered_label_provider = -> { OAuth2.config[:filtered_label] }
 
 # Extend OAuth2::Version with VersionGem helpers to provide semantic version helpers.
 OAuth2::Version.class_eval do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.19
+  version: 2.0.20
 platform: ruby
 authors:
 - Peter Boling
@@ -46,6 +46,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -53,6 +56,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.3
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -150,7 +156,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -160,7 +166,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.4
 - !ruby/object:Gem::Dependency
   name: version_gem
   requirement: !ruby/object:Gem::Requirement
@@ -255,14 +261,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -448,6 +454,7 @@ files:
 - THREAT_MODEL.md
 - lib/oauth2.rb
 - lib/oauth2/access_token.rb
+- lib/oauth2/auth_sanitizer.rb
 - lib/oauth2/authenticator.rb
 - lib/oauth2/client.rb
 - lib/oauth2/error.rb
@@ -476,10 +483,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://oauth2.galtzo.com/
-  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.19
-  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.19/CHANGELOG.md
+  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.20
+  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.20/CHANGELOG.md
   bug_tracker_uri: https://github.com/ruby-oauth/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.19
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.20
   mailing_list_uri: https://groups.google.com/g/oauth-ruby
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://gitlab.com/ruby-oauth/oauth2/-/wiki
@@ -488,11 +495,11 @@ metadata:
   rubygems_mfa_required: 'true'
 post_install_message: |2
 
-  ---+++--- oauth2 v2.0.19 ---+++---
+  ---+++--- oauth2 v2.0.20 ---+++---
 
   (minor) ⚠️ BREAKING CHANGES ⚠️ when upgrading from < v2
   • Summary of breaking changes: https://gitlab.com/ruby-oauth/oauth2#what-is-new-for-v20
-  • Changes in this patch: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.19/CHANGELOG.md#2015-2025-09-08
+  • Changes in this patch: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.20/CHANGELOG.md#2015-2025-09-08
 
   News:
   1. New documentation website, including for OAuth 2.1 and OIDC: https://oauth2.galtzo.com

metadata.gz.sig

@@ -1,2 +1,4 @@
-/x�F��D���Šn`ҧ������ރ0��B���h<0�t�T��C�}̒��Gw@��@h�L�"�w��f'����'�
[��8��㳭�쑈_�)&�W��=���U��|Ud`b��;�E�ZW�H�%R�6B�yZ^���x��EЯ~5����31y-l%
k��k��̔�,�DX`J�[��
-���myɈ���q{/J�(a����V~��Tej��ҁ}>g�?��v�����2.�S������n�[��i)
++�
+��n���KD<]��Q�b.Im=P!˝�xݹ$�+�p9iإ!2�%9O��Z�>w��m���5�o,ĪNX�)�	���B��`��l��n�R{�W�G�?kT�@�t!��\k�k'��K���^�sy����:���G�QyeR�� 2��9,��t�"��f<�ؿ;'kzΙl��ީr(��?͢���L�U����/ZC����Gkߴ1!��B��Xq*�{�wa~Ht��ȍ�f��7X��-"������"Ѩ��FN��u�ps��B(#!2�"CR�/
u���M�������.�r�=��HH���H,b�7�q��R�`�n���a=+b
+2Dkաn�
+Վ