oauth2 2.0.23 → 2.0.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01151dc8f48c49a5a925098de896b74bca26c0791d4667f9f87edd6329a5c8ab
-  data.tar.gz: d49ddb0357387cf39b3cd961e4c4747328f8b8495081efc9f65389bb7187cc79
+  metadata.gz: 6a0de4e6399834238562b52bb7e5c00550453118dfd111cb4bdc58de0e9e6657
+  data.tar.gz: d61082265dbbd08a4554d475fd7b9980f2beeae912e218191911db5dc12e55d5
 SHA512:
-  metadata.gz: 45cab4b58795551fd1e0b827b5ee8e155ae741a5af983f1f777926cac677eeeea89f9220d1fd478e2529632e01d27291da0c37e6ef6c7e88771dc8f4a1affefd
-  data.tar.gz: 981305491fe56a81552efcc9d9719313e159f8d4f2251fe3a0753637c0958509fdb99bdbc46f2202b7b938f1bb7e6b827bb08213eb467d0fb2e8704435e0c647
+  metadata.gz: 9a8cfb81304f9337ea276cbda2741e9d808885b0b301e55dfb9f76fa0f835f636c97e9ab29a896cc4b17e3801c3b9eacca33b520f77d94fe1b67eb9f39c23751
+  data.tar.gz: 93a8e651d24279a9f13b7bc267a19210830d9ed5fb33c79dcb820d998de55b89c4b6a241667945466f7782a11fcf3b3bae00156a697f02505e5a7ac0f3ddeec4

data/CHANGELOG.md

@@ -30,6 +30,26 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [2.0.24] - 2026-06-18
+
+- TAG: [v2.0.24][2.0.24t]
+- COVERAGE: 100.00% -- 558/558 lines in 15 files
+- BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
+- 88.35% documented
+
+### Changed
+
+- Raised the `anonymous_loader` runtime dependency floor to `>= 0.1.1`.
+- Raised the `auth-sanitizer` runtime dependency floor to `>= 0.2.2` and
+  switched isolated sanitizer loading to the released `anonymous_loader` gem,
+  including local workspace wiring for the new runtime dependency.
+
+### Fixed
+
+- Fixed isolated `auth-sanitizer` loading when Bundler standalone setup makes
+  `auth_sanitizer/loader.rb` available on `$LOAD_PATH` without adding
+  `auth-sanitizer` to `Gem.loaded_specs` or `GEM_PATH`.
+
 ## [2.0.23] - 2026-06-13
 
 - TAG: [v2.0.23][2.0.23t]
@@ -90,7 +110,9 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Changed
 
 - Raised generated `version_gem` dependency floor to `version_gem` >= 1.1.10 - by @pboling
-- Raised the runtime dependency floor for `auth-sanitizer` to `>= 0.2.1` - by @pboling
+- Raised the runtime dependency floor for `auth-sanitizer` to `>= 0.2.1` so
+  OAuth2 consumers get hash and nested-attribute inspect redaction fixes plus
+  downstream RBS duplicate-declaration fixes - by @pboling
 - Refreshed generated package metadata, support documentation, CI workflows,
   and development dependency floors from the current kettle-jem template - by @pboling
 - Documented the current per-version Ruby, JRuby, and TruffleRuby CI matrix in
@@ -886,7 +908,9 @@ Please file a bug if you notice a violation of semantic versioning.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.23...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.24...HEAD
+[2.0.24]: https://github.com/ruby-oauth/oauth2/compare/v2.0.23...v2.0.24
+[2.0.24t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.24
 [2.0.23]: https://github.com/ruby-oauth/oauth2/compare/v2.0.22...v2.0.23
 [2.0.23t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.23
 [2.0.22]: https://github.com/ruby-oauth/oauth2/compare/v2.0.21...v2.0.22

data/CONTRIBUTING.md

@@ -109,14 +109,14 @@ Git diff driver setup
 - Git hosting forges generally ignore external diff drivers, so pull request views may still show raw textual diffs even when local `git diff` uses semantic drivers.
 
 ```console
-K_JEM_TEMPLATING=true bundle exec kettle-jem install
+K_JEM_TEMPLATING=true kettle-jem install
 ```
 
 Troubleshooting Git diffs
 - Use `git diff --no-ext-diff` to compare against Git's built-in diff output.
 - Use `git diff --no-textconv` when a textconv projection obscures the raw file bytes you need to inspect.
 - If Git reports a missing `smorg-*` executable, rerun `bundle install` and the setup command above, then check `git config --local --get-regexp '^diff\.smorg-'`.
-- To remove managed local entries, run `K_JEM_TEMPLATING=true bundle exec kettle-jem install --undo`; remove global command registrations with `git config --global --unset-all diff.smorg-ruby.command`.
+- To remove managed local entries, run `K_JEM_TEMPLATING=true kettle-jem install --undo`; remove global command registrations with `git config --global --unset-all diff.smorg-ruby.command`.
 
 For a quick starting point, this repository’s `mise.toml` defines the shared defaults, and `.env.local` can override them locally. Copy `.env.local.example` to `.env.local`, use `KEY=value` lines, and either activate `mise` in your shell or run commands through `mise exec -C /path/to/project -- ...`.
 

data/README.md

@@ -171,9 +171,22 @@ This test floor is configured by `ruby.test_minimum` in `.kettle-jem.yml` and
 may be higher than the gem's runtime compatibility floor when legacy Rubies are
 not practical for the current toolchain.
 
-| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚 |
-|------------------------------------------------|--------------------------------------------------------|
-| 👟 Check it out! | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
+| 🚚 _Amazing_ test matrix was brought to you by | The Kettle dev/test stack |
+|------------------------------------------------|---------------------------|
+
+<details>
+<summary>How We Manage Complexity In Tests</summary>
+
+| Gem | Source | Role | Daily download rank |
+|-----|--------|------|---------------------|
+| [appraisal2](https://bestgems.org/gems/appraisal2) | [GitHub](https://github.com/appraisal-rb/appraisal2) | multi-dependency Appraisal matrix generation | [![Daily download rank for appraisal2](https://img.shields.io/gem/rd/appraisal2.svg?style=flat-square)](https://bestgems.org/gems/appraisal2) |
+| [appraisal2-rubocop](https://bestgems.org/gems/appraisal2-rubocop) | [GitHub](https://github.com/appraisal-rb/appraisal2-rubocop) | RuboCop Appraisal generator integration | [![Daily download rank for appraisal2-rubocop](https://img.shields.io/gem/rd/appraisal2-rubocop.svg?style=flat-square)](https://bestgems.org/gems/appraisal2-rubocop) |
+| [turbo_tests2](https://bestgems.org/gems/turbo_tests2) | [GitHub](https://github.com/galtzo-floss/turbo_tests2) | parallel test execution | [![Daily download rank for turbo_tests2](https://img.shields.io/gem/rd/turbo_tests2.svg?style=flat-square)](https://bestgems.org/gems/turbo_tests2) |
+| [kettle-test](https://bestgems.org/gems/kettle-test) | [GitHub](https://github.com/kettle-dev/kettle-test) | standard test runner and coverage harness | [![Daily download rank for kettle-test](https://img.shields.io/gem/rd/kettle-test.svg?style=flat-square)](https://bestgems.org/gems/kettle-test) |
+| [kettle-soup-cover](https://bestgems.org/gems/kettle-soup-cover) | [GitHub](https://github.com/kettle-dev/kettle-soup-cover) | SimpleCov coverage policy and reporting | [![Daily download rank for kettle-soup-cover](https://img.shields.io/gem/rd/kettle-soup-cover.svg?style=flat-square)](https://bestgems.org/gems/kettle-soup-cover) |
+| [rubocop-lts](https://bestgems.org/gems/rubocop-lts) | [GitHub](https://github.com/rubocop-lts/rubocop-lts) | Ruby-version-aware linting | [![Daily download rank for rubocop-lts](https://img.shields.io/gem/rd/rubocop-lts.svg?style=flat-square)](https://bestgems.org/gems/rubocop-lts) |
+
+</details>
 
 ### Federated DVCS
 
@@ -660,9 +673,13 @@ NOTE: [kettle-readme-backers][kettle-readme-backers] updates this list every day
 
 <!-- OPENCOLLECTIVE-ORGANIZATIONS:START -->
 No sponsors yet. Be the first!
+
+### Open Collective for Donors
+
+[Bill Woika](https://opencollective.com/bill-woika) [Philipp Ebneter](https://opencollective.com/guest-e77282f7) [Grigoriy](https://opencollective.com/guest-c93e0c48)
 <!-- OPENCOLLECTIVE-ORGANIZATIONS:END -->
 
-[kettle-readme-backers]: https://github.com/ruby-oauth/oauth2/blob/main/exe/kettle-readme-backers
+[kettle-readme-backers]: https://github.com/ruby-oauth/oauth2/blob/main/bin/kettle-readme-backers
 
 ### Another way to support open-source
 
@@ -1087,7 +1104,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]: https://gitmoji.dev
 [📌gitmoji-img]: https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.562-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.558-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: https://github.com/ruby-oauth/oauth2/blob/main/SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
@@ -1115,7 +1132,7 @@ Thanks for RTFM. ☺️
 | Package | oauth2 |
 | Description | 🔐 A Ruby wrapper for the OAuth 2.0 Authorization Framework, including the OAuth 2.1 draft spec, and OpenID Connect (OIDC) |
 | Homepage | https://github.com/ruby-oauth/oauth2 |
-| Source | https://github.com/ruby-oauth/oauth2/tree/v2.0.23 |
+| Source | https://github.com/ruby-oauth/oauth2 |
 | License | `MIT` |
 | Funding | https://github.com/sponsors/pboling, https://issuehunt.io/u/pboling, https://ko-fi.com/pboling, https://liberapay.com/pboling/donate, https://opencollective.com/ruby-oauth, https://patreon.com/galtzo, https://polar.sh/pboling, https://thanks.dev/u/gh/pboling, https://tidelift.com/funding/github/rubygems/oauth2, https://www.buymeacoffee.com/pboling |
 <!-- kettle-jem:metadata:end -->

data/lib/oauth2/auth_sanitizer.rb

@@ -1,31 +1,15 @@
 # frozen_string_literal: true
 
+require "anonymous_loader"
+
 module OAuth2
   AUTH_SANITIZER = begin
-    auth_sanitizer_requirement = Gem::Requirement.new("~> 0.2", ">= 0.2.1")
-    auth_sanitizer_spec = Gem.loaded_specs["auth-sanitizer"]
-    unless auth_sanitizer_spec && auth_sanitizer_requirement.satisfied_by?(auth_sanitizer_spec.version)
-      # :nocov:
-      auth_sanitizer_spec = Gem::Specification.find_by_name("auth-sanitizer", auth_sanitizer_requirement)
-      # :nocov:
-    end
-
-    auth_sanitizer_loader_path = File.join(
-      auth_sanitizer_spec.full_gem_path,
-      "lib/auth_sanitizer/loader.rb"
-    )
-    unless File.file?(auth_sanitizer_loader_path)
-      # :nocov:
-      raise LoadError, "oauth2 requires auth-sanitizer #{auth_sanitizer_requirement}; " \
-        "loader not found at #{auth_sanitizer_loader_path}"
-      # :nocov:
-    end
-
-    auth_sanitizer_loader_namespace = Module.new
-    auth_sanitizer_loader_namespace.module_eval(
-      File.read(auth_sanitizer_loader_path),
-      auth_sanitizer_loader_path,
-      1
+    auth_sanitizer_requirement = Gem::Requirement.new("~> 0.2", ">= 0.2.2")
+    auth_sanitizer_loader_namespace = AnonymousLoader.load_path(
+      gem_name: "auth-sanitizer",
+      require_path: "auth_sanitizer/loader.rb",
+      version_requirement: auth_sanitizer_requirement,
+      version_file: "auth/sanitizer/version.rb"
     )
 
     auth_sanitizer_loader_namespace.

data/lib/oauth2/version.rb

@@ -2,7 +2,7 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.23"
+    VERSION = "2.0.24"
   end
   VERSION = Version::VERSION # Traditional Constant Location
 end

metadata

@@ -1,10 +1,105 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.23
+  version: 2.0.24
 platform: ruby
 authors:
+- Erik Michaels-Ober
+- Jeremy Kemper
+- Michael Bleigh
+- Paul Walker
+- rick
+- Tim Habermaas
+- Wynn Netherland
+- Alexander Lang
+- Greg Spurrier
+- Jay Adkisson
+- Luke Saunders
+- Simon Gate
+- Bas Vodde
+- Damian Janowski
+- Daniël van de Burgt
+- Dorren Chen
+- Igor Sales
+- Leigh Caplan
+- Michael Andrews
+- Omer Rauchwerger
+- Saverio Trioni
+- Trent Ogren
+- Vsevolod Romashov
+- Antonio Tapiador del Dujo
+- Eduardo Gurgel
+- Geostellar Developer
+- Niels Ganser
+- Rainux Luo
+- Taylor Hedberg
+- Tim Clem
+- Dave Stevens
+- Ellis Berner
+- Frank Macreery
+- Olivier Lacan
+- Peter Souter
+- Ryan Williams
+- Andrew Cantino and Jeff Moore
+- Thomas Walpole
+- Bo Jeanes
+- Cody Cutrer
+- Edward Rudd
+- Lawrence Oluyede
+- Linus Pettersson
+- Motoshi Nishihira
+- Adrian Setyadi
+- Benjamin Quorning
+- Christoph Petschnig
+- Nathaniel Bibler
+- Oleg
+- Samuel Cochran
+- tetsuya
+- Yury Velikanau
+- Alex Kowalczuk
+- asm__
+- David Christensen
+- fossabot
+- Jeff Moore
+- Jonathan del Strother
+- Joseph Page
+- Lomey
+- Markus Bengts
+- Mathias Klippinge
+- nikz
 - Peter H. Boling
+- Daniel Fockler
+- Elliot Crosby-McCullough
+- João Paulo
+- Orien Madgwick
+- Ryan T. Hosford
+- Tom Corley
+- anvox
+- Jesse Cotton
+- Olle Jonsson
+- Stephen Reid
+- Anders Carling
+- dobon
+- Jan Zaydowicz
+- Nicholas Palaniuk
+- Stan Hu
+- Bouke van der Bijl
+- nov
+- Rick Selby
+- Ryo Takahashi
+- Jessie Young
+- Карим Гимадеев
+- Aboling0
+- Elise Wood
+- Manuel van Rijn
+- Annibelle Boling
+- Mark James
+- Mridang Agarwalla
+- Sasa Rosic
+- Jonathan Grinstead
+- kain
+- Rob Zolkos
+- StepSecurity Bot
 bindir: exe
 cert_chain:
 - |
@@ -37,6 +132,26 @@ cert_chain:
   -----END CERTIFICATE-----
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: anonymous_loader
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: auth-sanitizer
   requirement: !ruby/object:Gem::Requirement
@@ -46,7 +161,7 @@ dependencies:
         version: '0.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -56,7 +171,7 @@ dependencies:
         version: '0.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -174,7 +289,7 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.11
+        version: 1.1.12
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -184,7 +299,7 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.11
+        version: 1.1.12
 - !ruby/object:Gem::Dependency
   name: kettle-dev
   requirement: !ruby/object:Gem::Requirement
@@ -194,7 +309,7 @@ dependencies:
         version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.5
+        version: 2.2.12
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -204,7 +319,7 @@ dependencies:
         version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.5
+        version: 2.2.12
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -302,7 +417,7 @@ dependencies:
         version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.2
+        version: 3.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -312,7 +427,7 @@ dependencies:
         version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.2
+        version: 3.1.4
 - !ruby/object:Gem::Dependency
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
@@ -356,7 +471,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 2.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -366,7 +481,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -499,10 +614,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://oauth2.galtzo.com
-  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.23
-  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.23/CHANGELOG.md
+  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.24
+  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.24/CHANGELOG.md
   bug_tracker_uri: https://github.com/ruby-oauth/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.23
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.24
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/ruby-oauth/oauth2/wiki
   news_uri: https://www.railsbling.com/tags/oauth2