otto 2.0.0 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8539a9a6889a7976aa6ceb87ea3d7d489cb82b65e283cb57d7d731e2f2247159
-  data.tar.gz: d5c025e966063e8f1eb618c1a6aa28782db50e7f55769f322b557a0be4725d4b
+  metadata.gz: fabc1e8d6f7eef1d982b1f298fd0fe68382417aedd4b250ded28e5c7ba39a588
+  data.tar.gz: 02f4509daad92151895100c75339d82e3f8b76106dbcaa04b2db34f7b4d39976
 SHA512:
-  metadata.gz: 06dc04e8f9ada60160c87c48c32a31e34fbab8b29a0f1755fa9f7bf2878aebe7ea1491110018cfcdc2e689be8de41ec17ae2f413cc0f38ff9136c0d039104f78
-  data.tar.gz: c12c1236b295148a9f1f1b31f7fb22aeace22494703e49ec4c47421d7455f74ea0ebcb017019ebe799b5b930cd4a907d5bf6b7ed3f6e58bcac7920432d7ada90
+  metadata.gz: 2c5f1958418f70a429bfc2379f7407387ca4a1a6cdd129160ff6bf3e416f33a637c0d14049bd97ab0c7abce02ab5b11eb943aff330b5c1c0425d55c387ff3351
+  data.tar.gz: '08e5ec5c3278adeced0dd3c1cffb7452129a12ad742c381b29a29bd569be4d013a67a660ad111bfe51631672e21d96cf2c0f39c69ab595758aa0e7e1d562ed32'

data/.github/workflows/ci.yml

@@ -22,18 +22,45 @@ jobs:
   test:
     timeout-minutes: 10
     runs-on: ubuntu-24.04
-    name: "RSpec Tests (Ruby ${{ matrix.ruby }})"
+    name: "RSpec Tests (Ruby ${{ matrix.ruby }}, ${{ matrix.lockfile }})"
     continue-on-error: ${{ matrix.experimental }}
     strategy:
       fail-fast: false
       matrix:
+        # Each Ruby runs twice: once against the committed Gemfile.lock
+        # (floor of the declared version range, reproducible) and once
+        # with the lockfile removed so Bundler resolves fresh inside the
+        # gemspec's pessimistic constraints (ceiling, what a downstream
+        # user will actually hit). The unlocked cells catch upstream
+        # releases that satisfy `~> X.Y` but break Otto at load time -
+        # e.g. facets 3.2.0 shipping a self-referential
+        # `require_relative 'file/write.rb'` against a file deleted in
+        # the same release, the reason 2.0.2 exists.
         include:
           - ruby: "3.3"
             experimental: false
+            lockfile: "locked"
           - ruby: "3.4"
             experimental: false
+            lockfile: "locked"
           - ruby: "3.5"
             experimental: true
+            lockfile: "locked"
+          - ruby: "4.0"
+            experimental: true
+            lockfile: "locked"
+          - ruby: "3.3"
+            experimental: false
+            lockfile: "unlocked"
+          - ruby: "3.4"
+            experimental: false
+            lockfile: "unlocked"
+          - ruby: "3.5"
+            experimental: true
+            lockfile: "unlocked"
+          - ruby: "4.0"
+            experimental: true
+            lockfile: "unlocked"
 
     steps:
       - uses: actions/checkout@v6
@@ -42,7 +69,9 @@ jobs:
         continue-on-error: ${{ matrix.experimental }}
         with:
           ruby-version: ${{ matrix.ruby }}
-          bundler-cache: ${{ !matrix.experimental }}
+          # Bundler cache keys off Gemfile.lock, so only enable it on the
+          # locked matrix cells. Unlocked cells need a fresh resolve each run.
+          bundler-cache: ${{ !matrix.experimental && matrix.lockfile == 'locked' }}
 
       - name: Setup tmate session
         uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 # v3
@@ -52,9 +81,25 @@ jobs:
 
       - name: Install dependencies
         continue-on-error: ${{ matrix.experimental }}
+        env:
+          EXPERIMENTAL: ${{ matrix.experimental }}
+          LOCKFILE: ${{ matrix.lockfile }}
         run: |
           bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3 --with test
+          # Enable the optional :development, :test group (json_schemer,
+          # rack-attack) that specs depend on. `bundle install --with` was
+          # removed in Bundler 2.7, which ships with Ruby 4.0.
+          bundle config set --local with 'development test'
+          if [ "$EXPERIMENTAL" = "true" ]; then
+            bundle config set --local force_ruby_platform true
+          fi
+          if [ "$LOCKFILE" = "unlocked" ]; then
+            # Drop the committed lockfile so Bundler resolves fresh inside
+            # the gemspec's pessimistic constraints. This surfaces the gap
+            # between "version range we declare" and "version range we test."
+            rm -f Gemfile.lock
+          fi
+          bundle install --jobs 4 --retry 3
 
       - name: Verify setup
         run: |

data/CHANGELOG.rst

@@ -7,6 +7,34 @@ The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.1.0/>`
 
    <!--scriv-insert-here-->
 
+.. _changelog-2.0.2:
+
+2.0.2 — 2026-04-15
+==================
+
+- Load failure under facets 3.2.0. ``Otto::Security::ValidationHelpers`` no
+  longer requires ``facets/file``, whose aggregator in 3.2.0 does
+  ``require_relative 'file/write.rb'`` against a file deleted in the same
+  release. The one function Otto borrowed from facets — ``File.sanitize`` —
+  is now inlined as a private method on the helper module (with credit in
+  the source comment), and the ``facets`` runtime dependency is removed
+  from the gemspec entirely. Applications depending on facets directly are
+  unaffected.
+
+- CI now runs the RSpec suite twice for each Ruby in the matrix: once
+  against the committed ``Gemfile.lock`` and once with the lockfile removed
+  so Bundler resolves fresh inside the gemspec's pessimistic constraints.
+  The unlocked cells catch upstream releases that satisfy ``~> X.Y`` but
+  break Otto at load time.
+
+.. _changelog-2.0.1:
+
+2.0.1 — 2026-04-15
+==================
+
+- Allow running with Ruby 4
+- Update gems rack, ruby-lsp, rspec, rubocop, loofah, rack-test
+
 .. _changelog-2.0.0:
 
 2.0.0 — 2026-03-14

data/Gemfile

@@ -9,8 +9,6 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'rackup'
-
 group :test do
   gem 'rack-test'
   gem 'rspec', '~> 3.13'
@@ -28,6 +26,7 @@ end
 group :development do
   gem 'benchmark'
   gem 'debug'
+  gem 'rackup' # Used to boot examples/ apps; not needed by specs
   gem 'rubocop', '~> 1.81.7', require: false
   gem 'rubocop-performance', require: false
   gem 'rubocop-rspec', require: false

data/Gemfile.lock

@@ -1,9 +1,8 @@
 PATH
   remote: .
   specs:
-    otto (2.0.0)
+    otto (2.0.2)
       concurrent-ruby (~> 1.3, < 2.0)
-      facets (~> 3.1)
       ipaddr (~> 1, < 2.0)
       logger (~> 1, < 2.0)
       loofah (~> 2.20)
@@ -16,8 +15,8 @@ GEM
   specs:
     ast (2.4.3)
     benchmark (0.5.0)
-    bigdecimal (3.3.1)
-    concurrent-ruby (1.3.5)
+    bigdecimal (4.1.1)
+    concurrent-ruby (1.3.6)
     crass (1.0.6)
     date (3.4.1)
     debug (1.11.0)
@@ -46,23 +45,22 @@ GEM
       dry-logic (~> 1.5)
       dry-types (~> 1.8)
       zeitwerk (~> 2.6)
-    dry-types (1.8.3)
-      bigdecimal (~> 3.0)
+    dry-types (1.9.1)
+      bigdecimal (>= 3.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.0)
       dry-inflector (~> 1.0)
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
     erb (5.1.1)
-    facets (3.1.0)
     hana (1.3.7)
     io-console (0.8.1)
-    ipaddr (1.2.7)
+    ipaddr (1.2.8)
     irb (1.15.2)
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.16.0)
+    json (2.19.3)
     json_schemer (2.5.0)
       bigdecimal
       hana (~> 1.3)
@@ -71,28 +69,28 @@ GEM
     language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     logger (1.7.0)
-    loofah (2.24.1)
+    loofah (2.25.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     minitest (5.26.0)
-    nokogiri (1.18.10-aarch64-linux-gnu)
+    nokogiri (1.19.2-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.10-aarch64-linux-musl)
+    nokogiri (1.19.2-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.10-arm-linux-gnu)
+    nokogiri (1.19.2-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.10-arm-linux-musl)
+    nokogiri (1.19.2-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.10-arm64-darwin)
+    nokogiri (1.19.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-darwin)
+    nokogiri (1.19.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-linux-gnu)
+    nokogiri (1.19.2-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-linux-musl)
+    nokogiri (1.19.2-x86_64-linux-musl)
       racc (~> 1.4)
-    parallel (1.27.0)
-    parser (3.3.10.0)
+    parallel (1.28.0)
+    parser (3.3.11.1)
       ast (~> 2.4.1)
       racc
     pastel (0.8.0)
@@ -101,12 +99,12 @@ GEM
       prettyprint
     prettier_print (1.2.1)
     prettyprint (0.2.0)
-    prism (1.6.0)
+    prism (1.9.0)
     psych (5.2.6)
       date
       stringio
     racc (1.8.1)
-    rack (3.2.4)
+    rack (3.2.6)
     rack-attack (6.8.0)
       rack (>= 1.0, < 4)
     rack-parser (0.7.0)
@@ -116,8 +114,10 @@ GEM
     rackup (2.3.1)
       rack (>= 3)
     rainbow (3.1.1)
-    rbs (3.9.5)
+    rbs (4.0.2)
       logger
+      prism (>= 1.6.0)
+      tsort
     rdoc (6.15.0)
       erb
       psych (>= 4.0.0)
@@ -128,7 +128,7 @@ GEM
       parser (~> 3.3.0)
       rainbow (>= 2.0, < 4.0)
       rexml (~> 3.1)
-    regexp_parser (2.11.3)
+    regexp_parser (2.12.0)
     reline (0.6.2)
       io-console (~> 0.5)
     rexml (3.4.4)
@@ -141,10 +141,10 @@ GEM
     rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.6)
+    rspec-mocks (3.13.8)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.6)
+    rspec-support (3.13.7)
     rubocop (1.81.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
@@ -156,21 +156,21 @@ GEM
       rubocop-ast (>= 1.47.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.48.0)
+    rubocop-ast (1.49.1)
       parser (>= 3.3.7.2)
-      prism (~> 1.4)
+      prism (~> 1.7)
     rubocop-performance (1.26.1)
       lint_roller (~> 1.1)
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.47.1, < 2.0)
-    rubocop-rspec (3.8.0)
+    rubocop-rspec (3.9.0)
       lint_roller (~> 1.1)
       rubocop (~> 1.81)
     rubocop-thread_safety (0.7.3)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
       rubocop-ast (>= 1.44.0, < 2.0)
-    ruby-lsp (0.26.4)
+    ruby-lsp (0.26.9)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
       rbs (>= 3, < 5)
@@ -195,8 +195,8 @@ GEM
     tty-screen (0.8.2)
     unicode-display_width (3.2.0)
       unicode-emoji (~> 4.1)
-    unicode-emoji (4.1.0)
-    user_agent_parser (2.20.0)
+    unicode-emoji (4.2.0)
+    user_agent_parser (2.21.0)
     zeitwerk (2.7.3)
 
 PLATFORMS

data/lib/otto/helpers/validation.rb

@@ -3,12 +3,20 @@
 # frozen_string_literal: true
 
 require 'loofah'
-require 'facets/file'
 
 class Otto
   module Security
     # Validation helper methods providing input validation and sanitization
     module ValidationHelpers
+      # Replace filesystem-unsafe characters with an underscore. Borrowed
+      # verbatim from facets 3.1.0's `File.sanitize` (lib/core/facets/file/
+      # sanitize.rb, credit: George Moschovitis) and inlined here so Otto
+      # doesn't take a runtime dep on the whole facets grab-bag for one
+      # 12-line function. See commit message for 2.0.2 for context.
+      FILENAME_SANITIZE_PATTERN = /[^a-zA-Z0-9.\-+_]/
+      FILENAME_DOT_ONLY         = /^\.+$/
+      private_constant :FILENAME_SANITIZE_PATTERN, :FILENAME_DOT_ONLY
+
       def validate_input(input, max_length: 1000, allow_html: false)
         return input if input.nil?
 
@@ -42,20 +50,16 @@ class Otto
         return nil if filename.nil?
         return 'file' if filename.empty?
 
-        # Use Facets File.sanitize for basic filesystem-safe filename
-        clean_name = File.sanitize(filename.to_s)
+        clean_name = basic_filename_sanitize(filename.to_s)
 
-        # Handle edge cases and improve on Facets behavior to match test expectations
         if clean_name.nil? || clean_name.empty?
           clean_name = 'file'
         else
-          # Additional cleanup that Facets doesn't do but our tests expect
-          clean_name = clean_name.gsub(/_{2,}/, '_')        # Collapse multiple underscores
-          clean_name = clean_name.gsub(/^_+|_+$/, '')       # Remove leading/trailing underscores
-          clean_name = 'file' if clean_name.empty?          # Handle case where only underscores remain
+          clean_name = clean_name.gsub(/_{2,}/, '_')
+          clean_name = clean_name.gsub(/^_+|_+$/, '')
+          clean_name = 'file' if clean_name.empty? || clean_name.match?(FILENAME_DOT_ONLY)
         end
 
-        # Ensure reasonable length (255 is filesystem limit, leave some padding)
         clean_name = clean_name[0..99] if clean_name.length > 100
 
         clean_name
@@ -63,6 +67,17 @@ class Otto
 
       private
 
+      # Filesystem-safe basename. Port of facets 3.1.0's `File.sanitize`:
+      # strip directory components (handling backslashes for IE-uploaded
+      # paths), replace anything outside [A-Za-z0-9.\-+_] with '_', and
+      # prefix a leading '_' if the whole name is just dots ('.', '..').
+      def basic_filename_sanitize(filename)
+        name = File.basename(filename.gsub('\\', '/'))
+        name = name.gsub(FILENAME_SANITIZE_PATTERN, '_')
+        name = "_#{name}" if name.match?(FILENAME_DOT_ONLY)
+        name
+      end
+
       # Check if content looks like it contains HTML tags or entities
       def contains_html_like_content?(content)
         content.match?(/[<>&]/) || content.match?(/&\w+;/)

data/lib/otto/version.rb

@@ -3,5 +3,5 @@
 # frozen_string_literal: true
 
 class Otto
-  VERSION = '2.0.0'
+  VERSION = '2.0.2'
 end

data/otto.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/delano/otto'
   spec.require_paths = ['lib']
 
-  spec.required_ruby_version = ['>= 3.2', '< 4.0']
+  spec.required_ruby_version = ['>= 3.2', '< 4.1']
 
   spec.add_dependency 'concurrent-ruby', '~> 1.3', '< 2.0'
   spec.add_dependency 'ipaddr', '~> 1', '< 2.0'
@@ -31,7 +31,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rexml', '~> 3.4'
 
   # Security dependencies
-  spec.add_dependency 'facets', '~> 3.1'
   spec.add_dependency 'loofah', '~> 2.20'
 
   # Optional MCP dependencies

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: otto
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.2
 platform: ruby
 authors:
 - Delano Mandelbaum
@@ -117,20 +117,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.4'
-- !ruby/object:Gem::Dependency
-  name: facets
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: loofah
   requirement: !ruby/object:Gem::Requirement
@@ -337,14 +323,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '3.2'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '4.0'
+      version: '4.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Define your rack-apps in plaintext.
 test_files: []