publify_core 9.2.0 → 9.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb57d1375c033230f8cec37e0e58653b4967849c8bdd77b3e3be4220d68b3f61
-  data.tar.gz: 0de5c4e1aa08f9245ab303bdef6b0af33ce98668c08fcc605b20a70594f167e9
+  metadata.gz: 1a656e67eabdbc775b90db037ea087c2bc27b179f7d2078ce24eee88d24db874
+  data.tar.gz: b241a29fbb8b5a942acac80e5a774271f31298d0d5add64b77134988902daf3b
 SHA512:
-  metadata.gz: eca4e6639db8c4ef3eaca0d063a528dadddad09bc98fc8810d7ba55ba6b6654884d1910f57a9a54f2ed9d20151e32ef0130a9a1ee477baa4e42f3c6f7ac00f38
-  data.tar.gz: 7991fb7c7fd31a3bb2aae1843928cd504fbfd4289010f7a12f8bf671f4a63b890dfa4802b55d71d794902f870fb960562b86e0dbaa9c96225849cf15c86d277d
+  metadata.gz: f201fcc55b9caa48cee99651b6820aeecbf8d5fc655ce475da6d4b42d9e1741222d2611428bf98f5952e8a0df21d47ecba1733dd864eea9851fda3f996d7ec85
+  data.tar.gz: 749dea0ae5d68830f3de9a49ae216465be1d9542656fb9980896e029e74089aa9335559214ce05eb8f8646e17bc609fe2f626e0b599ae081278649b16bc915b3

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 9.2.4 / 2021-10-02
+
+* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
+* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
+
+## 9.2.3 / 2021-05-22
+
+* Bump Rails dependency to 5.2.6
+* Replace mimemagic with marcel
+
+## 9.2.2 / 2021-03-21
+
+* No changes
+
+## 9.2.1 / 2021-03-20
+
+* No changes
+
 ## 9.2.0 / 2021-01-17
 
 * Upgrade to Rails 5.2 (mvz)

data/app/models/article.rb

@@ -225,10 +225,6 @@ class Article < Content
       published_at.to_i > blog.sp_article_auto_close.days.ago.to_i
   end
 
-  def content_fields
-    [:body, :extended]
-  end
-
   # The web interface no longer distinguishes between separate "body" and
   # "extended" fields, and instead edits everything in a single edit field,
   # separating the extended content using "\<!--more-->".

data/app/models/comment.rb

@@ -50,8 +50,4 @@ class Comment < Feedback
   def originator
     author
   end
-
-  def content_fields
-    [:body]
-  end
 end

data/app/models/content_base.rb

@@ -26,7 +26,7 @@ module ContentBase
     elsif html_map(field)
       generate_html(field)
     else
-      raise "Unknown field: #{field.inspect} in content.html"
+      raise ArgumentError, "Field #{field.inspect} is not valid for #{self.class}"
     end
   end
 

data/app/uploaders/resource_uploader.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "mimemagic"
+require "marcel"
 
 class ResourceUploader < CarrierWave::Uploader::Base
   include CarrierWave::MiniMagick
@@ -50,14 +50,9 @@ class ResourceUploader < CarrierWave::Uploader::Base
     content_type = nil
 
     File.open(new_file.path) do |fd|
-      content_type = MimeMagic.by_magic(fd).try(:type)
+      content_type = Marcel::MimeType.for(fd)
     end
 
     content_type
   end
-
-  # NOTE: This method was copied from MagicMimeBlacklist from CarrierWave 1.0.0.
-  def filemagic
-    @filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
-  end
 end

data/lib/publify_core/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PublifyCore
-  VERSION = "9.2.0"
+  VERSION = "9.2.4"
 end

data/lib/spam_protection.rb

@@ -82,16 +82,14 @@ class SpamProtection
   def query_rbls(rbls, *subdomains)
     rbls.each do |rbl|
       subdomains.uniq.each do |d|
-        begin
-          response = IPSocket.getaddress([d, rbl].join("."))
-          if response.start_with?("127.0.0.")
-            throw :hit,
-                  "#{rbl} positively resolved subdomain #{d} => #{response}"
-          end
-        rescue SocketError
-          # NXDOMAIN response => negative:  d is not in RBL
-          next
+        response = IPSocket.getaddress([d, rbl].join("."))
+        if response.start_with?("127.0.0.")
+          throw :hit,
+                "#{rbl} positively resolved subdomain #{d} => #{response}"
         end
+      rescue SocketError
+        # NXDOMAIN response => negative:  d is not in RBL
+        next
       end
     end
     false

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: publify_core
 version: !ruby/object:Gem::Version
-  version: 9.2.0
+  version: 9.2.4
 platform: ruby
 authors:
 - Matijs van Zuijlen
 - Yannick François
 - Thomas Lecavellier
 - Frédéric de Villamil
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-17 00:00:00.000000000 Z
+date: 2021-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aasm
@@ -202,39 +202,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.2.1
 - !ruby/object:Gem::Dependency
-  name: mimemagic
+  name: mini_magick
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.2
+        version: '4.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.9.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.2
+        version: '4.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.9.4
 - !ruby/object:Gem::Dependency
-  name: mini_magick
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.4
+        version: 1.12.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.4
+        version: 1.12.5
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -255,20 +255,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.2.4
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 5.2.4.3
+        version: 5.2.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.2.4
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 5.2.4.3
+        version: 5.2.6
 - !ruby/object:Gem::Dependency
   name: rails_autolink
   requirement: !ruby/object:Gem::Requirement
@@ -1004,7 +998,7 @@ homepage: https://publify.github.io/
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -1012,15 +1006,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Core engine for the Publify blogging system.
 test_files: []