rack-cloudflare_middleware 1.2.2 → 1.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d81d3ecb48c6e3fceaaad766016e093caf5caba2b0176aa7613fe480b1e865a
-  data.tar.gz: 911cdb9c16f3dd50bbbd5c9c4a0f6039db5ebbdeaf4c85294687fdbced2e6e87
+  metadata.gz: 1e072e19640e5ab0839946a07b45b2bc3c96f5c82d2d1f2eb5e4dacd45d905d5
+  data.tar.gz: c0e6c9baaf3174163785cbc0e7308a209405bec198a630f49bf117a3248f7f97
 SHA512:
-  metadata.gz: 3af4c44a7ff108468ad09081d44bf28626004070ffea1603a4e9de19c6b21917f780abd5e6f07a7ac09ab7ad85f15f5dd23eb4c18b77c180ebc21c5e5cfef752
-  data.tar.gz: 42a7a38e2c70f3722e3addb0037fd365d03a2c46f830d84e94832fec3f770bb655b0820c171cf6bd9d55c6c8fb09021082b1aedcde0a485ab31dc41eb1dcca68
+  metadata.gz: 3a459d3d80c6ed44eb6c4d932784591cf7f3661c4cc9bb5201188b9551199550a4b2b1b6fb36f2ad8def142f34b75f3864ec53c85d7b0458c1eb2375b2bb889b
+  data.tar.gz: 0d8a3bc82581206924393b028af66174ff43725e45551fbcccc6e5faffb73631e4427767303e3f514ae8ee75c4f052fd52d222c19a5c3e30fcf737011c743051

data/.github/workflows/ci.yml

@@ -19,7 +19,7 @@ jobs:
         ruby: ["3.1", "3.2", "3.3", "3.4"]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:
@@ -35,7 +35,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:
@@ -44,7 +44,7 @@ jobs:
       - name: Bundle Audit Check
         run: bundle exec bundle-audit update && bundle exec bundle-audit check
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.12"
       - name: Run pre-commit

data/.github/workflows/release.yml

@@ -5,9 +5,11 @@ on:
 jobs:
   release:
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:

data/CHANGELOG.md

@@ -1,6 +1,11 @@
-NEXT
-----
-- Drop support for Ruby <3.1
+
+v1.2.4 - 2026-02-10
+-------------------
+- Updated Faraday dependency to >= 2.14.1 to address CVE-2026-25765 (SSRF vulnerability)
+
+v1.2.3 - 2025-07-25
+-------------------
+- Libraries updates
 
 v1.2.2 - 2024-05-22
 -------------------

data/CODEOWNERS

@@ -0,0 +1,2 @@
+# Auto-tag the "Infrastructure" otherwise anyone can approve changes
+** @instrumentl/infrastructure

data/Gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "faraday", "~> 2.13"
-gem "rake", "~> 13.2"
+gem "faraday", "~> 2.14"
+gem "rake", "~> 13.3"
 
 group :development, :test do
   gem "rspec", "~> 3.13"
@@ -13,6 +13,6 @@ group :development, :test do
   gem "rack-test", "~> 2"
   gem "standard", "~> 1"
   gem "pry"
-  gem "webmock", "~> 3.25"
-  gem "bundler-audit", "~> 0.9.2"
+  gem "webmock", "~> 3.26"
+  gem "bundler-audit", "~> 0.9.3"
 end

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-cloudflare_middleware (1.2.2)
+    rack-cloudflare_middleware (1.2.4)
       faraday (>= 1.0, < 3)
       rack (>= 2, < 4)
 
@@ -11,63 +11,67 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.3)
-    bigdecimal (3.1.9)
-    bundler-audit (0.9.2)
-      bundler (>= 1.2.0, < 3)
+    bigdecimal (3.3.1)
+    bundler-audit (0.9.3)
+      bundler (>= 1.2.0)
       thor (~> 1.0)
     coderay (1.1.3)
-    crack (1.0.0)
+    crack (1.0.1)
       bigdecimal
       rexml
-    diff-lcs (1.5.1)
-    faraday (2.13.1)
+    diff-lcs (1.6.2)
+    faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
-      net-http (>= 0.5.0)
-    hashdiff (1.1.2)
-    json (2.12.0)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
+    hashdiff (1.2.1)
+    io-console (0.8.2)
+    json (2.18.1)
     language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     logger (1.7.0)
     method_source (1.1.0)
-    net-http (0.6.0)
-      uri
+    net-http (0.9.1)
+      uri (>= 0.11.1)
     parallel (1.27.0)
-    parser (3.3.8.0)
+    parser (3.3.10.0)
       ast (~> 2.4.1)
       racc
-    prism (1.4.0)
-    pry (0.15.2)
+    prism (1.6.0)
+    pry (0.16.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (6.0.1)
+      reline (>= 0.6.0)
+    public_suffix (6.0.2)
     racc (1.8.1)
-    rack (3.1.15)
+    rack (3.2.4)
     rack-test (2.2.0)
       rack (>= 1.3)
     rainbow (3.1.1)
-    rake (13.2.1)
-    regexp_parser (2.10.0)
-    rexml (3.4.1)
-    rspec (3.13.0)
+    rake (13.3.1)
+    regexp_parser (2.11.3)
+    reline (0.6.3)
+      io-console (~> 0.5)
+    rexml (3.4.4)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.2)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-its (2.0.0)
       rspec-core (>= 3.13.0)
       rspec-expectations (>= 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.1)
-    rubocop (1.75.5)
+    rspec-support (3.13.6)
+    rubocop (1.81.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -75,10 +79,10 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.44.1)
+    rubocop-ast (1.48.0)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-performance (1.25.0)
@@ -86,10 +90,10 @@ GEM
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
     ruby-progressbar (1.13.0)
-    standard (1.50.0)
+    standard (1.52.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.75.5)
+      rubocop (~> 1.81.7)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.8)
     standard-custom (1.0.2)
@@ -98,12 +102,12 @@ GEM
     standard-performance (1.8.0)
       lint_roller (~> 1.1)
       rubocop-performance (~> 1.25.0)
-    thor (1.3.2)
-    unicode-display_width (3.1.4)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
-    uri (1.0.3)
-    webmock (3.25.1)
+    thor (1.4.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
+    uri (1.1.1)
+    webmock (3.26.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -116,16 +120,16 @@ PLATFORMS
 
 DEPENDENCIES
   bundler (~> 2)
-  bundler-audit (~> 0.9.2)
-  faraday (~> 2.13)
+  bundler-audit (~> 0.9.3)
+  faraday (~> 2.14)
   pry
   rack-cloudflare_middleware!
   rack-test (~> 2)
-  rake (~> 13.2)
+  rake (~> 13.3)
   rspec (~> 3.13)
   rspec-its (~> 2.0)
   standard (~> 1)
-  webmock (~> 3.25)
+  webmock (~> 3.26)
 
 BUNDLED WITH
    2.5.23

data/lib/rack/cloudflare_middleware/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module CloudflareMiddleware
-    VERSION = "1.2.2"
+    VERSION = "1.2.4"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-cloudflare_middleware
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.2.4
 platform: ruby
 authors:
 - James Brown
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-23 00:00:00.000000000 Z
+date: 2026-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -115,12 +115,12 @@ extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
-- ".github/workflows/pull-request-updated.yml"
 - ".github/workflows/release.yml"
 - ".gitignore"
 - ".pre-commit-config.yaml"
 - ".rubocop.yml"
 - CHANGELOG.md
+- CODEOWNERS
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt

data/.github/workflows/pull-request-updated.yml

@@ -1,36 +0,0 @@
-name: Pull Request Updated
-
-on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - edited
-      - synchronize
-      - ready_for_review
-      - converted_to_draft
-
-jobs:
-  tag-for-dependabot:
-    name: Tag libero For Dependabot
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 2
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Generate a token
-        id: generate_token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ secrets.DEPENDABOT_AUTO_MERGER_APP_ID }}
-          private-key: ${{ secrets.DEPENDABOT_AUTO_MERGER_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: ${{ github.event.repository.name }}
-      - name: Auto Assign
-        run: gh pr edit "$PR_URL" --add-reviewer "$REVIEWER"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          REVIEWER: instrumentl/libero
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}