rack-protection 3.0.5 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7fef35d427c0ff406165fdf913c53089e65f94d759aaf5610aebd5ef0c43cd30
-  data.tar.gz: 4a458e4fada2015274bde82e4209bfe4c94618227fc7a2dc8df198258c1b7404
+  metadata.gz: eeb2f23054ca1be134853965356c94ce919a74971330a244184c45b92afbc9a9
+  data.tar.gz: 510bd7c9386b0611547bd8f0cfe97ac959428a967e9095ae3f1345c29126bae1
 SHA512:
-  metadata.gz: e8b1ba3b66ae172be989c43133f111fbe416706df83735f51aa785146242bbab8e55c5b0fa4667dff165ac462db518c1209f9957ec3bf95744da1dc4881cd5c9
-  data.tar.gz: cd46380780ad4c7078a6fc31f46cfaa6dda79bcbf2b47cf6e973592d85c35d4ef1c0bff5fee0b910e29e5cb579307447eae4d4c5880f2440586ee204a9d37da8
+  metadata.gz: ec9549d7c63593ace699212d5d6df2747f0d4a7f02b33e280f6af887458b426e6c305e36e73a78ae154023205f4239e033cf849d39e43b4b149dc0de4f33b8a0
+  data.tar.gz: 32f7feb53458c5336fa91043ecfba414348a1a77e12b55a8cc7cfdbf099ec33184a6faf27ccb818bce5ffe073f83bdd77fd803dadc7ae101acbcf67c35673311

data/Gemfile

@@ -7,7 +7,7 @@ gem 'rake'
 
 rack_version = ENV['rack'].to_s
 rack_version = nil if rack_version.empty? || (rack_version == 'stable')
-rack_version = { github: 'rack/rack' } if rack_version == 'main'
+rack_version = { github: 'rack/rack' } if rack_version == 'head'
 gem 'rack', rack_version
 
 gem 'sinatra', path: '..'

data/README.md

@@ -74,6 +74,7 @@ Prevented by:
 ## Cookie Tossing
 
 Prevented by:
+
 * [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
 
 ## IP Spoofing
@@ -95,6 +96,7 @@ Prevented by:
 # Instrumentation
 
 Instrumentation is enabled by passing in an instrumenter as an option.
+
 ```
 use Rack::Protection, instrumenter: ActiveSupport::Notifications
 ```

data/lib/rack/protection/base.rb

@@ -93,7 +93,13 @@ module Rack
       end
 
       def drop_session(env)
-        session(env).clear if session? env
+        return unless session? env
+
+        session(env).clear
+
+        return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
+
+        warn env, "session dropped by #{self.class}"
       end
 
       def referrer(env)

data/lib/rack/protection/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Protection
-    VERSION = '3.0.4'
+    VERSION = '3.1.0'
   end
 end

data/rack-protection.gemspec

@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
   # general infos
   s.name        = 'rack-protection'
   s.version     = version
-  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
-  s.homepage    = 'http://sinatrarb.com/protection/'
-  s.summary     = s.description
+  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
+  s.homepage    = 'https://sinatrarb.com/protection/'
+  s.summary     = "#{s.description}."
   s.license     = 'MIT'
   s.authors     = ['https://github.com/sinatra/sinatra/graphs/contributors']
   s.email       = 'sinatrarb@googlegroups.com'
@@ -30,7 +30,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
   end
 
   s.metadata = {
-    'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
+    'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
     'homepage_uri' => 'http://sinatrarb.com/protection/',
     'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
     'rubygems_mfa_required' => 'true'
@@ -39,7 +39,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
   s.required_ruby_version = '>= 2.6.0'
 
   # dependencies
-  s.add_dependency 'rack'
+  s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
   s.add_development_dependency 'rack-test', '~> 2'
   s.add_development_dependency 'rspec', '~> 3'
 end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 3.0.5
+  version: 3.1.0
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-16 00:00:00.000000000 Z
+date: 2023-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.4
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +59,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3'
 description: Protect against typical web attacks, works with all Rack apps, including
-  Rails.
+  Rails
 email: sinatrarb@googlegroups.com
 executables: []
 extensions: []
@@ -87,11 +93,11 @@ files:
 - lib/rack/protection/xss_header.rb
 - lib/rack_protection.rb
 - rack-protection.gemspec
-homepage: http://sinatrarb.com/protection/
+homepage: https://sinatrarb.com/protection/
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
+  source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
   homepage_uri: http://sinatrarb.com/protection/
   documentation_uri: https://www.rubydoc.info/gems/rack-protection
   rubygems_mfa_required: 'true'
@@ -110,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.4.18
 signing_key:
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, including