rack-protection 3.0.6 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 990bfb3981089f50f2bc4738b8c663a87a8bfe526118a961f4e49e4e8365d062
-  data.tar.gz: 22a6b16e5cfe8f7bf06eb2def6a63f1b90a4b48889dbae274205af1b4a30eb0c
+  metadata.gz: 7640a15f8659807abd53474e7ce538a42e476e4bd99dc745f3b9b8c16161c008
+  data.tar.gz: '05468ec6c8113d3afce2df62221e4c866616999700c30ba3ef94a2705b11138b'
 SHA512:
-  metadata.gz: ed90e7d9d0b2c465f8b9aeee02b270e7990c3368c7284c33a3e7e9a3c2860d462fcbc6eba4bd9212f21d052dd0ee9a3844534f9e6273f20093f943d112aecb7e
-  data.tar.gz: 4083723bf61ef5effbb3146604f7091ff3456506ebbd44f883a7c7ffc79fc2070b24c0c9e8804ce5a4fac1521fbf445847e9de79110d368207fa11d26944ea21
+  metadata.gz: eeaff5e584a8ee3be6c80dc92c67fcc95bdbb97b084509ed90ca9ad524598fba63690cfa372586edd27940cd609fa44210637e9c95fbf1191e1a5cc297f222ac
+  data.tar.gz: 26e2160d65b6015c7aaa52266b7241d15f645eb259d1371b864b3e2b6a3b1fbef841e62304bc8e39a83fab1a52ddb0c3455a51385a9a451c833cbed91b75d00a

data/Gemfile

@@ -4,14 +4,13 @@ source 'https://rubygems.org'
 # encoding: utf-8
 
 gem 'rake'
+gem 'rspec', '~> 3'
 
 rack_version = ENV['rack'].to_s
 rack_version = nil if rack_version.empty? || (rack_version == 'stable')
 rack_version = { github: 'rack/rack' } if rack_version == 'head'
 gem 'rack', rack_version
 
-gem 'sinatra', path: '..'
-
 gemspec
 
-gem 'rack-test', github: 'rack/rack-test'
+gem 'rack-test'

data/README.md

@@ -74,6 +74,7 @@ Prevented by:
 ## Cookie Tossing
 
 Prevented by:
+
 * [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
 
 ## IP Spoofing
@@ -95,6 +96,7 @@ Prevented by:
 # Instrumentation
 
 Instrumentation is enabled by passing in an instrumenter as an option.
+
 ```
 use Rack::Protection, instrumenter: ActiveSupport::Notifications
 ```

data/lib/rack/protection/base.rb

@@ -93,7 +93,13 @@ module Rack
       end
 
       def drop_session(env)
-        session(env).clear if session? env
+        return unless session? env
+
+        session(env).clear
+
+        return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
+
+        warn env, "session dropped by #{self.class}"
       end
 
       def referrer(env)

data/lib/rack/protection/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Protection
-    VERSION = '3.0.6'
+    VERSION = '3.2.0'
   end
 end

data/rack-protection.gemspec

@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
   # general infos
   s.name        = 'rack-protection'
   s.version     = version
-  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
+  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
   s.homepage    = 'https://sinatrarb.com/protection/'
-  s.summary     = s.description
+  s.summary     = "#{s.description}."
   s.license     = 'MIT'
   s.authors     = ['https://github.com/sinatra/sinatra/graphs/contributors']
   s.email       = 'sinatrarb@googlegroups.com'
@@ -39,7 +39,6 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
   s.required_ruby_version = '>= 2.6.0'
 
   # dependencies
-  s.add_dependency 'rack'
-  s.add_development_dependency 'rack-test', '~> 2'
-  s.add_development_dependency 'rspec', '~> 3'
+  s.add_dependency 'base64', '>= 0.1.0'
+  s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
 end

metadata

@@ -1,59 +1,51 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 3.0.6
+  version: 3.2.0
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-11 00:00:00.000000000 Z
+date: 2023-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: base64
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: '2.2'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3'
-  type: :development
+        version: 2.2.4
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.4
 description: Protect against typical web attacks, works with all Rack apps, including
-  Rails.
+  Rails
 email: sinatrarb@googlegroups.com
 executables: []
 extensions: []
@@ -95,7 +87,7 @@ metadata:
   homepage_uri: http://sinatrarb.com/protection/
   documentation_uri: https://www.rubydoc.info/gems/rack-protection
   rubygems_mfa_required: 'true'
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -110,8 +102,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.5.3
+signing_key: 
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, including
   Rails.