sidekiq 8.0.2 → 8.1.0

data/web/views/{scheduled_job_info.erb → scheduled_job_info.html.erb}

@@ -3,6 +3,6 @@
 <form action="<%= root_path %>scheduled/<%= job_params(@job, @job.score) %>" method="post">
   <%= csrf_tag %>
   <a class="btn btn-default" href="<%= root_path %>scheduled"><%= t('GoBack') %></a>
-  <input class="btn btn-primary" type="submit" name="add_to_queue" value="<%= t('AddToQueue') %>" />
-  <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />
+  <input class="btn btn-primary" type="submit" name="add_to_queue" value="<%= t('AddToQueue') %>">
+  <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>">
 </form>

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: sidekiq
 version: !ruby/object:Gem::Version
-  version: 8.0.2
+  version: 8.1.0
 platform: ruby
 authors:
 - Mike Perham
 bindir: bin
 cert_chain: []
-date: 2025-04-01 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis-client
@@ -15,70 +15,70 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.23.2
+        version: 0.26.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.23.2
+        version: 0.26.0
 - !ruby/object:Gem::Dependency
   name: connection_pool
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.9.0
+        version: 2.16.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.9.0
+        version: 2.16.0
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.7.0
 description: Simple, efficient background processing for Ruby.
 email:
 - info@contribsys.com
@@ -91,6 +91,7 @@ files:
 - Changes.md
 - LICENSE.txt
 - README.md
+- bin/lint-herb
 - bin/multi_queue_bench
 - bin/sidekiq
 - bin/sidekiqload
@@ -122,6 +123,7 @@ files:
 - lib/sidekiq/job_retry.rb
 - lib/sidekiq/job_util.rb
 - lib/sidekiq/launcher.rb
+- lib/sidekiq/loader.rb
 - lib/sidekiq/logger.rb
 - lib/sidekiq/manager.rb
 - lib/sidekiq/metrics/query.rb
@@ -150,7 +152,6 @@ files:
 - lib/sidekiq/web/action.rb
 - lib/sidekiq/web/application.rb
 - lib/sidekiq/web/config.rb
-- lib/sidekiq/web/csrf_protection.rb
 - lib/sidekiq/web/helpers.rb
 - lib/sidekiq/web/router.rb
 - lib/sidekiq/worker_compatibility_alias.rb
@@ -198,28 +199,28 @@ files:
 - web/locales/vi.yml
 - web/locales/zh-CN.yml
 - web/locales/zh-TW.yml
-- web/views/_footer.erb
-- web/views/_job_info.erb
-- web/views/_metrics_period_select.erb
-- web/views/_nav.erb
-- web/views/_paging.erb
-- web/views/_poll_link.erb
-- web/views/_summary.erb
-- web/views/busy.erb
-- web/views/dashboard.erb
-- web/views/dead.erb
-- web/views/filtering.erb
-- web/views/layout.erb
-- web/views/metrics.erb
-- web/views/metrics_for_job.erb
-- web/views/morgue.erb
-- web/views/profiles.erb
-- web/views/queue.erb
-- web/views/queues.erb
-- web/views/retries.erb
-- web/views/retry.erb
-- web/views/scheduled.erb
-- web/views/scheduled_job_info.erb
+- web/views/_footer.html.erb
+- web/views/_job_info.html.erb
+- web/views/_metrics_period_select.html.erb
+- web/views/_nav.html.erb
+- web/views/_paging.html.erb
+- web/views/_poll_link.html.erb
+- web/views/_summary.html.erb
+- web/views/busy.html.erb
+- web/views/dashboard.html.erb
+- web/views/dead.html.erb
+- web/views/filtering.html.erb
+- web/views/layout.html.erb
+- web/views/metrics.html.erb
+- web/views/metrics_for_job.html.erb
+- web/views/morgue.html.erb
+- web/views/profiles.html.erb
+- web/views/queue.html.erb
+- web/views/queues.html.erb
+- web/views/retries.html.erb
+- web/views/retry.html.erb
+- web/views/scheduled.html.erb
+- web/views/scheduled_job_info.html.erb
 homepage: https://sidekiq.org
 licenses:
 - LGPL-3.0
@@ -244,7 +245,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Simple, efficient background processing for Ruby
 test_files: []

data/lib/sidekiq/web/csrf_protection.rb

@@ -1,183 +0,0 @@
-# frozen_string_literal: true
-
-# this file originally based on authenticity_token.rb from the sinatra/rack-protection project
-#
-# The MIT License (MIT)
-#
-# Copyright (c) 2011-2017 Konstantin Haase
-# Copyright (c) 2015-2017 Zachary Scott
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# 'Software'), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-require "securerandom"
-require "rack/request"
-
-module Sidekiq
-  class Web
-    class CsrfProtection
-      def initialize(app, options = nil)
-        @app = app
-      end
-
-      def call(env)
-        accept?(env) ? admit(env) : deny(env)
-      end
-
-      private
-
-      def admit(env)
-        # On each successful request, we create a fresh masked token
-        # which will be used in any forms rendered for this request.
-        s = session(env)
-        s[:csrf] ||= SecureRandom.base64(TOKEN_LENGTH)
-        env[:csrf_token] = mask_token(s[:csrf])
-        @app.call(env)
-      end
-
-      def safe?(env)
-        %w[GET HEAD OPTIONS TRACE].include? env["REQUEST_METHOD"]
-      end
-
-      def logger(env)
-        @logger ||= env["rack.logger"] || ::Logger.new(env["rack.errors"])
-      end
-
-      def deny(env)
-        logger(env).warn "attack prevented by #{self.class}"
-        [403, {Rack::CONTENT_TYPE => "text/plain"}, ["Forbidden"]]
-      end
-
-      def session(env)
-        env["rack.session"] || fail(<<~EOM)
-          Sidekiq::Web needs a valid Rack session for CSRF protection. If this is a Rails app,
-          make sure you mount Sidekiq::Web *inside* your application routes:
-
-
-          Rails.application.routes.draw do
-            mount Sidekiq::Web => "/sidekiq"
-            ....
-          end
-
-
-          If this is a Rails app in API mode, you need to enable sessions.
-
-            https://guides.rubyonrails.org/api_app.html#using-session-middlewares
-
-          If this is a bare Rack app, use a session middleware before Sidekiq::Web:
-
-            # first, use IRB to create a shared secret key for sessions and commit it
-            require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
-
-            # now use the secret with a session cookie middleware
-            use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
-            run Sidekiq::Web
-
-        EOM
-      end
-
-      def accept?(env)
-        return true if safe?(env)
-
-        giventoken = ::Rack::Request.new(env).params["authenticity_token"]
-        valid_token?(env, giventoken)
-      end
-
-      TOKEN_LENGTH = 32
-
-      # Checks that the token given to us as a parameter matches
-      # the token stored in the session.
-      def valid_token?(env, giventoken)
-        return false if giventoken.nil? || giventoken.empty?
-
-        begin
-          token = decode_token(giventoken)
-        rescue ArgumentError # client input is invalid
-          return false
-        end
-
-        sess = session(env)
-        localtoken = sess[:csrf]
-
-        # Checks that Rack::Session::Cookie actually contains the csrf token
-        return false if localtoken.nil?
-
-        # Rotate the session token after every use
-        sess[:csrf] = SecureRandom.base64(TOKEN_LENGTH)
-
-        # See if it's actually a masked token or not. We should be able
-        # to handle any unmasked tokens that we've issued without error.
-
-        if unmasked_token?(token)
-          compare_with_real_token token, localtoken
-        elsif masked_token?(token)
-          unmasked = unmask_token(token)
-          compare_with_real_token unmasked, localtoken
-        else
-          false # Token is malformed
-        end
-      end
-
-      # Creates a masked version of the authenticity token that varies
-      # on each request. The masking is used to mitigate SSL attacks
-      # like BREACH.
-      def mask_token(token)
-        token = decode_token(token)
-        one_time_pad = SecureRandom.random_bytes(token.length)
-        encrypted_token = xor_byte_strings(one_time_pad, token)
-        masked_token = one_time_pad + encrypted_token
-        encode_token(masked_token)
-      end
-
-      # Essentially the inverse of +mask_token+.
-      def unmask_token(masked_token)
-        # Split the token into the one-time pad and the encrypted
-        # value and decrypt it
-        token_length = masked_token.length / 2
-        one_time_pad = masked_token[0...token_length]
-        encrypted_token = masked_token[token_length..]
-        xor_byte_strings(one_time_pad, encrypted_token)
-      end
-
-      def unmasked_token?(token)
-        token.length == TOKEN_LENGTH
-      end
-
-      def masked_token?(token)
-        token.length == TOKEN_LENGTH * 2
-      end
-
-      def compare_with_real_token(token, local)
-        ::Rack::Utils.secure_compare(token.to_s, decode_token(local).to_s)
-      end
-
-      def encode_token(token)
-        [token].pack("m0").tr("+/", "-_")
-      end
-
-      def decode_token(token)
-        token.tr("-_", "+/").unpack1("m0")
-      end
-
-      def xor_byte_strings(s1, s2)
-        s1.bytes.zip(s2.bytes).map { |(c1, c2)| c1 ^ c2 }.pack("c*")
-      end
-    end
-  end
-end

data/web/views/_poll_link.erb

@@ -1,4 +0,0 @@
-<% if pollable? %>
-    <a class="btn live-poll live-poll-start btn-primary"><%= t('LivePoll') %></a>
-    <a class="btn live-poll live-poll-stop btn-danger"><%= t('StopPolling') %></a>
-<% end %>

data/web/views/filtering.erb

@@ -1,6 +0,0 @@
-<div class="filter">
-  <form role="search" method="get" class="form-inline" action='<%= root_path %><%= which %>'>
-    <label for="substr"><%= t('Filter') %></label>
-    <input class="form-control" type="search" name="substr" value="<%= h url_params("substr") %>" placeholder="<%= t('AnyJobContent') %>"/>
-  </form>
-</div>