sorcery-argon2 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 66cf6c091bc62b52c3d116f74eaad64fa58f68bf653a594e94de25b1059c90f7
4
- data.tar.gz: bb6d2f484aa5637d43db502cb6d7052ef638f053a7ffcb1668c7ec5b635d93dc
3
+ metadata.gz: 0e4215adcc0a57d9fcc8071040414837e73050e632408e6abc5ee21dd3a23730
4
+ data.tar.gz: 94f1747cfcde31199ccd8eca3a6b4a8224e6f60b7f20e7480ef30f572a1822fe
5
5
  SHA512:
6
- metadata.gz: f21655796b2a974eb938da13f3494f0f1eec7bf309471cf38e4e4f26c6df9ff62a33b6fa0c1e6452e62c624301919d8764e17fd26cf5cbc655d2e9775cc50af6
7
- data.tar.gz: 66904eb1885506237db41426bddc91b98005bc8673a88bcfb061e7e77f9c46313bbd8400e77e78529511bfcfe5f488ab837c0db8e0dbd3d301241aab8e79fe4a
6
+ metadata.gz: b6dfb414d7f24c4b710184c8bdcf35490d9ed29decde5090575421fddb88813dc62beac0755a5b2f5f0528e33e82600f7908812e87f8e2e36f9030e365ec5a21
7
+ data.tar.gz: 985ba0f248274fd28acb7b0e9d62029b8b93eaaf755561e36d358ff0bdb6fe9dfa4e1cbcbbfc6e165b1ac4a90704377d2e94190f525e7cb4087dca4829fe83cb
@@ -0,0 +1,74 @@
1
+ # For most projects, this workflow file will not need changing; you simply need
2
+ # to commit it to your repository.
3
+ #
4
+ # You may wish to alter this file to override the set of languages analyzed,
5
+ # or to provide custom queries or build logic.
6
+ #
7
+ # ******** NOTE ********
8
+ # We have attempted to detect the languages in your repository. Please check
9
+ # the `language` matrix defined below to confirm you have the correct set of
10
+ # supported CodeQL languages.
11
+ #
12
+ name: "CodeQL"
13
+
14
+ on:
15
+ push:
16
+ branches: [ "master" ]
17
+ pull_request:
18
+ # The branches below must be a subset of the branches above
19
+ branches: [ "master" ]
20
+ schedule:
21
+ - cron: '34 3 * * 3'
22
+
23
+ jobs:
24
+ analyze:
25
+ name: Analyze
26
+ runs-on: ubuntu-latest
27
+ permissions:
28
+ actions: read
29
+ contents: read
30
+ security-events: write
31
+
32
+ strategy:
33
+ fail-fast: false
34
+ matrix:
35
+ language: [ 'ruby' ]
36
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
37
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
38
+
39
+ steps:
40
+ - name: Checkout repository
41
+ uses: actions/checkout@v3
42
+
43
+ # Initializes the CodeQL tools for scanning.
44
+ - name: Initialize CodeQL
45
+ uses: github/codeql-action/init@v2
46
+ with:
47
+ languages: ${{ matrix.language }}
48
+ # If you wish to specify custom queries, you can do so here or in a config file.
49
+ # By default, queries listed here will override any specified in a config file.
50
+ # Prefix the list here with "+" to use these queries and those in the config file.
51
+
52
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
53
+ # queries: security-extended,security-and-quality
54
+
55
+
56
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
57
+ # If this step fails, then you should remove it and run the build manually (see below)
58
+ - name: Autobuild
59
+ uses: github/codeql-action/autobuild@v2
60
+
61
+ # ℹ️ Command-line programs to run using the OS shell.
62
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
63
+
64
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
65
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
66
+
67
+ # - run: |
68
+ # echo "Run, Build Application using script"
69
+ # ./location_of_script_within_repo/buildscript.sh
70
+
71
+ - name: Perform CodeQL Analysis
72
+ uses: github/codeql-action/analyze@v2
73
+ with:
74
+ category: "/language:${{matrix.language}}"
@@ -17,6 +17,8 @@ jobs:
17
17
  - 2.6
18
18
  - 2.7
19
19
  - 3.0
20
+ - 3.1
21
+ - 3.2
20
22
  - head
21
23
 
22
24
  runs-on: ${{ matrix.os }}-latest
@@ -37,6 +39,12 @@ jobs:
37
39
  run: bin/test
38
40
  - name: Run tests
39
41
  run: bundle exec rake test
42
+ - name: Coveralls Parallel
43
+ uses: coverallsapp/github-action@master
44
+ with:
45
+ github-token: ${{ secrets.GITHUB_TOKEN }}
46
+ flag-name: run-${{ matrix.ruby-version }}
47
+ parallel: true
40
48
 
41
49
  rubocop:
42
50
 
@@ -52,7 +60,6 @@ jobs:
52
60
  - name: Run rubocop
53
61
  run: bundle exec rake rubocop
54
62
 
55
- # TODO: Add code coverage testing (coveralls)
56
63
  # TODO: Add documentation/maintainability testing?
57
64
  # TODO: Add dependency testing? (bundle audit)
58
65
 
@@ -60,5 +67,10 @@ jobs:
60
67
  runs-on: ubuntu-latest
61
68
  needs: [ test_matrix, rubocop ]
62
69
  steps:
70
+ - name: Coveralls Finished
71
+ uses: coverallsapp/github-action@master
72
+ with:
73
+ github-token: ${{ secrets.GITHUB_TOKEN }}
74
+ parallel-finished: true
63
75
  - name: Wait for status checks
64
76
  run: echo "All Green!"
data/.rubocop.yml CHANGED
@@ -214,8 +214,6 @@ Style/RedundantArgument: # (new in 1.4)
214
214
  Enabled: true
215
215
  Style/SwapValues: # (new in 1.1)
216
216
  Enabled: true
217
- Gemspec/DateAssignment: # (new in 1.10)
218
- Enabled: true
219
217
  Lint/DeprecatedConstants: # (new in 1.8)
220
218
  Enabled: true
221
219
  Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
@@ -238,3 +236,83 @@ Style/IfWithBooleanLiteralBranches: # (new in 1.9)
238
236
  Enabled: true
239
237
  Style/StringChars: # (new in 1.12)
240
238
  Enabled: true
239
+ Gemspec/DeprecatedAttributeAssignment: # new in 1.30
240
+ Enabled: true
241
+ Gemspec/RequireMFA: # new in 1.23
242
+ Enabled: true
243
+ Layout/LineContinuationLeadingSpace: # new in 1.31
244
+ Enabled: true
245
+ Layout/LineContinuationSpacing: # new in 1.31
246
+ Enabled: true
247
+ Layout/LineEndStringConcatenationIndentation: # new in 1.18
248
+ Enabled: true
249
+ Lint/AmbiguousOperatorPrecedence: # new in 1.21
250
+ Enabled: true
251
+ Lint/AmbiguousRange: # new in 1.19
252
+ Enabled: true
253
+ Lint/ConstantOverwrittenInRescue: # new in 1.31
254
+ Enabled: true
255
+ Lint/DuplicateMagicComment: # new in 1.37
256
+ Enabled: true
257
+ Lint/EmptyInPattern: # new in 1.16
258
+ Enabled: true
259
+ Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
260
+ Enabled: true
261
+ Lint/NonAtomicFileOperation: # new in 1.31
262
+ Enabled: true
263
+ Lint/RefinementImportMethods: # new in 1.27
264
+ Enabled: true
265
+ Lint/RequireRangeParentheses: # new in 1.32
266
+ Enabled: true
267
+ Lint/RequireRelativeSelfPath: # new in 1.22
268
+ Enabled: true
269
+ Lint/UselessRuby2Keywords: # new in 1.23
270
+ Enabled: true
271
+ Naming/BlockForwarding: # new in 1.24
272
+ Enabled: true
273
+ Security/CompoundHash: # new in 1.28
274
+ Enabled: true
275
+ Security/IoMethods: # new in 1.22
276
+ Enabled: true
277
+ Style/EmptyHeredoc: # new in 1.32
278
+ Enabled: true
279
+ Style/EnvHome: # new in 1.29
280
+ Enabled: true
281
+ Style/FetchEnvVar: # new in 1.28
282
+ Enabled: true
283
+ Style/FileRead: # new in 1.24
284
+ Enabled: true
285
+ Style/FileWrite: # new in 1.24
286
+ Enabled: true
287
+ Style/InPatternThen: # new in 1.16
288
+ Enabled: true
289
+ Style/MagicCommentFormat: # new in 1.35
290
+ Enabled: true
291
+ Style/MapCompactWithConditionalBlock: # new in 1.30
292
+ Enabled: true
293
+ Style/MapToHash: # new in 1.24
294
+ Enabled: true
295
+ Style/MultilineInPatternThen: # new in 1.16
296
+ Enabled: true
297
+ Style/NestedFileDirname: # new in 1.26
298
+ Enabled: true
299
+ Style/NumberedParameters: # new in 1.22
300
+ Enabled: true
301
+ Style/NumberedParametersLimit: # new in 1.22
302
+ Enabled: true
303
+ Style/ObjectThen: # new in 1.28
304
+ Enabled: true
305
+ Style/OpenStructUse: # new in 1.23
306
+ Enabled: true
307
+ Style/OperatorMethodCall: # new in 1.37
308
+ Enabled: true
309
+ Style/QuotedSymbols: # new in 1.16
310
+ Enabled: true
311
+ Style/RedundantInitialize: # new in 1.27
312
+ Enabled: true
313
+ Style/RedundantSelfAssignmentBranch: # new in 1.19
314
+ Enabled: true
315
+ Style/RedundantStringEscape: # new in 1.37
316
+ Enabled: true
317
+ Style/SelectByRegexp: # new in 1.22
318
+ Enabled: true
data/CHANGELOG.md CHANGED
@@ -4,6 +4,10 @@ Historical changelog for all versions.
4
4
 
5
5
  ## HEAD
6
6
 
7
+ ## v1.2.0
8
+
9
+ * Synced with latest upstream changes (technion/ruby-argon2 `v2.2.0`)
10
+
7
11
  ## v1.1.0
8
12
 
9
13
  * Added support for passing parallelism cost to `Argon2::Password.create`
data/MAINTAINING.md CHANGED
@@ -59,7 +59,7 @@ NOTE: `X.Y.Z` and `vX.Y.Z` are given as examples, and should be replaced with
59
59
  1. `git commit -m "Release vX.Y.Z"`
60
60
  1. Ensure all tests are passing
61
61
  1. `./bin/setup`
62
- 1. `./bin/test`
62
+ 1. `./bin/test` (you may need to install clang, e.g. `sudo apt install clang`)
63
63
  1. `rake default`
64
64
  1. Build the Gem
65
65
  1. `gem build`
data/README.md CHANGED
@@ -1,20 +1,28 @@
1
1
  # Argon2 - Ruby Wrapper
2
2
 
3
- Forked from [technion/ruby-argon2](https://github.com/technion/ruby-argon2) aka
4
- the `argon2` gem, `v2.0.3`. See below for a migration guide if you would like to
5
- move an existing application from `argon2` to `sorcery-argon2`.
3
+ A ruby wrapper for the Argon2 password hashing algorithm.
6
4
 
7
- [Why was `argon2` forked?](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)
5
+ *This is an independent project, and not official from the PHC team.*
6
+
7
+ This gem provides a 1:1 replacement for the `argon2` gem, with various
8
+ improvements. Want to know more about why `argon2` was forked?
9
+ [Read more](#why-fork-argon2)
10
+
11
+ Wish to upgrade an existing application to use the improved API?
12
+ [Migration guide](#migrating-from-argon2-to-sorcery-argon2)
13
+
14
+ This fork is kept up-to-date with `argon2`, latest sync: `argon2 - v2.2.0`
8
15
 
9
16
  ## Table of Contents
10
17
 
11
18
  1. [Useful Links](#useful-links)
12
19
  2. [API Summary](#api-summary)
13
20
  3. [Installation](#installation)
14
- 4. [Migrating from `argon2` to `sorcery-argon2`](#migrating-from-argon2-to-sorcery-argon2)
15
- 5. [Contributing](#contributing)
16
- 6. [Contact](#contact)
17
- 7. [License](#license)
21
+ 4. [Why fork `argon2`?](#why-fork-argon2)
22
+ 5. [Migrating from `argon2` to `sorcery-argon2`](#migrating-from-argon2-to-sorcery-argon2)
23
+ 6. [Contributing](#contributing)
24
+ 7. [Contact](#contact)
25
+ 8. [License](#license)
18
26
 
19
27
  ## Useful Links
20
28
 
@@ -93,13 +101,146 @@ Require Sorcery-Argon2 in your project:
93
101
  require 'argon2'
94
102
  ```
95
103
 
104
+ ## Why fork `argon2`?
105
+
106
+ While implementing Argon2 support in Sorcery v1, I noticed that the current
107
+ ruby wrapper (`argon2` - [technion/ruby-argon2](https://github.com/technion/ruby-argon2))
108
+ had some questionable design decisions, and attempted to address them through a
109
+ pull request. The sole maintainer of the gem rejected these changes summarily,
110
+ without pointing out any specific concerns other than not understanding why the
111
+ changes were necessary. This lead to me ([@joshbuker](https://github.com/joshbuker))
112
+ being directed to create a fork instead:
113
+ [technion/ruby-argon2#44](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)
114
+
115
+ ### Why should I trust this fork?
116
+
117
+ You shouldn't trust this code more than you trust any other open source project.
118
+ It's written by someone you don't know, and even if there is no malicious
119
+ intent, there is no guarantee that the code is secure. Open source security is
120
+ driven by having the community vett popular libraries, and discovering flaws
121
+ through the sheer number of intelligent community members looking at the code.
122
+
123
+ That being said, the original library `argon2` also falls under the same
124
+ category. Ultimately, it was also written by a single person and is not
125
+ thoroughly vetted by the community at the time of writing. A community member
126
+ ([@joshbuker](https://github.com/joshbuker), in this case) finding flaws in the
127
+ implementation, and the fixes being rejected from upstream, is how this fork
128
+ came into being.
129
+
130
+ ### What are the changes, why are they necessary?
131
+
132
+ The Argon2::Password interface was, to put it bluntly, poorly executed in the
133
+ original library. The Password class instance was not a representation of an
134
+ Argon2 password as one would expect, but instead an unnecessary abstraction
135
+ layer used to store the settings passed to the underlying Argon2 C Library. This
136
+ not only led to an overly complicated method of generating Argon2 hashes, but
137
+ also meant that the class could not be used to read data back out of an Argon2
138
+ digest.
139
+
140
+ Originally, to generate an Argon2 hash/digest, one would have to do the
141
+ following:
142
+
143
+ ```ruby
144
+ # Create an instance of the Argon2::Password class to store your options:
145
+ instance = Argon2::Password.new(t_cost: 4, m_cost: 16)
146
+ # Use this instance to generate the hash by calling create:
147
+ instance.create(password)
148
+ => "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
149
+ ```
150
+
151
+ Not only is this abstraction step unnecessary, it opens up a new way for
152
+ developers to make a security mistake. New salts are only generated on the
153
+ creation of a new Argon2::Password instance, meaning if you reuse the instance,
154
+ those passwords will share the same salt.
155
+
156
+ ```ruby
157
+ instance = Argon2::Password.new(t_cost: 4, m_cost: 16)
158
+ # digest1 and digest2 will share the same salt:
159
+ digest1 = instance.create(password1)
160
+ digest2 = instance.create(password2)
161
+ ```
162
+
163
+ Also, because of how the instance of Argon2::Password was designed, it cannot be
164
+ used for reading information back out of an Argon2::Password. This is a summary
165
+ of the original Argon2::Password API:
166
+
167
+ ```ruby
168
+ # Class methods
169
+ Argon2::Password.create(password) # Uses the default options to create a digest
170
+ Argon2::Password.valid_hash?(digest)
171
+ Argon2::Password.verify_password(password, digest, pepper = nil)
172
+
173
+ # Instance Methods
174
+ argon2 = Argon2::Password.new(options = {}) # Purely for storing options
175
+ argon2.create(password) # Take the options and generate an Argon2 digest
176
+ ```
177
+
178
+ Compare this with `sorcery-argon2`:
179
+
180
+ ```ruby
181
+ # Class methods
182
+ Argon2::Password.create(password, options = {}) # Same as before but accepts passing options
183
+ Argon2::Password.valid_hash?(digest)
184
+ Argon2::Password.verify_password(password, digest, pepper = nil)
185
+
186
+ # Instance Methods
187
+ argon2 = Argon2::Password.new(digest) # Now represents an Argon2 digest
188
+ argon2 == other_argon2 # Which can be compared with `==` against other Argon2::Password instances
189
+ argon2.matches?(password, pepper = nil) # Or against the original password
190
+ argon2.to_s # Returns the digest as a String
191
+ argon2.to_str # Also returns the digest as a String
192
+
193
+ # Argon2::Password Attributes (readonly)
194
+ argon2.digest
195
+ argon2.variant
196
+ argon2.version
197
+ argon2.t_cost
198
+ argon2.m_cost
199
+ argon2.p_cost
200
+ argon2.salt
201
+ argon2.checksum
202
+ ```
203
+
204
+ Another minor issue is that all library errors fall to a single non-descriptive
205
+ class:
206
+
207
+ ```ruby
208
+ Argon2::ArgonHashFail
209
+ ```
210
+
211
+ Compare with `sorcery-argon2`:
212
+
213
+ ```ruby
214
+ Argon2::Error # Replaces `Argon2::ArgonHashFail`
215
+
216
+ # The following errors all inherit from Argon2::Error, and allow you to catch
217
+ # specifically the error you're interested in:
218
+ Argon2::Errors::InvalidHash
219
+ Argon2::Errors::InvalidVersion
220
+ Argon2::Errors::InvalidCost
221
+ Argon2::Errors::InvalidTCost
222
+ Argon2::Errors::InvalidMCost
223
+ Argon2::Errors::InvalidPCost
224
+ Argon2::Errors::InvalidPassword
225
+ Argon2::Errors::InvalidSaltSize
226
+ Argon2::Errors::InvalidOutputLength
227
+ Argon2::Errors::ExtError
228
+ ```
229
+
230
+ Finally, the original library documentation is not only incomplete, but
231
+ straight up broken/inaccurate in some areas. `sorcery-argon2` has fixed these
232
+ issues, and has 100% documentation of the API.
233
+
234
+ * [`argon2` Documentation](https://rubydoc.info/gems/argon2)
235
+ * [`sorcery-argon2` Documentation](https://rubydoc.info/gems/sorcery-argon2)
236
+
96
237
  ## Migrating from `argon2` to `sorcery-argon2`
97
238
 
98
239
  There are two primary changes going from `argon2` to `sorcery-argon2`:
99
240
 
100
241
  ### The Argon2::Password API has been refactored
101
242
 
102
- **Argon2::Password.new and Argon2::Password.create are now different.**
243
+ *Argon2::Password.new and Argon2::Password.create are now different.*
103
244
 
104
245
  Argon2::Passwords can now be created without initializing an instance first.
105
246
 
@@ -115,11 +256,11 @@ instance.create(input_password)
115
256
  Argon2::Password.create(input_password, m_cost: some_m_cost)
116
257
  ```
117
258
 
118
- **Argon2::Password.create no longer accept custom salts.**
259
+ *Argon2::Password.create no longer accepts custom salts.*
119
260
 
120
- You should not be providing your own salt to the Argon2 algorithm (it does it
121
- for you). Previously you could pass an option of `salt_do_not_supply`, which has
122
- been removed in `sorcery-argon2 - v1.0.0`.
261
+ You should not be providing your own salt to the Argon2 algorithm (this library
262
+ does it for you). Previously you could pass an option of `salt_do_not_supply`,
263
+ which has been removed in `sorcery-argon2 - v1.0.0`.
123
264
 
124
265
  ### The errors have been restructured
125
266
 
@@ -156,7 +297,7 @@ Feel free to ask questions using these contact details:
156
297
 
157
298
  **Current Maintainers:**
158
299
 
159
- * Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
300
+ * Josh Buker ([@joshbuker](https://github.com/joshbuker)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
160
301
 
161
302
  ## License
162
303
 
data/bin/setup CHANGED
@@ -10,5 +10,6 @@ git submodule update --init --recursive
10
10
  # Build the Argon2 C Library. Git submodules must be initialized first!
11
11
  bundle install
12
12
  cd ext/argon2_wrap/
13
+ ruby extconf.rb
13
14
  make
14
15
  cd ../..
@@ -60,6 +60,7 @@ LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
60
60
  all: libs
61
61
  libs: $(SRC)
62
62
  $(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
63
+ cp libargon2_wrap.$(LIB_EXT) ../../lib
63
64
 
64
65
  #Deliberately avoiding the CFLAGS for our test cases - disable optimise and
65
66
  #C89
@@ -1,2 +1,5 @@
1
1
  # frozen_string_literal: true
2
- #I must admit I have no understanding of why this empty file works.
2
+
3
+ require 'mkmf'
4
+
5
+ File.rename('Makefile.real', 'Makefile')
Binary file
Binary file
@@ -27,10 +27,25 @@ module Argon2
27
27
  # Used to validate the maximum acceptable parallelism cost
28
28
  MAX_P_COST = 8
29
29
  # The complete Argon2 digest string (not to be confused with the checksum).
30
+ #
31
+ # For a detailed description of the digest format, please see:
32
+ # https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
30
33
  attr_reader :digest
31
- # The hash portion of the stored password hash.
34
+ # The hash portion of the stored password hash. This is Base64 encoded by
35
+ # default.
32
36
  attr_reader :checksum
33
- # The salt of the stored password hash.
37
+ # The salt of the stored password hash. This is Base64 encoded by default.
38
+ #
39
+ # To retrieve the original salt:
40
+ #
41
+ # require 'base64'
42
+ #
43
+ # argon2 = Argon2::Password.new(digest)
44
+ #
45
+ # argon2.salt
46
+ # => Base64 encoded salt
47
+ # Base64.decode64(argon2.salt)
48
+ # => original salt
34
49
  attr_reader :salt
35
50
  # Variant used (argon2i / argon2d / argon2id)
36
51
  attr_reader :variant
@@ -4,5 +4,5 @@ module Argon2
4
4
  ##
5
5
  # Standard Gem version constant.
6
6
  #
7
- VERSION = '1.1.0'
7
+ VERSION = '1.2.0'
8
8
  end
@@ -25,7 +25,8 @@ Gem::Specification.new do |s|
25
25
  'bug_tracker_uri' => "#{repo_url}/issues",
26
26
  'changelog_uri' => "#{repo_url}/releases/tag/v#{version}",
27
27
  'documentation_uri' => 'https://rubydoc.info/gems/sorcery-argon2',
28
- 'source_code_uri' => "#{repo_url}/tree/v#{version}"
28
+ 'source_code_uri' => "#{repo_url}/tree/v#{version}",
29
+ 'rubygems_mfa_required' => 'true'
29
30
  }
30
31
 
31
32
  s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
@@ -35,7 +36,7 @@ Gem::Specification.new do |s|
35
36
  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
36
37
  s.require_paths = ['lib']
37
38
 
38
- s.add_dependency 'ffi', '~> 1.14'
39
+ s.add_dependency 'ffi', '~> 1.15'
39
40
  s.add_dependency 'ffi-compiler', '~> 1.0'
40
41
 
41
42
  # Gems required for testing the wrapper locally.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sorcery-argon2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Buker
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-04-09 00:00:00.000000000 Z
11
+ date: 2023-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.14'
19
+ version: '1.15'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.14'
26
+ version: '1.15'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: ffi-compiler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -134,6 +134,7 @@ files:
134
134
  - ".github/ISSUE_TEMPLATE/feature_request.md"
135
135
  - ".github/ISSUE_TEMPLATE/need_help.md"
136
136
  - ".github/PULL_REQUEST_TEMPLATE.md"
137
+ - ".github/workflows/codeql.yml"
137
138
  - ".github/workflows/ruby.yml"
138
139
  - ".gitignore"
139
140
  - ".gitmodules"
@@ -149,7 +150,7 @@ files:
149
150
  - bin/console
150
151
  - bin/setup
151
152
  - bin/test
152
- - ext/argon2_wrap/Makefile
153
+ - ext/argon2_wrap/Makefile.real
153
154
  - ext/argon2_wrap/argon_wrap.c
154
155
  - ext/argon2_wrap/extconf.rb
155
156
  - ext/argon2_wrap/libargon2_wrap.so
@@ -247,9 +248,10 @@ licenses:
247
248
  - MIT
248
249
  metadata:
249
250
  bug_tracker_uri: https://github.com/sorcery/argon2/issues
250
- changelog_uri: https://github.com/sorcery/argon2/releases/tag/v1.1.0
251
+ changelog_uri: https://github.com/sorcery/argon2/releases/tag/v1.2.0
251
252
  documentation_uri: https://rubydoc.info/gems/sorcery-argon2
252
- source_code_uri: https://github.com/sorcery/argon2/tree/v1.1.0
253
+ source_code_uri: https://github.com/sorcery/argon2/tree/v1.2.0
254
+ rubygems_mfa_required: 'true'
253
255
  post_install_message:
254
256
  rdoc_options: []
255
257
  require_paths:
@@ -265,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
265
267
  - !ruby/object:Gem::Version
266
268
  version: '0'
267
269
  requirements: []
268
- rubygems_version: 3.1.2
270
+ rubygems_version: 3.2.3
269
271
  signing_key:
270
272
  specification_version: 4
271
273
  summary: A Ruby wrapper for the Argon2 Password hashing algorithm