sprockets 2.2.3 → 2.12.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: be373494a4e64c06e55a9ad11e2c9efae09f1492
-  data.tar.gz: b683ce4b0ed64e683ea98d0b5af268bdeca3f584
+SHA256:
+  metadata.gz: 80bdc30a8aea68bb04398d467eea5a5e4cfe9b7dcef6ee41e2902debcec63342
+  data.tar.gz: 55a0f0b58e3e55c08ccfb30476017b814894b7ec98cf3bd22eecbc8bdcbe5c39
 SHA512:
-  metadata.gz: fa430704b4ef87304b8a128cb83fbb64c66e24d0bdae3d9e9e343bbebd56bf8823f65cba4a0ad1eb33204308c814910ebdd9c2b570c33fbbf89a2fadd2383b33
-  data.tar.gz: 785eb7a9f36afa38e6f010a573240768a9620ed216f4b20614835ffe9564d258a0e5340c9e8dbf3b538e8b960d9f7fd22342581b5e597dbbfc4e892bac7f7d3a
+  metadata.gz: a3ee63f44b0391509f3e80b1c6b403abf52168a66910da726221b7b45c6c51187f86a7896df45e8b6c7bed68d5218ad7915fa79602e3cf7a23c32622d23ab8a5
+  data.tar.gz: da30a4f95ef0691cec504b73b1d832cec2577aa0b2905050e74ad9a89322c6568e3ec250a760ac3a6f2080f738e8ed1580e3ae7ff2a53e8623820d98fea00b2d

data/README.md

@@ -159,9 +159,9 @@ variables, mixins, operations and functions.
 
 If the `less` gem is available to your application, you can use LESS
 to write CSS assets in Sprockets. Note that the LESS compiler is
-written in JavaScript, and at the time of this writing, the `less` gem
-depends on `therubyracer` which embeds the V8 JavaScript runtime in
-Ruby.
+written in JavaScript and the `less` gem (on MRI) uses `therubyracer`
+which embeds the V8 JavaScript runtime in Ruby, while on JRuby you're
+going to need `therubyrhino` gem installed.
 
 To write CSS assets with LESS, use the extension `.css.less`.
 
@@ -336,6 +336,18 @@ source file before any subsequent `require` or `include` directives.
 including it in the bundle. This is useful when you need to expire an
 asset's cache in response to a change in another file.
 
+### The `depend_on_asset` Directive ###
+
+`depend_on_asset` *path* works like `depend_on`, but operates
+recursively reading the the file and following the directives found.
+
+### The `stub` Directive ###
+
+`stub` *path* allows dependency to be excluded from the asset bundle.
+The *path* must be a valid asset and may or may not already be part
+of the bundle. Once stubbed, it is blacklisted and can't be brought
+back by any other `require`.
+
 # Development #
 
 ## Contributing ##
@@ -354,7 +366,126 @@ submit a pull request.
 
 ## Version History ##
 
-**2.2.0** (Unreleased)
+**2.12.3** (October 28, 2014)
+
+* Security: Fix directory traversal bug in development mode server.
+
+**2.12.2** (September 5, 2014)
+
+* Ensure internal asset lookups calls are still restricted to load paths within
+  asset compiles. Though, you should not depend on internal asset resolves to be
+  completely restricted for security reasons. Assets themselves should be
+  considered full scripting environments with filesystem access.
+
+**2.12.1** (April 17, 2014)
+
+* Fix making manifest target directory when its different than the output directory.
+
+**2.12.0** (March 13, 2014)
+
+* Avoid context reference in SassImporter hack so its Marshallable. Fixes
+ issues with Sass 3.3.x.
+
+**2.11.0** (February 19, 2014)
+
+* Support for `.bower.json`
+
+**2.10.0** (May 24, 2013)
+
+* Support for `bower.json`
+
+**2.9.3** (April 20, 2013)
+
+* Fixed sass caching bug
+
+**2.9.2** (April 8, 2013)
+
+* Improve file freshness check performance
+* Directive processor encoding fixes
+
+**2.9.1** (April 6, 2013)
+
+* Support for Uglifier 2.x
+
+**2.9.0** (February 25, 2013)
+
+* Write out gzipped variants of bundled assets.
+
+**2.8.2** (December 10, 2012)
+
+* Fixed top level Sass constant references
+* Fixed manifest logger when environment is disabled
+
+**2.8.1** (October 31, 2012)
+
+* Fixed Sass importer bug
+
+**2.8.0** (October 16, 2012)
+
+* Allow manifest location to be seperated from output directory
+* Pass logical path and absolute path to each_logical_path iterator
+
+**2.7.0** (October 10, 2012)
+
+* Added --css-compressor and --js-compressor command line flags
+* Added css/js compressor shorthand
+* Change default manifest.json filename to be a randomized manifest-16HEXBYTES.json
+* Allow nil environment to be passed to manifest
+* Allow manifest instance to be set on rake task
+
+**2.6.0** (September 19, 2012)
+
+* Added bower component.json require support
+
+**2.5.0** (September 4, 2012)
+
+* Fixed Ruby 2.0 RegExp warning
+* Provide stubbed implementation of context *_path helpers
+* Add SassCompressor
+
+**2.4.5** (July 10, 2012)
+
+* Tweaked some logger levels
+
+**2.4.4** (July 2, 2012)
+
+* Canonicalize logical path extensions
+* Check absolute paths passed to depend_on
+
+**2.4.3** (May 16, 2012)
+
+* Exposed :sprockets in sass options
+* Include dependency paths in asset mtime
+
+**2.4.2** (May 7, 2012)
+
+* Fixed MultiJson feature detect
+
+**2.4.1** (April 26, 2012)
+
+* Fixed MultiJson API change
+* Fixed gzip mtime
+
+**2.4.0** (March 27, 2012)
+
+* Added global path registry
+* Added global processor registry
+
+**2.3.2** (March 26, 2012)
+
+* Fix Context#logical_path with dots
+
+**2.3.1** (February 11, 2012)
+
+* Added bytesize to manifest
+* Added Asset#bytesize alias
+* Security: Check path for forbidden access after unescaping
+
+**2.3.0** (January 16, 2012)
+
+* Added special Sass importer that automatically tracks any `@import`ed files.
+
+**2.2.0** (January 10, 2012)
 
 * Added `sprockets` command line utility.
 * Added rake/sprocketstask.

data/bin/sprockets

@@ -40,6 +40,14 @@ OptionParser.new do |opts|
     manifest = Sprockets::Manifest.new(environment, directory)
   end
 
+  opts.on("--css-compressor=COMPRESSOR", "Use CSS compressor") do |compressor|
+    environment.css_compressor = compressor.to_sym
+  end
+
+  opts.on("--js-compressor=COMPRESSOR", "Use JavaScript compressor") do |compressor|
+    environment.js_compressor = compressor.to_sym
+  end
+
   opts.on("--noenv", "Disables .sprocketsrc file") do
   end
 

data/lib/rake/sprocketstask.rb

@@ -37,6 +37,24 @@ module Rake
     end
     attr_writer :environment
 
+    # Returns cached indexed environment
+    def index
+      @index ||= environment.index if environment
+    end
+
+    # `Manifest` instance used for already compiled assets.
+    #
+    # Will be created by default if an environment and output
+    # directory are given
+    def manifest
+      if !@manifest.is_a?(Sprockets::Manifest) && @manifest.respond_to?(:call)
+        @manifest = @manifest.call
+      else
+        @manifest
+      end
+    end
+    attr_writer :manifest
+
     # Directory to write compiled assets too. As well as the manifest file.
     #
     #   t.output = "./public/assets"
@@ -79,6 +97,7 @@ module Rake
     def initialize(name = :assets)
       @name         = name
       @environment  = lambda { Sprockets::Environment.new(Dir.pwd) }
+      @manifest     = lambda { Sprockets::Manifest.new(index, output) }
       @logger       = Logger.new($stderr)
       @logger.level = Logger::INFO
       @keep         = 2
@@ -117,24 +136,16 @@ module Rake
     end
 
     private
-      # Returns cached indexed environment
-      def index
-        @index ||= environment.index
-      end
-
-      # Returns manifest for tasks
-      def manifest
-        @manifest ||= Sprockets::Manifest.new(index, output)
-      end
-
       # Sub out environment logger with our rake task logger that
       # writes to stderr.
       def with_logger
-        old_logger = index.logger
-        index.logger = @logger
+        if env = manifest.environment
+          old_logger = env.logger
+          env.logger = @logger
+        end
         yield
       ensure
-        index.logger = old_logger
+        env.logger = old_logger if env
       end
   end
 end

data/lib/sprockets.rb

@@ -3,7 +3,6 @@ require 'sprockets/version'
 module Sprockets
   # Environment
   autoload :Base,                    "sprockets/base"
-  autoload :Engines,                 "sprockets/engines"
   autoload :Environment,             "sprockets/environment"
   autoload :Index,                   "sprockets/index"
   autoload :Manifest,                "sprockets/manifest"
@@ -15,14 +14,16 @@ module Sprockets
   autoload :StaticAsset,             "sprockets/static_asset"
 
   # Processing
-  autoload :CharsetNormalizer,       "sprockets/charset_normalizer"
   autoload :Context,                 "sprockets/context"
-  autoload :DirectiveProcessor,      "sprockets/directive_processor"
   autoload :EcoTemplate,             "sprockets/eco_template"
   autoload :EjsTemplate,             "sprockets/ejs_template"
   autoload :JstProcessor,            "sprockets/jst_processor"
   autoload :Processor,               "sprockets/processor"
-  autoload :SafetyColons,            "sprockets/safety_colons"
+  autoload :SassCacheStore,          "sprockets/sass_cache_store"
+  autoload :SassFunctions,           "sprockets/sass_functions"
+  autoload :SassImporter,            "sprockets/sass_importer"
+  autoload :SassTemplate,            "sprockets/sass_template"
+  autoload :ScssTemplate,            "sprockets/scss_template"
 
   # Internal utilities
   autoload :ArgumentError,           "sprockets/errors"
@@ -39,8 +40,51 @@ module Sprockets
   end
 
   # Extend Sprockets module to provide global registry
-  extend Engines
-  @engines = {}
+  require 'hike'
+  require 'sprockets/engines'
+  require 'sprockets/mime'
+  require 'sprockets/processing'
+  require 'sprockets/compressing'
+  require 'sprockets/paths'
+  extend Engines, Mime, Processing, Compressing, Paths
+
+  @trail             = Hike::Trail.new(File.expand_path('..', __FILE__))
+  @mime_types        = {}
+  @engines           = {}
+  @preprocessors     = Hash.new { |h, k| h[k] = [] }
+  @postprocessors    = Hash.new { |h, k| h[k] = [] }
+  @bundle_processors = Hash.new { |h, k| h[k] = [] }
+  @compressors       = Hash.new { |h, k| h[k] = {} }
+
+  register_mime_type 'text/css', '.css'
+  register_mime_type 'application/javascript', '.js'
+
+  require 'sprockets/directive_processor'
+  register_preprocessor 'text/css',               DirectiveProcessor
+  register_preprocessor 'application/javascript', DirectiveProcessor
+
+  require 'sprockets/safety_colons'
+  register_postprocessor 'application/javascript', SafetyColons
+
+  require 'sprockets/charset_normalizer'
+  register_bundle_processor 'text/css', CharsetNormalizer
+
+  require 'sprockets/sass_compressor'
+  register_compressor 'text/css', :sass, SassCompressor
+  register_compressor 'text/css', :scss, SassCompressor
+
+  require 'sprockets/yui_compressor'
+  register_compressor 'text/css', :yui, YUICompressor
+
+  require 'sprockets/closure_compressor'
+  register_compressor 'application/javascript', :closure, ClosureCompressor
+
+  require 'sprockets/uglifier_compressor'
+  register_compressor 'application/javascript', :uglifier, UglifierCompressor
+  register_compressor 'application/javascript', :uglify, UglifierCompressor
+
+  require 'sprockets/yui_compressor'
+  register_compressor 'application/javascript', :yui, YUICompressor
 
   # Cherry pick the default Tilt engines that make sense for
   # Sprockets. We don't need ones that only generate html like HAML.
@@ -55,8 +99,8 @@ module Sprockets
 
   # CSS engines
   register_engine '.less',   Tilt::LessTemplate
-  register_engine '.sass',   Tilt::SassTemplate
-  register_engine '.scss',   Tilt::ScssTemplate
+  register_engine '.sass',   SassTemplate
+  register_engine '.scss',   ScssTemplate
 
   # Other
   register_engine '.erb',    Tilt::ERBTemplate

data/lib/sprockets/asset.rb

@@ -30,13 +30,17 @@ module Sprockets
 
     attr_reader :logical_path, :pathname
     attr_reader :content_type, :mtime, :length, :digest
+    alias_method :bytesize, :length
 
     def initialize(environment, logical_path, pathname)
+      raise ArgumentError, "Asset logical path has no extension: #{logical_path}" if File.extname(logical_path) == ""
+
       @root         = environment.root
       @logical_path = logical_path.to_s
       @pathname     = Pathname.new(pathname)
       @content_type = environment.content_type_of(pathname)
-      @mtime        = environment.stat(pathname).mtime
+      # drop precision to 1 second, same pattern followed elsewhere
+      @mtime        = Time.at(environment.stat(pathname).mtime.to_i)
       @length       = environment.stat(pathname).size
       @digest       = environment.file_digest(pathname).hexdigest
     end
@@ -55,8 +59,7 @@ module Sprockets
       end
 
       if mtime = coder['mtime']
-        # Parse time string
-        @mtime = Time.parse(mtime)
+        @mtime = Time.at(mtime)
       end
 
       if length = coder['length']
@@ -71,7 +74,7 @@ module Sprockets
       coder['logical_path'] = logical_path
       coder['pathname']     = relativize_root_path(pathname).to_s
       coder['content_type'] = content_type
-      coder['mtime']        = mtime.iso8601
+      coder['mtime']        = mtime.to_i
       coder['length']       = length
       coder['digest']       = digest
     end
@@ -136,7 +139,9 @@ module Sprockets
     # Save asset to disk.
     def write_to(filename, options = {})
       # Gzip contents if filename has '.gz'
-      options[:compress] ||= File.extname(filename) == '.gz'
+      unless options.key?(:compress)
+        options[:compress] = File.extname(filename) == '.gz' && File.extname(logical_path) != '.gz'
+      end
 
       FileUtils.mkdir_p File.dirname(filename)
 
@@ -144,12 +149,12 @@ module Sprockets
         if options[:compress]
           # Run contents through `Zlib`
           gz = Zlib::GzipWriter.new(f, Zlib::BEST_COMPRESSION)
+          gz.mtime = mtime.to_i
           gz.write to_s
           gz.close
         else
           # Write out as is
           f.write to_s
-          f.close
         end
       end
 
@@ -233,7 +238,7 @@ module Sprockets
           return false
         end
 
-        # Compare dependency mime to the actual mtime. If the
+        # Compare dependency mtime to the actual mtime. If the
         # dependency mtime is newer than the actual mtime, the file
         # hasn't changed since we created this `Asset` instance.
         #
@@ -241,7 +246,11 @@ module Sprockets
         # stale. Many deployment environments may recopy or recheckout
         # assets on each deploy. In this case the mtime would be the
         # time of deploy rather than modified time.
-        if mtime >= stat.mtime
+        #
+        # Note: to_i is used in eql? and write_to we assume fidelity of 1 second
+        #  if people save files more frequently than 1 second sprockets may
+        #  not pick it up, by design
+        if mtime.to_i >= stat.mtime.to_i
           return true
         end
 

data/lib/sprockets/asset_attributes.rb

@@ -17,10 +17,21 @@ module Sprockets
     def search_paths
       paths = [pathname.to_s]
 
-      if pathname.basename(extensions.join).to_s != 'index'
-        path_without_extensions = extensions.inject(pathname) { |p, ext| p.sub(ext, '') }
-        index_path = path_without_extensions.join("index#{extensions.join}").to_s
-        paths << index_path
+      extension = format_extension
+      path_without_extension = extension ?
+        pathname.sub(extension, '') :
+        pathname
+
+      # optimization: bower.json can only be nested one level deep
+      if !path_without_extension.to_s.index('/')
+        paths << path_without_extension.join(".bower.json").to_s
+        paths << path_without_extension.join("bower.json").to_s
+        # DEPRECATED bower configuration file
+        paths << path_without_extension.join("component.json").to_s
+      end
+
+      if pathname.basename(extension.to_s).to_s != 'index'
+        paths << path_without_extension.join("index#{extension}").to_s
       end
 
       paths