sprockets 3.7.1 → 3.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +4 -0
  3. data/lib/sprockets/manifest.rb +2 -1
  4. data/lib/sprockets/processing.rb +1 -1
  5. data/lib/sprockets/server.rb +1 -1
  6. data/lib/sprockets/version.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: d7893a1473428786e2b49eaf7554496d153a57b1
4
- data.tar.gz: 805a200abef6ae553c05d71b343dc367c8da0ba1
2
+ SHA256:
3
+ metadata.gz: 46e0f0a150aa8333d2a1d2663167b6f20c1e77db067cea7b545f75927f770807
4
+ data.tar.gz: 5acd5cb5c64e240dd8180e91f34620195fa1433e625ee48a132fdae58be71ba5
5
5
  SHA512:
6
- metadata.gz: 14207c7eb061d38e9a848e4c1632764939718352ea48adb3fec86f6bfd4799eae3a36767a7a1669ca890ae2810d9a63b9da12c88c69f99c6276a945be92dc7c3
7
- data.tar.gz: 2015339e22e7268c3f817aa6e16a308b1c0d22de40e55e9795d1450a54bf41a1b0605328b8bdd5d15cfd055ec2165c6af751f5a93d46f26802eb97509bcd15bd
6
+ metadata.gz: 97a06eb2e0767903da7bcda387211d881f3b98d57269a8abed5045e277db5f133f381c4f8fd23fcccf45a4032c85309841abba13b9218a52b21121a5a9bfc02a
7
+ data.tar.gz: 1d9c8d75bab64c366473226cc61806cd64c1951a67d90cc1220c1474e6a02cc5003b2dffb1b6324abefb7e7c8b292145635ac0bed6ae947a35393d67acd3c40e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ **3.7.2** (June 19, 2018)
2
+
3
+ * Security release for [CVE-2018-3760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760).
4
+
1
5
  **3.7.1** (December 19, 2016)
2
6
 
3
7
  * Ruby 2.4 support for Sprockets 3.
data/lib/sprockets/manifest.rb CHANGED
@@ -161,7 +161,8 @@ module Sprockets
161
161
  end
162
162
  else
163
163
  args.each do |path|
164
- yield File.binread(File.join(dir, assets[path]))
164
+ asset = assets[path]
165
+ yield File.binread(File.join(dir, asset)) if asset
165
166
  end
166
167
  end
167
168
  end
data/lib/sprockets/processing.rb CHANGED
@@ -232,7 +232,7 @@ module Sprockets
232
232
  end
233
233
 
234
234
  def deprecate_legacy_processor_interface(interface)
235
- msg = "You are using the a deprecated processor interface #{ interface.inspect }.\n" +
235
+ msg = "You are using a deprecated processor interface #{ interface.inspect }.\n" +
236
236
  "Please update your processor interface:\n" +
237
237
  "https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors\n"
238
238
 
data/lib/sprockets/server.rb CHANGED
@@ -115,7 +115,7 @@ module Sprockets
115
115
  #
116
116
  # http://example.org/assets/../../../etc/passwd
117
117
  #
118
- path.include?("..") || absolute_path?(path)
118
+ path.include?("..") || absolute_path?(path) || path.include?("://")
119
119
  end
120
120
 
121
121
  def head_request?(env)
data/lib/sprockets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "3.7.1"
2
+ VERSION = "3.7.2"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.1
4
+ version: 3.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Stephenson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-12-20 00:00:00.000000000 Z
12
+ date: 2018-06-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack
@@ -333,7 +333,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
333
333
  version: '0'
334
334
  requirements: []
335
335
  rubyforge_project: sprockets
336
- rubygems_version: 2.5.2
336
+ rubygems_version: 2.7.6
337
337
  signing_key:
338
338
  specification_version: 4
339
339
  summary: Rack-based asset packaging system