RubyGems - sprockets - Versions diffs - 3.7.1 → 3.7.2 - Mend

sprockets 3.7.1 → 3.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d7893a1473428786e2b49eaf7554496d153a57b1
-  data.tar.gz: 805a200abef6ae553c05d71b343dc367c8da0ba1
+SHA256:
+  metadata.gz: 46e0f0a150aa8333d2a1d2663167b6f20c1e77db067cea7b545f75927f770807
+  data.tar.gz: 5acd5cb5c64e240dd8180e91f34620195fa1433e625ee48a132fdae58be71ba5
 SHA512:
-  metadata.gz: 14207c7eb061d38e9a848e4c1632764939718352ea48adb3fec86f6bfd4799eae3a36767a7a1669ca890ae2810d9a63b9da12c88c69f99c6276a945be92dc7c3
-  data.tar.gz: 2015339e22e7268c3f817aa6e16a308b1c0d22de40e55e9795d1450a54bf41a1b0605328b8bdd5d15cfd055ec2165c6af751f5a93d46f26802eb97509bcd15bd
+  metadata.gz: 97a06eb2e0767903da7bcda387211d881f3b98d57269a8abed5045e277db5f133f381c4f8fd23fcccf45a4032c85309841abba13b9218a52b21121a5a9bfc02a
+  data.tar.gz: 1d9c8d75bab64c366473226cc61806cd64c1951a67d90cc1220c1474e6a02cc5003b2dffb1b6324abefb7e7c8b292145635ac0bed6ae947a35393d67acd3c40e

data/CHANGELOG.md CHANGED

@@ -1,3 +1,7 @@
+**3.7.2** (June 19, 2018)
+* Security release for [CVE-2018-3760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760).
 **3.7.1** (December 19, 2016)
 * Ruby 2.4 support for Sprockets 3.

data/lib/sprockets/manifest.rb CHANGED

@@ -161,7 +161,8 @@ module Sprockets
         end
       else
         args.each do |path|
-          yield File.binread(File.join(dir, assets[path]))
+          asset = assets[path]
+          yield File.binread(File.join(dir, asset)) if asset
         end
       end
     end

data/lib/sprockets/processing.rb CHANGED

@@ -232,7 +232,7 @@ module Sprockets
       end
       def deprecate_legacy_processor_interface(interface)
-        msg = "You are using the a deprecated processor interface #{ interface.inspect }.\n" +
+        msg = "You are using a deprecated processor interface #{ interface.inspect }.\n" +
         "Please update your processor interface:\n" +
         "https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors\n"

data/lib/sprockets/server.rb CHANGED

@@ -115,7 +115,7 @@ module Sprockets
         #
         #     http://example.org/assets/../../../etc/passwd
         #
-        path.include?("..") || absolute_path?(path)
+        path.include?("..") || absolute_path?(path) || path.include?("://")
       end
       def head_request?(env)

data/lib/sprockets/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Sprockets
-  VERSION = "3.7.1"
+  VERSION = "3.7.2"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sprockets
 version: !ruby/object:Gem::Version
-  version: 3.7.1
+  version: 3.7.2
 platform: ruby
 authors:
 - Sam Stephenson
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-20 00:00:00.000000000 Z
+date: 2018-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -333,7 +333,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: sprockets
-rubygems_version: 2.5.2
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Rack-based asset packaging system