verboten_keys 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c52ed1ed9e73caade0a8e5c853f9b3dd6c77da8638d8fd91898481e582472669
-  data.tar.gz: bfa901bb3430df012d1889f1f088da5405492fede5cc58cea19ae267f65ce42e
+  metadata.gz: dde874b6a3422af5674b2bb84ea805f45f22d4c3005ba8be44a958c5e8b45205
+  data.tar.gz: f7aa2967c3e2021db3f4bc72f90e94bb8c2d41d23b86aa687627c2c66059e651
 SHA512:
-  metadata.gz: fa3dd9b6736deae8bd3c02017cf8bf3c7fd30cac97363261a0f180bd0c367933c0d9cebb81131c07a8da20a9ce4173fadb12d93ba1b63529fb895170797ad698
-  data.tar.gz: 043f9bab13f99bfb969819be266330c0ce4e4376b65d3aaa6bf887ffe054854acf83ceefdb867200cb7e05873c1d04df2b2125d52f45e54ecddfd56e90328d3f
+  metadata.gz: 0402fb83e5bcd05368db47bf8d5d61d6950f74a1d89a35cb21df88bc1db2a90e656116b062576ae6c6a6845f6b652091e3c60ee14cb0116950410a038c8125ec
+  data.tar.gz: aed00eea946310bdaf4de43303cfc7248c1570f80b4a50bd74f08be82ad1c68c4fd5fb2c55d4025214c9db1cb4c77c29c0f42cd3f6a86a1db5a5ffed9f95a849

data/.github/workflows/ci.yml

@@ -5,7 +5,7 @@ jobs:
     name: 'Test Suite'
     strategy:
       matrix:
-        ruby: [2.5, 2.6, 2.7, 3.0]
+        ruby: [2.7.6, 3.0.4, 3.1.2]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -21,6 +21,6 @@ jobs:
       - uses: actions/checkout@v2
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 3.0
+          ruby-version: 3.1
           bundler-cache: true
       - run: bundle exec rubocop

data/.rubocop.yml

@@ -1,6 +1,6 @@
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.7
 
 Lint/DuplicateMethods:
   Enabled: false

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.7.6

data/CHANGELOG.md

@@ -1,9 +1,15 @@
 # Changelog
 
+## 1.1.0 - October 16, 2022
+
+* **New**: Support for Ruby version 3.1.
+* **Removed**: I've removed support for Ruby 2.5 and 2.6. The new minimum supported Ruby version is 2.7.
+* **Fixed**: Updated dependencies to protect against CVEs.
+
 ## 1.0.1 - August 28, 2021
 
-- Update the `railties` dependency to protect against [CVE-2021-22942](https://discuss.rubyonrails.org/t/cve-2021-22942-possible-open-redirect-in-host-authorization-middleware/78722)
+* **Fixed**: Update the `railties` dependency to protect against [CVE-2021-22942](https://discuss.rubyonrails.org/t/cve-2021-22942-possible-open-redirect-in-host-authorization-middleware/78722).
 
 ## 1.0.0 - May 11, 2021
 
-- Initial release
+* Initial release

data/CODE_OF_CONDUCT.md

@@ -39,7 +39,7 @@ This Code of Conduct applies within all community spaces, and also applies when
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at hi@tpritc.com. All complaints will be reviewed and investigated promptly and fairly.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at tom@tpritc.com. All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the reporter of any incident.
 

data/Gemfile.lock

@@ -1,26 +1,26 @@
 PATH
   remote: .
   specs:
-    verboten_keys (1.0.1)
+    verboten_keys (1.1.0)
       rack (>= 1.0, < 3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.1.4.1)
-      actionview (= 6.1.4.1)
-      activesupport (= 6.1.4.1)
+    actionpack (6.1.7)
+      actionview (= 6.1.7)
+      activesupport (= 6.1.7)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.4.1)
-      activesupport (= 6.1.4.1)
+    actionview (6.1.7)
+      activesupport (= 6.1.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (6.1.4.1)
+    activesupport (6.1.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -28,81 +28,89 @@ GEM
       zeitwerk (~> 2.3)
     ast (2.4.2)
     builder (3.2.4)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     crass (1.0.6)
-    diff-lcs (1.4.4)
-    erubi (1.10.0)
-    i18n (1.8.10)
+    diff-lcs (1.5.0)
+    erubi (1.11.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.12.0)
+    json (2.6.2)
+    loofah (2.19.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     method_source (1.0.0)
-    minitest (5.14.4)
-    nokogiri (1.12.3-x86_64-darwin)
+    mini_portile2 (2.8.0)
+    minitest (5.16.3)
+    nokogiri (1.13.8)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    nokogiri (1.12.3-x86_64-linux)
+    nokogiri (1.13.8-x86_64-darwin)
       racc (~> 1.4)
-    parallel (1.20.1)
-    parser (3.0.1.1)
+    nokogiri (1.13.8-x86_64-linux)
+      racc (~> 1.4)
+    parallel (1.22.1)
+    parser (3.1.2.1)
       ast (~> 2.4.1)
-    racc (1.5.2)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
+    racc (1.6.0)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (6.1.4.1)
-      actionpack (= 6.1.4.1)
-      activesupport (= 6.1.4.1)
+    railties (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
+    rainbow (3.1.1)
     rake (13.0.6)
-    regexp_parser (2.1.1)
+    regexp_parser (2.6.0)
     rexml (3.2.5)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-    rubocop (1.14.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.1)
+    rubocop (1.36.0)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.5.0, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.5.0)
-      parser (>= 3.0.1.1)
-    rubocop-rake (0.5.1)
-      rubocop
-    rubocop-rspec (2.3.0)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-      rubocop-ast (>= 1.1.0)
+    rubocop-rspec (2.13.2)
+      rubocop (~> 1.33)
     ruby-progressbar (1.11.0)
-    thor (1.1.0)
-    tzinfo (2.0.4)
+    thor (1.2.1)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.0.0)
-    zeitwerk (2.4.2)
+    unicode-display_width (2.3.0)
+    zeitwerk (2.6.1)
 
 PLATFORMS
+  ruby
   x86_64-darwin-20
+  x86_64-darwin-21
+  x86_64-darwin-22
   x86_64-linux
 
 DEPENDENCIES
@@ -116,4 +124,4 @@ DEPENDENCIES
   verboten_keys!
 
 BUNDLED WITH
-   2.2.11
+   2.3.23

data/README.md

@@ -14,13 +14,13 @@ GET /api/v1/users/123
   'id': 123,
   'name': 'Jane Doe',
   'email': 'jane.doe@example.com',
-  'password_digest': '$FEUNCqbSZIOu7e1QblI...'
+  'deepest_secret': 'Framed their sibling for a murder they commited'
 }
 ```
 
 Oh no, this is a disaster!
 
-If only there was a way to automatically filter out accidents like this! This is where Verboten Keys helps out. If you had Verboten Keys in your application, and had `password_digest` set as a forbidden key, the exact same response would look like this:
+If only there was a way to automatically filter out accidents like this! This is where Verboten Keys helps out. If you had Verboten Keys in your application, and had `deepest_secret` set as a forbidden key, the exact same response would look like this:
 
 ```
 GET /api/v1/users/123
@@ -31,7 +31,7 @@ GET /api/v1/users/123
 }
 ```
 
-Verboten Keys filtered out the leaking `password_digest` while leaving the rest of the request intact. When all else fails, we prevent you accidentally leaking sensitive data. Verboten Keys is your last line of defense.
+Verboten Keys filtered out the leaking `deepest_secret` while leaving the rest of the request intact. When all else fails, we prevent you accidentally leaking sensitive data. Verboten Keys is your last line of defense.
 
 ## Installation
 
@@ -68,8 +68,10 @@ You should include it last, so nothing gets missed when the middleware parses an
 Every application has its own security needs, and Verboten Keys is designed to be configurable, so you can get it just so. To configure Verboten Keys, simply call its `configure` method, which yields a block with the current configuration:
 
 ```ruby
+# In config/initializers/verbotten_keys.rb:
+
 VerbotenKeys.configure do |config|
-  config.forbidden_keys = [:password, :password_digest, :secret_token]
+  config.forbidden_keys = [:deepest_secret, :secret_token]
   config.strategy = :remove
 end
 ```
@@ -87,4 +89,4 @@ Bug reports and pull requests are welcome on [GitHub](https://github.com/tpritc/
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). If you or your organization need a custom, commercial license for any reason, [send me an email](mailto:hi@tpritc.com) and I'll be happy to set something up for you.
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). If you or your organization need a custom, commercial license for any reason, [send me an email](mailto:tom@tpritc.com) and I'll be happy to set something up for you.

data/lib/verboten_keys/filterer.rb

@@ -4,8 +4,7 @@ module VerbotenKeys
   class Filterer
     def self.filter_forbidden_keys(hash)
       hash
-        .map { |k, v| evaluate_key_value_pair(k, v) }
-        .to_h
+        .to_h { |k, v| evaluate_key_value_pair(k, v) }
         .delete_if { |k, _v| k.nil? }
     end
 

data/lib/verboten_keys/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module VerbotenKeys
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

data/verboten_keys.gemspec

@@ -6,12 +6,12 @@ Gem::Specification.new do |spec|
   spec.name          = 'verboten_keys'
   spec.version       = VerbotenKeys::VERSION
   spec.authors       = ['Tom Pritchard']
-  spec.email         = ['hi@tpritc.com']
+  spec.email         = ['tom@tpritc.com']
 
   spec.summary       = 'Verboten Keys is a last line of defense to help prevent you and your team from accidentally leaking private information via your APIs.'
   spec.homepage      = 'https://github.com/tpritc/verboten_keys'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
 
   spec.metadata['source_code_uri'] = 'https://github.com/tpritc/verboten_keys'
   spec.metadata['changelog_uri'] = 'https://github.com/tpritc/verboten_keys/blob/main/CHANGELOG.md'
@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
   spec.add_runtime_dependency 'rack', '>= 1.0', '< 3'
@@ -31,4 +30,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '~> 1.7'
   spec.add_development_dependency 'rubocop-rake', '~> 0.5'
   spec.add_development_dependency 'rubocop-rspec', '~> 2.3'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: verboten_keys
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Tom Pritchard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-28 00:00:00.000000000 Z
+date: 2022-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -130,7 +130,7 @@ dependencies:
         version: '2.3'
 description:
 email:
-- hi@tpritc.com
+- tom@tpritc.com
 executables:
 - console
 - setup
@@ -141,6 +141,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".tool-versions"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -164,6 +165,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/tpritc/verboten_keys
   changelog_uri: https://github.com/tpritc/verboten_keys/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -172,14 +174,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Verboten Keys is a last line of defense to help prevent you and your team