diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000..c4e41f9 --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +4.0.3 diff --git a/CHANGE_LOG.md b/CHANGE_LOG.md index 57900f7..13261eb 100644 --- a/CHANGE_LOG.md +++ b/CHANGE_LOG.md @@ -1,5 +1,18 @@ ### Openapply CHANGE LOG +* **v1.0.3.4** - compatible with 1.0.x - 2026-06-12 + - Update gems with high security vulnerabilities (checked using `bundle-audit --update`) + - **oauth2** 2.0.18 — credential leak via protocol-relative redirect | `~> 2.0` → `~> 2.0.22`, now at **2.0.22** | + - **addressable** 2.8.1 — ReDoS (CVE-2026-35611) | Updated to **2.9.0** | + - **faraday** 2.14.1 — host-scoping bypass (CVE-2026-33637) | Updated to **2.14.2** | + - **jwt** 3.1.2 — empty-key HMAC bypass (CVE-2026-45363) | Updated to **3.2.0** | + - **rexml** 3.2.5 — 6 DoS vulnerabilities | Updated to **3.4.4** | + - **codacy-coverage** 2.2.1 — uses removed `File.exists?` (Ruby 4.0) | Replaced with **simplecov ~> 0.22** | + - **bundler** `~> 2.3` — incompatible with Bundler 4.x | Changed to `>= 2.3 + - Make code Ruby 4.x compatible + - **Codacy-Coverage** replaced with Simplecov (Codacy-Coverage is abanded since 2000 and not Ruby 4.0 compatible) + - update spec_helper to support `simplecov` + * **v1.0.3.9** - compatible with 1.0.x - 2026-04-20 - retrieve guardian summary data from students' `parent_guardian` key instead of the linked hash diff --git a/Gemfile.lock b/Gemfile.lock index e1fd2f6..0dbba84 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,88 +2,94 @@ PATH remote: . specs: openapply (1.0.3.9) - httparty (~> 0.20) - json (~> 2.6) - oauth2 (~> 2.0) + httparty (>= 0.20) + json (>= 2.6) + oauth2 (>= 2.0.22) GEM remote: https://rubygems.org/ specs: - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + auth-sanitizer (0.2.1) + version_gem (~> 1.1, >= 1.1.10) base64 (0.3.0) bigdecimal (4.1.2) - codacy-coverage (2.2.1) - simplecov coderay (1.1.3) - crack (0.4.5) + crack (1.0.1) + bigdecimal rexml csv (3.3.5) - diff-lcs (1.5.0) - docile (1.4.0) - faraday (2.14.1) + diff-lcs (1.6.2) + docile (1.4.1) + faraday (2.14.2) faraday-net_http (>= 2.0, < 3.5) json logger - faraday-net_http (3.4.2) + faraday-net_http (3.4.4) net-http (~> 0.5) - hashdiff (1.0.1) + hashdiff (1.2.1) hashie (5.1.0) logger httparty (0.24.2) csv mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - json (2.19.4) - jwt (3.1.2) + io-console (0.8.2) + json (2.19.9) + jwt (3.2.0) base64 logger (1.7.0) - method_source (1.0.0) + method_source (1.1.0) mini_mime (1.1.5) - multi_xml (0.8.1) + multi_xml (0.9.1) bigdecimal (>= 3.1, < 5) net-http (0.9.1) uri (>= 0.11.1) - oauth2 (2.0.18) + oauth2 (2.0.22) + auth-sanitizer (~> 0.2, >= 0.2.1) faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) logger (~> 1.2) multi_xml (~> 0.5) rack (>= 1.2, < 4) - snaky_hash (~> 2.0, >= 2.0.3) - version_gem (~> 1.1, >= 1.1.9) - pry (0.14.2) + snaky_hash (~> 2.0, >= 2.0.5) + version_gem (~> 1.1, >= 1.1.11) + pry (0.16.0) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (5.0.1) + reline (>= 0.6.0) + public_suffix (7.0.5) rack (3.2.6) - rake (13.0.6) - rexml (3.2.5) - rspec (3.12.0) - rspec-core (~> 3.12.0) - rspec-expectations (~> 3.12.0) - rspec-mocks (~> 3.12.0) - rspec-core (3.12.1) - rspec-support (~> 3.12.0) - rspec-expectations (3.12.2) + rake (13.4.2) + reline (0.6.3) + io-console (~> 0.5) + rexml (3.4.4) + rspec (3.13.2) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-core (3.13.6) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.12.0) - rspec-mocks (3.12.3) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.8) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.12.0) - rspec-support (3.12.0) + rspec-support (~> 3.13.0) + rspec-support (3.13.7) simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) - simplecov-html (0.12.3) + simplecov-html (0.13.2) simplecov_json_formatter (0.1.4) - snaky_hash (2.0.3) + snaky_hash (2.0.6) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) uri (1.1.1) - version_gem (1.1.9) - webmock (3.18.1) + version_gem (1.1.11) + webmock (3.26.2) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -94,13 +100,13 @@ PLATFORMS x86_64-darwin-21 DEPENDENCIES - bundler (~> 2.3) - codacy-coverage (~> 2.2) + bundler (>= 2.3) openapply! - pry (~> 0.14) - rake (~> 13.0) - rspec (~> 3.11) - webmock (~> 3.18) + pry (>= 0.14) + rake (>= 13.0) + rspec (>= 3.11) + simplecov (~> 0.22) + webmock (>= 3.18) BUNDLED WITH - 2.3.26 + 4.0.14 diff --git a/lib/openapply/version.rb b/lib/openapply/version.rb index bd22632..14218f4 100644 --- a/lib/openapply/version.rb +++ b/lib/openapply/version.rb @@ -1,5 +1,5 @@ module Openapply module Version - VERSION = "1.0.3.9" + VERSION = "1.0.4" end end diff --git a/openapply.gemspec b/openapply.gemspec index 48001c5..b9ec442 100644 --- a/openapply.gemspec +++ b/openapply.gemspec @@ -20,14 +20,14 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] - spec.add_dependency "httparty", "~> 0.20" - spec.add_dependency "json" , "~> 2.6" - spec.add_dependency "oauth2", "~> 2.0" + spec.add_dependency "httparty", ">= 0.20" + spec.add_dependency "json" , ">= 2.6" + spec.add_dependency "oauth2", ">= 2.0.22" - spec.add_development_dependency 'codacy-coverage', '~> 2.2' - spec.add_development_dependency "webmock", "~> 3.18" - spec.add_development_dependency "bundler", "~> 2.3" - spec.add_development_dependency "rake", "~> 13.0" - spec.add_development_dependency "rspec", "~> 3.11" - spec.add_development_dependency "pry", "~> 0.14" + spec.add_development_dependency 'simplecov', '~> 0.22' + spec.add_development_dependency "webmock", ">= 3.18" + spec.add_development_dependency "bundler", ">=2.3" + spec.add_development_dependency "rake", ">= 13.0" + spec.add_development_dependency "rspec", ">= 3.11" + spec.add_development_dependency "pry", ">= 0.14" end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e17b924..05f69bc 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -5,12 +5,8 @@ require "bundler/setup" require "openapply" # -require 'codacy-coverage' -Codacy::Reporter.start -# require 'simplecov' -# require 'coveralls' -# Coveralls.wear! -# SimpleCov.start +require 'simplecov' +SimpleCov.start RSpec.configure do |config| # Enable flags like --only-failures and --next-failure