From cfab017aed8ba5d35ab698af86ba575dbfad6d14 Mon Sep 17 00:00:00 2001 From: Josh Cheek Date: Tue, 8 Feb 2022 16:07:44 -0800 Subject: [PATCH 1/2] Add pry to Gemfile so you can `bundle exec rspec` Co-authored-by: Angel Malavar --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 657606f..bb08013 100644 --- a/Gemfile +++ b/Gemfile @@ -7,4 +7,5 @@ gemspec group :development, :test do gem 'coveralls', require: false + gem 'pry' end From db46347f3f301d4bd6aef66f570cd87492c3101c Mon Sep 17 00:00:00 2001 From: Josh Cheek Date: Tue, 8 Feb 2022 16:11:58 -0800 Subject: [PATCH 2/2] Update dependency on api-auth from ~>1.4 to ~>2.0 ApiAuth v1 has insecure defaults and uses deprecated Faraday features which lead to test spam. This bumps it to ~>2.0, because that allows for versions which use Faraday correctly, and fixes the security vulnerabilities. Example of the Faraday deprecation warning: ``` WARNING: `Faraday::Request#method` is deprecated; use `#http_method` instead. It will be removed in or after version 2.0. `Faraday::Request#method` called from /Users/josh/.gem/ruby/3.0.2/gems/api-auth-2.0.0/lib/api_auth/request_drivers/faraday.rb:24:in `populate_content_md5' ``` Link to v2.0 in the changelog: https://github.com/mgomes/api_auth/blob/master/CHANGELOG.md#200-2016-05-11 Link to the security vulnearability: https://github.com/mgomes/api_auth/blob/master/CHANGELOG.md#140-2015-12-16 Co-authored-by: Angel Malavar --- mifiel.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mifiel.gemspec b/mifiel.gemspec index 8495d32..9e10342 100644 --- a/mifiel.gemspec +++ b/mifiel.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 2.3' spec.add_runtime_dependency 'activesupport' - spec.add_runtime_dependency 'api-auth', '~> 1.4' + spec.add_runtime_dependency 'api-auth', '~> 2.0' spec.add_runtime_dependency 'flexirest', '~> 1.6' spec.add_runtime_dependency 'json', '>= 1.8' spec.add_runtime_dependency 'rest-client', '>= 1.8'