Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rubygem-pundit for openSUSE:Factory checked in at 2023-11-14 21:43:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-pundit (Old) and /work/SRC/openSUSE:Factory/.rubygem-pundit.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-pundit" Tue Nov 14 21:43:27 2023 rev:7 rq:1123168 version:2.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-pundit/rubygem-pundit.changes 2023-06-18 23:07:47.309405461 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-pundit.new.17445/rubygem-pundit.changes 2023-11-14 21:43:35.625866351 +0100 @@ -1,0 +2,15 @@ +Fri Nov 3 07:51:03 UTC 2023 - Dan Äermák <[email protected]> + +- ## Unreleased + +Nothing. + +## 2.3.1 (2023-07-17) + +### Fixed + +- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764) +- Policy generator now works on Ruby 3.2 (#754) + + +------------------------------------------------------------------- Old: ---- pundit-2.3.0.gem New: ---- pundit-2.3.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-pundit.spec ++++++ --- /var/tmp/diff_new_pack.pr8B91/_old 2023-11-14 21:43:36.893913290 +0100 +++ /var/tmp/diff_new_pack.pr8B91/_new 2023-11-14 21:43:36.893913290 +0100 @@ -24,11 +24,10 @@ # Name: rubygem-pundit -Version: 2.3.0 +Version: 2.3.1 Release: 0 %define mod_name pundit %define mod_full_name %{mod_name}-%{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: %{rubygem gem2rpm} BuildRequires: %{ruby} BuildRequires: ruby-macros >= 5 @@ -37,7 +36,6 @@ Source1: gem2rpm.yml Summary: OO authorization for Rails License: MIT -Group: Development/Languages/Ruby %description Object oriented authorization for Rails applications. ++++++ pundit-2.3.0.gem -> pundit-2.3.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.github/pull_request_template.md new/.github/pull_request_template.md --- old/.github/pull_request_template.md 1970-01-01 01:00:00.000000000 +0100 +++ new/.github/pull_request_template.md 2023-07-17 15:37:20.000000000 +0200 @@ -0,0 +1,9 @@ +## To do + +- [ ] I have read the [contributing guidelines](https://github.com/varvet/pundit/contribute). +- [ ] I have added relevant tests. +- [ ] I have adjusted relevant documentation. +- [ ] I have made sure the individual commits are meaningful. +- [ ] I have added relevant lines to the CHANGELOG. + +PS: Thank you for contributing to Pundit â¤ï¸ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.travis.yml new/.travis.yml --- old/.travis.yml 2022-12-19 16:24:04.000000000 +0100 +++ new/.travis.yml 2023-07-17 15:37:20.000000000 +0200 @@ -18,7 +18,8 @@ - rvm: 2.7.3 - rvm: 3.0.1 - rvm: 3.1.0 - - rvm: jruby-9.2.17.0 + - rvm: 3.2.0 + - rvm: jruby-9.3.10.0 env: - JRUBY_OPTS="--debug" - rvm: truffleruby-head diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2022-12-19 16:24:04.000000000 +0100 +++ new/CHANGELOG.md 2023-07-17 15:37:20.000000000 +0200 @@ -1,5 +1,16 @@ # Pundit +## Unreleased + +Nothing. + +## 2.3.1 (2023-07-17) + +### Fixed + +- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764) +- Policy generator now works on Ruby 3.2 (#754) + ## 2.3.0 (2022-12-19) ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CONTRIBUTING.md new/CONTRIBUTING.md --- old/CONTRIBUTING.md 2022-12-19 16:24:04.000000000 +0100 +++ new/CONTRIBUTING.md 2023-07-17 15:37:20.000000000 +0200 @@ -1,9 +1,6 @@ ## Security issues -If you have found a security related issue, please do not file an issue on -GitHub or send a PR addressing the issue. Contact -[Jonas](mailto:[email protected]) directly. You will be given public -credit for your disclosure. +If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions. ## Reporting issues diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2022-12-19 16:24:04.000000000 +0100 +++ new/README.md 2023-07-17 15:37:20.000000000 +0200 @@ -1,12 +1,12 @@ # Pundit -[](https://travis-ci.org/varvet/pundit) +[](https://app.travis-ci.com/varvet/pundit) [](https://codeclimate.com/github/varvet/pundit) [](http://inch-ci.org/github/varvet/pundit) [](http://badge.fury.io/rb/pundit) Pundit provides a set of helpers which guide you in leveraging regular Ruby -classes and object oriented design patterns to build a simple, robust and +classes and object oriented design patterns to build a straightforward, robust, and scalable authorization system. Links: @@ -49,8 +49,8 @@ ## Policies Pundit is focused around the notion of policy classes. We suggest that you put -these classes in `app/policies`. This is a simple example that allows updating -a post if the user is an admin, or if the post is unpublished: +these classes in `app/policies`. This is an example that allows updating a post +if the user is an admin, or if the post is unpublished: ``` ruby class PostPolicy @@ -67,7 +67,7 @@ end ``` -As you can see, this is just a plain Ruby class. Pundit makes the following +As you can see, this is a plain Ruby class. Pundit makes the following assumptions about this class: - The class has the same name as some kind of model class, only suffixed @@ -199,7 +199,7 @@ class DashboardPolicy attr_reader :user - # _record in this example will just be :dashboard + # `_record` in this example will be :dashboard def initialize(user, _record) @user = user end @@ -211,7 +211,7 @@ ``` Note that the headless policy still needs to accept two arguments. The -second argument will just be the symbol `:dashboard` in this case which +second argument will be the symbol `:dashboard` in this case, which is what is passed as the record to `authorize` below. ```ruby @@ -374,7 +374,7 @@ Some people have found this feature confusing, while many others find it extremely helpful. If you fall into the category of people who find it -confusing then you do not need to use it. Pundit will work just fine without +confusing then you do not need to use it. Pundit will work fine without using `verify_authorized` and `verify_policy_scoped`. ### Conditional verification @@ -419,20 +419,13 @@ end ``` -## Just plain old Ruby +## Plain old Ruby -As you can see, Pundit doesn't do anything you couldn't have easily done -yourself. It's a very small library, it just provides a few neat helpers. -Together these give you the power of building a well structured, fully working -authorization system without using any special DSLs or funky syntax or -anything. - -Remember that all of the policy and scope classes are just plain Ruby classes, -which means you can use the same mechanisms you always use to DRY things up. -Encapsulate a set of permissions into a module and include them in multiple -policies. Use `alias_method` to make some permissions behave the same as -others. Inherit from a base set of permissions. Use metaprogramming if you -really have to. +Pundit is a very small library on purpose, and it doesn't do anything you can't do yourself. There's no secret sauce here. It does as little as possible, and then gets out of your way. + +With the few but powerful helpers available in Pundit, you have the power to build a well structured, fully working authorization system without using any special DSLs or funky syntax. + +Remember that all of the policy and scope classes are plain Ruby classes, which means you can use the same mechanisms you always use to DRY things up. Encapsulate a set of permissions into a module and include them in multiple policies. Use `alias_method` to make some permissions behave the same as others. Inherit from a base set of permissions. Use metaprogramming if you really have to. ## Generator @@ -541,7 +534,7 @@ policy_name = exception.policy.class.to_s.underscore flash[:error] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default - redirect_back(fallback_url: root_path) + redirect_back(fallback_location: root_path) end end ``` @@ -555,8 +548,7 @@ create?: 'You cannot create posts!' ``` -Of course, this is just an example. Pundit is agnostic as to how you implement -your error messaging. +This is an example. Pundit is agnostic as to how you implement your error messaging. ## Manually retrieving policies and scopes @@ -578,9 +570,7 @@ ## Customize Pundit user -In some cases your controller might not have access to `current_user`, or your -`current_user` is not the method that should be invoked by Pundit. Simply -define a method in your controller called `pundit_user`. +On occasion, your controller may be unable to access `current_user`, or the method that should be invoked by Pundit may not be `current_user`. To address this, you can define a method in your controller named `pundit_user`. ```ruby def pundit_user @@ -796,11 +786,11 @@ ``` An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this -[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/chrisalley/pundit-matchers) gem. +[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem. ### Scope Specs -Pundit does not provide a DSL for testing scopes. Just test it like a regular Ruby class! +Pundit does not provide a DSL for testing scopes. Test them like you would a regular Ruby class! ### Linting with RuboCop RSpec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SECURITY.md new/SECURITY.md --- old/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/SECURITY.md 2023-07-17 15:37:20.000000000 +0200 @@ -0,0 +1,19 @@ +# Security Policy + +Please do not file an issue on GitHub, or send a PR addressing the issue. + +## Supported versions + +Most recent major version only. + +## Reporting a vulnerability + +Contact one of the maintainers directly: + +* [@Burgestrand](https://github.com/Burgestrand) +* [@dgmstuart](https://github.com/dgmstuart) +* [@varvet](https://github.com/varvet) + +You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security + +Thank you! Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/rspec/templates/policy_spec.rb new/lib/generators/rspec/templates/policy_spec.rb --- old/lib/generators/rspec/templates/policy_spec.rb 2022-12-19 16:24:04.000000000 +0100 +++ new/lib/generators/rspec/templates/policy_spec.rb 2023-07-17 15:37:20.000000000 +0200 @@ -1,4 +1,4 @@ -require '<%= File.exists?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>' +require '<%= File.exist?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>' RSpec.describe <%= class_name %>Policy, type: :policy do let(:user) { User.new } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/pundit/version.rb new/lib/pundit/version.rb --- old/lib/pundit/version.rb 2022-12-19 16:24:04.000000000 +0100 +++ new/lib/pundit/version.rb 2023-07-17 15:37:20.000000000 +0200 @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pundit - VERSION = "2.3.0" + VERSION = "2.3.1" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/pundit.rb new/lib/pundit.rb --- old/lib/pundit.rb 2022-12-19 16:24:04.000000000 +0100 +++ new/lib/pundit.rb 2023-07-17 15:37:20.000000000 +0200 @@ -55,8 +55,10 @@ class NotDefinedError < Error; end def self.included(base) - ActiveSupport::Deprecation.warn <<~WARNING + location = caller_locations(1, 1).first + warn <<~WARNING 'include Pundit' is deprecated. Please use 'include Pundit::Authorization' instead. + (called from #{location.label} at #{location.path}:#{location.lineno}) WARNING base.include Authorization end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2022-12-19 16:24:04.000000000 +0100 +++ new/metadata 2023-07-17 15:37:20.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: pundit version: !ruby/object:Gem::Version - version: 2.3.0 + version: 2.3.1 platform: ruby authors: - Jonas Nicklas @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2022-12-19 00:00:00.000000000 Z +date: 2023-07-17 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -168,11 +168,12 @@ description: Object oriented authorization for Rails applications email: - [email protected] -- [email protected] +- [email protected] executables: [] extensions: [] extra_rdoc_files: [] files: +- ".github/pull_request_template.md" - ".gitignore" - ".rubocop.yml" - ".travis.yml" @@ -184,6 +185,7 @@ - LICENSE.txt - README.md - Rakefile +- SECURITY.md - config/rubocop-rspec.yml - lib/generators/pundit/install/USAGE - lib/generators/pundit/install/install_generator.rb @@ -210,7 +212,8 @@ homepage: https://github.com/varvet/pundit licenses: - MIT -metadata: {} +metadata: + rubygems_mfa_required: 'true' post_install_message: rdoc_options: [] require_paths: @@ -226,7 +229,7 @@ - !ruby/object:Gem::Version version: '0' requirements: [] -rubygems_version: 3.3.7 +rubygems_version: 3.4.10 signing_key: specification_version: 4 summary: OO authorization for Rails diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pundit.gemspec new/pundit.gemspec --- old/pundit.gemspec 2022-12-19 16:24:04.000000000 +0100 +++ new/pundit.gemspec 2023-07-17 15:37:20.000000000 +0200 @@ -8,7 +8,7 @@ gem.name = "pundit" gem.version = Pundit::VERSION gem.authors = ["Jonas Nicklas", "Varvet AB"] - gem.email = ["[email protected]", "[email protected]"] + gem.email = ["[email protected]", "[email protected]"] gem.description = "Object oriented authorization for Rails applications" gem.summary = "OO authorization for Rails" gem.homepage = "https://github.com/varvet/pundit"; @@ -19,6 +19,8 @@ gem.test_files = gem.files.grep(%r{^(test|spec|features)/}) gem.require_paths = ["lib"] + gem.metadata = { "rubygems_mfa_required" => "true" } + gem.add_dependency "activesupport", ">= 3.0.0" gem.add_development_dependency "actionpack", ">= 3.0.0" gem.add_development_dependency "activemodel", ">= 3.0.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/pundit_spec.rb new/spec/pundit_spec.rb --- old/spec/pundit_spec.rb 2022-12-19 16:24:04.000000000 +0100 +++ new/spec/pundit_spec.rb 2023-07-17 15:37:20.000000000 +0200 @@ -399,22 +399,18 @@ it "includes Authorization module" do klass = Class.new - ActiveSupport::Deprecation.silence do + expect do klass.include Pundit - end + end.to output.to_stderr expect(klass).to include Pundit::Authorization end it "warns about deprecation" do klass = Class.new - allow(ActiveSupport::Deprecation).to receive(:warn) - - ActiveSupport::Deprecation.silence do + expect do klass.include Pundit - end - - expect(ActiveSupport::Deprecation).to have_received(:warn).with start_with("'include Pundit' is deprecated") + end.to output(a_string_starting_with("'include Pundit' is deprecated")).to_stderr end end
