Merge pull request #9 from compliance-innovations/feature/security-up…

…dates-2416 Feature/security updates 2416
compliance-innovations · Feb 26, 2024 · 444d8b4 · 444d8b4
2 parents b1098a5 + aaf4cb0
commit 444d8b4
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 39 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -4,10 +4,12 @@ require:
 
 AllCops:
   TargetRailsVersion: 5.1
+  TargetRubyVersion: 3.0
   Exclude:
     - 'vendor/**/*'
   DisplayCopNames: true
   DisplayStyleGuide: true
+  NewCops: enable
 
 Rails/UnknownEnv:
   Environments:
@@ -26,7 +28,7 @@ Metrics/BlockLength:
     - 'config/routes.rb'
     - 'test/**/*'
 
-Metrics/LineLength:
+Layout/LineLength:
   Max: 120
 
 Metrics/MethodLength:
@@ -58,4 +60,4 @@ Style/FrozenStringLiteralComment:
 # See https://github.com/bbatsov/rubocop/blob/master/config/disabled.yml
 
 Rails:
-  Enabled: true
+  Enabled: true
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.5.3
+3.3.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# 0.2.0 - 2024-02-26
+- security fixes
+  - Updated dependencies, especially rack from 2.2.3 to 3.0.6
+- upgrade ruby from 2.5.3 to 3.3.0 and require ruby 3 or higher
+
 # 0.1.3 - 2021-05-04
 - security fixes
   - Updated dependencies, especially rexml from 3.2.3 to 3.2.5

diff --git a/Gemfile b/Gemfile
@@ -4,3 +4,10 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in sepa_parser.gemspec
 gemspec
+
+gem 'bundler', '~> 2.0'
+gem 'minitest', '~> 5.0'
+gem 'rake', '~> 13.0'
+gem 'rubocop', '~> 1.60'
+gem 'rubocop-performance', '~> 1.20'
+gem 'rubocop-rails', '~> 2.23'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,36 +1,71 @@
 PATH
   remote: .
   specs:
-    sepa_parser (0.1.3)
+    sepa_parser (0.1.4)
       rexml
 
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.4.0)
-    jaro_winkler (1.5.4)
-    minitest (5.14.0)
-    parallel (1.19.1)
-    parser (2.7.0.2)
-      ast (~> 2.4.0)
-    rack (2.2.3)
-    rainbow (3.0.0)
-    rake (13.0.1)
-    rexml (3.2.5)
-    rubocop (0.79.0)
-      jaro_winkler (~> 1.5.1)
+    activesupport (7.1.3)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    base64 (0.2.0)
+    bigdecimal (3.1.6)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
+    drb (2.2.0)
+      ruby2_keywords
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
+    json (2.7.1)
+    language_server-protocol (3.17.0.3)
+    minitest (5.22.2)
+    mutex_m (0.2.0)
+    parallel (1.24.0)
+    parser (3.3.0.5)
+      ast (~> 2.4.1)
+      racc
+    racc (1.7.3)
+    rack (3.0.9)
+    rainbow (3.1.1)
+    rake (13.1.0)
+    regexp_parser (2.9.0)
+    rexml (3.2.6)
+    rubocop (1.60.2)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-performance (1.3.0)
-      rubocop (>= 0.68.0)
-    rubocop-rails (2.4.1)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.30.0)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.20.2)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
+    rubocop-rails (2.23.1)
+      activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
-    unicode-display_width (1.6.0)
+      rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.5.0)
 
 PLATFORMS
   ruby
@@ -39,10 +74,10 @@ DEPENDENCIES
   bundler (~> 2.0)
   minitest (~> 5.0)
   rake (~> 13.0)
-  rubocop (~> 0.69)
-  rubocop-performance (~> 1.3.0)
-  rubocop-rails (~> 2.1)
+  rubocop (~> 1.60)
+  rubocop-performance (~> 1.20)
+  rubocop-rails (~> 2.23)
   sepa_parser!
 
 BUNDLED WITH
-   2.0.2
+   2.3.12
diff --git a/lib/sepa_parser.rb b/lib/sepa_parser.rb
@@ -11,7 +11,7 @@ class MalformedSEPAError < RuntimeError
   class SEPA
     include REXML
 
-    def self.parse(data) # rubocop:disable MethodLength, AbcSize
+    def self.parse(data) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       document = Document.new data
       credit_transfers = []
 
@@ -26,7 +26,8 @@ def self.parse(data) # rubocop:disable MethodLength, AbcSize
                                 get_element_text(document, 'Document/CstmrCdtTrfInitn/PmtInf/Dbtr/Nm'),
                                 get_element_text(document, 'Document/CstmrCdtTrfInitn/PmtInf/DbtrAcct/Id/IBAN'),
                                 get_element_text_if_exists(document, 'Document/CstmrCdtTrfInitn/PmtInf/DbtrAcct/Ccy'),
-                                get_element_text_if_exists(document, 'Document/CstmrCdtTrfInitn/PmtInf/DbtrAgt/FinInstnId/BIC'),
+                                get_element_text_if_exists(document,
+                                                           'Document/CstmrCdtTrfInitn/PmtInf/DbtrAgt/FinInstnId/BIC'),
                                 get_element_text(transfer, 'PmtId/EndToEndId'),
                                 get_element_text(transfer, 'Amt/InstdAmt'),
                                 get_element_attribute(transfer, 'Amt/InstdAmt', 'Ccy'),

diff --git a/lib/sepa_parser/version.rb b/lib/sepa_parser/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SepaParser
-  VERSION = '0.1.3'
+  VERSION = '0.1.4'
 end
diff --git a/sepa_parser.gemspec b/sepa_parser.gemspec
@@ -4,7 +4,7 @@ lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'sepa_parser/version'
 
-Gem::Specification.new do |spec| # rubocop:disable BlockLength
+Gem::Specification.new do |spec|
   spec.name = 'sepa_parser'
   spec.version = SepaParser::VERSION
   spec.authors = ['Ruben Smit', 'Martijn Bolhuis']
@@ -19,6 +19,7 @@ Currently pain.001.001.03 is supported.'
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/compliance-innovations/sepa_parser'
   spec.metadata['changelog_uri'] = 'https://github.com/compliance-innovations/sepa_parser/blob/master/CHANGELOG.md'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -28,13 +29,7 @@ Currently pain.001.001.03 is supported.'
   spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 3.0'
 
   spec.add_dependency 'rexml'
-
-  spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'minitest', '~> 5.0'
-  spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'rubocop', '~> 0.69'
-  spec.add_development_dependency 'rubocop-performance', '~> 1.3.0'
-  spec.add_development_dependency 'rubocop-rails', '~> 2.1'
 end