From ce8d95d2638aa6d70c08c8667627a292752b4eba Mon Sep 17 00:00:00 2001 From: Santiago Pais Date: Tue, 3 Feb 2026 13:35:51 -0300 Subject: [PATCH 1/3] Release v0.1.10 Update httparty to 0.24.0 or higher to fix vulnerabilty [https://nvd.nist.gov/vuln/detail/CVE-2025-68696](CVE-2025-68696) --- Gemfile.lock | 85 ++++++++++++++++++++++++-------------------- lib/prest/version.rb | 2 +- prest.gemspec | 2 +- 3 files changed, 49 insertions(+), 40 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index eee9cd6..fea9bbd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,65 +1,74 @@ PATH remote: . specs: - prest (0.1.9) - httparty (>= 0.20.0, < 0.23.0) + prest (0.1.10) + httparty (~> 0.24.0) GEM remote: https://rubygems.org/ specs: - ast (2.4.2) - diff-lcs (1.5.0) - docile (1.4.0) - httparty (0.20.0) - mime-types (~> 3.0) + ast (2.4.3) + csv (3.3.5) + diff-lcs (1.6.2) + docile (1.4.1) + httparty (0.24.2) + csv + mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - json (2.6.2) - mime-types (3.4.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2022.0105) + json (2.18.1) + language_server-protocol (3.17.0.5) + lint_roller (1.1.0) + mini_mime (1.1.5) multi_xml (0.6.0) - parallel (1.22.1) - parser (3.1.2.0) + parallel (1.27.0) + parser (3.3.10.1) ast (~> 2.4.1) + racc + prism (1.9.0) + racc (1.8.1) rainbow (3.1.1) - rake (13.0.6) - regexp_parser (2.5.0) - rexml (3.2.5) - rspec (3.11.0) - rspec-core (~> 3.11.0) - rspec-expectations (~> 3.11.0) - rspec-mocks (~> 3.11.0) - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.0) + rake (13.3.1) + regexp_parser (2.11.3) + rspec (3.13.2) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-core (3.13.6) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-mocks (3.11.1) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.7) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-support (3.11.0) - rubocop (1.31.2) + rspec-support (~> 3.13.0) + rspec-support (3.13.7) + rubocop (1.84.1) json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) parallel (~> 1.10) - parser (>= 3.1.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.18.0, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.19.1) - parser (>= 3.1.1.0) - ruby-progressbar (1.11.0) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.49.0) + parser (>= 3.3.7.2) + prism (~> 1.7) + ruby-progressbar (1.13.0) simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) - simplecov-html (0.12.3) + simplecov-html (0.13.2) simplecov_json_formatter (0.1.4) - unicode-display_width (2.2.0) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.2.0) PLATFORMS + arm64-darwin-24 arm64-darwin-21 x86_64-darwin-21 x86_64-linux diff --git a/lib/prest/version.rb b/lib/prest/version.rb index 44c663f..02bc362 100644 --- a/lib/prest/version.rb +++ b/lib/prest/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Prest - VERSION = '0.1.9' + VERSION = '0.1.10' end diff --git a/prest.gemspec b/prest.gemspec index c0879b8..5e2d82a 100644 --- a/prest.gemspec +++ b/prest.gemspec @@ -28,5 +28,5 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) } spec.require_paths = ['lib'] - spec.add_dependency 'httparty', '>= 0.20.0', '< 0.23.0' + spec.add_dependency 'httparty', '~> 0.24.0' end From b6204ef64444e5ee9c094b339e6c899c1e1b91aa Mon Sep 17 00:00:00 2001 From: Santiago Pais Date: Tue, 3 Feb 2026 14:09:49 -0300 Subject: [PATCH 2/3] Update Test coverage CI --- .github/workflows/main.yml | 15 ++++++++++----- README.md | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2ec5a7c..a4d9949 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,6 +7,10 @@ on: pull_request: +permissions: + contents: read + id-token: write + jobs: build: runs-on: ubuntu-latest @@ -26,9 +30,10 @@ jobs: bundler-cache: true - name: Lint with rubocop run: bundle exec rubocop - - name: Test & Publish code coverage - uses: paambaati/codeclimate-action@v3.0.0 - env: - CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}} + - name: Test + run: bundle exec rspec + - name: Publish code coverage + uses: qltysh/qlty-action/coverage@v2 with: - coverageCommand: bundle exec rspec + oidc: true + files: coverage/.resultset.json diff --git a/README.md b/README.md index 5777f30..db3329d 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ [![Gem Version](https://badge.fury.io/rb/prest.svg)](https://badge.fury.io/rb/prest) [![Ruby](https://github.com/gogrow-dev/prest/actions/workflows/main.yml/badge.svg?branch=main)](https://github.com/gogrow-dev/prest/actions/workflows/main.yml) -[![Maintainability](https://api.codeclimate.com/v1/badges/f81b2e00be4d8eaa5e81/maintainability)](https://codeclimate.com/github/gogrow-dev/prest/maintainability) -[![Test Coverage](https://api.codeclimate.com/v1/badges/f81b2e00be4d8eaa5e81/test_coverage)](https://codeclimate.com/github/gogrow-dev/prest/test_coverage) +[![Maintainability](https://qlty.sh/gh/gogrow-dev/projects/prest/maintainability.svg)](https://qlty.sh/gh/gogrow-dev/projects/prest) +[![Code Coverage](https://qlty.sh/gh/gogrow-dev/projects/prest/coverage.svg)](https://qlty.sh/gh/gogrow-dev/projects/prest) Programmatically communicate with any REST API. From 6e9e381ae1d9763a3c4f5fc84dd8901448942012 Mon Sep 17 00:00:00 2001 From: Santiago Pais Date: Tue, 3 Feb 2026 14:33:12 -0300 Subject: [PATCH 3/3] Update change log --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16da511..5b641ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## [0.1.10] - 2026-02-03 + +- Update `httparty` to use `0.24.0` or a higher version +- Migrate test coverage CI from Code Climate to Qlty + ## [0.1.9] - 2024-10-28 - Update `httparty` to use `0.20.0` or a higher version