Update ruby-rest-client to 2.0.1.
* Update HOMEPAGE.
* Warn if auto-generated headers from the payload, such as Content-Type,
override headers set by the user. This is usually not what the user wants to
happen, and can be surprising. (#554)
* Drop the old check for weak default TLS ciphers, and use the built-in Ruby
defaults. Ruby versions from Oct. 2014 onward use sane defaults, so this is
no longer needed. (#573)
Update ruby-rest-client to 2.0.0.
pkgsrc change: Add pkg_alternatives support.
This release is largely API compatible, but makes several breaking changes.
- Drop support for Ruby 1.9
- Allow mime-types as new as 3.x (requires ruby 2.0)
- Respect Content-Type charset header provided by server. Previously,
rest-client would not override the string encoding chosen by Net::HTTP. Now
responses that specify a charset will yield a body string in that encoding.
For example, `Content-Type: text/plain; charset=EUC-JP` will return a String
encoded with `Encoding::EUC_JP`. (#361)
- Change exceptions raised on request timeout. Instead of
`RestClient::RequestTimeout` (which is still used for HTTP 408), network
timeouts will now raise either `RestClient::Exceptions::ReadTimeout` or
`RestClient::Exceptions::OpenTimeout`, both of which inherit from
`RestClient::Exceptions::Timeout`. For backwards compatibility, this still
inherits from `RestClient::RequestTimeout` so existing uses will still work.
This may change in a future major release. These new timeout classes also
make the original wrapped exception available as `#original_exception`.
- Unify request exceptions under `RestClient::RequestFailed`, which still
inherits from `ExceptionWithResponse`. Previously, HTTP 304, 401, and 404
inherited directly from `ExceptionWithResponse` rather than from
`RequestFailed`. Now _all_ HTTP status code exceptions inherit from both.
- Rename the `:timeout` request option to `:read_timeout`. When `:timeout` is
passed, now set both `:read_timeout` and `:open_timeout`.
- Change default HTTP Accept header to `*/*`
- Use a more descriptive User-Agent header by default
- Drop RC4-MD5 from default cipher list
- Only prepend http:// to URIs without a scheme
- Fix some support for using IPv6 addresses in URLs (still affected by Ruby
2.0+ bug https://bugs.ruby-lang.org/issues/9129, with the fix expected to be
backported to 2.0 and 2.1)
- `Response` objects are now a subclass of `String` rather than a `String` that
mixes in the response functionality. Most of the methods remain unchanged,
but this makes it much easier to understand what is happening when you look
at a RestClient response object. There are a few additional changes:
- Response objects now implement `.inspect` to make this distinction clearer.
- `Response#to_i` will now behave like `String#to_i` instead of returning the
HTTP response code, which was very surprising behavior.
- `Response#body` and `#to_s` will now return a true `String` object rather
than self. Previously there was no easy way to get the true `String`
response instead of the Frankenstein response string object with
AbstractResponse mixed in.
- Response objects no longer accept an extra request args hash, but instead
access request args directly from the request object, which reduces
confusion and duplication.
- Handle multiple HTTP response headers with the same name (except for
Set-Cookie, which is special) by joining the values with a comma space,
compliant with RFC 7230
- Rewrite cookie support to be much smarter and to use cookie jars consistently
for requests, responses, and redirection in order to resolve long-standing
complaints about the previously broken behavior: (#498)
- The `:cookies` option may now be a Hash of Strings, an Array of
HTTP::Cookie objects, or a full HTTP::CookieJar.
- Add `RestClient::Request#cookie_jar` and reimplement `Request#cookies` to
be a wrapper around the cookie jar.
- Still support passing the `:cookies` option in the headers hash, but now
raise ArgumentError if that option is also passed to `Request#initialize`.
- Warn if both `:cookies` and a `Cookie` header are supplied.
- Use the `Request#cookie_jar` as the basis for `Response#cookie_jar`,
creating a copy of the jar and adding any newly received cookies.
- When following redirection, also use this same strategy so that cookies
from the original request are carried through in a standards-compliant way
by the cookie jar.
- Don't set basic auth header if explicit `Authorization` header is specified
- Add `:proxy` option to requests, which can be used for thread-safe
per-request proxy configuration, overriding `RestClient.proxy`
- Allow overriding `ENV['http_proxy']` to disable proxies by setting
`RestClient.proxy` to a falsey value. Previously there was no way in Ruby 2.x
to turn off a proxy specified in the environment without changing `ENV`.
- Add actual support for streaming request payloads. Previously rest-client
would call `.to_s` even on RestClient::Payload::Streamed objects. Instead,
treat any object that responds to `.read` as a streaming payload and pass it
through to `.body_stream=` on the Net:HTTP object. This massively reduces the
memory required for large file uploads.
- Changes to redirection behavior: (#381, #484)
- Remove `RestClient::MaxRedirectsReached` in favor of the normal
`ExceptionWithResponse` subclasses. This makes the response accessible on
the exception object as `.response`, making it possible for callers to tell
what has actually happened when the redirect limit is reached.
- When following HTTP redirection, store a list of each previous response on
the response object as `.history`. This makes it possible to access the
original response headers and body before the redirection was followed.
- Follow redirection consistently, regardless of whether the HTTP method was
passed as a symbol or string. Under the hood rest-client now normalizes the
HTTP request method to a lowercase string.
- Add `:before_execution_proc` option to `RestClient::Request`. This makes it
possible to add procs like `RestClient.add_before_execution_proc` to a single
request without global state.
- Run tests on Travis's beta OS X support.
- Make `Request#transmit` a private method, along with a few others.
- Refactor URI parsing to happen earlier, in Request initialization.
- Improve consistency and functionality of complex URL parameter handling:
- When adding URL params, handle URLs that already contain params.
- Add new convention for handling URL params containing deeply nested arrays
and hashes, unify handling of null/empty values, and use the same code for
GET and POST params. (#437)
- Add the RestClient::ParamsArray class, a simple array-like container that
can be used to pass multiple keys with same name or keys where the ordering
- Add a few more exception classes for obscure HTTP status codes.
- Multipart: use a much more robust multipart boundary with greater entropy.
- Make `RestClient::Payload::Base#inspect` stop pretending to be a String.
- Add `Request#redacted_uri` and `Request#redacted_url` to display the URI
with any password redacted.
Changes in the release candidate that did not persist through the final 2.0.0
- RestClient::Exceptions::Timeout was originally going to be a direct subclass
of RestClient::Exception in the release candidate. This exception tree was
made a subclass of RestClient::RequestTimeout prior to the final release.
Update ruby-rest-client to 1.8.0, security fix.
- Security: implement standards compliant cookie handling by adding a
dependency on http-cookie. This breaks compatibility, but was necessary to
address a session fixation / cookie disclosure vulnerability.
(#369 / CVE-2015-1820)
Previously, any Set-Cookie headers found in an HTTP 30x response would be
sent to the redirection target, regardless of domain. Responses now expose a
cookie jar and respect standards compliant domain / path flags in Set-Cookie
Update ruby-rest-client to 1.7.3.
- Security: redact password in URI from logs (#349 / OSVDB-117461)
- Drop monkey patch on MIME::Types (added `type_for_extension` method, use
the public interface instead.
- Ignore duplicate certificates in CA store on Windows
- Relax mime-types dependency to continue supporting mime-types 1.x series.
There seem to be a large number of popular gems that have depended on
mime-types '~> 1.16' until very recently.
- Improve urlencode performance
- Clean up a number of style points
- This release drops support for Ruby 1.8.7 and breaks compatibility in a few
other relatively minor ways
- Upgrade to mime-types ~> 2.0
- Don't CGI.unescape cookie values sent to the server (issue #89)
- Add support for reading credentials from netrc
- Lots of SSL changes and enhancements: (#268)
- Enable peer verification by default (setting `VERIFY_PEER` with OpenSSL)
- By default, use the system default certificate store for SSL verification,
even on Windows (this uses a separate Windows build that pulls in ffi)
- Add support for SSL `ca_path`
- Add support for SSL `cert_store`
- Add support for SSL `verify_callback` (with some caveats for jruby, OS X, #277)
- Add support for SSL ciphers, and choose secure ones by default
- Run tests under travis
- Several other bugfixes and test improvements
- Convert Errno::ETIMEDOUT to RestClient::RequestTimeout
- Handle more HTTP response codes from recent standards
- Save raw responses to binary mode tempfile (#110)
- Disable timeouts with :timeout => nil rather than :timeout => -1
- Drop all Net::HTTP monkey patches
- The 1.6.x series will be the last to support Ruby 1.8.7
- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
- Add Gemfile, AUTHORS, add license to gemspec
- Point homepage at https://github.com/rest-client/rest-client
- Clean up and fix various tests and ruby warnings
- Backport `ssl_verify_callback` functionality from 1.7.0