Skip to content

Repo updates#84

Open
atongen wants to merge 1 commit into
mainfrom
repo-updates
Open

Repo updates#84
atongen wants to merge 1 commit into
mainfrom
repo-updates

Conversation

@atongen

@atongen atongen commented Jul 10, 2026

Copy link
Copy Markdown
Member

Security

  • HTTPClient no longer forwards Authorization/Basic-auth credentials on redirects to a different host (lib/drip/client/http_client.rb) — prevents API key/token exfiltration via a malicious redirect.
  • Caller-supplied ids (id, campaign_id, workflow_id, subscriber_id, etc.) are now consistently CGI.escaped when interpolated into request paths/query strings, matching existing handling for emails and tags.

Bug fix

  • Orders#create_or_update_order merges email under a string key ("email") instead of a symbol, avoiding a duplicate-key hash that triggered a deprecation warning under recent json gem versions.

Tooling / infra

  • Replaced .travis.yml with a GitHub Actions CI workflow (ci.yml) testing Ruby 3.1–3.4, plus a job that runs tests/rubocop through the new flake.nix dev shell.
  • Raised required_ruby_version to >= 3.1, bumped dev dependencies (rubocop 0.67→1.x, mocha, rake, simplecov, webmock, etc.), and resolved/removed the accumulated .rubocop_todo.yml offenses (fixing underlying code rather than just re-suppressing).
  • Added flake.nix for a reproducible local dev shell.
  • Minor modernization: method_missing/respond_to? → respond_to_missing?, anonymous block forwarding (&), each_key, match?, README badge swap, gemspec cleanup (rubygems_mfa_required).

Test files were updated in lockstep with these changes (new escaping expectations, redirect/auth test cases, etc.). Full details are already drafted in CHANGELOG.md under [3.5.0].

@atongen atongen self-assigned this Jul 10, 2026
@atongen atongen marked this pull request as ready for review July 13, 2026 13:31
@atongen atongen requested a review from a team July 13, 2026 13:31

@diegodrip diegodrip left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice update! I like the security improvements

@diegodrip diegodrip requested a review from a team July 13, 2026 15:30
@wstrinz wstrinz requested a review from a team July 14, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants