From dfb80b08c7705258920eb09a4e1b4dd1cbc77c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <35156+javierm@users.noreply.github.com> Date: Fri, 2 Oct 2020 13:16:13 +0200 Subject: [PATCH] Bump devise-security from 0.10.1 to 0.11.1 The original devise_security_extension gem has not been maintained for years. Its last release was version 0.10.0, and wasn't compatible with Rails 5, and so we were using its master branch. Since the gem was unmaintained, it was forked as devise-security and the aforementioned master branch was released as version 0.10.1. This version wasn't published in Rubygems, though, so we're now using the first version that was published in Rubygems and had a release announment [1]. Dependabot will probably open a pull request to upgrade to the latest version, but for now I'm trying to keep the devise-security gem as similar as the version we were using to make sure they're compatible, particularly considering we're monkey-patching some of the modules provided by this gem. [1] https://github.com/devise-security/devise-security/releases/tag/v0.11.1 --- Gemfile | 2 +- Gemfile.lock | 13 ++++--------- ...ise_security_extension.rb => devise-security.rb} | 5 +++-- 3 files changed, 8 insertions(+), 12 deletions(-) rename config/initializers/{devise_security_extension.rb => devise-security.rb} (95%) diff --git a/Gemfile b/Gemfile index 204f3e80b..f5580c981 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ gem "dalli", "~> 2.7.10" gem "delayed_job_active_record", "~> 4.1.4" gem "devise", "~> 4.7.3" gem "devise-async", "~> 1.0.0" -gem "devise_security_extension", git: "https://github.com/phatworx/devise_security_extension.git" #, "~> 0.10" +gem "devise-security", "~> 0.11.1" gem "font-awesome-sass", "~> 5.15.1" gem "foundation-rails", "~> 6.6.2.0" gem "foundation_rails_helper", "~> 3.0.0" diff --git a/Gemfile.lock b/Gemfile.lock index 4d9e19b49..35285d5f1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,11 +1,3 @@ -GIT - remote: https://github.com/phatworx/devise_security_extension.git - revision: b2ee978af7d49f0fb0e7271c6ac074dfb4d39353 - specs: - devise_security_extension (0.10.0) - devise (>= 3.0.0, < 5.0) - railties (>= 3.2.6, < 6.0) - GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ @@ -182,6 +174,9 @@ GEM devise-async (1.0.0) activejob (>= 5.0) devise (>= 4.0) + devise-security (0.11.1) + devise (>= 4.2.0, < 5.0) + railties (>= 3.2.6, < 6.0) diff-lcs (1.4.4) docile (1.3.2) dry-configurable (0.7.0) @@ -667,7 +662,7 @@ DEPENDENCIES delayed_job_active_record (~> 4.1.4) devise (~> 4.7.3) devise-async (~> 1.0.0) - devise_security_extension! + devise-security (~> 0.11.1) email_spec (~> 2.2.0) erb_lint factory_bot_rails (~> 4.8.2) diff --git a/config/initializers/devise_security_extension.rb b/config/initializers/devise-security.rb similarity index 95% rename from config/initializers/devise_security_extension.rb rename to config/initializers/devise-security.rb index 8a86bb15d..52bd5026e 100644 --- a/config/initializers/devise_security_extension.rb +++ b/config/initializers/devise-security.rb @@ -7,10 +7,10 @@ Devise.setup do |config| config.expire_password_after = 1.year # Need 1 char of A-Z, a-z and 0-9 - # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/ + # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/ # How many passwords to keep in archive - #config.password_archiving_count = 5 + # config.password_archiving_count = 5 # Deny old password (true, false, count) # config.deny_old_passwords = true @@ -18,6 +18,7 @@ Devise.setup do |config| # enable email validation for :secure_validatable. (true, false, validation_options) # dependency: need an email validator like rails_email_validator # config.email_validation = true + # captcha integration for recover form # config.captcha_for_recover = true