Fix Security vulnerability: missing SSL hostname validation

- igrigorik/em-http-request#339 - upgrade gems - require ruby 2.3 - bump to v2.1.0
denisj · Jul 23, 2021 · b8b0d73 · b8b0d73
1 parent c7e3036
commit b8b0d73
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 15 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -11,23 +11,25 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.3.8)
-    cookiejar (0.3.2)
-    em-http-request (1.1.2)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    cookiejar (0.3.3)
+    em-http-request (1.1.7)
       addressable (>= 2.3.4)
-      cookiejar
+      cookiejar (!= 0.3.1)
       em-socksify (>= 0.3)
       eventmachine (>= 1.0.3)
       http_parser.rb (>= 0.6.0)
-    em-socksify (0.3.0)
+    em-socksify (0.3.2)
       eventmachine (>= 1.0.0.beta.4)
-    eventmachine (1.0.7)
-    exponential-backoff (0.0.2)
-    http_parser.rb (0.6.0)
-    minitest (5.7.0)
-    multi_json (1.11.2)
-    rake (10.4.2)
-    ruby-prof (0.15.8)
+    eventmachine (1.2.7)
+    exponential-backoff (0.0.4)
+    http_parser.rb (0.7.0)
+    minitest (5.14.4)
+    multi_json (1.15.0)
+    public_suffix (4.0.6)
+    rake (10.5.0)
+    ruby-prof (0.18.0)
     void_logger (0.1)
     yajl-ruby (1.3.1)
 
@@ -43,4 +45,4 @@ DEPENDENCIES
   yajl-ruby (~> 1.3.1)
 
 BUNDLED WITH
-   1.10.6
+   1.16.6
diff --git a/README.md b/README.md
@@ -1,6 +1,8 @@
 # powertrack
 A Ruby gem for building GNIP PowerTrack streaming clients.
 
+Require Ruby 2.3 or above.
+
 ## How to use it ?
 
 1. Create a PowerTrack stream based on your credentials

diff --git a/lib/powertrack/streaming/stream.rb b/lib/powertrack/streaming/stream.rb
@@ -198,6 +198,7 @@ def auth_header
     # Each call returns a new hash which can be safely modified by the caller.
     def connection_headers
       { connect_timeout: @options[:connect_timeout],
+        ssl: {verify_peer: true},
         inactivity_timeout: @options[:inactivity_timeout] }
     end
 

diff --git a/lib/powertrack/version.rb b/lib/powertrack/version.rb
@@ -1,3 +1,3 @@
 module PowerTrack
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.1.0'.freeze
 end
diff --git a/powertrack.gemspec b/powertrack.gemspec
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.description   = spec.summary
   spec.homepage      = 'https://github.com/ecairn/powertrack-rb'
   spec.license       = 'MIT license'
-  spec.required_ruby_version = '>= 1.9'
+  spec.required_ruby_version = '>= 2.3'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }