Do not load deprecated SASL mechanisms by default #58
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The list of non-deprecated SASL mechanisms is down to only |
eregon
reviewed
Feb 24, 2022
Comment on lines
+35
to
+36
| spec.add_development_dependency "digest" | ||
| spec.add_development_dependency "strscan" |
There was a problem hiding this comment.
I'm not entirely sure how gem dev deps are treated by Bundler, but I guess they are ignored if e.g. a app Gemfile depends on mail or net-imap?
There was a problem hiding this comment.
They are ignored with bundle install by default.
hsbt
approved these changes
Jul 14, 2022
|
👍 I've been sitting on code for a couple of new SASL mechanisms, and a bugfix for "DIGEST-MD5" (when |
nevans
added a commit
to nevans/net-imap
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes rubyGH-55): * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes rubyGH-56. * This is a backwards-compatible alternative to the approach in rubyGH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. Additionally: * Adds basic tests for every authenticator (to avoid another rubyGH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes rubyGH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes GH-56. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes GH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
that referenced
this pull request
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * Fixes GH-56: delay loading standard gem dependencies until `#initialize`, and convert the gems to development dependencies. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * Fixes constant resolution for exceptions in DigestMD5Authenticator. * Can register an authenticator type that responds to #call (instead of #new). I was originally going to register deprecated authenticators with a Proc that required the file and issued a warning, but I decided to put everything into the initializer instead. `#authenticator` needed to be updated to safely delegate all args, and I left this in. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
|
I remembered why I hadn't pushed a PR for that other SASL code yet. My refactorings went a little bit further than I wanted for a ticket like this, and I wasn't quite done yet! But I might have that one ready for review soon, too. At any rate, that branch reminded me that I wanted to try a different backward-compatible approach. That approach and the DIGEST-MD5 bugfixes are here: If you think that approach is okay, let's close this ticket and merge that one instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
n.b. the mechanisms haven't been removed. They just aren't loaded by
default. Closes GH-55.
By making these optional, there's no reason to require the
digestorstrscangems anymore. Closes GH-56.