From 3a403d901fd91d2a8514c2d3409e49e48e83ef43 Mon Sep 17 00:00:00 2001
From: Safa Bayar <rectionxx@gmail.com>
Date: Sun, 13 Sep 2020 16:56:02 -0400
Subject: [PATCH 1/3] Updated to ruby-2.5

---
 Gemfile      |  10 +++---
 Gemfile.lock | 100 ++++++++++++++++++++++++++++-----------------------
 README.md    |   2 +-
 gelf.gemspec |  58 +++++++++++++++---------------
 4 files changed, 91 insertions(+), 79 deletions(-)

diff --git a/Gemfile b/Gemfile
index 77f8086..1953282 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,11 +1,11 @@
 source "https://rubygems.org"
 
 group :development do
-  gem "shoulda", "~> 2.11.3"
-  gem "jeweler", "~> 2.1.1"
+  gem 'shoulda', '~> 3.5'
+  gem 'jeweler', '~> 2.3.9'
   # Because of a dependency chain jeweler->github_api->oauth2->rack,
   # pin the version: Rack 2.0.x doesn't work on < Ruby 2.2
-  gem 'rack', '< 2.0'
-  gem "mocha", "~> 1.1.0"
-  gem "test-unit", "~> 3.2.0"
+  gem 'rack', '~> 2.2.3'
+  gem 'mocha', '~> 1.11.2'
+  gem 'test-unit', '~> 3.3.6'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 6b18067..abbdd78 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,74 +1,86 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    activesupport (5.2.4.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
     addressable (2.4.0)
-    builder (3.2.2)
+    builder (3.2.4)
+    concurrent-ruby (1.1.7)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    git (1.3.0)
-    github_api (0.14.5)
+    git (1.7.0)
+      rchardet (~> 1.8)
+    github_api (0.16.0)
       addressable (~> 2.4.0)
       descendants_tracker (~> 0.0.4)
       faraday (~> 0.8, < 0.10)
       hashie (>= 3.4)
+      mime-types (>= 1.16, < 3.0)
       oauth2 (~> 1.0)
-    hashie (3.4.4)
-    highline (1.7.8)
-    jeweler (2.1.1)
+    hashie (4.1.0)
+    highline (2.0.3)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    jeweler (2.3.9)
       builder
-      bundler (>= 1.0)
+      bundler
       git (>= 1.2.5)
-      github_api
+      github_api (~> 0.16.0)
       highline (>= 1.6.15)
       nokogiri (>= 1.5.10)
+      psych
       rake
       rdoc
-      semver
-    json (1.8.6)
-    json (1.8.6-java)
-    jwt (1.5.4)
-    metaclass (0.0.4)
-    mini_portile2 (2.1.0)
-    mocha (1.1.0)
-      metaclass (~> 0.0.1)
-    multi_json (1.12.1)
-    multi_xml (0.5.5)
-    multipart-post (2.0.0)
-    nokogiri (1.6.8)
-      mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    nokogiri (1.6.8-java)
-    oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      semver2
+    jwt (2.2.2)
+    mime-types (2.99.3)
+    mini_portile2 (2.4.0)
+    minitest (5.14.2)
+    mocha (1.11.2)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    pkg-config (1.1.7)
-    power_assert (0.3.0)
-    rack (1.6.4)
-    rake (11.2.2)
-    rdoc (4.2.2)
-      json (~> 1.4)
-    semver (1.0.1)
-    shoulda (2.11.3)
-    test-unit (3.2.1)
+    power_assert (1.2.0)
+    psych (3.2.0)
+    rack (2.2.3)
+    rake (13.0.1)
+    rchardet (1.8.0)
+    rdoc (6.2.1)
+    semver2 (3.4.2)
+    shoulda (3.6.0)
+      shoulda-context (~> 1.0, >= 1.0.1)
+      shoulda-matchers (~> 3.0)
+    shoulda-context (1.2.2)
+    shoulda-matchers (3.1.3)
+      activesupport (>= 4.0.0)
+    test-unit (3.3.6)
       power_assert
-    thread_safe (0.3.5)
-    thread_safe (0.3.5-java)
+    thread_safe (0.3.6)
+    tzinfo (1.2.7)
+      thread_safe (~> 0.1)
 
 PLATFORMS
-  java
   ruby
 
 DEPENDENCIES
-  jeweler (~> 2.1.1)
-  mocha (~> 1.1.0)
-  rack (< 2.0)
-  shoulda (~> 2.11.3)
-  test-unit (~> 3.2.0)
+  jeweler (~> 2.3.9)
+  mocha (~> 1.11.2)
+  rack (~> 2.2.3)
+  shoulda (~> 3.5)
+  test-unit (~> 3.3.6)
 
 BUNDLED WITH
-   1.14.6
+   1.17.3
diff --git a/README.md b/README.md
index 845685d..59c09f1 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 This is the new GELF gem written by Alexey Palazhchenko. It is based on the old gem by Lennart Koopmann and allows you to send GELF messages to Graylog or Logstash instances. See the [GELF specification](http://docs.graylog.org/en/stable/pages/gelf.html) for more information about GELF and [RDoc](http://rdoc.info/github/graylog-labs/gelf-rb/master/frames) for API documentation.
 
-Tested with Ruby 1.9, 2.0, 2.1, 2.2, 2.3 and 2.4.
+Tested with Ruby 1.9, 2.0, 2.1, 2.2, 2.3, 2.4 and 2.5.
 
 [![Build Status](https://travis-ci.org/graylog-labs/gelf-rb.svg?branch=master)](https://travis-ci.org/graylog-labs/gelf-rb)
 [![Code Climate](https://codeclimate.com/github/graylog-labs/gelf-rb/badges/gpa.svg)](https://codeclimate.com/github/graylog-labs/gelf-rb)
diff --git a/gelf.gemspec b/gelf.gemspec
index 4869847..8dc1777 100644
--- a/gelf.gemspec
+++ b/gelf.gemspec
@@ -5,15 +5,15 @@
 # stub: gelf 3.1.0 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "gelf"
+  s.name = "gelf".freeze
   s.version = "3.1.0"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["Alexey Palazhchenko", "Lennart Koopmann", "Zac Sprackett", "Marcus Ilgner"]
-  s.date = "2018-09-05"
-  s.description = "Library to send GELF messages to Graylog logging server. Supports plain-text, GELF messages and exceptions via UDP and TCP."
-  s.email = "mail@marcusilgner.com"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Alexey Palazhchenko".freeze, "Lennart Koopmann".freeze, "Zac Sprackett".freeze, "Marcus Ilgner".freeze]
+  s.date = "2020-09-07"
+  s.description = "Library to send GELF messages to Graylog logging server. Supports plain-text, GELF messages and exceptions via UDP and TCP.".freeze
+  s.email = "mail@marcusilgner.com".freeze
   s.extra_rdoc_files = [
     "LICENSE",
     "README.md"
@@ -44,36 +44,36 @@ Gem::Specification.new do |s|
     "test/test_ruby_sender.rb",
     "test/test_severity.rb"
   ]
-  s.homepage = "https://github.com/graylog-labs/gelf-rb"
-  s.licenses = ["MIT"]
-  s.rubygems_version = "2.5.1"
-  s.summary = "Library to send GELF messages to Graylog logging server."
+  s.homepage = "http://github.com/Graylog2/gelf-rb".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "3.0.6".freeze
+  s.summary = "Library to send GELF messages to Graylog logging server.".freeze
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<shoulda>, ["~> 2.11.3"])
-      s.add_development_dependency(%q<jeweler>, ["~> 2.1.1"])
-      s.add_development_dependency(%q<rack>, ["< 2.0"])
-      s.add_development_dependency(%q<mocha>, ["~> 1.1.0"])
-      s.add_development_dependency(%q<test-unit>, ["~> 3.2.0"])
-      s.add_runtime_dependency(%q<json>, [">= 0"])
+      s.add_development_dependency(%q<shoulda>.freeze, ["~> 3.5"])
+      s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+      s.add_development_dependency(%q<rack>.freeze, ["~> 2.2.3"])
+      s.add_development_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
+      s.add_development_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
+      s.add_runtime_dependency(%q<json>.freeze, [">= 0"])
     else
-      s.add_dependency(%q<shoulda>, ["~> 2.11.3"])
-      s.add_dependency(%q<jeweler>, ["~> 2.1.1"])
-      s.add_dependency(%q<rack>, ["< 2.0"])
-      s.add_dependency(%q<mocha>, ["~> 1.1.0"])
-      s.add_dependency(%q<test-unit>, ["~> 3.2.0"])
-      s.add_dependency(%q<json>, [">= 0"])
+      s.add_dependency(%q<shoulda>.freeze, ["~> 3.5"])
+      s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+      s.add_dependency(%q<rack>.freeze, ["~> 2.2.3"])
+      s.add_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
+      s.add_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
+      s.add_dependency(%q<json>.freeze, [">= 0"])
     end
   else
-    s.add_dependency(%q<shoulda>, ["~> 2.11.3"])
-    s.add_dependency(%q<jeweler>, ["~> 2.1.1"])
-    s.add_dependency(%q<rack>, ["< 2.0"])
-    s.add_dependency(%q<mocha>, ["~> 1.1.0"])
-    s.add_dependency(%q<test-unit>, ["~> 3.2.0"])
-    s.add_dependency(%q<json>, [">= 0"])
+    s.add_dependency(%q<shoulda>.freeze, ["~> 3.5"])
+    s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+    s.add_dependency(%q<rack>.freeze, ["~> 2.2.3"])
+    s.add_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
+    s.add_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
+    s.add_dependency(%q<json>.freeze, [">= 0"])
   end
 end
 

From 9bd14079eaf302f5fe4bc7a718db142e8e2ee637 Mon Sep 17 00:00:00 2001
From: Safa Bayar <rectionxx@gmail.com>
Date: Sun, 4 Oct 2020 18:43:52 -0400
Subject: [PATCH 2/3] Updated travis ruby version

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 594c7d7..7266b2d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,6 +5,7 @@ rvm:
 - 2.2.0
 - 2.3.0
 - 2.4.0
+- 2.5.0
 - jruby-19mode
 deploy:
   provider: rubygems

From 51e5f951258cbab4ac17d273b89fd5346d653b9d Mon Sep 17 00:00:00 2001
From: Safa Bayar <rectionxx@gmail.com>
Date: Thu, 8 Oct 2020 18:49:45 -0400
Subject: [PATCH 3/3] Security Issues

---
 Rakefile     |  3 ++-
 gelf.gemspec | 11 +++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Rakefile b/Rakefile
index bbdc544..75a7436 100644
--- a/Rakefile
+++ b/Rakefile
@@ -16,7 +16,8 @@ begin
     gem.email = "mail@marcusilgner.com"
     gem.homepage = "http://github.com/Graylog2/gelf-rb"
     gem.authors = ["Alexey Palazhchenko", "Lennart Koopmann", "Zac Sprackett", "Marcus Ilgner"]
-    gem.add_dependency "json"
+    gem.add_dependency "json", '~> 2.3.1'
+    gem.add_dependency "nokogiri", '1.10.10'
     gem.licenses = ["MIT"]
     # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
   end
diff --git a/gelf.gemspec b/gelf.gemspec
index 8dc1777..a0346ae 100644
--- a/gelf.gemspec
+++ b/gelf.gemspec
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Alexey Palazhchenko".freeze, "Lennart Koopmann".freeze, "Zac Sprackett".freeze, "Marcus Ilgner".freeze]
-  s.date = "2020-09-07"
+  s.date = "2020-10-08"
   s.description = "Library to send GELF messages to Graylog logging server. Supports plain-text, GELF messages and exceptions via UDP and TCP.".freeze
   s.email = "mail@marcusilgner.com".freeze
   s.extra_rdoc_files = [
@@ -58,14 +58,16 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<rack>.freeze, ["~> 2.2.3"])
       s.add_development_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
       s.add_development_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
-      s.add_runtime_dependency(%q<json>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<json>.freeze, ["~> 2.3.1"])
+      s.add_runtime_dependency(%q<nokogiri>.freeze, ["~> 1.10.10"])
     else
       s.add_dependency(%q<shoulda>.freeze, ["~> 3.5"])
       s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
       s.add_dependency(%q<rack>.freeze, ["~> 2.2.3"])
       s.add_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
       s.add_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
-      s.add_dependency(%q<json>.freeze, [">= 0"])
+      s.add_dependency(%q<json>.freeze, ["~> 2.3.1"])
+      s.add_dependency(%q<nokogiri>.freeze, ["~> 1.10.10"])
     end
   else
     s.add_dependency(%q<shoulda>.freeze, ["~> 3.5"])
@@ -73,7 +75,8 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<rack>.freeze, ["~> 2.2.3"])
     s.add_dependency(%q<mocha>.freeze, ["~> 1.11.2"])
     s.add_dependency(%q<test-unit>.freeze, ["~> 3.3.6"])
-    s.add_dependency(%q<json>.freeze, [">= 0"])
+    s.add_dependency(%q<json>.freeze, ["~> 2.3.1"])
+    s.add_dependency(%q<nokogiri>.freeze, ["~> 1.10.10"])
   end
 end