release: 3.9.1

Related to cf1cd66307

.github/workflows/cd.yml

@@ -42,7 +42,7 @@ jobs:
         password: ${{ secrets.DOCKER_TOKEN }}
 
     - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         context: docker
         build-args: |

.github/workflows/ci.yml

@@ -15,11 +15,12 @@ jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         ruby-version:
-        - '2.7'
         - '3.0'
         - '3.1'
+        - '3.2'
     steps:
     - uses: actions/checkout@v3
     - name: Set up Ruby ${{ matrix.ruby-version }}

.github/workflows/vulnscan.yml

@@ -36,7 +36,7 @@ jobs:
           for image in $ALL_IMAGES; do
             if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
               echo -e "\nScanning newest patch release $image of major v$major_version...\n"
-              if ! trivy image --skip-update --exit-code 1 "$image"; then
+              if ! trivy image --skip-db-update --scanners vuln --exit-code 1 "$image"; then
                 EXIT_CODE=1
               fi
               break

.rubocop.yml

@@ -3,9 +3,12 @@ require:
 - rubocop-rspec
 
 AllCops:
-  TargetRubyVersion: '2.7'
+  TargetRubyVersion: '3.0'
   NewCops: enable
 
+Gemspec/DevelopmentDependencies:
+  EnforcedStyle: gemspec
+
 Gemspec/RequireMFA:
   Enabled: false
 

CHANGELOG.md

@@ -1,5 +1,57 @@
 # Changelog
 
+## 3.9.1 (July 6, 2023)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.18.2 (from 3.18.0 before)
+
+## 3.9.0 (June 8, 2023)
+
+IMPROVEMENTS:
+
+- Drop EOL Ruby 2.7 support, now minimum version supported is Ruby 3.0
+
+## 3.8.2 (April 1st, 2023)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.17.3 (from 3.17.2 before)
+
+## 3.8.1 (March 2nd, 2023)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.17.2 (from 3.17.1 before)
+
+## 3.8.0 (January 13th, 2023)
+
+IMPROVEMENTS:
+
+- add Ruby 3.2 support
+
+OTHER:
+
+- update base of Docker image to Alpine 3.17.1 (from 3.17.0 before)
+
+## 3.7.3 (December 29th, 2022)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.17.0 (from 3.16.2 before)
+
+## 3.7.2 (November 10th, 2022)
+
+OTHER:
+
+- re-release 3.7.1 to rebuild Docker image with security vulnerabilities fixes
+
+## 3.7.1 (September 20th, 2022)
+
+IMPROVEMENTS:
+
+- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
+
 ## 3.7.0 (September 16th, 2022)
 
 IMPROVEMENTS:

Rakefile

@@ -14,18 +14,11 @@ task :solargraph do
   sh 'solargraph typecheck'
 end
 
-namespace :solargraph do
-  desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
-  task :init do
-    sh 'solargraph download-core'
-  end
-end
-
 # renovate: datasource=github-tags depName=hadolint/hadolint
-hadolint_version = 'v2.10.0'
+hadolint_version = 'v2.12.0'
 
 # renovate: datasource=github-tags depName=aquasecurity/trivy
-trivy_version = 'v0.31.3'
+trivy_version = 'v0.43.0'
 
 namespace :docker do
   ci_image = 'cmur2/dyndnsd:ci'
@@ -78,4 +71,4 @@ end
 task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
 
 desc 'Run all tasks desired for CI'
-task ci: ['solargraph:init', :default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
+task ci: [:default, 'docker:lint', :build, 'docker:build', 'docker:e2e']

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.16.2
+FROM alpine:3.18.2
 
 EXPOSE 5353 8080
 

docker/ci/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.16.2
+FROM alpine:3.18.2
 
 EXPOSE 5353 8080
 

dyndnsd.gemspec

@@ -25,16 +25,16 @@ Gem::Specification.new do |s|
   s.executables = ['dyndnsd']
   s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
 
-  s.required_ruby_version = '>= 2.7'
+  s.required_ruby_version = '>= 3.0'
 
-  s.add_runtime_dependency 'async', '~> 1.30.0'
+  s.add_runtime_dependency 'async', '~> 1.31.0'
   s.add_runtime_dependency 'async-dns', '~> 1.3.0'
   s.add_runtime_dependency 'metriks'
-  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.21.0'
+  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.22.0'
-  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.20.0'
+  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.22.0'
-  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.0.0.rc2'
+  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.2.0'
   s.add_runtime_dependency 'rack', '~> 3.0'
-  s.add_runtime_dependency 'rackup'
+  s.add_runtime_dependency 'rackup', '~> 2'
   s.add_runtime_dependency 'webrick', '>= 1.6.1'
 
   s.add_development_dependency 'bundler'
@@ -42,8 +42,8 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.36.0'
+  s.add_development_dependency 'rubocop', '~> 1.54.0'
   s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
-  s.add_development_dependency 'rubocop-rspec', '~> 2.13.1'
+  s.add_development_dependency 'rubocop-rspec', '~> 2.22.0'
-  s.add_development_dependency 'solargraph', '~> 0.46.0'
+  s.add_development_dependency 'solargraph', '~> 0.49.0'
 end

lib/dyndnsd.rb

@@ -107,7 +107,7 @@ module Dyndnsd
       puts "DynDNSd version #{Dyndnsd::VERSION}"
       puts "Using config file #{config_file}"
 
-      config = YAML.safe_load(File.read(config_file))
+      config = YAML.safe_load_file(config_file)
 
       setup_logger(config)
 
@@ -215,10 +215,11 @@ module Dyndnsd
       invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
       return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
 
+      # we can trust this information since user was authorized by middleware
       user = env['REMOTE_USER']
 
       # check for hostnames that the user does not own
-      forbidden_hostnames = hostnames - @users[user]['hosts']
+      forbidden_hostnames = hostnames - @users[user].fetch('hosts', [])
       return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
 
       if params['offline'] == 'YES'

lib/dyndnsd/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dyndnsd
-  VERSION = '3.7.0'
+  VERSION = '3.9.1'
 end

spec/dyndnsd/daemon_spec.rb

@@ -15,6 +15,9 @@ describe Dyndnsd::Daemon do
         'test' => {
           'password' => 'secret',
           'hosts' => ['foo.example.org', 'bar.example.org']
+        },
+        'test2' => {
+          'password' => 'ihavenohosts'
         }
       }
     }
@@ -99,6 +102,14 @@ describe Dyndnsd::Daemon do
     expect(last_response.body).to eq('notfqdn')
   end
 
+  it 'rejects request if user does not own any hostnames' do
+    authorize 'test2', 'ihavenohosts'
+
+    get '/nic/update?hostname=doesnotexisthost.example.org'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+  end
+
   it 'rejects request if user does not own one hostname' do
     authorize 'test', 'secret'