All notable changes to this project are documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
These changes have been merged but not yet released, so the version they will ship in is not yet decided. Note that this section contains a breaking change (see below); under SemVer that implies the next release will be a new major version.
- 429 responses now raise
Xeroizer::OAuth::RateLimitExceededinstead of the rawOAuth2::Errorfor consumers running the OAuth2 client withraise_errors: true. Update any rescue chains accordingly. Non-429OAuth2::Errors are unaffected and still propagate unchanged. - The
nonce_used_max_attemptsoption and its reader were removed;app.nonce_used_max_attemptsnow raisesNoMethodError.
company_numberattribute on Contact. (#559)editionattribute on Organisation. (#564)batch_payment_idattribute on Payment. (#568)
oauth2now requires>= 2.0", "< 3.0; the client uses oauth2 2.x request and error semantics. The previous>= 1.4.0floor allowed 1.x, which would mis-send request bodies.LineItem#line_item_idis now a guid, producingLineItemIDin XML to match Xero's case-sensitive parsing. (#562)rate_limit_sleep: truenow respects theRetry-Afterresponse header. (#569)rate_limit_sleepnow also works underraise_errors: true.- A numeric
rate_limit_sleepis now clamped to a non-negative number. Fractional values are preserved (2.5sleeps 2.5 seconds). Negative values sleep 0 seconds rather than raising. - Under
raise_errors: true, thebefore_request/after_requestand response logging hooks now fire for 429 responses (they previously could not, because theoauth2gem raised before xeroizer's response layer ran). This keeps observability consistent across bothraise_errorsmodes. activesupportnow requires>= 7.0(previously unconstrained, which let it resolve to ancient, EOL releases that fail to load on modern Ruby).- Minimum supported Ruby is now 3.1 (
required_ruby_version >= 3.1); RubyGems refuses to install the gem on older Rubies.
- The dead
Net::HTTPResponse#plain_bodymonkeypatch (http_encoding_helper.rb); responses use theXeroizer::OAuth2::Responsewrapper'splain_body. - OAuth 1.0a transport support (#574). The
oauthgem is no longer a dependency, andXeroizer::OAuthConfig/Xeroizer::OAuthCredentialsand the OAuth1 methods onXeroizer::OAuthare gone. OAuth 2.0 is unaffected. - The OAuth 1.0a-only error classes
Xeroizer::OAuth::ConsumerKeyUnknownandXeroizer::OAuth::NonceUsed, their error mappings, the nonce-reuse retry, and thenonce_used_max_attemptsoption that configured it.
- OAuth error response (401/403/503) parsing on Ruby 4.0, where
CGI.parsewas removed. - Models without
set_permissionsnow raiseMethodNotAllowedon read instead ofNoMethodError(e.g.Schedule). :datetimefields serializenilas an empty element and raise a clearArgumentErrorfor non-time values, matching:date.- The gem now requires
active_support/core_ext/object/blankand.../object/tryexplicitly; it usedblank?/present?/trybut only loaded them transitively, which broke on modern ActiveSupport outside Rails. - Loads ActiveSupport's deprecation framework before its core extensions, preventing a load-time crash on ActiveSupport versions that emit a deprecation from a cherry-picked file (e.g. 8.2).
#attributes=now raises the same clearundefined methoderror as.buildwhen given an invalid attribute name. (#570)- Avoid an extra API call when accessing allocations from a credit note. (#554)
- A
raw_body: truerequest body is now computed once before the retry loop, so a retried request re-sends the same raw body instead of falling back to thexml=-wrapped form, and:raw_bodyis no longer serialized into the request query string. BrandingTheme#add_payment_servicenow builds its request body withBuilderinstead of ActiveSupport'sHash#to_xml, removing a hidden dependency on an ActiveSupport extension the gem never required.lib/xeroizernow requiresjsonexplicitly rather than relying on it being loaded transitively by another gem.lib/xeroizerrequirescgi/escapeinstead of the fullcgilibrary (removed in Ruby 4.0) for theCGI.escapecalls it makes.
See the Git history for changes up to and including 3.0.1.