ruby-changes:68064
From: fiveNinePlusR <ko1@a...>
Date: Wed, 22 Sep 2021 10:19:45 +0900 (JST)
Subject: [ruby-changes:68064] 105e037fe8 (master): [rubygems/rubygems] Fix possible malicious website to example.com
https://git.ruby-lang.org/ruby.git/commit/?id=105e037fe8 From 105e037fe8a64dd3331123d45b302f03d555bb21 Mon Sep 17 00:00:00 2001 From: fiveNinePlusR <fiveNinePlusR@g...> Date: Fri, 17 Sep 2021 09:41:05 -0700 Subject: [rubygems/rubygems] Fix possible malicious website to example.com example.com is the canonical stand in for domain examples and will never have a backing website. via https://www.rfc-editor.org/rfc/rfc2606.html https://github.com/rubygems/rubygems/commit/26622c81c2 --- lib/bundler/templates/newgem/newgem.gemspec.tt | 2 +- spec/bundler/commands/newgem_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/bundler/templates/newgem/newgem.gemspec.tt b/lib/bundler/templates/newgem/newgem.gemspec.tt index c46e2c3..e07ec58 100644 --- a/lib/bundler/templates/newgem/newgem.gemspec.tt +++ b/lib/bundler/templates/newgem/newgem.gemspec.tt @@ -16,7 +16,7 @@ Gem::Specification.new do |spec| https://github.com/ruby/ruby/blob/trunk/lib/bundler/templates/newgem/newgem.gemspec.tt#L16 <%- end -%> spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>" - spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'" + spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'" spec.metadata["homepage_uri"] = spec.homepage spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here." diff --git a/spec/bundler/commands/newgem_spec.rb b/spec/bundler/commands/newgem_spec.rb index 4ccf9be..0a4e683 100644 --- a/spec/bundler/commands/newgem_spec.rb +++ b/spec/bundler/commands/newgem_spec.rb @@ -563,7 +563,7 @@ RSpec.describe "bundle gem" do https://github.com/ruby/ruby/blob/trunk/spec/bundler/commands/newgem_spec.rb#L563 bundle "gem #{gem_name}" expect(generated_gemspec.metadata["allowed_push_host"]). - to match(/mygemserver\.com/) + to match(/example\.com/) end it "sets a minimum ruby version" do -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/