[前][次][番号順一覧][スレッド一覧]

ruby-changes:68064

From: fiveNinePlusR <ko1@a...>
Date: Wed, 22 Sep 2021 10:19:45 +0900 (JST)
Subject: [ruby-changes:68064] 105e037fe8 (master): [rubygems/rubygems] Fix possible malicious website to example.com

https://git.ruby-lang.org/ruby.git/commit/?id=105e037fe8

From 105e037fe8a64dd3331123d45b302f03d555bb21 Mon Sep 17 00:00:00 2001
From: fiveNinePlusR <fiveNinePlusR@g...>
Date: Fri, 17 Sep 2021 09:41:05 -0700
Subject: [rubygems/rubygems] Fix possible malicious website to example.com

example.com is the canonical stand in for domain examples and will never have a backing website.

via https://www.rfc-editor.org/rfc/rfc2606.html

https://github.com/rubygems/rubygems/commit/26622c81c2
---
 lib/bundler/templates/newgem/newgem.gemspec.tt | 2 +-
 spec/bundler/commands/newgem_spec.rb           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/bundler/templates/newgem/newgem.gemspec.tt b/lib/bundler/templates/newgem/newgem.gemspec.tt
index c46e2c3..e07ec58 100644
--- a/lib/bundler/templates/newgem/newgem.gemspec.tt
+++ b/lib/bundler/templates/newgem/newgem.gemspec.tt
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec| https://github.com/ruby/ruby/blob/trunk/lib/bundler/templates/newgem/newgem.gemspec.tt#L16
 <%- end -%>
   spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"
 
-  spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'"
+  spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
diff --git a/spec/bundler/commands/newgem_spec.rb b/spec/bundler/commands/newgem_spec.rb
index 4ccf9be..0a4e683 100644
--- a/spec/bundler/commands/newgem_spec.rb
+++ b/spec/bundler/commands/newgem_spec.rb
@@ -563,7 +563,7 @@ RSpec.describe "bundle gem" do https://github.com/ruby/ruby/blob/trunk/spec/bundler/commands/newgem_spec.rb#L563
       bundle "gem #{gem_name}"
 
       expect(generated_gemspec.metadata["allowed_push_host"]).
-        to match(/mygemserver\.com/)
+        to match(/example\.com/)
     end
 
     it "sets a minimum ruby version" do
-- 
cgit v1.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]