[前][次][番号順一覧][スレッド一覧]

ruby-changes:74448

From: Jason <ko1@a...>
Date: Fri, 11 Nov 2022 17:24:29 +0900 (JST)
Subject: [ruby-changes:74448] ceeefb5870 (master): [rubygems/rubygems] github source should default to secure protocol

https://git.ruby-lang.org/ruby.git/commit/?id=ceeefb5870

From ceeefb5870c144ddc069b2c9b8a19dbd4947a947 Mon Sep 17 00:00:00 2001
From: Jason Karns <jason.karns@g...>
Date: Fri, 28 Oct 2022 15:30:21 -0400
Subject: [rubygems/rubygems] github source should default to secure protocol

Bundler 2 switched to secure https here https://github.com/rubygems/rubygems/commit/c2e81f8ff63613871cc8b52653c5e176f8dafde3

Insecure protocols should be avoided to prevent MITM attacks.

https://github.com/rubygems/rubygems/commit/758413364a
---
 lib/rubygems/request_set/gem_dependency_api.rb           | 2 +-
 test/rubygems/test_gem_request_set_gem_dependency_api.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/rubygems/request_set/gem_dependency_api.rb b/lib/rubygems/request_set/gem_dependency_api.rb
index 693cd2793a..ad6e45005b 100644
--- a/lib/rubygems/request_set/gem_dependency_api.rb
+++ b/lib/rubygems/request_set/gem_dependency_api.rb
@@ -214,7 +214,7 @@ class Gem::RequestSet::GemDependencyAPI https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/gem_dependency_api.rb#L214
     git_source :github do |repo_name|
       repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include? "/"
 
-      "git://github.com/#{repo_name}.git"
+      "https://github.com/#{repo_name}.git"
     end
 
     git_source :bitbucket do |repo_name|
diff --git a/test/rubygems/test_gem_request_set_gem_dependency_api.rb b/test/rubygems/test_gem_request_set_gem_dependency_api.rb
index d1411ddc56..5fd2bbb9c2 100644
--- a/test/rubygems/test_gem_request_set_gem_dependency_api.rb
+++ b/test/rubygems/test_gem_request_set_gem_dependency_api.rb
@@ -183,7 +183,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_request_set_gem_dependency_api.rb#L183
 
     assert_equal [dep("a")], @set.dependencies
 
-    assert_equal %w[git://github.com/example/repository.git master],
+    assert_equal %w[https://github.com/example/repository.git master],
                  @git_set.repositories["a"]
 
     expected = { "a" => Gem::Requirement.create("!") }
@@ -196,7 +196,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_request_set_gem_dependency_api.rb#L196
 
     assert_equal [dep("a")], @set.dependencies
 
-    assert_equal %w[git://github.com/example/example.git master],
+    assert_equal %w[https://github.com/example/example.git master],
                  @git_set.repositories["a"]
 
     expected = { "a" => Gem::Requirement.create("!") }
-- 
cgit v1.2.3


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]