ruby.git/lib/bundler/templates/newgem, branch master The Ruby Programming Language [ruby/rubygems] Use optimistic version constraints in bundle gem output 2026-05-11T02:49:07+00:00 Jeremy Evans code@jeremyevans.net 2026-05-08T23:53:07+00:00 7dc93cb1679c9834a8da1caf5dfff3234b6abdc4 This changes the gemspec and Gemfile to use optimistic versions for dependencies. https://github.com/ruby/rubygems/commit/92b0305c8b 
This changes the gemspec and Gemfile to use optimistic versions for
dependencies.

https://github.com/ruby/rubygems/commit/92b0305c8b
[ruby/rubygems] Bump rb_sys to >= 0.9.127 2026-05-01T01:50:14+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-04-13T02:51:50+00:00 5219c4c8013bc3b859c46020f82528d8fa4d85b2 https://github.com/ruby/rubygems/commit/cf21e9113f Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 
https://github.com/ruby/rubygems/commit/cf21e9113f

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[ruby/rubygems] Update gem creation guide URL to rubygems.org 2026-04-24T00:45:15+00:00 y-onishi yuta_onishi@smartbank.co.jp 2026-04-23T10:57:36+00:00 7e1039e191550869aa146a4895af2db48b506882 Update the gem creation guide links in the CLI output and gemspac template. The previous Bundler guide URL now redirects to RubyGems Guides. https://github.com/ruby/rubygems/commit/0b469edf03 
Update the gem creation guide links in the CLI output and gemspac template.
The previous Bundler guide URL now redirects to RubyGems Guides.

https://github.com/ruby/rubygems/commit/0b469edf03
[ruby/rubygems] Add commented-out rubygems_mfa_required to bundle gem template 2026-04-16T06:17:59+00:00 Matheus Richard matheusrichardt@gmail.com 2026-04-15T19:55:33+00:00 8ee25f7397fa8cc6bfdadcbec52021678b7bdd8d Package registries are active supply chain attack targets. Recent high-profile incidents include the Axios NPM compromise (https://socket.dev/blog/axios-npm-package-compromised) and the LiteLLM PyPI compromise (https://docs.litellm.ai/blog/security-update-march-2026). RubyGems supports an MFA-required opt-in via gemspec metadata: spec.metadata["rubygems_mfa_required"] = "true" but most gems haven't enabled it. A big reason is discoverability. Nothing in the `bundle gem` flow mentions the option, so authors would need to already know it exists to find it. Reference: https://guides.rubygems.org/mfa-requirement-opt-in/ This commit adds a commented-out `spec.metadata["rubygems_mfa_required"] = "true"` line, along with a short explanatory comment and a reference link, to the gemspec template used by `bundle gem`. Default behavior is unchanged because the line is commented out, but every new gem author now sees the MFA opt-in right where they configure their gemspec. Opting in is then a matter of deleting the leading `# `. https://github.com/ruby/rubygems/commit/2fd3496ce1 
Package registries are active supply chain attack targets. Recent
high-profile incidents include the Axios NPM compromise
(https://socket.dev/blog/axios-npm-package-compromised) and the LiteLLM
PyPI compromise (https://docs.litellm.ai/blog/security-update-march-2026).

RubyGems supports an MFA-required opt-in via gemspec metadata:

    spec.metadata["rubygems_mfa_required"] = "true"

but most gems haven't enabled it. A big reason is discoverability. Nothing
in the `bundle gem` flow mentions the option, so authors would need to
already know it exists to find it.

Reference: https://guides.rubygems.org/mfa-requirement-opt-in/

This commit adds a commented-out `spec.metadata["rubygems_mfa_required"] = "true"` line,
along with a short explanatory comment and a reference link, to the gemspec
template used by `bundle gem`. Default behavior is unchanged because the
line is commented out, but every new gem author now sees the MFA opt-in
right where they configure their gemspec. Opting in is then a matter of
deleting the leading `# `.

https://github.com/ruby/rubygems/commit/2fd3496ce1
[ruby/rubygems] Use eq matcher instead of be for string comparison in newgem template 2026-04-08T05:39:58+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-04-08T05:15:59+00:00 539cb5e19a0134c120421628a2f5619baa728e5b be checks object identity which will fail for newly-allocated strings. eq checks value equality and is the correct matcher here. https://github.com/ruby/rubygems/commit/828440937b Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 
be checks object identity which will fail for newly-allocated strings.
eq checks value equality and is the correct matcher here.

https://github.com/ruby/rubygems/commit/828440937b

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[ruby/rubygems] Fix wrong expected value in Rust extension test templates 2026-04-08T05:39:58+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-04-08T04:26:05+00:00 f5ad01ea9731560f6c3bc5ad339533460cf92958 The Rust function hello("world") returns "Hello world, from Rust!" but the Ruby test templates expected "Hello earth, from Rust!", causing generated tests to fail immediately after bundle gem --ext=rust. https://github.com/ruby/rubygems/commit/8de4c041ba Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 
The Rust function hello("world") returns "Hello world, from Rust!" but
the Ruby test templates expected "Hello earth, from Rust!", causing
generated tests to fail immediately after bundle gem --ext=rust.

https://github.com/ruby/rubygems/commit/8de4c041ba

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[ruby/rubygems] Restore rb_sys dependency for Rust 2026-03-30T05:34:10+00:00 방성범 (Bang Seongbeom) bangseongbeom@gmail.com 2026-03-20T17:14:08+00:00 3379c7efbdc34b7936f322a6bc2de4834c8c65fc https://github.com/ruby/rubygems/commit/7cd3b9a08a 
https://github.com/ruby/rubygems/commit/7cd3b9a08a
[ruby/rubygems] Restrict GitHub Actions workflow permissions for newgem 2026-03-02T06:20:44+00:00 Taketo Takashima t.taketo1113@gmail.com 2026-03-02T04:38:05+00:00 b0ee787733f2a497b5b8d4a14118cfe0c684e349 - Configure minimal required permissions in the GitHub Actions workflow template - Bump actions/checkout from 4 to 6 - Bump actions/upload-artifact from 3 to 7 https://github.com/ruby/rubygems/commit/e4c82bd095 
- Configure minimal required permissions in the GitHub Actions workflow template
- Bump actions/checkout from 4 to 6
- Bump actions/upload-artifact from 3 to 7

https://github.com/ruby/rubygems/commit/e4c82bd095
[ruby/rubygems] remove outdated rubies 2026-02-13T06:28:15+00:00 Garen J. Torikian gjtorikian@users.noreply.github.com 2025-02-21T14:00:24+00:00 f94f28481b8450c0dfa18304be420fd969321b7e https://github.com/ruby/rubygems/commit/98a50203cb 
https://github.com/ruby/rubygems/commit/98a50203cb
[ruby/rubygems] update template dependencies 2026-02-13T06:28:14+00:00 Garen J. Torikian gjtorikian@users.noreply.github.com 2025-02-08T21:17:50+00:00 e0ab4157877c737b775610a7d885de28bed577ef https://github.com/ruby/rubygems/commit/a7f52d6b02 
https://github.com/ruby/rubygems/commit/a7f52d6b02