diff options
author | Jason Karns <jason.karns@gmail.com> | 2022-10-28 15:30:21 -0400 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2022-11-11 17:24:08 +0900 |
commit | ceeefb5870c144ddc069b2c9b8a19dbd4947a947 (patch) | |
tree | 5dd7e907e66e73cfc82ff3048577ec739d4e8397 | |
parent | adfbee85e07494d42e54b1c616e5fa62a207fb8f (diff) |
[rubygems/rubygems] github source should default to secure protocol
Bundler 2 switched to secure https here https://github.com/rubygems/rubygems/commit/c2e81f8ff63613871cc8b52653c5e176f8dafde3
Insecure protocols should be avoided to prevent MITM attacks.
https://github.com/rubygems/rubygems/commit/758413364a
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/6715
-rw-r--r-- | lib/rubygems/request_set/gem_dependency_api.rb | 2 | ||||
-rw-r--r-- | test/rubygems/test_gem_request_set_gem_dependency_api.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/rubygems/request_set/gem_dependency_api.rb b/lib/rubygems/request_set/gem_dependency_api.rb index 693cd2793a..ad6e45005b 100644 --- a/lib/rubygems/request_set/gem_dependency_api.rb +++ b/lib/rubygems/request_set/gem_dependency_api.rb @@ -214,7 +214,7 @@ class Gem::RequestSet::GemDependencyAPI git_source :github do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include? "/" - "git://github.com/#{repo_name}.git" + "https://github.com/#{repo_name}.git" end git_source :bitbucket do |repo_name| diff --git a/test/rubygems/test_gem_request_set_gem_dependency_api.rb b/test/rubygems/test_gem_request_set_gem_dependency_api.rb index d1411ddc56..5fd2bbb9c2 100644 --- a/test/rubygems/test_gem_request_set_gem_dependency_api.rb +++ b/test/rubygems/test_gem_request_set_gem_dependency_api.rb @@ -183,7 +183,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase assert_equal [dep("a")], @set.dependencies - assert_equal %w[git://github.com/example/repository.git master], + assert_equal %w[https://github.com/example/repository.git master], @git_set.repositories["a"] expected = { "a" => Gem::Requirement.create("!") } @@ -196,7 +196,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase assert_equal [dep("a")], @set.dependencies - assert_equal %w[git://github.com/example/example.git master], + assert_equal %w[https://github.com/example/example.git master], @git_set.repositories["a"] expected = { "a" => Gem::Requirement.create("!") } |