| Age | Commit message (Collapse) | Author |
|---|
|
description
7890c98 matched the start of each line, whereas this matches the start
of the entire string.
https://github.com/rubygems/rubygems/commit/432de7b819
|
|
This reverts commit 6589f7bcc7a63a47cb73f58a290c1e1ac42bba99.
https://github.com/rubygems/rubygems/commit/9d0ce31f08
|
|
Do not change the password of the input parameter source during
anonymization, by using the proper helper instead of changing the
original uri directly.
https://github.com/rubygems/rubygems/commit/eaa2dd8a97
|
|
Implement deep cloning for `Gem::Uri` class to fix a bug where redacting
credentials modifies the URI string in place instead of returning a
modified copy.
https://github.com/rubygems/rubygems/commit/eafb5a279b
|
|
https://github.com/rubygems/rubygems/commit/6589f7bcc7
|
|
It doesn't make much sense to just forbid certain words in descriptions.
https://github.com/rubygems/rubygems/commit/7890c98415
|
|
https://github.com/rubygems/rubygems/commit/ef5f30cba7
|
|
This allows easy differentiation between ABI incompatible platforms like MSWIN64 and MSVCRT-based MINGW32.
This also implicates a distinct rubygem platform which is also "x64-mingw-ucrt".
Although the term "mingw32" is the OS-part for 64 bit systems as well, the "32" is misleading and confusing for many users.
Therefore the new platform string drops the "32" from the OS part to just "mingw".
This conforms to the common practice of windows platform testing per RUBY_PLATFORM=~/mswin|mingw/ .
Notes:
Merged: https://github.com/ruby/ruby/pull/4599
|
|
`Gem::Uri` class
The new class is a wrapper on top of an URI. And then, when you want
credentials redacted, you call `#redacted` that returns a copy of itself,
but with credentials redacted.
https://github.com/rubygems/rubygems/commit/9581c2740a
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/30f5b3c027
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/25c99d7f9d
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/c3bb52eb5c
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
mistake
https://github.com/rubygems/rubygems/commit/ffb480ca7a
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/3a8486794e
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
For the purpose of this class, we need to make sure the return object by `Gem::UriParser.parse_uri` method will have the following method:
- user
- user=
- password
- password=
So we can remove the the `uri` dependency and just look for the methods to exist.
https://github.com/rubygems/rubygems/commit/241e093597
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
its initialize method
https://github.com/rubygems/rubygems/commit/21dcdd2dc5
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/dba130cd80
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`Gem::PrintableUri#valid_uri?`
https://github.com/rubygems/rubygems/commit/a5177709c9
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/5b6b649bba
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`build` method
The `initialize` method is already doing a lot and by adding the `Gem::PrintableUri` to redact sensitive information, things are getting complicated and hard to read here. For the start, I have refactored the `initialize` method into a class method called `build`.
https://github.com/rubygems/rubygems/commit/4312e8fdf5
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
The `@uri` variable could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it when logging on verbose mode.
https://github.com/rubygems/rubygems/commit/f566787211
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`Gem::Commands::InstallCommand` class
The `x.source.uri` could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it.
https://github.com/rubygems/rubygems/commit/8755ee0aaa
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
be used on outputs
We need to redact URI credential in several places and copy pasting the code into each part of it is not ideal. This class is responsible for parsing URI strings and redacting credential from it. Also, it will handle URI object in the same manner. We will be reusing this class whenever we need to print/display a URI to users.
URI with the following format will be redacted:
- Token: `http://my-secure-token@example.com` => `http://REDACTED@example.com`
- Username & Password: `http://my-username:my-secure-password@example.com` => `http://my-username:REDACTED@example.com`
- x-oauth-basic: `http://my-secure-token:x-oauth-basic@example.com` => `http://REDACTED:x-oauth-basic@example.com`
https://github.com/rubygems/rubygems/commit/f1e45d3a89
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
The `Gem::Platform::RUBY ? -1 : 1` has been used multiple times in different places and could be refactored to a method (DRY).
https://github.com/rubygems/rubygems/commit/9d43ca8f0c
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/e3d150d822
Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/c74fc58695
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
They should properly configure `GEM_PATH` instead.
https://github.com/rubygems/rubygems/commit/3bd9ae33ca
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
MacOS should properly configure Ruby. They should not expect us to
maintain a different layout just for them.
https://github.com/rubygems/rubygems/commit/ecad900925
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/320fdc1513
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
The previous behavior was to automatically require `bundler/setup`
everytime `rubygems` was required, which I think was too much.
https://github.com/rubygems/rubygems/commit/b25379a295
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/fe723c0f7f
|
|
https://github.com/rubygems/rubygems/commit/8bf41f53cc
|
|
https://github.com/rubygems/rubygems/commit/e5532ef886
|
|
Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
https://github.com/rubygems/rubygems/commit/141c2f4388
|
|
After reading [this blog
post](https://blog.rubygems.org/2011/08/31/shaving-the-yaml-yak.html),
published almost 10 years ago already, my understanding is that this
problem could come up in two ways:
* Rubygems.org serving corrupted gemspecs". As far as I understand this
was fixed in rubygems.org a lot time ago, since
https://github.com/rubygems/rubygems.org/pull/331.
* Clients having a ten years old gemspec cache with some of these bad
gemspecs. In this case, there's no easy solution but I think ten years
is enough and rebuilding the cache should do the trick.
So, I think it's time we remove this.
https://github.com/rubygems/rubygems/commit/afcb15d556
|
|
https://github.com/rubygems/rubygems/commit/c4004fadd9
|
|
[Fixes #4733]
https://github.com/rubygems/rubygems/commit/fce7f3eb7d
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4648
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4634
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4533
|
|
https://github.com/rubygems/rubygems/commit/aa390a3500
|
|
* Port
https://github.com/ruby/ruby/commit/8e91b969df08b7a2eb27a5d6d38733eea42dc7ad
from ruby-core, and make it compatible with psych 3 & 4.
|
|
https://github.com/rubygems/rubygems/commit/e7280f8d30
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/83ebdec27a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/795b572ac2
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/ae44b68d57
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/a10ff97830
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
test/rubygems/test_gem_remote_fetcher.rb
https://github.com/rubygems/rubygems/commit/f1af59fe02
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/8b2ca6df3a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
of assert_path_exists and refute_path_exists
https://github.com/rubygems/rubygems/commit/a7c93558c3
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
