| Age | Commit message (Collapse) | Author |
|---|
| |
| `Gem::Specification.reset` on benign cases If `Gem::Specification.reset` is used, but there are still unresolved dependencies, RubyGems prints a warning. There are though, certain cases where the situation will not cause any issues. One such case is when the unresolved dependency does not restrict any versions (>= 0) and there's a default gem matching it. In this situation, it doesn't matter if Gem paths change, because default gems are still activatable, so the dependency will be properly activated if ever needed. https://.com/rubygems/rubygems/commit/e5f8a3068e |
| https://.com/rubygems/rubygems/commit/7c634ecd72 |
| Removes usage of these classes as ACE gadgets See https://nastystereo.com/security/ruby-3.4-deserialization.html Signed-off-by: Samuel Giddins <[email protected]> https://.com/rubygems/rubygems/commit/89ad04db86 |
| https://.com/rubygems/rubygems/commit/722d4c6926 |
| ruby-{name}, recommend those. https://.com/rubygems/rubygems/commit/d7d33172c1 |
| https://.com/rubygems/rubygems/commit/0c3a65871a |
| https://.com/rubygems/rubygems/commit/d8d68cc00e |
| That's indeed the ideal behavior but it's a mess to maintain because the version of RubyGems shipped with each level of Ruby changes. We could try looking at the `VERSION` constant in ` RbConfig::CONFIG["rubylibdir"` but for now I calling what's in there now as good enough. https://.com/rubygems/rubygems/commit/40ccf2b093 |
| We already do this check in `setup.rb` itself, which is run earlier. https://.com/rubygems/rubygems/commit/160cc3f1c5 |
| https://.com/rubygems/rubygems/commit/31fadaf2d2 |
| output The $0 value is used in many CLI libraries to determine the name of the application, when displaying help and error messages. Without setting this value, it defaults to `gem` which can be confusing. Before: ``` $ gem exec kamal help Commands: gem accessory # Manage accessories (db/redis/search) gem app # Manage application gem audit # Show audit log from servers gem build # Build application image gem config # Show combined config (including secrets!) gem deploy # Deploy app to servers gem details # Show details about all containers gem docs [SECTION] # Show Kamal configuration documentation gem help [COMMAND] # Describe available commands or one specific command gem init # Create config stub in config/deploy.yml and secrets stub in .kamal gem lock # Manage the deploy lock gem proxy # Manage kamal-proxy gem prune # Prune old application images and containers gem redeploy # Deploy app to servers without bootstrapping servers, starting kamal-proxy, pruning, and registry login gem registry # Login and -out of the image registry gem remove # Remove kamal-proxy, app, accessories, and registry session from servers gem rollback [VERSION] # Rollback app to VERSION gem secrets # Helpers for extracting secrets gem server # Bootstrap servers with curl and Docker gem setup # Setup all accessories, push the env, and deploy app to servers gem upgrade # Upgrade from Kamal 1.x to 2.0 gem version # Show Kamal version ``` After: ``` $ gem exec kamal help Commands: kamal accessory # Manage accessories (db/redis/search) kamal app # Manage application kamal audit # Show audit log from servers kamal build # Build application image kamal config # Show combined config (including secrets!) kamal deploy # Deploy app to servers kamal details # Show details about all containers kamal docs [SECTION] # Show Kamal configuration documentation kamal help [COMMAND] # Describe available commands or one specific command kamal init # Create config stub in config/deploy.yml and secrets stub in .kamal kamal lock # Manage the deploy lock kamal proxy # Manage kamal-proxy kamal prune # Prune old application images and containers kamal redeploy # Deploy app to servers without bootstrapping servers, starting kamal-proxy, pruning, and registry login kamal registry # Login and -out of the image registry kamal remove # Remove kamal-proxy, app, accessories, and registry session from servers kamal rollback [VERSION] # Rollback app to VERSION kamal secrets # Helpers for extracting secrets kamal server # Bootstrap servers with curl and Docker kamal setup # Setup all accessories, push the env, and deploy app to servers kamal upgrade # Upgrade from Kamal 1.x to 2.0 kamal version # Show Kamal version ``` https://.com/rubygems/rubygems/commit/4fd060b96d |
| Signed-off-by: Samuel Giddins <[email protected]> https://.com/rubygems/rubygems/commit/a5412d9a0e |
| URI::RFC2396_PARSER.escape explicitly https://.com/rubygems/rubygems/commit/64f026c9d4 |
| |
| |
| |
| |
| |
| https://.com/rubygems/rubygems/commit/5a094cbfab |
| |
| sometimes If a gem package is built from a specification whose platform has been modified, it will include metadata using the old platform. This change should fix the problem by making sure `original_platform` is always properly set. https://.com/rubygems/rubygems/commit/ecd5cd4547 |
| If the user has the encoding of her system messed up, she may end up sending us incorrectly encoding input, causing "invalid byte sequence in UTF-8" errors at random places. These errors can be forced on a system without encoding issues with something like: ``` $ gem install$(echo -e "\xFF") foo /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:534:in `block in set_config_file_name': invalid byte sequence in UTF-8 (ArgumentError) from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `each' from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `set_config_file_name' from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:177:in `initialize' from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `new' from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `do_configuration' from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:33:in `run' from /Users/deivid/.asdf/installs/ruby/3.2.1/bin/gem:10:in `<main>' ``` This commit makes RubyGems print a better error in this case: ``` $ ruby -Ilib bin/gem install$(echo -e "\xFF") foo /Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:75:in `validate_encoding': invalid argument: 'install�' has invalid encoding (Gem::OptionParser::InvalidArgument) from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:31:in `run' from bin/gem:10:in `<main>' ``` |
| If a command requires two MFA authenticated requests, and webauthn is enabled, then first one will succeed but the second one will fail because it tries to reuse the OTP code from the first request and that does not work. This happens when you have not yet logged in to rubygems.org, or when you have an API key with invalid scopes for the current operation. In that case, we need: * An API request to get a token or change scopes for the one that you have. * Another API request to perform the actual operation. Instead of trying to reuse the token, make sure it's cleared so we are asked to authenticate again. We only do this when webauthn is enabled because reusing TOPT tokens otherwise is allowed and I don't want to break that. https://.com/rubygems/rubygems/commit/669e343935 |
| https://.com/rubygems/rubygems/commit/15930fe126 |
| https://.com/rubygems/rubygems/commit/d478ec403f |
| directory as the binstub https://.com/rubygems/rubygems/commit/ab7d65cc18 Co-authored-by: Nobuyoshi Nakada <[email protected]> |
| https://.com/rubygems/rubygems/commit/f2ed507afe |
| executables around https://.com/rubygems/rubygems/commit/4b81add54c |
| https://.com/rubygems/rubygems/commit/3d5135e69b |
| https://.com/rubygems/rubygems/commit/1024505d8e |
| https://.com/rubygems/rubygems/commit/0719921af4 |
| https://.com/rubygems/rubygems/commit/18c4ea7d00 |
| suggest_gems_from_name(), with test. https://.com/rubygems/rubygems/commit/7bb7c0ac2d |
| https://.com/rubygems/rubygems/commit/6c67298584 |
| https://.com/rubygems/rubygems/commit/8f9983cc21 |
| guaranteed to be rejected. https://.com/rubygems/rubygems/commit/56262a9384 |
| https://.com/rubygems/rubygems/commit/fe9999f2cf |
| We fixed some issues recently where Bundler would try to activate a pysch spec with missing extensions and crash. However, as a side effect, we started printing warnings about missing extensions in situations where we did not warn before. It may be interesting to warn on these new situations too, but in order to minimize changes for now, I'm reverting to printing warnings in the same situations as before. https://.com/rubygems/rubygems/commit/51ebff6982 |
| A default gem does not always live in the same place. For example, Bundler may be installed to `site_dir` when RubyGems have been upgraded. A more reliable way seems to actually activate the default gem, so that we can know for sure where it lives. https://.com/rubygems/rubygems/commit/c69f6dfb18 |
| activated https://.com/rubygems/rubygems/commit/b44bf2ac74 |
| https://.com/rubygems/rubygems/commit/1cfc1d626c |
| If a default version and a regular version of etc are present at the same time, RubyGems will end up duplicating work and running pristine twice. The `etc` gem is special because it's loaded by RubyGems by default. When doing this, RubyGems will activate the regularly installed version. The when `gem pristine` runs, it will find to installed specifications but materialize both to the already activated specification. Before: ``` $ gem pristine etc --version 1.4.3 Restoring gems to pristine condition... Building native extensions. This could take a while... Restored etc-1.4.3 Building native extensions. This could take a while... Restored etc-1.4.3 ``` After: ``` $ gem pristine etc --version 1.4.3 Restoring gems to pristine condition... Skipped etc-1.4.3, it is a default gem Building native extensions. This could take a while... Restored etc-1.4.3 ``` https://.com/rubygems/rubygems/commit/5c279ac56b |
| https://.com/rubygems/rubygems/commit/c80998a22a |
| Signed-off-by: Samuel Giddins <[email protected]> Notes: Merged: https://.com/ruby/ruby/pull/11860 |
| If old Bundler versions that unconditionally try to remove this method are run with RubyGems versions _without_ this method, Bundler crashes because it tries to remove a method that does not exist. We need to wait until RubyGems cannot install any Bundler versions that unconditionally remove this method. https://.com/rubygems/rubygems/commit/98804d261d |
| It would happen when the gem is already installed to multiple GEM_PATHS. RubyGems was removing duplicate specs without considering the potentially different `base_dir`. That was causing the gem to be misidentified as not already installed, and a nil specification getting returned from the installer as a result, causing the crash. Solve it by making sure `Gem::Specification.all` really iterates through all the different specifications in all GEM_PATHs. https://.com/rubygems/rubygems/commit/0d8c208f65 |
| https://.com/rubygems/rubygems/commit/c9e665eb8a |
| for some reason https://.com/rubygems/rubygems/commit/f8f589b1b8 |
| The `LoadError` needs to be ignored because command may have been defined and registered from a rubygems_plugin.rb file. https://.com/rubygems/rubygems/commit/31f13d449b |
