| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/rubygems/rubygems/commit/7c634ecd72
|
|
Removes usage of these classes as ACE gadgets
See https://nastystereo.com/security/ruby-3.4-deserialization.html
Signed-off-by: Samuel Giddins <[email protected]>
https://github.com/rubygems/rubygems/commit/89ad04db86
|
|
https://github.com/rubygems/rubygems/commit/722d4c6926
|
|
ruby-{name}, recommend those.
https://github.com/rubygems/rubygems/commit/d7d33172c1
|
|
https://github.com/rubygems/rubygems/commit/0c3a65871a
|
|
https://github.com/rubygems/rubygems/commit/d8d68cc00e
|
|
That's indeed the ideal behavior but it's a mess to maintain because the
version of RubyGems shipped with each patchlevel of Ruby changes. We
could try looking at the `VERSION` constant in `
RbConfig::CONFIG["rubylibdir"` but for now I calling what's in there now
as good enough.
https://github.com/rubygems/rubygems/commit/40ccf2b093
|
|
We already do this check in `setup.rb` itself, which is run earlier.
https://github.com/rubygems/rubygems/commit/160cc3f1c5
|
|
https://github.com/rubygems/rubygems/commit/31fadaf2d2
|
|
output
The $0 value is used in many CLI libraries to determine the name of the
application, when displaying help and error messages.
Without setting this value, it defaults to `gem` which can be confusing.
Before:
```
$ gem exec kamal help
Commands:
gem accessory # Manage accessories (db/redis/search)
gem app # Manage application
gem audit # Show audit log from servers
gem build # Build application image
gem config # Show combined config (including secrets!)
gem deploy # Deploy app to servers
gem details # Show details about all containers
gem docs [SECTION] # Show Kamal configuration documentation
gem help [COMMAND] # Describe available commands or one specific command
gem init # Create config stub in config/deploy.yml and secrets stub in .kamal
gem lock # Manage the deploy lock
gem proxy # Manage kamal-proxy
gem prune # Prune old application images and containers
gem redeploy # Deploy app to servers without bootstrapping servers, starting kamal-proxy, pruning, and registry login
gem registry # Login and -out of the image registry
gem remove # Remove kamal-proxy, app, accessories, and registry session from servers
gem rollback [VERSION] # Rollback app to VERSION
gem secrets # Helpers for extracting secrets
gem server # Bootstrap servers with curl and Docker
gem setup # Setup all accessories, push the env, and deploy app to servers
gem upgrade # Upgrade from Kamal 1.x to 2.0
gem version # Show Kamal version
```
After:
```
$ gem exec kamal help
Commands:
kamal accessory # Manage accessories (db/redis/search)
kamal app # Manage application
kamal audit # Show audit log from servers
kamal build # Build application image
kamal config # Show combined config (including secrets!)
kamal deploy # Deploy app to servers
kamal details # Show details about all containers
kamal docs [SECTION] # Show Kamal configuration documentation
kamal help [COMMAND] # Describe available commands or one specific command
kamal init # Create config stub in config/deploy.yml and secrets stub in .kamal
kamal lock # Manage the deploy lock
kamal proxy # Manage kamal-proxy
kamal prune # Prune old application images and containers
kamal redeploy # Deploy app to servers without bootstrapping servers, starting kamal-proxy, pruning, and registry login
kamal registry # Login and -out of the image registry
kamal remove # Remove kamal-proxy, app, accessories, and registry session from servers
kamal rollback [VERSION] # Rollback app to VERSION
kamal secrets # Helpers for extracting secrets
kamal server # Bootstrap servers with curl and Docker
kamal setup # Setup all accessories, push the env, and deploy app to servers
kamal upgrade # Upgrade from Kamal 1.x to 2.0
kamal version # Show Kamal version
```
https://github.com/rubygems/rubygems/commit/4fd060b96d
|
|
Signed-off-by: Samuel Giddins <[email protected]>
https://github.com/rubygems/rubygems/commit/a5412d9a0e
|
|
URI::RFC2396_PARSER.escape explicitly
https://github.com/rubygems/rubygems/commit/64f026c9d4
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/rubygems/rubygems/commit/5a094cbfab
|
|
|
|
sometimes
If a gem package is built from a specification whose platform has been
modified, it will include metadata using the old platform.
This change should fix the problem by making sure `original_platform` is
always properly set.
https://github.com/rubygems/rubygems/commit/ecd5cd4547
|
|
If the user has the encoding of her system messed up, she may end up
sending us incorrectly encoding input, causing "invalid byte sequence in
UTF-8" errors at random places.
These errors can be forced on a system without encoding issues with
something like:
```
$ gem install$(echo -e "\xFF") foo
/Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:534:in `block in set_config_file_name': invalid byte sequence in UTF-8 (ArgumentError)
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `each'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `set_config_file_name'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:177:in `initialize'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `new'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `do_configuration'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:33:in `run'
from /Users/deivid/.asdf/installs/ruby/3.2.1/bin/gem:10:in `<main>'
```
This commit makes RubyGems print a better error in this case:
```
$ ruby -Ilib bin/gem install$(echo -e "\xFF") foo
/Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:75:in `validate_encoding': invalid argument: 'install�' has invalid encoding (Gem::OptionParser::InvalidArgument)
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:31:in `run'
from bin/gem:10:in `<main>'
```
|
|
If a command requires two MFA authenticated requests, and webauthn is
enabled, then first one will succeed but the second one will fail
because it tries to reuse the OTP code from the first request and that
does not work.
This happens when you have not yet logged in to rubygems.org, or when
you have an API key with invalid scopes for the current operation. In
that case, we need:
* An API request to get a token or change scopes for the one that you
have.
* Another API request to perform the actual operation.
Instead of trying to reuse the token, make sure it's cleared so we are
asked to authenticate again. We only do this when webauthn is enabled
because reusing TOPT tokens otherwise is allowed and I don't want to
break that.
https://github.com/rubygems/rubygems/commit/669e343935
|
|
https://github.com/rubygems/rubygems/commit/15930fe126
|
|
https://github.com/rubygems/rubygems/commit/d478ec403f
|
|
directory as the binstub
https://github.com/rubygems/rubygems/commit/ab7d65cc18
Co-authored-by: Nobuyoshi Nakada <[email protected]>
|
|
https://github.com/rubygems/rubygems/commit/f2ed507afe
|
|
executables around
https://github.com/rubygems/rubygems/commit/4b81add54c
|
|
https://github.com/rubygems/rubygems/commit/3d5135e69b
|
|
https://github.com/rubygems/rubygems/commit/1024505d8e
|
|
https://github.com/rubygems/rubygems/commit/0719921af4
|
|
https://github.com/rubygems/rubygems/commit/18c4ea7d00
|
|
suggest_gems_from_name(), with test.
https://github.com/rubygems/rubygems/commit/7bb7c0ac2d
|
|
https://github.com/rubygems/rubygems/commit/6c67298584
|
|
https://github.com/rubygems/rubygems/commit/8f9983cc21
|
|
guaranteed to be rejected.
https://github.com/rubygems/rubygems/commit/56262a9384
|
|
https://github.com/rubygems/rubygems/commit/fe9999f2cf
|
|
We fixed some issues recently where Bundler would try to activate a
pysch spec with missing extensions and crash. However, as a side effect,
we started printing warnings about missing extensions in situations
where we did not warn before.
It may be interesting to warn on these new situations too, but in order
to minimize changes for now, I'm reverting to printing warnings in the
same situations as before.
https://github.com/rubygems/rubygems/commit/51ebff6982
|
|
A default gem does not always live in the same place. For example,
Bundler may be installed to `site_dir` when RubyGems have been upgraded.
A more reliable way seems to actually activate the default gem, so that
we can know for sure where it lives.
https://github.com/rubygems/rubygems/commit/c69f6dfb18
|
|
activated
https://github.com/rubygems/rubygems/commit/b44bf2ac74
|
|
https://github.com/rubygems/rubygems/commit/1cfc1d626c
|
|
If a default version and a regular version of etc are present at the
same time, RubyGems will end up duplicating work and running pristine
twice.
The `etc` gem is special because it's loaded by RubyGems by default.
When doing this, RubyGems will activate the regularly installed version.
The when `gem pristine` runs, it will find to installed specifications
but materialize both to the already activated specification.
Before:
```
$ gem pristine etc --version 1.4.3
Restoring gems to pristine condition...
Building native extensions. This could take a while...
Restored etc-1.4.3
Building native extensions. This could take a while...
Restored etc-1.4.3
```
After:
```
$ gem pristine etc --version 1.4.3
Restoring gems to pristine condition...
Skipped etc-1.4.3, it is a default gem
Building native extensions. This could take a while...
Restored etc-1.4.3
```
https://github.com/rubygems/rubygems/commit/5c279ac56b
|
|
https://github.com/rubygems/rubygems/commit/c80998a22a
|
|
Signed-off-by: Samuel Giddins <[email protected]>
Notes:
Merged: https://github.com/ruby/ruby/pull/11860
|
|
If old Bundler versions that unconditionally try to remove this method
are run with RubyGems versions _without_ this method, Bundler crashes
because it tries to remove a method that does not exist.
We need to wait until RubyGems cannot install any Bundler versions that
unconditionally remove this method.
https://github.com/rubygems/rubygems/commit/98804d261d
|
|
It would happen when the gem is already installed to multiple GEM_PATHS.
RubyGems was removing duplicate specs without considering the
potentially different `base_dir`. That was causing the gem to be
misidentified as not already installed, and a nil specification getting
returned from the installer as a result, causing the crash.
Solve it by making sure `Gem::Specification.all` really iterates through
all the different specifications in all GEM_PATHs.
https://github.com/rubygems/rubygems/commit/0d8c208f65
|
|
https://github.com/rubygems/rubygems/commit/c9e665eb8a
|
|
for some reason
https://github.com/rubygems/rubygems/commit/f8f589b1b8
|
|
The `LoadError` needs to be ignored because command may have been
defined and registered from a rubygems_plugin.rb file.
https://github.com/rubygems/rubygems/commit/31f13d449b
|
|
3.0 has been EOL since march, drop support for it before the 3.4 release is cut
Signed-off-by: Samuel Giddins <[email protected]>
https://github.com/rubygems/rubygems/commit/fc1f03b06a
|
|
clearing results from all sources
https://github.com/rubygems/rubygems/commit/0549ddbcc5
|
