Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version and push to Rubygems #36

Closed
gabceb opened this issue May 10, 2013 · 26 comments
Closed

Bump version and push to Rubygems #36

gabceb opened this issue May 10, 2013 · 26 comments

Comments

@gabceb
Copy link

gabceb commented May 10, 2013

Please 😔
@teeparham
Copy link

@mbleigh can I help triage issues / test to get a new release out? Releasing a new gem with the updated oauth2 dependency would be nice, at least.

@axilleas
Copy link

👍 I am trying to package the auth family gems for Fedora and this is somehow a stopper.

@BlakeLucchesi
Copy link

The easiest/recommended way to get around this is to specify a git or github location in your gemfile so that it pulls the latest code when bundling:

gem 'omniauth-oauth2', github: 'intridea/omniauth-oauth2'

if you want to use a specific version tag/branch -- notice: if you use v1.1.1 of omniauth-oauth2 it will only work with oauth2 "~> 0.8.0", so you'll probably want to use my example above.

gem 'omniauth-oauth2', :git => 'git://github.com/intridea/omniauth-oauth2.git', :tag: => 'v1.1.1'

@BlakeLucchesi
Copy link

alternatively, you may fork the code, mark a new tag and use your new tag if you really want to use the latest version of oauth2 but don't want to just automatically pull in any new commits to omniauth-oauth2 master next time you run bundle update without further vetting.

@tmilewski
Copy link
Member

/cc @mbleigh @sferik (I don't retain the ability to release.)

@sferik
Copy link
Contributor

sferik commented Sep 4, 2013

@tmilewski I can give you gem push access to omniauth but @mbleigh is the only one with access this repo, so you’ll need to get that from him.

@tmilewski
Copy link
Member

@sferik That'd be great, thanks!

@sferik
Copy link
Contributor

sferik commented Sep 4, 2013

💥 BOOM 💥

gem owner omniauth --add tmilewski@gmail.com
Pushing gem to https://rubygems.org...
Owner added successfully.
Pushing gem to https://rubygems.org...
Owners for gem: omniauth
- tmilewski@gmail.com
- mbleigh@mbleigh.com
- sferik@gmail.com

@gabceb
Copy link
Author

gabceb commented Sep 4, 2013

SUCCESS! Thanks everybody!

@gabceb gabceb closed this as completed Sep 4, 2013
@axilleas
Copy link

axilleas commented Sep 5, 2013

@gabceb is this really resolved? I don't see a bump in rubygems.org. Am I missing something?

@tmilewski
Copy link
Member

@gabceb It's up to Michael at this point, he's the only one with the ability to do so.

@gabceb
Copy link
Author

gabceb commented Sep 5, 2013

Ha. You are absolutely right @axilleas. I checked Rubygems yesterday and saw the image below and probably my brain was like "Yep, september sounds about right" but I didn't realize it was the wrong day/year. Reopening....

image

@gabceb gabceb reopened this Sep 5, 2013
@warmwaffles
Copy link

@sferik @axilleas @tmilewski the newer version has still not been cut

EDIT: A release candidate could be cut and if any issues rise from it, then they can be addressed.

@sferik
Copy link
Contributor

sferik commented Oct 29, 2013

I can not release, nor can @axilleas or @tmilewski. The only person with gem push access is @mbleigh.

@tmilewski
Copy link
Member

I was just going to type the same thing but @sferik beat me to it.

@joscarsson
Copy link

I would really like to see the bump in version for oauth2 form 0.8.0 to 0.9.x happen in rubygems as well (currently done on master but not even tagged on github yet), need the new functionality from oauth2 to get my identity provider working.

@anthonator
Copy link

👍

@bbatsov
Copy link

bbatsov commented Nov 14, 2013

@mbleigh Maybe you should grant push access to @sferik, @axilleas or @tmilewski? Anyways, I hope someone would be able to release a new version soon.

@yorkxin
Copy link

yorkxin commented Nov 18, 2013

Hi, could you release 1.1.2? I need a feature that is not available in 1.1.1 but available in master.

Specifically, it's #19, which makes it possible to set AccessToken mode when requesting for raw_info to the API server. The API I'm working with only support { :mode => :query, :param_name => 'access_token' }. With this feature I can set mode with option :auth_token_params.

@niels
Copy link

niels commented Nov 23, 2013

+1 👍

@guilhermesimoes guilhermesimoes mentioned this issue Jan 15, 2014
Merged
@thesp0nge
Copy link

Any news on bumping gem version? It fixes a critical security issue, it's important to release a 1.1.2 version

@tmilewski
Copy link
Member

I'm working on gaining access to push to Rubygems. Sorry for the huge delays.

@thesp0nge
Copy link

In codesake-dawn, I'm releasing soon version 1.0.0, to match this vulnerability I recommend to tell Gemfile to grab the git source instead of the rubygem (thesp0nge/dawnscanner@fa45f6c).

Can you please update me when a version 1.1.2 will be out so to update mitigation message accordingly?

Thanks
Paolo

@sferik
Copy link
Contributor

sferik commented Jan 15, 2014

💥 https://twitter.com/mbleigh/status/423494998571499520

@bbatsov
Copy link

bbatsov commented Jan 15, 2014

@sferik Finally!

@sferik
Copy link
Contributor

sferik commented Jan 15, 2014

Sorry for the wait, everybody. I’m just reviewing the changes since the last release and will push out a new version shortly.

@sferik sferik closed this as completed in a9ea6f8 Jan 16, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests