New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Freeze more strings in generated gemspecs #6974
Freeze more strings in generated gemspecs #6974
Conversation
Specifically, this will have frozen string literals for: - Gem platform tuple entries - Gem::Version strings - Gem::Specification#installed_by_version - Dependency requirement strings
Will this change the checksums of the gemspecs or is it outside of that process? I think we call to_ruby when storing the plain text gemspec for gem content storage? |
it's outside of that process, since the gemspec we upload to |
Ok cool. Now I'm wondering which gemspec version should be uploaded with gem content. |
IMO it should be the yaml gemspec that's inside the .gem, but that's mostly since it's what'd be most helpful to me from a rubygems.org security perspective |
That seems most reasonable to me. I can't imagine what else we'd want besides the most useful thing 😆 |
…in-generated-gemspecs Freeze more strings in generated gemspecs (cherry picked from commit 4288da7)
…in-generated-gemspecs Freeze more strings in generated gemspecs (cherry picked from commit 4288da7)
…in-generated-gemspecs Freeze more strings in generated gemspecs (cherry picked from commit 4288da7)
…in-generated-gemspecs Freeze more strings in generated gemspecs (cherry picked from commit 4288da7)
Specifically, this will have frozen string literals for:
What was the end-user or developer problem that led to this PR?
What is your fix for the problem, implemented in this PR?
Make sure the following tasks are checked