1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rubygems/rubygems] filter dependency type and name strictly.

Browse Source 
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>

https://github.com/rubygems/rubygems/commit/92892bbc3a
This commit is contained in:
Hiroshi SHIBATA 2019-09-25 21:34:55 +09:00
parent 0b65a7a19e
commit 1eb503373e
No known key found for this signature in database
GPG Key ID: F9CF13417264FAC2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/rubygems/installer.rb
View File

@ -754,7 +754,11 @@ class Gem::Installer
raise Gem::InstallError, "#{spec} has an invalid specification_version"
end
if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ }
if spec.dependencies.any? {|dep| dep.type != :runtime && dep.type != :development }
raise Gem::InstallError, "#{spec} has an invalid dependencies"
end
if spec.dependencies.any? {|dep| dep.name =~ /(?:\R|[<>])/ }
raise Gem::InstallError, "#{spec} has an invalid dependencies"
end
end