[rubygems/rubygems] github source should default to secure protocol

Bundler 2 switched to secure https here c2e81f8ff6 Insecure protocols should be avoided to prevent MITM attacks. https://github.com/rubygems/rubygems/commit/758413364a
Merged: https://github.com/ruby/ruby/pull/6715
2022-10-28 15:30:21 -04:00 · 2022-10-28 15:30:21 -04:00 · ceeefb5870 · 2025-04-09 13:49:37 +00:00
commit ceeefb5870
parent adfbee85e0
2 changed files with 3 additions and 3 deletions
--- a/lib/rubygems/request_set/gem_dependency_api.rb
+++ b/lib/rubygems/request_set/gem_dependency_api.rb
@ -214,7 +214,7 @@ class Gem::RequestSet::GemDependencyAPI
    git_source :github do |repo_name|
      repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include? "/"

-      "git://github.com/#{repo_name}.git"
+      "https://github.com/#{repo_name}.git"
    end

    git_source :bitbucket do |repo_name|
--- a/test/rubygems/test_gem_request_set_gem_dependency_api.rb
+++ b/test/rubygems/test_gem_request_set_gem_dependency_api.rb
@ -183,7 +183,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase

    assert_equal [dep("a")], @set.dependencies

-    assert_equal %w[git://github.com/example/repository.git master],
+    assert_equal %w[https://github.com/example/repository.git master],
                 @git_set.repositories["a"]

    expected = { "a" => Gem::Requirement.create("!") }
@ -196,7 +196,7 @@ class TestGemRequestSetGemDependencyAPI < Gem::TestCase

    assert_equal [dep("a")], @set.dependencies

-    assert_equal %w[git://github.com/example/example.git master],
+    assert_equal %w[https://github.com/example/example.git master],
                 @git_set.repositories["a"]

    expected = { "a" => Gem::Requirement.create("!") }