[rubygems/rubygems] Fix possible malicious website to example.com

example.com is the canonical stand in for domain examples and will never have a backing website. via https://www.rfc-editor.org/rfc/rfc2606.html https://github.com/rubygems/rubygems/commit/26622c81c2
2022-11-09 12:17:21 -05:00 · 2021-09-17 09:41:05 -07:00 · 2021-09-17 09:41:05 -07:00 · 105e037fe8
commit 105e037fe8
parent cd2e6318f6
2 changed files with 2 additions and 2 deletions
--- a/lib/bundler/templates/newgem/newgem.gemspec.tt
+++ b/lib/bundler/templates/newgem/newgem.gemspec.tt
@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
 <%- end -%>
  spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"

-  spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'"
+  spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"

  spec.metadata["homepage_uri"] = spec.homepage
  spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
--- a/spec/bundler/commands/newgem_spec.rb
+++ b/spec/bundler/commands/newgem_spec.rb
@ -563,7 +563,7 @@ RSpec.describe "bundle gem" do
      bundle "gem #{gem_name}"

      expect(generated_gemspec.metadata["allowed_push_host"]).
-        to match(/mygemserver\.com/)
+        to match(/example\.com/)
    end

    it "sets a minimum ruby version" do