kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[rubygems/rubygems] filter dependency type and name strictly.

Browse source 
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>

92892bbc3a
This commit is contained in:
Hiroshi SHIBATA 2019-09-25 21:34:55 +09:00
parent 0b65a7a19e
commit 1eb503373e
No known key found for this signature in database
GPG key ID: F9CF13417264FAC2
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/rubygems/installer.rb
View file

@ -754,7 +754,11 @@ class Gem::Installer
raise Gem::InstallError, "#{spec} has an invalid specification_version"
end
if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ }
if spec.dependencies.any? {|dep| dep.type != :runtime && dep.type != :development }
raise Gem::InstallError, "#{spec} has an invalid dependencies"
end
if spec.dependencies.any? {|dep| dep.name =~ /(?:\R|[<>])/ }
raise Gem::InstallError, "#{spec} has an invalid dependencies"
end
end