3ae8f4d171
Encrypted keys were updated [previously][1] to restrict other users from reading the file by default. However, there is a brief period of time between an encrypted key being created and its permissions being set to 0600. This means that it is possible for another user to read that file during that time. This commit fixes that issue by setting the desired permissions when the file is created. The ability to use the `perm` option was added in Thor 1.2.2 so the minimum version was updated in the Railties gemspec. [1]: 4c6c3575c66ce10043c9ea04023788890a228de8
51 lines
1.8 KiB
Ruby
51 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
|
|
|
|
Gem::Specification.new do |s|
|
|
s.platform = Gem::Platform::RUBY
|
|
s.name = "railties"
|
|
s.version = version
|
|
s.summary = "Tools for creating, working with, and running Rails applications."
|
|
s.description = "Rails internals: application bootup, plugins, generators, and rake tasks."
|
|
|
|
s.required_ruby_version = ">= 2.7.0"
|
|
|
|
s.license = "MIT"
|
|
|
|
s.author = "David Heinemeier Hansson"
|
|
s.email = "david@loudthinking.com"
|
|
s.homepage = "https://rubyonrails.org"
|
|
|
|
s.files = Dir["CHANGELOG.md", "README.rdoc", "MIT-LICENSE", "RDOC_MAIN.md", "exe/**/*", "lib/**/{*,.[a-z]*}"]
|
|
s.require_path = "lib"
|
|
|
|
s.bindir = "exe"
|
|
s.executables = ["rails"]
|
|
|
|
s.rdoc_options << "--exclude" << "."
|
|
|
|
s.metadata = {
|
|
"bug_tracker_uri" => "https://github.com/rails/rails/issues",
|
|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md",
|
|
"documentation_uri" => "https://api.rubyonrails.org/v#{version}/",
|
|
"mailing_list_uri" => "https://discuss.rubyonrails.org/c/rubyonrails-talk",
|
|
"source_code_uri" => "https://github.com/rails/rails/tree/v#{version}/railties",
|
|
"rubygems_mfa_required" => "true",
|
|
}
|
|
|
|
# NOTE: Please read our dependency guidelines before updating versions:
|
|
# https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
|
|
|
|
s.add_dependency "activesupport", version
|
|
s.add_dependency "actionpack", version
|
|
|
|
s.add_dependency "rackup", ">= 1.0.0"
|
|
s.add_dependency "rake", ">= 12.2"
|
|
s.add_dependency "thor", "~> 1.0", ">= 1.2.2"
|
|
s.add_dependency "zeitwerk", "~> 2.6"
|
|
s.add_dependency "irb"
|
|
|
|
s.add_development_dependency "actionview", version
|
|
end
|