rubygems-update 2.6.11 → 2.7.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3145b3347290a8137e8aafa35a0c28e7a2df9cf50129a35f8e99c4e37dfbad9
-  data.tar.gz: e9c34d66185f10c358e6bfb47d1a55828f3433d16eb1c1dddb127c36fcab297d
+  metadata.gz: 05af8c86d4ea15a0d09d4d8611a6aca36d75dc741cdd8e5d86076475ebe8a7de
+  data.tar.gz: a8dfa7a91b938c27adb2227e99bb3160384e5bfe4b0701f54bdda00039f5bedb
 SHA512:
-  metadata.gz: 9e27f2aa64535ebc313e5ede961eccb6b671ee65d42730ab84b200df57a3f819ef5f379d9c5041ee80d6127d8fad2a03c9661ecf1042fe712f9767178d883e43
-  data.tar.gz: 19aeb548def6a0b6a274e5281f1b840a8de35d026c31ff4d9bb1f827808b58758f6a1fe9d72688a8c02043cecae13912c5894832a27889ebbe0f8974190c1208
+  metadata.gz: 7c7a3afc31fb6b849ad66759acb0df2444867bf0db3f64ec05f7484689cb47bac289429d5a350fa7949a5d2a94090c14fd7eec552b8ea3678e71f4a65bdd11ba
+  data.tar.gz: 77a27d60b8709a0b26872bf616eeb4161cf9c847b0770e74976d631934b4ef88c2d5d2406c36846104361acea894e1b4104921fd286a6540adf17402d85dcecb

data/.travis.yml

@@ -4,6 +4,8 @@ after_script:
 before_script:
 - util/ci before_script
 language: ruby
+dist: trusty
+sudo: required
 branches:
   only:
     - master
@@ -16,33 +18,17 @@ rvm:
 - 1.9.3
 - 2.0.0
 - 2.1.10
-- 2.2.6
-- 2.3.3
-- 2.4.0
+- 2.2.9
+- 2.3.6
+- 2.4.3
+- 2.5.0
 - ruby-head
 env:
   - "TEST_TOOL=rubygems YAML=syck"
   - "TEST_TOOL=rubygems YAML=psych"
   - "TEST_TOOL=bundler RGV=master"
 script:
-- util/ci script
+  - util/ci script
 matrix:
-  exclude:
-    - rvm: 1.8.7
-      env: "TEST_TOOL=rubygems YAML=psych"
-    - rvm: 1.9.2
-      env: "TEST_TOOL=bundler RGV=master"
-    - rvm: 2.0.0
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.1.7
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.2.6
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.3.3
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.4.0
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: ruby-head
-      env: "TEST_TOOL=rubygems YAML=syck"
   allow_failures:
-    - rvm: ruby-head
+    - env: "TEST_TOOL=bundler RGV=master"

data/CONTRIBUTING.rdoc

@@ -1,7 +1,7 @@
 = How to contribute
 
-Community involvement is essential to RubyGems. We want to keep it easy as
-possible to contribute changes. There are a few guidelines that we need
+Community involvement is essential to RubyGems. We want to keep it as easy
+as possible to contribute changes. There are a few guidelines that we need
 contributors to follow to reduce the time it takes to get changes merged in.
 
 == Guidelines
@@ -11,9 +11,9 @@ contributors to follow to reduce the time it takes to get changes merged in.
 2. Ensure that your code blends well with ours:
    * No trailing whitespace
    * Match indentation (two spaces)
-   * Match coding style (`if`, `elsif`, `when` need trailing `then`)
+   * Match coding style (+if+, +elsif+, +when+ need trailing +then+)
 
-3. If any new files are added or existing files removed in a commit or PR, please update the `Manifest.txt` accordingly.
+3. If any new files are added or existing files removed in a commit or PR, please update the +Manifest.txt+ accordingly.
 
 4. Don't modify the history file or version number.
 
@@ -28,7 +28,7 @@ here: http://guides.rubygems.org/contributing/
     $ gem install hoe
     $ rake newb
 
-To run commands like `gem install` from the repo:
+To run commands like <tt>gem install</tt> from the repo:
 
     $ ruby -Ilib bin/gem install
 
@@ -38,59 +38,65 @@ RubyGems uses labels to track all issues and pull requests. In order to provide
 guidance to the community this is documentation of how labels are used in the
 rubygems repository.
 
+=== Contribution
+
+These labels are made to guide contributors to issue/pull requests that they
+can help with. That are marked with a light gray <tt>contribution: *</tt>
+
+* *small* - The issue described here will take a small amount of work to resolve,
+  and is a good option for a new contributor
+* *unclaimed* - The issue has not been claimed for work, and is awaiting willing
+  volunteers!
+
 === Type
 
-Most Issues or pull requests will have one of these labels, which describes the
-type of the issue or pull request.
+Most Issues or pull requests will have a light green <tt>type: *</tt> label, 
+which describes the type of the issue or pull request.
 
 * <b>bug report</b> - An issue describing a bug in rubygems. This would be something
   that is broken, confusing, unexpected behavior etc.
-* <b>bugfix</b> - A pull request that fixes a bug report.
+* <b>bug fix</b> - A pull request that fixes a bug report.
 * <b>feature request</b> - An issue describing a request for a new feature or
   enhancement.
 * <b>feature implementation</b> - A pull request implementing a feature request.
-* <b>question</b> - An issue that is a more of a question than a call for specific
+* *question* - An issue that is a more of a question than a call for specific
   changes in the codebase.
-* <b>cleanup</b> - Generally for a pull request that improves the code base without
+* *cleanup* - Generally for a pull request that improves the code base without
   fixing a bug or implementing a feature.
 * <b>major bump</b> - This issue or pull request requires a major version bump
-* <b>administrative</b> - This issue relates to administrative tasks that need to
+* *administrative* - This issue relates to administrative tasks that need to
   take place as it relates to rubygems
+* *documentation* - This issue relates to improving the documentation for
+  in this repo. Note that much of the rubygems documentation is here:
+  https://github.com/rubygems/guides
 
-Bug report and Bugfix have the same color. And feature implementation and
-feature request have the same color since they are related labels.
+=== Workflow / Status
 
-=== Workflow
+The light yellow <tt>status: *</tt> labels that indicate the state of an 
+issue, where it is in the process from being submitted to being closed. 
+These are listed in rough  progression order from submitted to closed.
 
-These are labels that indicate the state of an issue, where it is in the process
-from being submitted to being closed. These are listed in rough progression
-order from submitted to closed.
-
-* <b>triage</b> - This is an issue or pull request that needs to be properly
+* *triage* - This is an issue or pull request that needs to be properly
   labeled by by a maintainer.
-* <b>accepted</b> - This issue / pull request has been accepted as valid and
-  will be worked on by someone.
-* <b>ready for work</b> - An issue that is available for collaboration. This issue
+* *confirmed* - This issue/pull request has been accepted as valid, but
+  is not yet immediately ready for work.
+* <b>ready</b> - An issue that is available for collaboration. This issue
   should have existing discussion on the problem, and a description of how to go
-  about solving it. This label should be removed once someone has said they are
-  going to work on it.
-* <b>claimed</b> - An issue that is claimed by a member of the community and is
-  working on it. If the member can be assigned to the issue, they should be.
-* <b>feedback</b>- This issue/pull request is waiting on feedback from
-  one ore more of the folks involved in the issue. Generally their should be an
-  <tt>@username/team</tt> in the issue indicating who should respond.
-* <b>blocked</b> - the issue/pull request is currently unable to move forward because
-  of some specific reason, generally this will be a reason that is outside
+  about solving it.
+* <b>working</b> - An issue that has a specific invidual assigned to and planning
+  to do work on it.
+* <b>user feedback required</b> - The issue/pull request is blocked pending more
+  feedback from an end user
+* <b>blocked / backlog</b> - the issue/pull request is currently unable to move forward
+  because of some specific reason, generally this will be a reason that is outside
   RubyGems or needs feedback from some specific individual or group, and it may
   be a while before something it is resolved.
 
-Feedback and blocked all have the same color since they are all waiting on
-someone in particular to do something.
-
-=== Inactive Reason
+=== Closed Reason
 
 Reasons are why an issue / pull request was closed without being worked on or
-accepted. There should also be more detailed information in the comments.
+accepted. There should also be more detailed information in the comments. The
+closed reason labels are maroon <tt>closed: *</tt>.
 
 * *duplicate* - This is a duplicate of an existing bug. The comments must
   reference the existing issue.
@@ -100,32 +106,25 @@ accepted. There should also be more detailed information in the comments.
   is not accepted.
 * *deprecated* - An issue/pull request that no longer applies to the actively
   maintained codebase.
-
-All the reason labels are the same maroon color.
+* *discussion* - An issue/pull that is no longer about a concrete change, and
+  is instead being used for discussion.
 
 === Categories
 
 These are aspects of the codebase, or what general area the issue or pull
-request pertains too. Not all issues will have a category.
+request pertains too. Not all issues will have a category. All categorized
+issues have a blue <tt>category: *</tt> label.
 
-* <b>gemspec</b> - related to the gem specification itself
-* <b>API</b> - related to the public supported rubygems API. This is the code api,
+* *gemspec* - related to the gem specification itself
+* *API* - related to the public supported rubygems API. This is the code API,
   not a network related API.
-* <b>command</b> - related to something in <tt>Gem::Commands</tt>
-* <b>install</b> - related to gem installations
-* <b>documentation</b> - related to updating / fixing / clarifying documentation or
+* *command* - related to something in <tt>Gem::Commands</tt>
+* *install* - related to gem installations
+* *documentation* - related to updating / fixing / clarifying documentation or
   guides
 
-All category labels are the same blue color.
-
 === Platforms
 
 If an issue or pull request pertains to only one platform, then it should have
-an appropriate platform tag.
-
-* *windows*
-* *java*
-* *osx*
-* *linux*
-
-All platform tags are the same purple color.
+an appropriate purple <tt>platform: *</tt> label. Current platform labels:
+*windows*, *java*, *osx*, *linux*

data/History.txt

@@ -1,5 +1,410 @@
 # coding: UTF-8
 
+=== 2.7.11 / 2020-12-08
+
+Minor enhancements:
+
+* Add GlobalSign Root CA - R3 cert and remove outdated certs. Pull request #4100
+  by Aditya Prakash.
+
+=== 2.7.10 / 2019-06-14
+
+Minor enhancements:
+
+* Fix bundler rubygems binstub not properly looking for bundler. Pull request #2426
+  by David Rodríguez.
+* [BudlerVersionFinder] set .filter! and .compatible? to match only on major versions.
+  Pull request #2515 by Colby Swandale.
++ Update for compatibilty with new minitest. Pull request #2118 by MSP-Greg.
+
+=== 2.7.9 / 2019-03-05
+
+Security fixes:
+
+* Fixed following vulnerabilities:
+  * CVE-2019-8320: Delete directory using symlink when decompressing tar
+  * CVE-2019-8321: Escape sequence injection vulnerability in `verbose`
+  * CVE-2019-8322: Escape sequence injection vulnerability in `gem owner`
+  * CVE-2019-8323: Escape sequence injection vulnerability in API response handling
+  * CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
+  * CVE-2019-8325: Escape sequence injection vulnerability in errors
+
+=== 2.7.8 / 2018-11-02
+
+Minor enhancements:
+
+* [Requirement] Treat requirements with == versions as equal. Pull
+  request #2230 by Samuel Giddins.
+* Fix exec_name documentation. Pull request #2239 by Luis Sagastume.
+* [TarHeader] Extract the empty header into a constant. Pull request #2247
+  by Samuel Giddins.
+* Simplify the code that lets us call the original, non-monkeypatched
+  Kernel#require. Pull request #2267 by Leon Miller-Out.
+* Add install alias documentation. Pull request #2320 by ota42y.
+* [Rakefile] Set bundler build metadata when doing a release. Pull request
+  #2335 by Samuel Giddins.
+* Backport commits from ruby core . Pull request #2347 by SHIBATA Hiroshi.
+* Sign in to the correct host before push. Pull request #2366 by Luis
+  Sagastume.
+* Bump bundler-1.16.4. Pull request #2381 by SHIBATA Hiroshi.
+* Improve bindir flag description. Pull request #2383 by Luis Sagastume.
+* Update bundler-1.16.6. Pull request #2423 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Fix #1470: generate documentation when --install-dir is present. Pull
+  request #2229 by Elias Hernandis.
+* Fix no proxy checking. Pull request #2249 by Luis Sagastume.
+* Validate SPDX license exceptions. Pull request #2257 by Mikit.
+* Retry api specification spec with original platform. Pull request #2275
+  by Luis Sagastume.
+* Fix approximate recommendation with prereleases. Pull request #2345 by
+  David Rodríguez.
+* Gem::Version should handle nil like it used to before. Pull request
+  #2363 by Luis Sagastume.
+
+=== 2.7.7 / 2018-05-08
+
+Minor enhancements:
+
+* [RequestSet] Only suggest a gem version with an installable platform.
+  Pull request #2175 by Samuel Giddins.
+* Fixed no assignment variables about default gems installation. Pull
+  request #2181 by SHIBATA Hiroshi.
+* Backport improvements for test-case from Ruby core. Pull request #2189
+  by SHIBATA Hiroshi.
+* Fix ruby warnings in test suite. Pull request #2205 by Colby Swandale.
+* To use Gem::Specification#bindir of bundler instead of hard coded path.
+  Pull request #2208 by SHIBATA Hiroshi.
+* Update gem push --help description. Pull request #2215 by Luis
+  Sagastume.
+* Backport ruby core commits. Pull request #2264 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Frozen string fix - lib/rubygems/bundler_version_finder.rb. Pull request
+  #2115 by MSP-Greg.
+* Fixed tempfile leak for RubyGems 2.7.6. Pull request #2194 by SHIBATA
+  Hiroshi.
+* Add missing requires. Pull request #2196 by David Rodríguez.
+* Fix Gem::Version.correct?. Pull request #2203 by Masato Nakamura.
+* Fix verify_entry regex for metadata. Pull request #2212 by Luis
+  Sagastume.
+* Fix path checks for case insensitive filesystem. Pull request #2211 by
+  Lars Kanis.
+
+Compatibility changes:
+
+* Deprecate unused code before removing them at #1524. Pull request #2197
+  by SHIBATA Hiroshi.
+* Deprecate for rubygems 3. Pull request #2214 by SHIBATA Hiroshi.
+* Mark deprecation to `ubygems.rb` for RubyGems 4. Pull request #2269 by
+  SHIBATA Hiroshi.
+* Update bundler-1.16.2. Pull request #2291 by SHIBATA Hiroshi.
+
+=== 2.7.6 / 2018-02-16
+
+Security fixes:
+
+* Prevent path traversal when writing to a symlinked basedir outside of the root.
+  Discovered by nmalkin, fixed by Jonathan Claudius and Samuel Giddins.
+* Fix possible Unsafe Object Deserialization Vulnerability in gem owner.
+  Fixed by Jonathan Claudius.
+* Strictly interpret octal fields in tar headers.
+  Discoved by plover, fixed by Samuel Giddins.
+* Raise a security error when there are duplicate files in a package.
+  Discovered by plover, fixed by Samuel Giddins.
+* Enforce URL validation on spec homepage attribute.
+  Discovered by Yasin Soliman, fixed by Jonathan Claudius.
+* Mitigate XSS vulnerability in homepage attribute when displayed via `gem server`.
+  Discovered by Yasin Soliman, fixed by Jonathan Claudius.
+* Prevent Path Traversal issue during gem installation.
+  Discovered by nmalkin.
+
+=== 2.7.5
+
+Bug fixes:
+
+* To use bundler-1.16.1 #2121 by SHIBATA Hiroshi.
+* Fixed leaked FDs. Pull request #2127 by Nobuyoshi Nakada.
+* Support option for `--destdir` with upgrade installer. #2169 by Thibault Jouan.
+* Remove PID from gem index directory. #2155 by SHIBATA Hiroshi.
+* Avoid a #mkdir race condition #2148 by Samuel Giddins.
+* Gem::Util.traverse_parents should not crash on permissions error #2147 by Robert Ulejczyk.
+* Use `File.open` instead of `open`. #2142 by SHIBATA Hiroshi.
+* Set whether bundler is used for gemdeps with an environmental variable #2126 by SHIBATA Hiroshi.
+* Fix undefined method error when printing alert #1884 by Robert Ross.
+
+=== 2.7.4
+
+Bug fixes:
+
+* Fixed leaked FDs. Pull request #2127 by Nobuyoshi Nakada.
+* Avoid to warnings about gemspec loadings in rubygems tests. Pull request
+  #2125 by SHIBATA Hiroshi.
+* Fix updater with rubygems-2.7.3 Pull request #2124 by SHIBATA Hiroshi.
+* Handle environment that does not have `flock` system call. Pull request
+  #2107 by SHIBATA Hiroshi.
+
+=== 2.7.3
+
+Minor enhancements:
+
+* Removed needless version lock. Pull request #2074 by SHIBATA Hiroshi.
+* Add --[no-]check-development option to cleanup command. Pull request
+  #2061 by Lin Jen-Shin (godfat).
+* Merge glob pattern using braces. Pull request #2072 by Kazuhiro
+  NISHIYAMA.
+* Removed warnings of unused variables. Pull request #2084 by SHIBATA
+  Hiroshi.
+* Call SPDX.org using HTTPS. Pull request #2102 by Olle Jonsson.
+* Remove multi load warning from plugins documentation. Pull request #2103
+  by Thibault Jouan.
+
+Bug fixes:
+
+* Fix test failure on Alpine Linux. Pull request #2079 by Ellen Marie
+  Dash.
+* Avoid encoding issues by using binread in setup. Pull request #2089 by
+  Mauro Morales.
+* Fix rake install_test_deps once the rake clean_env does not exist. Pull
+  request #2090 by Lucas Oliveira.
+* Prevent to delete to "bundler-" prefix gem like bundler-audit. Pull
+  request #2086 by SHIBATA Hiroshi.
+* Generate .bat files on Windows platform. Pull request #2094 by SHIBATA
+  Hiroshi.
+* Workaround common options mutation in Gem::Command test. Pull request
+  #2098 by Thibault Jouan.
+* Check gems dir existence before removing bundler. Pull request #2104 by
+  Thibault Jouan.
+* Use setup command --regenerate-binstubs option flag. Pull request #2099
+  by Thibault Jouan.
+
+=== 2.7.2
+
+Bug fixes:
+
+* Added template files to vendoerd bundler. Pull request #2065 by SHIBATA
+  Hiroshi.
+* Added workaround for non-git environment. Pull request #2066 by SHIBATA
+  Hiroshi.
+
+=== 2.7.1 (2017-11-03)
+
+Bug fixes:
+
+* Fix `gem update --system` with RubyGems 2.7+. Pull request #2054 by
+  Samuel Giddins.
+
+=== 2.7.0 (2017-11-02)
+
+Major enhancements:
+
+* Update vendored bundler-1.16.0. Pull request #2051 by Samuel Giddins.
+* Use Bundler for Gem.use_gemdeps. Pull request #1674 by Samuel Giddins.
+* Add command `signin` to `gem` CLI. Pull request #1944 by Shiva Bhusal.
+* Add Logout feature to CLI. Pull request #1938 by Shiva Bhusal.
+
+Minor enhancements:
+
+* Added message to uninstall command for gem that is not installed. Pull
+  request #1979 by anant anil kolvankar.
+* Add --trust-policy option to unpack command. Pull request #1718 by
+  Nobuyoshi Nakada.
+* Show default gems for all platforms. Pull request #1685 by Konstantin
+  Shabanov.
+* Add Travis and Appveyor build status to README. Pull request #1918 by
+  Jun Aruga.
+* Remove warning `no email specified` when no email. Pull request #1675 by
+  Leigh McCulloch.
+* Improve -rubygems performance. Pull request #1801 by Samuel Giddins.
+* Improve the performance of Kernel#require. Pull request #1678 by Samuel
+  Giddins.
+* Improve user-facing messages by consistent casing of Ruby/RubyGems. Pull
+  request #1771 by John Labovitz.
+* Improve error message when Gem::RuntimeRequirementNotMetError is raised.
+  Pull request #1789 by Luis Sagastume.
+* Code Improvement: Inheritance corrected. Pull request #1942 by Shiva
+  Bhusal.
+* [Source] Autoload fileutils. Pull request #1906 by Samuel Giddins.
+* Use Hash#fetch instead of if/else in Gem::ConfigFile. Pull request #1824
+  by Daniel Berger.
+* Require digest when it is used. Pull request #2006 by Samuel Giddins.
+* Do not index the doc folder in the `update_manifest` task. Pull request
+  #2031 by Colby Swandale.
+* Don't use two postfix conditionals on one line. Pull request #2038 by
+  Ellen Marie Dash.
+* [SafeYAML] Avoid warning when Gem::Deprecate.skip is set. Pull request
+  #2034 by Samuel Giddins.
+* Update gem yank description. Pull request #2009 by David Radcliffe.
+* Fix formatting of installation instructions in README. Pull request
+  #2018 by Jordan Danford.
+* Do not use #quick_spec internally. Pull request #1733 by Jon Moss.
+* Switch from docs to guides reference. Pull request #1886 by Jonathan
+  Claudius.
+* Happier message when latest version is already installed. Pull request
+  #1956 by Jared Beck.
+* Update specification reference docs. Pull request #1960 by Grey Baker.
+* Allow Gem.finish_resolve to respect already-activated specs. Pull
+  request #1910 by Samuel Giddins.
+* Update cryptography for Gem::Security. Pull request #1691 by Sylvain
+  Daubert.
+* Don't output mkmf.log message if compilation didn't fail. Pull request
+  #1808 by Jeremy Evans.
+* Matches_for_glob - remove root path. Pull request #2010 by ahorek.
+* Gem::Resolver#search_for update for reliable searching/sorting. Pull
+  request #1993 by MSP-Greg.
+* Allow local installs with transitive prerelease requirements. Pull
+  request #1990 by Samuel Giddins.
+* Small style fixes to Installer Set. Pull request #1985 by Arthur
+  Marzinkovskiy.
+* Setup cmd: Avoid terminating option string w/ dot. Pull request #1825 by
+  Olle Jonsson.
+* Warn when no files are set. Pull request #1773 by Aidan Coyle.
+* Ensure `to_spec` falls back on prerelease specs. Pull request #1755 by
+  André Arko.
+* [Specification] Eval setting default attributes in #initialize. Pull
+  request #1739 by Samuel Giddins.
+* Sort ordering of sources is preserved. Pull request #1633 by Nathan
+  Ladd.
+* Retry with :prerelease when no suggestions are found. Pull request #1696
+  by Aditya Prakash.
+* [Rakefile] Run `git submodule update --init` in `rake newb`. Pull
+  request #1694 by Samuel Giddins.
+* [TestCase] Address comments around ui changes. Pull request #1677 by
+  Samuel Giddins.
+* Eagerly resolve in activate_bin_path. Pull request #1666 by Samuel
+  Giddins.
+* [Version] Make hash based upon canonical segments. Pull request #1659 by
+  Samuel Giddins.
+* Add Ruby Together CTA, rearrange README a bit. Pull request #1775 by
+  Michael Bernstein.
+* Update Contributing.rdoc with new label usage. Pull request #1716 by
+  Lynn Cyrin.
+* Add --host sample to help. Pull request #1709 by Code Ahss.
+* Add a helpful suggestion when `gem install` fails due to required_rub….
+  Pull request #1697 by Samuel Giddins.
+* Add cert expiration length flag. Pull request #1725 by Luis Sagastume.
+* Add submodule instructions to manual install. Pull request #1727 by
+  Joseph Frazier.
+* Allow usage of multiple `--version` operators. Pull request #1546 by
+  James Wen.
+* Warn when requiring deprecated files. Pull request #1939 by Ellen Marie
+  Dash.
+
+Compatibility changes:
+
+* Use `-rrubygems` instead of `-rubygems.rb`. Because ubygems.rb is
+  unavailable on Ruby 2.5. Pull request #2028 #2027 #2029
+  by SHIBATA Hiroshi.
+* Deprecate Gem::InstallerTestCase#util_gem_bindir and
+  Gem::InstallerTestCase#util_gem_dir. Pull request #1729 by Jon Moss.
+* Deprecate passing options to Gem::GemRunner. Pull request #1730 by Jon
+  Moss.
+* Add deprecation for Gem#datadir. Pull request #1732 by Jon Moss.
+* Add deprecation warning for Gem::DependencyInstaller#gems_to_install.
+  Pull request #1731 by Jon Moss.
+* Update Code of Conduct to Contributor Covenant v1.4.0. Pull request
+  #1796 by Matej.
+
+Bug fixes:
+
+* Fix issue for MinGW / MSYS2 builds and testing. Pull request #1876 by
+  MSP-Greg.
+* Fixed broken links and overzealous URL encoding in gem server. Pull
+  request #1809 by Nicole Orchard.
+* Fix a typo. Pull request #1722 by Koichi ITO.
+* Fix error message Gem::Security::Policy. Pull request #1724 by Nobuyoshi
+  Nakada.
+* Fixing links markdown formatting in README. Pull request #1791 by Piotr
+  Kuczynski.
+* Fix failing Bundler 1.8.7 CI builds. Pull request #1820 by Samuel
+  Giddins.
+* Fixed test broken on ruby-head . Pull request #1842 by SHIBATA Hiroshi.
+* Fix typos with misspell. Pull request #1846 by SHIBATA Hiroshi.
+* Fix gem open to open highest version number rather than lowest. Pull
+  request #1877 by Tim Pope.
+* Fix test_self_find_files_with_gemfile to sort expected files. Pull
+  request #1878 by Kazuaki Matsuo.
+* Fix typos in CONTRIBUTING.rdoc. Pull request #1909 by Mark Sayson.
+* Fix some small documentation issues in installer. Pull request #1972 by
+  Colby Swandale.
+* Fix links in Policies document. Pull request #1964 by Alyssa Ross.
+* Fix NoMethodError on bundler/inline environment. Pull request #2042 by
+  SHIBATA Hiroshi.
+* Correct comments for Gem::InstallerTestCase#setup. Pull request #1741 by
+  MSP-Greg.
+* Use File.expand_path for certification and key location. Pull request
+  #1987 by SHIBATA Hiroshi.
+* Rescue EROFS. Pull request #1417 by Nobuyoshi Nakada.
+* Fix spelling of 'vulnerability'. Pull request #2022 by Philip Arndt.
+* Fix metadata link key names. Pull request #1896 by Aditya Prakash.
+* Fix a typo in uninstall_command.rb. Pull request #1934 by Yasuhiro
+  Horimoto.
+* Gem::Requirement.create treat arguments as variable-length. Pull request
+  #1830 by Toru YAGI.
+* Display an explanation when rake encounters an ontological problem. Pull
+  request #1982 by Wilson Bilkovich.
+* [Server] Handle gems with names ending in `-\d`. Pull request #1926 by
+  Samuel Giddins.
+* [InstallerSet] Avoid reloading _all_ local gems multiple times during
+  dependency resolution. Pull request #1925 by Samuel Giddins.
+* Modify the return value of Gem::Version.correct?. Pull request #1916 by
+  Tsukuru Tanimichi.
+* Validate metadata link keys. Pull request #1834 by Aditya Prakash.
+* Add changelog to metadata validation. Pull request #1885 by Aditya
+  Prakash.
+* Replace socket error text message. Pull request #1823 by Daniel Berger.
+* Raise error if the email is invalid when building cert. Pull request
+  #1779 by Luis Sagastume.
+* [StubSpecification] Don’t iterate through all loaded specs in #to_spec.
+  Pull request #1738 by Samuel Giddins.
+
+=== 2.6.14 / 2017-10-09
+
+Security fixes:
+
+* Whitelist classes and symbols that are in loaded YAML.
+  See CVE-2017-0903 for full details.
+  Fix by Aaron Patterson.
+
+=== 2.6.13 / 2017-08-27
+
+Security fixes:
+
+* Fix a DNS request hijacking vulnerability. (CVE-2017-0902)
+  Discovered by Jonathan Claudius, fix by Samuel Giddins.
+* Fix an ANSI escape sequence vulnerability. (CVE-2017-0899)
+  Discovered by Yusuke Endoh, fix by Evan Phoenix.
+* Fix a DOS vulnerability in the `query` command. (CVE-2017-0900)
+  Discovered by Yusuke Endoh, fix by Samuel Giddins.
+* Fix a vulnerability in the gem installer that allowed a malicious gem
+  to overwrite arbitrary files. (CVE-2017-0901)
+  Discovered by Yusuke Endoh, fix by Samuel Giddins.
+
+=== 2.6.12 / 2017-04-30
+
+Bug fixes:
+
+* Fix test_self_find_files_with_gemfile to sort expected files. Pull
+  request #1880 by Kazuaki Matsuo.
+* Fix issue for MinGW / MSYS2 builds and testing. Pull request #1879 by
+  MSP-Greg.
+* Fix gem open to open highest version number rather than lowest. Pull
+  request #1877 by Tim Pope.
+* Add a test for requiring a default spec as installed by the ruby
+  installer. Pull request #1899 by Samuel Giddins.
+* Fix broken --exact parameter to gem command. Pull request #1873 by Jason
+  Frey.
+* [Installer] Generate backwards-compatible binstubs. Pull request #1904
+  by Samuel Giddins.
+* Fix pre-existing source recognition on add action. Pull request #1883 by
+  Jonathan Claudius.
+* Prevent negative IDs in output of #inspect. Pull request #1908 by Vít
+  Ondruch.
+* Allow Gem.finish_resolve to respect already-activated specs. Pull
+  request #1910 by Samuel Giddins.
+
 === 2.6.11 / 2017-03-16
 
 Bug fixes: