Ruby » Ruby master

mame (Yusuke Endoh) wrote in #note-1:

The Ruby package itself does not depend on log4j. For an application or library written in Ruby, please ask to its maintainer.

https://github.com/ruby/ruby/blob/master/spec/bundler/resolver/platform_spec.rb#L31 Does it installs log4j?

salamani (Ravi Salamani) wrote in #note-2:

mame (Yusuke Endoh) wrote in #note-1:

The Ruby package itself does not depend on log4j. For an application or library written in Ruby, please ask to its maintainer.

https://github.com/ruby/ruby/blob/master/spec/bundler/resolver/platform_spec.rb#L31 Does it installs log4j?

This is a Ruby spec that verifies bundler. This particular path would only be run by JRuby and possibly TruffleRuby, as CRuby is not written with Java.

Yes, that's correct. The naming in these test cases is inspired by realworld packages, but these are just dummy packages just for the sake of testing, not the real library code. You can replace log4j with very-secure-library in those tests and they should still pass.