Ruby » Ruby master

Thanks for the merge to Ruby 3.3.

Backport changed from 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: REQUIRED to 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: DONE

However, since this is a security fix, I think it should be merged back into 3.2 and 3.1 as well.

https://www.ruby-lang.org/en/downloads/

Stable releases:
Ruby 3.3.1
Ruby 3.2.4

In security maintenance phase (will EOL soon!):
Ruby 3.1.5

Additionally, I backported 9f708d48f6df37ee9600db9d51b57a156609a13b, 0301473fb523c71d8cdc4966971f31f502001185 and 7f0e26b7f99bf76408569892ce20318501f74729 into ruby_3_2 branch.
However the failure in test-bundled-gems persists. I think we should backport additional changesets related to bundled gems tests. I will continue to investigate. Any suggestions are welcome.

However the failure in test-bundled-gems persists. I think we should backport additional changesets related to bundled gems tests. I will continue to investigate. Any suggestions are welcome.

• https://rubygems.org/gems/rexml/versions/3.2.6
  • Development依存関係 (3):
    • bundler >= 0
    • rake >= 0
    • test-unit >= 0
• https://rubygems.org/gems/rexml/versions/3.2.8
  • Runtime依存関係 (1):
    • strscan >= 3.0.9

The version of strscan required has changed, which may be the cause.

https://github.com/ruby/ruby/pull/10806 may be related.

The version of strscan required has changed,

Right, I think 7f0e26b7f99bf76408569892ce20318501f74729 was the follow-up for the dependency change, and the backporting it (with some preceding changesets) cure the failures on the test of rexml(partially) and rss.
However the test of rexml on ruby core repo still failed. https://github.com/ruby/ruby/actions/runs/9334302271/job/25692373287#step:16:182

https://github.com/ruby/ruby/actions/runs/9334302271/job/25692373287#step:16:185

 Error: test_require_home_runner_work_ruby_ruby_src_gems_src_rexml_test_test_document_rb(RequireFailedErrors): LoadError: failed to load </home/runner/work/ruby/ruby/src/gems/src/rexml/test/test_document.rb>: cannot load such file -- core_assertions

We need test-unit-ruby-core gem for it.

Other failures may be related to StringScanner version. We'll release a new REXML version with https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420 in a few weeks. Could you try it after we release it?

@kou (Kouhei Sutou) Thank you for your investigation! I will revert previous backports on ruby_3_2 for a while to keep CI green.

Thanks all. The current make test-bundled-gems is not working with C ext dependencies like strscan. I removed them at https://github.com/ruby/ruby/blob/master/tool/lib/bundled_gem.rb#L67 if dependencies are the default gems. We can use them via ruby source tree.

The above workaround is only working with resolving with correct version like strscan >= 3.0.9 manually. The version of strscan with ruby_3_2 is 3.0.5. Because https://bugs.ruby-lang.org/issues/20516#note-10 is failed maybe.

We have the following solution:

• Wait to release rexml-3.2.9.
• Upgrade strscan-3.0.9+ on ruby_3_1 and ruby_3_2 and rexml-3.2.8.

Could you try REXML 3.2.9?