Closed MatheusRich closed 4 months ago
cc @igrigorik, @dorianmariefr
Would hosting it under thoughtbot organisation help?
I can also give push access to Raph e.g. anyone at thoughtbot
Thanks for pushing on this!
The best outcome here would be to revive and find new stewards for the existing cookiejar repo and gem. em-http is one of a number of projects depending on it, and it would be a win for everyone if we could keep current pointers instead of fragmenting the landscape. I reached out to @dwaite earlier this week but have not heard back. Let's give him a bit more time to circle back. If he's awol, then—yes—an official cookiejar replacement repo with multiple owners would be the best path forward.
My issue has been about concerns with supply chain attacks, as I am no longer active enough in the ruby community to judge the legitimacy of an a potential adopter of the library, and ruby gems (like most language dependency managers) is rather week in features protecting against or otherwise providing transparency to such changes.
The cookiejar gem got used more than I expected it to!
But it sounds like others are fine with @dorianmariefr adopting the library. I sent a request to add you to gem ownership to your GitHub-associated email address. Please take good care of the gem!
@dwaite @dorianmariefr 👏🏻 ty both! 🙇🏻
@dwaite sorry I saw your invite too late, could you resend please ?
Would be great to get an update on this.
@slavingia I got access to the cookiejar gem on rubygems
Are we OK to resolve / close this? @dorianmariecom all good on your end, necessary fix in place?
AFAIK, I released a fix before turning the reins over.
@igrigorik nothing to fix right now, @dwaite did the fix a while ago, thanks to him.
So I think this can be closed
Fixes #354
Regexp::new
with 3 arguments is deprecated and fails on Ruby 3.3. The cookiejar gem repo has been archived, so let's use a new one.