Merge pull request #9585 from ruby/split-compact-index-entry-on-first-colon

Split compact index entries on the first colon on older RubyGems

(cherry picked from commit 6d11166)

Author: hsbt

bundler/lib/bundler/rubygems_ext.rb

@@ -465,6 +465,28 @@ def parse(line)
     Resolver::APISet::GemParser.prepend(UnfreezeCompactIndexParsedResponse)
   end
 
+  # RubyGems before 4.0.13 split compact index dependency/requirement entries
+  # on every colon, which mangles metadata values that contain colons such as
+  # the `created_at` timestamps the cooldown feature relies on. Split only on
+  # the first colon so those values survive on older RubyGems.
+  #
+  # The module is defined unconditionally so it stays testable on any RubyGems,
+  # but only prepended when the host RubyGems still has the buggy behavior.
+  module SplitCompactIndexEntryOnFirstColon
+    private
+
+    def parse_dependency(string)
+      dependency = string.split(":", 2)
+      dependency[-1] = dependency[-1].split("&") if dependency.size > 1
+      dependency[0] = -dependency[0]
+      dependency
+    end
+  end
+
+  unless Gem.rubygems_version >= Gem::Version.new("4.0.13")
+    Resolver::APISet::GemParser.prepend(SplitCompactIndexEntryOnFirstColon)
+  end
+
   if Gem.rubygems_version < Gem::Version.new("3.6.0")
     class Package; end
     require "rubygems/package/tar_reader"

bundler/spec/bundler/rubygems_ext_spec.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "bundler/rubygems_ext"
+
+RSpec.describe Gem::SplitCompactIndexEntryOnFirstColon do
+  # Reproduces the RubyGems < 4.0.13 `Gem::Resolver::APISet::GemParser` that
+  # split each compact index entry on every colon, corrupting metadata values
+  # that themselves contain colons.
+  let(:legacy_parser_class) do
+    Class.new do
+      def parse_dependency(string)
+        dependency = string.split(":")
+        dependency[-1] = dependency[-1].split("&") if dependency.size > 1
+        dependency[0] = -dependency[0]
+        dependency
+      end
+    end
+  end
+
+  before { legacy_parser_class.prepend(described_class) }
+
+  it "preserves colon-bearing metadata values such as created_at timestamps" do
+    parser = legacy_parser_class.new
+
+    expect(parser.send(:parse_dependency, "created_at:2026-05-12T10:00:00Z")).to eq(["created_at", ["2026-05-12T10:00:00Z"]])
+  end
+
+  it "still parses ordinary name:requirement entries" do
+    parser = legacy_parser_class.new
+
+    expect(parser.send(:parse_dependency, "myrack:>= 1.0")).to eq(["myrack", [">= 1.0"]])
+  end
+
+  it "keeps parse_dependency private" do
+    parser = legacy_parser_class.new
+
+    expect { parser.parse_dependency("created_at:x") }.to raise_error(NoMethodError, /private method/)
+  end
+end

bundler/spec/support/windows_tag_group.rb

@@ -142,6 +142,7 @@ module WindowsTagGroup
         "spec/bundler/ci_detector_spec.rb",
       ],
       windows_d: [
+        "spec/bundler/rubygems_ext_spec.rb",
         "spec/bundler/resolver/cooldown_spec.rb",
         "spec/install/cooldown_spec.rb",
         "spec/commands/outdated_spec.rb",