turkdevops · pull · Dec 15, 2025 · Nov 25, 2025 · Dec 14, 2025 · Dec 15, 2025
diff --git a/.github/workflows/check_misc.yml b/.github/workflows/check_misc.yml
@@ -103,7 +103,7 @@ jobs:
           }}
 
       - name: Upload docs
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6.0.0
         with:
           path: html
           name: ${{ steps.docs.outputs.htmlout }}

diff --git a/.github/workflows/mingw.yml b/.github/workflows/mingw.yml
@@ -81,7 +81,7 @@ jobs:
       )}}
 
     steps:
-      - uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 # v2.29.0
+      - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0
         id: msys2
         with:
           msystem: ${{ matrix.msystem }}

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/wasm.yml b/.github/workflows/wasm.yml
@@ -140,7 +140,7 @@ jobs:
       - run: tar cfz ../install.tar.gz -C ../install .
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: ruby-wasm-install
           path: ${{ github.workspace }}/install.tar.gz
@@ -168,7 +168,7 @@ jobs:
       - name: Save Pull Request number
         if: ${{ github.event_name == 'pull_request' }}
         run: echo "${{ github.event.pull_request.number }}" >> ${{ github.workspace }}/github-pr-info.txt
-      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: ${{ github.event_name == 'pull_request' }}
         with:
           name: github-pr-info

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -88,7 +88,7 @@ jobs:
 
       - name: Restore vcpkg artifact
         id: restore-vcpkg
-        uses: actions/cache/restore@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0
+        uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: src\vcpkg_installed
           key: windows-${{ matrix.os }}-vcpkg-${{ hashFiles('src/vcpkg.json') }}
@@ -100,7 +100,7 @@ jobs:
         if: ${{ ! steps.restore-vcpkg.outputs.cache-hit }}
 
       - name: Save vcpkg artifact
-        uses: actions/cache/save@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0
+        uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: src\vcpkg_installed
           key: windows-${{ matrix.os }}-vcpkg-${{ hashFiles('src/vcpkg.json') }}

diff --git a/doc/reline/face.md b/doc/reline/face.md
diff --git a/lib/bundler/shared_helpers.rb b/lib/bundler/shared_helpers.rb
@@ -105,7 +105,8 @@ def set_bundle_environment
     def filesystem_access(path, action = :write, &block)
       yield(path.dup)
     rescue Errno::EACCES => e
-      raise unless e.message.include?(path.to_s) || action == :create
+      path_basename = File.basename(path.to_s)
+      raise unless e.message.include?(path_basename) || action == :create
 
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN

diff --git a/lib/rubygems.rb b/lib/rubygems.rb
@@ -17,6 +17,7 @@ module Gem
 require_relative "rubygems/errors"
 require_relative "rubygems/target_rbconfig"
 require_relative "rubygems/win_platform"
+require_relative "rubygems/util/atomic_file_writer"
 
 ##
 # RubyGems is the Ruby standard for publishing and managing third party
@@ -833,14 +834,12 @@ def self.read_binary(path)
   end
 
   ##
-  # Safely write a file in binary mode on all platforms.
+  # Atomically write a file in binary mode on all platforms.
 
   def self.write_binary(path, data)
-    File.binwrite(path, data)
-  rescue Errno::ENOSPC
-    # If we ran out of space but the file exists, it's *guaranteed* to be corrupted.
-    File.delete(path) if File.exist?(path)
-    raise
+    Gem::AtomicFileWriter.open(path) do |file|
+      file.write(data)
+    end
   end
 
   ##

diff --git a/lib/rubygems/util/atomic_file_writer.rb b/lib/rubygems/util/atomic_file_writer.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+# Based on ActiveSupport's AtomicFile implementation
+# Copyright (c) David Heinemeier Hansson
+# https://github.com/rails/rails/blob/main/activesupport/lib/active_support/core_ext/file/atomic.rb
+# Licensed under the MIT License
+
+module Gem
+  class AtomicFileWriter
+    ##
+    # Write to a file atomically. Useful for situations where you don't
+    # want other processes or threads to see half-written files.
+
+    def self.open(file_name)
+      temp_dir = File.dirname(file_name)
+      require "tempfile" unless defined?(Tempfile)
+
+      Tempfile.create(".#{File.basename(file_name)}", temp_dir) do |temp_file|
+        temp_file.binmode
+        return_value = yield temp_file
+        temp_file.close
+
+        original_permissions = if File.exist?(file_name)
+          File.stat(file_name)
+        else
+          # If not possible, probe which are the default permissions in the
+          # destination directory.
+          probe_permissions_in(File.dirname(file_name))
+        end
+
+        # Set correct permissions on new file
+        if original_permissions
+          begin
+            File.chown(original_permissions.uid, original_permissions.gid, temp_file.path)
+            File.chmod(original_permissions.mode, temp_file.path)
+          rescue Errno::EPERM, Errno::EACCES
+            # Changing file ownership failed, moving on.
+          end
+        end
+
+        # Overwrite original file with temp file
+        File.rename(temp_file.path, file_name)
+        return_value
+      end
+    end
+
+    def self.probe_permissions_in(dir) # :nodoc:
+      basename = [
+        ".permissions_check",
+        Thread.current.object_id,
+        Process.pid,
+        rand(1_000_000),
+      ].join(".")
+
+      file_name = File.join(dir, basename)
+      File.open(file_name, "w") {}
+      File.stat(file_name)
+    rescue Errno::ENOENT
+      nil
+    ensure
+      begin
+        File.unlink(file_name) if File.exist?(file_name)
+      rescue SystemCallError
+      end
+    end
+  end
+end