From ba75bf36f271f1d535864e234ce3af4977074b6d Mon Sep 17 00:00:00 2001
From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Date: Thu, 24 Jul 2025 08:55:03 +0000
Subject: [PATCH 1/3] ruby-3.2/3.2.9 package update

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
---
 ruby-3.2.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ruby-3.2.yaml b/ruby-3.2.yaml
index f01443f1881..8afd367dc3e 100644
--- a/ruby-3.2.yaml
+++ b/ruby-3.2.yaml
@@ -1,7 +1,7 @@
 package:
   name: ruby-3.2
-  version: "3.2.8"
-  epoch: 3
+  version: "3.2.9"
+  epoch: 0
   description: "the Ruby programming language"
   copyright:
     - license: Ruby

From ca91450234a62adce675e00c13eb992557a07edd Mon Sep 17 00:00:00 2001
From: Debasish Biswas <debasishbsws.dev@gmail.com>
Date: Mon, 28 Jul 2025 16:28:18 +0530
Subject: [PATCH 2/3] fix(update): rename `underscore-package-version` to
 `mangled-package-version` for proper commit bumping

* Melange now only updates `expected-commit` in `git-checkout` when tags match either `${{package.version}}` or `${{vars.mangled-package-version}}` ([melange#2008](https://github.com/chainguard-dev/melange/pull/2008))


Signed-off-by: Debasish Biswas <debasishbsws.dev@gmail.com>
---
 ruby-3.2.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ruby-3.2.yaml b/ruby-3.2.yaml
index 8afd367dc3e..e2124a475c5 100644
--- a/ruby-3.2.yaml
+++ b/ruby-3.2.yaml
@@ -49,14 +49,14 @@ var-transforms:
   - from: ${{package.version}}
     match: \.
     replace: _
-    to: underscore-package-version
+    to: mangled-package-version
 
 pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/ruby/ruby
-      tag: v${{vars.underscore-package-version}}
-      expected-commit: 13f495dc2c98d0762d9af37e7143d2e2a07d9926
+      tag: v${{vars.mangled-package-version}}
+      expected-commit: 8f611e0c46012e321b39efd629eb5f4f53976863
       cherry-picks: |
         ruby_3_2/9f00b8872d3e294312c99150f1c34b6b3fa74985: Bump up resolv-0.2.3 for Ruby 3.2 (CVE-2025-24294)
 

From 41c1de7b11062e4dad0f641baf12ecf4192e7d31 Mon Sep 17 00:00:00 2001
From: Debasish Biswas <debasishbsws.dev@gmail.com>
Date: Mon, 28 Jul 2025 20:51:47 +0530
Subject: [PATCH 3/3] Remove the cherrypick as its not required anymore.

Signed-off-by: Debasish Biswas <debasishbsws.dev@gmail.com>
---
 ruby-3.2.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ruby-3.2.yaml b/ruby-3.2.yaml
index e2124a475c5..44207b34ab4 100644
--- a/ruby-3.2.yaml
+++ b/ruby-3.2.yaml
@@ -57,8 +57,6 @@ pipeline:
       repository: https://github.com/ruby/ruby
       tag: v${{vars.mangled-package-version}}
       expected-commit: 8f611e0c46012e321b39efd629eb5f4f53976863
-      cherry-picks: |
-        ruby_3_2/9f00b8872d3e294312c99150f1c34b6b3fa74985: Bump up resolv-0.2.3 for Ruby 3.2 (CVE-2025-24294)
 
   - runs: |
       # Don't bundle the gems we have separate packages for