RubyGems - cloudsmith-api - Versions diffs - 0.52.92 → 0.53.79 - Mend

cloudsmith-api 0.52.92 → 0.53.79

Files changed (279) hide show

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/bin/safe_yaml DELETED

@@ -1,75 +0,0 @@
-#!/usr/bin/env ruby
-$LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
-require 'optparse'
-require 'safe_yaml/load'
-options = {}
-option_parser = OptionParser.new do |opts|
-  opts.banner = "Usage: safe_yaml [options]"
-  opts.on("-f", "--file=<path>", "Parse the given YAML file, dump the result to STDOUT") do |file|
-    options[:file] = file
-  end
-  opts.on("--libyaml-check", "Check for libyaml vulnerability CVE-2014-2525 on your system") do
-    options[:libyaml_check] = true
-  end
-end
-option_parser.parse!
-def report_libyaml_ok
-  puts "\e[32mGood news! You definitely have either a patched or up-to-date libyaml version :)\e[39m"
-end
-def check_for_overflow_bug
-  YAML.load("--- !#{'%20' * 100}")
-  report_libyaml_ok
-end
-def perform_libyaml_check(force=false)
-  unless SafeYAML::LibyamlChecker.libyaml_version_ok?
-    warn <<-EOM.gsub(/^ +/, '  ')
-      \e[33mSafeYAML Warning\e[39m
-      \e[33m----------------\e[39m
-      \e[31mYou may have an outdated version of libyaml (#{SafeYAML::LibyamlChecker::LIBYAML_VERSION}) installed on your system.\e[39m
-      Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
-      For more info, see:
-      https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
-    EOM
-  end
-  puts <<-EOM.gsub(/^ +/, '  ')
-    Hit Enter to check if your version of libyaml is vulnerable. This will run a test \e[31mwhich may crash\e[39m
-    \e[31mthe current process\e[39m. If it does, your system is vulnerable and you should do something about it.
-    Type "nm" and hit Enter if you don't want to run the check.
-    See the project wiki for more info:
-    https://github.com/dtao/safe_yaml/wiki/The-libyaml-vulnerability
-  EOM
-  if STDIN.readline.chomp("\n") != 'nm'
-    check_for_overflow_bug
-  end
-end
-if options[:libyaml_check]
-  perform_libyaml_check(options[:force_libyaml_check])
-elsif options[:file]
-  yaml = File.read(options[:file])
-  result = SafeYAML.load(yaml)
-  puts result.inspect
-else
-  puts option_parser.help
-end

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh DELETED

@@ -1,11 +0,0 @@
-#!/bin/bash
-[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
-declare -a versions=("1.8.7" "1.9.2" "1.9.3" "2.0.0" "2.1.0" "2.1.1" "2.1.2" "ruby-head" "jruby")
-for i in "${versions[@]}"
-do
-  rvm use $i
-  bundle install
-done

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/lib/safe_yaml.rb DELETED

@@ -1,94 +0,0 @@
-require "safe_yaml/load"
-module YAML
-  def self.load_with_options(yaml, *original_arguments)
-    filename, options = filename_and_options_from_arguments(original_arguments)
-    safe_mode = safe_mode_from_options("load", options)
-    arguments = [yaml]
-    if safe_mode == :safe
-      arguments << filename if SafeYAML::YAML_ENGINE == "psych"
-      arguments << options_for_safe_load(options)
-      safe_load(*arguments)
-    else
-      arguments << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-      unsafe_load(*arguments)
-    end
-  end
-  def self.load_file_with_options(file, options={})
-    safe_mode = safe_mode_from_options("load_file", options)
-    if safe_mode == :safe
-      safe_load_file(file, options_for_safe_load(options))
-    else
-      unsafe_load_file(file)
-    end
-  end
-  def self.safe_load(*args)
-    SafeYAML.load(*args)
-  end
-  def self.safe_load_file(*args)
-    SafeYAML.load_file(*args)
-  end
-  if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-    def self.unsafe_load_file(filename)
-      # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
-      File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load(f, filename) }
-    end
-  else
-    def self.unsafe_load_file(filename)
-      # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
-      self.unsafe_load File.open(filename)
-    end
-  end
-  class << self
-    alias_method :unsafe_load, :load
-    alias_method :load, :load_with_options
-    alias_method :load_file, :load_file_with_options
-    private
-    def filename_and_options_from_arguments(arguments)
-      if arguments.count == 1
-        if arguments.first.is_a?(String)
-          return arguments.first, {}
-        else
-          return nil, arguments.first || {}
-        end
-      else
-        return arguments.first, arguments.last || {}
-      end
-    end
-    def safe_mode_from_options(method, options={})
-      if options[:safe].nil?
-        safe_mode = SafeYAML::OPTIONS[:default_mode] || :safe
-        if SafeYAML::OPTIONS[:default_mode].nil? && !SafeYAML::OPTIONS[:suppress_warnings]
-          Kernel.warn <<-EOWARNING.gsub(/^\s+/, '')
-            Called '#{method}' without the :safe option -- defaulting to #{safe_mode} mode.
-            You can avoid this warning in the future by setting the SafeYAML::OPTIONS[:default_mode] option (to :safe or :unsafe).
-          EOWARNING
-          SafeYAML::OPTIONS[:suppress_warnings] = true
-        end
-        return safe_mode
-      end
-      options[:safe] ? :safe : :unsafe
-    end
-    def options_for_safe_load(base_options)
-      options = base_options.dup
-      options.delete(:safe)
-      options
-    end
-  end
-end

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb DELETED

@@ -1,34 +0,0 @@
-module SafeYAML
-  class Deep
-    def self.freeze(object)
-      object.each do |*entry|
-        value = entry.last
-        case value
-        when String, Regexp
-          value.freeze
-        when Enumerable
-          Deep.freeze(value)
-        end
-      end
-      return object.freeze
-    end
-    def self.copy(object)
-      duplicate = object.dup rescue object
-      case object
-      when Array
-        (0...duplicate.count).each do |i|
-          duplicate[i] = Deep.copy(duplicate[i])
-        end
-      when Hash
-        duplicate.keys.each do |key|
-          duplicate[key] = Deep.copy(duplicate[key])
-        end
-      end
-      duplicate
-    end
-  end
-end

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb DELETED

@@ -1,36 +0,0 @@
-require "set"
-module SafeYAML
-  class LibyamlChecker
-    LIBYAML_VERSION = Psych::LIBYAML_VERSION rescue nil
-    # Do proper version comparison (e.g. so 0.1.10 is >= 0.1.6)
-    SAFE_LIBYAML_VERSION = Gem::Version.new("0.1.6")
-    KNOWN_PATCHED_LIBYAML_VERSIONS = Set.new([
-      # http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2525.html
-      "0.1.4-2ubuntu0.12.04.3",
-      "0.1.4-2ubuntu0.12.10.3",
-      "0.1.4-2ubuntu0.13.10.3",
-      "0.1.4-3ubuntu3",
-      # https://security-tracker.debian.org/tracker/CVE-2014-2525
-      "0.1.3-1+deb6u4",
-      "0.1.4-2+deb7u4",
-      "0.1.4-3.2"
-    ]).freeze
-    def self.libyaml_version_ok?
-      return true if YAML_ENGINE != "psych" || defined?(JRUBY_VERSION)
-      return true if Gem::Version.new(LIBYAML_VERSION || "0") >= SAFE_LIBYAML_VERSION
-      return libyaml_patched?
-    end
-    def self.libyaml_patched?
-      return false if (`which dpkg` rescue '').empty?
-      libyaml_version = `dpkg -s libyaml-0-2`.match(/^Version: (.*)$/)
-      return false if libyaml_version.nil?
-      KNOWN_PATCHED_LIBYAML_VERSIONS.include?(libyaml_version[1])
-    end
-  end
-end

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb DELETED

@@ -1,181 +0,0 @@
-require "set"
-require "yaml"
-# This needs to be defined up front in case any internal classes need to base
-# their behavior off of this.
-module SafeYAML
-  YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : (defined?(Psych) && YAML == Psych ? "psych" : "syck")
-end
-require "safe_yaml/libyaml_checker"
-require "safe_yaml/deep"
-require "safe_yaml/parse/hexadecimal"
-require "safe_yaml/parse/sexagesimal"
-require "safe_yaml/parse/date"
-require "safe_yaml/transform/transformation_map"
-require "safe_yaml/transform/to_boolean"
-require "safe_yaml/transform/to_date"
-require "safe_yaml/transform/to_float"
-require "safe_yaml/transform/to_integer"
-require "safe_yaml/transform/to_nil"
-require "safe_yaml/transform/to_symbol"
-require "safe_yaml/transform"
-require "safe_yaml/resolver"
-require "safe_yaml/syck_hack" if SafeYAML::YAML_ENGINE == "syck" && defined?(JRUBY_VERSION)
-module SafeYAML
-  MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
-  DEFAULT_OPTIONS = Deep.freeze({
-    :default_mode         => nil,
-    :suppress_warnings    => false,
-    :deserialize_symbols  => false,
-    :whitelisted_tags     => [],
-    :custom_initializers  => {},
-    :raise_on_unknown_tag => false
-  })
-  OPTIONS = Deep.copy(DEFAULT_OPTIONS)
-  PREDEFINED_TAGS = {}
-  if YAML_ENGINE == "syck"
-    YAML.tagged_classes.each do |tag, klass|
-      PREDEFINED_TAGS[klass] = tag
-    end
-  else
-    # Special tags appear to be hard-coded in Psych:
-    # https://github.com/tenderlove/psych/blob/v1.3.4/lib/psych/visitors/to_ruby.rb
-    # Fortunately, there aren't many that SafeYAML doesn't already support.
-    PREDEFINED_TAGS.merge!({
-      Exception => "!ruby/exception",
-      Range     => "!ruby/range",
-      Regexp    => "!ruby/regexp",
-    })
-  end
-  Deep.freeze(PREDEFINED_TAGS)
-  module_function
-  def restore_defaults!
-    OPTIONS.clear.merge!(Deep.copy(DEFAULT_OPTIONS))
-  end
-  def tag_safety_check!(tag, options)
-    return if tag.nil? || tag == "!"
-    if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
-      raise "Unknown YAML tag '#{tag}'"
-    end
-  end
-  def whitelist!(*classes)
-    classes.each do |klass|
-      whitelist_class!(klass)
-    end
-  end
-  def whitelist_class!(klass)
-    raise "#{klass} not a Class" unless klass.is_a?(::Class)
-    klass_name = klass.name
-    raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
-    # Whitelist any built-in YAML tags supplied by Syck or Psych.
-    predefined_tag = PREDEFINED_TAGS[klass]
-    if predefined_tag
-      OPTIONS[:whitelisted_tags] << predefined_tag
-      return
-    end
-    # Exception is exceptional (har har).
-    tag_class  = klass < Exception ? "exception" : "object"
-    tag_prefix = case YAML_ENGINE
-                 when "psych" then "!ruby/#{tag_class}"
-                 when "syck"  then "tag:ruby.yaml.org,2002:#{tag_class}"
-                 else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
-                 end
-    OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
-  end
-  if YAML_ENGINE == "psych"
-    def tag_is_explicitly_trusted?(tag)
-      false
-    end
-  else
-    TRUSTED_TAGS = Set.new([
-      "tag:yaml.org,2002:binary",
-      "tag:yaml.org,2002:bool#no",
-      "tag:yaml.org,2002:bool#yes",
-      "tag:yaml.org,2002:float",
-      "tag:yaml.org,2002:float#fix",
-      "tag:yaml.org,2002:int",
-      "tag:yaml.org,2002:map",
-      "tag:yaml.org,2002:null",
-      "tag:yaml.org,2002:seq",
-      "tag:yaml.org,2002:str",
-      "tag:yaml.org,2002:timestamp",
-      "tag:yaml.org,2002:timestamp#ymd"
-    ]).freeze
-    def tag_is_explicitly_trusted?(tag)
-      TRUSTED_TAGS.include?(tag)
-    end
-  end
-  if SafeYAML::YAML_ENGINE == "psych"
-    require "safe_yaml/psych_handler"
-    require "safe_yaml/psych_resolver"
-    require "safe_yaml/safe_to_ruby_visitor"
-    def self.load(yaml, filename=nil, options={})
-      # If the user hasn't whitelisted any tags, we can go with this implementation which is
-      # significantly faster.
-      if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
-        safe_handler = SafeYAML::PsychHandler.new(options) do |result|
-          return result
-        end
-        arguments_for_parse = [yaml]
-        arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-        Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
-        return safe_handler.result
-      else
-        safe_resolver = SafeYAML::PsychResolver.new(options)
-        tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
-          Psych.parse(yaml, filename) :
-          Psych.parse(yaml)
-        return safe_resolver.resolve_node(tree)
-      end
-    end
-    def self.load_file(filename, options={})
-      if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
-        File.open(filename, 'r:bom|utf-8') { |f| self.load(f, filename, options) }
-      else
-        # Ruby pukes on 1.9.2 if we try to open an empty file w/ 'r:bom|utf-8';
-        # so we'll not specify those flags here. This mirrors the behavior for
-        # unsafe_load_file so it's probably preferable anyway.
-        self.load File.open(filename), nil, options
-      end
-    end
-  else
-    require "safe_yaml/syck_resolver"
-    require "safe_yaml/syck_node_monkeypatch"
-    def self.load(yaml, options={})
-      resolver = SafeYAML::SyckResolver.new(SafeYAML::OPTIONS.merge(options || {}))
-      tree = YAML.parse(yaml)
-      return resolver.resolve_node(tree)
-    end
-    def self.load_file(filename, options={})
-      File.open(filename) { |f| self.load(f, options) }
-    end
-  end
-end

data/vendor/bundle/ruby/2.6.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb DELETED

@@ -1,37 +0,0 @@
-require 'time'
-module SafeYAML
-  class Parse
-    class Date
-      # This one's easy enough :)
-      DATE_MATCHER = /\A(\d{4})-(\d{2})-(\d{2})\Z/.freeze
-      # This unbelievable little gem is taken basically straight from the YAML spec, but made
-      # slightly more readable (to my poor eyes at least) to me:
-      # http://yaml.org/type/timestamp.html
-      TIME_MATCHER = /\A\d{4}-\d{1,2}-\d{1,2}(?:[Tt]|\s+)\d{1,2}:\d{2}:\d{2}(?:\.\d*)?\s*(?:Z|[-+]\d{1,2}(?::?\d{2})?)?\Z/.freeze
-      SECONDS_PER_DAY = 60 * 60 * 24
-      MICROSECONDS_PER_SECOND = 1000000
-      # So this is weird. In Ruby 1.8.7, the DateTime#sec_fraction method returned fractional
-      # seconds in units of DAYS for some reason. In 1.9.2, they changed the units -- much more
-      # reasonably -- to seconds.
-      SEC_FRACTION_MULTIPLIER = RUBY_VERSION == "1.8.7" ? (SECONDS_PER_DAY * MICROSECONDS_PER_SECOND) : MICROSECONDS_PER_SECOND
-      # The DateTime class has a #to_time method in Ruby 1.9+;
-      # Before that we'll just need to convert DateTime to Time ourselves.
-      TO_TIME_AVAILABLE = DateTime.instance_methods.include?(:to_time)
-      def self.value(value)
-        d = DateTime.parse(value)
-        return d.to_time if TO_TIME_AVAILABLE
-        usec = d.sec_fraction * SEC_FRACTION_MULTIPLIER
-        time = Time.utc(d.year, d.month, d.day, d.hour, d.min, d.sec, usec) - (d.offset * SECONDS_PER_DAY)
-        time.getlocal
-      end
-    end
-  end
-end