RubyGems - rubygems-update - Versions diffs - 2.6.11 → 2.7.11 - Mend

rubygems-update 2.6.11 → 2.7.11

Files changed (405) hide show

checksums.yaml +4 -4
data/.travis.yml +8 -22
data/CONTRIBUTING.rdoc +53 -54
data/History.txt +405 -0
data/Manifest.txt +46 -15
data/POLICIES.rdoc +3 -3
data/README.md +72 -0
data/Rakefile +55 -12
data/appveyor.yml +29 -1
data/bin/gem +1 -1
data/bin/update_rubygems +2 -2
data/bundler/CHANGELOG.md +412 -9
data/bundler/CODE_OF_CONDUCT.md +1 -1
data/bundler/CONTRIBUTING.md +10 -29
data/bundler/README.md +27 -11
data/bundler/bundler.gemspec +58 -0
data/bundler/exe/bundle +5 -7
data/bundler/exe/bundle_ruby +4 -3
data/bundler/lib/bundler.rb +103 -79
data/bundler/lib/bundler/build_metadata.rb +53 -0
data/bundler/lib/bundler/capistrano.rb +5 -0
data/bundler/lib/bundler/cli.rb +231 -66
data/bundler/lib/bundler/cli/add.rb +25 -0
data/bundler/lib/bundler/cli/binstubs.rb +9 -7
data/bundler/lib/bundler/cli/cache.rb +5 -4
data/bundler/lib/bundler/cli/check.rb +3 -5
data/bundler/lib/bundler/cli/clean.rb +5 -6
data/bundler/lib/bundler/cli/common.rb +18 -2
data/bundler/lib/bundler/cli/config.rb +26 -7
data/bundler/lib/bundler/cli/console.rb +2 -1
data/bundler/lib/bundler/cli/doctor.rb +1 -0
data/bundler/lib/bundler/cli/exec.rb +6 -5
data/bundler/lib/bundler/cli/gem.rb +42 -18
data/bundler/lib/bundler/cli/info.rb +50 -0
data/bundler/lib/bundler/cli/init.rb +21 -7
data/bundler/lib/bundler/cli/inject.rb +13 -4
data/bundler/lib/bundler/cli/install.rb +61 -77
data/bundler/lib/bundler/cli/issue.rb +40 -0
data/bundler/lib/bundler/cli/list.rb +22 -0
data/bundler/lib/bundler/cli/lock.rb +4 -2
data/bundler/lib/bundler/cli/open.rb +2 -2
data/bundler/lib/bundler/cli/outdated.rb +30 -28
data/bundler/lib/bundler/cli/package.rb +9 -6
data/bundler/lib/bundler/cli/platform.rb +1 -0
data/bundler/lib/bundler/cli/plugin.rb +1 -0
data/bundler/lib/bundler/cli/pristine.rb +43 -0
data/bundler/lib/bundler/cli/show.rb +1 -1
data/bundler/lib/bundler/cli/update.rb +36 -13
data/bundler/lib/bundler/cli/viz.rb +5 -1
data/bundler/lib/bundler/compact_index_client.rb +1 -0
data/bundler/lib/bundler/compact_index_client/cache.rb +1 -2
data/bundler/lib/bundler/compact_index_client/updater.rb +36 -8
data/bundler/lib/bundler/compatibility_guard.rb +14 -0
data/bundler/lib/bundler/constants.rb +1 -0
data/bundler/lib/bundler/current_ruby.rb +16 -8
data/bundler/lib/bundler/definition.rb +252 -170
data/bundler/lib/bundler/dep_proxy.rb +3 -1
data/bundler/lib/bundler/dependency.rb +7 -7
data/bundler/lib/bundler/deployment.rb +1 -1
data/bundler/lib/bundler/deprecate.rb +15 -3
data/bundler/lib/bundler/dsl.rb +103 -62
data/bundler/lib/bundler/endpoint_specification.rb +13 -3
data/bundler/lib/bundler/env.rb +101 -38
data/bundler/lib/bundler/environment_preserver.rb +27 -6
data/bundler/lib/bundler/errors.rb +3 -1
data/bundler/lib/bundler/feature_flag.rb +39 -4
data/bundler/lib/bundler/fetcher.rb +18 -11
data/bundler/lib/bundler/fetcher/base.rb +1 -0
data/bundler/lib/bundler/fetcher/compact_index.rb +2 -12
data/bundler/lib/bundler/fetcher/dependency.rb +2 -1
data/bundler/lib/bundler/fetcher/downloader.rb +14 -7
data/bundler/lib/bundler/fetcher/index.rb +3 -2
data/bundler/lib/bundler/friendly_errors.rb +7 -2
data/bundler/lib/bundler/gem_helper.rb +24 -10
data/bundler/lib/bundler/gem_helpers.rb +1 -0
data/bundler/lib/bundler/gem_remote_fetcher.rb +1 -0
data/bundler/lib/bundler/gem_tasks.rb +1 -0
data/bundler/lib/bundler/gem_version_promoter.rb +13 -0
data/bundler/lib/bundler/gemdeps.rb +1 -0
data/bundler/lib/bundler/graph.rb +1 -0
data/bundler/lib/bundler/index.rb +19 -11
data/bundler/lib/bundler/injector.rb +54 -30
data/bundler/lib/bundler/inline.rb +10 -10
data/bundler/lib/bundler/installer.rb +114 -52
data/bundler/lib/bundler/installer/gem_installer.rb +14 -4
data/bundler/lib/bundler/installer/parallel_installer.rb +91 -42
data/bundler/lib/bundler/installer/standalone.rb +1 -0
data/bundler/lib/bundler/lazy_specification.rb +17 -4
data/bundler/lib/bundler/lockfile_generator.rb +95 -0
data/bundler/lib/bundler/lockfile_parser.rb +49 -35
data/bundler/lib/bundler/match_platform.rb +1 -0
data/bundler/lib/bundler/mirror.rb +10 -5
data/bundler/lib/bundler/plugin.rb +8 -3
data/bundler/lib/bundler/plugin/api/source.rb +16 -3
data/bundler/lib/bundler/plugin/index.rb +9 -2
data/bundler/lib/bundler/plugin/installer.rb +7 -6
data/bundler/lib/bundler/plugin/source_list.rb +7 -8
data/bundler/lib/bundler/process_lock.rb +24 -0
data/bundler/lib/bundler/psyched_yaml.rb +10 -0
data/bundler/lib/bundler/remote_specification.rb +25 -1
data/bundler/lib/bundler/resolver.rb +176 -193
data/bundler/lib/bundler/resolver/spec_group.rb +106 -0
data/bundler/lib/bundler/retry.rb +1 -0
data/bundler/lib/bundler/ruby_dsl.rb +1 -0
data/bundler/lib/bundler/ruby_version.rb +7 -2
data/bundler/lib/bundler/rubygems_ext.rb +18 -8
data/bundler/lib/bundler/rubygems_gem_installer.rb +25 -2
data/bundler/lib/bundler/rubygems_integration.rb +166 -69
data/bundler/lib/bundler/runtime.rb +29 -19
data/bundler/lib/bundler/settings.rb +202 -87
data/bundler/lib/bundler/settings/validator.rb +79 -0
data/bundler/lib/bundler/setup.rb +4 -7
data/bundler/lib/bundler/shared_helpers.rb +143 -27
data/bundler/lib/bundler/similarity_detector.rb +1 -0
data/bundler/lib/bundler/source.rb +53 -1
data/bundler/lib/bundler/source/gemspec.rb +1 -0
data/bundler/lib/bundler/source/git.rb +51 -22
data/bundler/lib/bundler/source/git/git_proxy.rb +23 -13
data/bundler/lib/bundler/source/metadata.rb +63 -0
data/bundler/lib/bundler/source/path.rb +38 -17
data/bundler/lib/bundler/source/path/installer.rb +4 -2
data/bundler/lib/bundler/source/rubygems.rb +161 -82
data/bundler/lib/bundler/source/rubygems/remote.rb +12 -2
data/bundler/lib/bundler/source_list.rb +75 -15
data/bundler/lib/bundler/spec_set.rb +37 -21
data/bundler/lib/bundler/ssl_certs/certificate_manager.rb +2 -1
data/bundler/lib/bundler/stub_specification.rb +86 -2
data/bundler/lib/bundler/templates/.document +1 -0
data/bundler/lib/bundler/templates/Executable +13 -1
data/bundler/lib/bundler/templates/Executable.bundler +105 -0
data/bundler/lib/bundler/templates/Executable.standalone +5 -5
data/bundler/lib/bundler/templates/Gemfile +3 -0
data/bundler/lib/bundler/templates/gems.rb +8 -0
data/bundler/lib/bundler/templates/newgem/Gemfile.tt +4 -2
data/bundler/lib/bundler/templates/newgem/LICENSE.txt.tt +1 -1
data/bundler/lib/bundler/templates/newgem/README.md.tt +14 -8
data/bundler/lib/bundler/templates/newgem/Rakefile.tt +5 -5
data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +4 -4
data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.h.tt +3 -3
data/bundler/lib/bundler/templates/newgem/gitignore.tt +0 -1
data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +6 -6
data/bundler/lib/bundler/templates/newgem/lib/newgem/version.rb.tt +4 -4
data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +21 -12
data/bundler/lib/bundler/templates/newgem/rspec.tt +1 -0
data/bundler/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +0 -2
data/bundler/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +3 -0
data/bundler/lib/bundler/templates/newgem/test/newgem_test.rb.tt +1 -1
data/bundler/lib/bundler/templates/newgem/test/test_helper.rb.tt +3 -3
data/bundler/lib/bundler/templates/newgem/{.travis.yml.tt → travis.yml.tt} +2 -0
data/bundler/lib/bundler/ui.rb +1 -0
data/bundler/lib/bundler/ui/rg_proxy.rb +1 -0
data/bundler/lib/bundler/ui/shell.rb +26 -10
data/bundler/lib/bundler/ui/silent.rb +12 -1
data/bundler/lib/bundler/uri_credentials_filter.rb +1 -0
data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +1638 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo.rb +2 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/compatibility.rb +26 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/delegates/resolution_state.rb +7 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/delegates/specification_provider.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +16 -5
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +10 -2
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/log.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/set_payload.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +16 -5
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +75 -7
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +2 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/modules/ui.rb +3 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +501 -138
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolver.rb +1 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/state.rb +8 -4
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +3 -1
data/bundler/lib/bundler/vendor/thor/lib/thor.rb +46 -21
data/bundler/lib/bundler/vendor/thor/lib/thor/actions.rb +24 -22
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_file.rb +2 -1
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_link.rb +2 -1
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/directory.rb +2 -2
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/empty_directory.rb +16 -8
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +66 -18
data/bundler/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb +17 -15
data/bundler/lib/bundler/vendor/thor/lib/thor/base.rb +55 -32
data/bundler/lib/bundler/vendor/thor/lib/thor/command.rb +13 -11
data/bundler/lib/bundler/vendor/thor/lib/thor/core_ext/hash_with_indifferent_access.rb +21 -1
data/bundler/lib/bundler/vendor/thor/lib/thor/core_ext/io_binary_read.rb +7 -5
data/bundler/lib/bundler/vendor/thor/lib/thor/core_ext/ordered_hash.rb +94 -63
data/bundler/lib/bundler/vendor/thor/lib/thor/error.rb +3 -3
data/bundler/lib/bundler/vendor/thor/lib/thor/group.rb +13 -13
data/bundler/lib/bundler/vendor/thor/lib/thor/invocation.rb +4 -5
data/bundler/lib/bundler/vendor/thor/lib/thor/line_editor/basic.rb +2 -0
data/bundler/lib/bundler/vendor/thor/lib/thor/parser/argument.rb +4 -7
data/bundler/lib/bundler/vendor/thor/lib/thor/parser/arguments.rb +16 -16
data/bundler/lib/bundler/vendor/thor/lib/thor/parser/option.rb +42 -21
data/bundler/lib/bundler/vendor/thor/lib/thor/parser/options.rb +13 -10
data/bundler/lib/bundler/vendor/thor/lib/thor/runner.rb +31 -29
data/bundler/lib/bundler/vendor/thor/lib/thor/shell.rb +1 -1
data/bundler/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +49 -33
data/bundler/lib/bundler/vendor/thor/lib/thor/shell/color.rb +1 -1
data/bundler/lib/bundler/vendor/thor/lib/thor/shell/html.rb +4 -4
data/bundler/lib/bundler/vendor/thor/lib/thor/util.rb +8 -7
data/bundler/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
data/bundler/lib/bundler/vendored_fileutils.rb +9 -0
data/bundler/lib/bundler/vendored_molinillo.rb +1 -0
data/bundler/lib/bundler/vendored_persistent.rb +35 -0
data/bundler/lib/bundler/vendored_thor.rb +6 -2
data/bundler/lib/bundler/version.rb +19 -2
data/bundler/lib/bundler/version_ranges.rb +76 -0
data/bundler/lib/bundler/vlad.rb +5 -0
data/bundler/lib/bundler/worker.rb +3 -1
data/bundler/lib/bundler/yaml_serializer.rb +3 -3
data/bundler/man/bundle-add.ronn +29 -0
data/bundler/man/bundle-binstubs.ronn +15 -1
data/bundler/man/bundle-check.ronn +26 -0
data/bundler/man/bundle-clean.ronn +18 -0
data/bundler/man/bundle-config.ronn +193 -69
data/bundler/man/bundle-doctor.ronn +33 -0
data/bundler/man/bundle-exec.ronn +10 -3
data/bundler/man/bundle-gem.ronn +3 -2
data/bundler/man/bundle-info.ronn +17 -0
data/bundler/man/bundle-init.ronn +29 -0
data/bundler/man/bundle-inject.ronn +22 -0
data/bundler/man/bundle-install.ronn +44 -35
data/bundler/man/bundle-list.ronn +15 -0
data/bundler/man/bundle-lock.ronn +1 -1
data/bundler/man/bundle-open.ronn +19 -0
data/bundler/man/bundle-outdated.ronn +2 -2
data/bundler/man/bundle-package.ronn +7 -2
data/bundler/man/bundle-pristine.ronn +34 -0
data/bundler/man/bundle-show.ronn +21 -0
data/bundler/man/bundle-update.ronn +24 -17
data/bundler/man/bundle-viz.ronn +30 -0
data/bundler/man/bundle.ronn +36 -45
data/bundler/man/gemfile.5.ronn +77 -71
data/lib/rubygems.rb +102 -46
data/lib/rubygems/basic_specification.rb +8 -4
data/lib/rubygems/bundler_version_finder.rb +99 -0
data/lib/rubygems/command.rb +10 -2
data/lib/rubygems/command_manager.rb +8 -4
data/lib/rubygems/commands/cert_command.rb +31 -6
data/lib/rubygems/commands/cleanup_command.rb +10 -3
data/lib/rubygems/commands/generate_index_command.rb +1 -1
data/lib/rubygems/commands/help_command.rb +1 -1
data/lib/rubygems/commands/install_command.rb +7 -0
data/lib/rubygems/commands/open_command.rb +1 -1
data/lib/rubygems/commands/owner_command.rb +7 -2
data/lib/rubygems/commands/pristine_command.rb +11 -8
data/lib/rubygems/commands/push_command.rb +39 -5
data/lib/rubygems/commands/query_command.rb +17 -17
data/lib/rubygems/commands/setup_command.rb +174 -69
data/lib/rubygems/commands/signin_command.rb +33 -0
data/lib/rubygems/commands/signout_command.rb +33 -0
data/lib/rubygems/commands/sources_command.rb +1 -1
data/lib/rubygems/commands/uninstall_command.rb +5 -4
data/lib/rubygems/commands/unpack_command.rb +19 -7
data/lib/rubygems/commands/update_command.rb +1 -1
data/lib/rubygems/commands/which_command.rb +1 -1
data/lib/rubygems/commands/yank_command.rb +4 -11
data/lib/rubygems/config_file.rb +15 -26
data/lib/rubygems/core_ext/kernel_require.rb +12 -16
data/lib/rubygems/dependency.rb +3 -0
data/lib/rubygems/dependency_installer.rb +8 -2
data/lib/rubygems/dependency_list.rb +1 -1
data/lib/rubygems/errors.rb +3 -0
data/lib/rubygems/exceptions.rb +11 -1
data/lib/rubygems/ext/builder.rb +2 -2
data/lib/rubygems/ext/ext_conf_builder.rb +2 -4
data/lib/rubygems/ext/rake_builder.rb +1 -1
data/lib/rubygems/gem_runner.rb +5 -1
data/lib/rubygems/gemcutter_utilities.rb +5 -2
data/lib/rubygems/indexer.rb +6 -5
data/lib/rubygems/install_update_options.rb +6 -29
data/lib/rubygems/installer.rb +60 -13
data/lib/rubygems/installer_test_case.rb +6 -3
data/lib/rubygems/package.rb +55 -8
data/lib/rubygems/package/file_source.rb +2 -2
data/lib/rubygems/package/old.rb +3 -3
data/lib/rubygems/package/tar_header.rb +17 -10
data/lib/rubygems/package/tar_writer.rb +4 -3
data/lib/rubygems/platform.rb +1 -1
data/lib/rubygems/remote_fetcher.rb +2 -2
data/lib/rubygems/request.rb +1 -1
data/lib/rubygems/request_set.rb +47 -19
data/lib/rubygems/request_set/gem_dependency_api.rb +3 -3
data/lib/rubygems/request_set/lockfile.rb +1 -1
data/lib/rubygems/requirement.rb +19 -4
data/lib/rubygems/resolver.rb +24 -3
data/lib/rubygems/resolver/api_specification.rb +5 -0
data/lib/rubygems/resolver/installer_set.rb +4 -6
data/lib/rubygems/safe_yaml.rb +51 -0
data/lib/rubygems/security.rb +18 -6
data/lib/rubygems/security/trust_dir.rb +1 -1
data/lib/rubygems/security_option.rb +43 -0
data/lib/rubygems/server.rb +21 -17
data/lib/rubygems/source.rb +9 -6
data/lib/rubygems/source/git.rb +2 -1
data/lib/rubygems/source/local.rb +38 -35
data/lib/rubygems/source/lock.rb +4 -1
data/lib/rubygems/source_local.rb +3 -1
data/lib/rubygems/source_specific_file.rb +3 -2
data/lib/rubygems/spec_fetcher.rb +7 -3
data/lib/rubygems/specification.rb +315 -249
data/lib/rubygems/ssl_certs/{index.rubygems.org → rubygems.org}/GlobalSignRootCA.pem +0 -0
data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem +21 -0
data/lib/rubygems/stub_specification.rb +4 -3
data/lib/rubygems/test_case.rb +51 -11
data/lib/rubygems/test_utilities.rb +2 -2
data/lib/rubygems/text.rb +14 -1
data/lib/rubygems/user_interaction.rb +24 -15
data/lib/rubygems/util.rb +6 -16
data/lib/rubygems/util/licenses.rb +72 -4
data/lib/rubygems/validator.rb +3 -3
data/lib/rubygems/version.rb +24 -4
data/lib/rubygems/version_option.rb +6 -1
data/lib/ubygems.rb +3 -0
data/setup.rb +1 -1
data/test/rubygems/private3072_key.pem +40 -0
data/test/rubygems/public3072_cert.pem +25 -0
data/test/rubygems/test_bundled_ca.rb +7 -4
data/test/rubygems/test_config.rb +1 -1
data/test/rubygems/test_gem.rb +158 -39
data/test/rubygems/test_gem_bundler_version_finder.rb +126 -0
data/test/rubygems/test_gem_command.rb +7 -1
data/test/rubygems/test_gem_command_manager.rb +2 -2
data/test/rubygems/test_gem_commands_build_command.rb +29 -1
data/test/rubygems/test_gem_commands_cert_command.rb +64 -0
data/test/rubygems/test_gem_commands_cleanup_command.rb +44 -1
data/test/rubygems/test_gem_commands_install_command.rb +73 -2
data/test/rubygems/test_gem_commands_open_command.rb +2 -1
data/test/rubygems/test_gem_commands_owner_command.rb +25 -0
data/test/rubygems/test_gem_commands_pristine_command.rb +1 -1
data/test/rubygems/test_gem_commands_push_command.rb +25 -5
data/test/rubygems/test_gem_commands_query_command.rb +154 -1
data/test/rubygems/test_gem_commands_setup_command.rb +140 -10
data/test/rubygems/test_gem_commands_signin_command.rb +98 -0
data/test/rubygems/test_gem_commands_signout_command.rb +37 -0
data/test/rubygems/test_gem_commands_sources_command.rb +52 -0
data/test/rubygems/test_gem_commands_uninstall_command.rb +15 -3
data/test/rubygems/test_gem_commands_update_command.rb +1 -7
data/test/rubygems/test_gem_commands_which_command.rb +3 -3
data/test/rubygems/test_gem_dependency.rb +28 -0
data/test/rubygems/test_gem_dependency_installer.rb +1 -1
data/test/rubygems/test_gem_doctor.rb +2 -2
data/test/rubygems/test_gem_ext_builder.rb +8 -8
data/test/rubygems/test_gem_ext_configure_builder.rb +1 -1
data/test/rubygems/test_gem_ext_rake_builder.rb +2 -6
data/test/rubygems/test_gem_gemcutter_utilities.rb +4 -4
data/test/rubygems/test_gem_indexer.rb +1 -2
data/test/rubygems/test_gem_install_update_options.rb +6 -1
data/test/rubygems/test_gem_installer.rb +168 -31
data/test/rubygems/test_gem_package.rb +183 -26
data/test/rubygems/test_gem_package_old.rb +1 -1
data/test/rubygems/test_gem_package_tar_header.rb +21 -0
data/test/rubygems/test_gem_rdoc.rb +2 -0
data/test/rubygems/test_gem_remote_fetcher.rb +24 -5
data/test/rubygems/test_gem_request.rb +5 -2
data/test/rubygems/test_gem_request_connection_pools.rb +6 -7
data/test/rubygems/test_gem_request_set.rb +7 -7
data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +3 -3
data/test/rubygems/test_gem_request_set_lockfile.rb +4 -4
data/test/rubygems/test_gem_request_set_lockfile_parser.rb +1 -1
data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +1 -1
data/test/rubygems/test_gem_requirement.rb +12 -0
data/test/rubygems/test_gem_resolver.rb +26 -0
data/test/rubygems/test_gem_resolver_api_specification.rb +24 -0
data/test/rubygems/test_gem_resolver_conflict.rb +1 -1
data/test/rubygems/test_gem_resolver_git_specification.rb +1 -1
data/test/rubygems/test_gem_resolver_installer_set.rb +1 -1
data/test/rubygems/test_gem_security.rb +5 -0
data/test/rubygems/test_gem_security_policy.rb +27 -27
data/test/rubygems/test_gem_security_signer.rb +6 -6
data/test/rubygems/test_gem_security_trust_dir.rb +2 -2
data/test/rubygems/test_gem_server.rb +194 -12
data/test/rubygems/test_gem_source.rb +12 -3
data/test/rubygems/test_gem_source_git.rb +1 -1
data/test/rubygems/test_gem_spec_fetcher.rb +20 -0
data/test/rubygems/test_gem_specification.rb +180 -42
data/test/rubygems/test_gem_stream_ui.rb +8 -8
data/test/rubygems/test_gem_stub_specification.rb +26 -8
data/test/rubygems/test_gem_text.rb +16 -0
data/test/rubygems/test_gem_util.rb +26 -0
data/test/rubygems/test_gem_version.rb +68 -9
data/test/rubygems/test_gem_version_option.rb +15 -0
data/test/rubygems/test_kernel.rb +30 -0
data/test/rubygems/test_require.rb +70 -21
data/util/ci +1 -0
data/util/generate_spdx_license_list.rb +16 -6
data/util/update_bundled_ca_certificates.rb +1 -3
metadata +61 -57
data/README.rdoc +0 -54
data/bundler/DEVELOPMENT.md +0 -150
data/bundler/ISSUES.md +0 -117
data/bundler/lib/bundler/postit_trampoline.rb +0 -73
data/bundler/lib/bundler/vendor/postit/lib/postit.rb +0 -15
data/bundler/lib/bundler/vendor/postit/lib/postit/environment.rb +0 -44
data/bundler/lib/bundler/vendor/postit/lib/postit/installer.rb +0 -28
data/bundler/lib/bundler/vendor/postit/lib/postit/parser.rb +0 -21
data/bundler/lib/bundler/vendor/postit/lib/postit/setup.rb +0 -12
data/bundler/lib/bundler/vendor/postit/lib/postit/version.rb +0 -3
data/bundler/man/index.txt +0 -8
data/lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem +0 -23
data/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem +0 -25

data/lib/rubygems/safe_yaml.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Gem
+  ###
+  # This module is used for safely loading YAML specs from a gem.  The
+  # `safe_load` method defined on this module is specifically designed for
+  # loading Gem specifications.  For loading other YAML safely, please see
+  # Psych.safe_load
+  module SafeYAML
+    WHITELISTED_CLASSES = %w(
+      Symbol
+      Time
+      Date
+      Gem::Dependency
+      Gem::Platform
+      Gem::Requirement
+      Gem::Specification
+      Gem::Version
+      Gem::Version::Requirement
+      YAML::Syck::DefaultKey
+      Syck::DefaultKey
+    )
+    WHITELISTED_SYMBOLS = %w(
+      development
+      runtime
+    )
+    if ::YAML.respond_to? :safe_load
+      def self.safe_load input
+        ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true)
+      end
+      def self.load input
+        ::YAML.safe_load(input, [::Symbol])
+      end
+    else
+      unless Gem::Deprecate.skip
+        warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+      end
+      def self.safe_load input, *args
+        ::YAML.load input
+      end
+      def self.load input
+        ::YAML.load input
+      end
+    end
+  end
+end

data/lib/rubygems/security.rb CHANGED Viewed

@@ -340,16 +340,23 @@ module Gem::Security
   # Digest algorithm used to sign gems
   DIGEST_ALGORITHM =
-    if defined?(OpenSSL::Digest::SHA1) then
+    if defined?(OpenSSL::Digest::SHA256) then
+      OpenSSL::Digest::SHA256
+    elsif defined?(OpenSSL::Digest::SHA1) then
       OpenSSL::Digest::SHA1
+    else
+      require 'digest'
+      Digest::SHA512
     end
   ##
   # Used internally to select the signing digest from all computed digests
   DIGEST_NAME = # :nodoc:
-    if DIGEST_ALGORITHM then
+    if DIGEST_ALGORITHM.method_defined? :name then
       DIGEST_ALGORITHM.new.name
+    else
+      DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
     end
   ##
@@ -363,7 +370,7 @@ module Gem::Security
   ##
   # Length of keys created by KEY_ALGORITHM
-  KEY_LENGTH = 2048
+  KEY_LENGTH = 3072
   ##
   # Cipher used to encrypt the key pair used to sign gems.
@@ -371,10 +378,15 @@ module Gem::Security
   KEY_CIPHER = OpenSSL::Cipher.new('AES-256-CBC') if defined?(OpenSSL::Cipher)
+  ##
+  # One day in seconds
+  ONE_DAY = 86400
   ##
   # One year in seconds
-  ONE_YEAR = 86400 * 365
+  ONE_YEAR = ONE_DAY * 365
   ##
   # The default set of extensions are:
@@ -455,7 +467,7 @@ module Gem::Security
   ##
   # Creates a new key pair of the specified +length+ and +algorithm+.  The
-  # default is a 2048 bit RSA key.
+  # default is a 3072 bit RSA key.
   def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM
     algorithm.new length
@@ -571,7 +583,7 @@ module Gem::Security
   def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER
     path = File.expand_path path
-    open path, 'wb', permissions do |io|
+    File.open path, 'wb', permissions do |io|
       if passphrase and cipher
         io.write pemmable.to_pem cipher, passphrase
       else

data/lib/rubygems/security/trust_dir.rb CHANGED Viewed

@@ -93,7 +93,7 @@ class Gem::Security::TrustDir
     destination = cert_path certificate
-    open destination, 'wb', @permissions[:trusted_cert] do |io|
+    File.open destination, 'wb', @permissions[:trusted_cert] do |io|
       io.write certificate.to_pem
     end
   end

data/lib/rubygems/security_option.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+#--
+# Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
+# All rights reserved.
+# See LICENSE.txt for permissions.
+#++
+require 'rubygems'
+# forward-declare
+module Gem::Security # :nodoc:
+  class Policy # :nodoc:
+  end
+end
+##
+# Mixin methods for security option for Gem::Commands
+module Gem::SecurityOption
+  def add_security_option
+    # TODO: use @parser.accept
+    OptionParser.accept Gem::Security::Policy do |value|
+      require 'rubygems/security'
+      raise OptionParser::InvalidArgument, 'OpenSSL not installed' unless
+        defined?(Gem::Security::HighSecurity)
+      policy = Gem::Security::Policies[value]
+      unless policy
+        valid = Gem::Security::Policies.keys.sort
+        raise OptionParser::InvalidArgument, "#{value} (#{valid.join ', '} are valid)"
+      end
+      policy
+    end
+    add_option(:"Install/Update", '-P', '--trust-policy POLICY',
+               Gem::Security::Policy,
+               'Specify gem trust policy') do |value, options|
+      options[:security_policy] = value
+    end
+  end
+end

data/lib/rubygems/server.rb CHANGED Viewed

@@ -492,7 +492,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
@@ -553,7 +553,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
@@ -573,19 +573,11 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     add_date res
     case req.request_uri.path
-    when %r|^/quick/(Marshal.#{Regexp.escape Gem.marshal_version}/)?(.*?)-([0-9.]+[^-]*?)(-.*?)?\.gemspec\.rz$| then
-      marshal_format, name, version, platform = $1, $2, $3, $4
-      specs = Gem::Specification.find_all_by_name name, version
+    when %r|^/quick/(Marshal.#{Regexp.escape Gem.marshal_version}/)?(.*?)\.gemspec\.rz$| then
+      marshal_format, full_name = $1, $2
+      specs = Gem::Specification.find_all_by_full_name(full_name)
-      selector = [name, version, platform].map(&:inspect).join ' '
-      platform = if platform then
-                   Gem::Platform.new platform.sub(/^-/, '')
-                 else
-                   Gem::Platform::RUBY
-                 end
-      specs = specs.select { |s| s.platform == platform }
+      selector = full_name.inspect
       if specs.empty? then
         res.status = 404
@@ -631,6 +623,18 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       executables = nil if executables.empty?
       executables.last["is_last"] = true if executables
+      # Pre-process spec homepage for safety reasons
+      begin
+        homepage_uri = URI.parse(spec.homepage)
+        if [URI::HTTP, URI::HTTPS].member? homepage_uri.class
+          homepage_uri = spec.homepage
+        else
+          homepage_uri = "."
+        end
+      rescue URI::InvalidURIError
+        homepage_uri = "."
+      end
       specs << {
         "authors"             => spec.authors.sort.join(", "),
         "date"                => spec.date.to_s,
@@ -640,7 +644,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
         "only_one_executable" => (executables && executables.size == 1),
         "full_name"           => spec.full_name,
         "has_deps"            => !deps.empty?,
-        "homepage"            => spec.homepage,
+        "homepage"            => homepage_uri,
         "name"                => spec.name,
         "rdoc_installed"      => Gem::RDoc.new(spec).rdoc_installed?,
         "ri_installed"        => Gem::RDoc.new(spec).ri_installed?,
@@ -657,7 +661,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       "only_one_executable" => true,
       "full_name" => "rubygems-#{Gem::VERSION}",
       "has_deps" => false,
-      "homepage" => "http://docs.rubygems.org/",
+      "homepage" => "http://guides.rubygems.org/",
       "name" => 'rubygems',
       "ri_installed" => true,
       "summary" => "RubyGems itself",
@@ -848,7 +852,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'

data/lib/rubygems/source.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'uri'
-require 'fileutils'
+autoload :FileUtils, 'fileutils'
+autoload :URI, 'uri'
 ##
 # A Source knows how to list and fetch gems from a RubyGems marshal index.
@@ -67,7 +67,11 @@ class Gem::Source
       return -1 if !other.uri
-      @uri.to_s <=> other.uri.to_s
+      # Returning 1 here ensures that when sorting a list of sources, the
+      # original ordering of sources supplied by the user is preserved.
+      return 1 unless @uri.to_s == other.uri.to_s
+      0
     else
       nil
     end
@@ -151,12 +155,12 @@ class Gem::Source
     uri.path << '.rz'
     spec = fetcher.fetch_path uri
-    spec = Gem.inflate spec
+    spec = Gem::Util.inflate spec
     if update_cache? then
       FileUtils.mkdir_p cache_dir
-      open local_spec, 'wb' do |io|
+      File.open local_spec, 'wb' do |io|
         io.write spec
       end
     end
@@ -232,4 +236,3 @@ require 'rubygems/source/specific_file'
 require 'rubygems/source/local'
 require 'rubygems/source/lock'
 require 'rubygems/source/vendor'

data/lib/rubygems/source/git.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-require 'digest'
 require 'rubygems/util'
 ##
@@ -226,6 +225,8 @@ class Gem::Source::Git < Gem::Source
   # A hash for the git gem based on the git repository URI.
   def uri_hash # :nodoc:
+    require 'digest' # required here to avoid deadlocking in Gem.activate_bin_path (because digest is a gem on 2.5+)
     normalized =
       if @repository =~ %r%^\w+://(\w+@)?% then
         uri = URI(@repository).normalize.to_s.sub %r%/$%,''

data/lib/rubygems/source/local.rb CHANGED Viewed

@@ -9,6 +9,7 @@ class Gem::Source::Local < Gem::Source
     @specs   = nil
     @api_uri = nil
     @uri     = nil
+    @load_specs_names = {}
   end
   ##
@@ -34,45 +35,47 @@ class Gem::Source::Local < Gem::Source
   end
   def load_specs type # :nodoc:
-    names = []
-    @specs = {}
-    Dir["*.gem"].each do |file|
-      begin
-        pkg = Gem::Package.new(file)
-      rescue SystemCallError, Gem::Package::FormatError
-        # ignore
-      else
-        tup = pkg.spec.name_tuple
-        @specs[tup] = [File.expand_path(file), pkg]
-        case type
-        when :released
-          unless pkg.spec.version.prerelease?
-            names << pkg.spec.name_tuple
-          end
-        when :prerelease
-          if pkg.spec.version.prerelease?
-            names << pkg.spec.name_tuple
-          end
-        when :latest
-          tup = pkg.spec.name_tuple
+    @load_specs_names[type] ||= begin
+      names = []
-          cur = names.find { |x| x.name == tup.name }
-          if !cur
-            names << tup
-          elsif cur.version < tup.version
-            names.delete cur
-            names << tup
-          end
+      @specs = {}
+      Dir["*.gem"].each do |file|
+        begin
+          pkg = Gem::Package.new(file)
+        rescue SystemCallError, Gem::Package::FormatError
+          # ignore
         else
-          names << pkg.spec.name_tuple
+          tup = pkg.spec.name_tuple
+          @specs[tup] = [File.expand_path(file), pkg]
+          case type
+          when :released
+            unless pkg.spec.version.prerelease?
+              names << pkg.spec.name_tuple
+            end
+          when :prerelease
+            if pkg.spec.version.prerelease?
+              names << pkg.spec.name_tuple
+            end
+          when :latest
+            tup = pkg.spec.name_tuple
+            cur = names.find { |x| x.name == tup.name }
+            if !cur
+              names << tup
+            elsif cur.version < tup.version
+              names.delete cur
+              names << tup
+            end
+          else
+            names << pkg.spec.name_tuple
+          end
         end
       end
-    end
-    names
+      names
+    end
   end
   def find_gem gem_name, version = Gem::Requirement.default, # :nodoc:
@@ -88,7 +91,7 @@ class Gem::Source::Local < Gem::Source
         if version.satisfied_by?(s.version)
           if prerelease
             found << s
-          elsif !s.version.prerelease?
+          elsif !s.version.prerelease? || version.prerelease?
             found << s
           end
         end

data/lib/rubygems/source/lock.rb CHANGED Viewed

@@ -34,6 +34,10 @@ class Gem::Source::Lock < Gem::Source
     0 == (self <=> other)
   end
+  def hash # :nodoc:
+    @wrapped.hash ^ 3
+  end
   ##
   # Delegates to the wrapped source's fetch_spec method.
@@ -46,4 +50,3 @@ class Gem::Source::Lock < Gem::Source
   end
 end

data/lib/rubygems/source_local.rb CHANGED Viewed

@@ -2,5 +2,7 @@
 require 'rubygems/source'
 require 'rubygems/source_local'
-# TODO warn upon require, this file is deprecated.
+unless Gem::Deprecate.skip
+  Kernel.warn "#{Gem.location_of_caller(3).join(':')}: Warning: Requiring rubygems/source_local is deprecated; please use rubygems/source/local instead."
+end

data/lib/rubygems/source_specific_file.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 require 'rubygems/source/specific_file'
-# TODO warn upon require, this file is deprecated.
+unless Gem::Deprecate.skip
+  Kernel.warn "#{Gem.location_of_caller(3).join(':')}: Warning: Requiring rubygems/source_specific_file is deprecated; please use rubygems/source/specific_file instead."
+end