RubyGems - rubygems-update - Versions diffs - 2.6.8 → 2.6.9 - Mend

rubygems-update 2.6.8 → 2.6.9

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (96) hide show

checksums.yaml +4 -4
data/.travis.yml +9 -6
data/CODE_OF_CONDUCT.md +36 -33
data/History.txt +16 -0
data/Manifest.txt +5 -3
data/Rakefile +5 -0
data/bundler/CHANGELOG.md +72 -0
data/bundler/DEVELOPMENT.md +2 -2
data/bundler/README.md +5 -0
data/bundler/lib/bundler.rb +1 -1
data/bundler/lib/bundler/cli.rb +42 -29
data/bundler/lib/bundler/cli/common.rb +17 -0
data/bundler/lib/bundler/cli/exec.rb +6 -0
data/bundler/lib/bundler/cli/gem.rb +16 -3
data/bundler/lib/bundler/cli/install.rb +7 -20
data/bundler/lib/bundler/cli/lock.rb +1 -1
data/bundler/lib/bundler/cli/open.rb +2 -1
data/bundler/lib/bundler/cli/outdated.rb +91 -43
data/bundler/lib/bundler/cli/update.rb +3 -10
data/bundler/lib/bundler/compact_index_client.rb +7 -1
data/bundler/lib/bundler/current_ruby.rb +1 -0
data/bundler/lib/bundler/definition.rb +9 -5
data/bundler/lib/bundler/dependency.rb +12 -0
data/bundler/lib/bundler/env.rb +25 -20
data/bundler/lib/bundler/errors.rb +21 -0
data/bundler/lib/bundler/fetcher.rb +2 -2
data/bundler/lib/bundler/fetcher/compact_index.rb +15 -3
data/bundler/lib/bundler/friendly_errors.rb +23 -7
data/bundler/lib/bundler/index.rb +9 -4
data/bundler/lib/bundler/inline.rb +1 -1
data/bundler/lib/bundler/installer.rb +1 -1
data/bundler/lib/bundler/installer/gem_installer.rb +2 -2
data/bundler/lib/bundler/installer/parallel_installer.rb +40 -9
data/bundler/lib/bundler/lockfile_parser.rb +0 -1
data/bundler/lib/bundler/match_platform.rb +12 -4
data/bundler/lib/bundler/plugin/api.rb +2 -1
data/bundler/lib/bundler/plugin/api/source.rb +1 -1
data/bundler/lib/bundler/postit_trampoline.rb +3 -3
data/bundler/lib/bundler/resolver.rb +6 -1
data/bundler/lib/bundler/retry.rb +4 -1
data/bundler/lib/bundler/rubygems_gem_installer.rb +18 -6
data/bundler/lib/bundler/rubygems_integration.rb +16 -3
data/bundler/lib/bundler/settings.rb +8 -3
data/bundler/lib/bundler/shared_helpers.rb +15 -12
data/bundler/lib/bundler/source.rb +4 -0
data/bundler/lib/bundler/source/git/git_proxy.rb +2 -1
data/bundler/lib/bundler/source/rubygems.rb +9 -0
data/bundler/lib/bundler/spec_set.rb +4 -0
data/bundler/lib/bundler/templates/newgem/gitignore.tt +5 -0
data/bundler/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +1 -1
data/bundler/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +10 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +10 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb +1 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +2 -2
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +2 -2
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +62 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +10 -3
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/log.rb +12 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/set_payload.rb +2 -2
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +2 -2
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +2 -0
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +1 -1
data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +27 -19
data/bundler/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/faster.rb +1 -0
data/bundler/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/persistent.rb +24 -23
data/bundler/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/persistent/ssl_reuse.rb +2 -1
data/bundler/lib/bundler/vendored_persistent.rb +9 -4
data/bundler/lib/bundler/version.rb +1 -1
data/bundler/lib/bundler/worker.rb +27 -5
data/bundler/man/bundle-config.ronn +28 -1
data/bundler/man/bundle-install.ronn +1 -1
data/bundler/man/bundle-lock.ronn +47 -0
data/bundler/man/bundle-outdated.ronn +107 -0
data/bundler/man/bundle-update.ronn +152 -3
data/bundler/man/bundle.ronn +22 -4
data/bundler/man/gemfile.5.ronn +16 -0
data/lib/rubygems.rb +1 -1
data/lib/rubygems/ext/ext_conf_builder.rb +5 -3
data/lib/rubygems/ext/rake_builder.rb +1 -1
data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb +3 -1
data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +9 -2
data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/vertex.rb +2 -0
data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +1 -1
data/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb +17 -17
data/lib/rubygems/server.rb +11 -4
data/lib/rubygems/stub_specification.rb +6 -1
data/lib/rubygems/version.rb +6 -2
data/test/rubygems/test_gem.rb +2 -0
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +23 -0
data/test/rubygems/test_gem_ext_rake_builder.rb +34 -17
data/test/rubygems/test_gem_server.rb +16 -0
data/test/rubygems/test_gem_specification.rb +1 -1
data/test/rubygems/test_gem_stub_specification.rb +61 -0
data/test/rubygems/test_gem_version.rb +6 -0
data/util/ci +5 -5
metadata +31 -29

data/bundler/lib/bundler/retry.rb CHANGED

@@ -43,7 +43,10 @@ module Bundler
     def fail_attempt(e)
       @failed = true
-      raise e if last_attempt? || @exceptions.any? {|k| e.is_a?(k) }
+      if last_attempt? || @exceptions.any? {|k| e.is_a?(k) }
+        Bundler.ui.info "" unless Bundler.ui.debug?
+        raise e
+      end
       return true unless name
       Bundler.ui.info "" unless Bundler.ui.debug? # Add new line incase dots preceded this
       Bundler.ui.warn "Retrying #{name} due to error (#{current_run.next}/#{total_runs}): #{e.class} #{e.message}", Bundler.ui.debug?

data/bundler/lib/bundler/rubygems_gem_installer.rb CHANGED

@@ -31,12 +31,24 @@ module Bundler
         send(checksum_type(checksum), digest)
       end
       unless digest == checksum
-        raise SecurityError,
-          "The checksum for the downloaded `#{spec.full_name}.gem` did not match " \
-          "the checksum given by the API. This means that the contents of the " \
-          "gem appear to be different from what was uploaded, and could be an indicator of a security issue.\n" \
-          "(The expected SHA256 checksum was #{checksum.inspect}, but the checksum for the downloaded gem was #{digest.inspect}.)\n" \
-          "Bundler cannot continue installing #{spec.name} (#{spec.version})."
+        raise SecurityError, <<-MESSAGE
+          Bundler cannot continue installing #{spec.name} (#{spec.version}).
+          The checksum for the downloaded `#{spec.full_name}.gem` does not match \
+          the checksum given by the server. This means the contents of the downloaded \
+          gem is different from what was uploaded to the server, and could be a potential security issue.
+          To resolve this issue:
+          1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`
+          2. run `bundle install`
+          If you wish to continue installing the downloaded gem, and are certain it does not pose a \
+          security issue despite the mismatching checksum, do the following:
+          1. run `bundle config disable.checksum_validation true` to turn off checksum verification
+          2. run `bundle install`
+          (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \
+          checksum for the downloaded gem was #{digest.inspect}.)
+          MESSAGE
       end
       true
     end

data/bundler/lib/bundler/rubygems_integration.rb CHANGED

@@ -71,8 +71,13 @@ module Bundler
       spec.installed_by_version = Gem::Version.create(installed_by_version)
     end
-    def spec_missing_extensions?(spec)
-      !spec.respond_to?(:missing_extensions?) || spec.missing_extensions?
+    def spec_missing_extensions?(spec, default = true)
+      return spec.missing_extensions? if spec.respond_to?(:missing_extensions?)
+      return false if spec.respond_to?(:default_gem?) && spec.default_gem?
+      return false if spec.extensions.empty?
+      default
     end
     def path(obj)
@@ -196,7 +201,7 @@ module Bundler
     end
     def load_plugins
-      Gem.load_plugins
+      Gem.load_plugins if Gem.respond_to?(:load_plugins)
     end
     def ui=(obj)
@@ -248,6 +253,10 @@ module Bundler
       end
     end
+    def install_with_build_args(args)
+      with_build_args(args) { yield }
+    end
     def gem_from_path(path, policy = nil)
       require "rubygems/format"
       Gem::Format.from_file_by_path(path, policy)
@@ -715,6 +724,10 @@ module Bundler
       def repository_subdirectories
         Gem::REPOSITORY_SUBDIRECTORIES
       end
+      def install_with_build_args(args)
+        yield
+      end
     end
     # RubyGems 2.1.0

data/bundler/lib/bundler/settings.rb CHANGED

@@ -240,7 +240,12 @@ module Bundler
     end
     def to_bool(value)
-      !(value.nil? || value == "" || value =~ /^(false|f|no|n|0)$/i || value == false)
+      case value
+      when nil, /\A(false|f|no|n|0|)\z/i, false
+        false
+      else
+        true
+      end
     end
     def is_num(value)
@@ -298,10 +303,10 @@ module Bundler
     }xo
     def load_config(config_file)
-      return {} unless config_file
+      return {} if !config_file || ignore_config?
       SharedHelpers.filesystem_access(config_file, :read) do |file|
         valid_file = file.exist? && !file.size.zero?
-        return {} if ignore_config? || !valid_file
+        return {} unless valid_file
         require "bundler/yaml_serializer"
         YAMLSerializer.load file.read
       end

data/bundler/lib/bundler/shared_helpers.rb CHANGED

@@ -8,6 +8,7 @@ require "bundler/current_ruby"
 module Gem
   class Dependency
+    # This is only needed for RubyGems < 1.4
     unless method_defined? :requirement
       def requirement
         version_requirements
@@ -18,8 +19,6 @@ end
 module Bundler
   module SharedHelpers
-    attr_accessor :gem_loaded
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
@@ -111,8 +110,14 @@ module Bundler
       raise TemporaryResourceError.new(path, action)
     rescue Errno::EPROTO
       raise VirtualProtocolError.new
+    rescue Errno::ENOSPC
+      raise NoSpaceOnDeviceError.new(path, action)
     rescue *[const_get_safely(:ENOTSUP, Errno)].compact
       raise OperationNotSupportedError.new(path, action)
+    rescue Errno::EEXIST, Errno::ENOENT
+      raise
+    rescue SystemCallError => e
+      raise GenericSystemCallError.new(e, "There was an error accessing `#{path}`.")
     end
     def const_get_safely(constant_name, namespace)
@@ -211,22 +216,20 @@ module Bundler
     def bundler_ruby_lib
       File.expand_path("../..", __FILE__)
     end
-    private :bundler_ruby_lib
     def clean_load_path
       # handle 1.9 where system gems are always on the load path
-      if defined?(::Gem)
-        me = File.expand_path("../../", __FILE__)
-        me = /^#{Regexp.escape(me)}/
+      return unless defined?(::Gem)
-        loaded_gem_paths = Bundler.rubygems.loaded_gem_paths
+      bundler_lib = bundler_ruby_lib
-        $LOAD_PATH.reject! do |p|
-          next if File.expand_path(p) =~ me
-          loaded_gem_paths.delete(p)
-        end
-        $LOAD_PATH.uniq!
+      loaded_gem_paths = Bundler.rubygems.loaded_gem_paths
+      $LOAD_PATH.reject! do |p|
+        next if File.expand_path(p).start_with?(bundler_lib)
+        loaded_gem_paths.delete(p)
       end
+      $LOAD_PATH.uniq!
     end
     def prints_major_deprecations?

data/bundler/lib/bundler/source.rb CHANGED

@@ -34,5 +34,9 @@ module Bundler
     def include?(other)
       other == self
     end
+    def inspect
+      "#<#{self.class}:0x#{object_id} #{self}>"
+    end
   end
 end

data/bundler/lib/bundler/source/git/git_proxy.rb CHANGED

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require "shellwords"
 require "tempfile"
 module Bundler
   class Source
@@ -180,7 +181,7 @@ module Bundler
         def find_local_revision
           allowed_in_path do
-            git("rev-parse --verify #{ref}", true).strip
+            git("rev-parse --verify #{Shellwords.shellescape(ref)}", true).strip
           end
         end

data/bundler/lib/bundler/source/rubygems.rb CHANGED

@@ -141,6 +141,7 @@ module Bundler
               :ignore_dependencies => true,
               :wrappers            => true,
               :env_shebang         => true,
+              :build_args          => opts[:build_args],
               :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum
             ).install
           end
@@ -292,6 +293,10 @@ module Bundler
             next if spec.name == "bundler" && spec.version.to_s != VERSION
             have_bundler = true if spec.name == "bundler"
             spec.source = self
+            if Bundler.rubygems.spec_missing_extensions?(spec, false)
+              Bundler.ui.debug "Source #{self} is ignoring #{spec} because it is missing extensions"
+              next
+            end
             idx << spec
           end
@@ -322,6 +327,10 @@ module Bundler
             next if gemfile =~ /^bundler\-[\d\.]+?\.gem/
             s ||= Bundler.rubygems.spec_from_gem(gemfile)
             s.source = self
+            if Bundler.rubygems.spec_missing_extensions?(s, false)
+              Bundler.ui.debug "Source #{self} is ignoring #{s} because it is missing extensions"
+              next
+            end
             idx << s
           end
         end

data/bundler/lib/bundler/spec_set.rb CHANGED

@@ -114,6 +114,10 @@ module Bundler
       SpecSet.new(arr)
     end
+    def find_by_name_and_platform(name, platform)
+      @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
+    end
   private
     def sorted

data/bundler/lib/bundler/templates/newgem/gitignore.tt CHANGED

@@ -14,3 +14,8 @@
 *.a
 mkmf.log
 <%- end -%>
+<%- if config[:test] == "rspec" -%>
+# rspec failure tracking
+.rspec_status
+<%- end -%>

data/bundler/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt CHANGED

@@ -1,6 +1,6 @@
 require "spec_helper"
-describe <%= config[:constant_name] %> do
+RSpec.describe <%= config[:constant_name] %> do
   it "has a version number" do
     expect(<%= config[:constant_name] %>::VERSION).not_to be nil
   end

data/bundler/lib/bundler/templates/newgem/spec/spec_helper.rb.tt CHANGED

@@ -1,2 +1,11 @@
-$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+require "bundler/setup"
 require "<%= config[:namespaced_path] %>"
+RSpec.configure do |config|
+  # Enable flags like --only-failures and --next-failure
+  config.example_status_persistence_file_path = ".rspec_status"
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb CHANGED

@@ -119,6 +119,7 @@ module Bundler::Molinillo
     #   {Vertex#successors}
     def ==(other)
       return false unless other
+      return true if equal?(other)
       vertices.each do |name, vertex|
         other_vertex = other.vertex_named(name)
         return false unless other_vertex
@@ -134,6 +135,7 @@ module Bundler::Molinillo
     def add_child_vertex(name, payload, parent_names, requirement)
       root = !parent_names.delete(nil) { true }
       vertex = add_vertex(name, payload, root)
+      vertex.explicit_requirements << requirement if root
       parent_names.each do |parent_name|
         parent_node = vertex_named(parent_name)
         add_edge(parent_node, vertex, requirement)
@@ -152,7 +154,7 @@ module Bundler::Molinillo
     # Detaches the {#vertex_named} `name` {Vertex} from the graph, recursively
     # removing any non-root vertices that were orphaned in the process
     # @param [String] name
-    # @return [void]
+    # @return [Array<Vertex>] the vertices which have been detached
     def detach_vertex_named(name)
       log.detach_vertex_named(self, name)
     end
@@ -182,6 +184,13 @@ module Bundler::Molinillo
       add_edge_no_circular(origin, destination, requirement)
     end
+    # Deletes an {Edge} from the dependency graph
+    # @param [Edge] edge
+    # @return [Void]
+    def delete_edge(edge)
+      log.delete_edge(self, edge.origin.name, edge.destination.name, edge.requirement)
+    end
     # Sets the payload of the vertex with the given name
     # @param [String] name the name of the vertex
     # @param [Object] payload the payload

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb CHANGED

@@ -7,7 +7,7 @@ module Bundler::Molinillo
       # rubocop:disable Lint/UnusedMethodArgument
       # @return [Symbol] The name of the action.
-      def self.name
+      def self.action_name
         raise 'Abstract'
       end

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb CHANGED

@@ -7,8 +7,8 @@ module Bundler::Molinillo
     class AddEdgeNoCircular < Action
       # @!group Action
-      # (see Action.name)
-      def self.name
+      # (see Action.action_name)
+      def self.action_name
         :add_vertex
       end

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb CHANGED

@@ -7,8 +7,8 @@ module Bundler::Molinillo
     class AddVertex < Action # :nodoc:
       # @!group Action
-      # (see Action.name)
-      def self.name
+      # (see Action.action_name)
+      def self.action_name
         :add_vertex
       end

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb ADDED

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require 'bundler/vendor/molinillo/lib/molinillo/dependency_graph/action'
+module Bundler::Molinillo
+  class DependencyGraph
+    # @!visibility private
+    # (see DependencyGraph#delete_edge)
+    class DeleteEdge < Action
+      # @!group Action
+      # (see Action.action_name)
+      def self.action_name
+        :delete_edge
+      end
+      # (see Action#up)
+      def up(graph)
+        edge = make_edge(graph)
+        edge.origin.outgoing_edges.delete(edge)
+        edge.destination.incoming_edges.delete(edge)
+      end
+      # (see Action#down)
+      def down(graph)
+        edge = make_edge(graph)
+        edge.origin.outgoing_edges << edge
+        edge.destination.incoming_edges << edge
+        edge
+      end
+      # @!group DeleteEdge
+      # @return [String] the name of the origin of the edge
+      attr_reader :origin_name
+      # @return [String] the name of the destination of the edge
+      attr_reader :destination_name
+      # @return [Object] the requirement that the edge represents
+      attr_reader :requirement
+      # @param  [DependencyGraph] graph the graph to find vertices from
+      # @return [Edge] The edge this action adds
+      def make_edge(graph)
+        Edge.new(
+          graph.vertex_named(origin_name),
+          graph.vertex_named(destination_name),
+          requirement
+        )
+      end
+      # Initialize an action to add an edge to a dependency graph
+      # @param [String] origin_name the name of the origin of the edge
+      # @param [String] destination_name the name of the destination of the edge
+      # @param [Object] requirement the requirement that the edge represents
+      def initialize(origin_name, destination_name, requirement)
+        @origin_name = origin_name
+        @destination_name = destination_name
+        @requirement = requirement
+      end
+    end
+  end
+end

data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb CHANGED

@@ -8,22 +8,29 @@ module Bundler::Molinillo
       # @!group Action
       # (see Action#name)
-      def self.name
+      def self.action_name
         :add_vertex
       end
       # (see Action#up)
       def up(graph)
-        return unless @vertex = graph.vertices.delete(name)
+        return [] unless @vertex = graph.vertices.delete(name)
+        removed_vertices = [@vertex]
         @vertex.outgoing_edges.each do |e|
           v = e.destination
           v.incoming_edges.delete(e)
-          graph.detach_vertex_named(v.name) unless v.root? || v.predecessors.any?
+          if !v.root? && v.incoming_edges.empty?
+            removed_vertices.concat graph.detach_vertex_named(v.name)
+          end
         end
         @vertex.incoming_edges.each do |e|
           v = e.origin
           v.outgoing_edges.delete(e)
         end
+        removed_vertices
       end
       # (see Action#down)