rubygems-update 2.7.6 → 2.7.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0fa366bda5b1ed46730b8c276ce161ef32966ec9dde14f974663508163df41da
-  data.tar.gz: 76d8c2583652ec7266303e5af81014b7b6c440ff207e1d4cbe483959226db55d
+  metadata.gz: 05af8c86d4ea15a0d09d4d8611a6aca36d75dc741cdd8e5d86076475ebe8a7de
+  data.tar.gz: a8dfa7a91b938c27adb2227e99bb3160384e5bfe4b0701f54bdda00039f5bedb
 SHA512:
-  metadata.gz: cd712f404f5e736191c312af58dafdfe897e155b9cdec68a634547606846bb31bae7cdefc46ace35eb143db7f8281c20092a534a7ccb94760ad5701d8c0ca06f
-  data.tar.gz: 1d80df8990549a07c91d94c5e848141f72045a71046ef0a3be5b871e8af9f0909187b196d117b6c508ec9fd0c9238a0ed96e4f9a8c7f6a9f6b59feac8a7df25b
+  metadata.gz: 7c7a3afc31fb6b849ad66759acb0df2444867bf0db3f64ec05f7484689cb47bac289429d5a350fa7949a5d2a94090c14fd7eec552b8ea3678e71f4a65bdd11ba
+  data.tar.gz: 77a27d60b8709a0b26872bf616eeb4161cf9c847b0770e74976d631934b4ef88c2d5d2406c36846104361acea894e1b4104921fd286a6540adf17402d85dcecb

data/.travis.yml

@@ -28,28 +28,7 @@ env:
   - "TEST_TOOL=rubygems YAML=psych"
   - "TEST_TOOL=bundler RGV=master"
 script:
-- util/ci script
+  - util/ci script
 matrix:
-  exclude:
-    - rvm: 1.8.7
-      env: "TEST_TOOL=rubygems YAML=psych"
-    - rvm: 1.9.2
-      env: "TEST_TOOL=bundler RGV=master"
-    - rvm: 2.0.0
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.1.10
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.2.9
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.3.6
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.4.3
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: 2.5.0
-      env: "TEST_TOOL=rubygems YAML=syck"
-    - rvm: ruby-head
-      env: "TEST_TOOL=rubygems YAML=syck"
   allow_failures:
-    - rvm: ruby-head
-    - rvm: 2.5.0
-      env: "TEST_TOOL=rubygems YAML=psych"
+    - env: "TEST_TOOL=bundler RGV=master"

data/History.txt

@@ -1,5 +1,107 @@
 # coding: UTF-8
 
+=== 2.7.11 / 2020-12-08
+
+Minor enhancements:
+
+* Add GlobalSign Root CA - R3 cert and remove outdated certs. Pull request #4100
+  by Aditya Prakash.
+
+=== 2.7.10 / 2019-06-14
+
+Minor enhancements:
+
+* Fix bundler rubygems binstub not properly looking for bundler. Pull request #2426
+  by David Rodríguez.
+* [BudlerVersionFinder] set .filter! and .compatible? to match only on major versions.
+  Pull request #2515 by Colby Swandale.
++ Update for compatibilty with new minitest. Pull request #2118 by MSP-Greg.
+
+=== 2.7.9 / 2019-03-05
+
+Security fixes:
+
+* Fixed following vulnerabilities:
+  * CVE-2019-8320: Delete directory using symlink when decompressing tar
+  * CVE-2019-8321: Escape sequence injection vulnerability in `verbose`
+  * CVE-2019-8322: Escape sequence injection vulnerability in `gem owner`
+  * CVE-2019-8323: Escape sequence injection vulnerability in API response handling
+  * CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
+  * CVE-2019-8325: Escape sequence injection vulnerability in errors
+
+=== 2.7.8 / 2018-11-02
+
+Minor enhancements:
+
+* [Requirement] Treat requirements with == versions as equal. Pull
+  request #2230 by Samuel Giddins.
+* Fix exec_name documentation. Pull request #2239 by Luis Sagastume.
+* [TarHeader] Extract the empty header into a constant. Pull request #2247
+  by Samuel Giddins.
+* Simplify the code that lets us call the original, non-monkeypatched
+  Kernel#require. Pull request #2267 by Leon Miller-Out.
+* Add install alias documentation. Pull request #2320 by ota42y.
+* [Rakefile] Set bundler build metadata when doing a release. Pull request
+  #2335 by Samuel Giddins.
+* Backport commits from ruby core . Pull request #2347 by SHIBATA Hiroshi.
+* Sign in to the correct host before push. Pull request #2366 by Luis
+  Sagastume.
+* Bump bundler-1.16.4. Pull request #2381 by SHIBATA Hiroshi.
+* Improve bindir flag description. Pull request #2383 by Luis Sagastume.
+* Update bundler-1.16.6. Pull request #2423 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Fix #1470: generate documentation when --install-dir is present. Pull
+  request #2229 by Elias Hernandis.
+* Fix no proxy checking. Pull request #2249 by Luis Sagastume.
+* Validate SPDX license exceptions. Pull request #2257 by Mikit.
+* Retry api specification spec with original platform. Pull request #2275
+  by Luis Sagastume.
+* Fix approximate recommendation with prereleases. Pull request #2345 by
+  David Rodríguez.
+* Gem::Version should handle nil like it used to before. Pull request
+  #2363 by Luis Sagastume.
+
+=== 2.7.7 / 2018-05-08
+
+Minor enhancements:
+
+* [RequestSet] Only suggest a gem version with an installable platform.
+  Pull request #2175 by Samuel Giddins.
+* Fixed no assignment variables about default gems installation. Pull
+  request #2181 by SHIBATA Hiroshi.
+* Backport improvements for test-case from Ruby core. Pull request #2189
+  by SHIBATA Hiroshi.
+* Fix ruby warnings in test suite. Pull request #2205 by Colby Swandale.
+* To use Gem::Specification#bindir of bundler instead of hard coded path.
+  Pull request #2208 by SHIBATA Hiroshi.
+* Update gem push --help description. Pull request #2215 by Luis
+  Sagastume.
+* Backport ruby core commits. Pull request #2264 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Frozen string fix - lib/rubygems/bundler_version_finder.rb. Pull request
+  #2115 by MSP-Greg.
+* Fixed tempfile leak for RubyGems 2.7.6. Pull request #2194 by SHIBATA
+  Hiroshi.
+* Add missing requires. Pull request #2196 by David Rodríguez.
+* Fix Gem::Version.correct?. Pull request #2203 by Masato Nakamura.
+* Fix verify_entry regex for metadata. Pull request #2212 by Luis
+  Sagastume.
+* Fix path checks for case insensitive filesystem. Pull request #2211 by
+  Lars Kanis.
+
+Compatibility changes:
+
+* Deprecate unused code before removing them at #1524. Pull request #2197
+  by SHIBATA Hiroshi.
+* Deprecate for rubygems 3. Pull request #2214 by SHIBATA Hiroshi.
+* Mark deprecation to `ubygems.rb` for RubyGems 4. Pull request #2269 by
+  SHIBATA Hiroshi.
+* Update bundler-1.16.2. Pull request #2291 by SHIBATA Hiroshi.
+
 === 2.7.6 / 2018-02-16
 
 Security fixes:
@@ -19,6 +121,20 @@ Security fixes:
 * Prevent Path Traversal issue during gem installation.
   Discovered by nmalkin.
 
+=== 2.7.5
+
+Bug fixes:
+
+* To use bundler-1.16.1 #2121 by SHIBATA Hiroshi.
+* Fixed leaked FDs. Pull request #2127 by Nobuyoshi Nakada.
+* Support option for `--destdir` with upgrade installer. #2169 by Thibault Jouan.
+* Remove PID from gem index directory. #2155 by SHIBATA Hiroshi.
+* Avoid a #mkdir race condition #2148 by Samuel Giddins.
+* Gem::Util.traverse_parents should not crash on permissions error #2147 by Robert Ulejczyk.
+* Use `File.open` instead of `open`. #2142 by SHIBATA Hiroshi.
+* Set whether bundler is used for gemdeps with an environmental variable #2126 by SHIBATA Hiroshi.
+* Fix undefined method error when printing alert #1884 by Robert Ross.
+
 === 2.7.4
 
 Bug fixes:

data/Manifest.txt

@@ -247,6 +247,7 @@ bundler/man/bundle-binstubs.ronn
 bundler/man/bundle-check.ronn
 bundler/man/bundle-clean.ronn
 bundler/man/bundle-config.ronn
+bundler/man/bundle-doctor.ronn
 bundler/man/bundle-exec.ronn
 bundler/man/bundle-gem.ronn
 bundler/man/bundle-info.ronn
@@ -432,9 +433,8 @@ lib/rubygems/source_specific_file.rb
 lib/rubygems/spec_fetcher.rb
 lib/rubygems/specification.rb
 lib/rubygems/ssl_certs/.document
-lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem
-lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem
-lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem
+lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA.pem
+lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
 lib/rubygems/stub_specification.rb
 lib/rubygems/syck_hack.rb
 lib/rubygems/test_case.rb

data/Rakefile

@@ -173,9 +173,9 @@ end
 # --------------------------------------------------------------------
 # Creating a release
 
-task :prerelease => [:clobber, :check_manifest, :test]
+task :prerelease => %w[clobber check_manifest test bundler:build_metadata]
 
-task :postrelease => %w[upload guides:publish blog:publish]
+task :postrelease => %w[bundler:build_metadata:clean upload guides:publish blog:publish]
 
 file "pkg/rubygems-#{v}" => "pkg/rubygems-update-#{v}" do |t|
   require 'find'
@@ -513,4 +513,14 @@ namespace :bundler do
   task :checkout do
     sh "git submodule update --init"
   end
+
+  task :build_metadata do
+    chdir('bundler') { sh "rake build_metadata" }
+  end
+
+  namespace :build_metadata do
+    task :clean do
+      chdir('bundler') { sh "rake build_metadata:clean" }
+    end
+  end
 end

data/bundler/CHANGELOG.md

@@ -1,3 +1,133 @@
+## 1.16.6 (2018-10-05)
+
+Changes:
+
+  - Add an error message when adding a gem with `bundle add` that's already in the bundle ([#6341](https://github.com/bundler/bundler/issues/6341), @agrim123)
+  - Add Homepage, Source Code and Chanagelog URI metadata fields to the `bundle gem` gemspec template (@walf443)
+
+Bugfixes:
+
+  - Fix issue where updating a gem resulted in the gem's version being downgraded when `BUNDLE_ONLY_UPDATE_TO_NEWER_VERSIONS` was set ([#6529](https://github.com/bundler/bundler/issues/6529), @theflow)
+  - Fix some rescue calls that don't specifiy error type (@utilum)
+  - Fix an issue when the Lockfile would contain platform-specific gems that it didn't need ([#6491](https://github.com/bundler/bundler/issues/6491), @segiddins)
+  - Improve handlding of adding new gems with only a single group to the Gemfile in `bundle add` (@agrim123)
+  - Refactor check for OpenSSL in `bundle env` (@voxik)
+  - Remove an unnecessary assignment in Metadata (@voxik)
+
+Documentation:
+
+  - Update docs to reflect revised guidance to check in Gemfile.lock into version control for gems ([#5879](https://github.com/bundler/bundler/issues/5879), @arbonap)
+  - Add documentation for the `--all` flag in `bundle update` (@agrim123)
+  - Update README to use `bundle add` in usage examples (@hdf1986)
+
+## 1.16.5 (2018-09-18)
+
+Changes:
+
+  - Add support for TruffleRuby (@eregon)
+
+Bugfixes:
+
+  - Avoid printing git errors when checking the version on incorrectly packaged versions of Bundler ([#6453](https://github.com/bundler/bundler/issues/6453), @greysteil)
+  - Fix issue where Bundler does not check the given class when comparing equality in DepProxy (@ChrisBr)
+  - Handle `RangeNotSatisfiable` error in Compact Index (@MaxLap)
+  - Check for initialized `search` variable in `LazySpecification` (@voxik)
+  - Fix LoadError occurring in nested bundle exec calls ([#6537](https://github.com/bundler/bundler/issues/6537), @colby-swandale)
+  - Check that Bundler::Deprecate is not an autoload constant ([#6163](https://github.com/bundler/bundler/issues/6163), @eregon)
+  - Prefer non-pre-release versions when performing a `bundle update --patch` ([#6684](https://github.com/bundler/bundler/issues/6684), @segiddins)
+
+## 1.16.4 (2018-08-17)
+
+Changes:
+
+  - Welcome new members to the Bundler core team (@indirect)
+  - Don't mutate original error trees when determining version_conflict_message (@greysteil)
+  - Update vendored Molinillo to 0.6.6 (@segiddins)
+
+Bugfixes:
+
+  - Reword bundle update regression message to be more clear to the user when a gem's version is downgraded ([#6584](https://github.com/bundler/bundler/issues/6584), @ralphbolo)
+  - Respect --conservative flag when updating a dependency group ([#6560](https://github.com/bundler/bundler/issues/6560), @greysteil)
+  - Fix issue where a pre-release version was not being selected when it's specified in the Gemfile ([#6449](https://github.com/bundler/bundler/issues/6449), @akihiro17)
+  - Fix issue where `Etc` was not loaded when getting the user's home dir ([#6640](https://github.com/bundler/bundler/issues/6640), @colby-swandale)
+  - Use UTF-8 for reading files including Gemfile ([#6660](https://github.com/bundler/bundler/issues/6660), @eregon)
+  - Remove unnecessary `while` loop in path resolver helper (@ojab)
+
+Documentation:
+
+  - Document that `bundle show [--paths]` sorts results by name (@kemitchell)
+
+## 1.16.3 (2018-07-17)
+
+Features:
+
+  - Support URI::File of Ruby 2.6 (@hsbt)
+
+Bugfixes:
+
+  - Expand symlinks during setup to allow Bundler to load correctly when using symlinks in $GEM_HOME ([#6465](https://github.com/bundler/bundler/issues/6465), @ojab, @indirect)
+  - Dont let Bundler create temporary folders for gem installs which are owned by root ([#6258](https://github.com/bundler/bundler/issues/6258), @colby-swandale)
+  - Don't fallback to using temporary directories when needed directories already exist ([#6546](https://github.com/bundler/bundler/issues/6546), @brodock)
+  - Use SharedHelpers.filesystem_access when reading a Gemfile so friendly error messages can be given to the user ([#6541](https://github.com/bundler/bundler/issues/6541), @segiddins)
+  - Check if source responds to `#remotes` before printing gem install error message ([#6211](https://github.com/bundler/bundler/issues/6211), @colby-swandale)
+  - Handle Errno::ENOTSUP in the Bundler Process Lock to prevent exceptions when using NFS mounts ([#6566](https://github.com/bundler/bundler/issues/6566), @colby-swandale)
+  - Respect encodings when reading gemspecs ([#6598](https://github.com/bundler/bundler/issues/6598), @deivid-rodriguez)
+
+Documentation:
+
+  - Fix links between manual pages (@BanzaiMan)
+  - Add warning to Gemfile documentation for the use of the `source` option when declaring gems ([#6280](https://github.com/bundler/bundler/issues/6280), @forestgagnon)
+
+## 1.16.2 (2018-04-20)
+
+Changes:
+
+  - Include the gem's source in the gem install error message when available (@papanikge)
+  - Remove unnecessary executable bit from gem template (@voxik)
+  - Dont add the timestamp comment with gems added to the Gemfile via `bundle add` ([#6193](https://github.com/bundler/bundler/issues/6193), @cpgo)
+  - Improve yanked gem error message (@alyssais)
+  - Use `Bundler.rubygems.inflate` instead of the Gem::Util method directly (@segiddins)
+  - Remove unused instance variable (@segiddins)
+
+Bugfixes:
+
+  - Only trap INT signal and have Ruby's signal default handler be invoked (@shayonj)
+  - Fix warning about the use of `__FILE__` in RubyGems integration testing (@MSP-Greg)
+  - Skip the outdated bundler check when MD5 is not available ([#6032](https://github.com/bundler/bundler/issues/6032), @segiddins)
+  - Fallback to the original error if the friendly message raises (@segiddins)
+  - Rename Bundler.frozen? to avoid Object method conflict ([#6252](https://github.com/bundler/bundler/issues/6252), @segiddins)
+  - Ensure the bindir exists before installing gems (@segiddins)
+  - Handle gzip corruption errors in the compact index client ([#6261](https://github.com/bundler/bundler/issues/6261), @colby-swandale)
+  - Check if the current directory is writeable when writing files in `bundle gem` ([#6219](https://github.com/bundler/bundler/issues/6219), @nilsding)
+  - Fix hang when gemspec has incompatible encoding (@deivid-rodriguez)
+  - Gracefully handle when the lockfile is missing spec entries for the current platform ([#6079](https://github.com/bundler/bundler/issues/6079), @segiddins)
+  - Use Gem::Util.inflate instead of Gem.inflate (@hsbt)
+  - Update binstub generator to use new ERB.new arity in Ruby 2.6 (@koic)
+  - Fix `source_location` call in rubygems integration (@MSP-Greg)
+  - Use `filesystem_access` when copying files in Compact Index Updater ([#6289](https://github.com/bundler/bundler/issues/6289), @segiddins)
+  - Fail gracefully when resetting git gems to the given revision fails ([#6324](https://github.com/bundler/bundler/issues/6324), @segiddins)
+  - Handle exceptions that do not have a backtrace ([#6342](https://github.com/bundler/bundler/issues/6342), @nesaulov)
+  - Check if stderr was closed before writing to it (@shime)
+  - Handle updating a specific gem for a non-local platform ([#6350](https://github.com/bundler/bundler/issues/6350), @greysteil)
+  - Bump the `bundle_binstub` check-length to 300 characters (@tduffield)
+  - Fix specifying alterntive Lockfile with `bundle lock` when default gemfile is present  ([#6460](https://github.com/bundler/bundler/issues/6460), @agrim123)
+  - Allow installing dependencies when the path is set to `.`  ([#6475](https://github.com/bundler/bundler/issues/6475), @segiddins)
+  - Support Bundler installing on a readonly filesystem without a home directory ([#6461](https://github.com/bundler/bundler/issues/6461), @grosser)
+  - Filter git uri credentials in source description (@segiddins)
+
+Documentation:
+
+  - Correct typos in `bundle binstubs` man page (@erikj, @samueloph)
+  - Update links in `bundle gem` command documentation to use https (@KrauseFx)
+  - Fix broken links between bundler man pages (@segiddins)
+  - Add man page for the `bundle doctor` command ([#6243](https://github.com/bundler/bundler/issues/6243), @nholden)
+  - Document `# frozen_string_literal` in `bundle init` Gemfile (@315tky)
+  - Explain the gemspec files attribute in `bundle gem` template and print a link to bundler.io guides when running `bundle gem` ([#6246](https://github.com/bundler/bundler/issues/6246), @nesaulov)
+  - Small copy tweaks & removed redundant phrasing in the bundler man page (@rubymorillo)
+  - Improve the documentation of the settings load order in Bundler (@rubymorillo)
+  - Added license info to main README (@rubymorillo)
+  - Document parameters and return value of Injector#inject (@tobias-grasse)
+
 ## 1.16.1 (2017-12-12)
 
 Bugfixes:

data/bundler/README.md

@@ -24,7 +24,7 @@ Bundler is most commonly used to manage your application's dependencies. For exa
 
 ```
 bundle init
-echo 'gem "rspec"' >> Gemfile
+bundle add rspec
 bundle install
 bundle exec rspec
 ```
@@ -57,3 +57,7 @@ While some Bundler contributors are compensated by Ruby Together, the project ma
 ### Code of Conduct
 
 Everyone interacting in the Bundler project’s codebases, issue trackers, chat rooms, and mailing lists is expected to follow the [Bundler code of conduct](https://github.com/bundler/bundler/blob/master/CODE_OF_CONDUCT.md).
+
+### License
+
+[MIT License](https://github.com/bundler/bundler/blob/master/LICENSE.md)

data/bundler/bundler.gemspec

@@ -9,7 +9,8 @@ Gem::Specification.new do |s|
   s.version     = Bundler::VERSION
   s.license     = "MIT"
   s.authors     = [
-    "André Arko", "Samuel Giddins", "Chris Morris", "James Wen", "Tim Moore",
+    "André Arko", "Samuel Giddins", "Colby Swandale", "Hiroshi Shibata",
+    "David Rodríguez", "Grey Baker", "Stephanie Morillo", "Chris Morris", "James Wen", "Tim Moore",
     "André Medeiros", "Jessica Lynn Suttles", "Terence Lee", "Carl Lerche",
     "Yehuda Katz"
   ]

data/bundler/lib/bundler.rb

@@ -136,7 +136,7 @@ module Bundler
       end
     end
 
-    def frozen?
+    def frozen_bundle?
       frozen = settings[:deployment]
       frozen ||= settings[:frozen] unless feature_flag.deployment_means_frozen?
       frozen
@@ -159,16 +159,18 @@ module Bundler
     def user_home
       @user_home ||= begin
         home = Bundler.rubygems.user_home
+        bundle_home = home ? File.join(home, ".bundle") : nil
 
         warning = if home.nil?
           "Your home directory is not set."
         elsif !File.directory?(home)
           "`#{home}` is not a directory."
-        elsif !File.writable?(home)
+        elsif !File.writable?(home) && (!File.directory?(bundle_home) || !File.writable?(bundle_home))
           "`#{home}` is not writable."
         end
 
         if warning
+          Kernel.send(:require, "etc")
           user_home = tmp_home_path(Etc.getlogin, warning)
           Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
           user_home
@@ -189,7 +191,7 @@ module Bundler
         end
         tmp_home_path.join(login).tap(&:mkpath)
       end
-    rescue => e
+    rescue RuntimeError => e
       raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
     end
 
@@ -359,8 +361,8 @@ EOF
       @requires_sudo = settings.allow_sudo? && sudo_present && sudo_needed
     end
 
-    def mkdir_p(path)
-      if requires_sudo?
+    def mkdir_p(path, options = {})
+      if requires_sudo? && !options[:no_sudo]
         sudo "mkdir -p '#{path}'" unless File.exist?(path)
       else
         SharedHelpers.filesystem_access(path, :write) do |p|
@@ -407,12 +409,14 @@ EOF
     end
 
     def read_file(file)
-      File.open(file, "rb", &:read)
+      SharedHelpers.filesystem_access(file, :read) do
+        File.open(file, "r:UTF-8", &:read)
+      end
     end
 
     def load_marshal(data)
       Marshal.load(data)
-    rescue => e
+    rescue StandardError => e
       raise MarshalError, "#{e.class}: #{e.message}"
     end
 
@@ -427,7 +431,7 @@ EOF
 
     def load_gemspec_uncached(file, validate = false)
       path = Pathname.new(file)
-      contents = path.read
+      contents = read_file(file)
       spec = if contents.start_with?("---") # YAML header
         eval_yaml_gemspec(path, contents)
       else