rubygems-update 3.4.20 → 3.4.22

data/bundler/lib/bundler/resolver/package.rb

@@ -21,6 +21,7 @@ module Bundler
         @locked_version = locked_specs[name].first&.version
         @unlock = unlock
         @dependency = dependency || Dependency.new(name, @locked_version)
+        @top_level = !dependency.nil?
         @prerelease = @dependency.prerelease? || @locked_version&.prerelease? || prerelease ? :consider_first : :ignore
       end
 
@@ -32,6 +33,10 @@ module Bundler
         false
       end
 
+      def top_level?
+        @top_level
+      end
+
       def meta?
         @name.end_with?("\0")
       end

data/bundler/lib/bundler/resolver.rb

@@ -131,7 +131,7 @@ module Bundler
 
           if base_requirements[name]
             names_to_unlock << name
-          elsif package.ignores_prereleases?
+          elsif package.ignores_prereleases? && @all_specs[name].any? {|s| s.version.prerelease? }
             names_to_allow_prereleases_for << name
           end
 
@@ -248,8 +248,22 @@ module Bundler
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
       versions = results.group_by(&:version).reduce([]) do |groups, (version, specs)|
-        platform_specs = package.platforms.flat_map {|platform| select_best_platform_match(specs, platform) }
-        next groups if platform_specs.empty?
+        platform_specs = package.platforms.map {|platform| select_best_platform_match(specs, platform) }
+
+        # If package is a top-level dependency,
+        #   candidate is only valid if there are matching versions for all resolution platforms.
+        #
+        # If package is not a top-level deependency,
+        #   then it's not necessary that it has matching versions for all platforms, since it may have been introduced only as
+        #   a dependency for a platform specific variant, so it will only need to have a valid version for that platform.
+        #
+        if package.top_level?
+          next groups if platform_specs.any?(&:empty?)
+        else
+          next groups if platform_specs.all?(&:empty?)
+        end
+
+        platform_specs.flatten!
 
         ruby_specs = select_best_platform_match(specs, Gem::Platform::RUBY)
         groups << Resolver::Candidate.new(version, :specs => ruby_specs) if ruby_specs.any?
@@ -295,15 +309,21 @@ module Bundler
                         end
       specs_matching_requirement = filter_matching_specs(specs, package.dependency.requirement)
 
-      if specs_matching_requirement.any?
+      not_found_message = if specs_matching_requirement.any?
         specs = specs_matching_requirement
         matching_part = requirement_label
         platforms = package.platforms
-        platform_label = platforms.size == 1 ? "platform '#{platforms.first}" : "platforms '#{platforms.join("', '")}"
-        requirement_label = "#{requirement_label}' with #{platform_label}"
+
+        if platforms.size == 1
+          "Could not find gem '#{requirement_label}' with platform '#{platforms.first}'"
+        else
+          "Could not find gems matching '#{requirement_label}' valid for all resolution platforms (#{platforms.join(", ")})"
+        end
+      else
+        "Could not find gem '#{requirement_label}'"
       end
 
-      message = String.new("Could not find gem '#{requirement_label}' in #{source}#{cache_message}.\n")
+      message = String.new("#{not_found_message} in #{source}#{cache_message}.\n")
 
       if specs.any?
         message << "\n#{other_specs_matching_message(specs, matching_part)}"

data/bundler/lib/bundler/ruby_version.rb

@@ -23,7 +23,7 @@ module Bundler
       #   specified must match the version.
 
       @versions = Array(versions).map do |v|
-        op, v = Gem::Requirement.parse(v)
+        op, v = Gem::Requirement.parse(normalize_version(v))
         op == "=" ? v.to_s : "#{op} #{v}"
       end
 
@@ -112,6 +112,13 @@ module Bundler
 
     private
 
+    # Ruby's official preview version format uses a `-`: Example: 3.3.0-preview2
+    # However, RubyGems recognizes preview version format with a `.`: Example: 3.3.0.preview2
+    # Returns version string after replacing `-` with `.`
+    def normalize_version(version)
+      version.tr("-", ".")
+    end
+
     def matches?(requirements, version)
       # Handles RUBY_PATCHLEVEL of -1 for instances like ruby-head
       return requirements == version if requirements.to_s == "-1" || version.to_s == "-1"

data/bundler/lib/bundler/rubygems_ext.rb

@@ -320,7 +320,7 @@ module Gem
   end
 
   # On universal Rubies, resolve the "universal" arch to the real CPU arch, without changing the extension directory.
-  class Specification
+  class BasicSpecification
     if /^universal\.(?<arch>.*?)-/ =~ (CROSS_COMPILING || RUBY_PLATFORM)
       local_platform = Platform.local
       if local_platform.cpu == "universal"
@@ -333,9 +333,8 @@ module Gem
         end
 
         def extensions_dir
-          Gem.default_ext_dir_for(base_dir) ||
-            File.join(base_dir, "extensions", ORIGINAL_LOCAL_PLATFORM,
-                      Gem.extension_api_version)
+          @extensions_dir ||=
+            Gem.default_ext_dir_for(base_dir) || File.join(base_dir, "extensions", ORIGINAL_LOCAL_PLATFORM, Gem.extension_api_version)
         end
       end
     end

data/bundler/lib/bundler/rubygems_gem_installer.rb

@@ -45,6 +45,14 @@ module Bundler
       spec
     end
 
+    def pre_install_checks
+      super && validate_bundler_checksum(options[:bundler_expected_checksum])
+    rescue Gem::FilePermissionError
+      # Ignore permission checks in RubyGems. Instead, go on, and try to write
+      # for real. We properly handle permission errors when they happen.
+      nil
+    end
+
     def generate_plugins
       return unless Gem::Installer.instance_methods(false).include?(:generate_plugins)
 
@@ -60,10 +68,6 @@ module Bundler
       end
     end
 
-    def pre_install_checks
-      super && validate_bundler_checksum(options[:bundler_expected_checksum])
-    end
-
     def build_extensions
       extension_cache_path = options[:bundler_extension_cache_path]
       extension_dir = spec.extension_dir
@@ -108,11 +112,22 @@ module Bundler
     end
 
     def strict_rm_rf(dir)
-      Bundler.rm_rf dir
-    rescue StandardError => e
-      raise unless File.exist?(dir)
+      return unless File.exist?(dir)
+
+      parent = File.dirname(dir)
+      parent_st = File.stat(parent)
+
+      if parent_st.world_writable? && !parent_st.sticky?
+        raise InsecureInstallPathError.new(parent)
+      end
+
+      begin
+        FileUtils.remove_entry_secure(dir)
+      rescue StandardError => e
+        raise unless File.exist?(dir)
 
-      raise DirectoryRemovalError.new(e, "Could not delete previous installation of `#{dir}`")
+        raise DirectoryRemovalError.new(e, "Could not delete previous installation of `#{dir}`")
+      end
     end
 
     def validate_bundler_checksum(checksum)

data/bundler/lib/bundler/settings.rb

@@ -95,6 +95,8 @@ module Bundler
 
       @global_config   = load_config(global_config_file)
       @temporary       = {}
+
+      @key_cache = {}
     end
 
     def [](name)
@@ -310,7 +312,7 @@ module Bundler
     end
 
     def key_for(key)
-      self.class.key_for(key)
+      @key_cache[key] ||= self.class.key_for(key)
     end
 
     private
@@ -342,12 +344,12 @@ module Bundler
     end
 
     def is_bool(name)
-      name = name.to_s
+      name = self.class.key_to_s(name)
       BOOL_KEYS.include?(name) || BOOL_KEYS.include?(parent_setting_for(name))
     end
 
     def is_string(name)
-      name = name.to_s
+      name = self.class.key_to_s(name)
       STRING_KEYS.include?(name) || name.start_with?("local.") || name.start_with?("mirror.") || name.start_with?("build.")
     end
 
@@ -363,11 +365,11 @@ module Bundler
     end
 
     def is_num(key)
-      NUMBER_KEYS.include?(key.to_s)
+      NUMBER_KEYS.include?(self.class.key_to_s(key))
     end
 
     def is_array(key)
-      ARRAY_KEYS.include?(key.to_s)
+      ARRAY_KEYS.include?(self.class.key_to_s(key))
     end
 
     def is_credential(key)
@@ -390,7 +392,7 @@ module Bundler
     end
 
     def set_key(raw_key, value, hash, file)
-      raw_key = raw_key.to_s
+      raw_key = self.class.key_to_s(raw_key)
       value = array_to_s(value) if is_array(raw_key)
 
       key = key_for(raw_key)
@@ -405,13 +407,12 @@ module Bundler
       return unless file
       SharedHelpers.filesystem_access(file) do |p|
         FileUtils.mkdir_p(p.dirname)
-        require_relative "yaml_serializer"
-        p.open("w") {|f| f.write(YAMLSerializer.dump(hash)) }
+        p.open("w") {|f| f.write(serializer_class.dump(hash)) }
       end
     end
 
     def converted_value(value, key)
-      key = key.to_s
+      key = self.class.key_to_s(key)
 
       if is_array(key)
         to_array(value)
@@ -470,24 +471,31 @@ module Bundler
       SharedHelpers.filesystem_access(config_file, :read) do |file|
         valid_file = file.exist? && !file.size.zero?
         return {} unless valid_file
-        require_relative "yaml_serializer"
-        YAMLSerializer.load(file.read).inject({}) do |config, (k, v)|
-          new_k = k
-
+        serializer_class.load(file.read).inject({}) do |config, (k, v)|
           if k.include?("-")
             Bundler.ui.warn "Your #{file} config includes `#{k}`, which contains the dash character (`-`).\n" \
               "This is deprecated, because configuration through `ENV` should be possible, but `ENV` keys cannot include dashes.\n" \
               "Please edit #{file} and replace any dashes in configuration keys with a triple underscore (`___`)."
 
-            new_k = k.gsub("-", "___")
+            # string hash keys are frozen
+            k = k.gsub("-", "___")
           end
 
-          config[new_k] = v
+          config[k] = v
           config
         end
       end
     end
 
+    def serializer_class
+      require "rubygems/yaml_serializer"
+      Gem::YAMLSerializer
+    rescue LoadError
+      # TODO: Remove this when RubyGems 3.4 is EOL
+      require_relative "yaml_serializer"
+      YAMLSerializer
+    end
+
     PER_URI_OPTIONS = %w[
       fallback_timeout
     ].freeze
@@ -503,7 +511,7 @@ module Bundler
 
     def self.key_for(key)
       key = normalize_uri(key).to_s if key.is_a?(String) && key.start_with?("http", "mirror.http")
-      key = key.to_s.gsub(".", "__")
+      key = key_to_s(key).gsub(".", "__")
       key.gsub!("-", "___")
       key.upcase!
 
@@ -527,5 +535,34 @@ module Bundler
       end
       "#{prefix}#{uri}#{suffix}"
     end
+
+    # This is a hot method, so avoid respond_to? checks on every invocation
+    if :read.respond_to?(:name)
+      def self.key_to_s(key)
+        case key
+        when String
+          key
+        when Symbol
+          key.name
+        when Bundler::URI::HTTP
+          key.to_s
+        else
+          raise ArgumentError, "Invalid key: #{key.inspect}"
+        end
+      end
+    else
+      def self.key_to_s(key)
+        case key
+        when String
+          key
+        when Symbol
+          key.to_s
+        when Bundler::URI::HTTP
+          key.to_s
+        else
+          raise ArgumentError, "Invalid key: #{key.inspect}"
+        end
+      end
+    end
   end
 end

data/bundler/lib/bundler/shared_helpers.rb

@@ -197,6 +197,21 @@ module Bundler
       filesystem_access(gemfile_path) {|g| File.open(g, "w") {|file| file.puts contents } }
     end
 
+    def relative_gemfile_path
+      relative_path_to(Bundler.default_gemfile)
+    end
+
+    def relative_lockfile_path
+      relative_path_to(Bundler.default_lockfile)
+    end
+
+    def relative_path_to(destination, from: pwd)
+      Pathname.new(destination).relative_path_from(from).to_s
+    rescue ArgumentError
+      # on Windows, if source and destination are on different drivers, there's no relative path from one to the other
+      destination
+    end
+
     private
 
     def validate_bundle_path
@@ -297,7 +312,7 @@ module Bundler
     def set_rubyopt
       rubyopt = [ENV["RUBYOPT"]].compact
       setup_require = "-r#{File.expand_path("setup", __dir__)}"
-      return if !rubyopt.empty? && rubyopt.first =~ /#{setup_require}/
+      return if !rubyopt.empty? && rubyopt.first =~ /#{Regexp.escape(setup_require)}/
       rubyopt.unshift setup_require
       Bundler::SharedHelpers.set_env "RUBYOPT", rubyopt.join(" ")
     end

data/bundler/lib/bundler/source/git/git_proxy.rb

@@ -130,7 +130,12 @@ module Bundler
             end
           end
 
-          git "fetch", "--force", "--quiet", *extra_fetch_args, :dir => destination if @commit_ref
+          ref = @commit_ref || (locked_to_full_sha? && @revision)
+          if ref
+            git "config", "uploadpack.allowAnySHA1InWant", "true", :dir => path.to_s if @commit_ref.nil? && needs_allow_any_sha1_in_want?
+
+            git "fetch", "--force", "--quiet", *extra_fetch_args(ref), :dir => destination
+          end
 
           git "reset", "--hard", @revision, :dir => destination
 
@@ -247,7 +252,15 @@ module Bundler
         end
 
         def pinned_to_full_sha?
-          ref =~ /\A\h{40}\z/
+          full_sha_revision?(ref)
+        end
+
+        def locked_to_full_sha?
+          full_sha_revision?(@revision)
+        end
+
+        def full_sha_revision?(ref)
+          ref&.match?(/\A\h{40}\z/)
         end
 
         def git_null(*command, dir: nil)
@@ -411,9 +424,9 @@ module Bundler
           ["--depth", depth.to_s]
         end
 
-        def extra_fetch_args
+        def extra_fetch_args(ref)
           extra_args = [path.to_s, *depth_args]
-          extra_args.push(@commit_ref)
+          extra_args.push(ref)
           extra_args
         end
 
@@ -425,6 +438,10 @@ module Bundler
           @supports_minus_c ||= Gem::Version.new(version) >= Gem::Version.new("1.8.5")
         end
 
+        def needs_allow_any_sha1_in_want?
+          @needs_allow_any_sha1_in_want ||= Gem::Version.new(version) <= Gem::Version.new("2.13.7")
+        end
+
         def supports_fetching_unreachable_refs?
           @supports_fetching_unreachable_refs ||= Gem::Version.new(version) >= Gem::Version.new("2.5.0")
         end

data/bundler/lib/bundler/source/metadata.rb

@@ -5,7 +5,7 @@ module Bundler
     class Metadata < Source
       def specs
         @specs ||= Index.build do |idx|
-          idx << Gem::Specification.new("Ruby\0", Gem.ruby_version)
+          idx << Gem::Specification.new("Ruby\0", Bundler::RubyVersion.system.gem_version)
           idx << Gem::Specification.new("RubyGems\0", Gem::VERSION) do |s|
             s.required_rubygems_version = Gem::Requirement.default
           end

data/bundler/lib/bundler/spec_set.rb

@@ -100,12 +100,12 @@ module Bundler
       end
     end
 
-    def incomplete_ruby_specs?(deps)
+    def incomplete_for_platform?(deps, platform)
       return false if @specs.empty?
 
       @incomplete_specs = []
 
-      self.for(deps, true, [Gem::Platform::RUBY])
+      self.for(deps, true, [platform])
 
       @incomplete_specs.any?
     end
@@ -200,8 +200,11 @@ module Bundler
 
     def specs_for_dependency(dep, platform)
       specs_for_name = lookup[dep.name]
-      target_platform = dep.force_ruby_platform ? Gem::Platform::RUBY : (platform || Bundler.local_platform)
-      matching_specs = GemHelpers.select_best_platform_match(specs_for_name, target_platform)
+      matching_specs = if dep.force_ruby_platform
+        GemHelpers.force_ruby_platform(specs_for_name)
+      else
+        GemHelpers.select_best_platform_match(specs_for_name, platform || Bundler.local_platform)
+      end
       matching_specs.map!(&:materialize_for_installation).compact! if platform.nil?
       matching_specs
     end

data/bundler/lib/bundler/stub_specification.rb

@@ -16,7 +16,8 @@ module Bundler
       # Stub has no concept of source, which means that extension_dir may be wrong
       # This is the case for git-based gems. So, instead manually assign the extension dir
       return unless source.respond_to?(:extension_dir_name)
-      path = File.join(stub.extensions_dir, source.extension_dir_name)
+      unique_extension_dir = [source.extension_dir_name, File.basename(full_gem_path)].uniq.join("-")
+      path = File.join(stub.extensions_dir, unique_extension_dir)
       stub.extension_dir = File.expand_path(path)
     end
 
@@ -56,7 +57,7 @@ module Bundler
     end
 
     def gem_build_complete_path
-      File.join(extension_dir, "gem.build_complete")
+      stub.gem_build_complete_path
     end
 
     def default_gem?
@@ -108,6 +109,7 @@ module Bundler
         end
 
         rs.source = source
+        rs.base_dir = stub.base_dir
 
         rs
       end

data/bundler/lib/bundler/templates/newgem/Rakefile.tt

@@ -46,7 +46,9 @@ require "rb_sys/extensiontask"
 
 task build: :compile
 
-RbSys::ExtensionTask.new(<%= config[:name].inspect %>) do |ext|
+GEMSPEC = Gem::Specification.load("<%= config[:underscored_name] %>.gemspec")
+
+RbSys::ExtensionTask.new(<%= config[:name].inspect %>, GEMSPEC) do |ext|
   ext.lib_dir = "lib/<%= config[:namespaced_path] %>"
 end
 <% else -%>
@@ -54,7 +56,9 @@ require "rake/extensiontask"
 
 task build: :compile
 
-Rake::ExtensionTask.new("<%= config[:underscored_name] %>") do |ext|
+GEMSPEC = Gem::Specification.load("<%= config[:underscored_name] %>.gemspec")
+
+Rake::ExtensionTask.new("<%= config[:underscored_name] %>", GEMSPEC) do |ext|
   ext.lib_dir = "lib/<%= config[:namespaced_path] %>"
 end
 <% end -%>

data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
       (File.expand_path(f) == __FILE__) ||
-        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git <%= config[:ci_config_path] %>appveyor Gemfile])
     end
   end
   spec.bindir = "exe"

data/bundler/lib/bundler/ui/shell.rb

@@ -147,7 +147,7 @@ module Bundler
         spaces ? text.gsub(/#{spaces}/, "") : text
       end
 
-      def word_wrap(text, line_width = @shell.terminal_width)
+      def word_wrap(text, line_width = Thor::Terminal.terminal_width)
         strip_leading_spaces(text).split("\n").collect do |line|
           line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1\n").strip : line
         end * "\n"

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb

@@ -25,6 +25,7 @@ class Bundler::Persistent::Net::HTTP::Persistent::Connection # :nodoc:
   ensure
     reset
   end
+  alias_method :close, :finish
 
   def reset
     @last_use = Bundler::Persistent::Net::HTTP::Persistent::EPOCH

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb

@@ -11,20 +11,32 @@ class Bundler::Persistent::Net::HTTP::Persistent::Pool < Bundler::ConnectionPool
   end
 
   def checkin net_http_args
-    stack = Thread.current[@key][net_http_args] ||= []
+    if net_http_args.is_a?(Hash) && net_http_args.size == 1 && net_http_args[:force]
+      # Bundler::ConnectionPool 2.4+ calls `checkin(force: true)` after fork.
+      # When this happens, we should remove all connections from Thread.current
+      if stacks = Thread.current[@key]
+        stacks.each do |http_args, connections|
+          connections.each do |conn|
+            @available.push conn, connection_args: http_args
+          end
+          connections.clear
+        end
+      end
+    else
+      stack = Thread.current[@key][net_http_args] ||= []
 
-    raise Bundler::ConnectionPool::Error, 'no connections are checked out' if
-      stack.empty?
+      raise Bundler::ConnectionPool::Error, 'no connections are checked out' if
+        stack.empty?
 
-    conn = stack.pop
+      conn = stack.pop
 
-    if stack.empty?
-      @available.push conn, connection_args: net_http_args
+      if stack.empty?
+        @available.push conn, connection_args: net_http_args
 
-      Thread.current[@key].delete(net_http_args)
-      Thread.current[@key] = nil if Thread.current[@key].empty?
+        Thread.current[@key].delete(net_http_args)
+        Thread.current[@key] = nil if Thread.current[@key].empty?
+      end
     end
-
     nil
   end
 

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -174,7 +174,7 @@ class Bundler::Persistent::Net::HTTP::Persistent
   ##
   # The version of Bundler::Persistent::Net::HTTP::Persistent you are using
 
-  VERSION = '4.0.1'
+  VERSION = '4.0.2'
 
   ##
   # Error class for errors raised by Bundler::Persistent::Net::HTTP::Persistent.  Various

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_file.rb

@@ -43,7 +43,8 @@ class Bundler::Thor
       # Boolean:: true if it is identical, false otherwise.
       #
       def identical?
-        exists? && File.binread(destination) == render
+        # binread uses ASCII-8BIT, so to avoid false negatives, the string must use the same
+        exists? && File.binread(destination) == String.new(render).force_encoding("ASCII-8BIT")
       end
 
       # Holds the content to be added to the file.
@@ -60,7 +61,7 @@ class Bundler::Thor
         invoke_with_conflict_check do
           require "fileutils"
           FileUtils.mkdir_p(File.dirname(destination))
-          File.open(destination, "wb") { |f| f.write render }
+          File.open(destination, "wb", config[:perm]) { |f| f.write render }
         end
         given_destination
       end

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/directory.rb

@@ -58,7 +58,7 @@ class Bundler::Thor
       def initialize(base, source, destination = nil, config = {}, &block)
         @source = File.expand_path(Dir[Util.escape_globs(base.find_in_source_paths(source.to_s))].first)
         @block  = block
-        super(base, destination, {:recursive => true}.merge(config))
+        super(base, destination, {recursive: true}.merge(config))
       end
 
       def invoke!

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/empty_directory.rb

@@ -33,7 +33,7 @@ class Bundler::Thor
       #
       def initialize(base, destination, config = {})
         @base = base
-        @config = {:verbose => true}.merge(config)
+        @config = {verbose: true}.merge(config)
         self.destination = destination
       end