rubygems-update 3.5.21 → 3.5.23

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -68,6 +68,8 @@ autoload :OpenSSL, 'openssl'
 # #verify_callback    :: For server certificate verification
 # #verify_depth       :: Depth of certificate verification
 # #verify_mode        :: How connections should be verified
+# #verify_hostname    :: Use hostname verification for server certificate
+#                        during the handshake
 #
 # == Proxies
 #
@@ -174,7 +176,7 @@ class Gem::Net::HTTP::Persistent
   ##
   # The version of Gem::Net::HTTP::Persistent you are using
 
-  VERSION = '4.0.2'
+  VERSION = '4.0.4'
 
   ##
   # Error class for errors raised by Gem::Net::HTTP::Persistent.  Various
@@ -449,6 +451,21 @@ class Gem::Net::HTTP::Persistent
 
   attr_reader :verify_mode
 
+  ##
+  # HTTPS verify_hostname.
+  #
+  # If a client sets this to true and enables SNI with SSLSocket#hostname=,
+  # the hostname verification on the server certificate is performed
+  # automatically during the handshake using
+  # OpenSSL::SSL.verify_certificate_identity().
+  #
+  # You can set +verify_hostname+ as true to use hostname verification
+  # during the handshake.
+  #
+  # NOTE: This works with Ruby > 3.0.
+
+  attr_reader :verify_hostname
+
   ##
   # Creates a new Gem::Net::HTTP::Persistent.
   #
@@ -508,6 +525,7 @@ class Gem::Net::HTTP::Persistent
     @verify_callback    = nil
     @verify_depth       = nil
     @verify_mode        = nil
+    @verify_hostname    = nil
     @cert_store         = nil
 
     @generation         = 0 # incremented when proxy Gem::URI changes
@@ -607,13 +625,23 @@ class Gem::Net::HTTP::Persistent
 
     return yield connection
   rescue Errno::ECONNREFUSED
-    address = http.proxy_address || http.address
-    port    = http.proxy_port    || http.port
+    if http.proxy?
+      address = http.proxy_address
+      port    = http.proxy_port
+    else
+      address = http.address
+      port    = http.port
+    end
 
     raise Error, "connection refused: #{address}:#{port}"
   rescue Errno::EHOSTDOWN
-    address = http.proxy_address || http.address
-    port    = http.proxy_port    || http.port
+    if http.proxy?
+      address = http.proxy_address
+      port    = http.proxy_port
+    else
+      address = http.address
+      port    = http.port
+    end
 
     raise Error, "host down: #{address}:#{port}"
   ensure
@@ -948,8 +976,10 @@ class Gem::Net::HTTP::Persistent
     connection.min_version = @min_version if @min_version
     connection.max_version = @max_version if @max_version
 
-    connection.verify_depth = @verify_depth
-    connection.verify_mode  = @verify_mode
+    connection.verify_depth    = @verify_depth
+    connection.verify_mode     = @verify_mode
+    connection.verify_hostname = @verify_hostname if
+      @verify_hostname != nil && connection.respond_to?(:verify_hostname=)
 
     if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
        not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
@@ -1058,6 +1088,15 @@ application:
     reconnect_ssl
   end
 
+  ##
+  # Sets the HTTPS verify_hostname.
+
+  def verify_hostname= verify_hostname
+    @verify_hostname = verify_hostname
+
+    reconnect_ssl
+  end
+
   ##
   # SSL verification callback.
 
@@ -1070,4 +1109,3 @@ end
 
 require_relative 'persistent/connection'
 require_relative 'persistent/pool'
-

data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb

@@ -19,6 +19,8 @@ module Bundler::URI
   Parser = RFC2396_Parser
   RFC3986_PARSER = RFC3986_Parser.new
   Ractor.make_shareable(RFC3986_PARSER) if defined?(Ractor)
+  RFC2396_PARSER = RFC2396_Parser.new
+  Ractor.make_shareable(RFC2396_PARSER) if defined?(Ractor)
 
   # Bundler::URI::Parser.new
   DEFAULT_PARSER = Parser.new

data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Bundler::URI
   # :stopdoc:
-  VERSION_CODE = '001300'.freeze
+  VERSION_CODE = '001301'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.21".freeze
+  VERSION = "2.5.23".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/bundler/lib/bundler.rb

@@ -492,7 +492,7 @@ module Bundler
     end
 
     def mkdir_p(path)
-      SharedHelpers.filesystem_access(path, :write) do |p|
+      SharedHelpers.filesystem_access(path, :create) do |p|
         FileUtils.mkdir_p(p)
       end
     end

data/lib/rubygems/basic_specification.rb

@@ -71,11 +71,7 @@ class Gem::BasicSpecification
   # Return true if this spec can require +file+.
 
   def contains_requirable_file?(file)
-    if @ignored
-      return false
-    elsif missing_extensions?
-      @ignored = true
-
+    if ignored?
       if platform == Gem::Platform::RUBY || Gem::Platform.local === platform
         warn "Ignoring #{full_name} because its extensions are not built. " \
              "Try: gem pristine #{name} --version #{version}"
@@ -93,8 +89,17 @@ class Gem::BasicSpecification
     end
   end
 
+  ##
+  # Return true if this spec should be ignored because it's missing extensions.
+
+  def ignored?
+    return @ignored unless @ignored.nil?
+
+    @ignored = missing_extensions?
+  end
+
   def default_gem?
-    loaded_from &&
+    !loaded_from.nil? &&
       File.dirname(loaded_from) == Gem.default_specifications_dir
   end
 

data/lib/rubygems/command_manager.rb

@@ -232,9 +232,14 @@ class Gem::CommandManager
     const_name = command_name.capitalize.gsub(/_(.)/) { $1.upcase } << "Command"
 
     begin
-      require "rubygems/commands/#{command_name}_command"
+      begin
+        require "rubygems/commands/#{command_name}_command"
+      rescue LoadError
+        # it may have been defined from a rubygems_plugin.rb file
+      end
+
       Gem::Commands.const_get(const_name).new
-    rescue StandardError, LoadError => e
+    rescue StandardError => e
       alert_error clean_text("Loading command: #{command_name} (#{e.class})\n\t#{e}")
       ui.backtrace e
     end

data/lib/rubygems/commands/contents_command.rb

@@ -103,16 +103,23 @@ prefix or only the files that are requireable.
 
   def files_in_default_gem(spec)
     spec.files.map do |file|
-      case file
-      when %r{\A#{spec.bindir}/}
-        # $' is POSTMATCH
-        [RbConfig::CONFIG["bindir"], $']
-      when /\.so\z/
-        [RbConfig::CONFIG["archdir"], file]
+      if file.start_with?("#{spec.bindir}/")
+        [RbConfig::CONFIG["bindir"], file.delete_prefix("#{spec.bindir}/")]
       else
-        [RbConfig::CONFIG["rubylibdir"], file]
+        gem spec.name, spec.version
+
+        require_path = spec.require_paths.find do |path|
+          file.start_with?("#{path}/")
+        end
+
+        requirable_part = file.delete_prefix("#{require_path}/")
+
+        resolve = $LOAD_PATH.resolve_feature_path(requirable_part)&.last
+        next unless resolve
+
+        [resolve.delete_suffix(requirable_part), requirable_part]
       end
-    end
+    end.compact
   end
 
   def gem_contents(name)

data/lib/rubygems/commands/pristine_command.rb

@@ -134,10 +134,14 @@ extensions will be restored.
 
     say "Restoring gems to pristine condition..."
 
-    specs.each do |spec|
-      if spec.default_gem?
-        say "Skipped #{spec.full_name}, it is a default gem"
-        next
+    specs.group_by(&:full_name_with_location).values.each do |grouped_specs|
+      spec = grouped_specs.find {|s| !s.default_gem? } || grouped_specs.first
+
+      unless only_executables_or_plugins?
+        # Default gemspecs include changes provided by ruby-core installer that
+        # can't currently be pristined (inclusion of compiled extension targets in
+        # the file list). So stick to resetting executables if it's a default gem.
+        options[:only_executables] = true if spec.default_gem?
       end
 
       if options.key? :skip
@@ -147,14 +151,14 @@ extensions will be restored.
         end
       end
 
-      unless spec.extensions.empty? || options[:extensions] || options[:only_executables] || options[:only_plugins]
+      unless spec.extensions.empty? || options[:extensions] || only_executables_or_plugins?
         say "Skipped #{spec.full_name_with_location}, it needs to compile an extension"
         next
       end
 
       gem = spec.cache_file
 
-      unless File.exist?(gem) || options[:only_executables] || options[:only_plugins]
+      unless File.exist?(gem) || only_executables_or_plugins?
         require_relative "../remote_fetcher"
 
         say "Cached gem for #{spec.full_name_with_location} not found, attempting to fetch..."
@@ -204,4 +208,10 @@ extensions will be restored.
       say "Restored #{spec.full_name_with_location}"
     end
   end
+
+  private
+
+  def only_executables_or_plugins?
+    options[:only_executables] || options[:only_plugins]
+  end
 end

data/lib/rubygems/commands/setup_command.rb

@@ -365,9 +365,15 @@ By default, this RubyGems will install gem as:
   def install_default_bundler_gem(bin_dir)
     current_default_spec = Gem::Specification.default_stubs.find {|s| s.name == "bundler" }
     specs_dir = if current_default_spec && default_dir == Gem.default_dir
+      all_specs_current_version = Gem::Specification.stubs.select {|s| s.full_name == current_default_spec.full_name }
+
       Gem::Specification.remove_spec current_default_spec
       loaded_from = current_default_spec.loaded_from
       File.delete(loaded_from)
+
+      # Remove previous default gem executables if they were not shadowed by a regular gem
+      FileUtils.rm_rf current_default_spec.full_gem_path if all_specs_current_version.size == 1
+
       File.dirname(loaded_from)
     else
       target_specs_dir = File.join(default_dir, "specifications", "default")

data/lib/rubygems/dependency.rb

@@ -279,7 +279,7 @@ class Gem::Dependency
       end
     end
 
-    matches
+    matches.reject(&:ignored?)
   end
 
   ##

data/lib/rubygems/gem_runner.rb

@@ -29,6 +29,7 @@ class Gem::GemRunner
   # Run the gem command with the following arguments.
 
   def run(args)
+    validate_encoding args
     build_args = extract_build_args args
 
     do_configuration args
@@ -72,6 +73,14 @@ class Gem::GemRunner
 
   private
 
+  def validate_encoding(args)
+    invalid_arg = args.find {|arg| !arg.valid_encoding? }
+
+    if invalid_arg
+      raise Gem::OptionParser::InvalidArgument.new("'#{invalid_arg.scrub}' has invalid encoding")
+    end
+  end
+
   def do_configuration(args)
     Gem.configuration = @config_file_class.new(args)
     Gem.use_paths Gem.configuration[:gemhome], Gem.configuration[:gempath]

data/lib/rubygems/gemcutter_utilities.rb

@@ -62,6 +62,10 @@ module Gem::GemcutterUtilities
     options[:otp] || ENV["GEM_HOST_OTP_CODE"]
   end
 
+  def webauthn_enabled?
+    options[:webauthn]
+  end
+
   ##
   # The host to connect to either from the RUBYGEMS_HOST environment variable
   # or from the user's configuration
@@ -136,7 +140,6 @@ module Gem::GemcutterUtilities
     response = rubygems_api_request(:put, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
       request.basic_auth identifier, password
-      request["OTP"] = otp if otp
       request.body = Gem::URI.encode_www_form({ api_key: api_key }.merge(update_scope_params))
     end
 
@@ -176,7 +179,6 @@ module Gem::GemcutterUtilities
     response = rubygems_api_request(:post, "api/v1/api_key",
                                     sign_in_host, credentials: credentials, scope: scope) do |request|
       request.basic_auth identifier, password
-      request["OTP"] = otp if otp
       request.body = Gem::URI.encode_www_form({ name: key_name }.merge(all_params))
     end
 
@@ -251,6 +253,8 @@ module Gem::GemcutterUtilities
       req["OTP"] = otp if otp
       block.call(req)
     end
+  ensure
+    options[:otp] = nil if webauthn_enabled?
   end
 
   def fetch_otp(credentials)
@@ -271,6 +275,8 @@ module Gem::GemcutterUtilities
         terminate_interaction(1)
       end
 
+      options[:webauthn] = true
+
       say "You are verified with a security device. You may close the browser window."
       otp_thread[:otp]
     else

data/lib/rubygems/installer.rb

@@ -998,18 +998,17 @@ TEXT
 
   def bash_prolog_script
     if load_relative_enabled?
-      script = +<<~EOS
-        bindir="${0%/*}"
-      EOS
-
-      script << %(exec "$bindir/#{ruby_install_name}" "-x" "$0" "$@"\n)
-
       <<~EOS
         #!/bin/sh
         # -*- ruby -*-
         _=_\\
         =begin
-        #{script.chomp}
+        bindir="${0%/*}"
+        ruby="$bindir/#{ruby_install_name}"
+        if [ ! -f "$ruby" ]; then
+          ruby="#{ruby_install_name}"
+        fi
+        exec "$ruby" "-x" "$0" "$@"
         =end
       EOS
     else

data/lib/rubygems/package/tar_header.rb

@@ -228,6 +228,17 @@ class Gem::Package::TarHeader
     @checksum = oct calculate_checksum(header), 6
   end
 
+  ##
+  # Header's full name, including prefix
+
+  def full_name
+    if prefix != ""
+      File.join prefix, name
+    else
+      name
+    end
+  end
+
   private
 
   def calculate_checksum(header)

data/lib/rubygems/package/tar_reader/entry.rb

@@ -87,11 +87,7 @@ class Gem::Package::TarReader::Entry
   # Full name of the tar entry
 
   def full_name
-    if @header.prefix != ""
-      File.join @header.prefix, @header.name
-    else
-      @header.name
-    end
+    @header.full_name.force_encoding(Encoding::UTF_8)
   rescue ArgumentError => e
     raise unless e.message == "string contains null byte"
     raise Gem::Package::TarInvalidError,

data/lib/rubygems/spec_fetcher.rb

@@ -170,17 +170,45 @@ class Gem::SpecFetcher
   # alternative gem names.
 
   def suggest_gems_from_name(gem_name, type = :latest, num_results = 5)
-    gem_name        = gem_name.downcase.tr("_-", "")
-    max             = gem_name.size / 2
-    names           = available_specs(type).first.values.flatten(1)
+    gem_name = gem_name.downcase.tr("_-", "")
 
-    matches = names.map do |n|
+    # All results for 3-character-or-shorter (minus hyphens/underscores) gem
+    # names get rejected, so we just return an empty array immediately instead.
+    return [] if gem_name.length <= 3
+
+    max   = gem_name.size / 2
+    names = available_specs(type).first.values.flatten(1)
+
+    min_length = gem_name.length - max
+    max_length = gem_name.length + max
+
+    matches = names.filter_map do |n|
+      len = n.name.length
+      # If the length is min_length or shorter, we've done `max` deletions.
+      # If the length is max_length or longer, we've done `max` insertions.
+      # These would both be rejected later, so we skip early for performance.
+      next if len <= min_length || len >= max_length
+
+      # If the gem doesn't support the current platform, bail early.
       next unless n.match_platform?
-      distance = levenshtein_distance gem_name, n.name.downcase.tr("_-", "")
+
+      # The candidate name, normalized the same as gem_name.
+      normalized_name = n.name.downcase
+      normalized_name.tr!("_-", "")
+
+      # If we found an exact match (after stripping underscores and hyphens),
+      # that's our most likely candidate.
+      # Return it immediately, and skip the rest of the loop.
+      return [n.name] if normalized_name == gem_name
+
+      distance = levenshtein_distance gem_name, normalized_name
+
+      # Skip current candidate, if the edit distance is greater than allowed.
       next if distance >= max
-      return [n.name] if distance == 0
+
+      # If all else fails, return the name and the calculated distance.
       [n.name, distance]
-    end.compact
+    end
 
     matches = if matches.empty? && type != :prerelease
       suggest_gems_from_name gem_name, :prerelease

data/lib/rubygems/specification.rb

@@ -391,7 +391,7 @@ class Gem::Specification < Gem::BasicSpecification
   #     "homepage_uri"      => "https://bestgemever.example.io",
   #     "mailing_list_uri"  => "https://groups.example.com/bestgemever",
   #     "source_code_uri"   => "https://example.com/user/bestgemever",
-  #     "wiki_uri"          => "https://example.com/user/bestgemever/wiki"
+  #     "wiki_uri"          => "https://example.com/user/bestgemever/wiki",
   #     "funding_uri"       => "https://example.com/donate"
   #   }
   #
@@ -2470,7 +2470,7 @@ class Gem::Specification < Gem::BasicSpecification
 
     if @installed_by_version
       result << nil
-      result << "  s.installed_by_version = #{ruby_code Gem::VERSION} if s.respond_to? :installed_by_version"
+      result << "  s.installed_by_version = #{ruby_code Gem::VERSION}"
     end
 
     unless dependencies.empty?

data/lib/rubygems/specification_record.rb

@@ -30,7 +30,7 @@ module Gem
     # Returns the list of all specifications in the record
 
     def all
-      @all ||= Gem.loaded_specs.values | stubs.map(&:to_spec)
+      @all ||= stubs.map(&:to_spec)
     end
 
     ##

data/lib/rubygems/stub_specification.rb

@@ -83,11 +83,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
   # True when this gem has been activated
 
   def activated?
-    @activated ||=
-      begin
-        loaded = Gem.loaded_specs[name]
-        loaded && loaded.version == version
-      end
+    @activated ||= !loaded_spec.nil?
   end
 
   def default_gem?
@@ -187,11 +183,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
   # The full Gem::Specification for this gem, loaded from evalling its gemspec
 
   def spec
-    @spec ||= if @data
-      loaded = Gem.loaded_specs[name]
-      loaded if loaded && loaded.version == version
-    end
-
+    @spec ||= loaded_spec if @data
     @spec ||= Gem::Specification.load(loaded_from)
   end
   alias_method :to_spec, :spec
@@ -231,4 +223,13 @@ class Gem::StubSpecification < Gem::BasicSpecification
   def sort_obj # :nodoc:
     [name, version, Gem::Platform.sort_priority(platform)]
   end
+
+  private
+
+  def loaded_spec
+    spec = Gem.loaded_specs[name]
+    return unless spec && spec.version == version && spec.default_gem? == default_gem?
+
+    spec
+  end
 end

data/lib/rubygems/vendor/net-http/lib/net/http.rb

@@ -722,7 +722,7 @@ module Gem::Net   #:nodoc:
   class HTTP < Protocol
 
     # :stopdoc:
-    VERSION = "0.4.0"
+    VERSION = "0.4.1"
     HTTPVersion = '1.1'
     begin
       require 'zlib'

data/lib/rubygems/vendor/uri/lib/uri/common.rb

@@ -19,6 +19,8 @@ module Gem::URI
   Parser = RFC2396_Parser
   RFC3986_PARSER = RFC3986_Parser.new
   Ractor.make_shareable(RFC3986_PARSER) if defined?(Ractor)
+  RFC2396_PARSER = RFC2396_Parser.new
+  Ractor.make_shareable(RFC2396_PARSER) if defined?(Ractor)
 
   # Gem::URI::Parser.new
   DEFAULT_PARSER = Parser.new

data/lib/rubygems/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Gem::URI
   # :stopdoc:
-  VERSION_CODE = '001300'.freeze
+  VERSION_CODE = '001301'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "3.5.21"
+  VERSION = "3.5.23"
 end
 
 # Must be first since it unloads the prelude from 1.9.2
@@ -781,6 +781,7 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
     file_lock = "#{path}.lock"
     open_file_with_flock(file_lock, &block)
   ensure
+    require "fileutils"
     FileUtils.rm_f file_lock
   end
 
@@ -788,15 +789,14 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
   # Open a file with given flags, and protect access with flock
 
   def self.open_file_with_flock(path, &block)
-    mode = IO::RDONLY | IO::APPEND | IO::CREAT | IO::BINARY
+    # read-write mode is used rather than read-only in order to support NFS
+    mode = IO::RDWR | IO::APPEND | IO::CREAT | IO::BINARY
     mode |= IO::SHARE_DELETE if IO.const_defined?(:SHARE_DELETE)
 
     File.open(path, mode) do |io|
       begin
         io.flock(File::LOCK_EX)
       rescue Errno::ENOSYS, Errno::ENOTSUP
-      rescue Errno::ENOLCK # NFS
-        raise unless Thread.main == Thread.current
       end
       yield io
     end

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.5.21"
+  s.version = "3.5.23"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.5.21
+  version: 3.5.23
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-03 00:00:00.000000000 Z
+date: 2024-11-05 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality
@@ -737,7 +737,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.21
+rubygems_version: 3.5.23
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby. This gem is downloaded