rubygems-update 3.5.5 → 3.5.6

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -1,5 +1,5 @@
 require_relative '../../../../../vendored_net_http'
-require_relative '../../../../uri/lib/uri'
+require_relative '../../../../../vendored_uri'
 require 'cgi' # for escaping
 require_relative '../../../../connection_pool/lib/connection_pool'
 
@@ -22,7 +22,7 @@ autoload :OpenSSL, 'openssl'
 #
 #   require 'bundler/vendor/net-http-persistent/lib/net/http/persistent'
 #
-#   uri = Bundler::URI 'http://example.com/awesome/web/service'
+#   uri = Gem::URI 'http://example.com/awesome/web/service'
 #
 #   http = Gem::Net::HTTP::Persistent.new
 #
@@ -39,17 +39,17 @@ autoload :OpenSSL, 'openssl'
 #   post = Gem::Net::HTTP::Post.new post_uri.path
 #   post.set_form_data 'some' => 'cool data'
 #
-#   # perform the POST, the Bundler::URI is always required
+#   # perform the POST, the Gem::URI is always required
 #   response http.request post_uri, post
 #
 # Note that for GET, HEAD and other requests that do not have a body you want
-# to use Bundler::URI#request_uri not Bundler::URI#path.  The request_uri contains the query
+# to use Gem::URI#request_uri not Gem::URI#path.  The request_uri contains the query
 # params which are sent in the body for other requests.
 #
 # == TLS/SSL
 #
 # TLS connections are automatically created depending upon the scheme of the
-# Bundler::URI.  TLS connections are automatically verified against the default
+# Gem::URI.  TLS connections are automatically verified against the default
 # certificate store for your computer.  You can override this by changing
 # verify_mode or by specifying an alternate cert_store.
 #
@@ -72,7 +72,7 @@ autoload :OpenSSL, 'openssl'
 # == Proxies
 #
 # A proxy can be set through #proxy= or at initialization time by providing a
-# second argument to ::new.  The proxy may be the Bundler::URI of the proxy server or
+# second argument to ::new.  The proxy may be the Gem::URI of the proxy server or
 # <code>:ENV</code> which will consult environment variables.
 #
 # See #proxy= and #proxy_from_env for details.
@@ -197,7 +197,7 @@ class Gem::Net::HTTP::Persistent
   # NOTE:  This may not work on ruby > 1.9.
 
   def self.detect_idle_timeout uri, max = 10
-    uri = Bundler::URI uri unless Bundler::URI::Generic === uri
+    uri = Gem::URI uri unless Gem::URI::Generic === uri
     uri += '/'
 
     req = Gem::Net::HTTP::Head.new uri.request_uri
@@ -455,13 +455,13 @@ class Gem::Net::HTTP::Persistent
   # Set a +name+ for fun.  Your library name should be good enough, but this
   # otherwise has no purpose.
   #
-  # +proxy+ may be set to a Bundler::URI::HTTP or :ENV to pick up proxy options from
+  # +proxy+ may be set to a Gem::URI::HTTP or :ENV to pick up proxy options from
   # the environment.  See proxy_from_env for details.
   #
-  # In order to use a Bundler::URI for the proxy you may need to do some extra work
-  # beyond Bundler::URI parsing if the proxy requires a password:
+  # In order to use a Gem::URI for the proxy you may need to do some extra work
+  # beyond Gem::URI parsing if the proxy requires a password:
   #
-  #   proxy = Bundler::URI 'http://proxy.example'
+  #   proxy = Gem::URI 'http://proxy.example'
   #   proxy.user     = 'AzureDiamond'
   #   proxy.password = 'hunter2'
   #
@@ -510,7 +510,7 @@ class Gem::Net::HTTP::Persistent
     @verify_mode        = nil
     @cert_store         = nil
 
-    @generation         = 0 # incremented when proxy Bundler::URI changes
+    @generation         = 0 # incremented when proxy Gem::URI changes
 
     if HAVE_OPENSSL then
       @verify_mode        = OpenSSL::SSL::VERIFY_PEER
@@ -720,12 +720,12 @@ class Gem::Net::HTTP::Persistent
   alias key= private_key=
 
   ##
-  # Sets the proxy server.  The +proxy+ may be the Bundler::URI of the proxy server,
+  # Sets the proxy server.  The +proxy+ may be the Gem::URI of the proxy server,
   # the symbol +:ENV+ which will read the proxy from the environment or nil to
   # disable use of a proxy.  See #proxy_from_env for details on setting the
   # proxy from the environment.
   #
-  # If the proxy Bundler::URI is set after requests have been made, the next request
+  # If the proxy Gem::URI is set after requests have been made, the next request
   # will shut-down and re-open all connections.
   #
   # The +no_proxy+ query parameter can be used to specify hosts which shouldn't
@@ -736,9 +736,9 @@ class Gem::Net::HTTP::Persistent
   def proxy= proxy
     @proxy_uri = case proxy
                  when :ENV      then proxy_from_env
-                 when Bundler::URI::HTTP then proxy
+                 when Gem::URI::HTTP then proxy
                  when nil       then # ignore
-                 else raise ArgumentError, 'proxy must be :ENV or a Bundler::URI::HTTP'
+                 else raise ArgumentError, 'proxy must be :ENV or a Gem::URI::HTTP'
                  end
 
     @no_proxy.clear
@@ -763,13 +763,13 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a Bundler::URI for an HTTP proxy server from ENV variables.
+  # Creates a Gem::URI for an HTTP proxy server from ENV variables.
   #
   # If +HTTP_PROXY+ is set a proxy will be returned.
   #
-  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Bundler::URI is given the
+  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Gem::URI is given the
   # indicated user and password unless HTTP_PROXY contains either of these in
-  # the Bundler::URI.
+  # the Gem::URI.
   #
   # The +NO_PROXY+ ENV variable can be used to specify hosts which shouldn't
   # be reached via proxy; if set it should be a comma separated list of
@@ -785,7 +785,7 @@ class Gem::Net::HTTP::Persistent
 
     return nil if env_proxy.nil? or env_proxy.empty?
 
-    uri = Bundler::URI normalize_uri env_proxy
+    uri = Gem::URI normalize_uri env_proxy
 
     env_no_proxy = ENV['no_proxy'] || ENV['NO_PROXY']
 
@@ -863,7 +863,7 @@ class Gem::Net::HTTP::Persistent
   # +req+ must be a Gem::Net::HTTPGenericRequest subclass (see Gem::Net::HTTP for a list).
 
   def request uri, req = nil, &block
-    uri      = Bundler::URI uri
+    uri      = Gem::URI uri
     req      = request_setup req || uri
     response = nil
 
@@ -896,7 +896,7 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a GET request if +req_or_uri+ is a Bundler::URI and adds headers to the
+  # Creates a GET request if +req_or_uri+ is a Gem::URI and adds headers to the
   # request.
   #
   # Returns the request.

data/bundler/lib/bundler/vendored_uri.rb

@@ -1,4 +1,21 @@
 # frozen_string_literal: true
 
 module Bundler; end
-require_relative "vendor/uri/lib/uri"
+
+# Use RubyGems vendored copy when available. Otherwise fallback to Bundler
+# vendored copy. The vendored copy in Bundler can be removed once support for
+# RubyGems 3.5 is dropped.
+
+begin
+  require "rubygems/vendor/uri/lib/uri"
+rescue LoadError
+  require_relative "vendor/uri/lib/uri"
+  Gem::URI = Bundler::URI
+
+  module Gem
+    def URI(uri) # rubocop:disable Naming/MethodName
+      Bundler::URI(uri)
+    end
+    module_function :URI
+  end
+end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.5".freeze
+  VERSION = "2.5.6".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/bundler/lib/bundler/yaml_serializer.rb

@@ -58,6 +58,8 @@ module Bundler
       str.split(/\r?\n/) do |line|
         if match = HASH_REGEX.match(line)
           indent, key, quote, val = match.captures
+          val = strip_comment(val)
+
           convert_to_backward_compatible_key!(key)
           depth = indent.size / 2
           if quote.empty? && val.empty?
@@ -72,6 +74,8 @@ module Bundler
           end
         elsif match = ARRAY_REGEX.match(line)
           _, val = match.captures
+          val = strip_comment(val)
+
           last_hash[last_empty_key] = [] unless last_hash[last_empty_key].is_a?(Array)
 
           last_hash[last_empty_key].push(val)
@@ -80,6 +84,14 @@ module Bundler
       res
     end
 
+    def strip_comment(val)
+      if val.include?("#") && !val.start_with?("#")
+        val.split("#", 2).first.strip
+      else
+        val
+      end
+    end
+
     # for settings' keys
     def convert_to_backward_compatible_key!(key)
       key << "/" if /https?:/i.match?(key) && !%r{/\Z}.match?(key)

data/bundler/lib/bundler.rb

@@ -200,12 +200,13 @@ module Bundler
     #
     # @param unlock [Hash, Boolean, nil] Gems that have been requested
     #   to be updated or true if all gems should be updated
+    # @param lockfile [Pathname] Path to Gemfile.lock
     # @return [Bundler::Definition]
-    def definition(unlock = nil)
+    def definition(unlock = nil, lockfile = default_lockfile)
       @definition = nil if unlock
       @definition ||= begin
         configure
-        Definition.build(default_gemfile, default_lockfile, unlock)
+        Definition.build(default_gemfile, lockfile, unlock)
       end
     end
 

data/lib/rubygems/commands/sources_command.rb

@@ -59,7 +59,7 @@ class Gem::Commands::SourcesCommand < Gem::Command
 
         say "#{source_uri} added to sources"
       end
-    rescue URI::Error, ArgumentError
+    rescue Gem::URI::Error, ArgumentError
       say "#{source_uri} is not a URI"
       terminate_interaction 1
     rescue Gem::RemoteFetcher::FetchError => e
@@ -81,7 +81,7 @@ Do you want to add this source?
   end
 
   def check_rubygems_https(source_uri) # :nodoc:
-    uri = URI source_uri
+    uri = Gem::URI source_uri
 
     if uri.scheme && uri.scheme.casecmp("http").zero? &&
        uri.host.casecmp("rubygems.org").zero?

data/lib/rubygems/gemcutter_utilities/webauthn_listener.rb

@@ -51,7 +51,7 @@ module Gem::GemcutterUtilities
         request_line = socket.gets
 
         method, req_uri, _protocol = request_line.split(" ")
-        req_uri = URI.parse(req_uri)
+        req_uri = Gem::URI.parse(req_uri)
 
         responder = SocketResponder.new(socket)
 

data/lib/rubygems/gemcutter_utilities.rb

@@ -10,7 +10,8 @@ require_relative "gemcutter_utilities/webauthn_poller"
 
 module Gem::GemcutterUtilities
   ERROR_CODE = 1
-  API_SCOPES = [:index_rubygems, :push_rubygem, :yank_rubygem, :add_owner, :remove_owner, :access_webhooks, :show_dashboard].freeze
+  API_SCOPES = [:index_rubygems, :push_rubygem, :yank_rubygem, :add_owner, :remove_owner, :access_webhooks].freeze
+  EXCLUSIVELY_API_SCOPES = [:show_dashboard].freeze
 
   include Gem::Text
 
@@ -93,8 +94,8 @@ module Gem::GemcutterUtilities
     end
 
     if allowed_push_host
-      allowed_host_uri = URI.parse(allowed_push_host)
-      host_uri         = URI.parse(self.host)
+      allowed_host_uri = Gem::URI.parse(allowed_push_host)
+      host_uri         = Gem::URI.parse(self.host)
 
       unless (host_uri.scheme == allowed_host_uri.scheme) && (host_uri.host == allowed_host_uri.host)
         alert_error "#{self.host.inspect} is not allowed by the gemspec, which only allows #{allowed_push_host.inspect}"
@@ -102,7 +103,7 @@ module Gem::GemcutterUtilities
       end
     end
 
-    uri = URI.parse "#{self.host}/#{path}"
+    uri = Gem::URI.parse "#{self.host}/#{path}"
     response = request_with_otp(method, uri, &block)
 
     if mfa_unauthorized?(response)
@@ -129,14 +130,14 @@ module Gem::GemcutterUtilities
 
     say "The existing key doesn't have access of #{scope} on #{pretty_host}. Please sign in to update access."
 
-    email    = ask "   Email: "
-    password = ask_for_password "Password: "
+    identifier = ask "Username/email: "
+    password   = ask_for_password "      Password: "
 
     response = rubygems_api_request(:put, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
-      request.basic_auth email, password
+      request.basic_auth identifier, password
       request["OTP"] = otp if otp
-      request.body = URI.encode_www_form({ api_key: api_key }.merge(update_scope_params))
+      request.body = Gem::URI.encode_www_form({ api_key: api_key }.merge(update_scope_params))
     end
 
     with_response response do |_resp|
@@ -158,25 +159,25 @@ module Gem::GemcutterUtilities
     say "Don't have an account yet? " \
         "Create one at #{sign_in_host}/sign_up"
 
-    email = ask "   Email: "
-    password = ask_for_password "Password: "
+    identifier = ask "Username/email: "
+    password   = ask_for_password "      Password: "
     say "\n"
 
     key_name     = get_key_name(scope)
     scope_params = get_scope_params(scope)
-    profile      = get_user_profile(email, password)
+    profile      = get_user_profile(identifier, password)
     mfa_params   = get_mfa_params(profile)
     all_params   = scope_params.merge(mfa_params)
     warning      = profile["warning"]
-    credentials  = { email: email, password: password }
+    credentials  = { identifier: identifier, password: password }
 
     say "#{warning}\n" if warning
 
     response = rubygems_api_request(:post, "api/v1/api_key",
                                     sign_in_host, credentials: credentials, scope: scope) do |request|
-      request.basic_auth email, password
+      request.basic_auth identifier, password
       request["OTP"] = otp if otp
-      request.body = URI.encode_www_form({ name: key_name }.merge(all_params))
+      request.body = Gem::URI.encode_www_form({ name: key_name }.merge(all_params))
     end
 
     with_response response do |resp|
@@ -294,7 +295,7 @@ module Gem::GemcutterUtilities
       if credentials.empty?
         request.add_field "Authorization", api_key
       else
-        request.basic_auth credentials[:email], credentials[:password]
+        request.basic_auth credentials[:identifier], credentials[:password]
       end
     end
     response.is_a?(Gem::Net::HTTPSuccess) ? response.body : nil
@@ -309,15 +310,31 @@ module Gem::GemcutterUtilities
   end
 
   def get_scope_params(scope)
-    scope_params = {}
+    scope_params = { index_rubygems: true }
 
     if scope
       scope_params = { scope => true }
     else
-      say "Please select scopes you want to enable for the API key (y/n)"
-      API_SCOPES.each do |s|
-        selected = ask_yes_no(s.to_s, false)
-        scope_params[s] = true if selected
+      say "The default access scope is:"
+      scope_params.each do |k, _v|
+        say "  #{k}: y"
+      end
+      say "\n"
+      customise = ask_yes_no("Do you want to customise scopes?", false)
+      if customise
+        EXCLUSIVELY_API_SCOPES.each do |excl_scope|
+          selected = ask_yes_no("#{excl_scope} (exclusive scope, answering yes will not prompt for other scopes)", false)
+          next unless selected
+
+          return { excl_scope => true }
+        end
+
+        scope_params = {}
+
+        API_SCOPES.each do |s|
+          selected = ask_yes_no(s.to_s, false)
+          scope_params[s] = true if selected
+        end
       end
       say "\n"
     end
@@ -329,11 +346,11 @@ module Gem::GemcutterUtilities
     host == Gem::DEFAULT_HOST
   end
 
-  def get_user_profile(email, password)
+  def get_user_profile(identifier, password)
     return {} unless default_host?
 
     response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
-      request.basic_auth email, password
+      request.basic_auth identifier, password
     end
 
     with_response response do |resp|

data/lib/rubygems/local_remote_options.rb

@@ -6,7 +6,7 @@
 # See LICENSE.txt for permissions.
 #++
 
-require "uri"
+require_relative "vendor/uri/lib/uri"
 require_relative "../rubygems"
 
 ##
@@ -17,10 +17,10 @@ module Gem::LocalRemoteOptions
   # Allows Gem::OptionParser to handle HTTP URIs.
 
   def accept_uri_http
-    Gem::OptionParser.accept URI::HTTP do |value|
+    Gem::OptionParser.accept Gem::URI::HTTP do |value|
       begin
-        uri = URI.parse value
-      rescue URI::InvalidURIError
+        uri = Gem::URI.parse value
+      rescue Gem::URI::InvalidURIError
         raise Gem::OptionParser::InvalidArgument, value
       end
 
@@ -88,7 +88,7 @@ module Gem::LocalRemoteOptions
   def add_proxy_option
     accept_uri_http
 
-    add_option(:"Local/Remote", "-p", "--[no-]http-proxy [URL]", URI::HTTP,
+    add_option(:"Local/Remote", "-p", "--[no-]http-proxy [URL]", Gem::URI::HTTP,
                "Use HTTP proxy for remote operations") do |value, options|
       options[:http_proxy] = value == false ? :no_proxy : value
       Gem.configuration[:http_proxy] = options[:http_proxy]
@@ -101,7 +101,7 @@ module Gem::LocalRemoteOptions
   def add_source_option
     accept_uri_http
 
-    add_option(:"Local/Remote", "-s", "--source URL", URI::HTTP,
+    add_option(:"Local/Remote", "-s", "--source URL", Gem::URI::HTTP,
                "Append URL to list of remote gem sources") do |source, options|
       source << "/" unless source.end_with?("/")
 

data/lib/rubygems/net/http.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require_relative "../net-http/lib/net/http"
+require_relative "../vendor/net-http/lib/net/http"

data/lib/rubygems/optparse.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require_relative "optparse/lib/optparse"
+require_relative "vendor/optparse/lib/optparse"

data/lib/rubygems/remote_fetcher.rb

@@ -76,7 +76,7 @@ class Gem::RemoteFetcher
     require_relative "core_ext/tcpsocket_init" if Gem.configuration.ipv4_fallback_enabled
     require_relative "net/http"
     require "stringio"
-    require "uri"
+    require_relative "vendor/uri/lib/uri"
 
     Socket.do_not_reverse_lookup = true
 
@@ -135,7 +135,7 @@ class Gem::RemoteFetcher
 
     scheme = source_uri.scheme
 
-    # URI.parse gets confused by MS Windows paths with forward slashes.
+    # Gem::URI.parse gets confused by MS Windows paths with forward slashes.
     scheme = nil if /^[a-z]$/i.match?(scheme)
 
     # REFACTOR: split this up and dispatch on scheme (eg download_http)

data/lib/rubygems/request.rb

@@ -18,11 +18,11 @@ class Gem::Request
   end
 
   def self.proxy_uri(proxy) # :nodoc:
-    require "uri"
+    require_relative "vendor/uri/lib/uri"
     case proxy
     when :no_proxy then nil
-    when URI::HTTP then proxy
-    else URI.parse(proxy)
+    when Gem::URI::HTTP then proxy
+    else Gem::URI.parse(proxy)
     end
   end
 
@@ -176,7 +176,7 @@ class Gem::Request
     end
 
     require "uri"
-    uri = URI(Gem::UriFormatter.new(env_proxy).normalize)
+    uri = Gem::URI(Gem::UriFormatter.new(env_proxy).normalize)
 
     if uri && uri.user.nil? && uri.password.nil?
       user     = ENV["#{downcase_scheme}_proxy_user"] || ENV["#{upcase_scheme}_PROXY_USER"]

data/lib/rubygems/requirement.rb

@@ -284,6 +284,11 @@ class Gem::Requirement
   def _tilde_requirements
     @_tilde_requirements ||= _sorted_requirements.select {|r| r.first == "~>" }
   end
+
+  def initialize_copy(other) # :nodoc:
+    @requirements = other.requirements.dup
+    super
+  end
 end
 
 class Gem::Version

data/lib/rubygems/resolver/api_set.rb

@@ -30,7 +30,7 @@ class Gem::Resolver::APISet < Gem::Resolver::Set
   def initialize(dep_uri = "https://index.rubygems.org/info/")
     super()
 
-    dep_uri = URI dep_uri unless URI === dep_uri
+    dep_uri = Gem::URI dep_uri unless Gem::URI === dep_uri
 
     @dep_uri = dep_uri
     @uri     = dep_uri + ".."

data/lib/rubygems/resolver/best_set.rb

@@ -60,7 +60,7 @@ class Gem::Resolver::BestSet < Gem::Resolver::ComposedSet
 
   def replace_failed_api_set(error) # :nodoc:
     uri = error.original_uri
-    uri = URI uri unless URI === uri
+    uri = Gem::URI uri unless Gem::URI === uri
     uri += "."
 
     raise error unless api_set = @sets.find do |set|

data/lib/rubygems/resolver.rb

@@ -11,7 +11,7 @@ require_relative "util/list"
 # all the requirements.
 
 class Gem::Resolver
-  require_relative "resolver/molinillo"
+  require_relative "vendored_molinillo"
 
   ##
   # If the DEBUG_RESOLVER environment variable is set then debugging mode is
@@ -167,7 +167,7 @@ class Gem::Resolver
     reqs
   end
 
-  include Molinillo::UI
+  include Gem::Molinillo::UI
 
   def output
     @output ||= debug? ? $stdout : File.open(IO::NULL, "w")
@@ -177,14 +177,14 @@ class Gem::Resolver
     DEBUG_RESOLVER
   end
 
-  include Molinillo::SpecificationProvider
+  include Gem::Molinillo::SpecificationProvider
 
   ##
   # Proceed with resolution! Returns an array of ActivationRequest objects.
 
   def resolve
-    Molinillo::Resolver.new(self, self).resolve(@needed.map {|d| DependencyRequest.new d, nil }).tsort.map(&:payload).compact
-  rescue Molinillo::VersionConflict => e
+    Gem::Molinillo::Resolver.new(self, self).resolve(@needed.map {|d| DependencyRequest.new d, nil }).tsort.map(&:payload).compact
+  rescue Gem::Molinillo::VersionConflict => e
     conflict = e.conflicts.values.first
     raise Gem::DependencyResolutionError, Conflict.new(conflict.requirement_trees.first.first, conflict.existing, conflict.requirement)
   ensure

data/lib/rubygems/s3_uri_signer.rb

@@ -49,7 +49,7 @@ class Gem::S3URISigner
     string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
     signature = generate_signature(s3_config, date, string_to_sign)
 
-    URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
+    Gem::URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
   end
 
   private
@@ -152,7 +152,7 @@ class Gem::S3URISigner
   end
 
   def ec2_metadata_request(url)
-    uri = URI(url)
+    uri = Gem::URI(url)
     @request_pool ||= create_request_pool(uri)
     request = Gem::Request.new(uri, Gem::Net::HTTP::Get, nil, @request_pool)
     response = request.fetch

data/lib/rubygems/source/git.rb

@@ -221,14 +221,14 @@ class Gem::Source::Git < Gem::Source
   end
 
   ##
-  # A hash for the git gem based on the git repository URI.
+  # A hash for the git gem based on the git repository Gem::URI.
 
   def uri_hash # :nodoc:
     require_relative "../openssl"
 
     normalized =
       if @repository.match?(%r{^\w+://(\w+@)?})
-        uri = URI(@repository).normalize.to_s.sub %r{/$},""
+        uri = Gem::URI(@repository).normalize.to_s.sub %r{/$},""
         uri.sub(/\A(\w+)/) { $1.downcase }
       else
         @repository

data/lib/rubygems/source_list.rb

@@ -44,7 +44,7 @@ class Gem::SourceList
   end
 
   ##
-  # Appends +obj+ to the source list which may be a Gem::Source, URI or URI
+  # Appends +obj+ to the source list which may be a Gem::Source, Gem::URI or URI
   # String.
 
   def <<(obj)

data/lib/rubygems/specification.rb

@@ -1003,8 +1003,6 @@ class Gem::Specification < Gem::BasicSpecification
   def self.find_all_by_name(name, *requirements)
     requirements = Gem::Requirement.default if requirements.empty?
 
-    # TODO: maybe try: find_all { |s| spec === dep }
-
     Gem::Dependency.new(name, *requirements).matching_specs
   end
 
@@ -1022,8 +1020,6 @@ class Gem::Specification < Gem::BasicSpecification
   def self.find_by_name(name, *requirements)
     requirements = Gem::Requirement.default if requirements.empty?
 
-    # TODO: maybe try: find { |s| spec === dep }
-
     Gem::Dependency.new(name, *requirements).to_spec
   end
 
@@ -2079,7 +2075,8 @@ class Gem::Specification < Gem::BasicSpecification
   end
 
   ##
-  # Duplicates array_attributes from +other_spec+ so state isn't shared.
+  # Duplicates Array and Gem::Requirement attributes from +other_spec+ so state isn't shared.
+  #
 
   def initialize_copy(other_spec)
     self.class.array_attributes.each do |name|
@@ -2101,6 +2098,9 @@ class Gem::Specification < Gem::BasicSpecification
         raise e
       end
     end
+
+    @required_ruby_version = other_spec.required_ruby_version.dup
+    @required_rubygems_version = other_spec.required_rubygems_version.dup
   end
 
   def base_dir