rubygems-update 3.5.9 → 3.5.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -0
  3. data/POLICIES.md +75 -6
  4. data/bundler/CHANGELOG.md +24 -0
  5. data/bundler/lib/bundler/build_metadata.rb +2 -2
  6. data/bundler/lib/bundler/cli.rb +5 -22
  7. data/bundler/lib/bundler/definition.rb +57 -28
  8. data/bundler/lib/bundler/dependency.rb +2 -1
  9. data/bundler/lib/bundler/environment_preserver.rb +2 -20
  10. data/bundler/lib/bundler/injector.rb +2 -1
  11. data/bundler/lib/bundler/man/bundle-add.1 +1 -1
  12. data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
  13. data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
  14. data/bundler/lib/bundler/man/bundle-check.1 +3 -1
  15. data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
  16. data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
  17. data/bundler/lib/bundler/man/bundle-config.1 +1 -3
  18. data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
  19. data/bundler/lib/bundler/man/bundle-console.1 +1 -1
  20. data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
  21. data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
  22. data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
  23. data/bundler/lib/bundler/man/bundle-help.1 +1 -1
  24. data/bundler/lib/bundler/man/bundle-info.1 +1 -1
  25. data/bundler/lib/bundler/man/bundle-init.1 +1 -1
  26. data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
  27. data/bundler/lib/bundler/man/bundle-install.1 +1 -1
  28. data/bundler/lib/bundler/man/bundle-list.1 +1 -1
  29. data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
  30. data/bundler/lib/bundler/man/bundle-open.1 +1 -1
  31. data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
  32. data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
  33. data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
  34. data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
  35. data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
  36. data/bundler/lib/bundler/man/bundle-show.1 +1 -1
  37. data/bundler/lib/bundler/man/bundle-update.1 +1 -1
  38. data/bundler/lib/bundler/man/bundle-version.1 +1 -1
  39. data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
  40. data/bundler/lib/bundler/man/bundle.1 +1 -1
  41. data/bundler/lib/bundler/man/gemfile.5 +1 -1
  42. data/bundler/lib/bundler/rubygems_ext.rb +12 -0
  43. data/bundler/lib/bundler/settings.rb +0 -1
  44. data/bundler/lib/bundler/setup.rb +3 -0
  45. data/bundler/lib/bundler/source/rubygems.rb +3 -16
  46. data/bundler/lib/bundler/source_list.rb +15 -2
  47. data/bundler/lib/bundler/spec_set.rb +1 -1
  48. data/bundler/lib/bundler/version.rb +1 -1
  49. data/bundler/lib/bundler.rb +20 -0
  50. data/lib/rubygems/commands/update_command.rb +8 -9
  51. data/lib/rubygems/deprecate.rb +79 -77
  52. data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
  53. data/lib/rubygems/package.rb +11 -5
  54. data/lib/rubygems.rb +1 -1
  55. data/rubygems-update.gemspec +1 -1
  56. metadata +3 -3
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-HELP" "1" "March 2024" ""
3
+ .TH "BUNDLE\-HELP" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-help\fR \- Displays detailed help for each subcommand
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-INFO" "1" "March 2024" ""
3
+ .TH "BUNDLE\-INFO" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-info\fR \- Show information for the given gem in your bundle
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-INIT" "1" "March 2024" ""
3
+ .TH "BUNDLE\-INIT" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-init\fR \- Generates a Gemfile into the current working directory
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-INJECT" "1" "March 2024" ""
3
+ .TH "BUNDLE\-INJECT" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-INSTALL" "1" "March 2024" ""
3
+ .TH "BUNDLE\-INSTALL" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-LIST" "1" "March 2024" ""
3
+ .TH "BUNDLE\-LIST" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-list\fR \- List all the gems in the bundle
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-LOCK" "1" "March 2024" ""
3
+ .TH "BUNDLE\-LOCK" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-OPEN" "1" "March 2024" ""
3
+ .TH "BUNDLE\-OPEN" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-OUTDATED" "1" "March 2024" ""
3
+ .TH "BUNDLE\-OUTDATED" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-outdated\fR \- List installed gems with newer versions available
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-PLATFORM" "1" "March 2024" ""
3
+ .TH "BUNDLE\-PLATFORM" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-platform\fR \- Displays platform compatibility information
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-PLUGIN" "1" "March 2024" ""
3
+ .TH "BUNDLE\-PLUGIN" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-plugin\fR \- Manage Bundler plugins
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-PRISTINE" "1" "March 2024" ""
3
+ .TH "BUNDLE\-PRISTINE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-REMOVE" "1" "March 2024" ""
3
+ .TH "BUNDLE\-REMOVE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-remove\fR \- Removes gems from the Gemfile
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-SHOW" "1" "March 2024" ""
3
+ .TH "BUNDLE\-SHOW" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-UPDATE" "1" "March 2024" ""
3
+ .TH "BUNDLE\-UPDATE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-update\fR \- Update your gems to the latest available versions
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-VERSION" "1" "March 2024" ""
3
+ .TH "BUNDLE\-VERSION" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-version\fR \- Prints Bundler version information
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-VIZ" "1" "March 2024" ""
3
+ .TH "BUNDLE\-VIZ" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE" "1" "March 2024" ""
3
+ .TH "BUNDLE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\fR \- Ruby Dependency Management
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "GEMFILE" "5" "March 2024" ""
3
+ .TH "GEMFILE" "5" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
6
6
  .SH "SYNOPSIS"
@@ -146,6 +146,18 @@ module Gem
146
146
  end
147
147
  end
148
148
 
149
+ module BetterPermissionError
150
+ def data
151
+ Bundler::SharedHelpers.filesystem_access(loaded_from, :read) do
152
+ super
153
+ end
154
+ end
155
+ end
156
+
157
+ class StubSpecification
158
+ prepend BetterPermissionError
159
+ end
160
+
149
161
  class Dependency
150
162
  include ::Bundler::ForcePlatform
151
163
 
@@ -7,7 +7,6 @@ module Bundler
7
7
  autoload :Validator, File.expand_path("settings/validator", __dir__)
8
8
 
9
9
  BOOL_KEYS = %w[
10
- allow_deployment_source_credential_changes
11
10
  allow_offline_install
12
11
  auto_clean_without_path
13
12
  auto_install
@@ -5,6 +5,9 @@ require_relative "shared_helpers"
5
5
  if Bundler::SharedHelpers.in_bundle?
6
6
  require_relative "../bundler"
7
7
 
8
+ # try to auto_install first before we get to the `Bundler.ui.silence`, so user knows what is happening
9
+ Bundler.auto_install
10
+
8
11
  if STDOUT.tty? || ENV["BUNDLER_FORCE_TTY"]
9
12
  begin
10
13
  Bundler.ui.silence { Bundler.setup }
@@ -10,7 +10,7 @@ module Bundler
10
10
  # Ask for X gems per API request
11
11
  API_REQUEST_SIZE = 50
12
12
 
13
- attr_reader :remotes
13
+ attr_accessor :remotes
14
14
 
15
15
  def initialize(options = {})
16
16
  @options = options
@@ -96,7 +96,7 @@ module Bundler
96
96
  def to_lock
97
97
  out = String.new("GEM\n")
98
98
  remotes.reverse_each do |remote|
99
- out << " remote: #{suppress_configured_credentials remote}\n"
99
+ out << " remote: #{remove_auth remote}\n"
100
100
  end
101
101
  out << " specs:\n"
102
102
  end
@@ -312,11 +312,7 @@ module Bundler
312
312
  end
313
313
 
314
314
  def credless_remotes
315
- if Bundler.settings[:allow_deployment_source_credential_changes]
316
- remotes.map(&method(:remove_auth))
317
- else
318
- remotes.map(&method(:suppress_configured_credentials))
319
- end
315
+ remotes.map(&method(:remove_auth))
320
316
  end
321
317
 
322
318
  def remotes_for_spec(spec)
@@ -355,15 +351,6 @@ module Bundler
355
351
  uri
356
352
  end
357
353
 
358
- def suppress_configured_credentials(remote)
359
- remote_nouser = remove_auth(remote)
360
- if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser]
361
- remote_nouser
362
- else
363
- remote
364
- end
365
- end
366
-
367
354
  def remove_auth(remote)
368
355
  if remote.user || remote.password
369
356
  remote.dup.tap {|uri| uri.user = uri.password = nil }.to_s
@@ -157,7 +157,11 @@ module Bundler
157
157
  end
158
158
 
159
159
  def map_sources(replacement_sources)
160
- rubygems, git, plugin = [@rubygems_sources, @git_sources, @plugin_sources].map do |sources|
160
+ rubygems = @rubygems_sources.map do |source|
161
+ replace_rubygems_source(replacement_sources, source) || source
162
+ end
163
+
164
+ git, plugin = [@git_sources, @plugin_sources].map do |sources|
161
165
  sources.map do |source|
162
166
  replacement_sources.find {|s| s == source } || source
163
167
  end
@@ -171,13 +175,22 @@ module Bundler
171
175
  end
172
176
 
173
177
  def global_replacement_source(replacement_sources)
174
- replacement_source = replacement_sources.find {|s| s == global_rubygems_source }
178
+ replacement_source = replace_rubygems_source(replacement_sources, global_rubygems_source)
175
179
  return global_rubygems_source unless replacement_source
176
180
 
177
181
  replacement_source.cached!
178
182
  replacement_source
179
183
  end
180
184
 
185
+ def replace_rubygems_source(replacement_sources, gemfile_source)
186
+ replacement_source = replacement_sources.find {|s| s == gemfile_source }
187
+ return unless replacement_source
188
+
189
+ # locked sources never include credentials so always prefer remotes from the gemfile
190
+ replacement_source.remotes = gemfile_source.remotes
191
+ replacement_source
192
+ end
193
+
181
194
  def different_sources?(lock_sources, replacement_sources)
182
195
  !equivalent_sources?(lock_sources, replacement_sources)
183
196
  end
@@ -65,7 +65,7 @@ module Bundler
65
65
 
66
66
  platforms.concat(new_platforms)
67
67
 
68
- less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform }
68
+ less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform && platform === Bundler.local_platform }
69
69
  platforms.delete(Bundler.local_platform) if less_specific_platform
70
70
 
71
71
  platforms
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: false
2
2
 
3
3
  module Bundler
4
- VERSION = "2.5.9".freeze
4
+ VERSION = "2.5.10".freeze
5
5
 
6
6
  def self.bundler_major_version
7
7
  @bundler_major_version ||= VERSION.split(".").first.to_i
@@ -40,6 +40,7 @@ module Bundler
40
40
  SUDO_MUTEX = Thread::Mutex.new
41
41
 
42
42
  autoload :Checksum, File.expand_path("bundler/checksum", __dir__)
43
+ autoload :CLI, File.expand_path("bundler/cli", __dir__)
43
44
  autoload :CIDetector, File.expand_path("bundler/ci_detector", __dir__)
44
45
  autoload :Definition, File.expand_path("bundler/definition", __dir__)
45
46
  autoload :Dependency, File.expand_path("bundler/dependency", __dir__)
@@ -165,6 +166,25 @@ module Bundler
165
166
  end
166
167
  end
167
168
 
169
+ # Automatically install dependencies if Bundler.settings[:auto_install] exists.
170
+ # This is set through config cmd `bundle config set --global auto_install 1`.
171
+ #
172
+ # Note that this method `nil`s out the global Definition object, so it
173
+ # should be called first, before you instantiate anything like an
174
+ # `Installer` that'll keep a reference to the old one instead.
175
+ def auto_install
176
+ return unless settings[:auto_install]
177
+
178
+ begin
179
+ definition.specs
180
+ rescue GemNotFound, GitError
181
+ ui.info "Automatically installing missing gems."
182
+ reset!
183
+ CLI::Install.new({}).run
184
+ reset!
185
+ end
186
+ end
187
+
168
188
  # Setups Bundler environment (see Bundler.setup) if it is not already set,
169
189
  # and loads all gems from groups specified. Unlike ::setup, can be called
170
190
  # multiple times with different groups (if they were allowed by setup).
@@ -197,18 +197,17 @@ command to remove old versions.
197
197
  yield
198
198
  else
199
199
  require "tmpdir"
200
- tmpdir = Dir.mktmpdir
201
- FileUtils.mv Gem.plugindir, tmpdir
200
+ Dir.mktmpdir("gem_update") do |tmpdir|
201
+ FileUtils.mv Gem.plugindir, tmpdir
202
202
 
203
- status = yield
203
+ status = yield
204
204
 
205
- if status
206
- FileUtils.rm_rf tmpdir
207
- else
208
- FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
209
- end
205
+ unless status
206
+ FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
207
+ end
210
208
 
211
- status
209
+ status
210
+ end
212
211
  end
213
212
  end
214
213
 
@@ -69,99 +69,101 @@
69
69
  # end
70
70
  # end
71
71
 
72
- module Gem::Deprecate
73
- def self.skip # :nodoc:
74
- @skip ||= false
75
- end
72
+ module Gem
73
+ module Deprecate
74
+ def self.skip # :nodoc:
75
+ @skip ||= false
76
+ end
76
77
 
77
- def self.skip=(v) # :nodoc:
78
- @skip = v
79
- end
78
+ def self.skip=(v) # :nodoc:
79
+ @skip = v
80
+ end
80
81
 
81
- ##
82
- # Temporarily turn off warnings. Intended for tests only.
82
+ ##
83
+ # Temporarily turn off warnings. Intended for tests only.
83
84
 
84
- def skip_during
85
- original = Gem::Deprecate.skip
86
- Gem::Deprecate.skip = true
87
- yield
88
- ensure
89
- Gem::Deprecate.skip = original
90
- end
85
+ def skip_during
86
+ original = Gem::Deprecate.skip
87
+ Gem::Deprecate.skip = true
88
+ yield
89
+ ensure
90
+ Gem::Deprecate.skip = original
91
+ end
91
92
 
92
- def self.next_rubygems_major_version # :nodoc:
93
- Gem::Version.new(Gem.rubygems_version.segments.first).bump
94
- end
93
+ def self.next_rubygems_major_version # :nodoc:
94
+ Gem::Version.new(Gem.rubygems_version.segments.first).bump
95
+ end
95
96
 
96
- ##
97
- # Simple deprecation method that deprecates +name+ by wrapping it up
98
- # in a dummy method. It warns on each call to the dummy method
99
- # telling the user of +repl+ (unless +repl+ is :none) and the
100
- # year/month that it is planned to go away.
97
+ ##
98
+ # Simple deprecation method that deprecates +name+ by wrapping it up
99
+ # in a dummy method. It warns on each call to the dummy method
100
+ # telling the user of +repl+ (unless +repl+ is :none) and the
101
+ # year/month that it is planned to go away.
101
102
 
102
- def deprecate(name, repl, year, month)
103
- class_eval do
104
- old = "_deprecated_#{name}"
105
- alias_method old, name
106
- define_method name do |*args, &block|
107
- klass = is_a? Module
108
- target = klass ? "#{self}." : "#{self.class}#"
109
- msg = [
110
- "NOTE: #{target}#{name} is deprecated",
111
- repl == :none ? " with no replacement" : "; use #{repl} instead",
112
- format(". It will be removed on or after %4d-%02d.", year, month),
113
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
114
- ]
115
- warn "#{msg.join}." unless Gem::Deprecate.skip
116
- send old, *args, &block
103
+ def deprecate(name, repl, year, month)
104
+ class_eval do
105
+ old = "_deprecated_#{name}"
106
+ alias_method old, name
107
+ define_method name do |*args, &block|
108
+ klass = is_a? Module
109
+ target = klass ? "#{self}." : "#{self.class}#"
110
+ msg = [
111
+ "NOTE: #{target}#{name} is deprecated",
112
+ repl == :none ? " with no replacement" : "; use #{repl} instead",
113
+ format(". It will be removed on or after %4d-%02d.", year, month),
114
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
115
+ ]
116
+ warn "#{msg.join}." unless Gem::Deprecate.skip
117
+ send old, *args, &block
118
+ end
119
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
117
120
  end
118
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
119
121
  end
120
- end
121
122
 
122
- ##
123
- # Simple deprecation method that deprecates +name+ by wrapping it up
124
- # in a dummy method. It warns on each call to the dummy method
125
- # telling the user of +repl+ (unless +repl+ is :none) and the
126
- # Rubygems version that it is planned to go away.
123
+ ##
124
+ # Simple deprecation method that deprecates +name+ by wrapping it up
125
+ # in a dummy method. It warns on each call to the dummy method
126
+ # telling the user of +repl+ (unless +repl+ is :none) and the
127
+ # Rubygems version that it is planned to go away.
127
128
 
128
- def rubygems_deprecate(name, replacement=:none)
129
- class_eval do
130
- old = "_deprecated_#{name}"
131
- alias_method old, name
132
- define_method name do |*args, &block|
133
- klass = is_a? Module
134
- target = klass ? "#{self}." : "#{self.class}#"
135
- msg = [
136
- "NOTE: #{target}#{name} is deprecated",
137
- replacement == :none ? " with no replacement" : "; use #{replacement} instead",
138
- ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
139
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
140
- ]
141
- warn "#{msg.join}." unless Gem::Deprecate.skip
142
- send old, *args, &block
129
+ def rubygems_deprecate(name, replacement=:none)
130
+ class_eval do
131
+ old = "_deprecated_#{name}"
132
+ alias_method old, name
133
+ define_method name do |*args, &block|
134
+ klass = is_a? Module
135
+ target = klass ? "#{self}." : "#{self.class}#"
136
+ msg = [
137
+ "NOTE: #{target}#{name} is deprecated",
138
+ replacement == :none ? " with no replacement" : "; use #{replacement} instead",
139
+ ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
140
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
141
+ ]
142
+ warn "#{msg.join}." unless Gem::Deprecate.skip
143
+ send old, *args, &block
144
+ end
145
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
143
146
  end
144
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
145
147
  end
146
- end
147
148
 
148
- # Deprecation method to deprecate Rubygems commands
149
- def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
150
- class_eval do
151
- define_method "deprecated?" do
152
- true
153
- end
149
+ # Deprecation method to deprecate Rubygems commands
150
+ def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
151
+ class_eval do
152
+ define_method "deprecated?" do
153
+ true
154
+ end
154
155
 
155
- define_method "deprecation_warning" do
156
- msg = [
157
- "#{command} command is deprecated",
158
- ". It will be removed in Rubygems #{version}.\n",
159
- ]
156
+ define_method "deprecation_warning" do
157
+ msg = [
158
+ "#{command} command is deprecated",
159
+ ". It will be removed in Rubygems #{version}.\n",
160
+ ]
160
161
 
161
- alert_warning msg.join.to_s unless Gem::Deprecate.skip
162
+ alert_warning msg.join.to_s unless Gem::Deprecate.skip
163
+ end
162
164
  end
163
165
  end
164
- end
165
166
 
166
- module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
167
+ module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
168
+ end
167
169
  end
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
69
69
  rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
70
70
  if credentials.empty?
71
71
  request.add_field "Authorization", api_key
72
+ elsif credentials[:identifier] && credentials[:password]
73
+ request.basic_auth credentials[:identifier], credentials[:password]
72
74
  else
73
- request.basic_auth credentials[:email], credentials[:password]
75
+ raise Gem::WebauthnVerificationError, "Provided missing credentials"
74
76
  end
75
77
  end
76
78
  end
@@ -7,7 +7,6 @@
7
7
 
8
8
  # rubocop:enable Style/AsciiComments
9
9
 
10
- require_relative "../rubygems"
11
10
  require_relative "security"
12
11
  require_relative "user_interaction"
13
12
 
@@ -528,12 +527,13 @@ EOM
528
527
  # Loads a Gem::Specification from the TarEntry +entry+
529
528
 
530
529
  def load_spec(entry) # :nodoc:
530
+ limit = 10 * 1024 * 1024
531
531
  case entry.full_name
532
532
  when "metadata" then
533
- @spec = Gem::Specification.from_yaml entry.read
533
+ @spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
534
534
  when "metadata.gz" then
535
535
  Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
536
- @spec = Gem::Specification.from_yaml gzio.read
536
+ @spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
537
537
  end
538
538
  end
539
539
  end
@@ -557,7 +557,7 @@ EOM
557
557
 
558
558
  @checksums = gem.seek "checksums.yaml.gz" do |entry|
559
559
  Zlib::GzipReader.wrap entry do |gz_io|
560
- Gem::SafeYAML.safe_load gz_io.read
560
+ Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
561
561
  end
562
562
  end
563
563
  end
@@ -664,7 +664,7 @@ EOM
664
664
 
665
665
  case file_name
666
666
  when /\.sig$/ then
667
- @signatures[$`] = entry.read if @security_policy
667
+ @signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
668
668
  return
669
669
  else
670
670
  digest entry
@@ -724,6 +724,12 @@ EOM
724
724
  IO.copy_stream(src, dst)
725
725
  end
726
726
  end
727
+
728
+ def limit_read(io, name, limit)
729
+ bytes = io.read(limit + 1)
730
+ raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
731
+ bytes
732
+ end
727
733
  end
728
734
 
729
735
  require_relative "package/digest_io"
data/lib/rubygems.rb CHANGED
@@ -9,7 +9,7 @@
9
9
  require "rbconfig"
10
10
 
11
11
  module Gem
12
- VERSION = "3.5.9"
12
+ VERSION = "3.5.10"
13
13
  end
14
14
 
15
15
  # Must be first since it unloads the prelude from 1.9.2
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = "rubygems-update"
5
- s.version = "3.5.9"
5
+ s.version = "3.5.10"
6
6
  s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
7
7
  s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
8
8