rubygems-update 3.5.9 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/POLICIES.md +75 -6
- data/bundler/CHANGELOG.md +24 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli.rb +5 -22
- data/bundler/lib/bundler/definition.rb +57 -28
- data/bundler/lib/bundler/dependency.rb +2 -1
- data/bundler/lib/bundler/environment_preserver.rb +2 -20
- data/bundler/lib/bundler/injector.rb +2 -1
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +3 -1
- data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -3
- data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +1 -1
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +1 -1
- data/bundler/lib/bundler/rubygems_ext.rb +12 -0
- data/bundler/lib/bundler/settings.rb +0 -1
- data/bundler/lib/bundler/setup.rb +3 -0
- data/bundler/lib/bundler/source/rubygems.rb +3 -16
- data/bundler/lib/bundler/source_list.rb +15 -2
- data/bundler/lib/bundler/spec_set.rb +1 -1
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler.rb +20 -0
- data/lib/rubygems/commands/update_command.rb +8 -9
- data/lib/rubygems/deprecate.rb +79 -77
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
- data/lib/rubygems/package.rb +11 -5
- data/lib/rubygems.rb +1 -1
- data/rubygems-update.gemspec +1 -1
- metadata +3 -3
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-INFO" "1" "
|
3
|
+
.TH "BUNDLE\-INFO" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-info\fR \- Show information for the given gem in your bundle
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-INIT" "1" "
|
3
|
+
.TH "BUNDLE\-INIT" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-init\fR \- Generates a Gemfile into the current working directory
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-INJECT" "1" "
|
3
|
+
.TH "BUNDLE\-INJECT" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-INSTALL" "1" "
|
3
|
+
.TH "BUNDLE\-INSTALL" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-OPEN" "1" "
|
3
|
+
.TH "BUNDLE\-OPEN" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-OUTDATED" "1" "
|
3
|
+
.TH "BUNDLE\-OUTDATED" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-outdated\fR \- List installed gems with newer versions available
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-PLATFORM" "1" "
|
3
|
+
.TH "BUNDLE\-PLATFORM" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-platform\fR \- Displays platform compatibility information
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-PRISTINE" "1" "
|
3
|
+
.TH "BUNDLE\-PRISTINE" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-SHOW" "1" "
|
3
|
+
.TH "BUNDLE\-SHOW" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-UPDATE" "1" "
|
3
|
+
.TH "BUNDLE\-UPDATE" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-update\fR \- Update your gems to the latest available versions
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-VIZ" "1" "
|
3
|
+
.TH "BUNDLE\-VIZ" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile
|
6
6
|
.SH "SYNOPSIS"
|
@@ -146,6 +146,18 @@ module Gem
|
|
146
146
|
end
|
147
147
|
end
|
148
148
|
|
149
|
+
module BetterPermissionError
|
150
|
+
def data
|
151
|
+
Bundler::SharedHelpers.filesystem_access(loaded_from, :read) do
|
152
|
+
super
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
class StubSpecification
|
158
|
+
prepend BetterPermissionError
|
159
|
+
end
|
160
|
+
|
149
161
|
class Dependency
|
150
162
|
include ::Bundler::ForcePlatform
|
151
163
|
|
@@ -5,6 +5,9 @@ require_relative "shared_helpers"
|
|
5
5
|
if Bundler::SharedHelpers.in_bundle?
|
6
6
|
require_relative "../bundler"
|
7
7
|
|
8
|
+
# try to auto_install first before we get to the `Bundler.ui.silence`, so user knows what is happening
|
9
|
+
Bundler.auto_install
|
10
|
+
|
8
11
|
if STDOUT.tty? || ENV["BUNDLER_FORCE_TTY"]
|
9
12
|
begin
|
10
13
|
Bundler.ui.silence { Bundler.setup }
|
@@ -10,7 +10,7 @@ module Bundler
|
|
10
10
|
# Ask for X gems per API request
|
11
11
|
API_REQUEST_SIZE = 50
|
12
12
|
|
13
|
-
|
13
|
+
attr_accessor :remotes
|
14
14
|
|
15
15
|
def initialize(options = {})
|
16
16
|
@options = options
|
@@ -96,7 +96,7 @@ module Bundler
|
|
96
96
|
def to_lock
|
97
97
|
out = String.new("GEM\n")
|
98
98
|
remotes.reverse_each do |remote|
|
99
|
-
out << " remote: #{
|
99
|
+
out << " remote: #{remove_auth remote}\n"
|
100
100
|
end
|
101
101
|
out << " specs:\n"
|
102
102
|
end
|
@@ -312,11 +312,7 @@ module Bundler
|
|
312
312
|
end
|
313
313
|
|
314
314
|
def credless_remotes
|
315
|
-
|
316
|
-
remotes.map(&method(:remove_auth))
|
317
|
-
else
|
318
|
-
remotes.map(&method(:suppress_configured_credentials))
|
319
|
-
end
|
315
|
+
remotes.map(&method(:remove_auth))
|
320
316
|
end
|
321
317
|
|
322
318
|
def remotes_for_spec(spec)
|
@@ -355,15 +351,6 @@ module Bundler
|
|
355
351
|
uri
|
356
352
|
end
|
357
353
|
|
358
|
-
def suppress_configured_credentials(remote)
|
359
|
-
remote_nouser = remove_auth(remote)
|
360
|
-
if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser]
|
361
|
-
remote_nouser
|
362
|
-
else
|
363
|
-
remote
|
364
|
-
end
|
365
|
-
end
|
366
|
-
|
367
354
|
def remove_auth(remote)
|
368
355
|
if remote.user || remote.password
|
369
356
|
remote.dup.tap {|uri| uri.user = uri.password = nil }.to_s
|
@@ -157,7 +157,11 @@ module Bundler
|
|
157
157
|
end
|
158
158
|
|
159
159
|
def map_sources(replacement_sources)
|
160
|
-
rubygems
|
160
|
+
rubygems = @rubygems_sources.map do |source|
|
161
|
+
replace_rubygems_source(replacement_sources, source) || source
|
162
|
+
end
|
163
|
+
|
164
|
+
git, plugin = [@git_sources, @plugin_sources].map do |sources|
|
161
165
|
sources.map do |source|
|
162
166
|
replacement_sources.find {|s| s == source } || source
|
163
167
|
end
|
@@ -171,13 +175,22 @@ module Bundler
|
|
171
175
|
end
|
172
176
|
|
173
177
|
def global_replacement_source(replacement_sources)
|
174
|
-
replacement_source = replacement_sources
|
178
|
+
replacement_source = replace_rubygems_source(replacement_sources, global_rubygems_source)
|
175
179
|
return global_rubygems_source unless replacement_source
|
176
180
|
|
177
181
|
replacement_source.cached!
|
178
182
|
replacement_source
|
179
183
|
end
|
180
184
|
|
185
|
+
def replace_rubygems_source(replacement_sources, gemfile_source)
|
186
|
+
replacement_source = replacement_sources.find {|s| s == gemfile_source }
|
187
|
+
return unless replacement_source
|
188
|
+
|
189
|
+
# locked sources never include credentials so always prefer remotes from the gemfile
|
190
|
+
replacement_source.remotes = gemfile_source.remotes
|
191
|
+
replacement_source
|
192
|
+
end
|
193
|
+
|
181
194
|
def different_sources?(lock_sources, replacement_sources)
|
182
195
|
!equivalent_sources?(lock_sources, replacement_sources)
|
183
196
|
end
|
@@ -65,7 +65,7 @@ module Bundler
|
|
65
65
|
|
66
66
|
platforms.concat(new_platforms)
|
67
67
|
|
68
|
-
less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform }
|
68
|
+
less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform && platform === Bundler.local_platform }
|
69
69
|
platforms.delete(Bundler.local_platform) if less_specific_platform
|
70
70
|
|
71
71
|
platforms
|
data/bundler/lib/bundler.rb
CHANGED
@@ -40,6 +40,7 @@ module Bundler
|
|
40
40
|
SUDO_MUTEX = Thread::Mutex.new
|
41
41
|
|
42
42
|
autoload :Checksum, File.expand_path("bundler/checksum", __dir__)
|
43
|
+
autoload :CLI, File.expand_path("bundler/cli", __dir__)
|
43
44
|
autoload :CIDetector, File.expand_path("bundler/ci_detector", __dir__)
|
44
45
|
autoload :Definition, File.expand_path("bundler/definition", __dir__)
|
45
46
|
autoload :Dependency, File.expand_path("bundler/dependency", __dir__)
|
@@ -165,6 +166,25 @@ module Bundler
|
|
165
166
|
end
|
166
167
|
end
|
167
168
|
|
169
|
+
# Automatically install dependencies if Bundler.settings[:auto_install] exists.
|
170
|
+
# This is set through config cmd `bundle config set --global auto_install 1`.
|
171
|
+
#
|
172
|
+
# Note that this method `nil`s out the global Definition object, so it
|
173
|
+
# should be called first, before you instantiate anything like an
|
174
|
+
# `Installer` that'll keep a reference to the old one instead.
|
175
|
+
def auto_install
|
176
|
+
return unless settings[:auto_install]
|
177
|
+
|
178
|
+
begin
|
179
|
+
definition.specs
|
180
|
+
rescue GemNotFound, GitError
|
181
|
+
ui.info "Automatically installing missing gems."
|
182
|
+
reset!
|
183
|
+
CLI::Install.new({}).run
|
184
|
+
reset!
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
168
188
|
# Setups Bundler environment (see Bundler.setup) if it is not already set,
|
169
189
|
# and loads all gems from groups specified. Unlike ::setup, can be called
|
170
190
|
# multiple times with different groups (if they were allowed by setup).
|
@@ -197,18 +197,17 @@ command to remove old versions.
|
|
197
197
|
yield
|
198
198
|
else
|
199
199
|
require "tmpdir"
|
200
|
-
|
201
|
-
|
200
|
+
Dir.mktmpdir("gem_update") do |tmpdir|
|
201
|
+
FileUtils.mv Gem.plugindir, tmpdir
|
202
202
|
|
203
|
-
|
203
|
+
status = yield
|
204
204
|
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
|
209
|
-
end
|
205
|
+
unless status
|
206
|
+
FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
|
207
|
+
end
|
210
208
|
|
211
|
-
|
209
|
+
status
|
210
|
+
end
|
212
211
|
end
|
213
212
|
end
|
214
213
|
|
data/lib/rubygems/deprecate.rb
CHANGED
@@ -69,99 +69,101 @@
|
|
69
69
|
# end
|
70
70
|
# end
|
71
71
|
|
72
|
-
module Gem
|
73
|
-
|
74
|
-
|
75
|
-
|
72
|
+
module Gem
|
73
|
+
module Deprecate
|
74
|
+
def self.skip # :nodoc:
|
75
|
+
@skip ||= false
|
76
|
+
end
|
76
77
|
|
77
|
-
|
78
|
-
|
79
|
-
|
78
|
+
def self.skip=(v) # :nodoc:
|
79
|
+
@skip = v
|
80
|
+
end
|
80
81
|
|
81
|
-
|
82
|
-
|
82
|
+
##
|
83
|
+
# Temporarily turn off warnings. Intended for tests only.
|
83
84
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
85
|
+
def skip_during
|
86
|
+
original = Gem::Deprecate.skip
|
87
|
+
Gem::Deprecate.skip = true
|
88
|
+
yield
|
89
|
+
ensure
|
90
|
+
Gem::Deprecate.skip = original
|
91
|
+
end
|
91
92
|
|
92
|
-
|
93
|
-
|
94
|
-
|
93
|
+
def self.next_rubygems_major_version # :nodoc:
|
94
|
+
Gem::Version.new(Gem.rubygems_version.segments.first).bump
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
97
|
+
##
|
98
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
99
|
+
# in a dummy method. It warns on each call to the dummy method
|
100
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
101
|
+
# year/month that it is planned to go away.
|
101
102
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
103
|
+
def deprecate(name, repl, year, month)
|
104
|
+
class_eval do
|
105
|
+
old = "_deprecated_#{name}"
|
106
|
+
alias_method old, name
|
107
|
+
define_method name do |*args, &block|
|
108
|
+
klass = is_a? Module
|
109
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
110
|
+
msg = [
|
111
|
+
"NOTE: #{target}#{name} is deprecated",
|
112
|
+
repl == :none ? " with no replacement" : "; use #{repl} instead",
|
113
|
+
format(". It will be removed on or after %4d-%02d.", year, month),
|
114
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
115
|
+
]
|
116
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
117
|
+
send old, *args, &block
|
118
|
+
end
|
119
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
117
120
|
end
|
118
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
119
121
|
end
|
120
|
-
end
|
121
122
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
123
|
+
##
|
124
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
125
|
+
# in a dummy method. It warns on each call to the dummy method
|
126
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
127
|
+
# Rubygems version that it is planned to go away.
|
127
128
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
129
|
+
def rubygems_deprecate(name, replacement=:none)
|
130
|
+
class_eval do
|
131
|
+
old = "_deprecated_#{name}"
|
132
|
+
alias_method old, name
|
133
|
+
define_method name do |*args, &block|
|
134
|
+
klass = is_a? Module
|
135
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
136
|
+
msg = [
|
137
|
+
"NOTE: #{target}#{name} is deprecated",
|
138
|
+
replacement == :none ? " with no replacement" : "; use #{replacement} instead",
|
139
|
+
". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
|
140
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
141
|
+
]
|
142
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
143
|
+
send old, *args, &block
|
144
|
+
end
|
145
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
143
146
|
end
|
144
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
145
147
|
end
|
146
|
-
end
|
147
148
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
149
|
+
# Deprecation method to deprecate Rubygems commands
|
150
|
+
def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
|
151
|
+
class_eval do
|
152
|
+
define_method "deprecated?" do
|
153
|
+
true
|
154
|
+
end
|
154
155
|
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
156
|
+
define_method "deprecation_warning" do
|
157
|
+
msg = [
|
158
|
+
"#{command} command is deprecated",
|
159
|
+
". It will be removed in Rubygems #{version}.\n",
|
160
|
+
]
|
160
161
|
|
161
|
-
|
162
|
+
alert_warning msg.join.to_s unless Gem::Deprecate.skip
|
163
|
+
end
|
162
164
|
end
|
163
165
|
end
|
164
|
-
end
|
165
166
|
|
166
|
-
|
167
|
+
module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
|
168
|
+
end
|
167
169
|
end
|
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
|
|
69
69
|
rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
|
70
70
|
if credentials.empty?
|
71
71
|
request.add_field "Authorization", api_key
|
72
|
+
elsif credentials[:identifier] && credentials[:password]
|
73
|
+
request.basic_auth credentials[:identifier], credentials[:password]
|
72
74
|
else
|
73
|
-
|
75
|
+
raise Gem::WebauthnVerificationError, "Provided missing credentials"
|
74
76
|
end
|
75
77
|
end
|
76
78
|
end
|
data/lib/rubygems/package.rb
CHANGED
@@ -7,7 +7,6 @@
|
|
7
7
|
|
8
8
|
# rubocop:enable Style/AsciiComments
|
9
9
|
|
10
|
-
require_relative "../rubygems"
|
11
10
|
require_relative "security"
|
12
11
|
require_relative "user_interaction"
|
13
12
|
|
@@ -528,12 +527,13 @@ EOM
|
|
528
527
|
# Loads a Gem::Specification from the TarEntry +entry+
|
529
528
|
|
530
529
|
def load_spec(entry) # :nodoc:
|
530
|
+
limit = 10 * 1024 * 1024
|
531
531
|
case entry.full_name
|
532
532
|
when "metadata" then
|
533
|
-
@spec = Gem::Specification.from_yaml entry
|
533
|
+
@spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
|
534
534
|
when "metadata.gz" then
|
535
535
|
Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
|
536
|
-
@spec = Gem::Specification.from_yaml gzio.
|
536
|
+
@spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
|
537
537
|
end
|
538
538
|
end
|
539
539
|
end
|
@@ -557,7 +557,7 @@ EOM
|
|
557
557
|
|
558
558
|
@checksums = gem.seek "checksums.yaml.gz" do |entry|
|
559
559
|
Zlib::GzipReader.wrap entry do |gz_io|
|
560
|
-
Gem::SafeYAML.safe_load gz_io.
|
560
|
+
Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
|
561
561
|
end
|
562
562
|
end
|
563
563
|
end
|
@@ -664,7 +664,7 @@ EOM
|
|
664
664
|
|
665
665
|
case file_name
|
666
666
|
when /\.sig$/ then
|
667
|
-
@signatures[$`] = entry
|
667
|
+
@signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
|
668
668
|
return
|
669
669
|
else
|
670
670
|
digest entry
|
@@ -724,6 +724,12 @@ EOM
|
|
724
724
|
IO.copy_stream(src, dst)
|
725
725
|
end
|
726
726
|
end
|
727
|
+
|
728
|
+
def limit_read(io, name, limit)
|
729
|
+
bytes = io.read(limit + 1)
|
730
|
+
raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
|
731
|
+
bytes
|
732
|
+
end
|
727
733
|
end
|
728
734
|
|
729
735
|
require_relative "package/digest_io"
|
data/lib/rubygems.rb
CHANGED
data/rubygems-update.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "rubygems-update"
|
5
|
-
s.version = "3.5.
|
5
|
+
s.version = "3.5.10"
|
6
6
|
s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
|
7
7
|
s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
|
8
8
|
|