rubygems-update 3.5.9 → 3.5.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -1
- data/CODE_OF_CONDUCT.md +79 -28
- data/CONTRIBUTING.md +2 -2
- data/Manifest.txt +1 -0
- data/POLICIES.md +75 -6
- data/bundler/CHANGELOG.md +52 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli/install.rb +1 -1
- data/bundler/lib/bundler/cli.rb +5 -22
- data/bundler/lib/bundler/compact_index_client/cache.rb +16 -7
- data/bundler/lib/bundler/constants.rb +8 -1
- data/bundler/lib/bundler/definition.rb +70 -50
- data/bundler/lib/bundler/dependency.rb +2 -1
- data/bundler/lib/bundler/environment_preserver.rb +2 -20
- data/bundler/lib/bundler/errors.rb +14 -0
- data/bundler/lib/bundler/gem_helper.rb +1 -1
- data/bundler/lib/bundler/injector.rb +2 -1
- data/bundler/lib/bundler/installer.rb +8 -8
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +3 -1
- data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -3
- data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +1 -1
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +1 -1
- data/bundler/lib/bundler/rubygems_ext.rb +29 -9
- data/bundler/lib/bundler/self_manager.rb +1 -1
- data/bundler/lib/bundler/settings.rb +0 -1
- data/bundler/lib/bundler/setup.rb +3 -0
- data/bundler/lib/bundler/shared_helpers.rb +6 -4
- data/bundler/lib/bundler/source/git/git_proxy.rb +8 -0
- data/bundler/lib/bundler/source/metadata.rb +2 -0
- data/bundler/lib/bundler/source/rubygems.rb +6 -18
- data/bundler/lib/bundler/source_list.rb +28 -4
- data/bundler/lib/bundler/spec_set.rb +1 -1
- data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +77 -29
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler.rb +20 -0
- data/exe/update_rubygems +1 -1
- data/lib/rubygems/commands/pristine_command.rb +9 -6
- data/lib/rubygems/commands/setup_command.rb +2 -0
- data/lib/rubygems/commands/uninstall_command.rb +1 -1
- data/lib/rubygems/commands/update_command.rb +8 -9
- data/lib/rubygems/dependency.rb +1 -13
- data/lib/rubygems/deprecate.rb +79 -77
- data/lib/rubygems/ext/cargo_builder.rb +1 -16
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
- data/lib/rubygems/installer.rb +1 -1
- data/lib/rubygems/package/tar_header.rb +20 -4
- data/lib/rubygems/package.rb +11 -6
- data/lib/rubygems/platform.rb +1 -0
- data/lib/rubygems/specification.rb +35 -117
- data/lib/rubygems/specification_policy.rb +3 -1
- data/lib/rubygems/specification_record.rb +213 -0
- data/lib/rubygems/uninstaller.rb +15 -9
- data/lib/rubygems/util/licenses.rb +25 -0
- data/lib/rubygems.rb +8 -1
- data/rubygems-update.gemspec +1 -1
- metadata +4 -3
@@ -184,7 +184,7 @@ that is a dependency of an existing gem. You can use the
|
|
184
184
|
rescue Gem::GemNotInHomeException => e
|
185
185
|
spec = e.spec
|
186
186
|
alert("In order to remove #{spec.name}, please execute:\n" \
|
187
|
-
"\tgem uninstall #{spec.name} --install-dir=#{spec.
|
187
|
+
"\tgem uninstall #{spec.name} --install-dir=#{spec.base_dir}")
|
188
188
|
rescue Gem::UninstallError => e
|
189
189
|
spec = e.spec
|
190
190
|
alert_error("Error: unable to successfully uninstall '#{spec.name}' which is " \
|
@@ -197,18 +197,17 @@ command to remove old versions.
|
|
197
197
|
yield
|
198
198
|
else
|
199
199
|
require "tmpdir"
|
200
|
-
|
201
|
-
|
200
|
+
Dir.mktmpdir("gem_update") do |tmpdir|
|
201
|
+
FileUtils.mv Gem.plugindir, tmpdir
|
202
202
|
|
203
|
-
|
203
|
+
status = yield
|
204
204
|
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
|
209
|
-
end
|
205
|
+
unless status
|
206
|
+
FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
|
207
|
+
end
|
210
208
|
|
211
|
-
|
209
|
+
status
|
210
|
+
end
|
212
211
|
end
|
213
212
|
end
|
214
213
|
|
data/lib/rubygems/dependency.rb
CHANGED
@@ -271,15 +271,7 @@ class Gem::Dependency
|
|
271
271
|
end
|
272
272
|
|
273
273
|
def matching_specs(platform_only = false)
|
274
|
-
|
275
|
-
matches = Gem::Specification.stubs_for(name).find_all do |spec|
|
276
|
-
requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
|
277
|
-
end.map(&:to_spec)
|
278
|
-
|
279
|
-
if prioritizes_bundler?
|
280
|
-
require_relative "bundler_version_finder"
|
281
|
-
Gem::BundlerVersionFinder.prioritize!(matches)
|
282
|
-
end
|
274
|
+
matches = Gem::Specification.find_all_by_name(name, requirement)
|
283
275
|
|
284
276
|
if platform_only
|
285
277
|
matches.reject! do |spec|
|
@@ -297,10 +289,6 @@ class Gem::Dependency
|
|
297
289
|
@requirement.specific?
|
298
290
|
end
|
299
291
|
|
300
|
-
def prioritizes_bundler?
|
301
|
-
name == "bundler" && !specific?
|
302
|
-
end
|
303
|
-
|
304
292
|
def to_specs
|
305
293
|
matches = matching_specs true
|
306
294
|
|
data/lib/rubygems/deprecate.rb
CHANGED
@@ -69,99 +69,101 @@
|
|
69
69
|
# end
|
70
70
|
# end
|
71
71
|
|
72
|
-
module Gem
|
73
|
-
|
74
|
-
|
75
|
-
|
72
|
+
module Gem
|
73
|
+
module Deprecate
|
74
|
+
def self.skip # :nodoc:
|
75
|
+
@skip ||= false
|
76
|
+
end
|
76
77
|
|
77
|
-
|
78
|
-
|
79
|
-
|
78
|
+
def self.skip=(v) # :nodoc:
|
79
|
+
@skip = v
|
80
|
+
end
|
80
81
|
|
81
|
-
|
82
|
-
|
82
|
+
##
|
83
|
+
# Temporarily turn off warnings. Intended for tests only.
|
83
84
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
85
|
+
def skip_during
|
86
|
+
original = Gem::Deprecate.skip
|
87
|
+
Gem::Deprecate.skip = true
|
88
|
+
yield
|
89
|
+
ensure
|
90
|
+
Gem::Deprecate.skip = original
|
91
|
+
end
|
91
92
|
|
92
|
-
|
93
|
-
|
94
|
-
|
93
|
+
def self.next_rubygems_major_version # :nodoc:
|
94
|
+
Gem::Version.new(Gem.rubygems_version.segments.first).bump
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
97
|
+
##
|
98
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
99
|
+
# in a dummy method. It warns on each call to the dummy method
|
100
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
101
|
+
# year/month that it is planned to go away.
|
101
102
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
103
|
+
def deprecate(name, repl, year, month)
|
104
|
+
class_eval do
|
105
|
+
old = "_deprecated_#{name}"
|
106
|
+
alias_method old, name
|
107
|
+
define_method name do |*args, &block|
|
108
|
+
klass = is_a? Module
|
109
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
110
|
+
msg = [
|
111
|
+
"NOTE: #{target}#{name} is deprecated",
|
112
|
+
repl == :none ? " with no replacement" : "; use #{repl} instead",
|
113
|
+
format(". It will be removed on or after %4d-%02d.", year, month),
|
114
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
115
|
+
]
|
116
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
117
|
+
send old, *args, &block
|
118
|
+
end
|
119
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
117
120
|
end
|
118
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
119
121
|
end
|
120
|
-
end
|
121
122
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
123
|
+
##
|
124
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
125
|
+
# in a dummy method. It warns on each call to the dummy method
|
126
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
127
|
+
# Rubygems version that it is planned to go away.
|
127
128
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
129
|
+
def rubygems_deprecate(name, replacement=:none)
|
130
|
+
class_eval do
|
131
|
+
old = "_deprecated_#{name}"
|
132
|
+
alias_method old, name
|
133
|
+
define_method name do |*args, &block|
|
134
|
+
klass = is_a? Module
|
135
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
136
|
+
msg = [
|
137
|
+
"NOTE: #{target}#{name} is deprecated",
|
138
|
+
replacement == :none ? " with no replacement" : "; use #{replacement} instead",
|
139
|
+
". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
|
140
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
141
|
+
]
|
142
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
143
|
+
send old, *args, &block
|
144
|
+
end
|
145
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
143
146
|
end
|
144
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
145
147
|
end
|
146
|
-
end
|
147
148
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
149
|
+
# Deprecation method to deprecate Rubygems commands
|
150
|
+
def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
|
151
|
+
class_eval do
|
152
|
+
define_method "deprecated?" do
|
153
|
+
true
|
154
|
+
end
|
154
155
|
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
156
|
+
define_method "deprecation_warning" do
|
157
|
+
msg = [
|
158
|
+
"#{command} command is deprecated",
|
159
|
+
". It will be removed in Rubygems #{version}.\n",
|
160
|
+
]
|
160
161
|
|
161
|
-
|
162
|
+
alert_warning msg.join.to_s unless Gem::Deprecate.skip
|
163
|
+
end
|
162
164
|
end
|
163
165
|
end
|
164
|
-
end
|
165
166
|
|
166
|
-
|
167
|
+
module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
|
168
|
+
end
|
167
169
|
end
|
@@ -185,6 +185,7 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
|
|
185
185
|
end
|
186
186
|
|
187
187
|
def cargo_dylib_path(dest_path, crate_name)
|
188
|
+
so_ext = RbConfig::CONFIG["SOEXT"]
|
188
189
|
prefix = so_ext == "dll" ? "" : "lib"
|
189
190
|
path_parts = [dest_path]
|
190
191
|
path_parts << ENV["CARGO_BUILD_TARGET"] if ENV["CARGO_BUILD_TARGET"]
|
@@ -313,22 +314,6 @@ EOF
|
|
313
314
|
deffile_path
|
314
315
|
end
|
315
316
|
|
316
|
-
# We have to basically reimplement <code>RbConfig::CONFIG['SOEXT']</code> here to support
|
317
|
-
# Ruby < 2.5
|
318
|
-
#
|
319
|
-
# @see https://github.com/ruby/ruby/blob/c87c027f18c005460746a74c07cd80ee355b16e4/configure.ac#L3185
|
320
|
-
def so_ext
|
321
|
-
return RbConfig::CONFIG["SOEXT"] if RbConfig::CONFIG.key?("SOEXT")
|
322
|
-
|
323
|
-
if win_target?
|
324
|
-
"dll"
|
325
|
-
elsif darwin_target?
|
326
|
-
"dylib"
|
327
|
-
else
|
328
|
-
"so"
|
329
|
-
end
|
330
|
-
end
|
331
|
-
|
332
317
|
# Corresponds to $(LIBPATH) in mkmf
|
333
318
|
def mkmf_libpath
|
334
319
|
["-L", "native=#{makefile_config("libdir")}"]
|
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
|
|
69
69
|
rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
|
70
70
|
if credentials.empty?
|
71
71
|
request.add_field "Authorization", api_key
|
72
|
+
elsif credentials[:identifier] && credentials[:password]
|
73
|
+
request.basic_auth credentials[:identifier], credentials[:password]
|
72
74
|
else
|
73
|
-
|
75
|
+
raise Gem::WebauthnVerificationError, "Provided missing credentials"
|
74
76
|
end
|
75
77
|
end
|
76
78
|
end
|
data/lib/rubygems/installer.rb
CHANGED
@@ -95,14 +95,14 @@ class Gem::Package::TarHeader
|
|
95
95
|
|
96
96
|
attr_reader(*FIELDS)
|
97
97
|
|
98
|
-
EMPTY_HEADER = ("\0" * 512).freeze # :nodoc:
|
98
|
+
EMPTY_HEADER = ("\0" * 512).b.freeze # :nodoc:
|
99
99
|
|
100
100
|
##
|
101
101
|
# Creates a tar header from IO +stream+
|
102
102
|
|
103
103
|
def self.from(stream)
|
104
104
|
header = stream.read 512
|
105
|
-
|
105
|
+
return EMPTY if header == EMPTY_HEADER
|
106
106
|
|
107
107
|
fields = header.unpack UNPACK_FORMAT
|
108
108
|
|
@@ -123,7 +123,7 @@ class Gem::Package::TarHeader
|
|
123
123
|
devminor: strict_oct(fields.shift),
|
124
124
|
prefix: fields.shift,
|
125
125
|
|
126
|
-
empty:
|
126
|
+
empty: false
|
127
127
|
end
|
128
128
|
|
129
129
|
def self.strict_oct(str)
|
@@ -172,6 +172,22 @@ class Gem::Package::TarHeader
|
|
172
172
|
@empty = vals[:empty]
|
173
173
|
end
|
174
174
|
|
175
|
+
EMPTY = new({ # :nodoc:
|
176
|
+
checksum: 0,
|
177
|
+
gname: "",
|
178
|
+
linkname: "",
|
179
|
+
magic: "",
|
180
|
+
mode: 0,
|
181
|
+
name: "",
|
182
|
+
prefix: "",
|
183
|
+
size: 0,
|
184
|
+
uname: "",
|
185
|
+
version: 0,
|
186
|
+
|
187
|
+
empty: true,
|
188
|
+
}).freeze
|
189
|
+
private_constant :EMPTY
|
190
|
+
|
175
191
|
##
|
176
192
|
# Is the tar entry empty?
|
177
193
|
|
@@ -241,7 +257,7 @@ class Gem::Package::TarHeader
|
|
241
257
|
|
242
258
|
header = header.pack PACK_FORMAT
|
243
259
|
|
244
|
-
header
|
260
|
+
header.ljust 512, "\0"
|
245
261
|
end
|
246
262
|
|
247
263
|
def oct(num, len)
|
data/lib/rubygems/package.rb
CHANGED
@@ -7,7 +7,6 @@
|
|
7
7
|
|
8
8
|
# rubocop:enable Style/AsciiComments
|
9
9
|
|
10
|
-
require_relative "../rubygems"
|
11
10
|
require_relative "security"
|
12
11
|
require_relative "user_interaction"
|
13
12
|
|
@@ -295,7 +294,6 @@ class Gem::Package
|
|
295
294
|
|
296
295
|
Gem.load_yaml
|
297
296
|
|
298
|
-
@spec.mark_version
|
299
297
|
@spec.validate true, strict_validation unless skip_validation
|
300
298
|
|
301
299
|
setup_signer(
|
@@ -528,12 +526,13 @@ EOM
|
|
528
526
|
# Loads a Gem::Specification from the TarEntry +entry+
|
529
527
|
|
530
528
|
def load_spec(entry) # :nodoc:
|
529
|
+
limit = 10 * 1024 * 1024
|
531
530
|
case entry.full_name
|
532
531
|
when "metadata" then
|
533
|
-
@spec = Gem::Specification.from_yaml entry
|
532
|
+
@spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
|
534
533
|
when "metadata.gz" then
|
535
534
|
Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
|
536
|
-
@spec = Gem::Specification.from_yaml gzio.
|
535
|
+
@spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
|
537
536
|
end
|
538
537
|
end
|
539
538
|
end
|
@@ -557,7 +556,7 @@ EOM
|
|
557
556
|
|
558
557
|
@checksums = gem.seek "checksums.yaml.gz" do |entry|
|
559
558
|
Zlib::GzipReader.wrap entry do |gz_io|
|
560
|
-
Gem::SafeYAML.safe_load gz_io.
|
559
|
+
Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
|
561
560
|
end
|
562
561
|
end
|
563
562
|
end
|
@@ -664,7 +663,7 @@ EOM
|
|
664
663
|
|
665
664
|
case file_name
|
666
665
|
when /\.sig$/ then
|
667
|
-
@signatures[$`] = entry
|
666
|
+
@signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
|
668
667
|
return
|
669
668
|
else
|
670
669
|
digest entry
|
@@ -724,6 +723,12 @@ EOM
|
|
724
723
|
IO.copy_stream(src, dst)
|
725
724
|
end
|
726
725
|
end
|
726
|
+
|
727
|
+
def limit_read(io, name, limit)
|
728
|
+
bytes = io.read(limit + 1)
|
729
|
+
raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
|
730
|
+
bytes
|
731
|
+
end
|
727
732
|
end
|
728
733
|
|
729
734
|
require_relative "package/digest_io"
|
data/lib/rubygems/platform.rb
CHANGED
@@ -134,6 +134,7 @@ class Gem::Platform
|
|
134
134
|
when /netbsdelf/ then ["netbsdelf", nil]
|
135
135
|
when /openbsd(\d+\.\d+)?/ then ["openbsd", $1]
|
136
136
|
when /solaris(\d+\.\d+)?/ then ["solaris", $1]
|
137
|
+
when /wasi/ then ["wasi", nil]
|
137
138
|
# test
|
138
139
|
when /^(\w+_platform)(\d+)?/ then [$1, $2]
|
139
140
|
else ["unknown", nil]
|