rubygems-update 3.5.9 → 3.5.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -1
  3. data/CODE_OF_CONDUCT.md +79 -28
  4. data/CONTRIBUTING.md +2 -2
  5. data/Manifest.txt +1 -0
  6. data/POLICIES.md +75 -6
  7. data/bundler/CHANGELOG.md +52 -0
  8. data/bundler/lib/bundler/build_metadata.rb +2 -2
  9. data/bundler/lib/bundler/cli/install.rb +1 -1
  10. data/bundler/lib/bundler/cli.rb +5 -22
  11. data/bundler/lib/bundler/compact_index_client/cache.rb +16 -7
  12. data/bundler/lib/bundler/constants.rb +8 -1
  13. data/bundler/lib/bundler/definition.rb +70 -50
  14. data/bundler/lib/bundler/dependency.rb +2 -1
  15. data/bundler/lib/bundler/environment_preserver.rb +2 -20
  16. data/bundler/lib/bundler/errors.rb +14 -0
  17. data/bundler/lib/bundler/gem_helper.rb +1 -1
  18. data/bundler/lib/bundler/injector.rb +2 -1
  19. data/bundler/lib/bundler/installer.rb +8 -8
  20. data/bundler/lib/bundler/man/bundle-add.1 +1 -1
  21. data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
  22. data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
  23. data/bundler/lib/bundler/man/bundle-check.1 +3 -1
  24. data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
  25. data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
  26. data/bundler/lib/bundler/man/bundle-config.1 +1 -3
  27. data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
  28. data/bundler/lib/bundler/man/bundle-console.1 +1 -1
  29. data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
  30. data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
  31. data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
  32. data/bundler/lib/bundler/man/bundle-help.1 +1 -1
  33. data/bundler/lib/bundler/man/bundle-info.1 +1 -1
  34. data/bundler/lib/bundler/man/bundle-init.1 +1 -1
  35. data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
  36. data/bundler/lib/bundler/man/bundle-install.1 +1 -1
  37. data/bundler/lib/bundler/man/bundle-list.1 +1 -1
  38. data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
  39. data/bundler/lib/bundler/man/bundle-open.1 +1 -1
  40. data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
  41. data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
  42. data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
  43. data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
  44. data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
  45. data/bundler/lib/bundler/man/bundle-show.1 +1 -1
  46. data/bundler/lib/bundler/man/bundle-update.1 +1 -1
  47. data/bundler/lib/bundler/man/bundle-version.1 +1 -1
  48. data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
  49. data/bundler/lib/bundler/man/bundle.1 +1 -1
  50. data/bundler/lib/bundler/man/gemfile.5 +1 -1
  51. data/bundler/lib/bundler/rubygems_ext.rb +29 -9
  52. data/bundler/lib/bundler/self_manager.rb +1 -1
  53. data/bundler/lib/bundler/settings.rb +0 -1
  54. data/bundler/lib/bundler/setup.rb +3 -0
  55. data/bundler/lib/bundler/shared_helpers.rb +6 -4
  56. data/bundler/lib/bundler/source/git/git_proxy.rb +8 -0
  57. data/bundler/lib/bundler/source/metadata.rb +2 -0
  58. data/bundler/lib/bundler/source/rubygems.rb +6 -18
  59. data/bundler/lib/bundler/source_list.rb +28 -4
  60. data/bundler/lib/bundler/spec_set.rb +1 -1
  61. data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +77 -29
  62. data/bundler/lib/bundler/version.rb +1 -1
  63. data/bundler/lib/bundler.rb +20 -0
  64. data/exe/update_rubygems +1 -1
  65. data/lib/rubygems/commands/pristine_command.rb +9 -6
  66. data/lib/rubygems/commands/setup_command.rb +2 -0
  67. data/lib/rubygems/commands/uninstall_command.rb +1 -1
  68. data/lib/rubygems/commands/update_command.rb +8 -9
  69. data/lib/rubygems/dependency.rb +1 -13
  70. data/lib/rubygems/deprecate.rb +79 -77
  71. data/lib/rubygems/ext/cargo_builder.rb +1 -16
  72. data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
  73. data/lib/rubygems/installer.rb +1 -1
  74. data/lib/rubygems/package/tar_header.rb +20 -4
  75. data/lib/rubygems/package.rb +11 -6
  76. data/lib/rubygems/platform.rb +1 -0
  77. data/lib/rubygems/specification.rb +35 -117
  78. data/lib/rubygems/specification_policy.rb +3 -1
  79. data/lib/rubygems/specification_record.rb +213 -0
  80. data/lib/rubygems/uninstaller.rb +15 -9
  81. data/lib/rubygems/util/licenses.rb +25 -0
  82. data/lib/rubygems.rb +8 -1
  83. data/rubygems-update.gemspec +1 -1
  84. metadata +4 -3
@@ -585,6 +585,8 @@ abort "#{deprecation_message}"
585
585
 
586
586
  args = %w[--all --only-executables --silent]
587
587
  args << "--bindir=#{bindir}"
588
+ args << "--install-dir=#{default_dir}"
589
+
588
590
  if options[:env_shebang]
589
591
  args << "--env-shebang"
590
592
  end
@@ -184,7 +184,7 @@ that is a dependency of an existing gem. You can use the
184
184
  rescue Gem::GemNotInHomeException => e
185
185
  spec = e.spec
186
186
  alert("In order to remove #{spec.name}, please execute:\n" \
187
- "\tgem uninstall #{spec.name} --install-dir=#{spec.installation_path}")
187
+ "\tgem uninstall #{spec.name} --install-dir=#{spec.base_dir}")
188
188
  rescue Gem::UninstallError => e
189
189
  spec = e.spec
190
190
  alert_error("Error: unable to successfully uninstall '#{spec.name}' which is " \
@@ -197,18 +197,17 @@ command to remove old versions.
197
197
  yield
198
198
  else
199
199
  require "tmpdir"
200
- tmpdir = Dir.mktmpdir
201
- FileUtils.mv Gem.plugindir, tmpdir
200
+ Dir.mktmpdir("gem_update") do |tmpdir|
201
+ FileUtils.mv Gem.plugindir, tmpdir
202
202
 
203
- status = yield
203
+ status = yield
204
204
 
205
- if status
206
- FileUtils.rm_rf tmpdir
207
- else
208
- FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
209
- end
205
+ unless status
206
+ FileUtils.mv File.join(tmpdir, "plugins"), Gem.plugindir
207
+ end
210
208
 
211
- status
209
+ status
210
+ end
212
211
  end
213
212
  end
214
213
 
@@ -271,15 +271,7 @@ class Gem::Dependency
271
271
  end
272
272
 
273
273
  def matching_specs(platform_only = false)
274
- env_req = Gem.env_requirement(name)
275
- matches = Gem::Specification.stubs_for(name).find_all do |spec|
276
- requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
277
- end.map(&:to_spec)
278
-
279
- if prioritizes_bundler?
280
- require_relative "bundler_version_finder"
281
- Gem::BundlerVersionFinder.prioritize!(matches)
282
- end
274
+ matches = Gem::Specification.find_all_by_name(name, requirement)
283
275
 
284
276
  if platform_only
285
277
  matches.reject! do |spec|
@@ -297,10 +289,6 @@ class Gem::Dependency
297
289
  @requirement.specific?
298
290
  end
299
291
 
300
- def prioritizes_bundler?
301
- name == "bundler" && !specific?
302
- end
303
-
304
292
  def to_specs
305
293
  matches = matching_specs true
306
294
 
@@ -69,99 +69,101 @@
69
69
  # end
70
70
  # end
71
71
 
72
- module Gem::Deprecate
73
- def self.skip # :nodoc:
74
- @skip ||= false
75
- end
72
+ module Gem
73
+ module Deprecate
74
+ def self.skip # :nodoc:
75
+ @skip ||= false
76
+ end
76
77
 
77
- def self.skip=(v) # :nodoc:
78
- @skip = v
79
- end
78
+ def self.skip=(v) # :nodoc:
79
+ @skip = v
80
+ end
80
81
 
81
- ##
82
- # Temporarily turn off warnings. Intended for tests only.
82
+ ##
83
+ # Temporarily turn off warnings. Intended for tests only.
83
84
 
84
- def skip_during
85
- original = Gem::Deprecate.skip
86
- Gem::Deprecate.skip = true
87
- yield
88
- ensure
89
- Gem::Deprecate.skip = original
90
- end
85
+ def skip_during
86
+ original = Gem::Deprecate.skip
87
+ Gem::Deprecate.skip = true
88
+ yield
89
+ ensure
90
+ Gem::Deprecate.skip = original
91
+ end
91
92
 
92
- def self.next_rubygems_major_version # :nodoc:
93
- Gem::Version.new(Gem.rubygems_version.segments.first).bump
94
- end
93
+ def self.next_rubygems_major_version # :nodoc:
94
+ Gem::Version.new(Gem.rubygems_version.segments.first).bump
95
+ end
95
96
 
96
- ##
97
- # Simple deprecation method that deprecates +name+ by wrapping it up
98
- # in a dummy method. It warns on each call to the dummy method
99
- # telling the user of +repl+ (unless +repl+ is :none) and the
100
- # year/month that it is planned to go away.
97
+ ##
98
+ # Simple deprecation method that deprecates +name+ by wrapping it up
99
+ # in a dummy method. It warns on each call to the dummy method
100
+ # telling the user of +repl+ (unless +repl+ is :none) and the
101
+ # year/month that it is planned to go away.
101
102
 
102
- def deprecate(name, repl, year, month)
103
- class_eval do
104
- old = "_deprecated_#{name}"
105
- alias_method old, name
106
- define_method name do |*args, &block|
107
- klass = is_a? Module
108
- target = klass ? "#{self}." : "#{self.class}#"
109
- msg = [
110
- "NOTE: #{target}#{name} is deprecated",
111
- repl == :none ? " with no replacement" : "; use #{repl} instead",
112
- format(". It will be removed on or after %4d-%02d.", year, month),
113
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
114
- ]
115
- warn "#{msg.join}." unless Gem::Deprecate.skip
116
- send old, *args, &block
103
+ def deprecate(name, repl, year, month)
104
+ class_eval do
105
+ old = "_deprecated_#{name}"
106
+ alias_method old, name
107
+ define_method name do |*args, &block|
108
+ klass = is_a? Module
109
+ target = klass ? "#{self}." : "#{self.class}#"
110
+ msg = [
111
+ "NOTE: #{target}#{name} is deprecated",
112
+ repl == :none ? " with no replacement" : "; use #{repl} instead",
113
+ format(". It will be removed on or after %4d-%02d.", year, month),
114
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
115
+ ]
116
+ warn "#{msg.join}." unless Gem::Deprecate.skip
117
+ send old, *args, &block
118
+ end
119
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
117
120
  end
118
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
119
121
  end
120
- end
121
122
 
122
- ##
123
- # Simple deprecation method that deprecates +name+ by wrapping it up
124
- # in a dummy method. It warns on each call to the dummy method
125
- # telling the user of +repl+ (unless +repl+ is :none) and the
126
- # Rubygems version that it is planned to go away.
123
+ ##
124
+ # Simple deprecation method that deprecates +name+ by wrapping it up
125
+ # in a dummy method. It warns on each call to the dummy method
126
+ # telling the user of +repl+ (unless +repl+ is :none) and the
127
+ # Rubygems version that it is planned to go away.
127
128
 
128
- def rubygems_deprecate(name, replacement=:none)
129
- class_eval do
130
- old = "_deprecated_#{name}"
131
- alias_method old, name
132
- define_method name do |*args, &block|
133
- klass = is_a? Module
134
- target = klass ? "#{self}." : "#{self.class}#"
135
- msg = [
136
- "NOTE: #{target}#{name} is deprecated",
137
- replacement == :none ? " with no replacement" : "; use #{replacement} instead",
138
- ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
139
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
140
- ]
141
- warn "#{msg.join}." unless Gem::Deprecate.skip
142
- send old, *args, &block
129
+ def rubygems_deprecate(name, replacement=:none)
130
+ class_eval do
131
+ old = "_deprecated_#{name}"
132
+ alias_method old, name
133
+ define_method name do |*args, &block|
134
+ klass = is_a? Module
135
+ target = klass ? "#{self}." : "#{self.class}#"
136
+ msg = [
137
+ "NOTE: #{target}#{name} is deprecated",
138
+ replacement == :none ? " with no replacement" : "; use #{replacement} instead",
139
+ ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
140
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
141
+ ]
142
+ warn "#{msg.join}." unless Gem::Deprecate.skip
143
+ send old, *args, &block
144
+ end
145
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
143
146
  end
144
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
145
147
  end
146
- end
147
148
 
148
- # Deprecation method to deprecate Rubygems commands
149
- def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
150
- class_eval do
151
- define_method "deprecated?" do
152
- true
153
- end
149
+ # Deprecation method to deprecate Rubygems commands
150
+ def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
151
+ class_eval do
152
+ define_method "deprecated?" do
153
+ true
154
+ end
154
155
 
155
- define_method "deprecation_warning" do
156
- msg = [
157
- "#{command} command is deprecated",
158
- ". It will be removed in Rubygems #{version}.\n",
159
- ]
156
+ define_method "deprecation_warning" do
157
+ msg = [
158
+ "#{command} command is deprecated",
159
+ ". It will be removed in Rubygems #{version}.\n",
160
+ ]
160
161
 
161
- alert_warning msg.join.to_s unless Gem::Deprecate.skip
162
+ alert_warning msg.join.to_s unless Gem::Deprecate.skip
163
+ end
162
164
  end
163
165
  end
164
- end
165
166
 
166
- module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
167
+ module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
168
+ end
167
169
  end
@@ -185,6 +185,7 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
185
185
  end
186
186
 
187
187
  def cargo_dylib_path(dest_path, crate_name)
188
+ so_ext = RbConfig::CONFIG["SOEXT"]
188
189
  prefix = so_ext == "dll" ? "" : "lib"
189
190
  path_parts = [dest_path]
190
191
  path_parts << ENV["CARGO_BUILD_TARGET"] if ENV["CARGO_BUILD_TARGET"]
@@ -313,22 +314,6 @@ EOF
313
314
  deffile_path
314
315
  end
315
316
 
316
- # We have to basically reimplement <code>RbConfig::CONFIG['SOEXT']</code> here to support
317
- # Ruby < 2.5
318
- #
319
- # @see https://github.com/ruby/ruby/blob/c87c027f18c005460746a74c07cd80ee355b16e4/configure.ac#L3185
320
- def so_ext
321
- return RbConfig::CONFIG["SOEXT"] if RbConfig::CONFIG.key?("SOEXT")
322
-
323
- if win_target?
324
- "dll"
325
- elsif darwin_target?
326
- "dylib"
327
- else
328
- "so"
329
- end
330
- end
331
-
332
317
  # Corresponds to $(LIBPATH) in mkmf
333
318
  def mkmf_libpath
334
319
  ["-L", "native=#{makefile_config("libdir")}"]
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
69
69
  rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
70
70
  if credentials.empty?
71
71
  request.add_field "Authorization", api_key
72
+ elsif credentials[:identifier] && credentials[:password]
73
+ request.basic_auth credentials[:identifier], credentials[:password]
72
74
  else
73
- request.basic_auth credentials[:email], credentials[:password]
75
+ raise Gem::WebauthnVerificationError, "Provided missing credentials"
74
76
  end
75
77
  end
76
78
  end
@@ -344,7 +344,7 @@ class Gem::Installer
344
344
 
345
345
  say spec.post_install_message if options[:post_install_message] && !spec.post_install_message.nil?
346
346
 
347
- Gem::Specification.add_spec(spec)
347
+ Gem::Specification.add_spec(spec) unless @install_dir
348
348
 
349
349
  load_plugin
350
350
 
@@ -95,14 +95,14 @@ class Gem::Package::TarHeader
95
95
 
96
96
  attr_reader(*FIELDS)
97
97
 
98
- EMPTY_HEADER = ("\0" * 512).freeze # :nodoc:
98
+ EMPTY_HEADER = ("\0" * 512).b.freeze # :nodoc:
99
99
 
100
100
  ##
101
101
  # Creates a tar header from IO +stream+
102
102
 
103
103
  def self.from(stream)
104
104
  header = stream.read 512
105
- empty = (header == EMPTY_HEADER)
105
+ return EMPTY if header == EMPTY_HEADER
106
106
 
107
107
  fields = header.unpack UNPACK_FORMAT
108
108
 
@@ -123,7 +123,7 @@ class Gem::Package::TarHeader
123
123
  devminor: strict_oct(fields.shift),
124
124
  prefix: fields.shift,
125
125
 
126
- empty: empty
126
+ empty: false
127
127
  end
128
128
 
129
129
  def self.strict_oct(str)
@@ -172,6 +172,22 @@ class Gem::Package::TarHeader
172
172
  @empty = vals[:empty]
173
173
  end
174
174
 
175
+ EMPTY = new({ # :nodoc:
176
+ checksum: 0,
177
+ gname: "",
178
+ linkname: "",
179
+ magic: "",
180
+ mode: 0,
181
+ name: "",
182
+ prefix: "",
183
+ size: 0,
184
+ uname: "",
185
+ version: 0,
186
+
187
+ empty: true,
188
+ }).freeze
189
+ private_constant :EMPTY
190
+
175
191
  ##
176
192
  # Is the tar entry empty?
177
193
 
@@ -241,7 +257,7 @@ class Gem::Package::TarHeader
241
257
 
242
258
  header = header.pack PACK_FORMAT
243
259
 
244
- header << ("\0" * ((512 - header.size) % 512))
260
+ header.ljust 512, "\0"
245
261
  end
246
262
 
247
263
  def oct(num, len)
@@ -7,7 +7,6 @@
7
7
 
8
8
  # rubocop:enable Style/AsciiComments
9
9
 
10
- require_relative "../rubygems"
11
10
  require_relative "security"
12
11
  require_relative "user_interaction"
13
12
 
@@ -295,7 +294,6 @@ class Gem::Package
295
294
 
296
295
  Gem.load_yaml
297
296
 
298
- @spec.mark_version
299
297
  @spec.validate true, strict_validation unless skip_validation
300
298
 
301
299
  setup_signer(
@@ -528,12 +526,13 @@ EOM
528
526
  # Loads a Gem::Specification from the TarEntry +entry+
529
527
 
530
528
  def load_spec(entry) # :nodoc:
529
+ limit = 10 * 1024 * 1024
531
530
  case entry.full_name
532
531
  when "metadata" then
533
- @spec = Gem::Specification.from_yaml entry.read
532
+ @spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
534
533
  when "metadata.gz" then
535
534
  Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
536
- @spec = Gem::Specification.from_yaml gzio.read
535
+ @spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
537
536
  end
538
537
  end
539
538
  end
@@ -557,7 +556,7 @@ EOM
557
556
 
558
557
  @checksums = gem.seek "checksums.yaml.gz" do |entry|
559
558
  Zlib::GzipReader.wrap entry do |gz_io|
560
- Gem::SafeYAML.safe_load gz_io.read
559
+ Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
561
560
  end
562
561
  end
563
562
  end
@@ -664,7 +663,7 @@ EOM
664
663
 
665
664
  case file_name
666
665
  when /\.sig$/ then
667
- @signatures[$`] = entry.read if @security_policy
666
+ @signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
668
667
  return
669
668
  else
670
669
  digest entry
@@ -724,6 +723,12 @@ EOM
724
723
  IO.copy_stream(src, dst)
725
724
  end
726
725
  end
726
+
727
+ def limit_read(io, name, limit)
728
+ bytes = io.read(limit + 1)
729
+ raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
730
+ bytes
731
+ end
727
732
  end
728
733
 
729
734
  require_relative "package/digest_io"
@@ -134,6 +134,7 @@ class Gem::Platform
134
134
  when /netbsdelf/ then ["netbsdelf", nil]
135
135
  when /openbsd(\d+\.\d+)?/ then ["openbsd", $1]
136
136
  when /solaris(\d+\.\d+)?/ then ["solaris", $1]
137
+ when /wasi/ then ["wasi", nil]
137
138
  # test
138
139
  when /^(\w+_platform)(\d+)?/ then [$1, $2]
139
140
  else ["unknown", nil]