rubygems-update 3.6.1 → 3.6.3

data/bundler/lib/bundler/plugin/index.rb

@@ -34,6 +34,10 @@ module Bundler
         rescue GenericSystemCallError
           # no need to fail when on a read-only FS, for example
           nil
+        rescue ArgumentError => e
+          # ruby 3.4 checks writability in Dir.tmpdir
+          raise unless e.message&.include?("could not find a temporary directory")
+          nil
         end
         load_index(local_index_file) if SharedHelpers.in_bundle?
       end

data/bundler/lib/bundler/resolver/base.rb

@@ -5,10 +5,11 @@ require_relative "package"
 module Bundler
   class Resolver
     class Base
-      attr_reader :packages, :requirements, :source_requirements
+      attr_reader :packages, :requirements, :source_requirements, :locked_specs
 
       def initialize(source_requirements, dependencies, base, platforms, options)
         @source_requirements = source_requirements
+        @locked_specs = options[:locked_specs]
 
         @base = base
 

data/bundler/lib/bundler/resolver/package.rb

@@ -18,7 +18,7 @@ module Bundler
       def initialize(name, platforms, locked_specs:, unlock:, prerelease: false, prefer_local: false, dependency: nil)
         @name = name
         @platforms = platforms
-        @locked_version = locked_specs[name].first&.version
+        @locked_version = locked_specs.version_for(name)
         @unlock = unlock
         @dependency = dependency || Dependency.new(name, @locked_version)
         @top_level = !dependency.nil?

data/bundler/lib/bundler/resolver.rb

@@ -80,7 +80,8 @@ module Bundler
     def solve_versions(root:, logger:)
       solver = PubGrub::VersionSolver.new(source: self, root: root, logger: logger)
       result = solver.solve
-      result.flat_map {|package, version| version.to_specs(package, @most_specific_locked_platform) }
+      resolved_specs = result.flat_map {|package, version| version.to_specs(package, @most_specific_locked_platform) }
+      SpecSet.new(resolved_specs).specs_with_additional_variants_from(@base.locked_specs)
     rescue PubGrub::SolveFailure => e
       incompatibility = e.incompatibility
 

data/bundler/lib/bundler/ruby_dsl.rb

@@ -42,9 +42,18 @@ module Bundler
     # Loads the file relative to the dirname of the Gemfile itself.
     def normalize_ruby_file(filename)
       file_content = Bundler.read_file(gemfile.dirname.join(filename))
-      # match "ruby-3.2.2" or "ruby   3.2.2" capturing version string up to the first space or comment
-      if /^ruby(-|\s+)([^\s#]+)/.match(file_content)
-        $2
+      # match "ruby-3.2.2", ruby = "3.2.2" or "ruby   3.2.2" capturing version string up to the first space or comment
+      if /^                    # Start of line
+         ruby                  # Literal "ruby"
+         [\s-]*                # Optional whitespace or hyphens (for "ruby-3.2.2" format)
+         (?:=\s*)?             # Optional equals sign with whitespace (for ruby = "3.2.2" format)
+         "?                    # Optional opening quote
+         (                     # Start capturing group
+           [^\s#"]+            # One or more chars that aren't spaces, #, or quotes
+         )                     # End capturing group
+         "?                    # Optional closing quote
+         /x.match(file_content)
+        $1
       else
         file_content.strip
       end

data/bundler/lib/bundler/rubygems_integration.rb

@@ -134,18 +134,6 @@ module Bundler
       loaded_gem_paths.flatten
     end
 
-    def load_plugins
-      Gem.load_plugins
-    end
-
-    def load_plugin_files(plugin_files)
-      Gem.load_plugin_files(plugin_files)
-    end
-
-    def load_env_plugins
-      Gem.load_env_plugins
-    end
-
     def ui=(obj)
       Gem::DefaultUserInteraction.ui = obj
     end

data/bundler/lib/bundler/self_manager.rb

@@ -84,8 +84,9 @@ module Bundler
         require "shellwords"
         cmd = [*Shellwords.shellsplit(bundler_spec_original_cmd), *ARGV]
       else
-        cmd = [Process.argv0, *ARGV]
-        cmd.unshift(Gem.ruby) unless File.executable?(Process.argv0)
+        argv0 = File.exist?($PROGRAM_NAME) ? $PROGRAM_NAME : Process.argv0
+        cmd = [argv0, *ARGV]
+        cmd.unshift(Gem.ruby) unless File.executable?(argv0)
       end
 
       Bundler.with_original_env do

data/bundler/lib/bundler/source/git.rb

@@ -282,6 +282,7 @@ module Bundler
         FileUtils.rm_rf(app_cache_path)
         git_proxy.checkout if migrate || requires_checkout?
         git_proxy.copy_to(app_cache_path, @submodules)
+        serialize_gemspecs_in(app_cache_path)
       end
 
       def checkout

data/bundler/lib/bundler/spec_set.rb

@@ -133,8 +133,8 @@ module Bundler
       validation_set.incomplete_specs.any?
     end
 
-    def missing_specs_for(dependencies)
-      materialize_dependencies(dependencies)
+    def missing_specs_for(deps)
+      materialize_dependencies(deps)
 
       missing_specs
     end
@@ -163,12 +163,20 @@ module Bundler
       @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
     end
 
+    def specs_with_additional_variants_from(other)
+      sorted | additional_variants_from(other)
+    end
+
     def delete_by_name(name)
       @specs.reject! {|spec| spec.name == name }
 
       reset!
     end
 
+    def version_for(name)
+      self[name].first&.version
+    end
+
     def what_required(spec)
       unless req = find {|s| s.runtime_dependencies.any? {|d| d.name == spec.name } }
         return [spec]
@@ -273,6 +281,12 @@ module Bundler
       @specs.flat_map {|spec| spec.source.specs.search([spec.name, spec.version]).map(&:platform) }.uniq
     end
 
+    def additional_variants_from(other)
+      other.select do |spec|
+        version_for(spec.name) == spec.version && valid_dependencies?(spec)
+      end
+    end
+
     def valid_dependencies?(s)
       validate_deps(s) == :valid
     end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.6.1".freeze
+  VERSION = "2.6.3".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/bundler/lib/bundler.rb

@@ -212,7 +212,6 @@ module Bundler
     #    Bundler.require(:test)   # requires second_gem
     #
     def require(*groups)
-      load_plugins
       setup(*groups).require(*groups)
     end
 
@@ -548,15 +547,7 @@ module Bundler
     def load_gemspec_uncached(file, validate = false)
       path = Pathname.new(file)
       contents = read_file(file)
-      spec = if contents.start_with?("---") # YAML header
-        eval_yaml_gemspec(path, contents)
-      else
-        # Eval the gemspec from its parent directory, because some gemspecs
-        # depend on "./" relative paths.
-        SharedHelpers.chdir(path.dirname.to_s) do
-          eval_gemspec(path, contents)
-        end
-      end
+      spec = eval_gemspec(path, contents)
       return unless spec
       spec.loaded_from = path.expand_path.to_s
       Bundler.rubygems.validate(spec) if validate
@@ -576,23 +567,6 @@ module Bundler
       @feature_flag ||= FeatureFlag.new(VERSION)
     end
 
-    def load_plugins(definition = Bundler.definition)
-      return if defined?(@load_plugins_ran)
-
-      Bundler.rubygems.load_plugins
-
-      requested_path_gems = definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
-      path_plugin_files = requested_path_gems.flat_map do |spec|
-        spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
-      rescue TypeError
-        error_message = "#{spec.name} #{spec.version} has an invalid gemspec"
-        raise Gem::InvalidSpecificationException, error_message
-      end
-      Bundler.rubygems.load_plugin_files(path_plugin_files)
-      Bundler.rubygems.load_env_plugins
-      @load_plugins_ran = true
-    end
-
     def reset!
       reset_paths!
       Plugin.reset!
@@ -675,12 +649,18 @@ module Bundler
       Kernel.require "psych"
 
       Gem::Specification.from_yaml(contents)
-    rescue ::Psych::SyntaxError, ArgumentError, Gem::EndOfYAMLException, Gem::Exception
-      eval_gemspec(path, contents)
     end
 
     def eval_gemspec(path, contents)
-      eval(contents, TOPLEVEL_BINDING.dup, path.expand_path.to_s)
+      if contents.start_with?("---") # YAML header
+        eval_yaml_gemspec(path, contents)
+      else
+        # Eval the gemspec from its parent directory, because some gemspecs
+        # depend on "./" relative paths.
+        SharedHelpers.chdir(path.dirname.to_s) do
+          eval(contents, TOPLEVEL_BINDING.dup, path.expand_path.to_s)
+        end
+      end
     rescue ScriptError, StandardError => e
       msg = "There was an error while loading `#{path.basename}`: #{e.message}"
 

data/doc/rubygems/POLICIES.md

@@ -95,7 +95,7 @@ the version in all version files, synchronizes both changelogs to include all
 backported changes and commits that change on top of the cherry-picks.
 
 Note that this task requires all user facing pull requests to be tagged with
-specific labels. See [Merging a PR](/bundler/doc/playbooks/MERGING_A_PR.md) for details.
+specific labels. See [Merging a PR](../bundler/playbooks/MERGING_A_PR.md) for details.
 
 Also note that when this task cherry-picks, it cherry-picks the merge commits
 using the following command:

data/lib/rubygems/commands/environment_command.rb

@@ -15,6 +15,7 @@ class Gem::Commands::EnvironmentCommand < Gem::Command
           version         display the gem format version
           remotesources   display the remote gem servers
           platform        display the supported gem platforms
+          credentials     display the path where credentials are stored
           <omitted>       display everything
     EOF
     args.gsub(/^\s+/, "")
@@ -88,6 +89,8 @@ lib/rubygems/defaults/operating_system.rb
         Gem.sources.to_a.join("\n")
       when /^platform/ then
         Gem.platforms.join(File::PATH_SEPARATOR)
+      when /^credentials/, /^creds/ then
+        Gem.configuration.credentials_path
       when nil then
         show_environment
       else
@@ -114,6 +117,8 @@ lib/rubygems/defaults/operating_system.rb
 
     out << "  - USER INSTALLATION DIRECTORY: #{Gem.user_dir}\n"
 
+    out << "  - CREDENTIALS FILE: #{Gem.configuration.credentials_path}\n"
+
     out << "  - RUBYGEMS PREFIX: #{Gem.prefix}\n" unless Gem.prefix.nil?
 
     out << "  - RUBY EXECUTABLE: #{Gem.ruby}\n"

data/lib/rubygems/rdoc.rb

@@ -6,8 +6,17 @@ begin
   require "rdoc/rubygems_hook"
   module Gem
     RDoc = ::RDoc::RubygemsHook
+
+    ##
+    # Returns whether RDoc defines its own install hooks through a RubyGems
+    # plugin. This and whatever is guarded by it can be removed once no
+    # supported Ruby ships with RDoc older than 6.9.0.
+
+    def self.rdoc_hooks_defined_via_plugin?
+      Gem::Version.new(::RDoc::VERSION) >= Gem::Version.new("6.9.0")
+    end
   end
 
-  Gem.done_installing(&Gem::RDoc.method(:generation_hook))
+  Gem.done_installing(&Gem::RDoc.method(:generation_hook)) unless Gem.rdoc_hooks_defined_via_plugin?
 rescue LoadError
 end

data/lib/rubygems/requirement.rb

@@ -22,7 +22,7 @@ class Gem::Requirement
 
   SOURCE_SET_REQUIREMENT = Struct.new(:for_lockfile).new "!" # :nodoc:
 
-  quoted = OPS.keys.map {|k| Regexp.quote k }.join "|"
+  quoted = Regexp.union(OPS.keys)
   PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gem::Version::VERSION_PATTERN})\\s*".freeze # :nodoc:
 
   ##
@@ -201,7 +201,8 @@ class Gem::Requirement
   def marshal_load(array) # :nodoc:
     @requirements = array[0]
 
-    raise TypeError, "wrong @requirements" unless Array === @requirements
+    raise TypeError, "wrong @requirements" unless Array === @requirements &&
+                                                  @requirements.all? {|r| r.size == 2 && (r.first.is_a?(String) || r[0] = "=") && r.last.is_a?(Gem::Version) }
   end
 
   def yaml_initialize(tag, vals) # :nodoc:
@@ -238,7 +239,7 @@ class Gem::Requirement
   def satisfied_by?(version)
     raise ArgumentError, "Need a Gem::Version: #{version.inspect}" unless
       Gem::Version === version
-    requirements.all? {|op, rv| OPS[op].call version, rv }
+    requirements.all? {|op, rv| OPS.fetch(op).call version, rv }
   end
 
   alias_method :===, :satisfied_by?

data/lib/rubygems/safe_marshal/reader.rb

@@ -20,6 +20,12 @@ module Gem
       class EOFError < Error
       end
 
+      class DataTooShortError < Error
+      end
+
+      class NegativeLengthError < Error
+      end
+
       def initialize(io)
         @io = io
       end
@@ -27,7 +33,7 @@ module Gem
       def read!
         read_header
         root = read_element
-        raise UnconsumedBytesError unless @io.eof?
+        raise UnconsumedBytesError, "expected EOF, got #{@io.read(10).inspect}... after top-level element #{root.class}" unless @io.eof?
         root
       end
 
@@ -41,8 +47,16 @@ module Gem
         raise UnsupportedVersionError, "Unsupported marshal version #{v.bytes.map(&:ord).join(".")}, expected #{Marshal::MAJOR_VERSION}.#{Marshal::MINOR_VERSION}" unless v == MARSHAL_VERSION
       end
 
+      def read_bytes(n)
+        raise NegativeLengthError if n < 0
+        str = @io.read(n)
+        raise EOFError, "expected #{n} bytes, got EOF" if str.nil?
+        raise DataTooShortError, "expected #{n} bytes, got #{str.inspect}" unless str.bytesize == n
+        str
+      end
+
       def read_byte
-        @io.getbyte
+        @io.getbyte || raise(EOFError, "Unexpected EOF")
       end
 
       def read_integer
@@ -67,8 +81,6 @@ module Gem
           read_byte | (read_byte << 8) | -0x10000
         when 0xFF
           read_byte | -0x100
-        when nil
-          raise EOFError, "Unexpected EOF"
         else
           signed = (b ^ 128) - 128
           if b >= 128
@@ -107,8 +119,6 @@ module Gem
         when 47 then read_regexp # ?/
         when 83 then read_struct # ?S
         when 67 then read_user_class # ?C
-        when nil
-          raise EOFError, "Unexpected EOF"
         else
           raise Error, "Unknown marshal type discriminator #{type.chr.inspect} (#{type})"
         end
@@ -127,7 +137,7 @@ module Gem
             Elements::Symbol.new(byte.chr)
           end
         else
-          name = -@io.read(len)
+          name = read_bytes(len)
           Elements::Symbol.new(name)
         end
       end
@@ -138,7 +148,7 @@ module Gem
       def read_string
         length = read_integer
         return EMPTY_STRING if length == 0
-        str = @io.read(length)
+        str = read_bytes(length)
         Elements::String.new(str)
       end
 
@@ -152,7 +162,7 @@ module Gem
 
       def read_user_defined
         name = read_element
-        binary_string = @io.read(read_integer)
+        binary_string = read_bytes(read_integer)
         Elements::UserDefined.new(name, binary_string)
       end
 
@@ -162,6 +172,7 @@ module Gem
       def read_array
         length = read_integer
         return EMPTY_ARRAY if length == 0
+        raise NegativeLengthError if length < 0
         elements = Array.new(length) do
           read_element
         end
@@ -170,7 +181,9 @@ module Gem
 
       def read_object_with_ivars
         object = read_element
-        ivars = Array.new(read_integer) do
+        length = read_integer
+        raise NegativeLengthError if length < 0
+        ivars = Array.new(length) do
           [read_element, read_element]
         end
         Elements::WithIvars.new(object, ivars)
@@ -239,7 +252,9 @@ module Gem
       end
 
       def read_hash_with_default_value
-        pairs = Array.new(read_integer) do
+        length = read_integer
+        raise NegativeLengthError if length < 0
+        pairs = Array.new(length) do
           [read_element, read_element]
         end
         default = read_element
@@ -249,7 +264,9 @@ module Gem
       def read_object
         name = read_element
         object = Elements::Object.new(name)
-        ivars = Array.new(read_integer) do
+        length = read_integer
+        raise NegativeLengthError if length < 0
+        ivars = Array.new(length) do
           [read_element, read_element]
         end
         Elements::WithIvars.new(object, ivars)
@@ -260,13 +277,13 @@ module Gem
       end
 
       def read_float
-        string = @io.read(read_integer)
+        string = read_bytes(read_integer)
         Elements::Float.new(string)
       end
 
       def read_bignum
         sign = read_byte
-        data = @io.read(read_integer * 2)
+        data = read_bytes(read_integer * 2)
         Elements::Bignum.new(sign, data)
       end
 

data/lib/rubygems/safe_marshal/visitors/to_ruby.rb

@@ -45,7 +45,7 @@ module Gem::SafeMarshal
         idx = 0
         # not idiomatic, but there's a huge number of IMEMOs allocated here, so we avoid the block
         # because this is such a hot path when doing a bundle install with the full index
-        until idx == size
+        while idx < size
           push_stack idx
           array << visit(elements[idx])
           idx += 1
@@ -98,16 +98,21 @@ module Gem::SafeMarshal
             end
 
             s = e.object.binary_string
+            # 122 is the largest integer that can be represented in marshal in a single byte
+            raise TimeTooLargeError.new("binary string too large", stack: formatted_stack) if s.bytesize > 122
 
             marshal_string = "\x04\bIu:\tTime".b
-            marshal_string.concat(s.size + 5)
+            marshal_string.concat(s.bytesize + 5)
             marshal_string << s
+            # internal is limited to 5, so no overflow is possible
             marshal_string.concat(internal.size + 5)
 
             internal.each do |k, v|
+              k = k.name
+              # ivar name can't be too large because only known ivars are in the internal ivars list
               marshal_string.concat(":")
-              marshal_string.concat(k.size + 5)
-              marshal_string.concat(k.to_s)
+              marshal_string.concat(k.bytesize + 5)
+              marshal_string.concat(k)
               dumped = Marshal.dump(v)
               dumped[0, 2] = ""
               marshal_string.concat(dumped)
@@ -171,11 +176,11 @@ module Gem::SafeMarshal
       end
 
       def visit_Gem_SafeMarshal_Elements_ObjectLink(o)
-        @objects[o.offset]
+        @objects.fetch(o.offset)
       end
 
       def visit_Gem_SafeMarshal_Elements_SymbolLink(o)
-        @symbols[o.offset]
+        @symbols.fetch(o.offset)
       end
 
       def visit_Gem_SafeMarshal_Elements_UserDefined(o)
@@ -219,16 +224,18 @@ module Gem::SafeMarshal
       end
 
       def visit_Gem_SafeMarshal_Elements_Float(f)
-        case f.string
-        when "inf"
-          ::Float::INFINITY
-        when "-inf"
-          -::Float::INFINITY
-        when "nan"
-          ::Float::NAN
-        else
-          f.string.to_f
-        end
+        register_object(
+          case f.string
+          when "inf"
+            ::Float::INFINITY
+          when "-inf"
+            -::Float::INFINITY
+          when "nan"
+            ::Float::NAN
+          else
+            f.string.to_f
+          end
+        )
       end
 
       def visit_Gem_SafeMarshal_Elements_Bignum(b)
@@ -374,6 +381,12 @@ module Gem::SafeMarshal
       class Error < StandardError
       end
 
+      class TimeTooLargeError < Error
+        def initialize(message, stack:)
+          super "#{message} @ #{stack.join "."}"
+        end
+      end
+
       class UnpermittedSymbolError < Error
         def initialize(symbol:, stack:)
           @symbol = symbol

data/lib/rubygems/specification.rb

@@ -1322,7 +1322,7 @@ class Gem::Specification < Gem::BasicSpecification
     spec.instance_variable_set :@description,               array[13]
     spec.instance_variable_set :@homepage,                  array[14]
     spec.instance_variable_set :@has_rdoc,                  array[15]
-    spec.instance_variable_set :@licenses,                  [array[17]]
+    spec.instance_variable_set :@licenses,                  array[17]
     spec.instance_variable_set :@metadata,                  array[18]
     spec.instance_variable_set :@loaded,                    false
     spec.instance_variable_set :@activated,                 false
@@ -1817,16 +1817,8 @@ class Gem::Specification < Gem::BasicSpecification
   def encode_with(coder) # :nodoc:
     coder.add "name", @name
     coder.add "version", @version
-    platform = case @new_platform
-               when nil, "" then
-                 "ruby"
-               when String then
-                 @new_platform
-               else
-                 @new_platform.to_s
-    end
-    coder.add "platform", platform
-    coder.add "original_platform", @original_platform.to_s if platform != @original_platform.to_s
+    coder.add "platform", platform.to_s
+    coder.add "original_platform", original_platform.to_s if platform.to_s != original_platform.to_s
 
     attributes = @@attributes.map(&:to_s) - %w[name version platform]
     attributes.each do |name|

data/lib/rubygems/uninstaller.rb

@@ -10,7 +10,6 @@ require "fileutils"
 require_relative "../rubygems"
 require_relative "installer_uninstaller_utils"
 require_relative "dependency_list"
-require_relative "rdoc"
 require_relative "user_interaction"
 
 ##