rubygems-update 3.2.33 → 3.2.34

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0ad3f54099eb51ea11d57eb8da10dd84729d075b26073b687ed49f7e7f8b018
-  data.tar.gz: fa02cdd3863c8ead6ebc2594f6e7c4b0065a8dff28eb9412cf16c18e5e38e05e
+  metadata.gz: a8c702a4165527b22d31e1cb41e0e5bc94e75428b2a69a48f5e4565df627e885
+  data.tar.gz: 2dd36e7a22f82691fe39d1384d37270843bf6705b929e92e8d6d501af21db430
 SHA512:
-  metadata.gz: 5416de9788161fd52b5619e8579134cc6abf4431819d23e56f06ae1b0fd5e511db5fb042b67824dc7a257403ab982528f52e39895f9f56d69472f86827d1a756
-  data.tar.gz: 61d7407de87425e910d2dd2282dfb1de6b6ed472aac1cb5059387c946bdd3564c4bc65d3d6d8d07587010185bbd06679cb1d77e718672ee0de3be6a813f00b7b
+  metadata.gz: f77785a6aac66c4e68e2f73b794c0d642cf8a962192ece73fd6e208c79ec1c29a6e824cb065c40f25b97c06aa5feb827efe8ce4419d2d103843758ae7514b378
+  data.tar.gz: b90468d920c7f6ea3217858d74ebfa2fe7e162f7408cb61987284e381f4d91d6e258d574c7f8cbc70a429b872521c50f26a92db48a3dee5394a70534acddb848

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-12-07".freeze
-    @git_commit_sha = "9b5e2a350b".freeze
+    @built_at = "2023-02-06".freeze
+    @git_commit_sha = "c07c26df9e".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb

@@ -210,9 +210,9 @@ class Bundler::Thor
     #
     # ==== Examples
     #
-    #   inject_into_class "app/controllers/application_controller.rb", ApplicationController, "  filter_parameter :password\n"
+    #   inject_into_class "app/controllers/application_controller.rb", "ApplicationController", "  filter_parameter :password\n"
     #
-    #   inject_into_class "app/controllers/application_controller.rb", ApplicationController do
+    #   inject_into_class "app/controllers/application_controller.rb", "ApplicationController" do
     #     "  filter_parameter :password\n"
     #   end
     #
@@ -233,9 +233,9 @@ class Bundler::Thor
     #
     # ==== Examples
     #
-    #   inject_into_module "app/helpers/application_helper.rb", ApplicationHelper, "  def help; 'help'; end\n"
+    #   inject_into_module "app/helpers/application_helper.rb", "ApplicationHelper", "  def help; 'help'; end\n"
     #
-    #   inject_into_module "app/helpers/application_helper.rb", ApplicationHelper do
+    #   inject_into_module "app/helpers/application_helper.rb", "ApplicationHelper" do
     #     "  def help; 'help'; end\n"
     #   end
     #
@@ -252,7 +252,7 @@ class Bundler::Thor
     # flag<Regexp|String>:: the regexp or string to be replaced
     # replacement<String>:: the replacement, can be also given as a block
     # config<Hash>:: give :verbose => false to not log the status, and
-    #                :force => true, to force the replacement regardless of runner behavior.
+    #                :force => true, to force the replacement regardles of runner behavior.
     #
     # ==== Example
     #
@@ -331,7 +331,7 @@ class Bundler::Thor
       path = File.expand_path(path, destination_root)
 
       say_status :remove, relative_to_original_destination_root(path), config.fetch(:verbose, true)
-      if !options[:pretend] && File.exist?(path)
+      if !options[:pretend] && (File.exist?(path) || File.symlink?(path))
         require "fileutils"
         ::FileUtils.rm_rf(path)
       end

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb

@@ -106,12 +106,11 @@ class Bundler::Thor
       # Adds the content to the file.
       #
       def replace!(regexp, string, force)
-        return if pretend?
         content = File.read(destination)
         if force || !content.include?(replacement)
           success = content.gsub!(regexp, string)
 
-          File.open(destination, "wb") { |file| file.write(content) }
+          File.open(destination, "wb") { |file| file.write(content) } unless pretend?
           success
         end
       end

data/bundler/lib/bundler/vendor/thor/lib/thor/actions.rb

@@ -161,6 +161,8 @@ class Bundler::Thor
     # to the block you provide. The path is set back to the previous path when
     # the method exits.
     #
+    # Returns the value yielded by the block.
+    #
     # ==== Parameters
     # dir<String>:: the directory to move to.
     # config<Hash>:: give :verbose => true to log and use padding.
@@ -179,16 +181,18 @@ class Bundler::Thor
         FileUtils.mkdir_p(destination_root)
       end
 
+      result = nil
       if pretend
         # In pretend mode, just yield down to the block
-        block.arity == 1 ? yield(destination_root) : yield
+        result = block.arity == 1 ? yield(destination_root) : yield
       else
         require "fileutils"
-        FileUtils.cd(destination_root) { block.arity == 1 ? yield(destination_root) : yield }
+        FileUtils.cd(destination_root) { result = block.arity == 1 ? yield(destination_root) : yield }
       end
 
       @destination_stack.pop
       shell.padding -= 1 if verbose
+      result
     end
 
     # Goes to the root and execute the given block.

data/bundler/lib/bundler/vendor/thor/lib/thor/core_ext/hash_with_indifferent_access.rb

@@ -28,6 +28,12 @@ class Bundler::Thor
         super(convert_key(key))
       end
 
+      def except(*keys)
+        dup.tap do |hash|
+          keys.each { |key| hash.delete(convert_key(key)) }
+        end
+      end
+
       def fetch(key, *args)
         super(convert_key(key), *args)
       end

data/bundler/lib/bundler/vendor/thor/lib/thor/error.rb

@@ -102,9 +102,14 @@ class Bundler::Thor
   end
 
   if Correctable
-    DidYouMean::SPELL_CHECKERS.merge!(
-      'Bundler::Thor::UndefinedCommandError' => UndefinedCommandError::SpellChecker,
-      'Bundler::Thor::UnknownArgumentError' => UnknownArgumentError::SpellChecker
-    )
+    if DidYouMean.respond_to?(:correct_error)
+      DidYouMean.correct_error(Bundler::Thor::UndefinedCommandError, UndefinedCommandError::SpellChecker)
+      DidYouMean.correct_error(Bundler::Thor::UnknownArgumentError, UnknownArgumentError::SpellChecker)
+    else
+      DidYouMean::SPELL_CHECKERS.merge!(
+        'Bundler::Thor::UndefinedCommandError' => UndefinedCommandError::SpellChecker,
+        'Bundler::Thor::UnknownArgumentError' => UnknownArgumentError::SpellChecker
+      )
+    end
   end
 end

data/bundler/lib/bundler/vendor/thor/lib/thor/parser/options.rb

@@ -45,6 +45,7 @@ class Bundler::Thor
       @switches = {}
       @extra = []
       @stopped_parsing_after_extra_index = nil
+      @is_treated_as_value = false
 
       options.each do |option|
         @switches[option.switch_name] = option
@@ -74,8 +75,19 @@ class Bundler::Thor
       end
     end
 
+    def shift
+      @is_treated_as_value = false
+      super
+    end
+
+    def unshift(arg, is_value: false)
+      @is_treated_as_value = is_value
+      super(arg)
+    end
+
     def parse(args) # rubocop:disable MethodLength
       @pile = args.dup
+      @is_treated_as_value = false
       @parsing_options = true
 
       while peek
@@ -88,7 +100,10 @@ class Bundler::Thor
             when SHORT_SQ_RE
               unshift($1.split("").map { |f| "-#{f}" })
               next
-            when EQ_RE, SHORT_NUM
+            when EQ_RE
+              unshift($2, is_value: true)
+              switch = $1
+            when SHORT_NUM
               unshift($2)
               switch = $1
             when LONG_RE, SHORT_RE
@@ -148,6 +163,7 @@ class Bundler::Thor
     # Two booleans are returned.  The first is true if the current value
     # starts with a hyphen; the second is true if it is a registered switch.
     def current_is_switch?
+      return [false, false] if @is_treated_as_value
       case peek
       when LONG_RE, SHORT_RE, EQ_RE, SHORT_NUM
         [true, switch?($1)]
@@ -159,6 +175,7 @@ class Bundler::Thor
     end
 
     def current_is_switch_formatted?
+      return false if @is_treated_as_value
       case peek
       when LONG_RE, SHORT_RE, EQ_RE, SHORT_NUM, SHORT_SQ_RE
         true
@@ -168,6 +185,7 @@ class Bundler::Thor
     end
 
     def current_is_value?
+      return true if @is_treated_as_value
       peek && (!parsing_options? || super)
     end
 

data/bundler/lib/bundler/vendor/thor/lib/thor/shell/basic.rb

@@ -103,6 +103,23 @@ class Bundler::Thor
         stdout.flush
       end
 
+      # Say (print) an error to the user. If the sentence ends with a whitespace
+      # or tab character, a new line is not appended (print + flush). Otherwise
+      # are passed straight to puts (behavior got from Highline).
+      #
+      # ==== Example
+      # say_error("error: something went wrong")
+      #
+      def say_error(message = "", color = nil, force_new_line = (message.to_s !~ /( |\t)\Z/))
+        return if quiet?
+
+        buffer = prepare_message(message, *color)
+        buffer << "\n" if force_new_line && !message.to_s.end_with?("\n")
+
+        stderr.print(buffer)
+        stderr.flush
+      end
+
       # Say a status with the given color and appends the message. Since this
       # method is used frequently by actions, it allows nil or false to be given
       # in log_status, avoiding the message from being shown. If a Symbol is
@@ -111,13 +128,14 @@ class Bundler::Thor
       def say_status(status, message, log_status = true)
         return if quiet? || log_status == false
         spaces = "  " * (padding + 1)
-        color  = log_status.is_a?(Symbol) ? log_status : :green
-
         status = status.to_s.rjust(12)
+        margin = " " * status.length + spaces
+
+        color  = log_status.is_a?(Symbol) ? log_status : :green
         status = set_color status, color, true if color
 
-        buffer = "#{status}#{spaces}#{message}"
-        buffer = "#{buffer}\n" unless buffer.end_with?("\n")
+        message = message.to_s.chomp.gsub(/(?<!\A)^/, margin)
+        buffer = "#{status}#{spaces}#{message}\n"
 
         stdout.print(buffer)
         stdout.flush

data/bundler/lib/bundler/vendor/thor/lib/thor/shell.rb

@@ -21,7 +21,7 @@ class Bundler::Thor
   end
 
   module Shell
-    SHELL_DELEGATED_METHODS = [:ask, :error, :set_color, :yes?, :no?, :say, :say_status, :print_in_columns, :print_table, :print_wrapped, :file_collision, :terminal_width]
+    SHELL_DELEGATED_METHODS = [:ask, :error, :set_color, :yes?, :no?, :say, :say_error, :say_status, :print_in_columns, :print_table, :print_wrapped, :file_collision, :terminal_width]
     attr_writer :shell
 
     autoload :Basic, File.expand_path("shell/basic", __dir__)

data/bundler/lib/bundler/vendor/thor/lib/thor/util.rb

@@ -211,7 +211,7 @@ class Bundler::Thor
       #
       def globs_for(path)
         path = escape_globs(path)
-        ["#{path}/Thorfile", "#{path}/*.thor", "#{path}/tasks/*.thor", "#{path}/lib/tasks/*.thor"]
+        ["#{path}/Thorfile", "#{path}/*.thor", "#{path}/tasks/*.thor", "#{path}/lib/tasks/**/*.thor"]
       end
 
       # Return the path to the ruby interpreter taking into account multiple

data/bundler/lib/bundler/vendor/thor/lib/thor/version.rb

@@ -1,3 +1,3 @@
 class Bundler::Thor
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.2.33".freeze
+  VERSION = "2.2.34".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/rubygems/commands/server_command.rb

@@ -5,7 +5,7 @@ require_relative '../deprecate'
 
 class Gem::Commands::ServerCommand < Gem::Command
   extend Gem::Deprecate
-  rubygems_deprecate_command
+  rubygems_deprecate_command("3.3.0")
 
   def initialize
     super 'server', 'Documentation and gem repository HTTP server',

data/lib/rubygems/deprecate.rb

@@ -96,7 +96,7 @@ module Gem::Deprecate
   end
 
   # Deprecation method to deprecate Rubygems commands
-  def rubygems_deprecate_command
+  def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
     class_eval do
       define_method "deprecated?" do
         true
@@ -104,7 +104,7 @@ module Gem::Deprecate
 
       define_method "deprecation_warning" do
         msg = [ "#{self.command} command is deprecated",
-                ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}.\n",
+                ". It will be removed in Rubygems #{version}.\n",
         ]
 
         alert_warning "#{msg.join}" unless Gem::Deprecate.skip

data/lib/rubygems/requirement.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-require_relative "deprecate"
+require_relative "version"
 
 ##
 # A Requirement is a set of one or more version restrictions. It supports a

data/lib/rubygems/specification.rb

@@ -9,6 +9,8 @@
 require_relative 'deprecate'
 require_relative 'basic_specification'
 require_relative 'stub_specification'
+require_relative 'platform'
+require_relative 'requirement'
 require_relative 'specification_policy'
 require_relative 'util/list'
 

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = "3.2.33".freeze
+  VERSION = "3.2.34".freeze
 end
 
 # Must be first since it unloads the prelude from 1.9.2
@@ -1293,7 +1293,12 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
     end
 
     def default_gem_load_paths
-      @default_gem_load_paths ||= $LOAD_PATH[load_path_insert_index..-1]
+      @default_gem_load_paths ||= $LOAD_PATH[load_path_insert_index..-1].map do |lp|
+        expanded = File.expand_path(lp)
+        next expanded unless File.exist?(expanded)
+
+        File.realpath(expanded)
+      end
     end
   end
 
@@ -1310,37 +1315,19 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
   autoload :Licenses,           File.expand_path('rubygems/util/licenses', __dir__)
   autoload :NameTuple,          File.expand_path('rubygems/name_tuple', __dir__)
   autoload :PathSupport,        File.expand_path('rubygems/path_support', __dir__)
-  autoload :Platform,           File.expand_path('rubygems/platform', __dir__)
   autoload :RequestSet,         File.expand_path('rubygems/request_set', __dir__)
-  autoload :Requirement,        File.expand_path('rubygems/requirement', __dir__)
   autoload :Resolver,           File.expand_path('rubygems/resolver', __dir__)
   autoload :Source,             File.expand_path('rubygems/source', __dir__)
   autoload :SourceList,         File.expand_path('rubygems/source_list', __dir__)
   autoload :SpecFetcher,        File.expand_path('rubygems/spec_fetcher', __dir__)
-  autoload :Specification,      File.expand_path('rubygems/specification', __dir__)
   autoload :Util,               File.expand_path('rubygems/util', __dir__)
   autoload :Version,            File.expand_path('rubygems/version', __dir__)
 end
 
 require_relative 'rubygems/exceptions'
+require_relative 'rubygems/specification'
 
 # REFACTOR: This should be pulled out into some kind of hacks file.
-begin
-  ##
-  # Defaults the Ruby implementation wants to provide for RubyGems
-
-  require "rubygems/defaults/#{RUBY_ENGINE}"
-rescue LoadError
-end
-
-##
-# Loads the default specs.
-Gem::Specification.load_defaults
-
-require_relative 'rubygems/core_ext/kernel_gem'
-require_relative 'rubygems/core_ext/kernel_require'
-require_relative 'rubygems/core_ext/kernel_warn'
-
 begin
   ##
   # Defaults the operating system (or packager) wants to provide for RubyGems.
@@ -1356,3 +1343,19 @@ rescue StandardError => e
     "the problem and ask for help."
   raise e.class, msg
 end
+
+begin
+  ##
+  # Defaults the Ruby implementation wants to provide for RubyGems
+
+  require "rubygems/defaults/#{RUBY_ENGINE}"
+rescue LoadError
+end
+
+##
+# Loads the default specs.
+Gem::Specification.load_defaults
+
+require_relative 'rubygems/core_ext/kernel_gem'
+require_relative 'rubygems/core_ext/kernel_require'
+require_relative 'rubygems/core_ext/kernel_warn'

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.2.33"
+  s.version = "3.2.34"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/test_gem_command_manager.rb

@@ -311,4 +311,29 @@ class TestGemCommandManager < Gem::TestCase
   ensure
     Gem::Commands.send(:remove_const, :FooCommand)
   end
+
+  def test_deprecated_command_with_version
+    require "rubygems/command"
+    foo_command = Class.new(Gem::Command) do
+      extend Gem::Deprecate
+
+      rubygems_deprecate_command("9.9.9")
+
+      def execute
+        say "pew pew!"
+      end
+    end
+
+    Gem::Commands.send(:const_set, :FooCommand, foo_command)
+    @command_manager.register_command(:foo, foo_command.new("foo"))
+
+    use_ui @ui do
+      @command_manager.process_args(%w[foo])
+    end
+
+    assert_equal "pew pew!\n", @ui.output
+    assert_match(/WARNING:  foo command is deprecated. It will be removed in Rubygems 9.9.9/, @ui.error)
+  ensure
+    Gem::Commands.send(:remove_const, :FooCommand)
+  end
 end

data/test/rubygems/test_gem_source_git.rb

@@ -63,6 +63,11 @@ class TestGemSourceGit < Gem::TestCase
   end
 
   def test_checkout_submodules
+    # We need to allow to checkout submodules with file:// protocol
+    # CVE-2022-39253
+    # https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
+    system(@git, *%W[config --global protocol.file.allow always])
+
     source = Gem::Source::Git.new @name, @repository, 'master', true
 
     git_gem 'b'

data/test/rubygems/test_rubygems.rb

@@ -22,6 +22,29 @@ class GemTest < Gem::TestCase
     "the problem and ask for help."
   end
 
+  def test_operating_system_customizing_default_dir
+    pend "does not apply to truffleruby" if RUBY_ENGINE == 'truffleruby'
+    pend "loads a custom defaults/jruby file that gets in the middle" if RUBY_ENGINE == 'jruby'
+
+    # On a non existing default dir, there should be no gems
+
+    path = util_install_operating_system_rb <<-RUBY
+      module Gem
+        def self.default_dir
+          File.expand_path("foo")
+        end
+      end
+    RUBY
+
+    output = Gem::Util.popen(
+      *ruby_with_rubygems_and_fake_operating_system_in_load_path(path),
+      '-e',
+      "require \"rubygems\"; puts Gem::Specification.stubs.map(&:full_name)",
+      {:err => [:child, :out]}
+    ).strip
+    assert_empty output
+  end
+
   private
 
   def util_install_operating_system_rb(content)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.2.33
+  version: 3.2.34
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-07 00:00:00.000000000 Z
+date: 2023-02-06 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality