diff options
Diffstat (limited to 'vendor/gems/bundler-checksum')
5 files changed, 21 insertions, 10 deletions
diff --git a/vendor/gems/bundler-checksum/Gemfile.lock b/vendor/gems/bundler-checksum/Gemfile.lock index 8ae053f0105..4db0507a63b 100644 --- a/vendor/gems/bundler-checksum/Gemfile.lock +++ b/vendor/gems/bundler-checksum/Gemfile.lock @@ -15,4 +15,4 @@ DEPENDENCIES bundler-checksum! BUNDLED WITH - 2.3.17 + 2.5.4 diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum.rb index b3d36521f24..083082c0ab1 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum.rb @@ -41,12 +41,18 @@ module Bundler raise "#{@package.inspect} does not have :@gem" unless source raise "#{source.inspect} does not respond to :with_read_io" unless source.respond_to?(:with_read_io) - digest = source.with_read_io do |io| - digest = SharedHelpers.digest(:SHA256).new - digest << io.read(16_384) until io.eof? - io.rewind - send(checksum_type(checksum), digest) - end + digest = + if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.5.0") + gem_checksum.digest + else + source.with_read_io do |io| + digest = SharedHelpers.digest(:SHA256).new + digest << io.read(16_384) until io.eof? + io.rewind + send(checksum_type(checksum), digest) + end + end + unless digest == checksum raise SecurityError, <<-MESSAGE Bundler cannot continue installing #{spec.name} (#{spec.version}). diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb index 1d8db7d78fa..7b4b29acf4f 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb @@ -11,8 +11,13 @@ module BundlerChecksum::Command checksums = [] + require "bundler/vendored_uri" + args = [nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil] + # gem_remote_fetcher added in https://github.com/rubygems/rubygems/pull/7092/ + args << nil if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.5.0") + compact_index_cache = Bundler::Fetcher::CompactIndex - .new(nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil) + .new(*args) .send(:compact_index_client) .instance_variable_get(:@cache) diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb index 0f1249dcf71..a515a6d31ea 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require 'set' +require 'set' # rubocop:disable Lint/RedundantRequireStatement -- Ruby 3.1 and earlier needs this. Drop this line after Ruby 3.2+ is only supported. module BundlerChecksum::Command module Lint diff --git a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock index d633184e300..2aa6a15070f 100644 --- a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock +++ b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock @@ -135,4 +135,4 @@ DEPENDENCIES rails (~> 6.1.6.1) BUNDLED WITH - 2.3.22 + 2.5.4 |