deps: downgrade jruby, keep updated default-gem dependencies (forward-port #15283)

lib/pluginmanager/util.rb

@@ -66,7 +66,7 @@ def self.logstash_plugin?(plugin, version = nil, options = {})
         return false
       end
     else
-      dep = ::Gem::Dependency.new(plugin, version || ::Gem::Requirement.default)
+      dep = _gem_dependency(plugin, version)
       ::Gem.sources = ::Gem::SourceList.from(options[:rubygems_source]) if options[:rubygems_source]
       specs, errors = ::Gem::SpecFetcher.fetcher.spec_for_dependency(dep)
 
@@ -87,6 +87,12 @@ def self.logstash_plugin?(plugin, version = nil, options = {})
     end
   end
 
+  # This test injection point allows us to avoid mocking the ::Gem::Dependency
+  # that is used by ruby internals for finding dependencies on the load path
+  def self._gem_dependency(gem_name, version = nil)
+    ::Gem::Dependency.new(gem_name, version || ::Gem::Requirement.default)
+  end
+
   # Fetch latest version information as in rubygems
   # @param [String] The plugin name
   # @param [Hash] Set of available options when fetching the information

logstash-core/logstash-core.gemspec

@@ -56,7 +56,7 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "rack", '~> 2'
   gem.add_runtime_dependency "sinatra", '~> 2'
   gem.add_runtime_dependency 'puma', '~> 6.3', '>= 6.3.1'
-  gem.add_runtime_dependency "jruby-openssl", "~> 0.11"
+  gem.add_runtime_dependency "jruby-openssl", "~> 0.14.1"
 
   gem.add_runtime_dependency "treetop", "~> 1" #(MIT license)
 
@@ -86,7 +86,15 @@ Gem::Specification.new do |gem|
   # https://github.com/logstash-plugins/logstash-mixin-scheduler/blob/v1.0.1/lib/logstash/plugin_mixins/scheduler/rufus_impl.rb#L85=
   # and https://github.com/elastic/logstash/issues/13773
 
-  # TEMPORARY: racc-1.6.0 doesn't have JAVA counterpart (yet)
-  # SEE: https://github.com/ruby/racc/issues/172
-  gem.add_runtime_dependency "racc", "~> 1.5.2" #(Ruby license)
+  # TEMPORARY: delta between JRuby 9.4.2.0 and 9.4.3.0
+  gem.add_runtime_dependency "cgi", "~> 0.3.6"
+  gem.add_runtime_dependency "date", "~> 3.3.3"
+  gem.add_runtime_dependency "ffi", "~> 1.15.5"
+  gem.add_runtime_dependency "net-http", "~> 0.3.0"
+  gem.add_runtime_dependency "net-protocol", "~> 0.1.2"
+  gem.add_runtime_dependency "reline", "~> 0.3.5"
+  gem.add_runtime_dependency "ffi-binary-libfixposix", "~> 0.5.1.1"
+  gem.add_runtime_dependency "time", "~> 0.2.2"
+  gem.add_runtime_dependency "timeout", "~> 0.3.2"
+  gem.add_runtime_dependency "uri", "~> 0.12.1"
 end

rubyUtils.gradle

@@ -25,7 +25,7 @@ buildscript {
     dependencies {
         classpath "org.yaml:snakeyaml:${snakeYamlVersion}"
         classpath "de.undercouch:gradle-download-task:4.0.4"
-        classpath "org.jruby:jruby-core:9.4.3.0"
+        classpath "org.jruby:jruby-core:9.4.2.0"
     }
 }
 

spec/unit/plugin_manager/util_spec.rb

@@ -75,7 +75,7 @@
 
     it "should load all available sources" do
       expect(subject).to receive(:plugin_file?).and_return(false)
-      expect(Gem::Dependency).to receive(:new).and_return(dep)
+      expect(subject).to receive(:_gem_dependency).with(plugin, version).and_return(dep).once
       expect(Gem::SpecFetcher).to receive(:fetcher).and_return(fetcher)
 
       subject.logstash_plugin?(plugin, version, options)

tools/dependencies-report/src/main/resources/licenseMapping.csv

@@ -17,11 +17,13 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "aws-sdk-sqs:1.51.1",https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-sqs,Apache-2.0
 "aws-sigv4:1.5.1",https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sigv4,Apache-2.0
 "back_pressure:",https://github.com/yaauie/ruby_back_pressure,Apache-2.0
+"bigdecimal:",https://github.com/ruby/bigdecimal,BSD-2-Clause
 "bindata:",http://github.com/dmendel/bindata,BSD-2-Clause
 "buftok:",https://github.com/sferik/buftok,MIT
 "builder:",http://onestepback.org,MIT
 "bundler:",https://bundler.io/,MIT
 "cabin:",https://github.com/jordansissel/ruby-cabin,Apache-2.0
+"cgi:",https://github.com/ruby/cgi,BSD-2-Clause
 "clamp:",http://github.com/mdub/clamp,MIT
 "coderay:",http://coderay.rubychan.de,MIT
 "com.fasterxml.jackson.core:jackson-annotations:",https://github.com/FasterXML/jackson-annotations,Apache-2.0
@@ -41,6 +43,7 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "concurrent-ruby:",http://www.concurrent-ruby.com,MIT
 "csv:",https://github.com/ruby/csv,BSD-2-Clause
 "dalli:",https://github.com/petergoldstein/dalli,MIT
+"date:",https://github.com/ruby/date,BSD-2-Clause
 "domain_name:",https://github.com/knu/ruby-domain_name,BSD-2-Clause
 "dotenv:",https://github.com/bkeepers/dotenv,MIT
 "down",https://github.com/janko/down,MIT
@@ -66,6 +69,7 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "faraday-rack",https://github.com/lostisland/faraday,MIT
 "faraday-retry",https://github.com/lostisland/faraday,MIT
 "ffi:",https://github.com/ffi/ffi,BSD-3-CLAUSE
+"ffi-binary-libfixposix:",https://github.com/byteit101/subspawn,Ruby
 "filesize:",https://github.com/dominikh,MIT
 "fugit:",https://github.com/floraison/fugit,MIT
 "gelfd2:",https://github.com/ptqa/gelfd2,Apache-2.0
@@ -78,6 +82,7 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "http:",https://github.com/httprb/http,MIT
 "http_parser.rb:",https://github.com/tmm1/http_parser.rb,MIT
 "i18n:",https://github.com/svenfuchs/i18n,MIT
+"io-console:",https://github.com/ruby/io-console,BSD-2-Clause
 "io.netty:netty-all:",https://github.com/netty/netty,Apache-2.0
 "insist:",https://github.com/jordansissel/ruby-insist,Apache-2.0
 "jar-dependencies:",https://github.com/mkristian/jar-dependencies,MIT
@@ -99,6 +104,7 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "method_source:","https://github.com/banister/method_source/",MIT
 "metriks:","https://github.com/eric/metriks/",MIT
 "mime-types:",https://github.com/mime-types/ruby-mime-types/,MIT
+"mini_mime:",https://github.com/discourse/mini_mime,MIT
 "minitar:",https://github.com/halostatue/minitar/,RUBY|BSD-2-Clause
 "msgpack:","https://github.com/msgpack/msgpack-ruby",Apache-2.0
 "multi_json:","https://github.com/intridea/multi_json",MIT
@@ -107,6 +113,11 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "mustermann:","https://github.com/sinatra/mustermann",MIT
 "mustache:","https://github.com/mustache/mustache",MIT
 "naught:","https://github.com/avdi/naught/",MIT
+"net-http:",https://github.com/ruby/net-http,BSD-2-Clause
+"net-imap:",https://github.com/ruby/net-imap,BSD-2-Clause
+"net-pop:",https://github.com/ruby/net-pop,BSD-2-Clause
+"net-protocol:",https://github.com/ruby/net-protocol,BSD-2-Clause
+"net-smtp:",https://github.com/ruby/net-smtp,BSD-2-Clause
 "nio4r:","https://github.com/socketry/nio4r",MIT
 "nokogiri:","http://nokogiri.org/",MIT
 "openssl_pkcs8_pure:",http://github.com/cielavenir/openssl_pkcs8_pure,Ruby
@@ -154,6 +165,7 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "rake:",https://github.com/ruby/rake,MIT
 "Red Hat Universal Base Image minimal:",https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8,Custom;https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf,,https://oss-dependencies.elastic.co/red-hat-universal-base-image-minimal/8/ubi-minimal-8-source.tar.gz
 "redis:",https://github.com/redis/redis-rb,MIT
+"reline:",https://github.com/ruby/reline,BSD-2-Clause
 "rexml:",https://github.com/ruby/rexml,MIT
 "ruby-progressbar:",https://github.com/jfelchner/ruby-progressbar,MIT
 "ruby2_keywords",https://github.com/ruby/ruby2_keywords,BSD-2-Clause
@@ -171,10 +183,13 @@ dependency,dependencyUrl,licenseOverride,copyright,sourceURL
 "thread_safe:",https://github.com/ruby-concurrency/thread_safe,Apache-2.0
 "thwait:",https://github.com/ruby/thwait,BSD-2-Clause
 "tilt:",https://github.com/rtomayko/tilt,MIT
+"time:",https://github.com/ruby/time,BSD-2-Clause
+"timeout:",https://github.com/ruby/timeout,BSD-2-Clause
 "treetop:",https://github.com/cjheath/treetop,MIT
 "twitter:",https://github.com/sferik/twitter,MIT
 "tzinfo-data:",https://github.com/tzinfo/tzinfo-data,MIT
 "tzinfo:",https://github.com/tzinfo/tzinfo,MIT,Philip Ross
 "unf:",https://github.com/knu/ruby-unf,BSD-2-Clause
+"uri:",https://github.com/ruby/uri,BSD-2-Clause
 "webhdfs:",https://github.com/kzk/webhdfs,Apache-2.0
 "xml-simple:",https://github.com/maik/xml-simple,BSD-2-Clause

tools/dependencies-report/src/main/resources/notices/bigdecimal-NOTICE.txt

@@ -0,0 +1,58 @@
+# source: https://github.com/ruby/bigdecimal/blob/v3.1.4/LICENSE
+
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or binary form,
+     provided that you do at least ONE of the following:
+
+       a) distribute the binaries and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them,
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

tools/dependencies-report/src/main/resources/notices/cgi-NOTICE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.

tools/dependencies-report/src/main/resources/notices/date-NOTICE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.

tools/dependencies-report/src/main/resources/notices/ffi-binary-libfixposix-NOTICE.txt

@@ -0,0 +1,58 @@
+source: https://github.com/byteit101/subspawn/blob/lfp-0.5.1.1/LICENSE.RUBY
+
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or binary form,
+     provided that you do at least ONE of the following:
+
+       a) distribute the binaries and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them,
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

tools/dependencies-report/src/main/resources/notices/io-console-NOTICE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.

tools/dependencies-report/src/main/resources/notices/mini_mime-NOTICE.txt

@@ -0,0 +1,23 @@
+# source: https://github.com/discourse/mini_mime/blob/v1.1.5/LICENSE.txt
+
+The MIT License (MIT)
+
+Copyright (c) 2016 Discourse Construction Kit, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

tools/dependencies-report/src/main/resources/notices/net-http-NOTICE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.