Remove taint usage on Ruby 2.7+

Ruby 2.7 deprecates taint and it no longer has an effect.
This attempts to leave the behavior the same on older
Ruby versions, but avoid the use of deprecated methods
related to taint on Ruby 2.7+.

See https://bugs.ruby-lang.org/issues/16131 for details.

lib/bundler.rb

@@ -20,6 +20,11 @@ module Bundler
   ENV.replace(environment_preserver.backup)
   SUDO_MUTEX = Mutex.new
 
+  # Taint support is deprecated in Ruby 2.7.
+  # This allows switching ".untaint" to ".tap(&Bundler::UNTAINT)",
+  # to avoid deprecation warnings in Ruby 2.7.
+  UNTAINT = RUBY_VERSION < "2.7" ? :untaint.to_sym : proc{}
+
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :DepProxy,               File.expand_path("bundler/dep_proxy", __dir__)

lib/bundler/dsl.rb

@@ -44,7 +44,7 @@ def eval_gemfile(gemfile, contents = nil)
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.untaint, gemfile.to_s, 1)
+      instance_eval(contents.dup.tap(&Bundler::UNTAINT), gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \

lib/bundler/rubygems_ext.rb

@@ -29,7 +29,7 @@ def full_gem_path
       # gems at that time, this method could be called inside another require,
       # thus raising with that constant being undefined. Better to check a method
       if source.respond_to?(:path) || (source.respond_to?(:bundler_plugin_api_source?) && source.bundler_plugin_api_source?)
-        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.untaint
+        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap(&Bundler::UNTAINT)
       else
         rg_full_gem_path
       end

lib/bundler/shared_helpers.rb

@@ -13,13 +13,13 @@ module SharedHelpers
     def root
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path.parent
+      Pathname.new(gemfile).tap(&Bundler::UNTAINT).expand_path.parent
     end
 
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path
+      Pathname.new(gemfile).tap(&Bundler::UNTAINT).expand_path
     end
 
     def default_lockfile
@@ -28,7 +28,7 @@ def default_lockfile
       case gemfile.basename.to_s
       when "gems.rb" then Pathname.new(gemfile.sub(/.rb$/, ".locked"))
       else Pathname.new("#{gemfile}.lock")
-      end.untaint
+      end.tap(&Bundler::UNTAINT)
     end
 
     def default_bundle_dir
@@ -100,7 +100,7 @@ def set_bundle_environment
     #
     # @see {Bundler::PermissionError}
     def filesystem_access(path, action = :write, &block)
-      yield(path.dup.untaint)
+      yield(path.dup.tap(&Bundler::UNTAINT))
     rescue Errno::EACCES
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN
@@ -268,7 +268,7 @@ def find_directory(*names)
 
     def search_up(*names)
       previous = nil
-      current  = File.expand_path(SharedHelpers.pwd).untaint
+      current  = File.expand_path(SharedHelpers.pwd).tap(&Bundler::UNTAINT)
 
       until !File.directory?(current) || current == previous
         if ENV["BUNDLE_SPEC_RUN"]

lib/bundler/source/git.rb

@@ -316,7 +316,7 @@ def validate_spec(_spec); end
 
       def load_gemspec(file)
         stub = Gem::StubSpecification.gemspec_stub(file, install_path.parent, install_path.parent)
-        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.untaint
+        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.tap(&Bundler::UNTAINT)
         StubSpecification.from_stub(stub)
       end
 

lib/bundler/vendor/fileutils/lib/fileutils.rb

@@ -1300,7 +1300,7 @@ def entries
            .reject {|n| n == '.' or n == '..' }
       end
 
-      files.map {|n| Entry_.new(prefix(), join(rel(), n.untaint)) }
+      files.map {|n| Entry_.new(prefix(), join(rel(), n.tap(&Bundler::UNTAINT))) }
     end
 
     def stat