From 189b2340a6064764f994b24f7fdae0dbbb458130 Mon Sep 17 00:00:00 2001
From: CDeighton <cullumdeighton@gmail.com>
Date: Mon, 21 Oct 2024 13:22:34 +1100
Subject: [PATCH] Remove the locked version of sysrandom

Currently this gem uses https://github.com/cryptosphere/sysrandom,
which is a version of securerandom that has been dead since 2018.
It seems to have been used as a workaround to this long running
issue (from 2014) which looks to now be long resolved -
https://bugs.ruby-lang.org/issues/9569

This is an issue for 2 reasons:
- Relying on unsupported gems might result in security issues
(unlikely in something like this, but worth keeping in mind)
- It appears to overload SecureRandom, which breaks a bunch of other
gems that rely on randomisation

If applied this commit will remove this locked version and start
relying on the ruby stdlib version of securerandom instead which is
supported
---
 fastlane-sirp.gemspec | 3 ---
 lib/fastlane-sirp.rb  | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/fastlane-sirp.gemspec b/fastlane-sirp.gemspec
index db1382a..277da5b 100644
--- a/fastlane-sirp.gemspec
+++ b/fastlane-sirp.gemspec
@@ -34,9 +34,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  # See : https://bugs.ruby-lang.org/issues/9569
-  spec.add_runtime_dependency 'sysrandom', '~> 1.0'
-
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '~> 3.4'
diff --git a/lib/fastlane-sirp.rb b/lib/fastlane-sirp.rb
index 9c973c8..076eefe 100644
--- a/lib/fastlane-sirp.rb
+++ b/lib/fastlane-sirp.rb
@@ -1,6 +1,6 @@
 require 'openssl'
 require 'digest'
-require 'sysrandom/securerandom'
+require 'securerandom'
 require 'fastlane-sirp/sirp'
 require 'fastlane-sirp/parameters'
 require 'fastlane-sirp/client'