[rubygems/rubygems] Fix bug where redacted credentials are sent to server

Implement deep cloning for `Gem::Uri` class to fix a bug where redacting
credentials modifies the URI string in place instead of returning a
modified copy.

https://github.com/rubygems/rubygems/commit/eafb5a279b

lib/rubygems/uri.rb

@@ -43,6 +43,11 @@ class Gem::Uri
     @parsed_uri.respond_to?(method_name, include_private) || super
   end
 
+  protected
+
+  # Add a protected reader for the cloned instance to access the original object's parsed uri
+  attr_reader :parsed_uri
+
   private
 
   ##
@@ -99,4 +104,8 @@ class Gem::Uri
   def token?
     !user.nil? && password.nil?
   end
+
+  def initialize_copy(original)
+    @parsed_uri = original.parsed_uri.clone
+  end
 end

test/rubygems/test_gem_uri.rb

@@ -29,4 +29,11 @@ class TestUri < Gem::TestCase
   def test_redacted_with_invalid_uri
     assert_equal "https://www.example.com:80index", Gem::Uri.new("https://www.example.com:80index").redacted.to_s
   end
+
+  def test_redacted_does_not_modify_uri
+    url = 'https://user:password@example.com'
+    uri = Gem::Uri.new(url)
+    assert_equal 'https://user:REDACTED@example.com', uri.redacted.to_s
+    assert_equal url, uri.to_s
+  end
 end