bundler 1.7.4 → 1.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0db99e813ff94da575f3001947d5dcf86a777946
-  data.tar.gz: f649bbd231e496fa19cfbf3c8b629d1570c307c9
+  metadata.gz: 9e75dd119f8eabf59f5c68cef3dd64a4e2a9f4a0
+  data.tar.gz: 8f006a5f437e186e4f1cfc5a986dd908c9936f19
 SHA512:
-  metadata.gz: 2c9cc0716eff3f0ae1564b4bcfaa8a46bbc00f5e2b323bde78ff175f873bba072bb5d8d7ed8da11481b04076fd3732b56c4bd18ee2d013dca1f6ee6a9582629f
-  data.tar.gz: 72490c914b8efb8be01fd067172c549bbf25ed83bf8db52f4009e75ab9c1c6b8b0d548196ee7e924dbaa001407ba2a684833104105b290e327f1987169d37b1a
+  metadata.gz: 242f567f89e891e7a2a349b9150d699ed7779cc66d3c5d35f43d859a8c927dcbe2ba45275c9bab6fb152d59eea92b4d5e2969e733557448ef5d58f609dae3b66
+  data.tar.gz: 2528f7c7d1141b5932431712e54f2e2a71d5093aea94c4c7f86819c99ec6de1429c99f12b1140a93898fb9679fa47a89427edcc4381914db40d816251c018abf

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 1.7.5 (2014-11-10)
+
+Bugfixes:
+
+  - Fix --deployment with source blocks and non-alphabetical gems (#3224, @tmoore)
+  - Vendor CA chain to validate new rubygems.org HTTPS certificate (@indirect)
+
 ## 1.7.4 (2014-10-19)
 
 Bugfixes:

data/Rakefile

@@ -41,7 +41,7 @@ namespace :spec do
       deps.delete("rdiscount")
     end
 
-    deps.each do |name, version|
+    deps.sort_by{|name, _| name }.each do |name, version|
       sh "#{Gem.ruby} -S gem list -i '^#{name}$' -v '#{version}' || " \
          "#{Gem.ruby} -S gem install #{name} -v '#{version}' --no-ri --no-rdoc"
     end

data/bundler.gemspec

@@ -16,6 +16,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version     = '>= 1.8.7'
   spec.required_rubygems_version = '>= 1.3.6'
 
+  spec.add_development_dependency 'mustache', '0.99.6'
   spec.add_development_dependency 'rdiscount', '~> 1.6'
   spec.add_development_dependency 'ronn', '~> 0.7.3'
   spec.add_development_dependency 'rspec', '~> 3.0'

data/lib/bundler/definition.rb

@@ -298,8 +298,6 @@ module Bundler
     end
 
     def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
-      changes = false
-
       msg = "You are trying to install in deployment mode after changing\n" \
             "your Gemfile. Run `bundle install` elsewhere and add the\n" \
             "updated Gemfile.lock to version control."
@@ -325,32 +323,29 @@ module Bundler
         if deleted_sources.any?
           deleted.concat deleted_sources.map { |source| "* source: #{source}" }
         end
-
-        changes = true
       end
 
-      both_sources = Hash.new { |h,k| h[k] = ["no specified source", "no specified source"] }
-      @dependencies.each { |d| both_sources[d.name][0] = d.source if d.source }
-      @locked_deps.each  { |d| both_sources[d.name][1] = d.source if d.source }
-      both_sources.delete_if { |k,v| v[0] == v[1] }
+      new_deps = @dependencies - @locked_deps
+      deleted_deps = @locked_deps - @dependencies
 
-      if @dependencies != @locked_deps
-        new_deps = @dependencies - @locked_deps
-        deleted_deps = @locked_deps - @dependencies
+      if new_deps.any?
+        added.concat new_deps.map { |d| "* #{pretty_dep(d)}" }
+      end
 
-        if new_deps.any?
-          added.concat new_deps.map { |d| "* #{pretty_dep(d)}" }
-        end
+      if deleted_deps.any?
+        deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" }
+      end
 
-        if deleted_deps.any?
-          deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" }
-        end
+      both_sources = Hash.new { |h,k| h[k] = [] }
+      @dependencies.each { |d| both_sources[d.name][0] = d }
+      @locked_deps.each  { |d| both_sources[d.name][1] = d.source }
 
-        both_sources.each do |name, sources|
-          changed << "* #{name} from `#{sources[0]}` to `#{sources[1]}`"
+      both_sources.each do |name, (dep, lock_source)|
+        if (dep.nil? && !lock_source.nil?) || (!dep.nil? && !lock_source.nil? && !lock_source.can_lock?(dep))
+          gemfile_source_name = (dep && dep.source) || 'no specified source'
+          lockfile_source_name = lock_source || 'no specified source'
+          changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
         end
-
-        changes = true
       end
 
       msg << "\n\nYou have added to the Gemfile:\n"     << added.join("\n") if added.any?

data/lib/bundler/ssl_certs/AddTrustExternalCARoot.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
+VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
+AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
+2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
+ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
+4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
+m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
+vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
+8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
+IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
+KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
+GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
+s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
+JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
+AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
+MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
+bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
+Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
+zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
+Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
+Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
+B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
+PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
+pu/xO28QOG8=
+-----END CERTIFICATE-----

data/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
+hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
+BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
+MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
+bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
+bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
+Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
+ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
+UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
+c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
+MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
+30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
+BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
+T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
+ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
+mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
+e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
+P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
+dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
+2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
+V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
+HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
+j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
+0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
+lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
++AZxAeKCINT+b72x
+-----END CERTIFICATE-----

data/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFUzCCBDugAwIBAgIRAPLaUGqN5nvAm5oy7tfh3dEwDQYJKoZIhvcNAQELBQAw
+gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
+VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
+Q0EwHhcNMTQxMDE2MDAwMDAwWhcNMTUxMDE2MjM1OTU5WjBcMSEwHwYDVQQLExhE
+b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHjAcBgNVBAsTFUVzc2VudGlhbFNTTCBX
+aWxkY2FyZDEXMBUGA1UEAxQOKi5ydWJ5Z2Vtcy5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCmL7NyiM3y61Up2cjNJq5ETt7+qKtoiBKVJpYQ8cB/
+jk4tQuZwKF59dq1gAyU6SFf/iUFRYnvfEa/V+FpuyBL7b/jEzI809hVtkSQM+6vR
+9Vz9rey4wcBpgEX7vSRimtH7RUCitNF3OZkHc59Ny07q9FgW+rRlvWnL970QlgiT
+0o0m3SoJRzqu8zn2ZLtbDARzF3a767Ms6fPm/88cqakNQ9d26aW0yB6Ndgxn7crM
+e6LhlrSZo6Ta1WJs+l5umKDhMdJBGMumxkFlnlqZdZxNGBErOlPSFfQGHYfrWzsR
+EFf+jPe0+OEHB80JU3yQiNs+nBUxzdHDkKAkcO9p4bKzAgMBAAGjggHZMIIB1TAf
+BgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUJiRNFFXU
+9am4rs9kxMj9FY98/N4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGy
+MQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9D
+UFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
+cmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21v
+ZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1Ud
+EQQgMB6CDioucnVieWdlbXMub3JnggxydWJ5Z2Vtcy5vcmcwDQYJKoZIhvcNAQEL
+BQADggEBAFFnezsXS+fBqJDiFdwbPkT9Hdn+cc2OqrJTP5GaPH3hnGc1tn5v5QVB
++s0Uuoil/RiLRs4PzRlZiVZN86iY6GLxd8fkoeNMfdaH0i7i0lXJDz/qIdboPfxc
+2T0oTBJufxvLCeNOFgl5aKus5HD/mnKoD1hGEOBJjulUwn09n8PMFnXmAnDVZ3Tv
+6PltYiH4OadktplNR8oBB55Kn0ffYgIfofL9Mr2iCJlTvxMEpIRAe6NIs2r8InEJ
+CnoNbAXUBuqOjgiiYNLvDrv3usj15Yv8xRMn9pyxA14i6HSyf5LwrLWPWhhV3YJ7
+R+n4EAYack3mCZb2TZ8FwoS05OKhbw8=
+-----END CERTIFICATE-----

data/lib/bundler/ssl_certs/certificate_manager.rb

@@ -18,8 +18,10 @@ module Bundler
       end
 
       def up_to_date?
-        bundler_certs.zip(rubygems_certs).all? do |bc, rc|
-          File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc)
+        rubygems_certs.all? do |rc|
+          bundler_certs.find do |bc|
+            File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc)
+          end
         end
       end
 

data/lib/bundler/version.rb

@@ -2,5 +2,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.7.4" unless defined?(::Bundler::VERSION)
+  VERSION = "1.7.5" unless defined?(::Bundler::VERSION)
 end

data/spec/bundler/gem_helper_spec.rb

@@ -162,6 +162,7 @@ describe Bundler::GemHelper do
           `git init`
           `git config user.email "you@example.com"`
           `git config user.name "name"`
+          `git config push.default simple`
         end
       end
 
@@ -202,7 +203,7 @@ describe Bundler::GemHelper do
           mock_confirm_message "Pushed git commits and tags."
           expect(subject).to receive(:rubygem_push).with(app_gem_path.to_s)
 
-          Dir.chdir(app_path) { sys_exec("git push origin master", true) }
+          Dir.chdir(app_path) { sys_exec("git push -u origin master", true) }
 
           subject.release_gem
         end

data/spec/install/gems/sources_spec.rb

@@ -72,6 +72,7 @@ describe "bundle install with gems on multiple sources" do
         gemfile <<-G
           source "file://#{gem_repo3}"
           source "file://#{gem_repo1}" do
+            gem "thin" # comes first to test name sorting
             gem "rack"
           end
           gem "rack-obama" # shoud come from repo3!

data/spec/realworld/parallel_spec.rb

@@ -58,7 +58,7 @@ describe "parallel", :realworld => true do
      expect(out).to match(/[1-3]: /)
 
     bundle "show activesupport"
-    expect(out).to match(/activesupport-3\.2\.1[3-9]/)
+    expect(out).to match(/activesupport-3\.2\.\d+/)
 
     bundle "show faker"
     expect(out).to match(/faker/)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 1.7.4
+  version: 1.7.5
 platform: ruby
 authors:
 - André Arko
@@ -11,8 +11,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-20 00:00:00.000000000 Z
+date: 2014-11-11 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: mustache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.99.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.99.6
 - !ruby/object:Gem::Dependency
   name: rdiscount
   requirement: !ruby/object:Gem::Requirement
@@ -169,6 +183,9 @@ files:
 - lib/bundler/source_list.rb
 - lib/bundler/spec_set.rb
 - lib/bundler/ssl_certs/.document
+- lib/bundler/ssl_certs/AddTrustExternalCARoot.pem
+- lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem
+- lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem
 - lib/bundler/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem
 - lib/bundler/ssl_certs/DigiCertHighAssuranceEVRootCA.pem
 - lib/bundler/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem
@@ -376,7 +393,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.1
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: The best way to manage your application's dependencies