RubyGems - bundler - Versions diffs - 1.9.0 → 1.17.3 - Mend

bundler 1.9.0 → 1.17.3

Potentially problematic release.

This version of bundler might be problematic. Click here for more details.

Files changed (328) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +1157 -6
data/README.md +33 -6
data/bundler.gemspec +51 -18
data/exe/bundle +31 -0
data/{bin → exe}/bundle_ruby +10 -6
data/exe/bundler +4 -0
data/lib/bundler.rb +326 -207
data/lib/bundler/build_metadata.rb +53 -0
data/lib/bundler/capistrano.rb +9 -3
data/lib/bundler/cli.rb +522 -141
data/lib/bundler/cli/add.rb +35 -0
data/lib/bundler/cli/binstubs.rb +22 -11
data/lib/bundler/cli/cache.rb +7 -6
data/lib/bundler/cli/check.rb +11 -8
data/lib/bundler/cli/clean.rb +7 -8
data/lib/bundler/cli/common.rb +53 -7
data/lib/bundler/cli/config.rb +84 -49
data/lib/bundler/cli/console.rb +13 -8
data/lib/bundler/cli/doctor.rb +140 -0
data/lib/bundler/cli/exec.rb +77 -16
data/lib/bundler/cli/gem.rb +120 -52
data/lib/bundler/cli/info.rb +50 -0
data/lib/bundler/cli/init.rb +21 -7
data/lib/bundler/cli/inject.rb +37 -10
data/lib/bundler/cli/install.rb +139 -78
data/lib/bundler/cli/issue.rb +40 -0
data/lib/bundler/cli/list.rb +58 -0
data/lib/bundler/cli/lock.rb +63 -0
data/lib/bundler/cli/open.rb +9 -6
data/lib/bundler/cli/outdated.rb +221 -35
data/lib/bundler/cli/package.rb +11 -7
data/lib/bundler/cli/platform.rb +7 -4
data/lib/bundler/cli/plugin.rb +24 -0
data/lib/bundler/cli/pristine.rb +47 -0
data/lib/bundler/cli/remove.rb +18 -0
data/lib/bundler/cli/show.rb +11 -10
data/lib/bundler/cli/update.rb +47 -29
data/lib/bundler/cli/viz.rb +12 -8
data/lib/bundler/compact_index_client.rb +109 -0
data/lib/bundler/compact_index_client/cache.rb +118 -0
data/lib/bundler/compact_index_client/updater.rb +116 -0
data/lib/bundler/compatibility_guard.rb +14 -0
data/lib/bundler/constants.rb +3 -1
data/lib/bundler/current_ruby.rb +47 -137
data/lib/bundler/definition.rb +599 -230
data/lib/bundler/dep_proxy.rb +15 -10
data/lib/bundler/dependency.rb +54 -25
data/lib/bundler/deployment.rb +12 -2
data/lib/bundler/deprecate.rb +33 -4
data/lib/bundler/dsl.rb +383 -99
data/lib/bundler/endpoint_specification.rb +72 -7
data/lib/bundler/env.rb +121 -41
data/lib/bundler/environment_preserver.rb +59 -0
data/lib/bundler/errors.rb +158 -0
data/lib/bundler/feature_flag.rb +74 -0
data/lib/bundler/fetcher.rb +171 -280
data/lib/bundler/fetcher/base.rb +52 -0
data/lib/bundler/fetcher/compact_index.rb +126 -0
data/lib/bundler/fetcher/dependency.rb +82 -0
data/lib/bundler/fetcher/downloader.rb +84 -0
data/lib/bundler/fetcher/index.rb +52 -0
data/lib/bundler/friendly_errors.rb +113 -58
data/lib/bundler/gem_helper.rb +73 -46
data/lib/bundler/gem_helpers.rb +85 -9
data/lib/bundler/gem_remote_fetcher.rb +43 -0
data/lib/bundler/gem_tasks.rb +6 -1
data/lib/bundler/gem_version_promoter.rb +190 -0
data/lib/bundler/gemdeps.rb +29 -0
data/lib/bundler/graph.rb +32 -49
data/lib/bundler/index.rb +79 -67
data/lib/bundler/injector.rb +219 -30
data/lib/bundler/inline.rb +74 -0
data/lib/bundler/installer.rb +191 -206
data/lib/bundler/installer/gem_installer.rb +85 -0
data/lib/bundler/installer/parallel_installer.rb +233 -0
data/lib/bundler/installer/standalone.rb +53 -0
data/lib/bundler/lazy_specification.rb +53 -13
data/lib/bundler/lockfile_generator.rb +95 -0
data/lib/bundler/lockfile_parser.rb +157 -62
data/lib/bundler/match_platform.rb +15 -4
data/lib/bundler/mirror.rb +223 -0
data/lib/bundler/plugin.rb +292 -0
data/lib/bundler/plugin/api.rb +81 -0
data/lib/bundler/plugin/api/source.rb +306 -0
data/lib/bundler/plugin/dsl.rb +53 -0
data/lib/bundler/plugin/events.rb +61 -0
data/lib/bundler/plugin/index.rb +162 -0
data/lib/bundler/plugin/installer.rb +96 -0
data/lib/bundler/plugin/installer/git.rb +38 -0
data/lib/bundler/plugin/installer/rubygems.rb +27 -0
data/lib/bundler/plugin/source_list.rb +27 -0
data/lib/bundler/process_lock.rb +24 -0
data/lib/bundler/psyched_yaml.rb +17 -6
data/lib/bundler/remote_specification.rb +68 -11
data/lib/bundler/resolver.rb +263 -229
data/lib/bundler/resolver/spec_group.rb +106 -0
data/lib/bundler/retry.rb +25 -19
data/lib/bundler/ruby_dsl.rb +9 -2
data/lib/bundler/ruby_version.rb +101 -66
data/lib/bundler/rubygems_ext.rb +77 -37
data/lib/bundler/rubygems_gem_installer.rb +106 -0
data/lib/bundler/rubygems_integration.rb +450 -163
data/lib/bundler/runtime.rb +133 -103
data/lib/bundler/settings.rb +344 -83
data/lib/bundler/settings/validator.rb +102 -0
data/lib/bundler/setup.rb +7 -3
data/lib/bundler/shared_helpers.rb +284 -54
data/lib/bundler/similarity_detector.rb +21 -21
data/lib/bundler/source.rb +68 -15
data/lib/bundler/source/gemspec.rb +18 -0
data/lib/bundler/source/git.rb +90 -55
data/lib/bundler/source/git/git_proxy.rb +135 -35
data/lib/bundler/source/metadata.rb +62 -0
data/lib/bundler/source/path.rb +84 -61
data/lib/bundler/source/path/installer.rb +53 -17
data/lib/bundler/source/rubygems.rb +282 -122
data/lib/bundler/source/rubygems/remote.rb +69 -0
data/lib/bundler/source_list.rb +107 -22
data/lib/bundler/spec_set.rb +83 -45
data/lib/bundler/ssl_certs/certificate_manager.rb +8 -7
data/lib/bundler/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem +21 -0
data/lib/bundler/ssl_certs/{DigiCertHighAssuranceEVRootCA.pem → rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem} +0 -0
data/lib/bundler/ssl_certs/{AddTrustExternalCARoot-2048.pem → rubygems.org/AddTrustExternalCARoot.pem} +0 -0
data/lib/bundler/stub_specification.rb +108 -0
data/lib/bundler/templates/.document +1 -0
data/lib/bundler/templates/Executable +19 -6
data/lib/bundler/templates/Executable.bundler +105 -0
data/lib/bundler/templates/Executable.standalone +6 -4
data/lib/bundler/templates/Gemfile +4 -1
data/lib/bundler/templates/gems.rb +8 -0
data/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +68 -7
data/lib/bundler/templates/newgem/Gemfile.tt +4 -2
data/lib/bundler/templates/newgem/LICENSE.txt.tt +1 -1
data/lib/bundler/templates/newgem/README.md.tt +19 -11
data/lib/bundler/templates/newgem/Rakefile.tt +10 -6
data/lib/bundler/templates/newgem/bin/console.tt +1 -1
data/lib/bundler/templates/newgem/bin/setup.tt +2 -1
data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +4 -4
data/lib/bundler/templates/newgem/ext/newgem/newgem.h.tt +3 -3
data/lib/bundler/templates/newgem/gitignore.tt +5 -1
data/lib/bundler/templates/newgem/lib/newgem.rb.tt +7 -6
data/lib/bundler/templates/newgem/lib/newgem/version.rb.tt +4 -4
data/lib/bundler/templates/newgem/newgem.gemspec.tt +31 -15
data/lib/bundler/templates/newgem/rspec.tt +1 -0
data/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +3 -5
data/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +14 -2
data/lib/bundler/templates/newgem/test/{test_newgem.rb.tt → newgem_test.rb.tt} +2 -2
data/lib/bundler/templates/newgem/test/test_helper.rb.tt +4 -0
data/lib/bundler/templates/newgem/travis.yml.tt +7 -0
data/lib/bundler/ui.rb +5 -3
data/lib/bundler/ui/rg_proxy.rb +5 -7
data/lib/bundler/ui/shell.rb +69 -18
data/lib/bundler/ui/silent.rb +26 -1
data/lib/bundler/uri_credentials_filter.rb +37 -0
data/lib/bundler/vendor/fileutils/lib/fileutils.rb +1638 -0
data/lib/bundler/vendor/molinillo/lib/molinillo.rb +12 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/compatibility.rb +26 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/delegates/resolution_state.rb +57 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/delegates/specification_provider.rb +81 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +223 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb +36 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +66 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +62 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +63 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +61 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/log.rb +126 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/set_payload.rb +46 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +36 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +136 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +143 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +6 -0
data/lib/bundler/vendor/{Molinillo-0.2.1 → molinillo}/lib/molinillo/modules/specification_provider.rb +11 -0
data/lib/bundler/vendor/{Molinillo-0.2.1 → molinillo}/lib/molinillo/modules/ui.rb +6 -2
data/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +837 -0
data/lib/bundler/vendor/{Molinillo-0.2.1 → molinillo}/lib/molinillo/resolver.rb +6 -3
data/lib/bundler/vendor/molinillo/lib/molinillo/state.rb +58 -0
data/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/faster.rb +1 -0
data/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/persistent.rb +27 -24
data/lib/bundler/vendor/{net → net-http-persistent/lib/net}/http/persistent/ssl_reuse.rb +2 -1
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor.rb +47 -22
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions.rb +31 -29
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/create_file.rb +3 -2
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/create_link.rb +3 -2
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/directory.rb +3 -3
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/empty_directory.rb +16 -8
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/file_manipulation.rb +66 -18
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/actions/inject_into_file.rb +18 -16
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/base.rb +67 -44
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/command.rb +13 -11
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/core_ext/hash_with_indifferent_access.rb +21 -1
data/lib/bundler/vendor/thor/lib/thor/core_ext/io_binary_read.rb +12 -0
data/lib/bundler/vendor/thor/lib/thor/core_ext/ordered_hash.rb +129 -0
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/error.rb +3 -3
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/group.rb +14 -14
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/invocation.rb +4 -5
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/line_editor.rb +2 -2
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/line_editor/basic.rb +2 -0
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/line_editor/readline.rb +0 -0
data/lib/bundler/vendor/thor/lib/thor/parser.rb +4 -0
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/parser/argument.rb +4 -7
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/parser/arguments.rb +16 -16
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/parser/option.rb +42 -21
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/parser/options.rb +13 -10
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/rake_compat.rb +1 -1
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/runner.rb +35 -33
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/shell.rb +4 -4
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/shell/basic.rb +49 -33
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/shell/color.rb +2 -2
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/shell/html.rb +5 -5
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/util.rb +8 -7
data/lib/bundler/vendor/{thor-0.19.1 → thor}/lib/thor/version.rb +1 -1
data/lib/bundler/vendored_fileutils.rb +9 -0
data/lib/bundler/vendored_molinillo.rb +4 -5
data/lib/bundler/vendored_persistent.rb +45 -4
data/lib/bundler/vendored_thor.rb +8 -5
data/lib/bundler/version.rb +23 -1
data/lib/bundler/version_ranges.rb +76 -0
data/lib/bundler/vlad.rb +8 -2
data/lib/bundler/worker.rb +39 -6
data/lib/bundler/yaml_serializer.rb +90 -0
data/man/bundle-add.1 +58 -0
data/man/bundle-add.1.txt +52 -0
data/man/bundle-add.ronn +40 -0
data/man/bundle-binstubs.1 +40 -0
data/man/bundle-binstubs.1.txt +48 -0
data/man/bundle-binstubs.ronn +43 -0
data/man/bundle-check.1 +31 -0
data/man/bundle-check.1.txt +33 -0
data/man/bundle-check.ronn +26 -0
data/man/bundle-clean.1 +24 -0
data/man/bundle-clean.1.txt +26 -0
data/man/bundle-clean.ronn +18 -0
data/man/bundle-config.1 +497 -0
data/man/bundle-config.1.txt +529 -0
data/man/bundle-config.ronn +256 -31
data/man/bundle-doctor.1 +44 -0
data/man/bundle-doctor.1.txt +44 -0
data/man/bundle-doctor.ronn +33 -0
data/man/bundle-exec.1 +165 -0
data/man/bundle-exec.1.txt +178 -0
data/man/bundle-exec.ronn +19 -3
data/man/bundle-gem.1 +80 -0
data/man/bundle-gem.1.txt +91 -0
data/man/bundle-gem.ronn +78 -0
data/man/bundle-info.1 +20 -0
data/man/bundle-info.1.txt +21 -0
data/man/bundle-info.ronn +17 -0
data/man/bundle-init.1 +25 -0
data/man/bundle-init.1.txt +34 -0
data/man/bundle-init.ronn +29 -0
data/man/bundle-inject.1 +33 -0
data/man/bundle-inject.1.txt +32 -0
data/man/bundle-inject.ronn +22 -0
data/man/bundle-install.1 +308 -0
data/man/bundle-install.1.txt +396 -0
data/man/bundle-install.ronn +64 -67
data/man/bundle-list.1 +50 -0
data/man/bundle-list.1.txt +43 -0
data/man/bundle-list.ronn +33 -0
data/man/bundle-lock.1 +84 -0
data/man/bundle-lock.1.txt +93 -0
data/man/bundle-lock.ronn +94 -0
data/man/bundle-open.1 +32 -0
data/man/bundle-open.1.txt +29 -0
data/man/bundle-open.ronn +19 -0
data/man/bundle-outdated.1 +155 -0
data/man/bundle-outdated.1.txt +131 -0
data/man/bundle-outdated.ronn +111 -0
data/man/bundle-package.1 +55 -0
data/man/bundle-package.1.txt +79 -0
data/man/bundle-package.ronn +14 -8
data/man/bundle-platform.1 +61 -0
data/man/bundle-platform.1.txt +57 -0
data/man/bundle-platform.ronn +1 -1
data/man/bundle-pristine.1 +34 -0
data/man/bundle-pristine.1.txt +44 -0
data/man/bundle-pristine.ronn +34 -0
data/man/bundle-remove.1 +31 -0
data/man/bundle-remove.1.txt +34 -0
data/man/bundle-remove.ronn +23 -0
data/man/bundle-show.1 +23 -0
data/man/bundle-show.1.txt +27 -0
data/man/bundle-show.ronn +21 -0
data/man/bundle-update.1 +394 -0
data/man/bundle-update.1.txt +391 -0
data/man/bundle-update.ronn +180 -18
data/man/bundle-viz.1 +39 -0
data/man/bundle-viz.1.txt +39 -0
data/man/bundle-viz.ronn +30 -0
data/man/bundle.1 +136 -0
data/man/bundle.1.txt +116 -0
data/man/bundle.ronn +46 -33
data/man/gemfile.5 +689 -0
data/man/gemfile.5.ronn +127 -79
data/man/gemfile.5.txt +653 -0
data/man/index.txt +25 -7
metadata +242 -95
data/.gitignore +0 -16
data/.rspec +0 -3
data/.travis.yml +0 -110
data/CODE_OF_CONDUCT.md +0 -40
data/CONTRIBUTING.md +0 -32
data/DEVELOPMENT.md +0 -119
data/ISSUES.md +0 -96
data/Rakefile +0 -302
data/UPGRADING.md +0 -103
data/bin/bundle +0 -21
data/bin/bundler +0 -21
data/lib/bundler/anonymizable_uri.rb +0 -32
data/lib/bundler/environment.rb +0 -42
data/lib/bundler/gem_installer.rb +0 -9
data/lib/bundler/gem_path_manipulation.rb +0 -8
data/lib/bundler/ssl_certs/AddTrustExternalCARoot.pem +0 -32
data/lib/bundler/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem +0 -14
data/lib/bundler/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem +0 -28
data/lib/bundler/ssl_certs/GeoTrustGlobalCA.pem +0 -20
data/lib/bundler/templates/newgem/.travis.yml.tt +0 -3
data/lib/bundler/templates/newgem/test/minitest_helper.rb.tt +0 -4
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo.rb +0 -5
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo/dependency_graph.rb +0 -266
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo/errors.rb +0 -69
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo/gem_metadata.rb +0 -3
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo/resolution.rb +0 -412
data/lib/bundler/vendor/Molinillo-0.2.1/lib/molinillo/state.rb +0 -43
data/lib/bundler/vendor/thor-0.19.1/lib/thor/core_ext/io_binary_read.rb +0 -10
data/lib/bundler/vendor/thor-0.19.1/lib/thor/core_ext/ordered_hash.rb +0 -98
data/lib/bundler/vendor/thor-0.19.1/lib/thor/parser.rb +0 -4

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module Bundler
+  class ProcessLock
+    def self.lock(bundle_path = Bundler.bundle_path)
+      lock_file_path = File.join(bundle_path, "bundler.lock")
+      has_lock = false
+      File.open(lock_file_path, "w") do |f|
+        f.flock(File::LOCK_EX)
+        has_lock = true
+        yield
+        f.flock(File::LOCK_UN)
+      end
+    rescue Errno::EACCES, Errno::ENOLCK, *[SharedHelpers.const_get_safely(:ENOTSUP, Errno)].compact
+      # In the case the user does not have access to
+      # create the lock file or is using NFS where
+      # locks are not available we skip locking.
+      yield
+    ensure
+      FileUtils.rm_f(lock_file_path) if has_lock
+    end
+  end
+end

data/lib/bundler/psyched_yaml.rb CHANGED

@@ -1,26 +1,37 @@
+# frozen_string_literal: true
 # Psych could be a gem, so try to ask for it
 begin
-  gem 'psych'
+  gem "psych"
 rescue LoadError
 end if defined?(gem)
-# Psych could just be in the stdlib
+# Psych could be in the stdlib
 # but it's too late if Syck is already loaded
 begin
-  require 'psych' unless defined?(Syck)
+  require "psych" unless defined?(Syck)
 rescue LoadError
   # Apparently Psych wasn't available. Oh well.
 end
 # At least load the YAML stdlib, whatever that may be
-require 'yaml' unless defined?(YAML.dump)
+require "yaml" unless defined?(YAML.dump)
 module Bundler
   # On encountering invalid YAML,
   # Psych raises Psych::SyntaxError
   if defined?(::Psych::SyntaxError)
-    YamlSyntaxError = ::Psych::SyntaxError
+    YamlLibrarySyntaxError = ::Psych::SyntaxError
   else # Syck raises ArgumentError
-    YamlSyntaxError = ::ArgumentError
+    YamlLibrarySyntaxError = ::ArgumentError
+  end
+end
+require "bundler/deprecate"
+begin
+  Bundler::Deprecate.skip_during do
+    require "rubygems/safe_yaml"
   end
+rescue LoadError
+  # it's OK if the file isn't there
 end

data/lib/bundler/remote_specification.rb CHANGED

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 require "uri"
-require "rubygems/spec_fetcher"
 module Bundler
   # Represents a lazily loaded gem specification, where the full specification
@@ -8,15 +9,18 @@ module Bundler
   # full specification will only be fetched when necessary.
   class RemoteSpecification
     include MatchPlatform
+    include Comparable
     attr_reader :name, :version, :platform
-    attr_accessor :source, :source_uri
+    attr_writer :dependencies
+    attr_accessor :source, :remote
     def initialize(name, version, platform, spec_fetcher)
       @name         = name
-      @version      = version
+      @version      = Gem::Version.create version
       @platform     = platform
       @spec_fetcher = spec_fetcher
+      @dependencies = nil
     end
     # Needed before installs, since the arch matters then and quick
@@ -26,32 +30,85 @@ module Bundler
     end
     def full_name
-      if platform == Gem::Platform::RUBY or platform.nil? then
+      if platform == Gem::Platform::RUBY || platform.nil?
         "#{@name}-#{@version}"
       else
         "#{@name}-#{@version}-#{platform}"
       end
     end
+    # Compare this specification against another object. Using sort_obj
+    # is compatible with Gem::Specification and other Bundler or RubyGems
+    # objects. Otherwise, use the default Object comparison.
+    def <=>(other)
+      if other.respond_to?(:sort_obj)
+        sort_obj <=> other.sort_obj
+      else
+        super
+      end
+    end
     # Because Rubyforge cannot be trusted to provide valid specifications
     # once the remote gem is downloaded, the backend specification will
     # be swapped out.
     def __swap__(spec)
-      @specification = spec
+      SharedHelpers.ensure_same_dependencies(self, dependencies, spec.dependencies)
+      @_remote_specification = spec
+    end
+    # Create a delegate used for sorting. This strategy is copied from
+    # RubyGems 2.23 and ensures that Bundler's specifications can be
+    # compared and sorted with RubyGems' own specifications.
+    #
+    # @see #<=>
+    # @see Gem::Specification#sort_obj
+    #
+    # @return [Array] an object you can use to compare and sort this
+    #   specification against other specifications
+    def sort_obj
+      [@name, @version, @platform == Gem::Platform::RUBY ? -1 : 1]
+    end
+    def to_s
+      "#<#{self.class} name=#{name} version=#{version} platform=#{platform}>"
+    end
+    def dependencies
+      @dependencies ||= begin
+        deps = method_missing(:dependencies)
+        # allow us to handle when the specs dependencies are an array of array of string
+        # see https://github.com/bundler/bundler/issues/5797
+        deps = deps.map {|d| d.is_a?(Gem::Dependency) ? d : Gem::Dependency.new(*d) }
+        deps
+      end
+    end
+    def git_version
+      return unless loaded_from && source.is_a?(Bundler::Source::Git)
+      " #{source.revision[0..6]}"
     end
   private
+    def to_ary
+      nil
+    end
     def _remote_specification
-      @specification ||= @spec_fetcher.fetch_spec([@name, @version, @platform])
+      @_remote_specification ||= @spec_fetcher.fetch_spec([@name, @version, @platform])
+      @_remote_specification || raise(GemspecError, "Gemspec data for #{full_name} was" \
+        " missing from the server! Try installing with `--full-index` as a workaround.")
     end
     def method_missing(method, *args, &blk)
-      if Gem::Specification.new.respond_to?(method)
-        _remote_specification.send(method, *args, &blk)
-      else
-        super
-      end
+      _remote_specification.send(method, *args, &blk)
+    end
+    def respond_to?(method, include_all = false)
+      super || _remote_specification.respond_to?(method, include_all)
     end
+    public :respond_to?
   end
 end

data/lib/bundler/resolver.rb CHANGED

@@ -1,170 +1,9 @@
-require 'set'
-# This is the latest iteration of the gem dependency resolving algorithm. As of now,
-# it can resolve (as a success or failure) any set of gem dependencies we throw at it
-# in a reasonable amount of time. The most iterations I've seen it take is about 150.
-# The actual implementation of the algorithm is not as good as it could be yet, but that
-# can come later.
+# frozen_string_literal: true
 module Bundler
   class Resolver
-    require 'bundler/vendored_molinillo'
-    class Molinillo::VersionConflict
-      def clean_req(req)
-        if req.to_s.include?(">= 0")
-          req.to_s.gsub(/ \(.*?\)$/, '')
-        else
-          req.to_s.gsub(/\, (runtime|development)\)$/, ')')
-        end
-      end
-      def message
-        conflicts.values.flatten.reduce('') do |o, conflict|
-          o << %(Bundler could not find compatible versions for gem "#{conflict.requirement.name}":\n)
-          if conflict.locked_requirement
-            o << %(  In snapshot (Gemfile.lock):\n)
-            o << %(    #{clean_req conflict.locked_requirement}\n)
-            o << %(\n)
-          end
-          o << %(  In Gemfile:\n)
-          o << conflict.requirement_trees.map do |tree|
-            t = ''
-            depth = 2
-            tree.each do |req|
-              t << '  ' * depth << %(#{clean_req req})
-              t << %( depends on) unless tree[-1] == req
-              t << %(\n)
-              depth += 1
-            end
-            t
-          end.join("\n")
-          if conflict.requirement.name == 'bundler'
-            o << %(\n  Current Bundler version:\n    bundler (#{Bundler::VERSION}))
-            other_bundler_required = !conflict.requirement.requirement.satisfied_by?(Gem::Version.new Bundler::VERSION)
-          end
-          if conflict.requirement.name == "bundler" && other_bundler_required
-            o << "\n"
-            o << "This Gemfile requires a different version of Bundler.\n"
-            o << "Perhaps you need to update Bundler by running `gem install bundler`?\n"
-          end
-          if conflict.locked_requirement
-            o << "\n"
-            o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
-            o << %(the gems in your Gemfile, which may resolve the conflict.\n)
-          elsif !conflict.existing
-            if conflict.requirement_trees.first.size > 1
-              o << "Could not find gem '#{clean_req(conflict.requirement)}', which is required by "
-              o << "gem '#{clean_req(conflict.requirement_trees.first[-2])}', in any of the sources."
-            else
-              o << "Could not find gem '#{clean_req(conflict.requirement)} in any of the sources\n"
-            end
-          end
-          o
-        end
-      end
-    end
-    ALL = Bundler::Dependency::PLATFORM_MAP.values.uniq.freeze
-    class SpecGroup < Array
-      include GemHelpers
-      attr_reader :activated, :required_by
-      def initialize(a)
-        super
-        @required_by  = []
-        @activated    = []
-        @dependencies = nil
-        @specs        = {}
-        ALL.each do |p|
-          @specs[p] = reverse.find { |s| s.match_platform(p) }
-        end
-      end
-      def initialize_copy(o)
-        super
-        @required_by = o.required_by.dup
-        @activated   = o.activated.dup
-      end
-      def to_specs
-        specs = {}
-        @activated.each do |p|
-          if s = @specs[p]
-            platform = generic(Gem::Platform.new(s.platform))
-            next if specs[platform]
-            lazy_spec = LazySpecification.new(name, version, platform, source)
-            lazy_spec.dependencies.replace s.dependencies
-            specs[platform] = lazy_spec
-          end
-        end
-        specs.values
-      end
-      def activate_platform(platform)
-        unless @activated.include?(platform)
-          if for?(platform)
-            @activated << platform
-            return __dependencies[platform] || []
-          end
-        end
-        []
-      end
-      def name
-        @name ||= first.name
-      end
-      def version
-        @version ||= first.version
-      end
-      def source
-        @source ||= first.source
-      end
-      def for?(platform)
-        @specs[platform]
-      end
-      def to_s
-        "#{name} (#{version})"
-      end
-      def dependencies_for_activated_platforms
-        @activated.map { |p| __dependencies[p] }.flatten
-      end
-      def platforms_for_dependency_named(dependency)
-        __dependencies.select { |p, deps| deps.map(&:name).include? dependency }.keys
-      end
-    private
-      def __dependencies
-        @dependencies ||= begin
-          dependencies = {}
-          ALL.each do |p|
-            if spec = @specs[p]
-              dependencies[p] = []
-              spec.dependencies.each do |dep|
-                next if dep.type == :development
-                dependencies[p] << DepProxy.new(dep, p)
-              end
-            end
-          end
-          dependencies
-        end
-      end
-    end
+    require "bundler/vendored_molinillo"
+    require "bundler/resolver/spec_group"
     # Figures out the best possible configuration of gems that satisfies
     # the list of passed dependencies and any child dependencies without
@@ -176,36 +15,50 @@ module Bundler
     # ==== Returns
     # <GemBundle>,nil:: If the list of dependencies can be resolved, a
     #   collection of gemspecs is returned. Otherwise, nil is returned.
-    def self.resolve(requirements, index, source_requirements = {}, base = [])
+    def self.resolve(requirements, index, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
+      platforms = Set.new(platforms) if platforms
       base = SpecSet.new(base) unless base.is_a?(SpecSet)
-      resolver = new(index, source_requirements, base)
+      resolver = new(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
       result = resolver.start(requirements)
       SpecSet.new(result)
     end
-    def initialize(index, source_requirements, base)
+    def initialize(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
       @index = index
       @source_requirements = source_requirements
       @base = base
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
-      @prereleases_cache = Hash.new { |h,k| h[k] = k.prerelease? }
       @base_dg = Molinillo::DependencyGraph.new
-      @base.each { |ls| @base_dg.add_root_vertex ls.name, Dependency.new(ls.name, ls.version) }
+      @base.each do |ls|
+        dep = Dependency.new(ls.name, ls.version)
+        @base_dg.add_vertex(ls.name, DepProxy.new(dep, ls.platform), true)
+      end
+      additional_base_requirements.each {|d| @base_dg.add_vertex(d.name, d) }
+      @platforms = platforms
+      @gem_version_promoter = gem_version_promoter
+      @allow_bundler_dependency_conflicts = Bundler.feature_flag.allow_bundler_dependency_conflicts?
+      @lockfile_uses_separate_rubygems_sources = Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+      @use_gvp = Bundler.feature_flag.use_gem_version_promoter_for_major_updates? || !@gem_version_promoter.major?
     end
     def start(requirements)
+      @gem_version_promoter.prerelease_specified = @prerelease_specified = {}
+      requirements.each {|dep| @prerelease_specified[dep.name] ||= dep.prerelease? }
       verify_gemfile_dependencies_are_found!(requirements)
       dg = @resolver.resolve(requirements, @base_dg)
-      dg.map(&:payload).map(&:to_specs).flatten
+      dg.map(&:payload).
+        reject {|sg| sg.name.end_with?("\0") }.
+        map(&:to_specs).flatten
     rescue Molinillo::VersionConflict => e
-      raise VersionConflict.new(e.conflicts.keys.uniq, e.message)
+      message = version_conflict_message(e)
+      raise VersionConflict.new(e.conflicts.keys.uniq, message)
     rescue Molinillo::CircularDependencyError => e
-      names = e.dependencies.sort_by(&:name).map { |d| "gem '#{d.name}'"}
-      raise CyclicDependencyError, "Your Gemfile requires gems that depend" \
+      names = e.dependencies.sort_by(&:name).map {|d| "gem '#{d.name}'" }
+      raise CyclicDependencyError, "Your bundle requires gems that depend" \
         " on each other, creating an infinite loop. Please remove" \
-        " #{names.count > 1 ? 'either ' : '' }#{names.join(' or ')}" \
+        " #{names.count > 1 ? "either " : ""}#{names.join(" or ")}" \
         " and try again."
     end
@@ -216,31 +69,29 @@ module Bundler
     # @param [Integer] depth the current depth of the resolution process.
     # @return [void]
     def debug(depth = 0)
-      if debug?
-        debug_info = yield
-        debug_info = debug_info.inspect unless debug_info.is_a?(String)
-        STDERR.puts debug_info.split("\n").map { |s| '  ' * depth + s }
-      end
+      return unless debug?
+      debug_info = yield
+      debug_info = debug_info.inspect unless debug_info.is_a?(String)
+      STDERR.puts debug_info.split("\n").map {|s| "  " * depth + s }
     end
     def debug?
-      ENV['DEBUG_RESOLVER'] || ENV['DEBUG_RESOLVER_TREE']
+      return @debug_mode if defined?(@debug_mode)
+      @debug_mode = ENV["DEBUG_RESOLVER"] || ENV["DEBUG_RESOLVER_TREE"] || false
     end
     def before_resolution
-      Bundler.ui.info 'Resolving dependencies...', false
+      Bundler.ui.info "Resolving dependencies...", debug?
     end
     def after_resolution
-      Bundler.ui.info ''
+      Bundler.ui.info ""
     end
     def indicate_progress
-      Bundler.ui.info '.', false
+      Bundler.ui.info ".", false unless debug?
     end
-    private
     include Molinillo::SpecificationProvider
     def dependencies_for(specification)
@@ -251,28 +102,65 @@ module Bundler
       platform = dependency.__platform
       dependency = dependency.dep unless dependency.is_a? Gem::Dependency
       search = @search_for[dependency] ||= begin
-        index = @source_requirements[dependency.name] || @index
+        index = index_for(dependency)
         results = index.search(dependency, @base[dependency.name])
         if vertex = @base_dg.vertex_named(dependency.name)
           locked_requirement = vertex.payload.requirement
         end
-        if results.any?
-          version = results.first.version
-          nested  = [[]]
+        if !@prerelease_specified[dependency.name] && (!@use_gvp || locked_requirement.nil?)
+          # Move prereleases to the beginning of the list, so they're considered
+          # last during resolution.
+          pre, results = results.partition {|spec| spec.version.prerelease? }
+          results = pre + results
+        end
+        spec_groups = if results.any?
+          nested = []
           results.each do |spec|
-            if spec.version != version
-              nested << []
-              version = spec.version
+            version, specs = nested.last
+            if version == spec.version
+              specs << spec
+            else
+              nested << [spec.version, [spec]]
             end
-            nested.last << spec
           end
-          groups = nested.map { |a| SpecGroup.new(a) }
-          !locked_requirement ? groups : groups.select { |sg| locked_requirement.satisfied_by? sg.version }
+          nested.reduce([]) do |groups, (version, specs)|
+            next groups if locked_requirement && !locked_requirement.satisfied_by?(version)
+            spec_group = SpecGroup.new(specs)
+            spec_group.ignores_bundler_dependencies = @allow_bundler_dependency_conflicts
+            groups << spec_group
+          end
         else
           []
         end
+        # GVP handles major itself, but it's still a bit risky to trust it with it
+        # until we get it settled with new behavior. For 2.x it can take over all cases.
+        if !@use_gvp
+          spec_groups
+        else
+          @gem_version_promoter.sort_versions(dependency, spec_groups)
+        end
+      end
+      search.select {|sg| sg.for?(platform) }.each {|sg| sg.activate_platform!(platform) }
+    end
+    def index_for(dependency)
+      source = @source_requirements[dependency.name]
+      if source
+        source.specs
+      elsif @lockfile_uses_separate_rubygems_sources
+        Index.build do |idx|
+          if dependency.all_sources
+            dependency.all_sources.each {|s| idx.add_source(s.specs) if s }
+          else
+            idx.add_source @source_requirements[:default].specs
+          end
+        end
+      else
+        @index
       end
-      search.select { |sg| sg.for?(platform) }.each { |sg| sg.activate_platform(platform) }
     end
     def name_for(dependency)
@@ -280,60 +168,206 @@ module Bundler
     end
     def name_for_explicit_dependency_source
-      'Gemfile'
+      Bundler.default_gemfile.basename.to_s
+    rescue
+      "Gemfile"
     end
     def name_for_locking_dependency_source
-      'Gemfile.lock'
+      Bundler.default_lockfile.basename.to_s
+    rescue
+      "Gemfile.lock"
     end
     def requirement_satisfied_by?(requirement, activated, spec)
-      requirement.matches_spec?(spec)
+      return false unless requirement.matches_spec?(spec) || spec.source.is_a?(Source::Gemspec)
+      spec.activate_platform!(requirement.__platform) if !@platforms || @platforms.include?(requirement.__platform)
+      true
+    end
+    def relevant_sources_for_vertex(vertex)
+      if vertex.root?
+        [@source_requirements[vertex.name]]
+      elsif @lockfile_uses_separate_rubygems_sources
+        vertex.recursive_predecessors.map do |v|
+          @source_requirements[v.name]
+        end << @source_requirements[:default]
+      end
     end
     def sort_dependencies(dependencies, activated, conflicts)
       dependencies.sort_by do |dependency|
+        dependency.all_sources = relevant_sources_for_vertex(activated.vertex_named(dependency.name))
         name = name_for(dependency)
+        vertex = activated.vertex_named(name)
         [
-          activated.vertex_named(name).payload ? 0 : 1,
-          @prereleases_cache[dependency.requirement] ? 0 : 1,
+          @base_dg.vertex_named(name) ? 0 : 1,
+          vertex.payload ? 0 : 1,
+          vertex.root? ? 0 : 1,
+          amount_constrained(dependency),
           conflicts[name] ? 0 : 1,
-          activated.vertex_named(name).payload ? 0 : search_for(dependency).count,
+          vertex.payload ? 0 : search_for(dependency).count,
+          self.class.platform_sort_key(dependency.__platform),
         ]
       end
     end
-    def verify_gemfile_dependencies_are_found!(requirements)
-      requirements.each do |requirement|
-        next if requirement.name == 'bundler'
-        if search_for(requirement).empty?
-          if base = @base[requirement.name] and !base.empty?
-            version = base.first.version
-            message = "You have requested:\n" \
-              "  #{requirement.name} #{requirement.requirement}\n\n" \
-              "The bundle currently has #{requirement.name} locked at #{version}.\n" \
-              "Try running `bundle update #{requirement.name}`"
-          elsif requirement.source
-            name = requirement.name
-            versions = @source_requirements[name][name].map { |s| s.version }
-            message  = "Could not find gem '#{requirement}' in #{requirement.source}.\n"
-            if versions.any?
-              message << "Source contains '#{name}' at: #{versions.join(', ')}"
-            else
-              message << "Source does not contain any versions of '#{requirement}'"
-            end
+    # Sort platforms from most general to most specific
+    def self.sort_platforms(platforms)
+      platforms.sort_by do |platform|
+        platform_sort_key(platform)
+      end
+    end
+    def self.platform_sort_key(platform)
+      return ["", "", ""] if Gem::Platform::RUBY == platform
+      platform.to_a.map {|part| part || "" }
+    end
+  private
+    # returns an integer \in (-\infty, 0]
+    # a number closer to 0 means the dependency is less constraining
+    #
+    # dependencies w/ 0 or 1 possibilities (ignoring version requirements)
+    # are given very negative values, so they _always_ sort first,
+    # before dependencies that are unconstrained
+    def amount_constrained(dependency)
+      @amount_constrained ||= {}
+      @amount_constrained[dependency.name] ||= begin
+        if (base = @base[dependency.name]) && !base.empty?
+          dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
+        else
+          all = index_for(dependency).search(dependency.name).size
+          if all <= 1
+            all - 1_000_000
           else
-            message = "Could not find gem '#{requirement}' "
-            if @index.source_types.include?(Bundler::Source::Rubygems)
-              message << "in any of the gem sources listed in your Gemfile."
-            else
-              message << "in the gems available on this machine."
-            end
+            search = search_for(dependency)
+            search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
+            search - all
           end
-          raise GemNotFound, message
         end
       end
     end
+    def verify_gemfile_dependencies_are_found!(requirements)
+      requirements.each do |requirement|
+        name = requirement.name
+        next if name == "bundler"
+        next unless search_for(requirement).empty?
+        cache_message = begin
+                            " or in gems cached in #{Bundler.settings.app_cache_path}" if Bundler.app_cache.exist?
+                          rescue GemfileNotFound
+                            nil
+                          end
+        if (base = @base[name]) && !base.empty?
+          version = base.first.version
+          message = "You have requested:\n" \
+            "  #{name} #{requirement.requirement}\n\n" \
+            "The bundle currently has #{name} locked at #{version}.\n" \
+            "Try running `bundle update #{name}`\n\n" \
+            "If you are updating multiple gems in your Gemfile at once,\n" \
+            "try passing them all to `bundle update`"
+        elsif source = @source_requirements[name]
+          specs = source.specs[name]
+          versions_with_platforms = specs.map {|s| [s.version, s.platform] }
+          message = String.new("Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in #{source}#{cache_message}.\n")
+          message << if versions_with_platforms.any?
+                       "The source contains '#{name}' at: #{formatted_versions_with_platforms(versions_with_platforms)}"
+                     else
+                       "The source does not contain any versions of '#{name}'"
+                     end
+        else
+          message = "Could not find gem '#{requirement}' in any of the gem sources " \
+            "listed in your Gemfile#{cache_message}."
+        end
+        raise GemNotFound, message
+      end
+    end
+    def formatted_versions_with_platforms(versions_with_platforms)
+      version_platform_strs = versions_with_platforms.map do |vwp|
+        version = vwp.first
+        platform = vwp.last
+        version_platform_str = String.new(version.to_s)
+        version_platform_str << " #{platform}" unless platform.nil? || platform == Gem::Platform::RUBY
+        version_platform_str
+      end
+      version_platform_strs.join(", ")
+    end
+    def version_conflict_message(e)
+      e.message_with_trees(
+        :solver_name => "Bundler",
+        :possibility_type => "gem",
+        :reduce_trees => lambda do |trees|
+          # called first, because we want to reduce the amount of work required to find maximal empty sets
+          trees = trees.uniq {|t| t.flatten.map {|dep| [dep.name, dep.requirement] } }
+          # bail out if tree size is too big for Array#combination to make any sense
+          return trees if trees.size > 15
+          maximal = 1.upto(trees.size).map do |size|
+            trees.map(&:last).flatten(1).combination(size).to_a
+          end.flatten(1).select do |deps|
+            Bundler::VersionRanges.empty?(*Bundler::VersionRanges.for_many(deps.map(&:requirement)))
+          end.min_by(&:size)
+          trees.reject! {|t| !maximal.include?(t.last) } if maximal
+          trees = trees.sort_by {|t| t.flatten.map(&:to_s) }
+          trees.uniq! {|t| t.flatten.map {|dep| [dep.name, dep.requirement] } }
+          trees.sort_by {|t| t.reverse.map(&:name) }
+        end,
+        :printable_requirement => lambda {|req| SharedHelpers.pretty_dependency(req) },
+        :additional_message_for_conflict => lambda do |o, name, conflict|
+          if name == "bundler"
+            o << %(\n  Current Bundler version:\n    bundler (#{Bundler::VERSION}))
+            other_bundler_required = !conflict.requirement.requirement.satisfied_by?(Gem::Version.new Bundler::VERSION)
+          end
+          if name == "bundler" && other_bundler_required
+            o << "\n"
+            o << "This Gemfile requires a different version of Bundler.\n"
+            o << "Perhaps you need to update Bundler by running `gem install bundler`?\n"
+          end
+          if conflict.locked_requirement
+            o << "\n"
+            o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
+            o << %(the gems in your Gemfile, which may resolve the conflict.\n)
+          elsif !conflict.existing
+            o << "\n"
+            relevant_sources = if conflict.requirement.source
+              [conflict.requirement.source]
+            elsif conflict.requirement.all_sources
+              conflict.requirement.all_sources
+            elsif @lockfile_uses_separate_rubygems_sources
+              # every conflict should have an explicit group of sources when we
+              # enforce strict pinning
+              raise "no source set for #{conflict}"
+            else
+              []
+            end.compact.map(&:to_s).uniq.sort
+            o << "Could not find gem '#{SharedHelpers.pretty_dependency(conflict.requirement)}'"
+            if conflict.requirement_trees.first.size > 1
+              o << ", which is required by "
+              o << "gem '#{SharedHelpers.pretty_dependency(conflict.requirement_trees.first[-2])}',"
+            end
+            o << " "
+            o << if relevant_sources.empty?
+                   "in any of the sources.\n"
+                 else
+                   "in any of the relevant sources:\n  #{relevant_sources * "\n  "}\n"
+                 end
+          end
+        end,
+        :version_for_spec => lambda {|spec| spec.version }
+      )
+    end
   end
 end