bundler 2.0.2 → 2.1.0

data/lib/bundler/deployment.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require "bundler/shared_helpers"
-Bundler::SharedHelpers.major_deprecation 3, "Bundler no longer integrates with " \
+require_relative "shared_helpers"
+Bundler::SharedHelpers.major_deprecation 2, "Bundler no longer integrates with " \
   "Capistrano, but Capistrano provides its own integration with " \
   "Bundler via the capistrano-bundler gem. Use it instead."
 

data/lib/bundler/dsl.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require "bundler/dependency"
-require "bundler/ruby_dsl"
+require_relative "dependency"
+require_relative "ruby_dsl"
 
 module Bundler
   class Dsl
@@ -44,8 +44,8 @@ module Bundler
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.untaint, gemfile.to_s, 1)
-    rescue Exception => e
+      instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+    rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
         "`#{File.basename gemfile.to_s}`: #{e.message}"
@@ -128,7 +128,7 @@ module Bundler
         else
           Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
                           "You should probably keep only one of them.\n" \
-                          "Remove any duplicate entries and specify the gem only once (per group).\n" \
+                          "Remove any duplicate entries and specify the gem only once.\n" \
                           "While it's not a problem now, it could cause errors if you change the version of one of them later."
         end
 
@@ -194,7 +194,7 @@ module Bundler
               "    end\n\n"
 
         raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
-        SharedHelpers.major_deprecation(3, msg.strip)
+        SharedHelpers.major_deprecation(2, msg.strip)
       end
 
       source_options = normalize_hash(options).merge(
@@ -290,37 +290,16 @@ module Bundler
         warn_deprecated_git_source(:github, <<-'RUBY'.strip, 'Change any "reponame" :github sources to "username/reponame".')
 "https://github.com/#{repo_name}.git"
         RUBY
-        # It would be better to use https instead of the git protocol, but this
-        # can break deployment of existing locked bundles when switching between
-        # different versions of Bundler. The change will be made in 2.0, which
-        # does not guarantee compatibility with the 1.x series.
-        #
-        # See https://github.com/bundler/bundler/pull/2569 for discussion
-        #
-        # This can be overridden by adding this code to your Gemfiles:
-        #
-        #   git_source(:github) do |repo_name|
-        #     repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-        #     "https://github.com/#{repo_name}.git"
-        #   end
         repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-        # TODO: 2.0 upgrade this setting to the default
-        if Bundler.feature_flag.github_https?
-          Bundler::SharedHelpers.major_deprecation 3, "The `github.https` setting will be removed"
-          "https://github.com/#{repo_name}.git"
-        else
-          "git://github.com/#{repo_name}.git"
-        end
+        "https://github.com/#{repo_name}.git"
       end
 
-      # TODO: 2.0 remove this deprecated git source
       git_source(:gist) do |repo_name|
         warn_deprecated_git_source(:gist, '"https://gist.github.com/#{repo_name}.git"')
 
         "https://gist.github.com/#{repo_name}.git"
       end
 
-      # TODO: 2.0 remove this deprecated git source
       git_source(:bitbucket) do |repo_name|
         warn_deprecated_git_source(:bitbucket, <<-'RUBY'.strip)
 user_name, repo_name = repo_name.split("/")
@@ -363,9 +342,7 @@ repo_name ||= user_name
       if name =~ /\s/
         raise GemfileError, %('#{name}' is not a valid gem name because it contains whitespace)
       end
-      if name.empty?
-        raise GemfileError, %(an empty gem name is not valid)
-      end
+      raise GemfileError, %(an empty gem name is not valid) if name.empty?
 
       normalize_hash(opts)
 
@@ -443,10 +420,10 @@ repo_name ||= user_name
       message = String.new
       message << "You passed #{invalid_keys.map {|k| ":" + k }.join(", ")} "
       message << if invalid_keys.size > 1
-                   "as options for #{command}, but they are invalid."
-                 else
-                   "as an option for #{command}, but it is invalid."
-                 end
+        "as options for #{command}, but they are invalid."
+      else
+        "as an option for #{command}, but it is invalid."
+      end
 
       message << " Valid options are: #{valid_keys.join(", ")}."
       message << " You may be able to resolve this by upgrading Bundler to the newest version."
@@ -456,7 +433,7 @@ repo_name ||= user_name
     def normalize_source(source)
       case source
       when :gemcutter, :rubygems, :rubyforge
-        Bundler::SharedHelpers.major_deprecation 3, "The source :#{source} is deprecated because HTTP " \
+        Bundler::SharedHelpers.major_deprecation 2, "The source :#{source} is deprecated because HTTP " \
           "requests are insecure.\nPlease change your source to 'https://" \
           "rubygems.org' if possible, or 'http://rubygems.org' if not."
         "http://rubygems.org"
@@ -474,23 +451,22 @@ repo_name ||= user_name
         msg = "This Gemfile contains multiple primary sources. " \
           "Each source after the first must include a block to indicate which gems " \
           "should come from that source"
-        unless Bundler.feature_flag.bundler_3_mode?
+        unless Bundler.feature_flag.bundler_2_mode?
           msg += ". To downgrade this error to a warning, run " \
-            "`bundle config --delete disable_multisource`"
+            "`bundle config unset disable_multisource`"
         end
         raise GemfileEvalError, msg
       else
-        Bundler::SharedHelpers.major_deprecation 3, "Your Gemfile contains multiple primary sources. " \
+        Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
           "Using `source` more than once without a block is a security risk, and " \
           "may result in installing unexpected gems. To resolve this warning, use " \
           "a block to indicate which gems should come from the secondary source. " \
-          "To upgrade this warning to an error, run `bundle config " \
+          "To upgrade this warning to an error, run `bundle config set " \
           "disable_multisource true`."
       end
     end
 
     def warn_deprecated_git_source(name, replacement, additional_message = nil)
-      # TODO: 2.0 remove deprecation
       additional_message &&= " #{additional_message}"
       replacement = if replacement.count("\n").zero?
         "{|repo_name| #{replacement} }"
@@ -499,7 +475,7 @@ repo_name ||= user_name
       end
 
       Bundler::SharedHelpers.major_deprecation 3, <<-EOS
-The :#{name} git source is deprecated, and will be removed in Bundler 3.0.#{additional_message} Add this code to the top of your Gemfile to ensure it continues to work:
+The :#{name} git source is deprecated, and will be removed in the future.#{additional_message} Add this code to the top of your Gemfile to ensure it continues to work:
 
     git_source(:#{name}) #{replacement}
 
@@ -601,7 +577,7 @@ The :#{name} git source is deprecated, and will be removed in Bundler 3.0.#{addi
         description = self.description
         if dsl_path && description =~ /((#{Regexp.quote File.expand_path(dsl_path)}|#{Regexp.quote dsl_path.to_s}):\d+)/
           trace_line = Regexp.last_match[1]
-          description = description.sub(/#{Regexp.quote trace_line}:\s*/, "").sub("\n", " - ")
+          description = description.sub(/\n.*\n(\.\.\.)? *\^~+$/, "").sub(/#{Regexp.quote trace_line}:\s*/, "").sub("\n", " - ")
         end
         [trace_line, description]
       end

data/lib/bundler/env.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require "bundler/rubygems_integration"
-require "bundler/source/git/git_proxy"
+require_relative "rubygems_integration"
+require_relative "source/git/git_proxy"
 
 module Bundler
   class Env
@@ -69,7 +69,7 @@ module Bundler
     end
 
     def self.ruby_version
-      str = String.new("#{RUBY_VERSION}")
+      str = String.new(RUBY_VERSION)
       str << "p#{RUBY_PATCHLEVEL}" if defined? RUBY_PATCHLEVEL
       str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{RUBY_PLATFORM}]"
     end
@@ -100,8 +100,9 @@ module Bundler
       out << ["  Full Path", Gem.ruby]
       out << ["  Config Dir", Pathname.new(Gem::ConfigFile::SYSTEM_WIDE_CONFIG_FILE).dirname]
       out << ["RubyGems", Gem::VERSION]
-      out << ["  Gem Home", ENV.fetch("GEM_HOME") { Gem.dir }]
-      out << ["  Gem Path", ENV.fetch("GEM_PATH") { Gem.path.join(File::PATH_SEPARATOR) }]
+      out << ["  Gem Home", Gem.dir]
+      out << ["  Gem Path", Gem.path.join(File::PATH_SEPARATOR)]
+      out << ["  User Home", Gem.user_home]
       out << ["  User Path", Gem.user_dir]
       out << ["  Bin Dir", Gem.bindir]
       if defined?(OpenSSL)

data/lib/bundler/environment_preserver.rb

@@ -6,7 +6,6 @@ module Bundler
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
-      BUNDLER_ORIG_MANPATH
       BUNDLER_VERSION
       GEM_HOME
       GEM_PATH

data/lib/bundler/feature_flag.rb

@@ -32,37 +32,25 @@ module Bundler
     settings_flag(:auto_clean_without_path) { bundler_3_mode? }
     settings_flag(:auto_config_jobs) { bundler_3_mode? }
     settings_flag(:cache_all) { bundler_3_mode? }
-    settings_flag(:cache_command_is_package) { bundler_3_mode? }
-    settings_flag(:console_command) { !bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:deployment_means_frozen) { bundler_3_mode? }
     settings_flag(:disable_multisource) { bundler_3_mode? }
-    settings_flag(:error_on_stderr) { bundler_2_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
-    settings_flag(:global_path_appends_ruby_scope) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
-    settings_flag(:init_gems_rb) { bundler_3_mode? }
-    settings_flag(:list_command) { bundler_3_mode? }
-    settings_flag(:lockfile_uses_separate_rubygems_sources) { bundler_3_mode? }
-    settings_flag(:lockfile_upgrade_warning) { bundler_3_mode? }
     settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }
     settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
     settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
-    settings_flag(:prefer_gems_rb) { bundler_3_mode? }
     settings_flag(:print_only_version_number) { bundler_3_mode? }
     settings_flag(:setup_makes_kernel_gem_public) { !bundler_3_mode? }
     settings_flag(:skip_default_git_sources) { bundler_3_mode? }
     settings_flag(:specific_platform) { bundler_3_mode? }
     settings_flag(:suppress_install_using_messages) { bundler_3_mode? }
     settings_flag(:unlock_source_unlocks_spec) { !bundler_3_mode? }
-    settings_flag(:update_requires_all_flag) { bundler_3_mode? }
+    settings_flag(:update_requires_all_flag) { bundler_4_mode? }
     settings_flag(:use_gem_version_promoter_for_major_updates) { bundler_3_mode? }
-    settings_flag(:viz_command) { !bundler_3_mode? }
 
     settings_option(:default_cli_command) { bundler_3_mode? ? :cli_help : :install }
 
-    settings_method(:github_https?, "github.https") { bundler_2_mode? }
-
     def initialize(bundler_version)
       @bundler_version = Gem::Version.create(bundler_version)
     end

data/lib/bundler/fetcher.rb

@@ -1,20 +1,23 @@
 # frozen_string_literal: true
 
-require "bundler/vendored_persistent"
+require_relative "vendored_persistent"
 require "cgi"
 require "securerandom"
 require "zlib"
+require "rubygems/request"
 
 module Bundler
   # Handles all the fetching with the rubygems server
   class Fetcher
-    autoload :CompactIndex, "bundler/fetcher/compact_index"
-    autoload :Downloader, "bundler/fetcher/downloader"
-    autoload :Dependency, "bundler/fetcher/dependency"
-    autoload :Index, "bundler/fetcher/index"
+    autoload :CompactIndex, File.expand_path("fetcher/compact_index", __dir__)
+    autoload :Downloader, File.expand_path("fetcher/downloader", __dir__)
+    autoload :Dependency, File.expand_path("fetcher/dependency", __dir__)
+    autoload :Index, File.expand_path("fetcher/index", __dir__)
 
     # This error is raised when it looks like the network is down
     class NetworkDownError < HTTPError; end
+    # This error is raised if we should rate limit our requests to the API
+    class TooManyRequestsError < HTTPError; end
     # This error is raised if the API returns a 413 (only printed in verbose)
     class FallbackError < HTTPError; end
     # This is the error raised if OpenSSL fails the cert verification
@@ -44,7 +47,7 @@ module Bundler
         remote_uri = filter_uri(remote_uri)
         super "Authentication is required for #{remote_uri}.\n" \
           "Please supply credentials for this source. You can do this by running:\n" \
-          " bundle config #{remote_uri} username:password"
+          " bundle config set #{remote_uri} username:password"
       end
     end
     # This error is raised if HTTP authentication is provided, but incorrect.
@@ -94,9 +97,10 @@ module Bundler
       spec -= [nil, "ruby", ""]
       spec_file_name = "#{spec.join "-"}.gemspec"
 
-      uri = URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
+      uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
       if uri.scheme == "file"
-        Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(uri.path))
+        path = Bundler.rubygems.correct_for_windows_path(uri.path)
+        Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
       elsif cached_spec_path = gemspec_cached_path(spec_file_name)
         Bundler.load_gemspec(cached_spec_path)
       else
@@ -226,7 +230,7 @@ module Bundler
         "GO_SERVER_URL" => "go",
         "SNAP_CI" => "snap",
         "CI_NAME" => ENV["CI_NAME"],
-        "CI" => "ci"
+        "CI" => "ci",
       }
       env_cis.find_all {|env, _| ENV[env] }.map {|_, ci| ci }
     end
@@ -238,9 +242,9 @@ module Bundler
           Bundler.settings[:ssl_client_cert]
         raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
 
-        con = PersistentHTTP.new "bundler", :ENV
+        con = PersistentHTTP.new :name => "bundler", :proxy => :ENV
         if gem_proxy = Bundler.rubygems.configuration[:http_proxy]
-          con.proxy = URI.parse(gem_proxy) if gem_proxy != :no_proxy
+          con.proxy = Bundler::URI.parse(gem_proxy) if gem_proxy != :no_proxy
         end
 
         if remote_uri.scheme == "https"
@@ -293,8 +297,7 @@ module Bundler
         end
       else
         store.set_default_paths
-        certs = File.expand_path("../ssl_certs/*/*.pem", __FILE__)
-        Dir.glob(certs).each {|c| store.add_file c }
+        Gem::Request.get_cert_files.each {|c| store.add_file c }
       end
       store
     end

data/lib/bundler/fetcher/compact_index.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
-require "bundler/fetcher/base"
-require "bundler/worker"
+require_relative "base"
+require_relative "../worker"
 
 module Bundler
-  autoload :CompactIndexClient, "bundler/compact_index_client"
+  autoload :CompactIndexClient, File.expand_path("../compact_index_client", __dir__)
 
   class Fetcher
     class CompactIndex < Base
@@ -39,7 +39,13 @@ module Bundler
         until remaining_gems.empty?
           log_specs "Looking up gems #{remaining_gems.inspect}"
 
-          deps = compact_index_client.dependencies(remaining_gems)
+          deps = begin
+                   parallel_compact_index_client.dependencies(remaining_gems)
+                 rescue TooManyRequestsError
+                   @bundle_worker.stop if @bundle_worker
+                   @bundle_worker = nil # reset it.  Not sure if necessary
+                   serial_compact_index_client.dependencies(remaining_gems)
+                 end
           next_gems = deps.map {|d| d[3].map(&:first).flatten(1) }.flatten(1).uniq
           deps.each {|dep| gem_info << dep }
           complete_gems.concat(deps.map(&:first)).uniq!
@@ -80,18 +86,26 @@ module Bundler
     private
 
       def compact_index_client
-        @compact_index_client ||= begin
+        @compact_index_client ||=
           SharedHelpers.filesystem_access(cache_path) do
             CompactIndexClient.new(cache_path, client_fetcher)
-          end.tap do |client|
-            client.in_parallel = lambda do |inputs, &blk|
-              func = lambda {|object, _index| blk.call(object) }
-              worker = bundle_worker(func)
-              inputs.each {|input| worker.enq(input) }
-              inputs.map { worker.deq }
-            end
           end
+      end
+
+      def parallel_compact_index_client
+        compact_index_client.execution_mode = lambda do |inputs, &blk|
+          func = lambda {|object, _index| blk.call(object) }
+          worker = bundle_worker(func)
+          inputs.each {|input| worker.enq(input) }
+          inputs.map { worker.deq }
         end
+
+        compact_index_client
+      end
+
+      def serial_compact_index_client
+        compact_index_client.sequential_execution_mode!
+        compact_index_client
       end
 
       def bundle_worker(func = nil)

data/lib/bundler/fetcher/dependency.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "bundler/fetcher/base"
+require_relative "base"
 require "cgi"
 
 module Bundler

data/lib/bundler/fetcher/downloader.rb

@@ -21,7 +21,7 @@ module Bundler
         when Net::HTTPSuccess, Net::HTTPNotModified
           response
         when Net::HTTPRedirection
-          new_uri = URI.parse(response["location"])
+          new_uri = Bundler::URI.parse(response["location"])
           if new_uri.host == uri.host
             new_uri.user = uri.user
             new_uri.password = uri.password
@@ -34,7 +34,10 @@ module Bundler
           fetch(uri, new_headers)
         when Net::HTTPRequestEntityTooLarge
           raise FallbackError, response.body
+        when Net::HTTPTooManyRequests
+          raise TooManyRequestsError, response.body
         when Net::HTTPUnauthorized
+          raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
         when Net::HTTPNotFound
           raise FallbackError, "Net::HTTPNotFound: #{URICredentialsFilter.credential_filtered_uri(uri)}"

data/lib/bundler/fetcher/index.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "bundler/fetcher/base"
+require_relative "base"
 require "rubygems/remote_fetcher"
 
 module Bundler
@@ -13,6 +13,7 @@ module Bundler
         when /certificate verify failed/
           raise CertificateFailureError.new(display_uri)
         when /401/
+          raise BadAuthenticationError, remote_uri if remote_uri.userinfo
           raise AuthenticationRequiredError, remote_uri
         when /403/
           raise BadAuthenticationError, remote_uri if remote_uri.userinfo
@@ -27,9 +28,10 @@ module Bundler
         spec -= [nil, "ruby", ""]
         spec_file_name = "#{spec.join "-"}.gemspec"
 
-        uri = URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
+        uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
         if uri.scheme == "file"
-          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(uri.path))
+          path = Bundler.rubygems.correct_for_windows_path(uri.path)
+          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
         elsif cached_spec_path = gemspec_cached_path(spec_file_name)
           Bundler.load_gemspec(cached_spec_path)
         else

data/lib/bundler/friendly_errors.rb

@@ -1,8 +1,6 @@
-# encoding: utf-8
 # frozen_string_literal: true
 
-require "cgi"
-require "bundler/vendored_thor"
+require_relative "vendored_thor"
 
 module Bundler
   module FriendlyErrors
@@ -17,7 +15,7 @@ module Bundler
         Bundler.ui.error error.message
       when GemRequireError
         Bundler.ui.error error.message
-        Bundler.ui.trace error.orig_exception, nil, true
+        Bundler.ui.trace error.orig_exception
       when BundlerError
         Bundler.ui.error error.message, :wrap => true
         Bundler.ui.trace error
@@ -29,7 +27,7 @@ module Bundler
         Bundler.ui.warn <<-WARN, :wrap => true
           You must recompile Ruby with OpenSSL support or change the sources in your \
           Gemfile from 'https' to 'http'. Instructions for compiling with OpenSSL \
-          using RVM are available at http://rvm.io/packages/openssl.
+          using RVM are available at https://rvm.io/packages/openssl.
         WARN
         Bundler.ui.trace error
       when Interrupt
@@ -45,7 +43,7 @@ module Bundler
           "Alternatively, you can increase the amount of memory the JVM is able to use by running Bundler with jruby -J-Xmx1024m -S bundle (JRuby defaults to 500MB)."
       else request_issue_report_for(error)
       end
-    rescue
+    rescue StandardError
       raise error
     end
 
@@ -115,6 +113,7 @@ module Bundler
     def issues_url(exception)
       message = exception.message.lines.first.tr(":", " ").chomp
       message = message.split("-").first if exception.is_a?(Errno)
+      require "cgi"
       "https://github.com/bundler/bundler/search?q=" \
         "#{CGI.escape(message)}&type=Issues"
     end
@@ -124,7 +123,7 @@ module Bundler
     yield
   rescue SignalException
     raise
-  rescue Exception => e
+  rescue Exception => e # rubocop:disable Lint/RescueException
     FriendlyErrors.log_error(e)
     exit FriendlyErrors.exit_status(e)
   end