bundler 2.2.10 → 2.2.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb87c09a270f3caca4d4719878b6c807b173016a786dbf5b067b44cf3e61b37d
-  data.tar.gz: 9c31e5c7673789aedd7515d6f54479095da5ecdc0e6fba3b4c2a6f636c21b30f
+  metadata.gz: 7969bf6c1c6e781cd3d6f06c9d832cc7604c9304ed19da98e52744f1ea22dac9
+  data.tar.gz: c4d0c758c8d71ad5de08b2ac6bfec61306e276dda94505a2942dc68657769571
 SHA512:
-  metadata.gz: 218d6753e8980cfd447332d0c19c1ef0d07ba25b9ee0260cf6290d493063c24ea377d9241d52a145737ee8ac6ee4cd127351b4356076d114778f3a8c8fb5987b
-  data.tar.gz: 858d23190b365f75b923b4f5608bea65206e9aadc842cfaa04190d6d9d452212da5f857f0474f35a474448de246ef3d34a70de8d6d476ad095457148ceeb3bd2
+  metadata.gz: ed31592d981989e540c694657fdf663e4a53a8c635e797d5f85b1240f80dcefa30433e926459235d5614c42da2081c6a45304eeacb0f1bec963e4ab64702e19e
+  data.tar.gz: 6381ced4711505050ef620d25d9a6d693a98c70f2fd667d6e7ac506ade25ddbc9909d16e0715cbfeacb7cc07e1cd2a1655d48c91844d214bfd66a502f68b0072

data/CHANGELOG.md

@@ -1,3 +1,49 @@
+# 2.2.15 (March 18, 2021)
+
+## Enhancements:
+
+  - Add a hint about bundler installing executables for path gems [#4461](https://github.com/rubygems/rubygems/pull/4461)
+  - Warn lockfiles with incorrect resolutions [#4459](https://github.com/rubygems/rubygems/pull/4459)
+  - Don't generate duplicate redundant sources in the lockfile [#4456](https://github.com/rubygems/rubygems/pull/4456)
+
+## Bug fixes:
+
+  - Respect running ruby when resolving platforms [#4449](https://github.com/rubygems/rubygems/pull/4449)
+
+# 2.2.14 (March 8, 2021)
+
+## Security fixes:
+
+  - Lock GEM sources separately and fix locally installed specs confusing bundler [#4381](https://github.com/rubygems/rubygems/pull/4381)
+
+## Bug fixes:
+
+  - Make `rake` available to other gems' installers right after it's installed [#4428](https://github.com/rubygems/rubygems/pull/4428)
+  - Fix encoding issue on compact index updater [#4362](https://github.com/rubygems/rubygems/pull/4362)
+
+# 2.2.13 (March 3, 2021)
+
+## Enhancements:
+
+  - Respect user configured default branch in README links in new generated gems [#4303](https://github.com/rubygems/rubygems/pull/4303)
+
+## Bug fixes:
+
+  - Fix gems sometimes being pulled from irrelevant sources [#4418](https://github.com/rubygems/rubygems/pull/4418)
+
+# 2.2.12 (March 1, 2021)
+
+## Bug fixes:
+
+  - Fix sporadic warnings about `nil` gemspec on install/update and make those faster [#4409](https://github.com/rubygems/rubygems/pull/4409)
+  - Fix deployment install with duplicate path gems added to Gemfile [#4410](https://github.com/rubygems/rubygems/pull/4410)
+
+# 2.2.11 (February 17, 2021)
+
+## Bug fixes:
+
+  - Revert disable_multisource changes [#4385](https://github.com/rubygems/rubygems/pull/4385)
+
 # 2.2.10 (February 15, 2021)
 
 ## Security fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-02-15".freeze
-    @git_commit_sha = "cc7c333721".freeze
+    @built_at = "2021-03-19".freeze
+    @git_commit_sha = "3dbcc68293".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/gem.rb

@@ -39,11 +39,11 @@ module Bundler
       constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
       constant_array = constant_name.split("::")
 
-      git_installed = Bundler.git_present?
+      use_git = Bundler.git_present? && options[:git]
 
-      git_author_name = git_installed ? `git config user.name`.chomp : ""
-      github_username = git_installed ? `git config github.user`.chomp : ""
-      git_user_email = git_installed ? `git config user.email`.chomp : ""
+      git_author_name = use_git ? `git config user.name`.chomp : ""
+      github_username = use_git ? `git config github.user`.chomp : ""
+      git_user_email = use_git ? `git config user.email`.chomp : ""
 
       config = {
         :name             => name,
@@ -58,6 +58,7 @@ module Bundler
         :ext              => options[:ext],
         :exe              => options[:exe],
         :bundler_version  => bundler_dependency_version,
+        :git              => use_git,
         :github_username  => github_username.empty? ? "[USERNAME]" : github_username,
         :required_ruby_version => Gem.ruby_version < Gem::Version.new("2.4.a") ? "2.3.0" : "2.4.0",
       }
@@ -79,7 +80,7 @@ module Bundler
         bin/setup
       ]
 
-      templates.merge!("gitignore.tt" => ".gitignore") if Bundler.git_present?
+      templates.merge!("gitignore.tt" => ".gitignore") if use_git
 
       if test_framework = ask_and_set_test_framework
         config[:test] = test_framework
@@ -175,24 +176,31 @@ module Bundler
         )
       end
 
+      if File.exist?(target) && !File.directory?(target)
+        Bundler.ui.error "Couldn't create a new gem named `#{gem_name}` because there's an existing file named `#{gem_name}`."
+        exit Bundler::BundlerError.all_errors[Bundler::GenericSystemCallError]
+      end
+
+      if use_git
+        Bundler.ui.info "Initializing git repo in #{target}"
+        `git init #{target}`
+
+        config[:git_default_branch] = File.read("#{target}/.git/HEAD").split("/").last.chomp
+      end
+
       templates.each do |src, dst|
         destination = target.join(dst)
-        SharedHelpers.filesystem_access(destination) do
-          thor.template("newgem/#{src}", destination, config)
-        end
+        thor.template("newgem/#{src}", destination, config)
       end
 
       executables.each do |file|
-        SharedHelpers.filesystem_access(target.join(file)) do |path|
-          executable = (path.stat.mode | 0o111)
-          path.chmod(executable)
-        end
+        path = target.join(file)
+        executable = (path.stat.mode | 0o111)
+        path.chmod(executable)
       end
 
-      if Bundler.git_present? && options[:git]
-        Bundler.ui.info "Initializing git repo in #{target}"
+      if use_git
         Dir.chdir(target) do
-          `git init`
           `git add .`
         end
       end
@@ -202,8 +210,6 @@ module Bundler
 
       Bundler.ui.info "Gem '#{name}' was successfully created. " \
         "For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
-    rescue Errno::EEXIST => e
-      raise GenericSystemCallError.new(e, "There was a conflict while creating the new gem.")
     end
 
     private

data/lib/bundler/compact_index_client/updater.rb

@@ -54,7 +54,7 @@ module Bundler
             if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
               local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
             else
-              local_temp_path.open("w") {|f| f << content }
+              local_temp_path.open("wb") {|f| f << content }
             end
           end
 

data/lib/bundler/definition.rb

@@ -107,16 +107,14 @@ module Bundler
       end
 
       @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
+      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
 
       unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
-          "You should regenerate your lockfile in a non frozen environment."
+        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
 
         Bundler::SharedHelpers.major_deprecation 2, msg
 
-        @sources.allow_multisource!
-        @locked_gem_sources.each(&:allow_multisource!)
+        @sources.merged_gem_lockfile_sections!
       end
 
       @unlock[:gems] ||= []
@@ -162,10 +160,6 @@ module Bundler
       @disable_multisource
     end
 
-    def allow_multisource!
-      @disable_multisource = false
-    end
-
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -618,7 +612,7 @@ module Bundler
       deps_for_source = @dependencies.select {|s| s.source == source }
       locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
 
-      deps_for_source.sort != locked_deps_for_source.sort
+      deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
 
     def specs_for_source_changed?(source)
@@ -920,7 +914,7 @@ module Bundler
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:global] = index unless disable_multisource?
+      source_requirements[:global] = index unless Bundler.feature_flag.disable_multisource?
       source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
       source_requirements
@@ -988,10 +982,9 @@ module Bundler
     def dependency_source_requirements
       @dependency_source_requirements ||= begin
         source_requirements = {}
-        default = disable_multisource? && sources.default_source
+        default = sources.default_source
         dependencies.each do |dep|
           dep_source = dep.source || default
-          next unless dep_source
           source_requirements[dep.name] = dep_source
         end
         source_requirements

data/lib/bundler/dsl.rb

@@ -453,10 +453,8 @@ repo_name ||= user_name
     end
 
     def check_rubygems_source_safety
-      if @global_rubygems_sources.size <= 1
-        @sources.global_rubygems_source = @global_rubygems_sources.first
-        return
-      end
+      @sources.global_rubygems_source = @global_rubygems_sources.shift
+      return if @global_rubygems_sources.empty?
 
       @global_rubygems_sources.each do |source|
         @sources.add_rubygems_remote(source)

data/lib/bundler/feature_flag.rb

@@ -32,6 +32,7 @@ module Bundler
     settings_flag(:cache_all) { bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:deployment_means_frozen) { bundler_3_mode? }
+    settings_flag(:disable_multisource) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
     settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }

data/lib/bundler/installer.rb

@@ -89,6 +89,8 @@ module Bundler
         end
         install(options)
 
+        Gem::Specification.reset # invalidate gem specification cache so that installed gems are immediately available
+
         lock unless Bundler.frozen_bundle?
         Standalone.new(options[:standalone], @definition).generate if options[:standalone]
       end

data/lib/bundler/installer/parallel_installer.rb

@@ -6,10 +6,11 @@ require_relative "gem_installer"
 module Bundler
   class ParallelInstaller
     class SpecInstallation
-      attr_accessor :spec, :name, :post_install_message, :state, :error
+      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error
       def initialize(spec)
         @spec = spec
         @name = spec.name
+        @full_name = spec.full_name
         @state = :none
         @post_install_message = ""
         @error = nil
@@ -27,13 +28,8 @@ module Bundler
         state == :failed
       end
 
-      def installation_attempted?
-        installed? || failed?
-      end
-
-      # Only true when spec in neither installed nor already enqueued
       def ready_to_enqueue?
-        !enqueued? && !installation_attempted?
+        state == :none
       end
 
       def has_post_install_message?
@@ -54,14 +50,11 @@ module Bundler
       # Represents only the non-development dependencies, the ones that are
       # itself and are in the total list.
       def dependencies
-        @dependencies ||= begin
-          all_dependencies.reject {|dep| ignorable_dependency? dep }
-        end
+        @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
       end
 
       def missing_lockfile_dependencies(all_spec_names)
-        deps = all_dependencies.reject {|dep| ignorable_dependency? dep }
-        deps.reject {|dep| all_spec_names.include? dep.name }
+        dependencies.reject {|dep| all_spec_names.include? dep.name }
       end
 
       # Represents all dependencies
@@ -70,7 +63,7 @@ module Bundler
       end
 
       def to_s
-        "#<#{self.class} #{@spec.full_name} (#{state})>"
+        "#<#{self.class} #{full_name} (#{state})>"
       end
     end
 
@@ -93,18 +86,48 @@ module Bundler
     def call
       check_for_corrupt_lockfile
 
+      if @rake
+        do_install(@rake, 0)
+        Gem::Specification.reset
+      end
+
       if @size > 1
         install_with_worker
       else
         install_serially
       end
 
+      check_for_unmet_dependencies
+
       handle_error if failed_specs.any?
       @specs
     ensure
       worker_pool && worker_pool.stop
     end
 
+    def check_for_unmet_dependencies
+      unmet_dependencies = @specs.map do |s|
+        [
+          s,
+          s.dependencies.reject {|dep| @specs.any? {|spec| dep.matches_spec?(spec.spec) } },
+        ]
+      end.reject {|a| a.last.empty? }
+      return if unmet_dependencies.empty?
+
+      warning = []
+      warning << "Your lockfile doesn't include a valid resolution."
+      warning << "You can fix this by regenerating your lockfile or trying to manually editing the bad locked gems to a version that satisfies all dependencies."
+      warning << "The unmet dependencies are:"
+
+      unmet_dependencies.each do |spec, unmet_spec_dependencies|
+        unmet_spec_dependencies.each do |unmet_spec_dependency|
+          warning << "* #{unmet_spec_dependency}, depended upon #{spec.full_name}, unsatisfied by #{@specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }.full_name}"
+        end
+      end
+
+      Bundler.ui.warn(warning.join("\n"))
+    end
+
     def check_for_corrupt_lockfile
       missing_dependencies = @specs.map do |s|
         [
@@ -217,8 +240,6 @@ module Bundler
     # are installed.
     def enqueue_specs
       @specs.select(&:ready_to_enqueue?).each do |spec|
-        next if @rake && !@rake.installed? && spec.name != @rake.name
-
         if spec.dependencies_installed? @specs
           spec.state = :enqueued
           worker_pool.enq spec

data/lib/bundler/lazy_specification.rb

@@ -73,7 +73,12 @@ module Bundler
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
-        search = same_platform_candidates.last || candidates.last
+        installable_candidates = same_platform_candidates.select do |spec|
+          !spec.is_a?(RemoteSpecification) &&
+            spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+            spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version)
+        end
+        search = installable_candidates.last || same_platform_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end

data/lib/bundler/lockfile_parser.rb

@@ -131,18 +131,8 @@ module Bundler
             @sources << @current_source
           end
         when GEM
-          source_remotes = Array(@opts["remote"])
-
-          if source_remotes.size == 1
-            @opts["remotes"] = @opts.delete("remote")
-            @current_source = TYPES[@type].from_lock(@opts)
-          else
-            source_remotes.each do |url|
-              rubygems_aggregate.add_remote(url)
-            end
-            @current_source = rubygems_aggregate
-          end
-
+          @opts["remotes"] = Array(@opts.delete("remote")).reverse
+          @current_source = TYPES[@type].from_lock(@opts)
           @sources << @current_source
         when PLUGIN
           @current_source = Plugin.source_from_lock(@opts)
@@ -245,9 +235,5 @@ module Bundler
     def parse_ruby(line)
       @ruby_version = line.strip
     end
-
-    def rubygems_aggregate
-      @rubygems_aggregate ||= Source::Rubygems.new
-    end
   end
 end

data/lib/bundler/man/bundle-config.1

@@ -56,6 +56,9 @@ Executing \fBbundle config unset \-\-local <name> <value>\fR will delete the con
 .P
 Executing bundle with the \fBBUNDLE_IGNORE_CONFIG\fR environment variable set will cause it to ignore all configuration\.
 .
+.P
+Executing \fBbundle config set \-\-local disable_multisource true\fR upgrades the warning about the Gemfile containing multiple primary sources to an error\. Executing \fBbundle config unset disable_multisource\fR downgrades this error to a warning\.
+.
 .SH "REMEMBERING OPTIONS"
 Flags passed to \fBbundle install\fR or the Bundler runtime, such as \fB\-\-path foo\fR or \fB\-\-without production\fR, are remembered between commands and saved to your local application\'s configuration (normally, \fB\./\.bundle/config\fR)\.
 .
@@ -181,6 +184,9 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBdisable_local_revision_check\fR (\fBBUNDLE_DISABLE_LOCAL_REVISION_CHECK\fR): Allow Bundler to use a local git override without checking if the revision present in the lockfile is present in the repository\.
 .
 .IP "\(bu" 4
+\fBdisable_multisource\fR (\fBBUNDLE_DISABLE_MULTISOURCE\fR): When set, Gemfiles containing multiple sources will produce errors instead of warnings\. Use \fBbundle config unset disable_multisource\fR to unset\.
+.
+.IP "\(bu" 4
 \fBdisable_shared_gems\fR (\fBBUNDLE_DISABLE_SHARED_GEMS\fR): Stop Bundler from accessing gems installed to RubyGems\' normal location\.
 .
 .IP "\(bu" 4

data/lib/bundler/man/bundle-config.1.ronn

@@ -47,6 +47,10 @@ configuration only from the local application.
 Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
 cause it to ignore all configuration.
 
+Executing `bundle config set --local disable_multisource true` upgrades the warning about
+the Gemfile containing multiple primary sources to an error. Executing `bundle
+config unset disable_multisource` downgrades this error to a warning.
+
 ## REMEMBERING OPTIONS
 
 Flags passed to `bundle install` or the Bundler runtime, such as `--path foo` or
@@ -174,6 +178,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `disable_local_revision_check` (`BUNDLE_DISABLE_LOCAL_REVISION_CHECK`):
    Allow Bundler to use a local git override without checking if the revision
    present in the lockfile is present in the repository.
+* `disable_multisource` (`BUNDLE_DISABLE_MULTISOURCE`):
+   When set, Gemfiles containing multiple sources will produce errors
+   instead of warnings.
+   Use `bundle config unset disable_multisource` to unset.
 * `disable_shared_gems` (`BUNDLE_DISABLE_SHARED_GEMS`):
    Stop Bundler from accessing gems installed to RubyGems' normal location.
 * `disable_version_check` (`BUNDLE_DISABLE_VERSION_CHECK`):

data/lib/bundler/plugin/api/source.rb

@@ -140,6 +140,13 @@ module Bundler
           end
         end
 
+        # Set internal representation to fetch the gems/specs locally.
+        #
+        # When this is called, the source should try to fetch the specs and
+        # install from the local system.
+        def local!
+        end
+
         # Set internal representation to fetch the gems/specs from remote.
         #
         # When this is called, the source should try to fetch the specs and

data/lib/bundler/plugin/installer.rb

@@ -77,12 +77,11 @@ module Bundler
         source_list = SourceList.new
 
         source_list.add_git_source(git_source_options) if git_source_options
-        source_list.add_rubygems_source("remotes" => rubygems_source) if rubygems_source
+        source_list.global_rubygems_source = rubygems_source if rubygems_source
 
         deps = names.map {|name| Dependency.new name, version }
 
         definition = Definition.new(nil, deps, source_list, true)
-        definition.allow_multisource!
         install_definition(definition)
       end
 

data/lib/bundler/plugin/source_list.rb

@@ -17,6 +17,10 @@ module Bundler
         path_sources + git_sources + rubygems_sources + [metadata_source]
       end
 
+      def default_source
+        git_sources.first || global_rubygems_source
+      end
+
       private
 
       def rubygems_aggregate_class

data/lib/bundler/resolver.rb

@@ -26,6 +26,12 @@ module Bundler
 
     def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
       @source_requirements = source_requirements
+
+      @index_requirements = source_requirements.each_with_object({}) do |source_requirement, index_requirements|
+        name, source = source_requirement
+        index_requirements[name] = name == :global ? source : source.specs
+      end
+
       @base = base
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
@@ -193,24 +199,21 @@ module Bundler
       search_result
     end
 
-    def index_for(dependency, base)
-      source = @source_requirements[dependency.name]
+    def index_for(dependency)
+      source = @index_requirements[dependency.name]
       if source
-        source.specs
+        source
       elsif @no_aggregate_global_source
-        dependency.all_sources.find(-> { Index.new }) do |s|
-          idx = s.specs
-          results = idx.search(dependency, base)
-          next if results.empty? || results == base
-          return idx
+        Index.build do |idx|
+          dependency.all_sources.each {|s| idx.add_source(s.specs) }
         end
       else
-        @source_requirements[:global]
+        @index_requirements[:global]
       end
     end
 
     def results_for(dependency, base)
-      index_for(dependency, base).search(dependency, base)
+      index_for(dependency).search(dependency, base)
     end
 
     def name_for(dependency)
@@ -239,7 +242,7 @@ module Bundler
 
     def relevant_sources_for_vertex(vertex)
       if vertex.root?
-        [@source_requirements[vertex.name]].compact
+        [@source_requirements[vertex.name]]
       elsif @no_aggregate_global_source
         vertex.recursive_predecessors.map do |v|
           @source_requirements[v.name]
@@ -251,9 +254,9 @@ module Bundler
 
     def sort_dependencies(dependencies, activated, conflicts)
       dependencies.sort_by do |dependency|
-        dependency.all_sources = relevant_sources_for_vertex(activated.vertex_named(dependency.name))
         name = name_for(dependency)
         vertex = activated.vertex_named(name)
+        dependency.all_sources = relevant_sources_for_vertex(vertex)
         [
           @base_dg.vertex_named(name) ? 0 : 1,
           vertex.payload ? 0 : 1,
@@ -286,7 +289,7 @@ module Bundler
         if (base = @base[dependency.name]) && !base.empty?
           dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
         else
-          all = index_for(dependency, base).search(dependency.name).size
+          all = index_for(dependency).search(dependency.name).size
 
           if all <= 1
             all - 1_000_000
@@ -320,7 +323,7 @@ module Bundler
             "If you are updating multiple gems in your Gemfile at once,\n" \
             "try passing them all to `bundle update`"
         elsif source = @source_requirements[name]
-          specs = source.specs[name]
+          specs = source.specs.search(name)
           versions_with_platforms = specs.map {|s| [s.version, s.platform] }
           message = String.new("Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in #{source}#{cache_message}.\n")
           message << if versions_with_platforms.any?
@@ -395,7 +398,7 @@ module Bundler
             if other_bundler_required
               o << "\n\n"
 
-              candidate_specs = @source_requirements[:default_bundler].specs.search(conflict_dependency)
+              candidate_specs = @index_requirements[:default_bundler].search(conflict_dependency)
               if candidate_specs.any?
                 target_version = candidate_specs.last.version
                 new_command = [File.basename($PROGRAM_NAME), "_#{target_version}_", *ARGV].join(" ")
@@ -454,11 +457,10 @@ module Bundler
         name = v.name
         sources = relevant_sources_for_vertex(v)
         next unless sources.any?
-        sources.compact!
         if default_index = sources.index(@source_requirements[:default])
           sources.delete_at(default_index)
         end
-        sources.reject! {|s| s.specs[name].empty? }
+        sources.reject! {|s| s.specs.search(name).empty? }
         sources.uniq!
         next if sources.size <= 1
 

data/lib/bundler/rubygems_gem_installer.rb

@@ -8,6 +8,53 @@ module Bundler
       # Bundler needs to install gems regardless of binstub overwriting
     end
 
+    def install
+      pre_install_checks
+
+      run_pre_install_hooks
+
+      spec.loaded_from = spec_file
+
+      # Completely remove any previous gem files
+      FileUtils.rm_rf gem_dir
+      FileUtils.rm_rf spec.extension_dir
+
+      FileUtils.mkdir_p gem_dir, :mode => 0o755
+
+      extract_files
+
+      build_extensions
+      write_build_info_file
+      run_post_build_hooks
+
+      generate_bin
+      generate_plugins
+
+      write_spec
+      write_cache_file
+
+      say spec.post_install_message unless spec.post_install_message.nil?
+
+      run_post_install_hooks
+
+      spec
+    end
+
+    def generate_plugins
+      return unless Gem::Installer.instance_methods(false).include?(:generate_plugins)
+
+      latest = Gem::Specification.stubs_for(spec.name).first
+      return if latest && latest.version > spec.version
+
+      ensure_writable_dir @plugins_dir
+
+      if spec.plugins.empty?
+        remove_plugins_for(spec, @plugins_dir)
+      else
+        regenerate_plugins_for(spec, @plugins_dir)
+      end
+    end
+
     def pre_install_checks
       super && validate_bundler_checksum(options[:bundler_expected_checksum])
     end

data/lib/bundler/settings.rb

@@ -20,6 +20,7 @@ module Bundler
       disable_exec_load
       disable_local_branch_check
       disable_local_revision_check
+      disable_multisource
       disable_shared_gems
       disable_version_check
       force_ruby_platform

data/lib/bundler/source.rb

@@ -33,6 +33,12 @@ module Bundler
       spec.source == self
     end
 
+    def local!; end
+
+    def cached!; end
+
+    def remote!; end
+
     # it's possible that gems from one source depend on gems from some
     # other source, so now we download gemspecs and iterate over those
     # dependencies, looking for gems we don't have info on yet.

data/lib/bundler/source/metadata.rb

@@ -33,10 +33,6 @@ module Bundler
         end
       end
 
-      def cached!; end
-
-      def remote!; end
-
       def options
         {}
       end

data/lib/bundler/source/path.rb

@@ -82,7 +82,9 @@ module Bundler
       end
 
       def install(spec, options = {})
-        print_using_message "Using #{version_message(spec)} from #{self}"
+        using_message = "Using #{version_message(spec)} from #{self}"
+        using_message += " and installing its executables" unless spec.executables.empty?
+        print_using_message using_message
         generate_bin(spec, :disable_extensions => true)
         nil # no post-install message
       end

data/lib/bundler/source/path/installer.rb

@@ -35,7 +35,7 @@ module Bundler
             run_hooks(:post_build)
           end
 
-          generate_bin unless spec.executables.nil? || spec.executables.empty?
+          generate_bin unless spec.executables.empty?
 
           run_hooks(:post_install)
         ensure

data/lib/bundler/source/rubygems.rb

@@ -20,18 +20,29 @@ module Bundler
         @dependency_names = []
         @allow_remote = false
         @allow_cached = false
+        @allow_local = options["allow_local"] || false
         @caches = [cache_path, *Bundler.rubygems.gem_cache]
-        @disable_multisource = true
 
-        Array(options["remotes"] || []).reverse_each {|r| add_remote(r) }
+        Array(options["remotes"]).reverse_each {|r| add_remote(r) }
+      end
+
+      def local!
+        return if @allow_local
+
+        @specs = nil
+        @allow_local = true
       end
 
       def remote!
+        return if @allow_remote
+
         @specs = nil
         @allow_remote = true
       end
 
       def cached!
+        return if @allow_cached
+
         @specs = nil
         @allow_cached = true
       end
@@ -51,11 +62,7 @@ module Bundler
       end
 
       def disable_multisource?
-        @disable_multisource
-      end
-
-      def allow_multisource!
-        @disable_multisource = false
+        @remotes.size <= 1
       end
 
       def can_lock?(spec)
@@ -96,7 +103,7 @@ module Bundler
           # small_idx.use large_idx.
           idx = @allow_remote ? remote_specs.dup : Index.new
           idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote
-          idx.use(installed_specs, :override_dupes)
+          idx.use(installed_specs, :override_dupes) if @allow_local
           idx
         end
       end
@@ -374,7 +381,7 @@ module Bundler
 
       def cached_specs
         @cached_specs ||= begin
-          idx = installed_specs.dup
+          idx = @allow_local ? installed_specs.dup : Index.new
 
           Dir["#{cache_path}/*.gem"].each do |gemfile|
             next if gemfile =~ /^bundler\-[\d\.]+?\.gem/

data/lib/bundler/source_list.rb

@@ -6,11 +6,10 @@ module Bundler
       :git_sources,
       :plugin_sources,
       :global_path_source,
-      :metadata_source,
-      :disable_multisource
+      :metadata_source
 
     def global_rubygems_source
-      @global_rubygems_source ||= rubygems_aggregate_class.new
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
     end
 
     def initialize
@@ -21,15 +20,15 @@ module Bundler
       @global_path_source     = nil
       @rubygems_sources       = []
       @metadata_source        = Source::Metadata.new
-      @disable_multisource    = true
+
+      @disable_multisource = true
     end
 
     def disable_multisource?
       @disable_multisource
     end
 
-    def allow_multisource!
-      rubygems_sources.map(&:allow_multisource!)
+    def merged_gem_lockfile_sections!
       @disable_multisource = false
     end
 
@@ -58,7 +57,7 @@ module Bundler
     end
 
     def global_rubygems_source=(uri)
-      @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
+      @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri, "allow_local" => true)
     end
 
     def add_rubygems_remote(uri)
@@ -89,7 +88,7 @@ module Bundler
     def lock_sources
       lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
       if disable_multisource?
-        lock_sources + rubygems_sources.sort_by(&:to_s)
+        lock_sources + rubygems_sources.sort_by(&:to_s).uniq
       else
         lock_sources << combine_rubygems_sources
       end
@@ -110,7 +109,6 @@ module Bundler
       @global_rubygems_source = replacement_rubygems if replacement_rubygems
 
       return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
-      return true if replacement_rubygems && rubygems_remotes.sort_by(&:to_s) != replacement_rubygems.remotes.sort_by(&:to_s)
 
       false
     end
@@ -145,9 +143,7 @@ module Bundler
     end
 
     def combine_rubygems_sources
-      aggregate_source = Source::Rubygems.new("remotes" => rubygems_remotes)
-      aggregate_source.allow_multisource! unless disable_multisource?
-      aggregate_source
+      Source::Rubygems.new("remotes" => rubygems_remotes)
     end
 
     def warn_on_git_protocol(source)

data/lib/bundler/spec_set.rb

@@ -82,6 +82,7 @@ module Bundler
       materialized.map! do |s|
         next s unless s.is_a?(LazySpecification)
         s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
+        s.source.local!
         spec = s.__materialize__
         unless spec
           unless missing_specs
@@ -102,6 +103,7 @@ module Bundler
       @specs.map do |s|
         next s unless s.is_a?(LazySpecification)
         s.source.dependency_names = names if s.source.respond_to?(:dependency_names=)
+        s.source.local!
         s.source.remote!
         spec = s.__materialize__
         raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec

data/lib/bundler/stub_specification.rb

@@ -26,11 +26,19 @@ module Bundler
 
     # @!group Stub Delegates
 
+    def manually_installed?
+      # This is for manually installed gems which are gems that were fixed in place after a
+      # failed installation. Once the issue was resolved, the user then manually created
+      # the gem specification using the instructions provided by `gem help install`
+      installed_by_version == Gem::Version.new(0)
+    end
+
     # This is defined directly to avoid having to loading the full spec
     def missing_extensions?
       return false if default_gem?
       return false if extensions.empty?
       return false if File.exist? gem_build_complete_path
+      return false if manually_installed?
 
       true
     end

data/lib/bundler/templates/newgem/README.md.tt

@@ -29,19 +29,21 @@ TODO: Write usage instructions here
 After checking out the repo, run `bin/setup` to install dependencies.<% if config[:test] %> Then, run `rake <%= config[:test].sub('mini', '').sub('rspec', 'spec') %>` to run the tests.<% end %> You can also run `bin/console` for an interactive prompt that will allow you to experiment.<% if config[:bin] %> Run `bundle exec <%= config[:name] %>` to use the gem in this directory, ignoring other installed copies of this gem.<% end %>
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+<% if config[:git] -%>
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/<%= config[:github_username] %>/<%= config[:name] %>.<% if config[:coc] %> This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/<%= config[:github_username] %>/<%= config[:name] %>/blob/master/CODE_OF_CONDUCT.md).<% end %>
+Bug reports and pull requests are welcome on GitHub at https://github.com/<%= config[:github_username] %>/<%= config[:name] %>.<% if config[:coc] %> This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/<%= config[:github_username] %>/<%= config[:name] %>/blob/<%= config[:git_default_branch] %>/CODE_OF_CONDUCT.md).<% end %>
+<% end -%>
 <% if config[:mit] -%>
 
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
 <% end -%>
-<% if config[:coc] -%>
+<% if config[:git] && config[:coc] -%>
 
 ## Code of Conduct
 
-Everyone interacting in the <%= config[:constant_name] %> project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/<%= config[:github_username] %>/<%= config[:name] %>/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the <%= config[:constant_name] %> project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/<%= config[:github_username] %>/<%= config[:name] %>/blob/<%= config[:git_default_branch] %>/CODE_OF_CONDUCT.md).
 <% end -%>

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.2.10".freeze
+  VERSION = "2.2.15".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.2.10
+  version: 2.2.15
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-02-15 00:00:00.000000000 Z
+date: 2021-03-19 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -352,7 +352,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.2.10
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: The best way to manage your application's dependencies