bundler 2.2.11 → 2.3.26

data/lib/bundler/source.rb

@@ -7,6 +7,7 @@ module Bundler
     autoload :Metadata, File.expand_path("source/metadata", __dir__)
     autoload :Path,     File.expand_path("source/path", __dir__)
     autoload :Rubygems, File.expand_path("source/rubygems", __dir__)
+    autoload :RubygemsAggregate, File.expand_path("source/rubygems_aggregate", __dir__)
 
     attr_accessor :dependency_names
 
@@ -14,13 +15,12 @@ module Bundler
       specs.unmet_dependency_names
     end
 
-    def version_message(spec)
+    def version_message(spec, locked_spec = nil)
       message = "#{spec.name} #{spec.version}"
       message += " (#{spec.platform})" if spec.platform != Gem::Platform::RUBY && !spec.platform.nil?
 
-      if Bundler.locked_gems
-        locked_spec = Bundler.locked_gems.specs.find {|s| s.name == spec.name }
-        locked_spec_version = locked_spec.version if locked_spec
+      if locked_spec
+        locked_spec_version = locked_spec.version
         if locked_spec_version && spec.version != locked_spec_version
           message += Bundler.ui.add_color(" (was #{locked_spec_version})", version_color(spec.version, locked_spec_version))
         end
@@ -33,6 +33,18 @@ module Bundler
       spec.source == self
     end
 
+    def local!; end
+
+    def local_only!; end
+
+    def cached!; end
+
+    def remote!; end
+
+    def add_dependency_names(names)
+      @dependency_names = Array(dependency_names) | Array(names)
+    end
+
     # it's possible that gems from one source depend on gems from some
     # other source, so now we download gemspecs and iterate over those
     # dependencies, looking for gems we don't have info on yet.
@@ -42,6 +54,10 @@ module Bundler
       specs.dependency_names
     end
 
+    def spec_names
+      specs.spec_names
+    end
+
     def include?(other)
       other == self
     end
@@ -50,6 +66,10 @@ module Bundler
       "#<#{self.class}:0x#{object_id} #{self}>"
     end
 
+    def identifier
+      to_s
+    end
+
     def path?
       instance_of?(Bundler::Source::Path)
     end

data/lib/bundler/source_list.rb

@@ -5,24 +5,49 @@ module Bundler
     attr_reader :path_sources,
       :git_sources,
       :plugin_sources,
-      :global_rubygems_source,
+      :global_path_source,
       :metadata_source
 
+    def global_rubygems_source
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
+    end
+
     def initialize
       @path_sources           = []
       @git_sources            = []
       @plugin_sources         = []
       @global_rubygems_source = nil
-      @rubygems_aggregate     = rubygems_aggregate_class.new
+      @global_path_source     = nil
       @rubygems_sources       = []
       @metadata_source        = Source::Metadata.new
+
+      @merged_gem_lockfile_sections = false
+    end
+
+    def merged_gem_lockfile_sections?
+      @merged_gem_lockfile_sections
+    end
+
+    def merged_gem_lockfile_sections!(replacement_source)
+      @merged_gem_lockfile_sections = true
+      @global_rubygems_source = replacement_source
+    end
+
+    def aggregate_global_source?
+      global_rubygems_source.multiple_remotes?
+    end
+
+    def implicit_global_source?
+      global_rubygems_source.no_remotes?
     end
 
     def add_path_source(options = {})
       if options["gemspec"]
         add_source_to_list Source::Gemspec.new(options), path_sources
       else
-        add_source_to_list Source::Path.new(options), path_sources
+        path_source = add_source_to_list Source::Path.new(options), path_sources
+        @global_path_source ||= path_source if options["global"]
+        path_source
       end
     end
 
@@ -33,32 +58,31 @@ module Bundler
     end
 
     def add_rubygems_source(options = {})
-      add_source_to_list Source::Rubygems.new(options), @rubygems_sources
+      new_source = Source::Rubygems.new(options)
+      return @global_rubygems_source if @global_rubygems_source == new_source
+
+      add_source_to_list new_source, @rubygems_sources
     end
 
     def add_plugin_source(source, options = {})
       add_source_to_list Plugin.source(source).new(options), @plugin_sources
     end
 
-    def global_rubygems_source=(uri)
-      if Bundler.feature_flag.disable_multisource?
-        @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
-      end
-      add_rubygems_remote(uri)
-    end
-
-    def add_rubygems_remote(uri)
-      return if Bundler.feature_flag.disable_multisource?
-      @rubygems_aggregate.add_remote(uri)
-      @rubygems_aggregate
+    def add_global_rubygems_remote(uri)
+      global_rubygems_source.add_remote(uri)
+      global_rubygems_source
     end
 
     def default_source
-      global_rubygems_source || @rubygems_aggregate
+      global_path_source || global_rubygems_source
     end
 
     def rubygems_sources
-      @rubygems_sources + [default_source]
+      non_global_rubygems_sources + [global_rubygems_source]
+    end
+
+    def non_global_rubygems_sources
+      @rubygems_sources
     end
 
     def rubygems_remotes
@@ -69,37 +93,55 @@ module Bundler
       path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source]
     end
 
+    def non_default_explicit_sources
+      all_sources - [default_source, metadata_source]
+    end
+
     def get(source)
-      source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) }
+      source_list_for(source).find {|s| equivalent_source?(source, s) }
+    end
+
+    def get_with_fallback(source)
+      get(source) || default_source
     end
 
     def lock_sources
-      lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
-      if Bundler.feature_flag.disable_multisource?
-        lock_sources + rubygems_sources.sort_by(&:to_s)
+      lock_other_sources + lock_rubygems_sources
+    end
+
+    def lock_other_sources
+      (path_sources + git_sources + plugin_sources).sort_by(&:identifier)
+    end
+
+    def lock_rubygems_sources
+      if merged_gem_lockfile_sections?
+        [combine_rubygems_sources]
       else
-        lock_sources << combine_rubygems_sources
+        rubygems_sources.sort_by(&:identifier)
       end
     end
 
     # Returns true if there are changes
     def replace_sources!(replacement_sources)
-      return true if replacement_sources.empty?
+      return false if replacement_sources.empty?
 
-      [path_sources, git_sources, plugin_sources].each do |source_list|
-        source_list.map! do |source|
-          replacement_sources.find {|s| s == source } || source
-        end
-      end
+      @rubygems_sources, @path_sources, @git_sources, @plugin_sources = map_sources(replacement_sources)
+      @global_rubygems_source = global_replacement_source(replacement_sources)
+
+      different_sources?(lock_sources, replacement_sources)
+    end
+
+    # Returns true if there are changes
+    def expired_sources?(replacement_sources)
+      return false if replacement_sources.empty?
 
-      replacement_rubygems = !Bundler.feature_flag.disable_multisource? &&
-        replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
-      @rubygems_aggregate = replacement_rubygems if replacement_rubygems
+      lock_sources = dup_with_replaced_sources(replacement_sources).lock_sources
 
-      return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
-      return true if replacement_rubygems && rubygems_remotes.sort_by(&:to_s) != replacement_rubygems.remotes.sort_by(&:to_s)
+      different_sources?(lock_sources, replacement_sources)
+    end
 
-      false
+    def local_only!
+      all_sources.each(&:local_only!)
     end
 
     def cached!
@@ -110,11 +152,33 @@ module Bundler
       all_sources.each(&:remote!)
     end
 
-    def rubygems_primary_remotes
-      @rubygems_aggregate.remotes
+    private
+
+    def dup_with_replaced_sources(replacement_sources)
+      new_source_list = dup
+      new_source_list.replace_sources!(replacement_sources)
+      new_source_list
     end
 
-    private
+    def map_sources(replacement_sources)
+      [@rubygems_sources, @path_sources, @git_sources, @plugin_sources].map do |sources|
+        sources.map do |source|
+          replacement_sources.find {|s| s == source } || source
+        end
+      end
+    end
+
+    def global_replacement_source(replacement_sources)
+      replacement_source = replacement_sources.find {|s| s == global_rubygems_source }
+      return global_rubygems_source unless replacement_source
+
+      replacement_source.local!
+      replacement_source
+    end
+
+    def different_sources?(lock_sources, replacement_sources)
+      !equivalent_sources?(lock_sources, replacement_sources)
+    end
 
     def rubygems_aggregate_class
       Source::Rubygems
@@ -150,32 +214,12 @@ module Bundler
       end
     end
 
-    def equal_sources?(lock_sources, replacement_sources)
-      lock_sources.sort_by(&:to_s) == replacement_sources.sort_by(&:to_s)
-    end
-
-    def equal_source?(source, other_source)
-      source == other_source
-    end
-
-    def equivalent_source?(source, other_source)
-      return false unless Bundler.settings[:allow_deployment_source_credential_changes] && source.is_a?(Source::Rubygems)
-
-      equivalent_rubygems_sources?([source], [other_source])
-    end
-
     def equivalent_sources?(lock_sources, replacement_sources)
-      return false unless Bundler.settings[:allow_deployment_source_credential_changes]
-
-      lock_rubygems_sources, lock_other_sources = lock_sources.partition {|s| s.is_a?(Source::Rubygems) }
-      replacement_rubygems_sources, replacement_other_sources = replacement_sources.partition {|s| s.is_a?(Source::Rubygems) }
-
-      equivalent_rubygems_sources?(lock_rubygems_sources, replacement_rubygems_sources) && equal_sources?(lock_other_sources, replacement_other_sources)
+      lock_sources.sort_by(&:identifier) == replacement_sources.sort_by(&:identifier)
     end
 
-    def equivalent_rubygems_sources?(lock_sources, replacement_sources)
-      actual_remotes = replacement_sources.map(&:remotes).flatten.uniq
-      lock_sources.all? {|s| s.equivalent_remotes?(actual_remotes) }
+    def equivalent_source?(source, other_source)
+      source == other_source
     end
   end
 end

data/lib/bundler/source_map.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Bundler
+  class SourceMap
+    attr_reader :sources, :dependencies, :locked_specs
+
+    def initialize(sources, dependencies, locked_specs)
+      @sources = sources
+      @dependencies = dependencies
+      @locked_specs = locked_specs
+    end
+
+    def pinned_spec_names(skip = nil)
+      direct_requirements.reject {|_, source| source == skip }.keys
+    end
+
+    def all_requirements
+      requirements = direct_requirements.dup
+
+      unmet_deps = sources.non_default_explicit_sources.map do |source|
+        (source.spec_names - pinned_spec_names).each do |indirect_dependency_name|
+          previous_source = requirements[indirect_dependency_name]
+          if previous_source.nil?
+            requirements[indirect_dependency_name] = source
+          else
+            no_ambiguous_sources = Bundler.feature_flag.bundler_3_mode?
+
+            msg = ["The gem '#{indirect_dependency_name}' was found in multiple relevant sources."]
+            msg.concat [previous_source, source].map {|s| "  * #{s}" }.sort
+            msg << "You #{no_ambiguous_sources ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+            msg = msg.join("\n")
+
+            raise SecurityError, msg if no_ambiguous_sources
+            Bundler.ui.warn "Warning: #{msg}"
+          end
+        end
+
+        source.unmet_deps
+      end
+
+      sources.default_source.add_dependency_names(unmet_deps.flatten - requirements.keys)
+
+      requirements
+    end
+
+    def direct_requirements
+      @direct_requirements ||= begin
+        requirements = {}
+        default = sources.default_source
+        dependencies.each do |dep|
+          dep_source = dep.source || default
+          dep_source.add_dependency_names(dep.name)
+          requirements[dep.name] = dep_source
+        end
+        requirements
+      end
+    end
+
+    def locked_requirements
+      @locked_requirements ||= begin
+        requirements = {}
+        locked_specs.each do |locked_spec|
+          source = locked_spec.source
+          source.add_dependency_names(locked_spec.name)
+          requirements[locked_spec.name] = source
+        end
+        requirements
+      end
+    end
+  end
+end

data/lib/bundler/spec_set.rb

@@ -1,56 +1,49 @@
 # frozen_string_literal: true
 
-require "tsort"
+require_relative "vendored_tsort"
 
 module Bundler
   class SpecSet
     include Enumerable
     include TSort
 
-    def initialize(specs)
+    attr_reader :incomplete_specs
+
+    def initialize(specs, incomplete_specs = [])
       @specs = specs
+      @incomplete_specs = incomplete_specs
     end
 
-    def for(dependencies, skip = [], check = false, match_current_platform = false, raise_on_missing = true)
-      handled = []
-      deps = dependencies.dup
+    def for(dependencies, check = false, platforms = [nil])
+      handled = ["bundler"].product(platforms).map {|k| [k, true] }.to_h
+      deps = dependencies.product(platforms)
       specs = []
-      skip += ["bundler"]
 
       loop do
         break unless dep = deps.shift
-        next if handled.include?(dep) || skip.include?(dep.name)
 
-        handled << dep
+        name = dep[0].name
+        platform = dep[1]
+
+        key = [name, platform]
+        next if handled.key?(key)
 
-        specs_for_dep = spec_for_dependency(dep, match_current_platform)
+        handled[key] = true
+
+        specs_for_dep = specs_for_dependency(*dep)
         if specs_for_dep.any?
-          specs += specs_for_dep
+          specs.concat(specs_for_dep)
 
           specs_for_dep.first.dependencies.each do |d|
             next if d.type == :development
-            d = DepProxy.get_proxy(d, dep.__platform) unless match_current_platform
-            deps << d
+            deps << [d, dep[1]]
           end
         elsif check
-          return false
-        elsif raise_on_missing
-          others = lookup[dep.name] if match_current_platform
-          message = "Unable to find a spec satisfying #{dep} in the set. Perhaps the lockfile is corrupted?"
-          message += " Found #{others.join(", ")} that did not match the current platform." if others && !others.empty?
-          raise GemNotFound, message
+          @incomplete_specs += lookup[name]
         end
       end
 
-      if spec = lookup["bundler"].first
-        specs << spec
-      end
-
-      check ? true : SpecSet.new(specs)
-    end
-
-    def valid_for?(deps)
-      self.for(deps, [], true)
+      specs
     end
 
     def [](key)
@@ -64,6 +57,12 @@ module Bundler
       @sorted = nil
     end
 
+    def delete(spec)
+      @specs.delete(spec)
+      @lookup = nil
+      @sorted = nil
+    end
+
     def sort!
       self
     end
@@ -76,39 +75,35 @@ module Bundler
       lookup.dup
     end
 
-    def materialize(deps, missing_specs = nil)
-      materialized = self.for(deps, [], false, true, !missing_specs).to_a
-      deps = materialized.map(&:name).uniq
-      materialized.map! do |s|
-        next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
-        spec = s.__materialize__
-        unless spec
-          unless missing_specs
-            raise GemNotFound, "Could not find #{s.full_name} in any of the sources"
-          end
-          missing_specs << s
-        end
-        spec
-      end
-      SpecSet.new(missing_specs ? materialized.compact : materialized)
+    def materialize(deps)
+      materialized = self.for(deps, true)
+
+      SpecSet.new(materialized, incomplete_specs)
     end
 
     # Materialize for all the specs in the spec set, regardless of what platform they're for
     # This is in contrast to how for does platform filtering (and specifically different from how `materialize` calls `for` only for the current platform)
     # @return [Array<Gem::Specification>]
     def materialized_for_all_platforms
-      names = @specs.map(&:name).uniq
       @specs.map do |s|
         next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = names if s.source.respond_to?(:dependency_names=)
         s.source.remote!
-        spec = s.__materialize__
+        spec = s.materialize_for_installation
         raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
         spec
       end
     end
 
+    def incomplete_ruby_specs?(deps)
+      self.for(deps, true, [Gem::Platform::RUBY])
+
+      @incomplete_specs.any?
+    end
+
+    def missing_specs
+      @specs.select {|s| s.is_a?(LazySpecification) }
+    end
+
     def merge(set)
       arr = sorted.dup
       set.each do |set_spec|
@@ -119,10 +114,20 @@ module Bundler
       SpecSet.new(arr)
     end
 
+    def -(other)
+      SpecSet.new(to_a - other.to_a)
+    end
+
     def find_by_name_and_platform(name, platform)
       @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
     end
 
+    def delete_by_name_and_version(name, version)
+      @specs.reject! {|spec| spec.name == name && spec.version == version }
+      @lookup = nil
+      @sorted = nil
+    end
+
     def what_required(spec)
       unless req = find {|s| s.dependencies.any? {|d| d.type == :runtime && d.name == spec.name } }
         return [spec]
@@ -171,7 +176,7 @@ module Bundler
     def lookup
       @lookup ||= begin
         lookup = Hash.new {|h, k| h[k] = [] }
-        Index.sort_specs(@specs).reverse_each do |s|
+        @specs.each do |s|
           lookup[s.name] << s
         end
         lookup
@@ -183,12 +188,13 @@ module Bundler
       @specs.sort_by(&:name).each {|s| yield s }
     end
 
-    def spec_for_dependency(dep, match_current_platform)
-      specs_for_platforms = lookup[dep.name]
-      if match_current_platform
-        GemHelpers.select_best_platform_match(specs_for_platforms, Bundler.local_platform)
+    def specs_for_dependency(dep, platform)
+      specs_for_name = lookup[dep.name]
+      if platform.nil?
+        matching_specs = specs_for_name.map {|s| s.materialize_for_installation if Gem::Platform.match_spec?(s) }.compact
+        GemHelpers.sort_best_platform_match(matching_specs, Bundler.local_platform)
       else
-        GemHelpers.select_best_platform_match(specs_for_platforms, dep.__platform)
+        GemHelpers.select_best_platform_match(specs_for_name, dep.force_ruby_platform ? Gem::Platform::RUBY : platform)
       end
     end
 

data/lib/bundler/stub_specification.rb

@@ -26,11 +26,19 @@ module Bundler
 
     # @!group Stub Delegates
 
+    def manually_installed?
+      # This is for manually installed gems which are gems that were fixed in place after a
+      # failed installation. Once the issue was resolved, the user then manually created
+      # the gem specification using the instructions provided by `gem help install`
+      installed_by_version == Gem::Version.new(0)
+    end
+
     # This is defined directly to avoid having to loading the full spec
     def missing_extensions?
       return false if default_gem?
       return false if extensions.empty?
       return false if File.exist? gem_build_complete_path
+      return false if manually_installed?
 
       true
     end
@@ -56,9 +64,11 @@ module Bundler
     end
 
     def full_gem_path
-      # deleted gems can have their stubs return nil, so in that case grab the
-      # expired path from the full spec
-      stub.full_gem_path || method_missing(:full_gem_path)
+      stub.full_gem_path
+    end
+
+    def full_gem_path=(path)
+      stub.full_gem_path = path
     end
 
     def full_require_paths

data/lib/bundler/templates/Executable

@@ -8,11 +8,9 @@
 # this file is here to facilitate running it.
 #
 
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../<%= relative_gemfile_path %>",
-  Pathname.new(__FILE__).realpath)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("<%= relative_gemfile_path %>", __dir__)
 
-bundle_binstub = File.expand_path("../bundle", __FILE__)
+bundle_binstub = File.expand_path("bundle", __dir__)
 
 if File.file?(bundle_binstub)
   if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/

data/lib/bundler/templates/Executable.bundler

@@ -41,7 +41,7 @@ m = Module.new do
     gemfile = ENV["BUNDLE_GEMFILE"]
     return gemfile if gemfile && !gemfile.empty?
 
-    File.expand_path("../<%= relative_gemfile_path %>", __FILE__)
+    File.expand_path("<%= relative_gemfile_path %>", __dir__)
   end
 
   def lockfile
@@ -60,20 +60,20 @@ m = Module.new do
     Regexp.last_match(1)
   end
 
-  def bundler_version
-    @bundler_version ||=
+  def bundler_requirement
+    @bundler_requirement ||=
       env_var_version || cli_arg_version ||
-        lockfile_version
+        bundler_requirement_for(lockfile_version)
   end
 
-  def bundler_requirement
-    return "#{Gem::Requirement.default}.a" unless bundler_version
+  def bundler_requirement_for(version)
+    return "#{Gem::Requirement.default}.a" unless version
 
-    bundler_gem_version = Gem::Version.new(bundler_version)
+    bundler_gem_version = Gem::Version.new(version)
 
     requirement = bundler_gem_version.approximate_recommendation
 
-    return requirement unless Gem::Version.new(Gem::VERSION) < Gem::Version.new("2.7.0")
+    return requirement unless Gem.rubygems_version < Gem::Version.new("2.7.0")
 
     requirement += ".a" if bundler_gem_version.prerelease?
 

data/lib/bundler/templates/Executable.standalone

@@ -6,9 +6,7 @@
 # this file is here to facilitate running it.
 #
 
-require "pathname"
-path = Pathname.new(__FILE__)
-$:.unshift File.expand_path "../<%= standalone_path %>", path.realpath
+$:.unshift File.expand_path "<%= standalone_path %>", __dir__
 
 require "bundler/setup"
-load File.expand_path "../<%= executable_path %>", path.realpath
+load File.expand_path "<%= executable_path %>", __dir__

data/lib/bundler/templates/Gemfile

@@ -2,6 +2,4 @@
 
 source "https://rubygems.org"
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-
 # gem "rails"

data/lib/bundler/templates/gems.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-# A sample gems.rb
 source "https://rubygems.org"
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-
 # gem "rails"