bundler 2.2.11 → 2.3.26

data/lib/bundler/fetcher/compact_index.rb

@@ -57,22 +57,17 @@ module Bundler
         gem_info
       end
 
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        contents = compact_index_client.spec(*spec)
-        return nil if contents.nil?
-        contents.unshift(spec.first)
-        contents[3].map! {|d| Gem::Dependency.new(*d) }
-        EndpointSpecification.new(*contents)
-      end
-      compact_index_request :fetch_spec
-
       def available?
-        return nil unless SharedHelpers.md5_available?
-        user_home = Bundler.user_home
-        return nil unless user_home.directory? && user_home.writable?
+        unless SharedHelpers.md5_available?
+          Bundler.ui.debug("FIPS mode is enabled, bundler can't use the CompactIndex API")
+          return nil
+        end
+        if fetch_uri.scheme == "file"
+          Bundler.ui.debug("Using a local server, bundler won't use the CompactIndex API")
+          return false
+        end
         # Read info file checksums out of /versions, so we can know if gems are up to date
-        fetch_uri.scheme != "file" && compact_index_client.update_and_parse_checksums!
+        compact_index_client.update_and_parse_checksums!
       rescue CompactIndexClient::Updater::MisMatchedChecksumError => e
         Bundler.ui.debug(e.message)
         nil
@@ -111,7 +106,7 @@ module Bundler
       def bundle_worker(func = nil)
         @bundle_worker ||= begin
           worker_name = "Compact Index (#{display_uri.host})"
-          Bundler::Worker.new(Bundler.current_ruby.rbx? ? 1 : 25, worker_name, func)
+          Bundler::Worker.new(Bundler.settings.processor_count, worker_name, func)
         end
         @bundle_worker.tap do |worker|
           worker.instance_variable_set(:@func, func) if func

data/lib/bundler/fetcher/downloader.rb

@@ -14,8 +14,10 @@ module Bundler
       def fetch(uri, headers = {}, counter = 0)
         raise HTTPError, "Too many redirects" if counter >= redirect_limit
 
+        filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
+
         response = request(uri, headers)
-        Bundler.ui.debug("HTTP #{response.code} #{response.message} #{uri}")
+        Bundler.ui.debug("HTTP #{response.code} #{response.message} #{filtered_uri}")
 
         case response
         when Net::HTTPSuccess, Net::HTTPNotModified
@@ -40,7 +42,7 @@ module Bundler
           raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
         when Net::HTTPNotFound
-          raise FallbackError, "Net::HTTPNotFound: #{URICredentialsFilter.credential_filtered_uri(uri)}"
+          raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
         else
           raise HTTPError, "#{response.class}#{": #{response.body}" unless response.body.empty?}"
         end
@@ -49,7 +51,9 @@ module Bundler
       def request(uri, headers)
         validate_uri_scheme!(uri)
 
-        Bundler.ui.debug "HTTP GET #{uri}"
+        filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
+
+        Bundler.ui.debug "HTTP GET #{filtered_uri}"
         req = Net::HTTP::Get.new uri.request_uri, headers
         if uri.user
           user = CGI.unescape(uri.user)
@@ -64,12 +68,11 @@ module Bundler
         raise CertificateFailureError.new(uri)
       rescue *HTTP_ERRORS => e
         Bundler.ui.trace e
-        case e.message
-        when /host down:/, /getaddrinfo: nodename nor servname provided/
+        if e.is_a?(SocketError) || e.message =~ /host down:/
           raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
             "connection and try again."
         else
-          raise HTTPError, "Network error while fetching #{URICredentialsFilter.credential_filtered_uri(uri)}" \
+          raise HTTPError, "Network error while fetching #{filtered_uri}" \
             " (#{e})"
         end
       end

data/lib/bundler/fetcher/index.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require_relative "base"
-require "rubygems/remote_fetcher"
 
 module Bundler
   class Fetcher
@@ -22,32 +21,6 @@ module Bundler
           raise HTTPError, "Could not fetch specs from #{display_uri} due to underlying error <#{e.message}>"
         end
       end
-
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        spec_file_name = "#{spec.join "-"}.gemspec"
-
-        uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
-        if uri.scheme == "file"
-          path = Bundler.rubygems.correct_for_windows_path(uri.path)
-          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
-        elsif cached_spec_path = gemspec_cached_path(spec_file_name)
-          Bundler.load_gemspec(cached_spec_path)
-        else
-          Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
-        end
-      rescue MarshalError
-        raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
-          "Your network or your gem server is probably having issues right now."
-      end
-
-      private
-
-      # cached gem specification path, if one exists
-      def gemspec_cached_path(spec_file_name)
-        paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-        paths.find {|path| File.file? path }
-      end
     end
   end
 end

data/lib/bundler/fetcher.rb

@@ -20,6 +20,7 @@ module Bundler
     class TooManyRequestsError < HTTPError; end
     # This error is raised if the API returns a 413 (only printed in verbose)
     class FallbackError < HTTPError; end
+
     # This is the error raised if OpenSSL fails the cert verification
     class CertificateFailureError < HTTPError
       def initialize(remote_uri)
@@ -28,10 +29,12 @@ module Bundler
           " is a chance you are experiencing a man-in-the-middle attack, but" \
           " most likely your system doesn't have the CA certificates needed" \
           " for verification. For information about OpenSSL certificates, see" \
-          " http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile" \
+          " https://railsapps.github.io/openssl-certificate-verify-failed.html." \
+          " To connect without using SSL, edit your Gemfile" \
           " sources and change 'https' to 'http'."
       end
     end
+
     # This is the error raised when a source is HTTPS and OpenSSL didn't load
     class SSLError < HTTPError
       def initialize(msg = nil)
@@ -41,15 +44,18 @@ module Bundler
             "using RVM are available at rvm.io/packages/openssl."
       end
     end
+
     # This error is raised if HTTP authentication is required, but not provided.
     class AuthenticationRequiredError < HTTPError
       def initialize(remote_uri)
         remote_uri = filter_uri(remote_uri)
         super "Authentication is required for #{remote_uri}.\n" \
           "Please supply credentials for this source. You can do this by running:\n" \
-          " bundle config set --global #{remote_uri} username:password"
+          "`bundle config set --global #{remote_uri} username:password`\n" \
+          "or by storing the credentials in the `#{Settings.key_for(remote_uri)}` environment variable"
       end
     end
+
     # This error is raised if HTTP authentication is provided, but incorrect.
     class BadAuthenticationError < HTTPError
       def initialize(remote_uri)
@@ -69,8 +75,8 @@ module Bundler
                   :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
     FAIL_ERRORS = begin
       fail_errors = [AuthenticationRequiredError, BadAuthenticationError, FallbackError]
-      fail_errors << Gem::Requirement::BadRequirementError if defined?(Gem::Requirement::BadRequirementError)
-      fail_errors.concat(NET_ERRORS.map {|e| SharedHelpers.const_get_safely(e, Net) }.compact)
+      fail_errors << Gem::Requirement::BadRequirementError
+      fail_errors.concat(NET_ERRORS.map {|e| Net.const_get(e) })
     end.freeze
 
     class << self
@@ -120,7 +126,6 @@ module Bundler
 
     # return the specs in the bundler format as an index
     def specs(gem_names, source)
-      old = Bundler.rubygems.sources
       index = Bundler::Index.new
 
       if Bundler::Fetcher.disable_endpoint
@@ -128,17 +133,15 @@ module Bundler
         specs = fetchers.last.specs(gem_names)
       else
         specs = []
-        fetchers.shift until fetchers.first.available? || fetchers.empty?
-        fetchers.dup.each do |f|
-          break unless f.api_fetcher? && !gem_names || !specs = f.specs(gem_names)
-          fetchers.delete(f)
+        @fetchers = fetchers.drop_while do |f|
+          !f.available? || (f.api_fetcher? && !gem_names) || !specs = f.specs(gem_names)
         end
         @use_api = false if fetchers.none?(&:api_fetcher?)
       end
 
       specs.each do |name, version, platform, dependencies, metadata|
         spec = if dependencies
-          EndpointSpecification.new(name, version, platform, dependencies, metadata)
+          EndpointSpecification.new(name, version, platform, self, dependencies, metadata)
         else
           RemoteSpecification.new(name, version, platform, self)
         end
@@ -151,8 +154,6 @@ module Bundler
     rescue CertificateFailureError
       Bundler.ui.info "" if gem_names && use_api # newline after dots
       raise
-    ensure
-      Bundler.rubygems.sources = old
     end
 
     def use_api
@@ -229,6 +230,7 @@ module Bundler
         "GO_SERVER_URL" => "go",
         "SNAP_CI" => "snap",
         "GITLAB_CI" => "gitlab",
+        "GITHUB_ACTIONS" => "github",
         "CI_NAME" => ENV["CI_NAME"],
         "CI" => "ci",
       }
@@ -238,12 +240,12 @@ module Bundler
     def connection
       @connection ||= begin
         needs_ssl = remote_uri.scheme == "https" ||
-          Bundler.settings[:ssl_verify_mode] ||
-          Bundler.settings[:ssl_client_cert]
+                    Bundler.settings[:ssl_verify_mode] ||
+                    Bundler.settings[:ssl_client_cert]
         raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
 
         con = PersistentHTTP.new :name => "bundler", :proxy => :ENV
-        if gem_proxy = Bundler.rubygems.configuration[:http_proxy]
+        if gem_proxy = Gem.configuration[:http_proxy]
           con.proxy = Bundler::URI.parse(gem_proxy) if gem_proxy != :no_proxy
         end
 
@@ -254,8 +256,8 @@ module Bundler
         end
 
         ssl_client_cert = Bundler.settings[:ssl_client_cert] ||
-          (Bundler.rubygems.configuration.ssl_client_cert if
-            Bundler.rubygems.configuration.respond_to?(:ssl_client_cert))
+                          (Gem.configuration.ssl_client_cert if
+                            Gem.configuration.respond_to?(:ssl_client_cert))
         if ssl_client_cert
           pem = File.read(ssl_client_cert)
           con.cert = OpenSSL::X509::Certificate.new(pem)
@@ -273,8 +275,7 @@ module Bundler
     # cached gem specification path, if one exists
     def gemspec_cached_path(spec_file_name)
       paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-      paths = paths.select {|path| File.file? path }
-      paths.first
+      paths.find {|path| File.file? path }
     end
 
     HTTP_ERRORS = [
@@ -287,8 +288,8 @@ module Bundler
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
       ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
-        (Bundler.rubygems.configuration.ssl_ca_cert if
-          Bundler.rubygems.configuration.respond_to?(:ssl_ca_cert))
+                    (Gem.configuration.ssl_ca_cert if
+                      Gem.configuration.respond_to?(:ssl_ca_cert))
       if ssl_ca_cert
         if File.directory? ssl_ca_cert
           store.add_path ssl_ca_cert
@@ -302,8 +303,6 @@ module Bundler
       store
     end
 
-    private
-
     def remote_uri
       @remote.uri
     end

data/lib/bundler/friendly_errors.rb

@@ -29,8 +29,11 @@ module Bundler
         Bundler.ui.error error.message
         Bundler.ui.trace error.orig_exception
       when BundlerError
-        Bundler.ui.error error.message, :wrap => true
-        Bundler.ui.trace error
+        if Bundler.ui.debug?
+          Bundler.ui.trace error
+        else
+          Bundler.ui.error error.message, :wrap => true
+        end
       when Thor::Error
         Bundler.ui.error error.message
       when LoadError
@@ -49,8 +52,6 @@ module Bundler
           "Alternatively, you can increase the amount of memory the JVM is able to use by running Bundler with jruby -J-Xmx1024m -S bundle (JRuby defaults to 500MB)."
       else request_issue_report_for(error)
       end
-    rescue StandardError
-      raise error
     end
 
     def exit_status(error)
@@ -65,38 +66,9 @@ module Bundler
     def request_issue_report_for(e)
       Bundler.ui.error <<-EOS.gsub(/^ {8}/, ""), nil, nil
         --- ERROR REPORT TEMPLATE -------------------------------------------------------
-        # Error Report
-
-        ## Questions
-
-        Please fill out answers to these questions, it'll help us figure out
-        why things are going wrong.
-
-        - **What did you do?**
-
-          I ran the command `#{$PROGRAM_NAME} #{ARGV.join(" ")}`
-
-        - **What did you expect to happen?**
-
-          I expected Bundler to...
-
-        - **What happened instead?**
-
-          Instead, what happened was...
-
-        - **Have you tried any solutions posted on similar issues in our issue tracker, stack overflow, or google?**
-
-          I tried...
-
-        - **Have you read our issues document, https://github.com/rubygems/rubygems/blob/master/bundler/doc/contributing/ISSUES.md?**
-
-          ...
-
-        ## Backtrace
 
         ```
-        #{e.class}: #{e.message}
-          #{e.backtrace && e.backtrace.join("\n          ").chomp}
+        #{exception_message(e)}
         ```
 
         #{Bundler::Env.report}
@@ -111,8 +83,22 @@ module Bundler
         First, try this link to see if there are any existing issue reports for this error:
         #{issues_url(e)}
 
-        If there aren't any reports for this error yet, please create copy and paste the report template above into a new issue. Don't forget to anonymize any private data! The new issue form is located at:
-        https://github.com/rubygems/rubygems/issues/new?labels=Bundler
+        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}, and copy and paste the report template above in there.
+      EOS
+    end
+
+    def exception_message(error)
+      message = serialized_exception_for(error)
+      cause = error.cause
+      return message unless cause
+
+      message + serialized_exception_for(cause)
+    end
+
+    def serialized_exception_for(e)
+      <<-EOS.gsub(/^ {8}/, "")
+        #{e.class}: #{e.message}
+          #{e.backtrace && e.backtrace.join("\n          ").chomp}
       EOS
     end
 
@@ -123,6 +109,10 @@ module Bundler
       "https://github.com/rubygems/rubygems/search?q=" \
         "#{CGI.escape(message)}&type=Issues"
     end
+
+    def new_issue_url
+      "https://github.com/rubygems/rubygems/issues/new?labels=Bundler&template=bundler-related-issue.md"
+    end
   end
 
   def self.with_friendly_errors

data/lib/bundler/gem_helper.rb

@@ -47,6 +47,11 @@ module Bundler
         built_gem_path = build_gem
       end
 
+      desc "Generate SHA512 checksum if #{name}-#{version}.gem into the checksums directory."
+      task "build:checksum" => "build" do
+        build_checksum(built_gem_path)
+      end
+
       desc "Build and install #{name}-#{version}.gem into system gems."
       task "install" => "build" do
         install_gem(built_gem_path)
@@ -71,7 +76,7 @@ module Bundler
         tag_version { git_push(args[:remote]) } unless already_tagged?
       end
 
-      task "release:rubygem_push" do
+      task "release:rubygem_push" => "build" do
         rubygem_push(built_gem_path) if gem_push?
       end
 
@@ -93,13 +98,21 @@ module Bundler
       built_gem_path ||= build_gem
       cmd = [*gem_command, "install", built_gem_path.to_s]
       cmd << "--local" if local
-      _, status = sh_with_status(cmd)
-      unless status.success?
-        raise "Couldn't install gem, run `gem install #{built_gem_path}' for more detailed output"
-      end
+      sh(cmd)
       Bundler.ui.confirm "#{name} (#{version}) installed."
     end
 
+    def build_checksum(built_gem_path = nil)
+      built_gem_path ||= build_gem
+      SharedHelpers.filesystem_access(File.join(base, "checksums")) {|p| FileUtils.mkdir_p(p) }
+      file_name = "#{File.basename(built_gem_path)}.sha512"
+      require "digest/sha2"
+      checksum = ::Digest::SHA512.file(built_gem_path).hexdigest
+      target = File.join(base, "checksums", file_name)
+      File.write(target, checksum + "\n")
+      Bundler.ui.confirm "#{name} #{version} checksum written to checksums/#{file_name}."
+    end
+
     protected
 
     def rubygem_push(path)
@@ -116,8 +129,8 @@ module Bundler
 
     def git_push(remote = nil)
       remote ||= default_remote
-      perform_git_push "#{remote} refs/heads/#{current_branch}"
-      perform_git_push "#{remote} refs/tags/#{version_tag}"
+      sh("git push #{remote} refs/heads/#{current_branch}".shellsplit)
+      sh("git push #{remote} refs/tags/#{version_tag}".shellsplit)
       Bundler.ui.confirm "Pushed git commits and release tag."
     end
 
@@ -145,13 +158,6 @@ module Bundler
       allowed_push_host || env_rubygems_host || "rubygems.org"
     end
 
-    def perform_git_push(options = "")
-      cmd = "git push #{options}"
-      out, status = sh_with_status(cmd.shellsplit)
-      return if status.success?
-      raise "Couldn't git push. `#{cmd}' failed with the following output:\n\n#{out}\n"
-    end
-
     def already_tagged?
       return false unless sh(%w[git tag]).split(/\n/).include?(version_tag)
       Bundler.ui.confirm "Tag #{version_tag} has already been created."
@@ -202,8 +208,7 @@ module Bundler
     def sh(cmd, &block)
       out, status = sh_with_status(cmd, &block)
       unless status.success?
-        cmd = cmd.shelljoin if cmd.respond_to?(:shelljoin)
-        raise(out.empty? ? "Running `#{cmd}` failed. Run this command directly for more detailed output." : out)
+        raise("Running `#{cmd.shelljoin}` failed with the following output:\n\n#{out}\n")
       end
       out
     end

data/lib/bundler/gem_helpers.rb

@@ -10,6 +10,7 @@ module Bundler
       [Gem::Platform.new("universal-mingw32"), Gem::Platform.new("universal-mingw32")],
       [Gem::Platform.new("x64-mingw32"), Gem::Platform.new("x64-mingw32")],
       [Gem::Platform.new("x86_64-mingw32"), Gem::Platform.new("x64-mingw32")],
+      [Gem::Platform.new("x64-mingw-ucrt"), Gem::Platform.new("x64-mingw-ucrt")],
       [Gem::Platform.new("mingw32"), Gem::Platform.new("x86-mingw32")],
     ].freeze
 
@@ -42,15 +43,21 @@ module Bundler
 
     def select_best_platform_match(specs, platform)
       matching = specs.select {|spec| spec.match_platform(platform) }
+
+      sort_best_platform_match(matching, platform)
+    end
+    module_function :select_best_platform_match
+
+    def sort_best_platform_match(matching, platform)
       exact = matching.select {|spec| spec.platform == platform }
       return exact if exact.any?
 
       sorted_matching = matching.sort_by {|spec| platform_specificity_match(spec.platform, platform) }
       exemplary_spec = sorted_matching.first
 
-      sorted_matching.take_while{|spec| same_specificity(platform, spec, exemplary_spec) && same_deps(spec, exemplary_spec) }
+      sorted_matching.take_while {|spec| same_specificity(platform, spec, exemplary_spec) && same_deps(spec, exemplary_spec) }
     end
-    module_function :select_best_platform_match
+    module_function :sort_best_platform_match
 
     class PlatformMatch
       def self.specificity_score(spec_platform, user_platform)

data/lib/bundler/gem_version_promoter.rb

@@ -55,19 +55,17 @@ module Bundler
       @level = v
     end
 
-    # Given a Dependency and an Array of SpecGroups of available versions for a
-    # gem, this method will return the Array of SpecGroups sorted (and possibly
+    # Given a Dependency and an Array of Specifications of available versions for a
+    # gem, this method will return the Array of Specifications sorted (and possibly
     # truncated if strict is true) in an order to give preference to the current
     # level (:major, :minor or :patch) when resolution is deciding what versions
     # best resolve all dependencies in the bundle.
     # @param dep [Dependency] The Dependency of the gem.
-    # @param spec_groups [SpecGroup] An array of SpecGroups for the same gem
+    # @param spec_groups [Specification] An array of Specifications for the same gem
     #    named in the @dep param.
-    # @return [SpecGroup] A new instance of the SpecGroup Array sorted and
+    # @return [Specification] A new instance of the Specification Array sorted and
     #    possibly filtered.
     def sort_versions(dep, spec_groups)
-      before_result = "before sort_versions: #{debug_format_result(dep, spec_groups).inspect}" if DEBUG
-
       @sort_versions[dep] ||= begin
         gem_name = dep.name
 
@@ -79,15 +77,14 @@ module Bundler
           filter_dep_specs(spec_groups, locked_spec)
         else
           sort_dep_specs(spec_groups, locked_spec)
-        end.tap do |specs|
-          if DEBUG
-            puts before_result
-            puts " after sort_versions: #{debug_format_result(dep, specs).inspect}"
-          end
         end
       end
     end
 
+    def reset
+      @sort_versions = {}
+    end
+
     # @return [bool] Convenience method for testing value of level variable.
     def major?
       level == :major
@@ -119,15 +116,14 @@ module Bundler
     end
 
     def sort_dep_specs(spec_groups, locked_spec)
-      return spec_groups unless locked_spec
-      @gem_name = locked_spec.name
-      @locked_version = locked_spec.version
+      @locked_version = locked_spec&.version
+      @gem_name = locked_spec&.name
 
       result = spec_groups.sort do |a, b|
         @a_ver = a.version
         @b_ver = b.version
 
-        unless @prerelease_specified[@gem_name]
+        unless @gem_name && @prerelease_specified[@gem_name]
           a_pre = @a_ver.prerelease?
           b_pre = @b_ver.prerelease?
 
@@ -151,7 +147,7 @@ module Bundler
     end
 
     def either_version_older_than_locked
-      @a_ver < @locked_version || @b_ver < @locked_version
+      @locked_version && (@a_ver < @locked_version || @b_ver < @locked_version)
     end
 
     def segments_do_not_match(level)
@@ -160,7 +156,7 @@ module Bundler
     end
 
     def unlocking_gem?
-      unlock_gems.empty? || unlock_gems.include?(@gem_name)
+      unlock_gems.empty? || (@gem_name && unlock_gems.include?(@gem_name))
     end
 
     # Specific version moves can't always reliably be done during sorting
@@ -168,7 +164,7 @@ module Bundler
     def post_sort(result)
       # default :major behavior in Bundler does not do this
       return result if major?
-      if unlocking_gem?
+      if unlocking_gem? || @locked_version.nil?
         result
       else
         move_version_to_end(result, @locked_version)
@@ -179,12 +175,5 @@ module Bundler
       move, keep = result.partition {|s| s.version.to_s == version.to_s }
       keep.concat(move)
     end
-
-    def debug_format_result(dep, spec_groups)
-      a = [dep.to_s,
-           spec_groups.map {|sg| [sg.version, sg.dependencies_for_activated_platforms.map {|dp| [dp.name, dp.requirement.to_s] }] }]
-      last_map = a.last.map {|sg_data| [sg_data.first.version, sg_data.last.map {|aa| aa.join(" ") }] }
-      [a.first, last_map, level, strict ? :strict : :not_strict]
-    end
   end
 end