bundler 2.2.11 → 2.3.6

data/lib/bundler/man/bundle-update.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-UPDATE" "1" "January 2021" "" ""
+.TH "BUNDLE\-UPDATE" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions
@@ -47,7 +47,7 @@ Fall back to using the single\-file index of all gems\.
 .
 .TP
 \fB\-\-jobs=[<number>]\fR, \fB\-j[<number>]\fR
-Specify the number of jobs to run in parallel\. The default is \fB1\fR\.
+Specify the number of jobs to run in parallel\. The default is the number of available processors\.
 .
 .TP
 \fB\-\-retry=[<number>]\fR
@@ -79,7 +79,7 @@ Do not allow any gem to be updated past latest \fB\-\-patch\fR | \fB\-\-minor\fR
 .
 .TP
 \fB\-\-conservative\fR
-Use bundle install conservative update behavior and do not allow shared dependencies to be updated\.
+Use bundle install conservative update behavior and do not allow indirect dependencies to be updated\.
 .
 .SH "UPDATING ALL GEMS"
 If you run \fBbundle update \-\-all\fR, bundler will ignore any previously installed gems and resolve all dependencies again based on the latest versions of all gems available in the sources\.
@@ -208,13 +208,13 @@ In this case, the two gems have their own set of dependencies, but they share \f
 In short, by default, when you update a gem using \fBbundle update\fR, bundler will update all dependencies of that gem, including those that are also dependencies of another gem\.
 .
 .P
-To prevent updating shared dependencies, prior to version 1\.14 the only option was the \fBCONSERVATIVE UPDATING\fR behavior in bundle install(1) \fIbundle\-install\.1\.html\fR:
+To prevent updating indirect dependencies, prior to version 1\.14 the only option was the \fBCONSERVATIVE UPDATING\fR behavior in bundle install(1) \fIbundle\-install\.1\.html\fR:
 .
 .P
 In this scenario, updating the \fBthin\fR version manually in the Gemfile(5), and then running bundle install(1) \fIbundle\-install\.1\.html\fR will only update \fBdaemons\fR and \fBeventmachine\fR, but not \fBrack\fR\. For more information, see the \fBCONSERVATIVE UPDATING\fR section of bundle install(1) \fIbundle\-install\.1\.html\fR\.
 .
 .P
-Starting with 1\.14, specifying the \fB\-\-conservative\fR option will also prevent shared dependencies from being updated\.
+Starting with 1\.14, specifying the \fB\-\-conservative\fR option will also prevent indirect dependencies from being updated\.
 .
 .SH "PATCH LEVEL OPTIONS"
 Version 1\.14 introduced 4 patch\-level options that will influence how gem versions are resolved\. One of the following options can be used: \fB\-\-patch\fR, \fB\-\-minor\fR or \fB\-\-major\fR\. \fB\-\-strict\fR can be added to further influence resolution\.

data/lib/bundler/man/bundle-update.1.ronn

@@ -56,7 +56,8 @@ gem.
   Fall back to using the single-file index of all gems.
 
 * `--jobs=[<number>]`, `-j[<number>]`:
-  Specify the number of jobs to run in parallel. The default is `1`.
+  Specify the number of jobs to run in parallel. The default is the number of
+  available processors.
 
 * `--retry=[<number>]`:
   Retry failed network or git requests for <number> times.
@@ -80,7 +81,7 @@ gem.
   Do not allow any gem to be updated past latest `--patch` | `--minor` | `--major`.
 
 * `--conservative`:
-  Use bundle install conservative update behavior and do not allow shared dependencies to be updated.
+  Use bundle install conservative update behavior and do not allow indirect dependencies to be updated.
 
 ## UPDATING ALL GEMS
 
@@ -195,7 +196,7 @@ In short, by default, when you update a gem using `bundle update`, bundler will
 update all dependencies of that gem, including those that are also dependencies
 of another gem.
 
-To prevent updating shared dependencies, prior to version 1.14 the only option
+To prevent updating indirect dependencies, prior to version 1.14 the only option
 was the `CONSERVATIVE UPDATING` behavior in [bundle install(1)](bundle-install.1.html):
 
 In this scenario, updating the `thin` version manually in the Gemfile(5),
@@ -203,7 +204,7 @@ and then running [bundle install(1)](bundle-install.1.html) will only update `da
 but not `rack`. For more information, see the `CONSERVATIVE UPDATING` section
 of [bundle install(1)](bundle-install.1.html).
 
-Starting with 1.14, specifying the `--conservative` option will also prevent shared
+Starting with 1.14, specifying the `--conservative` option will also prevent indirect
 dependencies from being updated.
 
 ## PATCH LEVEL OPTIONS

data/lib/bundler/man/bundle-viz.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-VIZ" "1" "January 2021" "" ""
+.TH "BUNDLE\-VIZ" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile

data/lib/bundler/man/bundle.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE" "1" "January 2021" "" ""
+.TH "BUNDLE" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management

data/lib/bundler/man/gemfile.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GEMFILE" "5" "January 2021" "" ""
+.TH "GEMFILE" "5" "December 2021" "" ""
 .
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
@@ -506,8 +506,34 @@ gem "rails", :git => "git://github\.com/rails/rails\.git"
 .P
 Since the \fBgithub\fR method is a specialization of \fBgit_source\fR, it accepts a \fB:branch\fR named argument\.
 .
+.P
+You can also directly pass a pull request URL:
+.
+.IP "" 4
+.
+.nf
+
+gem "rails", :github => "https://github\.com/rails/rails/pull/43753"
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Which is equivalent to:
+.
+.IP "" 4
+.
+.nf
+
+gem "rails", :github => "rails/rails", branch: "refs/pull/43753/head"
+.
+.fi
+.
+.IP "" 0
+.
 .SS "GIST"
-If the git repository you want to use is hosted as a Github Gist and is public, you can use the :gist shorthand to specify the gist identifier (without the trailing "\.git")\.
+If the git repository you want to use is hosted as a GitHub Gist and is public, you can use the :gist shorthand to specify the gist identifier (without the trailing "\.git")\.
 .
 .IP "" 4
 .

data/lib/bundler/man/gemfile.5.ronn

@@ -372,9 +372,17 @@ Are both equivalent to
 
 Since the `github` method is a specialization of `git_source`, it accepts a `:branch` named argument.
 
+You can also directly pass a pull request URL:
+
+    gem "rails", :github => "https://github.com/rails/rails/pull/43753"
+
+Which is equivalent to:
+
+    gem "rails", :github => "rails/rails", branch: "refs/pull/43753/head"
+
 ### GIST
 
-If the git repository you want to use is hosted as a Github Gist and is public, you can use
+If the git repository you want to use is hosted as a GitHub Gist and is public, you can use
 the :gist shorthand to specify the gist identifier (without the trailing ".git").
 
     gem "the_hatch", :gist => "4815162342"

data/lib/bundler/plugin/api/source.rb

@@ -140,6 +140,13 @@ module Bundler
           end
         end
 
+        # Set internal representation to fetch the gems/specs locally.
+        #
+        # When this is called, the source should try to fetch the specs and
+        # install from the local system.
+        def local!
+        end
+
         # Set internal representation to fetch the gems/specs from remote.
         #
         # When this is called, the source should try to fetch the specs and
@@ -237,6 +244,20 @@ module Bundler
           specs.unmet_dependency_names
         end
 
+        # Used by definition.
+        #
+        # Note: Do not override if you don't know what you are doing.
+        def spec_names
+          specs.spec_names
+        end
+
+        # Used by definition.
+        #
+        # Note: Do not override if you don't know what you are doing.
+        def add_dependency_names(names)
+          @dependencies |= Array(names)
+        end
+
         # Note: Do not override if you don't know what you are doing.
         def can_lock?(spec)
           spec.source == self
@@ -262,6 +283,7 @@ module Bundler
         def to_s
           "plugin source for #{@type} with uri #{@uri}"
         end
+        alias_method :identifier, :to_s
 
         # Note: Do not override if you don't know what you are doing.
         def include?(other)

data/lib/bundler/plugin/index.rb

@@ -74,7 +74,10 @@ module Bundler
       def unregister_plugin(name)
         @commands.delete_if {|_, v| v == name }
         @sources.delete_if {|_, v| v == name }
-        @hooks.each {|_, plugin_names| plugin_names.delete(name) }
+        @hooks.each do |hook, names|
+          names.delete(name)
+          @hooks.delete(hook) if names.empty?
+        end
         @plugin_paths.delete(name)
         @load_paths.delete(name)
         save_index

data/lib/bundler/plugin/installer.rb

@@ -16,15 +16,13 @@ module Bundler
 
         version = options[:version] || [">= 0"]
 
-        Bundler.settings.temporary(:disable_multisource => false) do
-          if options[:git]
-            install_git(names, version, options)
-          elsif options[:local_git]
-            install_local_git(names, version, options)
-          else
-            sources = options[:source] || Bundler.rubygems.sources
-            install_rubygems(names, version, sources)
-          end
+        if options[:git]
+          install_git(names, version, options)
+        elsif options[:local_git]
+          install_local_git(names, version, options)
+        else
+          sources = options[:source] || Gem.sources
+          install_rubygems(names, version, sources)
         end
       end
 
@@ -79,10 +77,12 @@ module Bundler
         source_list = SourceList.new
 
         source_list.add_git_source(git_source_options) if git_source_options
-        source_list.add_rubygems_source("remotes" => rubygems_source) if rubygems_source
+        Array(rubygems_source).each {|remote| source_list.add_global_rubygems_remote(remote) } if rubygems_source
 
         deps = names.map {|name| Dependency.new name, version }
 
+        Bundler.configure_gem_home_and_path(Plugin.root)
+
         definition = Definition.new(nil, deps, source_list, true)
         install_definition(definition)
       end

data/lib/bundler/plugin/source_list.rb

@@ -17,6 +17,10 @@ module Bundler
         path_sources + git_sources + rubygems_sources + [metadata_source]
       end
 
+      def default_source
+        git_sources.first || global_rubygems_source
+      end
+
       private
 
       def rubygems_aggregate_class

data/lib/bundler/plugin.rb

@@ -13,6 +13,7 @@ module Bundler
     class MalformattedPlugin < PluginError; end
     class UndefinedCommandError < PluginError; end
     class UnknownSourceError < PluginError; end
+    class PluginInstallError < PluginError; end
 
     PLUGIN_FILE_NAME = "plugins.rb".freeze
 
@@ -38,12 +39,11 @@ module Bundler
       specs = Installer.new.install(names, options)
 
       save_plugins names, specs
-    rescue PluginError => e
+    rescue PluginError
       specs_to_delete = specs.select {|k, _v| names.include?(k) && !index.commands.values.include?(k) }
       specs_to_delete.each_value {|spec| Bundler.rm_rf(spec.full_gem_path) }
 
-      names_list = names.map {|name| "`#{name}`" }.join(", ")
-      Bundler.ui.error "Failed to install the following plugins: #{names_list}. The underlying error was: #{e.message}.\n #{e.backtrace.join("\n ")}"
+      raise
     end
 
     # Uninstalls plugins by the given names
@@ -105,6 +105,7 @@ module Bundler
         else
           builder.eval_gemfile(gemfile)
         end
+        builder.check_primary_source_safety
         definition = builder.to_definition(nil, true)
 
         return if definition.dependencies.empty?
@@ -163,7 +164,7 @@ module Bundler
     end
 
     # To be called from Cli class to pass the command and argument to
-    # approriate plugin class
+    # appropriate plugin class
     def exec_command(command, args)
       raise UndefinedCommandError, "Command `#{command}` not found" unless command? command
 
@@ -182,7 +183,7 @@ module Bundler
       !index.source_plugin(name.to_s).nil?
     end
 
-    # @return [Class] that handles the source. The calss includes API::Source
+    # @return [Class] that handles the source. The class includes API::Source
     def source(name)
       raise UnknownSourceError, "Source #{name} not found" unless source? name
 
@@ -244,10 +245,11 @@ module Bundler
     # @param [Array<String>] names of inferred source plugins that can be ignored
     def save_plugins(plugins, specs, optional_plugins = [])
       plugins.each do |name|
+        next if index.installed?(name)
+
         spec = specs[name]
-        validate_plugin! Pathname.new(spec.full_gem_path)
-        installed = register_plugin(name, spec, optional_plugins.include?(name))
-        Bundler.ui.info "Installed plugin #{name}" if installed
+
+        save_plugin(name, spec, optional_plugins.include?(name))
       end
     end
 
@@ -262,6 +264,22 @@ module Bundler
       raise MalformattedPlugin, "#{PLUGIN_FILE_NAME} was not found in the plugin." unless plugin_file.file?
     end
 
+    # Validates and registers a plugin.
+    #
+    # @param [String] name the name of the plugin
+    # @param [Specification] spec of installed plugin
+    # @param [Boolean] optional_plugin, removed if there is conflict with any
+    #                     other plugin (used for default source plugins)
+    #
+    # @raise [PluginInstallError] if validation or registration raises any error
+    def save_plugin(name, spec, optional_plugin = false)
+      validate_plugin! Pathname.new(spec.full_gem_path)
+      installed = register_plugin(name, spec, optional_plugin)
+      Bundler.ui.info "Installed plugin #{name}" if installed
+    rescue PluginError => e
+      raise PluginInstallError, "Failed to install plugin `#{spec.name}`, due to #{e.class} (#{e.message})"
+    end
+
     # Runs the plugins.rb file in an isolated namespace, records the plugin
     # actions it registers for and then passes the data to index to be stored.
     #
@@ -308,6 +326,8 @@ module Bundler
     #
     # @param [String] name of the plugin
     def load_plugin(name)
+      return unless name && !name.empty?
+
       # Need to ensure before this that plugin root where the rest of gems
       # are installed to be on load path to support plugin deps. Currently not
       # done to avoid conflicts

data/lib/bundler/process_lock.rb

@@ -12,7 +12,7 @@ module Bundler
         yield
         f.flock(File::LOCK_UN)
       end
-    rescue Errno::EACCES, Errno::ENOLCK, *[SharedHelpers.const_get_safely(:ENOTSUP, Errno)].compact
+    rescue Errno::EACCES, Errno::ENOLCK, Errno::ENOTSUP
       # In the case the user does not have access to
       # create the lock file or is using NFS where
       # locks are not available we skip locking.

data/lib/bundler/psyched_yaml.rb

@@ -1,22 +1,10 @@
 # frozen_string_literal: true
 
-# Psych could be in the stdlib
-# but it's too late if Syck is already loaded
 begin
-  require "psych" unless defined?(Syck)
+  require "psych"
 rescue LoadError
   # Apparently Psych wasn't available. Oh well.
 end
 
 # At least load the YAML stdlib, whatever that may be
 require "yaml" unless defined?(YAML.dump)
-
-module Bundler
-  # On encountering invalid YAML,
-  # Psych raises Psych::SyntaxError
-  if defined?(::Psych::SyntaxError)
-    YamlLibrarySyntaxError = ::Psych::SyntaxError
-  else # Syck raises ArgumentError
-    YamlLibrarySyntaxError = ::ArgumentError
-  end
-end

data/lib/bundler/remote_specification.rb

@@ -27,6 +27,13 @@ module Bundler
       @platform = _remote_specification.platform
     end
 
+    # A fallback is included because the original version of the specification
+    # API didn't include that field, so some marshalled specs in the index have it
+    # set to +nil+.
+    def required_rubygems_version
+      @required_rubygems_version ||= _remote_specification.required_rubygems_version || Gem::Requirement.default
+    end
+
     def full_name
       if platform == Gem::Platform::RUBY || platform.nil?
         "#{@name}-#{@version}"

data/lib/bundler/resolver/spec_group.rb

@@ -21,14 +21,10 @@ module Bundler
         @version = exemplary_spec.version
         @source = exemplary_spec.source
 
-        @all_platforms = relevant_platforms
         @activated_platforms = relevant_platforms
         @dependencies = Hash.new do |dependencies, platforms|
           dependencies[platforms] = dependencies_for(platforms)
         end
-        @partitioned_dependency_names = Hash.new do |partitioned_dependency_names, platforms|
-          partitioned_dependency_names[platforms] = partitioned_dependency_names_for(platforms)
-        end
         @specs = specs
       end
 
@@ -45,14 +41,6 @@ module Bundler
         end.flatten.compact.uniq
       end
 
-      def activate_platform!(platform)
-        self.activated_platforms = [platform]
-      end
-
-      def activate_all_platforms!
-        self.activated_platforms = @all_platforms
-      end
-
       def to_s
         activated_platforms_string = sorted_activated_platforms.join(", ")
         "#{name} (#{version}) (#{activated_platforms_string})"
@@ -62,10 +50,6 @@ module Bundler
         @dependencies[activated_platforms]
       end
 
-      def partitioned_dependency_names_for_activated_platforms
-        @partitioned_dependency_names[activated_platforms]
-      end
-
       def ==(other)
         return unless other.is_a?(SpecGroup)
         name == other.name &&
@@ -100,14 +84,6 @@ module Bundler
         end.flatten
       end
 
-      def partitioned_dependency_names_for(platforms)
-        return @dependencies[platforms].map(&:name), [] if platforms.size == 1
-
-        @dependencies[platforms].partition do |dep_proxy|
-          @dependencies[platforms].count {|dp| dp.dep == dep_proxy.dep } == platforms.size
-        end.map {|deps| deps.map(&:name) }
-      end
-
       def __dependencies(platform)
         dependencies = []
         @specs[platform].first.dependencies.each do |dep|
@@ -119,7 +95,7 @@ module Bundler
 
       def metadata_dependencies(platform)
         spec = @specs[platform].first
-        return [] unless spec.is_a?(Gem::Specification)
+        return [] if spec.is_a?(LazySpecification)
         dependencies = []
         if !spec.required_ruby_version.nil? && !spec.required_ruby_version.none?
           dependencies << DepProxy.get_proxy(Gem::Dependency.new("Ruby\0", spec.required_ruby_version), platform)