RubyGems - bundler - Versions diffs - 2.2.13 → 2.2.18 - Mend

bundler 2.2.13 → 2.2.18

Potentially problematic release.

This version of bundler might be problematic. Click here for more details.

Files changed (75) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +85 -5
data/bundler.gemspec +2 -3
data/lib/bundler.rb +1 -0
data/lib/bundler/build_metadata.rb +2 -2
data/lib/bundler/cli.rb +16 -35
data/lib/bundler/cli/common.rb +15 -2
data/lib/bundler/cli/gem.rb +9 -1
data/lib/bundler/cli/outdated.rb +8 -11
data/lib/bundler/compact_index_client/updater.rb +10 -6
data/lib/bundler/current_ruby.rb +1 -0
data/lib/bundler/definition.rb +40 -87
data/lib/bundler/dsl.rb +3 -6
data/lib/bundler/feature_flag.rb +0 -2
data/lib/bundler/fetcher.rb +2 -1
data/lib/bundler/fetcher/downloader.rb +8 -4
data/lib/bundler/friendly_errors.rb +1 -1
data/lib/bundler/gem_helper.rb +16 -0
data/lib/bundler/index.rb +1 -2
data/lib/bundler/injector.rb +2 -2
data/lib/bundler/inline.rb +1 -1
data/lib/bundler/installer/parallel_installer.rb +36 -15
data/lib/bundler/lazy_specification.rb +6 -1
data/lib/bundler/lockfile_parser.rb +2 -16
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +21 -10
data/lib/bundler/man/bundle-config.1.ronn +21 -11
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +1 -1
data/lib/bundler/man/bundle-install.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/plugin.rb +2 -2
data/lib/bundler/plugin/api/source.rb +21 -0
data/lib/bundler/resolver.rb +13 -96
data/lib/bundler/resolver/spec_group.rb +0 -24
data/lib/bundler/retry.rb +1 -1
data/lib/bundler/rubygems_ext.rb +2 -2
data/lib/bundler/settings.rb +60 -11
data/lib/bundler/source.rb +15 -0
data/lib/bundler/source/metadata.rb +0 -4
data/lib/bundler/source/path.rb +3 -1
data/lib/bundler/source/path/installer.rb +1 -1
data/lib/bundler/source/rubygems.rb +37 -10
data/lib/bundler/source/rubygems_aggregate.rb +64 -0
data/lib/bundler/source_list.rb +37 -8
data/lib/bundler/source_map.rb +58 -0
data/lib/bundler/spec_set.rb +18 -5
data/lib/bundler/templates/Gemfile +1 -1
data/lib/bundler/templates/gems.rb +1 -1
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -4
data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +1 -1
data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +1 -1
data/lib/bundler/version.rb +1 -1
metadata +9 -4

data/lib/bundler/source_list.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Bundler
       :metadata_source
     def global_rubygems_source
-      @global_rubygems_source ||= rubygems_aggregate_class.new
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
     end
     def initialize
@@ -20,6 +20,20 @@ module Bundler
       @global_path_source     = nil
       @rubygems_sources       = []
       @metadata_source        = Source::Metadata.new
+      @merged_gem_lockfile_sections = false
+    end
+    def merged_gem_lockfile_sections?
+      @merged_gem_lockfile_sections
+    end
+    def merged_gem_lockfile_sections!
+      @merged_gem_lockfile_sections = true
+    end
+    def no_aggregate_global_source?
+      global_rubygems_source.remotes.size <= 1
     end
     def add_path_source(options = {})
@@ -47,7 +61,7 @@ module Bundler
     end
     def global_rubygems_source=(uri)
-      @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
+      @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri, "allow_local" => true)
     end
     def add_rubygems_remote(uri)
@@ -60,7 +74,11 @@ module Bundler
     end
     def rubygems_sources
-      @rubygems_sources + [global_rubygems_source]
+      non_global_rubygems_sources + [global_rubygems_source]
+    end
+    def non_global_rubygems_sources
+      @rubygems_sources
     end
     def rubygems_remotes
@@ -71,16 +89,27 @@ module Bundler
       path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source]
     end
+    def non_default_explicit_sources
+      all_sources - [default_source, metadata_source]
+    end
     def get(source)
       source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) }
     end
     def lock_sources
-      lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
-      if Bundler.feature_flag.disable_multisource?
-        lock_sources + rubygems_sources.sort_by(&:to_s)
+      lock_other_sources + lock_rubygems_sources
+    end
+    def lock_other_sources
+      (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
+    end
+    def lock_rubygems_sources
+      if merged_gem_lockfile_sections?
+        [combine_rubygems_sources]
       else
-        lock_sources << combine_rubygems_sources
+        rubygems_sources.sort_by(&:to_s).uniq
       end
     end
@@ -94,7 +123,7 @@ module Bundler
         end
       end
-      replacement_rubygems = !Bundler.feature_flag.disable_multisource? &&
+      replacement_rubygems = merged_gem_lockfile_sections? &&
         replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
       @global_rubygems_source = replacement_rubygems if replacement_rubygems

data/lib/bundler/source_map.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Bundler
+  class SourceMap
+    attr_reader :sources, :dependencies
+    def initialize(sources, dependencies)
+      @sources = sources
+      @dependencies = dependencies
+    end
+    def pinned_spec_names(skip = nil)
+      direct_requirements.reject {|_, source| source == skip }.keys
+    end
+    def all_requirements
+      requirements = direct_requirements.dup
+      unmet_deps = sources.non_default_explicit_sources.map do |source|
+        (source.spec_names - pinned_spec_names).each do |indirect_dependency_name|
+          previous_source = requirements[indirect_dependency_name]
+          if previous_source.nil?
+            requirements[indirect_dependency_name] = source
+          else
+            no_ambiguous_sources = Bundler.feature_flag.bundler_3_mode?
+            msg = ["The gem '#{indirect_dependency_name}' was found in multiple relevant sources."]
+            msg.concat [previous_source, source].map {|s| "  * #{s}" }.sort
+            msg << "You #{no_ambiguous_sources ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+            msg = msg.join("\n")
+            raise SecurityError, msg if no_ambiguous_sources
+            Bundler.ui.warn "Warning: #{msg}"
+          end
+        end
+        source.unmet_deps
+      end
+      sources.default_source.add_dependency_names(unmet_deps.flatten - requirements.keys)
+      requirements
+    end
+    def direct_requirements
+      @direct_requirements ||= begin
+        requirements = {}
+        default = sources.default_source
+        dependencies.each do |dep|
+          dep_source = dep.source || default
+          dep_source.add_dependency_names(dep.name)
+          requirements[dep.name] = dep_source
+        end
+        requirements
+      end
+    end
+  end
+end

data/lib/bundler/spec_set.rb CHANGED Viewed

@@ -78,10 +78,17 @@ module Bundler
     def materialize(deps, missing_specs = nil)
       materialized = self.for(deps, [], false, true, !missing_specs).to_a
-      deps = materialized.map(&:name).uniq
+      materialized.group_by(&:source).each do |source, specs|
+        next unless specs.any?{|s| s.is_a?(LazySpecification) }
+        source.local!
+        names = -> { specs.map(&:name).uniq }
+        source.double_check_for(names)
+      end
       materialized.map! do |s|
         next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
         spec = s.__materialize__
         unless spec
           unless missing_specs
@@ -98,11 +105,17 @@ module Bundler
     # This is in contrast to how for does platform filtering (and specifically different from how `materialize` calls `for` only for the current platform)
     # @return [Array<Gem::Specification>]
     def materialized_for_all_platforms
-      names = @specs.map(&:name).uniq
+      @specs.group_by(&:source).each do |source, specs|
+        next unless specs.any?{|s| s.is_a?(LazySpecification) }
+        source.local!
+        source.remote!
+        names = -> { specs.map(&:name).uniq }
+        source.double_check_for(names)
+      end
       @specs.map do |s|
         next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = names if s.source.respond_to?(:dependency_names=)
-        s.source.remote!
         spec = s.__materialize__
         raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
         spec

data/lib/bundler/templates/Gemfile CHANGED Viewed

@@ -2,6 +2,6 @@
 source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # gem "rails"

data/lib/bundler/templates/gems.rb CHANGED Viewed

@@ -3,6 +3,6 @@
 # A sample gems.rb
 source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # gem "rails"

data/lib/bundler/templates/newgem/github/workflows/main.yml.tt CHANGED Viewed

@@ -11,8 +11,6 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: <%= RUBY_VERSION %>
+        bundler-cache: true
     - name: Run the default task
-      run: |
-        gem install bundler -v <%= Bundler::VERSION %>
-        bundle install
-        bundle exec rake
+      run: bundle exec rake

data/lib/bundler/templates/newgem/newgem.gemspec.tt CHANGED Viewed

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
 <%- if config[:mit] -%>
   spec.license       = "MIT"
 <%- end -%>
-  spec.required_ruby_version = Gem::Requirement.new(">= <%= config[:required_ruby_version] %>")
+  spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"
   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"

data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Bundler::Molinillo
-  # Provides information about specifcations and dependencies to the resolver,
+  # Provides information about specifications and dependencies to the resolver,
   # allowing the {Resolver} class to remain generic while still providing power
   # and flexibility.
   #

data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb CHANGED Viewed

@@ -252,7 +252,7 @@ class Bundler::Thor
     # flag<Regexp|String>:: the regexp or string to be replaced
     # replacement<String>:: the replacement, can be also given as a block
     # config<Hash>:: give :verbose => false to not log the status, and
-    #                :force => true, to force the replacement regardles of runner behavior.
+    #                :force => true, to force the replacement regardless of runner behavior.
     #
     # ==== Example
     #

data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb CHANGED Viewed

@@ -115,7 +115,7 @@ class Bundler::Dir < Dir
       Bundler::Dir.tmpdir
     end
-    UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze
+    UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~"
     class << (RANDOM = Random.new)
       MAX = 36**6 # < 0x100000000

data/lib/bundler/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 module Bundler
-  VERSION = "2.2.13".freeze
+  VERSION = "2.2.18".freeze
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.2.13
+  version: 2.2.18
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-03 00:00:00.000000000 Z
+date: 2021-05-25 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -32,7 +32,10 @@ executables:
 - bundle
 - bundler
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- CHANGELOG.md
+- LICENSE.md
+- README.md
 files:
 - CHANGELOG.md
 - LICENSE.md
@@ -202,7 +205,9 @@ files:
 - lib/bundler/source/path/installer.rb
 - lib/bundler/source/rubygems.rb
 - lib/bundler/source/rubygems/remote.rb
+- lib/bundler/source/rubygems_aggregate.rb
 - lib/bundler/source_list.rb
+- lib/bundler/source_map.rb
 - lib/bundler/spec_set.rb
 - lib/bundler/stub_specification.rb
 - lib/bundler/templates/.document
@@ -352,7 +357,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.2.13
+rubygems_version: 3.2.18
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies