bundler 2.2.14 → 2.2.19

data/lib/bundler/feature_flag.rb

@@ -32,10 +32,8 @@ module Bundler
     settings_flag(:cache_all) { bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:deployment_means_frozen) { bundler_3_mode? }
-    settings_flag(:disable_multisource) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
-    settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }
     settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
     settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
     settings_flag(:print_only_version_number) { bundler_3_mode? }

data/lib/bundler/fetcher.rb

@@ -47,7 +47,8 @@ module Bundler
         remote_uri = filter_uri(remote_uri)
         super "Authentication is required for #{remote_uri}.\n" \
           "Please supply credentials for this source. You can do this by running:\n" \
-          " bundle config set --global #{remote_uri} username:password"
+          "`bundle config set --global #{remote_uri} username:password`\n" \
+          "or by storing the credentials in the `#{Settings.key_for(remote_uri)}` environment variable"
       end
     end
     # This error is raised if HTTP authentication is provided, but incorrect.

data/lib/bundler/fetcher/downloader.rb

@@ -14,8 +14,10 @@ module Bundler
       def fetch(uri, headers = {}, counter = 0)
         raise HTTPError, "Too many redirects" if counter >= redirect_limit
 
+        filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
+
         response = request(uri, headers)
-        Bundler.ui.debug("HTTP #{response.code} #{response.message} #{uri}")
+        Bundler.ui.debug("HTTP #{response.code} #{response.message} #{filtered_uri}")
 
         case response
         when Net::HTTPSuccess, Net::HTTPNotModified
@@ -40,7 +42,7 @@ module Bundler
           raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
         when Net::HTTPNotFound
-          raise FallbackError, "Net::HTTPNotFound: #{URICredentialsFilter.credential_filtered_uri(uri)}"
+          raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
         else
           raise HTTPError, "#{response.class}#{": #{response.body}" unless response.body.empty?}"
         end
@@ -49,7 +51,9 @@ module Bundler
       def request(uri, headers)
         validate_uri_scheme!(uri)
 
-        Bundler.ui.debug "HTTP GET #{uri}"
+        filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
+
+        Bundler.ui.debug "HTTP GET #{filtered_uri}"
         req = Net::HTTP::Get.new uri.request_uri, headers
         if uri.user
           user = CGI.unescape(uri.user)
@@ -69,7 +73,7 @@ module Bundler
           raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
             "connection and try again."
         else
-          raise HTTPError, "Network error while fetching #{URICredentialsFilter.credential_filtered_uri(uri)}" \
+          raise HTTPError, "Network error while fetching #{filtered_uri}" \
             " (#{e})"
         end
       end

data/lib/bundler/friendly_errors.rb

@@ -112,7 +112,7 @@ module Bundler
         #{issues_url(e)}
 
         If there aren't any reports for this error yet, please create copy and paste the report template above into a new issue. Don't forget to anonymize any private data! The new issue form is located at:
-        https://github.com/rubygems/rubygems/issues/new?labels=Bundler
+        https://github.com/rubygems/rubygems/issues/new?labels=Bundler&template=bundler-related-issue.md
       EOS
     end
 

data/lib/bundler/gem_helper.rb

@@ -47,6 +47,11 @@ module Bundler
         built_gem_path = build_gem
       end
 
+      desc "Generate SHA512 checksum if #{name}-#{version}.gem into the checksums directory."
+      task "build:checksum" => "build" do
+        build_checksum(built_gem_path)
+      end
+
       desc "Build and install #{name}-#{version}.gem into system gems."
       task "install" => "build" do
         install_gem(built_gem_path)
@@ -100,6 +105,17 @@ module Bundler
       Bundler.ui.confirm "#{name} (#{version}) installed."
     end
 
+    def build_checksum(built_gem_path = nil)
+      built_gem_path ||= build_gem
+      SharedHelpers.filesystem_access(File.join(base, "checksums")) {|p| FileUtils.mkdir_p(p) }
+      file_name = "#{File.basename(built_gem_path)}.sha512"
+      require "digest/sha2"
+      checksum = Digest::SHA512.new.hexdigest(built_gem_path.to_s)
+      target = File.join(base, "checksums", file_name)
+      File.write(target, checksum)
+      Bundler.ui.confirm "#{name} #{version} checksum written to checksums/#{file_name}."
+    end
+
     protected
 
     def rubygem_push(path)

data/lib/bundler/index.rb

@@ -122,10 +122,9 @@ module Bundler
       names
     end
 
-    # returns a list of the dependencies
     def unmet_dependency_names
       dependency_names.select do |name|
-        name != "bundler" && search(name).empty?
+        search(name).empty?
       end
     end
 

data/lib/bundler/injector.rb

@@ -128,7 +128,7 @@ module Bundler
     # evaluates a gemfile to remove the specified gem
     # from it.
     def remove_deps(gemfile_path)
-      initial_gemfile = IO.readlines(gemfile_path)
+      initial_gemfile = File.readlines(gemfile_path)
 
       Bundler.ui.info "Removing gems from #{gemfile_path}"
 
@@ -181,7 +181,7 @@ module Bundler
       patterns = /gem\s+(['"])#{Regexp.union(gems)}\1|gem\s*\((['"])#{Regexp.union(gems)}\2\)/
       new_gemfile = []
       multiline_removal = false
-      IO.readlines(gemfile_path).each do |line|
+      File.readlines(gemfile_path).each do |line|
         match_data = line.match(patterns)
         if match_data && is_not_within_comment?(line, match_data)
           multiline_removal = line.rstrip.end_with?(",")

data/lib/bundler/inline.rb

@@ -52,7 +52,7 @@ def gemfile(install = false, options = {}, &gemfile)
     builder.instance_eval(&gemfile)
     builder.check_primary_source_safety
 
-    Bundler.settings.temporary(:frozen => false) do
+    Bundler.settings.temporary(:deployment => false, :frozen => false) do
       definition = builder.to_definition(nil, true)
       def definition.lock(*); end
       definition.validate_runtime!

data/lib/bundler/installer/parallel_installer.rb

@@ -6,10 +6,11 @@ require_relative "gem_installer"
 module Bundler
   class ParallelInstaller
     class SpecInstallation
-      attr_accessor :spec, :name, :post_install_message, :state, :error
+      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error
       def initialize(spec)
         @spec = spec
         @name = spec.name
+        @full_name = spec.full_name
         @state = :none
         @post_install_message = ""
         @error = nil
@@ -49,14 +50,11 @@ module Bundler
       # Represents only the non-development dependencies, the ones that are
       # itself and are in the total list.
       def dependencies
-        @dependencies ||= begin
-          all_dependencies.reject {|dep| ignorable_dependency? dep }
-        end
+        @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
       end
 
       def missing_lockfile_dependencies(all_spec_names)
-        deps = all_dependencies.reject {|dep| ignorable_dependency? dep }
-        deps.reject {|dep| all_spec_names.include? dep.name }
+        dependencies.reject {|dep| all_spec_names.include? dep.name }
       end
 
       # Represents all dependencies
@@ -65,7 +63,7 @@ module Bundler
       end
 
       def to_s
-        "#<#{self.class} #{@spec.full_name} (#{state})>"
+        "#<#{self.class} #{full_name} (#{state})>"
       end
     end
 
@@ -99,12 +97,37 @@ module Bundler
         install_serially
       end
 
+      check_for_unmet_dependencies
+
       handle_error if failed_specs.any?
       @specs
     ensure
       worker_pool && worker_pool.stop
     end
 
+    def check_for_unmet_dependencies
+      unmet_dependencies = @specs.map do |s|
+        [
+          s,
+          s.dependencies.reject {|dep| @specs.any? {|spec| dep.matches_spec?(spec.spec) } },
+        ]
+      end.reject {|a| a.last.empty? }
+      return if unmet_dependencies.empty?
+
+      warning = []
+      warning << "Your lockfile doesn't include a valid resolution."
+      warning << "You can fix this by regenerating your lockfile or trying to manually editing the bad locked gems to a version that satisfies all dependencies."
+      warning << "The unmet dependencies are:"
+
+      unmet_dependencies.each do |spec, unmet_spec_dependencies|
+        unmet_spec_dependencies.each do |unmet_spec_dependency|
+          warning << "* #{unmet_spec_dependency}, depended upon #{spec.full_name}, unsatisfied by #{@specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }.full_name}"
+        end
+      end
+
+      Bundler.ui.warn(warning.join("\n"))
+    end
+
     def check_for_corrupt_lockfile
       missing_dependencies = @specs.map do |s|
         [

data/lib/bundler/lazy_specification.rb

@@ -73,7 +73,12 @@ module Bundler
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
-        search = same_platform_candidates.last || candidates.last
+        installable_candidates = same_platform_candidates.select do |spec|
+          !spec.is_a?(EndpointSpecification) ||
+            (spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+              spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version))
+        end
+        search = installable_candidates.last || same_platform_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end

data/lib/bundler/man/bundle-add.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-ADD" "1" "January 2021" "" ""
+.TH "BUNDLE\-ADD" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install

data/lib/bundler/man/bundle-binstubs.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-BINSTUBS" "1" "January 2021" "" ""
+.TH "BUNDLE\-BINSTUBS" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems

data/lib/bundler/man/bundle-cache.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CACHE" "1" "January 2021" "" ""
+.TH "BUNDLE\-CACHE" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application

data/lib/bundler/man/bundle-check.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CHECK" "1" "January 2021" "" ""
+.TH "BUNDLE\-CHECK" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems

data/lib/bundler/man/bundle-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CLEAN" "1" "January 2021" "" ""
+.TH "BUNDLE\-CLEAN" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory

data/lib/bundler/man/bundle-config.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CONFIG" "1" "January 2021" "" ""
+.TH "BUNDLE\-CONFIG" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
@@ -56,9 +56,6 @@ Executing \fBbundle config unset \-\-local <name> <value>\fR will delete the con
 .P
 Executing bundle with the \fBBUNDLE_IGNORE_CONFIG\fR environment variable set will cause it to ignore all configuration\.
 .
-.P
-Executing \fBbundle config set \-\-local disable_multisource true\fR upgrades the warning about the Gemfile containing multiple primary sources to an error\. Executing \fBbundle config unset disable_multisource\fR downgrades this error to a warning\.
-.
 .SH "REMEMBERING OPTIONS"
 Flags passed to \fBbundle install\fR or the Bundler runtime, such as \fB\-\-path foo\fR or \fB\-\-without production\fR, are remembered between commands and saved to your local application\'s configuration (normally, \fB\./\.bundle/config\fR)\.
 .
@@ -184,9 +181,6 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBdisable_local_revision_check\fR (\fBBUNDLE_DISABLE_LOCAL_REVISION_CHECK\fR): Allow Bundler to use a local git override without checking if the revision present in the lockfile is present in the repository\.
 .
 .IP "\(bu" 4
-\fBdisable_multisource\fR (\fBBUNDLE_DISABLE_MULTISOURCE\fR): When set, Gemfiles containing multiple sources will produce errors instead of warnings\. Use \fBbundle config unset disable_multisource\fR to unset\.
-.
-.IP "\(bu" 4
 \fBdisable_shared_gems\fR (\fBBUNDLE_DISABLE_SHARED_GEMS\fR): Stop Bundler from accessing gems installed to RubyGems\' normal location\.
 .
 .IP "\(bu" 4
@@ -199,6 +193,9 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBfrozen\fR (\fBBUNDLE_FROZEN\fR): Disallow changes to the \fBGemfile\fR\. When the \fBGemfile\fR is changed and the lockfile has not been updated, running Bundler commands will be blocked\. Defaults to \fBtrue\fR when \fB\-\-deployment\fR is used\.
 .
 .IP "\(bu" 4
+\fBgem\.github_username\fR (\fBBUNDLE_GEM__GITHUB_USERNAME\fR): Sets a GitHub username or organization to be used in \fBREADME\fR file when you create a new gem via \fBbundle gem\fR command\. It can be overridden by passing an explicit \fB\-\-github\-username\fR flag to \fBbundle gem\fR\.
+.
+.IP "\(bu" 4
 \fBgem\.push_key\fR (\fBBUNDLE_GEM__PUSH_KEY\fR): Sets the \fB\-\-key\fR parameter for \fBgem push\fR when using the \fBrake release\fR command with a private gemstash server\.
 .
 .IP "\(bu" 4
@@ -223,9 +220,6 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBno_prune\fR (\fBBUNDLE_NO_PRUNE\fR): Whether Bundler should leave outdated gems unpruned when caching\.
 .
 .IP "\(bu" 4
-\fBonly_update_to_newer_versions\fR (\fBBUNDLE_ONLY_UPDATE_TO_NEWER_VERSIONS\fR): During \fBbundle update\fR, only resolve to newer versions of the gems in the lockfile\.
-.
-.IP "\(bu" 4
 \fBpath\fR (\fBBUNDLE_PATH\fR): The location on disk where all gems in your bundle will be located regardless of \fB$GEM_HOME\fR or \fB$GEM_PATH\fR values\. Bundle gems not found in this location will be installed by \fBbundle install\fR\. Defaults to \fBGem\.dir\fR\. When \-\-deployment is used, defaults to vendor/bundle\.
 .
 .IP "\(bu" 4
@@ -470,6 +464,23 @@ export BUNDLE_GITHUB__COM=abcd0123generatedtoken:x\-oauth\-basic
 .
 .IP "" 0
 .
+.P
+Note that any configured credentials will be redacted by informative commands such as \fBbundle config list\fR or \fBbundle config get\fR, unless you use the \fB\-\-parseable\fR flag\. This is to avoid unintentially leaking credentials when copy\-pasting bundler output\.
+.
+.P
+Also note that to guarantee a sane mapping between valid environment variable names and valid host names, bundler makes the following transformations:
+.
+.IP "\(bu" 4
+Any \fB\-\fR characters in a host name are mapped to a triple dash (\fB___\fR) in the corresponding enviroment variable\.
+.
+.IP "\(bu" 4
+Any \fB\.\fR characters in a host name are mapped to a double dash (\fB__\fR) in the corresponding environment variable\.
+.
+.IP "" 0
+.
+.P
+This means that if you have a gem server named \fBmy\.gem\-host\.com\fR, you\'ll need to use the \fBBUNDLE_MY__GEM___HOST__COM\fR variable to configure credentials for it through ENV\.
+.
 .SH "CONFIGURE BUNDLER DIRECTORIES"
 Bundler\'s home, config, cache and plugin directories are able to be configured through environment variables\. The default location for Bundler\'s home directory is \fB~/\.bundle\fR, which all directories inherit from by default\. The following outlines the available environment variables and their default values
 .

data/lib/bundler/man/bundle-config.1.ronn

@@ -47,10 +47,6 @@ configuration only from the local application.
 Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
 cause it to ignore all configuration.
 
-Executing `bundle config set --local disable_multisource true` upgrades the warning about
-the Gemfile containing multiple primary sources to an error. Executing `bundle
-config unset disable_multisource` downgrades this error to a warning.
-
 ## REMEMBERING OPTIONS
 
 Flags passed to `bundle install` or the Bundler runtime, such as `--path foo` or
@@ -178,10 +174,6 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `disable_local_revision_check` (`BUNDLE_DISABLE_LOCAL_REVISION_CHECK`):
    Allow Bundler to use a local git override without checking if the revision
    present in the lockfile is present in the repository.
-* `disable_multisource` (`BUNDLE_DISABLE_MULTISOURCE`):
-   When set, Gemfiles containing multiple sources will produce errors
-   instead of warnings.
-   Use `bundle config unset disable_multisource` to unset.
 * `disable_shared_gems` (`BUNDLE_DISABLE_SHARED_GEMS`):
    Stop Bundler from accessing gems installed to RubyGems' normal location.
 * `disable_version_check` (`BUNDLE_DISABLE_VERSION_CHECK`):
@@ -194,6 +186,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
    Disallow changes to the `Gemfile`. When the `Gemfile` is changed and the
    lockfile has not been updated, running Bundler commands will be blocked.
    Defaults to `true` when `--deployment` is used.
+* `gem.github_username` (`BUNDLE_GEM__GITHUB_USERNAME`):
+   Sets a GitHub username or organization to be used in `README` file when you
+   create a new gem via `bundle gem` command. It can be overridden by passing an
+   explicit `--github-username` flag to `bundle gem`.
 * `gem.push_key` (`BUNDLE_GEM__PUSH_KEY`):
    Sets the `--key` parameter for `gem push` when using the `rake release`
    command with a private gemstash server.
@@ -218,9 +214,6 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
    Whether `bundle package` should skip installing gems.
 * `no_prune` (`BUNDLE_NO_PRUNE`):
    Whether Bundler should leave outdated gems unpruned when caching.
-* `only_update_to_newer_versions` (`BUNDLE_ONLY_UPDATE_TO_NEWER_VERSIONS`):
-   During `bundle update`, only resolve to newer versions of the gems in the
-   lockfile.
 * `path` (`BUNDLE_PATH`):
    The location on disk where all gems in your bundle will be located regardless
    of `$GEM_HOME` or `$GEM_PATH` values. Bundle gems not found in this location
@@ -375,6 +368,23 @@ where you can use personal OAuth tokens:
 
     export BUNDLE_GITHUB__COM=abcd0123generatedtoken:x-oauth-basic
 
+Note that any configured credentials will be redacted by informative commands
+such as `bundle config list` or `bundle config get`, unless you use the
+`--parseable` flag. This is to avoid unintentially leaking credentials when
+copy-pasting bundler output.
+
+Also note that to guarantee a sane mapping between valid environment variable
+names and valid host names, bundler makes the following transformations:
+
+* Any `-` characters in a host name are mapped to a triple dash (`___`) in the
+  corresponding enviroment variable.
+
+* Any `.` characters in a host name are mapped to a double dash (`__`) in the
+  corresponding environment variable.
+
+This means that if you have a gem server named `my.gem-host.com`, you'll need to
+use the `BUNDLE_MY__GEM___HOST__COM` variable to configure credentials for it
+through ENV.
 
 ## CONFIGURE BUNDLER DIRECTORIES
 

data/lib/bundler/man/bundle-doctor.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-DOCTOR" "1" "January 2021" "" ""
+.TH "BUNDLE\-DOCTOR" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems

data/lib/bundler/man/bundle-exec.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-EXEC" "1" "January 2021" "" ""
+.TH "BUNDLE\-EXEC" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle

data/lib/bundler/man/bundle-gem.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-GEM" "1" "January 2021" "" ""
+.TH "BUNDLE\-GEM" "1" "May 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem