RubyGems - bundler - Versions diffs - 2.2.15 → 2.2.20 - Mend

bundler 2.2.15 → 2.2.20

Potentially problematic release.

This version of bundler might be problematic. Click here for more details.

Files changed (72) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +86 -6
data/bundler.gemspec +2 -3
data/lib/bundler.rb +1 -0
data/lib/bundler/build_metadata.rb +2 -2
data/lib/bundler/cli.rb +16 -35
data/lib/bundler/cli/check.rb +4 -2
data/lib/bundler/cli/common.rb +15 -2
data/lib/bundler/cli/gem.rb +9 -1
data/lib/bundler/cli/outdated.rb +10 -11
data/lib/bundler/compact_index_client/updater.rb +9 -5
data/lib/bundler/current_ruby.rb +1 -0
data/lib/bundler/definition.rb +27 -84
data/lib/bundler/feature_flag.rb +0 -2
data/lib/bundler/fetcher.rb +2 -1
data/lib/bundler/fetcher/downloader.rb +8 -4
data/lib/bundler/fetcher/index.rb +0 -1
data/lib/bundler/friendly_errors.rb +2 -4
data/lib/bundler/gem_helper.rb +16 -0
data/lib/bundler/index.rb +1 -2
data/lib/bundler/injector.rb +2 -2
data/lib/bundler/inline.rb +1 -1
data/lib/bundler/lazy_specification.rb +3 -3
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +21 -10
data/lib/bundler/man/bundle-config.1.ronn +21 -11
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +1 -1
data/lib/bundler/man/bundle-install.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/plugin.rb +2 -2
data/lib/bundler/plugin/api/source.rb +14 -0
data/lib/bundler/resolver.rb +13 -96
data/lib/bundler/resolver/spec_group.rb +0 -24
data/lib/bundler/retry.rb +1 -1
data/lib/bundler/rubygems_ext.rb +2 -2
data/lib/bundler/rubygems_integration.rb +4 -3
data/lib/bundler/settings.rb +74 -12
data/lib/bundler/source.rb +11 -0
data/lib/bundler/source/rubygems.rb +23 -10
data/lib/bundler/source/rubygems_aggregate.rb +64 -0
data/lib/bundler/source_list.rb +33 -10
data/lib/bundler/source_map.rb +58 -0
data/lib/bundler/spec_set.rb +18 -7
data/lib/bundler/templates/Gemfile +1 -1
data/lib/bundler/templates/gems.rb +1 -1
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -4
data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +1 -1
data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +1 -1
data/lib/bundler/version.rb +1 -1
metadata +5 -3

data/lib/bundler/source_map.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Bundler
+  class SourceMap
+    attr_reader :sources, :dependencies
+    def initialize(sources, dependencies)
+      @sources = sources
+      @dependencies = dependencies
+    end
+    def pinned_spec_names(skip = nil)
+      direct_requirements.reject {|_, source| source == skip }.keys
+    end
+    def all_requirements
+      requirements = direct_requirements.dup
+      unmet_deps = sources.non_default_explicit_sources.map do |source|
+        (source.spec_names - pinned_spec_names).each do |indirect_dependency_name|
+          previous_source = requirements[indirect_dependency_name]
+          if previous_source.nil?
+            requirements[indirect_dependency_name] = source
+          else
+            no_ambiguous_sources = Bundler.feature_flag.bundler_3_mode?
+            msg = ["The gem '#{indirect_dependency_name}' was found in multiple relevant sources."]
+            msg.concat [previous_source, source].map {|s| "  * #{s}" }.sort
+            msg << "You #{no_ambiguous_sources ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+            msg = msg.join("\n")
+            raise SecurityError, msg if no_ambiguous_sources
+            Bundler.ui.warn "Warning: #{msg}"
+          end
+        end
+        source.unmet_deps
+      end
+      sources.default_source.add_dependency_names(unmet_deps.flatten - requirements.keys)
+      requirements
+    end
+    def direct_requirements
+      @direct_requirements ||= begin
+        requirements = {}
+        default = sources.default_source
+        dependencies.each do |dep|
+          dep_source = dep.source || default
+          dep_source.add_dependency_names(dep.name)
+          requirements[dep.name] = dep_source
+        end
+        requirements
+      end
+    end
+  end
+end

data/lib/bundler/spec_set.rb CHANGED Viewed

@@ -78,11 +78,17 @@ module Bundler
     def materialize(deps, missing_specs = nil)
       materialized = self.for(deps, [], false, true, !missing_specs).to_a
-      deps = materialized.map(&:name).uniq
+      materialized.group_by(&:source).each do |source, specs|
+        next unless specs.any?{|s| s.is_a?(LazySpecification) }
+        source.local!
+        names = -> { specs.map(&:name).uniq }
+        source.double_check_for(names)
+      end
       materialized.map! do |s|
         next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
-        s.source.local!
         spec = s.__materialize__
         unless spec
           unless missing_specs
@@ -99,12 +105,17 @@ module Bundler
     # This is in contrast to how for does platform filtering (and specifically different from how `materialize` calls `for` only for the current platform)
     # @return [Array<Gem::Specification>]
     def materialized_for_all_platforms
-      names = @specs.map(&:name).uniq
+      @specs.group_by(&:source).each do |source, specs|
+        next unless specs.any?{|s| s.is_a?(LazySpecification) }
+        source.local!
+        source.remote!
+        names = -> { specs.map(&:name).uniq }
+        source.double_check_for(names)
+      end
       @specs.map do |s|
         next s unless s.is_a?(LazySpecification)
-        s.source.dependency_names = names if s.source.respond_to?(:dependency_names=)
-        s.source.local!
-        s.source.remote!
         spec = s.__materialize__
         raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
         spec

data/lib/bundler/templates/Gemfile CHANGED Viewed

@@ -2,6 +2,6 @@
 source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # gem "rails"

data/lib/bundler/templates/gems.rb CHANGED Viewed

@@ -3,6 +3,6 @@
 # A sample gems.rb
 source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # gem "rails"

data/lib/bundler/templates/newgem/github/workflows/main.yml.tt CHANGED Viewed

@@ -11,8 +11,6 @@ jobs:
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: <%= RUBY_VERSION %>
+        bundler-cache: true
     - name: Run the default task
-      run: |
-        gem install bundler -v <%= Bundler::VERSION %>
-        bundle install
-        bundle exec rake
+      run: bundle exec rake

data/lib/bundler/templates/newgem/newgem.gemspec.tt CHANGED Viewed

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
 <%- if config[:mit] -%>
   spec.license       = "MIT"
 <%- end -%>
-  spec.required_ruby_version = Gem::Requirement.new(">= <%= config[:required_ruby_version] %>")
+  spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"
   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"

data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Bundler::Molinillo
-  # Provides information about specifcations and dependencies to the resolver,
+  # Provides information about specifications and dependencies to the resolver,
   # allowing the {Resolver} class to remain generic while still providing power
   # and flexibility.
   #

data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb CHANGED Viewed

@@ -252,7 +252,7 @@ class Bundler::Thor
     # flag<Regexp|String>:: the regexp or string to be replaced
     # replacement<String>:: the replacement, can be also given as a block
     # config<Hash>:: give :verbose => false to not log the status, and
-    #                :force => true, to force the replacement regardles of runner behavior.
+    #                :force => true, to force the replacement regardless of runner behavior.
     #
     # ==== Example
     #

data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb CHANGED Viewed

@@ -115,7 +115,7 @@ class Bundler::Dir < Dir
       Bundler::Dir.tmpdir
     end
-    UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze
+    UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~"
     class << (RANDOM = Random.new)
       MAX = 36**6 # < 0x100000000

data/lib/bundler/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 module Bundler
-  VERSION = "2.2.15".freeze
+  VERSION = "2.2.20".freeze
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.2.15
+  version: 2.2.20
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-19 00:00:00.000000000 Z
+date: 2021-06-11 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -202,7 +202,9 @@ files:
 - lib/bundler/source/path/installer.rb
 - lib/bundler/source/rubygems.rb
 - lib/bundler/source/rubygems/remote.rb
+- lib/bundler/source/rubygems_aggregate.rb
 - lib/bundler/source_list.rb
+- lib/bundler/source_map.rb
 - lib/bundler/spec_set.rb
 - lib/bundler/stub_specification.rb
 - lib/bundler/templates/.document
@@ -352,7 +354,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.20
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies