bundler 2.2.18 → 2.2.23

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bundler might be problematic. Click here for more details.

Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -0
  3. data/bundler.gemspec +1 -1
  4. data/lib/bundler.rb +5 -6
  5. data/lib/bundler/build_metadata.rb +2 -2
  6. data/lib/bundler/cli/check.rb +4 -2
  7. data/lib/bundler/cli/doctor.rb +11 -1
  8. data/lib/bundler/cli/install.rb +7 -8
  9. data/lib/bundler/cli/lock.rb +5 -1
  10. data/lib/bundler/cli/outdated.rb +2 -0
  11. data/lib/bundler/cli/update.rb +8 -3
  12. data/lib/bundler/current_ruby.rb +4 -4
  13. data/lib/bundler/definition.rb +27 -55
  14. data/lib/bundler/dsl.rb +19 -31
  15. data/lib/bundler/feature_flag.rb +0 -2
  16. data/lib/bundler/fetcher/compact_index.rb +1 -1
  17. data/lib/bundler/fetcher/downloader.rb +1 -2
  18. data/lib/bundler/fetcher/index.rb +0 -1
  19. data/lib/bundler/friendly_errors.rb +1 -3
  20. data/lib/bundler/index.rb +1 -5
  21. data/lib/bundler/installer.rb +5 -12
  22. data/lib/bundler/lockfile_parser.rb +2 -20
  23. data/lib/bundler/man/bundle-add.1 +1 -1
  24. data/lib/bundler/man/bundle-binstubs.1 +1 -1
  25. data/lib/bundler/man/bundle-cache.1 +1 -1
  26. data/lib/bundler/man/bundle-check.1 +1 -1
  27. data/lib/bundler/man/bundle-clean.1 +1 -1
  28. data/lib/bundler/man/bundle-config.1 +1 -4
  29. data/lib/bundler/man/bundle-config.1.ronn +0 -3
  30. data/lib/bundler/man/bundle-doctor.1 +1 -1
  31. data/lib/bundler/man/bundle-exec.1 +1 -1
  32. data/lib/bundler/man/bundle-gem.1 +1 -1
  33. data/lib/bundler/man/bundle-info.1 +1 -1
  34. data/lib/bundler/man/bundle-init.1 +1 -1
  35. data/lib/bundler/man/bundle-inject.1 +1 -1
  36. data/lib/bundler/man/bundle-install.1 +1 -1
  37. data/lib/bundler/man/bundle-list.1 +1 -1
  38. data/lib/bundler/man/bundle-lock.1 +1 -1
  39. data/lib/bundler/man/bundle-open.1 +1 -1
  40. data/lib/bundler/man/bundle-outdated.1 +1 -1
  41. data/lib/bundler/man/bundle-platform.1 +1 -1
  42. data/lib/bundler/man/bundle-pristine.1 +1 -1
  43. data/lib/bundler/man/bundle-remove.1 +1 -1
  44. data/lib/bundler/man/bundle-show.1 +1 -1
  45. data/lib/bundler/man/bundle-update.1 +4 -4
  46. data/lib/bundler/man/bundle-update.1.ronn +3 -3
  47. data/lib/bundler/man/bundle-viz.1 +1 -1
  48. data/lib/bundler/man/bundle.1 +1 -1
  49. data/lib/bundler/man/gemfile.5 +1 -1
  50. data/lib/bundler/plugin/installer.rb +1 -1
  51. data/lib/bundler/resolver.rb +3 -1
  52. data/lib/bundler/rubygems_ext.rb +22 -6
  53. data/lib/bundler/rubygems_integration.rb +4 -3
  54. data/lib/bundler/settings.rb +23 -9
  55. data/lib/bundler/source.rb +2 -0
  56. data/lib/bundler/source/rubygems.rb +10 -21
  57. data/lib/bundler/source_list.rb +44 -21
  58. data/lib/bundler/spec_set.rb +3 -7
  59. data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
  60. data/lib/bundler/version.rb +1 -1
  61. metadata +4 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6d906edb7a9048324bea1cb57d8f5c6a3624f12f6333231cdba75b3b90c780f
4
- data.tar.gz: 0e622ba68d42202c59c1a4ada4e6e01fd004fac72ccb4b84b5085b0c59e60aba
3
+ metadata.gz: a22f09c258df906bb0acb91d7c4b7cc04a527652c11af80e3e34de0b30431235
4
+ data.tar.gz: 587a4d96883fbec8b4de1b5f7b90748c2cda84dd7dead9dcf733e6e1700f16f3
5
5
  SHA512:
6
- metadata.gz: b76743e7abb16ca1feb285932b5761b872ecc1a03fb826fe32b624f714989a5f25050ba9ff43d59b2492657069d2216e4aa4ca4ba7b9302e1e13452494b2ec48
7
- data.tar.gz: ffde8ec8ad9167dbe2f48d03a2fe7ee8c142e8e31101e8b2900e1c519681a995c670607ffd09dbeaca587e0072448b545e93686c7e81b6fbeb7c571f72393944
6
+ metadata.gz: 7a08c50ac38e23d98cdf930668c0f276e857553c8412c4d92fc1692b0500eac62e1038330e685e183bac97ba27537e374f6e539a6189d712ceaafbf8d1ff28d4
7
+ data.tar.gz: 14b76dccfb16d4a8d1a9e3a5e867a1b6b552b6809f1b8244f11588e41e4affeb16365fe0cb53a707dba144cb2ce7c7e119882e4b3d8f6b38537b4ba8698a701b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,69 @@
1
+ # 2.2.23 (July 9, 2021)
2
+
3
+ ## Enhancements:
4
+
5
+ - Fix `bundle install` on truffleruby selecting incorrect variant for `sorbet-static` gem [#4625](https://github.com/rubygems/rubygems/pull/4625)
6
+ - Spare meaningless warning on read-only bundle invocations [#4724](https://github.com/rubygems/rubygems/pull/4724)
7
+
8
+ ## Bug fixes:
9
+
10
+ - Fix incorrect warning about duplicated gems in the Gemfile [#4732](https://github.com/rubygems/rubygems/pull/4732)
11
+ - Fix `bundle plugin install foo` crashing [#4734](https://github.com/rubygems/rubygems/pull/4734)
12
+
13
+ # 2.2.22 (July 6, 2021)
14
+
15
+ ## Enhancements:
16
+
17
+ - Never downgrade indirect dependencies when running `bundle update` [#4713](https://github.com/rubygems/rubygems/pull/4713)
18
+ - Fix `getaddrinfo` errors not treated as fatal on non darwin platforms [#4703](https://github.com/rubygems/rubygems/pull/4703)
19
+
20
+ ## Bug fixes:
21
+
22
+ - Fix `bundle update <gem>` sometimes hanging and `bundle lock --update` not being able to update an insecure lockfile to the new format if it requires downgrades [#4652](https://github.com/rubygems/rubygems/pull/4652)
23
+ - Fix edge case combination of DSL methods and duplicated sources causing gems to not be found [#4711](https://github.com/rubygems/rubygems/pull/4711)
24
+ - Fix `bundle doctor` crashing when finding a broken symlink [#4707](https://github.com/rubygems/rubygems/pull/4707)
25
+ - Fix incorrect re-resolve edge case [#4700](https://github.com/rubygems/rubygems/pull/4700)
26
+ - Fix some gems being unintentionally locked under multiple lockfile sections [#4701](https://github.com/rubygems/rubygems/pull/4701)
27
+ - Fix `--conservative` flag unexpectedly updating indirect dependencies [#4692](https://github.com/rubygems/rubygems/pull/4692)
28
+
29
+ # 2.2.21 (June 23, 2021)
30
+
31
+ ## Security fixes:
32
+
33
+ - Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647)
34
+
35
+ ## Enhancements:
36
+
37
+ - Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670)
38
+ - Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671)
39
+
40
+ ## Bug fixes:
41
+
42
+ - Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677)
43
+
44
+ # 2.2.20 (June 11, 2021)
45
+
46
+ ## Enhancements:
47
+
48
+ - Don't print bug report template on server side errors [#4663](https://github.com/rubygems/rubygems/pull/4663)
49
+ - Don't load `resolv` unnecessarily [#4640](https://github.com/rubygems/rubygems/pull/4640)
50
+
51
+ ## Bug fixes:
52
+
53
+ - Fix `bundle outdated` edge case [#4648](https://github.com/rubygems/rubygems/pull/4648)
54
+ - Fix `bundle check` with scoped rubygems sources [#4639](https://github.com/rubygems/rubygems/pull/4639)
55
+
56
+ ## Performance:
57
+
58
+ - Don't use `extra_rdoc_files` with md files in gemspec to make installing bundler with docs faster [#4628](https://github.com/rubygems/rubygems/pull/4628)
59
+
60
+ # 2.2.19 (May 31, 2021)
61
+
62
+ ## Bug fixes:
63
+
64
+ - Restore support for configuration keys with dashes [#4582](https://github.com/rubygems/rubygems/pull/4582)
65
+ - Fix some cached gems being unintentionally ignored when using rubygems 3.2.18 [#4623](https://github.com/rubygems/rubygems/pull/4623)
66
+
1
67
  # 2.2.18 (May 25, 2021)
2
68
 
3
69
  ## Security fixes:
data/bundler.gemspec CHANGED
@@ -39,7 +39,7 @@ Gem::Specification.new do |s|
39
39
  # include the gemspec itself because warbler breaks w/o it
40
40
  s.files += %w[bundler.gemspec]
41
41
 
42
- s.extra_rdoc_files = %w[CHANGELOG.md LICENSE.md README.md]
42
+ s.files += %w[CHANGELOG.md LICENSE.md README.md]
43
43
  s.bindir = "exe"
44
44
  s.executables = %w[bundle bundler]
45
45
  s.require_paths = ["lib"]
data/lib/bundler.rb CHANGED
@@ -198,7 +198,7 @@ module Bundler
198
198
 
199
199
  def frozen_bundle?
200
200
  frozen = settings[:deployment]
201
- frozen ||= settings[:frozen] unless feature_flag.deployment_means_frozen?
201
+ frozen ||= settings[:frozen]
202
202
  frozen
203
203
  end
204
204
 
@@ -236,8 +236,9 @@ module Bundler
236
236
  end
237
237
 
238
238
  if warning
239
- user_home = tmp_home_path(warning)
240
- Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
239
+ Bundler.ui.warn "#{warning}\n"
240
+ user_home = tmp_home_path
241
+ Bundler.ui.warn "Bundler will use `#{user_home}' as your home directory temporarily.\n"
241
242
  user_home
242
243
  else
243
244
  Pathname.new(home)
@@ -684,15 +685,13 @@ EOF
684
685
  Bundler.rubygems.clear_paths
685
686
  end
686
687
 
687
- def tmp_home_path(warning)
688
+ def tmp_home_path
688
689
  Kernel.send(:require, "tmpdir")
689
690
  SharedHelpers.filesystem_access(Dir.tmpdir) do
690
691
  path = Bundler.tmp
691
692
  at_exit { Bundler.rm_rf(path) }
692
693
  path
693
694
  end
694
- rescue RuntimeError => e
695
- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
696
695
  end
697
696
 
698
697
  # @param env [Hash]
@@ -4,8 +4,8 @@ module Bundler
4
4
  # Represents metadata from when the Bundler gem was built.
5
5
  module BuildMetadata
6
6
  # begin ivars
7
- @built_at = "2021-05-25".freeze
8
- @git_commit_sha = "6a9e89bacd".freeze
7
+ @built_at = "2021-07-09".freeze
8
+ @git_commit_sha = "e863a3905d".freeze
9
9
  @release = true
10
10
  # end ivars
11
11
 
@@ -11,9 +11,11 @@ module Bundler
11
11
  def run
12
12
  Bundler.settings.set_command_option_if_given :path, options[:path]
13
13
 
14
+ definition = Bundler.definition
15
+ definition.validate_runtime!
16
+
14
17
  begin
15
- definition = Bundler.definition
16
- definition.validate_runtime!
18
+ definition.resolve_only_locally!
17
19
  not_installed = definition.missing_specs
18
20
  rescue GemNotFound, VersionConflict
19
21
  Bundler.ui.error "Bundler can't satisfy your Gemfile's dependencies."
@@ -100,8 +100,11 @@ module Bundler
100
100
  files_not_readable_or_writable = []
101
101
  files_not_rw_and_owned_by_different_user = []
102
102
  files_not_owned_by_current_user_but_still_rw = []
103
+ broken_symlinks = []
103
104
  Find.find(Bundler.bundle_path.to_s).each do |f|
104
- if !File.writable?(f) || !File.readable?(f)
105
+ if !File.exist?(f)
106
+ broken_symlinks << f
107
+ elsif !File.writable?(f) || !File.readable?(f)
105
108
  if File.stat(f).uid != Process.uid
106
109
  files_not_rw_and_owned_by_different_user << f
107
110
  else
@@ -113,6 +116,13 @@ module Bundler
113
116
  end
114
117
 
115
118
  ok = true
119
+
120
+ if broken_symlinks.any?
121
+ Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
122
+
123
+ ok = false
124
+ end
125
+
116
126
  if files_not_owned_by_current_user_but_still_rw.any?
117
127
  Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
118
128
  "user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
@@ -33,12 +33,8 @@ module Bundler
33
33
 
34
34
  options[:local] = true if Bundler.app_cache.exist?
35
35
 
36
- if Bundler.feature_flag.deployment_means_frozen?
37
- Bundler.settings.set_command_option :deployment, true
38
- else
39
- Bundler.settings.set_command_option :deployment, true if options[:deployment]
40
- Bundler.settings.set_command_option :frozen, true if options[:frozen]
41
- end
36
+ Bundler.settings.set_command_option :deployment, true if options[:deployment]
37
+ Bundler.settings.set_command_option :frozen, true if options[:frozen]
42
38
  end
43
39
 
44
40
  # When install is called with --no-deployment, disable deployment mode
@@ -62,7 +58,10 @@ module Bundler
62
58
  definition.validate_runtime!
63
59
 
64
60
  installer = Installer.install(Bundler.root, definition, options)
65
- Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
61
+
62
+ Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
63
+ Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
64
+ end
66
65
 
67
66
  Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
68
67
  Bundler::CLI::Common.output_without_groups_message(:install)
@@ -105,7 +104,7 @@ module Bundler
105
104
  private
106
105
 
107
106
  def warn_if_root
108
- return if Bundler.settings[:silence_root_warning] || Bundler::WINDOWS || !Process.uid.zero?
107
+ return if Bundler.settings[:silence_root_warning] || Gem.win_platform? || !Process.uid.zero?
109
108
  Bundler.ui.warn "Don't run Bundler as root. Bundler can ask for sudo " \
110
109
  "if it is needed, and installing your bundle as root will break this " \
111
110
  "application for all non-root users on this machine.", :wrap => true
@@ -21,9 +21,13 @@ module Bundler
21
21
  Bundler::Fetcher.disable_endpoint = options["full-index"]
22
22
 
23
23
  update = options[:update]
24
+ conservative = options[:conservative]
25
+
24
26
  if update.is_a?(Array) # unlocking specific gems
25
27
  Bundler::CLI::Common.ensure_all_gems_in_lockfile!(update)
26
- update = { :gems => update, :lock_shared_dependencies => options[:conservative] }
28
+ update = { :gems => update, :conservative => conservative }
29
+ elsif update
30
+ update = { :conservative => conservative } if conservative
27
31
  end
28
32
  definition = Bundler.definition(update)
29
33
 
@@ -147,6 +147,8 @@ module Bundler
147
147
 
148
148
  def retrieve_active_spec(definition, current_spec)
149
149
  active_spec = definition.resolve.find_by_name_and_platform(current_spec.name, current_spec.platform)
150
+ return unless active_spec
151
+
150
152
  return active_spec if strict
151
153
 
152
154
  active_specs = active_spec.source.specs.search(current_spec.name).select {|spec| spec.match_platform(current_spec.platform) }.sort_by(&:version)
@@ -27,9 +27,14 @@ module Bundler
27
27
  raise InvalidOption, "Cannot specify --all along with specific options."
28
28
  end
29
29
 
30
+ conservative = options[:conservative]
31
+
30
32
  if full_update
31
- # We're doing a full update
32
- Bundler.definition(true)
33
+ if conservative
34
+ Bundler.definition(:conservative => conservative)
35
+ else
36
+ Bundler.definition(true)
37
+ end
33
38
  else
34
39
  unless Bundler.default_lockfile.exist?
35
40
  raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
@@ -43,7 +48,7 @@ module Bundler
43
48
  end
44
49
 
45
50
  Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
46
- :lock_shared_dependencies => options[:conservative],
51
+ :conservative => conservative,
47
52
  :bundler => options[:bundler])
48
53
  end
49
54
 
@@ -65,19 +65,19 @@ module Bundler
65
65
  end
66
66
 
67
67
  def mswin?
68
- Bundler::WINDOWS
68
+ Gem.win_platform?
69
69
  end
70
70
 
71
71
  def mswin64?
72
- Bundler::WINDOWS && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
72
+ Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
73
73
  end
74
74
 
75
75
  def mingw?
76
- Bundler::WINDOWS && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
76
+ Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
77
77
  end
78
78
 
79
79
  def x64_mingw?
80
- Bundler::WINDOWS && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
80
+ Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
81
81
  end
82
82
 
83
83
  (KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|
@@ -56,10 +56,8 @@ module Bundler
56
56
  @unlocking_bundler = false
57
57
  @unlocking = unlock
58
58
  else
59
- unlock = unlock.dup
60
59
  @unlocking_bundler = unlock.delete(:bundler)
61
- unlock.delete_if {|_k, v| Array(v).empty? }
62
- @unlocking = !unlock.empty?
60
+ @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
63
61
  end
64
62
 
65
63
  @dependencies = dependencies
@@ -106,18 +104,19 @@ module Bundler
106
104
  @locked_platforms = []
107
105
  end
108
106
 
109
- @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
110
- @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
107
+ locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
108
+ @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
111
109
 
112
- unless @disable_multisource
113
- msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
110
+ if @multisource_allowed
111
+ unless sources.aggregate_global_source?
112
+ msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
114
113
 
115
- Bundler::SharedHelpers.major_deprecation 2, msg
114
+ Bundler::SharedHelpers.major_deprecation 2, msg
115
+ end
116
116
 
117
- @sources.merged_gem_lockfile_sections!
117
+ @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
118
118
  end
119
119
 
120
- @unlock[:gems] ||= []
121
120
  @unlock[:sources] ||= []
122
121
  @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
123
122
  @ruby_version.diff(locked_ruby_version_object)
@@ -130,8 +129,10 @@ module Bundler
130
129
  @path_changes = converge_paths
131
130
  @source_changes = converge_sources
132
131
 
133
- unless @unlock[:lock_shared_dependencies]
134
- eager_unlock = expand_dependencies(@unlock[:gems], true)
132
+ if @unlock[:conservative]
133
+ @unlock[:gems] ||= @dependencies.map(&:name)
134
+ else
135
+ eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
135
136
  @unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
136
137
  end
137
138
 
@@ -156,8 +157,14 @@ module Bundler
156
157
  end
157
158
  end
158
159
 
159
- def disable_multisource?
160
- @disable_multisource
160
+ def multisource_allowed?
161
+ @multisource_allowed
162
+ end
163
+
164
+ def resolve_only_locally!
165
+ @remote = false
166
+ sources.local_only!
167
+ resolve
161
168
  end
162
169
 
163
170
  def resolve_with_cache!
@@ -249,7 +256,7 @@ module Bundler
249
256
 
250
257
  def specs_for(groups)
251
258
  deps = dependencies_for(groups)
252
- specs.for(expand_dependencies(deps))
259
+ SpecSet.new(specs.for(expand_dependencies(deps)))
253
260
  end
254
261
 
255
262
  def dependencies_for(groups)
@@ -490,9 +497,6 @@ module Bundler
490
497
  attr_reader :sources
491
498
  private :sources
492
499
 
493
- attr_reader :locked_gem_sources
494
- private :locked_gem_sources
495
-
496
500
  def nothing_changed?
497
501
  !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
498
502
  end
@@ -504,7 +508,7 @@ module Bundler
504
508
  private
505
509
 
506
510
  def precompute_source_requirements_for_indirect_dependencies?
507
- sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.no_aggregate_global_source?
511
+ sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
508
512
  end
509
513
 
510
514
  def current_ruby_platform_locked?
@@ -620,35 +624,11 @@ module Bundler
620
624
  end
621
625
  end
622
626
 
623
- def converge_rubygems_sources
624
- return false if disable_multisource?
625
-
626
- return false if locked_gem_sources.empty?
627
-
628
- # Get the RubyGems remotes from the Gemfile
629
- actual_remotes = sources.rubygems_remotes
630
- return false if actual_remotes.empty?
631
-
632
- changes = false
633
-
634
- # If there is a RubyGems source in both
635
- locked_gem_sources.each do |locked_gem_source|
636
- # Merge the remotes from the Gemfile into the Gemfile.lock
637
- changes |= locked_gem_source.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
638
- end
639
-
640
- changes
641
- end
642
-
643
627
  def converge_sources
644
- changes = false
645
-
646
- changes |= converge_rubygems_sources
647
-
648
628
  # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
649
629
  # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
650
630
  # source in the Gemfile.lock, use the one from the Gemfile.
651
- changes |= sources.replace_sources!(@locked_sources)
631
+ changes = sources.replace_sources!(@locked_sources)
652
632
 
653
633
  sources.all_sources.each do |source|
654
634
  # If the source is unlockable and the current command allows an unlock of
@@ -733,8 +713,6 @@ module Bundler
733
713
  end
734
714
  end
735
715
 
736
- unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
737
-
738
716
  converged = []
739
717
  @locked_specs.each do |s|
740
718
  # Replace the locked dependency's source with the equivalent source from the Gemfile
@@ -746,11 +724,6 @@ module Bundler
746
724
  next if s.source.nil?
747
725
  next if @unlock[:sources].include?(s.source.name)
748
726
 
749
- # XXX This is a backwards-compatibility fix to preserve the ability to
750
- # unlock a single gem by passing its name via `--source`. See issue #3759
751
- # TODO: delete in Bundler 2
752
- next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
753
-
754
727
  # If the spec is from a path source and it doesn't exist anymore
755
728
  # then we unlock it.
756
729
 
@@ -782,7 +755,7 @@ module Bundler
782
755
 
783
756
  resolve = SpecSet.new(converged)
784
757
  @locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), @unlock[:gems], true, true)
785
- resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems], false, false, false)
758
+ resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), [], false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
786
759
  diff = nil
787
760
 
788
761
  # Now, we unlock any sources that do not have anymore gems pinned to it
@@ -904,14 +877,13 @@ module Bundler
904
877
  end
905
878
 
906
879
  def additional_base_requirements_for_resolve
907
- return [] unless @locked_gems
880
+ return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
908
881
  dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
909
882
  @locked_gems.specs.reduce({}) do |requirements, locked_spec|
910
883
  name = locked_spec.name
911
884
  dependency = dependencies_by_name[name]
912
- next requirements unless dependency
913
885
  next requirements if @locked_gems.dependencies[name] != dependency
914
- next requirements if dependency.source.is_a?(Source::Path)
886
+ next requirements if dependency && dependency.source.is_a?(Source::Path)
915
887
  dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
916
888
  requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
917
889
  requirements