bundler 2.2.18 → 2.2.23
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/bundler.gemspec +1 -1
- data/lib/bundler.rb +5 -6
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli/check.rb +4 -2
- data/lib/bundler/cli/doctor.rb +11 -1
- data/lib/bundler/cli/install.rb +7 -8
- data/lib/bundler/cli/lock.rb +5 -1
- data/lib/bundler/cli/outdated.rb +2 -0
- data/lib/bundler/cli/update.rb +8 -3
- data/lib/bundler/current_ruby.rb +4 -4
- data/lib/bundler/definition.rb +27 -55
- data/lib/bundler/dsl.rb +19 -31
- data/lib/bundler/feature_flag.rb +0 -2
- data/lib/bundler/fetcher/compact_index.rb +1 -1
- data/lib/bundler/fetcher/downloader.rb +1 -2
- data/lib/bundler/fetcher/index.rb +0 -1
- data/lib/bundler/friendly_errors.rb +1 -3
- data/lib/bundler/index.rb +1 -5
- data/lib/bundler/installer.rb +5 -12
- data/lib/bundler/lockfile_parser.rb +2 -20
- data/lib/bundler/man/bundle-add.1 +1 -1
- data/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/lib/bundler/man/bundle-cache.1 +1 -1
- data/lib/bundler/man/bundle-check.1 +1 -1
- data/lib/bundler/man/bundle-clean.1 +1 -1
- data/lib/bundler/man/bundle-config.1 +1 -4
- data/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/lib/bundler/man/bundle-doctor.1 +1 -1
- data/lib/bundler/man/bundle-exec.1 +1 -1
- data/lib/bundler/man/bundle-gem.1 +1 -1
- data/lib/bundler/man/bundle-info.1 +1 -1
- data/lib/bundler/man/bundle-init.1 +1 -1
- data/lib/bundler/man/bundle-inject.1 +1 -1
- data/lib/bundler/man/bundle-install.1 +1 -1
- data/lib/bundler/man/bundle-list.1 +1 -1
- data/lib/bundler/man/bundle-lock.1 +1 -1
- data/lib/bundler/man/bundle-open.1 +1 -1
- data/lib/bundler/man/bundle-outdated.1 +1 -1
- data/lib/bundler/man/bundle-platform.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1 +1 -1
- data/lib/bundler/man/bundle-remove.1 +1 -1
- data/lib/bundler/man/bundle-show.1 +1 -1
- data/lib/bundler/man/bundle-update.1 +4 -4
- data/lib/bundler/man/bundle-update.1.ronn +3 -3
- data/lib/bundler/man/bundle-viz.1 +1 -1
- data/lib/bundler/man/bundle.1 +1 -1
- data/lib/bundler/man/gemfile.5 +1 -1
- data/lib/bundler/plugin/installer.rb +1 -1
- data/lib/bundler/resolver.rb +3 -1
- data/lib/bundler/rubygems_ext.rb +22 -6
- data/lib/bundler/rubygems_integration.rb +4 -3
- data/lib/bundler/settings.rb +23 -9
- data/lib/bundler/source.rb +2 -0
- data/lib/bundler/source/rubygems.rb +10 -21
- data/lib/bundler/source_list.rb +44 -21
- data/lib/bundler/spec_set.rb +3 -7
- data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
- data/lib/bundler/version.rb +1 -1
- metadata +4 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a22f09c258df906bb0acb91d7c4b7cc04a527652c11af80e3e34de0b30431235
|
4
|
+
data.tar.gz: 587a4d96883fbec8b4de1b5f7b90748c2cda84dd7dead9dcf733e6e1700f16f3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a08c50ac38e23d98cdf930668c0f276e857553c8412c4d92fc1692b0500eac62e1038330e685e183bac97ba27537e374f6e539a6189d712ceaafbf8d1ff28d4
|
7
|
+
data.tar.gz: 14b76dccfb16d4a8d1a9e3a5e867a1b6b552b6809f1b8244f11588e41e4affeb16365fe0cb53a707dba144cb2ce7c7e119882e4b3d8f6b38537b4ba8698a701b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,69 @@
|
|
1
|
+
# 2.2.23 (July 9, 2021)
|
2
|
+
|
3
|
+
## Enhancements:
|
4
|
+
|
5
|
+
- Fix `bundle install` on truffleruby selecting incorrect variant for `sorbet-static` gem [#4625](https://github.com/rubygems/rubygems/pull/4625)
|
6
|
+
- Spare meaningless warning on read-only bundle invocations [#4724](https://github.com/rubygems/rubygems/pull/4724)
|
7
|
+
|
8
|
+
## Bug fixes:
|
9
|
+
|
10
|
+
- Fix incorrect warning about duplicated gems in the Gemfile [#4732](https://github.com/rubygems/rubygems/pull/4732)
|
11
|
+
- Fix `bundle plugin install foo` crashing [#4734](https://github.com/rubygems/rubygems/pull/4734)
|
12
|
+
|
13
|
+
# 2.2.22 (July 6, 2021)
|
14
|
+
|
15
|
+
## Enhancements:
|
16
|
+
|
17
|
+
- Never downgrade indirect dependencies when running `bundle update` [#4713](https://github.com/rubygems/rubygems/pull/4713)
|
18
|
+
- Fix `getaddrinfo` errors not treated as fatal on non darwin platforms [#4703](https://github.com/rubygems/rubygems/pull/4703)
|
19
|
+
|
20
|
+
## Bug fixes:
|
21
|
+
|
22
|
+
- Fix `bundle update <gem>` sometimes hanging and `bundle lock --update` not being able to update an insecure lockfile to the new format if it requires downgrades [#4652](https://github.com/rubygems/rubygems/pull/4652)
|
23
|
+
- Fix edge case combination of DSL methods and duplicated sources causing gems to not be found [#4711](https://github.com/rubygems/rubygems/pull/4711)
|
24
|
+
- Fix `bundle doctor` crashing when finding a broken symlink [#4707](https://github.com/rubygems/rubygems/pull/4707)
|
25
|
+
- Fix incorrect re-resolve edge case [#4700](https://github.com/rubygems/rubygems/pull/4700)
|
26
|
+
- Fix some gems being unintentionally locked under multiple lockfile sections [#4701](https://github.com/rubygems/rubygems/pull/4701)
|
27
|
+
- Fix `--conservative` flag unexpectedly updating indirect dependencies [#4692](https://github.com/rubygems/rubygems/pull/4692)
|
28
|
+
|
29
|
+
# 2.2.21 (June 23, 2021)
|
30
|
+
|
31
|
+
## Security fixes:
|
32
|
+
|
33
|
+
- Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647)
|
34
|
+
|
35
|
+
## Enhancements:
|
36
|
+
|
37
|
+
- Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670)
|
38
|
+
- Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671)
|
39
|
+
|
40
|
+
## Bug fixes:
|
41
|
+
|
42
|
+
- Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677)
|
43
|
+
|
44
|
+
# 2.2.20 (June 11, 2021)
|
45
|
+
|
46
|
+
## Enhancements:
|
47
|
+
|
48
|
+
- Don't print bug report template on server side errors [#4663](https://github.com/rubygems/rubygems/pull/4663)
|
49
|
+
- Don't load `resolv` unnecessarily [#4640](https://github.com/rubygems/rubygems/pull/4640)
|
50
|
+
|
51
|
+
## Bug fixes:
|
52
|
+
|
53
|
+
- Fix `bundle outdated` edge case [#4648](https://github.com/rubygems/rubygems/pull/4648)
|
54
|
+
- Fix `bundle check` with scoped rubygems sources [#4639](https://github.com/rubygems/rubygems/pull/4639)
|
55
|
+
|
56
|
+
## Performance:
|
57
|
+
|
58
|
+
- Don't use `extra_rdoc_files` with md files in gemspec to make installing bundler with docs faster [#4628](https://github.com/rubygems/rubygems/pull/4628)
|
59
|
+
|
60
|
+
# 2.2.19 (May 31, 2021)
|
61
|
+
|
62
|
+
## Bug fixes:
|
63
|
+
|
64
|
+
- Restore support for configuration keys with dashes [#4582](https://github.com/rubygems/rubygems/pull/4582)
|
65
|
+
- Fix some cached gems being unintentionally ignored when using rubygems 3.2.18 [#4623](https://github.com/rubygems/rubygems/pull/4623)
|
66
|
+
|
1
67
|
# 2.2.18 (May 25, 2021)
|
2
68
|
|
3
69
|
## Security fixes:
|
data/bundler.gemspec
CHANGED
@@ -39,7 +39,7 @@ Gem::Specification.new do |s|
|
|
39
39
|
# include the gemspec itself because warbler breaks w/o it
|
40
40
|
s.files += %w[bundler.gemspec]
|
41
41
|
|
42
|
-
s.
|
42
|
+
s.files += %w[CHANGELOG.md LICENSE.md README.md]
|
43
43
|
s.bindir = "exe"
|
44
44
|
s.executables = %w[bundle bundler]
|
45
45
|
s.require_paths = ["lib"]
|
data/lib/bundler.rb
CHANGED
@@ -198,7 +198,7 @@ module Bundler
|
|
198
198
|
|
199
199
|
def frozen_bundle?
|
200
200
|
frozen = settings[:deployment]
|
201
|
-
frozen ||= settings[:frozen]
|
201
|
+
frozen ||= settings[:frozen]
|
202
202
|
frozen
|
203
203
|
end
|
204
204
|
|
@@ -236,8 +236,9 @@ module Bundler
|
|
236
236
|
end
|
237
237
|
|
238
238
|
if warning
|
239
|
-
|
240
|
-
|
239
|
+
Bundler.ui.warn "#{warning}\n"
|
240
|
+
user_home = tmp_home_path
|
241
|
+
Bundler.ui.warn "Bundler will use `#{user_home}' as your home directory temporarily.\n"
|
241
242
|
user_home
|
242
243
|
else
|
243
244
|
Pathname.new(home)
|
@@ -684,15 +685,13 @@ EOF
|
|
684
685
|
Bundler.rubygems.clear_paths
|
685
686
|
end
|
686
687
|
|
687
|
-
def tmp_home_path
|
688
|
+
def tmp_home_path
|
688
689
|
Kernel.send(:require, "tmpdir")
|
689
690
|
SharedHelpers.filesystem_access(Dir.tmpdir) do
|
690
691
|
path = Bundler.tmp
|
691
692
|
at_exit { Bundler.rm_rf(path) }
|
692
693
|
path
|
693
694
|
end
|
694
|
-
rescue RuntimeError => e
|
695
|
-
raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
|
696
695
|
end
|
697
696
|
|
698
697
|
# @param env [Hash]
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-07-09".freeze
|
8
|
+
@git_commit_sha = "e863a3905d".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/cli/check.rb
CHANGED
@@ -11,9 +11,11 @@ module Bundler
|
|
11
11
|
def run
|
12
12
|
Bundler.settings.set_command_option_if_given :path, options[:path]
|
13
13
|
|
14
|
+
definition = Bundler.definition
|
15
|
+
definition.validate_runtime!
|
16
|
+
|
14
17
|
begin
|
15
|
-
definition
|
16
|
-
definition.validate_runtime!
|
18
|
+
definition.resolve_only_locally!
|
17
19
|
not_installed = definition.missing_specs
|
18
20
|
rescue GemNotFound, VersionConflict
|
19
21
|
Bundler.ui.error "Bundler can't satisfy your Gemfile's dependencies."
|
data/lib/bundler/cli/doctor.rb
CHANGED
@@ -100,8 +100,11 @@ module Bundler
|
|
100
100
|
files_not_readable_or_writable = []
|
101
101
|
files_not_rw_and_owned_by_different_user = []
|
102
102
|
files_not_owned_by_current_user_but_still_rw = []
|
103
|
+
broken_symlinks = []
|
103
104
|
Find.find(Bundler.bundle_path.to_s).each do |f|
|
104
|
-
if !File.
|
105
|
+
if !File.exist?(f)
|
106
|
+
broken_symlinks << f
|
107
|
+
elsif !File.writable?(f) || !File.readable?(f)
|
105
108
|
if File.stat(f).uid != Process.uid
|
106
109
|
files_not_rw_and_owned_by_different_user << f
|
107
110
|
else
|
@@ -113,6 +116,13 @@ module Bundler
|
|
113
116
|
end
|
114
117
|
|
115
118
|
ok = true
|
119
|
+
|
120
|
+
if broken_symlinks.any?
|
121
|
+
Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
|
122
|
+
|
123
|
+
ok = false
|
124
|
+
end
|
125
|
+
|
116
126
|
if files_not_owned_by_current_user_but_still_rw.any?
|
117
127
|
Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
|
118
128
|
"user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
|
data/lib/bundler/cli/install.rb
CHANGED
@@ -33,12 +33,8 @@ module Bundler
|
|
33
33
|
|
34
34
|
options[:local] = true if Bundler.app_cache.exist?
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
else
|
39
|
-
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
40
|
-
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
41
|
-
end
|
36
|
+
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
37
|
+
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
42
38
|
end
|
43
39
|
|
44
40
|
# When install is called with --no-deployment, disable deployment mode
|
@@ -62,7 +58,10 @@ module Bundler
|
|
62
58
|
definition.validate_runtime!
|
63
59
|
|
64
60
|
installer = Installer.install(Bundler.root, definition, options)
|
65
|
-
|
61
|
+
|
62
|
+
Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
|
63
|
+
Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
|
64
|
+
end
|
66
65
|
|
67
66
|
Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
|
68
67
|
Bundler::CLI::Common.output_without_groups_message(:install)
|
@@ -105,7 +104,7 @@ module Bundler
|
|
105
104
|
private
|
106
105
|
|
107
106
|
def warn_if_root
|
108
|
-
return if Bundler.settings[:silence_root_warning] ||
|
107
|
+
return if Bundler.settings[:silence_root_warning] || Gem.win_platform? || !Process.uid.zero?
|
109
108
|
Bundler.ui.warn "Don't run Bundler as root. Bundler can ask for sudo " \
|
110
109
|
"if it is needed, and installing your bundle as root will break this " \
|
111
110
|
"application for all non-root users on this machine.", :wrap => true
|
data/lib/bundler/cli/lock.rb
CHANGED
@@ -21,9 +21,13 @@ module Bundler
|
|
21
21
|
Bundler::Fetcher.disable_endpoint = options["full-index"]
|
22
22
|
|
23
23
|
update = options[:update]
|
24
|
+
conservative = options[:conservative]
|
25
|
+
|
24
26
|
if update.is_a?(Array) # unlocking specific gems
|
25
27
|
Bundler::CLI::Common.ensure_all_gems_in_lockfile!(update)
|
26
|
-
update = { :gems => update, :
|
28
|
+
update = { :gems => update, :conservative => conservative }
|
29
|
+
elsif update
|
30
|
+
update = { :conservative => conservative } if conservative
|
27
31
|
end
|
28
32
|
definition = Bundler.definition(update)
|
29
33
|
|
data/lib/bundler/cli/outdated.rb
CHANGED
@@ -147,6 +147,8 @@ module Bundler
|
|
147
147
|
|
148
148
|
def retrieve_active_spec(definition, current_spec)
|
149
149
|
active_spec = definition.resolve.find_by_name_and_platform(current_spec.name, current_spec.platform)
|
150
|
+
return unless active_spec
|
151
|
+
|
150
152
|
return active_spec if strict
|
151
153
|
|
152
154
|
active_specs = active_spec.source.specs.search(current_spec.name).select {|spec| spec.match_platform(current_spec.platform) }.sort_by(&:version)
|
data/lib/bundler/cli/update.rb
CHANGED
@@ -27,9 +27,14 @@ module Bundler
|
|
27
27
|
raise InvalidOption, "Cannot specify --all along with specific options."
|
28
28
|
end
|
29
29
|
|
30
|
+
conservative = options[:conservative]
|
31
|
+
|
30
32
|
if full_update
|
31
|
-
|
32
|
-
|
33
|
+
if conservative
|
34
|
+
Bundler.definition(:conservative => conservative)
|
35
|
+
else
|
36
|
+
Bundler.definition(true)
|
37
|
+
end
|
33
38
|
else
|
34
39
|
unless Bundler.default_lockfile.exist?
|
35
40
|
raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
|
@@ -43,7 +48,7 @@ module Bundler
|
|
43
48
|
end
|
44
49
|
|
45
50
|
Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
|
46
|
-
:
|
51
|
+
:conservative => conservative,
|
47
52
|
:bundler => options[:bundler])
|
48
53
|
end
|
49
54
|
|
data/lib/bundler/current_ruby.rb
CHANGED
@@ -65,19 +65,19 @@ module Bundler
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def mswin?
|
68
|
-
|
68
|
+
Gem.win_platform?
|
69
69
|
end
|
70
70
|
|
71
71
|
def mswin64?
|
72
|
-
|
72
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
|
73
73
|
end
|
74
74
|
|
75
75
|
def mingw?
|
76
|
-
|
76
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
|
77
77
|
end
|
78
78
|
|
79
79
|
def x64_mingw?
|
80
|
-
|
80
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
|
81
81
|
end
|
82
82
|
|
83
83
|
(KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|
|
data/lib/bundler/definition.rb
CHANGED
@@ -56,10 +56,8 @@ module Bundler
|
|
56
56
|
@unlocking_bundler = false
|
57
57
|
@unlocking = unlock
|
58
58
|
else
|
59
|
-
unlock = unlock.dup
|
60
59
|
@unlocking_bundler = unlock.delete(:bundler)
|
61
|
-
unlock.
|
62
|
-
@unlocking = !unlock.empty?
|
60
|
+
@unlocking = unlock.any? {|_k, v| !Array(v).empty? }
|
63
61
|
end
|
64
62
|
|
65
63
|
@dependencies = dependencies
|
@@ -106,18 +104,19 @@ module Bundler
|
|
106
104
|
@locked_platforms = []
|
107
105
|
end
|
108
106
|
|
109
|
-
|
110
|
-
@
|
107
|
+
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
108
|
+
@multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
|
111
109
|
|
112
|
-
|
113
|
-
|
110
|
+
if @multisource_allowed
|
111
|
+
unless sources.aggregate_global_source?
|
112
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
|
114
113
|
|
115
|
-
|
114
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
115
|
+
end
|
116
116
|
|
117
|
-
@sources.merged_gem_lockfile_sections!
|
117
|
+
@sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
|
118
118
|
end
|
119
119
|
|
120
|
-
@unlock[:gems] ||= []
|
121
120
|
@unlock[:sources] ||= []
|
122
121
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
123
122
|
@ruby_version.diff(locked_ruby_version_object)
|
@@ -130,8 +129,10 @@ module Bundler
|
|
130
129
|
@path_changes = converge_paths
|
131
130
|
@source_changes = converge_sources
|
132
131
|
|
133
|
-
|
134
|
-
|
132
|
+
if @unlock[:conservative]
|
133
|
+
@unlock[:gems] ||= @dependencies.map(&:name)
|
134
|
+
else
|
135
|
+
eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
|
135
136
|
@unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
|
136
137
|
end
|
137
138
|
|
@@ -156,8 +157,14 @@ module Bundler
|
|
156
157
|
end
|
157
158
|
end
|
158
159
|
|
159
|
-
def
|
160
|
-
@
|
160
|
+
def multisource_allowed?
|
161
|
+
@multisource_allowed
|
162
|
+
end
|
163
|
+
|
164
|
+
def resolve_only_locally!
|
165
|
+
@remote = false
|
166
|
+
sources.local_only!
|
167
|
+
resolve
|
161
168
|
end
|
162
169
|
|
163
170
|
def resolve_with_cache!
|
@@ -249,7 +256,7 @@ module Bundler
|
|
249
256
|
|
250
257
|
def specs_for(groups)
|
251
258
|
deps = dependencies_for(groups)
|
252
|
-
specs.for(expand_dependencies(deps))
|
259
|
+
SpecSet.new(specs.for(expand_dependencies(deps)))
|
253
260
|
end
|
254
261
|
|
255
262
|
def dependencies_for(groups)
|
@@ -490,9 +497,6 @@ module Bundler
|
|
490
497
|
attr_reader :sources
|
491
498
|
private :sources
|
492
499
|
|
493
|
-
attr_reader :locked_gem_sources
|
494
|
-
private :locked_gem_sources
|
495
|
-
|
496
500
|
def nothing_changed?
|
497
501
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
498
502
|
end
|
@@ -504,7 +508,7 @@ module Bundler
|
|
504
508
|
private
|
505
509
|
|
506
510
|
def precompute_source_requirements_for_indirect_dependencies?
|
507
|
-
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.
|
511
|
+
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
|
508
512
|
end
|
509
513
|
|
510
514
|
def current_ruby_platform_locked?
|
@@ -620,35 +624,11 @@ module Bundler
|
|
620
624
|
end
|
621
625
|
end
|
622
626
|
|
623
|
-
def converge_rubygems_sources
|
624
|
-
return false if disable_multisource?
|
625
|
-
|
626
|
-
return false if locked_gem_sources.empty?
|
627
|
-
|
628
|
-
# Get the RubyGems remotes from the Gemfile
|
629
|
-
actual_remotes = sources.rubygems_remotes
|
630
|
-
return false if actual_remotes.empty?
|
631
|
-
|
632
|
-
changes = false
|
633
|
-
|
634
|
-
# If there is a RubyGems source in both
|
635
|
-
locked_gem_sources.each do |locked_gem_source|
|
636
|
-
# Merge the remotes from the Gemfile into the Gemfile.lock
|
637
|
-
changes |= locked_gem_source.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
638
|
-
end
|
639
|
-
|
640
|
-
changes
|
641
|
-
end
|
642
|
-
|
643
627
|
def converge_sources
|
644
|
-
changes = false
|
645
|
-
|
646
|
-
changes |= converge_rubygems_sources
|
647
|
-
|
648
628
|
# Replace the sources from the Gemfile with the sources from the Gemfile.lock,
|
649
629
|
# if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
|
650
630
|
# source in the Gemfile.lock, use the one from the Gemfile.
|
651
|
-
changes
|
631
|
+
changes = sources.replace_sources!(@locked_sources)
|
652
632
|
|
653
633
|
sources.all_sources.each do |source|
|
654
634
|
# If the source is unlockable and the current command allows an unlock of
|
@@ -733,8 +713,6 @@ module Bundler
|
|
733
713
|
end
|
734
714
|
end
|
735
715
|
|
736
|
-
unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
|
737
|
-
|
738
716
|
converged = []
|
739
717
|
@locked_specs.each do |s|
|
740
718
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
@@ -746,11 +724,6 @@ module Bundler
|
|
746
724
|
next if s.source.nil?
|
747
725
|
next if @unlock[:sources].include?(s.source.name)
|
748
726
|
|
749
|
-
# XXX This is a backwards-compatibility fix to preserve the ability to
|
750
|
-
# unlock a single gem by passing its name via `--source`. See issue #3759
|
751
|
-
# TODO: delete in Bundler 2
|
752
|
-
next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
|
753
|
-
|
754
727
|
# If the spec is from a path source and it doesn't exist anymore
|
755
728
|
# then we unlock it.
|
756
729
|
|
@@ -782,7 +755,7 @@ module Bundler
|
|
782
755
|
|
783
756
|
resolve = SpecSet.new(converged)
|
784
757
|
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), @unlock[:gems], true, true)
|
785
|
-
resolve = resolve.for(expand_dependencies(deps, true),
|
758
|
+
resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), [], false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
786
759
|
diff = nil
|
787
760
|
|
788
761
|
# Now, we unlock any sources that do not have anymore gems pinned to it
|
@@ -904,14 +877,13 @@ module Bundler
|
|
904
877
|
end
|
905
878
|
|
906
879
|
def additional_base_requirements_for_resolve
|
907
|
-
return [] unless @locked_gems
|
880
|
+
return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
|
908
881
|
dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
|
909
882
|
@locked_gems.specs.reduce({}) do |requirements, locked_spec|
|
910
883
|
name = locked_spec.name
|
911
884
|
dependency = dependencies_by_name[name]
|
912
|
-
next requirements unless dependency
|
913
885
|
next requirements if @locked_gems.dependencies[name] != dependency
|
914
|
-
next requirements if dependency.source.is_a?(Source::Path)
|
886
|
+
next requirements if dependency && dependency.source.is_a?(Source::Path)
|
915
887
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
916
888
|
requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
|
917
889
|
requirements
|