bundler 2.2.20 → 2.2.24
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +56 -0
- data/lib/bundler.rb +5 -6
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli.rb +1 -0
- data/lib/bundler/cli/doctor.rb +11 -1
- data/lib/bundler/cli/install.rb +7 -8
- data/lib/bundler/cli/lock.rb +5 -1
- data/lib/bundler/cli/update.rb +8 -3
- data/lib/bundler/current_ruby.rb +4 -4
- data/lib/bundler/definition.rb +46 -85
- data/lib/bundler/dsl.rb +11 -22
- data/lib/bundler/feature_flag.rb +0 -2
- data/lib/bundler/fetcher/compact_index.rb +1 -1
- data/lib/bundler/fetcher/downloader.rb +1 -2
- data/lib/bundler/index.rb +1 -5
- data/lib/bundler/installer.rb +5 -12
- data/lib/bundler/installer/standalone.rb +1 -1
- data/lib/bundler/lockfile_parser.rb +2 -20
- data/lib/bundler/man/bundle-add.1 +1 -1
- data/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/lib/bundler/man/bundle-cache.1 +1 -1
- data/lib/bundler/man/bundle-check.1 +1 -1
- data/lib/bundler/man/bundle-clean.1 +1 -1
- data/lib/bundler/man/bundle-config.1 +1 -4
- data/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/lib/bundler/man/bundle-doctor.1 +1 -1
- data/lib/bundler/man/bundle-exec.1 +1 -1
- data/lib/bundler/man/bundle-gem.1 +1 -1
- data/lib/bundler/man/bundle-info.1 +1 -1
- data/lib/bundler/man/bundle-init.1 +1 -1
- data/lib/bundler/man/bundle-inject.1 +1 -1
- data/lib/bundler/man/bundle-install.1 +1 -1
- data/lib/bundler/man/bundle-list.1 +1 -1
- data/lib/bundler/man/bundle-lock.1 +1 -1
- data/lib/bundler/man/bundle-open.1 +1 -1
- data/lib/bundler/man/bundle-outdated.1 +1 -1
- data/lib/bundler/man/bundle-platform.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1 +1 -1
- data/lib/bundler/man/bundle-remove.1 +1 -1
- data/lib/bundler/man/bundle-show.1 +1 -1
- data/lib/bundler/man/bundle-update.1 +4 -4
- data/lib/bundler/man/bundle-update.1.ronn +3 -3
- data/lib/bundler/man/bundle-viz.1 +1 -1
- data/lib/bundler/man/bundle.1 +1 -1
- data/lib/bundler/man/gemfile.5 +1 -1
- data/lib/bundler/plugin.rb +2 -0
- data/lib/bundler/plugin/index.rb +4 -1
- data/lib/bundler/plugin/installer.rb +1 -1
- data/lib/bundler/resolver.rb +3 -1
- data/lib/bundler/rubygems_ext.rb +22 -6
- data/lib/bundler/runtime.rb +1 -3
- data/lib/bundler/settings.rb +9 -8
- data/lib/bundler/source/rubygems.rb +4 -17
- data/lib/bundler/source_list.rb +40 -21
- data/lib/bundler/spec_set.rb +5 -10
- data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
- data/lib/bundler/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2bc6a3aafe599f19f103462212788c65ebd7558c7c0ba8208730b58f06a07d2a
|
4
|
+
data.tar.gz: 36328d242818c34ef2a7477ea918941cbbd9469d3e747eed35eacbc178709a65
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1bbd69e10ba06b85eba9d4d282c0ca7337b2d97c614418dfa036883ae9cf0ff34eb50ecfb025a7555abf65026d64359b061ade7fdb76a57558d3f9b025ffff8e
|
7
|
+
data.tar.gz: affea641347f4d123b2d24b39ea6b2eb0f0a97fb8377b9d3a52812dab08faa7c0a134f41a33cf785fc498ba3cf32162f5d213a33f825d24bcdd053ed90332b20
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,59 @@
|
|
1
|
+
# 2.2.24 (July 15, 2021)
|
2
|
+
|
3
|
+
## Bug fixes:
|
4
|
+
|
5
|
+
- Fix development gem unintentionally removed on an edge case [#4751](https://github.com/rubygems/rubygems/pull/4751)
|
6
|
+
- Fix dangling empty plugin hooks [#4755](https://github.com/rubygems/rubygems/pull/4755)
|
7
|
+
- Fix `bundle plugin install --help` showing `bundle install`'s help [#4756](https://github.com/rubygems/rubygems/pull/4756)
|
8
|
+
- Make sure `bundle check` shows uniq missing gems [#4749](https://github.com/rubygems/rubygems/pull/4749)
|
9
|
+
|
10
|
+
## Performance:
|
11
|
+
|
12
|
+
- Slightly speed up `bundler/setup` [#4750](https://github.com/rubygems/rubygems/pull/4750)
|
13
|
+
|
14
|
+
# 2.2.23 (July 9, 2021)
|
15
|
+
|
16
|
+
## Enhancements:
|
17
|
+
|
18
|
+
- Fix `bundle install` on truffleruby selecting incorrect variant for `sorbet-static` gem [#4625](https://github.com/rubygems/rubygems/pull/4625)
|
19
|
+
- Spare meaningless warning on read-only bundle invocations [#4724](https://github.com/rubygems/rubygems/pull/4724)
|
20
|
+
|
21
|
+
## Bug fixes:
|
22
|
+
|
23
|
+
- Fix incorrect warning about duplicated gems in the Gemfile [#4732](https://github.com/rubygems/rubygems/pull/4732)
|
24
|
+
- Fix `bundle plugin install foo` crashing [#4734](https://github.com/rubygems/rubygems/pull/4734)
|
25
|
+
|
26
|
+
# 2.2.22 (July 6, 2021)
|
27
|
+
|
28
|
+
## Enhancements:
|
29
|
+
|
30
|
+
- Never downgrade indirect dependencies when running `bundle update` [#4713](https://github.com/rubygems/rubygems/pull/4713)
|
31
|
+
- Fix `getaddrinfo` errors not treated as fatal on non darwin platforms [#4703](https://github.com/rubygems/rubygems/pull/4703)
|
32
|
+
|
33
|
+
## Bug fixes:
|
34
|
+
|
35
|
+
- Fix `bundle update <gem>` sometimes hanging and `bundle lock --update` not being able to update an insecure lockfile to the new format if it requires downgrades [#4652](https://github.com/rubygems/rubygems/pull/4652)
|
36
|
+
- Fix edge case combination of DSL methods and duplicated sources causing gems to not be found [#4711](https://github.com/rubygems/rubygems/pull/4711)
|
37
|
+
- Fix `bundle doctor` crashing when finding a broken symlink [#4707](https://github.com/rubygems/rubygems/pull/4707)
|
38
|
+
- Fix incorrect re-resolve edge case [#4700](https://github.com/rubygems/rubygems/pull/4700)
|
39
|
+
- Fix some gems being unintentionally locked under multiple lockfile sections [#4701](https://github.com/rubygems/rubygems/pull/4701)
|
40
|
+
- Fix `--conservative` flag unexpectedly updating indirect dependencies [#4692](https://github.com/rubygems/rubygems/pull/4692)
|
41
|
+
|
42
|
+
# 2.2.21 (June 23, 2021)
|
43
|
+
|
44
|
+
## Security fixes:
|
45
|
+
|
46
|
+
- Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647)
|
47
|
+
|
48
|
+
## Enhancements:
|
49
|
+
|
50
|
+
- Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670)
|
51
|
+
- Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671)
|
52
|
+
|
53
|
+
## Bug fixes:
|
54
|
+
|
55
|
+
- Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677)
|
56
|
+
|
1
57
|
# 2.2.20 (June 11, 2021)
|
2
58
|
|
3
59
|
## Enhancements:
|
data/lib/bundler.rb
CHANGED
@@ -198,7 +198,7 @@ module Bundler
|
|
198
198
|
|
199
199
|
def frozen_bundle?
|
200
200
|
frozen = settings[:deployment]
|
201
|
-
frozen ||= settings[:frozen]
|
201
|
+
frozen ||= settings[:frozen]
|
202
202
|
frozen
|
203
203
|
end
|
204
204
|
|
@@ -236,8 +236,9 @@ module Bundler
|
|
236
236
|
end
|
237
237
|
|
238
238
|
if warning
|
239
|
-
|
240
|
-
|
239
|
+
Bundler.ui.warn "#{warning}\n"
|
240
|
+
user_home = tmp_home_path
|
241
|
+
Bundler.ui.warn "Bundler will use `#{user_home}' as your home directory temporarily.\n"
|
241
242
|
user_home
|
242
243
|
else
|
243
244
|
Pathname.new(home)
|
@@ -684,15 +685,13 @@ EOF
|
|
684
685
|
Bundler.rubygems.clear_paths
|
685
686
|
end
|
686
687
|
|
687
|
-
def tmp_home_path
|
688
|
+
def tmp_home_path
|
688
689
|
Kernel.send(:require, "tmpdir")
|
689
690
|
SharedHelpers.filesystem_access(Dir.tmpdir) do
|
690
691
|
path = Bundler.tmp
|
691
692
|
at_exit { Bundler.rm_rf(path) }
|
692
693
|
path
|
693
694
|
end
|
694
|
-
rescue RuntimeError => e
|
695
|
-
raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
|
696
695
|
end
|
697
696
|
|
698
697
|
# @param env [Hash]
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-07-15".freeze
|
8
|
+
@git_commit_sha = "d78b1ee235".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/cli.rb
CHANGED
data/lib/bundler/cli/doctor.rb
CHANGED
@@ -100,8 +100,11 @@ module Bundler
|
|
100
100
|
files_not_readable_or_writable = []
|
101
101
|
files_not_rw_and_owned_by_different_user = []
|
102
102
|
files_not_owned_by_current_user_but_still_rw = []
|
103
|
+
broken_symlinks = []
|
103
104
|
Find.find(Bundler.bundle_path.to_s).each do |f|
|
104
|
-
if !File.
|
105
|
+
if !File.exist?(f)
|
106
|
+
broken_symlinks << f
|
107
|
+
elsif !File.writable?(f) || !File.readable?(f)
|
105
108
|
if File.stat(f).uid != Process.uid
|
106
109
|
files_not_rw_and_owned_by_different_user << f
|
107
110
|
else
|
@@ -113,6 +116,13 @@ module Bundler
|
|
113
116
|
end
|
114
117
|
|
115
118
|
ok = true
|
119
|
+
|
120
|
+
if broken_symlinks.any?
|
121
|
+
Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
|
122
|
+
|
123
|
+
ok = false
|
124
|
+
end
|
125
|
+
|
116
126
|
if files_not_owned_by_current_user_but_still_rw.any?
|
117
127
|
Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
|
118
128
|
"user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
|
data/lib/bundler/cli/install.rb
CHANGED
@@ -33,12 +33,8 @@ module Bundler
|
|
33
33
|
|
34
34
|
options[:local] = true if Bundler.app_cache.exist?
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
else
|
39
|
-
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
40
|
-
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
41
|
-
end
|
36
|
+
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
37
|
+
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
42
38
|
end
|
43
39
|
|
44
40
|
# When install is called with --no-deployment, disable deployment mode
|
@@ -62,7 +58,10 @@ module Bundler
|
|
62
58
|
definition.validate_runtime!
|
63
59
|
|
64
60
|
installer = Installer.install(Bundler.root, definition, options)
|
65
|
-
|
61
|
+
|
62
|
+
Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
|
63
|
+
Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
|
64
|
+
end
|
66
65
|
|
67
66
|
Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
|
68
67
|
Bundler::CLI::Common.output_without_groups_message(:install)
|
@@ -105,7 +104,7 @@ module Bundler
|
|
105
104
|
private
|
106
105
|
|
107
106
|
def warn_if_root
|
108
|
-
return if Bundler.settings[:silence_root_warning] ||
|
107
|
+
return if Bundler.settings[:silence_root_warning] || Gem.win_platform? || !Process.uid.zero?
|
109
108
|
Bundler.ui.warn "Don't run Bundler as root. Bundler can ask for sudo " \
|
110
109
|
"if it is needed, and installing your bundle as root will break this " \
|
111
110
|
"application for all non-root users on this machine.", :wrap => true
|
data/lib/bundler/cli/lock.rb
CHANGED
@@ -21,9 +21,13 @@ module Bundler
|
|
21
21
|
Bundler::Fetcher.disable_endpoint = options["full-index"]
|
22
22
|
|
23
23
|
update = options[:update]
|
24
|
+
conservative = options[:conservative]
|
25
|
+
|
24
26
|
if update.is_a?(Array) # unlocking specific gems
|
25
27
|
Bundler::CLI::Common.ensure_all_gems_in_lockfile!(update)
|
26
|
-
update = { :gems => update, :
|
28
|
+
update = { :gems => update, :conservative => conservative }
|
29
|
+
elsif update
|
30
|
+
update = { :conservative => conservative } if conservative
|
27
31
|
end
|
28
32
|
definition = Bundler.definition(update)
|
29
33
|
|
data/lib/bundler/cli/update.rb
CHANGED
@@ -27,9 +27,14 @@ module Bundler
|
|
27
27
|
raise InvalidOption, "Cannot specify --all along with specific options."
|
28
28
|
end
|
29
29
|
|
30
|
+
conservative = options[:conservative]
|
31
|
+
|
30
32
|
if full_update
|
31
|
-
|
32
|
-
|
33
|
+
if conservative
|
34
|
+
Bundler.definition(:conservative => conservative)
|
35
|
+
else
|
36
|
+
Bundler.definition(true)
|
37
|
+
end
|
33
38
|
else
|
34
39
|
unless Bundler.default_lockfile.exist?
|
35
40
|
raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
|
@@ -43,7 +48,7 @@ module Bundler
|
|
43
48
|
end
|
44
49
|
|
45
50
|
Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
|
46
|
-
:
|
51
|
+
:conservative => conservative,
|
47
52
|
:bundler => options[:bundler])
|
48
53
|
end
|
49
54
|
|
data/lib/bundler/current_ruby.rb
CHANGED
@@ -65,19 +65,19 @@ module Bundler
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def mswin?
|
68
|
-
|
68
|
+
Gem.win_platform?
|
69
69
|
end
|
70
70
|
|
71
71
|
def mswin64?
|
72
|
-
|
72
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
|
73
73
|
end
|
74
74
|
|
75
75
|
def mingw?
|
76
|
-
|
76
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
|
77
77
|
end
|
78
78
|
|
79
79
|
def x64_mingw?
|
80
|
-
|
80
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
|
81
81
|
end
|
82
82
|
|
83
83
|
(KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|
|
data/lib/bundler/definition.rb
CHANGED
@@ -56,10 +56,8 @@ module Bundler
|
|
56
56
|
@unlocking_bundler = false
|
57
57
|
@unlocking = unlock
|
58
58
|
else
|
59
|
-
unlock = unlock.dup
|
60
59
|
@unlocking_bundler = unlock.delete(:bundler)
|
61
|
-
unlock.
|
62
|
-
@unlocking = !unlock.empty?
|
60
|
+
@unlocking = unlock.any? {|_k, v| !Array(v).empty? }
|
63
61
|
end
|
64
62
|
|
65
63
|
@dependencies = dependencies
|
@@ -106,18 +104,19 @@ module Bundler
|
|
106
104
|
@locked_platforms = []
|
107
105
|
end
|
108
106
|
|
109
|
-
|
110
|
-
@
|
107
|
+
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
108
|
+
@multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
|
111
109
|
|
112
|
-
|
113
|
-
|
110
|
+
if @multisource_allowed
|
111
|
+
unless sources.aggregate_global_source?
|
112
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
|
114
113
|
|
115
|
-
|
114
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
115
|
+
end
|
116
116
|
|
117
|
-
@sources.merged_gem_lockfile_sections!
|
117
|
+
@sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
|
118
118
|
end
|
119
119
|
|
120
|
-
@unlock[:gems] ||= []
|
121
120
|
@unlock[:sources] ||= []
|
122
121
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
123
122
|
@ruby_version.diff(locked_ruby_version_object)
|
@@ -130,9 +129,11 @@ module Bundler
|
|
130
129
|
@path_changes = converge_paths
|
131
130
|
@source_changes = converge_sources
|
132
131
|
|
133
|
-
|
134
|
-
|
135
|
-
|
132
|
+
if @unlock[:conservative]
|
133
|
+
@unlock[:gems] ||= @dependencies.map(&:name)
|
134
|
+
else
|
135
|
+
eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
|
136
|
+
@unlock[:gems] = @locked_specs.for(eager_unlock, false, false, false).map(&:name)
|
136
137
|
end
|
137
138
|
|
138
139
|
@dependency_changes = converge_dependencies
|
@@ -156,8 +157,8 @@ module Bundler
|
|
156
157
|
end
|
157
158
|
end
|
158
159
|
|
159
|
-
def
|
160
|
-
@
|
160
|
+
def multisource_allowed?
|
161
|
+
@multisource_allowed
|
161
162
|
end
|
162
163
|
|
163
164
|
def resolve_only_locally!
|
@@ -184,25 +185,15 @@ module Bundler
|
|
184
185
|
#
|
185
186
|
# @return [Bundler::SpecSet]
|
186
187
|
def specs
|
187
|
-
@specs ||=
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
"You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
|
197
|
-
"removed in order to install."
|
198
|
-
end
|
199
|
-
unless specs["bundler"].any?
|
200
|
-
bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
|
201
|
-
specs["bundler"] = bundler
|
202
|
-
end
|
203
|
-
|
204
|
-
specs
|
205
|
-
end
|
188
|
+
@specs ||= add_bundler_to(resolve.materialize(requested_dependencies))
|
189
|
+
rescue GemNotFound => e # Handle yanked gem
|
190
|
+
gem_name, gem_version = extract_gem_info(e)
|
191
|
+
locked_gem = @locked_specs[gem_name].last
|
192
|
+
raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote
|
193
|
+
raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
|
194
|
+
"no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
|
195
|
+
"You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
|
196
|
+
"removed in order to install."
|
206
197
|
end
|
207
198
|
|
208
199
|
def new_specs
|
@@ -234,17 +225,11 @@ module Bundler
|
|
234
225
|
end
|
235
226
|
|
236
227
|
def requested_specs
|
237
|
-
|
238
|
-
groups = requested_groups
|
239
|
-
groups.map!(&:to_sym)
|
240
|
-
specs_for(groups)
|
241
|
-
end
|
228
|
+
specs_for(requested_groups)
|
242
229
|
end
|
243
230
|
|
244
231
|
def requested_dependencies
|
245
|
-
|
246
|
-
groups.map!(&:to_sym)
|
247
|
-
dependencies_for(groups)
|
232
|
+
dependencies_for(requested_groups)
|
248
233
|
end
|
249
234
|
|
250
235
|
def current_dependencies
|
@@ -254,11 +239,13 @@ module Bundler
|
|
254
239
|
end
|
255
240
|
|
256
241
|
def specs_for(groups)
|
242
|
+
groups = requested_groups if groups.empty?
|
257
243
|
deps = dependencies_for(groups)
|
258
|
-
|
244
|
+
add_bundler_to(resolve.materialize(expand_dependencies(deps)))
|
259
245
|
end
|
260
246
|
|
261
247
|
def dependencies_for(groups)
|
248
|
+
groups.map!(&:to_sym)
|
262
249
|
current_dependencies.reject do |d|
|
263
250
|
(d.groups & groups).empty?
|
264
251
|
end
|
@@ -496,9 +483,6 @@ module Bundler
|
|
496
483
|
attr_reader :sources
|
497
484
|
private :sources
|
498
485
|
|
499
|
-
attr_reader :locked_gem_sources
|
500
|
-
private :locked_gem_sources
|
501
|
-
|
502
486
|
def nothing_changed?
|
503
487
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
504
488
|
end
|
@@ -509,8 +493,17 @@ module Bundler
|
|
509
493
|
|
510
494
|
private
|
511
495
|
|
496
|
+
def add_bundler_to(specs)
|
497
|
+
unless specs["bundler"].any?
|
498
|
+
bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
|
499
|
+
specs["bundler"] = bundler
|
500
|
+
end
|
501
|
+
|
502
|
+
specs
|
503
|
+
end
|
504
|
+
|
512
505
|
def precompute_source_requirements_for_indirect_dependencies?
|
513
|
-
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.
|
506
|
+
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
|
514
507
|
end
|
515
508
|
|
516
509
|
def current_ruby_platform_locked?
|
@@ -626,35 +619,11 @@ module Bundler
|
|
626
619
|
end
|
627
620
|
end
|
628
621
|
|
629
|
-
def converge_rubygems_sources
|
630
|
-
return false if disable_multisource?
|
631
|
-
|
632
|
-
return false if locked_gem_sources.empty?
|
633
|
-
|
634
|
-
# Get the RubyGems remotes from the Gemfile
|
635
|
-
actual_remotes = sources.rubygems_remotes
|
636
|
-
return false if actual_remotes.empty?
|
637
|
-
|
638
|
-
changes = false
|
639
|
-
|
640
|
-
# If there is a RubyGems source in both
|
641
|
-
locked_gem_sources.each do |locked_gem_source|
|
642
|
-
# Merge the remotes from the Gemfile into the Gemfile.lock
|
643
|
-
changes |= locked_gem_source.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
644
|
-
end
|
645
|
-
|
646
|
-
changes
|
647
|
-
end
|
648
|
-
|
649
622
|
def converge_sources
|
650
|
-
changes = false
|
651
|
-
|
652
|
-
changes |= converge_rubygems_sources
|
653
|
-
|
654
623
|
# Replace the sources from the Gemfile with the sources from the Gemfile.lock,
|
655
624
|
# if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
|
656
625
|
# source in the Gemfile.lock, use the one from the Gemfile.
|
657
|
-
changes
|
626
|
+
changes = sources.replace_sources!(@locked_sources)
|
658
627
|
|
659
628
|
sources.all_sources.each do |source|
|
660
629
|
# If the source is unlockable and the current command allows an unlock of
|
@@ -739,8 +708,6 @@ module Bundler
|
|
739
708
|
end
|
740
709
|
end
|
741
710
|
|
742
|
-
unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
|
743
|
-
|
744
711
|
converged = []
|
745
712
|
@locked_specs.each do |s|
|
746
713
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
@@ -752,11 +719,6 @@ module Bundler
|
|
752
719
|
next if s.source.nil?
|
753
720
|
next if @unlock[:sources].include?(s.source.name)
|
754
721
|
|
755
|
-
# XXX This is a backwards-compatibility fix to preserve the ability to
|
756
|
-
# unlock a single gem by passing its name via `--source`. See issue #3759
|
757
|
-
# TODO: delete in Bundler 2
|
758
|
-
next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
|
759
|
-
|
760
722
|
# If the spec is from a path source and it doesn't exist anymore
|
761
723
|
# then we unlock it.
|
762
724
|
|
@@ -768,7 +730,7 @@ module Bundler
|
|
768
730
|
# if we won't need the source (according to the lockfile),
|
769
731
|
# don't error if the path/git source isn't available
|
770
732
|
next if @locked_specs.
|
771
|
-
for(requested_dependencies,
|
733
|
+
for(requested_dependencies, false, true, false).
|
772
734
|
none? {|locked_spec| locked_spec.source == s.source }
|
773
735
|
|
774
736
|
raise
|
@@ -787,8 +749,8 @@ module Bundler
|
|
787
749
|
end
|
788
750
|
|
789
751
|
resolve = SpecSet.new(converged)
|
790
|
-
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps),
|
791
|
-
resolve = resolve.for(expand_dependencies(deps, true),
|
752
|
+
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), true, true)
|
753
|
+
resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
792
754
|
diff = nil
|
793
755
|
|
794
756
|
# Now, we unlock any sources that do not have anymore gems pinned to it
|
@@ -910,14 +872,13 @@ module Bundler
|
|
910
872
|
end
|
911
873
|
|
912
874
|
def additional_base_requirements_for_resolve
|
913
|
-
return [] unless @locked_gems
|
875
|
+
return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
|
914
876
|
dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
|
915
877
|
@locked_gems.specs.reduce({}) do |requirements, locked_spec|
|
916
878
|
name = locked_spec.name
|
917
879
|
dependency = dependencies_by_name[name]
|
918
|
-
next requirements unless dependency
|
919
880
|
next requirements if @locked_gems.dependencies[name] != dependency
|
920
|
-
next requirements if dependency.source.is_a?(Source::Path)
|
881
|
+
next requirements if dependency && dependency.source.is_a?(Source::Path)
|
921
882
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
922
883
|
requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
|
923
884
|
requirements
|