bundler 2.2.21 → 2.2.22
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli/doctor.rb +11 -1
- data/lib/bundler/cli/install.rb +1 -1
- data/lib/bundler/cli/lock.rb +5 -1
- data/lib/bundler/cli/update.rb +8 -3
- data/lib/bundler/current_ruby.rb +4 -4
- data/lib/bundler/definition.rb +13 -49
- data/lib/bundler/dsl.rb +3 -11
- data/lib/bundler/feature_flag.rb +0 -1
- data/lib/bundler/fetcher/downloader.rb +1 -2
- data/lib/bundler/installer.rb +4 -4
- data/lib/bundler/lockfile_parser.rb +2 -20
- data/lib/bundler/man/bundle-add.1 +1 -1
- data/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/lib/bundler/man/bundle-cache.1 +1 -1
- data/lib/bundler/man/bundle-check.1 +1 -1
- data/lib/bundler/man/bundle-clean.1 +1 -1
- data/lib/bundler/man/bundle-config.1 +1 -4
- data/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/lib/bundler/man/bundle-doctor.1 +1 -1
- data/lib/bundler/man/bundle-exec.1 +1 -1
- data/lib/bundler/man/bundle-gem.1 +1 -1
- data/lib/bundler/man/bundle-info.1 +1 -1
- data/lib/bundler/man/bundle-init.1 +1 -1
- data/lib/bundler/man/bundle-inject.1 +1 -1
- data/lib/bundler/man/bundle-install.1 +1 -1
- data/lib/bundler/man/bundle-list.1 +1 -1
- data/lib/bundler/man/bundle-lock.1 +1 -1
- data/lib/bundler/man/bundle-open.1 +1 -1
- data/lib/bundler/man/bundle-outdated.1 +1 -1
- data/lib/bundler/man/bundle-platform.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1 +1 -1
- data/lib/bundler/man/bundle-remove.1 +1 -1
- data/lib/bundler/man/bundle-show.1 +1 -1
- data/lib/bundler/man/bundle-update.1 +4 -4
- data/lib/bundler/man/bundle-update.1.ronn +3 -3
- data/lib/bundler/man/bundle-viz.1 +1 -1
- data/lib/bundler/man/bundle.1 +1 -1
- data/lib/bundler/man/gemfile.5 +1 -1
- data/lib/bundler/plugin/installer.rb +1 -1
- data/lib/bundler/resolver.rb +1 -1
- data/lib/bundler/settings.rb +0 -1
- data/lib/bundler/source/rubygems.rb +1 -14
- data/lib/bundler/source_list.rb +36 -19
- data/lib/bundler/spec_set.rb +2 -6
- data/lib/bundler/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dd506f45451a29ba6416b7b97ee93f67f40e71b8ef9c9db79484ff6f840d6189
|
4
|
+
data.tar.gz: bb18e91f6cfbd8c62febba280ebcb91de345e9fdc5599a7a44245ff47364a141
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1d9dc3b77ecff1849b900a3164578eb40371afeb49f2f1c557485b9647f71292fbf43dd61501416afdfdd9cd50d6da581606aec5c349550a1ea97153e3f94b98
|
7
|
+
data.tar.gz: ae00d5fa66bd664d65915cf15df9431512dc6a77b35f4b60f7faf649962fbd06d56f0b7b7a0659b7ef9ff2c23860c862d8b5b888d43714c714a6af6fbd5b524a
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
# 2.2.22 (July 6, 2021)
|
2
|
+
|
3
|
+
## Enhancements:
|
4
|
+
|
5
|
+
- Never downgrade indirect dependencies when running `bundle update` [#4713](https://github.com/rubygems/rubygems/pull/4713)
|
6
|
+
- Fix `getaddrinfo` errors not treated as fatal on non darwin platforms [#4703](https://github.com/rubygems/rubygems/pull/4703)
|
7
|
+
|
8
|
+
## Bug fixes:
|
9
|
+
|
10
|
+
- Fix `bundle update <gem>` sometimes hanging and `bundle lock --update` not being able to update an insecure lockfile to the new format if it requires downgrades [#4652](https://github.com/rubygems/rubygems/pull/4652)
|
11
|
+
- Fix edge case combination of DSL methods and duplicated sources causing gems to not be found [#4711](https://github.com/rubygems/rubygems/pull/4711)
|
12
|
+
- Fix `bundle doctor` crashing when finding a broken symlink [#4707](https://github.com/rubygems/rubygems/pull/4707)
|
13
|
+
- Fix incorrect re-resolve edge case [#4700](https://github.com/rubygems/rubygems/pull/4700)
|
14
|
+
- Fix some gems being unintentionally locked under multiple lockfile sections [#4701](https://github.com/rubygems/rubygems/pull/4701)
|
15
|
+
- Fix `--conservative` flag unexpectedly updating indirect dependencies [#4692](https://github.com/rubygems/rubygems/pull/4692)
|
16
|
+
|
1
17
|
# 2.2.21 (June 23, 2021)
|
2
18
|
|
3
19
|
## Security fixes:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-06
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-07-06".freeze
|
8
|
+
@git_commit_sha = "0bdd3e8e71".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/cli/doctor.rb
CHANGED
@@ -100,8 +100,11 @@ module Bundler
|
|
100
100
|
files_not_readable_or_writable = []
|
101
101
|
files_not_rw_and_owned_by_different_user = []
|
102
102
|
files_not_owned_by_current_user_but_still_rw = []
|
103
|
+
broken_symlinks = []
|
103
104
|
Find.find(Bundler.bundle_path.to_s).each do |f|
|
104
|
-
if !File.
|
105
|
+
if !File.exist?(f)
|
106
|
+
broken_symlinks << f
|
107
|
+
elsif !File.writable?(f) || !File.readable?(f)
|
105
108
|
if File.stat(f).uid != Process.uid
|
106
109
|
files_not_rw_and_owned_by_different_user << f
|
107
110
|
else
|
@@ -113,6 +116,13 @@ module Bundler
|
|
113
116
|
end
|
114
117
|
|
115
118
|
ok = true
|
119
|
+
|
120
|
+
if broken_symlinks.any?
|
121
|
+
Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
|
122
|
+
|
123
|
+
ok = false
|
124
|
+
end
|
125
|
+
|
116
126
|
if files_not_owned_by_current_user_but_still_rw.any?
|
117
127
|
Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
|
118
128
|
"user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
|
data/lib/bundler/cli/install.rb
CHANGED
@@ -104,7 +104,7 @@ module Bundler
|
|
104
104
|
private
|
105
105
|
|
106
106
|
def warn_if_root
|
107
|
-
return if Bundler.settings[:silence_root_warning] ||
|
107
|
+
return if Bundler.settings[:silence_root_warning] || Gem.win_platform? || !Process.uid.zero?
|
108
108
|
Bundler.ui.warn "Don't run Bundler as root. Bundler can ask for sudo " \
|
109
109
|
"if it is needed, and installing your bundle as root will break this " \
|
110
110
|
"application for all non-root users on this machine.", :wrap => true
|
data/lib/bundler/cli/lock.rb
CHANGED
@@ -21,9 +21,13 @@ module Bundler
|
|
21
21
|
Bundler::Fetcher.disable_endpoint = options["full-index"]
|
22
22
|
|
23
23
|
update = options[:update]
|
24
|
+
conservative = options[:conservative]
|
25
|
+
|
24
26
|
if update.is_a?(Array) # unlocking specific gems
|
25
27
|
Bundler::CLI::Common.ensure_all_gems_in_lockfile!(update)
|
26
|
-
update = { :gems => update, :
|
28
|
+
update = { :gems => update, :conservative => conservative }
|
29
|
+
elsif update
|
30
|
+
update = { :conservative => conservative } if conservative
|
27
31
|
end
|
28
32
|
definition = Bundler.definition(update)
|
29
33
|
|
data/lib/bundler/cli/update.rb
CHANGED
@@ -27,9 +27,14 @@ module Bundler
|
|
27
27
|
raise InvalidOption, "Cannot specify --all along with specific options."
|
28
28
|
end
|
29
29
|
|
30
|
+
conservative = options[:conservative]
|
31
|
+
|
30
32
|
if full_update
|
31
|
-
|
32
|
-
|
33
|
+
if conservative
|
34
|
+
Bundler.definition(:conservative => conservative)
|
35
|
+
else
|
36
|
+
Bundler.definition(true)
|
37
|
+
end
|
33
38
|
else
|
34
39
|
unless Bundler.default_lockfile.exist?
|
35
40
|
raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
|
@@ -43,7 +48,7 @@ module Bundler
|
|
43
48
|
end
|
44
49
|
|
45
50
|
Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
|
46
|
-
:
|
51
|
+
:conservative => conservative,
|
47
52
|
:bundler => options[:bundler])
|
48
53
|
end
|
49
54
|
|
data/lib/bundler/current_ruby.rb
CHANGED
@@ -65,19 +65,19 @@ module Bundler
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def mswin?
|
68
|
-
|
68
|
+
Gem.win_platform?
|
69
69
|
end
|
70
70
|
|
71
71
|
def mswin64?
|
72
|
-
|
72
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
|
73
73
|
end
|
74
74
|
|
75
75
|
def mingw?
|
76
|
-
|
76
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
|
77
77
|
end
|
78
78
|
|
79
79
|
def x64_mingw?
|
80
|
-
|
80
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
|
81
81
|
end
|
82
82
|
|
83
83
|
(KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|
|
data/lib/bundler/definition.rb
CHANGED
@@ -56,10 +56,8 @@ module Bundler
|
|
56
56
|
@unlocking_bundler = false
|
57
57
|
@unlocking = unlock
|
58
58
|
else
|
59
|
-
unlock = unlock.dup
|
60
59
|
@unlocking_bundler = unlock.delete(:bundler)
|
61
|
-
unlock.
|
62
|
-
@unlocking = !unlock.empty?
|
60
|
+
@unlocking = unlock.any? {|_k, v| !Array(v).empty? }
|
63
61
|
end
|
64
62
|
|
65
63
|
@dependencies = dependencies
|
@@ -106,8 +104,8 @@ module Bundler
|
|
106
104
|
@locked_platforms = []
|
107
105
|
end
|
108
106
|
|
109
|
-
|
110
|
-
@multisource_allowed =
|
107
|
+
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
108
|
+
@multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
|
111
109
|
|
112
110
|
if @multisource_allowed
|
113
111
|
unless sources.aggregate_global_source?
|
@@ -116,10 +114,9 @@ module Bundler
|
|
116
114
|
Bundler::SharedHelpers.major_deprecation 2, msg
|
117
115
|
end
|
118
116
|
|
119
|
-
@sources.merged_gem_lockfile_sections!
|
117
|
+
@sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
|
120
118
|
end
|
121
119
|
|
122
|
-
@unlock[:gems] ||= []
|
123
120
|
@unlock[:sources] ||= []
|
124
121
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
125
122
|
@ruby_version.diff(locked_ruby_version_object)
|
@@ -132,8 +129,10 @@ module Bundler
|
|
132
129
|
@path_changes = converge_paths
|
133
130
|
@source_changes = converge_sources
|
134
131
|
|
135
|
-
|
136
|
-
|
132
|
+
if @unlock[:conservative]
|
133
|
+
@unlock[:gems] ||= @dependencies.map(&:name)
|
134
|
+
else
|
135
|
+
eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
|
137
136
|
@unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
|
138
137
|
end
|
139
138
|
|
@@ -257,7 +256,7 @@ module Bundler
|
|
257
256
|
|
258
257
|
def specs_for(groups)
|
259
258
|
deps = dependencies_for(groups)
|
260
|
-
specs.for(expand_dependencies(deps))
|
259
|
+
SpecSet.new(specs.for(expand_dependencies(deps)))
|
261
260
|
end
|
262
261
|
|
263
262
|
def dependencies_for(groups)
|
@@ -498,9 +497,6 @@ module Bundler
|
|
498
497
|
attr_reader :sources
|
499
498
|
private :sources
|
500
499
|
|
501
|
-
attr_reader :locked_gem_sources
|
502
|
-
private :locked_gem_sources
|
503
|
-
|
504
500
|
def nothing_changed?
|
505
501
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
506
502
|
end
|
@@ -628,35 +624,11 @@ module Bundler
|
|
628
624
|
end
|
629
625
|
end
|
630
626
|
|
631
|
-
def converge_rubygems_sources
|
632
|
-
return false unless multisource_allowed?
|
633
|
-
|
634
|
-
return false if locked_gem_sources.empty?
|
635
|
-
|
636
|
-
# Get the RubyGems remotes from the Gemfile
|
637
|
-
actual_remotes = sources.rubygems_remotes
|
638
|
-
return false if actual_remotes.empty?
|
639
|
-
|
640
|
-
changes = false
|
641
|
-
|
642
|
-
# If there is a RubyGems source in both
|
643
|
-
locked_gem_sources.each do |locked_gem_source|
|
644
|
-
# Merge the remotes from the Gemfile into the Gemfile.lock
|
645
|
-
changes |= locked_gem_source.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
646
|
-
end
|
647
|
-
|
648
|
-
changes
|
649
|
-
end
|
650
|
-
|
651
627
|
def converge_sources
|
652
|
-
changes = false
|
653
|
-
|
654
|
-
changes |= converge_rubygems_sources
|
655
|
-
|
656
628
|
# Replace the sources from the Gemfile with the sources from the Gemfile.lock,
|
657
629
|
# if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
|
658
630
|
# source in the Gemfile.lock, use the one from the Gemfile.
|
659
|
-
changes
|
631
|
+
changes = sources.replace_sources!(@locked_sources)
|
660
632
|
|
661
633
|
sources.all_sources.each do |source|
|
662
634
|
# If the source is unlockable and the current command allows an unlock of
|
@@ -741,8 +713,6 @@ module Bundler
|
|
741
713
|
end
|
742
714
|
end
|
743
715
|
|
744
|
-
unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
|
745
|
-
|
746
716
|
converged = []
|
747
717
|
@locked_specs.each do |s|
|
748
718
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
@@ -754,11 +724,6 @@ module Bundler
|
|
754
724
|
next if s.source.nil?
|
755
725
|
next if @unlock[:sources].include?(s.source.name)
|
756
726
|
|
757
|
-
# XXX This is a backwards-compatibility fix to preserve the ability to
|
758
|
-
# unlock a single gem by passing its name via `--source`. See issue #3759
|
759
|
-
# TODO: delete in Bundler 2
|
760
|
-
next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
|
761
|
-
|
762
727
|
# If the spec is from a path source and it doesn't exist anymore
|
763
728
|
# then we unlock it.
|
764
729
|
|
@@ -790,7 +755,7 @@ module Bundler
|
|
790
755
|
|
791
756
|
resolve = SpecSet.new(converged)
|
792
757
|
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), @unlock[:gems], true, true)
|
793
|
-
resolve = resolve.for(expand_dependencies(deps, true),
|
758
|
+
resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), [], false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
794
759
|
diff = nil
|
795
760
|
|
796
761
|
# Now, we unlock any sources that do not have anymore gems pinned to it
|
@@ -912,14 +877,13 @@ module Bundler
|
|
912
877
|
end
|
913
878
|
|
914
879
|
def additional_base_requirements_for_resolve
|
915
|
-
return [] unless @locked_gems
|
880
|
+
return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
|
916
881
|
dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
|
917
882
|
@locked_gems.specs.reduce({}) do |requirements, locked_spec|
|
918
883
|
name = locked_spec.name
|
919
884
|
dependency = dependencies_by_name[name]
|
920
|
-
next requirements unless dependency
|
921
885
|
next requirements if @locked_gems.dependencies[name] != dependency
|
922
|
-
next requirements if dependency.source.is_a?(Source::Path)
|
886
|
+
next requirements if dependency && dependency.source.is_a?(Source::Path)
|
923
887
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
924
888
|
requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
|
925
889
|
requirements
|
data/lib/bundler/dsl.rb
CHANGED
@@ -24,9 +24,6 @@ module Bundler
|
|
24
24
|
def initialize
|
25
25
|
@source = nil
|
26
26
|
@sources = SourceList.new
|
27
|
-
|
28
|
-
@global_rubygems_sources = []
|
29
|
-
|
30
27
|
@git_sources = {}
|
31
28
|
@dependencies = []
|
32
29
|
@groups = []
|
@@ -48,7 +45,6 @@ module Bundler
|
|
48
45
|
@gemfiles << expanded_gemfile_path
|
49
46
|
contents ||= Bundler.read_file(@gemfile.to_s)
|
50
47
|
instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
|
51
|
-
check_primary_source_safety
|
52
48
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
53
49
|
message = "There was an error " \
|
54
50
|
"#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
|
@@ -168,7 +164,7 @@ module Bundler
|
|
168
164
|
elsif block_given?
|
169
165
|
with_source(@sources.add_rubygems_source("remotes" => source), &blk)
|
170
166
|
else
|
171
|
-
@
|
167
|
+
@sources.add_global_rubygems_remote(source)
|
172
168
|
end
|
173
169
|
end
|
174
170
|
|
@@ -222,6 +218,7 @@ module Bundler
|
|
222
218
|
end
|
223
219
|
|
224
220
|
def to_definition(lockfile, unlock)
|
221
|
+
check_primary_source_safety
|
225
222
|
Definition.new(lockfile, @dependencies, @sources, unlock, @ruby_version, @optional_groups, @gemfiles)
|
226
223
|
end
|
227
224
|
|
@@ -453,12 +450,7 @@ repo_name ||= user_name
|
|
453
450
|
end
|
454
451
|
|
455
452
|
def check_rubygems_source_safety
|
456
|
-
|
457
|
-
return if @global_rubygems_sources.empty?
|
458
|
-
|
459
|
-
@global_rubygems_sources.each do |source|
|
460
|
-
@sources.add_rubygems_remote(source)
|
461
|
-
end
|
453
|
+
return unless @sources.aggregate_global_source?
|
462
454
|
|
463
455
|
if Bundler.feature_flag.bundler_3_mode?
|
464
456
|
msg = "This Gemfile contains multiple primary sources. " \
|
data/lib/bundler/feature_flag.rb
CHANGED
@@ -38,7 +38,6 @@ module Bundler
|
|
38
38
|
settings_flag(:print_only_version_number) { bundler_3_mode? }
|
39
39
|
settings_flag(:setup_makes_kernel_gem_public) { !bundler_3_mode? }
|
40
40
|
settings_flag(:suppress_install_using_messages) { bundler_3_mode? }
|
41
|
-
settings_flag(:unlock_source_unlocks_spec) { !bundler_3_mode? }
|
42
41
|
settings_flag(:update_requires_all_flag) { bundler_4_mode? }
|
43
42
|
settings_flag(:use_gem_version_promoter_for_major_updates) { bundler_3_mode? }
|
44
43
|
|
@@ -68,8 +68,7 @@ module Bundler
|
|
68
68
|
raise CertificateFailureError.new(uri)
|
69
69
|
rescue *HTTP_ERRORS => e
|
70
70
|
Bundler.ui.trace e
|
71
|
-
|
72
|
-
when /host down:/, /getaddrinfo: nodename nor servname provided/
|
71
|
+
if e.is_a?(SocketError) || e.message =~ /host down:/
|
73
72
|
raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
|
74
73
|
"connection and try again."
|
75
74
|
else
|
data/lib/bundler/installer.rb
CHANGED
@@ -135,7 +135,7 @@ module Bundler
|
|
135
135
|
next
|
136
136
|
end
|
137
137
|
|
138
|
-
mode =
|
138
|
+
mode = Gem.win_platform? ? "wb:UTF-8" : "w"
|
139
139
|
require "erb"
|
140
140
|
content = if RUBY_VERSION >= "2.6"
|
141
141
|
ERB.new(template, :trim_mode => "-").result(binding)
|
@@ -144,7 +144,7 @@ module Bundler
|
|
144
144
|
end
|
145
145
|
|
146
146
|
File.write(binstub_path, content, :mode => mode, :perm => 0o777 & ~File.umask)
|
147
|
-
if
|
147
|
+
if Gem.win_platform? || options[:all_platforms]
|
148
148
|
prefix = "@ruby -x \"%~f0\" %*\n@exit /b %ERRORLEVEL%\n\n"
|
149
149
|
File.write("#{binstub_path}.cmd", prefix + content, :mode => mode)
|
150
150
|
end
|
@@ -182,7 +182,7 @@ module Bundler
|
|
182
182
|
executable_path = Pathname(spec.full_gem_path).join(spec.bindir, executable).relative_path_from(bin_path)
|
183
183
|
executable_path = executable_path
|
184
184
|
|
185
|
-
mode =
|
185
|
+
mode = Gem.win_platform? ? "wb:UTF-8" : "w"
|
186
186
|
require "erb"
|
187
187
|
content = if RUBY_VERSION >= "2.6"
|
188
188
|
ERB.new(template, :trim_mode => "-").result(binding)
|
@@ -191,7 +191,7 @@ module Bundler
|
|
191
191
|
end
|
192
192
|
|
193
193
|
File.write("#{bin_path}/#{executable}", content, :mode => mode, :perm => 0o755)
|
194
|
-
if
|
194
|
+
if Gem.win_platform? || options[:all_platforms]
|
195
195
|
prefix = "@ruby -x \"%~f0\" %*\n@exit /b %ERRORLEVEL%\n\n"
|
196
196
|
File.write("#{bin_path}/#{executable}.cmd", prefix + content, :mode => mode)
|
197
197
|
end
|
@@ -1,16 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
#--
|
4
|
-
# Some versions of the Bundler 1.1 RC series introduced corrupted
|
5
|
-
# lockfiles. There were two major problems:
|
6
|
-
#
|
7
|
-
# * multiple copies of the same GIT section appeared in the lockfile
|
8
|
-
# * when this happened, those sections got multiple copies of gems
|
9
|
-
# in those sections.
|
10
|
-
#
|
11
|
-
# As a result, Bundler 1.1 contains code that fixes the earlier
|
12
|
-
# corruption. We will remove this fix-up code in Bundler 1.2.
|
13
|
-
|
14
3
|
module Bundler
|
15
4
|
class LockfileParser
|
16
5
|
attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
|
@@ -124,12 +113,7 @@ module Bundler
|
|
124
113
|
@sources << @current_source
|
125
114
|
when GIT
|
126
115
|
@current_source = TYPES[@type].from_lock(@opts)
|
127
|
-
|
128
|
-
if @sources.include?(@current_source)
|
129
|
-
@current_source = @sources.find {|s| s == @current_source }
|
130
|
-
else
|
131
|
-
@sources << @current_source
|
132
|
-
end
|
116
|
+
@sources << @current_source
|
133
117
|
when GEM
|
134
118
|
@opts["remotes"] = Array(@opts.delete("remote")).reverse
|
135
119
|
@current_source = TYPES[@type].from_lock(@opts)
|
@@ -212,9 +196,7 @@ module Bundler
|
|
212
196
|
@current_spec = LazySpecification.new(name, version, platform)
|
213
197
|
@current_spec.source = @current_source
|
214
198
|
|
215
|
-
|
216
|
-
# duplicate GIT sections)
|
217
|
-
@specs[@current_spec.identifier] ||= @current_spec
|
199
|
+
@specs[@current_spec.identifier] = @current_spec
|
218
200
|
elsif spaces.size == 6
|
219
201
|
version = version.split(",").map(&:strip) if version
|
220
202
|
dep = Gem::Dependency.new(name, version)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-CACHE" "1" "
|
4
|
+
.TH "BUNDLE\-CACHE" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-CHECK" "1" "
|
4
|
+
.TH "BUNDLE\-CHECK" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-CONFIG" "1" "
|
4
|
+
.TH "BUNDLE\-CONFIG" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-config\fR \- Set bundler configuration options
|
@@ -274,9 +274,6 @@ The following is a list of all configuration keys and their purpose\. You can le
|
|
274
274
|
\fBtimeout\fR (\fBBUNDLE_TIMEOUT\fR): The seconds allowed before timing out for network requests\. Defaults to \fB10\fR\.
|
275
275
|
.
|
276
276
|
.IP "\(bu" 4
|
277
|
-
\fBunlock_source_unlocks_spec\fR (\fBBUNDLE_UNLOCK_SOURCE_UNLOCKS_SPEC\fR): Whether running \fBbundle update \-\-source NAME\fR unlocks a gem with the given name\. Defaults to \fBtrue\fR\.
|
278
|
-
.
|
279
|
-
.IP "\(bu" 4
|
280
277
|
\fBupdate_requires_all_flag\fR (\fBBUNDLE_UPDATE_REQUIRES_ALL_FLAG\fR): Require passing \fB\-\-all\fR to \fBbundle update\fR when everything should be updated, and disallow passing no options to \fBbundle update\fR\.
|
281
278
|
.
|
282
279
|
.IP "\(bu" 4
|
@@ -260,9 +260,6 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
|
|
260
260
|
The location where RubyGems installs binstubs. Defaults to `Gem.bindir`.
|
261
261
|
* `timeout` (`BUNDLE_TIMEOUT`):
|
262
262
|
The seconds allowed before timing out for network requests. Defaults to `10`.
|
263
|
-
* `unlock_source_unlocks_spec` (`BUNDLE_UNLOCK_SOURCE_UNLOCKS_SPEC`):
|
264
|
-
Whether running `bundle update --source NAME` unlocks a gem with the given
|
265
|
-
name. Defaults to `true`.
|
266
263
|
* `update_requires_all_flag` (`BUNDLE_UPDATE_REQUIRES_ALL_FLAG`):
|
267
264
|
Require passing `--all` to `bundle update` when everything should be updated,
|
268
265
|
and disallow passing no options to `bundle update`.
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-INJECT" "1" "
|
4
|
+
.TH "BUNDLE\-INJECT" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-INSTALL" "1" "
|
4
|
+
.TH "BUNDLE\-INSTALL" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-OUTDATED" "1" "
|
4
|
+
.TH "BUNDLE\-OUTDATED" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-outdated\fR \- List installed gems with newer versions available
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-PRISTINE" "1" "
|
4
|
+
.TH "BUNDLE\-PRISTINE" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
|
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "BUNDLE\-UPDATE" "1" "
|
4
|
+
.TH "BUNDLE\-UPDATE" "1" "June 2021" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBbundle\-update\fR \- Update your gems to the latest available versions
|
@@ -79,7 +79,7 @@ Do not allow any gem to be updated past latest \fB\-\-patch\fR | \fB\-\-minor\fR
|
|
79
79
|
.
|
80
80
|
.TP
|
81
81
|
\fB\-\-conservative\fR
|
82
|
-
Use bundle install conservative update behavior and do not allow
|
82
|
+
Use bundle install conservative update behavior and do not allow indirect dependencies to be updated\.
|
83
83
|
.
|
84
84
|
.SH "UPDATING ALL GEMS"
|
85
85
|
If you run \fBbundle update \-\-all\fR, bundler will ignore any previously installed gems and resolve all dependencies again based on the latest versions of all gems available in the sources\.
|
@@ -208,13 +208,13 @@ In this case, the two gems have their own set of dependencies, but they share \f
|
|
208
208
|
In short, by default, when you update a gem using \fBbundle update\fR, bundler will update all dependencies of that gem, including those that are also dependencies of another gem\.
|
209
209
|
.
|
210
210
|
.P
|
211
|
-
To prevent updating
|
211
|
+
To prevent updating indirect dependencies, prior to version 1\.14 the only option was the \fBCONSERVATIVE UPDATING\fR behavior in bundle install(1) \fIbundle\-install\.1\.html\fR:
|
212
212
|
.
|
213
213
|
.P
|
214
214
|
In this scenario, updating the \fBthin\fR version manually in the Gemfile(5), and then running bundle install(1) \fIbundle\-install\.1\.html\fR will only update \fBdaemons\fR and \fBeventmachine\fR, but not \fBrack\fR\. For more information, see the \fBCONSERVATIVE UPDATING\fR section of bundle install(1) \fIbundle\-install\.1\.html\fR\.
|
215
215
|
.
|
216
216
|
.P
|
217
|
-
Starting with 1\.14, specifying the \fB\-\-conservative\fR option will also prevent
|
217
|
+
Starting with 1\.14, specifying the \fB\-\-conservative\fR option will also prevent indirect dependencies from being updated\.
|
218
218
|
.
|
219
219
|
.SH "PATCH LEVEL OPTIONS"
|
220
220
|
Version 1\.14 introduced 4 patch\-level options that will influence how gem versions are resolved\. One of the following options can be used: \fB\-\-patch\fR, \fB\-\-minor\fR or \fB\-\-major\fR\. \fB\-\-strict\fR can be added to further influence resolution\.
|
@@ -80,7 +80,7 @@ gem.
|
|
80
80
|
Do not allow any gem to be updated past latest `--patch` | `--minor` | `--major`.
|
81
81
|
|
82
82
|
* `--conservative`:
|
83
|
-
Use bundle install conservative update behavior and do not allow
|
83
|
+
Use bundle install conservative update behavior and do not allow indirect dependencies to be updated.
|
84
84
|
|
85
85
|
## UPDATING ALL GEMS
|
86
86
|
|
@@ -195,7 +195,7 @@ In short, by default, when you update a gem using `bundle update`, bundler will
|
|
195
195
|
update all dependencies of that gem, including those that are also dependencies
|
196
196
|
of another gem.
|
197
197
|
|
198
|
-
To prevent updating
|
198
|
+
To prevent updating indirect dependencies, prior to version 1.14 the only option
|
199
199
|
was the `CONSERVATIVE UPDATING` behavior in [bundle install(1)](bundle-install.1.html):
|
200
200
|
|
201
201
|
In this scenario, updating the `thin` version manually in the Gemfile(5),
|
@@ -203,7 +203,7 @@ and then running [bundle install(1)](bundle-install.1.html) will only update `da
|
|
203
203
|
but not `rack`. For more information, see the `CONSERVATIVE UPDATING` section
|
204
204
|
of [bundle install(1)](bundle-install.1.html).
|
205
205
|
|
206
|
-
Starting with 1.14, specifying the `--conservative` option will also prevent
|
206
|
+
Starting with 1.14, specifying the `--conservative` option will also prevent indirect
|
207
207
|
dependencies from being updated.
|
208
208
|
|
209
209
|
## PATCH LEVEL OPTIONS
|
data/lib/bundler/man/bundle.1
CHANGED
data/lib/bundler/man/gemfile.5
CHANGED
@@ -77,7 +77,7 @@ module Bundler
|
|
77
77
|
source_list = SourceList.new
|
78
78
|
|
79
79
|
source_list.add_git_source(git_source_options) if git_source_options
|
80
|
-
source_list.
|
80
|
+
source_list.add_global_rubygems_remote(rubygems_source) if rubygems_source
|
81
81
|
|
82
82
|
deps = names.map {|name| Dependency.new name, version }
|
83
83
|
|
data/lib/bundler/resolver.rb
CHANGED
@@ -21,7 +21,7 @@ module Bundler
|
|
21
21
|
base = SpecSet.new(base) unless base.is_a?(SpecSet)
|
22
22
|
resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
23
23
|
result = resolver.start(requirements)
|
24
|
-
SpecSet.new(result).for(requirements.reject{|dep| dep.name.end_with?("\0") })
|
24
|
+
SpecSet.new(SpecSet.new(result).for(requirements.reject{|dep| dep.name.end_with?("\0") }))
|
25
25
|
end
|
26
26
|
|
27
27
|
def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
data/lib/bundler/settings.rb
CHANGED
@@ -73,7 +73,7 @@ module Bundler
|
|
73
73
|
|
74
74
|
def can_lock?(spec)
|
75
75
|
return super unless multiple_remotes?
|
76
|
-
spec.source
|
76
|
+
include?(spec.source)
|
77
77
|
end
|
78
78
|
|
79
79
|
def options
|
@@ -252,19 +252,6 @@ module Bundler
|
|
252
252
|
other_remotes.map(&method(:remove_auth)) == @remotes.map(&method(:remove_auth))
|
253
253
|
end
|
254
254
|
|
255
|
-
def replace_remotes(other_remotes, allow_equivalent = false)
|
256
|
-
return false if other_remotes == @remotes
|
257
|
-
|
258
|
-
equivalent = allow_equivalent && equivalent_remotes?(other_remotes)
|
259
|
-
|
260
|
-
@remotes = []
|
261
|
-
other_remotes.reverse_each do |r|
|
262
|
-
add_remote r.to_s
|
263
|
-
end
|
264
|
-
|
265
|
-
!equivalent
|
266
|
-
end
|
267
|
-
|
268
255
|
def spec_names
|
269
256
|
if @allow_remote && dependency_api_available?
|
270
257
|
remote_specs.spec_names
|
data/lib/bundler/source_list.rb
CHANGED
@@ -28,8 +28,9 @@ module Bundler
|
|
28
28
|
@merged_gem_lockfile_sections
|
29
29
|
end
|
30
30
|
|
31
|
-
def merged_gem_lockfile_sections!
|
31
|
+
def merged_gem_lockfile_sections!(replacement_source)
|
32
32
|
@merged_gem_lockfile_sections = true
|
33
|
+
@global_rubygems_source = replacement_source
|
33
34
|
end
|
34
35
|
|
35
36
|
def aggregate_global_source?
|
@@ -53,18 +54,17 @@ module Bundler
|
|
53
54
|
end
|
54
55
|
|
55
56
|
def add_rubygems_source(options = {})
|
56
|
-
|
57
|
+
new_source = Source::Rubygems.new(options)
|
58
|
+
return @global_rubygems_source if @global_rubygems_source == new_source
|
59
|
+
|
60
|
+
add_source_to_list new_source, @rubygems_sources
|
57
61
|
end
|
58
62
|
|
59
63
|
def add_plugin_source(source, options = {})
|
60
64
|
add_source_to_list Plugin.source(source).new(options), @plugin_sources
|
61
65
|
end
|
62
66
|
|
63
|
-
def
|
64
|
-
@global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri, "allow_local" => true)
|
65
|
-
end
|
66
|
-
|
67
|
-
def add_rubygems_remote(uri)
|
67
|
+
def add_global_rubygems_remote(uri)
|
68
68
|
global_rubygems_source.add_remote(uri)
|
69
69
|
global_rubygems_source
|
70
70
|
end
|
@@ -109,27 +109,26 @@ module Bundler
|
|
109
109
|
if merged_gem_lockfile_sections?
|
110
110
|
[combine_rubygems_sources]
|
111
111
|
else
|
112
|
-
rubygems_sources.sort_by(&:to_s)
|
112
|
+
rubygems_sources.sort_by(&:to_s)
|
113
113
|
end
|
114
114
|
end
|
115
115
|
|
116
116
|
# Returns true if there are changes
|
117
117
|
def replace_sources!(replacement_sources)
|
118
|
-
return
|
118
|
+
return false if replacement_sources.empty?
|
119
119
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
end
|
120
|
+
@path_sources, @git_sources, @plugin_sources = map_sources(replacement_sources)
|
121
|
+
|
122
|
+
different_sources?(lock_sources, replacement_sources)
|
123
|
+
end
|
125
124
|
|
126
|
-
|
127
|
-
|
128
|
-
|
125
|
+
# Returns true if there are changes
|
126
|
+
def expired_sources?(replacement_sources)
|
127
|
+
return false if replacement_sources.empty?
|
129
128
|
|
130
|
-
|
129
|
+
lock_sources = dup_with_replaced_sources(replacement_sources).lock_sources
|
131
130
|
|
132
|
-
|
131
|
+
different_sources?(lock_sources, replacement_sources)
|
133
132
|
end
|
134
133
|
|
135
134
|
def local_only!
|
@@ -146,6 +145,24 @@ module Bundler
|
|
146
145
|
|
147
146
|
private
|
148
147
|
|
148
|
+
def dup_with_replaced_sources(replacement_sources)
|
149
|
+
new_source_list = dup
|
150
|
+
new_source_list.replace_sources!(replacement_sources)
|
151
|
+
new_source_list
|
152
|
+
end
|
153
|
+
|
154
|
+
def map_sources(replacement_sources)
|
155
|
+
[path_sources, git_sources, plugin_sources].map do |sources|
|
156
|
+
sources.map do |source|
|
157
|
+
replacement_sources.find {|s| s == source } || source
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
def different_sources?(lock_sources, replacement_sources)
|
163
|
+
!equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
|
164
|
+
end
|
165
|
+
|
149
166
|
def rubygems_aggregate_class
|
150
167
|
Source::Rubygems
|
151
168
|
end
|
data/lib/bundler/spec_set.rb
CHANGED
@@ -46,11 +46,7 @@ module Bundler
|
|
46
46
|
specs << spec
|
47
47
|
end
|
48
48
|
|
49
|
-
check ? true :
|
50
|
-
end
|
51
|
-
|
52
|
-
def valid_for?(deps)
|
53
|
-
self.for(deps, [], true)
|
49
|
+
check ? true : specs
|
54
50
|
end
|
55
51
|
|
56
52
|
def [](key)
|
@@ -77,7 +73,7 @@ module Bundler
|
|
77
73
|
end
|
78
74
|
|
79
75
|
def materialize(deps, missing_specs = nil)
|
80
|
-
materialized = self.for(deps, [], false, true, !missing_specs)
|
76
|
+
materialized = self.for(deps, [], false, true, !missing_specs)
|
81
77
|
|
82
78
|
materialized.group_by(&:source).each do |source, specs|
|
83
79
|
next unless specs.any?{|s| s.is_a?(LazySpecification) }
|
data/lib/bundler/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.22
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -22,7 +22,7 @@ authors:
|
|
22
22
|
autorequire:
|
23
23
|
bindir: exe
|
24
24
|
cert_chain: []
|
25
|
-
date: 2021-06
|
25
|
+
date: 2021-07-06 00:00:00.000000000 Z
|
26
26
|
dependencies: []
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
28
28
|
across many machines, systematically and repeatably
|
@@ -354,7 +354,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
354
354
|
- !ruby/object:Gem::Version
|
355
355
|
version: 2.5.2
|
356
356
|
requirements: []
|
357
|
-
rubygems_version: 3.2.
|
357
|
+
rubygems_version: 3.2.22
|
358
358
|
signing_key:
|
359
359
|
specification_version: 4
|
360
360
|
summary: The best way to manage your application's dependencies
|