RubyGems - bundler - Versions diffs - 2.2.24 → 2.2.33 - Mend

bundler 2.2.24 → 2.2.33

Files changed (104) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +149 -1
data/README.md +1 -1
data/lib/bundler/build_metadata.rb +2 -2
data/lib/bundler/cli/cache.rb +1 -1
data/lib/bundler/cli/doctor.rb +4 -3
data/lib/bundler/cli/exec.rb +1 -6
data/lib/bundler/cli/gem.rb +90 -10
data/lib/bundler/cli/info.rb +16 -4
data/lib/bundler/cli/install.rb +4 -17
data/lib/bundler/cli/issue.rb +4 -3
data/lib/bundler/cli/list.rb +7 -1
data/lib/bundler/cli/open.rb +1 -2
data/lib/bundler/cli/remove.rb +1 -2
data/lib/bundler/cli/update.rb +3 -3
data/lib/bundler/cli.rb +16 -10
data/lib/bundler/compact_index_client/updater.rb +0 -5
data/lib/bundler/compact_index_client.rb +2 -2
data/lib/bundler/definition.rb +84 -150
data/lib/bundler/digest.rb +71 -0
data/lib/bundler/dsl.rb +32 -4
data/lib/bundler/environment_preserver.rb +4 -1
data/lib/bundler/errors.rb +19 -3
data/lib/bundler/fetcher.rb +2 -1
data/lib/bundler/friendly_errors.rb +5 -30
data/lib/bundler/gem_helper.rb +6 -17
data/lib/bundler/installer/gem_installer.rb +3 -16
data/lib/bundler/installer/standalone.rb +13 -8
data/lib/bundler/installer.rb +0 -1
data/lib/bundler/lazy_specification.rb +17 -1
data/lib/bundler/lockfile_parser.rb +2 -0
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +3 -3
data/lib/bundler/man/bundle-config.1.ronn +2 -2
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +14 -1
data/lib/bundler/man/bundle-gem.1.ronn +16 -0
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +1 -1
data/lib/bundler/man/bundle-install.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +27 -1
data/lib/bundler/man/gemfile.5.ronn +8 -0
data/lib/bundler/plugin/api/source.rb +1 -0
data/lib/bundler/plugin/installer.rb +2 -0
data/lib/bundler/plugin.rb +23 -6
data/lib/bundler/resolver.rb +8 -17
data/lib/bundler/rubygems_ext.rb +4 -0
data/lib/bundler/rubygems_gem_installer.rb +25 -5
data/lib/bundler/rubygems_integration.rb +28 -9
data/lib/bundler/runtime.rb +17 -8
data/lib/bundler/settings.rb +13 -1
data/lib/bundler/setup.rb +2 -2
data/lib/bundler/shared_helpers.rb +2 -10
data/lib/bundler/source/git/git_proxy.rb +8 -6
data/lib/bundler/source/git.rb +22 -4
data/lib/bundler/source/rubygems.rb +70 -81
data/lib/bundler/source/rubygems_aggregate.rb +4 -0
data/lib/bundler/source.rb +4 -0
data/lib/bundler/source_list.rb +22 -31
data/lib/bundler/spec_set.rb +14 -36
data/lib/bundler/templates/Executable.bundler +6 -6
data/lib/bundler/templates/newgem/Gemfile.tt +5 -2
data/lib/bundler/templates/newgem/Rakefile.tt +5 -1
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +13 -2
data/lib/bundler/templates/newgem/newgem.gemspec.tt +16 -14
data/lib/bundler/templates/newgem/sig/newgem.rbs.tt +8 -0
data/lib/bundler/templates/newgem/standard.yml.tt +2 -0
data/lib/bundler/vendor/.document +1 -0
data/lib/bundler/vendor/connection_pool/LICENSE +20 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +19 -21
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +57 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +39 -74
data/lib/bundler/vendor/fileutils/LICENSE.txt +22 -0
data/lib/bundler/vendor/molinillo/LICENSE +9 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +2 -2
data/lib/bundler/vendor/net-http-persistent/README.rdoc +82 -0
data/lib/bundler/vendor/thor/LICENSE.md +20 -0
data/lib/bundler/vendor/tsort/LICENSE.txt +22 -0
data/lib/bundler/vendor/tsort/lib/tsort.rb +453 -0
data/lib/bundler/vendor/uri/LICENSE.txt +22 -0
data/lib/bundler/vendored_tsort.rb +4 -0
data/lib/bundler/version.rb +1 -1
data/lib/bundler/worker.rb +19 -4
data/lib/bundler.rb +13 -22
metadata +20 -7
data/lib/bundler/vendor/connection_pool/lib/connection_pool/monotonic_time.rb +0 -66

data/lib/bundler/cli.rb CHANGED Viewed

@@ -73,14 +73,6 @@ module Bundler
       Bundler.ui = UI::Shell.new(options)
       Bundler.ui.level = "debug" if options["verbose"]
       unprinted_warnings.each {|w| Bundler.ui.warn(w) }
-      if ENV["RUBYGEMS_GEMDEPS"] && !ENV["RUBYGEMS_GEMDEPS"].empty?
-        Bundler.ui.warn(
-          "The RUBYGEMS_GEMDEPS environment variable is set. This enables RubyGems' " \
-          "experimental Gemfile mode, which may conflict with Bundler and cause unexpected errors. " \
-          "To remove this warning, unset RUBYGEMS_GEMDEPS.", :wrap => true
-        )
-      end
     end
     check_unknown_options!(:except => [:config, :exec])
@@ -192,6 +184,7 @@ module Bundler
     method_option "install", :type => :boolean, :banner =>
       "Runs 'bundle install' after removing the gems from the Gemfile"
     def remove(*gems)
+      SharedHelpers.major_deprecation(2, "The `--install` flag has been deprecated. `bundle install` is triggered by default.") if ARGV.include?("--install")
       require_relative "cli/remove"
       Remove.new(gems, options).run
     end
@@ -338,6 +331,7 @@ module Bundler
     desc "info GEM [OPTIONS]", "Show information for the given gem"
     method_option "path", :type => :boolean, :banner => "Print full path to gem"
+    method_option "version", :type => :boolean, :banner => "Print gem version"
     def info(gem_name)
       require_relative "cli/info"
       Info.new(options, gem_name).run
@@ -456,6 +450,12 @@ module Bundler
         "do in future versions. Instead please use `bundle config set cache_all true`, " \
         "and stop using this flag" if ARGV.include?("--all")
+      SharedHelpers.major_deprecation 2,
+        "The `--path` flag is deprecated because its semantics are unclear. " \
+        "Use `bundle config cache_path` to configure the path of your cache of gems, " \
+        "and `bundle config path` to configure the path where your gems are installed, " \
+        "and stop using this flag" if ARGV.include?("--path")
       require_relative "cli/cache"
       Cache.new(options).run
     end
@@ -463,7 +463,7 @@ module Bundler
     map aliases_for("cache")
     desc "exec [OPTIONS]", "Run the command in context of the bundle"
-    method_option :keep_file_descriptors, :type => :boolean, :default => false
+    method_option :keep_file_descriptors, :type => :boolean, :default => true
     method_option :gemfile, :type => :string, :required => false
     long_desc <<-D
       Exec runs a command, providing it access to the gems in the bundle. While using
@@ -471,6 +471,10 @@ module Bundler
       into the system wide RubyGems repository.
     D
     def exec(*args)
+      if ARGV.include?("--no-keep-file-descriptors")
+        SharedHelpers.major_deprecation(2, "The `--no-keep-file-descriptors` has been deprecated. `bundle exec` no longer mess with your file descriptors. Close them in the exec'd script if you need to")
+      end
       require_relative "cli/exec"
       Exec.new(options, args).run
     end
@@ -549,7 +553,7 @@ module Bundler
       method_option :version, :type => :boolean, :default => false, :aliases => "-v", :desc => "Set to show each gem version."
       method_option :without, :type => :array, :default => [], :aliases => "-W", :banner => "GROUP[ GROUP...]", :desc => "Exclude gems that are part of the specified named group."
       def viz
-        SharedHelpers.major_deprecation 2, "The `viz` command has been moved to the `bundle-viz` gem, see https://github.com/bundler/bundler-viz"
+        SharedHelpers.major_deprecation 2, "The `viz` command has been renamed to `graph` and moved to a plugin. See https://github.com/rubygems/bundler-graph"
         require_relative "cli/viz"
         Viz.new(options.dup).run
       end
@@ -572,6 +576,8 @@ module Bundler
                          :desc => "Generate a test directory for your library, either rspec, minitest or test-unit. Set a default with `bundle config set --global gem.test (rspec|minitest|test-unit)`."
     method_option :ci, :type => :string, :lazy_default => Bundler.settings["gem.ci"] || "",
                        :desc => "Generate CI configuration, either GitHub Actions, Travis CI, GitLab CI or CircleCI. Set a default with `bundle config set --global gem.ci (github|travis|gitlab|circle)`"
+    method_option :linter, :type => :string, :lazy_default => Bundler.settings["gem.linter"] || "",
+                           :desc => "Add a linter and code formatter, either RuboCop or Standard. Set a default with `bundle config set --global gem.linter (rubocop|standard)`"
     method_option :github_username, :type => :string, :default => Bundler.settings["gem.github_username"], :banner => "Set your username on GitHub", :desc => "Fill in GitHub username on README so that you don't have to do it manually. Set a default with `bundle config set --global gem.github_username <your_username>`."
     def gem(name)

data/lib/bundler/compact_index_client/updater.rb CHANGED Viewed

@@ -76,11 +76,6 @@ module Bundler
           update(local_path, remote_path, :retrying)
         end
-      rescue Errno::EACCES
-        raise Bundler::PermissionError,
-          "Bundler does not have write access to create a temp directory " \
-          "within #{Dir.tmpdir}. Bundler must have write access to your " \
-          "systems temp directory to function properly. "
       rescue Zlib::GzipFile::Error
         raise Bundler::HTTPError
       end

data/lib/bundler/compact_index_client.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require "set"
 module Bundler
   class CompactIndexClient
-    DEBUG_MUTEX = Mutex.new
+    DEBUG_MUTEX = Thread::Mutex.new
     def self.debug
       return unless ENV["DEBUG_COMPACT_INDEX"]
       DEBUG_MUTEX.synchronize { warn("[#{self}] #{yield}") }
@@ -25,7 +25,7 @@ module Bundler
       @endpoints = Set.new
       @info_checksums_by_name = {}
       @parsed_checksums = false
-      @mutex = Mutex.new
+      @mutex = Thread::Mutex.new
     end
     def execution_mode=(block)

data/lib/bundler/definition.rb CHANGED Viewed

@@ -73,7 +73,6 @@ module Bundler
       @lockfile_contents      = String.new
       @locked_bundler_version = nil
       @locked_ruby_version    = nil
-      @locked_specs_incomplete_for_platform = false
       @new_platform = nil
       if lockfile && File.exist?(lockfile)
@@ -133,12 +132,14 @@ module Bundler
         @unlock[:gems] ||= @dependencies.map(&:name)
       else
         eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
-        @unlock[:gems] = @locked_specs.for(eager_unlock, false, false, false).map(&:name)
+        @unlock[:gems] = @locked_specs.for(eager_unlock, false, false).map(&:name)
       end
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
+      @locked_specs_incomplete_for_platform = !@locked_specs.for(requested_dependencies & expand_dependencies(locked_dependencies), true, true)
       @requires = compute_requires
     end
@@ -157,10 +158,6 @@ module Bundler
       end
     end
-    def multisource_allowed?
-      @multisource_allowed
-    end
     def resolve_only_locally!
       @remote = false
       sources.local_only!
@@ -185,15 +182,7 @@ module Bundler
     #
     # @return [Bundler::SpecSet]
     def specs
-      @specs ||= add_bundler_to(resolve.materialize(requested_dependencies))
-    rescue GemNotFound => e # Handle yanked gem
-      gem_name, gem_version = extract_gem_info(e)
-      locked_gem = @locked_specs[gem_name].last
-      raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote
-      raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
-                         "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
-                         "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
-                         "removed in order to install."
+      @specs ||= materialize(requested_dependencies)
     end
     def new_specs
@@ -205,9 +194,7 @@ module Bundler
     end
     def missing_specs
-      missing = []
-      resolve.materialize(requested_dependencies, missing)
-      missing
+      resolve.materialize(requested_dependencies).missing_specs
     end
     def missing_specs?
@@ -238,17 +225,22 @@ module Bundler
       end
     end
+    def locked_dependencies
+      @locked_deps.values
+    end
     def specs_for(groups)
-      groups = requested_groups if groups.empty?
+      return specs if groups.empty?
       deps = dependencies_for(groups)
-      add_bundler_to(resolve.materialize(expand_dependencies(deps)))
+      materialize(deps)
     end
     def dependencies_for(groups)
       groups.map!(&:to_sym)
-      current_dependencies.reject do |d|
+      deps = current_dependencies.reject do |d|
         (d.groups & groups).empty?
       end
+      expand_dependencies(deps)
     end
     # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -274,10 +266,6 @@ module Bundler
       end
     end
-    def has_rubygems_remotes?
-      sources.rubygems_sources.any? {|s| s.remotes.any? }
-    end
     def spec_git_paths
       sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
     end
@@ -376,44 +364,26 @@ module Bundler
       added.concat new_platforms.map {|p| "* platform: #{p}" }
       deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
-      gemfile_sources = sources.lock_sources
-      new_sources = gemfile_sources - @locked_sources
-      deleted_sources = @locked_sources - gemfile_sources
-      new_deps = @dependencies - @locked_deps.values
-      deleted_deps = @locked_deps.values - @dependencies
-      # Check if it is possible that the source is only changed thing
-      if (new_deps.empty? && deleted_deps.empty?) && (!new_sources.empty? && !deleted_sources.empty?)
-        new_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-        deleted_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-      end
-      if @locked_sources != gemfile_sources
-        if new_sources.any?
-          added.concat new_sources.map {|source| "* source: #{source}" }
-        end
-        if deleted_sources.any?
-          deleted.concat deleted_sources.map {|source| "* source: #{source}" }
-        end
-      end
+      new_deps = @dependencies - locked_dependencies
+      deleted_deps = locked_dependencies - @dependencies
       added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      if deleted_deps.any?
-        deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" }
-      end
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
       both_sources = Hash.new {|h, k| h[k] = [] }
       @dependencies.each {|d| both_sources[d.name][0] = d }
-      @locked_deps.each  {|name, d| both_sources[name][1] = d.source }
+      locked_dependencies.each {|d| both_sources[d.name][1] = d }
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
-      both_sources.each do |name, (dep, lock_source)|
-        next if lock_source.nil? || (dep && lock_source.can_lock?(dep))
-        gemfile_source_name = (dep && dep.source) || "no specified source"
-        lockfile_source_name = lock_source
-        changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
+        gemfile_source = dep.source || sources.default_source
+        lock_source = lock_dep.source || sources.default_source
+        next if lock_source.include?(gemfile_source)
+        gemfile_source_name = dep.source ? gemfile_source.identifier : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.identifier : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
       end
       reason = change_reason
@@ -493,7 +463,23 @@ module Bundler
     private
-    def add_bundler_to(specs)
+    def materialize(dependencies)
+      specs = resolve.materialize(dependencies)
+      missing_specs = specs.missing_specs
+      if missing_specs.any?
+        missing_specs.each do |s|
+          locked_gem = @locked_specs[s.name].last
+          next if locked_gem.nil? || locked_gem.version != s.version || !@remote
+          raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
+                             "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
+                             "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
+                             "removed in order to install."
+        end
+        raise GemNotFound, "Could not find #{missing_specs.map(&:full_name).join(", ")} in any of the sources"
+      end
       unless specs["bundler"].any?
         bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
         specs["bundler"] = bundler
@@ -503,7 +489,7 @@ module Bundler
     end
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
+      @remote && sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
     end
     def current_ruby_platform_locked?
@@ -558,7 +544,7 @@ module Bundler
     def dependencies_for_source_changed?(source, locked_source = source)
       deps_for_source = @dependencies.select {|s| s.source == source }
-      locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
+      locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
       deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
@@ -641,25 +627,14 @@ module Bundler
     end
     def converge_dependencies
-      frozen = Bundler.frozen_bundle?
-      (@dependencies + @locked_deps.values).each do |dep|
-        locked_source = @locked_deps[dep.name]
-        # This is to make sure that if bundler is installing in deployment mode and
-        # after locked_source and sources don't match, we still use locked_source.
-        if frozen && !locked_source.nil? &&
-            locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
-          dep.source = locked_source.source
-        elsif dep.source
+      changes = false
+      @dependencies.each do |dep|
+        if dep.source
           dep.source = sources.get(dep.source)
         end
-      end
-      changes = false
-      # We want to know if all match, but don't want to check all entries
-      # This means we need to return false if any dependency doesn't match
-      # the lock or doesn't exist in the lock.
-      @dependencies.each do |dependency|
-        unless locked_dep = @locked_deps[dependency.name]
+        unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
         end
@@ -670,11 +645,11 @@ module Bundler
         # directive, the lockfile dependencies and resolved dependencies end up
         # with a mismatch on #type. Work around that by setting the type on the
         # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dependency.type)
+        locked_dep.instance_variable_set(:@type, dep.type)
         # We already know the name matches from the hash lookup
         # so we only need to check the requirement now
-        changes ||= dependency.requirement != locked_dep.requirement
+        changes ||= dep.requirement != locked_dep.requirement
       end
       changes
@@ -684,39 +659,36 @@ module Bundler
     # commonly happen if the Gemfile has changed since the lockfile was last
     # generated
     def converge_locked_specs
-      deps = []
+      resolve = converge_specs(@locked_specs)
-      # Build a list of dependencies that are the same in the Gemfile
-      # and Gemfile.lock. If the Gemfile modified a dependency, but
-      # the gem in the Gemfile.lock still satisfies it, this is fine
-      # too.
-      @dependencies.each do |dep|
-        locked_dep = @locked_deps[dep.name]
+      diff = nil
-        # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep
-        locked_dep = nil unless locked_dep == dep
-        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
-          deps << dep
-        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
-          @locked_specs.each do |s|
-            @unlock[:gems] << s.name if s.source == dep.source
-          end
+      # Now, we unlock any sources that do not have anymore gems pinned to it
+      sources.all_sources.each do |source|
+        next unless source.respond_to?(:unlock!)
-          dep.source.unlock! if dep.source.respond_to?(:unlock!)
-          dep.source.specs.each {|s| @unlock[:gems] << s.name }
+        unless resolve.any? {|s| s.source == source }
+          diff ||= @locked_specs.to_a - resolve.to_a
+          source.unlock! if diff.any? {|s| s.source == source }
         end
       end
+      resolve
+    end
+    def converge_specs(specs)
+      deps = []
       converged = []
-      @locked_specs.each do |s|
+      specs.each do |s|
         # Replace the locked dependency's source with the equivalent source from the Gemfile
         dep = @dependencies.find {|d| s.satisfies?(d) }
-        s.source = (dep && dep.source) || sources.get(s.source)
-        # Don't add a spec to the list if its source is expired. For example,
-        # if you change a Git gem to RubyGems.
-        next if s.source.nil?
+        if dep && (!dep.source || s.source.include?(dep.source))
+          deps << dep
+        end
+        s.source = (dep && dep.source) || sources.get(s.source) || sources.default_source unless Bundler.frozen_bundle?
         next if @unlock[:sources].include?(s.source.name)
         # If the spec is from a path source and it doesn't exist anymore
@@ -729,8 +701,8 @@ module Bundler
           rescue PathError, GitError
             # if we won't need the source (according to the lockfile),
             # don't error if the path/git source isn't available
-            next if @locked_specs.
-                    for(requested_dependencies, false, true, false).
+            next if specs.
+                    for(requested_dependencies, false, true).
                     none? {|locked_spec| locked_spec.source == s.source }
             raise
@@ -745,36 +717,15 @@ module Bundler
           s.dependencies.replace(new_spec.dependencies)
         end
-        converged << s
-      end
-      resolve = SpecSet.new(converged)
-      @locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), true, true)
-      resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
-      diff    = nil
-      # Now, we unlock any sources that do not have anymore gems pinned to it
-      sources.all_sources.each do |source|
-        next unless source.respond_to?(:unlock!)
-        unless resolve.any? {|s| s.source == source }
-          diff ||= @locked_specs.to_a - resolve.to_a
-          source.unlock! if diff.any? {|s| s.source == source }
+        if dep.nil? && requested_dependencies.find {|d| s.name == d.name }
+          @unlock[:gems] << s.name
+        else
+          converged << s
         end
       end
-      resolve
-    end
-    def in_locked_deps?(dep, locked_dep)
-      # Because the lockfile can't link a dep to a specific remote, we need to
-      # treat sources as equivalent anytime the locked dep has all the remotes
-      # that the Gemfile dep does.
-      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
-    end
-    def satisfies_locked_spec?(dep)
-      @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+      resolve = SpecSet.new(converged)
+      SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
     end
     def metadata_dependencies
@@ -854,12 +805,6 @@ module Bundler
       current == proposed
     end
-    def extract_gem_info(error)
-      # This method will extract the error message like "Could not find foo-1.2.3 in any of the sources"
-      # to an array. The first element will be the gem name (e.g. foo), the second will be the version number.
-      error.message.scan(/Could not find (\w+)-(\d+(?:\.\d+)+)/).flatten
-    end
     def compute_requires
       dependencies.reduce({}) do |requires, dep|
         next requires unless dep.should_include?
@@ -873,22 +818,11 @@ module Bundler
     def additional_base_requirements_for_resolve
       return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
-      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
-      @locked_gems.specs.reduce({}) do |requirements, locked_spec|
+      converge_specs(@locked_gems.specs).map do |locked_spec|
         name = locked_spec.name
-        dependency = dependencies_by_name[name]
-        next requirements if @locked_gems.dependencies[name] != dependency
-        next requirements if dependency && dependency.source.is_a?(Source::Path)
         dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
-        requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
-        requirements
-      end.values
-    end
-    def equivalent_rubygems_remotes?(source)
-      return false unless source.is_a?(Source::Rubygems)
-      Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
+        DepProxy.get_proxy(dep, locked_spec.platform)
+      end
     end
     def source_map

data/lib/bundler/digest.rb ADDED Viewed

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+# This code was extracted from https://github.com/Solistra/ruby-digest which is under public domain
+module Bundler
+  module Digest
+    # The initial constant values for the 32-bit constant words A, B, C, D, and
+    # E, respectively.
+    SHA1_WORDS = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0].freeze
+    # The 8-bit field used for bitwise `AND` masking. Defaults to `0xFFFFFFFF`.
+    SHA1_MASK = 0xFFFFFFFF
+    class << self
+      def sha1(string)
+        unless string.is_a?(String)
+          raise TypeError, "can't convert #{string.class.inspect} into String"
+        end
+        buffer = string.b
+        words = SHA1_WORDS.dup
+        generate_split_buffer(buffer) do |chunk|
+          w = []
+          chunk.each_slice(4) do |a, b, c, d|
+            w << (((a << 8 | b) << 8 | c) << 8 | d)
+          end
+          a, b, c, d, e = *words
+          (16..79).each do |i|
+            w[i] = SHA1_MASK & rotate((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1)
+          end
+          0.upto(79) do |i|
+            case i
+            when  0..19
+              f = ((b & c) | (~b & d))
+              k = 0x5A827999
+            when 20..39
+              f = (b ^ c ^ d)
+              k = 0x6ED9EBA1
+            when 40..59
+              f = ((b & c) | (b & d) | (c & d))
+              k = 0x8F1BBCDC
+            when 60..79
+              f = (b ^ c ^ d)
+              k = 0xCA62C1D6
+            end
+            t = SHA1_MASK & (SHA1_MASK & rotate(a, 5) + f + e + k + w[i])
+            a, b, c, d, e = t, a, SHA1_MASK & rotate(b, 30), c, d # rubocop:disable Style/ParallelAssignment
+          end
+          mutated = [a, b, c, d, e]
+          words.map!.with_index {|word, index| SHA1_MASK & (word + mutated[index]) }
+        end
+        words.pack("N*").unpack("H*").first
+      end
+      private
+      def generate_split_buffer(string, &block)
+        size   = string.bytesize * 8
+        buffer = string.bytes << 128
+        buffer << 0 while buffer.size % 64 != 56
+        buffer.concat([size].pack("Q>").bytes)
+        buffer.each_slice(64, &block)
+      end
+      def rotate(value, spaces)
+        value << spaces | value >> (32 - spaces)
+      end
+    end
+  end
+end

data/lib/bundler/dsl.rb CHANGED Viewed

@@ -18,6 +18,8 @@ module Bundler
     VALID_KEYS = %w[group groups git path glob name branch ref tag require submodules
                     platform platforms type source install_if gemfile].freeze
+    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}.freeze
     attr_reader :gemspecs
     attr_accessor :dependencies
@@ -278,8 +280,17 @@ module Bundler
         warn_deprecated_git_source(:github, <<-'RUBY'.strip, 'Change any "reponame" :github sources to "username/reponame".')
 "https://github.com/#{repo_name}.git"
         RUBY
-        repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-        "https://github.com/#{repo_name}.git"
+        if repo_name =~ GITHUB_PULL_REQUEST_URL
+          {
+            "git" => "https://github.com/#{$1}.git",
+            "branch" => "refs/pull/#{$2}/head",
+            "ref" => nil,
+            "tag" => nil,
+          }
+        else
+          repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
+          "https://github.com/#{repo_name}.git"
+        end
       end
       git_source(:gist) do |repo_name|
@@ -365,7 +376,11 @@ repo_name ||= user_name
       git_name = (git_names & opts.keys).last
       if @git_sources[git_name]
-        opts["git"] = @git_sources[git_name].call(opts[git_name])
+        git_opts = @git_sources[git_name].call(opts[git_name])
+        git_opts = { "git" => git_opts } if git_opts.is_a?(String)
+        opts.merge!(git_opts) do |key, _gemfile_value, _git_source_value|
+          raise GemfileError, %(The :#{key} option can't be used with `#{git_name}: #{opts[git_name].inspect}`)
+        end
       end
       %w[git path].each do |type|
@@ -447,8 +462,21 @@ repo_name ||= user_name
     end
     def check_rubygems_source_safety
-      return unless @sources.aggregate_global_source?
+      if @sources.implicit_global_source?
+        implicit_global_source_warning
+      elsif @sources.aggregate_global_source?
+        multiple_global_source_warning
+      end
+    end
+    def implicit_global_source_warning
+      Bundler::SharedHelpers.major_deprecation 2, "This Gemfile does not include an explicit global source. " \
+        "Not using an explicit global source may result in a different lockfile being generated depending on " \
+        "the gems you have installed locally before bundler is run. " \
+        "Instead, define a global source in your Gemfile like this: source \"https://rubygems.org\"."
+    end
+    def multiple_global_source_warning
       if Bundler.feature_flag.bundler_3_mode?
         msg = "This Gemfile contains multiple primary sources. " \
           "Each source after the first must include a block to indicate which gems " \

data/lib/bundler/environment_preserver.rb CHANGED Viewed

@@ -38,7 +38,10 @@ module Bundler
     # Replaces `ENV` with the bundler environment variables backed up
     def replace_with_backup
-      ENV.replace(backup) unless Gem.win_platform?
+      unless Gem.win_platform?
+        ENV.replace(backup)
+        return
+      end
       # Fallback logic for Windows below to workaround
       # https://bugs.ruby-lang.org/issues/16798. Can be dropped once all