bundler 2.2.24 → 2.2.33

data/lib/bundler/man/gemfile.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GEMFILE" "5" "June 2021" "" ""
+.TH "GEMFILE" "5" "December 2021" "" ""
 .
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
@@ -506,6 +506,32 @@ gem "rails", :git => "git://github\.com/rails/rails\.git"
 .P
 Since the \fBgithub\fR method is a specialization of \fBgit_source\fR, it accepts a \fB:branch\fR named argument\.
 .
+.P
+You can also directly pass a pull request URL:
+.
+.IP "" 4
+.
+.nf
+
+gem "rails", :github => "https://github\.com/rails/rails/pull/43753"
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Which is equivalent to:
+.
+.IP "" 4
+.
+.nf
+
+gem "rails", :github => "rails/rails", branch: "refs/pull/43753/head"
+.
+.fi
+.
+.IP "" 0
+.
 .SS "GIST"
 If the git repository you want to use is hosted as a Github Gist and is public, you can use the :gist shorthand to specify the gist identifier (without the trailing "\.git")\.
 .

data/lib/bundler/man/gemfile.5.ronn

@@ -372,6 +372,14 @@ Are both equivalent to
 
 Since the `github` method is a specialization of `git_source`, it accepts a `:branch` named argument.
 
+You can also directly pass a pull request URL:
+
+    gem "rails", :github => "https://github.com/rails/rails/pull/43753"
+
+Which is equivalent to:
+
+    gem "rails", :github => "rails/rails", branch: "refs/pull/43753/head"
+
 ### GIST
 
 If the git repository you want to use is hosted as a Github Gist and is public, you can use

data/lib/bundler/plugin/api/source.rb

@@ -283,6 +283,7 @@ module Bundler
         def to_s
           "plugin source for #{@type} with uri #{@uri}"
         end
+        alias_method :identifier, :to_s
 
         # Note: Do not override if you don't know what you are doing.
         def include?(other)

data/lib/bundler/plugin/installer.rb

@@ -81,6 +81,8 @@ module Bundler
 
         deps = names.map {|name| Dependency.new name, version }
 
+        Bundler.configure_gem_home_and_path(Plugin.root)
+
         definition = Definition.new(nil, deps, source_list, true)
         install_definition(definition)
       end

data/lib/bundler/plugin.rb

@@ -13,6 +13,7 @@ module Bundler
     class MalformattedPlugin < PluginError; end
     class UndefinedCommandError < PluginError; end
     class UnknownSourceError < PluginError; end
+    class PluginInstallError < PluginError; end
 
     PLUGIN_FILE_NAME = "plugins.rb".freeze
 
@@ -38,12 +39,11 @@ module Bundler
       specs = Installer.new.install(names, options)
 
       save_plugins names, specs
-    rescue PluginError => e
+    rescue PluginError
       specs_to_delete = specs.select {|k, _v| names.include?(k) && !index.commands.values.include?(k) }
       specs_to_delete.each_value {|spec| Bundler.rm_rf(spec.full_gem_path) }
 
-      names_list = names.map {|name| "`#{name}`" }.join(", ")
-      Bundler.ui.error "Failed to install the following plugins: #{names_list}. The underlying error was: #{e.message}.\n #{e.backtrace.join("\n ")}"
+      raise
     end
 
     # Uninstalls plugins by the given names
@@ -245,10 +245,11 @@ module Bundler
     # @param [Array<String>] names of inferred source plugins that can be ignored
     def save_plugins(plugins, specs, optional_plugins = [])
       plugins.each do |name|
+        next if index.installed?(name)
+
         spec = specs[name]
-        validate_plugin! Pathname.new(spec.full_gem_path)
-        installed = register_plugin(name, spec, optional_plugins.include?(name))
-        Bundler.ui.info "Installed plugin #{name}" if installed
+
+        save_plugin(name, spec, optional_plugins.include?(name))
       end
     end
 
@@ -263,6 +264,22 @@ module Bundler
       raise MalformattedPlugin, "#{PLUGIN_FILE_NAME} was not found in the plugin." unless plugin_file.file?
     end
 
+    # Validates and registers a plugin.
+    #
+    # @param [String] name the name of the plugin
+    # @param [Specification] spec of installed plugin
+    # @param [Boolean] optional_plugin, removed if there is conflict with any
+    #                     other plugin (used for default source plugins)
+    #
+    # @raise [PluginInstallError] if validation or registration raises any error
+    def save_plugin(name, spec, optional_plugin = false)
+      validate_plugin! Pathname.new(spec.full_gem_path)
+      installed = register_plugin(name, spec, optional_plugin)
+      Bundler.ui.info "Installed plugin #{name}" if installed
+    rescue PluginError => e
+      raise PluginInstallError, "Failed to install plugin `#{spec.name}`, due to #{e.class} (#{e.message})"
+    end
+
     # Runs the plugins.rb file in an isolated namespace, records the plugin
     # actions it registers for and then passes the data to index to be stored.
     #

data/lib/bundler/resolver.rb

@@ -30,10 +30,8 @@ module Bundler
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
       @base_dg = Molinillo::DependencyGraph.new
-      aggregate_global_source = @source_requirements[:default].is_a?(Source::RubygemsAggregate)
       @base.each do |ls|
         dep = Dependency.new(ls.name, ls.version)
-        ls.source = source_for(ls.name) unless aggregate_global_source
         @base_dg.add_vertex(ls.name, DepProxy.get_proxy(dep, ls.platform), true)
       end
       additional_base_requirements.each {|d| @base_dg.add_vertex(d.name, d) }
@@ -255,12 +253,6 @@ module Bundler
         next if name == "bundler"
         next unless search_for(requirement).empty?
 
-        cache_message = begin
-                            " or in gems cached in #{Bundler.settings.app_cache_path}" if Bundler.app_cache.exist?
-                          rescue GemfileNotFound
-                            nil
-                          end
-
         if (base = @base[name]) && !base.empty?
           version = base.first.version
           message = "You have requested:\n" \
@@ -269,18 +261,17 @@ module Bundler
             "Try running `bundle update #{name}`\n\n" \
             "If you are updating multiple gems in your Gemfile at once,\n" \
             "try passing them all to `bundle update`"
-        elsif source = @source_requirements[name]
+        else
+          source = source_for(name)
           specs = source.specs.search(name)
           versions_with_platforms = specs.map {|s| [s.version, s.platform] }
+          cache_message = begin
+                              " or in gems cached in #{Bundler.settings.app_cache_path}" if Bundler.app_cache.exist?
+                            rescue GemfileNotFound
+                              nil
+                            end
           message = String.new("Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in #{source}#{cache_message}.\n")
-          message << if versions_with_platforms.any?
-            "The source contains the following versions of '#{name}': #{formatted_versions_with_platforms(versions_with_platforms)}"
-          else
-            "The source does not contain any versions of '#{name}'"
-          end
-        else
-          message = "Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in any of the gem sources " \
-            "listed in your Gemfile#{cache_message}."
+          message << "The source contains the following versions of '#{name}': #{formatted_versions_with_platforms(versions_with_platforms)}" if versions_with_platforms.any?
         end
         raise GemNotFound, message
       end

data/lib/bundler/rubygems_ext.rb

@@ -85,6 +85,10 @@ module Gem
       dependencies - development_dependencies
     end
 
+    def deleted_gem?
+      !default_gem? && !File.directory?(full_gem_path)
+    end
+
     private
 
     def dependencies_to_gemfile(dependencies, group = nil)

data/lib/bundler/rubygems_gem_installer.rb

@@ -16,10 +16,12 @@ module Bundler
       spec.loaded_from = spec_file
 
       # Completely remove any previous gem files
-      FileUtils.rm_rf gem_dir
-      FileUtils.rm_rf spec.extension_dir
+      strict_rm_rf gem_dir
+      strict_rm_rf spec.extension_dir
 
-      FileUtils.mkdir_p gem_dir, :mode => 0o755
+      SharedHelpers.filesystem_access(gem_dir, :create) do
+        FileUtils.mkdir_p gem_dir, :mode => 0o755
+      end
 
       extract_files
 
@@ -31,7 +33,10 @@ module Bundler
       generate_plugins
 
       write_spec
-      write_cache_file
+
+      SharedHelpers.filesystem_access("#{gem_home}/cache", :write) do
+        write_cache_file
+      end
 
       say spec.post_install_message unless spec.post_install_message.nil?
 
@@ -61,7 +66,10 @@ module Bundler
 
     def build_extensions
       extension_cache_path = options[:bundler_extension_cache_path]
-      return super unless extension_cache_path && extension_dir = spec.extension_dir
+      unless extension_cache_path && extension_dir = spec.extension_dir
+        require "shellwords" # compensate missing require in rubygems before version 3.2.25
+        return super
+      end
 
       extension_dir = Pathname.new(extension_dir)
       build_complete = SharedHelpers.filesystem_access(extension_cache_path.join("gem.build_complete"), :read, &:file?)
@@ -71,6 +79,7 @@ module Bundler
           FileUtils.cp_r extension_cache_path, spec.extension_dir
         end
       else
+        require "shellwords" # compensate missing require in rubygems before version 3.2.25
         super
         if extension_dir.directory? # not made for gems without extensions
           SharedHelpers.filesystem_access(extension_cache_path.parent, &:mkpath)
@@ -83,6 +92,17 @@ module Bundler
 
     private
 
+    def strict_rm_rf(dir)
+      # FileUtils.rm_rf should probably rise in case of permission issues like
+      # `rm -rf` does. However, it fails to delete the folder silently due to
+      # https://github.com/ruby/fileutils/issues/57. It should probably be fixed
+      # inside `fileutils` but for now I`m checking whether the folder was
+      # removed after it completes, and raising otherwise.
+      FileUtils.rm_rf dir
+
+      raise PermissionError.new(dir, :delete) if File.directory?(dir)
+    end
+
     def validate_bundler_checksum(checksum)
       return true if Bundler.settings[:disable_checksum_validation]
       return true unless checksum

data/lib/bundler/rubygems_integration.rb

@@ -34,10 +34,12 @@ module Bundler
     end
 
     def build_args
+      require "rubygems/command"
       Gem::Command.build_args
     end
 
     def build_args=(args)
+      require "rubygems/command"
       Gem::Command.build_args = args
     end
 
@@ -84,16 +86,12 @@ module Bundler
     def spec_missing_extensions?(spec, default = true)
       return spec.missing_extensions? if spec.respond_to?(:missing_extensions?)
 
-      return false if spec_default_gem?(spec)
+      return false if spec.default_gem?
       return false if spec.extensions.empty?
 
       default
     end
 
-    def spec_default_gem?(spec)
-      spec.respond_to?(:default_gem?) && spec.default_gem?
-    end
-
     def spec_matches_for_glob(spec, glob)
       return spec.matches_for_glob(glob) if spec.respond_to?(:matches_for_glob)
 
@@ -502,14 +500,15 @@ module Bundler
     end
 
     def fetch_specs(remote, name)
+      require "rubygems/remote_fetcher"
       path = remote.uri.to_s + "#{name}.#{Gem.marshal_version}.gz"
       fetcher = gem_remote_fetcher
       fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri
       string = fetcher.fetch_path(path)
       Bundler.load_marshal(string)
-    rescue Gem::RemoteFetcher::FetchError => e
+    rescue Gem::RemoteFetcher::FetchError
       # it's okay for prerelease to fail
-      raise e unless name == "prerelease_specs"
+      raise unless name == "prerelease_specs"
     end
 
     def fetch_all_remote_specs(remote)
@@ -519,12 +518,32 @@ module Bundler
       specs.concat(pres)
     end
 
-    def download_gem(spec, uri, path)
+    def download_gem(spec, uri, cache_dir)
+      require "rubygems/remote_fetcher"
       uri = Bundler.settings.mirror_for(uri)
       fetcher = gem_remote_fetcher
       fetcher.headers = { "X-Gemfile-Source" => spec.remote.original_uri.to_s } if spec.remote.original_uri
       Bundler::Retry.new("download gem from #{uri}").attempts do
-        fetcher.download(spec, uri, path)
+        gem_file_name = spec.file_name
+        local_gem_path = File.join cache_dir, gem_file_name
+        return if File.exist? local_gem_path
+
+        begin
+          remote_gem_path = uri + "gems/#{gem_file_name}"
+          remote_gem_path = remote_gem_path.to_s if provides?("< 3.2.0.rc.1")
+
+          SharedHelpers.filesystem_access(local_gem_path) do
+            fetcher.cache_update_path remote_gem_path, local_gem_path
+          end
+        rescue Gem::RemoteFetcher::FetchError
+          raise if spec.original_platform == spec.platform
+
+          original_gem_file_name = "#{spec.original_name}.gem"
+          raise if gem_file_name == original_gem_file_name
+
+          gem_file_name = original_gem_file_name
+          retry
+        end
       end
     rescue Gem::RemoteFetcher::FetchError => e
       raise Bundler::HTTPError, "Could not download gem from #{uri} due to underlying error <#{e.message}>"

data/lib/bundler/runtime.rb

@@ -22,10 +22,6 @@ module Bundler
 
       # Activate the specs
       load_paths = specs.map do |spec|
-        unless spec.loaded_from
-          raise GemNotFound, "#{spec.full_name} is missing. Run `bundle install` to get it."
-        end
-
         check_for_activated_spec!(spec)
 
         Bundler.rubygems.mark_loaded(spec)
@@ -104,7 +100,7 @@ module Bundler
 
     alias_method :gems, :specs
 
-    def cache(custom_path = nil)
+    def cache(custom_path = nil, local = false)
       cache_path = Bundler.app_cache(custom_path)
       SharedHelpers.filesystem_access(cache_path) do |p|
         FileUtils.mkdir_p(p)
@@ -112,7 +108,20 @@ module Bundler
 
       Bundler.ui.info "Updating files in #{Bundler.settings.app_cache_path}"
 
-      specs_to_cache = Bundler.settings[:cache_all_platforms] ? @definition.resolve.materialized_for_all_platforms : specs
+      specs_to_cache = if Bundler.settings[:cache_all_platforms]
+        @definition.resolve.materialized_for_all_platforms
+      else
+        begin
+          specs
+        rescue GemNotFound
+          if local
+            Bundler.ui.warn "Some gems seem to be missing from your #{Bundler.settings.app_cache_path} directory."
+          end
+
+          raise
+        end
+      end
+
       specs_to_cache.each do |spec|
         next if spec.name == "bundler"
         next if spec.source.is_a?(Source::Gemspec)
@@ -256,7 +265,7 @@ module Bundler
 
       return if manuals.empty?
       Bundler::SharedHelpers.set_env "MANPATH", manuals.concat(
-        ENV["MANPATH"].to_s.split(File::PATH_SEPARATOR)
+        ENV["MANPATH"] ? ENV["MANPATH"].to_s.split(File::PATH_SEPARATOR) : [""]
       ).uniq.join(File::PATH_SEPARATOR)
     end
 
@@ -282,7 +291,7 @@ module Bundler
       return unless activated_spec = Bundler.rubygems.loaded_specs(spec.name)
       return if activated_spec.version == spec.version
 
-      suggestion = if Bundler.rubygems.spec_default_gem?(activated_spec)
+      suggestion = if activated_spec.default_gem?
         "Since #{spec.name} is a default gem, you can either remove your dependency on it" \
         " or try updating to a newer version of bundler that supports #{spec.name} as a default gem."
       else

data/lib/bundler/settings.rb

@@ -419,7 +419,15 @@ module Bundler
       elsif is_credential(key)
         "[REDACTED]"
       elsif is_userinfo(converted)
-        converted.gsub(/:.*$/, ":[REDACTED]")
+        username, pass = converted.split(":", 2)
+
+        if pass == "x-oauth-basic"
+          username = "[REDACTED]"
+        else
+          pass = "[REDACTED]"
+        end
+
+        [username, pass].join(":")
       else
         converted
       end
@@ -428,6 +436,10 @@ module Bundler
     def global_config_file
       if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
         Pathname.new(ENV["BUNDLE_CONFIG"])
+      elsif ENV["BUNDLE_USER_CONFIG"] && !ENV["BUNDLE_USER_CONFIG"].empty?
+        Pathname.new(ENV["BUNDLE_USER_CONFIG"])
+      elsif ENV["BUNDLE_USER_HOME"] && !ENV["BUNDLE_USER_HOME"].empty?
+        Pathname.new(ENV["BUNDLE_USER_HOME"]).join("config")
       elsif Bundler.rubygems.user_home && !Bundler.rubygems.user_home.empty?
         Pathname.new(Bundler.rubygems.user_home).join(".bundle/config")
       end

data/lib/bundler/setup.rb

@@ -9,10 +9,10 @@ if Bundler::SharedHelpers.in_bundle?
     begin
       Bundler.ui.silence { Bundler.setup }
     rescue Bundler::BundlerError => e
-      Bundler.ui.warn "\e[31m#{e.message}\e[0m"
+      Bundler.ui.error e.message
       Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
       if e.is_a?(Bundler::GemNotFound)
-        Bundler.ui.warn "\e[33mRun `bundle install` to install missing gems.\e[0m"
+        Bundler.ui.warn "Run `bundle install` to install missing gems."
       end
       exit e.status_code
     end

data/lib/bundler/shared_helpers.rb

@@ -152,13 +152,6 @@ module Bundler
       Bundler.ui.warn message
     end
 
-    def trap(signal, override = false, &block)
-      prior = Signal.trap(signal) do
-        block.call
-        prior.call unless override
-      end
-    end
-
     def ensure_same_dependencies(spec, old_deps, new_deps)
       new_deps = new_deps.reject {|d| d.type == :development }
       old_deps = old_deps.reject {|d| d.type == :development }
@@ -327,12 +320,11 @@ module Bundler
     end
 
     def clean_load_path
-      bundler_lib = bundler_ruby_lib
-
       loaded_gem_paths = Bundler.rubygems.loaded_gem_paths
 
       $LOAD_PATH.reject! do |p|
-        next if resolve_path(p).start_with?(bundler_lib)
+        resolved_path = resolve_path(p)
+        next if $LOADED_FEATURES.any? {|lf| lf.start_with?(resolved_path) }
         loaded_gem_paths.delete(p)
       end
       $LOAD_PATH.uniq!

data/lib/bundler/source/git/git_proxy.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "shellwords"
-
 module Bundler
   class Source
     class Git
@@ -58,7 +56,6 @@ module Bundler
           @ref      = ref
           @revision = revision
           @git      = git
-          raise GitNotInstalledError.new if allow? && !Bundler.git_present?
         end
 
         def revision
@@ -98,12 +95,12 @@ module Bundler
             SharedHelpers.filesystem_access(path.dirname) do |p|
               FileUtils.mkdir_p(p)
             end
-            git_retry "clone", configured_uri, path.to_s, "--bare", "--no-hardlinks", "--quiet"
+            git_retry "clone", "--bare", "--no-hardlinks", "--quiet", "--", configured_uri, path.to_s
             return unless extra_ref
           end
 
           with_path do
-            git_retry(*["fetch", "--force", "--quiet", "--tags", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path)
+            git_retry(*["fetch", "--force", "--quiet", "--tags", "--", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path)
           end
         end
 
@@ -210,7 +207,11 @@ module Bundler
         end
 
         def allow?
-          @git ? @git.allow_git_ops? : true
+          allowed = @git ? @git.allow_git_ops? : true
+
+          raise GitNotInstalledError.new if allowed && !Bundler.git_present?
+
+          allowed
         end
 
         def with_path(&blk)
@@ -224,6 +225,7 @@ module Bundler
         end
 
         def check_allowed(command)
+          require "shellwords"
           command_with_no_credentials = URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
           raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
           command_with_no_credentials

data/lib/bundler/source/git.rb

@@ -42,7 +42,7 @@ module Bundler
         %w[ref branch tag submodules].each do |opt|
           out << "  #{opt}: #{options[opt]}\n" if options[opt]
         end
-        out << "  glob: #{@glob}\n" unless @glob == DEFAULT_GLOB
+        out << "  glob: #{@glob}\n" unless default_glob?
         out << "  specs:\n"
       end
 
@@ -75,12 +75,20 @@ module Bundler
             git_proxy.branch
           end
 
-          rev = " (at #{at}@#{shortref_for_display(revision)})"
+          rev = "at #{at}@#{shortref_for_display(revision)}"
         rescue GitError
           ""
         end
 
-        "#{@safe_uri}#{rev}"
+        specifiers = [rev, glob_for_display].compact
+        suffix =
+          if specifiers.any?
+            " (#{specifiers.join(", ")})"
+          else
+            ""
+          end
+
+        "#{@safe_uri}#{suffix}"
       end
 
       def name
@@ -282,6 +290,14 @@ module Bundler
         ref[0..11]
       end
 
+      def glob_for_display
+        default_glob? ? nil : "glob: #{@glob}"
+      end
+
+      def default_glob?
+        @glob == DEFAULT_GLOB
+      end
+
       def uri_hash
         if uri =~ %r{^\w+://(\w+@)?}
           # Downcase the domain component of the URI
@@ -291,7 +307,9 @@ module Bundler
           # If there is no URI scheme, assume it is an ssh/git URI
           input = uri
         end
-        SharedHelpers.digest(:SHA1).hexdigest(input)
+        # We use SHA1 here for historical reason and to preserve backward compatibility.
+        # But a transition to a simpler mangling algorithm would be welcome.
+        Bundler::Digest.sha1(input)
       end
 
       def cached_revision