bundler 2.2.24 → 2.3.7

data/lib/bundler/self_manager.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+
+module Bundler
+  #
+  # This class handles installing and switching to the version of bundler needed
+  # by an application.
+  #
+  class SelfManager
+    def restart_with_locked_bundler_if_needed
+      return unless needs_switching? && installed?
+
+      restart_with(lockfile_version)
+    end
+
+    def install_locked_bundler_and_restart_with_it_if_needed
+      return unless needs_switching?
+
+      Bundler.ui.info \
+        "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
+        "Installing Bundler #{lockfile_version} and restarting using that version."
+
+      install_and_restart_with(lockfile_version)
+    end
+
+    def update_bundler_and_restart_with_it_if_needed(target)
+      return unless autoswitching_applies?
+
+      spec = resolve_update_version_from(target)
+      return unless spec
+
+      version = spec.version
+
+      Bundler.ui.info "Updating bundler to #{version}."
+
+      install(spec)
+
+      restart_with(version)
+    end
+
+    private
+
+    def install_and_restart_with(version)
+      requirement = Gem::Requirement.new(version)
+      spec = find_latest_matching_spec(requirement)
+
+      if spec.nil?
+        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
+        return
+      end
+
+      install(spec)
+    rescue StandardError => e
+      Bundler.ui.trace e
+      Bundler.ui.warn "There was an error installing the locked bundler version (#{lockfile_version}), rerun with the `--verbose` flag for more details. Going on using bundler #{current_version}."
+    else
+      restart_with(version)
+    end
+
+    def install(spec)
+      spec.source.install(spec)
+    end
+
+    def restart_with(version)
+      configured_gem_home = ENV["GEM_HOME"]
+      configured_gem_path = ENV["GEM_PATH"]
+
+      cmd = [$PROGRAM_NAME, *ARGV]
+      cmd.unshift(Gem.ruby) unless File.executable?($PROGRAM_NAME)
+
+      Bundler.with_original_env do
+        Kernel.exec(
+          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => version.to_s },
+          *cmd
+        )
+      end
+    end
+
+    def needs_switching?
+      autoswitching_applies? &&
+        released?(lockfile_version) &&
+        !running?(lockfile_version) &&
+        !updating?
+    end
+
+    def autoswitching_applies?
+      ENV["BUNDLER_VERSION"].nil? &&
+        Bundler.rubygems.supports_bundler_trampolining? &&
+        SharedHelpers.in_bundle? &&
+        lockfile_version
+    end
+
+    def resolve_update_version_from(target)
+      requirement = Gem::Requirement.new(target)
+      update_candidate = find_latest_matching_spec(requirement)
+
+      if update_candidate.nil?
+        raise InvalidOption, "The `bundle update --bundler` target version (#{target}) does not exist"
+      end
+
+      resolved_version = update_candidate.version
+      needs_update = requirement.specific? ? !running?(resolved_version) : running_older_than?(resolved_version)
+
+      return unless needs_update
+
+      update_candidate
+    end
+
+    def local_specs
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+    end
+
+    def remote_specs
+      @remote_specs ||= begin
+        source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
+        source.remote!
+        source.add_dependency_names("bundler")
+        source.specs
+      end
+    end
+
+    def find_latest_matching_spec(requirement)
+      local_result = find_latest_matching_spec_from_collection(local_specs, requirement)
+      return local_result if local_result && requirement.specific?
+
+      remote_result = find_latest_matching_spec_from_collection(remote_specs, requirement)
+      return remote_result if local_result.nil?
+
+      [local_result, remote_result].max
+    end
+
+    def find_latest_matching_spec_from_collection(specs, requirement)
+      specs.sort.reverse_each.find {|spec| requirement.satisfied_by?(spec.version) }
+    end
+
+    def running?(version)
+      version == current_version
+    end
+
+    def running_older_than?(version)
+      current_version < version
+    end
+
+    def released?(version)
+      !version.to_s.end_with?(".dev")
+    end
+
+    def updating?
+      "update".start_with?(ARGV.first || " ") && ARGV[1..-1].any? {|a| a.start_with?("--bundler") }
+    end
+
+    def installed?
+      Bundler.configure
+
+      Bundler.rubygems.find_bundler(lockfile_version.to_s)
+    end
+
+    def current_version
+      @current_version ||= Gem::Version.new(Bundler::VERSION)
+    end
+
+    def lockfile_version
+      return @lockfile_version if defined?(@lockfile_version)
+
+      parsed_version = Bundler::LockfileParser.bundled_with
+      @lockfile_version = parsed_version ? Gem::Version.new(parsed_version) : nil
+    end
+  end
+end

data/lib/bundler/settings.rb

@@ -219,6 +219,7 @@ module Bundler
     def path
       configs.each do |_level, settings|
         path = value_for("path", settings)
+        path = "vendor/bundle" if value_for("deployment", settings) && path.nil?
         path_system = value_for("path.system", settings)
         disabled_shared_gems = value_for("disable_shared_gems", settings)
         next if path.nil? && path_system.nil? && disabled_shared_gems.nil?
@@ -366,7 +367,7 @@ module Bundler
 
     def to_array(value)
       return [] unless value
-      value.split(":").map(&:to_sym)
+      value.tr(" ", ":").split(":").map(&:to_sym)
     end
 
     def array_to_s(array)
@@ -419,7 +420,15 @@ module Bundler
       elsif is_credential(key)
         "[REDACTED]"
       elsif is_userinfo(converted)
-        converted.gsub(/:.*$/, ":[REDACTED]")
+        username, pass = converted.split(":", 2)
+
+        if pass == "x-oauth-basic"
+          username = "[REDACTED]"
+        else
+          pass = "[REDACTED]"
+        end
+
+        [username, pass].join(":")
       else
         converted
       end
@@ -428,6 +437,10 @@ module Bundler
     def global_config_file
       if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
         Pathname.new(ENV["BUNDLE_CONFIG"])
+      elsif ENV["BUNDLE_USER_CONFIG"] && !ENV["BUNDLE_USER_CONFIG"].empty?
+        Pathname.new(ENV["BUNDLE_USER_CONFIG"])
+      elsif ENV["BUNDLE_USER_HOME"] && !ENV["BUNDLE_USER_HOME"].empty?
+        Pathname.new(ENV["BUNDLE_USER_HOME"]).join("config")
       elsif Bundler.rubygems.user_home && !Bundler.rubygems.user_home.empty?
         Pathname.new(Bundler.rubygems.user_home).join(".bundle/config")
       end

data/lib/bundler/setup.rb

@@ -9,10 +9,10 @@ if Bundler::SharedHelpers.in_bundle?
     begin
       Bundler.ui.silence { Bundler.setup }
     rescue Bundler::BundlerError => e
-      Bundler.ui.warn "\e[31m#{e.message}\e[0m"
+      Bundler.ui.error e.message
       Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
       if e.is_a?(Bundler::GemNotFound)
-        Bundler.ui.warn "\e[33mRun `bundle install` to install missing gems.\e[0m"
+        Bundler.ui.warn "Run `bundle install` to install missing gems."
       end
       exit e.status_code
     end

data/lib/bundler/shared_helpers.rb

@@ -109,7 +109,7 @@ module Bundler
       raise VirtualProtocolError.new
     rescue Errno::ENOSPC
       raise NoSpaceOnDeviceError.new(path, action)
-    rescue *[const_get_safely(:ENOTSUP, Errno)].compact
+    rescue Errno::ENOTSUP
       raise OperationNotSupportedError.new(path, action)
     rescue Errno::EEXIST, Errno::ENOENT
       raise
@@ -117,13 +117,6 @@ module Bundler
       raise GenericSystemCallError.new(e, "There was an error accessing `#{path}`.")
     end
 
-    def const_get_safely(constant_name, namespace)
-      const_in_namespace = namespace.constants.include?(constant_name.to_s) ||
-        namespace.constants.include?(constant_name.to_sym)
-      return nil unless const_in_namespace
-      namespace.const_get(constant_name)
-    end
-
     def major_deprecation(major_version, message, print_caller_location: false)
       if print_caller_location
         caller_location = caller_locations(2, 2).first
@@ -152,13 +145,6 @@ module Bundler
       Bundler.ui.warn message
     end
 
-    def trap(signal, override = false, &block)
-      prior = Signal.trap(signal) do
-        block.call
-        prior.call unless override
-      end
-    end
-
     def ensure_same_dependencies(spec, old_deps, new_deps)
       new_deps = new_deps.reject {|d| d.type == :development }
       old_deps = old_deps.reject {|d| d.type == :development }
@@ -253,7 +239,7 @@ module Bundler
       current  = File.expand_path(SharedHelpers.pwd).tap{|x| x.untaint if RUBY_VERSION < "2.7" }
 
       until !File.directory?(current) || current == previous
-        if ENV["BUNDLE_SPEC_RUN"]
+        if ENV["BUNDLER_SPEC_RUN"]
           # avoid stepping above the tmp directory when testing
           gemspec = if ENV["GEM_COMMAND"]
             # for Ruby Core
@@ -327,12 +313,11 @@ module Bundler
     end
 
     def clean_load_path
-      bundler_lib = bundler_ruby_lib
-
       loaded_gem_paths = Bundler.rubygems.loaded_gem_paths
 
       $LOAD_PATH.reject! do |p|
-        next if resolve_path(p).start_with?(bundler_lib)
+        resolved_path = resolve_path(p)
+        next if $LOADED_FEATURES.any? {|lf| lf.start_with?(resolved_path) }
         loaded_gem_paths.delete(p)
       end
       $LOAD_PATH.uniq!

data/lib/bundler/source/git/git_proxy.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "shellwords"
-
 module Bundler
   class Source
     class Git
@@ -58,7 +56,6 @@ module Bundler
           @ref      = ref
           @revision = revision
           @git      = git
-          raise GitNotInstalledError.new if allow? && !Bundler.git_present?
         end
 
         def revision
@@ -98,12 +95,12 @@ module Bundler
             SharedHelpers.filesystem_access(path.dirname) do |p|
               FileUtils.mkdir_p(p)
             end
-            git_retry "clone", configured_uri, path.to_s, "--bare", "--no-hardlinks", "--quiet"
+            git_retry "clone", "--bare", "--no-hardlinks", "--quiet", "--", configured_uri, path.to_s
             return unless extra_ref
           end
 
           with_path do
-            git_retry(*["fetch", "--force", "--quiet", "--tags", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path)
+            git_retry(*["fetch", "--force", "--quiet", "--tags", "--", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path)
           end
         end
 
@@ -210,7 +207,11 @@ module Bundler
         end
 
         def allow?
-          @git ? @git.allow_git_ops? : true
+          allowed = @git ? @git.allow_git_ops? : true
+
+          raise GitNotInstalledError.new if allowed && !Bundler.git_present?
+
+          allowed
         end
 
         def with_path(&blk)
@@ -224,6 +225,7 @@ module Bundler
         end
 
         def check_allowed(command)
+          require "shellwords"
           command_with_no_credentials = URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
           raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
           command_with_no_credentials

data/lib/bundler/source/git.rb

@@ -42,7 +42,7 @@ module Bundler
         %w[ref branch tag submodules].each do |opt|
           out << "  #{opt}: #{options[opt]}\n" if options[opt]
         end
-        out << "  glob: #{@glob}\n" unless @glob == DEFAULT_GLOB
+        out << "  glob: #{@glob}\n" unless default_glob?
         out << "  specs:\n"
       end
 
@@ -75,12 +75,20 @@ module Bundler
             git_proxy.branch
           end
 
-          rev = " (at #{at}@#{shortref_for_display(revision)})"
+          rev = "at #{at}@#{shortref_for_display(revision)}"
         rescue GitError
           ""
         end
 
-        "#{@safe_uri}#{rev}"
+        specifiers = [rev, glob_for_display].compact
+        suffix =
+          if specifiers.any?
+            " (#{specifiers.join(", ")})"
+          else
+            ""
+          end
+
+        "#{@safe_uri}#{suffix}"
       end
 
       def name
@@ -282,6 +290,14 @@ module Bundler
         ref[0..11]
       end
 
+      def glob_for_display
+        default_glob? ? nil : "glob: #{@glob}"
+      end
+
+      def default_glob?
+        @glob == DEFAULT_GLOB
+      end
+
       def uri_hash
         if uri =~ %r{^\w+://(\w+@)?}
           # Downcase the domain component of the URI
@@ -291,7 +307,9 @@ module Bundler
           # If there is no URI scheme, assume it is an ssh/git URI
           input = uri
         end
-        SharedHelpers.digest(:SHA1).hexdigest(input)
+        # We use SHA1 here for historical reason and to preserve backward compatibility.
+        # But a transition to a simpler mangling algorithm would be welcome.
+        Bundler::Digest.sha1(input)
       end
 
       def cached_revision

data/lib/bundler/source/metadata.rb

@@ -25,7 +25,7 @@ module Bundler
             s.loaded_from = File.expand_path("..", __FILE__)
           end
 
-          if local_spec = Bundler.rubygems.find_name("bundler").find {|s| s.version.to_s == VERSION }
+          if local_spec = Bundler.rubygems.find_bundler(VERSION)
             idx << local_spec
           end
 

data/lib/bundler/source/rubygems.rb

@@ -29,6 +29,7 @@ module Bundler
       def local_only!
         @specs = nil
         @allow_local = true
+        @allow_cached = false
         @allow_remote = false
       end
 
@@ -50,6 +51,7 @@ module Bundler
         return if @allow_cached
 
         @specs = nil
+        @allow_local = true
         @allow_cached = true
       end
 
@@ -71,6 +73,10 @@ module Bundler
         @remotes.size > 1
       end
 
+      def no_remotes?
+        @remotes.size == 0
+      end
+
       def can_lock?(spec)
         return super unless multiple_remotes?
         include?(spec.source)
@@ -95,12 +101,27 @@ module Bundler
       def to_s
         if remotes.empty?
           "locally installed gems"
-        else
-          remote_names = remotes.map(&:to_s).join(", ")
+        elsif @allow_remote && @allow_cached && @allow_local
+          "rubygems repository #{remote_names}, cached gems or installed locally"
+        elsif @allow_remote && @allow_local
           "rubygems repository #{remote_names} or installed locally"
+        elsif @allow_remote
+          "rubygems repository #{remote_names}"
+        elsif @allow_cached && @allow_local
+          "cached gems or installed locally"
+        else
+          "locally installed gems"
+        end
+      end
+
+      def identifier
+        if remotes.empty?
+          "locally installed gems"
+        else
+          "rubygems repository #{remote_names}"
         end
       end
-      alias_method :name, :to_s
+      alias_method :name, :identifier
 
       def specs
         @specs ||= begin
@@ -118,7 +139,7 @@ module Bundler
         force = opts[:force]
         ensure_builtin_gems_cached = opts[:ensure_builtin_gems_cached]
 
-        if ensure_builtin_gems_cached && builtin_gem?(spec)
+        if ensure_builtin_gems_cached && spec.default_gem?
           if !cached_path(spec)
             cached_built_in_gem(spec) unless spec.remote
             force = true
@@ -127,7 +148,7 @@ module Bundler
           end
         end
 
-        if (installed?(spec) || Plugin.installed?(spec.name)) && !force
+        if installed?(spec) && !force
           print_using_message "Using #{version_message(spec)}"
           return nil # no post-install message
         end
@@ -145,7 +166,7 @@ module Bundler
           begin
             s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"])
             spec.__swap__(s)
-          rescue StandardError
+          rescue Gem::Package::FormatError
             Bundler.rm_rf(path)
             raise
           end
@@ -157,6 +178,7 @@ module Bundler
           Bundler.ui.confirm message
 
           path = cached_gem(spec)
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
           if requires_sudo?
             install_path = Bundler.tmp(spec.full_name)
             bin_path     = install_path.join("bin")
@@ -216,12 +238,8 @@ module Bundler
       end
 
       def cache(spec, custom_path = nil)
-        if builtin_gem?(spec)
-          cached_path = cached_built_in_gem(spec)
-        else
-          cached_path = cached_gem(spec)
-        end
-        raise GemNotFound, "Missing gem file '#{spec.full_name}.gem'." unless cached_path
+        cached_path = cached_gem(spec)
+        raise GemNotFound, "Missing gem file '#{spec.file_name}'." unless cached_path
         return if File.dirname(cached_path) == Bundler.app_cache.to_s
         Bundler.ui.info "  * #{File.basename(cached_path)}"
         FileUtils.cp(cached_path, Bundler.app_cache(custom_path))
@@ -248,10 +266,6 @@ module Bundler
         @remotes.unshift(uri) unless @remotes.include?(uri)
       end
 
-      def equivalent_remotes?(other_remotes)
-        other_remotes.map(&method(:remove_auth)) == @remotes.map(&method(:remove_auth))
-      end
-
       def spec_names
         if @allow_remote && dependency_api_available?
           remote_specs.spec_names
@@ -315,8 +329,16 @@ module Bundler
 
       protected
 
+      def remote_names
+        remotes.map(&:to_s).join(", ")
+      end
+
       def credless_remotes
-        remotes.map(&method(:suppress_configured_credentials))
+        if Bundler.settings[:allow_deployment_source_credential_changes]
+          remotes.map(&method(:remove_auth))
+        else
+          remotes.map(&method(:suppress_configured_credentials))
+        end
       end
 
       def remotes_for_spec(spec)
@@ -331,14 +353,17 @@ module Bundler
       end
 
       def cached_gem(spec)
-        cached_gem = cached_path(spec)
-        unless cached_gem
-          raise Bundler::GemNotFound, "Could not find #{spec.file_name} for installation"
+        if spec.default_gem?
+          cached_built_in_gem(spec)
+        else
+          cached_path(spec)
         end
-        cached_gem
       end
 
       def cached_path(spec)
+        global_cache_path = download_cache_path(spec)
+        @caches << global_cache_path if global_cache_path
+
         possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" }
         possibilities.find {|p| File.exist?(p) }
       end
@@ -438,19 +463,26 @@ module Bundler
 
         spec.fetch_platform
 
-        download_path = requires_sudo? ? Bundler.tmp(spec.full_name) : rubygems_dir
-        gem_path = "#{rubygems_dir}/cache/#{spec.full_name}.gem"
+        cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir)
+        gem_path = "#{cache_path}/#{spec.file_name}"
+
+        if requires_sudo?
+          download_path = Bundler.tmp(spec.full_name)
+          download_cache_path = default_cache_path_for(download_path)
+        else
+          download_cache_path = cache_path
+        end
 
-        SharedHelpers.filesystem_access("#{download_path}/cache") do |p|
+        SharedHelpers.filesystem_access(download_cache_path) do |p|
           FileUtils.mkdir_p(p)
         end
-        download_gem(spec, download_path)
+        download_gem(spec, download_cache_path)
 
         if requires_sudo?
-          SharedHelpers.filesystem_access("#{rubygems_dir}/cache") do |p|
+          SharedHelpers.filesystem_access(cache_path) do |p|
             Bundler.mkdir_p(p)
           end
-          Bundler.sudo "mv #{download_path}/cache/#{spec.full_name}.gem #{gem_path}"
+          Bundler.sudo "mv #{download_cache_path}/#{spec.file_name} #{gem_path}"
         end
 
         gem_path
@@ -458,16 +490,8 @@ module Bundler
         Bundler.rm_rf(download_path) if requires_sudo?
       end
 
-      def builtin_gem?(spec)
-        # Ruby 2.1, where all included gems have this summary
-        return true if spec.summary =~ /is bundled with Ruby/
-
-        # Ruby 2.0, where gemspecs are stored in specifications/default/
-        spec.loaded_from && spec.loaded_from.include?("specifications/default/")
-      end
-
       def installed?(spec)
-        installed_specs[spec].any?
+        installed_specs[spec].any? && !spec.deleted_gem?
       end
 
       def requires_sudo?
@@ -478,6 +502,10 @@ module Bundler
         Bundler.rubygems.gem_dir
       end
 
+      def default_cache_path_for(dir)
+        "#{dir}/cache"
+      end
+
       def cache_path
         Bundler.app_cache
       end
@@ -490,52 +518,13 @@ module Bundler
       # @param  [Specification] spec
       #         the spec we want to download or retrieve from the cache.
       #
-      # @param  [String] download_path
+      # @param  [String] download_cache_path
       #         the local directory the .gem will end up in.
       #
-      def download_gem(spec, download_path)
-        local_path = File.join(download_path, "cache/#{spec.full_name}.gem")
-
-        if (cache_path = download_cache_path(spec)) && cache_path.file?
-          SharedHelpers.filesystem_access(local_path) do
-            FileUtils.cp(cache_path, local_path)
-          end
-        else
-          uri = spec.remote.uri
-          Bundler.ui.confirm("Fetching #{version_message(spec)}")
-          rubygems_local_path = Bundler.rubygems.download_gem(spec, uri, download_path)
-
-          # older rubygems return varying file:// variants depending on version
-          rubygems_local_path = rubygems_local_path.gsub(/\Afile:/, "") unless Bundler.rubygems.provides?(">= 3.2.0.rc.2")
-          rubygems_local_path = rubygems_local_path.gsub(%r{\A//}, "") if Bundler.rubygems.provides?("< 3.1.0")
-
-          if rubygems_local_path != local_path
-            SharedHelpers.filesystem_access(local_path) do
-              FileUtils.mv(rubygems_local_path, local_path)
-            end
-          end
-          cache_globally(spec, local_path)
-        end
-      end
-
-      # Checks if the requested spec exists in the global cache. If it does
-      # not, we create the relevant global cache subdirectory if it does not
-      # exist and copy the spec from the local cache to the global cache.
-      #
-      # @param  [Specification] spec
-      #         the spec we want to copy to the global cache.
-      #
-      # @param  [String] local_cache_path
-      #         the local directory from which we want to copy the .gem.
-      #
-      def cache_globally(spec, local_cache_path)
-        return unless cache_path = download_cache_path(spec)
-        return if cache_path.exist?
-
-        SharedHelpers.filesystem_access(cache_path.dirname, &:mkpath)
-        SharedHelpers.filesystem_access(cache_path) do
-          FileUtils.cp(local_cache_path, cache_path)
-        end
+      def download_gem(spec, download_cache_path)
+        uri = spec.remote.uri
+        Bundler.ui.confirm("Fetching #{version_message(spec)}")
+        Bundler.rubygems.download_gem(spec, uri, download_cache_path)
       end
 
       # Returns the global cache path of the calling Rubygems::Source object.
@@ -554,7 +543,7 @@ module Bundler
         return unless remote = spec.remote
         return unless cache_slug = remote.cache_slug
 
-        Bundler.user_cache.join("gems", cache_slug, spec.file_name)
+        Bundler.user_cache.join("gems", cache_slug)
       end
 
       def extension_cache_slug(spec)