bundler 2.2.3 → 2.3.5

data/lib/bundler/settings.rb

@@ -7,33 +7,34 @@ module Bundler
     autoload :Validator, File.expand_path("settings/validator", __dir__)
 
     BOOL_KEYS = %w[
-      allow_bundler_dependency_conflicts
       allow_deployment_source_credential_changes
       allow_offline_install
       auto_clean_without_path
       auto_install
       cache_all
       cache_all_platforms
+      clean
       default_install_uses_path
       deployment
-      deployment_means_frozen
       disable_checksum_validation
       disable_exec_load
       disable_local_branch_check
-      disable_multisource
+      disable_local_revision_check
       disable_shared_gems
       disable_version_check
       force_ruby_platform
       forget_cli_options
       frozen
+      gem.changelog
       gem.coc
       gem.mit
+      git.allow_insecure
       global_gem_cache
       ignore_messages
       init_gems_rb
+      inline
       no_install
       no_prune
-      only_update_to_newer_versions
       path_relative_to_cwd
       path.system
       plugins
@@ -43,7 +44,6 @@ module Bundler
       silence_deprecations
       silence_root_warning
       suppress_install_using_messages
-      unlock_source_unlocks_spec
       update_requires_all_flag
       use_gem_version_promoter_for_major_updates
     ].freeze
@@ -61,6 +61,22 @@ module Bundler
       without
     ].freeze
 
+    STRING_KEYS = %w[
+      bin
+      cache_path
+      console
+      gem.ci
+      gem.github_username
+      gem.linter
+      gem.rubocop
+      gem.test
+      gemfile
+      path
+      shebang
+      system_bindir
+      trust-policy
+    ].freeze
+
     DEFAULT_CONFIG = {
       "BUNDLE_SILENCE_DEPRECATIONS" => false,
       "BUNDLE_DISABLE_VERSION_CHECK" => true,
@@ -126,8 +142,8 @@ module Bundler
       keys = @temporary.keys | @global_config.keys | @local_config.keys | @env_config.keys
 
       keys.map do |key|
-        key.sub(/^BUNDLE_/, "").gsub(/__/, ".").downcase
-      end
+        key.sub(/^BUNDLE_/, "").gsub(/___/, "-").gsub(/__/, ".").downcase
+      end.sort
     end
 
     def local_overrides
@@ -173,29 +189,37 @@ module Bundler
       locations = []
 
       if value = @temporary[key]
-        locations << "Set for the current command: #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for the current command: #{printable_value(value, exposed_key).inspect}"
       end
 
       if value = @local_config[key]
-        locations << "Set for your local app (#{local_config_file}): #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for your local app (#{local_config_file}): #{printable_value(value, exposed_key).inspect}"
       end
 
       if value = @env_config[key]
-        locations << "Set via #{key}: #{converted_value(value, exposed_key).inspect}"
+        locations << "Set via #{key}: #{printable_value(value, exposed_key).inspect}"
       end
 
       if value = @global_config[key]
-        locations << "Set for the current user (#{global_config_file}): #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for the current user (#{global_config_file}): #{printable_value(value, exposed_key).inspect}"
       end
 
       return ["You have not configured a value for `#{exposed_key}`"] if locations.empty?
       locations
     end
 
+    def processor_count
+      require "etc"
+      Etc.nprocessors
+    rescue StandardError
+      1
+    end
+
     # for legacy reasons, in Bundler 2, we do not respect :disable_shared_gems
     def path
       configs.each do |_level, settings|
         path = value_for("path", settings)
+        path = "vendor/bundle" if value_for("deployment", settings) && path.nil?
         path_system = value_for("path.system", settings)
         disabled_shared_gems = value_for("disable_shared_gems", settings)
         next if path.nil? && path_system.nil? && disabled_shared_gems.nil?
@@ -277,9 +301,7 @@ module Bundler
     end
 
     def key_for(key)
-      key = Settings.normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
-      key = key.to_s.gsub(".", "__").upcase
-      "BUNDLE_#{key}"
+      self.class.key_for(key)
     end
 
     private
@@ -314,6 +336,10 @@ module Bundler
       BOOL_KEYS.include?(name.to_s) || BOOL_KEYS.include?(parent_setting_for(name.to_s))
     end
 
+    def is_string(name)
+      STRING_KEYS.include?(name.to_s) || name.to_s.start_with?("local.") || name.to_s.start_with?("mirror.") || name.to_s.start_with?("build.")
+    end
+
     def to_bool(value)
       case value
       when nil, /\A(false|f|no|n|0|)\z/i, false
@@ -331,6 +357,14 @@ module Bundler
       ARRAY_KEYS.include?(key.to_s)
     end
 
+    def is_credential(key)
+      key == "gem.push_key"
+    end
+
+    def is_userinfo(value)
+      value.include?(":")
+    end
+
     def to_array(value)
       return [] unless value
       value.split(":").map(&:to_sym)
@@ -377,15 +411,38 @@ module Bundler
       end
     end
 
+    def printable_value(value, key)
+      converted = converted_value(value, key)
+      return converted unless converted.is_a?(String)
+
+      if is_string(key)
+        converted
+      elsif is_credential(key)
+        "[REDACTED]"
+      elsif is_userinfo(converted)
+        username, pass = converted.split(":", 2)
+
+        if pass == "x-oauth-basic"
+          username = "[REDACTED]"
+        else
+          pass = "[REDACTED]"
+        end
+
+        [username, pass].join(":")
+      else
+        converted
+      end
+    end
+
     def global_config_file
       if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
         Pathname.new(ENV["BUNDLE_CONFIG"])
-      else
-        begin
-          Bundler.user_bundle_path("config")
-        rescue PermissionError, GenericSystemCallError
-          nil
-        end
+      elsif ENV["BUNDLE_USER_CONFIG"] && !ENV["BUNDLE_USER_CONFIG"].empty?
+        Pathname.new(ENV["BUNDLE_USER_CONFIG"])
+      elsif ENV["BUNDLE_USER_HOME"] && !ENV["BUNDLE_USER_HOME"].empty?
+        Pathname.new(ENV["BUNDLE_USER_HOME"]).join("config")
+      elsif Bundler.rubygems.user_home && !Bundler.rubygems.user_home.empty?
+        Pathname.new(Bundler.rubygems.user_home).join(".bundle/config")
       end
     end
 
@@ -399,7 +456,20 @@ module Bundler
         valid_file = file.exist? && !file.size.zero?
         return {} unless valid_file
         require_relative "yaml_serializer"
-        YAMLSerializer.load file.read
+        YAMLSerializer.load(file.read).inject({}) do |config, (k, v)|
+          new_k = k
+
+          if k.include?("-")
+            Bundler.ui.warn "Your #{file} config includes `#{k}`, which contains the dash character (`-`).\n" \
+              "This is deprecated, because configuration through `ENV` should be possible, but `ENV` keys cannot include dashes.\n" \
+              "Please edit #{file} and replace any dashes in configuration keys with a triple underscore (`___`)."
+
+            new_k = k.gsub("-", "___")
+          end
+
+          config[new_k] = v
+          config
+        end
       end
     end
 
@@ -416,6 +486,12 @@ module Bundler
         \z
       /ix.freeze
 
+    def self.key_for(key)
+      key = normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
+      key = key.to_s.gsub(".", "__").gsub("-", "___").upcase
+      "BUNDLE_#{key}"
+    end
+
     # TODO: duplicates Rubygems#normalize_uri
     # TODO: is this the correct place to validate mirror URIs?
     def self.normalize_uri(uri)

data/lib/bundler/setup.rb

@@ -9,10 +9,10 @@ if Bundler::SharedHelpers.in_bundle?
     begin
       Bundler.ui.silence { Bundler.setup }
     rescue Bundler::BundlerError => e
-      Bundler.ui.warn "\e[31m#{e.message}\e[0m"
+      Bundler.ui.error e.message
       Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
       if e.is_a?(Bundler::GemNotFound)
-        Bundler.ui.warn "\e[33mRun `bundle install` to install missing gems.\e[0m"
+        Bundler.ui.warn "Run `bundle install` to install missing gems."
       end
       exit e.status_code
     end

data/lib/bundler/shared_helpers.rb

@@ -109,7 +109,7 @@ module Bundler
       raise VirtualProtocolError.new
     rescue Errno::ENOSPC
       raise NoSpaceOnDeviceError.new(path, action)
-    rescue *[const_get_safely(:ENOTSUP, Errno)].compact
+    rescue Errno::ENOTSUP
       raise OperationNotSupportedError.new(path, action)
     rescue Errno::EEXIST, Errno::ENOENT
       raise
@@ -117,13 +117,6 @@ module Bundler
       raise GenericSystemCallError.new(e, "There was an error accessing `#{path}`.")
     end
 
-    def const_get_safely(constant_name, namespace)
-      const_in_namespace = namespace.constants.include?(constant_name.to_s) ||
-        namespace.constants.include?(constant_name.to_sym)
-      return nil unless const_in_namespace
-      namespace.const_get(constant_name)
-    end
-
     def major_deprecation(major_version, message, print_caller_location: false)
       if print_caller_location
         caller_location = caller_locations(2, 2).first
@@ -152,13 +145,6 @@ module Bundler
       Bundler.ui.warn message
     end
 
-    def trap(signal, override = false, &block)
-      prior = Signal.trap(signal) do
-        block.call
-        prior.call unless override
-      end
-    end
-
     def ensure_same_dependencies(spec, old_deps, new_deps)
       new_deps = new_deps.reject {|d| d.type == :development }
       old_deps = old_deps.reject {|d| d.type == :development }
@@ -194,11 +180,11 @@ module Bundler
       return @md5_available if defined?(@md5_available)
       @md5_available = begin
         require "openssl"
-        OpenSSL::Digest.digest("MD5", "")
+        ::OpenSSL::Digest.digest("MD5", "")
         true
       rescue LoadError
         true
-      rescue OpenSSL::Digest::DigestError
+      rescue ::OpenSSL::Digest::DigestError
         false
       end
     end
@@ -253,7 +239,7 @@ module Bundler
       current  = File.expand_path(SharedHelpers.pwd).tap{|x| x.untaint if RUBY_VERSION < "2.7" }
 
       until !File.directory?(current) || current == previous
-        if ENV["BUNDLE_SPEC_RUN"]
+        if ENV["BUNDLER_SPEC_RUN"]
           # avoid stepping above the tmp directory when testing
           gemspec = if ENV["GEM_COMMAND"]
             # for Ruby Core
@@ -327,12 +313,11 @@ module Bundler
     end
 
     def clean_load_path
-      bundler_lib = bundler_ruby_lib
-
       loaded_gem_paths = Bundler.rubygems.loaded_gem_paths
 
       $LOAD_PATH.reject! do |p|
-        next if resolve_path(p).start_with?(bundler_lib)
+        resolved_path = resolve_path(p)
+        next if $LOADED_FEATURES.any? {|lf| lf.start_with?(resolved_path) }
         loaded_gem_paths.delete(p)
       end
       $LOAD_PATH.uniq!

data/lib/bundler/source/git/git_proxy.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "shellwords"
-
 module Bundler
   class Source
     class Git
@@ -17,7 +15,7 @@ module Bundler
       class GitNotAllowedError < GitError
         def initialize(command)
           msg = String.new
-          msg << "Bundler is trying to run a `git #{command}` at runtime. You probably need to run `bundle install`. However, "
+          msg << "Bundler is trying to run `#{command}` at runtime. You probably need to run `bundle install`. However, "
           msg << "this error message could probably be more useful. Please submit a ticket at https://github.com/rubygems/rubygems/issues/new?labels=Bundler&template=bundler-related-issue.md "
           msg << "with steps to reproduce as well as the following\n\nCALLER: #{caller.join("\n")}"
           super msg
@@ -27,11 +25,11 @@ module Bundler
       class GitCommandError < GitError
         attr_reader :command
 
-        def initialize(command, path, destination_path, extra_info = nil)
+        def initialize(command, path, extra_info = nil)
           @command = command
 
           msg = String.new
-          msg << "Git error: command `git #{command}` in directory #{destination_path} has failed."
+          msg << "Git error: command `#{command}` in directory #{path} has failed."
           msg << "\n#{extra_info}" if extra_info
           msg << "\nIf this error persists you could try removing the cache directory '#{path}'" if path.exist?
           super msg
@@ -39,9 +37,9 @@ module Bundler
       end
 
       class MissingGitRevisionError < GitCommandError
-        def initialize(command, path, destination_path, ref, repo)
+        def initialize(command, destination_path, ref, repo)
           msg = "Revision #{ref} does not exist in the repository #{repo}. Maybe you misspelled it?"
-          super command, path, destination_path, msg
+          super command, destination_path, msg
         end
       end
 
@@ -58,7 +56,6 @@ module Bundler
           @ref      = ref
           @revision = revision
           @git      = git
-          raise GitNotInstalledError.new if allow? && !Bundler.git_present?
         end
 
         def revision
@@ -67,13 +64,13 @@ module Bundler
 
         def branch
           @branch ||= allowed_with_path do
-            git("rev-parse --abbrev-ref HEAD", :dir => path).strip
+            git("rev-parse", "--abbrev-ref", "HEAD", :dir => path).strip
           end
         end
 
         def contains?(commit)
           allowed_with_path do
-            result, status = git_null("branch --contains #{commit}", :dir => path)
+            result, status = git_null("branch", "--contains", commit, :dir => path)
             status.success? && result =~ /^\* (.*)$/
           end
         end
@@ -88,20 +85,22 @@ module Bundler
 
         def checkout
           return if path.exist? && has_revision_cached?
-          extra_ref = "#{Shellwords.shellescape(ref)}:#{Shellwords.shellescape(ref)}" if ref && ref.start_with?("refs/")
+          extra_ref = "#{ref}:#{ref}" if ref && ref.start_with?("refs/")
 
           Bundler.ui.info "Fetching #{URICredentialsFilter.credential_filtered_uri(uri)}"
 
+          configured_uri = configured_uri_for(uri).to_s
+
           unless path.exist?
             SharedHelpers.filesystem_access(path.dirname) do |p|
               FileUtils.mkdir_p(p)
             end
-            git_retry %(clone #{uri_escaped_with_configured_credentials} "#{path}" --bare --no-hardlinks --quiet)
+            git_retry "clone", "--bare", "--no-hardlinks", "--quiet", "--", configured_uri, path.to_s
             return unless extra_ref
           end
 
           with_path do
-            git_retry %(fetch --force --quiet --tags #{uri_escaped_with_configured_credentials} "refs/heads/*:refs/heads/*" #{extra_ref}), :dir => path
+            git_retry(*["fetch", "--force", "--quiet", "--tags", "--", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path)
           end
         end
 
@@ -115,7 +114,7 @@ module Bundler
               SharedHelpers.filesystem_access(destination) do |p|
                 FileUtils.rm_rf(p)
               end
-              git_retry %(clone --no-checkout --quiet "#{path}" "#{destination}")
+              git_retry "clone", "--no-checkout", "--quiet", path.to_s, destination.to_s
               File.chmod(((File.stat(destination).mode | 0o777) & ~File.umask), destination)
             rescue Errno::EEXIST => e
               file_path = e.message[%r{.*?((?:[a-zA-Z]:)?/.*)}, 1]
@@ -125,56 +124,59 @@ module Bundler
             end
           end
           # method 2
-          git_retry %(fetch --force --quiet --tags "#{path}"), :dir => destination
+          git_retry "fetch", "--force", "--quiet", "--tags", path.to_s, :dir => destination
 
           begin
-            git "reset --hard #{@revision}", :dir => destination
+            git "reset", "--hard", @revision, :dir => destination
           rescue GitCommandError => e
-            raise MissingGitRevisionError.new(e.command, path, destination, @revision, URICredentialsFilter.credential_filtered_uri(uri))
+            raise MissingGitRevisionError.new(e.command, destination, @revision, URICredentialsFilter.credential_filtered_uri(uri))
           end
 
           if submodules
-            git_retry "submodule update --init --recursive", :dir => destination
+            git_retry "submodule", "update", "--init", "--recursive", :dir => destination
           elsif Gem::Version.create(version) >= Gem::Version.create("2.9.0")
             inner_command = "git -C $toplevel submodule deinit --force $sm_path"
-            inner_command = inner_command.gsub("$") { '\$' } unless Bundler::WINDOWS
-            git_retry "submodule foreach --quiet \"#{inner_command}\"", :dir => destination
+            git_retry "submodule", "foreach", "--quiet", inner_command, :dir => destination
           end
         end
 
         private
 
-        def git_null(command, dir: SharedHelpers.pwd)
+        def git_null(*command, dir: nil)
           check_allowed(command)
 
           out, status = SharedHelpers.with_clean_git_env do
-            capture_and_ignore_stderr("git #{command}", :chdir => dir.to_s)
+            capture_and_ignore_stderr(*capture3_args_for(command, dir))
           end
 
           [URICredentialsFilter.credential_filtered_string(out, uri), status]
         end
 
-        def git_retry(command, dir: SharedHelpers.pwd)
-          Bundler::Retry.new("`git #{URICredentialsFilter.credential_filtered_string(command, uri)}`", GitNotAllowedError).attempts do
-            git(command, :dir => dir)
+        def git_retry(*command, dir: nil)
+          command_with_no_credentials = check_allowed(command)
+
+          Bundler::Retry.new("`#{command_with_no_credentials}` at #{dir || SharedHelpers.pwd}").attempts do
+            git(*command, :dir => dir)
           end
         end
 
-        def git(command, dir: SharedHelpers.pwd)
+        def git(*command, dir: nil)
           command_with_no_credentials = check_allowed(command)
 
           out, status = SharedHelpers.with_clean_git_env do
-            capture_and_filter_stderr(uri, "git #{command}", :chdir => dir.to_s)
+            capture_and_filter_stderr(*capture3_args_for(command, dir))
           end
 
-          raise GitCommandError.new(command_with_no_credentials, path, dir) unless status.success?
+          filtered_out = URICredentialsFilter.credential_filtered_string(out, uri)
+
+          raise GitCommandError.new(command_with_no_credentials, dir || SharedHelpers.pwd, filtered_out) unless status.success?
 
-          URICredentialsFilter.credential_filtered_string(out, uri)
+          filtered_out
         end
 
         def has_revision_cached?
           return unless @revision
-          with_path { git("cat-file -e #{@revision}", :dir => path) }
+          with_path { git("cat-file", "-e", @revision, :dir => path) }
           true
         rescue GitError
           false
@@ -186,24 +188,10 @@ module Bundler
 
         def find_local_revision
           allowed_with_path do
-            git("rev-parse --verify #{Shellwords.shellescape(ref)}", :dir => path).strip
+            git("rev-parse", "--verify", ref || "HEAD", :dir => path).strip
           end
         rescue GitCommandError => e
-          raise MissingGitRevisionError.new(e.command, path, path, ref, URICredentialsFilter.credential_filtered_uri(uri))
-        end
-
-        # Escape the URI for git commands
-        def uri_escaped_with_configured_credentials
-          remote = configured_uri_for(uri)
-          if Bundler::WINDOWS
-            # Windows quoting requires double quotes only, with double quotes
-            # inside the string escaped by being doubled.
-            '"' + remote.gsub('"') { '""' } + '"'
-          else
-            # Bash requires single quoted strings, with the single quotes escaped
-            # by ending the string, escaping the quote, and restarting the string.
-            "'" + remote.gsub("'") { "'\\''" } + "'"
-          end
+          raise MissingGitRevisionError.new(e.command, path, ref, URICredentialsFilter.credential_filtered_uri(uri))
         end
 
         # Adds credentials to the URI as Fetcher#configured_uri_for does
@@ -219,7 +207,11 @@ module Bundler
         end
 
         def allow?
-          @git ? @git.allow_git_ops? : true
+          allowed = @git ? @git.allow_git_ops? : true
+
+          raise GitNotInstalledError.new if allowed && !Bundler.git_present?
+
+          allowed
         end
 
         def with_path(&blk)
@@ -233,23 +225,38 @@ module Bundler
         end
 
         def check_allowed(command)
-          command_with_no_credentials = URICredentialsFilter.credential_filtered_string(command, uri)
+          require "shellwords"
+          command_with_no_credentials = URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
           raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
           command_with_no_credentials
         end
 
-        def capture_and_filter_stderr(uri, cmd, chdir: SharedHelpers.pwd)
+        def capture_and_filter_stderr(*cmd)
           require "open3"
-          return_value, captured_err, status = Open3.capture3(cmd, :chdir => chdir)
-          Bundler.ui.warn URICredentialsFilter.credential_filtered_string(captured_err, uri) if uri && !captured_err.empty?
+          return_value, captured_err, status = Open3.capture3(*cmd)
+          Bundler.ui.warn URICredentialsFilter.credential_filtered_string(captured_err, uri) unless captured_err.empty?
           [return_value, status]
         end
 
-        def capture_and_ignore_stderr(cmd, chdir: SharedHelpers.pwd)
+        def capture_and_ignore_stderr(*cmd)
           require "open3"
-          return_value, _, status = Open3.capture3(cmd, :chdir => chdir)
+          return_value, _, status = Open3.capture3(*cmd)
           [return_value, status]
         end
+
+        def capture3_args_for(cmd, dir)
+          return ["git", *cmd] unless dir
+
+          if Bundler.feature_flag.bundler_3_mode? || supports_minus_c?
+            ["git", "-C", dir.to_s, *cmd]
+          else
+            ["git", *cmd, { :chdir => dir.to_s }]
+          end
+        end
+
+        def supports_minus_c?
+          @supports_minus_c ||= Gem::Version.new(version) >= Gem::Version.new("1.8.5")
+        end
       end
     end
   end