bundler 2.2.5 → 2.2.10
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +73 -0
- data/lib/bundler.rb +1 -1
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli.rb +1 -0
- data/lib/bundler/cli/cache.rb +1 -0
- data/lib/bundler/cli/gem.rb +12 -0
- data/lib/bundler/definition.rb +66 -56
- data/lib/bundler/dep_proxy.rb +15 -8
- data/lib/bundler/dsl.rb +38 -25
- data/lib/bundler/feature_flag.rb +0 -2
- data/lib/bundler/fetcher.rb +0 -1
- data/lib/bundler/gem_helper.rb +8 -6
- data/lib/bundler/gem_version_promoter.rb +2 -2
- data/lib/bundler/index.rb +6 -5
- data/lib/bundler/inline.rb +1 -0
- data/lib/bundler/installer.rb +0 -17
- data/lib/bundler/installer/standalone.rb +15 -0
- data/lib/bundler/lazy_specification.rb +9 -18
- data/lib/bundler/lockfile_parser.rb +12 -8
- data/lib/bundler/man/bundle-add.1 +1 -1
- data/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/lib/bundler/man/bundle-cache.1 +1 -1
- data/lib/bundler/man/bundle-check.1 +1 -1
- data/lib/bundler/man/bundle-clean.1 +1 -1
- data/lib/bundler/man/bundle-config.1 +6 -12
- data/lib/bundler/man/bundle-config.1.ronn +11 -18
- data/lib/bundler/man/bundle-doctor.1 +1 -1
- data/lib/bundler/man/bundle-exec.1 +1 -1
- data/lib/bundler/man/bundle-gem.1 +1 -1
- data/lib/bundler/man/bundle-info.1 +1 -1
- data/lib/bundler/man/bundle-init.1 +1 -1
- data/lib/bundler/man/bundle-inject.1 +1 -1
- data/lib/bundler/man/bundle-install.1 +1 -1
- data/lib/bundler/man/bundle-list.1 +1 -1
- data/lib/bundler/man/bundle-lock.1 +1 -1
- data/lib/bundler/man/bundle-open.1 +1 -1
- data/lib/bundler/man/bundle-outdated.1 +1 -1
- data/lib/bundler/man/bundle-platform.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1 +1 -1
- data/lib/bundler/man/bundle-remove.1 +1 -1
- data/lib/bundler/man/bundle-show.1 +1 -1
- data/lib/bundler/man/bundle-update.1 +1 -1
- data/lib/bundler/man/bundle-viz.1 +1 -1
- data/lib/bundler/man/bundle.1 +1 -1
- data/lib/bundler/man/gemfile.5 +1 -1
- data/lib/bundler/plugin.rb +1 -0
- data/lib/bundler/plugin/installer.rb +8 -9
- data/lib/bundler/resolver.rb +110 -80
- data/lib/bundler/resolver/spec_group.rb +56 -44
- data/lib/bundler/rubygems_ext.rb +16 -0
- data/lib/bundler/settings.rb +1 -2
- data/lib/bundler/shared_helpers.rb +2 -2
- data/lib/bundler/source/git.rb +1 -1
- data/lib/bundler/source/rubygems.rb +10 -2
- data/lib/bundler/source_list.rb +34 -25
- data/lib/bundler/spec_set.rb +5 -4
- data/lib/bundler/templates/newgem/CHANGELOG.md.tt +5 -0
- data/lib/bundler/vendor/molinillo/lib/molinillo/delegates/specification_provider.rb +7 -0
- data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +0 -1
- data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +11 -5
- data/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +2 -2
- data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +11 -0
- data/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +11 -7
- data/lib/bundler/vendor/thor/lib/thor.rb +5 -6
- data/lib/bundler/vendor/thor/lib/thor/actions.rb +1 -1
- data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +4 -2
- data/lib/bundler/vendor/thor/lib/thor/error.rb +1 -1
- data/lib/bundler/vendor/thor/lib/thor/parser/arguments.rb +5 -1
- data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +9 -8
- data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +5 -2
- data/lib/bundler/vendor/thor/lib/thor/shell/color.rb +5 -1
- data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
- data/lib/bundler/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb87c09a270f3caca4d4719878b6c807b173016a786dbf5b067b44cf3e61b37d
|
4
|
+
data.tar.gz: 9c31e5c7673789aedd7515d6f54479095da5ecdc0e6fba3b4c2a6f636c21b30f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 218d6753e8980cfd447332d0c19c1ef0d07ba25b9ee0260cf6290d493063c24ea377d9241d52a145737ee8ac6ee4cd127351b4356076d114778f3a8c8fb5987b
|
7
|
+
data.tar.gz: 858d23190b365f75b923b4f5608bea65206e9aadc842cfaa04190d6d9d452212da5f857f0474f35a474448de246ef3d34a70de8d6d476ad095457148ceeb3bd2
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,76 @@
|
|
1
|
+
# 2.2.10 (February 15, 2021)
|
2
|
+
|
3
|
+
## Security fixes:
|
4
|
+
|
5
|
+
- Fix source priority for transitive dependencies and split lockfile rubygems source sections [#3655](https://github.com/rubygems/rubygems/pull/3655)
|
6
|
+
|
7
|
+
## Bug fixes:
|
8
|
+
|
9
|
+
- Fix adding platforms to lockfile sometimes conflicting on ruby requirements [#4371](https://github.com/rubygems/rubygems/pull/4371)
|
10
|
+
- Fix bundler sometimes choosing ruby variants over java ones [#4367](https://github.com/rubygems/rubygems/pull/4367)
|
11
|
+
|
12
|
+
## Documentation:
|
13
|
+
|
14
|
+
- Update man pages to reflect to new default for bundle install jobs [#4188](https://github.com/rubygems/rubygems/pull/4188)
|
15
|
+
|
16
|
+
# 2.2.9 (February 8, 2021)
|
17
|
+
|
18
|
+
## Enhancements:
|
19
|
+
|
20
|
+
- Stop removing existing platforms when force_ruby_platform is true [#4336](https://github.com/rubygems/rubygems/pull/4336)
|
21
|
+
|
22
|
+
## Bug fixes:
|
23
|
+
|
24
|
+
- Don't install platform specific gems on truffleruby [#4333](https://github.com/rubygems/rubygems/pull/4333)
|
25
|
+
|
26
|
+
# 2.2.8 (February 2, 2021)
|
27
|
+
|
28
|
+
## Enhancements:
|
29
|
+
|
30
|
+
- Add a CHANGELOG.md file to gems generated by `bundle gem` [#4093](https://github.com/rubygems/rubygems/pull/4093)
|
31
|
+
- Support gemified `set` [#4297](https://github.com/rubygems/rubygems/pull/4297)
|
32
|
+
|
33
|
+
## Bug fixes:
|
34
|
+
|
35
|
+
- Fix standalone Kernel.require visibility [#4337](https://github.com/rubygems/rubygems/pull/4337)
|
36
|
+
|
37
|
+
## Performance:
|
38
|
+
|
39
|
+
- Fix resolver edge cases and speed up bundler [#4277](https://github.com/rubygems/rubygems/pull/4277)
|
40
|
+
|
41
|
+
# 2.2.7 (January 26, 2021)
|
42
|
+
|
43
|
+
## Enhancements:
|
44
|
+
|
45
|
+
- Improve error messages when dependency on bundler conflicts with running version [#4308](https://github.com/rubygems/rubygems/pull/4308)
|
46
|
+
- Avoid showing platforms with requirements in error messages [#4310](https://github.com/rubygems/rubygems/pull/4310)
|
47
|
+
- Introduce disable_local_revision_check config [#4237](https://github.com/rubygems/rubygems/pull/4237)
|
48
|
+
- Reverse rubygems require mixin with bundler standalone [#4299](https://github.com/rubygems/rubygems/pull/4299)
|
49
|
+
|
50
|
+
## Bug fixes:
|
51
|
+
|
52
|
+
- Fix releasing from a not yet pushed branch [#4309](https://github.com/rubygems/rubygems/pull/4309)
|
53
|
+
- Install cache only once if it already exists [#4304](https://github.com/rubygems/rubygems/pull/4304)
|
54
|
+
- Fix `force_ruby_platform` no longer being respected [#4302](https://github.com/rubygems/rubygems/pull/4302)
|
55
|
+
|
56
|
+
## Performance:
|
57
|
+
|
58
|
+
- Fix resolver dependency comparison [#4289](https://github.com/rubygems/rubygems/pull/4289)
|
59
|
+
|
60
|
+
# 2.2.6 (January 18, 2021)
|
61
|
+
|
62
|
+
## Enhancements:
|
63
|
+
|
64
|
+
- Improve resolver debugging [#4288](https://github.com/rubygems/rubygems/pull/4288)
|
65
|
+
|
66
|
+
## Bug fixes:
|
67
|
+
|
68
|
+
- Fix dependency locking for path source [#4293](https://github.com/rubygems/rubygems/pull/4293)
|
69
|
+
|
70
|
+
## Performance:
|
71
|
+
|
72
|
+
- Speed up complex dependency resolves by creating DepProxy factory and cache [#4216](https://github.com/rubygems/rubygems/pull/4216)
|
73
|
+
|
1
74
|
# 2.2.5 (January 11, 2021)
|
2
75
|
|
3
76
|
## Enhancements:
|
data/lib/bundler.rb
CHANGED
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-02-15".freeze
|
8
|
+
@git_commit_sha = "cc7c333721".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/cli.rb
CHANGED
@@ -586,6 +586,7 @@ module Bundler
|
|
586
586
|
method_option :git, :type => :boolean, :default => true, :desc => "Initialize a git repo inside your library."
|
587
587
|
method_option :mit, :type => :boolean, :desc => "Generate an MIT license file. Set a default with `bundle config set --global gem.mit true`."
|
588
588
|
method_option :rubocop, :type => :boolean, :desc => "Add rubocop to the generated Rakefile and gemspec. Set a default with `bundle config set --global gem.rubocop true`."
|
589
|
+
method_option :changelog, :type => :boolean, :desc => "Generate changelog file. Set a default with `bundle config set --global gem.changelog true`."
|
589
590
|
method_option :test, :type => :string, :lazy_default => Bundler.settings["gem.test"] || "", :aliases => "-t", :banner => "Use the specified test framework for your library",
|
590
591
|
:desc => "Generate a test directory for your library, either rspec, minitest or test-unit. Set a default with `bundle config set --global gem.test (rspec|minitest|test-unit)`."
|
591
592
|
method_option :ci, :type => :string, :lazy_default => Bundler.settings["gem.ci"] || "",
|
data/lib/bundler/cli/cache.rb
CHANGED
data/lib/bundler/cli/gem.rb
CHANGED
@@ -142,6 +142,18 @@ module Bundler
|
|
142
142
|
templates.merge!("CODE_OF_CONDUCT.md.tt" => "CODE_OF_CONDUCT.md")
|
143
143
|
end
|
144
144
|
|
145
|
+
if ask_and_set(:changelog, "Do you want to include a changelog?",
|
146
|
+
"A changelog is a file which contains a curated, chronologically ordered list of notable " \
|
147
|
+
"changes for each version of a project. To make it easier for users and contributors to" \
|
148
|
+
" see precisely what notable changes have been made between each release (or version) of" \
|
149
|
+
" the project. Whether consumers or developers, the end users of software are" \
|
150
|
+
" human beings who care about what's in the software. When the software changes, people " \
|
151
|
+
"want to know why and how. see https://keepachangelog.com")
|
152
|
+
config[:changelog] = true
|
153
|
+
Bundler.ui.info "Changelog enabled in config"
|
154
|
+
templates.merge!("CHANGELOG.md.tt" => "CHANGELOG.md")
|
155
|
+
end
|
156
|
+
|
145
157
|
if ask_and_set(:rubocop, "Do you want to add rubocop as a dependency for gems you generate?",
|
146
158
|
"RuboCop is a static code analyzer that has out-of-the-box rules for many " \
|
147
159
|
"of the guidelines in the community style guide. " \
|
data/lib/bundler/definition.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require_relative "lockfile_parser"
|
4
|
-
require "set"
|
5
4
|
|
6
5
|
module Bundler
|
7
6
|
class Definition
|
@@ -83,11 +82,7 @@ module Bundler
|
|
83
82
|
@lockfile_contents = Bundler.read_file(lockfile)
|
84
83
|
@locked_gems = LockfileParser.new(@lockfile_contents)
|
85
84
|
@locked_platforms = @locked_gems.platforms
|
86
|
-
|
87
|
-
@platforms = [Gem::Platform::RUBY]
|
88
|
-
else
|
89
|
-
@platforms = @locked_platforms.dup
|
90
|
-
end
|
85
|
+
@platforms = @locked_platforms.dup
|
91
86
|
@locked_bundler_version = @locked_gems.bundler_version
|
92
87
|
@locked_ruby_version = @locked_gems.ruby_version
|
93
88
|
|
@@ -111,6 +106,19 @@ module Bundler
|
|
111
106
|
@locked_platforms = []
|
112
107
|
end
|
113
108
|
|
109
|
+
@locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
110
|
+
@disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
|
111
|
+
|
112
|
+
unless @disable_multisource
|
113
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
|
114
|
+
"You should regenerate your lockfile in a non frozen environment."
|
115
|
+
|
116
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
117
|
+
|
118
|
+
@sources.allow_multisource!
|
119
|
+
@locked_gem_sources.each(&:allow_multisource!)
|
120
|
+
end
|
121
|
+
|
114
122
|
@unlock[:gems] ||= []
|
115
123
|
@unlock[:sources] ||= []
|
116
124
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
@@ -150,6 +158,14 @@ module Bundler
|
|
150
158
|
end
|
151
159
|
end
|
152
160
|
|
161
|
+
def disable_multisource?
|
162
|
+
@disable_multisource
|
163
|
+
end
|
164
|
+
|
165
|
+
def allow_multisource!
|
166
|
+
@disable_multisource = false
|
167
|
+
end
|
168
|
+
|
153
169
|
def resolve_with_cache!
|
154
170
|
raise "Specs already loaded" if @specs
|
155
171
|
sources.cached!
|
@@ -259,23 +275,18 @@ module Bundler
|
|
259
275
|
def resolve
|
260
276
|
@resolve ||= begin
|
261
277
|
last_resolve = converge_locked_specs
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
end
|
275
|
-
|
276
|
-
# filter out gems that _can_ be installed on multiple platforms, but don't need
|
277
|
-
# to be
|
278
|
-
resolve.for(expand_dependencies(dependencies, true), [], false, false, false)
|
278
|
+
if Bundler.frozen_bundle?
|
279
|
+
Bundler.ui.debug "Frozen, using resolution from the lockfile"
|
280
|
+
last_resolve
|
281
|
+
elsif !unlocking? && nothing_changed?
|
282
|
+
Bundler.ui.debug("Found no changes, using resolution from the lockfile")
|
283
|
+
last_resolve
|
284
|
+
else
|
285
|
+
# Run a resolve against the locally available gems
|
286
|
+
Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
|
287
|
+
expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
|
288
|
+
Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
|
289
|
+
end
|
279
290
|
end
|
280
291
|
end
|
281
292
|
|
@@ -540,6 +551,9 @@ module Bundler
|
|
540
551
|
attr_reader :sources
|
541
552
|
private :sources
|
542
553
|
|
554
|
+
attr_reader :locked_gem_sources
|
555
|
+
private :locked_gem_sources
|
556
|
+
|
543
557
|
def nothing_changed?
|
544
558
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
545
559
|
end
|
@@ -604,7 +618,7 @@ module Bundler
|
|
604
618
|
deps_for_source = @dependencies.select {|s| s.source == source }
|
605
619
|
locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
|
606
620
|
|
607
|
-
|
621
|
+
deps_for_source.sort != locked_deps_for_source.sort
|
608
622
|
end
|
609
623
|
|
610
624
|
def specs_for_source_changed?(source)
|
@@ -664,21 +678,20 @@ module Bundler
|
|
664
678
|
end
|
665
679
|
|
666
680
|
def converge_rubygems_sources
|
667
|
-
return false if
|
681
|
+
return false if disable_multisource?
|
668
682
|
|
669
|
-
|
683
|
+
return false if locked_gem_sources.empty?
|
670
684
|
|
671
|
-
# Get the RubyGems sources from the Gemfile.lock
|
672
|
-
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
673
685
|
# Get the RubyGems remotes from the Gemfile
|
674
686
|
actual_remotes = sources.rubygems_remotes
|
687
|
+
return false if actual_remotes.empty?
|
688
|
+
|
689
|
+
changes = false
|
675
690
|
|
676
691
|
# If there is a RubyGems source in both
|
677
|
-
|
678
|
-
|
679
|
-
|
680
|
-
changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
681
|
-
end
|
692
|
+
locked_gem_sources.each do |locked_gem|
|
693
|
+
# Merge the remotes from the Gemfile into the Gemfile.lock
|
694
|
+
changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
682
695
|
end
|
683
696
|
|
684
697
|
changes
|
@@ -818,11 +831,6 @@ module Bundler
|
|
818
831
|
# commonly happens if the version changed in the gemspec
|
819
832
|
next unless new_spec
|
820
833
|
|
821
|
-
new_runtime_deps = new_spec.dependencies.select {|d| d.type != :development }
|
822
|
-
old_runtime_deps = s.dependencies.select {|d| d.type != :development }
|
823
|
-
# If the dependencies of the path source have changed and locked spec can't satisfy new dependencies, unlock it
|
824
|
-
next unless new_runtime_deps.sort == old_runtime_deps.sort || new_runtime_deps.all? {|d| satisfies_locked_spec?(d) }
|
825
|
-
|
826
834
|
s.dependencies.replace(new_spec.dependencies)
|
827
835
|
end
|
828
836
|
|
@@ -889,7 +897,7 @@ module Bundler
|
|
889
897
|
dependencies.each do |dep|
|
890
898
|
dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name)
|
891
899
|
next unless remote || dep.current_platform?
|
892
|
-
target_platforms = dep.gem_platforms(remote ?
|
900
|
+
target_platforms = dep.gem_platforms(remote ? @platforms : [generic_local_platform])
|
893
901
|
deps += expand_dependency_with_platforms(dep, target_platforms)
|
894
902
|
end
|
895
903
|
deps
|
@@ -897,7 +905,7 @@ module Bundler
|
|
897
905
|
|
898
906
|
def expand_dependency_with_platforms(dep, platforms)
|
899
907
|
platforms.map do |p|
|
900
|
-
DepProxy.
|
908
|
+
DepProxy.get_proxy(dep, p)
|
901
909
|
end
|
902
910
|
end
|
903
911
|
|
@@ -908,29 +916,18 @@ module Bundler
|
|
908
916
|
# Record the specs available in each gem's source, so that those
|
909
917
|
# specs will be available later when the resolver knows where to
|
910
918
|
# look for that gemspec (or its dependencies)
|
911
|
-
|
912
|
-
source_requirements = { :default => default }
|
913
|
-
default = nil unless Bundler.feature_flag.disable_multisource?
|
914
|
-
dependencies.each do |dep|
|
915
|
-
next unless source = dep.source || default
|
916
|
-
source_requirements[dep.name] = source
|
917
|
-
end
|
919
|
+
source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
|
918
920
|
metadata_dependencies.each do |dep|
|
919
921
|
source_requirements[dep.name] = sources.metadata_source
|
920
922
|
end
|
923
|
+
source_requirements[:global] = index unless disable_multisource?
|
924
|
+
source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
|
921
925
|
source_requirements["bundler"] = sources.metadata_source # needs to come last to override
|
922
926
|
source_requirements
|
923
927
|
end
|
924
928
|
|
925
929
|
def pinned_spec_names(skip = nil)
|
926
|
-
|
927
|
-
default = Bundler.feature_flag.disable_multisource? && sources.default_source
|
928
|
-
@dependencies.each do |dep|
|
929
|
-
next unless dep_source = dep.source || default
|
930
|
-
next if dep_source == skip
|
931
|
-
pinned_names << dep.name
|
932
|
-
end
|
933
|
-
pinned_names
|
930
|
+
dependency_source_requirements.reject {|_, source| source == skip }.keys
|
934
931
|
end
|
935
932
|
|
936
933
|
def requested_groups
|
@@ -977,7 +974,7 @@ module Bundler
|
|
977
974
|
next requirements if @locked_gems.dependencies[name] != dependency
|
978
975
|
next requirements if dependency.source.is_a?(Source::Path)
|
979
976
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
980
|
-
requirements[name] = DepProxy.
|
977
|
+
requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
|
981
978
|
requirements
|
982
979
|
end.values
|
983
980
|
end
|
@@ -987,5 +984,18 @@ module Bundler
|
|
987
984
|
|
988
985
|
Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
|
989
986
|
end
|
987
|
+
|
988
|
+
def dependency_source_requirements
|
989
|
+
@dependency_source_requirements ||= begin
|
990
|
+
source_requirements = {}
|
991
|
+
default = disable_multisource? && sources.default_source
|
992
|
+
dependencies.each do |dep|
|
993
|
+
dep_source = dep.source || default
|
994
|
+
next unless dep_source
|
995
|
+
source_requirements[dep.name] = dep_source
|
996
|
+
end
|
997
|
+
source_requirements
|
998
|
+
end
|
999
|
+
end
|
990
1000
|
end
|
991
1001
|
end
|
data/lib/bundler/dep_proxy.rb
CHANGED
@@ -4,19 +4,18 @@ module Bundler
|
|
4
4
|
class DepProxy
|
5
5
|
attr_reader :__platform, :dep
|
6
6
|
|
7
|
+
@proxies = {}
|
8
|
+
|
9
|
+
def self.get_proxy(dep, platform)
|
10
|
+
@proxies[[dep, platform]] ||= new(dep, platform).freeze
|
11
|
+
end
|
12
|
+
|
7
13
|
def initialize(dep, platform)
|
8
14
|
@dep = dep
|
9
15
|
@__platform = platform
|
10
16
|
end
|
11
17
|
|
12
|
-
|
13
|
-
@hash ||= [dep, __platform].hash
|
14
|
-
end
|
15
|
-
|
16
|
-
def ==(other)
|
17
|
-
return false if other.class != self.class
|
18
|
-
dep == other.dep && __platform == other.__platform
|
19
|
-
end
|
18
|
+
private_class_method :new
|
20
19
|
|
21
20
|
alias_method :eql?, :==
|
22
21
|
|
@@ -39,6 +38,14 @@ module Bundler
|
|
39
38
|
s
|
40
39
|
end
|
41
40
|
|
41
|
+
def dup
|
42
|
+
raise NoMethodError.new("DepProxy cannot be duplicated")
|
43
|
+
end
|
44
|
+
|
45
|
+
def clone
|
46
|
+
raise NoMethodError.new("DepProxy cannot be cloned")
|
47
|
+
end
|
48
|
+
|
42
49
|
private
|
43
50
|
|
44
51
|
def method_missing(*args, &blk)
|
data/lib/bundler/dsl.rb
CHANGED
@@ -24,6 +24,9 @@ module Bundler
|
|
24
24
|
def initialize
|
25
25
|
@source = nil
|
26
26
|
@sources = SourceList.new
|
27
|
+
|
28
|
+
@global_rubygems_sources = []
|
29
|
+
|
27
30
|
@git_sources = {}
|
28
31
|
@dependencies = []
|
29
32
|
@groups = []
|
@@ -45,6 +48,7 @@ module Bundler
|
|
45
48
|
@gemfiles << expanded_gemfile_path
|
46
49
|
contents ||= Bundler.read_file(@gemfile.to_s)
|
47
50
|
instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
|
51
|
+
check_primary_source_safety
|
48
52
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
49
53
|
message = "There was an error " \
|
50
54
|
"#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
|
@@ -164,8 +168,7 @@ module Bundler
|
|
164
168
|
elsif block_given?
|
165
169
|
with_source(@sources.add_rubygems_source("remotes" => source), &blk)
|
166
170
|
else
|
167
|
-
|
168
|
-
@sources.global_rubygems_source = source
|
171
|
+
@global_rubygems_sources << source
|
169
172
|
end
|
170
173
|
end
|
171
174
|
|
@@ -183,24 +186,14 @@ module Bundler
|
|
183
186
|
end
|
184
187
|
|
185
188
|
def path(path, options = {}, &blk)
|
186
|
-
unless block_given?
|
187
|
-
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
188
|
-
"either use the :path option on a gem, or specify the gems that \n" \
|
189
|
-
"bundler should find in the path source by passing a block to \n" \
|
190
|
-
"the path method, like: \n\n" \
|
191
|
-
" path 'dir/containing/rails' do\n" \
|
192
|
-
" gem 'rails'\n" \
|
193
|
-
" end\n\n"
|
194
|
-
|
195
|
-
raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
|
196
|
-
SharedHelpers.major_deprecation(2, msg.strip)
|
197
|
-
end
|
198
|
-
|
199
189
|
source_options = normalize_hash(options).merge(
|
200
190
|
"path" => Pathname.new(path),
|
201
191
|
"root_path" => gemfile_root,
|
202
192
|
"gemspec" => gemspecs.find {|g| g.name == options["name"] }
|
203
193
|
)
|
194
|
+
|
195
|
+
source_options["global"] = true unless block_given?
|
196
|
+
|
204
197
|
source = @sources.add_path_source(source_options)
|
205
198
|
with_source(source, &blk)
|
206
199
|
end
|
@@ -279,6 +272,11 @@ module Bundler
|
|
279
272
|
raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
|
280
273
|
end
|
281
274
|
|
275
|
+
def check_primary_source_safety
|
276
|
+
check_path_source_safety
|
277
|
+
check_rubygems_source_safety
|
278
|
+
end
|
279
|
+
|
282
280
|
private
|
283
281
|
|
284
282
|
def add_git_sources
|
@@ -440,25 +438,40 @@ repo_name ||= user_name
|
|
440
438
|
end
|
441
439
|
end
|
442
440
|
|
443
|
-
def
|
444
|
-
return if
|
441
|
+
def check_path_source_safety
|
442
|
+
return if @sources.global_path_source.nil?
|
443
|
+
|
444
|
+
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
445
|
+
"either use the :path option on a gem, or specify the gems that \n" \
|
446
|
+
"bundler should find in the path source by passing a block to \n" \
|
447
|
+
"the path method, like: \n\n" \
|
448
|
+
" path 'dir/containing/rails' do\n" \
|
449
|
+
" gem 'rails'\n" \
|
450
|
+
" end\n\n"
|
445
451
|
|
446
|
-
|
452
|
+
SharedHelpers.major_deprecation(2, msg.strip)
|
453
|
+
end
|
454
|
+
|
455
|
+
def check_rubygems_source_safety
|
456
|
+
if @global_rubygems_sources.size <= 1
|
457
|
+
@sources.global_rubygems_source = @global_rubygems_sources.first
|
458
|
+
return
|
459
|
+
end
|
460
|
+
|
461
|
+
@global_rubygems_sources.each do |source|
|
462
|
+
@sources.add_rubygems_remote(source)
|
463
|
+
end
|
464
|
+
|
465
|
+
if Bundler.feature_flag.bundler_3_mode?
|
447
466
|
msg = "This Gemfile contains multiple primary sources. " \
|
448
467
|
"Each source after the first must include a block to indicate which gems " \
|
449
468
|
"should come from that source"
|
450
|
-
unless Bundler.feature_flag.bundler_2_mode?
|
451
|
-
msg += ". To downgrade this error to a warning, run " \
|
452
|
-
"`bundle config unset disable_multisource`"
|
453
|
-
end
|
454
469
|
raise GemfileEvalError, msg
|
455
470
|
else
|
456
471
|
Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
|
457
472
|
"Using `source` more than once without a block is a security risk, and " \
|
458
473
|
"may result in installing unexpected gems. To resolve this warning, use " \
|
459
|
-
"a block to indicate which gems should come from the secondary source.
|
460
|
-
"To upgrade this warning to an error, run `bundle config set --local " \
|
461
|
-
"disable_multisource true`."
|
474
|
+
"a block to indicate which gems should come from the secondary source."
|
462
475
|
end
|
463
476
|
end
|
464
477
|
|