RubyGems - bundler - Versions diffs - 2.2.7 → 2.2.17 - Mend

bundler 2.2.7 → 2.2.17

Potentially problematic release.

This version of bundler might be problematic. Click here for more details.

Files changed (89) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +132 -5
data/lib/bundler.rb +1 -1
data/lib/bundler/build_metadata.rb +2 -2
data/lib/bundler/cli.rb +4 -2
data/lib/bundler/cli/common.rb +15 -2
data/lib/bundler/cli/gem.rb +43 -17
data/lib/bundler/cli/outdated.rb +1 -1
data/lib/bundler/compact_index_client/updater.rb +10 -6
data/lib/bundler/current_ruby.rb +1 -0
data/lib/bundler/definition.rb +63 -58
data/lib/bundler/dsl.rb +36 -25
data/lib/bundler/feature_flag.rb +0 -1
data/lib/bundler/fetcher.rb +2 -1
data/lib/bundler/fetcher/downloader.rb +8 -4
data/lib/bundler/gem_helper.rb +16 -0
data/lib/bundler/index.rb +6 -5
data/lib/bundler/injector.rb +2 -2
data/lib/bundler/inline.rb +2 -1
data/lib/bundler/installer.rb +2 -0
data/lib/bundler/installer/parallel_installer.rb +36 -15
data/lib/bundler/installer/standalone.rb +2 -1
data/lib/bundler/lazy_specification.rb +14 -18
data/lib/bundler/lockfile_parser.rb +3 -13
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +25 -8
data/lib/bundler/man/bundle-config.1.ronn +29 -10
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +1 -1
data/lib/bundler/man/bundle-install.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/plugin.rb +3 -2
data/lib/bundler/plugin/api/source.rb +7 -0
data/lib/bundler/plugin/installer.rb +8 -10
data/lib/bundler/plugin/source_list.rb +4 -0
data/lib/bundler/resolver.rb +82 -65
data/lib/bundler/resolver/spec_group.rb +53 -38
data/lib/bundler/retry.rb +1 -1
data/lib/bundler/rubygems_gem_installer.rb +47 -0
data/lib/bundler/settings.rb +60 -10
data/lib/bundler/shared_helpers.rb +2 -2
data/lib/bundler/source.rb +6 -0
data/lib/bundler/source/metadata.rb +0 -4
data/lib/bundler/source/path.rb +3 -1
data/lib/bundler/source/path/installer.rb +1 -1
data/lib/bundler/source/rubygems.rb +22 -6
data/lib/bundler/source_list.rb +29 -24
data/lib/bundler/spec_set.rb +22 -8
data/lib/bundler/stub_specification.rb +8 -0
data/lib/bundler/templates/Gemfile +1 -1
data/lib/bundler/templates/gems.rb +1 -1
data/lib/bundler/templates/newgem/CHANGELOG.md.tt +5 -0
data/lib/bundler/templates/newgem/README.md.tt +5 -3
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -4
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +0 -1
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +11 -5
data/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +1 -1
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor.rb +5 -6
data/lib/bundler/vendor/thor/lib/thor/actions.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +4 -2
data/lib/bundler/vendor/thor/lib/thor/error.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/parser/arguments.rb +5 -1
data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +9 -8
data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +5 -2
data/lib/bundler/vendor/thor/lib/thor/shell/color.rb +5 -1
data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +1 -1
data/lib/bundler/version.rb +1 -1
metadata +4 -3

data/lib/bundler/retry.rb CHANGED Viewed

@@ -49,7 +49,7 @@ module Bundler
         raise e
       end
       return true unless name
-      Bundler.ui.info "" unless Bundler.ui.debug? # Add new line incase dots preceded this
+      Bundler.ui.info "" unless Bundler.ui.debug? # Add new line in case dots preceded this
       Bundler.ui.warn "Retrying #{name} due to error (#{current_run.next}/#{total_runs}): #{e.class} #{e.message}", Bundler.ui.debug?
     end

data/lib/bundler/rubygems_gem_installer.rb CHANGED Viewed

@@ -8,6 +8,53 @@ module Bundler
       # Bundler needs to install gems regardless of binstub overwriting
     end
+    def install
+      pre_install_checks
+      run_pre_install_hooks
+      spec.loaded_from = spec_file
+      # Completely remove any previous gem files
+      FileUtils.rm_rf gem_dir
+      FileUtils.rm_rf spec.extension_dir
+      FileUtils.mkdir_p gem_dir, :mode => 0o755
+      extract_files
+      build_extensions
+      write_build_info_file
+      run_post_build_hooks
+      generate_bin
+      generate_plugins
+      write_spec
+      write_cache_file
+      say spec.post_install_message unless spec.post_install_message.nil?
+      run_post_install_hooks
+      spec
+    end
+    def generate_plugins
+      return unless Gem::Installer.instance_methods(false).include?(:generate_plugins)
+      latest = Gem::Specification.stubs_for(spec.name).first
+      return if latest && latest.version > spec.version
+      ensure_writable_dir @plugins_dir
+      if spec.plugins.empty?
+        remove_plugins_for(spec, @plugins_dir)
+      else
+        regenerate_plugins_for(spec, @plugins_dir)
+      end
+    end
     def pre_install_checks
       super && validate_bundler_checksum(options[:bundler_expected_checksum])
     end

data/lib/bundler/settings.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Bundler
       auto_install
       cache_all
       cache_all_platforms
+      clean
       default_install_uses_path
       deployment
       deployment_means_frozen
@@ -26,14 +27,16 @@ module Bundler
       force_ruby_platform
       forget_cli_options
       frozen
+      gem.changelog
       gem.coc
       gem.mit
+      git.allow_insecure
       global_gem_cache
       ignore_messages
       init_gems_rb
+      inline
       no_install
       no_prune
-      only_update_to_newer_versions
       path_relative_to_cwd
       path.system
       plugins
@@ -61,6 +64,22 @@ module Bundler
       without
     ].freeze
+    STRING_KEYS = %w[
+      bin
+      cache_path
+      console
+      gem.ci
+      gem.github_username
+      gem.linter
+      gem.rubocop
+      gem.test
+      gemfile
+      path
+      shebang
+      system_bindir
+      trust-policy
+    ].freeze
     DEFAULT_CONFIG = {
       "BUNDLE_SILENCE_DEPRECATIONS" => false,
       "BUNDLE_DISABLE_VERSION_CHECK" => true,
@@ -126,8 +145,8 @@ module Bundler
       keys = @temporary.keys | @global_config.keys | @local_config.keys | @env_config.keys
       keys.map do |key|
-        key.sub(/^BUNDLE_/, "").gsub(/__/, ".").downcase
-      end
+        key.sub(/^BUNDLE_/, "").gsub(/___/, "-").gsub(/__/, ".").downcase
+      end.sort
     end
     def local_overrides
@@ -173,19 +192,19 @@ module Bundler
       locations = []
       if value = @temporary[key]
-        locations << "Set for the current command: #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for the current command: #{printable_value(value, exposed_key).inspect}"
       end
       if value = @local_config[key]
-        locations << "Set for your local app (#{local_config_file}): #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for your local app (#{local_config_file}): #{printable_value(value, exposed_key).inspect}"
       end
       if value = @env_config[key]
-        locations << "Set via #{key}: #{converted_value(value, exposed_key).inspect}"
+        locations << "Set via #{key}: #{printable_value(value, exposed_key).inspect}"
       end
       if value = @global_config[key]
-        locations << "Set for the current user (#{global_config_file}): #{converted_value(value, exposed_key).inspect}"
+        locations << "Set for the current user (#{global_config_file}): #{printable_value(value, exposed_key).inspect}"
       end
       return ["You have not configured a value for `#{exposed_key}`"] if locations.empty?
@@ -277,9 +296,7 @@ module Bundler
     end
     def key_for(key)
-      key = Settings.normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
-      key = key.to_s.gsub(".", "__").upcase
-      "BUNDLE_#{key}"
+      self.class.key_for(key)
     end
     private
@@ -314,6 +331,10 @@ module Bundler
       BOOL_KEYS.include?(name.to_s) || BOOL_KEYS.include?(parent_setting_for(name.to_s))
     end
+    def is_string(name)
+      STRING_KEYS.include?(name.to_s) || name.to_s.start_with?("local.") || name.to_s.start_with?("mirror.") || name.to_s.start_with?("build.")
+    end
     def to_bool(value)
       case value
       when nil, /\A(false|f|no|n|0|)\z/i, false
@@ -331,6 +352,14 @@ module Bundler
       ARRAY_KEYS.include?(key.to_s)
     end
+    def is_credential(key)
+      key == "gem.push_key"
+    end
+    def is_userinfo(value)
+      value.include?(":")
+    end
     def to_array(value)
       return [] unless value
       value.split(":").map(&:to_sym)
@@ -377,6 +406,21 @@ module Bundler
       end
     end
+    def printable_value(value, key)
+      converted = converted_value(value, key)
+      return converted unless converted.is_a?(String)
+      if is_string(key)
+        converted
+      elsif is_credential(key)
+        "[REDACTED]"
+      elsif is_userinfo(converted)
+        converted.gsub(/:.*$/, ":[REDACTED]")
+      else
+        converted
+      end
+    end
     def global_config_file
       if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
         Pathname.new(ENV["BUNDLE_CONFIG"])
@@ -416,6 +460,12 @@ module Bundler
         \z
       /ix.freeze
+    def self.key_for(key)
+      key = normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
+      key = key.to_s.gsub(".", "__").gsub("-", "___").upcase
+      "BUNDLE_#{key}"
+    end
     # TODO: duplicates Rubygems#normalize_uri
     # TODO: is this the correct place to validate mirror URIs?
     def self.normalize_uri(uri)

data/lib/bundler/shared_helpers.rb CHANGED Viewed

@@ -194,11 +194,11 @@ module Bundler
       return @md5_available if defined?(@md5_available)
       @md5_available = begin
         require "openssl"
-        OpenSSL::Digest.digest("MD5", "")
+        ::OpenSSL::Digest.digest("MD5", "")
         true
       rescue LoadError
         true
-      rescue OpenSSL::Digest::DigestError
+      rescue ::OpenSSL::Digest::DigestError
         false
       end
     end

data/lib/bundler/source.rb CHANGED Viewed

@@ -33,6 +33,12 @@ module Bundler
       spec.source == self
     end
+    def local!; end
+    def cached!; end
+    def remote!; end
     # it's possible that gems from one source depend on gems from some
     # other source, so now we download gemspecs and iterate over those
     # dependencies, looking for gems we don't have info on yet.

data/lib/bundler/source/metadata.rb CHANGED Viewed

@@ -33,10 +33,6 @@ module Bundler
         end
       end
-      def cached!; end
-      def remote!; end
       def options
         {}
       end

data/lib/bundler/source/path.rb CHANGED Viewed

@@ -82,7 +82,9 @@ module Bundler
       end
       def install(spec, options = {})
-        print_using_message "Using #{version_message(spec)} from #{self}"
+        using_message = "Using #{version_message(spec)} from #{self}"
+        using_message += " and installing its executables" unless spec.executables.empty?
+        print_using_message using_message
         generate_bin(spec, :disable_extensions => true)
         nil # no post-install message
       end

data/lib/bundler/source/path/installer.rb CHANGED Viewed

@@ -35,7 +35,7 @@ module Bundler
             run_hooks(:post_build)
           end
-          generate_bin unless spec.executables.nil? || spec.executables.empty?
+          generate_bin unless spec.executables.empty?
           run_hooks(:post_install)
         ensure

data/lib/bundler/source/rubygems.rb CHANGED Viewed

@@ -20,17 +20,29 @@ module Bundler
         @dependency_names = []
         @allow_remote = false
         @allow_cached = false
+        @allow_local = options["allow_local"] || false
         @caches = [cache_path, *Bundler.rubygems.gem_cache]
-        Array(options["remotes"] || []).reverse_each {|r| add_remote(r) }
+        Array(options["remotes"]).reverse_each {|r| add_remote(r) }
+      end
+      def local!
+        return if @allow_local
+        @specs = nil
+        @allow_local = true
       end
       def remote!
+        return if @allow_remote
         @specs = nil
         @allow_remote = true
       end
       def cached!
+        return if @allow_cached
         @specs = nil
         @allow_cached = true
       end
@@ -49,8 +61,12 @@ module Bundler
         o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
       end
+      def disable_multisource?
+        @remotes.size <= 1
+      end
       def can_lock?(spec)
-        return super if Bundler.feature_flag.disable_multisource?
+        return super if disable_multisource?
         spec.source.is_a?(Rubygems)
       end
@@ -87,7 +103,7 @@ module Bundler
           # small_idx.use large_idx.
           idx = @allow_remote ? remote_specs.dup : Index.new
           idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote
-          idx.use(installed_specs, :override_dupes)
+          idx.use(installed_specs, :override_dupes) if @allow_local
           idx
         end
       end
@@ -365,7 +381,7 @@ module Bundler
       def cached_specs
         @cached_specs ||= begin
-          idx = installed_specs.dup
+          idx = @allow_local ? installed_specs.dup : Index.new
           Dir["#{cache_path}/*.gem"].each do |gemfile|
             next if gemfile =~ /^bundler\-[\d\.]+?\.gem/
@@ -407,11 +423,11 @@ module Bundler
       def fetch_names(fetchers, dependency_names, index, override_dupes)
         fetchers.each do |f|
           if dependency_names
-            Bundler.ui.info "Fetching gem metadata from #{f.uri}", Bundler.ui.debug?
+            Bundler.ui.info "Fetching gem metadata from #{URICredentialsFilter.credential_filtered_uri(f.uri)}", Bundler.ui.debug?
             index.use f.specs_with_retry(dependency_names, self), override_dupes
             Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
           else
-            Bundler.ui.info "Fetching source index from #{f.uri}"
+            Bundler.ui.info "Fetching source index from #{URICredentialsFilter.credential_filtered_uri(f.uri)}"
             index.use f.specs_with_retry(nil, self), override_dupes
           end
         end

data/lib/bundler/source_list.rb CHANGED Viewed

@@ -1,30 +1,44 @@
 # frozen_string_literal: true
-require "set"
 module Bundler
   class SourceList
     attr_reader :path_sources,
       :git_sources,
       :plugin_sources,
-      :global_rubygems_source,
+      :global_path_source,
       :metadata_source
+    def global_rubygems_source
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
+    end
     def initialize
       @path_sources           = []
       @git_sources            = []
       @plugin_sources         = []
       @global_rubygems_source = nil
-      @rubygems_aggregate     = rubygems_aggregate_class.new
+      @global_path_source     = nil
       @rubygems_sources       = []
       @metadata_source        = Source::Metadata.new
+      @disable_multisource = true
+    end
+    def disable_multisource?
+      @disable_multisource
+    end
+    def merged_gem_lockfile_sections!
+      @disable_multisource = false
     end
     def add_path_source(options = {})
       if options["gemspec"]
         add_source_to_list Source::Gemspec.new(options), path_sources
       else
-        add_source_to_list Source::Path.new(options), path_sources
+        path_source = add_source_to_list Source::Path.new(options), path_sources
+        @global_path_source ||= path_source if options["global"]
+        path_source
       end
     end
@@ -43,24 +57,20 @@ module Bundler
     end
     def global_rubygems_source=(uri)
-      if Bundler.feature_flag.disable_multisource?
-        @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
-      end
-      add_rubygems_remote(uri)
+      @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri, "allow_local" => true)
     end
     def add_rubygems_remote(uri)
-      return if Bundler.feature_flag.disable_multisource?
-      @rubygems_aggregate.add_remote(uri)
-      @rubygems_aggregate
+      global_rubygems_source.add_remote(uri)
+      global_rubygems_source
     end
     def default_source
-      global_rubygems_source || @rubygems_aggregate
+      global_path_source || global_rubygems_source
     end
     def rubygems_sources
-      @rubygems_sources + [default_source]
+      @rubygems_sources + [global_rubygems_source]
     end
     def rubygems_remotes
@@ -77,8 +87,8 @@ module Bundler
     def lock_sources
       lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
-      if Bundler.feature_flag.disable_multisource?
-        lock_sources + rubygems_sources.sort_by(&:to_s)
+      if disable_multisource?
+        lock_sources + rubygems_sources.sort_by(&:to_s).uniq
       else
         lock_sources << combine_rubygems_sources
       end
@@ -94,12 +104,11 @@ module Bundler
         end
       end
-      replacement_rubygems = !Bundler.feature_flag.disable_multisource? &&
+      replacement_rubygems = !disable_multisource? &&
         replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
-      @rubygems_aggregate = replacement_rubygems if replacement_rubygems
+      @global_rubygems_source = replacement_rubygems if replacement_rubygems
       return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
-      return true if replacement_rubygems && rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
       false
     end
@@ -112,10 +121,6 @@ module Bundler
       all_sources.each(&:remote!)
     end
-    def rubygems_primary_remotes
-      @rubygems_aggregate.remotes
-    end
     private
     def rubygems_aggregate_class
@@ -153,7 +158,7 @@ module Bundler
     end
     def equal_sources?(lock_sources, replacement_sources)
-      lock_sources.to_set == replacement_sources.to_set
+      lock_sources.sort_by(&:to_s) == replacement_sources.sort_by(&:to_s)
     end
     def equal_source?(source, other_source)