bundler 2.3.13 → 2.3.16

data/lib/bundler/man/bundle-install.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-INSTALL" "1" "March 2022" "" ""
+.TH "BUNDLE\-INSTALL" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile

data/lib/bundler/man/bundle-list.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-LIST" "1" "March 2022" "" ""
+.TH "BUNDLE\-LIST" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle

data/lib/bundler/man/bundle-lock.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-LOCK" "1" "March 2022" "" ""
+.TH "BUNDLE\-LOCK" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing

data/lib/bundler/man/bundle-open.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-OPEN" "1" "March 2022" "" ""
+.TH "BUNDLE\-OPEN" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle

data/lib/bundler/man/bundle-outdated.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-OUTDATED" "1" "March 2022" "" ""
+.TH "BUNDLE\-OUTDATED" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available

data/lib/bundler/man/bundle-platform.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-PLATFORM" "1" "March 2022" "" ""
+.TH "BUNDLE\-PLATFORM" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information

data/lib/bundler/man/bundle-pristine.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-PRISTINE" "1" "March 2022" "" ""
+.TH "BUNDLE\-PRISTINE" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition

data/lib/bundler/man/bundle-remove.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-REMOVE" "1" "March 2022" "" ""
+.TH "BUNDLE\-REMOVE" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile

data/lib/bundler/man/bundle-show.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-SHOW" "1" "March 2022" "" ""
+.TH "BUNDLE\-SHOW" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem

data/lib/bundler/man/bundle-update.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-UPDATE" "1" "March 2022" "" ""
+.TH "BUNDLE\-UPDATE" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions

data/lib/bundler/man/bundle-viz.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-VIZ" "1" "March 2022" "" ""
+.TH "BUNDLE\-VIZ" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile

data/lib/bundler/man/bundle.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE" "1" "March 2022" "" ""
+.TH "BUNDLE" "1" "May 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management

data/lib/bundler/man/gemfile.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GEMFILE" "5" "March 2022" "" ""
+.TH "GEMFILE" "5" "May 2022" "" ""
 .
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs

data/lib/bundler/plugin/api/source.rb

@@ -258,7 +258,7 @@ module Bundler
           @dependencies |= Array(names)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def can_lock?(spec)
           spec.source == self
         end
@@ -285,7 +285,7 @@ module Bundler
         end
         alias_method :identifier, :to_s
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def include?(other)
           other == self
         end
@@ -294,7 +294,7 @@ module Bundler
           SharedHelpers.digest(:SHA1).hexdigest(uri)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def gem_install_dir
           Bundler.install_path
         end

data/lib/bundler/plugin/installer/git.rb

@@ -20,10 +20,6 @@ module Bundler
           end
         end
 
-        def version_message(spec)
-          "#{spec.name} #{spec.version}"
-        end
-
         def root
           Plugin.root
         end

data/lib/bundler/plugin/installer/rubygems.rb

@@ -4,10 +4,6 @@ module Bundler
   module Plugin
     class Installer
       class Rubygems < Bundler::Source::Rubygems
-        def version_message(spec)
-          "#{spec.name} #{spec.version}"
-        end
-
         private
 
         def requires_sudo?

data/lib/bundler/process_lock.rb

@@ -12,7 +12,7 @@ module Bundler
         yield
         f.flock(File::LOCK_UN)
       end
-    rescue Errno::EACCES, Errno::ENOLCK, Errno::ENOTSUP
+    rescue Errno::EACCES, Errno::ENOLCK, Errno::ENOTSUP, Errno::EPERM, Errno::EROFS
       # In the case the user does not have access to
       # create the lock file or is using NFS where
       # locks are not available we skip locking.

data/lib/bundler/resolver.rb

@@ -19,13 +19,15 @@ module Bundler
     #   collection of gemspecs is returned. Otherwise, nil is returned.
     def self.resolve(requirements, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
       base = SpecSet.new(base) unless base.is_a?(SpecSet)
-      resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+      metadata_requirements, regular_requirements = requirements.partition {|dep| dep.name.end_with?("\0") }
+      resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms, metadata_requirements)
       result = resolver.start(requirements)
-      SpecSet.new(SpecSet.new(result).for(requirements.reject{|dep| dep.name.end_with?("\0") }))
+      SpecSet.new(SpecSet.new(result).for(regular_requirements))
     end
 
-    def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+    def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms, metadata_requirements)
       @source_requirements = source_requirements
+      @metadata_requirements = metadata_requirements
       @base = base
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
@@ -231,19 +233,17 @@ module Bundler
     # before dependencies that are unconstrained
     def amount_constrained(dependency)
       @amount_constrained ||= {}
-      @amount_constrained[dependency.name] ||= begin
-        if (base = @base[dependency.name]) && !base.empty?
-          dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
-        else
-          all = index_for(dependency).search(dependency.name).size
+      @amount_constrained[dependency.name] ||= if (base = @base[dependency.name]) && !base.empty?
+        dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
+      else
+        all = index_for(dependency).search(dependency.name).size
 
-          if all <= 1
-            all - 1_000_000
-          else
-            search = search_for(dependency)
-            search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
-            search - all
-          end
+        if all <= 1
+          all - 1_000_000
+        else
+          search = search_for(dependency)
+          search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
+          search - all
         end
       end
     end
@@ -344,8 +344,6 @@ module Bundler
             trees.sort_by! {|t| t.reverse.map(&:name) }
           end
 
-          metadata_requirements = {}
-
           o << trees.map do |tree|
             t = "".dup
             depth = 2
@@ -354,7 +352,6 @@ module Bundler
             base_tree_name = base_tree.name
 
             if base_tree_name.end_with?("\0")
-              metadata_requirements[base_tree_name] = base_tree
               t = nil
             else
               tree.each do |req|
@@ -393,10 +390,10 @@ module Bundler
               end
             end
           elsif name.end_with?("\0")
-            o << %(\n  Current #{name} version:\n    #{SharedHelpers.pretty_dependency(metadata_requirements[name])}\n\n)
+            o << %(\n  Current #{name} version:\n    #{SharedHelpers.pretty_dependency(@metadata_requirements.find {|req| req.name == name })}\n\n)
           elsif conflict.locked_requirement
             o << "\n"
-            o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
+            o << %(Deleting your #{name_for_locking_dependency_source} file and running `bundle install` will rebuild your snapshot from scratch, using only\n)
             o << %(the gems in your Gemfile, which may resolve the conflict.\n)
           elsif !conflict.existing
             o << "\n"

data/lib/bundler/rubygems_ext.rb

@@ -34,7 +34,7 @@ module Gem
 
     def full_gem_path
       if source.respond_to?(:root)
-        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap{|x| x.untaint if RUBY_VERSION < "2.7" }
+        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap {|x| x.untaint if RUBY_VERSION < "2.7" }
       else
         rg_full_gem_path
       end

data/lib/bundler/rubygems_gem_installer.rb

@@ -90,17 +90,20 @@ module Bundler
       end
     end
 
+    def spec
+      if Bundler.rubygems.provides?("< 3.3.12") # RubyGems implementation rescues and re-raises errors before 3.3.12 and we don't want that
+        @package.spec
+      else
+        super
+      end
+    end
+
     private
 
     def strict_rm_rf(dir)
-      # FileUtils.rm_rf should probably rise in case of permission issues like
-      # `rm -rf` does. However, it fails to delete the folder silently due to
-      # https://github.com/ruby/fileutils/issues/57. It should probably be fixed
-      # inside `fileutils` but for now I`m checking whether the folder was
-      # removed after it completes, and raising otherwise.
-      FileUtils.rm_rf dir
-
-      raise PermissionError.new(dir, :delete) if File.directory?(dir)
+      Bundler.rm_rf dir
+    rescue Errno::ENOTEMPTY => e
+      raise DirectoryRemovalError.new(e.cause, "Could not delete previous installation of `#{dir}`")
     end
 
     def validate_bundler_checksum(checksum)

data/lib/bundler/rubygems_integration.rb

@@ -203,20 +203,9 @@ module Bundler
       EXT_LOCK
     end
 
-    def spec_from_gem(path, policy = nil)
-      require "rubygems/security"
-      require "psych"
-      gem_from_path(path, security_policies[policy]).spec
-    rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
-      if e.is_a?(Gem::Security::Exception) ||
-          e.message =~ /unknown trust policy|unsigned gem/i ||
-          e.message =~ /couldn't verify (meta)?data signature/i
-        raise SecurityError,
-          "The gem #{File.basename(path, ".gem")} can't be installed because " \
-          "the security policy didn't allow it, with the message: #{e.message}"
-      else
-        raise e
-      end
+    def spec_from_gem(path)
+      require "rubygems/package"
+      Gem::Package.new(path).spec
     end
 
     def build_gem(gem_dir, spec)
@@ -514,13 +503,6 @@ module Bundler
       Gem::RemoteFetcher.new(proxy)
     end
 
-    def gem_from_path(path, policy = nil)
-      require "rubygems/package"
-      p = Gem::Package.new(path)
-      p.security_policy = policy if policy
-      p
-    end
-
     def build(spec, skip_validation = false)
       require "rubygems/package"
       Gem::Package.build(spec, skip_validation)

data/lib/bundler/settings.rb

@@ -487,7 +487,7 @@ module Bundler
       /ix.freeze
 
     def self.key_for(key)
-      key = normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
+      key = normalize_uri(key).to_s if key.is_a?(String) && key.start_with?("http", "mirror.http")
       key = key.to_s.gsub(".", "__").gsub("-", "___").upcase
       "BUNDLE_#{key}"
     end

data/lib/bundler/shared_helpers.rb

@@ -13,13 +13,13 @@ module Bundler
     def root
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).tap{|x| x.untaint if RUBY_VERSION < "2.7" }.expand_path.parent
+      Pathname.new(gemfile).tap {|x| x.untaint if RUBY_VERSION < "2.7" }.expand_path.parent
     end
 
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).tap{|x| x.untaint if RUBY_VERSION < "2.7" }.expand_path
+      Pathname.new(gemfile).tap {|x| x.untaint if RUBY_VERSION < "2.7" }.expand_path
     end
 
     def default_lockfile
@@ -28,7 +28,7 @@ module Bundler
       case gemfile.basename.to_s
       when "gems.rb" then Pathname.new(gemfile.sub(/.rb$/, ".locked"))
       else Pathname.new("#{gemfile}.lock")
-      end.tap{|x| x.untaint if RUBY_VERSION < "2.7" }
+      end.tap {|x| x.untaint if RUBY_VERSION < "2.7" }
     end
 
     def default_bundle_dir
@@ -100,7 +100,7 @@ module Bundler
     #
     # @see {Bundler::PermissionError}
     def filesystem_access(path, action = :write, &block)
-      yield(path.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" })
+      yield(path.dup.tap {|x| x.untaint if RUBY_VERSION < "2.7" })
     rescue Errno::EACCES
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN
@@ -236,7 +236,7 @@ module Bundler
 
     def search_up(*names)
       previous = nil
-      current  = File.expand_path(SharedHelpers.pwd).tap{|x| x.untaint if RUBY_VERSION < "2.7" }
+      current  = File.expand_path(SharedHelpers.pwd).tap {|x| x.untaint if RUBY_VERSION < "2.7" }
 
       until !File.directory?(current) || current == previous
         if ENV["BUNDLER_SPEC_RUN"]

data/lib/bundler/source/git.rb

@@ -181,7 +181,7 @@ module Bundler
       def install(spec, options = {})
         force = options[:force]
 
-        print_using_message "Using #{version_message(spec)} from #{self}"
+        print_using_message "Using #{version_message(spec, options[:previous_spec])} from #{self}"
 
         if (requires_checkout? && !@copied) || force
           Bundler.ui.debug "  * Checking out revision: #{ref}"
@@ -219,13 +219,11 @@ module Bundler
       # across different projects, this cache will be shared.
       # When using local git repos, this is set to the local repo.
       def cache_path
-        @cache_path ||= begin
-          if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
-            Bundler.user_cache
-          else
-            Bundler.bundle_path.join("cache", "bundler")
-          end.join("git", git_scope)
-        end
+        @cache_path ||= if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
+          Bundler.user_cache
+        else
+          Bundler.bundle_path.join("cache", "bundler")
+        end.join("git", git_scope)
       end
 
       def app_cache_dirname
@@ -336,7 +334,7 @@ module Bundler
 
       def load_gemspec(file)
         stub = Gem::StubSpecification.gemspec_stub(file, install_path.parent, install_path.parent)
-        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.tap{|x| x.untaint if RUBY_VERSION < "2.7" }
+        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.tap {|x| x.untaint if RUBY_VERSION < "2.7" }
         StubSpecification.from_stub(stub)
       end
 

data/lib/bundler/source/path.rb

@@ -82,7 +82,7 @@ module Bundler
       end
 
       def install(spec, options = {})
-        using_message = "Using #{version_message(spec)} from #{self}"
+        using_message = "Using #{version_message(spec, options[:previous_spec])} from #{self}"
         using_message += " and installing its executables" unless spec.executables.empty?
         print_using_message using_message
         generate_bin(spec, :disable_extensions => true)