bundler 2.3.26 → 2.4.13

data/lib/bundler/dsl.rb

@@ -277,8 +277,8 @@ module Bundler
         if repo_name =~ GITHUB_PULL_REQUEST_URL
           {
             "git" => "https://github.com/#{$1}.git",
-            "branch" => "refs/pull/#{$2}/head",
-            "ref" => nil,
+            "branch" => nil,
+            "ref" => "refs/pull/#{$2}/head",
             "tag" => nil,
           }
         else
@@ -324,7 +324,7 @@ module Bundler
       if name.is_a?(Symbol)
         raise GemfileError, %(You need to specify gem names as Strings. Use 'gem "#{name}"' instead)
       end
-      if name =~ /\s/
+      if /\s/.match?(name)
         raise GemfileError, %('#{name}' is not a valid gem name because it contains whitespace)
       end
       raise GemfileError, %(an empty gem name is not valid) if name.empty?

data/lib/bundler/endpoint_specification.rb

@@ -26,10 +26,6 @@ module Bundler
       @platform
     end
 
-    def identifier
-      @__identifier ||= [name, version, platform.to_s]
-    end
-
     # needed for standalone, load required_paths from local gemspec
     # after the gem is installed
     def require_paths

data/lib/bundler/env.rb

@@ -75,7 +75,7 @@ module Bundler
     end
 
     def self.git_version
-      Bundler::Source::Git::GitProxy.new(nil, nil, nil).full_version
+      Bundler::Source::Git::GitProxy.new(nil, nil).full_version
     rescue Bundler::Source::Git::GitNotInstalledError
       "not installed"
     end

data/lib/bundler/environment_preserver.rb

@@ -2,11 +2,12 @@
 
 module Bundler
   class EnvironmentPreserver
-    INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL".freeze
+    INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL"
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
       BUNDLER_VERSION
+      BUNDLER_SETUP
       GEM_HOME
       GEM_PATH
       MANPATH
@@ -15,7 +16,7 @@ module Bundler
       RUBYLIB
       RUBYOPT
     ].map(&:freeze).freeze
-    BUNDLER_PREFIX = "BUNDLER_ORIG_".freeze
+    BUNDLER_PREFIX = "BUNDLER_ORIG_"
 
     def self.from_env
       new(env_to_hash(ENV), BUNDLER_KEYS)

data/lib/bundler/errors.rb

@@ -21,16 +21,7 @@ module Bundler
   class InstallError < BundlerError; status_code(5); end
 
   # Internal error, should be rescued
-  class VersionConflict < BundlerError
-    attr_reader :conflicts
-
-    def initialize(conflicts, msg = nil)
-      super(msg)
-      @conflicts = conflicts
-    end
-
-    status_code(6)
-  end
+  class SolveFailure < BundlerError; status_code(6); end
 
   class GemNotFound < BundlerError; status_code(7); end
   class InstallHookError < BundlerError; status_code(8); end
@@ -55,7 +46,6 @@ module Bundler
   class CyclicDependencyError < BundlerError; status_code(21); end
   class GemfileLockNotFound < BundlerError; status_code(22); end
   class PluginError < BundlerError; status_code(29); end
-  class SudoNotPermittedError < BundlerError; status_code(30); end
   class ThreadCreationError < BundlerError; status_code(33); end
   class APIResponseMismatchError < BundlerError; status_code(34); end
   class APIResponseInvalidDependenciesError < BundlerError; status_code(35); end

data/lib/bundler/fetcher/compact_index.rb

@@ -12,17 +12,15 @@ module Bundler
         method = instance_method(method_name)
         undef_method(method_name)
         define_method(method_name) do |*args, &blk|
-          begin
-            method.bind(self).call(*args, &blk)
-          rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
-            raise HTTPError, e.message
-          rescue AuthenticationRequiredError
-            # Fail since we got a 401 from the server.
-            raise
-          rescue HTTPError => e
-            Bundler.ui.trace(e)
-            nil
-          end
+          method.bind(self).call(*args, &blk)
+        rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
+          raise HTTPError, e.message
+        rescue AuthenticationRequiredError
+          # Fail since we got a 401 from the server.
+          raise
+        rescue HTTPError => e
+          Bundler.ui.trace(e)
+          nil
         end
       end
 

data/lib/bundler/fetcher/dependency.rb

@@ -34,14 +34,10 @@ module Bundler
 
         returned_gems = spec_list.map(&:first).uniq
         specs(deps_list, full_dependency_list + returned_gems, spec_list + last_spec_list)
-      rescue MarshalError
+      rescue MarshalError, HTTPError, GemspecError
         Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
         Bundler.ui.debug "could not fetch from the dependency API, trying the full index"
         nil
-      rescue HTTPError, GemspecError
-        Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
-        Bundler.ui.debug "could not fetch from the dependency API\nit's suggested to retry using the full index via `bundle install --full-index`"
-        nil
       end
 
       def dependency_specs(gem_names)
@@ -55,7 +51,7 @@ module Bundler
         gem_list = []
         gem_names.each_slice(Source::Rubygems::API_REQUEST_SIZE) do |names|
           marshalled_deps = downloader.fetch(dependency_api_uri(names)).body
-          gem_list.concat(Bundler.load_marshal(marshalled_deps))
+          gem_list.concat(Bundler.safe_load_marshal(marshalled_deps))
         end
         gem_list
       end

data/lib/bundler/fetcher/downloader.rb

@@ -61,14 +61,11 @@ module Bundler
           req.basic_auth(user, password)
         end
         connection.request(uri, req)
-      rescue NoMethodError => e
-        raise unless ["undefined method", "use_ssl="].all? {|snippet| e.message.include? snippet }
-        raise LoadError.new("cannot load such file -- openssl")
       rescue OpenSSL::SSL::SSLError
         raise CertificateFailureError.new(uri)
       rescue *HTTP_ERRORS => e
         Bundler.ui.trace e
-        if e.is_a?(SocketError) || e.message =~ /host down:/
+        if e.is_a?(SocketError) || e.message.to_s.include?("host down:")
           raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
             "connection and try again."
         else
@@ -80,7 +77,7 @@ module Bundler
       private
 
       def validate_uri_scheme!(uri)
-        return if uri.scheme =~ /\Ahttps?\z/
+        return if /\Ahttps?\z/.match?(uri.scheme)
         raise InvalidOption,
           "The request uri `#{uri}` has an invalid scheme (`#{uri.scheme}`). " \
           "Did you mean `http` or `https`?"

data/lib/bundler/fetcher.rb

@@ -29,9 +29,7 @@ module Bundler
           " is a chance you are experiencing a man-in-the-middle attack, but" \
           " most likely your system doesn't have the CA certificates needed" \
           " for verification. For information about OpenSSL certificates, see" \
-          " https://railsapps.github.io/openssl-certificate-verify-failed.html." \
-          " To connect without using SSL, edit your Gemfile" \
-          " sources and change 'https' to 'http'."
+          " https://railsapps.github.io/openssl-certificate-verify-failed.html."
       end
     end
 
@@ -39,9 +37,7 @@ module Bundler
     class SSLError < HTTPError
       def initialize(msg = nil)
         super msg || "Could not load OpenSSL.\n" \
-            "You must recompile Ruby with OpenSSL support or change the sources in your " \
-            "Gemfile from 'https' to 'http'. Instructions for compiling with OpenSSL " \
-            "using RVM are available at rvm.io/packages/openssl."
+            "You must recompile Ruby with OpenSSL support."
       end
     end
 
@@ -106,11 +102,11 @@ module Bundler
       uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
       if uri.scheme == "file"
         path = Bundler.rubygems.correct_for_windows_path(uri.path)
-        Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
+        Bundler.safe_load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
       elsif cached_spec_path = gemspec_cached_path(spec_file_name)
         Bundler.load_gemspec(cached_spec_path)
       else
-        Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
+        Bundler.safe_load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
       end
     rescue MarshalError
       raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \

data/lib/bundler/force_platform.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Bundler
+  module ForcePlatform
+    private
+
+    # The `:force_ruby_platform` value used by dependencies for resolution, and
+    # by locked specifications for materialization is `false` by default, except
+    # for TruffleRuby. TruffleRuby generally needs to force the RUBY platform
+    # variant unless the name is explicitly allowlisted.
+
+    def default_force_ruby_platform
+      return false unless RUBY_ENGINE == "truffleruby"
+
+      !Gem::Platform::REUSE_AS_BINARY_ON_TRUFFLERUBY.include?(name)
+    end
+  end
+end

data/lib/bundler/friendly_errors.rb

@@ -36,9 +36,6 @@ module Bundler
         end
       when Thor::Error
         Bundler.ui.error error.message
-      when LoadError
-        raise error unless error.message =~ /cannot load such file -- openssl|openssl.so|libcrypto.so/
-        Bundler.ui.error "\nCould not load OpenSSL. #{error.class}: #{error}\n#{error.backtrace.join("\n  ")}"
       when Interrupt
         Bundler.ui.error "\nQuitting..."
         Bundler.ui.trace error

data/lib/bundler/gem_version_promoter.rb

@@ -7,14 +7,13 @@ module Bundler
   # available dependency versions as found in its index, before returning it to
   # to the resolution engine to select the best version.
   class GemVersionPromoter
-    DEBUG = ENV["BUNDLER_DEBUG_RESOLVER"] || ENV["DEBUG_RESOLVER"]
-
-    attr_reader :level, :locked_specs, :unlock_gems
+    attr_reader :level
+    attr_accessor :pre
 
     # By default, strict is false, meaning every available version of a gem
     # is returned from sort_versions. The order gives preference to the
     # requested level (:patch, :minor, :major) but in complicated requirement
-    # cases some gems will by necessity by promoted past the requested level,
+    # cases some gems will by necessity be promoted past the requested level,
     # or even reverted to older versions.
     #
     # If strict is set to true, the results from sort_versions will be
@@ -24,24 +23,13 @@ module Bundler
     # existing in the referenced source.
     attr_accessor :strict
 
-    attr_accessor :prerelease_specified
-
-    # Given a list of locked_specs and a list of gems to unlock creates a
-    # GemVersionPromoter instance.
+    # Creates a GemVersionPromoter instance.
     #
-    # @param locked_specs [SpecSet] All current locked specs. Unlike Definition
-    #   where this list is empty if all gems are being updated, this should
-    #   always be populated for all gems so this class can properly function.
-    # @param unlock_gems [String] List of gem names being unlocked. If empty,
-    #   all gems will be considered unlocked.
     # @return [GemVersionPromoter]
-    def initialize(locked_specs = SpecSet.new([]), unlock_gems = [])
+    def initialize
       @level = :major
       @strict = false
-      @locked_specs = locked_specs
-      @unlock_gems = unlock_gems
-      @sort_versions = {}
-      @prerelease_specified = {}
+      @pre = false
     end
 
     # @param value [Symbol] One of three Symbols: :major, :minor or :patch.
@@ -55,34 +43,19 @@ module Bundler
       @level = v
     end
 
-    # Given a Dependency and an Array of Specifications of available versions for a
-    # gem, this method will return the Array of Specifications sorted (and possibly
-    # truncated if strict is true) in an order to give preference to the current
-    # level (:major, :minor or :patch) when resolution is deciding what versions
-    # best resolve all dependencies in the bundle.
-    # @param dep [Dependency] The Dependency of the gem.
-    # @param spec_groups [Specification] An array of Specifications for the same gem
-    #    named in the @dep param.
+    # Given a Resolver::Package and an Array of Specifications of available
+    # versions for a gem, this method will return the Array of Specifications
+    # sorted (and possibly truncated if strict is true) in an order to give
+    # preference to the current level (:major, :minor or :patch) when resolution
+    # is deciding what versions best resolve all dependencies in the bundle.
+    # @param package [Resolver::Package] The package being resolved.
+    # @param specs [Specification] An array of Specifications for the package.
     # @return [Specification] A new instance of the Specification Array sorted and
     #    possibly filtered.
-    def sort_versions(dep, spec_groups)
-      @sort_versions[dep] ||= begin
-        gem_name = dep.name
-
-        # An Array per version returned, different entries for different platforms.
-        # We only need the version here so it's ok to hard code this to the first instance.
-        locked_spec = locked_specs[gem_name].first
+    def sort_versions(package, specs)
+      specs = filter_dep_specs(specs, package) if strict
 
-        if strict
-          filter_dep_specs(spec_groups, locked_spec)
-        else
-          sort_dep_specs(spec_groups, locked_spec)
-        end
-      end
-    end
-
-    def reset
-      @sort_versions = {}
+      sort_dep_specs(specs, package)
     end
 
     # @return [bool] Convenience method for testing value of level variable.
@@ -95,79 +68,72 @@ module Bundler
       level == :minor
     end
 
+    # @return [bool] Convenience method for testing value of pre variable.
+    def pre?
+      pre == true
+    end
+
     private
 
-    def filter_dep_specs(spec_groups, locked_spec)
-      res = spec_groups.select do |spec_group|
-        if locked_spec && !major?
-          gsv = spec_group.version
-          lsv = locked_spec.version
+    def filter_dep_specs(specs, package)
+      locked_version = package.locked_version
+      return specs if locked_version.nil? || major?
 
-          must_match = minor? ? [0] : [0, 1]
+      specs.select do |spec|
+        gsv = spec.version
 
-          matches = must_match.map {|idx| gsv.segments[idx] == lsv.segments[idx] }
-          matches.uniq == [true] ? (gsv >= lsv) : false
-        else
-          true
-        end
-      end
+        must_match = minor? ? [0] : [0, 1]
 
-      sort_dep_specs(res, locked_spec)
+        all_match = must_match.all? {|idx| gsv.segments[idx] == locked_version.segments[idx] }
+        all_match && gsv >= locked_version
+      end
     end
 
-    def sort_dep_specs(spec_groups, locked_spec)
-      @locked_version = locked_spec&.version
-      @gem_name = locked_spec&.name
-
-      result = spec_groups.sort do |a, b|
-        @a_ver = a.version
-        @b_ver = b.version
+    def sort_dep_specs(specs, package)
+      locked_version = package.locked_version
 
-        unless @gem_name && @prerelease_specified[@gem_name]
-          a_pre = @a_ver.prerelease?
-          b_pre = @b_ver.prerelease?
+      result = specs.sort do |a, b|
+        unless package.prerelease_specified? || pre?
+          a_pre = a.prerelease?
+          b_pre = b.prerelease?
 
           next -1 if a_pre && !b_pre
           next  1 if b_pre && !a_pre
         end
 
         if major?
-          @a_ver <=> @b_ver
-        elsif either_version_older_than_locked
-          @a_ver <=> @b_ver
-        elsif segments_do_not_match(:major)
-          @b_ver <=> @a_ver
-        elsif !minor? && segments_do_not_match(:minor)
-          @b_ver <=> @a_ver
+          a <=> b
+        elsif either_version_older_than_locked?(a, b, locked_version)
+          a <=> b
+        elsif segments_do_not_match?(a, b, :major)
+          b <=> a
+        elsif !minor? && segments_do_not_match?(a, b, :minor)
+          b <=> a
         else
-          @a_ver <=> @b_ver
+          a <=> b
         end
       end
-      post_sort(result)
+      post_sort(result, package.unlock?, locked_version)
     end
 
-    def either_version_older_than_locked
-      @locked_version && (@a_ver < @locked_version || @b_ver < @locked_version)
+    def either_version_older_than_locked?(a, b, locked_version)
+      locked_version && (a.version < locked_version || b.version < locked_version)
     end
 
-    def segments_do_not_match(level)
+    def segments_do_not_match?(a, b, level)
       index = [:major, :minor].index(level)
-      @a_ver.segments[index] != @b_ver.segments[index]
-    end
-
-    def unlocking_gem?
-      unlock_gems.empty? || (@gem_name && unlock_gems.include?(@gem_name))
+      a.segments[index] != b.segments[index]
     end
 
     # Specific version moves can't always reliably be done during sorting
     # as not all elements are compared against each other.
-    def post_sort(result)
+    def post_sort(result, unlock, locked_version)
       # default :major behavior in Bundler does not do this
       return result if major?
-      if unlocking_gem? || @locked_version.nil?
+      if unlock || locked_version.nil?
         result
       else
-        move_version_to_end(result, @locked_version)
+        move_version_to_end(result, locked_version)
       end
     end
 

data/lib/bundler/graph.rb

@@ -114,10 +114,10 @@ module Bundler
         @groups.each do |group|
           g.add_nodes(
             group, {
-              :style     => "filled",
+              :style => "filled",
               :fillcolor => "#B9B9D5",
-              :shape     => "box3d",
-              :fontsize  => 16,
+              :shape => "box3d",
+              :fontsize => 16,
             }.merge(@node_options[group])
           )
         end

data/lib/bundler/index.rb

@@ -13,8 +13,8 @@ module Bundler
     attr_reader :specs, :all_specs, :sources
     protected :specs, :all_specs
 
-    RUBY = "ruby".freeze
-    NULL = "\0".freeze
+    RUBY = "ruby"
+    NULL = "\0"
 
     def initialize
       @sources = []
@@ -70,7 +70,7 @@ module Bundler
       case query
       when Gem::Specification, RemoteSpecification, LazySpecification, EndpointSpecification then search_by_spec(query)
       when String then specs_by_name(query)
-      when Gem::Dependency then search_by_dependency(query)
+      when Array then specs_by_name_and_version(*query)
       else
         raise "You can't search for a #{query.inspect}."
       end
@@ -157,20 +157,12 @@ module Bundler
 
     private
 
-    def specs_by_name(name)
-      @specs[name].values
+    def specs_by_name_and_version(name, version)
+      specs_by_name(name).select {|spec| spec.version == version }
     end
 
-    def search_by_dependency(dependency)
-      @cache[dependency] ||= begin
-        specs = specs_by_name(dependency.name)
-        found = specs.select do |spec|
-          next true if spec.source.is_a?(Source::Gemspec)
-          dependency.matches_spec?(spec)
-        end
-
-        found
-      end
+    def specs_by_name(name)
+      @specs[name].values
     end
 
     EMPTY_SEARCH = [].freeze

data/lib/bundler/injector.rb

@@ -2,7 +2,7 @@
 
 module Bundler
   class Injector
-    INJECTED_GEMS = "injected gems".freeze
+    INJECTED_GEMS = "injected gems"
 
     def self.inject(new_deps, options = {})
       injector = new(new_deps, options)
@@ -235,7 +235,7 @@ module Bundler
 
         gemfile.each_with_index do |line, index|
           next unless !line.nil? && line.strip.start_with?(block_name)
-          if gemfile[index + 1] =~ /^\s*end\s*$/
+          if /^\s*end\s*$/.match?(gemfile[index + 1])
             gemfile[index] = nil
             gemfile[index + 1] = nil
           end

data/lib/bundler/inline.rb

@@ -31,15 +31,16 @@
 #
 def gemfile(install = false, options = {}, &gemfile)
   require_relative "../bundler"
+  Bundler.reset!
 
   opts = options.dup
   ui = opts.delete(:ui) { Bundler::UI::Shell.new }
-  ui.level = "silent" if opts.delete(:quiet)
+  ui.level = "silent" if opts.delete(:quiet) || !install
+  Bundler.ui = ui
   raise ArgumentError, "Unknown options: #{opts.keys.join(", ")}" unless opts.empty?
 
-  begin
+  Bundler.with_unbundled_env do
     Bundler.instance_variable_set(:@bundle_path, Pathname.new(Gem.dir))
-    old_gemfile = ENV["BUNDLE_GEMFILE"]
     Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", "Gemfile"
 
     Bundler::Plugin.gemfile_install(&gemfile) if Bundler.feature_flag.plugins?
@@ -52,7 +53,6 @@ def gemfile(install = false, options = {}, &gemfile)
       def definition.lock(*); end
       definition.validate_runtime!
 
-      Bundler.ui = install ? ui : Bundler::UI::Silent.new
       if install || definition.missing_specs?
         Bundler.settings.temporary(:inline => true, :no_install => false) do
           installer = Bundler::Installer.install(Bundler.root, definition, :system => true)
@@ -65,11 +65,9 @@ def gemfile(install = false, options = {}, &gemfile)
       runtime = Bundler::Runtime.new(nil, definition)
       runtime.setup.require
     end
-  ensure
-    if old_gemfile
-      ENV["BUNDLE_GEMFILE"] = old_gemfile
-    else
-      ENV["BUNDLE_GEMFILE"] = ""
-    end
+  end
+
+  if ENV["BUNDLE_GEMFILE"].nil?
+    ENV["BUNDLE_GEMFILE"] = ""
   end
 end

data/lib/bundler/installer/parallel_installer.rb

@@ -53,10 +53,6 @@ module Bundler
         @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
       end
 
-      def missing_lockfile_dependencies(all_spec_names)
-        dependencies.reject {|dep| all_spec_names.include? dep.name }
-      end
-
       # Represents all dependencies
       def all_dependencies
         @spec.dependencies
@@ -84,8 +80,6 @@ module Bundler
     end
 
     def call
-      check_for_corrupt_lockfile
-
       if @rake
         do_install(@rake, 0)
         Gem::Specification.reset
@@ -116,43 +110,19 @@ module Bundler
 
       warning = []
       warning << "Your lockfile doesn't include a valid resolution."
-      warning << "You can fix this by regenerating your lockfile or trying to manually editing the bad locked gems to a version that satisfies all dependencies."
+      warning << "You can fix this by regenerating your lockfile or manually editing the bad locked gems to a version that satisfies all dependencies."
       warning << "The unmet dependencies are:"
 
       unmet_dependencies.each do |spec, unmet_spec_dependencies|
         unmet_spec_dependencies.each do |unmet_spec_dependency|
-          warning << "* #{unmet_spec_dependency}, depended upon #{spec.full_name}, unsatisfied by #{@specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }.full_name}"
+          found = @specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }
+          warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
         end
       end
 
       Bundler.ui.warn(warning.join("\n"))
     end
 
-    def check_for_corrupt_lockfile
-      missing_dependencies = @specs.map do |s|
-        [
-          s,
-          s.missing_lockfile_dependencies(@specs.map(&:name)),
-        ]
-      end.reject {|a| a.last.empty? }
-      return if missing_dependencies.empty?
-
-      warning = []
-      warning << "Your lockfile was created by an old Bundler that left some things out."
-      if @size != 1
-        warning << "Because of the missing DEPENDENCIES, we can only install gems one at a time, instead of installing #{@size} at a time."
-        @size = 1
-      end
-      warning << "You can fix this by adding the missing gems to your Gemfile, running bundle install, and then removing the gems from your Gemfile."
-      warning << "The missing gems are:"
-
-      missing_dependencies.each do |spec, missing|
-        warning << "* #{missing.map(&:name).join(", ")} depended upon by #{spec.name}"
-      end
-
-      Bundler.ui.warn(warning.join("\n"))
-    end
-
     private
 
     def failed_specs