bundler 2.3.27 → 2.4.0

data/lib/bundler/compact_index_client/updater.rb

@@ -20,63 +20,64 @@ module Bundler
 
       def initialize(fetcher)
         @fetcher = fetcher
-        require_relative "../vendored_tmpdir"
       end
 
       def update(local_path, remote_path, retrying = nil)
         headers = {}
 
-        Bundler::Dir.mktmpdir("bundler-compact-index-") do |local_temp_dir|
-          local_temp_path = Pathname.new(local_temp_dir).join(local_path.basename)
-
-          # first try to fetch any new bytes on the existing file
-          if retrying.nil? && local_path.file?
-            copy_file local_path, local_temp_path
-
-            headers["If-None-Match"] = etag_for(local_temp_path)
-            headers["Range"] =
-              if local_temp_path.size.nonzero?
-                # Subtract a byte to ensure the range won't be empty.
-                # Avoids 416 (Range Not Satisfiable) responses.
-                "bytes=#{local_temp_path.size - 1}-"
-              else
-                "bytes=#{local_temp_path.size}-"
-              end
-          end
+        local_temp_path = local_path.sub(/$/, ".#{$$}")
+        local_temp_path = local_temp_path.sub(/$/, ".retrying") if retrying
+        local_temp_path = local_temp_path.sub(/$/, ".tmp")
 
-          response = @fetcher.call(remote_path, headers)
-          return nil if response.is_a?(Net::HTTPNotModified)
+        # first try to fetch any new bytes on the existing file
+        if retrying.nil? && local_path.file?
+          copy_file local_path, local_temp_path
 
-          content = response.body
+          headers["If-None-Match"] = etag_for(local_temp_path)
+          headers["Range"] =
+            if local_temp_path.size.nonzero?
+              # Subtract a byte to ensure the range won't be empty.
+              # Avoids 416 (Range Not Satisfiable) responses.
+              "bytes=#{local_temp_path.size - 1}-"
+            else
+              "bytes=#{local_temp_path.size}-"
+            end
+        end
 
-          etag = (response["ETag"] || "").gsub(%r{\AW/}, "")
-          correct_response = SharedHelpers.filesystem_access(local_temp_path) do
-            if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
-              local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
+        response = @fetcher.call(remote_path, headers)
+        return nil if response.is_a?(Net::HTTPNotModified)
 
-              etag_for(local_temp_path) == etag
-            else
-              local_temp_path.open("wb") {|f| f << content }
+        content = response.body
 
-              etag.length.zero? || etag_for(local_temp_path) == etag
-            end
-          end
+        etag = (response["ETag"] || "").gsub(%r{\AW/}, "")
+        correct_response = SharedHelpers.filesystem_access(local_temp_path) do
+          if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
+            local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
 
-          if correct_response
-            SharedHelpers.filesystem_access(local_path) do
-              FileUtils.mv(local_temp_path, local_path)
-            end
-            return nil
+            etag_for(local_temp_path) == etag
+          else
+            local_temp_path.open("wb") {|f| f << content }
+
+            etag.length.zero? || etag_for(local_temp_path) == etag
           end
+        end
 
-          if retrying
-            raise MisMatchedChecksumError.new(remote_path, etag, etag_for(local_temp_path))
+        if correct_response
+          SharedHelpers.filesystem_access(local_path) do
+            FileUtils.mv(local_temp_path, local_path)
           end
+          return nil
+        end
 
-          update(local_path, remote_path, :retrying)
+        if retrying
+          raise MisMatchedChecksumError.new(remote_path, etag, etag_for(local_temp_path))
         end
+
+        update(local_path, remote_path, :retrying)
       rescue Zlib::GzipFile::Error
         raise Bundler::HTTPError
+      ensure
+        FileUtils.remove_file(local_temp_path) if File.exist?(local_temp_path)
       end
 
       def etag_for(path)

data/lib/bundler/constants.rb

@@ -2,6 +2,6 @@
 
 module Bundler
   WINDOWS = RbConfig::CONFIG["host_os"] =~ /(msdos|mswin|djgpp|mingw)/
-  FREEBSD = RbConfig::CONFIG["host_os"] =~ /bsd/
+  FREEBSD = RbConfig::CONFIG["host_os"].to_s.include?("bsd")
   NULL    = WINDOWS ? "NUL" : "/dev/null"
 end

data/lib/bundler/definition.rb

@@ -16,7 +16,6 @@ module Bundler
       :locked_deps,
       :locked_gems,
       :platforms,
-      :requires,
       :ruby_version,
       :lockfile,
       :gemfiles
@@ -146,11 +145,11 @@ module Bundler
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
 
-      @requires = compute_requires
+      @incomplete_lockfile = check_missing_lockfile_specs
     end
 
     def gem_version_promoter
-      @gem_version_promoter ||= GemVersionPromoter.new(@originally_locked_specs, @unlock[:gems])
+      @gem_version_promoter ||= GemVersionPromoter.new
     end
 
     def resolve_only_locally!
@@ -264,10 +263,10 @@ module Bundler
         @locked_specs
       elsif !unlocking? && nothing_changed?
         if deleted_deps.any?
-          Bundler.ui.debug("Some dependencies were deleted, using a subset of the resolution from the lockfile")
+          Bundler.ui.debug "Some dependencies were deleted, using a subset of the resolution from the lockfile"
           SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
         else
-          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
+          Bundler.ui.debug "Found no changes, using resolution from the lockfile"
           if @locked_gems.may_include_redundant_platform_specific_gems?
             SpecSet.new(filter_specs(@locked_specs, @dependencies))
           else
@@ -275,8 +274,8 @@ module Bundler
           end
         end
       else
-        Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-        resolver.start(expanded_dependencies)
+        Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
+        start_resolution
       end
     end
 
@@ -295,11 +294,11 @@ module Bundler
 
       # Convert to \r\n if the existing lock has them
       # i.e., Windows with `git config core.autocrlf=true`
-      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match("\r\n")
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
 
       if @locked_bundler_version
         locked_major = @locked_bundler_version.segments.first
-        current_major = Gem::Version.create(Bundler::VERSION).segments.first
+        current_major = Bundler.gem_version.segments.first
 
         updating_major = locked_major < current_major
       end
@@ -461,7 +460,7 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@incomplete_lockfile
     end
 
     def unlocking?
@@ -474,7 +473,7 @@ module Bundler
       @resolver ||= begin
         last_resolve = converge_locked_specs
         remove_ruby_from_platforms_if_necessary!(current_dependencies)
-        Resolver.new(source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve(last_resolve), platforms)
+        Resolver.new(source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve(last_resolve))
       end
     end
 
@@ -482,6 +481,23 @@ module Bundler
       @expanded_dependencies ||= dependencies + metadata_dependencies
     end
 
+    def resolution_packages
+      @resolution_packages ||= begin
+        packages = Hash.new do |h, k|
+          h[k] = Resolver::Package.new(k, @platforms, @originally_locked_specs, @unlock[:gems])
+        end
+
+        expanded_dependencies.each do |dep|
+          name = dep.name
+          platforms = dep.gem_platforms(@platforms)
+
+          packages[name] = Resolver::Package.new(name, platforms, @originally_locked_specs, @unlock[:gems], :dependency => dep)
+        end
+
+        packages
+      end
+    end
+
     def filter_specs(specs, deps)
       SpecSet.new(specs).for(deps, false, platforms)
     end
@@ -507,21 +523,36 @@ module Bundler
         raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}"
       end
 
+      incomplete_specs = specs.incomplete_specs
       loop do
-        incomplete_specs = specs.incomplete_specs
         break if incomplete_specs.empty?
 
         Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies")
-        @resolve = resolver.start(expanded_dependencies, :exclude_specs => incomplete_specs)
+        @resolve = start_resolution(:exclude_specs => incomplete_specs)
         specs = resolve.materialize(dependencies)
+
+        still_incomplete_specs = specs.incomplete_specs
+
+        if still_incomplete_specs == incomplete_specs
+          package = resolution_packages[incomplete_specs.first.name]
+          resolver.raise_not_found! package
+        end
+
+        incomplete_specs = still_incomplete_specs
       end
 
-      bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
+      bundler = sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
       specs["bundler"] = bundler
 
       specs
     end
 
+    def start_resolution(exclude_specs: [])
+      result = resolver.start(expanded_dependencies, resolution_packages, :exclude_specs => exclude_specs)
+
+      SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
+    end
+
     def precompute_source_requirements_for_indirect_dependencies?
       @remote && sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
     end
@@ -574,6 +605,7 @@ module Bundler
         [@new_platform, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
+        [@incomplete_lockfile, "your lock file is missing some gems"],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -628,6 +660,14 @@ module Bundler
       !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
     end
 
+    def check_missing_lockfile_specs
+      all_locked_specs = @locked_specs.map(&:name) << "bundler"
+
+      @locked_specs.any? do |s|
+        s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
+      end
+    end
+
     def converge_paths
       sources.path_sources.any? do |source|
         specs_changed?(source)
@@ -766,12 +806,13 @@ module Bundler
           end
 
           new_spec = new_specs[s].first
-
-          # If the spec is no longer in the path source, unlock it. This
-          # commonly happens if the version changed in the gemspec
-          next unless new_spec
-
-          s.dependencies.replace(new_spec.dependencies)
+          if new_spec
+            s.dependencies.replace(new_spec.dependencies)
+          else
+            # If the spec is no longer in the path source, unlock it. This
+            # commonly happens if the version changed in the gemspec
+            @unlock[:gems] << s.name
+          end
         end
 
         if dep.nil? && requested_dependencies.find {|d| s.name == d.name }
@@ -839,17 +880,6 @@ module Bundler
       current == proposed
     end
 
-    def compute_requires
-      dependencies.reduce({}) do |requires, dep|
-        next requires unless dep.should_include?
-        requires[dep.name] = Array(dep.autorequire || dep.name).map do |file|
-          # Allow `require: true` as an alias for `require: <name>`
-          file == true ? dep.name : file
-        end
-        requires
-      end
-    end
-
     def additional_base_requirements_for_resolve(last_resolve)
       return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
       converge_specs(@originally_locked_specs - last_resolve).map do |locked_spec|

data/lib/bundler/dependency.rb

@@ -7,20 +7,20 @@ require_relative "rubygems_ext"
 module Bundler
   class Dependency < Gem::Dependency
     attr_reader :autorequire
-    attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref, :force_ruby_platform
+    attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
 
     ALL_RUBY_VERSIONS = ((18..27).to_a + (30..31).to_a).freeze
     PLATFORM_MAP = {
-      :ruby        => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :mri         => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :rbx         => [Gem::Platform::RUBY],
+      :ruby => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      :mri => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      :rbx => [Gem::Platform::RUBY],
       :truffleruby => [Gem::Platform::RUBY],
-      :jruby       => [Gem::Platform::JAVA, [18, 19]],
-      :windows     => [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
-      :mswin       => [Gem::Platform::MSWIN,     ALL_RUBY_VERSIONS],
-      :mswin64     => [Gem::Platform::MSWIN64,   ALL_RUBY_VERSIONS - [18]],
-      :mingw       => [Gem::Platform::MINGW,     ALL_RUBY_VERSIONS],
-      :x64_mingw   => [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
+      :jruby => [Gem::Platform::JAVA, [18, 19]],
+      :windows => [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
+      :mswin => [Gem::Platform::MSWIN,     ALL_RUBY_VERSIONS],
+      :mswin64 => [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
+      :mingw => [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
+      :x64_mingw => [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
     }.each_with_object({}) do |(platform, spec), hash|
       hash[platform] = spec[0]
       spec[1]&.each {|version| hash[:"#{platform}_#{version}"] = spec[0] }
@@ -42,7 +42,7 @@ module Bundler
       @env            = options["env"]
       @should_include = options.fetch("should_include", true)
       @gemfile        = options["gemfile"]
-      @force_ruby_platform = options["force_ruby_platform"]
+      @force_ruby_platform = options["force_ruby_platform"] if options.key?("force_ruby_platform")
 
       @autorequire = Array(options["require"] || []) if options.key?("require")
     end
@@ -50,6 +50,7 @@ module Bundler
     # Returns the platforms this dependency is valid for, in the same order as
     # passed in the `valid_platforms` parameter
     def gem_platforms(valid_platforms)
+      return [Gem::Platform::RUBY] if force_ruby_platform
       return valid_platforms if @platforms.empty?
 
       valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }

data/lib/bundler/digest.rb

@@ -43,7 +43,7 @@ module Bundler
               f = (b ^ c ^ d)
               k = 0xCA62C1D6
             end
-            t = SHA1_MASK & (SHA1_MASK & rotate(a, 5) + f + e + k + w[i])
+            t = SHA1_MASK & rotate(a, 5) + f + e + k + w[i]
             a, b, c, d, e = t, a, SHA1_MASK & rotate(b, 30), c, d # rubocop:disable Style/ParallelAssignment
           end
           mutated = [a, b, c, d, e]

data/lib/bundler/dsl.rb

@@ -324,7 +324,7 @@ module Bundler
       if name.is_a?(Symbol)
         raise GemfileError, %(You need to specify gem names as Strings. Use 'gem "#{name}"' instead)
       end
-      if name =~ /\s/
+      if /\s/.match?(name)
         raise GemfileError, %('#{name}' is not a valid gem name because it contains whitespace)
       end
       raise GemfileError, %(an empty gem name is not valid) if name.empty?

data/lib/bundler/env.rb

@@ -75,7 +75,7 @@ module Bundler
     end
 
     def self.git_version
-      Bundler::Source::Git::GitProxy.new(nil, nil, nil).full_version
+      Bundler::Source::Git::GitProxy.new(nil, nil).full_version
     rescue Bundler::Source::Git::GitNotInstalledError
       "not installed"
     end

data/lib/bundler/environment_preserver.rb

@@ -7,6 +7,7 @@ module Bundler
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
       BUNDLER_VERSION
+      BUNDLER_SETUP
       GEM_HOME
       GEM_PATH
       MANPATH

data/lib/bundler/errors.rb

@@ -21,16 +21,7 @@ module Bundler
   class InstallError < BundlerError; status_code(5); end
 
   # Internal error, should be rescued
-  class VersionConflict < BundlerError
-    attr_reader :conflicts
-
-    def initialize(conflicts, msg = nil)
-      super(msg)
-      @conflicts = conflicts
-    end
-
-    status_code(6)
-  end
+  class SolveFailure < BundlerError; status_code(6); end
 
   class GemNotFound < BundlerError; status_code(7); end
   class InstallHookError < BundlerError; status_code(8); end
@@ -55,7 +46,6 @@ module Bundler
   class CyclicDependencyError < BundlerError; status_code(21); end
   class GemfileLockNotFound < BundlerError; status_code(22); end
   class PluginError < BundlerError; status_code(29); end
-  class SudoNotPermittedError < BundlerError; status_code(30); end
   class ThreadCreationError < BundlerError; status_code(33); end
   class APIResponseMismatchError < BundlerError; status_code(34); end
   class APIResponseInvalidDependenciesError < BundlerError; status_code(35); end

data/lib/bundler/fetcher/compact_index.rb

@@ -12,17 +12,15 @@ module Bundler
         method = instance_method(method_name)
         undef_method(method_name)
         define_method(method_name) do |*args, &blk|
-          begin
-            method.bind(self).call(*args, &blk)
-          rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
-            raise HTTPError, e.message
-          rescue AuthenticationRequiredError
-            # Fail since we got a 401 from the server.
-            raise
-          rescue HTTPError => e
-            Bundler.ui.trace(e)
-            nil
-          end
+          method.bind(self).call(*args, &blk)
+        rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
+          raise HTTPError, e.message
+        rescue AuthenticationRequiredError
+          # Fail since we got a 401 from the server.
+          raise
+        rescue HTTPError => e
+          Bundler.ui.trace(e)
+          nil
         end
       end
 

data/lib/bundler/fetcher/dependency.rb

@@ -55,7 +55,7 @@ module Bundler
         gem_list = []
         gem_names.each_slice(Source::Rubygems::API_REQUEST_SIZE) do |names|
           marshalled_deps = downloader.fetch(dependency_api_uri(names)).body
-          gem_list.concat(Bundler.load_marshal(marshalled_deps))
+          gem_list.concat(Bundler.safe_load_marshal(marshalled_deps))
         end
         gem_list
       end

data/lib/bundler/fetcher/downloader.rb

@@ -61,14 +61,11 @@ module Bundler
           req.basic_auth(user, password)
         end
         connection.request(uri, req)
-      rescue NoMethodError => e
-        raise unless ["undefined method", "use_ssl="].all? {|snippet| e.message.include? snippet }
-        raise LoadError.new("cannot load such file -- openssl")
       rescue OpenSSL::SSL::SSLError
         raise CertificateFailureError.new(uri)
       rescue *HTTP_ERRORS => e
         Bundler.ui.trace e
-        if e.is_a?(SocketError) || e.message =~ /host down:/
+        if e.is_a?(SocketError) || e.message.to_s.include?("host down:")
           raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
             "connection and try again."
         else
@@ -80,7 +77,7 @@ module Bundler
       private
 
       def validate_uri_scheme!(uri)
-        return if uri.scheme =~ /\Ahttps?\z/
+        return if /\Ahttps?\z/.match?(uri.scheme)
         raise InvalidOption,
           "The request uri `#{uri}` has an invalid scheme (`#{uri.scheme}`). " \
           "Did you mean `http` or `https`?"

data/lib/bundler/fetcher.rb

@@ -29,9 +29,7 @@ module Bundler
           " is a chance you are experiencing a man-in-the-middle attack, but" \
           " most likely your system doesn't have the CA certificates needed" \
           " for verification. For information about OpenSSL certificates, see" \
-          " https://railsapps.github.io/openssl-certificate-verify-failed.html." \
-          " To connect without using SSL, edit your Gemfile" \
-          " sources and change 'https' to 'http'."
+          " https://railsapps.github.io/openssl-certificate-verify-failed.html."
       end
     end
 
@@ -39,9 +37,7 @@ module Bundler
     class SSLError < HTTPError
       def initialize(msg = nil)
         super msg || "Could not load OpenSSL.\n" \
-            "You must recompile Ruby with OpenSSL support or change the sources in your " \
-            "Gemfile from 'https' to 'http'. Instructions for compiling with OpenSSL " \
-            "using RVM are available at rvm.io/packages/openssl."
+            "You must recompile Ruby with OpenSSL support."
       end
     end
 

data/lib/bundler/force_platform.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Bundler
+  module ForcePlatform
+    private
+
+    # The `:force_ruby_platform` value used by dependencies for resolution, and
+    # by locked specifications for materialization is `false` by default, except
+    # for TruffleRuby. TruffleRuby generally needs to force the RUBY platform
+    # variant unless the name is explicitly allowlisted.
+
+    def default_force_ruby_platform
+      return false unless RUBY_ENGINE == "truffleruby"
+
+      !Gem::Platform::REUSE_AS_BINARY_ON_TRUFFLERUBY.include?(name)
+    end
+  end
+end

data/lib/bundler/friendly_errors.rb

@@ -36,9 +36,6 @@ module Bundler
         end
       when Thor::Error
         Bundler.ui.error error.message
-      when LoadError
-        raise error unless error.message =~ /cannot load such file -- openssl|openssl.so|libcrypto.so/
-        Bundler.ui.error "\nCould not load OpenSSL. #{error.class}: #{error}\n#{error.backtrace.join("\n  ")}"
       when Interrupt
         Bundler.ui.error "\nQuitting..."
         Bundler.ui.trace error