bundler 2.4.10 → 2.4.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +16 -0
  3. data/lib/bundler/build_metadata.rb +2 -2
  4. data/lib/bundler/definition.rb +9 -1
  5. data/lib/bundler/gem_version_promoter.rb +1 -1
  6. data/lib/bundler/lazy_specification.rb +1 -1
  7. data/lib/bundler/resolver/base.rb +1 -3
  8. data/lib/bundler/ruby_version.rb +1 -1
  9. data/lib/bundler/rubygems_ext.rb +5 -3
  10. data/lib/bundler/source/rubygems.rb +5 -8
  11. data/lib/bundler/spec_set.rb +2 -2
  12. data/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt +5 -0
  13. data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +1 -1
  14. data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +2 -2
  15. data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
  16. data/lib/bundler/version.rb +1 -1
  17. data/lib/bundler.rb +2 -2
  18. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce72b26ab92bb2518537d2dad1f4b2c68bc82f4a1a17ad16d3647df275981937
4
- data.tar.gz: b6afc954f239e845d5127921fa29b114648a075c154e4c13dcbd25f100af4f03
3
+ metadata.gz: 515cedfe5a5b3b03d5c9e210e795b60d37ff328a58be6661fd99b3c207e15bf3
4
+ data.tar.gz: 4859a64e350d1be498927007c2f966f14995a5b026f73e2ea3880379392b7475
5
5
  SHA512:
6
- metadata.gz: 4fd7c530ab5761267f729fc16d40f287c2ab7873f45bdd7ec18bd9334fdec0466b521a5b369a8e1c485dd178def2c31c3aac5b38dba2e1816aa1ba2f7a0f3bdb
7
- data.tar.gz: 4cca0f7b51657657ea12aa35620c0d14f23043d4bf78706e37c50c174cf5f7bc158b8549036b6f058691ecd93a67be1a25b98ffe9ecc9a26b3644181fcd2098c
6
+ metadata.gz: 9e887c08464beeb5f2e17bbe65a3211af0c3e2a97bfe7aeb81472a5d273e66214476332fda3b69b17769c95edce12070d477f83c5e413568dcf573b5e8f4d4f2
7
+ data.tar.gz: e34e83216ebfcc6b614cb9972ea06a215bdf5bff296fa595e0530197597ff608e658f4d44df125672ab207827ccd6c352358e0ffb68d4269f52311e493099705
data/CHANGELOG.md CHANGED
@@ -1,3 +1,19 @@
1
+ # 2.4.11 (April 10, 2023)
2
+
3
+ ## Security:
4
+
5
+ - Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) [#6558](https://github.com/rubygems/rubygems/pull/6558)
6
+
7
+ ## Enhancements:
8
+
9
+ - Remove one fallback to full indexes on big gemfiles [#6578](https://github.com/rubygems/rubygems/pull/6578)
10
+ - Generate native gems with `-fvisibility=hidden` [#6541](https://github.com/rubygems/rubygems/pull/6541)
11
+
12
+ ## Bug fixes:
13
+
14
+ - Fix resolver hangs when dealing with an incomplete lockfile [#6552](https://github.com/rubygems/rubygems/pull/6552)
15
+ - Fix prereleases not being considered by gem version promoter when there's no lockfile [#6537](https://github.com/rubygems/rubygems/pull/6537)
16
+
1
17
  # 2.4.10 (March 27, 2023)
2
18
 
3
19
  ## Bug fixes:
data/lib/bundler/build_metadata.rb CHANGED
@@ -4,8 +4,8 @@ module Bundler
4
4
  # Represents metadata from when the Bundler gem was built.
5
5
  module BuildMetadata
6
6
  # begin ivars
7
- @built_at = "2023-03-27".freeze
8
- @git_commit_sha = "7ffdec80d0".freeze
7
+ @built_at = "2023-04-10".freeze
8
+ @git_commit_sha = "be1d1b4623".freeze
9
9
  @release = true
10
10
  # end ivars
11
11
 
data/lib/bundler/definition.rb CHANGED
@@ -668,9 +668,17 @@ module Bundler
668
668
  def check_missing_lockfile_specs
669
669
  all_locked_specs = @locked_specs.map(&:name) << "bundler"
670
670
 
671
- @locked_specs.any? do |s|
671
+ missing = @locked_specs.select do |s|
672
672
  s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
673
673
  end
674
+
675
+ if missing.any?
676
+ @locked_specs.delete(missing)
677
+
678
+ true
679
+ else
680
+ false
681
+ end
674
682
  end
675
683
 
676
684
  def converge_paths
data/lib/bundler/gem_version_promoter.rb CHANGED
@@ -93,7 +93,7 @@ module Bundler
93
93
  locked_version = package.locked_version
94
94
 
95
95
  result = specs.sort do |a, b|
96
- unless locked_version && (package.prerelease_specified? || pre?)
96
+ unless package.prerelease_specified? || pre?
97
97
  a_pre = a.prerelease?
98
98
  b_pre = b.prerelease?
99
99
 
data/lib/bundler/lazy_specification.rb CHANGED
@@ -122,7 +122,7 @@ module Bundler
122
122
  end
123
123
 
124
124
  def to_s
125
- @__to_s ||= if platform == Gem::Platform::RUBY
125
+ @to_s ||= if platform == Gem::Platform::RUBY
126
126
  "#{name} (#{version})"
127
127
  else
128
128
  "#{name} (#{version}-#{platform})"
data/lib/bundler/resolver/base.rb CHANGED
@@ -35,9 +35,7 @@ module Bundler
35
35
  end
36
36
 
37
37
  def delete(specs)
38
- specs.each do |spec|
39
- @base.delete(spec)
40
- end
38
+ @base.delete(specs)
41
39
  end
42
40
 
43
41
  def get_package(name)
data/lib/bundler/ruby_version.rb CHANGED
@@ -107,7 +107,7 @@ module Bundler
107
107
  ruby_engine_version = RUBY_ENGINE == "ruby" ? ruby_version : RUBY_ENGINE_VERSION.dup
108
108
  patchlevel = RUBY_PATCHLEVEL.to_s
109
109
 
110
- @ruby_version ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
110
+ @system ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
111
111
  end
112
112
 
113
113
  private
data/lib/bundler/rubygems_ext.rb CHANGED
@@ -66,7 +66,9 @@ module Gem
66
66
 
67
67
  alias_method :rg_extension_dir, :extension_dir
68
68
  def extension_dir
69
- @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name)
69
+ # following instance variable is already used in original method
70
+ # and that is the reason to prefix it with bundler_ and add rubocop exception
71
+ @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name) # rubocop:disable Naming/MemoizedInstanceVariableName
70
72
  unique_extension_dir = [source.extension_dir_name, File.basename(full_gem_path)].uniq.join("-")
71
73
  File.expand_path(File.join(extensions_dir, unique_extension_dir))
72
74
  else
@@ -203,9 +205,9 @@ module Gem
203
205
  protected
204
206
 
205
207
  def _requirements_sorted?
206
- return @_are_requirements_sorted if defined?(@_are_requirements_sorted)
208
+ return @_requirements_sorted if defined?(@_requirements_sorted)
207
209
  strings = as_list
208
- @_are_requirements_sorted = strings == strings.sort
210
+ @_requirements_sorted = strings == strings.sort
209
211
  end
210
212
 
211
213
  def _with_sorted_requirements
data/lib/bundler/source/rubygems.rb CHANGED
@@ -7,8 +7,6 @@ module Bundler
7
7
  class Rubygems < Source
8
8
  autoload :Remote, File.expand_path("rubygems/remote", __dir__)
9
9
 
10
- # Use the API when installing less than X gems
11
- API_REQUEST_LIMIT = 500
12
10
  # Ask for X gems per API request
13
11
  API_REQUEST_SIZE = 50
14
12
 
@@ -401,12 +399,11 @@ module Bundler
401
399
  # gather lists from non-api sites
402
400
  fetch_names(index_fetchers, nil, idx, false)
403
401
 
404
- # because ensuring we have all the gems we need involves downloading
405
- # the gemspecs of those gems, if the non-api sites contain more than
406
- # about 500 gems, we treat all sites as non-api for speed.
407
- allow_api = idx.size < API_REQUEST_LIMIT && dependency_names.size < API_REQUEST_LIMIT
408
- Bundler.ui.debug "Need to query more than #{API_REQUEST_LIMIT} gems." \
409
- " Downloading full index instead..." unless allow_api
402
+ # legacy multi-remote sources need special logic to figure out
403
+ # dependency names and that logic can be very costly if one remote
404
+ # uses the dependency API but others don't. So use full indexes
405
+ # consistently in that particular case.
406
+ allow_api = !multiple_remotes?
410
407
 
411
408
  fetch_names(api_fetchers, allow_api && dependency_names, idx, false)
412
409
  end
data/lib/bundler/spec_set.rb CHANGED
@@ -63,8 +63,8 @@ module Bundler
63
63
  @sorted = nil
64
64
  end
65
65
 
66
- def delete(spec)
67
- @specs.delete(spec)
66
+ def delete(specs)
67
+ specs.each {|spec| @specs.delete(spec) }
68
68
  @lookup = nil
69
69
  @sorted = nil
70
70
  end
data/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt CHANGED
@@ -2,4 +2,9 @@
2
2
 
3
3
  require "mkmf"
4
4
 
5
+ # Makes all symbols private by default to avoid unintended conflict
6
+ # with other gems. To explicitly export symbols you can use RUBY_FUNC_EXPORTED
7
+ # selectively, or entirely remove this flag.
8
+ append_cflags("-fvisibility=hidden")
9
+
5
10
  create_makefile(<%= config[:makefile_path].inspect %>)
data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  VALUE rb_m<%= config[:constant_array].join %>;
4
4
 
5
- void
5
+ RUBY_FUNC_EXPORTED void
6
6
  Init_<%= config[:underscored_name] %>(void)
7
7
  {
8
8
  rb_m<%= config[:constant_array].join %> = rb_define_module(<%= config[:constant_name].inspect %>);
data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb CHANGED
@@ -2,8 +2,8 @@
2
2
  module Bundler::URI
3
3
  class RFC3986_Parser # :nodoc:
4
4
  # Bundler::URI defined in RFC3986
5
- RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
6
- RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
5
+ RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
6
+ RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
7
7
  attr_reader :regexp
8
8
 
9
9
  def initialize
data/lib/bundler/vendor/uri/lib/uri/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Bundler::URI
2
2
  # :stopdoc:
3
- VERSION_CODE = '001200'.freeze
3
+ VERSION_CODE = '001201'.freeze
4
4
  VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
5
5
  # :startdoc:
6
6
  end
data/lib/bundler/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: false
2
2
 
3
3
  module Bundler
4
- VERSION = "2.4.10".freeze
4
+ VERSION = "2.4.11".freeze
5
5
 
6
6
  def self.bundler_major_version
7
7
  @bundler_major_version ||= VERSION.split(".").first.to_i
data/lib/bundler.rb CHANGED
@@ -89,7 +89,7 @@ module Bundler
89
89
 
90
90
  class << self
91
91
  def configure
92
- @configured ||= configure_gem_home_and_path
92
+ @configure ||= configure_gem_home_and_path
93
93
  end
94
94
 
95
95
  def ui
@@ -581,7 +581,7 @@ EOF
581
581
  @bin_path = nil
582
582
  @bundler_major_version = nil
583
583
  @bundle_path = nil
584
- @configured = nil
584
+ @configure = nil
585
585
  @configured_bundle_path = nil
586
586
  @definition = nil
587
587
  @load = nil
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.10
4
+ version: 2.4.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - André Arko
@@ -22,7 +22,7 @@ authors:
22
22
  autorequire:
23
23
  bindir: exe
24
24
  cert_chain: []
25
- date: 2023-03-27 00:00:00.000000000 Z
25
+ date: 2023-04-10 00:00:00.000000000 Z
26
26
  dependencies: []
27
27
  description: Bundler manages an application's dependencies through its entire life,
28
28
  across many machines, systematically and repeatably
@@ -380,7 +380,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
380
380
  - !ruby/object:Gem::Version
381
381
  version: 3.0.1
382
382
  requirements: []
383
- rubygems_version: 3.4.10
383
+ rubygems_version: 3.4.11
384
384
  signing_key:
385
385
  specification_version: 4
386
386
  summary: The best way to manage your application's dependencies