bundler 2.4.10 → 2.4.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/definition.rb +9 -1
- data/lib/bundler/gem_version_promoter.rb +1 -1
- data/lib/bundler/lazy_specification.rb +1 -1
- data/lib/bundler/resolver/base.rb +1 -3
- data/lib/bundler/ruby_version.rb +1 -1
- data/lib/bundler/rubygems_ext.rb +5 -3
- data/lib/bundler/source/rubygems.rb +5 -8
- data/lib/bundler/spec_set.rb +2 -2
- data/lib/bundler/templates/newgem/bin/console.tt +0 -4
- data/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt +5 -0
- data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +1 -1
- data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +2 -2
- data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
- data/lib/bundler/version.rb +1 -1
- data/lib/bundler.rb +2 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6d97506b32368d35025b0ded439395a4f24b4d4f3936452d913a931d673f037
|
4
|
+
data.tar.gz: 68f38a2de9040263c34db373ad83127a4209d62933d53a034422ce0db90cc611
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3da71fe39f4a4876346b73bcbb156223a6e21ce5445b797484dee2996753915b9960628b5fdaaadc357c51436e693b490092d9554a1c74906f69832b56bede2e
|
7
|
+
data.tar.gz: 7646526addcdf4e8eea5cbfda0469bc609f1342a97653ded6dd245c0d1b5f434d2788ad9ad05e3e0fde5e80c02d3ed180a6e71d4c9093fd8b7fa068db47055b9
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,25 @@
|
|
1
|
+
# 2.4.12 (April 11, 2023)
|
2
|
+
|
3
|
+
## Enhancements:
|
4
|
+
|
5
|
+
- Remove reference to `pry` gem from generated `bin/console` file [#6515](https://github.com/rubygems/rubygems/pull/6515)
|
6
|
+
|
7
|
+
# 2.4.11 (April 10, 2023)
|
8
|
+
|
9
|
+
## Security:
|
10
|
+
|
11
|
+
- Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) [#6558](https://github.com/rubygems/rubygems/pull/6558)
|
12
|
+
|
13
|
+
## Enhancements:
|
14
|
+
|
15
|
+
- Remove one fallback to full indexes on big gemfiles [#6578](https://github.com/rubygems/rubygems/pull/6578)
|
16
|
+
- Generate native gems with `-fvisibility=hidden` [#6541](https://github.com/rubygems/rubygems/pull/6541)
|
17
|
+
|
18
|
+
## Bug fixes:
|
19
|
+
|
20
|
+
- Fix resolver hangs when dealing with an incomplete lockfile [#6552](https://github.com/rubygems/rubygems/pull/6552)
|
21
|
+
- Fix prereleases not being considered by gem version promoter when there's no lockfile [#6537](https://github.com/rubygems/rubygems/pull/6537)
|
22
|
+
|
1
23
|
# 2.4.10 (March 27, 2023)
|
2
24
|
|
3
25
|
## Bug fixes:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2023-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2023-04-11".freeze
|
8
|
+
@git_commit_sha = "e2cf278db1".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/definition.rb
CHANGED
@@ -668,9 +668,17 @@ module Bundler
|
|
668
668
|
def check_missing_lockfile_specs
|
669
669
|
all_locked_specs = @locked_specs.map(&:name) << "bundler"
|
670
670
|
|
671
|
-
@locked_specs.
|
671
|
+
missing = @locked_specs.select do |s|
|
672
672
|
s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
|
673
673
|
end
|
674
|
+
|
675
|
+
if missing.any?
|
676
|
+
@locked_specs.delete(missing)
|
677
|
+
|
678
|
+
true
|
679
|
+
else
|
680
|
+
false
|
681
|
+
end
|
674
682
|
end
|
675
683
|
|
676
684
|
def converge_paths
|
@@ -93,7 +93,7 @@ module Bundler
|
|
93
93
|
locked_version = package.locked_version
|
94
94
|
|
95
95
|
result = specs.sort do |a, b|
|
96
|
-
unless
|
96
|
+
unless package.prerelease_specified? || pre?
|
97
97
|
a_pre = a.prerelease?
|
98
98
|
b_pre = b.prerelease?
|
99
99
|
|
data/lib/bundler/ruby_version.rb
CHANGED
@@ -107,7 +107,7 @@ module Bundler
|
|
107
107
|
ruby_engine_version = RUBY_ENGINE == "ruby" ? ruby_version : RUBY_ENGINE_VERSION.dup
|
108
108
|
patchlevel = RUBY_PATCHLEVEL.to_s
|
109
109
|
|
110
|
-
@
|
110
|
+
@system ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
|
111
111
|
end
|
112
112
|
|
113
113
|
private
|
data/lib/bundler/rubygems_ext.rb
CHANGED
@@ -66,7 +66,9 @@ module Gem
|
|
66
66
|
|
67
67
|
alias_method :rg_extension_dir, :extension_dir
|
68
68
|
def extension_dir
|
69
|
-
|
69
|
+
# following instance variable is already used in original method
|
70
|
+
# and that is the reason to prefix it with bundler_ and add rubocop exception
|
71
|
+
@bundler_extension_dir ||= if source.respond_to?(:extension_dir_name) # rubocop:disable Naming/MemoizedInstanceVariableName
|
70
72
|
unique_extension_dir = [source.extension_dir_name, File.basename(full_gem_path)].uniq.join("-")
|
71
73
|
File.expand_path(File.join(extensions_dir, unique_extension_dir))
|
72
74
|
else
|
@@ -203,9 +205,9 @@ module Gem
|
|
203
205
|
protected
|
204
206
|
|
205
207
|
def _requirements_sorted?
|
206
|
-
return @
|
208
|
+
return @_requirements_sorted if defined?(@_requirements_sorted)
|
207
209
|
strings = as_list
|
208
|
-
@
|
210
|
+
@_requirements_sorted = strings == strings.sort
|
209
211
|
end
|
210
212
|
|
211
213
|
def _with_sorted_requirements
|
@@ -7,8 +7,6 @@ module Bundler
|
|
7
7
|
class Rubygems < Source
|
8
8
|
autoload :Remote, File.expand_path("rubygems/remote", __dir__)
|
9
9
|
|
10
|
-
# Use the API when installing less than X gems
|
11
|
-
API_REQUEST_LIMIT = 500
|
12
10
|
# Ask for X gems per API request
|
13
11
|
API_REQUEST_SIZE = 50
|
14
12
|
|
@@ -401,12 +399,11 @@ module Bundler
|
|
401
399
|
# gather lists from non-api sites
|
402
400
|
fetch_names(index_fetchers, nil, idx, false)
|
403
401
|
|
404
|
-
#
|
405
|
-
#
|
406
|
-
#
|
407
|
-
|
408
|
-
|
409
|
-
" Downloading full index instead..." unless allow_api
|
402
|
+
# legacy multi-remote sources need special logic to figure out
|
403
|
+
# dependency names and that logic can be very costly if one remote
|
404
|
+
# uses the dependency API but others don't. So use full indexes
|
405
|
+
# consistently in that particular case.
|
406
|
+
allow_api = !multiple_remotes?
|
410
407
|
|
411
408
|
fetch_names(api_fetchers, allow_api && dependency_names, idx, false)
|
412
409
|
end
|
data/lib/bundler/spec_set.rb
CHANGED
@@ -7,9 +7,5 @@ require "<%= config[:namespaced_path] %>"
|
|
7
7
|
# You can add fixtures and/or initialization code here to make experimenting
|
8
8
|
# with your gem easier. You can also use a different console, if you like.
|
9
9
|
|
10
|
-
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
-
# require "pry"
|
12
|
-
# Pry.start
|
13
|
-
|
14
10
|
require "irb"
|
15
11
|
IRB.start(__FILE__)
|
@@ -2,4 +2,9 @@
|
|
2
2
|
|
3
3
|
require "mkmf"
|
4
4
|
|
5
|
+
# Makes all symbols private by default to avoid unintended conflict
|
6
|
+
# with other gems. To explicitly export symbols you can use RUBY_FUNC_EXPORTED
|
7
|
+
# selectively, or entirely remove this flag.
|
8
|
+
append_cflags("-fvisibility=hidden")
|
9
|
+
|
5
10
|
create_makefile(<%= config[:makefile_path].inspect %>)
|
@@ -2,8 +2,8 @@
|
|
2
2
|
module Bundler::URI
|
3
3
|
class RFC3986_Parser # :nodoc:
|
4
4
|
# Bundler::URI defined in RFC3986
|
5
|
-
RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]
|
6
|
-
RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])
|
5
|
+
RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
|
6
|
+
RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
|
7
7
|
attr_reader :regexp
|
8
8
|
|
9
9
|
def initialize
|
data/lib/bundler/version.rb
CHANGED
data/lib/bundler.rb
CHANGED
@@ -89,7 +89,7 @@ module Bundler
|
|
89
89
|
|
90
90
|
class << self
|
91
91
|
def configure
|
92
|
-
@
|
92
|
+
@configure ||= configure_gem_home_and_path
|
93
93
|
end
|
94
94
|
|
95
95
|
def ui
|
@@ -581,7 +581,7 @@ EOF
|
|
581
581
|
@bin_path = nil
|
582
582
|
@bundler_major_version = nil
|
583
583
|
@bundle_path = nil
|
584
|
-
@
|
584
|
+
@configure = nil
|
585
585
|
@configured_bundle_path = nil
|
586
586
|
@definition = nil
|
587
587
|
@load = nil
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.4.
|
4
|
+
version: 2.4.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -22,7 +22,7 @@ authors:
|
|
22
22
|
autorequire:
|
23
23
|
bindir: exe
|
24
24
|
cert_chain: []
|
25
|
-
date: 2023-
|
25
|
+
date: 2023-04-11 00:00:00.000000000 Z
|
26
26
|
dependencies: []
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
28
28
|
across many machines, systematically and repeatably
|
@@ -380,7 +380,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
380
380
|
- !ruby/object:Gem::Version
|
381
381
|
version: 3.0.1
|
382
382
|
requirements: []
|
383
|
-
rubygems_version: 3.4.
|
383
|
+
rubygems_version: 3.4.12
|
384
384
|
signing_key:
|
385
385
|
specification_version: 4
|
386
386
|
summary: The best way to manage your application's dependencies
|