bundler 2.4.12 → 2.4.19

data/lib/bundler/resolver.rb

@@ -160,7 +160,7 @@ module Bundler
       constraint_string = constraint.constraint_string
       requirements = constraint_string.split(" OR ").map {|req| Gem::Requirement.new(req.split(",")) }
 
-      if name == "bundler"
+      if name == "bundler" && bundler_pinned_to_current_version?
         custom_explanation = "the current Bundler version (#{Bundler::VERSION}) does not satisfy #{constraint}"
         extended_explanation = bundler_not_found_message(requirements)
       else
@@ -230,6 +230,12 @@ module Bundler
     def all_versions_for(package)
       name = package.name
       results = (@base[name] + filter_prereleases(@all_specs[name], package)).uniq {|spec| [spec.version.hash, spec.platform] }
+
+      if name == "bundler" && !bundler_pinned_to_current_version?
+        bundler_spec = Gem.loaded_specs["bundler"]
+        results << bundler_spec if bundler_spec
+      end
+
       locked_requirement = base_requirements[name]
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
@@ -254,6 +260,14 @@ module Bundler
       @source_requirements[name] || @source_requirements[:default]
     end
 
+    def default_bundler_source
+      @source_requirements[:default_bundler]
+    end
+
+    def bundler_pinned_to_current_version?
+      !default_bundler_source.nil?
+    end
+
     def name_for_explicit_dependency_source
       Bundler.default_gemfile.basename.to_s
     rescue StandardError
@@ -398,7 +412,7 @@ module Bundler
     end
 
     def bundler_not_found_message(conflict_dependencies)
-      candidate_specs = filter_matching_specs(source_for(:default_bundler).specs.search("bundler"), conflict_dependencies)
+      candidate_specs = filter_matching_specs(default_bundler_source.specs.search("bundler"), conflict_dependencies)
 
       if candidate_specs.any?
         target_version = candidate_specs.last.version

data/lib/bundler/ruby_dsl.rb

@@ -5,9 +5,15 @@ module Bundler
     def ruby(*ruby_version)
       options = ruby_version.last.is_a?(Hash) ? ruby_version.pop : {}
       ruby_version.flatten!
+
       raise GemfileError, "Please define :engine_version" if options[:engine] && options[:engine_version].nil?
       raise GemfileError, "Please define :engine" if options[:engine_version] && options[:engine].nil?
 
+      if options[:file]
+        raise GemfileError, "Cannot specify version when using the file option" if ruby_version.any?
+        ruby_version << Bundler.read_file(options[:file]).strip
+      end
+
       if options[:engine] == "ruby" && options[:engine_version] &&
          ruby_version != Array(options[:engine_version])
         raise GemfileEvalError, "ruby_version must match the :engine_version for MRI"

data/lib/bundler/ruby_version.rb

@@ -28,8 +28,8 @@ module Bundler
       end
 
       @gem_version        = Gem::Requirement.create(@versions.first).requirements.first.last
-      @input_engine       = engine && engine.to_s
-      @engine             = engine && engine.to_s || "ruby"
+      @input_engine       = engine&.to_s
+      @engine             = engine&.to_s || "ruby"
       @engine_versions    = (engine_version && Array(engine_version)) || @versions
       @engine_gem_version = Gem::Requirement.create(@engine_versions.first).requirements.first.last
       @patchlevel         = patchlevel || (@gem_version.prerelease? ? "-1" : nil)

data/lib/bundler/rubygems_integration.rb

@@ -247,7 +247,7 @@ module Bundler
       kernel = (class << ::Kernel; self; end)
       [kernel, ::Kernel].each do |kernel_class|
         redefine_method(kernel_class, :gem) do |dep, *reqs|
-          if executables && executables.include?(File.basename(caller.first.split(":").first))
+          if executables&.include?(File.basename(caller.first.split(":").first))
             break
           end
 

data/lib/bundler/runtime.rb

@@ -94,7 +94,7 @@ module Bundler
     definition_method :requires
 
     def lock(opts = {})
-      return if @definition.nothing_changed? && !@definition.unlocking?
+      return if @definition.no_resolve_needed?
       @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
     end
 

data/lib/bundler/safe_marshal.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Bundler
+  module SafeMarshal
+    ALLOWED_CLASSES = [
+      Array,
+      FalseClass,
+      Gem::Specification,
+      Gem::Version,
+      Hash,
+      String,
+      Symbol,
+      Time,
+      TrueClass,
+    ].freeze
+
+    ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
+
+    PROC = proc do |object|
+      object.tap do
+        unless ALLOWED_CLASSES.include?(object.class)
+          raise TypeError, format(ERROR, object.class, ALLOWED_CLASSES.join(", "))
+        end
+      end
+    end
+
+    def self.proc
+      PROC
+    end
+  end
+end

data/lib/bundler/settings.rb

@@ -43,7 +43,6 @@ module Bundler
       setup_makes_kernel_gem_public
       silence_deprecations
       silence_root_warning
-      suppress_install_using_messages
       update_requires_all_flag
     ].freeze
 
@@ -219,7 +218,6 @@ module Bundler
     def path
       configs.each do |_level, settings|
         path = value_for("path", settings)
-        path = "vendor/bundle" if value_for("deployment", settings) && path.nil?
         path_system = value_for("path.system", settings)
         disabled_shared_gems = value_for("disable_shared_gems", settings)
         next if path.nil? && path_system.nil? && disabled_shared_gems.nil?
@@ -227,7 +225,9 @@ module Bundler
         return Path.new(path, system_path)
       end
 
-      Path.new(nil, false)
+      path = "vendor/bundle" if self[:deployment]
+
+      Path.new(path, false)
     end
 
     Path = Struct.new(:explicit_path, :system_path) do

data/lib/bundler/source/git/git_proxy.rb

@@ -67,8 +67,8 @@ module Bundler
         end
 
         def current_branch
-          @current_branch ||= allowed_with_path do
-            git("rev-parse", "--abbrev-ref", "HEAD", :dir => path).strip
+          @current_branch ||= with_path do
+            git_local("rev-parse", "--abbrev-ref", "HEAD", :dir => path).strip
           end
         end
 
@@ -84,7 +84,7 @@ module Bundler
         end
 
         def full_version
-          @full_version ||= git("--version").sub(/git version\s*/, "").strip
+          @full_version ||= git_local("--version").sub(/git version\s*/, "").strip
         end
 
         def checkout
@@ -253,15 +253,15 @@ module Bundler
         end
 
         def git(*command, dir: nil)
-          command_with_no_credentials = check_allowed(command)
-
-          out, err, status = capture(command, dir)
-
-          raise GitCommandError.new(command_with_no_credentials, dir || SharedHelpers.pwd, err) unless status.success?
-
-          Bundler.ui.warn err unless err.empty?
+          run_command(*command, :dir => dir) do |unredacted_command|
+            check_allowed(unredacted_command)
+          end
+        end
 
-          out
+        def git_local(*command, dir: nil)
+          run_command(*command, :dir => dir) do |unredacted_command|
+            redact_and_check_presence(unredacted_command)
+          end
         end
 
         def has_revision_cached?
@@ -330,12 +330,30 @@ module Bundler
         end
 
         def check_allowed(command)
-          require "shellwords"
-          command_with_no_credentials = URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
+          command_with_no_credentials = redact_and_check_presence(command)
           raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
           command_with_no_credentials
         end
 
+        def redact_and_check_presence(command)
+          raise GitNotInstalledError.new unless Bundler.git_present?
+
+          require "shellwords"
+          URICredentialsFilter.credential_filtered_string("git #{command.shelljoin}", uri)
+        end
+
+        def run_command(*command, dir: nil)
+          command_with_no_credentials = yield(command)
+
+          out, err, status = capture(command, dir)
+
+          raise GitCommandError.new(command_with_no_credentials, dir || SharedHelpers.pwd, err) unless status.success?
+
+          Bundler.ui.warn err unless err.empty?
+
+          out
+        end
+
         def capture(cmd, dir, ignore_err: false)
           SharedHelpers.with_clean_git_env do
             require "open3"

data/lib/bundler/source/git.rb

@@ -46,6 +46,14 @@ module Bundler
         out << "  specs:\n"
       end
 
+      def to_gemfile
+        specifiers = %w[ref branch tag submodules glob].map do |opt|
+          "#{opt}: #{options[opt]}" if options[opt]
+        end
+
+        uri_with_specifiers(specifiers)
+      end
+
       def hash
         [self.class, uri, ref, branch, name, version, glob, submodules].hash
       end
@@ -59,28 +67,32 @@ module Bundler
 
       alias_method :==, :eql?
 
+      def include?(other)
+        other.is_a?(Git) && uri == other.uri &&
+          name == other.name &&
+          glob == other.glob &&
+          submodules == other.submodules
+      end
+
       def to_s
         begin
-          at = if local?
-            path
-          elsif user_ref = options["ref"]
-            if /\A[a-z0-9]{4,}\z/i.match?(ref)
-              shortref_for_display(user_ref)
-            else
-              user_ref
-            end
-          elsif ref
-            ref
-          else
-            current_branch
-          end
+          at = humanized_ref || current_branch
 
           rev = "at #{at}@#{shortref_for_display(revision)}"
         rescue GitError
           ""
         end
 
-        specifiers = [rev, glob_for_display].compact
+        uri_with_specifiers([rev, glob_for_display])
+      end
+
+      def identifier
+        uri_with_specifiers([humanized_ref, cached_revision, glob_for_display])
+      end
+
+      def uri_with_specifiers(specifiers)
+        specifiers.compact!
+
         suffix =
           if specifiers.any?
             " (#{specifiers.join(", ")})"
@@ -243,6 +255,20 @@ module Bundler
 
       private
 
+      def humanized_ref
+        if local?
+          path
+        elsif user_ref = options["ref"]
+          if /\A[a-z0-9]{4,}\z/i.match?(ref)
+            shortref_for_display(user_ref)
+          else
+            user_ref
+          end
+        elsif ref
+          ref
+        end
+      end
+
       def serialize_gemspecs_in(destination)
         destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|

data/lib/bundler/source/rubygems.rb

@@ -10,7 +10,7 @@ module Bundler
       # Ask for X gems per API request
       API_REQUEST_SIZE = 50
 
-      attr_reader :remotes, :caches
+      attr_reader :remotes
 
       def initialize(options = {})
         @options = options
@@ -19,11 +19,14 @@ module Bundler
         @allow_remote = false
         @allow_cached = false
         @allow_local = options["allow_local"] || false
-        @caches = [cache_path, *Bundler.rubygems.gem_cache]
 
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
       end
 
+      def caches
+        @caches ||= [cache_path, *Bundler.rubygems.gem_cache]
+      end
+
       def local_only!
         @specs = nil
         @allow_local = true
@@ -120,6 +123,7 @@ module Bundler
         end
       end
       alias_method :name, :identifier
+      alias_method :to_gemfile, :identifier
 
       def specs
         @specs ||= begin
@@ -324,9 +328,9 @@ module Bundler
 
       def cached_path(spec)
         global_cache_path = download_cache_path(spec)
-        @caches << global_cache_path if global_cache_path
+        caches << global_cache_path if global_cache_path
 
-        possibilities = @caches.map {|p| package_path(p, spec) }
+        possibilities = caches.map {|p| package_path(p, spec) }
         possibilities.find {|p| File.exist?(p) }
       end
 
@@ -378,7 +382,6 @@ module Bundler
           idx = @allow_local ? installed_specs.dup : Index.new
 
           Dir["#{cache_path}/*.gem"].each do |gemfile|
-            next if /^bundler\-[\d\.]+?\.gem/.match?(gemfile)
             s ||= Bundler.rubygems.spec_from_gem(gemfile)
             s.source = self
             idx << s

data/lib/bundler/source.rb

@@ -100,7 +100,7 @@ module Bundler
     end
 
     def print_using_message(message)
-      if !message.include?("(was ") && Bundler.feature_flag.suppress_install_using_messages?
+      if !message.include?("(was ")
         Bundler.ui.debug message
       else
         Bundler.ui.info message

data/lib/bundler/source_list.rb

@@ -101,10 +101,6 @@ module Bundler
       source_list_for(source).find {|s| equivalent_source?(source, s) }
     end
 
-    def get_with_fallback(source)
-      get(source) || default_source
-    end
-
     def lock_sources
       lock_other_sources + lock_rubygems_sources
     end

data/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt

@@ -12,4 +12,4 @@ publish = false
 crate-type = ["cdylib"]
 
 [dependencies]
-magnus = { version = "0.4" }
+magnus = { version = "0.6" }

data/lib/bundler/templates/newgem/ext/newgem/src/lib.rs.tt

@@ -1,12 +1,12 @@
-use magnus::{define_module, function, prelude::*, Error};
+use magnus::{function, prelude::*, Error, Ruby};
 
 fn hello(subject: String) -> String {
-    format!("Hello from Rust, {}!", subject)
+    format!("Hello from Rust, {subject}!")
 }
 
 #[magnus::init]
-fn init() -> Result<(), Error> {
-    let module = <%= config[:constant_array].map {|c| "define_module(#{c.dump})?"}.join(".") %>;
+fn init(ruby: &Ruby) -> Result<(), Error> {
+    let module = ruby.<%= config[:constant_array].map {|c| "define_module(#{c.dump})?"}.join(".") %>;
     module.define_singleton_method("hello", function!(hello, 1))?;
     Ok(())
 }

data/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -29,7 +29,8 @@ Gem::Specification.new do |spec|
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor])
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
     end
   end
   spec.bindir = "exe"

data/lib/bundler/ui/rg_proxy.rb

@@ -12,7 +12,7 @@ module Bundler
       end
 
       def say(message)
-        @ui && @ui.debug(message)
+        @ui&.debug(message)
       end
     end
   end

data/lib/bundler/vendor/fileutils/lib/fileutils.rb

@@ -3,7 +3,7 @@
 begin
   require 'rbconfig'
 rescue LoadError
-  # for make mjit-headers
+  # for make rjit-headers
 end
 
 # Namespace for file utility methods for copying, moving, removing, etc.

data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb

@@ -162,7 +162,7 @@ module Bundler::PubGrub
     def resolve_conflict(incompatibility)
       logger.info { "conflict: #{incompatibility}" }
 
-      new_incompatibility = false
+      new_incompatibility = nil
 
       while !incompatibility.failure?
         most_recent_term = nil
@@ -204,7 +204,7 @@ module Bundler::PubGrub
           solution.backtrack(previous_level)
 
           if new_incompatibility
-            add_incompatibility(incompatibility)
+            add_incompatibility(new_incompatibility)
           end
 
           return incompatibility
@@ -219,9 +219,14 @@ module Bundler::PubGrub
           new_terms << difference.invert
         end
 
-        incompatibility = Incompatibility.new(new_terms, cause: Incompatibility::ConflictCause.new(incompatibility, most_recent_satisfier.cause))
+        new_incompatibility = Incompatibility.new(new_terms, cause: Incompatibility::ConflictCause.new(incompatibility, most_recent_satisfier.cause))
 
-        new_incompatibility = true
+        if incompatibility.to_s == new_incompatibility.to_s
+          logger.info { "!! failed to resolve conflicts, this shouldn't have happened" }
+          break
+        end
+
+        incompatibility = new_incompatibility
 
         partially = difference ? " partially" : ""
         logger.info { "! #{most_recent_term} is#{partially} satisfied by #{most_recent_satisfier.term}" }

data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb

@@ -497,8 +497,8 @@ module Bundler::URI
       ret = {}
 
       # for Bundler::URI::split
-      ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
-      ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
 
       # for Bundler::URI::extract
       ret[:URI_REF]     = Regexp.new(pattern[:URI_REF])

data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb

@@ -100,7 +100,7 @@ module Bundler::URI
         QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         OPAQUE: /\A(?:[^\/].*)?\z/,
-        PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
+        PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
       }
     end
 

data/lib/bundler/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Bundler::URI
   # :stopdoc:
-  VERSION_CODE = '001201'.freeze
+  VERSION_CODE = '001202'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.4.12".freeze
+  VERSION = "2.4.19".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -39,16 +39,6 @@ module Bundler
   environment_preserver.replace_with_backup
   SUDO_MUTEX = Thread::Mutex.new
 
-  SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version, Gem::Specification].freeze
-  SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
-  SAFE_MARSHAL_PROC = proc do |object|
-    object.tap do
-      unless SAFE_MARSHAL_CLASSES.include?(object.class)
-        raise TypeError, format(SAFE_MARSHAL_ERROR, object.class, SAFE_MARSHAL_CLASSES.join(", "))
-      end
-    end
-  end
-
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :Deprecate,              File.expand_path("bundler/deprecate", __dir__)
@@ -86,6 +76,7 @@ module Bundler
   autoload :UI,                     File.expand_path("bundler/ui", __dir__)
   autoload :URICredentialsFilter,   File.expand_path("bundler/uri_credentials_filter", __dir__)
   autoload :URINormalizer,          File.expand_path("bundler/uri_normalizer", __dir__)
+  autoload :SafeMarshal,            File.expand_path("bundler/safe_marshal", __dir__)
 
   class << self
     def configure
@@ -219,9 +210,10 @@ module Bundler
     end
 
     def frozen_bundle?
-      frozen = settings[:deployment]
-      frozen ||= settings[:frozen]
-      frozen
+      frozen = settings[:frozen]
+      return frozen unless frozen.nil?
+
+      settings[:deployment]
     end
 
     def locked_gems
@@ -523,7 +515,7 @@ EOF
     end
 
     def safe_load_marshal(data)
-      load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC)
+      load_marshal(data, :marshal_proc => SafeMarshal.proc)
     end
 
     def load_gemspec(file, validate = false)
@@ -532,7 +524,7 @@ EOF
       @gemspec_cache[key] ||= load_gemspec_uncached(file, validate)
       # Protect against caching side-effected gemspecs by returning a
       # new instance each time.
-      @gemspec_cache[key].dup if @gemspec_cache[key]
+      @gemspec_cache[key]&.dup
     end
 
     def load_gemspec_uncached(file, validate = false)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.4.12
+  version: 2.4.19
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-11 00:00:00.000000000 Z
+date: 2023-08-17 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -203,6 +203,7 @@ files:
 - lib/bundler/rubygems_gem_installer.rb
 - lib/bundler/rubygems_integration.rb
 - lib/bundler/runtime.rb
+- lib/bundler/safe_marshal.rb
 - lib/bundler/self_manager.rb
 - lib/bundler/settings.rb
 - lib/bundler/settings/validator.rb
@@ -380,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.0.1
 requirements: []
-rubygems_version: 3.4.12
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies