bundler 2.4.7 → 2.4.19

data/lib/bundler/source/rubygems.rb

@@ -7,12 +7,10 @@ module Bundler
     class Rubygems < Source
       autoload :Remote, File.expand_path("rubygems/remote", __dir__)
 
-      # Use the API when installing less than X gems
-      API_REQUEST_LIMIT = 500
       # Ask for X gems per API request
       API_REQUEST_SIZE = 50
 
-      attr_reader :remotes, :caches
+      attr_reader :remotes
 
       def initialize(options = {})
         @options = options
@@ -21,11 +19,14 @@ module Bundler
         @allow_remote = false
         @allow_cached = false
         @allow_local = options["allow_local"] || false
-        @caches = [cache_path, *Bundler.rubygems.gem_cache]
 
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
       end
 
+      def caches
+        @caches ||= [cache_path, *Bundler.rubygems.gem_cache]
+      end
+
       def local_only!
         @specs = nil
         @allow_local = true
@@ -122,6 +123,7 @@ module Bundler
         end
       end
       alias_method :name, :identifier
+      alias_method :to_gemfile, :identifier
 
       def specs
         @specs ||= begin
@@ -326,9 +328,9 @@ module Bundler
 
       def cached_path(spec)
         global_cache_path = download_cache_path(spec)
-        @caches << global_cache_path if global_cache_path
+        caches << global_cache_path if global_cache_path
 
-        possibilities = @caches.map {|p| package_path(p, spec) }
+        possibilities = caches.map {|p| package_path(p, spec) }
         possibilities.find {|p| File.exist?(p) }
       end
 
@@ -337,8 +339,7 @@ module Bundler
       end
 
       def normalize_uri(uri)
-        uri = uri.to_s
-        uri = "#{uri}/" unless %r{/$}.match?(uri)
+        uri = URINormalizer.normalize_suffix(uri.to_s)
         require_relative "../vendored_uri"
         uri = Bundler::URI(uri)
         raise ArgumentError, "The source must be an absolute URI. For example:\n" \
@@ -381,7 +382,6 @@ module Bundler
           idx = @allow_local ? installed_specs.dup : Index.new
 
           Dir["#{cache_path}/*.gem"].each do |gemfile|
-            next if /^bundler\-[\d\.]+?\.gem/.match?(gemfile)
             s ||= Bundler.rubygems.spec_from_gem(gemfile)
             s.source = self
             idx << s
@@ -402,12 +402,11 @@ module Bundler
           # gather lists from non-api sites
           fetch_names(index_fetchers, nil, idx, false)
 
-          # because ensuring we have all the gems we need involves downloading
-          # the gemspecs of those gems, if the non-api sites contain more than
-          # about 500 gems, we treat all sites as non-api for speed.
-          allow_api = idx.size < API_REQUEST_LIMIT && dependency_names.size < API_REQUEST_LIMIT
-          Bundler.ui.debug "Need to query more than #{API_REQUEST_LIMIT} gems." \
-            " Downloading full index instead..." unless allow_api
+          # legacy multi-remote sources need special logic to figure out
+          # dependency names and that logic can be very costly if one remote
+          # uses the dependency API but others don't. So use full indexes
+          # consistently in that particular case.
+          allow_api = !multiple_remotes?
 
           fetch_names(api_fetchers, allow_api && dependency_names, idx, false)
         end

data/lib/bundler/source.rb

@@ -100,7 +100,7 @@ module Bundler
     end
 
     def print_using_message(message)
-      if !message.include?("(was ") && Bundler.feature_flag.suppress_install_using_messages?
+      if !message.include?("(was ")
         Bundler.ui.debug message
       else
         Bundler.ui.info message

data/lib/bundler/source_list.rb

@@ -101,10 +101,6 @@ module Bundler
       source_list_for(source).find {|s| equivalent_source?(source, s) }
     end
 
-    def get_with_fallback(source)
-      get(source) || default_source
-    end
-
     def lock_sources
       lock_other_sources + lock_rubygems_sources
     end

data/lib/bundler/spec_set.rb

@@ -24,6 +24,7 @@ module Bundler
 
         name = dep[0].name
         platform = dep[1]
+        incomplete = false
 
         key = [name, platform]
         next if handled.key?(key)
@@ -36,14 +37,19 @@ module Bundler
 
           specs_for_dep.first.dependencies.each do |d|
             next if d.type == :development
+            incomplete = true if d.name != "bundler" && lookup[d.name].empty?
             deps << [d, dep[1]]
           end
-        elsif check
-          @incomplete_specs += lookup[name]
+        else
+          incomplete = true
+        end
+
+        if incomplete && check
+          @incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
         end
       end
 
-      specs
+      specs.uniq
     end
 
     def [](key)
@@ -57,8 +63,8 @@ module Bundler
       @sorted = nil
     end
 
-    def delete(spec)
-      @specs.delete(spec)
+    def delete(specs)
+      specs.each {|spec| @specs.delete(spec) }
       @lookup = nil
       @sorted = nil
     end
@@ -95,6 +101,10 @@ module Bundler
     end
 
     def incomplete_ruby_specs?(deps)
+      return false if @specs.empty?
+
+      @incomplete_specs = []
+
       self.for(deps, true, [Gem::Platform::RUBY])
 
       @incomplete_specs.any?

data/lib/bundler/templates/Executable.bundler

@@ -47,7 +47,7 @@ m = Module.new do
   def lockfile
     lockfile =
       case File.basename(gemfile)
-      when "gems.rb" then gemfile.sub(/\.rb$/, gemfile)
+      when "gems.rb" then gemfile.sub(/\.rb$/, ".locked")
       else "#{gemfile}.lock"
       end
     File.expand_path(lockfile)

data/lib/bundler/templates/newgem/Gemfile.tt

@@ -10,7 +10,7 @@ gem "rake", "~> 13.0"
 
 gem "rake-compiler"
 <%- if config[:ext] == 'rust' -%>
-gem "rb_sys"
+gem "rb_sys", "~> 0.9.63"
 <%- end -%>
 <%- end -%>
 <%- if config[:test] -%>

data/lib/bundler/templates/newgem/Rakefile.tt

@@ -41,6 +41,15 @@ require "standard/rake"
 <% if config[:ext] -%>
 <% default_task_names.unshift(:compile) -%>
 <% default_task_names.unshift(:clobber) unless config[:ext] == 'rust' -%>
+<% if config[:ext] == 'rust' -%>
+require "rb_sys/extensiontask"
+
+task build: :compile
+
+RbSys::ExtensionTask.new(<%= config[:name].inspect %>) do |ext|
+  ext.lib_dir = "lib/<%= config[:namespaced_path] %>"
+end
+<% else -%>
 require "rake/extensiontask"
 
 task build: :compile
@@ -48,6 +57,7 @@ task build: :compile
 Rake::ExtensionTask.new("<%= config[:underscored_name] %>") do |ext|
   ext.lib_dir = "lib/<%= config[:namespaced_path] %>"
 end
+<% end -%>
 
 <% end -%>
 <% if default_task_names.size == 1 -%>

data/lib/bundler/templates/newgem/bin/console.tt

@@ -7,9 +7,5 @@ require "<%= config[:namespaced_path] %>"
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
 require "irb"
 IRB.start(__FILE__)

data/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt

@@ -12,4 +12,4 @@ publish = false
 crate-type = ["cdylib"]
 
 [dependencies]
-magnus = { version = "0.4" }
+magnus = { version = "0.6" }

data/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt

@@ -2,4 +2,9 @@
 
 require "mkmf"
 
+# Makes all symbols private by default to avoid unintended conflict
+# with other gems. To explicitly export symbols you can use RUBY_FUNC_EXPORTED
+# selectively, or entirely remove this flag.
+append_cflags("-fvisibility=hidden")
+
 create_makefile(<%= config[:makefile_path].inspect %>)

data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt

@@ -2,7 +2,7 @@
 
 VALUE rb_m<%= config[:constant_array].join %>;
 
-void
+RUBY_FUNC_EXPORTED void
 Init_<%= config[:underscored_name] %>(void)
 {
   rb_m<%= config[:constant_array].join %> = rb_define_module(<%= config[:constant_name].inspect %>);

data/lib/bundler/templates/newgem/ext/newgem/src/lib.rs.tt

@@ -1,12 +1,12 @@
-use magnus::{define_module, function, prelude::*, Error};
+use magnus::{function, prelude::*, Error, Ruby};
 
 fn hello(subject: String) -> String {
-    format!("Hello from Rust, {}!", subject)
+    format!("Hello from Rust, {subject}!")
 }
 
 #[magnus::init]
-fn init() -> Result<(), Error> {
-    let module = <%= config[:constant_array].map {|c| "define_module(#{c.dump})?"}.join(".") %>;
+fn init(ruby: &Ruby) -> Result<(), Error> {
+    let module = ruby.<%= config[:constant_array].map {|c| "define_module(#{c.dump})?"}.join(".") %>;
     module.define_singleton_method("hello", function!(hello, 1))?;
     Ok(())
 }

data/lib/bundler/templates/newgem/github/workflows/main.yml.tt

@@ -20,7 +20,7 @@ jobs:
     - uses: actions/checkout@v3
 <%- if config[:ext] == 'rust' -%>
     - name: Set up Ruby & Rust
-      uses: oxidize-rb/actions/setup-ruby-and-rust@main
+      uses: oxidize-rb/actions/setup-ruby-and-rust@v1
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true

data/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -29,7 +29,8 @@ Gem::Specification.new do |spec|
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (File.expand_path(f) == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|circleci)|appveyor)})
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
     end
   end
   spec.bindir = "exe"

data/lib/bundler/ui/rg_proxy.rb

@@ -12,7 +12,7 @@ module Bundler
       end
 
       def say(message)
-        @ui && @ui.debug(message)
+        @ui&.debug(message)
       end
     end
   end

data/lib/bundler/uri_normalizer.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Bundler
+  module URINormalizer
+    module_function
+
+    # Normalizes uri to a consistent version, either with or without trailing
+    # slash.
+    #
+    # TODO: Currently gem sources are locked with a trailing slash, while git
+    # sources are locked without a trailing slash. This should be normalized but
+    # the inconsistency is there for now to avoid changing all lockfiles
+    # including GIT sources. We could normalize this on the next major.
+    #
+    def normalize_suffix(uri, trailing_slash: true)
+      if trailing_slash
+        uri.end_with?("/") ? uri : "#{uri}/"
+      else
+        uri.end_with?("/") ? uri.delete_suffix("/") : uri
+      end
+    end
+  end
+end

data/lib/bundler/vendor/fileutils/lib/fileutils.rb

@@ -3,7 +3,7 @@
 begin
   require 'rbconfig'
 rescue LoadError
-  # for make mjit-headers
+  # for make rjit-headers
 end
 
 # Namespace for file utility methods for copying, moving, removing, etc.

data/lib/bundler/vendor/pub_grub/lib/pub_grub/incompatibility.rb

@@ -8,9 +8,6 @@ module Bundler::PubGrub
     InvalidDependency = Struct.new(:package, :constraint) do
     end
 
-    CircularDependency = Struct.new(:package, :constraint) do
-    end
-
     NoVersions = Struct.new(:constraint) do
     end
 
@@ -66,8 +63,6 @@ module Bundler::PubGrub
         "#{terms[0].to_s(allow_every: true)} depends on #{terms[1].invert}"
       when Bundler::PubGrub::Incompatibility::InvalidDependency
         "#{terms[0].to_s(allow_every: true)} depends on unknown package #{cause.package}"
-      when Bundler::PubGrub::Incompatibility::CircularDependency
-        "#{terms[0].to_s(allow_every: true)} depends on itself"
       when Bundler::PubGrub::Incompatibility::NoVersions
         "no versions satisfy #{cause.constraint}"
       when Bundler::PubGrub::Incompatibility::ConflictCause

data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb

@@ -162,7 +162,7 @@ module Bundler::PubGrub
     def resolve_conflict(incompatibility)
       logger.info { "conflict: #{incompatibility}" }
 
-      new_incompatibility = false
+      new_incompatibility = nil
 
       while !incompatibility.failure?
         most_recent_term = nil
@@ -204,7 +204,7 @@ module Bundler::PubGrub
           solution.backtrack(previous_level)
 
           if new_incompatibility
-            add_incompatibility(incompatibility)
+            add_incompatibility(new_incompatibility)
           end
 
           return incompatibility
@@ -219,9 +219,14 @@ module Bundler::PubGrub
           new_terms << difference.invert
         end
 
-        incompatibility = Incompatibility.new(new_terms, cause: Incompatibility::ConflictCause.new(incompatibility, most_recent_satisfier.cause))
+        new_incompatibility = Incompatibility.new(new_terms, cause: Incompatibility::ConflictCause.new(incompatibility, most_recent_satisfier.cause))
 
-        new_incompatibility = true
+        if incompatibility.to_s == new_incompatibility.to_s
+          logger.info { "!! failed to resolve conflicts, this shouldn't have happened" }
+          break
+        end
+
+        incompatibility = new_incompatibility
 
         partially = difference ? " partially" : ""
         logger.info { "! #{most_recent_term} is#{partially} satisfied by #{most_recent_satisfier.term}" }

data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb

@@ -497,8 +497,8 @@ module Bundler::URI
       ret = {}
 
       # for Bundler::URI::split
-      ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
-      ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
 
       # for Bundler::URI::extract
       ret[:URI_REF]     = Regexp.new(pattern[:URI_REF])

data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb

@@ -2,8 +2,8 @@
 module Bundler::URI
   class RFC3986_Parser # :nodoc:
     # Bundler::URI defined in RFC3986
-    RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
-    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
+    RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
+    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
     attr_reader :regexp
 
     def initialize
@@ -100,7 +100,7 @@ module Bundler::URI
         QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         OPAQUE: /\A(?:[^\/].*)?\z/,
-        PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
+        PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
       }
     end
 

data/lib/bundler/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Bundler::URI
   # :stopdoc:
-  VERSION_CODE = '001200'.freeze
+  VERSION_CODE = '001202'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.4.7".freeze
+  VERSION = "2.4.19".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -39,16 +39,6 @@ module Bundler
   environment_preserver.replace_with_backup
   SUDO_MUTEX = Thread::Mutex.new
 
-  SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash].freeze
-  SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed.".freeze
-  SAFE_MARSHAL_PROC = proc do |object|
-    object.tap do
-      unless SAFE_MARSHAL_CLASSES.include?(object.class)
-        raise TypeError, format(SAFE_MARSHAL_ERROR, object.class, SAFE_MARSHAL_CLASSES.join(", "))
-      end
-    end
-  end
-
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :Deprecate,              File.expand_path("bundler/deprecate", __dir__)
@@ -85,10 +75,12 @@ module Bundler
   autoload :StubSpecification,      File.expand_path("bundler/stub_specification", __dir__)
   autoload :UI,                     File.expand_path("bundler/ui", __dir__)
   autoload :URICredentialsFilter,   File.expand_path("bundler/uri_credentials_filter", __dir__)
+  autoload :URINormalizer,          File.expand_path("bundler/uri_normalizer", __dir__)
+  autoload :SafeMarshal,            File.expand_path("bundler/safe_marshal", __dir__)
 
   class << self
     def configure
-      @configured ||= configure_gem_home_and_path
+      @configure ||= configure_gem_home_and_path
     end
 
     def ui
@@ -218,9 +210,10 @@ module Bundler
     end
 
     def frozen_bundle?
-      frozen = settings[:deployment]
-      frozen ||= settings[:frozen]
-      frozen
+      frozen = settings[:frozen]
+      return frozen unless frozen.nil?
+
+      settings[:deployment]
     end
 
     def locked_gems
@@ -506,7 +499,7 @@ EOF
       if File.file?(executable) && File.executable?(executable)
         executable
       elsif paths = ENV["PATH"]
-        quote = '"'.freeze
+        quote = '"'
         paths.split(File::PATH_SEPARATOR).find do |path|
           path = path[1..-2] if path.start_with?(quote) && path.end_with?(quote)
           executable_path = File.expand_path(executable, path)
@@ -522,13 +515,7 @@ EOF
     end
 
     def safe_load_marshal(data)
-      load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC)
-    end
-
-    def load_marshal(data, marshal_proc: nil)
-      Marshal.load(data, marshal_proc)
-    rescue TypeError => e
-      raise MarshalError, "#{e.class}: #{e.message}"
+      load_marshal(data, :marshal_proc => SafeMarshal.proc)
     end
 
     def load_gemspec(file, validate = false)
@@ -537,7 +524,7 @@ EOF
       @gemspec_cache[key] ||= load_gemspec_uncached(file, validate)
       # Protect against caching side-effected gemspecs by returning a
       # new instance each time.
-      @gemspec_cache[key].dup if @gemspec_cache[key]
+      @gemspec_cache[key]&.dup
     end
 
     def load_gemspec_uncached(file, validate = false)
@@ -586,7 +573,7 @@ EOF
       @bin_path = nil
       @bundler_major_version = nil
       @bundle_path = nil
-      @configured = nil
+      @configure = nil
       @configured_bundle_path = nil
       @definition = nil
       @load = nil
@@ -619,6 +606,12 @@ EOF
 
     private
 
+    def load_marshal(data, marshal_proc: nil)
+      Marshal.load(data, marshal_proc)
+    rescue TypeError => e
+      raise MarshalError, "#{e.class}: #{e.message}"
+    end
+
     def eval_yaml_gemspec(path, contents)
       Kernel.require "psych"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.4.7
+  version: 2.4.19
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-02-15 00:00:00.000000000 Z
+date: 2023-08-17 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -203,6 +203,7 @@ files:
 - lib/bundler/rubygems_gem_installer.rb
 - lib/bundler/rubygems_integration.rb
 - lib/bundler/runtime.rb
+- lib/bundler/safe_marshal.rb
 - lib/bundler/self_manager.rb
 - lib/bundler/settings.rb
 - lib/bundler/settings/validator.rb
@@ -266,6 +267,7 @@ files:
 - lib/bundler/ui/shell.rb
 - lib/bundler/ui/silent.rb
 - lib/bundler/uri_credentials_filter.rb
+- lib/bundler/uri_normalizer.rb
 - lib/bundler/vendor/.document
 - lib/bundler/vendor/connection_pool/LICENSE
 - lib/bundler/vendor/connection_pool/lib/connection_pool.rb
@@ -379,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.0.1
 requirements: []
-rubygems_version: 3.4.7
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies