bundler 2.4.7 → 2.4.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -0
- data/README.md +1 -4
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/environment_preserver.rb +2 -2
- data/lib/bundler/fetcher.rb +2 -2
- data/lib/bundler/index.rb +2 -2
- data/lib/bundler/injector.rb +1 -1
- data/lib/bundler/installer/parallel_installer.rb +1 -14
- data/lib/bundler/lockfile_generator.rb +1 -1
- data/lib/bundler/lockfile_parser.rb +9 -9
- data/lib/bundler/plugin.rb +1 -1
- data/lib/bundler/rubygems_integration.rb +1 -1
- data/lib/bundler/setup.rb +4 -1
- data/lib/bundler/source/git/git_proxy.rb +16 -4
- data/lib/bundler/source/git.rb +1 -0
- data/lib/bundler/source/path.rb +1 -1
- data/lib/bundler/spec_set.rb +8 -2
- data/lib/bundler/templates/Executable.bundler +1 -1
- data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
- data/lib/bundler/version.rb +1 -1
- data/lib/bundler.rb +9 -9
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef4e6f9cc4c071e0c5d5c389813ae098b7aa7977da99d1f83801d8602700e267
|
4
|
+
data.tar.gz: f7f223fd0aa6a6548842126a155bea516b1b5cdc9c8440842d1f657cd8d8b4cc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3bfa3a3201b3ec0eb2bfe836374f0c16c9a36230fa9c05b19ffdb255f55bdd04d8be03de9ba0bb1872aab2362f1e7f5425d085cd36441f245b754c208188d0a0
|
7
|
+
data.tar.gz: b681f7ba478ff42fc2d380c0757192f959b27688ea6aef50839612f8da20242bec4fa6096e6c98bddde9ea561e3dd7e582cc4563c1dc87627b41a2d1bacc885c
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,26 @@
|
|
1
|
+
# 2.4.8 (March 8, 2023)
|
2
|
+
|
3
|
+
## Security:
|
4
|
+
|
5
|
+
- Safe load all marshaled data [#6384](https://github.com/rubygems/rubygems/pull/6384)
|
6
|
+
|
7
|
+
## Enhancements:
|
8
|
+
|
9
|
+
- Better suggestion when `bundler/setup` fails due to missing gems and Gemfile is not the default [#6428](https://github.com/rubygems/rubygems/pull/6428)
|
10
|
+
- Simplify the gem package file filter in the gemspec template [#6344](https://github.com/rubygems/rubygems/pull/6344)
|
11
|
+
- Auto-heal corrupted `Gemfile.lock` with no specs [#6423](https://github.com/rubygems/rubygems/pull/6423)
|
12
|
+
- Auto-heal on corrupted lockfile with missing deps [#6400](https://github.com/rubygems/rubygems/pull/6400)
|
13
|
+
- Give a better message when Gemfile branch does not exist [#6383](https://github.com/rubygems/rubygems/pull/6383)
|
14
|
+
|
15
|
+
## Bug fixes:
|
16
|
+
|
17
|
+
- Respect --no-install option for git: sources [#6088](https://github.com/rubygems/rubygems/pull/6088)
|
18
|
+
- Fix `gems.rb` lockfile for bundler version lookup in template [#6413](https://github.com/rubygems/rubygems/pull/6413)
|
19
|
+
|
20
|
+
## Documentation:
|
21
|
+
|
22
|
+
- Switch supporting explanations to all Ruby Central [#6419](https://github.com/rubygems/rubygems/pull/6419)
|
23
|
+
|
1
24
|
# 2.4.7 (February 15, 2023)
|
2
25
|
|
3
26
|
## Enhancements:
|
data/README.md
CHANGED
@@ -46,12 +46,9 @@ If you'd like to contribute to Bundler, that's awesome, and we <3 you. We've put
|
|
46
46
|
|
47
47
|
If you'd like to request a substantial change to Bundler or its documentation, refer to the [Bundler RFC process](https://github.com/rubygems/rfcs) for more information.
|
48
48
|
|
49
|
-
While some Bundler contributors are compensated by Ruby Together, the project maintainers make decisions independent of Ruby Together. As a project, we welcome contributions regardless of the author's affiliation with Ruby Together.
|
50
|
-
|
51
49
|
### Supporting
|
52
50
|
|
53
|
-
|
54
|
-
<a href="https://rubytogether.org/">Ruby Together</a> pays some Bundler maintainers for their ongoing work. As a grassroots initiative committed to supporting the critical Ruby infrastructure you rely on, Ruby Together is funded entirely by the Ruby community. Contribute today <a href="https://rubytogether.org/developers">as an individual</a> or (better yet) <a href="https://rubytogether.org/companies">as a company</a> to ensure that Bundler, RubyGems, and other shared tooling is around for years to come.
|
51
|
+
RubyGems is managed by [Ruby Central](https://rubycentral.org), a non-profit organization that supports the Ruby community through projects like this one, as well as [RubyConf](https://rubyconf.org), [RailsConf](https://railsconf.org), and [RubyGems.org](https://rubygems.org). You can support Ruby Central by attending or [sponsoring](sponsors@rubycentral.org) a conference, or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).
|
55
52
|
|
56
53
|
### Code of Conduct
|
57
54
|
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2023-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2023-03-08".freeze
|
8
|
+
@git_commit_sha = "a67b2657a0".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
module Bundler
|
4
4
|
class EnvironmentPreserver
|
5
|
-
INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL"
|
5
|
+
INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL"
|
6
6
|
BUNDLER_KEYS = %w[
|
7
7
|
BUNDLE_BIN_PATH
|
8
8
|
BUNDLE_GEMFILE
|
@@ -16,7 +16,7 @@ module Bundler
|
|
16
16
|
RUBYLIB
|
17
17
|
RUBYOPT
|
18
18
|
].map(&:freeze).freeze
|
19
|
-
BUNDLER_PREFIX = "BUNDLER_ORIG_"
|
19
|
+
BUNDLER_PREFIX = "BUNDLER_ORIG_"
|
20
20
|
|
21
21
|
def self.from_env
|
22
22
|
new(env_to_hash(ENV), BUNDLER_KEYS)
|
data/lib/bundler/fetcher.rb
CHANGED
@@ -102,11 +102,11 @@ module Bundler
|
|
102
102
|
uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
|
103
103
|
if uri.scheme == "file"
|
104
104
|
path = Bundler.rubygems.correct_for_windows_path(uri.path)
|
105
|
-
Bundler.
|
105
|
+
Bundler.safe_load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
|
106
106
|
elsif cached_spec_path = gemspec_cached_path(spec_file_name)
|
107
107
|
Bundler.load_gemspec(cached_spec_path)
|
108
108
|
else
|
109
|
-
Bundler.
|
109
|
+
Bundler.safe_load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
|
110
110
|
end
|
111
111
|
rescue MarshalError
|
112
112
|
raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
|
data/lib/bundler/index.rb
CHANGED
data/lib/bundler/injector.rb
CHANGED
@@ -47,13 +47,6 @@ module Bundler
|
|
47
47
|
dependencies.all? {|d| installed_specs.include? d.name }
|
48
48
|
end
|
49
49
|
|
50
|
-
# Check whether spec's dependencies are missing, which can indicate a
|
51
|
-
# corrupted lockfile
|
52
|
-
def dependencies_missing?(all_specs)
|
53
|
-
spec_names = all_specs.map(&:name)
|
54
|
-
dependencies.any? {|d| !spec_names.include? d.name }
|
55
|
-
end
|
56
|
-
|
57
50
|
# Represents only the non-development dependencies, the ones that are
|
58
51
|
# itself and are in the total list.
|
59
52
|
def dependencies
|
@@ -123,11 +116,7 @@ module Bundler
|
|
123
116
|
unmet_dependencies.each do |spec, unmet_spec_dependencies|
|
124
117
|
unmet_spec_dependencies.each do |unmet_spec_dependency|
|
125
118
|
found = @specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }
|
126
|
-
|
127
|
-
warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
|
128
|
-
else
|
129
|
-
warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name} but missing from lockfile"
|
130
|
-
end
|
119
|
+
warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
|
131
120
|
end
|
132
121
|
end
|
133
122
|
|
@@ -224,8 +213,6 @@ module Bundler
|
|
224
213
|
if spec.dependencies_installed? @specs
|
225
214
|
spec.state = :enqueued
|
226
215
|
worker_pool.enq spec
|
227
|
-
elsif spec.dependencies_missing? @specs
|
228
|
-
spec.state = :failed
|
229
216
|
end
|
230
217
|
end
|
231
218
|
end
|
@@ -4,15 +4,15 @@ module Bundler
|
|
4
4
|
class LockfileParser
|
5
5
|
attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
|
6
6
|
|
7
|
-
BUNDLED = "BUNDLED WITH"
|
8
|
-
DEPENDENCIES = "DEPENDENCIES"
|
9
|
-
PLATFORMS = "PLATFORMS"
|
10
|
-
RUBY = "RUBY VERSION"
|
11
|
-
GIT = "GIT"
|
12
|
-
GEM = "GEM"
|
13
|
-
PATH = "PATH"
|
14
|
-
PLUGIN = "PLUGIN SOURCE"
|
15
|
-
SPECS = " specs:"
|
7
|
+
BUNDLED = "BUNDLED WITH"
|
8
|
+
DEPENDENCIES = "DEPENDENCIES"
|
9
|
+
PLATFORMS = "PLATFORMS"
|
10
|
+
RUBY = "RUBY VERSION"
|
11
|
+
GIT = "GIT"
|
12
|
+
GEM = "GEM"
|
13
|
+
PATH = "PATH"
|
14
|
+
PLUGIN = "PLUGIN SOURCE"
|
15
|
+
SPECS = " specs:"
|
16
16
|
OPTIONS = /^ ([a-z]+): (.*)$/i.freeze
|
17
17
|
SOURCE = [GIT, GEM, PATH, PLUGIN].freeze
|
18
18
|
|
data/lib/bundler/plugin.rb
CHANGED
@@ -453,7 +453,7 @@ module Bundler
|
|
453
453
|
fetcher = gem_remote_fetcher
|
454
454
|
fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri
|
455
455
|
string = fetcher.fetch_path(path)
|
456
|
-
Bundler.
|
456
|
+
Bundler.safe_load_marshal(string)
|
457
457
|
rescue Gem::RemoteFetcher::FetchError
|
458
458
|
# it's okay for prerelease to fail
|
459
459
|
raise unless name == "prerelease_specs"
|
data/lib/bundler/setup.rb
CHANGED
@@ -12,7 +12,10 @@ if Bundler::SharedHelpers.in_bundle?
|
|
12
12
|
Bundler.ui.error e.message
|
13
13
|
Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
|
14
14
|
if e.is_a?(Bundler::GemNotFound)
|
15
|
-
|
15
|
+
suggested_cmd = "bundle install"
|
16
|
+
original_gemfile = Bundler.original_env["BUNDLE_GEMFILE"]
|
17
|
+
suggested_cmd += " --gemfile #{original_gemfile}" if original_gemfile
|
18
|
+
Bundler.ui.warn "Run `#{suggested_cmd}` to install missing gems."
|
16
19
|
end
|
17
20
|
exit e.status_code
|
18
21
|
end
|
@@ -28,8 +28,9 @@ module Bundler
|
|
28
28
|
def initialize(command, path, extra_info = nil)
|
29
29
|
@command = command
|
30
30
|
|
31
|
-
msg = String.new
|
32
|
-
msg << "
|
31
|
+
msg = String.new("Git error: command `#{command}`")
|
32
|
+
msg << " in directory #{path}" if path
|
33
|
+
msg << " has failed."
|
33
34
|
msg << "\n#{extra_info}" if extra_info
|
34
35
|
super msg
|
35
36
|
end
|
@@ -153,9 +154,20 @@ module Bundler
|
|
153
154
|
SharedHelpers.filesystem_access(path.dirname) do |p|
|
154
155
|
FileUtils.mkdir_p(p)
|
155
156
|
end
|
156
|
-
git_retry "clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s
|
157
157
|
|
158
|
-
|
158
|
+
command = ["clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s]
|
159
|
+
command_with_no_credentials = check_allowed(command)
|
160
|
+
|
161
|
+
Bundler::Retry.new("`#{command_with_no_credentials}`", [MissingGitRevisionError]).attempts do
|
162
|
+
_, err, status = capture(command, nil)
|
163
|
+
return extra_ref if status.success?
|
164
|
+
|
165
|
+
if err.include?("Could not find remote branch")
|
166
|
+
raise MissingGitRevisionError.new(command_with_no_credentials, nil, explicit_ref, credential_filtered_uri)
|
167
|
+
else
|
168
|
+
raise GitCommandError.new(command_with_no_credentials, path, err)
|
169
|
+
end
|
170
|
+
end
|
159
171
|
end
|
160
172
|
|
161
173
|
def clone_needs_unshallow?
|
data/lib/bundler/source/git.rb
CHANGED
data/lib/bundler/source/path.rb
CHANGED
data/lib/bundler/spec_set.rb
CHANGED
@@ -24,6 +24,7 @@ module Bundler
|
|
24
24
|
|
25
25
|
name = dep[0].name
|
26
26
|
platform = dep[1]
|
27
|
+
incomplete = false
|
27
28
|
|
28
29
|
key = [name, platform]
|
29
30
|
next if handled.key?(key)
|
@@ -36,10 +37,15 @@ module Bundler
|
|
36
37
|
|
37
38
|
specs_for_dep.first.dependencies.each do |d|
|
38
39
|
next if d.type == :development
|
40
|
+
incomplete = true if d.name != "bundler" && lookup[d.name].empty?
|
39
41
|
deps << [d, dep[1]]
|
40
42
|
end
|
41
|
-
|
42
|
-
|
43
|
+
else
|
44
|
+
incomplete = true
|
45
|
+
end
|
46
|
+
|
47
|
+
if incomplete && check
|
48
|
+
@incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
|
43
49
|
end
|
44
50
|
end
|
45
51
|
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
29
29
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
30
30
|
spec.files = Dir.chdir(__dir__) do
|
31
31
|
`git ls-files -z`.split("\x0").reject do |f|
|
32
|
-
(File.expand_path(f) == __FILE__) || f.
|
32
|
+
(File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor])
|
33
33
|
end
|
34
34
|
end
|
35
35
|
spec.bindir = "exe"
|
data/lib/bundler/version.rb
CHANGED
data/lib/bundler.rb
CHANGED
@@ -39,8 +39,8 @@ module Bundler
|
|
39
39
|
environment_preserver.replace_with_backup
|
40
40
|
SUDO_MUTEX = Thread::Mutex.new
|
41
41
|
|
42
|
-
SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash].freeze
|
43
|
-
SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
|
42
|
+
SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version, Gem::Specification].freeze
|
43
|
+
SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
|
44
44
|
SAFE_MARSHAL_PROC = proc do |object|
|
45
45
|
object.tap do
|
46
46
|
unless SAFE_MARSHAL_CLASSES.include?(object.class)
|
@@ -506,7 +506,7 @@ EOF
|
|
506
506
|
if File.file?(executable) && File.executable?(executable)
|
507
507
|
executable
|
508
508
|
elsif paths = ENV["PATH"]
|
509
|
-
quote = '"'
|
509
|
+
quote = '"'
|
510
510
|
paths.split(File::PATH_SEPARATOR).find do |path|
|
511
511
|
path = path[1..-2] if path.start_with?(quote) && path.end_with?(quote)
|
512
512
|
executable_path = File.expand_path(executable, path)
|
@@ -525,12 +525,6 @@ EOF
|
|
525
525
|
load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC)
|
526
526
|
end
|
527
527
|
|
528
|
-
def load_marshal(data, marshal_proc: nil)
|
529
|
-
Marshal.load(data, marshal_proc)
|
530
|
-
rescue TypeError => e
|
531
|
-
raise MarshalError, "#{e.class}: #{e.message}"
|
532
|
-
end
|
533
|
-
|
534
528
|
def load_gemspec(file, validate = false)
|
535
529
|
@gemspec_cache ||= {}
|
536
530
|
key = File.expand_path(file)
|
@@ -619,6 +613,12 @@ EOF
|
|
619
613
|
|
620
614
|
private
|
621
615
|
|
616
|
+
def load_marshal(data, marshal_proc: nil)
|
617
|
+
Marshal.load(data, marshal_proc)
|
618
|
+
rescue TypeError => e
|
619
|
+
raise MarshalError, "#{e.class}: #{e.message}"
|
620
|
+
end
|
621
|
+
|
622
622
|
def eval_yaml_gemspec(path, contents)
|
623
623
|
Kernel.require "psych"
|
624
624
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.4.
|
4
|
+
version: 2.4.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -22,7 +22,7 @@ authors:
|
|
22
22
|
autorequire:
|
23
23
|
bindir: exe
|
24
24
|
cert_chain: []
|
25
|
-
date: 2023-
|
25
|
+
date: 2023-03-08 00:00:00.000000000 Z
|
26
26
|
dependencies: []
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
28
28
|
across many machines, systematically and repeatably
|
@@ -379,7 +379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
379
379
|
- !ruby/object:Gem::Version
|
380
380
|
version: 3.0.1
|
381
381
|
requirements: []
|
382
|
-
rubygems_version: 3.4.
|
382
|
+
rubygems_version: 3.4.8
|
383
383
|
signing_key:
|
384
384
|
specification_version: 4
|
385
385
|
summary: The best way to manage your application's dependencies
|