bundler 2.4.7 → 2.4.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a65f84ced002f9c1ab71db372d85d37f9578c02a5dc1e454ca62c895e7a4d247
4
- data.tar.gz: f5e1e1f51f2eaa82029c2129a4c703c75a6e8950370be93cc7bd802d89155bda
3
+ metadata.gz: ef4e6f9cc4c071e0c5d5c389813ae098b7aa7977da99d1f83801d8602700e267
4
+ data.tar.gz: f7f223fd0aa6a6548842126a155bea516b1b5cdc9c8440842d1f657cd8d8b4cc
5
5
  SHA512:
6
- metadata.gz: 458454313b85996243c7c77ba6ad6fba40ec2185bf657def24c8bce61595c2bd86f973f465dfcebec1ef01130c5c784dc820710437f62de9701bb6317236b3fb
7
- data.tar.gz: e35d6b4c930214928c4480df520ef5b342107d1d25da2dbc9596591eab94e115b53c2c4432ff5513630f3d60d18c8935b415bdb2b2bbd60e40d04228b8e2d292
6
+ metadata.gz: 3bfa3a3201b3ec0eb2bfe836374f0c16c9a36230fa9c05b19ffdb255f55bdd04d8be03de9ba0bb1872aab2362f1e7f5425d085cd36441f245b754c208188d0a0
7
+ data.tar.gz: b681f7ba478ff42fc2d380c0757192f959b27688ea6aef50839612f8da20242bec4fa6096e6c98bddde9ea561e3dd7e582cc4563c1dc87627b41a2d1bacc885c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,26 @@
1
+ # 2.4.8 (March 8, 2023)
2
+
3
+ ## Security:
4
+
5
+ - Safe load all marshaled data [#6384](https://github.com/rubygems/rubygems/pull/6384)
6
+
7
+ ## Enhancements:
8
+
9
+ - Better suggestion when `bundler/setup` fails due to missing gems and Gemfile is not the default [#6428](https://github.com/rubygems/rubygems/pull/6428)
10
+ - Simplify the gem package file filter in the gemspec template [#6344](https://github.com/rubygems/rubygems/pull/6344)
11
+ - Auto-heal corrupted `Gemfile.lock` with no specs [#6423](https://github.com/rubygems/rubygems/pull/6423)
12
+ - Auto-heal on corrupted lockfile with missing deps [#6400](https://github.com/rubygems/rubygems/pull/6400)
13
+ - Give a better message when Gemfile branch does not exist [#6383](https://github.com/rubygems/rubygems/pull/6383)
14
+
15
+ ## Bug fixes:
16
+
17
+ - Respect --no-install option for git: sources [#6088](https://github.com/rubygems/rubygems/pull/6088)
18
+ - Fix `gems.rb` lockfile for bundler version lookup in template [#6413](https://github.com/rubygems/rubygems/pull/6413)
19
+
20
+ ## Documentation:
21
+
22
+ - Switch supporting explanations to all Ruby Central [#6419](https://github.com/rubygems/rubygems/pull/6419)
23
+
1
24
  # 2.4.7 (February 15, 2023)
2
25
 
3
26
  ## Enhancements:
data/README.md CHANGED
@@ -46,12 +46,9 @@ If you'd like to contribute to Bundler, that's awesome, and we <3 you. We've put
46
46
 
47
47
  If you'd like to request a substantial change to Bundler or its documentation, refer to the [Bundler RFC process](https://github.com/rubygems/rfcs) for more information.
48
48
 
49
- While some Bundler contributors are compensated by Ruby Together, the project maintainers make decisions independent of Ruby Together. As a project, we welcome contributions regardless of the author's affiliation with Ruby Together.
50
-
51
49
  ### Supporting
52
50
 
53
- <a href="https://rubytogether.org/"><img src="https://rubytogether.org/images/rubies.svg" width="150"></a><br>
54
- <a href="https://rubytogether.org/">Ruby Together</a> pays some Bundler maintainers for their ongoing work. As a grassroots initiative committed to supporting the critical Ruby infrastructure you rely on, Ruby Together is funded entirely by the Ruby community. Contribute today <a href="https://rubytogether.org/developers">as an individual</a> or (better yet) <a href="https://rubytogether.org/companies">as a company</a> to ensure that Bundler, RubyGems, and other shared tooling is around for years to come.
51
+ RubyGems is managed by [Ruby Central](https://rubycentral.org), a non-profit organization that supports the Ruby community through projects like this one, as well as [RubyConf](https://rubyconf.org), [RailsConf](https://railsconf.org), and [RubyGems.org](https://rubygems.org). You can support Ruby Central by attending or [sponsoring](sponsors@rubycentral.org) a conference, or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).
55
52
 
56
53
  ### Code of Conduct
57
54
 
@@ -4,8 +4,8 @@ module Bundler
4
4
  # Represents metadata from when the Bundler gem was built.
5
5
  module BuildMetadata
6
6
  # begin ivars
7
- @built_at = "2023-02-15".freeze
8
- @git_commit_sha = "5d717a27e0".freeze
7
+ @built_at = "2023-03-08".freeze
8
+ @git_commit_sha = "a67b2657a0".freeze
9
9
  @release = true
10
10
  # end ivars
11
11
 
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Bundler
4
4
  class EnvironmentPreserver
5
- INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL".freeze
5
+ INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL"
6
6
  BUNDLER_KEYS = %w[
7
7
  BUNDLE_BIN_PATH
8
8
  BUNDLE_GEMFILE
@@ -16,7 +16,7 @@ module Bundler
16
16
  RUBYLIB
17
17
  RUBYOPT
18
18
  ].map(&:freeze).freeze
19
- BUNDLER_PREFIX = "BUNDLER_ORIG_".freeze
19
+ BUNDLER_PREFIX = "BUNDLER_ORIG_"
20
20
 
21
21
  def self.from_env
22
22
  new(env_to_hash(ENV), BUNDLER_KEYS)
@@ -102,11 +102,11 @@ module Bundler
102
102
  uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
103
103
  if uri.scheme == "file"
104
104
  path = Bundler.rubygems.correct_for_windows_path(uri.path)
105
- Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
105
+ Bundler.safe_load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
106
106
  elsif cached_spec_path = gemspec_cached_path(spec_file_name)
107
107
  Bundler.load_gemspec(cached_spec_path)
108
108
  else
109
- Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
109
+ Bundler.safe_load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
110
110
  end
111
111
  rescue MarshalError
112
112
  raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
data/lib/bundler/index.rb CHANGED
@@ -13,8 +13,8 @@ module Bundler
13
13
  attr_reader :specs, :all_specs, :sources
14
14
  protected :specs, :all_specs
15
15
 
16
- RUBY = "ruby".freeze
17
- NULL = "\0".freeze
16
+ RUBY = "ruby"
17
+ NULL = "\0"
18
18
 
19
19
  def initialize
20
20
  @sources = []
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Bundler
4
4
  class Injector
5
- INJECTED_GEMS = "injected gems".freeze
5
+ INJECTED_GEMS = "injected gems"
6
6
 
7
7
  def self.inject(new_deps, options = {})
8
8
  injector = new(new_deps, options)
@@ -47,13 +47,6 @@ module Bundler
47
47
  dependencies.all? {|d| installed_specs.include? d.name }
48
48
  end
49
49
 
50
- # Check whether spec's dependencies are missing, which can indicate a
51
- # corrupted lockfile
52
- def dependencies_missing?(all_specs)
53
- spec_names = all_specs.map(&:name)
54
- dependencies.any? {|d| !spec_names.include? d.name }
55
- end
56
-
57
50
  # Represents only the non-development dependencies, the ones that are
58
51
  # itself and are in the total list.
59
52
  def dependencies
@@ -123,11 +116,7 @@ module Bundler
123
116
  unmet_dependencies.each do |spec, unmet_spec_dependencies|
124
117
  unmet_spec_dependencies.each do |unmet_spec_dependency|
125
118
  found = @specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }
126
- if found
127
- warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
128
- else
129
- warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name} but missing from lockfile"
130
- end
119
+ warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
131
120
  end
132
121
  end
133
122
 
@@ -224,8 +213,6 @@ module Bundler
224
213
  if spec.dependencies_installed? @specs
225
214
  spec.state = :enqueued
226
215
  worker_pool.enq spec
227
- elsif spec.dependencies_missing? @specs
228
- spec.state = :failed
229
216
  end
230
217
  end
231
218
  end
@@ -45,7 +45,7 @@ module Bundler
45
45
  # gems with the same name, but different platform
46
46
  # are ordered consistently
47
47
  specs.sort_by(&:full_name).each do |spec|
48
- next if spec.name == "bundler".freeze
48
+ next if spec.name == "bundler"
49
49
  out << spec.to_lock
50
50
  end
51
51
  end
@@ -4,15 +4,15 @@ module Bundler
4
4
  class LockfileParser
5
5
  attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
6
6
 
7
- BUNDLED = "BUNDLED WITH".freeze
8
- DEPENDENCIES = "DEPENDENCIES".freeze
9
- PLATFORMS = "PLATFORMS".freeze
10
- RUBY = "RUBY VERSION".freeze
11
- GIT = "GIT".freeze
12
- GEM = "GEM".freeze
13
- PATH = "PATH".freeze
14
- PLUGIN = "PLUGIN SOURCE".freeze
15
- SPECS = " specs:".freeze
7
+ BUNDLED = "BUNDLED WITH"
8
+ DEPENDENCIES = "DEPENDENCIES"
9
+ PLATFORMS = "PLATFORMS"
10
+ RUBY = "RUBY VERSION"
11
+ GIT = "GIT"
12
+ GEM = "GEM"
13
+ PATH = "PATH"
14
+ PLUGIN = "PLUGIN SOURCE"
15
+ SPECS = " specs:"
16
16
  OPTIONS = /^ ([a-z]+): (.*)$/i.freeze
17
17
  SOURCE = [GIT, GEM, PATH, PLUGIN].freeze
18
18
 
@@ -15,7 +15,7 @@ module Bundler
15
15
  class UnknownSourceError < PluginError; end
16
16
  class PluginInstallError < PluginError; end
17
17
 
18
- PLUGIN_FILE_NAME = "plugins.rb".freeze
18
+ PLUGIN_FILE_NAME = "plugins.rb"
19
19
 
20
20
  module_function
21
21
 
@@ -453,7 +453,7 @@ module Bundler
453
453
  fetcher = gem_remote_fetcher
454
454
  fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri
455
455
  string = fetcher.fetch_path(path)
456
- Bundler.load_marshal(string)
456
+ Bundler.safe_load_marshal(string)
457
457
  rescue Gem::RemoteFetcher::FetchError
458
458
  # it's okay for prerelease to fail
459
459
  raise unless name == "prerelease_specs"
data/lib/bundler/setup.rb CHANGED
@@ -12,7 +12,10 @@ if Bundler::SharedHelpers.in_bundle?
12
12
  Bundler.ui.error e.message
13
13
  Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
14
14
  if e.is_a?(Bundler::GemNotFound)
15
- Bundler.ui.warn "Run `bundle install` to install missing gems."
15
+ suggested_cmd = "bundle install"
16
+ original_gemfile = Bundler.original_env["BUNDLE_GEMFILE"]
17
+ suggested_cmd += " --gemfile #{original_gemfile}" if original_gemfile
18
+ Bundler.ui.warn "Run `#{suggested_cmd}` to install missing gems."
16
19
  end
17
20
  exit e.status_code
18
21
  end
@@ -28,8 +28,9 @@ module Bundler
28
28
  def initialize(command, path, extra_info = nil)
29
29
  @command = command
30
30
 
31
- msg = String.new
32
- msg << "Git error: command `#{command}` in directory #{path} has failed."
31
+ msg = String.new("Git error: command `#{command}`")
32
+ msg << " in directory #{path}" if path
33
+ msg << " has failed."
33
34
  msg << "\n#{extra_info}" if extra_info
34
35
  super msg
35
36
  end
@@ -153,9 +154,20 @@ module Bundler
153
154
  SharedHelpers.filesystem_access(path.dirname) do |p|
154
155
  FileUtils.mkdir_p(p)
155
156
  end
156
- git_retry "clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s
157
157
 
158
- extra_ref
158
+ command = ["clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s]
159
+ command_with_no_credentials = check_allowed(command)
160
+
161
+ Bundler::Retry.new("`#{command_with_no_credentials}`", [MissingGitRevisionError]).attempts do
162
+ _, err, status = capture(command, nil)
163
+ return extra_ref if status.success?
164
+
165
+ if err.include?("Could not find remote branch")
166
+ raise MissingGitRevisionError.new(command_with_no_credentials, nil, explicit_ref, credential_filtered_uri)
167
+ else
168
+ raise GitCommandError.new(command_with_no_credentials, path, err)
169
+ end
170
+ end
159
171
  end
160
172
 
161
173
  def clone_needs_unshallow?
@@ -173,6 +173,7 @@ module Bundler
173
173
  end
174
174
 
175
175
  def install(spec, options = {})
176
+ return if Bundler.settings[:no_install]
176
177
  force = options[:force]
177
178
 
178
179
  print_using_message "Using #{version_message(spec, options[:previous_spec])} from #{self}"
@@ -11,7 +11,7 @@ module Bundler
11
11
 
12
12
  protected :original_path
13
13
 
14
- DEFAULT_GLOB = "{,*,*/*}.gemspec".freeze
14
+ DEFAULT_GLOB = "{,*,*/*}.gemspec"
15
15
 
16
16
  def initialize(options)
17
17
  @options = options.dup
@@ -24,6 +24,7 @@ module Bundler
24
24
 
25
25
  name = dep[0].name
26
26
  platform = dep[1]
27
+ incomplete = false
27
28
 
28
29
  key = [name, platform]
29
30
  next if handled.key?(key)
@@ -36,10 +37,15 @@ module Bundler
36
37
 
37
38
  specs_for_dep.first.dependencies.each do |d|
38
39
  next if d.type == :development
40
+ incomplete = true if d.name != "bundler" && lookup[d.name].empty?
39
41
  deps << [d, dep[1]]
40
42
  end
41
- elsif check
42
- @incomplete_specs += lookup[name]
43
+ else
44
+ incomplete = true
45
+ end
46
+
47
+ if incomplete && check
48
+ @incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
43
49
  end
44
50
  end
45
51
 
@@ -47,7 +47,7 @@ m = Module.new do
47
47
  def lockfile
48
48
  lockfile =
49
49
  case File.basename(gemfile)
50
- when "gems.rb" then gemfile.sub(/\.rb$/, gemfile)
50
+ when "gems.rb" then gemfile.sub(/\.rb$/, ".locked")
51
51
  else "#{gemfile}.lock"
52
52
  end
53
53
  File.expand_path(lockfile)
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
29
29
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
30
30
  spec.files = Dir.chdir(__dir__) do
31
31
  `git ls-files -z`.split("\x0").reject do |f|
32
- (File.expand_path(f) == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|circleci)|appveyor)})
32
+ (File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor])
33
33
  end
34
34
  end
35
35
  spec.bindir = "exe"
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: false
2
2
 
3
3
  module Bundler
4
- VERSION = "2.4.7".freeze
4
+ VERSION = "2.4.8".freeze
5
5
 
6
6
  def self.bundler_major_version
7
7
  @bundler_major_version ||= VERSION.split(".").first.to_i
data/lib/bundler.rb CHANGED
@@ -39,8 +39,8 @@ module Bundler
39
39
  environment_preserver.replace_with_backup
40
40
  SUDO_MUTEX = Thread::Mutex.new
41
41
 
42
- SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash].freeze
43
- SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed.".freeze
42
+ SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version, Gem::Specification].freeze
43
+ SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
44
44
  SAFE_MARSHAL_PROC = proc do |object|
45
45
  object.tap do
46
46
  unless SAFE_MARSHAL_CLASSES.include?(object.class)
@@ -506,7 +506,7 @@ EOF
506
506
  if File.file?(executable) && File.executable?(executable)
507
507
  executable
508
508
  elsif paths = ENV["PATH"]
509
- quote = '"'.freeze
509
+ quote = '"'
510
510
  paths.split(File::PATH_SEPARATOR).find do |path|
511
511
  path = path[1..-2] if path.start_with?(quote) && path.end_with?(quote)
512
512
  executable_path = File.expand_path(executable, path)
@@ -525,12 +525,6 @@ EOF
525
525
  load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC)
526
526
  end
527
527
 
528
- def load_marshal(data, marshal_proc: nil)
529
- Marshal.load(data, marshal_proc)
530
- rescue TypeError => e
531
- raise MarshalError, "#{e.class}: #{e.message}"
532
- end
533
-
534
528
  def load_gemspec(file, validate = false)
535
529
  @gemspec_cache ||= {}
536
530
  key = File.expand_path(file)
@@ -619,6 +613,12 @@ EOF
619
613
 
620
614
  private
621
615
 
616
+ def load_marshal(data, marshal_proc: nil)
617
+ Marshal.load(data, marshal_proc)
618
+ rescue TypeError => e
619
+ raise MarshalError, "#{e.class}: #{e.message}"
620
+ end
621
+
622
622
  def eval_yaml_gemspec(path, contents)
623
623
  Kernel.require "psych"
624
624
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.7
4
+ version: 2.4.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - André Arko
@@ -22,7 +22,7 @@ authors:
22
22
  autorequire:
23
23
  bindir: exe
24
24
  cert_chain: []
25
- date: 2023-02-15 00:00:00.000000000 Z
25
+ date: 2023-03-08 00:00:00.000000000 Z
26
26
  dependencies: []
27
27
  description: Bundler manages an application's dependencies through its entire life,
28
28
  across many machines, systematically and repeatably
@@ -379,7 +379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
379
379
  - !ruby/object:Gem::Version
380
380
  version: 3.0.1
381
381
  requirements: []
382
- rubygems_version: 3.4.7
382
+ rubygems_version: 3.4.8
383
383
  signing_key:
384
384
  specification_version: 4
385
385
  summary: The best way to manage your application's dependencies