bundler 2.5.1 → 2.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c7f621c84657b3f3fd279d8a48af66bdbade71a8459089ef0ea88aeb0738963
-  data.tar.gz: a4d4671ac30378b6a175ac0293926de0378f3befd00f674920b1900921fcd3c3
+  metadata.gz: 7b424116a8722a58d7872569da843f8d82e59165e44d7016c9e3160b4e5c7e17
+  data.tar.gz: e3d151c03cb0b9e31087992dec6cec17d67b4b309019c49d9b44c729fd3bfcf9
 SHA512:
-  metadata.gz: a7b9404efdc5425a84c5cb0352bdc1197ec1659a428f04533dca5572d1b253761f85df3b8837a583d98866e9f49c9edff057eda6804400b747edae9dfb8b24f3
-  data.tar.gz: 8893ef747d56291328bfec9bd51a58802d60b51f4077b999971fe76b169d00f636ad853bd0f7238b7c3770aa2e912462f7dc086189e792bb796c18891f07f4c2
+  metadata.gz: 021372d2550752a3c9d097d623ac19d4e825099af77c0eeadd040958ce3ad4746d7766e8cea0e211562df1162b7dc29718a2bc2fa8d19d5b7de3d8e6421bb55e
+  data.tar.gz: 8f910b4a4404f5bd8e8e222e446277d7943afff9aa756ba5921476e9b3a3f2321ae9998c68c5ad73cf2b96473f12e4e69625f5aa47b0f3fa14f5c4bffad2c58a

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+# 2.5.3 (December 22, 2023)
+
+## Bug fixes:
+
+  - Fix incorrect error when Gemfile overrides a gemspec development dependency [#7319](https://github.com/rubygems/rubygems/pull/7319)
+
+# 2.5.2 (December 21, 2023)
+
+## Enhancements:
+
+  - Avoid vendored thor gem polluting the global namespace [#7305](https://github.com/rubygems/rubygems/pull/7305)
+
+## Bug fixes:
+
+  - Fix `bundle update --bundler` when latest version does not support current ruby [#7310](https://github.com/rubygems/rubygems/pull/7310)
+  - Fix incorrect lockfiles being generated in some situations [#7307](https://github.com/rubygems/rubygems/pull/7307)
+  - Fix incorrect re-resolve messages [#7306](https://github.com/rubygems/rubygems/pull/7306)
+
 # 2.5.1 (December 15, 2023)
 
 ## Bug fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-12-15".freeze
-    @git_commit_sha = "c944d05909".freeze
+    @built_at = "2023-12-22".freeze
+    @git_commit_sha = "a04f70b115".freeze
     @release = true
     # end ivars
 

data/lib/bundler/definition.rb

@@ -496,7 +496,15 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@missing_lockfile_dep && !@unlocking_bundler && !@invalid_lockfile_dep
+      !@source_changes &&
+        !@dependency_changes &&
+        !@new_platform &&
+        !@path_changes &&
+        !@local_changes &&
+        !@missing_lockfile_dep &&
+        !@unlocking_bundler &&
+        !@locked_spec_with_missing_deps &&
+        !@locked_spec_with_invalid_deps
     end
 
     def no_resolve_needed?
@@ -653,7 +661,8 @@ module Bundler
         [@local_changes, "the gemspecs for git local gems changed"],
         [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
-        [@invalid_lockfile_dep, "your lock file has an invalid dependency \"#{@invalid_lockfile_dep}\""],
+        [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
+        [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -708,26 +717,25 @@ module Bundler
     end
 
     def check_lockfile
-      @invalid_lockfile_dep = nil
       @missing_lockfile_dep = nil
 
-      locked_names = @locked_specs.map(&:name)
+      @locked_spec_with_invalid_deps = nil
+      @locked_spec_with_missing_deps = nil
+
       missing = []
       invalid = []
 
       @locked_specs.each do |s|
-        s.dependencies.each do |dep|
-          next if dep.name == "bundler"
+        validation = @locked_specs.validate_deps(s)
 
-          missing << s unless locked_names.include?(dep.name)
-          invalid << s if @locked_specs.none? {|spec| dep.matches_spec?(spec) }
-        end
+        missing << s if validation == :missing
+        invalid << s if validation == :invalid
       end
 
       if missing.any?
         @locked_specs.delete(missing)
 
-        @missing_lockfile_dep = missing.first.name
+        @locked_spec_with_missing_deps = missing.first.name
       elsif !@dependency_changes
         @missing_lockfile_dep = current_dependencies.find do |d|
           @locked_specs[d.name].empty? && d.name != "bundler"
@@ -737,7 +745,7 @@ module Bundler
       if invalid.any?
         @locked_specs.delete(invalid)
 
-        @invalid_lockfile_dep = invalid.first.name
+        @locked_spec_with_invalid_deps = invalid.first.name
       end
     end
 

data/lib/bundler/dependency.rb

@@ -68,6 +68,10 @@ module Bundler
       @should_include && current_env? && current_platform?
     end
 
+    def gemspec_dev_dep?
+      type == :development
+    end
+
     def current_env?
       return true unless @env
       if @env.is_a?(Hash)

data/lib/bundler/dsl.rb

@@ -103,16 +103,21 @@ module Bundler
       # if there's already a dependency with this name we try to prefer one
       if current = @dependencies.find {|d| d.name == dep.name }
         # Always prefer the dependency from the Gemfile
-        deleted_dep = @dependencies.delete(current) if current.type == :development
+        @dependencies.delete(current) if current.gemspec_dev_dep?
 
         if current.requirement != dep.requirement
           current_requirement_open = current.requirements_list.include?(">= 0")
 
-          if current.type == :development
-            unless current_requirement_open || dep.type == :development
-              Bundler.ui.warn "A gemspec development dependency (#{dep.name}, #{current.requirement}) is being overridden by a Gemfile dependency (#{dep.name}, #{dep.requirement}).\n" \
-                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n" \
+          gemspec_dep = [dep, current].find(&:gemspec_dev_dep?)
+          if gemspec_dep
+            gemfile_dep = [dep, current].find(&:runtime?)
+
+            unless current_requirement_open
+              Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
+                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
             end
+
+            return if dep.gemspec_dev_dep?
           else
             update_prompt = ""
 
@@ -130,8 +135,8 @@ module Bundler
                            "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
                            "#{update_prompt}"
           end
-        elsif current.type == :development || dep.type == :development
-          return if deleted_dep.nil?
+        elsif current.gemspec_dev_dep? || dep.gemspec_dev_dep?
+          return if dep.gemspec_dev_dep?
         elsif current.source != dep.source
           raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
                           "You specified that #{dep.name} (#{dep.requirement}) should come from " \

data/lib/bundler/lazy_specification.rb

@@ -10,6 +10,8 @@ module Bundler
     attr_reader :name, :version, :platform
     attr_accessor :source, :remote, :force_ruby_platform, :dependencies, :required_ruby_version, :required_rubygems_version
 
+    alias_method :runtime_dependencies, :dependencies
+
     def self.from_spec(s)
       lazy_spec = new(s.name, s.version, s.platform, s.source)
       lazy_spec.dependencies = s.dependencies

data/lib/bundler/remote_specification.rb

@@ -88,6 +88,10 @@ module Bundler
       end
     end
 
+    def runtime_dependencies
+      dependencies.select(&:runtime?)
+    end
+
     def git_version
       return unless loaded_from && source.is_a?(Bundler::Source::Git)
       " #{source.revision[0..6]}"

data/lib/bundler/self_manager.rb

@@ -121,7 +121,7 @@ module Bundler
         source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
         source.remote!
         source.add_dependency_names("bundler")
-        source.specs
+        source.specs.select(&:matches_current_metadata?)
       end
     end
 

data/lib/bundler/spec_set.rb

@@ -37,7 +37,7 @@ module Bundler
 
           specs_for_dep.first.dependencies.each do |d|
             next if d.type == :development
-            incomplete = true if d.name != "bundler" && lookup[d.name].empty?
+            incomplete = true if d.name != "bundler" && lookup[d.name].nil?
             deps << [d, dep[1]]
           end
         else
@@ -45,7 +45,7 @@ module Bundler
         end
 
         if incomplete && check
-          @incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
+          @incomplete_specs += lookup[name] || [LazySpecification.new(name, nil, nil)]
         end
       end
 
@@ -64,7 +64,9 @@ module Bundler
         valid_platform = lookup.all? do |_, specs|
           spec = specs.first
           matching_specs = spec.source.specs.search([spec.name, spec.version])
-          platform_spec = GemHelpers.select_best_platform_match(matching_specs, platform).find(&:matches_current_metadata?)
+          platform_spec = GemHelpers.select_best_platform_match(matching_specs, platform).find do |s|
+            s.matches_current_metadata? && valid_dependencies?(s)
+          end
 
           if platform_spec
             new_specs << LazySpecification.from_spec(platform_spec)
@@ -90,9 +92,20 @@ module Bundler
       platforms
     end
 
+    def validate_deps(s)
+      s.runtime_dependencies.each do |dep|
+        next if dep.name == "bundler"
+
+        return :missing unless names.include?(dep.name)
+        return :invalid if none? {|spec| dep.matches_spec?(spec) }
+      end
+
+      :valid
+    end
+
     def [](key)
       key = key.name if key.respond_to?(:name)
-      lookup[key].reverse
+      lookup[key]&.reverse || []
     end
 
     def []=(key, value)
@@ -167,7 +180,7 @@ module Bundler
     end
 
     def what_required(spec)
-      unless req = find {|s| s.dependencies.any? {|d| d.type == :runtime && d.name == spec.name } }
+      unless req = find {|s| s.runtime_dependencies.any? {|d| d.name == spec.name } }
         return [spec]
       end
       what_required(req) << spec
@@ -193,8 +206,16 @@ module Bundler
       sorted.each(&b)
     end
 
+    def names
+      lookup.keys
+    end
+
     private
 
+    def valid_dependencies?(s)
+      validate_deps(s) == :valid
+    end
+
     def sorted
       rake = @specs.find {|s| s.name == "rake" }
       begin
@@ -213,8 +234,9 @@ module Bundler
 
     def lookup
       @lookup ||= begin
-        lookup = Hash.new {|h, k| h[k] = [] }
+        lookup = {}
         @specs.each do |s|
+          lookup[s.name] ||= []
           lookup[s.name] << s
         end
         lookup
@@ -228,6 +250,8 @@ module Bundler
 
     def specs_for_dependency(dep, platform)
       specs_for_name = lookup[dep.name]
+      return [] unless specs_for_name
+
       matching_specs = if dep.force_ruby_platform
         GemHelpers.force_ruby_platform(specs_for_name)
       else
@@ -240,7 +264,11 @@ module Bundler
     def tsort_each_child(s)
       s.dependencies.sort_by(&:name).each do |d|
         next if d.type == :development
-        lookup[d.name].each {|s2| yield s2 }
+
+        specs_for_name = lookup[d.name]
+        next unless specs_for_name
+
+        specs_for_name.each {|s2| yield s2 }
       end
     end
   end

data/lib/bundler/vendor/thor/lib/thor/shell/color.rb

@@ -1,5 +1,4 @@
 require_relative "basic"
-require_relative "lcs_diff"
 
 class Bundler::Thor
   module Shell
@@ -7,8 +6,6 @@ class Bundler::Thor
     # Bundler::Thor::Shell::Basic to see all available methods.
     #
     class Color < Basic
-      include LCSDiff
-
       # Embed in a String to clear all previous ANSI sequences.
       CLEAR      = "\e[0m"
       # The start of an ANSI bold sequence.

data/lib/bundler/vendor/thor/lib/thor/shell/html.rb

@@ -1,5 +1,4 @@
 require_relative "basic"
-require_relative "lcs_diff"
 
 class Bundler::Thor
   module Shell
@@ -7,8 +6,6 @@ class Bundler::Thor
     # Bundler::Thor::Shell::Basic to see all available methods.
     #
     class HTML < Basic
-      include LCSDiff
-
       # The start of an HTML bold sequence.
       BOLD       = "font-weight: bold"
 

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.1".freeze
+  VERSION = "2.5.3".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.1
+  version: 2.5.3
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-12-15 00:00:00.000000000 Z
+date: 2023-12-22 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -338,7 +338,6 @@ files:
 - lib/bundler/vendor/thor/lib/thor/shell/color.rb
 - lib/bundler/vendor/thor/lib/thor/shell/column_printer.rb
 - lib/bundler/vendor/thor/lib/thor/shell/html.rb
-- lib/bundler/vendor/thor/lib/thor/shell/lcs_diff.rb
 - lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb
 - lib/bundler/vendor/thor/lib/thor/shell/terminal.rb
 - lib/bundler/vendor/thor/lib/thor/shell/wrapped_printer.rb
@@ -399,7 +398,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.1
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies

data/lib/bundler/vendor/thor/lib/thor/shell/lcs_diff.rb

@@ -1,49 +0,0 @@
-module LCSDiff
-protected
-
-  # Overwrite show_diff to show diff with colors if Diff::LCS is
-  # available.
-  def show_diff(destination, content) #:nodoc:
-    if diff_lcs_loaded? && ENV["THOR_DIFF"].nil? && ENV["RAILS_DIFF"].nil?
-      actual  = File.binread(destination).to_s.split("\n")
-      content = content.to_s.split("\n")
-
-      Diff::LCS.sdiff(actual, content).each do |diff|
-        output_diff_line(diff)
-      end
-    else
-      super
-    end
-  end
-
-private
-
-  def output_diff_line(diff) #:nodoc:
-    case diff.action
-    when "-"
-      say "- #{diff.old_element.chomp}", :red, true
-    when "+"
-      say "+ #{diff.new_element.chomp}", :green, true
-    when "!"
-      say "- #{diff.old_element.chomp}", :red, true
-      say "+ #{diff.new_element.chomp}", :green, true
-    else
-      say "  #{diff.old_element.chomp}", nil, true
-    end
-  end
-
-  # Check if Diff::LCS is loaded. If it is, use it to create pretty output
-  # for diff.
-  def diff_lcs_loaded? #:nodoc:
-    return true if defined?(Diff::LCS)
-    return @diff_lcs_loaded unless @diff_lcs_loaded.nil?
-
-    @diff_lcs_loaded = begin
-      require "diff/lcs"
-      true
-    rescue LoadError
-      false
-    end
-  end
-
-end