bundler 2.5.11 → 2.5.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e07468635327ec2b436d1015aadd6b09377511e9793dbd614e4d528104f6cf95
-  data.tar.gz: 6fd4b37515fe7854b32c7cfa0a48568a36a5f2a81f0ca93be86c263fec92eabe
+  metadata.gz: 3d55a4e4a51daffe5907ad748a96349876c9797fdf174433a32754c3d062236b
+  data.tar.gz: 3650a3a40f4b01e274b4a72f5a167354600e9d404aa3b688f8bb006023877eb3
 SHA512:
-  metadata.gz: 52cc1652e43f2568c0979188ce7a78f13e92a217fc67aa5063ce9d882739e288afc0ed43db43c18de8522e7b1460d9946a9ded85f3dd4195b9e411d6e2ef1c3f
-  data.tar.gz: '0581fccb9f4fb784b135bd5ffd84bd9b25e05597b9194d8d01844b243c85e899477b93204ea49298d72282d0bb38692b3aefebb78e24329853ac9e85d3effa2a'
+  metadata.gz: 3f558a26f42b927607933af8ad62e30a9ee6350dfe8230584b8e9d57fbd414f5b4239ac119c289dbf52ca7881cd956d69255f44b4e389e87d522c168ff67178b
+  data.tar.gz: b50b14773bd8b8aab8d938b322c1e93e0454bef759fedd74a054dc64cdc25d85990c1a9e843e5a8ba2be15fd937ca73d64a41dce76496ad5fcb2f2bcca562953

data/CHANGELOG.md

@@ -1,3 +1,31 @@
+# 2.5.13 (June 14, 2024)
+
+## Bug fixes:
+
+  - Fix funding metadata not being printed in some situations [#7746](https://github.com/rubygems/rubygems/pull/7746)
+  - Make sure to not re-resolve when a not fully specific local platform is locked [#7751](https://github.com/rubygems/rubygems/pull/7751)
+  - Don't print bug report template when bin dir is not writable [#7748](https://github.com/rubygems/rubygems/pull/7748)
+
+# 2.5.12 (June 13, 2024)
+
+## Enhancements:
+
+  - Keep credentials in lockfile if they are already there [#7720](https://github.com/rubygems/rubygems/pull/7720)
+  - Auto switch to locked bundler version even when using binstubs [#7719](https://github.com/rubygems/rubygems/pull/7719)
+  - Don't validate local gemspecs twice unnecessarily [#7725](https://github.com/rubygems/rubygems/pull/7725)
+  - Improve default gem handling by treating default gems as any other gem [#7673](https://github.com/rubygems/rubygems/pull/7673)
+
+## Bug fixes:
+
+  - Fix slow and incorrect resolution when adding `sorbet` to a Gemfile and the lockfile only includes "RUBY" in the platforms section [#7731](https://github.com/rubygems/rubygems/pull/7731)
+  - Fix duplicated config keys generated when `fallback_timeout` uri option is used [#7704](https://github.com/rubygems/rubygems/pull/7704)
+  - Fix `bundle exec` no longer working in truffleruby after explicit `require` of `pathname` was removed [#7703](https://github.com/rubygems/rubygems/pull/7703)
+  - Don't let `bundle config` report a path without a Gemfile as "local app" [#7687](https://github.com/rubygems/rubygems/pull/7687)
+
+## Documentation:
+
+  - Clarify BUNDLE_USER_CONFIG is a file [#7668](https://github.com/rubygems/rubygems/pull/7668)
+
 # 2.5.11 (May 28, 2024)
 
 ## Deprecations:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-05-28".freeze
-    @git_commit_sha = "4afb2d450a".freeze
+    @built_at = "2024-06-14".freeze
+    @git_commit_sha = "5525a3d9b0".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli.rb

@@ -65,7 +65,7 @@ module Bundler
         Bundler.reset_settings_and_root!
       end
 
-      Bundler.self_manager.restart_with_locked_bundler_if_needed
+      Bundler.auto_switch
 
       Bundler.settings.set_command_option_if_given :retry, options[:retry]
 
@@ -767,13 +767,10 @@ module Bundler
 
       return unless SharedHelpers.md5_available?
 
-      latest = Fetcher::CompactIndex.
-               new(nil, Source::Rubygems::Remote.new(Gem::URI("https://rubygems.org")), nil, nil).
-               send(:compact_index_client).
-               instance_variable_get(:@cache).
-               dependencies("bundler").
-               map {|d| Gem::Version.new(d.first) }.
-               max
+      require_relative "vendored_uri"
+      remote = Source::Rubygems::Remote.new(Gem::URI("https://rubygems.org"))
+      cache_path = Bundler.user_cache.join("compact_index", remote.cache_slug)
+      latest = Bundler::CompactIndexClient.new(cache_path).latest_version("bundler")
       return unless latest
 
       current = Gem::Version.new(VERSION)

data/lib/bundler/compact_index_client/cache.rb

@@ -7,123 +7,89 @@ module Bundler
     class Cache
       attr_reader :directory
 
-      def initialize(directory)
+      def initialize(directory, fetcher = nil)
         @directory = Pathname.new(directory).expand_path
-        info_roots.each {|dir| mkdir(dir) }
-        mkdir(info_etag_root)
+        @updater = Updater.new(fetcher) if fetcher
+        @mutex = Thread::Mutex.new
+        @endpoints = Set.new
+
+        @info_root = mkdir("info")
+        @special_characters_info_root = mkdir("info-special-characters")
+        @info_etag_root = mkdir("info-etags")
       end
 
       def names
-        lines(names_path)
+        fetch("names", names_path, names_etag_path)
       end
 
-      def names_path
-        directory.join("names")
+      def versions
+        fetch("versions", versions_path, versions_etag_path)
       end
 
-      def names_etag_path
-        directory.join("names.etag")
-      end
+      def info(name, remote_checksum = nil)
+        path = info_path(name)
 
-      def versions
-        versions_by_name = Hash.new {|hash, key| hash[key] = [] }
-        info_checksums_by_name = {}
-
-        lines(versions_path).each do |line|
-          name, versions_string, info_checksum = line.split(" ", 3)
-          info_checksums_by_name[name] = info_checksum || ""
-          versions_string.split(",") do |version|
-            delete = version.delete_prefix!("-")
-            version = version.split("-", 2).unshift(name)
-            if delete
-              versions_by_name[name].delete(version)
-            else
-              versions_by_name[name] << version
-            end
-          end
+        if remote_checksum && remote_checksum != SharedHelpers.checksum_for_file(path, :MD5)
+          fetch("info/#{name}", path, info_etag_path(name))
+        else
+          Bundler::CompactIndexClient.debug { "update skipped info/#{name} (#{remote_checksum ? "versions index checksum is nil" : "versions index checksum matches local"})" }
+          read(path)
         end
-
-        [versions_by_name, info_checksums_by_name]
-      end
-
-      def versions_path
-        directory.join("versions")
       end
 
-      def versions_etag_path
-        directory.join("versions.etag")
+      def reset!
+        @mutex.synchronize { @endpoints.clear }
       end
 
-      def checksums
-        lines(versions_path).each_with_object({}) do |line, checksums|
-          parse_version_checksum(line, checksums)
-        end
-      end
+      private
 
-      def dependencies(name)
-        lines(info_path(name)).map do |line|
-          parse_gem(line)
-        end
-      end
+      def names_path = directory.join("names")
+      def names_etag_path = directory.join("names.etag")
+      def versions_path = directory.join("versions")
+      def versions_etag_path = directory.join("versions.etag")
 
       def info_path(name)
         name = name.to_s
+        # TODO: converge this into the info_root by hashing all filenames like info_etag_path
         if /[^a-z0-9_-]/.match?(name)
           name += "-#{SharedHelpers.digest(:MD5).hexdigest(name).downcase}"
-          info_roots.last.join(name)
+          @special_characters_info_root.join(name)
         else
-          info_roots.first.join(name)
+          @info_root.join(name)
         end
       end
 
       def info_etag_path(name)
         name = name.to_s
-        info_etag_root.join("#{name}-#{SharedHelpers.digest(:MD5).hexdigest(name).downcase}")
+        @info_etag_root.join("#{name}-#{SharedHelpers.digest(:MD5).hexdigest(name).downcase}")
       end
 
-      private
-
-      def mkdir(dir)
-        SharedHelpers.filesystem_access(dir) do
-          FileUtils.mkdir_p(dir)
+      def mkdir(name)
+        directory.join(name).tap do |dir|
+          SharedHelpers.filesystem_access(dir) do
+            FileUtils.mkdir_p(dir)
+          end
         end
       end
 
-      def lines(path)
-        return [] unless path.file?
-        lines = SharedHelpers.filesystem_access(path, :read, &:read).split("\n")
-        header = lines.index("---")
-        header ? lines[header + 1..-1] : lines
-      end
-
-      def parse_gem(line)
-        @dependency_parser ||= GemParser.new
-        @dependency_parser.parse(line)
-      end
+      def fetch(remote_path, path, etag_path)
+        if already_fetched?(remote_path)
+          Bundler::CompactIndexClient.debug { "already fetched #{remote_path}" }
+        else
+          Bundler::CompactIndexClient.debug { "fetching #{remote_path}" }
+          @updater&.update(remote_path, path, etag_path)
+        end
 
-      # This is mostly the same as `split(" ", 3)` but it avoids allocating extra objects.
-      # This method gets called at least once for every gem when parsing versions.
-      def parse_version_checksum(line, checksums)
-        line.freeze # allows slicing into the string to not allocate a copy of the line
-        name_end = line.index(" ")
-        checksum_start = line.index(" ", name_end + 1) + 1
-        checksum_end = line.size - checksum_start
-        # freeze name since it is used as a hash key
-        # pre-freezing means a frozen copy isn't created
-        name = line[0, name_end].freeze
-        checksum = line[checksum_start, checksum_end]
-        checksums[name] = checksum
+        read(path)
       end
 
-      def info_roots
-        [
-          directory.join("info"),
-          directory.join("info-special-characters"),
-        ]
+      def already_fetched?(remote_path)
+        @mutex.synchronize { !@endpoints.add?(remote_path) }
       end
 
-      def info_etag_root
-        directory.join("info-etags")
+      def read(path)
+        return unless path.file?
+        SharedHelpers.filesystem_access(path, :read, &:read)
       end
     end
   end

data/lib/bundler/compact_index_client/parser.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Bundler
+  class CompactIndexClient
+    class Parser
+      # `compact_index` - an object responding to #names, #versions, #info(name, checksum),
+      #                   returning the file contents as a string
+      def initialize(compact_index)
+        @compact_index = compact_index
+        @info_checksums = nil
+        @versions_by_name = nil
+        @available = nil
+        @gem_parser = nil
+      end
+
+      def names
+        lines(@compact_index.names)
+      end
+
+      def versions
+        @versions_by_name ||= Hash.new {|hash, key| hash[key] = [] }
+        @info_checksums = {}
+
+        lines(@compact_index.versions).each do |line|
+          name, versions_string, checksum = line.split(" ", 3)
+          @info_checksums[name] = checksum || ""
+          versions_string.split(",") do |version|
+            delete = version.delete_prefix!("-")
+            version = version.split("-", 2).unshift(name)
+            if delete
+              @versions_by_name[name].delete(version)
+            else
+              @versions_by_name[name] << version
+            end
+          end
+        end
+
+        @versions_by_name
+      end
+
+      def info(name)
+        data = @compact_index.info(name, info_checksums[name])
+        lines(data).map {|line| gem_parser.parse(line).unshift(name) }
+      end
+
+      def available?
+        return @available unless @available.nil?
+        @available = !info_checksums.empty?
+      end
+
+      private
+
+      def info_checksums
+        @info_checksums ||= lines(@compact_index.versions).each_with_object({}) do |line, checksums|
+          parse_version_checksum(line, checksums)
+        end
+      end
+
+      def lines(data)
+        return [] if data.nil? || data.empty?
+        lines = data.split("\n")
+        header = lines.index("---")
+        header ? lines[header + 1..-1] : lines
+      end
+
+      def gem_parser
+        @gem_parser ||= GemParser.new
+      end
+
+      # This is mostly the same as `split(" ", 3)` but it avoids allocating extra objects.
+      # This method gets called at least once for every gem when parsing versions.
+      def parse_version_checksum(line, checksums)
+        return unless (name_end = line.index(" ")) # Artifactory bug causes blank lines in artifactor index files
+        return unless (checksum_start = line.index(" ", name_end + 1) + 1)
+        checksum_end = line.size - checksum_start
+
+        line.freeze # allows slicing into the string to not allocate a copy of the line
+        name = line[0, name_end]
+        checksum = line[checksum_start, checksum_end]
+        checksums[name.freeze] = checksum # freeze name since it is used as a hash key
+      end
+    end
+  end
+end

data/lib/bundler/compact_index_client.rb

@@ -4,6 +4,29 @@ require "pathname"
 require "set"
 
 module Bundler
+  # The CompactIndexClient is responsible for fetching and parsing the compact index.
+  #
+  # The compact index is a set of caching optimized files that are used to fetch gem information.
+  # The files are:
+  # - names: a list of all gem names
+  # - versions: a list of all gem versions
+  # - info/[gem]: a list of all versions of a gem
+  #
+  # The client is instantiated with:
+  # - `directory`: the root directory where the cache files are stored.
+  # - `fetcher`: (optional) an object that responds to #call(uri_path, headers) and returns an http response.
+  # If the `fetcher` is not provided, the client will only read cached files from disk.
+  #
+  # The client is organized into:
+  # - `Updater`: updates the cached files on disk using the fetcher.
+  # - `Cache`: calls the updater, caches files, read and return them from disk
+  # - `Parser`: parses the compact index file data
+  # - `CacheFile`: a concurrency safe file reader/writer that verifies checksums
+  #
+  # The client is intended to optimize memory usage and performance.
+  # It is called 100s or 1000s of times, parsing files with hundreds of thousands of lines.
+  # It may be called concurrently without global interpreter lock in some Rubies.
+  # As a result, some methods may look more complex than necessary to save memory or time.
   class CompactIndexClient
     # NOTE: MD5 is here not because we expect a server to respond with it, but
     # because we use it to generate the etag on first request during the upgrade
@@ -12,6 +35,13 @@ module Bundler
     SUPPORTED_DIGESTS = { "sha-256" => :SHA256, "md5" => :MD5 }.freeze
     DEBUG_MUTEX = Thread::Mutex.new
 
+    # info returns an Array of INFO Arrays. Each INFO Array has the following indices:
+    INFO_NAME = 0
+    INFO_VERSION = 1
+    INFO_PLATFORM = 2
+    INFO_DEPS = 3
+    INFO_REQS = 4
+
     def self.debug
       return unless ENV["DEBUG_COMPACT_INDEX"]
       DEBUG_MUTEX.synchronize { warn("[#{self}] #{yield}") }
@@ -21,106 +51,47 @@ module Bundler
 
     require_relative "compact_index_client/cache"
     require_relative "compact_index_client/cache_file"
+    require_relative "compact_index_client/parser"
     require_relative "compact_index_client/updater"
 
-    attr_reader :directory
-
-    def initialize(directory, fetcher)
-      @directory = Pathname.new(directory)
-      @updater = Updater.new(fetcher)
-      @cache = Cache.new(@directory)
-      @endpoints = Set.new
-      @info_checksums_by_name = {}
-      @parsed_checksums = false
-      @mutex = Thread::Mutex.new
-    end
-
-    def execution_mode=(block)
-      Bundler::CompactIndexClient.debug { "execution_mode=" }
-      @endpoints = Set.new
-
-      @execution_mode = block
-    end
-
-    # @return [Lambda] A lambda that takes an array of inputs and a block, and
-    #         maps the inputs with the block in parallel.
-    #
-    def execution_mode
-      @execution_mode || sequentially
-    end
-
-    def sequential_execution_mode!
-      self.execution_mode = sequentially
-    end
-
-    def sequentially
-      @sequentially ||= lambda do |inputs, &blk|
-        inputs.map(&blk)
-      end
+    def initialize(directory, fetcher = nil)
+      @cache = Cache.new(directory, fetcher)
+      @parser = Parser.new(@cache)
     end
 
     def names
-      Bundler::CompactIndexClient.debug { "/names" }
-      update("names", @cache.names_path, @cache.names_etag_path)
-      @cache.names
+      Bundler::CompactIndexClient.debug { "names" }
+      @parser.names
     end
 
     def versions
-      Bundler::CompactIndexClient.debug { "/versions" }
-      update("versions", @cache.versions_path, @cache.versions_etag_path)
-      versions, @info_checksums_by_name = @cache.versions
-      versions
+      Bundler::CompactIndexClient.debug { "versions" }
+      @parser.versions
     end
 
     def dependencies(names)
       Bundler::CompactIndexClient.debug { "dependencies(#{names})" }
-      execution_mode.call(names) do |name|
-        update_info(name)
-        @cache.dependencies(name).map {|d| d.unshift(name) }
-      end.flatten(1)
+      names.map {|name| info(name) }
     end
 
-    def update_and_parse_checksums!
-      Bundler::CompactIndexClient.debug { "update_and_parse_checksums!" }
-      return @info_checksums_by_name if @parsed_checksums
-      update("versions", @cache.versions_path, @cache.versions_etag_path)
-      @info_checksums_by_name = @cache.checksums
-      @parsed_checksums = true
-    end
-
-    private
-
-    def update(remote_path, local_path, local_etag_path)
-      Bundler::CompactIndexClient.debug { "update(#{local_path}, #{remote_path})" }
-      unless synchronize { @endpoints.add?(remote_path) }
-        Bundler::CompactIndexClient.debug { "already fetched #{remote_path}" }
-        return
-      end
-      @updater.update(url(remote_path), local_path, local_etag_path)
+    def info(name)
+      Bundler::CompactIndexClient.debug { "info(#{name})" }
+      @parser.info(name)
     end
 
-    def update_info(name)
-      Bundler::CompactIndexClient.debug { "update_info(#{name})" }
-      path = @cache.info_path(name)
-      unless existing = @info_checksums_by_name[name]
-        Bundler::CompactIndexClient.debug { "skipping updating info for #{name} since it is missing from versions" }
-        return
-      end
-      checksum = SharedHelpers.checksum_for_file(path, :MD5)
-      if checksum == existing
-        Bundler::CompactIndexClient.debug { "skipping updating info for #{name} since the versions checksum matches the local checksum" }
-        return
-      end
-      Bundler::CompactIndexClient.debug { "updating info for #{name} since the versions checksum #{existing} != the local checksum #{checksum}" }
-      update("info/#{name}", path, @cache.info_etag_path(name))
+    def latest_version(name)
+      Bundler::CompactIndexClient.debug { "latest_version(#{name})" }
+      @parser.info(name).map {|d| Gem::Version.new(d[INFO_VERSION]) }.max
     end
 
-    def url(path)
-      path
+    def available?
+      Bundler::CompactIndexClient.debug { "available?" }
+      @parser.available?
     end
 
-    def synchronize
-      @mutex.synchronize { yield }
+    def reset!
+      Bundler::CompactIndexClient.debug { "reset!" }
+      @cache.reset!
     end
   end
 end

data/lib/bundler/definition.rb

@@ -621,9 +621,16 @@ module Bundler
     end
 
     def start_resolution
+      @platforms |= [local_platform]
+
       result = SpecSet.new(resolver.start)
 
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+
+      if most_specific_ruby_locked_platform_is_not_local_platform?
+        @platforms.delete(result.incomplete_for_platform?(dependencies, @current_ruby_locked_platform) ? @current_ruby_locked_platform : local_platform)
+      end
+
       @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
 
       result.complete_platforms!(platforms)
@@ -650,7 +657,6 @@ module Bundler
 
     def current_ruby_platform_locked?
       return false unless generic_local_platform_is_ruby?
-      return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
 
       current_platform_locked?
     end
@@ -662,11 +668,16 @@ module Bundler
     end
 
     def add_current_platform
-      return if current_ruby_platform_locked?
+      @current_ruby_locked_platform = most_specific_locked_platform if current_ruby_platform_locked?
+      return if most_specific_ruby_locked_platform_is_not_local_platform?
 
       add_platform(local_platform)
     end
 
+    def most_specific_ruby_locked_platform_is_not_local_platform?
+      @current_ruby_locked_platform && @current_ruby_locked_platform != local_platform
+    end
+
     def change_reason
       if unlocking?
         unlock_targets = if @gems_to_unlock.any?
@@ -1050,7 +1061,6 @@ module Bundler
                 !@originally_locked_specs.incomplete_for_platform?(dependencies, platform)
 
         remove_platform(platform)
-        add_current_platform if platform == Gem::Platform::RUBY
       end
     end
 

data/lib/bundler/endpoint_specification.rb

@@ -92,6 +92,17 @@ module Bundler
       end
     end
 
+    # needed for `bundle fund`
+    def metadata
+      if @remote_specification
+        @remote_specification.metadata
+      elsif _local_specification
+        _local_specification.metadata
+      else
+        super
+      end
+    end
+
     def _local_specification
       return unless @loaded_from && File.exist?(local_specification_path)
       eval(File.read(local_specification_path), nil, local_specification_path).tap do |spec|

data/lib/bundler/fetcher/compact_index.rb

@@ -4,8 +4,6 @@ require_relative "base"
 require_relative "../worker"
 
 module Bundler
-  autoload :CompactIndexClient, File.expand_path("../compact_index_client", __dir__)
-
   class Fetcher
     class CompactIndex < Base
       def self.compact_index_request(method_name)
@@ -36,15 +34,8 @@ module Bundler
 
         until remaining_gems.empty?
           log_specs { "Looking up gems #{remaining_gems.inspect}" }
-
-          deps = begin
-                   parallel_compact_index_client.dependencies(remaining_gems)
-                 rescue TooManyRequestsError
-                   @bundle_worker&.stop
-                   @bundle_worker = nil # reset it.  Not sure if necessary
-                   serial_compact_index_client.dependencies(remaining_gems)
-                 end
-          next_gems = deps.flat_map {|d| d[3].flat_map(&:first) }.uniq
+          deps = fetch_gem_infos(remaining_gems).flatten(1)
+          next_gems = deps.flat_map {|d| d[CompactIndexClient::INFO_DEPS].flat_map(&:first) }.uniq
           deps.each {|dep| gem_info << dep }
           complete_gems.concat(deps.map(&:first)).uniq!
           remaining_gems = next_gems - complete_gems
@@ -61,7 +52,7 @@ module Bundler
           return nil
         end
         # Read info file checksums out of /versions, so we can know if gems are up to date
-        compact_index_client.update_and_parse_checksums!
+        compact_index_client.available?
       rescue CompactIndexClient::Updater::MismatchedChecksumError => e
         Bundler.ui.debug(e.message)
         nil
@@ -81,20 +72,20 @@ module Bundler
           end
       end
 
-      def parallel_compact_index_client
-        compact_index_client.execution_mode = lambda do |inputs, &blk|
-          func = lambda {|object, _index| blk.call(object) }
-          worker = bundle_worker(func)
-          inputs.each {|input| worker.enq(input) }
-          inputs.map { worker.deq }
-        end
-
-        compact_index_client
+      def fetch_gem_infos(names)
+        in_parallel(names) {|name| compact_index_client.info(name) }
+      rescue TooManyRequestsError # rubygems.org is rate limiting us, slow down.
+        @bundle_worker&.stop
+        @bundle_worker = nil # reset it.  Not sure if necessary
+        compact_index_client.reset!
+        names.map {|name| compact_index_client.info(name) }
       end
 
-      def serial_compact_index_client
-        compact_index_client.sequential_execution_mode!
-        compact_index_client
+      def in_parallel(inputs, &blk)
+        func = lambda {|object, _index| blk.call(object) }
+        worker = bundle_worker(func)
+        inputs.each {|input| worker.enq(input) }
+        inputs.map { worker.deq }
       end
 
       def bundle_worker(func = nil)

data/lib/bundler/installer/gem_installer.rb

@@ -54,7 +54,6 @@ module Bundler
       spec.source.install(
         spec,
         force: force,
-        ensure_builtin_gems_cached: standalone,
         build_args: Array(spec_settings),
         previous_spec: previous_spec,
       )

data/lib/bundler/man/bundle-config.1

@@ -307,7 +307,7 @@ Any \fB\.\fR characters in a host name are mapped to a double underscore (\fB__\
 .P
 This means that if you have a gem server named \fBmy\.gem\-host\.com\fR, you'll need to use the \fBBUNDLE_MY__GEM___HOST__COM\fR variable to configure credentials for it through ENV\.
 .SH "CONFIGURE BUNDLER DIRECTORIES"
-Bundler's home, config, cache and plugin directories are able to be configured through environment variables\. The default location for Bundler's home directory is \fB~/\.bundle\fR, which all directories inherit from by default\. The following outlines the available environment variables and their default values
+Bundler's home, cache and plugin directories and config file can be configured through environment variables\. The default location for Bundler's home directory is \fB~/\.bundle\fR, which all directories inherit from by default\. The following outlines the available environment variables and their default values
 .IP "" 4
 .nf
 BUNDLE_USER_HOME : $HOME/\.bundle

data/lib/bundler/man/bundle-config.1.ronn

@@ -397,7 +397,7 @@ through ENV.
 
 ## CONFIGURE BUNDLER DIRECTORIES
 
-Bundler's home, config, cache and plugin directories are able to be configured
+Bundler's home, cache and plugin directories and config file can be configured
 through environment variables. The default location for Bundler's home directory is
 `~/.bundle`, which all directories inherit from by default. The following
 outlines the available environment variables and their default values

data/lib/bundler/rubygems_gem_installer.rb

@@ -29,7 +29,10 @@ module Bundler
       write_build_info_file
       run_post_build_hooks
 
-      generate_bin
+      SharedHelpers.filesystem_access(bin_dir, :write) do
+        generate_bin
+      end
+
       generate_plugins
 
       write_spec

data/lib/bundler/rubygems_integration.rb

@@ -469,11 +469,25 @@ module Bundler
     end
 
     def all_specs
+      SharedHelpers.major_deprecation 2, "Bundler.rubygems.all_specs has been removed in favor of Bundler.rubygems.installed_specs"
+
       Gem::Specification.stubs.map do |stub|
         StubSpecification.from_stub(stub)
       end
     end
 
+    def installed_specs
+      Gem::Specification.stubs.reject(&:default_gem?).map do |stub|
+        StubSpecification.from_stub(stub)
+      end
+    end
+
+    def default_specs
+      Gem::Specification.default_stubs.map do |stub|
+        StubSpecification.from_stub(stub)
+      end
+    end
+
     def find_bundler(version)
       find_name("bundler").find {|s| s.version.to_s == version }
     end

data/lib/bundler/self_manager.rb

@@ -92,6 +92,7 @@ module Bundler
     def autoswitching_applies?
       ENV["BUNDLER_VERSION"].nil? &&
         Bundler.rubygems.supports_bundler_trampolining? &&
+        ruby_can_restart_with_same_arguments? &&
         SharedHelpers.in_bundle? &&
         lockfile_version
     end
@@ -151,6 +152,10 @@ module Bundler
       !version.to_s.end_with?(".dev")
     end
 
+    def ruby_can_restart_with_same_arguments?
+      $PROGRAM_NAME != "-e"
+    end
+
     def updating?
       "update".start_with?(ARGV.first || " ") && ARGV[1..-1].any? {|a| a.start_with?("--bundler") }
     end

data/lib/bundler/settings.rb

@@ -103,6 +103,7 @@ module Bundler
     def initialize(root = nil)
       @root            = root
       @local_config    = load_config(local_config_file)
+      @local_root      = root || Pathname.new(".bundle").expand_path
 
       @env_config      = ENV.to_h
       @env_config.select! {|key, _value| key.start_with?("BUNDLE_") }
@@ -142,7 +143,7 @@ module Bundler
     end
 
     def set_local(key, value)
-      local_config_file || raise(GemfileNotFound, "Could not locate Gemfile")
+      local_config_file = @local_root.join("config")
 
       set_key(key, value, @local_config, local_config_file)
     end
@@ -491,6 +492,10 @@ module Bundler
         valid_file = file.exist? && !file.size.zero?
         return {} unless valid_file
         serializer_class.load(file.read).inject({}) do |config, (k, v)|
+          k = k.dup
+          k << "/" if /https?:/i.match?(k) && !k.end_with?("/", "__#{FALLBACK_TIMEOUT_URI_OPTION.upcase}")
+          k.gsub!(".", "__")
+
           unless k.start_with?("#")
             if k.include?("-")
               Bundler.ui.warn "Your #{file} config includes `#{k}`, which contains the dash character (`-`).\n" \
@@ -518,26 +523,25 @@ module Bundler
       YAMLSerializer
     end
 
-    PER_URI_OPTIONS = %w[
-      fallback_timeout
-    ].freeze
+    FALLBACK_TIMEOUT_URI_OPTION = "fallback_timeout"
 
     NORMALIZE_URI_OPTIONS_PATTERN =
       /
         \A
         (\w+\.)? # optional prefix key
         (https?.*?) # URI
-        (\.#{Regexp.union(PER_URI_OPTIONS)})? # optional suffix key
+        (\.#{FALLBACK_TIMEOUT_URI_OPTION})? # optional suffix key
         \z
       /ix
 
     def self.key_for(key)
-      key = normalize_uri(key).to_s if key.is_a?(String) && key.start_with?("http", "mirror.http")
-      key = key_to_s(key).gsub(".", "__")
+      key = key_to_s(key)
+      key = normalize_uri(key) if key.start_with?("http", "mirror.http")
+      key = key.gsub(".", "__")
       key.gsub!("-", "___")
       key.upcase!
 
-      key.prepend("BUNDLE_")
+      key.gsub(/\A([ #]*)/, '\1BUNDLE_')
     end
 
     # TODO: duplicates Rubygems#normalize_uri

data/lib/bundler/setup.rb

@@ -5,6 +5,9 @@ require_relative "shared_helpers"
 if Bundler::SharedHelpers.in_bundle?
   require_relative "../bundler"
 
+  # autoswitch to locked Bundler version if available
+  Bundler.auto_switch
+
   # try to auto_install first before we get to the `Bundler.ui.silence`, so user knows what is happening
   Bundler.auto_install
 

data/lib/bundler/shared_helpers.rb

@@ -4,14 +4,14 @@ require_relative "version"
 require_relative "rubygems_integration"
 require_relative "current_ruby"
 
+autoload :Pathname, "pathname"
+
 module Bundler
   autoload :WINDOWS, File.expand_path("constants", __dir__)
   autoload :FREEBSD, File.expand_path("constants", __dir__)
   autoload :NULL, File.expand_path("constants", __dir__)
 
   module SharedHelpers
-    autoload :Pathname, "pathname"
-
     def root
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile

data/lib/bundler/source/git.rb

@@ -32,6 +32,20 @@ module Bundler
         @local      = false
       end
 
+      def remote!
+        return if @allow_remote
+
+        @local_specs = nil
+        @allow_remote = true
+      end
+
+      def cached!
+        return if @allow_cached
+
+        @local_specs = nil
+        @allow_cached = true
+      end
+
       def self.from_lock(options)
         new(options.merge("uri" => options.delete("remote")))
       end

data/lib/bundler/source/path.rb

@@ -18,9 +18,6 @@ module Bundler
         @options = options.dup
         @glob = options["glob"] || DEFAULT_GLOB
 
-        @allow_cached = false
-        @allow_remote = false
-
         @root_path = options["root_path"] || root
 
         if options["path"]
@@ -41,16 +38,6 @@ module Bundler
         @original_path = @path
       end
 
-      def remote!
-        @local_specs = nil
-        @allow_remote = true
-      end
-
-      def cached!
-        @local_specs = nil
-        @allow_cached = true
-      end
-
       def self.from_lock(options)
         new(options.merge("path" => options.delete("remote")))
       end

data/lib/bundler/source/rubygems.rb

@@ -10,7 +10,7 @@ module Bundler
       # Ask for X gems per API request
       API_REQUEST_SIZE = 50
 
-      attr_accessor :remotes
+      attr_reader :remotes
 
       def initialize(options = {})
         @options = options
@@ -20,6 +20,7 @@ module Bundler
         @allow_cached = false
         @allow_local = options["allow_local"] || false
         @checksum_store = Checksum::Store.new
+        @original_remotes = nil
 
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
       end
@@ -94,10 +95,15 @@ module Bundler
         new(options)
       end
 
+      def remotes=(new_remotes)
+        @original_remotes = @remotes
+        @remotes = new_remotes
+      end
+
       def to_lock
         out = String.new("GEM\n")
-        remotes.reverse_each do |remote|
-          out << "  remote: #{remove_auth remote}\n"
+        lockfile_remotes.reverse_each do |remote|
+          out << "  remote: #{remote}\n"
         end
         out << "  specs:\n"
       end
@@ -136,20 +142,17 @@ module Bundler
           index = @allow_remote ? remote_specs.dup : Index.new
           index.merge!(cached_specs) if @allow_cached
           index.merge!(installed_specs) if @allow_local
+
+          # complete with default specs, only if not already available in the
+          # index through remote, cached, or installed specs
+          index.use(default_specs) if @allow_local
+
           index
         end
       end
 
       def install(spec, options = {})
-        force = options[:force]
-        ensure_builtin_gems_cached = options[:ensure_builtin_gems_cached]
-
-        if ensure_builtin_gems_cached && spec.default_gem? && !cached_path(spec)
-          cached_built_in_gem(spec) unless spec.remote
-          force = true
-        end
-
-        if installed?(spec) && !force
+        if (spec.default_gem? && !cached_built_in_gem(spec)) || (installed?(spec) && !options[:force])
           print_using_message "Using #{version_message(spec, options[:previous_spec])}"
           return nil # no post-install message
         end
@@ -362,7 +365,7 @@ module Bundler
 
       def installed_specs
         @installed_specs ||= Index.build do |idx|
-          Bundler.rubygems.all_specs.reverse_each do |spec|
+          Bundler.rubygems.installed_specs.reverse_each do |spec|
             spec.source = self
             if Bundler.rubygems.spec_missing_extensions?(spec, false)
               Bundler.ui.debug "Source #{self} is ignoring #{spec} because it is missing extensions"
@@ -373,6 +376,15 @@ module Bundler
         end
       end
 
+      def default_specs
+        @default_specs ||= Index.build do |idx|
+          Bundler.rubygems.default_specs.each do |spec|
+            spec.source = self
+            idx << spec
+          end
+        end
+      end
+
       def cached_specs
         @cached_specs ||= begin
           idx = Index.new
@@ -457,6 +469,10 @@ module Bundler
 
       private
 
+      def lockfile_remotes
+        @original_remotes || credless_remotes
+      end
+
       # Checks if the requested spec exists in the global cache. If it does,
       # we copy it to the download path, and if it does not, we download it.
       #

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.11".freeze
+  VERSION = "2.5.13".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler/yaml_serializer.rb

@@ -60,7 +60,6 @@ module Bundler
           indent, key, quote, val = match.captures
           val = strip_comment(val)
 
-          convert_to_backward_compatible_key!(key)
           depth = indent.size / 2
           if quote.empty? && val.empty?
             new_hash = {}
@@ -92,14 +91,8 @@ module Bundler
       end
     end
 
-    # for settings' keys
-    def convert_to_backward_compatible_key!(key)
-      key << "/" if /https?:/i.match?(key) && !%r{/\Z}.match?(key)
-      key.gsub!(".", "__")
-    end
-
     class << self
-      private :dump_hash, :convert_to_backward_compatible_key!
+      private :dump_hash
     end
   end
 end

data/lib/bundler.rb

@@ -42,6 +42,7 @@ module Bundler
   autoload :Checksum,               File.expand_path("bundler/checksum", __dir__)
   autoload :CLI,                    File.expand_path("bundler/cli", __dir__)
   autoload :CIDetector,             File.expand_path("bundler/ci_detector", __dir__)
+  autoload :CompactIndexClient,     File.expand_path("bundler/compact_index_client", __dir__)
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :Deprecate,              File.expand_path("bundler/deprecate", __dir__)
@@ -166,6 +167,10 @@ module Bundler
       end
     end
 
+    def auto_switch
+      self_manager.restart_with_locked_bundler_if_needed
+    end
+
     # Automatically install dependencies if Bundler.settings[:auto_install] exists.
     # This is set through config cmd `bundle config set --global auto_install 1`.
     #
@@ -356,7 +361,7 @@ module Bundler
     def settings
       @settings ||= Settings.new(app_config_path)
     rescue GemfileNotFound
-      @settings = Settings.new(Pathname.new(".bundle").expand_path)
+      @settings = Settings.new
     end
 
     # @return [Hash] Environment present before Bundler was activated

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.11
+  version: 2.5.13
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-05-28 00:00:00.000000000 Z
+date: 2024-06-14 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -79,6 +79,7 @@ files:
 - lib/bundler/compact_index_client/cache.rb
 - lib/bundler/compact_index_client/cache_file.rb
 - lib/bundler/compact_index_client/gem_parser.rb
+- lib/bundler/compact_index_client/parser.rb
 - lib/bundler/compact_index_client/updater.rb
 - lib/bundler/constants.rb
 - lib/bundler/current_ruby.rb
@@ -399,7 +400,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.13
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies