bundler 2.5.21 → 2.5.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d14e278135c6fa088c2fc0837815d8251449d7c0335d422ba2fcaa3e29bc3c8
-  data.tar.gz: 9b0704eae91833bf63ab346369e0a0a5e3ed39093cbf19bbc27fe7f8eb5ff1ae
+  metadata.gz: bc7261a0b8dc5361d73ec05037b3ceb245a228a8e5e068928fd8db3fc68e6fb3
+  data.tar.gz: '049390d33cb5586ed405378073f30bb45e0f0e3127ee6b857cf79574dfe2d415'
 SHA512:
-  metadata.gz: cad7762642146a6baba3c8cfab7528e667d0748da24fc442be84cc374bb10a8ef881ec9b87e0f019e4063bbf5112fd9a463ee9aab7567099e40811a9efcf5116
-  data.tar.gz: ad30723406fac680a09dac9d4c2dedb202888c86cbcfc79481f905d2d8e3ecde477ba1dda7f0270dedaf386d03b12e782ec350ed7cf83ea80cda5886450bb02f
+  metadata.gz: 977e79ef6df50d6fa48909d74b9867621ba7f7883d4e438e9f4f658ec49030dd4752c3926dfea84be23da1e7964599d93adafbc3458df90f34380208cb810d84
+  data.tar.gz: ebd1d89e12a3d56c653cf90ef0bcb90d4cbc3b739f7ebbd5033505b367ee17c4320defc8c5810d4bb762ff482425c9326385bb6044bf012e397dc3f7d12eaa65

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+# 2.5.22 (October 16, 2024)
+
+## Enhancements:
+
+  - Update vendored `uri` and `net-http` [#8112](https://github.com/rubygems/rubygems/pull/8112)
+
+## Bug fixes:
+
+  - Fix bundler sometimes crashing because of trying to use a version of psych compiled for a different Ruby [#8104](https://github.com/rubygems/rubygems/pull/8104)
+
 # 2.5.21 (October 3, 2024)
 
 ## Bug fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-10-03".freeze
-    @git_commit_sha = "5cc66a2380b".freeze
+    @built_at = "2024-10-16".freeze
+    @git_commit_sha = "342d4542fda".freeze
     @release = true
     # end ivars
 

data/lib/bundler/dsl.rb

@@ -589,21 +589,21 @@ module Bundler
 
           trace_line = backtrace.find {|l| l.include?(dsl_path) } || trace_line
           return m unless trace_line
-          line_numer = trace_line.split(":")[1].to_i - 1
-          return m unless line_numer
+          line_number = trace_line.split(":")[1].to_i - 1
+          return m unless line_number
 
           lines      = contents.lines.to_a
           indent     = " #  "
           indicator  = indent.tr("#", ">")
-          first_line = line_numer.zero?
-          last_line  = (line_numer == (lines.count - 1))
+          first_line = line_number.zero?
+          last_line  = (line_number == (lines.count - 1))
 
           m << "\n"
           m << "#{indent}from #{trace_line.gsub(/:in.*$/, "")}\n"
           m << "#{indent}-------------------------------------------\n"
-          m << "#{indent}#{lines[line_numer - 1]}" unless first_line
-          m << "#{indicator}#{lines[line_numer]}"
-          m << "#{indent}#{lines[line_numer + 1]}" unless last_line
+          m << "#{indent}#{lines[line_number - 1]}" unless first_line
+          m << "#{indicator}#{lines[line_number]}"
+          m << "#{indent}#{lines[line_number + 1]}" unless last_line
           m << "\n" unless m.end_with?("\n")
           m << "#{indent}-------------------------------------------\n"
         end

data/lib/bundler/installer.rb

@@ -221,7 +221,7 @@ module Bundler
 
       requested_path_gems = @definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
       path_plugin_files = requested_path_gems.map do |spec|
-        Bundler.rubygems.spec_matches_for_glob(spec, "rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
+        spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
       rescue TypeError
         error_message = "#{spec.name} #{spec.version} has an invalid gemspec"
         raise Gem::InvalidSpecificationException, error_message

data/lib/bundler/plugin/api/source.rb

@@ -131,7 +131,7 @@ module Bundler
           Bundler::Index.build do |index|
             files.each do |file|
               next unless spec = Bundler.load_gemspec(file)
-              Bundler.rubygems.set_installed_by_version(spec)
+              spec.installed_by_version = Gem::VERSION
 
               spec.source = self
               Bundler.rubygems.validate(spec)

data/lib/bundler/rubygems_ext.rb

@@ -36,15 +36,14 @@ module Gem
       remove_method :open_file_with_flock if Gem.respond_to?(:open_file_with_flock)
 
       def open_file_with_flock(path, &block)
-        mode = IO::RDONLY | IO::APPEND | IO::CREAT | IO::BINARY
+        # read-write mode is used rather than read-only in order to support NFS
+        mode = IO::RDWR | IO::APPEND | IO::CREAT | IO::BINARY
         mode |= IO::SHARE_DELETE if IO.const_defined?(:SHARE_DELETE)
 
         File.open(path, mode) do |io|
           begin
             io.flock(File::LOCK_EX)
           rescue Errno::ENOSYS, Errno::ENOTSUP
-          rescue Errno::ENOLCK # NFS
-            raise unless Thread.main == Thread.current
           end
           yield io
         end
@@ -267,6 +266,16 @@ module Gem
       end
       out
     end
+
+    if Gem.rubygems_version < Gem::Version.new("3.5.22")
+      module FilterIgnoredSpecs
+        def matching_specs(platform_only = false)
+          super.reject(&:ignored?)
+        end
+      end
+
+      prepend FilterIgnoredSpecs
+    end
   end
 
   # Requirements using lambda operator differentiate trailing zeros since rubygems 3.2.6
@@ -389,6 +398,15 @@ module Gem
         end
       end
     end
+
+    # Can be removed once RubyGems 3.5.22 support is dropped
+    unless new.respond_to?(:ignored?)
+      def ignored?
+        return @ignored unless @ignored.nil?
+
+        @ignored = missing_extensions?
+      end
+    end
   end
 
   require "rubygems/name_tuple"

data/lib/bundler/rubygems_integration.rb

@@ -57,28 +57,6 @@ module Bundler
       nil
     end
 
-    def set_installed_by_version(spec, installed_by_version = Gem::VERSION)
-      return unless spec.respond_to?(:installed_by_version=)
-      spec.installed_by_version = Gem::Version.create(installed_by_version)
-    end
-
-    def spec_missing_extensions?(spec, default = true)
-      return spec.missing_extensions? if spec.respond_to?(:missing_extensions?)
-
-      return false if spec.default_gem?
-      return false if spec.extensions.empty?
-
-      default
-    end
-
-    def spec_matches_for_glob(spec, glob)
-      return spec.matches_for_glob(glob) if spec.respond_to?(:matches_for_glob)
-
-      spec.load_paths.flat_map do |lp|
-        Dir["#{lp}/#{glob}#{suffix_pattern}"]
-      end
-    end
-
     def stub_set_spec(stub, spec)
       stub.instance_variable_set(:@spec, spec)
     end

data/lib/bundler/source/git.rb

@@ -210,7 +210,7 @@ module Bundler
           checkout
         end
 
-        generate_bin_options = { disable_extensions: !Bundler.rubygems.spec_missing_extensions?(spec), build_args: options[:build_args] }
+        generate_bin_options = { disable_extensions: !spec.missing_extensions?, build_args: options[:build_args] }
         generate_bin(spec, generate_bin_options)
 
         requires_checkout? ? spec.post_install_message : nil
@@ -299,7 +299,7 @@ module Bundler
           # The gemspecs we cache should already be evaluated.
           spec = Bundler.load_gemspec(spec_path)
           next unless spec
-          Bundler.rubygems.set_installed_by_version(spec)
+          spec.installed_by_version = Gem::VERSION
           Bundler.rubygems.validate(spec)
           File.open(spec_path, "wb") {|file| file.write(spec.to_ruby) }
         end

data/lib/bundler/source/path.rb

@@ -150,7 +150,7 @@ module Bundler
 
       def load_gemspec(file)
         return unless spec = Bundler.load_gemspec(file)
-        Bundler.rubygems.set_installed_by_version(spec)
+        spec.installed_by_version = Gem::VERSION
         spec
       end
 

data/lib/bundler/source/rubygems.rb

@@ -357,10 +357,7 @@ module Bundler
         @installed_specs ||= Index.build do |idx|
           Bundler.rubygems.installed_specs.reverse_each do |spec|
             spec.source = self
-            if Bundler.rubygems.spec_missing_extensions?(spec, false)
-              Bundler.ui.debug "Source #{self} is ignoring #{spec} because it is missing extensions"
-              next
-            end
+            next if spec.ignored?
             idx << spec
           end
         end

data/lib/bundler/stub_specification.rb

@@ -28,6 +28,17 @@ module Bundler
 
     # @!group Stub Delegates
 
+    def ignored?
+      return @ignored unless @ignored.nil?
+
+      @ignored = missing_extensions?
+      return false unless @ignored
+
+      warn "Source #{source} is ignoring #{self} because it is missing extensions"
+
+      true
+    end
+
     def manually_installed?
       # This is for manually installed gems which are gems that were fixed in place after a
       # failed installation. Once the issue was resolved, the user then manually created

data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -68,6 +68,8 @@ autoload :OpenSSL, 'openssl'
 # #verify_callback    :: For server certificate verification
 # #verify_depth       :: Depth of certificate verification
 # #verify_mode        :: How connections should be verified
+# #verify_hostname    :: Use hostname verification for server certificate
+#                        during the handshake
 #
 # == Proxies
 #
@@ -174,7 +176,7 @@ class Gem::Net::HTTP::Persistent
   ##
   # The version of Gem::Net::HTTP::Persistent you are using
 
-  VERSION = '4.0.2'
+  VERSION = '4.0.4'
 
   ##
   # Error class for errors raised by Gem::Net::HTTP::Persistent.  Various
@@ -449,6 +451,21 @@ class Gem::Net::HTTP::Persistent
 
   attr_reader :verify_mode
 
+  ##
+  # HTTPS verify_hostname.
+  #
+  # If a client sets this to true and enables SNI with SSLSocket#hostname=,
+  # the hostname verification on the server certificate is performed
+  # automatically during the handshake using
+  # OpenSSL::SSL.verify_certificate_identity().
+  #
+  # You can set +verify_hostname+ as true to use hostname verification
+  # during the handshake.
+  #
+  # NOTE: This works with Ruby > 3.0.
+
+  attr_reader :verify_hostname
+
   ##
   # Creates a new Gem::Net::HTTP::Persistent.
   #
@@ -508,6 +525,7 @@ class Gem::Net::HTTP::Persistent
     @verify_callback    = nil
     @verify_depth       = nil
     @verify_mode        = nil
+    @verify_hostname    = nil
     @cert_store         = nil
 
     @generation         = 0 # incremented when proxy Gem::URI changes
@@ -607,13 +625,23 @@ class Gem::Net::HTTP::Persistent
 
     return yield connection
   rescue Errno::ECONNREFUSED
-    address = http.proxy_address || http.address
-    port    = http.proxy_port    || http.port
+    if http.proxy?
+      address = http.proxy_address
+      port    = http.proxy_port
+    else
+      address = http.address
+      port    = http.port
+    end
 
     raise Error, "connection refused: #{address}:#{port}"
   rescue Errno::EHOSTDOWN
-    address = http.proxy_address || http.address
-    port    = http.proxy_port    || http.port
+    if http.proxy?
+      address = http.proxy_address
+      port    = http.proxy_port
+    else
+      address = http.address
+      port    = http.port
+    end
 
     raise Error, "host down: #{address}:#{port}"
   ensure
@@ -948,8 +976,10 @@ class Gem::Net::HTTP::Persistent
     connection.min_version = @min_version if @min_version
     connection.max_version = @max_version if @max_version
 
-    connection.verify_depth = @verify_depth
-    connection.verify_mode  = @verify_mode
+    connection.verify_depth    = @verify_depth
+    connection.verify_mode     = @verify_mode
+    connection.verify_hostname = @verify_hostname if
+      @verify_hostname != nil && connection.respond_to?(:verify_hostname=)
 
     if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
        not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
@@ -1058,6 +1088,15 @@ application:
     reconnect_ssl
   end
 
+  ##
+  # Sets the HTTPS verify_hostname.
+
+  def verify_hostname= verify_hostname
+    @verify_hostname = verify_hostname
+
+    reconnect_ssl
+  end
+
   ##
   # SSL verification callback.
 
@@ -1070,4 +1109,3 @@ end
 
 require_relative 'persistent/connection'
 require_relative 'persistent/pool'
-

data/lib/bundler/vendor/uri/lib/uri/common.rb

@@ -19,6 +19,8 @@ module Bundler::URI
   Parser = RFC2396_Parser
   RFC3986_PARSER = RFC3986_Parser.new
   Ractor.make_shareable(RFC3986_PARSER) if defined?(Ractor)
+  RFC2396_PARSER = RFC2396_Parser.new
+  Ractor.make_shareable(RFC2396_PARSER) if defined?(Ractor)
 
   # Bundler::URI::Parser.new
   DEFAULT_PARSER = Parser.new

data/lib/bundler/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Bundler::URI
   # :stopdoc:
-  VERSION_CODE = '001300'.freeze
+  VERSION_CODE = '001301'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.21".freeze
+  VERSION = "2.5.22".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.21
+  version: 2.5.22
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-03 00:00:00.000000000 Z
+date: 2024-10-16 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -405,7 +405,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.21
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies