bundler 2.5.22 → 2.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (157) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +83 -0
  3. data/bundler.gemspec +2 -2
  4. data/lib/bundler/build_metadata.rb +2 -2
  5. data/lib/bundler/cli/add.rb +2 -0
  6. data/lib/bundler/cli/check.rb +2 -2
  7. data/lib/bundler/cli/console.rb +0 -4
  8. data/lib/bundler/cli/doctor.rb +4 -4
  9. data/lib/bundler/cli/exec.rb +1 -0
  10. data/lib/bundler/cli/gem.rb +1 -1
  11. data/lib/bundler/cli/info.rb +2 -2
  12. data/lib/bundler/cli/inject.rb +1 -1
  13. data/lib/bundler/cli/install.rb +4 -0
  14. data/lib/bundler/cli/lock.rb +20 -1
  15. data/lib/bundler/cli/pristine.rb +1 -1
  16. data/lib/bundler/cli/show.rb +2 -2
  17. data/lib/bundler/cli.rb +23 -53
  18. data/lib/bundler/compact_index_client/cache_file.rb +0 -5
  19. data/lib/bundler/compact_index_client/updater.rb +0 -11
  20. data/lib/bundler/definition.rb +143 -76
  21. data/lib/bundler/dependency.rb +1 -1
  22. data/lib/bundler/dsl.rb +33 -28
  23. data/lib/bundler/endpoint_specification.rb +10 -1
  24. data/lib/bundler/errors.rb +10 -0
  25. data/lib/bundler/feature_flag.rb +1 -0
  26. data/lib/bundler/fetcher/compact_index.rb +1 -1
  27. data/lib/bundler/fetcher.rb +10 -3
  28. data/lib/bundler/gem_helpers.rb +21 -5
  29. data/lib/bundler/injector.rb +2 -2
  30. data/lib/bundler/inline.rb +12 -8
  31. data/lib/bundler/installer/standalone.rb +2 -2
  32. data/lib/bundler/installer.rb +4 -38
  33. data/lib/bundler/lazy_specification.rb +74 -26
  34. data/lib/bundler/lockfile_generator.rb +1 -1
  35. data/lib/bundler/lockfile_parser.rb +9 -1
  36. data/lib/bundler/man/bundle-add.1 +17 -11
  37. data/lib/bundler/man/bundle-add.1.ronn +16 -10
  38. data/lib/bundler/man/bundle-binstubs.1 +7 -4
  39. data/lib/bundler/man/bundle-binstubs.1.ronn +6 -3
  40. data/lib/bundler/man/bundle-cache.1 +30 -2
  41. data/lib/bundler/man/bundle-cache.1.ronn +31 -2
  42. data/lib/bundler/man/bundle-check.1 +3 -3
  43. data/lib/bundler/man/bundle-check.1.ronn +4 -2
  44. data/lib/bundler/man/bundle-clean.1 +1 -1
  45. data/lib/bundler/man/bundle-config.1 +3 -5
  46. data/lib/bundler/man/bundle-config.1.ronn +2 -7
  47. data/lib/bundler/man/bundle-console.1 +2 -4
  48. data/lib/bundler/man/bundle-console.1.ronn +2 -7
  49. data/lib/bundler/man/bundle-doctor.1 +2 -2
  50. data/lib/bundler/man/bundle-doctor.1.ronn +1 -1
  51. data/lib/bundler/man/bundle-env.1 +9 -0
  52. data/lib/bundler/man/bundle-env.1.ronn +10 -0
  53. data/lib/bundler/man/bundle-exec.1 +5 -2
  54. data/lib/bundler/man/bundle-exec.1.ronn +4 -1
  55. data/lib/bundler/man/bundle-fund.1 +22 -0
  56. data/lib/bundler/man/bundle-fund.1.ronn +25 -0
  57. data/lib/bundler/man/bundle-gem.1 +17 -5
  58. data/lib/bundler/man/bundle-gem.1.ronn +27 -6
  59. data/lib/bundler/man/bundle-help.1 +1 -1
  60. data/lib/bundler/man/bundle-info.1 +5 -2
  61. data/lib/bundler/man/bundle-info.1.ronn +6 -2
  62. data/lib/bundler/man/bundle-init.1 +3 -3
  63. data/lib/bundler/man/bundle-init.1.ronn +3 -2
  64. data/lib/bundler/man/bundle-inject.1 +10 -2
  65. data/lib/bundler/man/bundle-inject.1.ronn +9 -1
  66. data/lib/bundler/man/bundle-install.1 +15 -12
  67. data/lib/bundler/man/bundle-install.1.ronn +22 -18
  68. data/lib/bundler/man/bundle-issue.1 +45 -0
  69. data/lib/bundler/man/bundle-issue.1.ronn +37 -0
  70. data/lib/bundler/man/bundle-licenses.1 +9 -0
  71. data/lib/bundler/man/bundle-licenses.1.ronn +10 -0
  72. data/lib/bundler/man/bundle-list.1 +1 -1
  73. data/lib/bundler/man/bundle-list.1.ronn +4 -1
  74. data/lib/bundler/man/bundle-lock.1 +21 -6
  75. data/lib/bundler/man/bundle-lock.1.ronn +25 -4
  76. data/lib/bundler/man/bundle-open.1 +2 -2
  77. data/lib/bundler/man/bundle-open.1.ronn +2 -1
  78. data/lib/bundler/man/bundle-outdated.1 +8 -5
  79. data/lib/bundler/man/bundle-outdated.1.ronn +8 -4
  80. data/lib/bundler/man/bundle-platform.1 +1 -1
  81. data/lib/bundler/man/bundle-plugin.1 +1 -1
  82. data/lib/bundler/man/bundle-pristine.1 +1 -1
  83. data/lib/bundler/man/bundle-pristine.1.ronn +1 -1
  84. data/lib/bundler/man/bundle-remove.1 +1 -1
  85. data/lib/bundler/man/bundle-remove.1.ronn +1 -1
  86. data/lib/bundler/man/bundle-show.1 +5 -2
  87. data/lib/bundler/man/bundle-show.1.ronn +4 -0
  88. data/lib/bundler/man/bundle-update.1 +13 -7
  89. data/lib/bundler/man/bundle-update.1.ronn +14 -6
  90. data/lib/bundler/man/bundle-version.1 +1 -1
  91. data/lib/bundler/man/bundle-viz.1 +4 -4
  92. data/lib/bundler/man/bundle-viz.1.ronn +7 -3
  93. data/lib/bundler/man/bundle.1 +1 -1
  94. data/lib/bundler/man/gemfile.5 +1 -1
  95. data/lib/bundler/man/index.txt +4 -0
  96. data/lib/bundler/materialization.rb +59 -0
  97. data/lib/bundler/plugin/events.rb +24 -0
  98. data/lib/bundler/plugin/installer.rb +1 -1
  99. data/lib/bundler/plugin.rb +20 -1
  100. data/lib/bundler/process_lock.rb +10 -14
  101. data/lib/bundler/remote_specification.rb +6 -1
  102. data/lib/bundler/resolver/base.rb +6 -6
  103. data/lib/bundler/resolver/candidate.rb +2 -2
  104. data/lib/bundler/resolver/spec_group.rb +4 -3
  105. data/lib/bundler/resolver.rb +5 -5
  106. data/lib/bundler/rubygems_ext.rb +30 -27
  107. data/lib/bundler/rubygems_gem_installer.rb +3 -2
  108. data/lib/bundler/rubygems_integration.rb +23 -40
  109. data/lib/bundler/runtime.rb +27 -7
  110. data/lib/bundler/self_manager.rb +2 -3
  111. data/lib/bundler/settings.rb +6 -1
  112. data/lib/bundler/shared_helpers.rb +29 -17
  113. data/lib/bundler/source/git/git_proxy.rb +0 -6
  114. data/lib/bundler/source/git.rb +56 -31
  115. data/lib/bundler/source/metadata.rb +2 -3
  116. data/lib/bundler/source/path.rb +2 -2
  117. data/lib/bundler/source_list.rb +1 -1
  118. data/lib/bundler/spec_set.rb +81 -56
  119. data/lib/bundler/stub_specification.rb +8 -0
  120. data/lib/bundler/templates/newgem/Gemfile.tt +0 -3
  121. data/lib/bundler/templates/newgem/README.md.tt +1 -1
  122. data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +15 -15
  123. data/lib/bundler/templates/newgem/newgem.gemspec.tt +4 -4
  124. data/lib/bundler/uri_credentials_filter.rb +1 -1
  125. data/lib/bundler/vendor/fileutils/COPYING +56 -0
  126. data/lib/bundler/vendor/fileutils/lib/fileutils.rb +15 -13
  127. data/lib/bundler/vendor/securerandom/COPYING +56 -0
  128. data/lib/bundler/vendor/securerandom/lib/securerandom.rb +5 -5
  129. data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +3 -5
  130. data/lib/bundler/vendor/thor/lib/thor/group.rb +11 -0
  131. data/lib/bundler/vendor/thor/lib/thor/parser/argument.rb +1 -4
  132. data/lib/bundler/vendor/thor/lib/thor/parser/option.rb +2 -2
  133. data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +2 -1
  134. data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +9 -9
  135. data/lib/bundler/vendor/thor/lib/thor/shell/html.rb +1 -1
  136. data/lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb +5 -21
  137. data/lib/bundler/vendor/thor/lib/thor/util.rb +1 -1
  138. data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
  139. data/lib/bundler/vendor/thor/lib/thor.rb +11 -0
  140. data/lib/bundler/vendor/uri/COPYING +56 -0
  141. data/lib/bundler/vendor/uri/lib/uri/common.rb +37 -16
  142. data/lib/bundler/vendor/uri/lib/uri/file.rb +3 -3
  143. data/lib/bundler/vendor/uri/lib/uri/ftp.rb +1 -1
  144. data/lib/bundler/vendor/uri/lib/uri/generic.rb +16 -26
  145. data/lib/bundler/vendor/uri/lib/uri/http.rb +2 -2
  146. data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +10 -3
  147. data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +26 -3
  148. data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
  149. data/lib/bundler/vendor/uri/lib/uri.rb +9 -9
  150. data/lib/bundler/vendored_securerandom.rb +0 -2
  151. data/lib/bundler/version.rb +1 -1
  152. data/lib/bundler.rb +38 -14
  153. metadata +18 -12
  154. data/lib/bundler/vendor/fileutils/LICENSE.txt +0 -22
  155. data/lib/bundler/vendor/securerandom/LICENSE.txt +0 -22
  156. data/lib/bundler/vendor/securerandom/lib/random/formatter.rb +0 -373
  157. data/lib/bundler/vendor/uri/LICENSE.txt +0 -22
@@ -13,13 +13,14 @@ module Bundler
13
13
 
14
14
  attr_reader(
15
15
  :dependencies,
16
+ :locked_checksums,
16
17
  :locked_deps,
17
18
  :locked_gems,
18
19
  :platforms,
19
20
  :ruby_version,
20
21
  :lockfile,
21
22
  :gemfiles,
22
- :locked_checksums
23
+ :sources
23
24
  )
24
25
 
25
26
  # Given a gemfile and lockfile creates a Bundler definition
@@ -88,6 +89,7 @@ module Bundler
88
89
  @lockfile_contents = Bundler.read_file(lockfile)
89
90
  @locked_gems = LockfileParser.new(@lockfile_contents)
90
91
  @locked_platforms = @locked_gems.platforms
92
+ @most_specific_locked_platform = @locked_gems.most_specific_locked_platform
91
93
  @platforms = @locked_platforms.dup
92
94
  @locked_bundler_version = @locked_gems.bundler_version
93
95
  @locked_ruby_version = @locked_gems.ruby_version
@@ -107,15 +109,16 @@ module Bundler
107
109
  end
108
110
  else
109
111
  @unlock = {}
110
- @platforms = []
111
112
  @locked_gems = nil
113
+ @locked_platforms = []
114
+ @most_specific_locked_platform = nil
115
+ @platforms = []
112
116
  @locked_deps = {}
113
117
  @locked_specs = SpecSet.new([])
114
118
  @originally_locked_deps = {}
115
119
  @originally_locked_specs = @locked_specs
116
120
  @locked_sources = []
117
- @locked_platforms = []
118
- @locked_checksums = Bundler.feature_flag.bundler_3_mode?
121
+ @locked_checksums = Bundler.feature_flag.lockfile_checksums?
119
122
  end
120
123
 
121
124
  locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@@ -149,7 +152,7 @@ module Bundler
149
152
  @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
150
153
  else
151
154
  eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
152
- @gems_to_unlock = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq
155
+ @gems_to_unlock = @locked_specs.for(eager_unlock, platforms).map(&:name).uniq
153
156
  end
154
157
 
155
158
  @dependency_changes = converge_dependencies
@@ -162,21 +165,57 @@ module Bundler
162
165
  @gem_version_promoter ||= GemVersionPromoter.new
163
166
  end
164
167
 
165
- def resolve_only_locally!
168
+ def check!
169
+ # If dependencies have changed, we need to resolve remotely. Otherwise,
170
+ # since we'll be resolving with a single local source, we may end up
171
+ # locking gems under the wrong source in the lockfile, and missing lockfile
172
+ # checksums
173
+ resolve_remotely! if @dependency_changes
174
+
175
+ # Now do a local only resolve, to verify if any gems are missing locally
166
176
  sources.local_only!
167
177
  resolve
168
178
  end
169
179
 
180
+ #
181
+ # Setup sources according to the given options and the state of the
182
+ # definition.
183
+ #
184
+ # @return [Boolean] Whether fetching remote information will be necessary or not
185
+ #
186
+ def setup_domain!(options = {})
187
+ prefer_local! if options[:"prefer-local"]
188
+
189
+ if options[:local] || no_install_needed?
190
+ Bundler.settings.set_command_option(:jobs, 1) if no_install_needed? # to avoid the overhead of Bundler::Worker
191
+ with_cache!
192
+ false
193
+ else
194
+ remotely!
195
+ true
196
+ end
197
+ end
198
+
170
199
  def resolve_with_cache!
200
+ with_cache!
201
+
202
+ resolve
203
+ end
204
+
205
+ def with_cache!
171
206
  sources.local!
172
207
  sources.cached!
173
- resolve
174
208
  end
175
209
 
176
210
  def resolve_remotely!
211
+ remotely!
212
+
213
+ resolve
214
+ end
215
+
216
+ def remotely!
177
217
  sources.cached!
178
218
  sources.remote!
179
- resolve
180
219
  end
181
220
 
182
221
  def prefer_local!
@@ -202,7 +241,7 @@ module Bundler
202
241
  end
203
242
 
204
243
  def missing_specs
205
- resolve.materialize(requested_dependencies).missing_specs
244
+ resolve.missing_specs_for(requested_dependencies)
206
245
  end
207
246
 
208
247
  def missing_specs?
@@ -266,11 +305,7 @@ module Bundler
266
305
  groups.map!(&:to_sym)
267
306
  deps = current_dependencies # always returns a new array
268
307
  deps.select! do |d|
269
- if RUBY_VERSION >= "3.1"
270
- d.groups.intersect?(groups)
271
- else
272
- !(d.groups & groups).empty?
273
- end
308
+ d.groups.intersect?(groups)
274
309
  end
275
310
  deps
276
311
  end
@@ -308,11 +343,11 @@ module Bundler
308
343
  end
309
344
 
310
345
  def spec_git_paths
311
- sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
346
+ sources.git_sources.filter_map {|s| File.realpath(s.path) if File.exist?(s.path) }
312
347
  end
313
348
 
314
349
  def groups
315
- dependencies.map(&:groups).flatten.uniq
350
+ dependencies.flat_map(&:groups).uniq
316
351
  end
317
352
 
318
353
  def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
@@ -457,6 +492,12 @@ module Bundler
457
492
  "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
458
493
  end
459
494
 
495
+ def normalize_platforms
496
+ @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
497
+
498
+ @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
499
+ end
500
+
460
501
  def add_platform(platform)
461
502
  return if @platforms.include?(platform)
462
503
 
@@ -471,12 +512,6 @@ module Bundler
471
512
  raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}"
472
513
  end
473
514
 
474
- def most_specific_locked_platform
475
- @platforms.min_by do |bundle_platform|
476
- platform_specificity_match(bundle_platform, local_platform)
477
- end
478
- end
479
-
480
515
  def nothing_changed?
481
516
  return false unless lockfile_exists?
482
517
 
@@ -492,6 +527,10 @@ module Bundler
492
527
  !@locked_spec_with_invalid_deps
493
528
  end
494
529
 
530
+ def no_install_needed?
531
+ no_resolve_needed? && !missing_specs?
532
+ end
533
+
495
534
  def no_resolve_needed?
496
535
  !unlocking? && nothing_changed?
497
536
  end
@@ -502,9 +541,15 @@ module Bundler
502
541
 
503
542
  attr_writer :source_requirements
504
543
 
505
- private
544
+ def add_checksums
545
+ @locked_checksums = true
546
+
547
+ setup_domain!
506
548
 
507
- attr_reader :sources
549
+ specs # force materialization to real specifications, so that checksums are fetched
550
+ end
551
+
552
+ private
508
553
 
509
554
  def should_add_extra_platforms?
510
555
  !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
@@ -549,7 +594,7 @@ module Bundler
549
594
  end
550
595
 
551
596
  def resolver
552
- @resolver ||= Resolver.new(resolution_packages, gem_version_promoter)
597
+ @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
553
598
  end
554
599
 
555
600
  def expanded_dependencies
@@ -558,7 +603,7 @@ module Bundler
558
603
 
559
604
  def dependencies_with_bundler
560
605
  return dependencies unless @unlocking_bundler
561
- return dependencies if dependencies.map(&:name).include?("bundler")
606
+ return dependencies if dependencies.any? {|d| d.name == "bundler" }
562
607
 
563
608
  [Dependency.new("bundler", @unlocking_bundler)] + dependencies
564
609
  end
@@ -574,22 +619,46 @@ module Bundler
574
619
  end
575
620
  end
576
621
 
577
- def filter_specs(specs, deps)
578
- SpecSet.new(specs).for(deps, false, platforms)
622
+ def filter_specs(specs, deps, skips: [])
623
+ SpecSet.new(specs).for(deps, platforms, skips: skips)
579
624
  end
580
625
 
581
626
  def materialize(dependencies)
582
- specs = resolve.materialize(dependencies)
583
- missing_specs = specs.missing_specs
627
+ # Tracks potential endless loops trying to re-resolve.
628
+ # TODO: Remove as dead code if not reports are received in a while
629
+ incorrect_spec = nil
630
+
631
+ specs = begin
632
+ resolve.materialize(dependencies)
633
+ rescue IncorrectLockfileDependencies => e
634
+ spec = e.spec
635
+ raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
636
+
637
+ incorrect_spec = spec
638
+ reresolve_without([spec])
639
+ retry
640
+ end
641
+
642
+ missing_specs = resolve.missing_specs
584
643
 
585
644
  if missing_specs.any?
586
645
  missing_specs.each do |s|
587
646
  locked_gem = @locked_specs[s.name].last
588
647
  next if locked_gem.nil? || locked_gem.version != s.version || sources.local_mode?
589
- raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
590
- "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
591
- "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
592
- "removed in order to install."
648
+
649
+ message = if sources.implicit_global_source?
650
+ "Because your Gemfile specifies no global remote source, your bundle is locked to " \
651
+ "#{locked_gem} from #{locked_gem.source}. However, #{locked_gem} is not installed. You'll " \
652
+ "need to either add a global remote source to your Gemfile or make sure #{locked_gem} is " \
653
+ "available locally before rerunning Bundler."
654
+ else
655
+ "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
656
+ "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
657
+ "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
658
+ "removed in order to install."
659
+ end
660
+
661
+ raise GemNotFound, message
593
662
  end
594
663
 
595
664
  missing_specs_list = missing_specs.group_by(&:source).map do |source, missing_specs_for_source|
@@ -599,17 +668,24 @@ module Bundler
599
668
  raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}"
600
669
  end
601
670
 
602
- incomplete_specs = specs.incomplete_specs
671
+ partially_missing_specs = resolve.partially_missing_specs
672
+
673
+ if partially_missing_specs.any? && !sources.local_mode?
674
+ Bundler.ui.warn "Some locked specs have possibly been yanked (#{partially_missing_specs.map(&:full_name).join(", ")}). Ignoring them..."
675
+
676
+ resolve.delete(partially_missing_specs)
677
+ end
678
+
679
+ incomplete_specs = resolve.incomplete_specs
603
680
  loop do
604
681
  break if incomplete_specs.empty?
605
682
 
606
683
  Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies")
607
684
  sources.remote!
608
- resolution_packages.delete(incomplete_specs)
609
- @resolve = start_resolution
685
+ reresolve_without(incomplete_specs)
610
686
  specs = resolve.materialize(dependencies)
611
687
 
612
- still_incomplete_specs = specs.incomplete_specs
688
+ still_incomplete_specs = resolve.incomplete_specs
613
689
 
614
690
  if still_incomplete_specs == incomplete_specs
615
691
  package = resolution_packages.get_package(incomplete_specs.first.name)
@@ -619,12 +695,26 @@ module Bundler
619
695
  incomplete_specs = still_incomplete_specs
620
696
  end
621
697
 
698
+ insecurely_materialized_specs = resolve.insecurely_materialized_specs
699
+
700
+ if insecurely_materialized_specs.any?
701
+ Bundler.ui.warn "The following platform specific gems are getting installed, yet the lockfile includes only their generic ruby version:\n" \
702
+ " * #{insecurely_materialized_specs.map(&:full_name).join("\n * ")}\n" \
703
+ "Please run `bundle lock --normalize-platforms` and commit the resulting lockfile.\n" \
704
+ "Alternatively, you may run `bundle lock --add-platform <list-of-platforms-that-you-want-to-support>`"
705
+ end
706
+
622
707
  bundler = sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
623
708
  specs["bundler"] = bundler
624
709
 
625
710
  specs
626
711
  end
627
712
 
713
+ def reresolve_without(incomplete_specs)
714
+ resolution_packages.delete(incomplete_specs)
715
+ @resolve = start_resolution
716
+ end
717
+
628
718
  def start_resolution
629
719
  local_platform_needed_for_resolvability = @most_specific_non_local_locked_ruby_platform && !@platforms.include?(local_platform)
630
720
  @platforms << local_platform if local_platform_needed_for_resolvability
@@ -644,7 +734,7 @@ module Bundler
644
734
 
645
735
  @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
646
736
 
647
- SpecSet.new(result.for(dependencies, false, @platforms))
737
+ SpecSet.new(result.for(dependencies, @platforms))
648
738
  end
649
739
 
650
740
  def precompute_source_requirements_for_indirect_dependencies?
@@ -670,7 +760,7 @@ module Bundler
670
760
  def find_most_specific_locked_ruby_platform
671
761
  return unless generic_local_platform_is_ruby? && current_platform_locked?
672
762
 
673
- most_specific_locked_platform
763
+ @most_specific_locked_platform
674
764
  end
675
765
 
676
766
  def change_reason
@@ -871,7 +961,7 @@ module Bundler
871
961
  def converge_locked_specs
872
962
  converged = converge_specs(@locked_specs)
873
963
 
874
- resolve = SpecSet.new(converged.reject {|s| @gems_to_unlock.include?(s.name) })
964
+ resolve = SpecSet.new(converged)
875
965
 
876
966
  diff = nil
877
967
 
@@ -892,8 +982,6 @@ module Bundler
892
982
  converged = []
893
983
  deps = []
894
984
 
895
- @specs_that_changed_sources = []
896
-
897
985
  specs.each do |s|
898
986
  name = s.name
899
987
  dep = @dependencies.find {|d| s.satisfies?(d) }
@@ -902,9 +990,7 @@ module Bundler
902
990
  if dep
903
991
  gemfile_source = dep.source || default_source
904
992
 
905
- @specs_that_changed_sources << s if gemfile_source != lockfile_source
906
- deps << dep if !dep.source || lockfile_source.include?(dep.source)
907
- @gems_to_unlock << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
993
+ deps << dep if !dep.source || lockfile_source.include?(dep.source) || new_deps.include?(dep)
908
994
 
909
995
  # Replace the locked dependency's source with the equivalent source from the Gemfile
910
996
  s.source = gemfile_source
@@ -913,25 +999,14 @@ module Bundler
913
999
  s.source = default_source unless sources.get(lockfile_source)
914
1000
  end
915
1001
 
916
- next if @sources_to_unlock.include?(s.source.name)
1002
+ source = s.source
1003
+ next if @sources_to_unlock.include?(source.name)
917
1004
 
918
1005
  # Path sources have special logic
919
- if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
920
- new_specs = begin
921
- s.source.specs
922
- rescue PathError
923
- # if we won't need the source (according to the lockfile),
924
- # don't error if the path source isn't available
925
- next if specs.
926
- for(requested_dependencies, false).
927
- none? {|locked_spec| locked_spec.source == s.source }
928
-
929
- raise
930
- end
931
-
932
- new_spec = new_specs[s].first
1006
+ if source.instance_of?(Source::Path) || source.instance_of?(Source::Gemspec) || (source.instance_of?(Source::Git) && !@gems_to_unlock.include?(name) && deps.include?(dep))
1007
+ new_spec = source.specs[s].first
933
1008
  if new_spec
934
- s.dependencies.replace(new_spec.dependencies)
1009
+ s.runtime_dependencies.replace(new_spec.runtime_dependencies)
935
1010
  else
936
1011
  # If the spec is no longer in the path source, unlock it. This
937
1012
  # commonly happens if the version changed in the gemspec
@@ -939,14 +1014,15 @@ module Bundler
939
1014
  end
940
1015
  end
941
1016
 
942
- if dep.nil? && requested_dependencies.find {|d| name == d.name }
943
- @gems_to_unlock << s.name
944
- else
945
- converged << s
1017
+ if dep.nil? && requested_dep = requested_dependencies.find {|d| name == d.name }
1018
+ @gems_to_unlock << name
1019
+ deps << requested_dep
946
1020
  end
1021
+
1022
+ converged << s
947
1023
  end
948
1024
 
949
- filter_specs(converged, deps)
1025
+ filter_specs(converged, deps, skips: @gems_to_unlock)
950
1026
  end
951
1027
 
952
1028
  def metadata_dependencies
@@ -984,7 +1060,6 @@ module Bundler
984
1060
  source_requirements["bundler"] = sources.metadata_source # needs to come last to override
985
1061
  end
986
1062
 
987
- verify_changed_sources!
988
1063
  source_requirements
989
1064
  end
990
1065
 
@@ -992,14 +1067,6 @@ module Bundler
992
1067
  sources.default_source
993
1068
  end
994
1069
 
995
- def verify_changed_sources!
996
- @specs_that_changed_sources.each do |s|
997
- if s.source.specs.search(s.name).empty?
998
- raise GemNotFound, "Could not find gem '#{s.name}' in #{s.source}"
999
- end
1000
- end
1001
- end
1002
-
1003
1070
  def requested_groups
1004
1071
  values = groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
1005
1072
  values &= Bundler.settings[:only] unless Bundler.settings[:only].empty?
@@ -62,7 +62,7 @@ module Bundler
62
62
  end
63
63
 
64
64
  def expanded_platforms
65
- @expanded_platforms ||= @platforms.map {|pl| PLATFORM_MAP[pl] }.compact.flatten.uniq
65
+ @expanded_platforms ||= @platforms.filter_map {|pl| PLATFORM_MAP[pl] }.flatten.uniq
66
66
  end
67
67
 
68
68
  def should_include?
data/lib/bundler/dsl.rb CHANGED
@@ -66,7 +66,7 @@ module Bundler
66
66
  development_group = opts[:development_group] || :development
67
67
  expanded_path = gemfile_root.join(path)
68
68
 
69
- gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).map {|g| Bundler.load_gemspec(g) }.compact
69
+ gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).filter_map {|g| Bundler.load_gemspec(g) }
70
70
  gemspecs.reject! {|s| s.name != name } if name
71
71
  specs_by_name_and_version = gemspecs.group_by {|s| [s.name, s.version] }
72
72
 
@@ -110,9 +110,23 @@ module Bundler
110
110
  if gemspec_dep
111
111
  gemfile_dep = [dep, current].find(&:runtime?)
112
112
 
113
- unless current_requirement_open
113
+ if gemfile_dep && !current_requirement_open
114
114
  Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
115
115
  "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
116
+ elsif gemfile_dep.nil?
117
+ require_relative "vendor/pub_grub/lib/pub_grub/version_range"
118
+ require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
119
+ require_relative "vendor/pub_grub/lib/pub_grub/version_union"
120
+ require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
121
+
122
+ current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
123
+ next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
124
+
125
+ if current_gemspec_range.intersects?(next_gemspec_range)
126
+ dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
127
+ else
128
+ raise GemfileError, "Two gemspecs have conflicting requirements on the same gem: #{dep} and #{current}"
129
+ end
116
130
  end
117
131
  else
118
132
  update_prompt = ""
@@ -133,20 +147,22 @@ module Bundler
133
147
  end
134
148
  end
135
149
 
136
- # Always prefer the dependency from the Gemfile
137
- if current.gemspec_dev_dep?
138
- @dependencies.delete(current)
139
- elsif dep.gemspec_dev_dep?
140
- return
141
- elsif current.source != dep.source
142
- raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
143
- "You specified that #{dep.name} (#{dep.requirement}) should come from " \
144
- "#{current.source || "an unspecified source"} and #{dep.source}\n"
145
- else
146
- Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
147
- "You should probably keep only one of them.\n" \
148
- "Remove any duplicate entries and specify the gem only once.\n" \
149
- "While it's not a problem now, it could cause errors if you change the version of one of them later."
150
+ unless current.gemspec_dev_dep? && dep.gemspec_dev_dep?
151
+ # Always prefer the dependency from the Gemfile
152
+ if current.gemspec_dev_dep?
153
+ @dependencies.delete(current)
154
+ elsif dep.gemspec_dev_dep?
155
+ return
156
+ elsif current.source != dep.source
157
+ raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
158
+ "You specified that #{dep.name} (#{dep.requirement}) should come from " \
159
+ "#{current.source || "an unspecified source"} and #{dep.source}\n"
160
+ else
161
+ Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
162
+ "You should probably keep only one of them.\n" \
163
+ "Remove any duplicate entries and specify the gem only once.\n" \
164
+ "While it's not a problem now, it could cause errors if you change the version of one of them later."
165
+ end
150
166
  end
151
167
  end
152
168
 
@@ -487,18 +503,7 @@ module Bundler
487
503
  end
488
504
 
489
505
  def check_rubygems_source_safety
490
- if @sources.implicit_global_source?
491
- implicit_global_source_warning
492
- elsif @sources.aggregate_global_source?
493
- multiple_global_source_warning
494
- end
495
- end
496
-
497
- def implicit_global_source_warning
498
- Bundler::SharedHelpers.major_deprecation 2, "This Gemfile does not include an explicit global source. " \
499
- "Not using an explicit global source may result in a different lockfile being generated depending on " \
500
- "the gems you have installed locally before bundler is run. " \
501
- "Instead, define a global source in your Gemfile like this: source \"https://rubygems.org\"."
506
+ multiple_global_source_warning if @sources.aggregate_global_source?
502
507
  end
503
508
 
504
509
  def multiple_global_source_warning
@@ -6,7 +6,7 @@ module Bundler
6
6
  include MatchRemoteMetadata
7
7
 
8
8
  attr_reader :name, :version, :platform, :checksum
9
- attr_accessor :source, :remote, :dependencies
9
+ attr_accessor :remote, :dependencies, :locked_platform
10
10
 
11
11
  def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
12
12
  super()
@@ -18,10 +18,15 @@ module Bundler
18
18
 
19
19
  @loaded_from = nil
20
20
  @remote_specification = nil
21
+ @locked_platform = nil
21
22
 
22
23
  parse_metadata(metadata)
23
24
  end
24
25
 
26
+ def insecurely_materialized?
27
+ @locked_platform.to_s != @platform.to_s
28
+ end
29
+
25
30
  def fetch_platform
26
31
  @platform
27
32
  end
@@ -115,6 +120,10 @@ module Bundler
115
120
  @remote_specification = spec
116
121
  end
117
122
 
123
+ def inspect
124
+ "#<#{self.class} @name=\"#{name}\" (#{full_name.delete_prefix("#{name}-")})>"
125
+ end
126
+
118
127
  private
119
128
 
120
129
  def _remote_specification
@@ -246,4 +246,14 @@ module Bundler
246
246
  end
247
247
 
248
248
  class InvalidArgumentError < BundlerError; status_code(40); end
249
+
250
+ class IncorrectLockfileDependencies < BundlerError
251
+ attr_reader :spec
252
+
253
+ def initialize(spec)
254
+ @spec = spec
255
+ end
256
+
257
+ status_code(41)
258
+ end
249
259
  end
@@ -33,6 +33,7 @@ module Bundler
33
33
  settings_flag(:default_install_uses_path) { bundler_3_mode? }
34
34
  settings_flag(:forget_cli_options) { bundler_3_mode? }
35
35
  settings_flag(:global_gem_cache) { bundler_3_mode? }
36
+ settings_flag(:lockfile_checksums) { bundler_3_mode? }
36
37
  settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
37
38
  settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
38
39
  settings_flag(:print_only_version_number) { bundler_3_mode? }
@@ -10,7 +10,7 @@ module Bundler
10
10
  method = instance_method(method_name)
11
11
  undef_method(method_name)
12
12
  define_method(method_name) do |*args, &blk|
13
- method.bind(self).call(*args, &blk)
13
+ method.bind_call(self, *args, &blk)
14
14
  rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
15
15
  raise HTTPError, e.message
16
16
  rescue AuthenticationRequiredError, BadAuthenticationError
@@ -37,8 +37,9 @@ module Bundler
37
37
  # This is the error raised when a source is HTTPS and OpenSSL didn't load
38
38
  class SSLError < HTTPError
39
39
  def initialize(msg = nil)
40
- super msg || "Could not load OpenSSL.\n" \
41
- "You must recompile Ruby with OpenSSL support."
40
+ super "Could not load OpenSSL.\n" \
41
+ "You must recompile Ruby with OpenSSL support.\n" \
42
+ "original error: #{msg}\n"
42
43
  end
43
44
  end
44
45
 
@@ -251,7 +252,13 @@ module Bundler
251
252
  needs_ssl = remote_uri.scheme == "https" ||
252
253
  Bundler.settings[:ssl_verify_mode] ||
253
254
  Bundler.settings[:ssl_client_cert]
254
- raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
255
+ if needs_ssl
256
+ begin
257
+ require "openssl"
258
+ rescue StandardError, LoadError => e
259
+ raise SSLError.new(e.message)
260
+ end
261
+ end
255
262
 
256
263
  con = Gem::Net::HTTP::Persistent.new name: "bundler", proxy: :ENV
257
264
  if gem_proxy = Gem.configuration[:http_proxy]