bundler 2.5.22 → 2.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +83 -0
- data/bundler.gemspec +2 -2
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli/add.rb +2 -0
- data/lib/bundler/cli/check.rb +2 -2
- data/lib/bundler/cli/console.rb +0 -4
- data/lib/bundler/cli/doctor.rb +4 -4
- data/lib/bundler/cli/exec.rb +1 -0
- data/lib/bundler/cli/gem.rb +1 -1
- data/lib/bundler/cli/info.rb +2 -2
- data/lib/bundler/cli/inject.rb +1 -1
- data/lib/bundler/cli/install.rb +4 -0
- data/lib/bundler/cli/lock.rb +20 -1
- data/lib/bundler/cli/pristine.rb +1 -1
- data/lib/bundler/cli/show.rb +2 -2
- data/lib/bundler/cli.rb +23 -53
- data/lib/bundler/compact_index_client/cache_file.rb +0 -5
- data/lib/bundler/compact_index_client/updater.rb +0 -11
- data/lib/bundler/definition.rb +143 -76
- data/lib/bundler/dependency.rb +1 -1
- data/lib/bundler/dsl.rb +33 -28
- data/lib/bundler/endpoint_specification.rb +10 -1
- data/lib/bundler/errors.rb +10 -0
- data/lib/bundler/feature_flag.rb +1 -0
- data/lib/bundler/fetcher/compact_index.rb +1 -1
- data/lib/bundler/fetcher.rb +10 -3
- data/lib/bundler/gem_helpers.rb +21 -5
- data/lib/bundler/injector.rb +2 -2
- data/lib/bundler/inline.rb +12 -8
- data/lib/bundler/installer/standalone.rb +2 -2
- data/lib/bundler/installer.rb +4 -38
- data/lib/bundler/lazy_specification.rb +74 -26
- data/lib/bundler/lockfile_generator.rb +1 -1
- data/lib/bundler/lockfile_parser.rb +9 -1
- data/lib/bundler/man/bundle-add.1 +17 -11
- data/lib/bundler/man/bundle-add.1.ronn +16 -10
- data/lib/bundler/man/bundle-binstubs.1 +7 -4
- data/lib/bundler/man/bundle-binstubs.1.ronn +6 -3
- data/lib/bundler/man/bundle-cache.1 +30 -2
- data/lib/bundler/man/bundle-cache.1.ronn +31 -2
- data/lib/bundler/man/bundle-check.1 +3 -3
- data/lib/bundler/man/bundle-check.1.ronn +4 -2
- data/lib/bundler/man/bundle-clean.1 +1 -1
- data/lib/bundler/man/bundle-config.1 +3 -5
- data/lib/bundler/man/bundle-config.1.ronn +2 -7
- data/lib/bundler/man/bundle-console.1 +2 -4
- data/lib/bundler/man/bundle-console.1.ronn +2 -7
- data/lib/bundler/man/bundle-doctor.1 +2 -2
- data/lib/bundler/man/bundle-doctor.1.ronn +1 -1
- data/lib/bundler/man/bundle-env.1 +9 -0
- data/lib/bundler/man/bundle-env.1.ronn +10 -0
- data/lib/bundler/man/bundle-exec.1 +5 -2
- data/lib/bundler/man/bundle-exec.1.ronn +4 -1
- data/lib/bundler/man/bundle-fund.1 +22 -0
- data/lib/bundler/man/bundle-fund.1.ronn +25 -0
- data/lib/bundler/man/bundle-gem.1 +17 -5
- data/lib/bundler/man/bundle-gem.1.ronn +27 -6
- data/lib/bundler/man/bundle-help.1 +1 -1
- data/lib/bundler/man/bundle-info.1 +5 -2
- data/lib/bundler/man/bundle-info.1.ronn +6 -2
- data/lib/bundler/man/bundle-init.1 +3 -3
- data/lib/bundler/man/bundle-init.1.ronn +3 -2
- data/lib/bundler/man/bundle-inject.1 +10 -2
- data/lib/bundler/man/bundle-inject.1.ronn +9 -1
- data/lib/bundler/man/bundle-install.1 +15 -12
- data/lib/bundler/man/bundle-install.1.ronn +22 -18
- data/lib/bundler/man/bundle-issue.1 +45 -0
- data/lib/bundler/man/bundle-issue.1.ronn +37 -0
- data/lib/bundler/man/bundle-licenses.1 +9 -0
- data/lib/bundler/man/bundle-licenses.1.ronn +10 -0
- data/lib/bundler/man/bundle-list.1 +1 -1
- data/lib/bundler/man/bundle-list.1.ronn +4 -1
- data/lib/bundler/man/bundle-lock.1 +21 -6
- data/lib/bundler/man/bundle-lock.1.ronn +25 -4
- data/lib/bundler/man/bundle-open.1 +2 -2
- data/lib/bundler/man/bundle-open.1.ronn +2 -1
- data/lib/bundler/man/bundle-outdated.1 +8 -5
- data/lib/bundler/man/bundle-outdated.1.ronn +8 -4
- data/lib/bundler/man/bundle-platform.1 +1 -1
- data/lib/bundler/man/bundle-plugin.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1 +1 -1
- data/lib/bundler/man/bundle-pristine.1.ronn +1 -1
- data/lib/bundler/man/bundle-remove.1 +1 -1
- data/lib/bundler/man/bundle-remove.1.ronn +1 -1
- data/lib/bundler/man/bundle-show.1 +5 -2
- data/lib/bundler/man/bundle-show.1.ronn +4 -0
- data/lib/bundler/man/bundle-update.1 +13 -7
- data/lib/bundler/man/bundle-update.1.ronn +14 -6
- data/lib/bundler/man/bundle-version.1 +1 -1
- data/lib/bundler/man/bundle-viz.1 +4 -4
- data/lib/bundler/man/bundle-viz.1.ronn +7 -3
- data/lib/bundler/man/bundle.1 +1 -1
- data/lib/bundler/man/gemfile.5 +1 -1
- data/lib/bundler/man/index.txt +4 -0
- data/lib/bundler/materialization.rb +59 -0
- data/lib/bundler/plugin/events.rb +24 -0
- data/lib/bundler/plugin/installer.rb +1 -1
- data/lib/bundler/plugin.rb +20 -1
- data/lib/bundler/process_lock.rb +10 -14
- data/lib/bundler/remote_specification.rb +6 -1
- data/lib/bundler/resolver/base.rb +6 -6
- data/lib/bundler/resolver/candidate.rb +2 -2
- data/lib/bundler/resolver/spec_group.rb +4 -3
- data/lib/bundler/resolver.rb +5 -5
- data/lib/bundler/rubygems_ext.rb +30 -27
- data/lib/bundler/rubygems_gem_installer.rb +3 -2
- data/lib/bundler/rubygems_integration.rb +23 -40
- data/lib/bundler/runtime.rb +27 -7
- data/lib/bundler/self_manager.rb +2 -3
- data/lib/bundler/settings.rb +6 -1
- data/lib/bundler/shared_helpers.rb +29 -17
- data/lib/bundler/source/git/git_proxy.rb +0 -6
- data/lib/bundler/source/git.rb +56 -31
- data/lib/bundler/source/metadata.rb +2 -3
- data/lib/bundler/source/path.rb +2 -2
- data/lib/bundler/source_list.rb +1 -1
- data/lib/bundler/spec_set.rb +81 -56
- data/lib/bundler/stub_specification.rb +8 -0
- data/lib/bundler/templates/newgem/Gemfile.tt +0 -3
- data/lib/bundler/templates/newgem/README.md.tt +1 -1
- data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +15 -15
- data/lib/bundler/templates/newgem/newgem.gemspec.tt +4 -4
- data/lib/bundler/uri_credentials_filter.rb +1 -1
- data/lib/bundler/vendor/fileutils/COPYING +56 -0
- data/lib/bundler/vendor/fileutils/lib/fileutils.rb +15 -13
- data/lib/bundler/vendor/securerandom/COPYING +56 -0
- data/lib/bundler/vendor/securerandom/lib/securerandom.rb +5 -5
- data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +3 -5
- data/lib/bundler/vendor/thor/lib/thor/group.rb +11 -0
- data/lib/bundler/vendor/thor/lib/thor/parser/argument.rb +1 -4
- data/lib/bundler/vendor/thor/lib/thor/parser/option.rb +2 -2
- data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +2 -1
- data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +9 -9
- data/lib/bundler/vendor/thor/lib/thor/shell/html.rb +1 -1
- data/lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb +5 -21
- data/lib/bundler/vendor/thor/lib/thor/util.rb +1 -1
- data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
- data/lib/bundler/vendor/thor/lib/thor.rb +11 -0
- data/lib/bundler/vendor/uri/COPYING +56 -0
- data/lib/bundler/vendor/uri/lib/uri/common.rb +37 -16
- data/lib/bundler/vendor/uri/lib/uri/file.rb +3 -3
- data/lib/bundler/vendor/uri/lib/uri/ftp.rb +1 -1
- data/lib/bundler/vendor/uri/lib/uri/generic.rb +16 -26
- data/lib/bundler/vendor/uri/lib/uri/http.rb +2 -2
- data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +10 -3
- data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +26 -3
- data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
- data/lib/bundler/vendor/uri/lib/uri.rb +9 -9
- data/lib/bundler/vendored_securerandom.rb +0 -2
- data/lib/bundler/version.rb +1 -1
- data/lib/bundler.rb +38 -14
- metadata +18 -12
- data/lib/bundler/vendor/fileutils/LICENSE.txt +0 -22
- data/lib/bundler/vendor/securerandom/LICENSE.txt +0 -22
- data/lib/bundler/vendor/securerandom/lib/random/formatter.rb +0 -373
- data/lib/bundler/vendor/uri/LICENSE.txt +0 -22
data/lib/bundler/definition.rb
CHANGED
@@ -13,13 +13,14 @@ module Bundler
|
|
13
13
|
|
14
14
|
attr_reader(
|
15
15
|
:dependencies,
|
16
|
+
:locked_checksums,
|
16
17
|
:locked_deps,
|
17
18
|
:locked_gems,
|
18
19
|
:platforms,
|
19
20
|
:ruby_version,
|
20
21
|
:lockfile,
|
21
22
|
:gemfiles,
|
22
|
-
:
|
23
|
+
:sources
|
23
24
|
)
|
24
25
|
|
25
26
|
# Given a gemfile and lockfile creates a Bundler definition
|
@@ -88,6 +89,7 @@ module Bundler
|
|
88
89
|
@lockfile_contents = Bundler.read_file(lockfile)
|
89
90
|
@locked_gems = LockfileParser.new(@lockfile_contents)
|
90
91
|
@locked_platforms = @locked_gems.platforms
|
92
|
+
@most_specific_locked_platform = @locked_gems.most_specific_locked_platform
|
91
93
|
@platforms = @locked_platforms.dup
|
92
94
|
@locked_bundler_version = @locked_gems.bundler_version
|
93
95
|
@locked_ruby_version = @locked_gems.ruby_version
|
@@ -107,15 +109,16 @@ module Bundler
|
|
107
109
|
end
|
108
110
|
else
|
109
111
|
@unlock = {}
|
110
|
-
@platforms = []
|
111
112
|
@locked_gems = nil
|
113
|
+
@locked_platforms = []
|
114
|
+
@most_specific_locked_platform = nil
|
115
|
+
@platforms = []
|
112
116
|
@locked_deps = {}
|
113
117
|
@locked_specs = SpecSet.new([])
|
114
118
|
@originally_locked_deps = {}
|
115
119
|
@originally_locked_specs = @locked_specs
|
116
120
|
@locked_sources = []
|
117
|
-
@
|
118
|
-
@locked_checksums = Bundler.feature_flag.bundler_3_mode?
|
121
|
+
@locked_checksums = Bundler.feature_flag.lockfile_checksums?
|
119
122
|
end
|
120
123
|
|
121
124
|
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
@@ -149,7 +152,7 @@ module Bundler
|
|
149
152
|
@gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
|
150
153
|
else
|
151
154
|
eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
|
152
|
-
@gems_to_unlock = @locked_specs.for(eager_unlock,
|
155
|
+
@gems_to_unlock = @locked_specs.for(eager_unlock, platforms).map(&:name).uniq
|
153
156
|
end
|
154
157
|
|
155
158
|
@dependency_changes = converge_dependencies
|
@@ -162,21 +165,57 @@ module Bundler
|
|
162
165
|
@gem_version_promoter ||= GemVersionPromoter.new
|
163
166
|
end
|
164
167
|
|
165
|
-
def
|
168
|
+
def check!
|
169
|
+
# If dependencies have changed, we need to resolve remotely. Otherwise,
|
170
|
+
# since we'll be resolving with a single local source, we may end up
|
171
|
+
# locking gems under the wrong source in the lockfile, and missing lockfile
|
172
|
+
# checksums
|
173
|
+
resolve_remotely! if @dependency_changes
|
174
|
+
|
175
|
+
# Now do a local only resolve, to verify if any gems are missing locally
|
166
176
|
sources.local_only!
|
167
177
|
resolve
|
168
178
|
end
|
169
179
|
|
180
|
+
#
|
181
|
+
# Setup sources according to the given options and the state of the
|
182
|
+
# definition.
|
183
|
+
#
|
184
|
+
# @return [Boolean] Whether fetching remote information will be necessary or not
|
185
|
+
#
|
186
|
+
def setup_domain!(options = {})
|
187
|
+
prefer_local! if options[:"prefer-local"]
|
188
|
+
|
189
|
+
if options[:local] || no_install_needed?
|
190
|
+
Bundler.settings.set_command_option(:jobs, 1) if no_install_needed? # to avoid the overhead of Bundler::Worker
|
191
|
+
with_cache!
|
192
|
+
false
|
193
|
+
else
|
194
|
+
remotely!
|
195
|
+
true
|
196
|
+
end
|
197
|
+
end
|
198
|
+
|
170
199
|
def resolve_with_cache!
|
200
|
+
with_cache!
|
201
|
+
|
202
|
+
resolve
|
203
|
+
end
|
204
|
+
|
205
|
+
def with_cache!
|
171
206
|
sources.local!
|
172
207
|
sources.cached!
|
173
|
-
resolve
|
174
208
|
end
|
175
209
|
|
176
210
|
def resolve_remotely!
|
211
|
+
remotely!
|
212
|
+
|
213
|
+
resolve
|
214
|
+
end
|
215
|
+
|
216
|
+
def remotely!
|
177
217
|
sources.cached!
|
178
218
|
sources.remote!
|
179
|
-
resolve
|
180
219
|
end
|
181
220
|
|
182
221
|
def prefer_local!
|
@@ -202,7 +241,7 @@ module Bundler
|
|
202
241
|
end
|
203
242
|
|
204
243
|
def missing_specs
|
205
|
-
resolve.
|
244
|
+
resolve.missing_specs_for(requested_dependencies)
|
206
245
|
end
|
207
246
|
|
208
247
|
def missing_specs?
|
@@ -266,11 +305,7 @@ module Bundler
|
|
266
305
|
groups.map!(&:to_sym)
|
267
306
|
deps = current_dependencies # always returns a new array
|
268
307
|
deps.select! do |d|
|
269
|
-
|
270
|
-
d.groups.intersect?(groups)
|
271
|
-
else
|
272
|
-
!(d.groups & groups).empty?
|
273
|
-
end
|
308
|
+
d.groups.intersect?(groups)
|
274
309
|
end
|
275
310
|
deps
|
276
311
|
end
|
@@ -308,11 +343,11 @@ module Bundler
|
|
308
343
|
end
|
309
344
|
|
310
345
|
def spec_git_paths
|
311
|
-
sources.git_sources.
|
346
|
+
sources.git_sources.filter_map {|s| File.realpath(s.path) if File.exist?(s.path) }
|
312
347
|
end
|
313
348
|
|
314
349
|
def groups
|
315
|
-
dependencies.
|
350
|
+
dependencies.flat_map(&:groups).uniq
|
316
351
|
end
|
317
352
|
|
318
353
|
def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
|
@@ -457,6 +492,12 @@ module Bundler
|
|
457
492
|
"Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
|
458
493
|
end
|
459
494
|
|
495
|
+
def normalize_platforms
|
496
|
+
@platforms = resolve.normalize_platforms!(current_dependencies, platforms)
|
497
|
+
|
498
|
+
@resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
|
499
|
+
end
|
500
|
+
|
460
501
|
def add_platform(platform)
|
461
502
|
return if @platforms.include?(platform)
|
462
503
|
|
@@ -471,12 +512,6 @@ module Bundler
|
|
471
512
|
raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}"
|
472
513
|
end
|
473
514
|
|
474
|
-
def most_specific_locked_platform
|
475
|
-
@platforms.min_by do |bundle_platform|
|
476
|
-
platform_specificity_match(bundle_platform, local_platform)
|
477
|
-
end
|
478
|
-
end
|
479
|
-
|
480
515
|
def nothing_changed?
|
481
516
|
return false unless lockfile_exists?
|
482
517
|
|
@@ -492,6 +527,10 @@ module Bundler
|
|
492
527
|
!@locked_spec_with_invalid_deps
|
493
528
|
end
|
494
529
|
|
530
|
+
def no_install_needed?
|
531
|
+
no_resolve_needed? && !missing_specs?
|
532
|
+
end
|
533
|
+
|
495
534
|
def no_resolve_needed?
|
496
535
|
!unlocking? && nothing_changed?
|
497
536
|
end
|
@@ -502,9 +541,15 @@ module Bundler
|
|
502
541
|
|
503
542
|
attr_writer :source_requirements
|
504
543
|
|
505
|
-
|
544
|
+
def add_checksums
|
545
|
+
@locked_checksums = true
|
546
|
+
|
547
|
+
setup_domain!
|
506
548
|
|
507
|
-
|
549
|
+
specs # force materialization to real specifications, so that checksums are fetched
|
550
|
+
end
|
551
|
+
|
552
|
+
private
|
508
553
|
|
509
554
|
def should_add_extra_platforms?
|
510
555
|
!lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
|
@@ -549,7 +594,7 @@ module Bundler
|
|
549
594
|
end
|
550
595
|
|
551
596
|
def resolver
|
552
|
-
@resolver ||= Resolver.new(resolution_packages, gem_version_promoter)
|
597
|
+
@resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
|
553
598
|
end
|
554
599
|
|
555
600
|
def expanded_dependencies
|
@@ -558,7 +603,7 @@ module Bundler
|
|
558
603
|
|
559
604
|
def dependencies_with_bundler
|
560
605
|
return dependencies unless @unlocking_bundler
|
561
|
-
return dependencies if dependencies.
|
606
|
+
return dependencies if dependencies.any? {|d| d.name == "bundler" }
|
562
607
|
|
563
608
|
[Dependency.new("bundler", @unlocking_bundler)] + dependencies
|
564
609
|
end
|
@@ -574,22 +619,46 @@ module Bundler
|
|
574
619
|
end
|
575
620
|
end
|
576
621
|
|
577
|
-
def filter_specs(specs, deps)
|
578
|
-
SpecSet.new(specs).for(deps,
|
622
|
+
def filter_specs(specs, deps, skips: [])
|
623
|
+
SpecSet.new(specs).for(deps, platforms, skips: skips)
|
579
624
|
end
|
580
625
|
|
581
626
|
def materialize(dependencies)
|
582
|
-
|
583
|
-
|
627
|
+
# Tracks potential endless loops trying to re-resolve.
|
628
|
+
# TODO: Remove as dead code if not reports are received in a while
|
629
|
+
incorrect_spec = nil
|
630
|
+
|
631
|
+
specs = begin
|
632
|
+
resolve.materialize(dependencies)
|
633
|
+
rescue IncorrectLockfileDependencies => e
|
634
|
+
spec = e.spec
|
635
|
+
raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
|
636
|
+
|
637
|
+
incorrect_spec = spec
|
638
|
+
reresolve_without([spec])
|
639
|
+
retry
|
640
|
+
end
|
641
|
+
|
642
|
+
missing_specs = resolve.missing_specs
|
584
643
|
|
585
644
|
if missing_specs.any?
|
586
645
|
missing_specs.each do |s|
|
587
646
|
locked_gem = @locked_specs[s.name].last
|
588
647
|
next if locked_gem.nil? || locked_gem.version != s.version || sources.local_mode?
|
589
|
-
|
590
|
-
|
591
|
-
|
592
|
-
|
648
|
+
|
649
|
+
message = if sources.implicit_global_source?
|
650
|
+
"Because your Gemfile specifies no global remote source, your bundle is locked to " \
|
651
|
+
"#{locked_gem} from #{locked_gem.source}. However, #{locked_gem} is not installed. You'll " \
|
652
|
+
"need to either add a global remote source to your Gemfile or make sure #{locked_gem} is " \
|
653
|
+
"available locally before rerunning Bundler."
|
654
|
+
else
|
655
|
+
"Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
|
656
|
+
"no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
|
657
|
+
"You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
|
658
|
+
"removed in order to install."
|
659
|
+
end
|
660
|
+
|
661
|
+
raise GemNotFound, message
|
593
662
|
end
|
594
663
|
|
595
664
|
missing_specs_list = missing_specs.group_by(&:source).map do |source, missing_specs_for_source|
|
@@ -599,17 +668,24 @@ module Bundler
|
|
599
668
|
raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}"
|
600
669
|
end
|
601
670
|
|
602
|
-
|
671
|
+
partially_missing_specs = resolve.partially_missing_specs
|
672
|
+
|
673
|
+
if partially_missing_specs.any? && !sources.local_mode?
|
674
|
+
Bundler.ui.warn "Some locked specs have possibly been yanked (#{partially_missing_specs.map(&:full_name).join(", ")}). Ignoring them..."
|
675
|
+
|
676
|
+
resolve.delete(partially_missing_specs)
|
677
|
+
end
|
678
|
+
|
679
|
+
incomplete_specs = resolve.incomplete_specs
|
603
680
|
loop do
|
604
681
|
break if incomplete_specs.empty?
|
605
682
|
|
606
683
|
Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies")
|
607
684
|
sources.remote!
|
608
|
-
|
609
|
-
@resolve = start_resolution
|
685
|
+
reresolve_without(incomplete_specs)
|
610
686
|
specs = resolve.materialize(dependencies)
|
611
687
|
|
612
|
-
still_incomplete_specs =
|
688
|
+
still_incomplete_specs = resolve.incomplete_specs
|
613
689
|
|
614
690
|
if still_incomplete_specs == incomplete_specs
|
615
691
|
package = resolution_packages.get_package(incomplete_specs.first.name)
|
@@ -619,12 +695,26 @@ module Bundler
|
|
619
695
|
incomplete_specs = still_incomplete_specs
|
620
696
|
end
|
621
697
|
|
698
|
+
insecurely_materialized_specs = resolve.insecurely_materialized_specs
|
699
|
+
|
700
|
+
if insecurely_materialized_specs.any?
|
701
|
+
Bundler.ui.warn "The following platform specific gems are getting installed, yet the lockfile includes only their generic ruby version:\n" \
|
702
|
+
" * #{insecurely_materialized_specs.map(&:full_name).join("\n * ")}\n" \
|
703
|
+
"Please run `bundle lock --normalize-platforms` and commit the resulting lockfile.\n" \
|
704
|
+
"Alternatively, you may run `bundle lock --add-platform <list-of-platforms-that-you-want-to-support>`"
|
705
|
+
end
|
706
|
+
|
622
707
|
bundler = sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
|
623
708
|
specs["bundler"] = bundler
|
624
709
|
|
625
710
|
specs
|
626
711
|
end
|
627
712
|
|
713
|
+
def reresolve_without(incomplete_specs)
|
714
|
+
resolution_packages.delete(incomplete_specs)
|
715
|
+
@resolve = start_resolution
|
716
|
+
end
|
717
|
+
|
628
718
|
def start_resolution
|
629
719
|
local_platform_needed_for_resolvability = @most_specific_non_local_locked_ruby_platform && !@platforms.include?(local_platform)
|
630
720
|
@platforms << local_platform if local_platform_needed_for_resolvability
|
@@ -644,7 +734,7 @@ module Bundler
|
|
644
734
|
|
645
735
|
@platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
|
646
736
|
|
647
|
-
SpecSet.new(result.for(dependencies,
|
737
|
+
SpecSet.new(result.for(dependencies, @platforms))
|
648
738
|
end
|
649
739
|
|
650
740
|
def precompute_source_requirements_for_indirect_dependencies?
|
@@ -670,7 +760,7 @@ module Bundler
|
|
670
760
|
def find_most_specific_locked_ruby_platform
|
671
761
|
return unless generic_local_platform_is_ruby? && current_platform_locked?
|
672
762
|
|
673
|
-
most_specific_locked_platform
|
763
|
+
@most_specific_locked_platform
|
674
764
|
end
|
675
765
|
|
676
766
|
def change_reason
|
@@ -871,7 +961,7 @@ module Bundler
|
|
871
961
|
def converge_locked_specs
|
872
962
|
converged = converge_specs(@locked_specs)
|
873
963
|
|
874
|
-
resolve = SpecSet.new(converged
|
964
|
+
resolve = SpecSet.new(converged)
|
875
965
|
|
876
966
|
diff = nil
|
877
967
|
|
@@ -892,8 +982,6 @@ module Bundler
|
|
892
982
|
converged = []
|
893
983
|
deps = []
|
894
984
|
|
895
|
-
@specs_that_changed_sources = []
|
896
|
-
|
897
985
|
specs.each do |s|
|
898
986
|
name = s.name
|
899
987
|
dep = @dependencies.find {|d| s.satisfies?(d) }
|
@@ -902,9 +990,7 @@ module Bundler
|
|
902
990
|
if dep
|
903
991
|
gemfile_source = dep.source || default_source
|
904
992
|
|
905
|
-
|
906
|
-
deps << dep if !dep.source || lockfile_source.include?(dep.source)
|
907
|
-
@gems_to_unlock << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
|
993
|
+
deps << dep if !dep.source || lockfile_source.include?(dep.source) || new_deps.include?(dep)
|
908
994
|
|
909
995
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
910
996
|
s.source = gemfile_source
|
@@ -913,25 +999,14 @@ module Bundler
|
|
913
999
|
s.source = default_source unless sources.get(lockfile_source)
|
914
1000
|
end
|
915
1001
|
|
916
|
-
|
1002
|
+
source = s.source
|
1003
|
+
next if @sources_to_unlock.include?(source.name)
|
917
1004
|
|
918
1005
|
# Path sources have special logic
|
919
|
-
if
|
920
|
-
|
921
|
-
s.source.specs
|
922
|
-
rescue PathError
|
923
|
-
# if we won't need the source (according to the lockfile),
|
924
|
-
# don't error if the path source isn't available
|
925
|
-
next if specs.
|
926
|
-
for(requested_dependencies, false).
|
927
|
-
none? {|locked_spec| locked_spec.source == s.source }
|
928
|
-
|
929
|
-
raise
|
930
|
-
end
|
931
|
-
|
932
|
-
new_spec = new_specs[s].first
|
1006
|
+
if source.instance_of?(Source::Path) || source.instance_of?(Source::Gemspec) || (source.instance_of?(Source::Git) && !@gems_to_unlock.include?(name) && deps.include?(dep))
|
1007
|
+
new_spec = source.specs[s].first
|
933
1008
|
if new_spec
|
934
|
-
s.
|
1009
|
+
s.runtime_dependencies.replace(new_spec.runtime_dependencies)
|
935
1010
|
else
|
936
1011
|
# If the spec is no longer in the path source, unlock it. This
|
937
1012
|
# commonly happens if the version changed in the gemspec
|
@@ -939,14 +1014,15 @@ module Bundler
|
|
939
1014
|
end
|
940
1015
|
end
|
941
1016
|
|
942
|
-
if dep.nil? && requested_dependencies.find {|d| name == d.name }
|
943
|
-
@gems_to_unlock <<
|
944
|
-
|
945
|
-
converged << s
|
1017
|
+
if dep.nil? && requested_dep = requested_dependencies.find {|d| name == d.name }
|
1018
|
+
@gems_to_unlock << name
|
1019
|
+
deps << requested_dep
|
946
1020
|
end
|
1021
|
+
|
1022
|
+
converged << s
|
947
1023
|
end
|
948
1024
|
|
949
|
-
filter_specs(converged, deps)
|
1025
|
+
filter_specs(converged, deps, skips: @gems_to_unlock)
|
950
1026
|
end
|
951
1027
|
|
952
1028
|
def metadata_dependencies
|
@@ -984,7 +1060,6 @@ module Bundler
|
|
984
1060
|
source_requirements["bundler"] = sources.metadata_source # needs to come last to override
|
985
1061
|
end
|
986
1062
|
|
987
|
-
verify_changed_sources!
|
988
1063
|
source_requirements
|
989
1064
|
end
|
990
1065
|
|
@@ -992,14 +1067,6 @@ module Bundler
|
|
992
1067
|
sources.default_source
|
993
1068
|
end
|
994
1069
|
|
995
|
-
def verify_changed_sources!
|
996
|
-
@specs_that_changed_sources.each do |s|
|
997
|
-
if s.source.specs.search(s.name).empty?
|
998
|
-
raise GemNotFound, "Could not find gem '#{s.name}' in #{s.source}"
|
999
|
-
end
|
1000
|
-
end
|
1001
|
-
end
|
1002
|
-
|
1003
1070
|
def requested_groups
|
1004
1071
|
values = groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
|
1005
1072
|
values &= Bundler.settings[:only] unless Bundler.settings[:only].empty?
|
data/lib/bundler/dependency.rb
CHANGED
data/lib/bundler/dsl.rb
CHANGED
@@ -66,7 +66,7 @@ module Bundler
|
|
66
66
|
development_group = opts[:development_group] || :development
|
67
67
|
expanded_path = gemfile_root.join(path)
|
68
68
|
|
69
|
-
gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).
|
69
|
+
gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).filter_map {|g| Bundler.load_gemspec(g) }
|
70
70
|
gemspecs.reject! {|s| s.name != name } if name
|
71
71
|
specs_by_name_and_version = gemspecs.group_by {|s| [s.name, s.version] }
|
72
72
|
|
@@ -110,9 +110,23 @@ module Bundler
|
|
110
110
|
if gemspec_dep
|
111
111
|
gemfile_dep = [dep, current].find(&:runtime?)
|
112
112
|
|
113
|
-
|
113
|
+
if gemfile_dep && !current_requirement_open
|
114
114
|
Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
|
115
115
|
"This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
|
116
|
+
elsif gemfile_dep.nil?
|
117
|
+
require_relative "vendor/pub_grub/lib/pub_grub/version_range"
|
118
|
+
require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
|
119
|
+
require_relative "vendor/pub_grub/lib/pub_grub/version_union"
|
120
|
+
require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
|
121
|
+
|
122
|
+
current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
|
123
|
+
next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
|
124
|
+
|
125
|
+
if current_gemspec_range.intersects?(next_gemspec_range)
|
126
|
+
dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
|
127
|
+
else
|
128
|
+
raise GemfileError, "Two gemspecs have conflicting requirements on the same gem: #{dep} and #{current}"
|
129
|
+
end
|
116
130
|
end
|
117
131
|
else
|
118
132
|
update_prompt = ""
|
@@ -133,20 +147,22 @@ module Bundler
|
|
133
147
|
end
|
134
148
|
end
|
135
149
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
+
unless current.gemspec_dev_dep? && dep.gemspec_dev_dep?
|
151
|
+
# Always prefer the dependency from the Gemfile
|
152
|
+
if current.gemspec_dev_dep?
|
153
|
+
@dependencies.delete(current)
|
154
|
+
elsif dep.gemspec_dev_dep?
|
155
|
+
return
|
156
|
+
elsif current.source != dep.source
|
157
|
+
raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
|
158
|
+
"You specified that #{dep.name} (#{dep.requirement}) should come from " \
|
159
|
+
"#{current.source || "an unspecified source"} and #{dep.source}\n"
|
160
|
+
else
|
161
|
+
Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
|
162
|
+
"You should probably keep only one of them.\n" \
|
163
|
+
"Remove any duplicate entries and specify the gem only once.\n" \
|
164
|
+
"While it's not a problem now, it could cause errors if you change the version of one of them later."
|
165
|
+
end
|
150
166
|
end
|
151
167
|
end
|
152
168
|
|
@@ -487,18 +503,7 @@ module Bundler
|
|
487
503
|
end
|
488
504
|
|
489
505
|
def check_rubygems_source_safety
|
490
|
-
if @sources.
|
491
|
-
implicit_global_source_warning
|
492
|
-
elsif @sources.aggregate_global_source?
|
493
|
-
multiple_global_source_warning
|
494
|
-
end
|
495
|
-
end
|
496
|
-
|
497
|
-
def implicit_global_source_warning
|
498
|
-
Bundler::SharedHelpers.major_deprecation 2, "This Gemfile does not include an explicit global source. " \
|
499
|
-
"Not using an explicit global source may result in a different lockfile being generated depending on " \
|
500
|
-
"the gems you have installed locally before bundler is run. " \
|
501
|
-
"Instead, define a global source in your Gemfile like this: source \"https://rubygems.org\"."
|
506
|
+
multiple_global_source_warning if @sources.aggregate_global_source?
|
502
507
|
end
|
503
508
|
|
504
509
|
def multiple_global_source_warning
|
@@ -6,7 +6,7 @@ module Bundler
|
|
6
6
|
include MatchRemoteMetadata
|
7
7
|
|
8
8
|
attr_reader :name, :version, :platform, :checksum
|
9
|
-
attr_accessor :
|
9
|
+
attr_accessor :remote, :dependencies, :locked_platform
|
10
10
|
|
11
11
|
def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
|
12
12
|
super()
|
@@ -18,10 +18,15 @@ module Bundler
|
|
18
18
|
|
19
19
|
@loaded_from = nil
|
20
20
|
@remote_specification = nil
|
21
|
+
@locked_platform = nil
|
21
22
|
|
22
23
|
parse_metadata(metadata)
|
23
24
|
end
|
24
25
|
|
26
|
+
def insecurely_materialized?
|
27
|
+
@locked_platform.to_s != @platform.to_s
|
28
|
+
end
|
29
|
+
|
25
30
|
def fetch_platform
|
26
31
|
@platform
|
27
32
|
end
|
@@ -115,6 +120,10 @@ module Bundler
|
|
115
120
|
@remote_specification = spec
|
116
121
|
end
|
117
122
|
|
123
|
+
def inspect
|
124
|
+
"#<#{self.class} @name=\"#{name}\" (#{full_name.delete_prefix("#{name}-")})>"
|
125
|
+
end
|
126
|
+
|
118
127
|
private
|
119
128
|
|
120
129
|
def _remote_specification
|
data/lib/bundler/errors.rb
CHANGED
@@ -246,4 +246,14 @@ module Bundler
|
|
246
246
|
end
|
247
247
|
|
248
248
|
class InvalidArgumentError < BundlerError; status_code(40); end
|
249
|
+
|
250
|
+
class IncorrectLockfileDependencies < BundlerError
|
251
|
+
attr_reader :spec
|
252
|
+
|
253
|
+
def initialize(spec)
|
254
|
+
@spec = spec
|
255
|
+
end
|
256
|
+
|
257
|
+
status_code(41)
|
258
|
+
end
|
249
259
|
end
|
data/lib/bundler/feature_flag.rb
CHANGED
@@ -33,6 +33,7 @@ module Bundler
|
|
33
33
|
settings_flag(:default_install_uses_path) { bundler_3_mode? }
|
34
34
|
settings_flag(:forget_cli_options) { bundler_3_mode? }
|
35
35
|
settings_flag(:global_gem_cache) { bundler_3_mode? }
|
36
|
+
settings_flag(:lockfile_checksums) { bundler_3_mode? }
|
36
37
|
settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
|
37
38
|
settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
|
38
39
|
settings_flag(:print_only_version_number) { bundler_3_mode? }
|
@@ -10,7 +10,7 @@ module Bundler
|
|
10
10
|
method = instance_method(method_name)
|
11
11
|
undef_method(method_name)
|
12
12
|
define_method(method_name) do |*args, &blk|
|
13
|
-
method.
|
13
|
+
method.bind_call(self, *args, &blk)
|
14
14
|
rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
|
15
15
|
raise HTTPError, e.message
|
16
16
|
rescue AuthenticationRequiredError, BadAuthenticationError
|
data/lib/bundler/fetcher.rb
CHANGED
@@ -37,8 +37,9 @@ module Bundler
|
|
37
37
|
# This is the error raised when a source is HTTPS and OpenSSL didn't load
|
38
38
|
class SSLError < HTTPError
|
39
39
|
def initialize(msg = nil)
|
40
|
-
super
|
41
|
-
|
40
|
+
super "Could not load OpenSSL.\n" \
|
41
|
+
"You must recompile Ruby with OpenSSL support.\n" \
|
42
|
+
"original error: #{msg}\n"
|
42
43
|
end
|
43
44
|
end
|
44
45
|
|
@@ -251,7 +252,13 @@ module Bundler
|
|
251
252
|
needs_ssl = remote_uri.scheme == "https" ||
|
252
253
|
Bundler.settings[:ssl_verify_mode] ||
|
253
254
|
Bundler.settings[:ssl_client_cert]
|
254
|
-
|
255
|
+
if needs_ssl
|
256
|
+
begin
|
257
|
+
require "openssl"
|
258
|
+
rescue StandardError, LoadError => e
|
259
|
+
raise SSLError.new(e.message)
|
260
|
+
end
|
261
|
+
end
|
255
262
|
|
256
263
|
con = Gem::Net::HTTP::Persistent.new name: "bundler", proxy: :ENV
|
257
264
|
if gem_proxy = Gem.configuration[:http_proxy]
|