bundler 2.5.5 → 2.5.16

data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -1,5 +1,5 @@
 require_relative '../../../../../vendored_net_http'
-require_relative '../../../../uri/lib/uri'
+require_relative '../../../../../vendored_uri'
 require 'cgi' # for escaping
 require_relative '../../../../connection_pool/lib/connection_pool'
 
@@ -22,7 +22,7 @@ autoload :OpenSSL, 'openssl'
 #
 #   require 'bundler/vendor/net-http-persistent/lib/net/http/persistent'
 #
-#   uri = Bundler::URI 'http://example.com/awesome/web/service'
+#   uri = Gem::URI 'http://example.com/awesome/web/service'
 #
 #   http = Gem::Net::HTTP::Persistent.new
 #
@@ -39,17 +39,17 @@ autoload :OpenSSL, 'openssl'
 #   post = Gem::Net::HTTP::Post.new post_uri.path
 #   post.set_form_data 'some' => 'cool data'
 #
-#   # perform the POST, the Bundler::URI is always required
+#   # perform the POST, the Gem::URI is always required
 #   response http.request post_uri, post
 #
 # Note that for GET, HEAD and other requests that do not have a body you want
-# to use Bundler::URI#request_uri not Bundler::URI#path.  The request_uri contains the query
+# to use Gem::URI#request_uri not Gem::URI#path.  The request_uri contains the query
 # params which are sent in the body for other requests.
 #
 # == TLS/SSL
 #
 # TLS connections are automatically created depending upon the scheme of the
-# Bundler::URI.  TLS connections are automatically verified against the default
+# Gem::URI.  TLS connections are automatically verified against the default
 # certificate store for your computer.  You can override this by changing
 # verify_mode or by specifying an alternate cert_store.
 #
@@ -72,7 +72,7 @@ autoload :OpenSSL, 'openssl'
 # == Proxies
 #
 # A proxy can be set through #proxy= or at initialization time by providing a
-# second argument to ::new.  The proxy may be the Bundler::URI of the proxy server or
+# second argument to ::new.  The proxy may be the Gem::URI of the proxy server or
 # <code>:ENV</code> which will consult environment variables.
 #
 # See #proxy= and #proxy_from_env for details.
@@ -197,7 +197,7 @@ class Gem::Net::HTTP::Persistent
   # NOTE:  This may not work on ruby > 1.9.
 
   def self.detect_idle_timeout uri, max = 10
-    uri = Bundler::URI uri unless Bundler::URI::Generic === uri
+    uri = Gem::URI uri unless Gem::URI::Generic === uri
     uri += '/'
 
     req = Gem::Net::HTTP::Head.new uri.request_uri
@@ -455,13 +455,13 @@ class Gem::Net::HTTP::Persistent
   # Set a +name+ for fun.  Your library name should be good enough, but this
   # otherwise has no purpose.
   #
-  # +proxy+ may be set to a Bundler::URI::HTTP or :ENV to pick up proxy options from
+  # +proxy+ may be set to a Gem::URI::HTTP or :ENV to pick up proxy options from
   # the environment.  See proxy_from_env for details.
   #
-  # In order to use a Bundler::URI for the proxy you may need to do some extra work
-  # beyond Bundler::URI parsing if the proxy requires a password:
+  # In order to use a Gem::URI for the proxy you may need to do some extra work
+  # beyond Gem::URI parsing if the proxy requires a password:
   #
-  #   proxy = Bundler::URI 'http://proxy.example'
+  #   proxy = Gem::URI 'http://proxy.example'
   #   proxy.user     = 'AzureDiamond'
   #   proxy.password = 'hunter2'
   #
@@ -510,7 +510,7 @@ class Gem::Net::HTTP::Persistent
     @verify_mode        = nil
     @cert_store         = nil
 
-    @generation         = 0 # incremented when proxy Bundler::URI changes
+    @generation         = 0 # incremented when proxy Gem::URI changes
 
     if HAVE_OPENSSL then
       @verify_mode        = OpenSSL::SSL::VERIFY_PEER
@@ -720,12 +720,12 @@ class Gem::Net::HTTP::Persistent
   alias key= private_key=
 
   ##
-  # Sets the proxy server.  The +proxy+ may be the Bundler::URI of the proxy server,
+  # Sets the proxy server.  The +proxy+ may be the Gem::URI of the proxy server,
   # the symbol +:ENV+ which will read the proxy from the environment or nil to
   # disable use of a proxy.  See #proxy_from_env for details on setting the
   # proxy from the environment.
   #
-  # If the proxy Bundler::URI is set after requests have been made, the next request
+  # If the proxy Gem::URI is set after requests have been made, the next request
   # will shut-down and re-open all connections.
   #
   # The +no_proxy+ query parameter can be used to specify hosts which shouldn't
@@ -736,9 +736,9 @@ class Gem::Net::HTTP::Persistent
   def proxy= proxy
     @proxy_uri = case proxy
                  when :ENV      then proxy_from_env
-                 when Bundler::URI::HTTP then proxy
+                 when Gem::URI::HTTP then proxy
                  when nil       then # ignore
-                 else raise ArgumentError, 'proxy must be :ENV or a Bundler::URI::HTTP'
+                 else raise ArgumentError, 'proxy must be :ENV or a Gem::URI::HTTP'
                  end
 
     @no_proxy.clear
@@ -763,13 +763,13 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a Bundler::URI for an HTTP proxy server from ENV variables.
+  # Creates a Gem::URI for an HTTP proxy server from ENV variables.
   #
   # If +HTTP_PROXY+ is set a proxy will be returned.
   #
-  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Bundler::URI is given the
+  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Gem::URI is given the
   # indicated user and password unless HTTP_PROXY contains either of these in
-  # the Bundler::URI.
+  # the Gem::URI.
   #
   # The +NO_PROXY+ ENV variable can be used to specify hosts which shouldn't
   # be reached via proxy; if set it should be a comma separated list of
@@ -785,7 +785,7 @@ class Gem::Net::HTTP::Persistent
 
     return nil if env_proxy.nil? or env_proxy.empty?
 
-    uri = Bundler::URI normalize_uri env_proxy
+    uri = Gem::URI normalize_uri env_proxy
 
     env_no_proxy = ENV['no_proxy'] || ENV['NO_PROXY']
 
@@ -863,7 +863,7 @@ class Gem::Net::HTTP::Persistent
   # +req+ must be a Gem::Net::HTTPGenericRequest subclass (see Gem::Net::HTTP for a list).
 
   def request uri, req = nil, &block
-    uri      = Bundler::URI uri
+    uri      = Gem::URI uri
     req      = request_setup req || uri
     response = nil
 
@@ -896,7 +896,7 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a GET request if +req_or_uri+ is a Bundler::URI and adds headers to the
+  # Creates a GET request if +req_or_uri+ is a Gem::URI and adds headers to the
   # request.
   #
   # Returns the request.

data/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb

@@ -1,4 +1,5 @@
 require_relative 'package'
+require_relative 'rubygems'
 require_relative 'version_constraint'
 require_relative 'incompatibility'
 require_relative 'basic_package_source'

data/lib/bundler/vendored_net_http.rb

@@ -1,8 +1,23 @@
 # frozen_string_literal: true
 
-begin
-  require "rubygems/net/http"
-rescue LoadError
-  require "net/http"
-  Gem::Net = Net
+# This defined? guard can be removed once RubyGems 3.4 support is dropped.
+#
+# Bundler specs load this code from `spec/support/vendored_net_http.rb` to avoid
+# activating the Bundler gem too early. Without this guard, we get redefinition
+# warnings once Bundler is actually activated and
+# `lib/bundler/vendored_net_http.rb` is required. This is not an issue in
+# RubyGems versions including `rubygems/vendored_net_http` since `require` takes
+# care of avoiding the double load.
+#
+unless defined?(Gem::Net)
+  begin
+    require "rubygems/vendored_net_http"
+  rescue LoadError
+    begin
+      require "rubygems/net/http"
+    rescue LoadError
+      require "net/http"
+      Gem::Net = Net
+    end
+  end
 end

data/lib/bundler/vendored_timeout.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
 begin
-  require "rubygems/timeout"
+  require "rubygems/vendored_timeout"
 rescue LoadError
-  require "timeout"
-  Gem::Timeout = Timeout
+  begin
+    require "rubygems/timeout"
+  rescue LoadError
+    require "timeout"
+    Gem::Timeout = Timeout
+  end
 end

data/lib/bundler/vendored_uri.rb

@@ -1,4 +1,21 @@
 # frozen_string_literal: true
 
 module Bundler; end
-require_relative "vendor/uri/lib/uri"
+
+# Use RubyGems vendored copy when available. Otherwise fallback to Bundler
+# vendored copy. The vendored copy in Bundler can be removed once support for
+# RubyGems 3.5 is dropped.
+
+begin
+  require "rubygems/vendor/uri/lib/uri"
+rescue LoadError
+  require_relative "vendor/uri/lib/uri"
+  Gem::URI = Bundler::URI
+
+  module Gem
+    def URI(uri) # rubocop:disable Naming/MethodName
+      Bundler::URI(uri)
+    end
+    module_function :URI
+  end
+end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.5".freeze
+  VERSION = "2.5.16".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler/yaml_serializer.rb

@@ -58,7 +58,8 @@ module Bundler
       str.split(/\r?\n/) do |line|
         if match = HASH_REGEX.match(line)
           indent, key, quote, val = match.captures
-          convert_to_backward_compatible_key!(key)
+          val = strip_comment(val)
+
           depth = indent.size / 2
           if quote.empty? && val.empty?
             new_hash = {}
@@ -72,6 +73,8 @@ module Bundler
           end
         elsif match = ARRAY_REGEX.match(line)
           _, val = match.captures
+          val = strip_comment(val)
+
           last_hash[last_empty_key] = [] unless last_hash[last_empty_key].is_a?(Array)
 
           last_hash[last_empty_key].push(val)
@@ -80,14 +83,16 @@ module Bundler
       res
     end
 
-    # for settings' keys
-    def convert_to_backward_compatible_key!(key)
-      key << "/" if /https?:/i.match?(key) && !%r{/\Z}.match?(key)
-      key.gsub!(".", "__")
+    def strip_comment(val)
+      if val.include?("#") && !val.start_with?("#")
+        val.split("#", 2).first.strip
+      else
+        val
+      end
     end
 
     class << self
-      private :dump_hash, :convert_to_backward_compatible_key!
+      private :dump_hash
     end
   end
 end

data/lib/bundler.rb

@@ -40,7 +40,9 @@ module Bundler
   SUDO_MUTEX = Thread::Mutex.new
 
   autoload :Checksum,               File.expand_path("bundler/checksum", __dir__)
+  autoload :CLI,                    File.expand_path("bundler/cli", __dir__)
   autoload :CIDetector,             File.expand_path("bundler/ci_detector", __dir__)
+  autoload :CompactIndexClient,     File.expand_path("bundler/compact_index_client", __dir__)
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :Deprecate,              File.expand_path("bundler/deprecate", __dir__)
@@ -165,6 +167,29 @@ module Bundler
       end
     end
 
+    def auto_switch
+      self_manager.restart_with_locked_bundler_if_needed
+    end
+
+    # Automatically install dependencies if Bundler.settings[:auto_install] exists.
+    # This is set through config cmd `bundle config set --global auto_install 1`.
+    #
+    # Note that this method `nil`s out the global Definition object, so it
+    # should be called first, before you instantiate anything like an
+    # `Installer` that'll keep a reference to the old one instead.
+    def auto_install
+      return unless settings[:auto_install]
+
+      begin
+        definition.specs
+      rescue GemNotFound, GitError
+        ui.info "Automatically installing missing gems."
+        reset!
+        CLI::Install.new({}).run
+        reset!
+      end
+    end
+
     # Setups Bundler environment (see Bundler.setup) if it is not already set,
     # and loads all gems from groups specified. Unlike ::setup, can be called
     # multiple times with different groups (if they were allowed by setup).
@@ -200,12 +225,13 @@ module Bundler
     #
     # @param unlock [Hash, Boolean, nil] Gems that have been requested
     #   to be updated or true if all gems should be updated
+    # @param lockfile [Pathname] Path to Gemfile.lock
     # @return [Bundler::Definition]
-    def definition(unlock = nil)
+    def definition(unlock = nil, lockfile = default_lockfile)
       @definition = nil if unlock
       @definition ||= begin
         configure
-        Definition.build(default_gemfile, default_lockfile, unlock)
+        Definition.build(default_gemfile, lockfile, unlock)
       end
     end
 
@@ -335,7 +361,7 @@ module Bundler
     def settings
       @settings ||= Settings.new(app_config_path)
     rescue GemfileNotFound
-      @settings = Settings.new(Pathname.new(".bundle").expand_path)
+      @settings = Settings.new
     end
 
     # @return [Hash] Environment present before Bundler was activated

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.5
+  version: 2.5.16
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-18 00:00:00.000000000 Z
+date: 2024-07-18 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -79,6 +79,7 @@ files:
 - lib/bundler/compact_index_client/cache.rb
 - lib/bundler/compact_index_client/cache_file.rb
 - lib/bundler/compact_index_client/gem_parser.rb
+- lib/bundler/compact_index_client/parser.rb
 - lib/bundler/compact_index_client/updater.rb
 - lib/bundler/constants.rb
 - lib/bundler/current_ruby.rb
@@ -189,6 +190,7 @@ files:
 - lib/bundler/plugin/index.rb
 - lib/bundler/plugin/installer.rb
 - lib/bundler/plugin/installer/git.rb
+- lib/bundler/plugin/installer/path.rb
 - lib/bundler/plugin/installer/rubygems.rb
 - lib/bundler/plugin/source_list.rb
 - lib/bundler/process_lock.rb
@@ -398,7 +400,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.5
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies