bundler 2.5.7 → 2.5.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab09cb02a347345a7382b519419f81991b9508903fc54c15e90d08ee181bee2e
-  data.tar.gz: 322c1369032737136b6d2181a046bd5830283ee219acfc4c2c0262e86a8256ae
+  metadata.gz: a5b022aa2fbcb7dc23d00521f4d06a6d47ac0c59fe82da544b25ec46b82d80a3
+  data.tar.gz: 95f43a8fb90cd87a9749746121fe46cdab001476b04c99bdf16ac388912c6bfd
 SHA512:
-  metadata.gz: a268a3669d1fb20b3e7a82d4b71bc9374e16d3ac7a7524648fba4d4d384e2ee24f2c83d2c5a09b5bf00991d017bb4b6ecc5ab6edba11d457daefc5fbd9a71114
-  data.tar.gz: d964cb42e42654827f0f858322b8b53c6dba79d3c02713ef42f5b2eb4d6d440d51da6844b75a751bdeb37b819eafc15e49f81f010e5bb601d11dcdb93b38b409
+  metadata.gz: 5915fb8ba535b49dbe06042a31564614e86928b4d6a75935a7a3aa782ffd713bb1c5f95be3ffc028ae1337367e46e708a9a59d38601a268c54f7814ec0dcea32
+  data.tar.gz: 18300e1cf1066cbbc36cc70822f80a0d46eabd5330b7dadf47993cd00cb1c1762ab663c582a18cec055309d5893ea7a241d7eecd0915654bc2fb5d1c8165b2e7

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+# 2.5.8 (April 11, 2024)
+
+## Enhancements:
+
+  - Allow installing plugins from path via CLI [#6960](https://github.com/rubygems/rubygems/pull/6960)
+  - Improve validation of `bundle plugin install` options [#7529](https://github.com/rubygems/rubygems/pull/7529)
+
+## Bug fixes:
+
+  - Fix resolver error message when it runs out of versions due to `--strict --patch` filtering out everything [#7527](https://github.com/rubygems/rubygems/pull/7527)
+  - Fix incorrect `bundle update --bundler` message [#7516](https://github.com/rubygems/rubygems/pull/7516)
+
 # 2.5.7 (March 22, 2024)
 
 ## Deprecations:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-03-22".freeze
-    @git_commit_sha = "199531f621".freeze
+    @built_at = "2024-04-11".freeze
+    @git_commit_sha = "cf66a7369b".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/plugin.rb

@@ -5,7 +5,7 @@ module Bundler
   class CLI::Plugin < Thor
     desc "install PLUGINS", "Install the plugin from the source"
     long_desc <<-D
-      Install plugins either from the rubygems source provided (with --source option) or from a git source provided with --git. If no sources are provided, it uses Gem.sources
+      Install plugins either from the rubygems source provided (with --source option), from a git source provided with --git, or a local path provided with --path. If no sources are provided, it uses Gem.sources
    D
     method_option "source", type: :string, default: nil, banner: "URL of the RubyGems source to fetch the plugin from"
     method_option "version", type: :string, default: nil, banner: "The version of the plugin to fetch"
@@ -13,6 +13,7 @@ module Bundler
     method_option "local_git", type: :string, default: nil, banner: "Path of the local git repo to fetch from (deprecated)"
     method_option "branch", type: :string, default: nil, banner: "The git branch to checkout"
     method_option "ref", type: :string, default: nil, banner: "The git revision to check out"
+    method_option "path", type: :string, default: nil, banner: "Path of a local gem to directly use"
     def install(*plugins)
       Bundler::Plugin.install(plugins, options)
     end

data/lib/bundler/gem_version_promoter.rb

@@ -45,17 +45,37 @@ module Bundler
 
     # Given a Resolver::Package and an Array of Specifications of available
     # versions for a gem, this method will return the Array of Specifications
-    # sorted (and possibly truncated if strict is true) in an order to give
-    # preference to the current level (:major, :minor or :patch) when resolution
-    # is deciding what versions best resolve all dependencies in the bundle.
+    # sorted in an order to give preference to the current level (:major, :minor
+    # or :patch) when resolution is deciding what versions best resolve all
+    # dependencies in the bundle.
     # @param package [Resolver::Package] The package being resolved.
     # @param specs [Specification] An array of Specifications for the package.
-    # @return [Specification] A new instance of the Specification Array sorted and
-    #    possibly filtered.
+    # @return [Specification] A new instance of the Specification Array sorted.
     def sort_versions(package, specs)
-      specs = filter_dep_specs(specs, package) if strict
+      locked_version = package.locked_version
 
-      sort_dep_specs(specs, package)
+      result = specs.sort do |a, b|
+        unless package.prerelease_specified? || pre?
+          a_pre = a.prerelease?
+          b_pre = b.prerelease?
+
+          next 1 if a_pre && !b_pre
+          next -1 if b_pre && !a_pre
+        end
+
+        if major? || locked_version.nil?
+          b <=> a
+        elsif either_version_older_than_locked?(a, b, locked_version)
+          b <=> a
+        elsif segments_do_not_match?(a, b, :major)
+          a <=> b
+        elsif !minor? && segments_do_not_match?(a, b, :minor)
+          a <=> b
+        else
+          b <=> a
+        end
+      end
+      post_sort(result, package.unlock?, locked_version)
     end
 
     # @return [bool] Convenience method for testing value of level variable.
@@ -73,9 +93,18 @@ module Bundler
       pre == true
     end
 
-    private
+    # Given a Resolver::Package and an Array of Specifications of available
+    # versions for a gem, this method will truncate the Array if strict
+    # is true. That means filtering out downgrades from the version currently
+    # locked, and filtering out upgrades that go past the selected level (major,
+    # minor, or patch).
+    # @param package [Resolver::Package] The package being resolved.
+    # @param specs [Specification] An array of Specifications for the package.
+    # @return [Specification] A new instance of the Specification Array
+    #   truncated.
+    def filter_versions(package, specs)
+      return specs unless strict
 
-    def filter_dep_specs(specs, package)
       locked_version = package.locked_version
       return specs if locked_version.nil? || major?
 
@@ -89,32 +118,7 @@ module Bundler
       end
     end
 
-    def sort_dep_specs(specs, package)
-      locked_version = package.locked_version
-
-      result = specs.sort do |a, b|
-        unless package.prerelease_specified? || pre?
-          a_pre = a.prerelease?
-          b_pre = b.prerelease?
-
-          next -1 if a_pre && !b_pre
-          next  1 if b_pre && !a_pre
-        end
-
-        if major? || locked_version.nil?
-          a <=> b
-        elsif either_version_older_than_locked?(a, b, locked_version)
-          a <=> b
-        elsif segments_do_not_match?(a, b, :major)
-          b <=> a
-        elsif !minor? && segments_do_not_match?(a, b, :minor)
-          b <=> a
-        else
-          a <=> b
-        end
-      end
-      post_sort(result, package.unlock?, locked_version)
-    end
+    private
 
     def either_version_older_than_locked?(a, b, locked_version)
       a.version < locked_version || b.version < locked_version
@@ -133,13 +137,13 @@ module Bundler
       if unlock || locked_version.nil?
         result
       else
-        move_version_to_end(result, locked_version)
+        move_version_to_beginning(result, locked_version)
       end
     end
 
-    def move_version_to_end(result, version)
+    def move_version_to_beginning(result, version)
       move, keep = result.partition {|s| s.version.to_s == version.to_s }
-      keep.concat(move)
+      move.concat(keep)
     end
   end
 end

data/lib/bundler/man/bundle-add.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-ADD" "1" "February 2024" ""
+.TH "BUNDLE\-ADD" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-binstubs.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-BINSTUBS" "1" "February 2024" ""
+.TH "BUNDLE\-BINSTUBS" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-cache.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CACHE" "1" "February 2024" ""
+.TH "BUNDLE\-CACHE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-check.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CHECK" "1" "February 2024" ""
+.TH "BUNDLE\-CHECK" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-clean.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CLEAN" "1" "February 2024" ""
+.TH "BUNDLE\-CLEAN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-config.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CONFIG" "1" "February 2024" ""
+.TH "BUNDLE\-CONFIG" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-console.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CONSOLE" "1" "February 2024" ""
+.TH "BUNDLE\-CONSOLE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-console\fR \- Deprecated way to open an IRB session with the bundle pre\-loaded
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-doctor.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-DOCTOR" "1" "February 2024" ""
+.TH "BUNDLE\-DOCTOR" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-exec.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-EXEC" "1" "February 2024" ""
+.TH "BUNDLE\-EXEC" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-gem.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-GEM" "1" "February 2024" ""
+.TH "BUNDLE\-GEM" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-help.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-HELP" "1" "February 2024" ""
+.TH "BUNDLE\-HELP" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-help\fR \- Displays detailed help for each subcommand
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-info.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INFO" "1" "February 2024" ""
+.TH "BUNDLE\-INFO" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-info\fR \- Show information for the given gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-init.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INIT" "1" "February 2024" ""
+.TH "BUNDLE\-INIT" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-init\fR \- Generates a Gemfile into the current working directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-inject.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INJECT" "1" "February 2024" ""
+.TH "BUNDLE\-INJECT" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-install.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INSTALL" "1" "February 2024" ""
+.TH "BUNDLE\-INSTALL" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-list.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-LIST" "1" "February 2024" ""
+.TH "BUNDLE\-LIST" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-lock.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-LOCK" "1" "February 2024" ""
+.TH "BUNDLE\-LOCK" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-open.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-OPEN" "1" "February 2024" ""
+.TH "BUNDLE\-OPEN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-outdated.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-OUTDATED" "1" "February 2024" ""
+.TH "BUNDLE\-OUTDATED" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-platform.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PLATFORM" "1" "February 2024" ""
+.TH "BUNDLE\-PLATFORM" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-plugin.1

@@ -1,10 +1,10 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PLUGIN" "1" "February 2024" ""
+.TH "BUNDLE\-PLUGIN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-plugin\fR \- Manage Bundler plugins
 .SH "SYNOPSIS"
-\fBbundle plugin\fR install PLUGINS [\-\-source=\fISOURCE\fR] [\-\-version=\fIversion\fR] [\-\-git=\fIgit\-url\fR] [\-\-branch=\fIbranch\fR|\-\-ref=\fIrev\fR]
+\fBbundle plugin\fR install PLUGINS [\-\-source=\fISOURCE\fR] [\-\-version=\fIversion\fR] [\-\-git=\fIgit\-url\fR] [\-\-branch=\fIbranch\fR|\-\-ref=\fIrev\fR] [\-\-path=\fIpath\fR]
 .br
 \fBbundle plugin\fR uninstall PLUGINS
 .br
@@ -37,7 +37,10 @@ Install bundler\-graph gem from Git repository\. You can use standard Git URLs l
 .br
 \fBfile:///path/to/repo\fR
 .IP
-When you specify \fB\-\-git\fR, you can use \fB\-\-branch\fR or \fB\-\-ref\fR to specify any branch, tag, or commit hash (revision) to use\. When you specify both, only the latter is used\.
+When you specify \fB\-\-git\fR, you can use \fB\-\-branch\fR or \fB\-\-ref\fR to specify any branch, tag, or commit hash (revision) to use\.
+.TP
+\fBbundle plugin install bundler\-graph \-\-path \.\./bundler\-graph\fR
+Install bundler\-graph gem from a local path\.
 .SS "uninstall"
 Uninstall the plugin(s) specified in PLUGINS\.
 .SS "list"

data/lib/bundler/man/bundle-plugin.1.ronn

@@ -4,7 +4,8 @@ bundle-plugin(1) -- Manage Bundler plugins
 ## SYNOPSIS
 
 `bundle plugin` install PLUGINS [--source=<SOURCE>] [--version=<version>]
-                              [--git=<git-url>] [--branch=<branch>|--ref=<rev>]<br>
+                              [--git=<git-url>] [--branch=<branch>|--ref=<rev>]
+                              [--path=<path>]<br>
 `bundle plugin` uninstall PLUGINS<br>
 `bundle plugin` list<br>
 `bundle plugin` help [COMMAND]
@@ -36,7 +37,10 @@ Install the given plugin(s).
   `/path/to/repo`<br>
   `file:///path/to/repo`
 
-  When you specify `--git`, you can use `--branch` or `--ref` to specify any branch, tag, or commit hash (revision) to use. When you specify both, only the latter is used.
+  When you specify `--git`, you can use `--branch` or `--ref` to specify any branch, tag, or commit hash (revision) to use.
+
+* `bundle plugin install bundler-graph --path ../bundler-graph`:
+  Install bundler-graph gem from a local path.
 
 ### uninstall
 

data/lib/bundler/man/bundle-pristine.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PRISTINE" "1" "February 2024" ""
+.TH "BUNDLE\-PRISTINE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-remove.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-REMOVE" "1" "February 2024" ""
+.TH "BUNDLE\-REMOVE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-show.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-SHOW" "1" "February 2024" ""
+.TH "BUNDLE\-SHOW" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-update.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-UPDATE" "1" "February 2024" ""
+.TH "BUNDLE\-UPDATE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-version.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-VERSION" "1" "February 2024" ""
+.TH "BUNDLE\-VERSION" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-version\fR \- Prints Bundler version information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-viz.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-VIZ" "1" "February 2024" ""
+.TH "BUNDLE\-VIZ" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE" "1" "February 2024" ""
+.TH "BUNDLE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management
 .SH "SYNOPSIS"

data/lib/bundler/man/gemfile.5

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "GEMFILE" "5" "February 2024" ""
+.TH "GEMFILE" "5" "March 2024" ""
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
 .SH "SYNOPSIS"

data/lib/bundler/plugin/installer/path.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Bundler
+  module Plugin
+    class Installer
+      class Path < Bundler::Source::Path
+        def root
+          Plugin.root
+        end
+
+        def generate_bin(spec, disable_extensions = false)
+          # Need to find a way without code duplication
+          # For now, we can ignore this
+        end
+      end
+    end
+  end
+end

data/lib/bundler/plugin/installer.rb

@@ -10,6 +10,7 @@ module Bundler
     class Installer
       autoload :Rubygems, File.expand_path("installer/rubygems", __dir__)
       autoload :Git,      File.expand_path("installer/git", __dir__)
+      autoload :Path, File.expand_path("installer/path", __dir__)
 
       def install(names, options)
         check_sources_consistency!(options)
@@ -18,6 +19,8 @@ module Bundler
 
         if options[:git]
           install_git(names, version, options)
+        elsif options[:path]
+          install_path(names, version, options[:path])
         else
           sources = options[:source] || Gem.sources
           install_rubygems(names, version, sources)
@@ -43,18 +46,40 @@ module Bundler
         if options.key?(:git) && options.key?(:local_git)
           raise InvalidOption, "Remote and local plugin git sources can't be both specified"
         end
+
         # back-compat; local_git is an alias for git
         if options.key?(:local_git)
           Bundler::SharedHelpers.major_deprecation(2, "--local_git is deprecated, use --git")
           options[:git] = options.delete(:local_git)
         end
+
+        if (options.keys & [:source, :git, :path]).length > 1
+          raise InvalidOption, "Only one of --source, --git, or --path may be specified"
+        end
+
+        if (options.key?(:branch) || options.key?(:ref)) && !options.key?(:git)
+          raise InvalidOption, "--#{options.key?(:branch) ? "branch" : "ref"} can only be used with git sources"
+        end
+
+        if options.key?(:branch) && options.key?(:ref)
+          raise InvalidOption, "--branch and --ref can't be both specified"
+        end
       end
 
       def install_git(names, version, options)
-        uri = options.delete(:git)
-        options["uri"] = uri
+        source_list = SourceList.new
+        source = source_list.add_git_source({ "uri" => options[:git],
+                                              "branch" => options[:branch],
+                                              "ref" => options[:ref] })
 
-        install_all_sources(names, version, options, options[:source])
+        install_all_sources(names, version, source_list, source)
+      end
+
+      def install_path(names, version, path)
+        source_list = SourceList.new
+        source = source_list.add_path_source({ "path" => path })
+
+        install_all_sources(names, version, source_list, source)
       end
 
       # Installs the plugin from rubygems source and returns the path where the
@@ -66,16 +91,15 @@ module Bundler
       #
       # @return [Hash] map of names to the specs of plugins installed
       def install_rubygems(names, version, sources)
-        install_all_sources(names, version, nil, sources)
-      end
-
-      def install_all_sources(names, version, git_source_options, rubygems_source)
         source_list = SourceList.new
 
-        source_list.add_git_source(git_source_options) if git_source_options
-        Array(rubygems_source).each {|remote| source_list.add_global_rubygems_remote(remote) } if rubygems_source
+        Array(sources).each {|remote| source_list.add_global_rubygems_remote(remote) }
+
+        install_all_sources(names, version, source_list)
+      end
 
-        deps = names.map {|name| Dependency.new name, version }
+      def install_all_sources(names, version, source_list, source = nil)
+        deps = names.map {|name| Dependency.new(name, version, { "source" => source }) }
 
         Bundler.configure_gem_home_and_path(Plugin.root)
 

data/lib/bundler/plugin/source_list.rb

@@ -9,6 +9,10 @@ module Bundler
         add_source_to_list Plugin::Installer::Git.new(options), git_sources
       end
 
+      def add_path_source(options = {})
+        add_source_to_list Plugin::Installer::Path.new(options), path_sources
+      end
+
       def add_rubygems_source(options = {})
         add_source_to_list Plugin::Installer::Rubygems.new(options), @rubygems_sources
       end
@@ -17,10 +21,6 @@ module Bundler
         path_sources + git_sources + rubygems_sources + [metadata_source]
       end
 
-      def default_source
-        git_sources.first || global_rubygems_source
-      end
-
       private
 
       def rubygems_aggregate_class

data/lib/bundler/resolver/candidate.rb

@@ -15,7 +15,7 @@ module Bundler
     # considered separately.
     #
     # Some candidates may also keep some information explicitly about the
-    # package the refer to. These candidates are referred to as "canonical" and
+    # package they refer to. These candidates are referred to as "canonical" and
     # are used when materializing resolution results back into RubyGems
     # specifications that can be installed, written to lock files, and so on.
     #

data/lib/bundler/resolver.rb

@@ -50,26 +50,26 @@ module Bundler
         specs[name] = matches.sort_by {|s| [s.version, s.platform.to_s] }
       end
 
+      @all_versions = Hash.new do |candidates, package|
+        candidates[package] = all_versions_for(package)
+      end
+
       @sorted_versions = Hash.new do |candidates, package|
-        candidates[package] = if package.root?
-          [root_version]
-        else
-          all_versions_for(package).sort
-        end
+        candidates[package] = filtered_versions_for(package).sort
       end
 
+      @sorted_versions[root] = [root_version]
+
       root_dependencies = prepare_dependencies(@requirements, @packages)
 
       @cached_dependencies = Hash.new do |dependencies, package|
-        dependencies[package] = if package.root?
-          { root_version => root_dependencies }
-        else
-          Hash.new do |versions, version|
-            versions[version] = to_dependency_hash(version.dependencies.reject {|d| d.name == package.name }, @packages)
-          end
+        dependencies[package] = Hash.new do |versions, version|
+          versions[version] = to_dependency_hash(version.dependencies.reject {|d| d.name == package.name }, @packages)
         end
       end
 
+      @cached_dependencies[root] = { root_version => root_dependencies }
+
       logger = Bundler::UI::Shell.new
       logger.level = debug? ? "debug" : "warn"
 
@@ -156,9 +156,15 @@ module Bundler
     end
 
     def versions_for(package, range=VersionRange.any)
-      versions = range.select_versions(@sorted_versions[package])
+      versions = select_sorted_versions(package, range)
 
-      sort_versions(package, versions)
+      # Conditional avoids (among other things) calling
+      # sort_versions_by_preferred with the root package
+      if versions.size > 1
+        sort_versions_by_preferred(package, versions)
+      else
+        versions
+      end
     end
 
     def no_versions_incompatibility_for(package, unsatisfied_term)
@@ -247,7 +253,7 @@ module Bundler
       locked_requirement = base_requirements[name]
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
-      versions = results.group_by(&:version).reduce([]) do |groups, (version, specs)|
+      results.group_by(&:version).reduce([]) do |groups, (version, specs)|
         platform_specs = package.platforms.map {|platform| select_best_platform_match(specs, platform) }
 
         # If package is a top-level dependency,
@@ -274,8 +280,6 @@ module Bundler
 
         groups
       end
-
-      sort_versions(package, versions)
     end
 
     def source_for(name)
@@ -334,6 +338,21 @@ module Bundler
 
     private
 
+    def filtered_versions_for(package)
+      @gem_version_promoter.filter_versions(package, @all_versions[package])
+    end
+
+    def raise_all_versions_filtered_out!(package)
+      level = @gem_version_promoter.level
+      name = package.name
+      locked_version = package.locked_version
+      requirement = package.dependency
+
+      raise GemNotFound,
+        "#{name} is locked to #{locked_version}, while Gemfile is requesting #{requirement}. " \
+        "--strict --#{level} was specified, but there are no #{level} level upgrades from #{locked_version} satisfying #{requirement}, so version solving has failed"
+    end
+
     def filter_matching_specs(specs, requirements)
       Array(requirements).flat_map do |requirement|
         specs.select {| spec| requirement_satisfied_by?(requirement, spec) }
@@ -357,12 +376,8 @@ module Bundler
       requirement.satisfied_by?(spec.version) || spec.source.is_a?(Source::Gemspec)
     end
 
-    def sort_versions(package, versions)
-      if versions.size > 1
-        @gem_version_promoter.sort_versions(package, versions).reverse
-      else
-        versions
-      end
+    def sort_versions_by_preferred(package, versions)
+      @gem_version_promoter.sort_versions(package, versions)
     end
 
     def repository_for(package)
@@ -379,12 +394,19 @@ module Bundler
 
         next [dep_package, dep_constraint] if name == "bundler"
 
-        versions = versions_for(dep_package, dep_constraint.range)
+        dep_range = dep_constraint.range
+        versions = select_sorted_versions(dep_package, dep_range)
         if versions.empty? && dep_package.ignores_prereleases?
+          @all_versions.delete(dep_package)
           @sorted_versions.delete(dep_package)
           dep_package.consider_prereleases!
-          versions = versions_for(dep_package, dep_constraint.range)
+          versions = select_sorted_versions(dep_package, dep_range)
         end
+
+        if versions.empty? && select_all_versions(dep_package, dep_range).any?
+          raise_all_versions_filtered_out!(dep_package)
+        end
+
         next [dep_package, dep_constraint] unless versions.empty?
 
         next unless dep_package.current_platform?
@@ -393,6 +415,14 @@ module Bundler
       end.compact.to_h
     end
 
+    def select_sorted_versions(package, range)
+      range.select_versions(@sorted_versions[package])
+    end
+
+    def select_all_versions(package, range)
+      range.select_versions(@all_versions[package])
+    end
+
     def other_specs_matching_message(specs, requirement)
       message = String.new("The source contains the following gems matching '#{requirement}':\n")
       message << specs.map {|s| "  * #{s.full_name}" }.join("\n")

data/lib/bundler/self_manager.rb

@@ -113,7 +113,7 @@ module Bundler
     end
 
     def local_specs
-      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true, "allow_cached" => true).specs.select {|spec| spec.name == "bundler" }
     end
 
     def remote_specs

data/lib/bundler/source/rubygems.rb

@@ -17,7 +17,7 @@ module Bundler
         @remotes = []
         @dependency_names = []
         @allow_remote = false
-        @allow_cached = false
+        @allow_cached = options["allow_cached"] || false
         @allow_local = options["allow_local"] || false
         @checksum_store = Checksum::Store.new
 
@@ -133,7 +133,7 @@ module Bundler
           # sources, and large_idx.merge! small_idx is way faster than
           # small_idx.merge! large_idx.
           index = @allow_remote ? remote_specs.dup : Index.new
-          index.merge!(cached_specs) if @allow_cached || @allow_remote
+          index.merge!(cached_specs) if @allow_cached
           index.merge!(installed_specs) if @allow_local
           index
         end

data/lib/bundler/source_list.rb

@@ -9,7 +9,7 @@ module Bundler
       :metadata_source
 
     def global_rubygems_source
-      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true, "allow_cached" => true)
     end
 
     def initialize
@@ -174,7 +174,7 @@ module Bundler
       replacement_source = replacement_sources.find {|s| s == global_rubygems_source }
       return global_rubygems_source unless replacement_source
 
-      replacement_source.local!
+      replacement_source.cached!
       replacement_source
     end
 

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.7".freeze
+  VERSION = "2.5.8".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.7
+  version: 2.5.8
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-03-22 00:00:00.000000000 Z
+date: 2024-04-11 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -189,6 +189,7 @@ files:
 - lib/bundler/plugin/index.rb
 - lib/bundler/plugin/installer.rb
 - lib/bundler/plugin/installer/git.rb
+- lib/bundler/plugin/installer/path.rb
 - lib/bundler/plugin/installer/rubygems.rb
 - lib/bundler/plugin/source_list.rb
 - lib/bundler/process_lock.rb
@@ -398,7 +399,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.7
+rubygems_version: 3.5.8
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies