bundler 2.6.3 → 2.6.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3feddb9042d8a7e98b180bdccc1fc1589782cbd67d813abb63aac8a84028a811
-  data.tar.gz: 2f8ed118d6ca1e4e4301e977e23bd94897bbb5fc79c8b4a5799fe47f3ee306f1
+  metadata.gz: 855ce06e8526e58b49de6b5872997ade47beb38288f5cf783ad551417accfa2c
+  data.tar.gz: bfa8b4371917aa0b993a31d9452196c00239de57803b0a233795040be5e158f0
 SHA512:
-  metadata.gz: 628abd13ffccef88bb5eebf10c73bc40157b8cd0e5d1b07930be534b5b161732710c5794fd5efa830a7d493f2af0bf58bf1aa3601ea9ba0c56aee8f2ca0cdd77
-  data.tar.gz: fbca6f3eba226a373edce1d0987a31d07fbb0ea0ce8d8ebd05cda8a6184c22158a25090317173f4b1e839d6b45c31bfe9dee9f7cb8c26bbfb05670947fe8bf09
+  metadata.gz: bdf0dab626499ae76ef5fae750d9354c8c064fc19cb4b357de8e11bb1036246d8b0aed7fe12d2dbec3a81745db31b6268c4c4fec14111c5b224c96217834f8d9
+  data.tar.gz: c297223566644f831412d15723e0cd96a1f9d7c9d6d2985596716dd1a00d7b3f386014402403fbefb0fa0805e36662de35268bd3b2ab7168ce08f1ee34a31f29

data/CHANGELOG.md

@@ -1,3 +1,116 @@
+# 2.6.9 (May 13, 2025)
+
+## Enhancements:
+
+  - Fix doctor command parsing of otool output [#8665](https://github.com/rubygems/rubygems/pull/8665)
+  - Add SSL troubleshooting to `bundle doctor` [#8624](https://github.com/rubygems/rubygems/pull/8624)
+  - Let `bundle lock --normalize-platforms` remove invalid platforms [#8631](https://github.com/rubygems/rubygems/pull/8631)
+
+## Bug fixes:
+
+  - Fix `bundle lock` sometimes allowing invalid platforms into the lockfile [#8630](https://github.com/rubygems/rubygems/pull/8630)
+  - Fix false positive warning about insecure materialization in frozen mode [#8629](https://github.com/rubygems/rubygems/pull/8629)
+
+# 2.6.8 (April 13, 2025)
+
+## Enhancements:
+
+  - Refine `bundle update --verbose` logs [#8627](https://github.com/rubygems/rubygems/pull/8627)
+  - Improve bug report instructions [#8607](https://github.com/rubygems/rubygems/pull/8607)
+
+## Bug fixes:
+
+  - Fix `bundle update` crash in an edge case [#8626](https://github.com/rubygems/rubygems/pull/8626)
+  - Fix `bundle lock --normalize-platforms` regression [#8620](https://github.com/rubygems/rubygems/pull/8620)
+
+# 2.6.7 (April 3, 2025)
+
+## Enhancements:
+
+  - Fix crash when server compact index API implementation only lists versions [#8594](https://github.com/rubygems/rubygems/pull/8594)
+  - Fix lockfile when a gem ends up accidentally under two different sources [#8579](https://github.com/rubygems/rubygems/pull/8579)
+  - Refuse to install and print an error in frozen mode if some entries are missing in CHECKSUMS lockfile section [#8563](https://github.com/rubygems/rubygems/pull/8563)
+  - Support git 2.49 [#8581](https://github.com/rubygems/rubygems/pull/8581)
+  - Improve wording of a few messages [#8570](https://github.com/rubygems/rubygems/pull/8570)
+
+## Bug fixes:
+
+  - Fix `bundle add` sometimes generating invalid lockfiles [#8586](https://github.com/rubygems/rubygems/pull/8586)
+
+## Performance:
+
+  - Implement pub_grub strategy interface [#8589](https://github.com/rubygems/rubygems/pull/8589)
+  - Update vendored pub_grub [#8571](https://github.com/rubygems/rubygems/pull/8571)
+
+# 2.6.6 (March 13, 2025)
+
+## Enhancements:
+
+  - Fix `ENAMETOOLONG` error when creating compact index cache [#5578](https://github.com/rubygems/rubygems/pull/5578)
+  - Use shorthand hash syntax for bundle add [#8547](https://github.com/rubygems/rubygems/pull/8547)
+  - Update vendored uri to 1.0.3 [#8534](https://github.com/rubygems/rubygems/pull/8534)
+  - Retry gracefully on blank partial response in compact index [#8524](https://github.com/rubygems/rubygems/pull/8524)
+  - Give a better error when trying to write the lock file on a read-only filesystem [#5920](https://github.com/rubygems/rubygems/pull/5920)
+  - Improve log messages when lockfile platforms are added [#8523](https://github.com/rubygems/rubygems/pull/8523)
+  - Allow noop `bundle install` to work on read-only or protected folders [#8519](https://github.com/rubygems/rubygems/pull/8519)
+
+## Bug fixes:
+
+  - Detect partial gem installs from a git source so that they are reinstalled on a successive run [#8539](https://github.com/rubygems/rubygems/pull/8539)
+  - Modify `bundle doctor` to not report issue when files aren't writable [#8520](https://github.com/rubygems/rubygems/pull/8520)
+
+## Performance:
+
+  - Optimize resolution by removing an array allocation from `Candidate#<=>` [#8559](https://github.com/rubygems/rubygems/pull/8559)
+
+## Documentation:
+
+  - Update docs for with/without consistency [#8555](https://github.com/rubygems/rubygems/pull/8555)
+  - Recommend non-deprecated methods in `bundle exec` documentation [#8537](https://github.com/rubygems/rubygems/pull/8537)
+  - Hint about default group when using `only` configuration option [#8536](https://github.com/rubygems/rubygems/pull/8536)
+
+# 2.6.5 (February 20, 2025)
+
+## Enhancements:
+
+  - Fix lockfile platforms inconveniently added on JRuby [#8494](https://github.com/rubygems/rubygems/pull/8494)
+
+## Bug fixes:
+
+  - Fix resolver issue due to ill-defined version ranges being created [#8503](https://github.com/rubygems/rubygems/pull/8503)
+  - Make sure empty gems are not reinstalled every time [#8502](https://github.com/rubygems/rubygems/pull/8502)
+
+# 2.6.4 (February 17, 2025)
+
+## Enhancements:
+
+  - Make Bundler never instantiate development dependencies [#8486](https://github.com/rubygems/rubygems/pull/8486)
+  - Fix some invalid options to `gem` DSL not getting reported as invalid [#8480](https://github.com/rubygems/rubygems/pull/8480)
+  - Add `irb` to a Gemfile for a newly created gem [#8467](https://github.com/rubygems/rubygems/pull/8467)
+  - Auto-heal empty installation directory [#8457](https://github.com/rubygems/rubygems/pull/8457)
+  - Fix `bundle console` unnecessarily trying to load IRB twice [#8443](https://github.com/rubygems/rubygems/pull/8443)
+  - Add ruby_34 and ruby_35 as valid platform: [#8430](https://github.com/rubygems/rubygems/pull/8430)
+  - Consider gems under `platform: :windows` filter in Gemfile when running on Windows with ARM architecture [#8428](https://github.com/rubygems/rubygems/pull/8428)
+
+## Bug fixes:
+
+  - Fix regression when running `bundle update <foo>` would sometimes downgrade a top level dependency [#8491](https://github.com/rubygems/rubygems/pull/8491)
+  - Fix dependency locking when Bundler finds incorrect lockfile dependencies [#8489](https://github.com/rubygems/rubygems/pull/8489)
+  - Raise error when lockfile is missing deps in frozen mode [#8483](https://github.com/rubygems/rubygems/pull/8483)
+  - Fix `bundle install --prefer-local` sometimes installing very old versions [#8484](https://github.com/rubygems/rubygems/pull/8484)
+  - Fix incorrect error message when running `bundle update` in frozen mode [#8481](https://github.com/rubygems/rubygems/pull/8481)
+  - Keep platform variants in `vendor/cache` even if incompatible with the current Ruby version [#8471](https://github.com/rubygems/rubygems/pull/8471)
+  - Fix `bundle console` printing bug report template incorrectly [#8436](https://github.com/rubygems/rubygems/pull/8436)
+  - Fix `--prefer-local` not respecting default gems [#8412](https://github.com/rubygems/rubygems/pull/8412)
+
+## Performance:
+
+  - Improve resolution performance [#8458](https://github.com/rubygems/rubygems/pull/8458)
+
+## Documentation:
+
+  - Fix more broken links [#8416](https://github.com/rubygems/rubygems/pull/8416)
+
 # 2.6.3 (January 16, 2025)
 
 ## Enhancements:
@@ -1249,7 +1362,7 @@
   - Enable parallel installation on Windows by default [#4822](https://github.com/rubygems/rubygems/pull/4822)
   - More logging when compact index is not used and we fallback to other APIs [#4546](https://github.com/rubygems/rubygems/pull/4546)
   - `bundle gem` generated MiniTest file and class now start with 'test' [#3893](https://github.com/rubygems/rubygems/pull/3893)
-  - Add `Bundler::Definition.no_lock` accessor for skipping lock file creation/update [#3401](https://github.com/rubygems/rubygems/pull/3401)
+  - Add `Bundler::Definition.no_lock` accessor for skipping lockfile creation/update [#3401](https://github.com/rubygems/rubygems/pull/3401)
 
 ## Bug fixes:
 
@@ -1991,7 +2104,7 @@
   - Fix `bundle outdated --group NAME` when the group is listed second in the Gemfile ([#6116](https://github.com/rubygems/bundler/pull/6116))
   - Improve conflict resolution messages by not calling "ruby" a gem when conflict happens in the `required_ruby_version`, and by filtering out requirements that didn't contribute to the conflict ([#6647](https://github.com/rubygems/bundler/pull/6647))
   - Avoid fetching and rebuilding git gems whenever any gem is changed in the Gemfile ([#6711](https://github.com/rubygems/bundler/pull/6711))
-  - Include the exact bundler version in the lock file in the suggested command when bundler warns about version mismatches of itself [#6971](https://github.com/rubygems/bundler/pull/6971)
+  - Include the exact bundler version in the lockfile in the suggested command when bundler warns about version mismatches of itself [#6971](https://github.com/rubygems/bundler/pull/6971)
   - Fix plugins being installed every time a command is run #[#6978](https://github.com/rubygems/bundler/pull/6978)
   - Fallback to sequentially fetching specs on 429s [#6728](https://github.com/rubygems/bundler/pull/6728)
   - Make `bundle clean` also clean native extensions for gems with a git source [#7058](https://github.com/rubygems/bundler/pull/7058)
@@ -3456,7 +3569,7 @@ Changes
 
 ## Bug fixes:
 
-  - Revert gem source sorting in lock files (@indirect)
+  - Revert gem source sorting in lockfiles (@indirect)
 
 # 1.7.1 (August 20, 2014)
 
@@ -3556,7 +3669,7 @@ Changes
   - redirects across hosts now work on rubies without OpenSSL ([#2686](https://github.com/rubygems/bundler/issues/2686), @grddev)
   - gemspecs now handle filenames with newlines ([#2634](https://github.com/rubygems/bundler/issues/2634), @jasonmp85)
   - support escaped characters in usernames and passwords (@punkie)
-  - no more exception on `update GEM` without lock file (@simi)
+  - no more exception on `update GEM` without lockfile (@simi)
   - allow long config values ([#2823](https://github.com/rubygems/bundler/issues/2823), @kgrz)
   - cache successfully even locked to gems shipped with Ruby ([#2869](https://github.com/rubygems/bundler/issues/2869), @aughr)
   - respect NO_PROXY even if a proxy is configured ([#2878](https://github.com/rubygems/bundler/issues/2878), @stlay)
@@ -3704,7 +3817,7 @@ Changes
 
 ## Bug fixes:
 
-  - make gemspec path option preserve relative paths in lock file (@bwillis)
+  - make gemspec path option preserve relative paths in lockfile (@bwillis)
   - use umask when creating binstubs ([#1618](https://github.com/rubygems/bundler/issues/1618), @v-yarotsky)
   - warn if graphviz is not installed ([#2435](https://github.com/rubygems/bundler/issues/2435), @Agis-)
   - show git errors while loading gemspecs
@@ -4593,7 +4706,7 @@ Changes
   - Skeleton gemspec now works with older versions of git
   - Fix shell quoting and ref fetching in GemHelper
   - Disable colored output in --deployment
-  - Preserve line endings in lock file
+  - Preserve line endings in lockfile
 
 ## Features:
 

data/README.md

@@ -41,7 +41,7 @@ To get in touch with the Bundler core team and other Bundler users, please join
 
 ### Contributing
 
-If you'd like to contribute to Bundler, that's awesome, and we <3 you. We've put together [the Bundler contributor guide](https://github.com/rubygems/rubygems/blob/master/bundler/doc/contributing/README.md) with all of the information you need to get started.
+If you'd like to contribute to Bundler, that's awesome, and we <3 you. We've put together [the Bundler contributor guide](https://github.com/rubygems/rubygems/blob/master/doc/bundler/contributing/README.md) with all of the information you need to get started.
 
 If you'd like to request a substantial change to Bundler or its documentation, refer to the [Bundler RFC process](https://github.com/rubygems/rfcs) for more information.
 

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2025-01-16".freeze
-    @git_commit_sha = "3c7c4ff2d8f".freeze
+    @built_at = "1980-01-02".freeze
+    @git_commit_sha = "8a2a14d63da".freeze
     @release = true
     # end ivars
 

data/lib/bundler/checksum.rb

@@ -126,7 +126,7 @@ module Bundler
       end
 
       def removable?
-        type == :lock || type == :gem
+        [:lock, :gem].include?(type)
       end
 
       def ==(other)
@@ -190,7 +190,7 @@ module Bundler
       def replace(spec, checksum)
         return unless checksum
 
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         @store_mutex.synchronize do
           existing = fetch_checksum(lock_name, checksum.algo)
           if !existing || existing.same_source?(checksum)
@@ -201,10 +201,12 @@ module Bundler
         end
       end
 
-      def register(spec, checksum)
-        return unless checksum
+      def missing?(spec)
+        @store[spec.lock_name].nil?
+      end
 
-        register_checksum(spec.name_tuple.lock_name, checksum)
+      def register(spec, checksum)
+        register_checksum(spec.lock_name, checksum)
       end
 
       def merge!(other)
@@ -216,9 +218,9 @@ module Bundler
       end
 
       def to_lock(spec)
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         checksums = @store[lock_name]
-        if checksums
+        if checksums&.any?
           "#{lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}"
         else
           lock_name
@@ -229,11 +231,15 @@ module Bundler
 
       def register_checksum(lock_name, checksum)
         @store_mutex.synchronize do
-          existing = fetch_checksum(lock_name, checksum.algo)
-          if existing
-            merge_checksum(lock_name, checksum, existing)
+          if checksum
+            existing = fetch_checksum(lock_name, checksum.algo)
+            if existing
+              merge_checksum(lock_name, checksum, existing)
+            else
+              store_checksum(lock_name, checksum)
+            end
           else
-            store_checksum(lock_name, checksum)
+            init_checksum(lock_name)
           end
         end
       end
@@ -243,7 +249,11 @@ module Bundler
       end
 
       def store_checksum(lock_name, checksum)
-        (@store[lock_name] ||= {})[checksum.algo] = checksum
+        init_checksum(lock_name)[checksum.algo] = checksum
+      end
+
+      def init_checksum(lock_name)
+        @store[lock_name] ||= {}
       end
 
       def fetch_checksum(lock_name, algo)

data/lib/bundler/cli/console.rb

@@ -20,9 +20,14 @@ module Bundler
       require name
       get_constant(name)
     rescue LoadError
-      Bundler.ui.error "Couldn't load console #{name}, falling back to irb"
-      require "irb"
-      get_constant("irb")
+      if name == "irb"
+        Bundler.ui.error "#{name} is not available"
+        exit 1
+      else
+        Bundler.ui.error "Couldn't load console #{name}, falling back to irb"
+        name = "irb"
+        retry
+      end
     end
 
     def get_constant(name)
@@ -32,9 +37,6 @@ module Bundler
         "irb" => :IRB,
       }[name]
       Object.const_get(const_name)
-    rescue NameError
-      Bundler.ui.error "Could not find constant #{const_name}"
-      exit 1
     end
   end
 end

data/lib/bundler/cli/doctor/diagnose.rb

@@ -0,0 +1,167 @@
+# frozen_string_literal: true
+
+require "rbconfig"
+require "shellwords"
+
+module Bundler
+  class CLI::Doctor::Diagnose
+    DARWIN_REGEX = /\s+(.+) \(compatibility /
+    LDD_REGEX = /\t\S+ => (\S+) \(\S+\)/
+
+    attr_reader :options
+
+    def initialize(options)
+      @options = options
+    end
+
+    def otool_available?
+      Bundler.which("otool")
+    end
+
+    def ldd_available?
+      Bundler.which("ldd")
+    end
+
+    def dylibs_darwin(path)
+      output = `/usr/bin/otool -L #{path.shellescape}`.chomp
+      dylibs = output.split("\n")[1..-1].filter_map {|l| l.match(DARWIN_REGEX)&.match(1) }.uniq
+      # ignore @rpath and friends
+      dylibs.reject {|dylib| dylib.start_with? "@" }
+    end
+
+    def dylibs_ldd(path)
+      output = `/usr/bin/ldd #{path.shellescape}`.chomp
+      output.split("\n").filter_map do |l|
+        match = l.match(LDD_REGEX)
+        next if match.nil?
+        match.captures[0]
+      end
+    end
+
+    def dylibs(path)
+      case RbConfig::CONFIG["host_os"]
+      when /darwin/
+        return [] unless otool_available?
+        dylibs_darwin(path)
+      when /(linux|solaris|bsd)/
+        return [] unless ldd_available?
+        dylibs_ldd(path)
+      else # Windows, etc.
+        Bundler.ui.warn("Dynamic library check not supported on this platform.")
+        []
+      end
+    end
+
+    def bundles_for_gem(spec)
+      Dir.glob("#{spec.full_gem_path}/**/*.bundle")
+    end
+
+    def lookup_with_fiddle(path)
+      require "fiddle"
+      Fiddle.dlopen(path)
+      false
+    rescue Fiddle::DLError
+      true
+    end
+
+    def check!
+      require_relative "../check"
+      Bundler::CLI::Check.new({}).run
+    end
+
+    def diagnose_ssl
+      require_relative "ssl"
+      Bundler::CLI::Doctor::SSL.new({}).run
+    end
+
+    def run
+      Bundler.ui.level = "warn" if options[:quiet]
+      Bundler.settings.validate!
+      check!
+      diagnose_ssl if options[:ssl]
+
+      definition = Bundler.definition
+      broken_links = {}
+
+      definition.specs.each do |spec|
+        bundles_for_gem(spec).each do |bundle|
+          bad_paths = dylibs(bundle).select do |f|
+            lookup_with_fiddle(f)
+          end
+          if bad_paths.any?
+            broken_links[spec] ||= []
+            broken_links[spec].concat(bad_paths)
+          end
+        end
+      end
+
+      permissions_valid = check_home_permissions
+
+      if broken_links.any?
+        message = "The following gems are missing OS dependencies:"
+        broken_links.flat_map do |spec, paths|
+          paths.uniq.map do |path|
+            "\n * #{spec.name}: #{path}"
+          end
+        end.sort.each {|m| message += m }
+        raise ProductionError, message
+      elsif permissions_valid
+        Bundler.ui.info "No issues found with the installed bundle"
+      end
+    end
+
+    private
+
+    def check_home_permissions
+      require "find"
+      files_not_readable = []
+      files_not_readable_and_owned_by_different_user = []
+      files_not_owned_by_current_user_but_still_readable = []
+      broken_symlinks = []
+      Find.find(Bundler.bundle_path.to_s).each do |f|
+        if !File.exist?(f)
+          broken_symlinks << f
+        elsif !File.readable?(f)
+          if File.stat(f).uid != Process.uid
+            files_not_readable_and_owned_by_different_user << f
+          else
+            files_not_readable << f
+          end
+        elsif File.stat(f).uid != Process.uid
+          files_not_owned_by_current_user_but_still_readable << f
+        end
+      end
+
+      ok = true
+
+      if broken_symlinks.any?
+        Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
+
+        ok = false
+      end
+
+      if files_not_owned_by_current_user_but_still_readable.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
+          "user, but are still readable. These files are:\n - #{files_not_owned_by_current_user_but_still_readable.join("\n - ")}"
+
+        ok = false
+      end
+
+      if files_not_readable_and_owned_by_different_user.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
+          "user, and are not readable. These files are:\n - #{files_not_readable_and_owned_by_different_user.join("\n - ")}"
+
+        ok = false
+      end
+
+      if files_not_readable.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are not " \
+          "readable by the current user. These files are:\n - #{files_not_readable.join("\n - ")}"
+
+        ok = false
+      end
+
+      ok
+    end
+  end
+end