bundler 2.6.5 → 2.6.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 244b150c10d3a97538eb2fca0bfd11f4f1d52498e017a412cb22cafab11b95d9
-  data.tar.gz: 3c09d427c503b26379f13fdb225368e2d7987f9588b6f1c3e9691145fb8b90ba
+  metadata.gz: 9135fec12672acb616058b986f9ee528f8dbaf5b5452a413a93bf4188f381813
+  data.tar.gz: 8b5ffbe95febae6b17210c94972b43ecf3009c665720e976156a8ecbb4d0cc8b
 SHA512:
-  metadata.gz: 9edd329b4f4e36c9bfce9ad4468f764d011afe7f774439d6700f49064201fbe06bf1c374a938a96ae24933df34344c142f6db071324306b4255a235da2f1ff20
-  data.tar.gz: e26f55ba1f69d938047333d1065f1cc75ebf4c865ba966ba5355084681263392928c3f902fbd26d94077ac51dabfd1aacad4a2329b7c934fbc689f363761f4db
+  metadata.gz: 246ae795176220dde699c7d808bc876d4cbf0180b4eb58521efb6785ab699266ffbfbee550380e4e98c002a74cfca386eb7e238d37286775b7a870b4521abcda
+  data.tar.gz: '040083539b5e2bd6d968a80de1314c65bc46bb3652189dc0849b73653aed0825993770adc5e7eca99099078be3aba7b47cc34fe10e4c8bfa5fc6927328aaf12f'

data/CHANGELOG.md

@@ -1,3 +1,49 @@
+# 2.6.7 (April 3, 2025)
+
+## Enhancements:
+
+  - Fix crash when server compact index API implementation only lists versions [#8594](https://github.com/rubygems/rubygems/pull/8594)
+  - Fix lockfile when a gem ends up accidentally under two different sources [#8579](https://github.com/rubygems/rubygems/pull/8579)
+  - Refuse to install and print an error in frozen mode if some entries are missing in CHECKSUMS lockfile section [#8563](https://github.com/rubygems/rubygems/pull/8563)
+  - Support git 2.49 [#8581](https://github.com/rubygems/rubygems/pull/8581)
+  - Improve wording of a few messages [#8570](https://github.com/rubygems/rubygems/pull/8570)
+
+## Bug fixes:
+
+  - Fix `bundle add` sometimes generating invalid lockfiles [#8586](https://github.com/rubygems/rubygems/pull/8586)
+
+## Performance:
+
+  - Implement pub_grub strategy interface [#8589](https://github.com/rubygems/rubygems/pull/8589)
+  - Update vendored pub_grub [#8571](https://github.com/rubygems/rubygems/pull/8571)
+
+# 2.6.6 (March 13, 2025)
+
+## Enhancements:
+
+  - Fix `ENAMETOOLONG` error when creating compact index cache [#5578](https://github.com/rubygems/rubygems/pull/5578)
+  - Use shorthand hash syntax for bundle add [#8547](https://github.com/rubygems/rubygems/pull/8547)
+  - Update vendored uri to 1.0.3 [#8534](https://github.com/rubygems/rubygems/pull/8534)
+  - Retry gracefully on blank partial response in compact index [#8524](https://github.com/rubygems/rubygems/pull/8524)
+  - Give a better error when trying to write the lock file on a read-only filesystem [#5920](https://github.com/rubygems/rubygems/pull/5920)
+  - Improve log messages when lockfile platforms are added [#8523](https://github.com/rubygems/rubygems/pull/8523)
+  - Allow noop `bundle install` to work on read-only or protected folders [#8519](https://github.com/rubygems/rubygems/pull/8519)
+
+## Bug fixes:
+
+  - Detect partial gem installs from a git source so that they are reinstalled on a successive run [#8539](https://github.com/rubygems/rubygems/pull/8539)
+  - Modify `bundle doctor` to not report issue when files aren't writable [#8520](https://github.com/rubygems/rubygems/pull/8520)
+
+## Performance:
+
+  - Optimize resolution by removing an array allocation from `Candidate#<=>` [#8559](https://github.com/rubygems/rubygems/pull/8559)
+
+## Documentation:
+
+  - Update docs for with/without consistency [#8555](https://github.com/rubygems/rubygems/pull/8555)
+  - Recommend non-deprecated methods in `bundle exec` documentation [#8537](https://github.com/rubygems/rubygems/pull/8537)
+  - Hint about default group when using `only` configuration option [#8536](https://github.com/rubygems/rubygems/pull/8536)
+
 # 2.6.5 (February 20, 2025)
 
 ## Enhancements:
@@ -1291,7 +1337,7 @@
   - Enable parallel installation on Windows by default [#4822](https://github.com/rubygems/rubygems/pull/4822)
   - More logging when compact index is not used and we fallback to other APIs [#4546](https://github.com/rubygems/rubygems/pull/4546)
   - `bundle gem` generated MiniTest file and class now start with 'test' [#3893](https://github.com/rubygems/rubygems/pull/3893)
-  - Add `Bundler::Definition.no_lock` accessor for skipping lock file creation/update [#3401](https://github.com/rubygems/rubygems/pull/3401)
+  - Add `Bundler::Definition.no_lock` accessor for skipping lockfile creation/update [#3401](https://github.com/rubygems/rubygems/pull/3401)
 
 ## Bug fixes:
 
@@ -2033,7 +2079,7 @@
   - Fix `bundle outdated --group NAME` when the group is listed second in the Gemfile ([#6116](https://github.com/rubygems/bundler/pull/6116))
   - Improve conflict resolution messages by not calling "ruby" a gem when conflict happens in the `required_ruby_version`, and by filtering out requirements that didn't contribute to the conflict ([#6647](https://github.com/rubygems/bundler/pull/6647))
   - Avoid fetching and rebuilding git gems whenever any gem is changed in the Gemfile ([#6711](https://github.com/rubygems/bundler/pull/6711))
-  - Include the exact bundler version in the lock file in the suggested command when bundler warns about version mismatches of itself [#6971](https://github.com/rubygems/bundler/pull/6971)
+  - Include the exact bundler version in the lockfile in the suggested command when bundler warns about version mismatches of itself [#6971](https://github.com/rubygems/bundler/pull/6971)
   - Fix plugins being installed every time a command is run #[#6978](https://github.com/rubygems/bundler/pull/6978)
   - Fallback to sequentially fetching specs on 429s [#6728](https://github.com/rubygems/bundler/pull/6728)
   - Make `bundle clean` also clean native extensions for gems with a git source [#7058](https://github.com/rubygems/bundler/pull/7058)
@@ -3498,7 +3544,7 @@ Changes
 
 ## Bug fixes:
 
-  - Revert gem source sorting in lock files (@indirect)
+  - Revert gem source sorting in lockfiles (@indirect)
 
 # 1.7.1 (August 20, 2014)
 
@@ -3598,7 +3644,7 @@ Changes
   - redirects across hosts now work on rubies without OpenSSL ([#2686](https://github.com/rubygems/bundler/issues/2686), @grddev)
   - gemspecs now handle filenames with newlines ([#2634](https://github.com/rubygems/bundler/issues/2634), @jasonmp85)
   - support escaped characters in usernames and passwords (@punkie)
-  - no more exception on `update GEM` without lock file (@simi)
+  - no more exception on `update GEM` without lockfile (@simi)
   - allow long config values ([#2823](https://github.com/rubygems/bundler/issues/2823), @kgrz)
   - cache successfully even locked to gems shipped with Ruby ([#2869](https://github.com/rubygems/bundler/issues/2869), @aughr)
   - respect NO_PROXY even if a proxy is configured ([#2878](https://github.com/rubygems/bundler/issues/2878), @stlay)
@@ -3746,7 +3792,7 @@ Changes
 
 ## Bug fixes:
 
-  - make gemspec path option preserve relative paths in lock file (@bwillis)
+  - make gemspec path option preserve relative paths in lockfile (@bwillis)
   - use umask when creating binstubs ([#1618](https://github.com/rubygems/bundler/issues/1618), @v-yarotsky)
   - warn if graphviz is not installed ([#2435](https://github.com/rubygems/bundler/issues/2435), @Agis-)
   - show git errors while loading gemspecs
@@ -4635,7 +4681,7 @@ Changes
   - Skeleton gemspec now works with older versions of git
   - Fix shell quoting and ref fetching in GemHelper
   - Disable colored output in --deployment
-  - Preserve line endings in lock file
+  - Preserve line endings in lockfile
 
 ## Features:
 

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2025-02-20".freeze
-    @git_commit_sha = "cffd973142d".freeze
+    @built_at = "1980-01-02".freeze
+    @git_commit_sha = "32896b3570e".freeze
     @release = true
     # end ivars
 

data/lib/bundler/checksum.rb

@@ -126,7 +126,7 @@ module Bundler
       end
 
       def removable?
-        type == :lock || type == :gem
+        [:lock, :gem].include?(type)
       end
 
       def ==(other)
@@ -190,7 +190,7 @@ module Bundler
       def replace(spec, checksum)
         return unless checksum
 
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         @store_mutex.synchronize do
           existing = fetch_checksum(lock_name, checksum.algo)
           if !existing || existing.same_source?(checksum)
@@ -201,10 +201,12 @@ module Bundler
         end
       end
 
-      def register(spec, checksum)
-        return unless checksum
+      def missing?(spec)
+        @store[spec.lock_name].nil?
+      end
 
-        register_checksum(spec.name_tuple.lock_name, checksum)
+      def register(spec, checksum)
+        register_checksum(spec.lock_name, checksum)
       end
 
       def merge!(other)
@@ -216,9 +218,9 @@ module Bundler
       end
 
       def to_lock(spec)
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         checksums = @store[lock_name]
-        if checksums
+        if checksums&.any?
           "#{lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}"
         else
           lock_name
@@ -229,11 +231,15 @@ module Bundler
 
       def register_checksum(lock_name, checksum)
         @store_mutex.synchronize do
-          existing = fetch_checksum(lock_name, checksum.algo)
-          if existing
-            merge_checksum(lock_name, checksum, existing)
+          if checksum
+            existing = fetch_checksum(lock_name, checksum.algo)
+            if existing
+              merge_checksum(lock_name, checksum, existing)
+            else
+              store_checksum(lock_name, checksum)
+            end
           else
-            store_checksum(lock_name, checksum)
+            init_checksum(lock_name)
           end
         end
       end
@@ -243,7 +249,11 @@ module Bundler
       end
 
       def store_checksum(lock_name, checksum)
-        (@store[lock_name] ||= {})[checksum.algo] = checksum
+        init_checksum(lock_name)[checksum.algo] = checksum
+      end
+
+      def init_checksum(lock_name)
+        @store[lock_name] ||= {}
       end
 
       def fetch_checksum(lock_name, algo)

data/lib/bundler/cli/doctor.rb

@@ -99,7 +99,7 @@ module Bundler
           end
         end.sort.each {|m| message += m }
         raise ProductionError, message
-      elsif !permissions_valid
+      elsif permissions_valid
         Bundler.ui.info "No issues found with the installed bundle"
       end
     end
@@ -108,21 +108,21 @@ module Bundler
 
     def check_home_permissions
       require "find"
-      files_not_readable_or_writable = []
-      files_not_rw_and_owned_by_different_user = []
-      files_not_owned_by_current_user_but_still_rw = []
+      files_not_readable = []
+      files_not_readable_and_owned_by_different_user = []
+      files_not_owned_by_current_user_but_still_readable = []
       broken_symlinks = []
       Find.find(Bundler.bundle_path.to_s).each do |f|
         if !File.exist?(f)
           broken_symlinks << f
-        elsif !File.writable?(f) || !File.readable?(f)
+        elsif !File.readable?(f)
           if File.stat(f).uid != Process.uid
-            files_not_rw_and_owned_by_different_user << f
+            files_not_readable_and_owned_by_different_user << f
           else
-            files_not_readable_or_writable << f
+            files_not_readable << f
           end
         elsif File.stat(f).uid != Process.uid
-          files_not_owned_by_current_user_but_still_rw << f
+          files_not_owned_by_current_user_but_still_readable << f
         end
       end
 
@@ -134,23 +134,23 @@ module Bundler
         ok = false
       end
 
-      if files_not_owned_by_current_user_but_still_rw.any?
+      if files_not_owned_by_current_user_but_still_readable.any?
         Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
+          "user, but are still readable. These files are:\n - #{files_not_owned_by_current_user_but_still_readable.join("\n - ")}"
 
         ok = false
       end
 
-      if files_not_rw_and_owned_by_different_user.any?
+      if files_not_readable_and_owned_by_different_user.any?
         Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, and are not readable/writable. These files are:\n - #{files_not_rw_and_owned_by_different_user.join("\n - ")}"
+          "user, and are not readable. These files are:\n - #{files_not_readable_and_owned_by_different_user.join("\n - ")}"
 
         ok = false
       end
 
-      if files_not_readable_or_writable.any?
+      if files_not_readable.any?
         Bundler.ui.warn "Files exist in the Bundler home that are not " \
-          "readable/writable by the current user. These files are:\n - #{files_not_readable_or_writable.join("\n - ")}"
+          "readable by the current user. These files are:\n - #{files_not_readable.join("\n - ")}"
 
         ok = false
       end

data/lib/bundler/cli/inject.rb

@@ -35,8 +35,8 @@ module Bundler
         Bundler.ui.confirm(added.map do |d|
           name = "'#{d.name}'"
           requirement = ", '#{d.requirement}'"
-          group = ", :group => #{d.groups.inspect}" if d.groups != Array(:default)
-          source = ", :source => '#{d.source}'" unless d.source.nil?
+          group = ", group: #{d.groups.inspect}" if d.groups != Array(:default)
+          source = ", source: '#{d.source}'" unless d.source.nil?
           %(gem #{name}#{requirement}#{group}#{source})
         end.join("\n"))
       else

data/lib/bundler/cli/lock.rb

@@ -44,7 +44,8 @@ module Bundler
 
         Bundler::CLI::Common.configure_gem_version_promoter(definition, options) if options[:update]
 
-        options["remove-platform"].each do |platform|
+        options["remove-platform"].each do |platform_string|
+          platform = Gem::Platform.new(platform_string)
           definition.remove_platform(platform)
         end
 

data/lib/bundler/compact_index_client/cache.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "gem_parser"
+require "rubygems/resolver/api_set/gem_parser"
 
 module Bundler
   class CompactIndexClient

data/lib/bundler/compact_index_client/parser.rb

@@ -64,7 +64,7 @@ module Bundler
       end
 
       def gem_parser
-        @gem_parser ||= GemParser.new
+        @gem_parser ||= Gem::Resolver::APISet::GemParser.new
       end
 
       # This is mostly the same as `split(" ", 3)` but it avoids allocating extra objects.

data/lib/bundler/compact_index_client/updater.rb

@@ -37,7 +37,8 @@ module Bundler
           file.digests = parse_digests(response)
           # server may ignore Range and return the full response
           if response.is_a?(Gem::Net::HTTPPartialContent)
-            break false unless file.append(response.body.byteslice(1..-1))
+            tail = response.body.byteslice(1..-1)
+            break false unless tail && file.append(tail)
           else
             file.write(response.body)
           end