RubyGems - bundler - Versions diffs - 2.6.5 → 2.7.1 - Mend

bundler 2.6.5 → 2.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +1172 -1024
data/README.md +7 -7
data/bundler.gemspec +2 -2
data/lib/bundler/build_metadata.rb +10 -11
data/lib/bundler/checksum.rb +22 -12
data/lib/bundler/cli/common.rb +1 -1
data/lib/bundler/cli/config.rb +2 -2
data/lib/bundler/cli/doctor/diagnose.rb +167 -0
data/lib/bundler/cli/doctor/ssl.rb +249 -0
data/lib/bundler/cli/doctor.rb +27 -155
data/lib/bundler/cli/gem.rb +62 -30
data/lib/bundler/cli/inject.rb +2 -2
data/lib/bundler/cli/install.rb +5 -5
data/lib/bundler/cli/issue.rb +2 -2
data/lib/bundler/cli/lock.rb +2 -1
data/lib/bundler/cli/outdated.rb +1 -1
data/lib/bundler/cli/update.rb +3 -3
data/lib/bundler/cli.rb +26 -49
data/lib/bundler/compact_index_client/cache.rb +1 -1
data/lib/bundler/compact_index_client/parser.rb +1 -1
data/lib/bundler/compact_index_client/updater.rb +2 -1
data/lib/bundler/compact_index_client.rb +1 -5
data/lib/bundler/current_ruby.rb +27 -3
data/lib/bundler/definition.rb +184 -151
data/lib/bundler/dependency.rb +1 -1
data/lib/bundler/dsl.rb +35 -26
data/lib/bundler/errors.rb +18 -0
data/lib/bundler/feature_flag.rb +15 -12
data/lib/bundler/fetcher/dependency.rb +2 -1
data/lib/bundler/fetcher/downloader.rb +33 -7
data/lib/bundler/fetcher.rb +49 -19
data/lib/bundler/friendly_errors.rb +3 -2
data/lib/bundler/index.rb +7 -2
data/lib/bundler/injector.rb +9 -9
data/lib/bundler/installer.rb +6 -5
data/lib/bundler/lazy_specification.rb +38 -19
data/lib/bundler/lockfile_parser.rb +29 -10
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +175 -129
data/lib/bundler/man/bundle-config.1.ronn +93 -88
data/lib/bundler/man/bundle-console.1 +1 -1
data/lib/bundler/man/bundle-doctor.1 +43 -4
data/lib/bundler/man/bundle-doctor.1.ronn +48 -4
data/lib/bundler/man/bundle-env.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +3 -3
data/lib/bundler/man/bundle-exec.1.ronn +2 -2
data/lib/bundler/man/bundle-fund.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +67 -44
data/lib/bundler/man/bundle-gem.1.ronn +8 -4
data/lib/bundler/man/bundle-help.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +2 -2
data/lib/bundler/man/bundle-inject.1.ronn +1 -1
data/lib/bundler/man/bundle-install.1 +4 -4
data/lib/bundler/man/bundle-install.1.ronn +3 -4
data/lib/bundler/man/bundle-issue.1 +1 -1
data/lib/bundler/man/bundle-licenses.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-plugin.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +5 -5
data/lib/bundler/man/bundle-update.1.ronn +4 -4
data/lib/bundler/man/bundle-version.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/match_platform.rb +31 -12
data/lib/bundler/materialization.rb +2 -2
data/lib/bundler/plugin/api/source.rb +1 -1
data/lib/bundler/plugin/index.rb +1 -1
data/lib/bundler/plugin/installer/path.rb +8 -0
data/lib/bundler/plugin.rb +1 -1
data/lib/bundler/resolver/candidate.rb +12 -9
data/lib/bundler/resolver/package.rb +1 -1
data/lib/bundler/resolver/strategy.rb +40 -0
data/lib/bundler/resolver.rb +18 -27
data/lib/bundler/rubygems_ext.rb +131 -120
data/lib/bundler/rubygems_integration.rb +11 -6
data/lib/bundler/runtime.rb +9 -6
data/lib/bundler/self_manager.rb +32 -42
data/lib/bundler/settings/validator.rb +0 -23
data/lib/bundler/settings.rb +4 -6
data/lib/bundler/shared_helpers.rb +10 -4
data/lib/bundler/source/gemspec.rb +1 -4
data/lib/bundler/source/git/git_proxy.rb +17 -6
data/lib/bundler/source/git.rb +5 -1
data/lib/bundler/source/path.rb +9 -2
data/lib/bundler/source/rubygems/remote.rb +11 -3
data/lib/bundler/source_list.rb +30 -16
data/lib/bundler/source_map.rb +1 -1
data/lib/bundler/spec_set.rb +55 -16
data/lib/bundler/templates/Executable +0 -11
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -0
data/lib/bundler/templates/newgem/newgem.gemspec.tt +6 -5
data/lib/bundler/ui/shell.rb +2 -2
data/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +53 -3
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +11 -0
data/lib/bundler/vendor/net-http-persistent/README.rdoc +1 -1
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +2 -1
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +81 -42
data/lib/bundler/vendor/pub_grub/lib/pub_grub/basic_package_source.rb +4 -24
data/lib/bundler/vendor/pub_grub/lib/pub_grub/strategy.rb +42 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_range.rb +20 -8
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb +17 -29
data/lib/bundler/vendor/uri/lib/uri/common.rb +7 -3
data/lib/bundler/vendor/uri/lib/uri/generic.rb +12 -11
data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +6 -6
data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/lib/bundler/version.rb +10 -2
data/lib/bundler/worker.rb +1 -1
data/lib/bundler.rb +14 -12
metadata +9 -16
data/lib/bundler/compact_index_client/gem_parser.rb +0 -32
data/lib/bundler/gem_helpers.rb +0 -144
data/lib/bundler/templates/Executable.bundler +0 -109
data/lib/bundler/vendor/connection_pool/.document +0 -1
data/lib/bundler/vendor/fileutils/.document +0 -1
data/lib/bundler/vendor/net-http-persistent/.document +0 -1
data/lib/bundler/vendor/pub_grub/.document +0 -1
data/lib/bundler/vendor/securerandom/.document +0 -1
data/lib/bundler/vendor/thor/.document +0 -1
data/lib/bundler/vendor/tsort/.document +0 -1
data/lib/bundler/vendor/uri/.document +0 -1

data/lib/bundler/definition.rb CHANGED Viewed

@@ -4,8 +4,6 @@ require_relative "lockfile_parser"
 module Bundler
   class Definition
-    include GemHelpers
     class << self
       # Do not create or modify a lockfile (Makes #lock a noop)
       attr_accessor :no_lock
@@ -62,6 +60,7 @@ module Bundler
       if unlock == true
         @unlocking_all = true
+        strict = false
         @unlocking_bundler = false
         @unlocking = unlock
         @sources_to_unlock = []
@@ -70,6 +69,7 @@ module Bundler
         conservative = false
       else
         @unlocking_all = false
+        strict = unlock.delete(:strict)
         @unlocking_bundler = unlock.delete(:bundler)
         @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
         @sources_to_unlock = unlock.delete(:sources) || []
@@ -94,11 +94,12 @@ module Bundler
       @locked_ruby_version = nil
       @new_platforms = []
-      @removed_platform = nil
+      @removed_platforms = []
+      @originally_invalid_platforms = []
       if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
-        @locked_gems = LockfileParser.new(@lockfile_contents)
+        @locked_gems = LockfileParser.new(@lockfile_contents, strict: strict)
         @locked_platforms = @locked_gems.platforms
         @most_specific_locked_platform = @locked_gems.most_specific_locked_platform
         @platforms = @locked_platforms.dup
@@ -147,9 +148,8 @@ module Bundler
       @current_platform_missing = add_current_platform unless Bundler.frozen_bundle?
-      converge_path_sources_to_gemspec_sources
-      @path_changes = converge_paths
       @source_changes = converge_sources
+      @path_changes = converge_paths
       if conservative
         @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
@@ -257,7 +257,7 @@ module Bundler
     rescue BundlerError => e
       @resolve = nil
       @resolver = nil
-      @resolution_packages = nil
+      @resolution_base = nil
       @source_requirements = nil
       @specs = nil
@@ -282,7 +282,7 @@ module Bundler
     end
     def filter_relevant(dependencies)
-      platforms_array = [generic_local_platform].freeze
+      platforms_array = [Bundler.generic_local_platform].freeze
       dependencies.select do |d|
         d.should_include? && !d.gem_platforms(platforms_array).empty?
       end
@@ -330,18 +330,14 @@ module Bundler
           SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
         else
           Bundler.ui.debug "Found no changes, using resolution from the lockfile"
-          if @removed_platform || @locked_gems.may_include_redundant_platform_specific_gems?
+          if @removed_platforms.any? || @locked_gems.may_include_redundant_platform_specific_gems?
             SpecSet.new(filter_specs(@locked_specs, @dependencies))
           else
             @locked_specs
           end
         end
       else
-        if lockfile_exists?
-          Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
-        else
-          Bundler.ui.debug "Resolving dependencies because there's no lockfile"
-        end
+        Bundler.ui.debug resolve_needed_reason
         start_resolution
       end
@@ -412,41 +408,8 @@ module Bundler
       raise ProductionError, "Frozen mode is set, but there's no lockfile" unless lockfile_exists?
-      added =   []
-      deleted = []
-      changed = []
-      new_platforms = @platforms - @locked_platforms
-      deleted_platforms = @locked_platforms - @platforms
-      added.concat new_platforms.map {|p| "* platform: #{p}" }
-      deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
-      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
-      both_sources = Hash.new {|h, k| h[k] = [] }
-      current_dependencies.each {|d| both_sources[d.name][0] = d }
-      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
-      both_sources.each do |name, (dep, lock_dep)|
-        next if dep.nil? || lock_dep.nil?
-        gemfile_source = dep.source || default_source
-        lock_source = lock_dep.source || default_source
-        next if lock_source.include?(gemfile_source)
-        gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
-        lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source"
-        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
-      end
-      reason = resolve_needed? ? change_reason : "some dependencies were deleted from your gemfile"
-      msg = String.new
-      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set"
-      msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
-      msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
-      msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n" unless unlocking?
+      msg = lockfile_changes_summary("frozen mode is set")
+      return unless msg
       unless explicit_flag
         suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
@@ -456,7 +419,7 @@ module Bundler
                "freeze by running `#{suggested_command}`." if suggested_command
       end
-      raise ProductionError, msg if added.any? || deleted.any? || changed.any? || resolve_needed?
+      raise ProductionError, msg
     end
     def validate_runtime!
@@ -493,12 +456,12 @@ module Bundler
       return if current_platform_locked? || @platforms.include?(Gem::Platform::RUBY)
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
-        "but your local platform is #{local_platform}. " \
-        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
+        "but your local platform is #{Bundler.local_platform}. " \
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{Bundler.local_platform}` and try again."
     end
     def normalize_platforms
-      @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
+      resolve.normalize_platforms!(current_dependencies, platforms)
       @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
     end
@@ -511,10 +474,10 @@ module Bundler
     end
     def remove_platform(platform)
-      removed_platform = @platforms.delete(Gem::Platform.new(platform))
-      @removed_platform ||= removed_platform
-      return if removed_platform
-      raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}"
+      raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}" unless @platforms.include?(platform)
+      @removed_platforms << platform
+      @platforms.delete(platform)
     end
     def nothing_changed?
@@ -541,6 +504,45 @@ module Bundler
     private
+    def lockfile_changes_summary(update_refused_reason)
+      added =   []
+      deleted = []
+      changed = []
+      added.concat @new_platforms.map {|p| "* platform: #{p}" }
+      deleted.concat @removed_platforms.map {|p| "* platform: #{p}" }
+      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
+      both_sources = Hash.new {|h, k| h[k] = [] }
+      current_dependencies.each {|d| both_sources[d.name][0] = d }
+      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
+        gemfile_source = dep.source || default_source
+        lock_source = lock_dep.source || default_source
+        next if lock_source.include?(gemfile_source)
+        gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
+      end
+      return unless added.any? || deleted.any? || changed.any? || resolve_needed?
+      msg = String.new("#{change_reason.capitalize.strip}, but ")
+      msg << "the lockfile " unless msg.start_with?("Your lockfile")
+      msg << "can't be updated because #{update_refused_reason}"
+      msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
+      msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
+      msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_lockfile_path} to version control.\n" unless unlocking?
+      msg
+    end
     def install_needed?
       resolve_needed? || missing_specs?
     end
@@ -556,6 +558,7 @@ module Bundler
         @local_changes ||
         @missing_lockfile_dep ||
         @unlocking_bundler ||
+        @locked_spec_with_missing_checksums ||
         @locked_spec_with_missing_deps ||
         @locked_spec_with_invalid_deps
     end
@@ -565,7 +568,7 @@ module Bundler
     end
     def should_add_extra_platforms?
-      !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
+      !lockfile_exists? && Bundler::MatchPlatform.generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
     end
     def lockfile_exists?
@@ -601,13 +604,17 @@ module Bundler
         return
       end
-      SharedHelpers.filesystem_access(file) do |p|
-        File.open(p, "wb") {|f| f.puts(contents) }
+      begin
+        SharedHelpers.filesystem_access(file) do |p|
+          File.open(p, "wb") {|f| f.puts(contents) }
+        end
+      rescue ReadOnlyFileSystemError
+        raise ProductionError, lockfile_changes_summary("file system is read-only")
       end
     end
     def resolver
-      @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
     end
     def expanded_dependencies
@@ -621,14 +628,15 @@ module Bundler
       [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
-    def resolution_packages
-      @resolution_packages ||= begin
+    def resolution_base
+      @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: @new_platforms)
-        packages = additional_base_requirements_to_prevent_downgrades(packages)
-        packages = additional_base_requirements_to_force_updates(packages)
-        packages
+        new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
+        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = additional_base_requirements_to_prevent_downgrades(base)
+        base = additional_base_requirements_to_force_updates(base)
+        base
       end
     end
@@ -703,8 +711,7 @@ module Bundler
         still_incomplete_specs = resolve.incomplete_specs
         if still_incomplete_specs == incomplete_specs
-          package = resolution_packages.get_package(incomplete_specs.first.name)
-          resolver.raise_not_found! package
+          resolver.raise_incomplete! incomplete_specs
         end
         incomplete_specs = still_incomplete_specs
@@ -726,28 +733,40 @@ module Bundler
     end
     def reresolve_without(incomplete_specs)
-      resolution_packages.delete(incomplete_specs)
+      resolution_base.delete(incomplete_specs)
       @resolve = start_resolution
     end
     def start_resolution
-      local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(local_platform)
-      @platforms << local_platform if local_platform_needed_for_resolvability
+      local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(Bundler.local_platform)
+      @platforms << Bundler.local_platform if local_platform_needed_for_resolvability
       add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
       result = SpecSet.new(resolver.start)
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+      @new_platforms.each do |platform|
+        incomplete_specs = result.incomplete_specs_for_platform(current_dependencies, platform)
+        if incomplete_specs.any?
+          resolver.raise_incomplete! incomplete_specs
+        end
+      end
       if @most_specific_non_local_locked_platform
-        if spec_set_incomplete_for_platform?(result, @most_specific_non_local_locked_platform)
+        if result.incomplete_for_platform?(current_dependencies, @most_specific_non_local_locked_platform)
           @platforms.delete(@most_specific_non_local_locked_platform)
         elsif local_platform_needed_for_resolvability
-          @platforms.delete(local_platform)
+          @platforms.delete(Bundler.local_platform)
         end
       end
-      @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
+      if should_add_extra_platforms?
+        result.add_extra_platforms!(platforms)
+      elsif @originally_invalid_platforms.any?
+        result.add_originally_invalid_platforms!(platforms, @originally_invalid_platforms)
+      end
       SpecSet.new(result.for(dependencies, @platforms | [Gem::Platform::RUBY]))
     end
@@ -758,18 +777,17 @@ module Bundler
     def current_platform_locked?
       @platforms.any? do |bundle_platform|
-        generic_local_platform == bundle_platform || local_platform === bundle_platform
+        Bundler.generic_local_platform == bundle_platform || Bundler.local_platform === bundle_platform
       end
     end
     def add_current_platform
-      return if @platforms.include?(local_platform)
+      return if @platforms.include?(Bundler.local_platform)
       @most_specific_non_local_locked_platform = find_most_specific_locked_platform
       return if @most_specific_non_local_locked_platform
-      @new_platforms << local_platform
-      @platforms << local_platform
+      @platforms << Bundler.local_platform
       true
     end
@@ -779,32 +797,58 @@ module Bundler
       @most_specific_locked_platform
     end
-    def change_reason
-      if unlocking?
-        unlock_targets = if @gems_to_unlock.any?
-          ["gems", @gems_to_unlock]
-        elsif @sources_to_unlock.any?
-          ["sources", @sources_to_unlock]
+    def resolve_needed_reason
+      if lockfile_exists?
+        if unlocking?
+          "Re-resolving dependencies because #{unlocking_reason}"
+        else
+          "Found changes from the lockfile, re-resolving dependencies because #{lockfile_changed_reason}"
         end
+      else
+        "Resolving dependencies because there's no lockfile"
+      end
+    end
-        unlock_reason = if unlock_targets
-          "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+    def change_reason
+      if resolve_needed?
+        if unlocking?
+          unlocking_reason
         else
-          @unlocking_ruby ? "ruby" : ""
+          lockfile_changed_reason
         end
+      else
+        "some dependencies were deleted from your gemfile"
+      end
+    end
-        return "bundler is unlocking #{unlock_reason}"
+    def unlocking_reason
+      unlock_targets = if @gems_to_unlock.any?
+        ["gems", @gems_to_unlock]
+      elsif @sources_to_unlock.any?
+        ["sources", @sources_to_unlock]
+      end
+      unlock_reason = if unlock_targets
+        "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+      else
+        @unlocking_ruby ? "ruby" : ""
       end
+      "bundler is unlocking #{unlock_reason}"
+    end
+    def lockfile_changed_reason
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
-        [@current_platform_missing, "your lockfile does not include the current platform"],
-        [@new_platforms.any?, "you added a new platform to your gemfile"],
+        [@current_platform_missing, "your lockfile is missing the current platform"],
+        [@new_platforms.any?, "you are adding a new platform to your lockfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@missing_lockfile_dep, "your lockfile is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
-        [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
+        [@locked_spec_with_missing_checksums, "your lockfile is missing a CHECKSUMS entry for \"#{@locked_spec_with_missing_checksums}\""],
+        [@locked_spec_with_missing_deps, "your lockfile includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
         [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
     end
@@ -821,8 +865,8 @@ module Bundler
       !locked || dependencies_for_source_changed?(source, locked) || specs_for_source_changed?(source)
     end
-    def dependencies_for_source_changed?(source, locked_source = source)
-      deps_for_source = @dependencies.select {|s| s.source == source }
+    def dependencies_for_source_changed?(source, locked_source)
+      deps_for_source = @dependencies.select {|dep| dep.source == source }
       locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
       deps_for_source.uniq.sort != locked_deps_for_source.sort
@@ -830,7 +874,7 @@ module Bundler
     def specs_for_source_changed?(source)
       locked_index = Index.new
-      locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
+      locked_index.use(@locked_specs.select {|s| s.replace_source_with!(source) })
       !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
@@ -862,21 +906,27 @@ module Bundler
     def check_lockfile
       @locked_spec_with_invalid_deps = nil
       @locked_spec_with_missing_deps = nil
+      @locked_spec_with_missing_checksums = nil
-      missing = []
+      missing_deps = []
+      missing_checksums = []
       invalid = []
       @locked_specs.each do |s|
+        missing_checksums << s if @locked_checksums && s.source.checksum_store.missing?(s)
         validation = @locked_specs.validate_deps(s)
-        missing << s if validation == :missing
+        missing_deps << s if validation == :missing
         invalid << s if validation == :invalid
       end
-      if missing.any?
-        @locked_specs.delete(missing)
+      @locked_spec_with_missing_checksums = missing_checksums.first.name if missing_checksums.any?
+      if missing_deps.any?
+        @locked_specs.delete(missing_deps)
-        @locked_spec_with_missing_deps = missing.first.name
+        @locked_spec_with_missing_deps = missing_deps.first.name
       end
       if invalid.any?
@@ -892,24 +942,6 @@ module Bundler
       end
     end
-    def converge_path_source_to_gemspec_source(source)
-      return source unless source.instance_of?(Source::Path)
-      gemspec_source = sources.path_sources.find {|s| s.is_a?(Source::Gemspec) && s.as_path_source == source }
-      gemspec_source || source
-    end
-    def converge_path_sources_to_gemspec_sources
-      @locked_sources.map! do |source|
-        converge_path_source_to_gemspec_source(source)
-      end
-      @locked_specs.each do |spec|
-        spec.source &&= converge_path_source_to_gemspec_source(spec.source)
-      end
-      @locked_deps.each do |_, dep|
-        dep.source &&= converge_path_source_to_gemspec_source(dep.source)
-      end
-    end
     def converge_sources
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
@@ -952,11 +984,17 @@ module Bundler
         unless name == "bundler"
           locked_specs = @originally_locked_specs[name]
-          if locked_specs.any? && !dep.matches_spec?(locked_specs.first)
-            @gems_to_unlock << name
-            dep_changed = true
-          elsif locked_specs.empty? && dep_changed == false
-            @missing_lockfile_dep = name
+          if locked_specs.empty?
+            @missing_lockfile_dep = name if dep_changed == false
+          else
+            if locked_specs.map(&:source).uniq.size > 1
+              @locked_specs.delete(locked_specs.select {|s| s.source != dep.source })
+            end
+            unless dep.matches_spec?(locked_specs.first)
+              @gems_to_unlock << name
+              dep_changed = true
+            end
           end
         end
@@ -999,17 +1037,16 @@ module Bundler
         lockfile_source = s.source
         if dep
-          gemfile_source = dep.source || default_source
-          deps << dep if !dep.source || lockfile_source.include?(dep.source) || new_deps.include?(dep)
+          replacement_source = dep.source
-          # Replace the locked dependency's source with the equivalent source from the Gemfile
-          s.source = gemfile_source
+          deps << dep if !replacement_source || lockfile_source.include?(replacement_source) || new_deps.include?(dep)
         else
-          # Replace the locked dependency's source with the default source, if the locked source is no longer in the Gemfile
-          s.source = default_source unless sources.get(lockfile_source)
+          replacement_source = sources.get(lockfile_source)
         end
+        # Replace the locked dependency's source with the equivalent source from the Gemfile
+        s.source = replacement_source || default_source
         source = s.source
         next if @sources_to_unlock.include?(source.name)
@@ -1093,27 +1130,27 @@ module Bundler
       current == proposed
     end
-    def additional_base_requirements_to_prevent_downgrades(resolution_packages)
-      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+    def additional_base_requirements_to_prevent_downgrades(resolution_base)
+      return resolution_base unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
       @originally_locked_specs.each do |locked_spec|
         next if locked_spec.source.is_a?(Source::Path)
         name = locked_spec.name
         next if @changed_dependencies.include?(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
+        resolution_base.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
-      resolution_packages
+      resolution_base
     end
-    def additional_base_requirements_to_force_updates(resolution_packages)
-      return resolution_packages if @explicit_unlocks.empty?
+    def additional_base_requirements_to_force_updates(resolution_base)
+      return resolution_base if @explicit_unlocks.empty?
       full_update = dup_for_full_unlock.resolve
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
+        resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
-      resolution_packages
+      resolution_base
     end
     def dup_for_full_unlock
@@ -1130,20 +1167,16 @@ module Bundler
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
-      platforms.reverse_each do |platform|
-        next if local_platform == platform ||
-                @new_platforms.include?(platform) ||
-                @path_changes ||
-                @dependency_changes ||
-                @locked_spec_with_invalid_deps ||
-                !spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
+      skips = (@new_platforms + [Bundler.local_platform]).uniq
-        remove_platform(platform)
-      end
-    end
+      # We should probably avoid removing non-ruby platforms, since that means
+      # lockfile will no longer install on those platforms, so a error to give
+      # heads up to the user may be better. However, we have tests expecting
+      # non ruby platform autoremoval to work, so leaving that in place for
+      # now.
+      skips |= platforms - [Gem::Platform::RUBY] if @dependency_changes
-    def spec_set_incomplete_for_platform?(spec_set, platform)
-      spec_set.incomplete_for_platform?(current_dependencies, platform)
+      @originally_invalid_platforms = @originally_locked_specs.remove_invalid_platforms!(current_dependencies, platforms, skips: skips)
     end
     def source_map

data/lib/bundler/dependency.rb CHANGED Viewed

@@ -99,7 +99,7 @@ module Bundler
       return RUBY_PLATFORM_ARRAY if force_ruby_platform
       return valid_platforms if platforms.empty?
-      valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }
+      valid_platforms.select {|p| expanded_platforms.include?(Gem::Platform.generic(p)) }
     end
     def expanded_platforms