bundler 1.14.4 → 1.14.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e0f2e439c63ecff52ba92e4ad2909db13bb291c705609e245105a04a0ae89ac
-  data.tar.gz: 79b7f7de1d3cacf9ca9552fb0981bfbfb886c38d5667e2f12db52b429ba908a0
+  metadata.gz: 2100f5dffe1a1a753faca372bf1c5f3838715580c2acb0aa9513e938100575cc
+  data.tar.gz: c564d74033eefd53cdda1a9e5c8992e5090ac67c251c9c691ed2c51d692a0b6e
 SHA512:
-  metadata.gz: 31397cf61f59e568acfce1d5646303f18107679f3a3e0d9e87d360d95108eedab6ad303548863bf77329a6129fbeccf3958f4939676017f548067100efbecc10
-  data.tar.gz: 6f1ed7f36b19027ec440a8659a492dddd72e289c6855ec3ed288ef31f07e9724d5a2a416db9a4e5d36c3c0889212aa4b1ba5c5b4568952166a147d07829f6bea
+  metadata.gz: af14db114e66673f77255884adc891aa7c390d9f07ad8502c938b355b228e082f7a2babd0f29fc19bf2579a7fac2e2e6eeb8fca5a8867f147c556189410c3c90
+  data.tar.gz: b58357e2fefceb182a35d350246633c840d78206ff7151cbc1d6149a11ebef17f01b599ae4d940b39921cfa49d19b9a6da8060f65fa330bb256b1abea7aeccf2

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 1.14.5 (2017-02-22)
+
+Bugfixes:
+
+  - avoid loading all unused gemspecs during `bundle exec` on RubyGems 2.3+ (@segiddins)
+  - improve resolver performance when dependencies have zero or one total possibilities ignoring requirements (#5444, #5457, @segiddins)
+  - enable compact index when OpenSSL FIPS mode is enabled but not active (#5433, @wjordan)
+  - use github username instead of git name for the github url in `bundle gem` (#5438, @danielpclark)
+  - avoid a TypeError on RubyGems 2.6.8 when no build settings are set for native extensions (@okkez)
+  - fail gracefully when the dependency api is missing runtime dependencies for a gem (@segiddins)
+  - handle when a platform-specific gem has more dependencies than the ruby platform version (#5339, #5426, @segiddins)
+  - allow running bundler on a machine with no home directory where the temporary directory is not writable (#5371, @segiddins)
+  - avoid gem version conflicts on openssl using Ruby 2.5 (#5235, @rhenium)
+  - fail when installing in frozen mode and the dependencies for `gemspec` gems have changed without the lockfile being updated (#5264, @segiddins)
+
 ## 1.14.4 (2017-02-12)
 
 Bugfixes:

data/bundler.gemspec

@@ -8,7 +8,11 @@ Gem::Specification.new do |s|
   s.name        = "bundler"
   s.version     = Bundler::VERSION
   s.license     = "MIT"
-  s.authors     = ["André Arko", "Samuel Giddins"]
+  s.authors     = [
+    "André Arko", "Samuel Giddins", "Chris Morris", "James Wen", "Tim Moore",
+    "André Medeiros", "Jessica Lynn Suttles", "Terence Lee", "Carl Lerche",
+    "Yehuda Katz"
+  ]
   s.email       = ["team@bundler.io"]
   s.homepage    = "http://bundler.io"
   s.summary     = "The best way to manage your application's dependencies"
@@ -32,11 +36,4 @@ Gem::Specification.new do |s|
   s.bindir        = "exe"
   s.executables   = %w(bundle bundler)
   s.require_paths = ["lib"]
-
-  s.post_install_message = <<-END.lines.map(&:strip).join(" ")
-    Did you know that maintaining and improving Bundler and RubyGems.org costs
-    more than $25,000 USD every month? Help us keep the gem ecosystem free for
-    everyone by joining the hundreds of companies and individuals who help
-    cover these costs: https://ruby.to/support-bundler
-  END
 end

data/lib/bundler.rb

@@ -176,7 +176,7 @@ module Bundler
         tmp_home_path.join(login).tap(&:mkpath)
       end
     rescue => e
-      raise "#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}"
+      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
     end
 
     def user_bundle_path

data/lib/bundler/cli/gem.rb

@@ -29,7 +29,8 @@ module Bundler
       constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
       constant_array = constant_name.split("::")
 
-      git_user_name = `git config user.name`.chomp
+      git_author_name = `git config user.name`.chomp
+      github_username = `git config github.user`.chomp
       git_user_email = `git config user.email`.chomp
 
       config = {
@@ -39,13 +40,13 @@ module Bundler
         :makefile_path    => "#{underscored_name}/#{underscored_name}",
         :constant_name    => constant_name,
         :constant_array   => constant_array,
-        :author           => git_user_name.empty? ? "TODO: Write your name" : git_user_name,
+        :author           => git_author_name.empty? ? "TODO: Write your name" : git_author_name,
         :email            => git_user_email.empty? ? "TODO: Write your email address" : git_user_email,
         :test             => options[:test],
         :ext              => options[:ext],
         :exe              => options[:exe],
         :bundler_version  => bundler_dependency_version,
-        :git_user_name    => git_user_name.empty? ? "[USERNAME]" : git_user_name
+        :github_username  => github_username.empty? ? "[USERNAME]" : github_username
       }
       ensure_safe_gem_name(name, constant_array)
 

data/lib/bundler/definition.rb

@@ -104,7 +104,7 @@ module Bundler
 
       add_current_platform unless Bundler.settings[:frozen]
 
-      converge_gemspec_sources
+      converge_path_sources_to_gemspec_sources
       @path_changes = converge_paths
       @source_changes = converge_sources
 
@@ -462,12 +462,13 @@ module Bundler
         changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
       end
 
+      msg << "\n\n#{change_reason.split(", ").join("\n")}\n"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
       msg << "\n"
 
-      raise ProductionError, msg if added.any? || deleted.any? || changed.any?
+      raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed?
     end
 
     def validate_runtime!
@@ -592,7 +593,8 @@ module Bundler
       locked_index = Index.new
       locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
 
-      source.specs != locked_index
+      # order here matters, since Index#== is checking source.specs.include?(locked_index)
+      locked_index != source.specs
     end
 
     # Get all locals and override their matching sources.
@@ -628,7 +630,7 @@ module Bundler
       gemspec_source || source
     end
 
-    def converge_gemspec_sources
+    def converge_path_sources_to_gemspec_sources
       @locked_sources.map! do |source|
         converge_path_source_to_gemspec_source(source)
       end
@@ -750,8 +752,9 @@ module Bundler
           next unless other
 
           deps2 = other.dependencies.select {|d| d.type != :development }
+          runtime_dependencies = s.dependencies.select {|d| d.type != :development }
           # If the dependencies of the path source have changed, unlock it
-          next unless s.dependencies.sort == deps2.sort
+          next unless runtime_dependencies.sort == deps2.sort
         end
 
         converged << s

data/lib/bundler/endpoint_specification.rb

@@ -91,6 +91,13 @@ module Bundler
     end
 
     def __swap__(spec)
+      without_type = proc {|d| Gem::Dependency.new(d.name, d.requirements_list.sort) }
+      if (extra_deps = spec.runtime_dependencies.map(&without_type).-(dependencies.map(&without_type))) && extra_deps.any?
+        Bundler.ui.debug "#{full_name} from #{remote} has corrupted API dependencies (API returned #{dependencies}, real spec has (#{spec.runtime_dependencies}))"
+        raise APIResponseMismatchError,
+          "Downloading #{full_name} revealed dependencies not in the API (#{extra_deps.map(&:to_s).join(", ")})." \
+          "\nInstalling with `--full-index` should fix the problem."
+      end
       @remote_specification = spec
     end
 

data/lib/bundler/errors.rb

@@ -54,6 +54,7 @@ module Bundler
   class PluginError < BundlerError; status_code(29); end
   class SudoNotPermittedError < BundlerError; status_code(30); end
   class ThreadCreationError < BundlerError; status_code(33); end
+  class APIResponseMismatchError < BundlerError; status_code(34); end
   class GemfileEvalError < GemfileError; end
   class MarshalError < StandardError; end
 

data/lib/bundler/fetcher/compact_index.rb

@@ -122,14 +122,13 @@ module Bundler
       end
 
       def md5_available?
-        begin
-          require "openssl"
-          return false if defined?(OpenSSL::OPENSSL_FIPS) && OpenSSL::OPENSSL_FIPS
-        rescue LoadError
-          nil
-        end
-
+        require "openssl"
+        OpenSSL::Digest::MD5.digest("")
+        true
+      rescue LoadError
         true
+      rescue OpenSSL::Digest::DigestError
+        false
       end
     end
   end

data/lib/bundler/index.rb

@@ -144,6 +144,8 @@ module Bundler
       end
     end
 
+    # Whether all the specs in self are in other
+    # TODO: rename to #include?
     def ==(other)
       all? do |spec|
         other_spec = other[spec].first

data/lib/bundler/installer/gem_installer.rb

@@ -16,7 +16,7 @@ module Bundler
       Bundler.ui.debug "#{worker}:  #{spec.name} (#{spec.version}) from #{spec.loaded_from}"
       generate_executable_stubs
       return true, post_install_message
-    rescue Bundler::InstallHookError, Bundler::SecurityError
+    rescue Bundler::InstallHookError, Bundler::SecurityError, APIResponseMismatchError
       raise
     rescue Errno::ENOSPC
       return false, out_of_space_message
@@ -52,7 +52,7 @@ module Bundler
     end
 
     def install
-      spec.source.install(spec, :force => force, :ensure_builtin_gems_cached => standalone, :build_args => [spec_settings])
+      spec.source.install(spec, :force => force, :ensure_builtin_gems_cached => standalone, :build_args => Array(spec_settings))
     end
 
     def install_with_settings

data/lib/bundler/lazy_specification.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 require "uri"
-require "rubygems/spec_fetcher"
 require "bundler/match_platform"
 
 module Bundler
@@ -73,7 +72,14 @@ module Bundler
       @specification = if source.is_a?(Source::Gemspec) && source.gemspec.name == name
         source.gemspec.tap {|s| s.source = source }
       else
-        source.specs.search(search_object).last
+        search = source.specs.search(search_object).last
+        if search && search.platform != platform && !search.runtime_dependencies.-(dependencies.reject {|d| d.type == :development }).empty?
+          Bundler.ui.warn "Unable to use the platform-specific (#{search.platform}) version of #{name} (#{version}) " \
+            "because it has different dependencies from the #{platform} version. " \
+            "To use the platform-specific version of the gem, run `bundle config specific_platform true` and install again."
+          search = source.specs.search(self).last
+        end
+        search
       end
     end
 

data/lib/bundler/remote_specification.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 require "uri"
-require "rubygems/spec_fetcher"
 
 module Bundler
   # Represents a lazily loaded gem specification, where the full specification
@@ -50,6 +49,13 @@ module Bundler
     # once the remote gem is downloaded, the backend specification will
     # be swapped out.
     def __swap__(spec)
+      without_type = proc {|d| Gem::Dependency.new(d.name, d.requirements_list) }
+      if (extra_deps = spec.runtime_dependencies.map(&without_type).-(dependencies.map(&without_type))) && extra_deps.any?
+        Bundler.ui.debug "#{full_name} from #{remote} has corrupted API dependencies (API returned #{dependencies}, real spec has (#{spec.runtime_dependencies}))"
+        raise APIResponseMismatchError,
+          "Downloading #{full_name} revealed dependencies not in the API (#{extra_deps.map(&without_type).map(&:to_s).join(", ")})." \
+          "\nInstalling with `--full-index` should fix the problem."
+      end
       @_remote_specification = spec
     end
 

data/lib/bundler/resolver.rb

@@ -230,11 +230,11 @@ module Bundler
 
     def debug?
       return @debug_mode if defined?(@debug_mode)
-      @debug_mode = ENV["DEBUG_RESOLVER"] || ENV["DEBUG_RESOLVER_TREE"]
+      @debug_mode = ENV["DEBUG_RESOLVER"] || ENV["DEBUG_RESOLVER_TREE"] || false
     end
 
     def before_resolution
-      Bundler.ui.info "Resolving dependencies...", false
+      Bundler.ui.info "Resolving dependencies...", debug?
     end
 
     def after_resolution
@@ -242,7 +242,7 @@ module Bundler
     end
 
     def indicate_progress
-      Bundler.ui.info ".", false
+      Bundler.ui.info ".", false unless debug?
     end
 
     include Molinillo::SpecificationProvider
@@ -328,6 +328,12 @@ module Bundler
 
   private
 
+    # returns an integer \in (-\infty, 0]
+    # a number closer to 0 means the dependency is less constraining
+    #
+    # dependencies w/ 0 or 1 possibilities (ignoring version requirements)
+    # are given very negative values, so they _always_ sort first,
+    # before dependencies that are unconstrained
     def amount_constrained(dependency)
       @amount_constrained ||= {}
       @amount_constrained[dependency.name] ||= begin
@@ -335,8 +341,9 @@ module Bundler
           dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
         else
           all = index_for(dependency).search(dependency.name).size
+
           if all <= 1
-            all
+            all - 1_000_000
           else
             search = search_for(dependency).size
             search - all

data/lib/bundler/rubygems_integration.rb

@@ -213,6 +213,7 @@ module Bundler
     end
 
     def fetch_specs(all, pre, &blk)
+      require "rubygems/spec_fetcher"
       specs = Gem::SpecFetcher.new.list(all, pre)
       specs.each { yield } if block_given?
       specs

data/lib/bundler/settings.rb

@@ -284,7 +284,11 @@ module Bundler
       if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
         Pathname.new(ENV["BUNDLE_CONFIG"])
       else
-        Bundler.user_bundle_path.join("config")
+        begin
+          Bundler.user_bundle_path.join("config")
+        rescue PermissionError, GenericSystemCallError
+          nil
+        end
       end
     end
 

data/lib/bundler/source/path.rb

@@ -4,10 +4,12 @@ module Bundler
     class Path < Source
       autoload :Installer, "bundler/source/path/installer"
 
-      attr_reader :path, :options, :root_path
+      attr_reader :path, :options, :root_path, :original_path
       attr_writer :name
       attr_accessor :version
 
+      protected :original_path
+
       DEFAULT_GLOB = "{,*,*/*}.gemspec".freeze
 
       def initialize(options)
@@ -61,7 +63,7 @@ module Bundler
 
       def eql?(other)
         return unless other.class == self.class
-        expanded_path == expand(other.path) &&
+        expand(@original_path) == expand(other.original_path) &&
           version == other.version
       end
 
@@ -130,8 +132,8 @@ module Bundler
       end
 
       def lockfile_path
-        return relative_path if path.absolute?
-        expand(path).relative_path_from(Bundler.root)
+        return relative_path(original_path) if original_path.absolute?
+        expand(original_path).relative_path_from(Bundler.root)
       end
 
       def app_cache_path(custom_path = nil)
@@ -186,7 +188,7 @@ module Bundler
         index
       end
 
-      def relative_path
+      def relative_path(path = self.path)
         if path.to_s.start_with?(root_path.to_s)
           return path.relative_path_from(root_path)
         end

data/lib/bundler/source/rubygems.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require "uri"
 require "rubygems/user_interaction"
-require "rubygems/spec_fetcher"
 
 module Bundler
   class Source

data/lib/bundler/source/rubygems/remote.rb

@@ -30,6 +30,10 @@ module Bundler
           end
         end
 
+        def to_s
+          "rubygems remote at #{anonymized_uri}"
+        end
+
       private
 
         def apply_auth(uri, auth)

data/lib/bundler/spec_set.rb

@@ -20,8 +20,8 @@ module Bundler
       specs = []
       skip += ["bundler"]
 
-      until deps.empty?
-        dep = deps.shift
+      loop do
+        break unless dep = deps.shift
         next if handled[dep] || skip.include?(dep.name)
 
         handled[dep] = true
@@ -155,14 +155,15 @@ module Bundler
     end
 
     def spec_for_dependency(dep, match_current_platform)
+      specs_for_platforms = lookup[dep.name]
       if match_current_platform
         Bundler.rubygems.platforms.reverse_each do |pl|
-          match = GemHelpers.select_best_platform_match(lookup[dep.name], pl)
+          match = GemHelpers.select_best_platform_match(specs_for_platforms, pl)
           return match if match
         end
         nil
       else
-        GemHelpers.select_best_platform_match(lookup[dep.name], dep.__platform)
+        GemHelpers.select_best_platform_match(specs_for_platforms, dep.__platform)
       end
     end
 

data/lib/bundler/stub_specification.rb

@@ -15,6 +15,13 @@ module Bundler
       _remote_specification.to_yaml
     end
 
+    if Bundler.rubygems.provides?(">= 2.3")
+      # This is defined directly to avoid having to load every installed spec
+      def missing_extensions?
+        stub.missing_extensions?
+      end
+    end
+
   private
 
     def _remote_specification

data/lib/bundler/templates/newgem/README.md.tt

@@ -32,7 +32,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/<%= config[:git_user_name] %>/<%= config[:name] %>.<% if config[:coc] %> This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.<% end %>
+Bug reports and pull requests are welcome on GitHub at https://github.com/<%= config[:github_username] %>/<%= config[:name] %>.<% if config[:coc] %> This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.<% end %>
 <% if config[:mit] %>
 
 ## License

data/lib/bundler/version.rb

@@ -7,5 +7,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.14.4" unless defined?(::Bundler::VERSION)
+  VERSION = "1.14.5" unless defined?(::Bundler::VERSION)
 end

data/man/bundle-config.ronn

@@ -268,10 +268,23 @@ mirror to fetch gems.
 
     bundle config mirror.SOURCE_URL MIRROR_URL
 
-For example, to use a mirror of rubygems.org hosted at
+For example, to use a mirror of rubygems.org hosted at rubygems-mirror.org:
 
     bundle config mirror.http://rubygems.org http://rubygems-mirror.org
 
+Each mirror also provides a fallback timeout setting. If the mirror does not
+respond within the fallback timeout, Bundler will try to use the original
+server instead of the mirror.
+
+    bundle config mirror.SOURCE_URL.fallback_timeout TIMEOUT
+
+For example, to fall back to rubygems.org after 3 seconds:
+
+    bundle config mirror.https://rubygems.org.fallback_timeout 3
+
+The default fallback timeout is 0.1 seconds, but the setting can currently
+only accept whole seconds (for example, 1, 15, or 30).
+
 ## CREDENTIALS FOR GEM SOURCES
 
 Bundler allows you to configure credentials for any gem source, which allows

metadata

@@ -1,15 +1,23 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 1.14.4
+  version: 1.14.5
 platform: ruby
 authors:
 - André Arko
 - Samuel Giddins
+- Chris Morris
+- James Wen
+- Tim Moore
+- André Medeiros
+- Jessica Lynn Suttles
+- Terence Lee
+- Carl Lerche
+- Yehuda Katz
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-12 00:00:00.000000000 Z
+date: 2017-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: automatiek
@@ -371,10 +379,7 @@ homepage: http://bundler.io
 licenses:
 - MIT
 metadata: {}
-post_install_message: 'Did you know that maintaining and improving Bundler and RubyGems.org
-  costs more than $25,000 USD every month? Help us keep the gem ecosystem free for
-  everyone by joining the hundreds of companies and individuals who help cover these
-  costs: https://ruby.to/support-bundler'
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib