bundler 2.2.10 → 2.2.11
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/definition.rb +25 -49
- data/lib/bundler/dsl.rb +25 -38
- data/lib/bundler/feature_flag.rb +1 -0
- data/lib/bundler/inline.rb +0 -1
- data/lib/bundler/lockfile_parser.rb +8 -12
- data/lib/bundler/man/bundle-config.1 +6 -0
- data/lib/bundler/man/bundle-config.1.ronn +8 -0
- data/lib/bundler/plugin.rb +0 -1
- data/lib/bundler/plugin/installer.rb +9 -8
- data/lib/bundler/resolver.rb +33 -29
- data/lib/bundler/settings.rb +1 -0
- data/lib/bundler/source/rubygems.rb +1 -10
- data/lib/bundler/source_list.rb +21 -32
- data/lib/bundler/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4245b41cd1a7664e7160400a34b59eb6776722ce33f3050985e9c6cd1e564636
|
4
|
+
data.tar.gz: 61a49ab9b21f1972a196ce7871985413687805f2b006c52e28adc8c8a6e9cce1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 648a86e27fcc3ef70824c2b2c1138ca8e27de426e7ff301be784bdd56da33f0ae7281b3ef0f3243bfea02ba309e6c3dee912816db1d8f8225afe69bb4f8db612
|
7
|
+
data.tar.gz: b55fa91faa9d96512836dc3793bd1ca8aa994ed9f14396882c2c2994d4e6d30dc2c49f5431de13092708d1278b87244f4bfa4b622771327a6b96ffcbb43e2a7f
|
data/CHANGELOG.md
CHANGED
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-02-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-02-17".freeze
|
8
|
+
@git_commit_sha = "6ca677a0eb".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/definition.rb
CHANGED
@@ -106,19 +106,6 @@ module Bundler
|
|
106
106
|
@locked_platforms = []
|
107
107
|
end
|
108
108
|
|
109
|
-
@locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
110
|
-
@disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
|
111
|
-
|
112
|
-
unless @disable_multisource
|
113
|
-
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
|
114
|
-
"You should regenerate your lockfile in a non frozen environment."
|
115
|
-
|
116
|
-
Bundler::SharedHelpers.major_deprecation 2, msg
|
117
|
-
|
118
|
-
@sources.allow_multisource!
|
119
|
-
@locked_gem_sources.each(&:allow_multisource!)
|
120
|
-
end
|
121
|
-
|
122
109
|
@unlock[:gems] ||= []
|
123
110
|
@unlock[:sources] ||= []
|
124
111
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
@@ -158,14 +145,6 @@ module Bundler
|
|
158
145
|
end
|
159
146
|
end
|
160
147
|
|
161
|
-
def disable_multisource?
|
162
|
-
@disable_multisource
|
163
|
-
end
|
164
|
-
|
165
|
-
def allow_multisource!
|
166
|
-
@disable_multisource = false
|
167
|
-
end
|
168
|
-
|
169
148
|
def resolve_with_cache!
|
170
149
|
raise "Specs already loaded" if @specs
|
171
150
|
sources.cached!
|
@@ -285,7 +264,7 @@ module Bundler
|
|
285
264
|
# Run a resolve against the locally available gems
|
286
265
|
Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
|
287
266
|
expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
|
288
|
-
Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
|
267
|
+
Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
|
289
268
|
end
|
290
269
|
end
|
291
270
|
end
|
@@ -551,9 +530,6 @@ module Bundler
|
|
551
530
|
attr_reader :sources
|
552
531
|
private :sources
|
553
532
|
|
554
|
-
attr_reader :locked_gem_sources
|
555
|
-
private :locked_gem_sources
|
556
|
-
|
557
533
|
def nothing_changed?
|
558
534
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
559
535
|
end
|
@@ -678,20 +654,21 @@ module Bundler
|
|
678
654
|
end
|
679
655
|
|
680
656
|
def converge_rubygems_sources
|
681
|
-
return false if disable_multisource?
|
657
|
+
return false if Bundler.feature_flag.disable_multisource?
|
682
658
|
|
683
|
-
|
659
|
+
changes = false
|
684
660
|
|
661
|
+
# Get the RubyGems sources from the Gemfile.lock
|
662
|
+
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
685
663
|
# Get the RubyGems remotes from the Gemfile
|
686
664
|
actual_remotes = sources.rubygems_remotes
|
687
|
-
return false if actual_remotes.empty?
|
688
|
-
|
689
|
-
changes = false
|
690
665
|
|
691
666
|
# If there is a RubyGems source in both
|
692
|
-
locked_gem_sources.
|
693
|
-
|
694
|
-
|
667
|
+
if !locked_gem_sources.empty? && !actual_remotes.empty?
|
668
|
+
locked_gem_sources.each do |locked_gem|
|
669
|
+
# Merge the remotes from the Gemfile into the Gemfile.lock
|
670
|
+
changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
671
|
+
end
|
695
672
|
end
|
696
673
|
|
697
674
|
changes
|
@@ -916,18 +893,30 @@ module Bundler
|
|
916
893
|
# Record the specs available in each gem's source, so that those
|
917
894
|
# specs will be available later when the resolver knows where to
|
918
895
|
# look for that gemspec (or its dependencies)
|
919
|
-
|
896
|
+
default = sources.default_source
|
897
|
+
source_requirements = { :default => default }
|
898
|
+
default = nil unless Bundler.feature_flag.disable_multisource?
|
899
|
+
dependencies.each do |dep|
|
900
|
+
next unless source = dep.source || default
|
901
|
+
source_requirements[dep.name] = source
|
902
|
+
end
|
920
903
|
metadata_dependencies.each do |dep|
|
921
904
|
source_requirements[dep.name] = sources.metadata_source
|
922
905
|
end
|
923
|
-
source_requirements[:global] = index unless disable_multisource?
|
924
906
|
source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
|
925
907
|
source_requirements["bundler"] = sources.metadata_source # needs to come last to override
|
926
908
|
source_requirements
|
927
909
|
end
|
928
910
|
|
929
911
|
def pinned_spec_names(skip = nil)
|
930
|
-
|
912
|
+
pinned_names = []
|
913
|
+
default = Bundler.feature_flag.disable_multisource? && sources.default_source
|
914
|
+
@dependencies.each do |dep|
|
915
|
+
next unless dep_source = dep.source || default
|
916
|
+
next if dep_source == skip
|
917
|
+
pinned_names << dep.name
|
918
|
+
end
|
919
|
+
pinned_names
|
931
920
|
end
|
932
921
|
|
933
922
|
def requested_groups
|
@@ -984,18 +973,5 @@ module Bundler
|
|
984
973
|
|
985
974
|
Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
|
986
975
|
end
|
987
|
-
|
988
|
-
def dependency_source_requirements
|
989
|
-
@dependency_source_requirements ||= begin
|
990
|
-
source_requirements = {}
|
991
|
-
default = disable_multisource? && sources.default_source
|
992
|
-
dependencies.each do |dep|
|
993
|
-
dep_source = dep.source || default
|
994
|
-
next unless dep_source
|
995
|
-
source_requirements[dep.name] = dep_source
|
996
|
-
end
|
997
|
-
source_requirements
|
998
|
-
end
|
999
|
-
end
|
1000
976
|
end
|
1001
977
|
end
|
data/lib/bundler/dsl.rb
CHANGED
@@ -24,9 +24,6 @@ module Bundler
|
|
24
24
|
def initialize
|
25
25
|
@source = nil
|
26
26
|
@sources = SourceList.new
|
27
|
-
|
28
|
-
@global_rubygems_sources = []
|
29
|
-
|
30
27
|
@git_sources = {}
|
31
28
|
@dependencies = []
|
32
29
|
@groups = []
|
@@ -48,7 +45,6 @@ module Bundler
|
|
48
45
|
@gemfiles << expanded_gemfile_path
|
49
46
|
contents ||= Bundler.read_file(@gemfile.to_s)
|
50
47
|
instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
|
51
|
-
check_primary_source_safety
|
52
48
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
53
49
|
message = "There was an error " \
|
54
50
|
"#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
|
@@ -168,7 +164,8 @@ module Bundler
|
|
168
164
|
elsif block_given?
|
169
165
|
with_source(@sources.add_rubygems_source("remotes" => source), &blk)
|
170
166
|
else
|
171
|
-
@
|
167
|
+
check_primary_source_safety(@sources)
|
168
|
+
@sources.global_rubygems_source = source
|
172
169
|
end
|
173
170
|
end
|
174
171
|
|
@@ -186,14 +183,24 @@ module Bundler
|
|
186
183
|
end
|
187
184
|
|
188
185
|
def path(path, options = {}, &blk)
|
186
|
+
unless block_given?
|
187
|
+
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
188
|
+
"either use the :path option on a gem, or specify the gems that \n" \
|
189
|
+
"bundler should find in the path source by passing a block to \n" \
|
190
|
+
"the path method, like: \n\n" \
|
191
|
+
" path 'dir/containing/rails' do\n" \
|
192
|
+
" gem 'rails'\n" \
|
193
|
+
" end\n\n"
|
194
|
+
|
195
|
+
raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
|
196
|
+
SharedHelpers.major_deprecation(2, msg.strip)
|
197
|
+
end
|
198
|
+
|
189
199
|
source_options = normalize_hash(options).merge(
|
190
200
|
"path" => Pathname.new(path),
|
191
201
|
"root_path" => gemfile_root,
|
192
202
|
"gemspec" => gemspecs.find {|g| g.name == options["name"] }
|
193
203
|
)
|
194
|
-
|
195
|
-
source_options["global"] = true unless block_given?
|
196
|
-
|
197
204
|
source = @sources.add_path_source(source_options)
|
198
205
|
with_source(source, &blk)
|
199
206
|
end
|
@@ -272,11 +279,6 @@ module Bundler
|
|
272
279
|
raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
|
273
280
|
end
|
274
281
|
|
275
|
-
def check_primary_source_safety
|
276
|
-
check_path_source_safety
|
277
|
-
check_rubygems_source_safety
|
278
|
-
end
|
279
|
-
|
280
282
|
private
|
281
283
|
|
282
284
|
def add_git_sources
|
@@ -438,40 +440,25 @@ repo_name ||= user_name
|
|
438
440
|
end
|
439
441
|
end
|
440
442
|
|
441
|
-
def
|
442
|
-
return if
|
443
|
-
|
444
|
-
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
445
|
-
"either use the :path option on a gem, or specify the gems that \n" \
|
446
|
-
"bundler should find in the path source by passing a block to \n" \
|
447
|
-
"the path method, like: \n\n" \
|
448
|
-
" path 'dir/containing/rails' do\n" \
|
449
|
-
" gem 'rails'\n" \
|
450
|
-
" end\n\n"
|
443
|
+
def check_primary_source_safety(source_list)
|
444
|
+
return if source_list.rubygems_primary_remotes.empty? && source_list.global_rubygems_source.nil?
|
451
445
|
|
452
|
-
|
453
|
-
end
|
454
|
-
|
455
|
-
def check_rubygems_source_safety
|
456
|
-
if @global_rubygems_sources.size <= 1
|
457
|
-
@sources.global_rubygems_source = @global_rubygems_sources.first
|
458
|
-
return
|
459
|
-
end
|
460
|
-
|
461
|
-
@global_rubygems_sources.each do |source|
|
462
|
-
@sources.add_rubygems_remote(source)
|
463
|
-
end
|
464
|
-
|
465
|
-
if Bundler.feature_flag.bundler_3_mode?
|
446
|
+
if Bundler.feature_flag.disable_multisource?
|
466
447
|
msg = "This Gemfile contains multiple primary sources. " \
|
467
448
|
"Each source after the first must include a block to indicate which gems " \
|
468
449
|
"should come from that source"
|
450
|
+
unless Bundler.feature_flag.bundler_2_mode?
|
451
|
+
msg += ". To downgrade this error to a warning, run " \
|
452
|
+
"`bundle config unset disable_multisource`"
|
453
|
+
end
|
469
454
|
raise GemfileEvalError, msg
|
470
455
|
else
|
471
456
|
Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
|
472
457
|
"Using `source` more than once without a block is a security risk, and " \
|
473
458
|
"may result in installing unexpected gems. To resolve this warning, use " \
|
474
|
-
"a block to indicate which gems should come from the secondary source."
|
459
|
+
"a block to indicate which gems should come from the secondary source. " \
|
460
|
+
"To upgrade this warning to an error, run `bundle config set --local " \
|
461
|
+
"disable_multisource true`."
|
475
462
|
end
|
476
463
|
end
|
477
464
|
|
data/lib/bundler/feature_flag.rb
CHANGED
@@ -32,6 +32,7 @@ module Bundler
|
|
32
32
|
settings_flag(:cache_all) { bundler_3_mode? }
|
33
33
|
settings_flag(:default_install_uses_path) { bundler_3_mode? }
|
34
34
|
settings_flag(:deployment_means_frozen) { bundler_3_mode? }
|
35
|
+
settings_flag(:disable_multisource) { bundler_3_mode? }
|
35
36
|
settings_flag(:forget_cli_options) { bundler_3_mode? }
|
36
37
|
settings_flag(:global_gem_cache) { bundler_3_mode? }
|
37
38
|
settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }
|
data/lib/bundler/inline.rb
CHANGED
@@ -50,7 +50,6 @@ def gemfile(install = false, options = {}, &gemfile)
|
|
50
50
|
Bundler::Plugin.gemfile_install(&gemfile) if Bundler.feature_flag.plugins?
|
51
51
|
builder = Bundler::Dsl.new
|
52
52
|
builder.instance_eval(&gemfile)
|
53
|
-
builder.check_primary_source_safety
|
54
53
|
|
55
54
|
Bundler.settings.temporary(:frozen => false) do
|
56
55
|
definition = builder.to_definition(nil, true)
|
@@ -64,6 +64,8 @@ module Bundler
|
|
64
64
|
@state = nil
|
65
65
|
@specs = {}
|
66
66
|
|
67
|
+
@rubygems_aggregate = Source::Rubygems.new
|
68
|
+
|
67
69
|
if lockfile.match(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
|
68
70
|
raise LockfileError, "Your #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} contains merge conflicts.\n" \
|
69
71
|
"Run `git checkout HEAD -- #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` first to get a clean lock."
|
@@ -87,6 +89,7 @@ module Bundler
|
|
87
89
|
send("parse_#{@state}", line)
|
88
90
|
end
|
89
91
|
end
|
92
|
+
@sources << @rubygems_aggregate unless Bundler.feature_flag.disable_multisource?
|
90
93
|
@specs = @specs.values.sort_by(&:identifier)
|
91
94
|
warn_for_outdated_bundler_version
|
92
95
|
rescue ArgumentError => e
|
@@ -131,19 +134,16 @@ module Bundler
|
|
131
134
|
@sources << @current_source
|
132
135
|
end
|
133
136
|
when GEM
|
134
|
-
|
135
|
-
|
136
|
-
if source_remotes.size == 1
|
137
|
+
if Bundler.feature_flag.disable_multisource?
|
137
138
|
@opts["remotes"] = @opts.delete("remote")
|
138
139
|
@current_source = TYPES[@type].from_lock(@opts)
|
140
|
+
@sources << @current_source
|
139
141
|
else
|
140
|
-
|
141
|
-
rubygems_aggregate.add_remote(url)
|
142
|
+
Array(@opts["remote"]).each do |url|
|
143
|
+
@rubygems_aggregate.add_remote(url)
|
142
144
|
end
|
143
|
-
@current_source = rubygems_aggregate
|
145
|
+
@current_source = @rubygems_aggregate
|
144
146
|
end
|
145
|
-
|
146
|
-
@sources << @current_source
|
147
147
|
when PLUGIN
|
148
148
|
@current_source = Plugin.source_from_lock(@opts)
|
149
149
|
@sources << @current_source
|
@@ -245,9 +245,5 @@ module Bundler
|
|
245
245
|
def parse_ruby(line)
|
246
246
|
@ruby_version = line.strip
|
247
247
|
end
|
248
|
-
|
249
|
-
def rubygems_aggregate
|
250
|
-
@rubygems_aggregate ||= Source::Rubygems.new
|
251
|
-
end
|
252
248
|
end
|
253
249
|
end
|
@@ -56,6 +56,9 @@ Executing \fBbundle config unset \-\-local <name> <value>\fR will delete the con
|
|
56
56
|
.P
|
57
57
|
Executing bundle with the \fBBUNDLE_IGNORE_CONFIG\fR environment variable set will cause it to ignore all configuration\.
|
58
58
|
.
|
59
|
+
.P
|
60
|
+
Executing \fBbundle config set \-\-local disable_multisource true\fR upgrades the warning about the Gemfile containing multiple primary sources to an error\. Executing \fBbundle config unset disable_multisource\fR downgrades this error to a warning\.
|
61
|
+
.
|
59
62
|
.SH "REMEMBERING OPTIONS"
|
60
63
|
Flags passed to \fBbundle install\fR or the Bundler runtime, such as \fB\-\-path foo\fR or \fB\-\-without production\fR, are remembered between commands and saved to your local application\'s configuration (normally, \fB\./\.bundle/config\fR)\.
|
61
64
|
.
|
@@ -181,6 +184,9 @@ The following is a list of all configuration keys and their purpose\. You can le
|
|
181
184
|
\fBdisable_local_revision_check\fR (\fBBUNDLE_DISABLE_LOCAL_REVISION_CHECK\fR): Allow Bundler to use a local git override without checking if the revision present in the lockfile is present in the repository\.
|
182
185
|
.
|
183
186
|
.IP "\(bu" 4
|
187
|
+
\fBdisable_multisource\fR (\fBBUNDLE_DISABLE_MULTISOURCE\fR): When set, Gemfiles containing multiple sources will produce errors instead of warnings\. Use \fBbundle config unset disable_multisource\fR to unset\.
|
188
|
+
.
|
189
|
+
.IP "\(bu" 4
|
184
190
|
\fBdisable_shared_gems\fR (\fBBUNDLE_DISABLE_SHARED_GEMS\fR): Stop Bundler from accessing gems installed to RubyGems\' normal location\.
|
185
191
|
.
|
186
192
|
.IP "\(bu" 4
|
@@ -47,6 +47,10 @@ configuration only from the local application.
|
|
47
47
|
Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
|
48
48
|
cause it to ignore all configuration.
|
49
49
|
|
50
|
+
Executing `bundle config set --local disable_multisource true` upgrades the warning about
|
51
|
+
the Gemfile containing multiple primary sources to an error. Executing `bundle
|
52
|
+
config unset disable_multisource` downgrades this error to a warning.
|
53
|
+
|
50
54
|
## REMEMBERING OPTIONS
|
51
55
|
|
52
56
|
Flags passed to `bundle install` or the Bundler runtime, such as `--path foo` or
|
@@ -174,6 +178,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
|
|
174
178
|
* `disable_local_revision_check` (`BUNDLE_DISABLE_LOCAL_REVISION_CHECK`):
|
175
179
|
Allow Bundler to use a local git override without checking if the revision
|
176
180
|
present in the lockfile is present in the repository.
|
181
|
+
* `disable_multisource` (`BUNDLE_DISABLE_MULTISOURCE`):
|
182
|
+
When set, Gemfiles containing multiple sources will produce errors
|
183
|
+
instead of warnings.
|
184
|
+
Use `bundle config unset disable_multisource` to unset.
|
177
185
|
* `disable_shared_gems` (`BUNDLE_DISABLE_SHARED_GEMS`):
|
178
186
|
Stop Bundler from accessing gems installed to RubyGems' normal location.
|
179
187
|
* `disable_version_check` (`BUNDLE_DISABLE_VERSION_CHECK`):
|
data/lib/bundler/plugin.rb
CHANGED
@@ -16,13 +16,15 @@ module Bundler
|
|
16
16
|
|
17
17
|
version = options[:version] || [">= 0"]
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
19
|
+
Bundler.settings.temporary(:disable_multisource => false) do
|
20
|
+
if options[:git]
|
21
|
+
install_git(names, version, options)
|
22
|
+
elsif options[:local_git]
|
23
|
+
install_local_git(names, version, options)
|
24
|
+
else
|
25
|
+
sources = options[:source] || Bundler.rubygems.sources
|
26
|
+
install_rubygems(names, version, sources)
|
27
|
+
end
|
26
28
|
end
|
27
29
|
end
|
28
30
|
|
@@ -82,7 +84,6 @@ module Bundler
|
|
82
84
|
deps = names.map {|name| Dependency.new name, version }
|
83
85
|
|
84
86
|
definition = Definition.new(nil, deps, source_list, true)
|
85
|
-
definition.allow_multisource!
|
86
87
|
install_definition(definition)
|
87
88
|
end
|
88
89
|
|
data/lib/bundler/resolver.rb
CHANGED
@@ -17,14 +17,15 @@ module Bundler
|
|
17
17
|
# ==== Returns
|
18
18
|
# <GemBundle>,nil:: If the list of dependencies can be resolved, a
|
19
19
|
# collection of gemspecs is returned. Otherwise, nil is returned.
|
20
|
-
def self.resolve(requirements, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
|
20
|
+
def self.resolve(requirements, index, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
|
21
21
|
base = SpecSet.new(base) unless base.is_a?(SpecSet)
|
22
|
-
resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
22
|
+
resolver = new(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
23
23
|
result = resolver.start(requirements)
|
24
24
|
SpecSet.new(result)
|
25
25
|
end
|
26
26
|
|
27
|
-
def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
27
|
+
def initialize(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
|
28
|
+
@index = index
|
28
29
|
@source_requirements = source_requirements
|
29
30
|
@base = base
|
30
31
|
@resolver = Molinillo::Resolver.new(self, self)
|
@@ -39,7 +40,7 @@ module Bundler
|
|
39
40
|
@resolving_only_for_ruby = platforms == [Gem::Platform::RUBY]
|
40
41
|
@gem_version_promoter = gem_version_promoter
|
41
42
|
@use_gvp = Bundler.feature_flag.use_gem_version_promoter_for_major_updates? || !@gem_version_promoter.major?
|
42
|
-
@
|
43
|
+
@lockfile_uses_separate_rubygems_sources = Bundler.feature_flag.disable_multisource?
|
43
44
|
|
44
45
|
@variant_specific_names = []
|
45
46
|
@generic_names = ["Ruby\0", "RubyGems\0"]
|
@@ -124,7 +125,8 @@ module Bundler
|
|
124
125
|
dependency = dependency_proxy.dep
|
125
126
|
name = dependency.name
|
126
127
|
search_result = @search_for[dependency_proxy] ||= begin
|
127
|
-
|
128
|
+
index = index_for(dependency)
|
129
|
+
results = index.search(dependency, @base[name])
|
128
130
|
|
129
131
|
if vertex = @base_dg.vertex_named(name)
|
130
132
|
locked_requirement = vertex.payload.requirement
|
@@ -193,26 +195,23 @@ module Bundler
|
|
193
195
|
search_result
|
194
196
|
end
|
195
197
|
|
196
|
-
def index_for(dependency
|
198
|
+
def index_for(dependency)
|
197
199
|
source = @source_requirements[dependency.name]
|
198
200
|
if source
|
199
201
|
source.specs
|
200
|
-
elsif @
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
202
|
+
elsif @lockfile_uses_separate_rubygems_sources
|
203
|
+
Index.build do |idx|
|
204
|
+
if dependency.all_sources
|
205
|
+
dependency.all_sources.each {|s| idx.add_source(s.specs) if s }
|
206
|
+
else
|
207
|
+
idx.add_source @source_requirements[:default].specs
|
208
|
+
end
|
206
209
|
end
|
207
210
|
else
|
208
|
-
@
|
211
|
+
@index
|
209
212
|
end
|
210
213
|
end
|
211
214
|
|
212
|
-
def results_for(dependency, base)
|
213
|
-
index_for(dependency, base).search(dependency, base)
|
214
|
-
end
|
215
|
-
|
216
215
|
def name_for(dependency)
|
217
216
|
dependency.name
|
218
217
|
end
|
@@ -239,13 +238,11 @@ module Bundler
|
|
239
238
|
|
240
239
|
def relevant_sources_for_vertex(vertex)
|
241
240
|
if vertex.root?
|
242
|
-
[@source_requirements[vertex.name]]
|
243
|
-
elsif @
|
241
|
+
[@source_requirements[vertex.name]]
|
242
|
+
elsif @lockfile_uses_separate_rubygems_sources
|
244
243
|
vertex.recursive_predecessors.map do |v|
|
245
244
|
@source_requirements[v.name]
|
246
|
-
end
|
247
|
-
else
|
248
|
-
[]
|
245
|
+
end << @source_requirements[:default]
|
249
246
|
end
|
250
247
|
end
|
251
248
|
|
@@ -286,7 +283,7 @@ module Bundler
|
|
286
283
|
if (base = @base[dependency.name]) && !base.empty?
|
287
284
|
dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
|
288
285
|
else
|
289
|
-
all = index_for(dependency
|
286
|
+
all = index_for(dependency).search(dependency.name).size
|
290
287
|
|
291
288
|
if all <= 1
|
292
289
|
all - 1_000_000
|
@@ -329,7 +326,7 @@ module Bundler
|
|
329
326
|
"The source does not contain any versions of '#{name}'"
|
330
327
|
end
|
331
328
|
else
|
332
|
-
message = "Could not find gem '#{
|
329
|
+
message = "Could not find gem '#{requirement}' in any of the gem sources " \
|
333
330
|
"listed in your Gemfile#{cache_message}."
|
334
331
|
end
|
335
332
|
raise GemNotFound, message
|
@@ -414,8 +411,14 @@ module Bundler
|
|
414
411
|
|
415
412
|
relevant_sources = if conflict.requirement.source
|
416
413
|
[conflict.requirement.source]
|
417
|
-
|
414
|
+
elsif conflict.requirement.all_sources
|
418
415
|
conflict.requirement.all_sources
|
416
|
+
elsif @lockfile_uses_separate_rubygems_sources
|
417
|
+
# every conflict should have an explicit group of sources when we
|
418
|
+
# enforce strict pinning
|
419
|
+
raise "no source set for #{conflict}"
|
420
|
+
else
|
421
|
+
[]
|
419
422
|
end.compact.map(&:to_s).uniq.sort
|
420
423
|
|
421
424
|
metadata_requirement = name.end_with?("\0")
|
@@ -452,8 +455,7 @@ module Bundler
|
|
452
455
|
def validate_resolved_specs!(resolved_specs)
|
453
456
|
resolved_specs.each do |v|
|
454
457
|
name = v.name
|
455
|
-
sources = relevant_sources_for_vertex(v)
|
456
|
-
next unless sources.any?
|
458
|
+
next unless sources = relevant_sources_for_vertex(v)
|
457
459
|
sources.compact!
|
458
460
|
if default_index = sources.index(@source_requirements[:default])
|
459
461
|
sources.delete_at(default_index)
|
@@ -462,12 +464,14 @@ module Bundler
|
|
462
464
|
sources.uniq!
|
463
465
|
next if sources.size <= 1
|
464
466
|
|
467
|
+
multisource_disabled = Bundler.feature_flag.disable_multisource?
|
468
|
+
|
465
469
|
msg = ["The gem '#{name}' was found in multiple relevant sources."]
|
466
470
|
msg.concat sources.map {|s| " * #{s}" }.sort
|
467
|
-
msg << "You #{
|
471
|
+
msg << "You #{multisource_disabled ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
|
468
472
|
msg = msg.join("\n")
|
469
473
|
|
470
|
-
raise SecurityError, msg if
|
474
|
+
raise SecurityError, msg if multisource_disabled
|
471
475
|
Bundler.ui.warn "Warning: #{msg}"
|
472
476
|
end
|
473
477
|
end
|
data/lib/bundler/settings.rb
CHANGED
@@ -21,7 +21,6 @@ module Bundler
|
|
21
21
|
@allow_remote = false
|
22
22
|
@allow_cached = false
|
23
23
|
@caches = [cache_path, *Bundler.rubygems.gem_cache]
|
24
|
-
@disable_multisource = true
|
25
24
|
|
26
25
|
Array(options["remotes"] || []).reverse_each {|r| add_remote(r) }
|
27
26
|
end
|
@@ -50,16 +49,8 @@ module Bundler
|
|
50
49
|
o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
|
51
50
|
end
|
52
51
|
|
53
|
-
def disable_multisource?
|
54
|
-
@disable_multisource
|
55
|
-
end
|
56
|
-
|
57
|
-
def allow_multisource!
|
58
|
-
@disable_multisource = false
|
59
|
-
end
|
60
|
-
|
61
52
|
def can_lock?(spec)
|
62
|
-
return super if disable_multisource?
|
53
|
+
return super if Bundler.feature_flag.disable_multisource?
|
63
54
|
spec.source.is_a?(Rubygems)
|
64
55
|
end
|
65
56
|
|
data/lib/bundler/source_list.rb
CHANGED
@@ -5,41 +5,24 @@ module Bundler
|
|
5
5
|
attr_reader :path_sources,
|
6
6
|
:git_sources,
|
7
7
|
:plugin_sources,
|
8
|
-
:
|
9
|
-
:metadata_source
|
10
|
-
:disable_multisource
|
11
|
-
|
12
|
-
def global_rubygems_source
|
13
|
-
@global_rubygems_source ||= rubygems_aggregate_class.new
|
14
|
-
end
|
8
|
+
:global_rubygems_source,
|
9
|
+
:metadata_source
|
15
10
|
|
16
11
|
def initialize
|
17
12
|
@path_sources = []
|
18
13
|
@git_sources = []
|
19
14
|
@plugin_sources = []
|
20
15
|
@global_rubygems_source = nil
|
21
|
-
@
|
16
|
+
@rubygems_aggregate = rubygems_aggregate_class.new
|
22
17
|
@rubygems_sources = []
|
23
18
|
@metadata_source = Source::Metadata.new
|
24
|
-
@disable_multisource = true
|
25
|
-
end
|
26
|
-
|
27
|
-
def disable_multisource?
|
28
|
-
@disable_multisource
|
29
|
-
end
|
30
|
-
|
31
|
-
def allow_multisource!
|
32
|
-
rubygems_sources.map(&:allow_multisource!)
|
33
|
-
@disable_multisource = false
|
34
19
|
end
|
35
20
|
|
36
21
|
def add_path_source(options = {})
|
37
22
|
if options["gemspec"]
|
38
23
|
add_source_to_list Source::Gemspec.new(options), path_sources
|
39
24
|
else
|
40
|
-
|
41
|
-
@global_path_source ||= path_source if options["global"]
|
42
|
-
path_source
|
25
|
+
add_source_to_list Source::Path.new(options), path_sources
|
43
26
|
end
|
44
27
|
end
|
45
28
|
|
@@ -58,20 +41,24 @@ module Bundler
|
|
58
41
|
end
|
59
42
|
|
60
43
|
def global_rubygems_source=(uri)
|
61
|
-
|
44
|
+
if Bundler.feature_flag.disable_multisource?
|
45
|
+
@global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
|
46
|
+
end
|
47
|
+
add_rubygems_remote(uri)
|
62
48
|
end
|
63
49
|
|
64
50
|
def add_rubygems_remote(uri)
|
65
|
-
|
66
|
-
|
51
|
+
return if Bundler.feature_flag.disable_multisource?
|
52
|
+
@rubygems_aggregate.add_remote(uri)
|
53
|
+
@rubygems_aggregate
|
67
54
|
end
|
68
55
|
|
69
56
|
def default_source
|
70
|
-
|
57
|
+
global_rubygems_source || @rubygems_aggregate
|
71
58
|
end
|
72
59
|
|
73
60
|
def rubygems_sources
|
74
|
-
@rubygems_sources + [
|
61
|
+
@rubygems_sources + [default_source]
|
75
62
|
end
|
76
63
|
|
77
64
|
def rubygems_remotes
|
@@ -88,7 +75,7 @@ module Bundler
|
|
88
75
|
|
89
76
|
def lock_sources
|
90
77
|
lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
|
91
|
-
if disable_multisource?
|
78
|
+
if Bundler.feature_flag.disable_multisource?
|
92
79
|
lock_sources + rubygems_sources.sort_by(&:to_s)
|
93
80
|
else
|
94
81
|
lock_sources << combine_rubygems_sources
|
@@ -105,9 +92,9 @@ module Bundler
|
|
105
92
|
end
|
106
93
|
end
|
107
94
|
|
108
|
-
replacement_rubygems = !disable_multisource? &&
|
95
|
+
replacement_rubygems = !Bundler.feature_flag.disable_multisource? &&
|
109
96
|
replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
|
110
|
-
@
|
97
|
+
@rubygems_aggregate = replacement_rubygems if replacement_rubygems
|
111
98
|
|
112
99
|
return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
|
113
100
|
return true if replacement_rubygems && rubygems_remotes.sort_by(&:to_s) != replacement_rubygems.remotes.sort_by(&:to_s)
|
@@ -123,6 +110,10 @@ module Bundler
|
|
123
110
|
all_sources.each(&:remote!)
|
124
111
|
end
|
125
112
|
|
113
|
+
def rubygems_primary_remotes
|
114
|
+
@rubygems_aggregate.remotes
|
115
|
+
end
|
116
|
+
|
126
117
|
private
|
127
118
|
|
128
119
|
def rubygems_aggregate_class
|
@@ -145,9 +136,7 @@ module Bundler
|
|
145
136
|
end
|
146
137
|
|
147
138
|
def combine_rubygems_sources
|
148
|
-
|
149
|
-
aggregate_source.allow_multisource! unless disable_multisource?
|
150
|
-
aggregate_source
|
139
|
+
Source::Rubygems.new("remotes" => rubygems_remotes)
|
151
140
|
end
|
152
141
|
|
153
142
|
def warn_on_git_protocol(source)
|
data/lib/bundler/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -22,7 +22,7 @@ authors:
|
|
22
22
|
autorequire:
|
23
23
|
bindir: exe
|
24
24
|
cert_chain: []
|
25
|
-
date: 2021-02-
|
25
|
+
date: 2021-02-17 00:00:00.000000000 Z
|
26
26
|
dependencies: []
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
28
28
|
across many machines, systematically and repeatably
|
@@ -352,7 +352,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
352
352
|
- !ruby/object:Gem::Version
|
353
353
|
version: 2.5.2
|
354
354
|
requirements: []
|
355
|
-
rubygems_version: 3.2.
|
355
|
+
rubygems_version: 3.2.11
|
356
356
|
signing_key:
|
357
357
|
specification_version: 4
|
358
358
|
summary: The best way to manage your application's dependencies
|