bundler 2.2.20 → 2.2.21
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/bundler.rb +1 -1
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli/install.rb +6 -7
- data/lib/bundler/definition.rb +10 -8
- data/lib/bundler/feature_flag.rb +0 -1
- data/lib/bundler/fetcher/compact_index.rb +1 -1
- data/lib/bundler/installer.rb +1 -8
- data/lib/bundler/resolver.rb +2 -0
- data/lib/bundler/settings.rb +7 -1
- data/lib/bundler/source/rubygems.rb +3 -3
- data/lib/bundler/source_list.rb +4 -2
- data/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
- data/lib/bundler/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 420be71d17b8361ff58b192c7d65aff87352858d123b6c30cbbc19eb582503b1
|
|
4
|
+
data.tar.gz: 8d1b50e3080888aee87a46a11511f144fc27c9767eae003e0b09fe6a5b5def50
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a97c3dbb69d51982f210c6c78ea5a987bf4fa6439a2925769794c2fad30f42c35efc57d2f2713f37be84ee08050526513bc12a9fddd09763fb7f9748e7e4673b
|
|
7
|
+
data.tar.gz: 1faa09cb9aa4bcf42d15820bde1c0558e6b50709b7671750758f219d56058d02a57bb22f891b7d233941194ec2519d3c3dca193e5e07d1a9be8b22a4ae1a8d5f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
# 2.2.21 (June 23, 2021)
|
|
2
|
+
|
|
3
|
+
## Security fixes:
|
|
4
|
+
|
|
5
|
+
- Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647)
|
|
6
|
+
|
|
7
|
+
## Enhancements:
|
|
8
|
+
|
|
9
|
+
- Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670)
|
|
10
|
+
- Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671)
|
|
11
|
+
|
|
12
|
+
## Bug fixes:
|
|
13
|
+
|
|
14
|
+
- Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677)
|
|
15
|
+
|
|
1
16
|
# 2.2.20 (June 11, 2021)
|
|
2
17
|
|
|
3
18
|
## Enhancements:
|
data/lib/bundler.rb
CHANGED
|
@@ -4,8 +4,8 @@ module Bundler
|
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
|
5
5
|
module BuildMetadata
|
|
6
6
|
# begin ivars
|
|
7
|
-
@built_at = "2021-06-
|
|
8
|
-
@git_commit_sha = "
|
|
7
|
+
@built_at = "2021-06-23".freeze
|
|
8
|
+
@git_commit_sha = "0b5db72094".freeze
|
|
9
9
|
@release = true
|
|
10
10
|
# end ivars
|
|
11
11
|
|
data/lib/bundler/cli/install.rb
CHANGED
|
@@ -33,12 +33,8 @@ module Bundler
|
|
|
33
33
|
|
|
34
34
|
options[:local] = true if Bundler.app_cache.exist?
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
else
|
|
39
|
-
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
|
40
|
-
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
|
41
|
-
end
|
|
36
|
+
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
|
37
|
+
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
|
42
38
|
end
|
|
43
39
|
|
|
44
40
|
# When install is called with --no-deployment, disable deployment mode
|
|
@@ -62,7 +58,10 @@ module Bundler
|
|
|
62
58
|
definition.validate_runtime!
|
|
63
59
|
|
|
64
60
|
installer = Installer.install(Bundler.root, definition, options)
|
|
65
|
-
|
|
61
|
+
|
|
62
|
+
Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
|
|
63
|
+
Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
|
|
64
|
+
end
|
|
66
65
|
|
|
67
66
|
Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
|
|
68
67
|
Bundler::CLI::Common.output_without_groups_message(:install)
|
data/lib/bundler/definition.rb
CHANGED
|
@@ -107,12 +107,14 @@ module Bundler
|
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
@locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
|
110
|
-
@
|
|
110
|
+
@multisource_allowed = @locked_gem_sources.any?(&:multiple_remotes?) && (sources.aggregate_global_source? || Bundler.frozen_bundle?)
|
|
111
111
|
|
|
112
|
-
|
|
113
|
-
|
|
112
|
+
if @multisource_allowed
|
|
113
|
+
unless sources.aggregate_global_source?
|
|
114
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
|
|
114
115
|
|
|
115
|
-
|
|
116
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
|
117
|
+
end
|
|
116
118
|
|
|
117
119
|
@sources.merged_gem_lockfile_sections!
|
|
118
120
|
end
|
|
@@ -156,8 +158,8 @@ module Bundler
|
|
|
156
158
|
end
|
|
157
159
|
end
|
|
158
160
|
|
|
159
|
-
def
|
|
160
|
-
@
|
|
161
|
+
def multisource_allowed?
|
|
162
|
+
@multisource_allowed
|
|
161
163
|
end
|
|
162
164
|
|
|
163
165
|
def resolve_only_locally!
|
|
@@ -510,7 +512,7 @@ module Bundler
|
|
|
510
512
|
private
|
|
511
513
|
|
|
512
514
|
def precompute_source_requirements_for_indirect_dependencies?
|
|
513
|
-
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.
|
|
515
|
+
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
|
|
514
516
|
end
|
|
515
517
|
|
|
516
518
|
def current_ruby_platform_locked?
|
|
@@ -627,7 +629,7 @@ module Bundler
|
|
|
627
629
|
end
|
|
628
630
|
|
|
629
631
|
def converge_rubygems_sources
|
|
630
|
-
return false
|
|
632
|
+
return false unless multisource_allowed?
|
|
631
633
|
|
|
632
634
|
return false if locked_gem_sources.empty?
|
|
633
635
|
|
data/lib/bundler/feature_flag.rb
CHANGED
|
@@ -31,7 +31,6 @@ module Bundler
|
|
|
31
31
|
settings_flag(:auto_clean_without_path) { bundler_3_mode? }
|
|
32
32
|
settings_flag(:cache_all) { bundler_3_mode? }
|
|
33
33
|
settings_flag(:default_install_uses_path) { bundler_3_mode? }
|
|
34
|
-
settings_flag(:deployment_means_frozen) { bundler_3_mode? }
|
|
35
34
|
settings_flag(:forget_cli_options) { bundler_3_mode? }
|
|
36
35
|
settings_flag(:global_gem_cache) { bundler_3_mode? }
|
|
37
36
|
settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
|
|
@@ -111,7 +111,7 @@ module Bundler
|
|
|
111
111
|
def bundle_worker(func = nil)
|
|
112
112
|
@bundle_worker ||= begin
|
|
113
113
|
worker_name = "Compact Index (#{display_uri.host})"
|
|
114
|
-
Bundler::Worker.new(Bundler.
|
|
114
|
+
Bundler::Worker.new(Bundler.settings.processor_count, worker_name, func)
|
|
115
115
|
end
|
|
116
116
|
@bundle_worker.tap do |worker|
|
|
117
117
|
worker.instance_variable_set(:@func, func) if func
|
data/lib/bundler/installer.rb
CHANGED
|
@@ -222,14 +222,7 @@ module Bundler
|
|
|
222
222
|
# Parallelization has some issues on Windows, so it's not yet the default
|
|
223
223
|
return 1 if Gem.win_platform?
|
|
224
224
|
|
|
225
|
-
processor_count
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
def processor_count
|
|
229
|
-
require "etc"
|
|
230
|
-
Etc.nprocessors
|
|
231
|
-
rescue StandardError
|
|
232
|
-
1
|
|
225
|
+
Bundler.settings.processor_count
|
|
233
226
|
end
|
|
234
227
|
|
|
235
228
|
def load_plugins
|
data/lib/bundler/resolver.rb
CHANGED
|
@@ -30,8 +30,10 @@ module Bundler
|
|
|
30
30
|
@resolver = Molinillo::Resolver.new(self, self)
|
|
31
31
|
@search_for = {}
|
|
32
32
|
@base_dg = Molinillo::DependencyGraph.new
|
|
33
|
+
aggregate_global_source = @source_requirements[:default].is_a?(Source::RubygemsAggregate)
|
|
33
34
|
@base.each do |ls|
|
|
34
35
|
dep = Dependency.new(ls.name, ls.version)
|
|
36
|
+
ls.source = source_for(ls.name) unless aggregate_global_source
|
|
35
37
|
@base_dg.add_vertex(ls.name, DepProxy.get_proxy(dep, ls.platform), true)
|
|
36
38
|
end
|
|
37
39
|
additional_base_requirements.each {|d| @base_dg.add_vertex(d.name, d) }
|
data/lib/bundler/settings.rb
CHANGED
|
@@ -16,7 +16,6 @@ module Bundler
|
|
|
16
16
|
clean
|
|
17
17
|
default_install_uses_path
|
|
18
18
|
deployment
|
|
19
|
-
deployment_means_frozen
|
|
20
19
|
disable_checksum_validation
|
|
21
20
|
disable_exec_load
|
|
22
21
|
disable_local_branch_check
|
|
@@ -210,6 +209,13 @@ module Bundler
|
|
|
210
209
|
locations
|
|
211
210
|
end
|
|
212
211
|
|
|
212
|
+
def processor_count
|
|
213
|
+
require "etc"
|
|
214
|
+
Etc.nprocessors
|
|
215
|
+
rescue StandardError
|
|
216
|
+
1
|
|
217
|
+
end
|
|
218
|
+
|
|
213
219
|
# for legacy reasons, in Bundler 2, we do not respect :disable_shared_gems
|
|
214
220
|
def path
|
|
215
221
|
configs.each do |_level, settings|
|
|
@@ -67,12 +67,12 @@ module Bundler
|
|
|
67
67
|
o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
def
|
|
71
|
-
@remotes.size
|
|
70
|
+
def multiple_remotes?
|
|
71
|
+
@remotes.size > 1
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
def can_lock?(spec)
|
|
75
|
-
return super
|
|
75
|
+
return super unless multiple_remotes?
|
|
76
76
|
spec.source.is_a?(Rubygems)
|
|
77
77
|
end
|
|
78
78
|
|
data/lib/bundler/source_list.rb
CHANGED
|
@@ -32,8 +32,8 @@ module Bundler
|
|
|
32
32
|
@merged_gem_lockfile_sections = true
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
def
|
|
36
|
-
global_rubygems_source.
|
|
35
|
+
def aggregate_global_source?
|
|
36
|
+
global_rubygems_source.multiple_remotes?
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def add_path_source(options = {})
|
|
@@ -185,6 +185,8 @@ module Bundler
|
|
|
185
185
|
end
|
|
186
186
|
|
|
187
187
|
def equal_source?(source, other_source)
|
|
188
|
+
return source.include?(other_source) if source.is_a?(Source::Rubygems) && other_source.is_a?(Source::Rubygems) && !merged_gem_lockfile_sections?
|
|
189
|
+
|
|
188
190
|
source == other_source
|
|
189
191
|
end
|
|
190
192
|
|
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
<%- end -%>
|
|
17
17
|
spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"
|
|
18
18
|
|
|
19
|
-
spec.metadata["allowed_push_host"] = "TODO: Set to '
|
|
19
|
+
spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'"
|
|
20
20
|
|
|
21
21
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
22
22
|
spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
|
data/lib/bundler/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.21
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- André Arko
|
|
@@ -22,7 +22,7 @@ authors:
|
|
|
22
22
|
autorequire:
|
|
23
23
|
bindir: exe
|
|
24
24
|
cert_chain: []
|
|
25
|
-
date: 2021-06-
|
|
25
|
+
date: 2021-06-23 00:00:00.000000000 Z
|
|
26
26
|
dependencies: []
|
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
|
28
28
|
across many machines, systematically and repeatably
|
|
@@ -354,7 +354,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
354
354
|
- !ruby/object:Gem::Version
|
|
355
355
|
version: 2.5.2
|
|
356
356
|
requirements: []
|
|
357
|
-
rubygems_version: 3.2.
|
|
357
|
+
rubygems_version: 3.2.21
|
|
358
358
|
signing_key:
|
|
359
359
|
specification_version: 4
|
|
360
360
|
summary: The best way to manage your application's dependencies
|