bundler 2.2.31 → 2.2.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f37ed81265b4005a7aa68cf2ed66ccae92c7b53298d15f7881e88703666ffee5
-  data.tar.gz: 9f18b35034d82ae88c044595ea977e194cc815ce248e95ae7d5ae0cf0f66704b
+  metadata.gz: 71d34e0696d7d7121b9bf4db66aca17c0e0b115a1099fa8879e509784ee62e4d
+  data.tar.gz: 0a68018b980b5e28358609b632a3b5bbf738ec2fd664aa34c4cc7c3d3ff207ec
 SHA512:
-  metadata.gz: 800285d9a12c9d99c01f3418128f4913a96e7e739f9f4fc054c58014eca019d39b9fc3a15455f685db3a0510a523a8c2defa8d0df888ca30a7603e04910bae5f
-  data.tar.gz: 2407199f530007e4cd4eac12b339438074d9ac327a4aef3b96b7fc62e33abaed79da79e5b0d7b2604b6f58857097026c926635a083c2e830cec1ab67f7c97ca0
+  metadata.gz: 2f0bc7ca02e4e2972c004cd40f4fb01c23ba52fdd8d0420733e2d4d0fe2afcc0a706f4985720c5ab8c9828821329f3e2b11328a2b61fe749833c1e8ba0d3edc7
+  data.tar.gz: 39220087ca48d38cb1980593607946da010cdf74e3a039e493d848c46eff798539aec4267e95e9d03807e143cc7cfcaa29a36f5118bb6e09bbc60b00fa77fe03

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# 2.2.32 (November 23, 2021)
+
+## Enhancements:
+
+  - Clarify `bundle viz` deprecation [#5083](https://github.com/rubygems/rubygems/pull/5083)
+  - Unlock dependencies that no longer match lockfile [#5068](https://github.com/rubygems/rubygems/pull/5068)
+  - Use `shellsplit` instead of array of strings for git push [#5062](https://github.com/rubygems/rubygems/pull/5062)
+  - Re-enable `default_ignores` option for standard [#5003](https://github.com/rubygems/rubygems/pull/5003)
+
+## Bug fixes:
+
+  - Fix downgrading dependencies by changing the `Gemfile` and running `bundle update` [#5078](https://github.com/rubygems/rubygems/pull/5078)
+
 # 2.2.31 (November 8, 2021)
 
 ## Enhancements:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-11-08".freeze
-    @git_commit_sha = "2505ef8972".freeze
+    @built_at = "2021-11-23".freeze
+    @git_commit_sha = "20d4957649".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli.rb

@@ -552,7 +552,7 @@ module Bundler
       method_option :version, :type => :boolean, :default => false, :aliases => "-v", :desc => "Set to show each gem version."
       method_option :without, :type => :array, :default => [], :aliases => "-W", :banner => "GROUP[ GROUP...]", :desc => "Exclude gems that are part of the specified named group."
       def viz
-        SharedHelpers.major_deprecation 2, "The `viz` command has been moved to the `bundle-viz` gem, see https://github.com/rubygems/bundler-graph"
+        SharedHelpers.major_deprecation 2, "The `viz` command has been renamed to `graph` and moved to a plugin. See https://github.com/rubygems/bundler-graph"
         require_relative "cli/viz"
         Viz.new(options.dup).run
       end

data/lib/bundler/definition.rb

@@ -649,25 +649,16 @@ module Bundler
     end
 
     def converge_dependencies
-      frozen = Bundler.frozen_bundle?
       (@dependencies + locked_dependencies).each do |dep|
-        locked_source = @locked_deps[dep.name]
-        # This is to make sure that if bundler is installing in deployment mode and
-        # after locked_source and sources don't match, we still use locked_source.
-        if frozen && !locked_source.nil? &&
-            locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
-          dep.source = locked_source.source
-        elsif dep.source
+        if dep.source
           dep.source = sources.get(dep.source)
         end
       end
 
       changes = false
-      # We want to know if all match, but don't want to check all entries
-      # This means we need to return false if any dependency doesn't match
-      # the lock or doesn't exist in the lock.
-      @dependencies.each do |dependency|
-        unless locked_dep = @locked_deps[dependency.name]
+
+      @dependencies.each do |dep|
+        unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
         end
@@ -678,11 +669,11 @@ module Bundler
         # directive, the lockfile dependencies and resolved dependencies end up
         # with a mismatch on #type. Work around that by setting the type on the
         # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dependency.type)
+        locked_dep.instance_variable_set(:@type, dep.type)
 
         # We already know the name matches from the hash lookup
         # so we only need to check the requirement now
-        changes ||= dependency.requirement != locked_dep.requirement
+        changes ||= dep.requirement != locked_dep.requirement
       end
 
       changes
@@ -692,34 +683,34 @@ module Bundler
     # commonly happen if the Gemfile has changed since the lockfile was last
     # generated
     def converge_locked_specs
-      deps = []
-
-      # Build a list of dependencies that are the same in the Gemfile
-      # and Gemfile.lock. If the Gemfile modified a dependency, but
-      # the gem in the Gemfile.lock still satisfies it, this is fine
-      # too.
-      @dependencies.each do |dep|
-        locked_dep = @locked_deps[dep.name]
+      resolve = converge_specs(@locked_specs)
 
-        # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep
-        locked_dep = nil unless locked_dep == dep
+      diff = nil
 
-        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
-          deps << dep
-        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
-          @locked_specs.each do |s|
-            @unlock[:gems] << s.name if s.source == dep.source
-          end
+      # Now, we unlock any sources that do not have anymore gems pinned to it
+      sources.all_sources.each do |source|
+        next unless source.respond_to?(:unlock!)
 
-          dep.source.unlock! if dep.source.respond_to?(:unlock!)
-          dep.source.specs.each {|s| @unlock[:gems] << s.name }
+        unless resolve.any? {|s| s.source == source }
+          diff ||= @locked_specs.to_a - resolve.to_a
+          source.unlock! if diff.any? {|s| s.source == source }
         end
       end
 
+      resolve
+    end
+
+    def converge_specs(specs)
+      deps = []
       converged = []
-      @locked_specs.each do |s|
+      specs.each do |s|
         # Replace the locked dependency's source with the equivalent source from the Gemfile
         dep = @dependencies.find {|d| s.satisfies?(d) }
+
+        if dep && (!dep.source || s.source.include?(dep.source))
+          deps << dep
+        end
+
         s.source = (dep && dep.source) || sources.get(s.source) unless multisource_allowed?
 
         # Don't add a spec to the list if its source is expired. For example,
@@ -737,7 +728,7 @@ module Bundler
           rescue PathError, GitError
             # if we won't need the source (according to the lockfile),
             # don't error if the path/git source isn't available
-            next if @locked_specs.
+            next if specs.
                     for(requested_dependencies, false, true).
                     none? {|locked_spec| locked_spec.source == s.source }
 
@@ -753,35 +744,15 @@ module Bundler
           s.dependencies.replace(new_spec.dependencies)
         end
 
-        converged << s
-      end
-
-      resolve = SpecSet.new(converged)
-      resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
-      diff    = nil
-
-      # Now, we unlock any sources that do not have anymore gems pinned to it
-      sources.all_sources.each do |source|
-        next unless source.respond_to?(:unlock!)
-
-        unless resolve.any? {|s| s.source == source }
-          diff ||= @locked_specs.to_a - resolve.to_a
-          source.unlock! if diff.any? {|s| s.source == source }
+        if dep.nil? && @dependencies.find {|d| s.name == d.name }
+          @unlock[:gems] << s.name
+        else
+          converged << s
         end
       end
 
-      resolve
-    end
-
-    def in_locked_deps?(dep, locked_dep)
-      # Because the lockfile can't link a dep to a specific remote, we need to
-      # treat sources as equivalent anytime the locked dep has all the remotes
-      # that the Gemfile dep does.
-      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
-    end
-
-    def satisfies_locked_spec?(dep)
-      @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+      resolve = SpecSet.new(converged)
+      SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
     end
 
     def metadata_dependencies
@@ -874,16 +845,11 @@ module Bundler
 
     def additional_base_requirements_for_resolve
       return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
-      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
-      @locked_gems.specs.reduce({}) do |requirements, locked_spec|
+      converge_specs(@locked_gems.specs).map do |locked_spec|
         name = locked_spec.name
-        dependency = dependencies_by_name[name]
-        next requirements if @locked_gems.dependencies[name] != dependency
-        next requirements if dependency && dependency.source.is_a?(Source::Path)
         dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
-        requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
-        requirements
-      end.values
+        DepProxy.get_proxy(dep, locked_spec.platform)
+      end
     end
 
     def equivalent_rubygems_remotes?(source)

data/lib/bundler/gem_helper.rb

@@ -129,8 +129,8 @@ module Bundler
 
     def git_push(remote = nil)
       remote ||= default_remote
-      sh(%W[git push #{remote} refs/heads/#{current_branch}])
-      sh(%W[git push #{remote} refs/tags/#{version_tag}])
+      sh("git push #{remote} refs/heads/#{current_branch}".shellsplit)
+      sh("git push #{remote} refs/tags/#{version_tag}".shellsplit)
       Bundler.ui.confirm "Pushed git commits and release tag."
     end
 

data/lib/bundler/templates/newgem/standard.yml.tt

@@ -1,4 +1,2 @@
 # For available configuration options, see:
 #   https://github.com/testdouble/standard
-
-default_ignores: false

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.2.31".freeze
+  VERSION = "2.2.32".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.2.31
+  version: 2.2.32
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -365,7 +365,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.2.31
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies