bundler 2.2.31 → 2.2.32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/lib/bundler/build_metadata.rb +2 -2
- data/lib/bundler/cli.rb +1 -1
- data/lib/bundler/definition.rb +35 -69
- data/lib/bundler/gem_helper.rb +2 -2
- data/lib/bundler/templates/newgem/standard.yml.tt +0 -2
- data/lib/bundler/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 71d34e0696d7d7121b9bf4db66aca17c0e0b115a1099fa8879e509784ee62e4d
|
4
|
+
data.tar.gz: 0a68018b980b5e28358609b632a3b5bbf738ec2fd664aa34c4cc7c3d3ff207ec
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2f0bc7ca02e4e2972c004cd40f4fb01c23ba52fdd8d0420733e2d4d0fe2afcc0a706f4985720c5ab8c9828821329f3e2b11328a2b61fe749833c1e8ba0d3edc7
|
7
|
+
data.tar.gz: 39220087ca48d38cb1980593607946da010cdf74e3a039e493d848c46eff798539aec4267e95e9d03807e143cc7cfcaa29a36f5118bb6e09bbc60b00fa77fe03
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# 2.2.32 (November 23, 2021)
|
2
|
+
|
3
|
+
## Enhancements:
|
4
|
+
|
5
|
+
- Clarify `bundle viz` deprecation [#5083](https://github.com/rubygems/rubygems/pull/5083)
|
6
|
+
- Unlock dependencies that no longer match lockfile [#5068](https://github.com/rubygems/rubygems/pull/5068)
|
7
|
+
- Use `shellsplit` instead of array of strings for git push [#5062](https://github.com/rubygems/rubygems/pull/5062)
|
8
|
+
- Re-enable `default_ignores` option for standard [#5003](https://github.com/rubygems/rubygems/pull/5003)
|
9
|
+
|
10
|
+
## Bug fixes:
|
11
|
+
|
12
|
+
- Fix downgrading dependencies by changing the `Gemfile` and running `bundle update` [#5078](https://github.com/rubygems/rubygems/pull/5078)
|
13
|
+
|
1
14
|
# 2.2.31 (November 8, 2021)
|
2
15
|
|
3
16
|
## Enhancements:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-11-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-11-23".freeze
|
8
|
+
@git_commit_sha = "20d4957649".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/lib/bundler/cli.rb
CHANGED
@@ -552,7 +552,7 @@ module Bundler
|
|
552
552
|
method_option :version, :type => :boolean, :default => false, :aliases => "-v", :desc => "Set to show each gem version."
|
553
553
|
method_option :without, :type => :array, :default => [], :aliases => "-W", :banner => "GROUP[ GROUP...]", :desc => "Exclude gems that are part of the specified named group."
|
554
554
|
def viz
|
555
|
-
SharedHelpers.major_deprecation 2, "The `viz` command has been
|
555
|
+
SharedHelpers.major_deprecation 2, "The `viz` command has been renamed to `graph` and moved to a plugin. See https://github.com/rubygems/bundler-graph"
|
556
556
|
require_relative "cli/viz"
|
557
557
|
Viz.new(options.dup).run
|
558
558
|
end
|
data/lib/bundler/definition.rb
CHANGED
@@ -649,25 +649,16 @@ module Bundler
|
|
649
649
|
end
|
650
650
|
|
651
651
|
def converge_dependencies
|
652
|
-
frozen = Bundler.frozen_bundle?
|
653
652
|
(@dependencies + locked_dependencies).each do |dep|
|
654
|
-
|
655
|
-
# This is to make sure that if bundler is installing in deployment mode and
|
656
|
-
# after locked_source and sources don't match, we still use locked_source.
|
657
|
-
if frozen && !locked_source.nil? &&
|
658
|
-
locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
|
659
|
-
dep.source = locked_source.source
|
660
|
-
elsif dep.source
|
653
|
+
if dep.source
|
661
654
|
dep.source = sources.get(dep.source)
|
662
655
|
end
|
663
656
|
end
|
664
657
|
|
665
658
|
changes = false
|
666
|
-
|
667
|
-
|
668
|
-
|
669
|
-
@dependencies.each do |dependency|
|
670
|
-
unless locked_dep = @locked_deps[dependency.name]
|
659
|
+
|
660
|
+
@dependencies.each do |dep|
|
661
|
+
unless locked_dep = @locked_deps[dep.name]
|
671
662
|
changes = true
|
672
663
|
next
|
673
664
|
end
|
@@ -678,11 +669,11 @@ module Bundler
|
|
678
669
|
# directive, the lockfile dependencies and resolved dependencies end up
|
679
670
|
# with a mismatch on #type. Work around that by setting the type on the
|
680
671
|
# dep from the lockfile.
|
681
|
-
locked_dep.instance_variable_set(:@type,
|
672
|
+
locked_dep.instance_variable_set(:@type, dep.type)
|
682
673
|
|
683
674
|
# We already know the name matches from the hash lookup
|
684
675
|
# so we only need to check the requirement now
|
685
|
-
changes ||=
|
676
|
+
changes ||= dep.requirement != locked_dep.requirement
|
686
677
|
end
|
687
678
|
|
688
679
|
changes
|
@@ -692,34 +683,34 @@ module Bundler
|
|
692
683
|
# commonly happen if the Gemfile has changed since the lockfile was last
|
693
684
|
# generated
|
694
685
|
def converge_locked_specs
|
695
|
-
|
696
|
-
|
697
|
-
# Build a list of dependencies that are the same in the Gemfile
|
698
|
-
# and Gemfile.lock. If the Gemfile modified a dependency, but
|
699
|
-
# the gem in the Gemfile.lock still satisfies it, this is fine
|
700
|
-
# too.
|
701
|
-
@dependencies.each do |dep|
|
702
|
-
locked_dep = @locked_deps[dep.name]
|
686
|
+
resolve = converge_specs(@locked_specs)
|
703
687
|
|
704
|
-
|
705
|
-
locked_dep = nil unless locked_dep == dep
|
688
|
+
diff = nil
|
706
689
|
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
@locked_specs.each do |s|
|
711
|
-
@unlock[:gems] << s.name if s.source == dep.source
|
712
|
-
end
|
690
|
+
# Now, we unlock any sources that do not have anymore gems pinned to it
|
691
|
+
sources.all_sources.each do |source|
|
692
|
+
next unless source.respond_to?(:unlock!)
|
713
693
|
|
714
|
-
|
715
|
-
|
694
|
+
unless resolve.any? {|s| s.source == source }
|
695
|
+
diff ||= @locked_specs.to_a - resolve.to_a
|
696
|
+
source.unlock! if diff.any? {|s| s.source == source }
|
716
697
|
end
|
717
698
|
end
|
718
699
|
|
700
|
+
resolve
|
701
|
+
end
|
702
|
+
|
703
|
+
def converge_specs(specs)
|
704
|
+
deps = []
|
719
705
|
converged = []
|
720
|
-
|
706
|
+
specs.each do |s|
|
721
707
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
722
708
|
dep = @dependencies.find {|d| s.satisfies?(d) }
|
709
|
+
|
710
|
+
if dep && (!dep.source || s.source.include?(dep.source))
|
711
|
+
deps << dep
|
712
|
+
end
|
713
|
+
|
723
714
|
s.source = (dep && dep.source) || sources.get(s.source) unless multisource_allowed?
|
724
715
|
|
725
716
|
# Don't add a spec to the list if its source is expired. For example,
|
@@ -737,7 +728,7 @@ module Bundler
|
|
737
728
|
rescue PathError, GitError
|
738
729
|
# if we won't need the source (according to the lockfile),
|
739
730
|
# don't error if the path/git source isn't available
|
740
|
-
next if
|
731
|
+
next if specs.
|
741
732
|
for(requested_dependencies, false, true).
|
742
733
|
none? {|locked_spec| locked_spec.source == s.source }
|
743
734
|
|
@@ -753,35 +744,15 @@ module Bundler
|
|
753
744
|
s.dependencies.replace(new_spec.dependencies)
|
754
745
|
end
|
755
746
|
|
756
|
-
|
757
|
-
|
758
|
-
|
759
|
-
|
760
|
-
resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
761
|
-
diff = nil
|
762
|
-
|
763
|
-
# Now, we unlock any sources that do not have anymore gems pinned to it
|
764
|
-
sources.all_sources.each do |source|
|
765
|
-
next unless source.respond_to?(:unlock!)
|
766
|
-
|
767
|
-
unless resolve.any? {|s| s.source == source }
|
768
|
-
diff ||= @locked_specs.to_a - resolve.to_a
|
769
|
-
source.unlock! if diff.any? {|s| s.source == source }
|
747
|
+
if dep.nil? && @dependencies.find {|d| s.name == d.name }
|
748
|
+
@unlock[:gems] << s.name
|
749
|
+
else
|
750
|
+
converged << s
|
770
751
|
end
|
771
752
|
end
|
772
753
|
|
773
|
-
resolve
|
774
|
-
|
775
|
-
|
776
|
-
def in_locked_deps?(dep, locked_dep)
|
777
|
-
# Because the lockfile can't link a dep to a specific remote, we need to
|
778
|
-
# treat sources as equivalent anytime the locked dep has all the remotes
|
779
|
-
# that the Gemfile dep does.
|
780
|
-
locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
|
781
|
-
end
|
782
|
-
|
783
|
-
def satisfies_locked_spec?(dep)
|
784
|
-
@locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
|
754
|
+
resolve = SpecSet.new(converged)
|
755
|
+
SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
785
756
|
end
|
786
757
|
|
787
758
|
def metadata_dependencies
|
@@ -874,16 +845,11 @@ module Bundler
|
|
874
845
|
|
875
846
|
def additional_base_requirements_for_resolve
|
876
847
|
return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
|
877
|
-
|
878
|
-
@locked_gems.specs.reduce({}) do |requirements, locked_spec|
|
848
|
+
converge_specs(@locked_gems.specs).map do |locked_spec|
|
879
849
|
name = locked_spec.name
|
880
|
-
dependency = dependencies_by_name[name]
|
881
|
-
next requirements if @locked_gems.dependencies[name] != dependency
|
882
|
-
next requirements if dependency && dependency.source.is_a?(Source::Path)
|
883
850
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
884
|
-
|
885
|
-
|
886
|
-
end.values
|
851
|
+
DepProxy.get_proxy(dep, locked_spec.platform)
|
852
|
+
end
|
887
853
|
end
|
888
854
|
|
889
855
|
def equivalent_rubygems_remotes?(source)
|
data/lib/bundler/gem_helper.rb
CHANGED
@@ -129,8 +129,8 @@ module Bundler
|
|
129
129
|
|
130
130
|
def git_push(remote = nil)
|
131
131
|
remote ||= default_remote
|
132
|
-
sh(
|
133
|
-
sh(
|
132
|
+
sh("git push #{remote} refs/heads/#{current_branch}".shellsplit)
|
133
|
+
sh("git push #{remote} refs/tags/#{version_tag}".shellsplit)
|
134
134
|
Bundler.ui.confirm "Pushed git commits and release tag."
|
135
135
|
end
|
136
136
|
|
data/lib/bundler/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.32
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -22,7 +22,7 @@ authors:
|
|
22
22
|
autorequire:
|
23
23
|
bindir: exe
|
24
24
|
cert_chain: []
|
25
|
-
date: 2021-11-
|
25
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
26
26
|
dependencies: []
|
27
27
|
description: Bundler manages an application's dependencies through its entire life,
|
28
28
|
across many machines, systematically and repeatably
|
@@ -365,7 +365,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
365
365
|
- !ruby/object:Gem::Version
|
366
366
|
version: 2.5.2
|
367
367
|
requirements: []
|
368
|
-
rubygems_version: 3.2.
|
368
|
+
rubygems_version: 3.2.32
|
369
369
|
signing_key:
|
370
370
|
specification_version: 4
|
371
371
|
summary: The best way to manage your application's dependencies
|