bundler 2.4.9 → 2.4.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bea219e989f6693457e01025c959a3ece35ee46c5c07df07cd06e56f475c06dd
-  data.tar.gz: 389b2a53b46bb41a4c95d1ed70e6d4cc3f422de3e8f73ef70067c1e6477da277
+  metadata.gz: ce72b26ab92bb2518537d2dad1f4b2c68bc82f4a1a17ad16d3647df275981937
+  data.tar.gz: b6afc954f239e845d5127921fa29b114648a075c154e4c13dcbd25f100af4f03
 SHA512:
-  metadata.gz: 7f9d947e46ea956603b8893d024e6833da24b8684416b9d25376cac3279a641d6bf18bf156b67af1fa2c490020064e09eac1ae04ff759bf0945bc189298a24cb
-  data.tar.gz: f78b90fb696e544268cb590af87b7e6ab4d22c9918222d7d494dde6bc28c91b555af93afa0b61f8ae863a1c48f5151e0370d3443285ae45c7418745e8225f592
+  metadata.gz: 4fd7c530ab5761267f729fc16d40f287c2ab7873f45bdd7ec18bd9334fdec0466b521a5b369a8e1c485dd178def2c31c3aac5b38dba2e1816aa1ba2f7a0f3bdb
+  data.tar.gz: 4cca0f7b51657657ea12aa35620c0d14f23043d4bf78706e37c50c174cf5f7bc158b8549036b6f058691ecd93a67be1a25b98ffe9ecc9a26b3644181fcd2098c

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2.4.10 (March 27, 2023)
+
+## Bug fixes:
+
+  - Fix some unnecessary top level dependency downgrades [#6535](https://github.com/rubygems/rubygems/pull/6535)
+  - Fix incorrect ruby platform removal from lockfile when adding Gemfile dependencies [#6540](https://github.com/rubygems/rubygems/pull/6540)
+  - Fix installing plugins in frozen mode [#6543](https://github.com/rubygems/rubygems/pull/6543)
+  - Restore "enumerability" of `SpecSet` [#6532](https://github.com/rubygems/rubygems/pull/6532)
+
 # 2.4.9 (March 20, 2023)
 
 ## Security:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-03-20".freeze
-    @git_commit_sha = "6f8e92bcc6".freeze
+    @built_at = "2023-03-27".freeze
+    @git_commit_sha = "7ffdec80d0".freeze
     @release = true
     # end ivars
 

data/lib/bundler/definition.rb

@@ -726,6 +726,8 @@ module Bundler
           dep.source = sources.get(dep.source)
         end
 
+        next if unlocking?
+
         unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
@@ -886,8 +888,9 @@ module Bundler
     end
 
     def additional_base_requirements_for_resolve(resolution_packages, last_resolve)
-      return resolution_packages unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
+      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
       converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
+        next if locked_spec.source.is_a?(Source::Path)
         resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
       resolution_packages
@@ -898,6 +901,7 @@ module Bundler
                 Bundler.local_platform == Gem::Platform::RUBY ||
                 !platforms.include?(Gem::Platform::RUBY) ||
                 (@new_platform && platforms.last == Gem::Platform::RUBY) ||
+                @dependency_changes ||
                 !@originally_locked_specs.incomplete_ruby_specs?(dependencies)
 
       remove_platform(Gem::Platform::RUBY)

data/lib/bundler/plugin/installer.rb

@@ -83,8 +83,11 @@ module Bundler
 
         Bundler.configure_gem_home_and_path(Plugin.root)
 
-        definition = Definition.new(nil, deps, source_list, true)
-        install_definition(definition)
+        Bundler.settings.temporary(:deployment => false, :frozen => false) do
+          definition = Definition.new(nil, deps, source_list, true)
+
+          install_definition(definition)
+        end
       end
 
       # Installs the plugins and deps from the provided specs and returns map of

data/lib/bundler/resolver/base.rb

@@ -34,11 +34,9 @@ module Bundler
         @base[name]
       end
 
-      def delete(incomplete_specs)
-        incomplete_specs.each do |incomplete_spec|
-          incomplete_spec.partially_complete_specs.each do |spec|
-            @base.delete(spec)
-          end
+      def delete(specs)
+        specs.each do |spec|
+          @base.delete(spec)
         end
       end
 
@@ -51,10 +49,18 @@ module Bundler
       end
 
       def unlock_names(names)
-        names.each do |name|
-          @base.delete_by_name(name)
+        indirect_pins = indirect_pins(names)
 
-          @base_requirements.delete(name)
+        if indirect_pins.any?
+          loosen_names(indirect_pins)
+        else
+          pins = pins(names)
+
+          if pins.any?
+            loosen_names(pins)
+          else
+            unrestrict_names(names)
+          end
         end
       end
 
@@ -66,6 +72,30 @@ module Bundler
 
       private
 
+      def indirect_pins(names)
+        names.select {|name| @base_requirements[name].exact? && @requirements.none? {|dep| dep.name == name } }
+      end
+
+      def pins(names)
+        names.select {|name| @base_requirements[name].exact? }
+      end
+
+      def loosen_names(names)
+        names.each do |name|
+          version = @base_requirements[name].requirements.first[1]
+
+          @base_requirements[name] = Gem::Requirement.new(">= #{version}")
+
+          @base.delete_by_name(name)
+        end
+      end
+
+      def unrestrict_names(names)
+        names.each do |name|
+          @base_requirements.delete(name)
+        end
+      end
+
       def build_base_requirements
         base_requirements = {}
         @base.each do |ls|

data/lib/bundler/spec_set.rb

@@ -7,8 +7,11 @@ module Bundler
     include Enumerable
     include TSort
 
-    def initialize(specs)
+    attr_reader :incomplete_specs
+
+    def initialize(specs, incomplete_specs = [])
       @specs = specs
+      @incomplete_specs = incomplete_specs
     end
 
     def for(dependencies, check = false, platforms = [nil])
@@ -42,7 +45,7 @@ module Bundler
         end
 
         if incomplete && check
-          specs << IncompleteSpecification.new(name, lookup[name])
+          @incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
         end
       end
 
@@ -78,10 +81,10 @@ module Bundler
       lookup.dup
     end
 
-    def materialize(deps, platforms = [nil])
-      materialized = self.for(deps, true, platforms)
+    def materialize(deps)
+      materialized = self.for(deps, true)
 
-      SpecSet.new(materialized)
+      SpecSet.new(materialized, incomplete_specs)
     end
 
     # Materialize for all the specs in the spec set, regardless of what platform they're for
@@ -100,17 +103,17 @@ module Bundler
     def incomplete_ruby_specs?(deps)
       return false if @specs.empty?
 
-      materialize(deps, [Gem::Platform::RUBY]).incomplete_specs.any?
+      @incomplete_specs = []
+
+      self.for(deps, true, [Gem::Platform::RUBY])
+
+      @incomplete_specs.any?
     end
 
     def missing_specs
       @specs.select {|s| s.is_a?(LazySpecification) }
     end
 
-    def incomplete_specs
-      @specs.select {|s| s.is_a?(IncompleteSpecification) }
-    end
-
     def merge(set)
       arr = sorted.dup
       set.each do |set_spec|

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.4.9".freeze
+  VERSION = "2.4.10".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -62,7 +62,6 @@ module Bundler
   autoload :GemHelpers,             File.expand_path("bundler/gem_helpers", __dir__)
   autoload :GemVersionPromoter,     File.expand_path("bundler/gem_version_promoter", __dir__)
   autoload :Graph,                  File.expand_path("bundler/graph", __dir__)
-  autoload :IncompleteSpecification, File.expand_path("bundler/incomplete_specification", __dir__)
   autoload :Index,                  File.expand_path("bundler/index", __dir__)
   autoload :Injector,               File.expand_path("bundler/injector", __dir__)
   autoload :Installer,              File.expand_path("bundler/installer", __dir__)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.4.9
+  version: 2.4.10
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-03-20 00:00:00.000000000 Z
+date: 2023-03-27 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -103,7 +103,6 @@ files:
 - lib/bundler/gem_tasks.rb
 - lib/bundler/gem_version_promoter.rb
 - lib/bundler/graph.rb
-- lib/bundler/incomplete_specification.rb
 - lib/bundler/index.rb
 - lib/bundler/injector.rb
 - lib/bundler/inline.rb
@@ -381,7 +380,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.0.1
 requirements: []
-rubygems_version: 3.4.9
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies

data/lib/bundler/incomplete_specification.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-module Bundler
-  #
-  # Represents a package name that was found to be incomplete when trying to
-  # materialize a fresh resolution or the lockfile.
-  #
-  # Holds the actual partially complete set of specifications for the name.
-  # These are used so that they can be unlocked in a future resolution, and fix
-  # the situation.
-  #
-  class IncompleteSpecification
-    attr_reader :name, :partially_complete_specs
-
-    def initialize(name, partially_complete_specs = [])
-      @name = name
-      @partially_complete_specs = partially_complete_specs
-    end
-
-    def ==(other)
-      partially_complete_specs == other.partially_complete_specs
-    end
-  end
-end