rubygems-update 2.7.3 → 2.7.11

data/bundler/bundler.gemspec

@@ -9,7 +9,8 @@ Gem::Specification.new do |s|
   s.version     = Bundler::VERSION
   s.license     = "MIT"
   s.authors     = [
-    "André Arko", "Samuel Giddins", "Chris Morris", "James Wen", "Tim Moore",
+    "André Arko", "Samuel Giddins", "Colby Swandale", "Hiroshi Shibata",
+    "David Rodríguez", "Grey Baker", "Stephanie Morillo", "Chris Morris", "James Wen", "Tim Moore",
     "André Medeiros", "Jessica Lynn Suttles", "Terence Lee", "Carl Lerche",
     "Yehuda Katz"
   ]
@@ -48,6 +49,8 @@ Gem::Specification.new do |s|
   s.files += Dir.glob("man/**/*")
   # Include the CHANGELOG.md, LICENSE.md, README.md manually
   s.files += %w[CHANGELOG.md LICENSE.md README.md]
+  # include the gemspec itself because warbler breaks w/o it
+  s.files += %w[bundler.gemspec]
 
   s.bindir        = "exe"
   s.executables   = %w[bundle bundler]

data/bundler/lib/bundler.rb

@@ -136,7 +136,7 @@ module Bundler
       end
     end
 
-    def frozen?
+    def frozen_bundle?
       frozen = settings[:deployment]
       frozen ||= settings[:frozen] unless feature_flag.deployment_means_frozen?
       frozen
@@ -159,16 +159,18 @@ module Bundler
     def user_home
       @user_home ||= begin
         home = Bundler.rubygems.user_home
+        bundle_home = home ? File.join(home, ".bundle") : nil
 
         warning = if home.nil?
           "Your home directory is not set."
         elsif !File.directory?(home)
           "`#{home}` is not a directory."
-        elsif !File.writable?(home)
+        elsif !File.writable?(home) && (!File.directory?(bundle_home) || !File.writable?(bundle_home))
           "`#{home}` is not writable."
         end
 
         if warning
+          Kernel.send(:require, "etc")
           user_home = tmp_home_path(Etc.getlogin, warning)
           Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
           user_home
@@ -189,7 +191,7 @@ module Bundler
         end
         tmp_home_path.join(login).tap(&:mkpath)
       end
-    rescue => e
+    rescue RuntimeError => e
       raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
     end
 
@@ -359,8 +361,8 @@ EOF
       @requires_sudo = settings.allow_sudo? && sudo_present && sudo_needed
     end
 
-    def mkdir_p(path)
-      if requires_sudo?
+    def mkdir_p(path, options = {})
+      if requires_sudo? && !options[:no_sudo]
         sudo "mkdir -p '#{path}'" unless File.exist?(path)
       else
         SharedHelpers.filesystem_access(path, :write) do |p|
@@ -407,12 +409,14 @@ EOF
     end
 
     def read_file(file)
-      File.open(file, "rb", &:read)
+      SharedHelpers.filesystem_access(file, :read) do
+        File.open(file, "r:UTF-8", &:read)
+      end
     end
 
     def load_marshal(data)
       Marshal.load(data)
-    rescue => e
+    rescue StandardError => e
       raise MarshalError, "#{e.class}: #{e.message}"
     end
 
@@ -427,7 +431,7 @@ EOF
 
     def load_gemspec_uncached(file, validate = false)
       path = Pathname.new(file)
-      contents = path.read
+      contents = read_file(file)
       spec = if contents.start_with?("---") # YAML header
         eval_yaml_gemspec(path, contents)
       else

data/bundler/lib/bundler/build_metadata.rb

@@ -4,6 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
+    @built_at = "2020-12-09".freeze
+    @git_commit_sha = "8a789f00bf".freeze
     @release = false
     # end ivars
 
@@ -23,9 +25,24 @@ module Bundler
 
     # The SHA for the git commit the bundler gem was built from.
     def self.git_commit_sha
-      @git_commit_sha ||= Dir.chdir(File.expand_path("..", __FILE__)) do
-        `git rev-parse --short HEAD`.strip.freeze
+      return @git_commit_sha if @git_commit_sha
+
+      # If Bundler has been installed without its .git directory and without a
+      # commit instance variable then we can't determine its commits SHA.
+      git_dir = File.join(File.expand_path("../../..", __FILE__), ".git")
+      if File.directory?(git_dir)
+        return @git_commit_sha = Dir.chdir(git_dir) { `git rev-parse --short HEAD`.strip.freeze }
+      end
+
+      # If Bundler is a submodule in RubyGems, get the submodule commit
+      git_sub_dir = File.join(File.expand_path("../../../..", __FILE__), ".git")
+      if File.directory?(git_sub_dir)
+        return @git_commit_sha = Dir.chdir(git_sub_dir) do
+          `git ls-tree --abbrev=8 HEAD bundler`.split(/\s/).fetch(2, "").strip.freeze
+        end
       end
+
+      @git_commit_sha ||= "unknown"
     end
 
     # Whether this is an official release build of Bundler.

data/bundler/lib/bundler/cli.rb

@@ -717,6 +717,8 @@ module Bundler
       command_name = current_command.name
       return if PARSEABLE_COMMANDS.include?(command_name)
 
+      return unless SharedHelpers.md5_available?
+
       latest = Fetcher::CompactIndex.
                new(nil, Source::Rubygems::Remote.new(URI("https://rubygems.org")), nil).
                send(:compact_index_client).
@@ -739,7 +741,7 @@ module Bundler
       end
 
       Bundler.ui.warn "The latest bundler is #{latest}, but you are currently running #{current}.\n#{suggestion}"
-    rescue
+    rescue RuntimeError
       nil
     end
   end

data/bundler/lib/bundler/cli/check.rb

@@ -26,7 +26,7 @@ module Bundler
         not_installed.each {|s| Bundler.ui.error " * #{s.name} (#{s.version})" }
         Bundler.ui.warn "Install missing gems with `bundle install`"
         exit 1
-      elsif !Bundler.default_lockfile.file? && Bundler.frozen?
+      elsif !Bundler.default_lockfile.file? && Bundler.frozen_bundle?
         Bundler.ui.error "This bundle has been frozen, but there is no #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} present"
         exit 1
       else

data/bundler/lib/bundler/cli/exec.rb

@@ -6,7 +6,7 @@ module Bundler
   class CLI::Exec
     attr_reader :options, :args, :cmd
 
-    RESERVED_SIGNALS = %w[SEGV BUS ILL FPE VTALRM KILL STOP].freeze
+    TRAPPED_SIGNALS = %w[INT].freeze
 
     def initialize(options, args)
       @options = options
@@ -70,15 +70,14 @@ module Bundler
       ui = Bundler.ui
       Bundler.ui = nil
       require "bundler/setup"
-      signals = Signal.list.keys - RESERVED_SIGNALS
-      signals.each {|s| trap(s, "DEFAULT") }
+      TRAPPED_SIGNALS.each {|s| trap(s, "DEFAULT") }
       Kernel.load(file)
     rescue SystemExit, SignalException
       raise
     rescue Exception => e # rubocop:disable Lint/RescueException
       Bundler.ui = ui
       Bundler.ui.error "bundler: failed to load command: #{cmd} (#{file})"
-      backtrace = e.backtrace.take_while {|bt| !bt.start_with?(__FILE__) }
+      backtrace = e.backtrace ? e.backtrace.take_while {|bt| !bt.start_with?(__FILE__) } : []
       abort "#{e.class}: #{e.message}\n  #{backtrace.join("\n  ")}"
     end
 
@@ -90,6 +89,7 @@ module Bundler
       possibilities = [
         "#!/usr/bin/env ruby\n",
         "#!/usr/bin/env jruby\n",
+        "#!/usr/bin/env truffleruby\n",
         "#!#{Gem.ruby}\n",
       ]
 

data/bundler/lib/bundler/cli/gem.rb

@@ -83,7 +83,7 @@ module Bundler
         config[:test] = test_framework
         config[:test_framework_version] = TEST_FRAMEWORK_VERSIONS[test_framework]
 
-        templates.merge!(".travis.yml.tt" => ".travis.yml")
+        templates.merge!("travis.yml.tt" => ".travis.yml")
 
         case test_framework
         when "rspec"
@@ -105,7 +105,7 @@ module Bundler
       if ask_and_set(:mit, "Do you want to license your code permissively under the MIT license?",
         "This means that any other developer or company will be legally allowed to use your code " \
         "for free as long as they admit you created it. You can read more about the MIT license " \
-        "at http://choosealicense.com/licenses/mit.")
+        "at https://choosealicense.com/licenses/mit.")
         config[:mit] = true
         Bundler.ui.info "MIT License enabled in config"
         templates.merge!("LICENSE.txt.tt" => "LICENSE.txt")
@@ -118,7 +118,7 @@ module Bundler
         "of enforcing it, so be sure that you are prepared to do that. Be sure that your email " \
         "address is specified as a contact in the generated code of conduct so that people know " \
         "who to contact in case of a violation. For suggestions about " \
-        "how to enforce codes of conduct, see http://bit.ly/coc-enforcement.")
+        "how to enforce codes of conduct, see https://bit.ly/coc-enforcement.")
         config[:coc] = true
         Bundler.ui.info "Code of conduct enabled in config"
         templates.merge!("CODE_OF_CONDUCT.md.tt" => "CODE_OF_CONDUCT.md")
@@ -158,6 +158,9 @@ module Bundler
 
       # Open gemspec in editor
       open_editor(options["edit"], target.join("#{name}.gemspec")) if options[:edit]
+
+      Bundler.ui.info "Gem '#{name}' was successfully created. " \
+        "For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
     rescue Errno::EEXIST => e
       raise GenericSystemCallError.new(e, "There was a conflict while creating the new gem.")
     end

data/bundler/lib/bundler/cli/init.rb

@@ -13,6 +13,11 @@ module Bundler
         exit 1
       end
 
+      unless File.writable?(Dir.pwd)
+        Bundler.ui.error "Can not create #{gemfile} as the current directory is not writable."
+        exit 1
+      end
+
       if options[:gemspec]
         gemspec = File.expand_path(options[:gemspec])
         unless File.exist?(gemspec)
@@ -36,11 +41,7 @@ module Bundler
   private
 
     def gemfile
-      @gemfile ||= begin
-        Bundler.default_gemfile
-      rescue GemfileNotFound
-        Bundler.feature_flag.init_gems_rb? ? "gems.rb" : "Gemfile"
-      end
+      @gemfile ||= Bundler.feature_flag.init_gems_rb? ? "gems.rb" : "Gemfile"
     end
   end
 end

data/bundler/lib/bundler/cli/install.rb

@@ -23,7 +23,7 @@ module Bundler
 
       check_trust_policy
 
-      if options[:deployment] || options[:frozen] || Bundler.frozen?
+      if options[:deployment] || options[:frozen] || Bundler.frozen_bundle?
         unless Bundler.default_lockfile.exist?
           flag   = "--deployment flag" if options[:deployment]
           flag ||= "--frozen flag"     if options[:frozen]
@@ -63,7 +63,7 @@ module Bundler
       definition.validate_runtime!
 
       installer = Installer.install(Bundler.root, definition, options)
-      Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen?
+      Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
 
       Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
       Bundler::CLI::Common.output_without_groups_message

data/bundler/lib/bundler/cli/outdated.rb

@@ -213,7 +213,7 @@ module Bundler
     end
 
     def check_for_deployment_mode
-      return unless Bundler.frozen?
+      return unless Bundler.frozen_bundle?
       suggested_command = if Bundler.settings.locations("frozen")[:global]
         "bundle config --delete frozen"
       elsif Bundler.settings.locations("deployment").keys.&([:global, :local]).any?

data/bundler/lib/bundler/cli/update.rb

@@ -38,8 +38,8 @@ module Bundler
         Bundler::CLI::Common.ensure_all_gems_in_lockfile!(gems)
 
         if groups.any?
-          specs = Bundler.definition.specs_for groups
-          gems.concat(specs.map(&:name))
+          deps = Bundler.definition.dependencies.select {|d| (d.groups & groups).any? }
+          gems.concat(deps.map(&:name))
         end
 
         Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
@@ -68,13 +68,15 @@ module Bundler
 
       if locked_gems = Bundler.definition.locked_gems
         gems.each do |name|
-          locked_version = locked_gems.specs.find {|s| s.name == name }.version
+          locked_version = locked_gems.specs.find {|s| s.name == name }
+          locked_version &&= locked_version.version
+          next unless locked_version
           new_version = Bundler.definition.specs[name].first
           new_version &&= new_version.version
           if !new_version
             Bundler.ui.warn "Bundler attempted to update #{name} but it was removed from the bundle"
           elsif new_version < locked_version
-            Bundler.ui.warn "Bundler attempted to update #{name} but its version regressed from #{locked_version} to #{new_version}"
+            Bundler.ui.warn "Note: #{name} version regressed from #{locked_version} to #{new_version}"
           elsif new_version == locked_version
             Bundler.ui.warn "Bundler attempted to update #{name} but its version stayed the same"
           end

data/bundler/lib/bundler/compact_index_client/updater.rb

@@ -33,7 +33,9 @@ module Bundler
 
           # first try to fetch any new bytes on the existing file
           if retrying.nil? && local_path.file?
-            FileUtils.cp local_path, local_temp_path
+            SharedHelpers.filesystem_access(local_temp_path) do
+              FileUtils.cp local_path, local_temp_path
+            end
             headers["If-None-Match"] = etag_for(local_temp_path)
             headers["Range"] =
               if local_temp_path.size.nonzero?
@@ -78,6 +80,13 @@ module Bundler
 
           update(local_path, remote_path, :retrying)
         end
+      rescue Errno::EACCES
+        raise Bundler::PermissionError,
+          "Bundler does not have write access to create a temp directory " \
+          "within #{Dir.tmpdir}. Bundler must have write access to your " \
+          "systems temp directory to function properly. "
+      rescue Zlib::GzipFile::Error
+        raise Bundler::HTTPError
       end
 
       def etag_for(path)

data/bundler/lib/bundler/current_ruby.rb

@@ -18,6 +18,7 @@ module Bundler
       2.3
       2.4
       2.5
+      2.6
     ].freeze
 
     KNOWN_MAJOR_VERSIONS = KNOWN_MINOR_VERSIONS.map {|v| v.split(".", 2).first }.uniq.freeze
@@ -31,11 +32,13 @@ module Bundler
       mswin64
       rbx
       ruby
+      truffleruby
       x64_mingw
     ].freeze
 
     def ruby?
-      !mswin? && (!defined?(RUBY_ENGINE) || RUBY_ENGINE == "ruby" || RUBY_ENGINE == "rbx" || RUBY_ENGINE == "maglev")
+      !mswin? && (!defined?(RUBY_ENGINE) || RUBY_ENGINE == "ruby" ||
+          RUBY_ENGINE == "rbx" || RUBY_ENGINE == "maglev" || RUBY_ENGINE == "truffleruby")
     end
 
     def mri?
@@ -54,6 +57,10 @@ module Bundler
       defined?(RUBY_ENGINE) && RUBY_ENGINE == "maglev"
     end
 
+    def truffleruby?
+      defined?(RUBY_ENGINE) && RUBY_ENGINE == "truffleruby"
+    end
+
     def mswin?
       Bundler::WINDOWS
     end

data/bundler/lib/bundler/definition.rb

@@ -77,6 +77,7 @@ module Bundler
       @lockfile_contents      = String.new
       @locked_bundler_version = nil
       @locked_ruby_version    = nil
+      @locked_specs_incomplete_for_platform = false
 
       if lockfile && File.exist?(lockfile)
         @lockfile_contents = Bundler.read_file(lockfile)
@@ -113,15 +114,15 @@ module Bundler
       end
       @unlocking ||= @unlock[:ruby] ||= (!@locked_ruby_version ^ !@ruby_version)
 
-      add_current_platform unless Bundler.frozen?
+      add_current_platform unless Bundler.frozen_bundle?
 
       converge_path_sources_to_gemspec_sources
       @path_changes = converge_paths
       @source_changes = converge_sources
 
       unless @unlock[:lock_shared_dependencies]
-        eager_unlock = expand_dependencies(@unlock[:gems])
-        @unlock[:gems] = @locked_specs.for(eager_unlock).map(&:name)
+        eager_unlock = expand_dependencies(@unlock[:gems], true)
+        @unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
       end
 
       @gem_version_promoter = create_gem_version_promoter
@@ -175,7 +176,7 @@ module Bundler
           raise GemNotFound, "Your bundle is locked to #{locked_gem}, but that version could not " \
                              "be found in any of the sources listed in your Gemfile. If you haven't changed sources, " \
                              "that means the author of #{locked_gem} has removed it. You'll need to update your bundle " \
-                             "to a different version of #{locked_gem} that hasn't been removed in order to install."
+                             "to a version other than #{locked_gem} that hasn't been removed in order to install."
         end
         unless specs["bundler"].any?
           bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
@@ -245,17 +246,22 @@ module Bundler
     def resolve
       @resolve ||= begin
         last_resolve = converge_locked_specs
-        if Bundler.frozen?
-          Bundler.ui.debug "Frozen, using resolution from the lockfile"
-          last_resolve
-        elsif !unlocking? && nothing_changed?
-          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
-          last_resolve
-        else
-          # Run a resolve against the locally available gems
-          Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-          last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
-        end
+        resolve =
+          if Bundler.frozen_bundle?
+            Bundler.ui.debug "Frozen, using resolution from the lockfile"
+            last_resolve
+          elsif !unlocking? && nothing_changed?
+            Bundler.ui.debug("Found no changes, using resolution from the lockfile")
+            last_resolve
+          else
+            # Run a resolve against the locally available gems
+            Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
+            last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+          end
+
+        # filter out gems that _can_ be installed on multiple platforms, but don't need
+        # to be
+        resolve.for(expand_dependencies(dependencies, true), [], false, false, false)
       end
     end
 
@@ -295,7 +301,7 @@ module Bundler
         end
 
         sources.all_sources.each do |source|
-          source.double_check_for(unmet_dependency_names, :override_dupes)
+          source.double_check_for(unmet_dependency_names)
         end
 
         break if idxcount == idx.size
@@ -336,10 +342,11 @@ module Bundler
         end
       end
 
-      preserve_unknown_sections ||= !updating_major && (Bundler.frozen? || !(unlocking? || @unlocking_bundler))
-      return if lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+
+      return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
 
-      if Bundler.frozen?
+      if Bundler.frozen_bundle?
         Bundler.ui.error "Cannot write a changed lockfile while frozen."
         return
       end
@@ -530,7 +537,7 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
     end
 
     def unlocking?
@@ -557,6 +564,7 @@ module Bundler
         [@new_platform, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
+        [@locked_specs_incomplete_for_platform, "the lockfile does not have all gems needed for the current platform"],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -682,7 +690,7 @@ module Bundler
     end
 
     def converge_dependencies
-      frozen = Bundler.frozen?
+      frozen = Bundler.frozen_bundle?
       (@dependencies + @locked_deps.values).each do |dep|
         locked_source = @locked_deps[dep.name]
         # This is to make sure that if bundler is installing in deployment mode and
@@ -803,7 +811,9 @@ module Bundler
       end
 
       resolve = SpecSet.new(converged)
-      resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems], false, false, false)
+      expanded_deps = expand_dependencies(deps, true)
+      @locked_specs_incomplete_for_platform = !resolve.for(expanded_deps, @unlock[:gems], true, true)
+      resolve = resolve.for(expanded_deps, @unlock[:gems], false, false, false)
       diff    = nil
 
       # Now, we unlock any sources that do not have anymore gems pinned to it
@@ -965,10 +975,10 @@ module Bundler
 
     def additional_base_requirements_for_resolve
       return [] unless @locked_gems && Bundler.feature_flag.only_update_to_newer_versions?
-      dependencies_by_name = dependencies.group_by(&:name)
+      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
       @locked_gems.specs.reduce({}) do |requirements, locked_spec|
         name = locked_spec.name
-        next requirements if @locked_deps[name] != dependencies_by_name[name]
+        next requirements if @locked_gems.dependencies[name] != dependencies_by_name[name]
         dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
         requirements[name] = DepProxy.new(dep, locked_spec.platform)
         requirements