rubygems-update 3.2.10 → 3.2.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e482e0b6b43dc7594405f537f149db6f78314c06e2a15c609f4023951ca0d7d7
-  data.tar.gz: ac6f951b732cdb60f3164e65d2c46f31c8e04c4bf70d50efc0059ad7f4ae2e6d
+  metadata.gz: 12f7d1b385b073b255590e0eee7807d5bb588ab877a9928e5edee6f3701e47b6
+  data.tar.gz: 425d632864b300c71cd1d62e9fdd045f94f4a6a088dbfc0a3a29977950958787
 SHA512:
-  metadata.gz: db6d0b7178aa13690c92fe513b08c1fb05772866384cf258b2350daa49fe1a635163511306ac2dc3b392a77a751404925478e4cabb61901c1ca46052a993b0cc
-  data.tar.gz: b545dc793092b3d0b79318763ca84e8cb0e8a91288de8351592cc11b9164930a22320701f0a8ad36051e0b986b65df6b5a400fcf6838e03f31f4e215cf431514
+  metadata.gz: ed5579f01a5c0a2d832779331df8900db7e0ed9bc6dc03f6f449ff76f9552f378d771424354629fbc34bd2ace0a9ab486cf79743065ece6d89d832a79383b97a
+  data.tar.gz: bf54441188feb5c8388676a46713113097aa978270514a3bcadf12564f8dd50ec671c0067c55727a927e7f6dfac27ce05bf13ba04731a44e749ce8c1b16d0470

data/CHANGELOG.md

@@ -1,3 +1,45 @@
+# 3.2.15 / 2021-03-18
+
+## Enhancements:
+
+* Prevent downgrades to untested rubygems versions. Pull request #4460 by
+  deivid-rodriguez
+
+## Bug fixes:
+
+* Fix missing require breaking `gem cert`. Pull request #4464 by lukehinds
+
+# 3.2.14 / 2021-03-08
+
+## Enhancements:
+
+* Less wrapping of network errors. Pull request #4064 by deivid-rodriguez
+
+## Bug fixes:
+
+* Revert addition of support for `musl` variants to restore graceful
+  fallback on Alpine. Pull request #4434 by deivid-rodriguez
+
+# 3.2.13 / 2021-03-03
+
+## Bug fixes:
+
+* Support non-gnu libc linux platforms. Pull request #4082 by lloeki
+
+# 3.2.12 / 2021-03-01
+
+## Bug fixes:
+
+* Restore the ability to manually install extension gems. Pull request
+  #4384 by cfis
+
+# 3.2.11 / 2021-02-17
+
+## Enhancements:
+
+* Optionally fallback to IPv4 when IPv6 is unreachable. Pull request #2662
+  by sonalkr132
+
 # 3.2.10 / 2021-02-15
 
 ## Documentation:

data/Manifest.txt

@@ -354,6 +354,7 @@ lib/rubygems/config_file.rb
 lib/rubygems/core_ext/kernel_gem.rb
 lib/rubygems/core_ext/kernel_require.rb
 lib/rubygems/core_ext/kernel_warn.rb
+lib/rubygems/core_ext/tcpsocket_init.rb
 lib/rubygems/defaults.rb
 lib/rubygems/dependency.rb
 lib/rubygems/dependency_installer.rb

data/Rakefile

@@ -15,6 +15,12 @@ task :update do |_, args|
   sh "ruby", "bundler/bin/bundle", "update", *args, "--gemfile=dev_gems.rb"
 end
 
+desc "Update the locked bundler version in dev environment"
+task :update_locked_bundler do |_, args|
+  sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=dev_gems.rb"
+  sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=bundler/test_gems.rb"
+end
+
 desc "Setup git hooks"
 task :git_hooks do
   sh "git config core.hooksPath .githooks"

data/bundler/CHANGELOG.md

@@ -1,3 +1,49 @@
+# 2.2.15 (March 18, 2021)
+
+## Enhancements:
+
+  - Add a hint about bundler installing executables for path gems [#4461](https://github.com/rubygems/rubygems/pull/4461)
+  - Warn lockfiles with incorrect resolutions [#4459](https://github.com/rubygems/rubygems/pull/4459)
+  - Don't generate duplicate redundant sources in the lockfile [#4456](https://github.com/rubygems/rubygems/pull/4456)
+
+## Bug fixes:
+
+  - Respect running ruby when resolving platforms [#4449](https://github.com/rubygems/rubygems/pull/4449)
+
+# 2.2.14 (March 8, 2021)
+
+## Security fixes:
+
+  - Lock GEM sources separately and fix locally installed specs confusing bundler [#4381](https://github.com/rubygems/rubygems/pull/4381)
+
+## Bug fixes:
+
+  - Make `rake` available to other gems' installers right after it's installed [#4428](https://github.com/rubygems/rubygems/pull/4428)
+  - Fix encoding issue on compact index updater [#4362](https://github.com/rubygems/rubygems/pull/4362)
+
+# 2.2.13 (March 3, 2021)
+
+## Enhancements:
+
+  - Respect user configured default branch in README links in new generated gems [#4303](https://github.com/rubygems/rubygems/pull/4303)
+
+## Bug fixes:
+
+  - Fix gems sometimes being pulled from irrelevant sources [#4418](https://github.com/rubygems/rubygems/pull/4418)
+
+# 2.2.12 (March 1, 2021)
+
+## Bug fixes:
+
+  - Fix sporadic warnings about `nil` gemspec on install/update and make those faster [#4409](https://github.com/rubygems/rubygems/pull/4409)
+  - Fix deployment install with duplicate path gems added to Gemfile [#4410](https://github.com/rubygems/rubygems/pull/4410)
+
+# 2.2.11 (February 17, 2021)
+
+## Bug fixes:
+
+  - Revert disable_multisource changes [#4385](https://github.com/rubygems/rubygems/pull/4385)
+
 # 2.2.10 (February 15, 2021)
 
 ## Security fixes:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-02-15".freeze
-    @git_commit_sha = "cc7c333721".freeze
+    @built_at = "2021-03-19".freeze
+    @git_commit_sha = "3dbcc68293".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/cli/gem.rb

@@ -39,11 +39,11 @@ module Bundler
       constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
       constant_array = constant_name.split("::")
 
-      git_installed = Bundler.git_present?
+      use_git = Bundler.git_present? && options[:git]
 
-      git_author_name = git_installed ? `git config user.name`.chomp : ""
-      github_username = git_installed ? `git config github.user`.chomp : ""
-      git_user_email = git_installed ? `git config user.email`.chomp : ""
+      git_author_name = use_git ? `git config user.name`.chomp : ""
+      github_username = use_git ? `git config github.user`.chomp : ""
+      git_user_email = use_git ? `git config user.email`.chomp : ""
 
       config = {
         :name             => name,
@@ -58,6 +58,7 @@ module Bundler
         :ext              => options[:ext],
         :exe              => options[:exe],
         :bundler_version  => bundler_dependency_version,
+        :git              => use_git,
         :github_username  => github_username.empty? ? "[USERNAME]" : github_username,
         :required_ruby_version => Gem.ruby_version < Gem::Version.new("2.4.a") ? "2.3.0" : "2.4.0",
       }
@@ -79,7 +80,7 @@ module Bundler
         bin/setup
       ]
 
-      templates.merge!("gitignore.tt" => ".gitignore") if Bundler.git_present?
+      templates.merge!("gitignore.tt" => ".gitignore") if use_git
 
       if test_framework = ask_and_set_test_framework
         config[:test] = test_framework
@@ -175,24 +176,31 @@ module Bundler
         )
       end
 
+      if File.exist?(target) && !File.directory?(target)
+        Bundler.ui.error "Couldn't create a new gem named `#{gem_name}` because there's an existing file named `#{gem_name}`."
+        exit Bundler::BundlerError.all_errors[Bundler::GenericSystemCallError]
+      end
+
+      if use_git
+        Bundler.ui.info "Initializing git repo in #{target}"
+        `git init #{target}`
+
+        config[:git_default_branch] = File.read("#{target}/.git/HEAD").split("/").last.chomp
+      end
+
       templates.each do |src, dst|
         destination = target.join(dst)
-        SharedHelpers.filesystem_access(destination) do
-          thor.template("newgem/#{src}", destination, config)
-        end
+        thor.template("newgem/#{src}", destination, config)
       end
 
       executables.each do |file|
-        SharedHelpers.filesystem_access(target.join(file)) do |path|
-          executable = (path.stat.mode | 0o111)
-          path.chmod(executable)
-        end
+        path = target.join(file)
+        executable = (path.stat.mode | 0o111)
+        path.chmod(executable)
       end
 
-      if Bundler.git_present? && options[:git]
-        Bundler.ui.info "Initializing git repo in #{target}"
+      if use_git
         Dir.chdir(target) do
-          `git init`
           `git add .`
         end
       end
@@ -202,8 +210,6 @@ module Bundler
 
       Bundler.ui.info "Gem '#{name}' was successfully created. " \
         "For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
-    rescue Errno::EEXIST => e
-      raise GenericSystemCallError.new(e, "There was a conflict while creating the new gem.")
     end
 
     private

data/bundler/lib/bundler/compact_index_client/updater.rb

@@ -54,7 +54,7 @@ module Bundler
             if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
               local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
             else
-              local_temp_path.open("w") {|f| f << content }
+              local_temp_path.open("wb") {|f| f << content }
             end
           end
 

data/bundler/lib/bundler/definition.rb

@@ -107,16 +107,14 @@ module Bundler
       end
 
       @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
+      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
 
       unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
-          "You should regenerate your lockfile in a non frozen environment."
+        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
 
         Bundler::SharedHelpers.major_deprecation 2, msg
 
-        @sources.allow_multisource!
-        @locked_gem_sources.each(&:allow_multisource!)
+        @sources.merged_gem_lockfile_sections!
       end
 
       @unlock[:gems] ||= []
@@ -162,10 +160,6 @@ module Bundler
       @disable_multisource
     end
 
-    def allow_multisource!
-      @disable_multisource = false
-    end
-
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -618,7 +612,7 @@ module Bundler
       deps_for_source = @dependencies.select {|s| s.source == source }
       locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
 
-      deps_for_source.sort != locked_deps_for_source.sort
+      deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
 
     def specs_for_source_changed?(source)
@@ -920,7 +914,7 @@ module Bundler
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:global] = index unless disable_multisource?
+      source_requirements[:global] = index unless Bundler.feature_flag.disable_multisource?
       source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
       source_requirements
@@ -988,10 +982,9 @@ module Bundler
     def dependency_source_requirements
       @dependency_source_requirements ||= begin
         source_requirements = {}
-        default = disable_multisource? && sources.default_source
+        default = sources.default_source
         dependencies.each do |dep|
           dep_source = dep.source || default
-          next unless dep_source
           source_requirements[dep.name] = dep_source
         end
         source_requirements

data/bundler/lib/bundler/dsl.rb

@@ -453,10 +453,8 @@ repo_name ||= user_name
     end
 
     def check_rubygems_source_safety
-      if @global_rubygems_sources.size <= 1
-        @sources.global_rubygems_source = @global_rubygems_sources.first
-        return
-      end
+      @sources.global_rubygems_source = @global_rubygems_sources.shift
+      return if @global_rubygems_sources.empty?
 
       @global_rubygems_sources.each do |source|
         @sources.add_rubygems_remote(source)

data/bundler/lib/bundler/feature_flag.rb

@@ -32,6 +32,7 @@ module Bundler
     settings_flag(:cache_all) { bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:deployment_means_frozen) { bundler_3_mode? }
+    settings_flag(:disable_multisource) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
     settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }

data/bundler/lib/bundler/installer.rb

@@ -89,6 +89,8 @@ module Bundler
         end
         install(options)
 
+        Gem::Specification.reset # invalidate gem specification cache so that installed gems are immediately available
+
         lock unless Bundler.frozen_bundle?
         Standalone.new(options[:standalone], @definition).generate if options[:standalone]
       end

data/bundler/lib/bundler/installer/parallel_installer.rb

@@ -6,10 +6,11 @@ require_relative "gem_installer"
 module Bundler
   class ParallelInstaller
     class SpecInstallation
-      attr_accessor :spec, :name, :post_install_message, :state, :error
+      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error
       def initialize(spec)
         @spec = spec
         @name = spec.name
+        @full_name = spec.full_name
         @state = :none
         @post_install_message = ""
         @error = nil
@@ -27,13 +28,8 @@ module Bundler
         state == :failed
       end
 
-      def installation_attempted?
-        installed? || failed?
-      end
-
-      # Only true when spec in neither installed nor already enqueued
       def ready_to_enqueue?
-        !enqueued? && !installation_attempted?
+        state == :none
       end
 
       def has_post_install_message?
@@ -54,14 +50,11 @@ module Bundler
       # Represents only the non-development dependencies, the ones that are
       # itself and are in the total list.
       def dependencies
-        @dependencies ||= begin
-          all_dependencies.reject {|dep| ignorable_dependency? dep }
-        end
+        @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
       end
 
       def missing_lockfile_dependencies(all_spec_names)
-        deps = all_dependencies.reject {|dep| ignorable_dependency? dep }
-        deps.reject {|dep| all_spec_names.include? dep.name }
+        dependencies.reject {|dep| all_spec_names.include? dep.name }
       end
 
       # Represents all dependencies
@@ -70,7 +63,7 @@ module Bundler
       end
 
       def to_s
-        "#<#{self.class} #{@spec.full_name} (#{state})>"
+        "#<#{self.class} #{full_name} (#{state})>"
       end
     end
 
@@ -93,18 +86,48 @@ module Bundler
     def call
       check_for_corrupt_lockfile
 
+      if @rake
+        do_install(@rake, 0)
+        Gem::Specification.reset
+      end
+
       if @size > 1
         install_with_worker
       else
         install_serially
       end
 
+      check_for_unmet_dependencies
+
       handle_error if failed_specs.any?
       @specs
     ensure
       worker_pool && worker_pool.stop
     end
 
+    def check_for_unmet_dependencies
+      unmet_dependencies = @specs.map do |s|
+        [
+          s,
+          s.dependencies.reject {|dep| @specs.any? {|spec| dep.matches_spec?(spec.spec) } },
+        ]
+      end.reject {|a| a.last.empty? }
+      return if unmet_dependencies.empty?
+
+      warning = []
+      warning << "Your lockfile doesn't include a valid resolution."
+      warning << "You can fix this by regenerating your lockfile or trying to manually editing the bad locked gems to a version that satisfies all dependencies."
+      warning << "The unmet dependencies are:"
+
+      unmet_dependencies.each do |spec, unmet_spec_dependencies|
+        unmet_spec_dependencies.each do |unmet_spec_dependency|
+          warning << "* #{unmet_spec_dependency}, depended upon #{spec.full_name}, unsatisfied by #{@specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }.full_name}"
+        end
+      end
+
+      Bundler.ui.warn(warning.join("\n"))
+    end
+
     def check_for_corrupt_lockfile
       missing_dependencies = @specs.map do |s|
         [
@@ -217,8 +240,6 @@ module Bundler
     # are installed.
     def enqueue_specs
       @specs.select(&:ready_to_enqueue?).each do |spec|
-        next if @rake && !@rake.installed? && spec.name != @rake.name
-
         if spec.dependencies_installed? @specs
           spec.state = :enqueued
           worker_pool.enq spec

data/bundler/lib/bundler/lazy_specification.rb

@@ -73,7 +73,12 @@ module Bundler
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
-        search = same_platform_candidates.last || candidates.last
+        installable_candidates = same_platform_candidates.select do |spec|
+          !spec.is_a?(RemoteSpecification) &&
+            spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+            spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version)
+        end
+        search = installable_candidates.last || same_platform_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end