rubygems-update 3.2.20 → 3.2.24
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -0
- data/Manifest.txt +0 -1
- data/bundler/CHANGELOG.md +56 -0
- data/bundler/lib/bundler.rb +5 -6
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli.rb +1 -0
- data/bundler/lib/bundler/cli/doctor.rb +11 -1
- data/bundler/lib/bundler/cli/install.rb +7 -8
- data/bundler/lib/bundler/cli/lock.rb +5 -1
- data/bundler/lib/bundler/cli/update.rb +8 -3
- data/bundler/lib/bundler/current_ruby.rb +4 -4
- data/bundler/lib/bundler/definition.rb +46 -85
- data/bundler/lib/bundler/dsl.rb +11 -22
- data/bundler/lib/bundler/feature_flag.rb +0 -2
- data/bundler/lib/bundler/fetcher/compact_index.rb +1 -1
- data/bundler/lib/bundler/fetcher/downloader.rb +1 -2
- data/bundler/lib/bundler/index.rb +1 -5
- data/bundler/lib/bundler/installer.rb +5 -12
- data/bundler/lib/bundler/installer/standalone.rb +1 -1
- data/bundler/lib/bundler/lockfile_parser.rb +2 -20
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +1 -1
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -4
- data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +1 -1
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +4 -4
- data/bundler/lib/bundler/man/bundle-update.1.ronn +3 -3
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +1 -1
- data/bundler/lib/bundler/plugin.rb +2 -0
- data/bundler/lib/bundler/plugin/index.rb +4 -1
- data/bundler/lib/bundler/plugin/installer.rb +1 -1
- data/bundler/lib/bundler/resolver.rb +3 -1
- data/bundler/lib/bundler/rubygems_ext.rb +22 -6
- data/bundler/lib/bundler/runtime.rb +1 -3
- data/bundler/lib/bundler/settings.rb +9 -8
- data/bundler/lib/bundler/source/rubygems.rb +4 -17
- data/bundler/lib/bundler/source_list.rb +40 -21
- data/bundler/lib/bundler/spec_set.rb +5 -10
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
- data/bundler/lib/bundler/version.rb +1 -1
- data/lib/rubygems.rb +1 -1
- data/lib/rubygems/commands/cert_command.rb +42 -38
- data/lib/rubygems/config_file.rb +1 -1
- data/lib/rubygems/gemcutter_utilities.rb +12 -4
- data/lib/rubygems/package/io_source.rb +4 -0
- data/lib/rubygems/request.rb +1 -1
- data/lib/rubygems/specification.rb +6 -2
- data/lib/rubygems/uninstaller.rb +36 -5
- data/lib/rubygems/util/licenses.rb +107 -2
- data/rubygems-update.gemspec +1 -1
- data/setup.rb +1 -2
- data/test/rubygems/test_gem_commands_push_command.rb +0 -5
- data/test/rubygems/test_gem_commands_setup_command.rb +3 -3
- data/test/rubygems/test_gem_commands_signin_command.rb +7 -0
- data/test/rubygems/test_gem_ext_rake_builder.rb +2 -0
- data/test/rubygems/test_gem_gemcutter_utilities.rb +12 -6
- data/test/rubygems/test_gem_installer.rb +1 -1
- data/test/rubygems/test_gem_package.rb +8 -1
- data/test/rubygems/test_gem_server.rb +4 -4
- data/test/rubygems/test_gem_uninstaller.rb +9 -2
- data/test/rubygems/test_require.rb +0 -2
- metadata +3 -4
- data/Rakefile +0 -396
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a4e4aacbfe1b4e9161fb46d8c061fbeef0eb1021c6637e728b21411c0bc98027
|
4
|
+
data.tar.gz: 9b2e7347fce9d278b068fa8f61ae126b884a70b21d2b14b2628fce82c5db8442
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1dba7bb0f85830a5751e4c35393681a1f724039d0b1f0d7477d89fb7c8d32c3d9e7037dcb9410c1219b282070f2e518328c6220618a8adb86ff6e5783a62e804
|
7
|
+
data.tar.gz: c35f72c29ee46ad3f8f9d343d480a33b8d5cd7dcb07bbf272722fd9462b1c62a8dde6814e822a309c0e04dfd6c7e0b45d2ad4a35bf758a406782dde7f947fa93
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,45 @@
|
|
1
|
+
# 3.2.24 / 2021-07-15
|
2
|
+
|
3
|
+
## Bug fixes:
|
4
|
+
|
5
|
+
* Fix contradictory message about deletion of default gem. Pull request
|
6
|
+
#4739 by jaredbeck
|
7
|
+
|
8
|
+
## Documentation:
|
9
|
+
|
10
|
+
* Add a description about `GEM_HOST_OTP_CODE` to help text. Pull request
|
11
|
+
#4742 by ybiquitous
|
12
|
+
|
13
|
+
# 3.2.23 / 2021-07-09
|
14
|
+
|
15
|
+
## Enhancements:
|
16
|
+
|
17
|
+
* Rewind IO source to allow working with contents in memory. Pull request
|
18
|
+
#4729 by drcapulet
|
19
|
+
|
20
|
+
# 3.2.22 / 2021-07-06
|
21
|
+
|
22
|
+
## Enhancements:
|
23
|
+
|
24
|
+
* Allow setting `--otp` via `GEM_HOST_OTP_CODE`. Pull request #4697 by
|
25
|
+
CGA1123
|
26
|
+
* Fixes for the edge case when openssl library is missing. Pull request
|
27
|
+
#4695 by rhenium
|
28
|
+
|
29
|
+
# 3.2.21 / 2021-06-23
|
30
|
+
|
31
|
+
## Enhancements:
|
32
|
+
|
33
|
+
* Fix typo in OpenSSL detection. Pull request #4679 by osyoyu
|
34
|
+
* Add the most recent licenses from spdx.org. Pull request #4662 by nobu
|
35
|
+
* Simplify setup.rb code to allow installing rubygems from source on
|
36
|
+
truffleruby 21.0 and 21.1. Pull request #4624 by deivid-rodriguez
|
37
|
+
|
38
|
+
## Bug fixes:
|
39
|
+
|
40
|
+
* Create credentials folder when setting API keys if not there yet. Pull
|
41
|
+
request #4665 by deivid-rodriguez
|
42
|
+
|
1
43
|
# 3.2.20 / 2021-06-11
|
2
44
|
|
3
45
|
## Security fixes:
|
data/Manifest.txt
CHANGED
data/bundler/CHANGELOG.md
CHANGED
@@ -1,3 +1,59 @@
|
|
1
|
+
# 2.2.24 (July 15, 2021)
|
2
|
+
|
3
|
+
## Bug fixes:
|
4
|
+
|
5
|
+
- Fix development gem unintentionally removed on an edge case [#4751](https://github.com/rubygems/rubygems/pull/4751)
|
6
|
+
- Fix dangling empty plugin hooks [#4755](https://github.com/rubygems/rubygems/pull/4755)
|
7
|
+
- Fix `bundle plugin install --help` showing `bundle install`'s help [#4756](https://github.com/rubygems/rubygems/pull/4756)
|
8
|
+
- Make sure `bundle check` shows uniq missing gems [#4749](https://github.com/rubygems/rubygems/pull/4749)
|
9
|
+
|
10
|
+
## Performance:
|
11
|
+
|
12
|
+
- Slightly speed up `bundler/setup` [#4750](https://github.com/rubygems/rubygems/pull/4750)
|
13
|
+
|
14
|
+
# 2.2.23 (July 9, 2021)
|
15
|
+
|
16
|
+
## Enhancements:
|
17
|
+
|
18
|
+
- Fix `bundle install` on truffleruby selecting incorrect variant for `sorbet-static` gem [#4625](https://github.com/rubygems/rubygems/pull/4625)
|
19
|
+
- Spare meaningless warning on read-only bundle invocations [#4724](https://github.com/rubygems/rubygems/pull/4724)
|
20
|
+
|
21
|
+
## Bug fixes:
|
22
|
+
|
23
|
+
- Fix incorrect warning about duplicated gems in the Gemfile [#4732](https://github.com/rubygems/rubygems/pull/4732)
|
24
|
+
- Fix `bundle plugin install foo` crashing [#4734](https://github.com/rubygems/rubygems/pull/4734)
|
25
|
+
|
26
|
+
# 2.2.22 (July 6, 2021)
|
27
|
+
|
28
|
+
## Enhancements:
|
29
|
+
|
30
|
+
- Never downgrade indirect dependencies when running `bundle update` [#4713](https://github.com/rubygems/rubygems/pull/4713)
|
31
|
+
- Fix `getaddrinfo` errors not treated as fatal on non darwin platforms [#4703](https://github.com/rubygems/rubygems/pull/4703)
|
32
|
+
|
33
|
+
## Bug fixes:
|
34
|
+
|
35
|
+
- Fix `bundle update <gem>` sometimes hanging and `bundle lock --update` not being able to update an insecure lockfile to the new format if it requires downgrades [#4652](https://github.com/rubygems/rubygems/pull/4652)
|
36
|
+
- Fix edge case combination of DSL methods and duplicated sources causing gems to not be found [#4711](https://github.com/rubygems/rubygems/pull/4711)
|
37
|
+
- Fix `bundle doctor` crashing when finding a broken symlink [#4707](https://github.com/rubygems/rubygems/pull/4707)
|
38
|
+
- Fix incorrect re-resolve edge case [#4700](https://github.com/rubygems/rubygems/pull/4700)
|
39
|
+
- Fix some gems being unintentionally locked under multiple lockfile sections [#4701](https://github.com/rubygems/rubygems/pull/4701)
|
40
|
+
- Fix `--conservative` flag unexpectedly updating indirect dependencies [#4692](https://github.com/rubygems/rubygems/pull/4692)
|
41
|
+
|
42
|
+
# 2.2.21 (June 23, 2021)
|
43
|
+
|
44
|
+
## Security fixes:
|
45
|
+
|
46
|
+
- Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647)
|
47
|
+
|
48
|
+
## Enhancements:
|
49
|
+
|
50
|
+
- Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670)
|
51
|
+
- Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671)
|
52
|
+
|
53
|
+
## Bug fixes:
|
54
|
+
|
55
|
+
- Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677)
|
56
|
+
|
1
57
|
# 2.2.20 (June 11, 2021)
|
2
58
|
|
3
59
|
## Enhancements:
|
data/bundler/lib/bundler.rb
CHANGED
@@ -198,7 +198,7 @@ module Bundler
|
|
198
198
|
|
199
199
|
def frozen_bundle?
|
200
200
|
frozen = settings[:deployment]
|
201
|
-
frozen ||= settings[:frozen]
|
201
|
+
frozen ||= settings[:frozen]
|
202
202
|
frozen
|
203
203
|
end
|
204
204
|
|
@@ -236,8 +236,9 @@ module Bundler
|
|
236
236
|
end
|
237
237
|
|
238
238
|
if warning
|
239
|
-
|
240
|
-
|
239
|
+
Bundler.ui.warn "#{warning}\n"
|
240
|
+
user_home = tmp_home_path
|
241
|
+
Bundler.ui.warn "Bundler will use `#{user_home}' as your home directory temporarily.\n"
|
241
242
|
user_home
|
242
243
|
else
|
243
244
|
Pathname.new(home)
|
@@ -684,15 +685,13 @@ EOF
|
|
684
685
|
Bundler.rubygems.clear_paths
|
685
686
|
end
|
686
687
|
|
687
|
-
def tmp_home_path
|
688
|
+
def tmp_home_path
|
688
689
|
Kernel.send(:require, "tmpdir")
|
689
690
|
SharedHelpers.filesystem_access(Dir.tmpdir) do
|
690
691
|
path = Bundler.tmp
|
691
692
|
at_exit { Bundler.rm_rf(path) }
|
692
693
|
path
|
693
694
|
end
|
694
|
-
rescue RuntimeError => e
|
695
|
-
raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
|
696
695
|
end
|
697
696
|
|
698
697
|
# @param env [Hash]
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-07-15".freeze
|
8
|
+
@git_commit_sha = "d78b1ee235".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/bundler/lib/bundler/cli.rb
CHANGED
@@ -100,8 +100,11 @@ module Bundler
|
|
100
100
|
files_not_readable_or_writable = []
|
101
101
|
files_not_rw_and_owned_by_different_user = []
|
102
102
|
files_not_owned_by_current_user_but_still_rw = []
|
103
|
+
broken_symlinks = []
|
103
104
|
Find.find(Bundler.bundle_path.to_s).each do |f|
|
104
|
-
if !File.
|
105
|
+
if !File.exist?(f)
|
106
|
+
broken_symlinks << f
|
107
|
+
elsif !File.writable?(f) || !File.readable?(f)
|
105
108
|
if File.stat(f).uid != Process.uid
|
106
109
|
files_not_rw_and_owned_by_different_user << f
|
107
110
|
else
|
@@ -113,6 +116,13 @@ module Bundler
|
|
113
116
|
end
|
114
117
|
|
115
118
|
ok = true
|
119
|
+
|
120
|
+
if broken_symlinks.any?
|
121
|
+
Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
|
122
|
+
|
123
|
+
ok = false
|
124
|
+
end
|
125
|
+
|
116
126
|
if files_not_owned_by_current_user_but_still_rw.any?
|
117
127
|
Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
|
118
128
|
"user, but are still readable/writable. These files are:\n - #{files_not_owned_by_current_user_but_still_rw.join("\n - ")}"
|
@@ -33,12 +33,8 @@ module Bundler
|
|
33
33
|
|
34
34
|
options[:local] = true if Bundler.app_cache.exist?
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
else
|
39
|
-
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
40
|
-
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
41
|
-
end
|
36
|
+
Bundler.settings.set_command_option :deployment, true if options[:deployment]
|
37
|
+
Bundler.settings.set_command_option :frozen, true if options[:frozen]
|
42
38
|
end
|
43
39
|
|
44
40
|
# When install is called with --no-deployment, disable deployment mode
|
@@ -62,7 +58,10 @@ module Bundler
|
|
62
58
|
definition.validate_runtime!
|
63
59
|
|
64
60
|
installer = Installer.install(Bundler.root, definition, options)
|
65
|
-
|
61
|
+
|
62
|
+
Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
|
63
|
+
Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
|
64
|
+
end
|
66
65
|
|
67
66
|
Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
|
68
67
|
Bundler::CLI::Common.output_without_groups_message(:install)
|
@@ -105,7 +104,7 @@ module Bundler
|
|
105
104
|
private
|
106
105
|
|
107
106
|
def warn_if_root
|
108
|
-
return if Bundler.settings[:silence_root_warning] ||
|
107
|
+
return if Bundler.settings[:silence_root_warning] || Gem.win_platform? || !Process.uid.zero?
|
109
108
|
Bundler.ui.warn "Don't run Bundler as root. Bundler can ask for sudo " \
|
110
109
|
"if it is needed, and installing your bundle as root will break this " \
|
111
110
|
"application for all non-root users on this machine.", :wrap => true
|
@@ -21,9 +21,13 @@ module Bundler
|
|
21
21
|
Bundler::Fetcher.disable_endpoint = options["full-index"]
|
22
22
|
|
23
23
|
update = options[:update]
|
24
|
+
conservative = options[:conservative]
|
25
|
+
|
24
26
|
if update.is_a?(Array) # unlocking specific gems
|
25
27
|
Bundler::CLI::Common.ensure_all_gems_in_lockfile!(update)
|
26
|
-
update = { :gems => update, :
|
28
|
+
update = { :gems => update, :conservative => conservative }
|
29
|
+
elsif update
|
30
|
+
update = { :conservative => conservative } if conservative
|
27
31
|
end
|
28
32
|
definition = Bundler.definition(update)
|
29
33
|
|
@@ -27,9 +27,14 @@ module Bundler
|
|
27
27
|
raise InvalidOption, "Cannot specify --all along with specific options."
|
28
28
|
end
|
29
29
|
|
30
|
+
conservative = options[:conservative]
|
31
|
+
|
30
32
|
if full_update
|
31
|
-
|
32
|
-
|
33
|
+
if conservative
|
34
|
+
Bundler.definition(:conservative => conservative)
|
35
|
+
else
|
36
|
+
Bundler.definition(true)
|
37
|
+
end
|
33
38
|
else
|
34
39
|
unless Bundler.default_lockfile.exist?
|
35
40
|
raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
|
@@ -43,7 +48,7 @@ module Bundler
|
|
43
48
|
end
|
44
49
|
|
45
50
|
Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
|
46
|
-
:
|
51
|
+
:conservative => conservative,
|
47
52
|
:bundler => options[:bundler])
|
48
53
|
end
|
49
54
|
|
@@ -65,19 +65,19 @@ module Bundler
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def mswin?
|
68
|
-
|
68
|
+
Gem.win_platform?
|
69
69
|
end
|
70
70
|
|
71
71
|
def mswin64?
|
72
|
-
|
72
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mswin64" && Bundler.local_platform.cpu == "x64"
|
73
73
|
end
|
74
74
|
|
75
75
|
def mingw?
|
76
|
-
|
76
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu != "x64"
|
77
77
|
end
|
78
78
|
|
79
79
|
def x64_mingw?
|
80
|
-
|
80
|
+
Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
|
81
81
|
end
|
82
82
|
|
83
83
|
(KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|
|
@@ -56,10 +56,8 @@ module Bundler
|
|
56
56
|
@unlocking_bundler = false
|
57
57
|
@unlocking = unlock
|
58
58
|
else
|
59
|
-
unlock = unlock.dup
|
60
59
|
@unlocking_bundler = unlock.delete(:bundler)
|
61
|
-
unlock.
|
62
|
-
@unlocking = !unlock.empty?
|
60
|
+
@unlocking = unlock.any? {|_k, v| !Array(v).empty? }
|
63
61
|
end
|
64
62
|
|
65
63
|
@dependencies = dependencies
|
@@ -106,18 +104,19 @@ module Bundler
|
|
106
104
|
@locked_platforms = []
|
107
105
|
end
|
108
106
|
|
109
|
-
|
110
|
-
@
|
107
|
+
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
108
|
+
@multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
|
111
109
|
|
112
|
-
|
113
|
-
|
110
|
+
if @multisource_allowed
|
111
|
+
unless sources.aggregate_global_source?
|
112
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
|
114
113
|
|
115
|
-
|
114
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
115
|
+
end
|
116
116
|
|
117
|
-
@sources.merged_gem_lockfile_sections!
|
117
|
+
@sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
|
118
118
|
end
|
119
119
|
|
120
|
-
@unlock[:gems] ||= []
|
121
120
|
@unlock[:sources] ||= []
|
122
121
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
123
122
|
@ruby_version.diff(locked_ruby_version_object)
|
@@ -130,9 +129,11 @@ module Bundler
|
|
130
129
|
@path_changes = converge_paths
|
131
130
|
@source_changes = converge_sources
|
132
131
|
|
133
|
-
|
134
|
-
|
135
|
-
|
132
|
+
if @unlock[:conservative]
|
133
|
+
@unlock[:gems] ||= @dependencies.map(&:name)
|
134
|
+
else
|
135
|
+
eager_unlock = expand_dependencies(@unlock[:gems] || [], true)
|
136
|
+
@unlock[:gems] = @locked_specs.for(eager_unlock, false, false, false).map(&:name)
|
136
137
|
end
|
137
138
|
|
138
139
|
@dependency_changes = converge_dependencies
|
@@ -156,8 +157,8 @@ module Bundler
|
|
156
157
|
end
|
157
158
|
end
|
158
159
|
|
159
|
-
def
|
160
|
-
@
|
160
|
+
def multisource_allowed?
|
161
|
+
@multisource_allowed
|
161
162
|
end
|
162
163
|
|
163
164
|
def resolve_only_locally!
|
@@ -184,25 +185,15 @@ module Bundler
|
|
184
185
|
#
|
185
186
|
# @return [Bundler::SpecSet]
|
186
187
|
def specs
|
187
|
-
@specs ||=
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
"You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
|
197
|
-
"removed in order to install."
|
198
|
-
end
|
199
|
-
unless specs["bundler"].any?
|
200
|
-
bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
|
201
|
-
specs["bundler"] = bundler
|
202
|
-
end
|
203
|
-
|
204
|
-
specs
|
205
|
-
end
|
188
|
+
@specs ||= add_bundler_to(resolve.materialize(requested_dependencies))
|
189
|
+
rescue GemNotFound => e # Handle yanked gem
|
190
|
+
gem_name, gem_version = extract_gem_info(e)
|
191
|
+
locked_gem = @locked_specs[gem_name].last
|
192
|
+
raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote
|
193
|
+
raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
|
194
|
+
"no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
|
195
|
+
"You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
|
196
|
+
"removed in order to install."
|
206
197
|
end
|
207
198
|
|
208
199
|
def new_specs
|
@@ -234,17 +225,11 @@ module Bundler
|
|
234
225
|
end
|
235
226
|
|
236
227
|
def requested_specs
|
237
|
-
|
238
|
-
groups = requested_groups
|
239
|
-
groups.map!(&:to_sym)
|
240
|
-
specs_for(groups)
|
241
|
-
end
|
228
|
+
specs_for(requested_groups)
|
242
229
|
end
|
243
230
|
|
244
231
|
def requested_dependencies
|
245
|
-
|
246
|
-
groups.map!(&:to_sym)
|
247
|
-
dependencies_for(groups)
|
232
|
+
dependencies_for(requested_groups)
|
248
233
|
end
|
249
234
|
|
250
235
|
def current_dependencies
|
@@ -254,11 +239,13 @@ module Bundler
|
|
254
239
|
end
|
255
240
|
|
256
241
|
def specs_for(groups)
|
242
|
+
groups = requested_groups if groups.empty?
|
257
243
|
deps = dependencies_for(groups)
|
258
|
-
|
244
|
+
add_bundler_to(resolve.materialize(expand_dependencies(deps)))
|
259
245
|
end
|
260
246
|
|
261
247
|
def dependencies_for(groups)
|
248
|
+
groups.map!(&:to_sym)
|
262
249
|
current_dependencies.reject do |d|
|
263
250
|
(d.groups & groups).empty?
|
264
251
|
end
|
@@ -496,9 +483,6 @@ module Bundler
|
|
496
483
|
attr_reader :sources
|
497
484
|
private :sources
|
498
485
|
|
499
|
-
attr_reader :locked_gem_sources
|
500
|
-
private :locked_gem_sources
|
501
|
-
|
502
486
|
def nothing_changed?
|
503
487
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
504
488
|
end
|
@@ -509,8 +493,17 @@ module Bundler
|
|
509
493
|
|
510
494
|
private
|
511
495
|
|
496
|
+
def add_bundler_to(specs)
|
497
|
+
unless specs["bundler"].any?
|
498
|
+
bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
|
499
|
+
specs["bundler"] = bundler
|
500
|
+
end
|
501
|
+
|
502
|
+
specs
|
503
|
+
end
|
504
|
+
|
512
505
|
def precompute_source_requirements_for_indirect_dependencies?
|
513
|
-
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.
|
506
|
+
sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
|
514
507
|
end
|
515
508
|
|
516
509
|
def current_ruby_platform_locked?
|
@@ -626,35 +619,11 @@ module Bundler
|
|
626
619
|
end
|
627
620
|
end
|
628
621
|
|
629
|
-
def converge_rubygems_sources
|
630
|
-
return false if disable_multisource?
|
631
|
-
|
632
|
-
return false if locked_gem_sources.empty?
|
633
|
-
|
634
|
-
# Get the RubyGems remotes from the Gemfile
|
635
|
-
actual_remotes = sources.rubygems_remotes
|
636
|
-
return false if actual_remotes.empty?
|
637
|
-
|
638
|
-
changes = false
|
639
|
-
|
640
|
-
# If there is a RubyGems source in both
|
641
|
-
locked_gem_sources.each do |locked_gem_source|
|
642
|
-
# Merge the remotes from the Gemfile into the Gemfile.lock
|
643
|
-
changes |= locked_gem_source.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
644
|
-
end
|
645
|
-
|
646
|
-
changes
|
647
|
-
end
|
648
|
-
|
649
622
|
def converge_sources
|
650
|
-
changes = false
|
651
|
-
|
652
|
-
changes |= converge_rubygems_sources
|
653
|
-
|
654
623
|
# Replace the sources from the Gemfile with the sources from the Gemfile.lock,
|
655
624
|
# if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
|
656
625
|
# source in the Gemfile.lock, use the one from the Gemfile.
|
657
|
-
changes
|
626
|
+
changes = sources.replace_sources!(@locked_sources)
|
658
627
|
|
659
628
|
sources.all_sources.each do |source|
|
660
629
|
# If the source is unlockable and the current command allows an unlock of
|
@@ -739,8 +708,6 @@ module Bundler
|
|
739
708
|
end
|
740
709
|
end
|
741
710
|
|
742
|
-
unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
|
743
|
-
|
744
711
|
converged = []
|
745
712
|
@locked_specs.each do |s|
|
746
713
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
@@ -752,11 +719,6 @@ module Bundler
|
|
752
719
|
next if s.source.nil?
|
753
720
|
next if @unlock[:sources].include?(s.source.name)
|
754
721
|
|
755
|
-
# XXX This is a backwards-compatibility fix to preserve the ability to
|
756
|
-
# unlock a single gem by passing its name via `--source`. See issue #3759
|
757
|
-
# TODO: delete in Bundler 2
|
758
|
-
next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
|
759
|
-
|
760
722
|
# If the spec is from a path source and it doesn't exist anymore
|
761
723
|
# then we unlock it.
|
762
724
|
|
@@ -768,7 +730,7 @@ module Bundler
|
|
768
730
|
# if we won't need the source (according to the lockfile),
|
769
731
|
# don't error if the path/git source isn't available
|
770
732
|
next if @locked_specs.
|
771
|
-
for(requested_dependencies,
|
733
|
+
for(requested_dependencies, false, true, false).
|
772
734
|
none? {|locked_spec| locked_spec.source == s.source }
|
773
735
|
|
774
736
|
raise
|
@@ -787,8 +749,8 @@ module Bundler
|
|
787
749
|
end
|
788
750
|
|
789
751
|
resolve = SpecSet.new(converged)
|
790
|
-
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps),
|
791
|
-
resolve = resolve.for(expand_dependencies(deps, true),
|
752
|
+
@locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), true, true)
|
753
|
+
resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false, false).reject{|s| @unlock[:gems].include?(s.name) })
|
792
754
|
diff = nil
|
793
755
|
|
794
756
|
# Now, we unlock any sources that do not have anymore gems pinned to it
|
@@ -910,14 +872,13 @@ module Bundler
|
|
910
872
|
end
|
911
873
|
|
912
874
|
def additional_base_requirements_for_resolve
|
913
|
-
return [] unless @locked_gems
|
875
|
+
return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
|
914
876
|
dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
|
915
877
|
@locked_gems.specs.reduce({}) do |requirements, locked_spec|
|
916
878
|
name = locked_spec.name
|
917
879
|
dependency = dependencies_by_name[name]
|
918
|
-
next requirements unless dependency
|
919
880
|
next requirements if @locked_gems.dependencies[name] != dependency
|
920
|
-
next requirements if dependency.source.is_a?(Source::Path)
|
881
|
+
next requirements if dependency && dependency.source.is_a?(Source::Path)
|
921
882
|
dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
|
922
883
|
requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
|
923
884
|
requirements
|