rubygems-update 3.2.9 → 3.2.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +40 -0
- data/Manifest.txt +1 -0
- data/Rakefile +6 -0
- data/bundler/CHANGELOG.md +49 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli/gem.rb +23 -17
- data/bundler/lib/bundler/compact_index_client/updater.rb +1 -1
- data/bundler/lib/bundler/definition.rb +43 -26
- data/bundler/lib/bundler/dsl.rb +36 -25
- data/bundler/lib/bundler/inline.rb +1 -0
- data/bundler/lib/bundler/installer.rb +2 -0
- data/bundler/lib/bundler/installer/parallel_installer.rb +6 -8
- data/bundler/lib/bundler/lockfile_parser.rb +3 -13
- data/bundler/lib/bundler/man/bundle-config.1 +4 -4
- data/bundler/lib/bundler/man/bundle-config.1.ronn +8 -7
- data/bundler/lib/bundler/plugin.rb +1 -0
- data/bundler/lib/bundler/plugin/api/source.rb +7 -0
- data/bundler/lib/bundler/plugin/installer.rb +8 -10
- data/bundler/lib/bundler/plugin/source_list.rb +4 -0
- data/bundler/lib/bundler/resolver.rb +36 -38
- data/bundler/lib/bundler/rubygems_gem_installer.rb +47 -0
- data/bundler/lib/bundler/source.rb +6 -0
- data/bundler/lib/bundler/source/metadata.rb +0 -4
- data/bundler/lib/bundler/source/rubygems.rb +20 -4
- data/bundler/lib/bundler/source_list.rb +27 -20
- data/bundler/lib/bundler/spec_set.rb +2 -0
- data/bundler/lib/bundler/stub_specification.rb +8 -0
- data/bundler/lib/bundler/templates/newgem/README.md.tt +5 -3
- data/bundler/lib/bundler/version.rb +1 -1
- data/lib/rubygems.rb +1 -1
- data/lib/rubygems/command.rb +1 -0
- data/lib/rubygems/config_file.rb +9 -0
- data/lib/rubygems/core_ext/tcpsocket_init.rb +52 -0
- data/lib/rubygems/remote_fetcher.rb +4 -8
- data/lib/rubygems/specification.rb +3 -0
- data/rubygems-update.gemspec +1 -1
- data/test/rubygems/test_gem.rb +2 -8
- data/test/rubygems/test_gem_config_file.rb +10 -0
- data/test/rubygems/test_gem_remote_fetcher.rb +44 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 183f3b2ffdc6ae6ff74b07aa4fb847ce8dad2346d34053258d1f4a1dae58ee75
|
4
|
+
data.tar.gz: 65ebe08bd47e237947d6292a1d8bd8eacfdb02ba2ca0c49abbb46dfb5d4508ba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6bab93bbd24b3fb753b6a2818cecaad7dffff505937f4a3a0625c9c6f8ccfcb1742d642fc74ab7e8aed5bc505aa18651aed3ced2e794efa0b0a758ac5fab50a8
|
7
|
+
data.tar.gz: 1a5c4126510e7dfb037e52f3da7a2cc815d14b925089ebf3aed4c120c95580a6e1e119fc3cc205bf320baf02cd140e3a2cd17499dd4b6c9b2747004654ae82bb
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,43 @@
|
|
1
|
+
# 3.2.14 / 2021-03-08
|
2
|
+
|
3
|
+
## Enhancements:
|
4
|
+
|
5
|
+
* Less wrapping of network errors. Pull request #4064 by deivid-rodriguez
|
6
|
+
|
7
|
+
## Bug fixes:
|
8
|
+
|
9
|
+
* Revert addition of support for `musl` variants to restore graceful
|
10
|
+
fallback on Alpine. Pull request #4434 by deivid-rodriguez
|
11
|
+
|
12
|
+
# 3.2.13 / 2021-03-03
|
13
|
+
|
14
|
+
## Bug fixes:
|
15
|
+
|
16
|
+
* Support non-gnu libc linux platforms. Pull request #4082 by lloeki
|
17
|
+
|
18
|
+
# 3.2.12 / 2021-03-01
|
19
|
+
|
20
|
+
## Bug fixes:
|
21
|
+
|
22
|
+
* Restore the ability to manually install extension gems. Pull request
|
23
|
+
#4384 by cfis
|
24
|
+
|
25
|
+
# 3.2.11 / 2021-02-17
|
26
|
+
|
27
|
+
## Enhancements:
|
28
|
+
|
29
|
+
* Optionally fallback to IPv4 when IPv6 is unreachable. Pull request #2662
|
30
|
+
by sonalkr132
|
31
|
+
|
32
|
+
# 3.2.10 / 2021-02-15
|
33
|
+
|
34
|
+
## Documentation:
|
35
|
+
|
36
|
+
* Add a `gem push` example to `gem help`. Pull request #4373 by
|
37
|
+
deivid-rodriguez
|
38
|
+
* Improve documentation for `required_ruby_version`. Pull request #4343 by
|
39
|
+
AlexWayfer
|
40
|
+
|
1
41
|
# 3.2.9 / 2021-02-08
|
2
42
|
|
3
43
|
## Bug fixes:
|
data/Manifest.txt
CHANGED
@@ -354,6 +354,7 @@ lib/rubygems/config_file.rb
|
|
354
354
|
lib/rubygems/core_ext/kernel_gem.rb
|
355
355
|
lib/rubygems/core_ext/kernel_require.rb
|
356
356
|
lib/rubygems/core_ext/kernel_warn.rb
|
357
|
+
lib/rubygems/core_ext/tcpsocket_init.rb
|
357
358
|
lib/rubygems/defaults.rb
|
358
359
|
lib/rubygems/dependency.rb
|
359
360
|
lib/rubygems/dependency_installer.rb
|
data/Rakefile
CHANGED
@@ -15,6 +15,12 @@ task :update do |_, args|
|
|
15
15
|
sh "ruby", "bundler/bin/bundle", "update", *args, "--gemfile=dev_gems.rb"
|
16
16
|
end
|
17
17
|
|
18
|
+
desc "Update the locked bundler version in dev environment"
|
19
|
+
task :update_locked_bundler do |_, args|
|
20
|
+
sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=dev_gems.rb"
|
21
|
+
sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=bundler/test_gems.rb"
|
22
|
+
end
|
23
|
+
|
18
24
|
desc "Setup git hooks"
|
19
25
|
task :git_hooks do
|
20
26
|
sh "git config core.hooksPath .githooks"
|
data/bundler/CHANGELOG.md
CHANGED
@@ -1,3 +1,52 @@
|
|
1
|
+
# 2.2.14 (March 8, 2021)
|
2
|
+
|
3
|
+
## Security fixes:
|
4
|
+
|
5
|
+
- Lock GEM sources separately and fix locally installed specs confusing bundler [#4381](https://github.com/rubygems/rubygems/pull/4381)
|
6
|
+
|
7
|
+
## Bug fixes:
|
8
|
+
|
9
|
+
- Make `rake` available to other gems' installers right after it's installed [#4428](https://github.com/rubygems/rubygems/pull/4428)
|
10
|
+
- Fix encoding issue on compact index updater [#4362](https://github.com/rubygems/rubygems/pull/4362)
|
11
|
+
|
12
|
+
# 2.2.13 (March 3, 2021)
|
13
|
+
|
14
|
+
## Enhancements:
|
15
|
+
|
16
|
+
- Respect user configured default branch in README links in new generated gems [#4303](https://github.com/rubygems/rubygems/pull/4303)
|
17
|
+
|
18
|
+
## Bug fixes:
|
19
|
+
|
20
|
+
- Fix gems sometimes being pulled from irrelevant sources [#4418](https://github.com/rubygems/rubygems/pull/4418)
|
21
|
+
|
22
|
+
# 2.2.12 (March 1, 2021)
|
23
|
+
|
24
|
+
## Bug fixes:
|
25
|
+
|
26
|
+
- Fix sporadic warnings about `nil` gemspec on install/update and make those faster [#4409](https://github.com/rubygems/rubygems/pull/4409)
|
27
|
+
- Fix deployment install with duplicate path gems added to Gemfile [#4410](https://github.com/rubygems/rubygems/pull/4410)
|
28
|
+
|
29
|
+
# 2.2.11 (February 17, 2021)
|
30
|
+
|
31
|
+
## Bug fixes:
|
32
|
+
|
33
|
+
- Revert disable_multisource changes [#4385](https://github.com/rubygems/rubygems/pull/4385)
|
34
|
+
|
35
|
+
# 2.2.10 (February 15, 2021)
|
36
|
+
|
37
|
+
## Security fixes:
|
38
|
+
|
39
|
+
- Fix source priority for transitive dependencies and split lockfile rubygems source sections [#3655](https://github.com/rubygems/rubygems/pull/3655)
|
40
|
+
|
41
|
+
## Bug fixes:
|
42
|
+
|
43
|
+
- Fix adding platforms to lockfile sometimes conflicting on ruby requirements [#4371](https://github.com/rubygems/rubygems/pull/4371)
|
44
|
+
- Fix bundler sometimes choosing ruby variants over java ones [#4367](https://github.com/rubygems/rubygems/pull/4367)
|
45
|
+
|
46
|
+
## Documentation:
|
47
|
+
|
48
|
+
- Update man pages to reflect to new default for bundle install jobs [#4188](https://github.com/rubygems/rubygems/pull/4188)
|
49
|
+
|
1
50
|
# 2.2.9 (February 8, 2021)
|
2
51
|
|
3
52
|
## Enhancements:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2021-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2021-03-08".freeze
|
8
|
+
@git_commit_sha = "3a169d80c1".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
@@ -39,11 +39,11 @@ module Bundler
|
|
39
39
|
constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
|
40
40
|
constant_array = constant_name.split("::")
|
41
41
|
|
42
|
-
|
42
|
+
use_git = Bundler.git_present? && options[:git]
|
43
43
|
|
44
|
-
git_author_name =
|
45
|
-
github_username =
|
46
|
-
git_user_email =
|
44
|
+
git_author_name = use_git ? `git config user.name`.chomp : ""
|
45
|
+
github_username = use_git ? `git config github.user`.chomp : ""
|
46
|
+
git_user_email = use_git ? `git config user.email`.chomp : ""
|
47
47
|
|
48
48
|
config = {
|
49
49
|
:name => name,
|
@@ -58,6 +58,7 @@ module Bundler
|
|
58
58
|
:ext => options[:ext],
|
59
59
|
:exe => options[:exe],
|
60
60
|
:bundler_version => bundler_dependency_version,
|
61
|
+
:git => use_git,
|
61
62
|
:github_username => github_username.empty? ? "[USERNAME]" : github_username,
|
62
63
|
:required_ruby_version => Gem.ruby_version < Gem::Version.new("2.4.a") ? "2.3.0" : "2.4.0",
|
63
64
|
}
|
@@ -79,7 +80,7 @@ module Bundler
|
|
79
80
|
bin/setup
|
80
81
|
]
|
81
82
|
|
82
|
-
templates.merge!("gitignore.tt" => ".gitignore") if
|
83
|
+
templates.merge!("gitignore.tt" => ".gitignore") if use_git
|
83
84
|
|
84
85
|
if test_framework = ask_and_set_test_framework
|
85
86
|
config[:test] = test_framework
|
@@ -175,24 +176,31 @@ module Bundler
|
|
175
176
|
)
|
176
177
|
end
|
177
178
|
|
179
|
+
if File.exist?(target) && !File.directory?(target)
|
180
|
+
Bundler.ui.error "Couldn't create a new gem named `#{gem_name}` because there's an existing file named `#{gem_name}`."
|
181
|
+
exit Bundler::BundlerError.all_errors[Bundler::GenericSystemCallError]
|
182
|
+
end
|
183
|
+
|
184
|
+
if use_git
|
185
|
+
Bundler.ui.info "Initializing git repo in #{target}"
|
186
|
+
`git init #{target}`
|
187
|
+
|
188
|
+
config[:git_default_branch] = File.read("#{target}/.git/HEAD").split("/").last.chomp
|
189
|
+
end
|
190
|
+
|
178
191
|
templates.each do |src, dst|
|
179
192
|
destination = target.join(dst)
|
180
|
-
|
181
|
-
thor.template("newgem/#{src}", destination, config)
|
182
|
-
end
|
193
|
+
thor.template("newgem/#{src}", destination, config)
|
183
194
|
end
|
184
195
|
|
185
196
|
executables.each do |file|
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
end
|
197
|
+
path = target.join(file)
|
198
|
+
executable = (path.stat.mode | 0o111)
|
199
|
+
path.chmod(executable)
|
190
200
|
end
|
191
201
|
|
192
|
-
if
|
193
|
-
Bundler.ui.info "Initializing git repo in #{target}"
|
202
|
+
if use_git
|
194
203
|
Dir.chdir(target) do
|
195
|
-
`git init`
|
196
204
|
`git add .`
|
197
205
|
end
|
198
206
|
end
|
@@ -202,8 +210,6 @@ module Bundler
|
|
202
210
|
|
203
211
|
Bundler.ui.info "Gem '#{name}' was successfully created. " \
|
204
212
|
"For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
|
205
|
-
rescue Errno::EEXIST => e
|
206
|
-
raise GenericSystemCallError.new(e, "There was a conflict while creating the new gem.")
|
207
213
|
end
|
208
214
|
|
209
215
|
private
|
@@ -54,7 +54,7 @@ module Bundler
|
|
54
54
|
if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
|
55
55
|
local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
|
56
56
|
else
|
57
|
-
local_temp_path.open("
|
57
|
+
local_temp_path.open("wb") {|f| f << content }
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
@@ -106,6 +106,17 @@ module Bundler
|
|
106
106
|
@locked_platforms = []
|
107
107
|
end
|
108
108
|
|
109
|
+
@locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
110
|
+
@disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
|
111
|
+
|
112
|
+
unless @disable_multisource
|
113
|
+
msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
|
114
|
+
|
115
|
+
Bundler::SharedHelpers.major_deprecation 2, msg
|
116
|
+
|
117
|
+
@sources.merged_gem_lockfile_sections!
|
118
|
+
end
|
119
|
+
|
109
120
|
@unlock[:gems] ||= []
|
110
121
|
@unlock[:sources] ||= []
|
111
122
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
@@ -145,6 +156,10 @@ module Bundler
|
|
145
156
|
end
|
146
157
|
end
|
147
158
|
|
159
|
+
def disable_multisource?
|
160
|
+
@disable_multisource
|
161
|
+
end
|
162
|
+
|
148
163
|
def resolve_with_cache!
|
149
164
|
raise "Specs already loaded" if @specs
|
150
165
|
sources.cached!
|
@@ -264,7 +279,7 @@ module Bundler
|
|
264
279
|
# Run a resolve against the locally available gems
|
265
280
|
Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
|
266
281
|
expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
|
267
|
-
Resolver.resolve(expanded_dependencies,
|
282
|
+
Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
|
268
283
|
end
|
269
284
|
end
|
270
285
|
end
|
@@ -530,6 +545,9 @@ module Bundler
|
|
530
545
|
attr_reader :sources
|
531
546
|
private :sources
|
532
547
|
|
548
|
+
attr_reader :locked_gem_sources
|
549
|
+
private :locked_gem_sources
|
550
|
+
|
533
551
|
def nothing_changed?
|
534
552
|
!@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
|
535
553
|
end
|
@@ -594,7 +612,7 @@ module Bundler
|
|
594
612
|
deps_for_source = @dependencies.select {|s| s.source == source }
|
595
613
|
locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
|
596
614
|
|
597
|
-
deps_for_source.sort != locked_deps_for_source.sort
|
615
|
+
deps_for_source.uniq.sort != locked_deps_for_source.sort
|
598
616
|
end
|
599
617
|
|
600
618
|
def specs_for_source_changed?(source)
|
@@ -654,21 +672,20 @@ module Bundler
|
|
654
672
|
end
|
655
673
|
|
656
674
|
def converge_rubygems_sources
|
657
|
-
return false if
|
675
|
+
return false if disable_multisource?
|
658
676
|
|
659
|
-
|
677
|
+
return false if locked_gem_sources.empty?
|
660
678
|
|
661
|
-
# Get the RubyGems sources from the Gemfile.lock
|
662
|
-
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
|
663
679
|
# Get the RubyGems remotes from the Gemfile
|
664
680
|
actual_remotes = sources.rubygems_remotes
|
681
|
+
return false if actual_remotes.empty?
|
682
|
+
|
683
|
+
changes = false
|
665
684
|
|
666
685
|
# If there is a RubyGems source in both
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
671
|
-
end
|
686
|
+
locked_gem_sources.each do |locked_gem|
|
687
|
+
# Merge the remotes from the Gemfile into the Gemfile.lock
|
688
|
+
changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
|
672
689
|
end
|
673
690
|
|
674
691
|
changes
|
@@ -893,30 +910,18 @@ module Bundler
|
|
893
910
|
# Record the specs available in each gem's source, so that those
|
894
911
|
# specs will be available later when the resolver knows where to
|
895
912
|
# look for that gemspec (or its dependencies)
|
896
|
-
|
897
|
-
source_requirements = { :default => default }
|
898
|
-
default = nil unless Bundler.feature_flag.disable_multisource?
|
899
|
-
dependencies.each do |dep|
|
900
|
-
next unless source = dep.source || default
|
901
|
-
source_requirements[dep.name] = source
|
902
|
-
end
|
913
|
+
source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
|
903
914
|
metadata_dependencies.each do |dep|
|
904
915
|
source_requirements[dep.name] = sources.metadata_source
|
905
916
|
end
|
917
|
+
source_requirements[:global] = index unless Bundler.feature_flag.disable_multisource?
|
906
918
|
source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
|
907
919
|
source_requirements["bundler"] = sources.metadata_source # needs to come last to override
|
908
920
|
source_requirements
|
909
921
|
end
|
910
922
|
|
911
923
|
def pinned_spec_names(skip = nil)
|
912
|
-
|
913
|
-
default = Bundler.feature_flag.disable_multisource? && sources.default_source
|
914
|
-
@dependencies.each do |dep|
|
915
|
-
next unless dep_source = dep.source || default
|
916
|
-
next if dep_source == skip
|
917
|
-
pinned_names << dep.name
|
918
|
-
end
|
919
|
-
pinned_names
|
924
|
+
dependency_source_requirements.reject {|_, source| source == skip }.keys
|
920
925
|
end
|
921
926
|
|
922
927
|
def requested_groups
|
@@ -973,5 +978,17 @@ module Bundler
|
|
973
978
|
|
974
979
|
Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
|
975
980
|
end
|
981
|
+
|
982
|
+
def dependency_source_requirements
|
983
|
+
@dependency_source_requirements ||= begin
|
984
|
+
source_requirements = {}
|
985
|
+
default = sources.default_source
|
986
|
+
dependencies.each do |dep|
|
987
|
+
dep_source = dep.source || default
|
988
|
+
source_requirements[dep.name] = dep_source
|
989
|
+
end
|
990
|
+
source_requirements
|
991
|
+
end
|
992
|
+
end
|
976
993
|
end
|
977
994
|
end
|
data/bundler/lib/bundler/dsl.rb
CHANGED
@@ -24,6 +24,9 @@ module Bundler
|
|
24
24
|
def initialize
|
25
25
|
@source = nil
|
26
26
|
@sources = SourceList.new
|
27
|
+
|
28
|
+
@global_rubygems_sources = []
|
29
|
+
|
27
30
|
@git_sources = {}
|
28
31
|
@dependencies = []
|
29
32
|
@groups = []
|
@@ -45,6 +48,7 @@ module Bundler
|
|
45
48
|
@gemfiles << expanded_gemfile_path
|
46
49
|
contents ||= Bundler.read_file(@gemfile.to_s)
|
47
50
|
instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
|
51
|
+
check_primary_source_safety
|
48
52
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
49
53
|
message = "There was an error " \
|
50
54
|
"#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
|
@@ -164,8 +168,7 @@ module Bundler
|
|
164
168
|
elsif block_given?
|
165
169
|
with_source(@sources.add_rubygems_source("remotes" => source), &blk)
|
166
170
|
else
|
167
|
-
|
168
|
-
@sources.global_rubygems_source = source
|
171
|
+
@global_rubygems_sources << source
|
169
172
|
end
|
170
173
|
end
|
171
174
|
|
@@ -183,24 +186,14 @@ module Bundler
|
|
183
186
|
end
|
184
187
|
|
185
188
|
def path(path, options = {}, &blk)
|
186
|
-
unless block_given?
|
187
|
-
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
188
|
-
"either use the :path option on a gem, or specify the gems that \n" \
|
189
|
-
"bundler should find in the path source by passing a block to \n" \
|
190
|
-
"the path method, like: \n\n" \
|
191
|
-
" path 'dir/containing/rails' do\n" \
|
192
|
-
" gem 'rails'\n" \
|
193
|
-
" end\n\n"
|
194
|
-
|
195
|
-
raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
|
196
|
-
SharedHelpers.major_deprecation(2, msg.strip)
|
197
|
-
end
|
198
|
-
|
199
189
|
source_options = normalize_hash(options).merge(
|
200
190
|
"path" => Pathname.new(path),
|
201
191
|
"root_path" => gemfile_root,
|
202
192
|
"gemspec" => gemspecs.find {|g| g.name == options["name"] }
|
203
193
|
)
|
194
|
+
|
195
|
+
source_options["global"] = true unless block_given?
|
196
|
+
|
204
197
|
source = @sources.add_path_source(source_options)
|
205
198
|
with_source(source, &blk)
|
206
199
|
end
|
@@ -279,6 +272,11 @@ module Bundler
|
|
279
272
|
raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
|
280
273
|
end
|
281
274
|
|
275
|
+
def check_primary_source_safety
|
276
|
+
check_path_source_safety
|
277
|
+
check_rubygems_source_safety
|
278
|
+
end
|
279
|
+
|
282
280
|
private
|
283
281
|
|
284
282
|
def add_git_sources
|
@@ -440,25 +438,38 @@ repo_name ||= user_name
|
|
440
438
|
end
|
441
439
|
end
|
442
440
|
|
443
|
-
def
|
444
|
-
return if
|
441
|
+
def check_path_source_safety
|
442
|
+
return if @sources.global_path_source.nil?
|
443
|
+
|
444
|
+
msg = "You can no longer specify a path source by itself. Instead, \n" \
|
445
|
+
"either use the :path option on a gem, or specify the gems that \n" \
|
446
|
+
"bundler should find in the path source by passing a block to \n" \
|
447
|
+
"the path method, like: \n\n" \
|
448
|
+
" path 'dir/containing/rails' do\n" \
|
449
|
+
" gem 'rails'\n" \
|
450
|
+
" end\n\n"
|
451
|
+
|
452
|
+
SharedHelpers.major_deprecation(2, msg.strip)
|
453
|
+
end
|
454
|
+
|
455
|
+
def check_rubygems_source_safety
|
456
|
+
@sources.global_rubygems_source = @global_rubygems_sources.shift
|
457
|
+
return if @global_rubygems_sources.empty?
|
445
458
|
|
446
|
-
|
459
|
+
@global_rubygems_sources.each do |source|
|
460
|
+
@sources.add_rubygems_remote(source)
|
461
|
+
end
|
462
|
+
|
463
|
+
if Bundler.feature_flag.bundler_3_mode?
|
447
464
|
msg = "This Gemfile contains multiple primary sources. " \
|
448
465
|
"Each source after the first must include a block to indicate which gems " \
|
449
466
|
"should come from that source"
|
450
|
-
unless Bundler.feature_flag.bundler_2_mode?
|
451
|
-
msg += ". To downgrade this error to a warning, run " \
|
452
|
-
"`bundle config unset disable_multisource`"
|
453
|
-
end
|
454
467
|
raise GemfileEvalError, msg
|
455
468
|
else
|
456
469
|
Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
|
457
470
|
"Using `source` more than once without a block is a security risk, and " \
|
458
471
|
"may result in installing unexpected gems. To resolve this warning, use " \
|
459
|
-
"a block to indicate which gems should come from the secondary source.
|
460
|
-
"To upgrade this warning to an error, run `bundle config set --local " \
|
461
|
-
"disable_multisource true`."
|
472
|
+
"a block to indicate which gems should come from the secondary source."
|
462
473
|
end
|
463
474
|
end
|
464
475
|
|