rubygems-update 3.2.9 → 3.2.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f97da94a4361531119587adbe81df2cb025b7cd46e64ac4344897e403eba853
-  data.tar.gz: 3539b4322d457c4b4f3fb387880aac7ba86f8c72f34ea66b2b4e749411dff5f7
+  metadata.gz: 183f3b2ffdc6ae6ff74b07aa4fb847ce8dad2346d34053258d1f4a1dae58ee75
+  data.tar.gz: 65ebe08bd47e237947d6292a1d8bd8eacfdb02ba2ca0c49abbb46dfb5d4508ba
 SHA512:
-  metadata.gz: 9b4a518220115bc1e638e0ef3a69cbacf49a21940666b9fc9310426cc077fc3ba73c1ffbd9860ecd6dd8210c1c80853ed916298e610c3e508679c0d853f471ad
-  data.tar.gz: 28dcf6a59842e3838ccb94fe5ad35a947fb4f1e532eff8edb2a0b49d00741853b8a56ee595233bd6d0768cc0c4c33c49bf965900ad315f88936dec90e0abd5a8
+  metadata.gz: 6bab93bbd24b3fb753b6a2818cecaad7dffff505937f4a3a0625c9c6f8ccfcb1742d642fc74ab7e8aed5bc505aa18651aed3ced2e794efa0b0a758ac5fab50a8
+  data.tar.gz: 1a5c4126510e7dfb037e52f3da7a2cc815d14b925089ebf3aed4c120c95580a6e1e119fc3cc205bf320baf02cd140e3a2cd17499dd4b6c9b2747004654ae82bb

data/CHANGELOG.md

@@ -1,3 +1,43 @@
+# 3.2.14 / 2021-03-08
+
+## Enhancements:
+
+* Less wrapping of network errors. Pull request #4064 by deivid-rodriguez
+
+## Bug fixes:
+
+* Revert addition of support for `musl` variants to restore graceful
+  fallback on Alpine. Pull request #4434 by deivid-rodriguez
+
+# 3.2.13 / 2021-03-03
+
+## Bug fixes:
+
+* Support non-gnu libc linux platforms. Pull request #4082 by lloeki
+
+# 3.2.12 / 2021-03-01
+
+## Bug fixes:
+
+* Restore the ability to manually install extension gems. Pull request
+  #4384 by cfis
+
+# 3.2.11 / 2021-02-17
+
+## Enhancements:
+
+* Optionally fallback to IPv4 when IPv6 is unreachable. Pull request #2662
+  by sonalkr132
+
+# 3.2.10 / 2021-02-15
+
+## Documentation:
+
+* Add a `gem push` example to `gem help`. Pull request #4373 by
+  deivid-rodriguez
+* Improve documentation for `required_ruby_version`. Pull request #4343 by
+  AlexWayfer
+
 # 3.2.9 / 2021-02-08
 
 ## Bug fixes:

data/Manifest.txt

@@ -354,6 +354,7 @@ lib/rubygems/config_file.rb
 lib/rubygems/core_ext/kernel_gem.rb
 lib/rubygems/core_ext/kernel_require.rb
 lib/rubygems/core_ext/kernel_warn.rb
+lib/rubygems/core_ext/tcpsocket_init.rb
 lib/rubygems/defaults.rb
 lib/rubygems/dependency.rb
 lib/rubygems/dependency_installer.rb

data/Rakefile

@@ -15,6 +15,12 @@ task :update do |_, args|
   sh "ruby", "bundler/bin/bundle", "update", *args, "--gemfile=dev_gems.rb"
 end
 
+desc "Update the locked bundler version in dev environment"
+task :update_locked_bundler do |_, args|
+  sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=dev_gems.rb"
+  sh "ruby", "bundler/bin/bundle", "update", "--bundler", "--gemfile=bundler/test_gems.rb"
+end
+
 desc "Setup git hooks"
 task :git_hooks do
   sh "git config core.hooksPath .githooks"

data/bundler/CHANGELOG.md

@@ -1,3 +1,52 @@
+# 2.2.14 (March 8, 2021)
+
+## Security fixes:
+
+  - Lock GEM sources separately and fix locally installed specs confusing bundler [#4381](https://github.com/rubygems/rubygems/pull/4381)
+
+## Bug fixes:
+
+  - Make `rake` available to other gems' installers right after it's installed [#4428](https://github.com/rubygems/rubygems/pull/4428)
+  - Fix encoding issue on compact index updater [#4362](https://github.com/rubygems/rubygems/pull/4362)
+
+# 2.2.13 (March 3, 2021)
+
+## Enhancements:
+
+  - Respect user configured default branch in README links in new generated gems [#4303](https://github.com/rubygems/rubygems/pull/4303)
+
+## Bug fixes:
+
+  - Fix gems sometimes being pulled from irrelevant sources [#4418](https://github.com/rubygems/rubygems/pull/4418)
+
+# 2.2.12 (March 1, 2021)
+
+## Bug fixes:
+
+  - Fix sporadic warnings about `nil` gemspec on install/update and make those faster [#4409](https://github.com/rubygems/rubygems/pull/4409)
+  - Fix deployment install with duplicate path gems added to Gemfile [#4410](https://github.com/rubygems/rubygems/pull/4410)
+
+# 2.2.11 (February 17, 2021)
+
+## Bug fixes:
+
+  - Revert disable_multisource changes [#4385](https://github.com/rubygems/rubygems/pull/4385)
+
+# 2.2.10 (February 15, 2021)
+
+## Security fixes:
+
+  - Fix source priority for transitive dependencies and split lockfile rubygems source sections [#3655](https://github.com/rubygems/rubygems/pull/3655)
+
+## Bug fixes:
+
+  - Fix adding platforms to lockfile sometimes conflicting on ruby requirements [#4371](https://github.com/rubygems/rubygems/pull/4371)
+  - Fix bundler sometimes choosing ruby variants over java ones [#4367](https://github.com/rubygems/rubygems/pull/4367)
+
+## Documentation:
+
+  - Update man pages to reflect to new default for bundle install jobs [#4188](https://github.com/rubygems/rubygems/pull/4188)
+
 # 2.2.9 (February 8, 2021)
 
 ## Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-02-08".freeze
-    @git_commit_sha = "30e740c073".freeze
+    @built_at = "2021-03-08".freeze
+    @git_commit_sha = "3a169d80c1".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/cli/gem.rb

@@ -39,11 +39,11 @@ module Bundler
       constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
       constant_array = constant_name.split("::")
 
-      git_installed = Bundler.git_present?
+      use_git = Bundler.git_present? && options[:git]
 
-      git_author_name = git_installed ? `git config user.name`.chomp : ""
-      github_username = git_installed ? `git config github.user`.chomp : ""
-      git_user_email = git_installed ? `git config user.email`.chomp : ""
+      git_author_name = use_git ? `git config user.name`.chomp : ""
+      github_username = use_git ? `git config github.user`.chomp : ""
+      git_user_email = use_git ? `git config user.email`.chomp : ""
 
       config = {
         :name             => name,
@@ -58,6 +58,7 @@ module Bundler
         :ext              => options[:ext],
         :exe              => options[:exe],
         :bundler_version  => bundler_dependency_version,
+        :git              => use_git,
         :github_username  => github_username.empty? ? "[USERNAME]" : github_username,
         :required_ruby_version => Gem.ruby_version < Gem::Version.new("2.4.a") ? "2.3.0" : "2.4.0",
       }
@@ -79,7 +80,7 @@ module Bundler
         bin/setup
       ]
 
-      templates.merge!("gitignore.tt" => ".gitignore") if Bundler.git_present?
+      templates.merge!("gitignore.tt" => ".gitignore") if use_git
 
       if test_framework = ask_and_set_test_framework
         config[:test] = test_framework
@@ -175,24 +176,31 @@ module Bundler
         )
       end
 
+      if File.exist?(target) && !File.directory?(target)
+        Bundler.ui.error "Couldn't create a new gem named `#{gem_name}` because there's an existing file named `#{gem_name}`."
+        exit Bundler::BundlerError.all_errors[Bundler::GenericSystemCallError]
+      end
+
+      if use_git
+        Bundler.ui.info "Initializing git repo in #{target}"
+        `git init #{target}`
+
+        config[:git_default_branch] = File.read("#{target}/.git/HEAD").split("/").last.chomp
+      end
+
       templates.each do |src, dst|
         destination = target.join(dst)
-        SharedHelpers.filesystem_access(destination) do
-          thor.template("newgem/#{src}", destination, config)
-        end
+        thor.template("newgem/#{src}", destination, config)
       end
 
       executables.each do |file|
-        SharedHelpers.filesystem_access(target.join(file)) do |path|
-          executable = (path.stat.mode | 0o111)
-          path.chmod(executable)
-        end
+        path = target.join(file)
+        executable = (path.stat.mode | 0o111)
+        path.chmod(executable)
       end
 
-      if Bundler.git_present? && options[:git]
-        Bundler.ui.info "Initializing git repo in #{target}"
+      if use_git
         Dir.chdir(target) do
-          `git init`
           `git add .`
         end
       end
@@ -202,8 +210,6 @@ module Bundler
 
       Bundler.ui.info "Gem '#{name}' was successfully created. " \
         "For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
-    rescue Errno::EEXIST => e
-      raise GenericSystemCallError.new(e, "There was a conflict while creating the new gem.")
     end
 
     private

data/bundler/lib/bundler/compact_index_client/updater.rb

@@ -54,7 +54,7 @@ module Bundler
             if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero?
               local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) }
             else
-              local_temp_path.open("w") {|f| f << content }
+              local_temp_path.open("wb") {|f| f << content }
             end
           end
 

data/bundler/lib/bundler/definition.rb

@@ -106,6 +106,17 @@ module Bundler
         @locked_platforms = []
       end
 
+      @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
+
+      unless @disable_multisource
+        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
+
+        Bundler::SharedHelpers.major_deprecation 2, msg
+
+        @sources.merged_gem_lockfile_sections!
+      end
+
       @unlock[:gems] ||= []
       @unlock[:sources] ||= []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
@@ -145,6 +156,10 @@ module Bundler
       end
     end
 
+    def disable_multisource?
+      @disable_multisource
+    end
+
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -264,7 +279,7 @@ module Bundler
           # Run a resolve against the locally available gems
           Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
           expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
-          Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
         end
       end
     end
@@ -530,6 +545,9 @@ module Bundler
     attr_reader :sources
     private :sources
 
+    attr_reader :locked_gem_sources
+    private :locked_gem_sources
+
     def nothing_changed?
       !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
     end
@@ -594,7 +612,7 @@ module Bundler
       deps_for_source = @dependencies.select {|s| s.source == source }
       locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
 
-      deps_for_source.sort != locked_deps_for_source.sort
+      deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
 
     def specs_for_source_changed?(source)
@@ -654,21 +672,20 @@ module Bundler
     end
 
     def converge_rubygems_sources
-      return false if Bundler.feature_flag.disable_multisource?
+      return false if disable_multisource?
 
-      changes = false
+      return false if locked_gem_sources.empty?
 
-      # Get the RubyGems sources from the Gemfile.lock
-      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
       # Get the RubyGems remotes from the Gemfile
       actual_remotes = sources.rubygems_remotes
+      return false if actual_remotes.empty?
+
+      changes = false
 
       # If there is a RubyGems source in both
-      if !locked_gem_sources.empty? && !actual_remotes.empty?
-        locked_gem_sources.each do |locked_gem|
-          # Merge the remotes from the Gemfile into the Gemfile.lock
-          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
-        end
+      locked_gem_sources.each do |locked_gem|
+        # Merge the remotes from the Gemfile into the Gemfile.lock
+        changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
       end
 
       changes
@@ -893,30 +910,18 @@ module Bundler
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
-      default = sources.default_source
-      source_requirements = { :default => default }
-      default = nil unless Bundler.feature_flag.disable_multisource?
-      dependencies.each do |dep|
-        next unless source = dep.source || default
-        source_requirements[dep.name] = source
-      end
+      source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
+      source_requirements[:global] = index unless Bundler.feature_flag.disable_multisource?
       source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
       source_requirements
     end
 
     def pinned_spec_names(skip = nil)
-      pinned_names = []
-      default = Bundler.feature_flag.disable_multisource? && sources.default_source
-      @dependencies.each do |dep|
-        next unless dep_source = dep.source || default
-        next if dep_source == skip
-        pinned_names << dep.name
-      end
-      pinned_names
+      dependency_source_requirements.reject {|_, source| source == skip }.keys
     end
 
     def requested_groups
@@ -973,5 +978,17 @@ module Bundler
 
       Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
     end
+
+    def dependency_source_requirements
+      @dependency_source_requirements ||= begin
+        source_requirements = {}
+        default = sources.default_source
+        dependencies.each do |dep|
+          dep_source = dep.source || default
+          source_requirements[dep.name] = dep_source
+        end
+        source_requirements
+      end
+    end
   end
 end

data/bundler/lib/bundler/dsl.rb

@@ -24,6 +24,9 @@ module Bundler
     def initialize
       @source               = nil
       @sources              = SourceList.new
+
+      @global_rubygems_sources = []
+
       @git_sources          = {}
       @dependencies         = []
       @groups               = []
@@ -45,6 +48,7 @@ module Bundler
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
       instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+      check_primary_source_safety
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -164,8 +168,7 @@ module Bundler
       elsif block_given?
         with_source(@sources.add_rubygems_source("remotes" => source), &blk)
       else
-        check_primary_source_safety(@sources)
-        @sources.global_rubygems_source = source
+        @global_rubygems_sources << source
       end
     end
 
@@ -183,24 +186,14 @@ module Bundler
     end
 
     def path(path, options = {}, &blk)
-      unless block_given?
-        msg = "You can no longer specify a path source by itself. Instead, \n" \
-              "either use the :path option on a gem, or specify the gems that \n" \
-              "bundler should find in the path source by passing a block to \n" \
-              "the path method, like: \n\n" \
-              "    path 'dir/containing/rails' do\n" \
-              "      gem 'rails'\n" \
-              "    end\n\n"
-
-        raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
-        SharedHelpers.major_deprecation(2, msg.strip)
-      end
-
       source_options = normalize_hash(options).merge(
         "path" => Pathname.new(path),
         "root_path" => gemfile_root,
         "gemspec" => gemspecs.find {|g| g.name == options["name"] }
       )
+
+      source_options["global"] = true unless block_given?
+
       source = @sources.add_path_source(source_options)
       with_source(source, &blk)
     end
@@ -279,6 +272,11 @@ module Bundler
       raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
     end
 
+    def check_primary_source_safety
+      check_path_source_safety
+      check_rubygems_source_safety
+    end
+
     private
 
     def add_git_sources
@@ -440,25 +438,38 @@ repo_name ||= user_name
       end
     end
 
-    def check_primary_source_safety(source_list)
-      return if source_list.rubygems_primary_remotes.empty? && source_list.global_rubygems_source.nil?
+    def check_path_source_safety
+      return if @sources.global_path_source.nil?
+
+      msg = "You can no longer specify a path source by itself. Instead, \n" \
+              "either use the :path option on a gem, or specify the gems that \n" \
+              "bundler should find in the path source by passing a block to \n" \
+              "the path method, like: \n\n" \
+              "    path 'dir/containing/rails' do\n" \
+              "      gem 'rails'\n" \
+              "    end\n\n"
+
+      SharedHelpers.major_deprecation(2, msg.strip)
+    end
+
+    def check_rubygems_source_safety
+      @sources.global_rubygems_source = @global_rubygems_sources.shift
+      return if @global_rubygems_sources.empty?
 
-      if Bundler.feature_flag.disable_multisource?
+      @global_rubygems_sources.each do |source|
+        @sources.add_rubygems_remote(source)
+      end
+
+      if Bundler.feature_flag.bundler_3_mode?
         msg = "This Gemfile contains multiple primary sources. " \
           "Each source after the first must include a block to indicate which gems " \
           "should come from that source"
-        unless Bundler.feature_flag.bundler_2_mode?
-          msg += ". To downgrade this error to a warning, run " \
-            "`bundle config unset disable_multisource`"
-        end
         raise GemfileEvalError, msg
       else
         Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
           "Using `source` more than once without a block is a security risk, and " \
           "may result in installing unexpected gems. To resolve this warning, use " \
-          "a block to indicate which gems should come from the secondary source. " \
-          "To upgrade this warning to an error, run `bundle config set --local " \
-          "disable_multisource true`."
+          "a block to indicate which gems should come from the secondary source."
       end
     end