rubygems-update 3.4.14 → 3.4.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d8a97e5b6198a831e3a4f9394870dbf6a2d53b720cfd769bf11876061199bb1
-  data.tar.gz: 0623b2dbd7c85370eabf89e2f908d4fbeb59ffcd725eac2bf883e0b760a9402d
+  metadata.gz: 79b6b95727a03e85042c318c19b9161d61f0f70813bd839229aafe15dd171044
+  data.tar.gz: 31630ced1a24e78dc72f9838f6869e4242418f63af238e4cbc15d697384f64ac
 SHA512:
-  metadata.gz: 8a95e7a9fd03a2552b5d1c3be6529ddf8c13b352f1ba7b9079a914dd060275386a6f2fa1a47b0b68b9a2ee68b67d37a1bdf31a90d0716bd9b805d73421d579d0
-  data.tar.gz: 172343a13367b7973cc14f9c721b92a876cc518e00ab257d6af34424b25011053e3bfed66f16dd005f59ca5da32d5c825f6d36845d99ed14f74caf44710a2e8f
+  metadata.gz: 1d6488ea569f1b00fa710c3cf5aedff8f5f06ce2f019d6b8aa172aba4878457a877a4418301c98ed74b7f62ef97b64cca5929586eb60b7e33366f42511bc995d
+  data.tar.gz: 813e2629c91f36981977bd077e89deadee4eca9d503a2c5f72796665b7e771ae5f66b6a7f364a73bca39a170bc3d281fff042f990e04b82b360d81d1e66905a1

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+# 3.4.15 / 2023-06-29
+
+## Enhancements:
+
+* Installs bundler 2.4.15 as a default gem.
+
+## Bug fixes:
+
+* Autoload shellwords when it's needed. Pull request
+  [#6734](https://github.com/rubygems/rubygems/pull/6734) by ioquatix
+
+## Documentation:
+
+* Update command to test local gem command changes. Pull request
+  [#6761](https://github.com/rubygems/rubygems/pull/6761) by jenshenny
+
 # 3.4.14 / 2023-06-12
 
 ## Enhancements:
@@ -700,7 +716,7 @@
 
 ## Enhancements:
 
-* Redact credentails when printing URI. Pull request [#4868](https://github.com/rubygems/rubygems/pull/4868) by intuxicated
+* Redact credentials when printing URI. Pull request [#4868](https://github.com/rubygems/rubygems/pull/4868) by intuxicated
 * Prefer `require_relative` to `require` for internal requires. Pull
   request [#4858](https://github.com/rubygems/rubygems/pull/4858) by deivid-rodriguez
 * Prioritise gems with higher version for fetching metadata, and stop

data/CONTRIBUTING.md

@@ -48,7 +48,7 @@ here: https://guides.rubygems.org/contributing/
 
 To run commands like `gem install` from the repo:
 
-    ruby -Ilib bin/gem install
+    ruby -Ilib exe/gem install
 
 To run commands like `bundle install` from the repo:
 

data/Manifest.txt

@@ -509,6 +509,7 @@ lib/rubygems/security/policy.rb
 lib/rubygems/security/signer.rb
 lib/rubygems/security/trust_dir.rb
 lib/rubygems/security_option.rb
+lib/rubygems/shellwords.rb
 lib/rubygems/source.rb
 lib/rubygems/source/git.rb
 lib/rubygems/source/installed.rb

data/bundler/CHANGELOG.md

@@ -1,3 +1,13 @@
+# 2.4.15 (June 29, 2023)
+
+## Enhancements:
+
+  - Improve edge case error message [#6733](https://github.com/rubygems/rubygems/pull/6733)
+
+## Bug fixes:
+
+  - Fix `bundle lock --update --bundler` [#6213](https://github.com/rubygems/rubygems/pull/6213)
+
 # 2.4.14 (June 12, 2023)
 
 ## Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-06-12".freeze
-    @git_commit_sha = "69f47cf53a".freeze
+    @built_at = "2023-06-29".freeze
+    @git_commit_sha = "702f922bf2".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/definition.rb

@@ -76,8 +76,11 @@ module Bundler
 
       @lockfile               = lockfile
       @lockfile_contents      = String.new
+
       @locked_bundler_version = nil
-      @locked_ruby_version    = nil
+      @resolved_bundler_version = nil
+
+      @locked_ruby_version = nil
       @new_platform = nil
       @removed_platform = nil
 
@@ -146,7 +149,7 @@ module Bundler
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
 
-      @incomplete_lockfile = check_missing_lockfile_specs
+      @missing_lockfile_dep = check_missing_lockfile_dep
     end
 
     def gem_version_promoter
@@ -234,6 +237,14 @@ module Bundler
     end
 
     def current_dependencies
+      filter_relevant(dependencies)
+    end
+
+    def current_locked_dependencies
+      filter_relevant(locked_dependencies)
+    end
+
+    def filter_relevant(dependencies)
       dependencies.select do |d|
         d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
       end
@@ -273,7 +284,7 @@ module Bundler
       @resolve ||= if Bundler.frozen_bundle?
         Bundler.ui.debug "Frozen, using resolution from the lockfile"
         @locked_specs
-      elsif !unlocking? && nothing_changed?
+      elsif no_resolve_needed?
         if deleted_deps.any?
           Bundler.ui.debug "Some dependencies were deleted, using a subset of the resolution from the lockfile"
           SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
@@ -310,7 +321,7 @@ module Bundler
 
       if @locked_bundler_version
         locked_major = @locked_bundler_version.segments.first
-        current_major = Bundler.gem_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
 
         updating_major = locked_major < current_major
       end
@@ -350,25 +361,16 @@ module Bundler
       end
     end
 
+    def bundler_version_to_lock
+      @resolved_bundler_version || Bundler.gem_version
+    end
+
     def to_lock
       require_relative "lockfile_generator"
       LockfileGenerator.generate(self)
     end
 
     def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
-      msg = String.new
-      msg << "You are trying to install in deployment mode after changing\n" \
-             "your Gemfile. Run `bundle install` elsewhere and add the\n" \
-             "updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control."
-
-      unless explicit_flag
-        suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
-          "bundle config set frozen false"
-        end
-        msg << "\n\nIf this is a development machine, remove the #{Bundler.default_gemfile} " \
-               "freeze \nby running `#{suggested_command}`." if suggested_command
-      end
-
       added =   []
       deleted = []
       changed = []
@@ -382,13 +384,8 @@ module Bundler
       deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
 
       both_sources = Hash.new {|h, k| h[k] = [] }
-      @dependencies.each {|d| both_sources[d.name][0] = d }
-
-      locked_dependencies.each do |d|
-        next if !Bundler.feature_flag.bundler_3_mode? && @locked_specs[d.name].empty?
-
-        both_sources[d.name][1] = d
-      end
+      current_dependencies.each {|d| both_sources[d.name][0] = d }
+      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
 
       both_sources.each do |name, (dep, lock_dep)|
         next if dep.nil? || lock_dep.nil?
@@ -403,11 +400,20 @@ module Bundler
       end
 
       reason = change_reason
-      msg << "\n\n#{reason.split(", ").map(&:capitalize).join("\n")}" unless reason.strip.empty?
+      msg = String.new
+      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n"
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control.\n"
+
+      unless explicit_flag
+        suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
+          "bundle config set frozen false"
+        end
+        msg << "If this is a development machine, remove the #{Bundler.default_gemfile.relative_path_from(SharedHelpers.pwd)} " \
+               "freeze by running `#{suggested_command}`." if suggested_command
+      end
 
       raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed?
     end
@@ -472,7 +478,11 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@incomplete_lockfile
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@missing_lockfile_dep && !@unlocking_bundler
+    end
+
+    def no_resolve_needed?
+      !unlocking? && nothing_changed?
     end
 
     def unlocking?
@@ -486,7 +496,14 @@ module Bundler
     end
 
     def expanded_dependencies
-      dependencies + metadata_dependencies
+      dependencies_with_bundler + metadata_dependencies
+    end
+
+    def dependencies_with_bundler
+      return dependencies unless @unlocking_bundler
+      return dependencies if dependencies.map(&:name).include?("bundler")
+
+      [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
 
     def resolution_packages
@@ -552,6 +569,8 @@ module Bundler
     def start_resolution
       result = resolver.start
 
+      @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+
       SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
     end
 
@@ -609,7 +628,8 @@ module Bundler
         [@new_platform, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@incomplete_lockfile, "your lock file is missing some gems"],
+        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -664,7 +684,7 @@ module Bundler
       !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
     end
 
-    def check_missing_lockfile_specs
+    def check_missing_lockfile_dep
       all_locked_specs = @locked_specs.map(&:name) << "bundler"
 
       missing = @locked_specs.select do |s|
@@ -674,10 +694,14 @@ module Bundler
       if missing.any?
         @locked_specs.delete(missing)
 
-        true
-      else
-        false
+        return missing.first.name
       end
+
+      return if @dependency_changes
+
+      current_dependencies.find do |d|
+        @locked_specs[d.name].empty?
+      end&.name
     end
 
     def converge_paths
@@ -861,8 +885,16 @@ module Bundler
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:default_bundler] = source_requirements["bundler"] || sources.default_source
-      source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+
+      default_bundler_source = source_requirements["bundler"] || sources.default_source
+
+      if @unlocking_bundler
+        default_bundler_source.add_dependency_names("bundler")
+      else
+        source_requirements[:default_bundler] = default_bundler_source
+        source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+      end
+
       verify_changed_sources!
       source_requirements
     end

data/bundler/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,7 @@ module Bundler
     end
 
     def add_bundled_with
-      add_section("BUNDLED WITH", Bundler::VERSION)
+      add_section("BUNDLED WITH", definition.bundler_version_to_lock.to_s)
     end
 
     def add_section(name, value)

data/bundler/lib/bundler/resolver.rb

@@ -160,7 +160,7 @@ module Bundler
       constraint_string = constraint.constraint_string
       requirements = constraint_string.split(" OR ").map {|req| Gem::Requirement.new(req.split(",")) }
 
-      if name == "bundler"
+      if name == "bundler" && bundler_pinned_to_current_version?
         custom_explanation = "the current Bundler version (#{Bundler::VERSION}) does not satisfy #{constraint}"
         extended_explanation = bundler_not_found_message(requirements)
       else
@@ -230,6 +230,12 @@ module Bundler
     def all_versions_for(package)
       name = package.name
       results = (@base[name] + filter_prereleases(@all_specs[name], package)).uniq {|spec| [spec.version.hash, spec.platform] }
+
+      if name == "bundler" && !bundler_pinned_to_current_version?
+        bundler_spec = Gem.loaded_specs["bundler"]
+        results << bundler_spec if bundler_spec
+      end
+
       locked_requirement = base_requirements[name]
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
@@ -254,6 +260,14 @@ module Bundler
       @source_requirements[name] || @source_requirements[:default]
     end
 
+    def default_bundler_source
+      @source_requirements[:default_bundler]
+    end
+
+    def bundler_pinned_to_current_version?
+      !default_bundler_source.nil?
+    end
+
     def name_for_explicit_dependency_source
       Bundler.default_gemfile.basename.to_s
     rescue StandardError
@@ -398,7 +412,7 @@ module Bundler
     end
 
     def bundler_not_found_message(conflict_dependencies)
-      candidate_specs = filter_matching_specs(source_for(:default_bundler).specs.search("bundler"), conflict_dependencies)
+      candidate_specs = filter_matching_specs(default_bundler_source.specs.search("bundler"), conflict_dependencies)
 
       if candidate_specs.any?
         target_version = candidate_specs.last.version

data/bundler/lib/bundler/runtime.rb

@@ -94,7 +94,7 @@ module Bundler
     definition_method :requires
 
     def lock(opts = {})
-      return if @definition.nothing_changed? && !@definition.unlocking?
+      return if @definition.no_resolve_needed?
       @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
     end
 

data/bundler/lib/bundler/source/rubygems.rb

@@ -381,7 +381,6 @@ module Bundler
           idx = @allow_local ? installed_specs.dup : Index.new
 
           Dir["#{cache_path}/*.gem"].each do |gemfile|
-            next if /^bundler\-[\d\.]+?\.gem/.match?(gemfile)
             s ||= Bundler.rubygems.spec_from_gem(gemfile)
             s.source = self
             idx << s

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.4.14".freeze
+  VERSION = "2.4.15".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/rubygems/ext/builder.rb

@@ -6,6 +6,7 @@
 #++
 
 require_relative "../user_interaction"
+require_relative "../shellwords"
 
 class Gem::Ext::Builder
   include Gem::UserInteraction
@@ -56,9 +57,8 @@ class Gem::Ext::Builder
   end
 
   def self.ruby
-    require "shellwords"
     # Gem.ruby is quoted if it contains whitespace
-    cmd = Gem.ruby.shellsplit
+    cmd = Shellwords.split(Gem.ruby)
 
     # This load_path is only needed when running rubygems test without a proper installation.
     # Prepending it in a normal installation will cause problem with order of $LOAD_PATH.
@@ -82,8 +82,7 @@ class Gem::Ext::Builder
         p(command)
       end
       results << "current directory: #{dir}"
-      require "shellwords"
-      results << command.shelljoin
+      results << Shellwords.join(command)
 
       require "open3"
       # Set $SOURCE_DATE_EPOCH for the subprocess.

data/lib/rubygems/ext/cargo_builder.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative "../shellwords"
+
 # This class is used by rubygems to build Rust extensions. It is a thin-wrapper
 # over the `cargo rustc` command which takes care of building Rust code in a way
 # that Ruby can use.
@@ -73,8 +75,6 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
   end
 
   def cargo_command(cargo_toml, dest_path, args = [], crate_name = nil)
-    require "shellwords"
-
     cmd = []
     cmd += [cargo, "rustc"]
     cmd += ["--crate-type", "cdylib"]

data/lib/rubygems/ext/rake_builder.rb

@@ -1,4 +1,7 @@
 # frozen_string_literal: true
+
+require_relative "../shellwords"
+
 #--
 # Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
 # All rights reserved.
@@ -14,8 +17,7 @@ class Gem::Ext::RakeBuilder < Gem::Ext::Builder
     rake = ENV["rake"]
 
     if rake
-      require "shellwords"
-      rake = rake.shellsplit
+      rake = Shellwords.split(rake)
     else
       begin
         rake = ruby << "-rrubygems" << Gem.bin_path("rake", "rake")

data/lib/rubygems/shellwords.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+autoload :Shellwords, "shellwords"

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "3.4.14"
+  VERSION = "3.4.15"
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.4.14"
+  s.version = "3.4.15"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/utilities.rb

@@ -213,8 +213,9 @@ class Gem::MockBrowser
     end
   end
 
-  def self.post(uri)
-    post = Net::HTTP::Post.new(uri)
+  def self.post(uri, content_type: "application/x-www-form-urlencoded")
+    headers = { "content-type" => content_type } if content_type
+    post = Net::HTTP::Post.new(uri, headers)
     Net::HTTP.start(uri.hostname, uri.port) do |http|
       http.request(post)
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.4.14
+  version: 3.4.15
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-12 00:00:00.000000000 Z
+date: 2023-06-29 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality
@@ -565,6 +565,7 @@ files:
 - lib/rubygems/security/signer.rb
 - lib/rubygems/security/trust_dir.rb
 - lib/rubygems/security_option.rb
+- lib/rubygems/shellwords.rb
 - lib/rubygems/source.rb
 - lib/rubygems/source/git.rb
 - lib/rubygems/source/installed.rb
@@ -842,7 +843,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.14
+rubygems_version: 3.4.15
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby. This gem is downloaded