rubygems-update 3.4.22 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (540) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +105 -2
  3. data/Manifest.txt +46 -221
  4. data/README.md +1 -3
  5. data/bundler/CHANGELOG.md +63 -0
  6. data/bundler/bundler.gemspec +4 -2
  7. data/bundler/exe/bundle +1 -10
  8. data/bundler/lib/bundler/build_metadata.rb +3 -3
  9. data/bundler/lib/bundler/capistrano.rb +1 -1
  10. data/bundler/lib/bundler/checksum.rb +254 -0
  11. data/bundler/lib/bundler/ci_detector.rb +75 -0
  12. data/bundler/lib/bundler/cli/add.rb +3 -3
  13. data/bundler/lib/bundler/cli/binstubs.rb +4 -4
  14. data/bundler/lib/bundler/cli/cache.rb +1 -1
  15. data/bundler/lib/bundler/cli/check.rb +1 -1
  16. data/bundler/lib/bundler/cli/common.rb +9 -1
  17. data/bundler/lib/bundler/cli/config.rb +8 -7
  18. data/bundler/lib/bundler/cli/console.rb +3 -2
  19. data/bundler/lib/bundler/cli/doctor.rb +2 -2
  20. data/bundler/lib/bundler/cli/exec.rb +1 -1
  21. data/bundler/lib/bundler/cli/gem.rb +28 -23
  22. data/bundler/lib/bundler/cli/info.rb +2 -13
  23. data/bundler/lib/bundler/cli/install.rb +5 -4
  24. data/bundler/lib/bundler/cli/issue.rb +1 -1
  25. data/bundler/lib/bundler/cli/lock.rb +4 -4
  26. data/bundler/lib/bundler/cli/open.rb +1 -1
  27. data/bundler/lib/bundler/cli/outdated.rb +6 -6
  28. data/bundler/lib/bundler/cli/plugin.rb +7 -14
  29. data/bundler/lib/bundler/cli/pristine.rb +38 -30
  30. data/bundler/lib/bundler/cli/show.rb +2 -2
  31. data/bundler/lib/bundler/cli/update.rb +5 -5
  32. data/bundler/lib/bundler/cli.rb +215 -263
  33. data/bundler/lib/bundler/compact_index_client/cache.rb +29 -9
  34. data/bundler/lib/bundler/compact_index_client/cache_file.rb +153 -0
  35. data/bundler/lib/bundler/compact_index_client/gem_parser.rb +7 -3
  36. data/bundler/lib/bundler/compact_index_client/updater.rb +79 -81
  37. data/bundler/lib/bundler/compact_index_client.rb +14 -7
  38. data/bundler/lib/bundler/constants.rb +1 -1
  39. data/bundler/lib/bundler/current_ruby.rb +5 -21
  40. data/bundler/lib/bundler/definition.rb +42 -15
  41. data/bundler/lib/bundler/dependency.rb +16 -12
  42. data/bundler/lib/bundler/digest.rb +2 -2
  43. data/bundler/lib/bundler/dsl.rb +46 -30
  44. data/bundler/lib/bundler/endpoint_specification.rb +5 -1
  45. data/bundler/lib/bundler/env.rb +1 -3
  46. data/bundler/lib/bundler/errors.rb +43 -0
  47. data/bundler/lib/bundler/fetcher/base.rb +3 -1
  48. data/bundler/lib/bundler/fetcher/compact_index.rb +4 -4
  49. data/bundler/lib/bundler/fetcher/downloader.rb +13 -11
  50. data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
  51. data/bundler/lib/bundler/fetcher/index.rb +1 -1
  52. data/bundler/lib/bundler/fetcher.rb +28 -25
  53. data/bundler/lib/bundler/friendly_errors.rb +5 -5
  54. data/bundler/lib/bundler/gem_helper.rb +1 -1
  55. data/bundler/lib/bundler/gem_helpers.rb +5 -2
  56. data/bundler/lib/bundler/graph.rb +9 -9
  57. data/bundler/lib/bundler/index.rb +1 -2
  58. data/bundler/lib/bundler/injector.rb +1 -1
  59. data/bundler/lib/bundler/inline.rb +3 -3
  60. data/bundler/lib/bundler/installer/gem_installer.rb +5 -5
  61. data/bundler/lib/bundler/installer/parallel_installer.rb +16 -8
  62. data/bundler/lib/bundler/installer/standalone.rb +2 -3
  63. data/bundler/lib/bundler/installer.rb +9 -9
  64. data/bundler/lib/bundler/lazy_specification.rb +24 -17
  65. data/bundler/lib/bundler/lockfile_generator.rb +9 -0
  66. data/bundler/lib/bundler/lockfile_parser.rb +81 -10
  67. data/bundler/lib/bundler/man/bundle-add.1 +3 -26
  68. data/bundler/lib/bundler/man/bundle-binstubs.1 +4 -16
  69. data/bundler/lib/bundler/man/bundle-cache.1 +3 -24
  70. data/bundler/lib/bundler/man/bundle-check.1 +3 -12
  71. data/bundler/lib/bundler/man/bundle-clean.1 +3 -10
  72. data/bundler/lib/bundler/man/bundle-config.1 +20 -211
  73. data/bundler/lib/bundler/man/bundle-config.1.ronn +6 -0
  74. data/bundler/lib/bundler/man/bundle-console.1 +4 -22
  75. data/bundler/lib/bundler/man/bundle-doctor.1 +4 -18
  76. data/bundler/lib/bundler/man/bundle-exec.1 +12 -73
  77. data/bundler/lib/bundler/man/bundle-gem.1 +13 -49
  78. data/bundler/lib/bundler/man/bundle-help.1 +3 -7
  79. data/bundler/lib/bundler/man/bundle-info.1 +3 -9
  80. data/bundler/lib/bundler/man/bundle-init.1 +3 -12
  81. data/bundler/lib/bundler/man/bundle-inject.1 +6 -19
  82. data/bundler/lib/bundler/man/bundle-install.1 +27 -125
  83. data/bundler/lib/bundler/man/bundle-install.1.ronn +1 -0
  84. data/bundler/lib/bundler/man/bundle-list.1 +4 -19
  85. data/bundler/lib/bundler/man/bundle-lock.1 +5 -29
  86. data/bundler/lib/bundler/man/bundle-open.1 +7 -27
  87. data/bundler/lib/bundler/man/bundle-outdated.1 +3 -55
  88. data/bundler/lib/bundler/man/bundle-outdated.1.ronn +1 -0
  89. data/bundler/lib/bundler/man/bundle-platform.1 +5 -27
  90. data/bundler/lib/bundler/man/bundle-plugin.1 +3 -29
  91. data/bundler/lib/bundler/man/bundle-pristine.1 +5 -16
  92. data/bundler/lib/bundler/man/bundle-remove.1 +4 -14
  93. data/bundler/lib/bundler/man/bundle-show.1 +3 -10
  94. data/bundler/lib/bundler/man/bundle-update.1 +18 -137
  95. data/bundler/lib/bundler/man/bundle-version.1 +3 -16
  96. data/bundler/lib/bundler/man/bundle-viz.1 +4 -16
  97. data/bundler/lib/bundler/man/bundle.1 +5 -44
  98. data/bundler/lib/bundler/man/gemfile.5 +24 -301
  99. data/bundler/lib/bundler/man/gemfile.5.ronn +4 -0
  100. data/bundler/lib/bundler/match_metadata.rb +4 -0
  101. data/bundler/lib/bundler/match_platform.rb +1 -1
  102. data/bundler/lib/bundler/plugin/api/source.rb +3 -2
  103. data/bundler/lib/bundler/plugin/installer.rb +1 -1
  104. data/bundler/lib/bundler/plugin.rb +3 -3
  105. data/bundler/lib/bundler/resolver/base.rb +1 -1
  106. data/bundler/lib/bundler/resolver/incompatibility.rb +1 -1
  107. data/bundler/lib/bundler/resolver/spec_group.rb +1 -4
  108. data/bundler/lib/bundler/resolver.rb +16 -16
  109. data/bundler/lib/bundler/ruby_dsl.rb +20 -12
  110. data/bundler/lib/bundler/ruby_version.rb +1 -1
  111. data/bundler/lib/bundler/rubygems_ext.rb +24 -50
  112. data/bundler/lib/bundler/rubygems_gem_installer.rb +6 -56
  113. data/bundler/lib/bundler/rubygems_integration.rb +25 -94
  114. data/bundler/lib/bundler/runtime.rb +2 -2
  115. data/bundler/lib/bundler/self_manager.rb +23 -7
  116. data/bundler/lib/bundler/settings.rb +27 -7
  117. data/bundler/lib/bundler/setup.rb +4 -1
  118. data/bundler/lib/bundler/shared_helpers.rb +35 -13
  119. data/bundler/lib/bundler/source/git/git_proxy.rb +15 -15
  120. data/bundler/lib/bundler/source/git.rb +4 -3
  121. data/bundler/lib/bundler/source/metadata.rb +15 -15
  122. data/bundler/lib/bundler/source/path.rb +7 -6
  123. data/bundler/lib/bundler/source/rubygems.rb +21 -14
  124. data/bundler/lib/bundler/source.rb +2 -0
  125. data/bundler/lib/bundler/spec_set.rb +38 -10
  126. data/bundler/lib/bundler/stub_specification.rb +1 -0
  127. data/bundler/lib/bundler/templates/Executable.bundler +1 -1
  128. data/bundler/lib/bundler/templates/newgem/README.md.tt +3 -3
  129. data/bundler/lib/bundler/templates/newgem/Rakefile.tt +2 -6
  130. data/bundler/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +1 -1
  131. data/bundler/lib/bundler/templates/newgem/standard.yml.tt +1 -1
  132. data/bundler/lib/bundler/ui/shell.rb +1 -1
  133. data/bundler/lib/bundler/vendor/connection_pool/.document +1 -0
  134. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
  135. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +53 -6
  136. data/bundler/lib/bundler/vendor/fileutils/.document +1 -0
  137. data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +8 -20
  138. data/bundler/lib/bundler/vendor/net-http-persistent/.document +1 -0
  139. data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +3 -3
  140. data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +2 -2
  141. data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +1 -1
  142. data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +34 -34
  143. data/bundler/lib/bundler/vendor/pub_grub/.document +1 -0
  144. data/bundler/lib/bundler/vendor/thor/.document +1 -0
  145. data/bundler/lib/bundler/vendor/tsort/.document +1 -0
  146. data/bundler/lib/bundler/vendor/tsort/lib/tsort.rb +3 -0
  147. data/bundler/lib/bundler/vendor/uri/.document +1 -0
  148. data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb +256 -132
  149. data/bundler/lib/bundler/vendor/uri/lib/uri/generic.rb +1 -0
  150. data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +95 -31
  151. data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
  152. data/bundler/lib/bundler/vendored_net_http.rb +8 -0
  153. data/bundler/lib/bundler/vendored_persistent.rb +0 -4
  154. data/bundler/lib/bundler/vendored_timeout.rb +8 -0
  155. data/bundler/lib/bundler/version.rb +1 -1
  156. data/bundler/lib/bundler/vlad.rb +1 -1
  157. data/bundler/lib/bundler/yaml_serializer.rb +3 -3
  158. data/bundler/lib/bundler.rb +41 -32
  159. data/lib/rubygems/available_set.rb +4 -4
  160. data/lib/rubygems/basic_specification.rb +35 -37
  161. data/lib/rubygems/bundler_version_finder.rb +4 -4
  162. data/lib/rubygems/ci_detector.rb +75 -0
  163. data/lib/rubygems/command.rb +13 -15
  164. data/lib/rubygems/command_manager.rb +5 -4
  165. data/lib/rubygems/commands/build_command.rb +2 -2
  166. data/lib/rubygems/commands/cert_command.rb +1 -2
  167. data/lib/rubygems/commands/check_command.rb +4 -4
  168. data/lib/rubygems/commands/cleanup_command.rb +12 -14
  169. data/lib/rubygems/commands/contents_command.rb +4 -4
  170. data/lib/rubygems/commands/dependency_command.rb +4 -5
  171. data/lib/rubygems/commands/environment_command.rb +1 -3
  172. data/lib/rubygems/commands/exec_command.rb +1 -1
  173. data/lib/rubygems/commands/fetch_command.rb +2 -2
  174. data/lib/rubygems/commands/generate_index_command.rb +39 -74
  175. data/lib/rubygems/commands/help_command.rb +3 -3
  176. data/lib/rubygems/commands/info_command.rb +2 -2
  177. data/lib/rubygems/commands/install_command.rb +8 -16
  178. data/lib/rubygems/commands/list_command.rb +2 -2
  179. data/lib/rubygems/commands/lock_command.rb +1 -1
  180. data/lib/rubygems/commands/open_command.rb +1 -1
  181. data/lib/rubygems/commands/owner_command.rb +1 -1
  182. data/lib/rubygems/commands/pristine_command.rb +13 -15
  183. data/lib/rubygems/commands/push_command.rb +2 -2
  184. data/lib/rubygems/commands/query_command.rb +4 -5
  185. data/lib/rubygems/commands/rdoc_command.rb +2 -2
  186. data/lib/rubygems/commands/search_command.rb +2 -2
  187. data/lib/rubygems/commands/setup_command.rb +31 -34
  188. data/lib/rubygems/commands/sources_command.rb +12 -12
  189. data/lib/rubygems/commands/specification_command.rb +10 -10
  190. data/lib/rubygems/commands/stale_command.rb +1 -1
  191. data/lib/rubygems/commands/uninstall_command.rb +9 -10
  192. data/lib/rubygems/commands/unpack_command.rb +4 -4
  193. data/lib/rubygems/commands/update_command.rb +10 -12
  194. data/lib/rubygems/commands/which_command.rb +1 -1
  195. data/lib/rubygems/commands/yank_command.rb +1 -1
  196. data/lib/rubygems/compatibility.rb +5 -6
  197. data/lib/rubygems/config_file.rb +4 -4
  198. data/lib/rubygems/core_ext/kernel_gem.rb +0 -2
  199. data/lib/rubygems/core_ext/kernel_require.rb +19 -48
  200. data/lib/rubygems/core_ext/kernel_warn.rb +1 -1
  201. data/lib/rubygems/core_ext/tcpsocket_init.rb +1 -1
  202. data/lib/rubygems/defaults.rb +15 -3
  203. data/lib/rubygems/dependency.rb +12 -14
  204. data/lib/rubygems/dependency_installer.rb +29 -30
  205. data/lib/rubygems/dependency_list.rb +1 -1
  206. data/lib/rubygems/deprecate.rb +16 -15
  207. data/lib/rubygems/doctor.rb +5 -5
  208. data/lib/rubygems/errors.rb +2 -6
  209. data/lib/rubygems/exceptions.rb +2 -1
  210. data/lib/rubygems/ext/builder.rb +15 -10
  211. data/lib/rubygems/ext/cargo_builder.rb +5 -5
  212. data/lib/rubygems/ext/ext_conf_builder.rb +1 -3
  213. data/lib/rubygems/gem_runner.rb +4 -4
  214. data/lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb +3 -3
  215. data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -3
  216. data/lib/rubygems/gemcutter_utilities.rb +18 -19
  217. data/lib/rubygems/install_update_options.rb +18 -19
  218. data/lib/rubygems/installer.rb +59 -33
  219. data/lib/rubygems/installer_uninstaller_utils.rb +0 -2
  220. data/lib/rubygems/local_remote_options.rb +7 -10
  221. data/lib/rubygems/name_tuple.rb +7 -9
  222. data/lib/rubygems/net/http.rb +3 -0
  223. data/lib/rubygems/net-http/.document +1 -0
  224. data/lib/rubygems/net-http/LICENSE.txt +22 -0
  225. data/lib/rubygems/net-http/lib/net/http/backward.rb +40 -0
  226. data/lib/rubygems/net-http/lib/net/http/exceptions.rb +34 -0
  227. data/lib/rubygems/net-http/lib/net/http/generic_request.rb +414 -0
  228. data/lib/rubygems/net-http/lib/net/http/header.rb +981 -0
  229. data/lib/rubygems/net-http/lib/net/http/proxy_delta.rb +17 -0
  230. data/lib/rubygems/net-http/lib/net/http/request.rb +88 -0
  231. data/lib/rubygems/net-http/lib/net/http/requests.rb +425 -0
  232. data/lib/rubygems/net-http/lib/net/http/response.rb +738 -0
  233. data/lib/rubygems/net-http/lib/net/http/responses.rb +1174 -0
  234. data/lib/rubygems/net-http/lib/net/http/status.rb +84 -0
  235. data/lib/rubygems/net-http/lib/net/http.rb +2496 -0
  236. data/lib/rubygems/net-http/lib/net/https.rb +23 -0
  237. data/lib/rubygems/net-protocol/.document +1 -0
  238. data/lib/rubygems/net-protocol/LICENSE.txt +22 -0
  239. data/lib/rubygems/net-protocol/lib/net/protocol.rb +544 -0
  240. data/lib/rubygems/optparse/lib/optparse.rb +39 -17
  241. data/lib/rubygems/package/old.rb +2 -2
  242. data/lib/rubygems/package/tar_header.rb +45 -39
  243. data/lib/rubygems/package/tar_reader/entry.rb +5 -4
  244. data/lib/rubygems/package/tar_reader.rb +5 -3
  245. data/lib/rubygems/package/tar_writer.rb +19 -17
  246. data/lib/rubygems/package.rb +27 -26
  247. data/lib/rubygems/package_task.rb +2 -2
  248. data/lib/rubygems/path_support.rb +9 -10
  249. data/lib/rubygems/platform.rb +60 -45
  250. data/lib/rubygems/query_utils.rb +7 -9
  251. data/lib/rubygems/remote_fetcher.rb +15 -15
  252. data/lib/rubygems/request/connection_pools.rb +3 -3
  253. data/lib/rubygems/request.rb +20 -17
  254. data/lib/rubygems/request_set/gem_dependency_api.rb +119 -122
  255. data/lib/rubygems/request_set/lockfile/parser.rb +9 -9
  256. data/lib/rubygems/request_set/lockfile/tokenizer.rb +20 -12
  257. data/lib/rubygems/request_set/lockfile.rb +6 -11
  258. data/lib/rubygems/request_set.rb +5 -5
  259. data/lib/rubygems/requirement.rb +7 -7
  260. data/lib/rubygems/resolv/.document +1 -0
  261. data/lib/rubygems/resolv/LICENSE.txt +22 -0
  262. data/lib/rubygems/resolv/lib/resolv.rb +3387 -0
  263. data/lib/rubygems/resolver/activation_request.rb +1 -3
  264. data/lib/rubygems/resolver/api_set/gem_parser.rb +7 -3
  265. data/lib/rubygems/resolver/best_set.rb +1 -1
  266. data/lib/rubygems/resolver/composed_set.rb +1 -1
  267. data/lib/rubygems/resolver/conflict.rb +4 -12
  268. data/lib/rubygems/resolver/index_set.rb +4 -4
  269. data/lib/rubygems/resolver/index_specification.rb +2 -2
  270. data/lib/rubygems/resolver/installer_set.rb +5 -6
  271. data/lib/rubygems/resolver/lock_set.rb +1 -1
  272. data/lib/rubygems/resolver/molinillo/.document +1 -0
  273. data/lib/rubygems/resolver.rb +3 -10
  274. data/lib/rubygems/s3_uri_signer.rb +6 -6
  275. data/lib/rubygems/safe_marshal/elements.rb +138 -0
  276. data/lib/rubygems/safe_marshal/reader.rb +306 -0
  277. data/lib/rubygems/safe_marshal/visitors/stream_printer.rb +31 -0
  278. data/lib/rubygems/safe_marshal/visitors/to_ruby.rb +385 -0
  279. data/lib/rubygems/safe_marshal/visitors/visitor.rb +74 -0
  280. data/lib/rubygems/safe_marshal.rb +74 -0
  281. data/lib/rubygems/safe_yaml.rb +5 -28
  282. data/lib/rubygems/security/policies.rb +36 -38
  283. data/lib/rubygems/security/policy.rb +7 -11
  284. data/lib/rubygems/security/signer.rb +1 -1
  285. data/lib/rubygems/security/trust_dir.rb +3 -3
  286. data/lib/rubygems/security.rb +8 -22
  287. data/lib/rubygems/source/git.rb +1 -3
  288. data/lib/rubygems/source/installed.rb +0 -2
  289. data/lib/rubygems/source/local.rb +5 -8
  290. data/lib/rubygems/source/lock.rb +1 -3
  291. data/lib/rubygems/source/specific_file.rb +0 -1
  292. data/lib/rubygems/source/vendor.rb +0 -2
  293. data/lib/rubygems/source.rb +12 -12
  294. data/lib/rubygems/source_list.rb +4 -4
  295. data/lib/rubygems/spec_fetcher.rb +29 -29
  296. data/lib/rubygems/specification.rb +125 -138
  297. data/lib/rubygems/specification_policy.rb +55 -25
  298. data/lib/rubygems/stub_specification.rb +4 -5
  299. data/lib/rubygems/text.rb +1 -2
  300. data/lib/rubygems/timeout/.document +1 -0
  301. data/lib/rubygems/timeout/LICENSE.txt +22 -0
  302. data/lib/rubygems/timeout/lib/timeout.rb +199 -0
  303. data/lib/rubygems/timeout.rb +3 -0
  304. data/lib/rubygems/tsort/lib/tsort.rb +3 -0
  305. data/lib/rubygems/uninstaller.rb +7 -9
  306. data/lib/rubygems/update_suggestion.rb +5 -18
  307. data/lib/rubygems/uri_formatter.rb +1 -1
  308. data/lib/rubygems/user_interaction.rb +15 -21
  309. data/lib/rubygems/util/licenses.rb +65 -35
  310. data/lib/rubygems/util/list.rb +3 -1
  311. data/lib/rubygems/util.rb +2 -4
  312. data/lib/rubygems/validator.rb +5 -3
  313. data/lib/rubygems/version.rb +34 -28
  314. data/lib/rubygems/version_option.rb +2 -5
  315. data/lib/rubygems/yaml_serializer.rb +3 -3
  316. data/lib/rubygems.rb +37 -37
  317. data/rubygems-update.gemspec +4 -4
  318. data/setup.rb +2 -2
  319. metadata +50 -225
  320. data/lib/rubygems/indexer.rb +0 -428
  321. data/lib/rubygems/mock_gem_ui.rb +0 -86
  322. data/test/rubygems/alternate_cert.pem +0 -19
  323. data/test/rubygems/alternate_cert_32.pem +0 -19
  324. data/test/rubygems/alternate_key.pem +0 -27
  325. data/test/rubygems/bad_rake.rb +0 -3
  326. data/test/rubygems/bundler_test_gem.rb +0 -424
  327. data/test/rubygems/ca_cert.pem +0 -77
  328. data/test/rubygems/child_cert.pem +0 -19
  329. data/test/rubygems/child_cert_32.pem +0 -19
  330. data/test/rubygems/child_key.pem +0 -27
  331. data/test/rubygems/client.pem +0 -107
  332. data/test/rubygems/data/excon-0.7.7.gemspec.rz +0 -0
  333. data/test/rubygems/data/gem-private_key.pem +0 -27
  334. data/test/rubygems/data/gem-public_cert.pem +0 -20
  335. data/test/rubygems/data/null-required-ruby-version.gemspec.rz +0 -0
  336. data/test/rubygems/data/null-required-rubygems-version.gemspec.rz +0 -0
  337. data/test/rubygems/data/pry-0.4.7.gemspec.rz +0 -0
  338. data/test/rubygems/encrypted_private_key.pem +0 -30
  339. data/test/rubygems/expired_cert.pem +0 -19
  340. data/test/rubygems/fake_certlib/openssl.rb +0 -9
  341. data/test/rubygems/foo/discover.rb +0 -1
  342. data/test/rubygems/future_cert.pem +0 -19
  343. data/test/rubygems/future_cert_32.pem +0 -19
  344. data/test/rubygems/good_rake.rb +0 -3
  345. data/test/rubygems/grandchild_cert.pem +0 -19
  346. data/test/rubygems/grandchild_cert_32.pem +0 -19
  347. data/test/rubygems/grandchild_key.pem +0 -27
  348. data/test/rubygems/helper.rb +0 -1649
  349. data/test/rubygems/installer_test_case.rb +0 -248
  350. data/test/rubygems/invalid_client.pem +0 -49
  351. data/test/rubygems/invalid_issuer_cert.pem +0 -20
  352. data/test/rubygems/invalid_issuer_cert_32.pem +0 -20
  353. data/test/rubygems/invalid_key.pem +0 -27
  354. data/test/rubygems/invalid_signer_cert.pem +0 -19
  355. data/test/rubygems/invalid_signer_cert_32.pem +0 -19
  356. data/test/rubygems/invalidchild_cert.pem +0 -19
  357. data/test/rubygems/invalidchild_cert_32.pem +0 -19
  358. data/test/rubygems/invalidchild_key.pem +0 -27
  359. data/test/rubygems/multifactor_auth_utilities.rb +0 -111
  360. data/test/rubygems/package/tar_test_case.rb +0 -175
  361. data/test/rubygems/packages/Bluebie-legs-0.6.2.gem +0 -0
  362. data/test/rubygems/packages/ascii_binder-0.1.10.1.gem +0 -0
  363. data/test/rubygems/packages/ill-formatted-platform-1.0.0.10.gem +0 -0
  364. data/test/rubygems/plugin/exception/rubygems_plugin.rb +0 -4
  365. data/test/rubygems/plugin/load/rubygems_plugin.rb +0 -5
  366. data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +0 -4
  367. data/test/rubygems/private3072_key.pem +0 -40
  368. data/test/rubygems/private_ec_key.pem +0 -9
  369. data/test/rubygems/private_key.pem +0 -27
  370. data/test/rubygems/public3072_cert.pem +0 -25
  371. data/test/rubygems/public_cert.pem +0 -20
  372. data/test/rubygems/public_cert_32.pem +0 -19
  373. data/test/rubygems/public_key.pem +0 -9
  374. data/test/rubygems/rubygems/commands/crash_command.rb +0 -5
  375. data/test/rubygems/rubygems_plugin.rb +0 -24
  376. data/test/rubygems/sff/discover.rb +0 -1
  377. data/test/rubygems/simple_gem.rb +0 -68
  378. data/test/rubygems/specifications/bar-0.0.2.gemspec +0 -9
  379. data/test/rubygems/specifications/foo-0.0.1-x86-mswin32.gemspec +0 -0
  380. data/test/rubygems/specifications/rubyforge-0.0.1.gemspec +0 -14
  381. data/test/rubygems/ssl_cert.pem +0 -80
  382. data/test/rubygems/ssl_key.pem +0 -27
  383. data/test/rubygems/test_bundled_ca.rb +0 -61
  384. data/test/rubygems/test_config.rb +0 -28
  385. data/test/rubygems/test_deprecate.rb +0 -158
  386. data/test/rubygems/test_exit.rb +0 -17
  387. data/test/rubygems/test_gem.rb +0 -1799
  388. data/test/rubygems/test_gem_available_set.rb +0 -130
  389. data/test/rubygems/test_gem_bundler_version_finder.rb +0 -127
  390. data/test/rubygems/test_gem_command.rb +0 -403
  391. data/test/rubygems/test_gem_command_manager.rb +0 -400
  392. data/test/rubygems/test_gem_commands_build_command.rb +0 -739
  393. data/test/rubygems/test_gem_commands_cert_command.rb +0 -866
  394. data/test/rubygems/test_gem_commands_check_command.rb +0 -68
  395. data/test/rubygems/test_gem_commands_cleanup_command.rb +0 -292
  396. data/test/rubygems/test_gem_commands_contents_command.rb +0 -271
  397. data/test/rubygems/test_gem_commands_dependency_command.rb +0 -228
  398. data/test/rubygems/test_gem_commands_environment_command.rb +0 -169
  399. data/test/rubygems/test_gem_commands_exec_command.rb +0 -857
  400. data/test/rubygems/test_gem_commands_fetch_command.rb +0 -258
  401. data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -81
  402. data/test/rubygems/test_gem_commands_help_command.rb +0 -94
  403. data/test/rubygems/test_gem_commands_info_command.rb +0 -70
  404. data/test/rubygems/test_gem_commands_install_command.rb +0 -1573
  405. data/test/rubygems/test_gem_commands_list_command.rb +0 -33
  406. data/test/rubygems/test_gem_commands_lock_command.rb +0 -67
  407. data/test/rubygems/test_gem_commands_mirror.rb +0 -20
  408. data/test/rubygems/test_gem_commands_open_command.rb +0 -101
  409. data/test/rubygems/test_gem_commands_outdated_command.rb +0 -50
  410. data/test/rubygems/test_gem_commands_owner_command.rb +0 -503
  411. data/test/rubygems/test_gem_commands_pristine_command.rb +0 -708
  412. data/test/rubygems/test_gem_commands_push_command.rb +0 -603
  413. data/test/rubygems/test_gem_commands_query_command.rb +0 -858
  414. data/test/rubygems/test_gem_commands_search_command.rb +0 -16
  415. data/test/rubygems/test_gem_commands_server_command.rb +0 -20
  416. data/test/rubygems/test_gem_commands_setup_command.rb +0 -474
  417. data/test/rubygems/test_gem_commands_signin_command.rb +0 -259
  418. data/test/rubygems/test_gem_commands_signout_command.rb +0 -30
  419. data/test/rubygems/test_gem_commands_sources_command.rb +0 -534
  420. data/test/rubygems/test_gem_commands_specification_command.rb +0 -277
  421. data/test/rubygems/test_gem_commands_stale_command.rb +0 -43
  422. data/test/rubygems/test_gem_commands_uninstall_command.rb +0 -542
  423. data/test/rubygems/test_gem_commands_unpack_command.rb +0 -224
  424. data/test/rubygems/test_gem_commands_update_command.rb +0 -836
  425. data/test/rubygems/test_gem_commands_which_command.rb +0 -85
  426. data/test/rubygems/test_gem_commands_yank_command.rb +0 -299
  427. data/test/rubygems/test_gem_config_file.rb +0 -551
  428. data/test/rubygems/test_gem_dependency.rb +0 -398
  429. data/test/rubygems/test_gem_dependency_installer.rb +0 -1190
  430. data/test/rubygems/test_gem_dependency_list.rb +0 -265
  431. data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -27
  432. data/test/rubygems/test_gem_doctor.rb +0 -195
  433. data/test/rubygems/test_gem_ext_builder.rb +0 -337
  434. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/.gitignore +0 -1
  435. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/custom_name.gemspec +0 -10
  436. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock +0 -249
  437. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.toml +0 -10
  438. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/src/lib.rs +0 -27
  439. data/test/rubygems/test_gem_ext_cargo_builder/custom_name/lib/custom_name.rb +0 -3
  440. data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/.gitignore +0 -1
  441. data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock +0 -249
  442. data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml +0 -10
  443. data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/rust_ruby_example.gemspec +0 -10
  444. data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/src/lib.rs +0 -51
  445. data/test/rubygems/test_gem_ext_cargo_builder.rb +0 -167
  446. data/test/rubygems/test_gem_ext_cargo_builder_link_flag_converter.rb +0 -34
  447. data/test/rubygems/test_gem_ext_cargo_builder_unit.rb +0 -60
  448. data/test/rubygems/test_gem_ext_cmake_builder.rb +0 -84
  449. data/test/rubygems/test_gem_ext_configure_builder.rb +0 -80
  450. data/test/rubygems/test_gem_ext_ext_conf_builder.rb +0 -229
  451. data/test/rubygems/test_gem_ext_rake_builder.rb +0 -113
  452. data/test/rubygems/test_gem_gem_runner.rb +0 -119
  453. data/test/rubygems/test_gem_gemcutter_utilities.rb +0 -361
  454. data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -60
  455. data/test/rubygems/test_gem_indexer.rb +0 -381
  456. data/test/rubygems/test_gem_install_update_options.rb +0 -208
  457. data/test/rubygems/test_gem_installer.rb +0 -2512
  458. data/test/rubygems/test_gem_local_remote_options.rb +0 -133
  459. data/test/rubygems/test_gem_name_tuple.rb +0 -43
  460. data/test/rubygems/test_gem_package.rb +0 -1306
  461. data/test/rubygems/test_gem_package_old.rb +0 -91
  462. data/test/rubygems/test_gem_package_tar_header.rb +0 -226
  463. data/test/rubygems/test_gem_package_tar_reader.rb +0 -150
  464. data/test/rubygems/test_gem_package_tar_reader_entry.rb +0 -350
  465. data/test/rubygems/test_gem_package_tar_writer.rb +0 -331
  466. data/test/rubygems/test_gem_package_task.rb +0 -118
  467. data/test/rubygems/test_gem_path_support.rb +0 -139
  468. data/test/rubygems/test_gem_platform.rb +0 -497
  469. data/test/rubygems/test_gem_rdoc.rb +0 -137
  470. data/test/rubygems/test_gem_remote_fetcher.rb +0 -1227
  471. data/test/rubygems/test_gem_request.rb +0 -547
  472. data/test/rubygems/test_gem_request_connection_pools.rb +0 -152
  473. data/test/rubygems/test_gem_request_set.rb +0 -672
  474. data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +0 -853
  475. data/test/rubygems/test_gem_request_set_lockfile.rb +0 -469
  476. data/test/rubygems/test_gem_request_set_lockfile_parser.rb +0 -544
  477. data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +0 -307
  478. data/test/rubygems/test_gem_requirement.rb +0 -505
  479. data/test/rubygems/test_gem_resolver.rb +0 -859
  480. data/test/rubygems/test_gem_resolver_activation_request.rb +0 -43
  481. data/test/rubygems/test_gem_resolver_api_set.rb +0 -210
  482. data/test/rubygems/test_gem_resolver_api_specification.rb +0 -167
  483. data/test/rubygems/test_gem_resolver_best_set.rb +0 -159
  484. data/test/rubygems/test_gem_resolver_composed_set.rb +0 -44
  485. data/test/rubygems/test_gem_resolver_conflict.rb +0 -82
  486. data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -83
  487. data/test/rubygems/test_gem_resolver_git_set.rb +0 -188
  488. data/test/rubygems/test_gem_resolver_git_specification.rb +0 -114
  489. data/test/rubygems/test_gem_resolver_index_set.rb +0 -88
  490. data/test/rubygems/test_gem_resolver_index_specification.rb +0 -93
  491. data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -47
  492. data/test/rubygems/test_gem_resolver_installer_set.rb +0 -320
  493. data/test/rubygems/test_gem_resolver_local_specification.rb +0 -44
  494. data/test/rubygems/test_gem_resolver_lock_set.rb +0 -62
  495. data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -98
  496. data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -19
  497. data/test/rubygems/test_gem_resolver_specification.rb +0 -63
  498. data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -82
  499. data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -82
  500. data/test/rubygems/test_gem_security.rb +0 -341
  501. data/test/rubygems/test_gem_security_policy.rb +0 -535
  502. data/test/rubygems/test_gem_security_signer.rb +0 -218
  503. data/test/rubygems/test_gem_security_trust_dir.rb +0 -99
  504. data/test/rubygems/test_gem_silent_ui.rb +0 -123
  505. data/test/rubygems/test_gem_source.rb +0 -254
  506. data/test/rubygems/test_gem_source_fetch_problem.rb +0 -37
  507. data/test/rubygems/test_gem_source_git.rb +0 -310
  508. data/test/rubygems/test_gem_source_installed.rb +0 -35
  509. data/test/rubygems/test_gem_source_list.rb +0 -119
  510. data/test/rubygems/test_gem_source_local.rb +0 -107
  511. data/test/rubygems/test_gem_source_lock.rb +0 -113
  512. data/test/rubygems/test_gem_source_specific_file.rb +0 -76
  513. data/test/rubygems/test_gem_source_subpath_problem.rb +0 -50
  514. data/test/rubygems/test_gem_source_vendor.rb +0 -30
  515. data/test/rubygems/test_gem_spec_fetcher.rb +0 -338
  516. data/test/rubygems/test_gem_specification.rb +0 -3856
  517. data/test/rubygems/test_gem_stream_ui.rb +0 -255
  518. data/test/rubygems/test_gem_stub_specification.rb +0 -278
  519. data/test/rubygems/test_gem_text.rb +0 -103
  520. data/test/rubygems/test_gem_uninstaller.rb +0 -675
  521. data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -31
  522. data/test/rubygems/test_gem_update_suggestion.rb +0 -209
  523. data/test/rubygems/test_gem_uri.rb +0 -41
  524. data/test/rubygems/test_gem_uri_formatter.rb +0 -27
  525. data/test/rubygems/test_gem_util.rb +0 -91
  526. data/test/rubygems/test_gem_validator.rb +0 -42
  527. data/test/rubygems/test_gem_version.rb +0 -305
  528. data/test/rubygems/test_gem_version_option.rb +0 -165
  529. data/test/rubygems/test_kernel.rb +0 -124
  530. data/test/rubygems/test_project_sanity.rb +0 -49
  531. data/test/rubygems/test_remote_fetch_error.rb +0 -20
  532. data/test/rubygems/test_require.rb +0 -732
  533. data/test/rubygems/test_rubygems.rb +0 -76
  534. data/test/rubygems/test_webauthn_listener.rb +0 -143
  535. data/test/rubygems/test_webauthn_listener_response.rb +0 -93
  536. data/test/rubygems/test_webauthn_poller.rb +0 -124
  537. data/test/rubygems/utilities.rb +0 -436
  538. data/test/rubygems/wrong_key_cert.pem +0 -19
  539. data/test/rubygems/wrong_key_cert_32.pem +0 -19
  540. data/test/test_changelog_generator.rb +0 -17
@@ -18,7 +18,8 @@ module Bundler
18
18
  :platforms,
19
19
  :ruby_version,
20
20
  :lockfile,
21
- :gemfiles
21
+ :gemfiles,
22
+ :locked_checksums
22
23
  )
23
24
 
24
25
  # Given a gemfile and lockfile creates a Bundler definition
@@ -84,7 +85,7 @@ module Bundler
84
85
  @new_platform = nil
85
86
  @removed_platform = nil
86
87
 
87
- if lockfile && File.exist?(lockfile)
88
+ if lockfile_exists?
88
89
  @lockfile_contents = Bundler.read_file(lockfile)
89
90
  @locked_gems = LockfileParser.new(@lockfile_contents)
90
91
  @locked_platforms = @locked_gems.platforms
@@ -92,6 +93,7 @@ module Bundler
92
93
  @locked_bundler_version = @locked_gems.bundler_version
93
94
  @locked_ruby_version = @locked_gems.ruby_version
94
95
  @originally_locked_specs = SpecSet.new(@locked_gems.specs)
96
+ @locked_checksums = @locked_gems.checksums
95
97
 
96
98
  if unlock != true
97
99
  @locked_deps = @locked_gems.dependencies
@@ -112,6 +114,7 @@ module Bundler
112
114
  @originally_locked_specs = @locked_specs
113
115
  @locked_sources = []
114
116
  @locked_platforms = []
117
+ @locked_checksums = nil
115
118
  end
116
119
 
117
120
  locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@@ -245,8 +248,9 @@ module Bundler
245
248
  end
246
249
 
247
250
  def filter_relevant(dependencies)
251
+ platforms_array = [generic_local_platform].freeze
248
252
  dependencies.select do |d|
249
- d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
253
+ d.should_include? && !d.gem_platforms(platforms_array).empty?
250
254
  end
251
255
  end
252
256
 
@@ -270,9 +274,15 @@ module Bundler
270
274
 
271
275
  def dependencies_for(groups)
272
276
  groups.map!(&:to_sym)
273
- current_dependencies.reject do |d|
274
- (d.groups & groups).empty?
277
+ deps = current_dependencies # always returns a new array
278
+ deps.select! do |d|
279
+ if RUBY_VERSION >= "3.1"
280
+ d.groups.intersect?(groups)
281
+ else
282
+ !(d.groups & groups).empty?
283
+ end
275
284
  end
285
+ deps
276
286
  end
277
287
 
278
288
  # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -302,6 +312,10 @@ module Bundler
302
312
  end
303
313
  end
304
314
 
315
+ def should_complete_platforms?
316
+ !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
317
+ end
318
+
305
319
  def spec_git_paths
306
320
  sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
307
321
  end
@@ -328,7 +342,11 @@ module Bundler
328
342
 
329
343
  preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
330
344
 
331
- return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
345
+ if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
346
+ return if Bundler.frozen_bundle?
347
+ SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
348
+ return
349
+ end
332
350
 
333
351
  if Bundler.frozen_bundle?
334
352
  Bundler.ui.error "Cannot write a changed lockfile while frozen."
@@ -491,6 +509,10 @@ module Bundler
491
509
 
492
510
  private
493
511
 
512
+ def lockfile_exists?
513
+ lockfile && File.exist?(lockfile)
514
+ end
515
+
494
516
  def resolver
495
517
  @resolver ||= Resolver.new(resolution_packages, gem_version_promoter)
496
518
  end
@@ -510,7 +532,7 @@ module Bundler
510
532
  @resolution_packages ||= begin
511
533
  last_resolve = converge_locked_specs
512
534
  remove_invalid_platforms!(current_dependencies)
513
- packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, :locked_specs => @originally_locked_specs, :unlock => @unlock[:gems], :prerelease => gem_version_promoter.pre?)
535
+ packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlock[:gems], prerelease: gem_version_promoter.pre?)
514
536
  additional_base_requirements_for_resolve(packages, last_resolve)
515
537
  end
516
538
  end
@@ -567,11 +589,12 @@ module Bundler
567
589
  end
568
590
 
569
591
  def start_resolution
570
- result = resolver.start
592
+ result = SpecSet.new(resolver.start)
571
593
 
572
594
  @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
595
+ @platforms = result.complete_platforms!(platforms) if should_complete_platforms?
573
596
 
574
- SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
597
+ SpecSet.new(result.for(dependencies, false, @platforms))
575
598
  end
576
599
 
577
600
  def precompute_source_requirements_for_indirect_dependencies?
@@ -592,7 +615,7 @@ module Bundler
592
615
  end
593
616
 
594
617
  def current_ruby_platform_locked?
595
- return false unless generic_local_platform == Gem::Platform::RUBY
618
+ return false unless generic_local_platform_is_ruby?
596
619
  return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
597
620
 
598
621
  current_platform_locked?
@@ -657,8 +680,7 @@ module Bundler
657
680
  locked_index = Index.new
658
681
  locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
659
682
 
660
- # order here matters, since Index#== is checking source.specs.include?(locked_index)
661
- locked_index != source.specs
683
+ !locked_index.subset?(source.specs)
662
684
  rescue PathError, GitError => e
663
685
  Bundler.ui.debug "Assuming that #{source} has not changed since fetching its specs errored (#{e})"
664
686
  false
@@ -750,6 +772,11 @@ module Bundler
750
772
  changes = sources.replace_sources!(@locked_sources)
751
773
 
752
774
  sources.all_sources.each do |source|
775
+ # has to be done separately, because we want to keep the locked checksum
776
+ # store for a source, even when doing a full update
777
+ if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
778
+ source.checksum_store.merge!(locked_source.checksum_store)
779
+ end
753
780
  # If the source is unlockable and the current command allows an unlock of
754
781
  # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
755
782
  # gem), unlock it. For git sources, this means to unlock the revision, which
@@ -893,9 +920,9 @@ module Bundler
893
920
  source_requirements = if precompute_source_requirements_for_indirect_dependencies?
894
921
  all_requirements = source_map.all_requirements
895
922
  all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
896
- { :default => default_source }.merge(all_requirements)
923
+ { default: default_source }.merge(all_requirements)
897
924
  else
898
- { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
925
+ { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
899
926
  end
900
927
  source_requirements.merge!(source_map.locked_requirements) unless @remote
901
928
  metadata_dependencies.each do |dep|
@@ -959,7 +986,7 @@ module Bundler
959
986
  def remove_invalid_platforms!(dependencies)
960
987
  return if Bundler.frozen_bundle?
961
988
 
962
- platforms.each do |platform|
989
+ platforms.reverse_each do |platform|
963
990
  next if local_platform == platform ||
964
991
  (@new_platform && platforms.last == platform) ||
965
992
  @path_changes ||
@@ -9,18 +9,19 @@ module Bundler
9
9
  attr_reader :autorequire
10
10
  attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
11
11
 
12
- ALL_RUBY_VERSIONS = ((18..27).to_a + (30..33).to_a).freeze
12
+ ALL_RUBY_VERSIONS = (18..27).to_a.concat((30..34).to_a).freeze
13
13
  PLATFORM_MAP = {
14
- :ruby => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
15
- :mri => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
16
- :rbx => [Gem::Platform::RUBY],
17
- :truffleruby => [Gem::Platform::RUBY],
18
- :jruby => [Gem::Platform::JAVA, [18, 19]],
19
- :windows => [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
20
- :mswin => [Gem::Platform::MSWIN, ALL_RUBY_VERSIONS],
21
- :mswin64 => [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
22
- :mingw => [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
23
- :x64_mingw => [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
14
+ ruby: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
15
+ mri: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
16
+ rbx: [Gem::Platform::RUBY],
17
+ truffleruby: [Gem::Platform::RUBY],
18
+ jruby: [Gem::Platform::JAVA, [18, 19]],
19
+ windows: [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
20
+ # deprecated
21
+ mswin: [Gem::Platform::MSWIN, ALL_RUBY_VERSIONS],
22
+ mswin64: [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
23
+ mingw: [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
24
+ x64_mingw: [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
24
25
  }.each_with_object({}) do |(platform, spec), hash|
25
26
  hash[platform] = spec[0]
26
27
  spec[1]&.each {|version| hash[:"#{platform}_#{version}"] = spec[0] }
@@ -47,10 +48,13 @@ module Bundler
47
48
  @autorequire = Array(options["require"] || []) if options.key?("require")
48
49
  end
49
50
 
51
+ RUBY_PLATFORM_ARRAY = [Gem::Platform::RUBY].freeze
52
+ private_constant :RUBY_PLATFORM_ARRAY
53
+
50
54
  # Returns the platforms this dependency is valid for, in the same order as
51
55
  # passed in the `valid_platforms` parameter
52
56
  def gem_platforms(valid_platforms)
53
- return [Gem::Platform::RUBY] if force_ruby_platform
57
+ return RUBY_PLATFORM_ARRAY if force_ruby_platform
54
58
  return valid_platforms if @platforms.empty?
55
59
 
56
60
  valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }
@@ -26,7 +26,7 @@ module Bundler
26
26
  end
27
27
  a, b, c, d, e = *words
28
28
  (16..79).each do |i|
29
- w[i] = SHA1_MASK & rotate((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1)
29
+ w[i] = SHA1_MASK & rotate((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]), 1)
30
30
  end
31
31
  0.upto(79) do |i|
32
32
  case i
@@ -50,7 +50,7 @@ module Bundler
50
50
  words.map!.with_index {|word, index| SHA1_MASK & (word + mutated[index]) }
51
51
  end
52
52
 
53
- words.pack("N*").unpack("H*").first
53
+ words.pack("N*").unpack1("H*")
54
54
  end
55
55
 
56
56
  private
@@ -18,9 +18,9 @@ module Bundler
18
18
  VALID_KEYS = %w[group groups git path glob name branch ref tag require submodules
19
19
  platform platforms type source install_if gemfile force_ruby_platform].freeze
20
20
 
21
- GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}.freeze
21
+ GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}
22
22
 
23
- attr_reader :gemspecs
23
+ attr_reader :gemspecs, :gemfile
24
24
  attr_accessor :dependencies
25
25
 
26
26
  def initialize
@@ -46,7 +46,7 @@ module Bundler
46
46
  @gemfile = expanded_gemfile_path
47
47
  @gemfiles << expanded_gemfile_path
48
48
  contents ||= Bundler.read_file(@gemfile.to_s)
49
- instance_eval(contents.dup.tap {|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
49
+ instance_eval(contents, gemfile.to_s, 1)
50
50
  rescue Exception => e # rubocop:disable Lint/RescueException
51
51
  message = "There was an error " \
52
52
  "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -76,11 +76,11 @@ module Bundler
76
76
 
77
77
  @gemspecs << spec
78
78
 
79
- gem spec.name, :name => spec.name, :path => path, :glob => glob
79
+ gem spec.name, name: spec.name, path: path, glob: glob
80
80
 
81
81
  group(development_group) do
82
82
  spec.development_dependencies.each do |dep|
83
- gem dep.name, *(dep.requirement.as_list + [:type => :development])
83
+ gem dep.name, *(dep.requirement.as_list + [type: :development])
84
84
  end
85
85
  end
86
86
  when 0
@@ -102,38 +102,45 @@ module Bundler
102
102
 
103
103
  # if there's already a dependency with this name we try to prefer one
104
104
  if current = @dependencies.find {|d| d.name == dep.name }
105
+ # Always prefer the dependency from the Gemfile
105
106
  deleted_dep = @dependencies.delete(current) if current.type == :development
106
107
 
107
- unless deleted_dep
108
- if current.requirement != dep.requirement
109
- return if dep.type == :development
108
+ if current.requirement != dep.requirement
109
+ current_requirement_open = current.requirements_list.include?(">= 0")
110
110
 
111
+ if current.type == :development
112
+ unless current_requirement_open || dep.type == :development
113
+ Bundler.ui.warn "A gemspec development dependency (#{dep.name}, #{current.requirement}) is being overridden by a Gemfile dependency (#{dep.name}, #{dep.requirement}).\n" \
114
+ "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n" \
115
+ end
116
+ else
111
117
  update_prompt = ""
112
118
 
113
119
  if File.basename(@gemfile) == Injector::INJECTED_GEMS
114
- if dep.requirements_list.include?(">= 0") && !current.requirements_list.include?(">= 0")
120
+ if dep.requirements_list.include?(">= 0") && !current_requirement_open
115
121
  update_prompt = ". Gem already added"
116
122
  else
117
123
  update_prompt = ". If you want to update the gem version, run `bundle update #{current.name}`"
118
124
 
119
- update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current.requirements_list.include?(">= 0")
125
+ update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current_requirement_open
120
126
  end
121
127
  end
122
128
 
123
129
  raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
124
- "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
125
- "#{update_prompt}"
126
- elsif current.source != dep.source
127
- return if dep.type == :development
128
- raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
129
- "You specified that #{dep.name} (#{dep.requirement}) should come from " \
130
- "#{current.source || "an unspecified source"} and #{dep.source}\n"
131
- else
132
- Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
133
- "You should probably keep only one of them.\n" \
134
- "Remove any duplicate entries and specify the gem only once.\n" \
135
- "While it's not a problem now, it could cause errors if you change the version of one of them later."
130
+ "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
131
+ "#{update_prompt}"
136
132
  end
133
+ elsif current.type == :development || dep.type == :development
134
+ return if deleted_dep.nil?
135
+ elsif current.source != dep.source
136
+ raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
137
+ "You specified that #{dep.name} (#{dep.requirement}) should come from " \
138
+ "#{current.source || "an unspecified source"} and #{dep.source}\n"
139
+ else
140
+ Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
141
+ "You should probably keep only one of them.\n" \
142
+ "Remove any duplicate entries and specify the gem only once.\n" \
143
+ "While it's not a problem now, it could cause errors if you change the version of one of them later."
137
144
  end
138
145
  end
139
146
 
@@ -397,13 +404,11 @@ module Bundler
397
404
  end
398
405
 
399
406
  def validate_keys(command, opts, valid_keys)
400
- invalid_keys = opts.keys - valid_keys
401
-
402
- git_source = opts.keys & @git_sources.keys.map(&:to_s)
403
- if opts["branch"] && !(opts["git"] || opts["github"] || git_source.any?)
407
+ if opts["branch"] && !(opts["git"] || opts["github"] || (opts.keys & @git_sources.keys.map(&:to_s)).any?)
404
408
  raise GemfileError, %(The `branch` option for `#{command}` is not allowed. Only gems with a git source can specify a branch)
405
409
  end
406
410
 
411
+ invalid_keys = opts.keys - valid_keys
407
412
  return true unless invalid_keys.any?
408
413
 
409
414
  message = String.new
@@ -422,9 +427,13 @@ module Bundler
422
427
  def normalize_source(source)
423
428
  case source
424
429
  when :gemcutter, :rubygems, :rubyforge
425
- Bundler::SharedHelpers.major_deprecation 2, "The source :#{source} is deprecated because HTTP " \
426
- "requests are insecure.\nPlease change your source to 'https://" \
427
- "rubygems.org' if possible, or 'http://rubygems.org' if not."
430
+ message =
431
+ "The source :#{source} is deprecated because HTTP requests are insecure.\n" \
432
+ "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
433
+ removed_message =
434
+ "The source :#{source} is disallowed because HTTP requests are insecure.\n" \
435
+ "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
436
+ Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
428
437
  "http://rubygems.org"
429
438
  when String
430
439
  source
@@ -469,10 +478,17 @@ module Bundler
469
478
  "should come from that source"
470
479
  raise GemfileEvalError, msg
471
480
  else
472
- Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple global sources. " \
481
+ message =
482
+ "Your Gemfile contains multiple global sources. " \
473
483
  "Using `source` more than once without a block is a security risk, and " \
474
484
  "may result in installing unexpected gems. To resolve this warning, use " \
475
485
  "a block to indicate which gems should come from the secondary source."
486
+ removed_message =
487
+ "Your Gemfile contains multiple global sources. " \
488
+ "Using `source` more than once without a block is a security risk, and " \
489
+ "may result in installing unexpected gems. To resolve this error, use " \
490
+ "a block to indicate which gems should come from the secondary source."
491
+ Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
476
492
  end
477
493
  end
478
494
 
@@ -125,7 +125,11 @@ module Bundler
125
125
  next unless v
126
126
  case k.to_s
127
127
  when "checksum"
128
- @checksum = v.last
128
+ begin
129
+ @checksum = Checksum.from_api(v.last, @spec_fetcher.uri)
130
+ rescue ArgumentError => e
131
+ raise ArgumentError, "Invalid checksum for #{full_name}: #{e.message}"
132
+ end
129
133
  when "rubygems"
130
134
  @required_rubygems_version = Gem::Requirement.new(v)
131
135
  when "ruby"
@@ -69,9 +69,7 @@ module Bundler
69
69
  end
70
70
 
71
71
  def self.ruby_version
72
- str = String.new(RUBY_VERSION)
73
- str << "p#{RUBY_PATCHLEVEL}" if defined? RUBY_PATCHLEVEL
74
- str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
72
+ "#{RUBY_VERSION}p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
75
73
  end
76
74
 
77
75
  def self.git_version
@@ -52,6 +52,49 @@ module Bundler
52
52
  class GemfileEvalError < GemfileError; end
53
53
  class MarshalError < StandardError; end
54
54
 
55
+ class ChecksumMismatchError < SecurityError
56
+ def initialize(lock_name, existing, checksum)
57
+ @lock_name = lock_name
58
+ @existing = existing
59
+ @checksum = checksum
60
+ end
61
+
62
+ def message
63
+ <<~MESSAGE
64
+ Bundler found mismatched checksums. This is a potential security risk.
65
+ #{@lock_name} #{@existing.to_lock}
66
+ from #{@existing.sources.join("\n and ")}
67
+ #{@lock_name} #{@checksum.to_lock}
68
+ from #{@checksum.sources.join("\n and ")}
69
+
70
+ #{mismatch_resolution_instructions}
71
+ To ignore checksum security warnings, disable checksum validation with
72
+ `bundle config set --local disable_checksum_validation true`
73
+ MESSAGE
74
+ end
75
+
76
+ def mismatch_resolution_instructions
77
+ removable, remote = [@existing, @checksum].partition(&:removable?)
78
+ case removable.size
79
+ when 0
80
+ msg = +"Mismatched checksums each have an authoritative source:\n"
81
+ msg << " 1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
82
+ msg << " 2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
83
+ msg << "You may need to alter your Gemfile sources to resolve this issue.\n"
84
+ when 1
85
+ msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n"
86
+ msg << removable.first.removal_instructions
87
+ when 2
88
+ msg = +"To resolve this issue you can either:\n"
89
+ msg << @checksum.removal_instructions
90
+ msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n"
91
+ msg << @existing.removal_instructions
92
+ end
93
+ end
94
+
95
+ status_code(37)
96
+ end
97
+
55
98
  class PermissionError < BundlerError
56
99
  def initialize(path, permission_type = :write)
57
100
  @path = path
@@ -6,12 +6,14 @@ module Bundler
6
6
  attr_reader :downloader
7
7
  attr_reader :display_uri
8
8
  attr_reader :remote
9
+ attr_reader :gem_remote_fetcher
9
10
 
10
- def initialize(downloader, remote, display_uri)
11
+ def initialize(downloader, remote, display_uri, gem_remote_fetcher)
11
12
  raise "Abstract class" if self.class == Base
12
13
  @downloader = downloader
13
14
  @remote = remote
14
15
  @display_uri = display_uri
16
+ @gem_remote_fetcher = gem_remote_fetcher
15
17
  end
16
18
 
17
19
  def remote_uri
@@ -13,7 +13,7 @@ module Bundler
13
13
  undef_method(method_name)
14
14
  define_method(method_name) do |*args, &blk|
15
15
  method.bind(self).call(*args, &blk)
16
- rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
16
+ rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
17
17
  raise HTTPError, e.message
18
18
  rescue AuthenticationRequiredError, BadAuthenticationError
19
19
  # Fail since we got a 401 from the server.
@@ -44,7 +44,7 @@ module Bundler
44
44
  @bundle_worker = nil # reset it. Not sure if necessary
45
45
  serial_compact_index_client.dependencies(remaining_gems)
46
46
  end
47
- next_gems = deps.map {|d| d[3].map(&:first).flatten(1) }.flatten(1).uniq
47
+ next_gems = deps.flat_map {|d| d[3].flat_map(&:first) }.uniq
48
48
  deps.each {|dep| gem_info << dep }
49
49
  complete_gems.concat(deps.map(&:first)).uniq!
50
50
  remaining_gems = next_gems - complete_gems
@@ -62,7 +62,7 @@ module Bundler
62
62
  end
63
63
  # Read info file checksums out of /versions, so we can know if gems are up to date
64
64
  compact_index_client.update_and_parse_checksums!
65
- rescue CompactIndexClient::Updater::MisMatchedChecksumError => e
65
+ rescue CompactIndexClient::Updater::MismatchedChecksumError => e
66
66
  Bundler.ui.debug(e.message)
67
67
  nil
68
68
  end
@@ -121,7 +121,7 @@ module Bundler
121
121
  rescue NetworkDownError => e
122
122
  raise unless Bundler.feature_flag.allow_offline_install? && headers["If-None-Match"]
123
123
  ui.warn "Using the cached data for the new index because of a network error: #{e}"
124
- Net::HTTPNotModified.new(nil, nil, nil)
124
+ Gem::Net::HTTPNotModified.new(nil, nil, nil)
125
125
  end
126
126
  end
127
127
  end
@@ -20,33 +20,35 @@ module Bundler
20
20
  Bundler.ui.debug("HTTP #{response.code} #{response.message} #{filtered_uri}")
21
21
 
22
22
  case response
23
- when Net::HTTPSuccess, Net::HTTPNotModified
23
+ when Gem::Net::HTTPSuccess, Gem::Net::HTTPNotModified
24
24
  response
25
- when Net::HTTPRedirection
25
+ when Gem::Net::HTTPRedirection
26
26
  new_uri = Bundler::URI.parse(response["location"])
27
27
  if new_uri.host == uri.host
28
28
  new_uri.user = uri.user
29
29
  new_uri.password = uri.password
30
30
  end
31
31
  fetch(new_uri, headers, counter + 1)
32
- when Net::HTTPRequestedRangeNotSatisfiable
32
+ when Gem::Net::HTTPRequestedRangeNotSatisfiable
33
33
  new_headers = headers.dup
34
34
  new_headers.delete("Range")
35
35
  new_headers["Accept-Encoding"] = "gzip"
36
36
  fetch(uri, new_headers)
37
- when Net::HTTPRequestEntityTooLarge
37
+ when Gem::Net::HTTPRequestEntityTooLarge
38
38
  raise FallbackError, response.body
39
- when Net::HTTPTooManyRequests
39
+ when Gem::Net::HTTPTooManyRequests
40
40
  raise TooManyRequestsError, response.body
41
- when Net::HTTPUnauthorized
41
+ when Gem::Net::HTTPUnauthorized
42
42
  raise BadAuthenticationError, uri.host if uri.userinfo
43
43
  raise AuthenticationRequiredError, uri.host
44
- when Net::HTTPForbidden
44
+ when Gem::Net::HTTPForbidden
45
45
  raise AuthenticationForbiddenError, uri.host
46
- when Net::HTTPNotFound
47
- raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
46
+ when Gem::Net::HTTPNotFound
47
+ raise FallbackError, "Gem::Net::HTTPNotFound: #{filtered_uri}"
48
48
  else
49
- raise HTTPError, "#{response.class}#{": #{response.body}" unless response.body.empty?}"
49
+ message = "Gem::#{response.class.name.gsub(/\AGem::/, "")}"
50
+ message += ": #{response.body}" unless response.body.empty?
51
+ raise HTTPError, message
50
52
  end
51
53
  end
52
54
 
@@ -56,7 +58,7 @@ module Bundler
56
58
  filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
57
59
 
58
60
  Bundler.ui.debug "HTTP GET #{filtered_uri}"
59
- req = Net::HTTP::Get.new uri.request_uri, headers
61
+ req = Gem::Net::HTTP::Get.new uri.request_uri, headers
60
62
  if uri.user
61
63
  user = CGI.unescape(uri.user)
62
64
  password = uri.password ? CGI.unescape(uri.password) : nil
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "rubygems/remote_fetcher"
4
+
5
+ module Bundler
6
+ class Fetcher
7
+ class GemRemoteFetcher < Gem::RemoteFetcher
8
+ def request(*args)
9
+ super do |req|
10
+ req.delete("User-Agent") if headers["User-Agent"]
11
+ yield req if block_given?
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
@@ -6,7 +6,7 @@ module Bundler
6
6
  class Fetcher
7
7
  class Index < Base
8
8
  def specs(_gem_names)
9
- Bundler.rubygems.fetch_all_remote_specs(remote)
9
+ Bundler.rubygems.fetch_all_remote_specs(remote, gem_remote_fetcher)
10
10
  rescue Gem::RemoteFetcher::FetchError => e
11
11
  case e.message
12
12
  when /certificate verify failed/