rubygems-update 3.4.9 → 3.4.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0ce67a665c26fdc475dafc0858072799332dc0b01b57143bd46a25bd3d07c8d
-  data.tar.gz: 88d69d29ecde40e8ca5112f6ee1d706a66c7819842902a0515b322eeff6187f8
+  metadata.gz: 7b282bb00b57945e0f0754620e2748128cd209c4babfd48a99b65cd4b3a49453
+  data.tar.gz: c0eff9cc6ff4ab163302bd9157a18ba0da4ff1bbf3a3c739f5e2cae74b5d82c5
 SHA512:
-  metadata.gz: fd112dabe5437ac6a58a3bbcb73bd08bbc4061cce3c9e2923fead4816bdf956eb6ce4315fb16d40fc78179939bdb516c748fdb0a7a09debad2f520599968f137
-  data.tar.gz: 1a2ec92153d67b8d8deb53ead80c6ab7652d709cceb4ffe9d97528f1adcd0be95892e90a573a6ff305b82b5fd1ead9c48223bce93bf6d6bfe960c1bd71478629
+  metadata.gz: a8d6983ca3a5bc09424c7182ad4d6467bd7f3d4c464c2145e2948b5a3a8bdc2d9beebfc5a1dccbc29d214fe957fee57493361609f93828f6c90ffa6a49ff6e5a
+  data.tar.gz: f625b38ddc0dfa4403f2e643a12b300f94fc373c2ba108f21c5be468229aef1bec8f6e31a49061284cd102d22cd15e53b26a71f9ca8af983496317659a4b696a

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+# 3.4.11 / 2023-04-10
+
+## Enhancements:
+
+* Installs bundler 2.4.11 as a default gem.
+
+# 3.4.10 / 2023-03-27
+
+## Enhancements:
+
+* Installs bundler 2.4.10 as a default gem.
+
 # 3.4.9 / 2023-03-20
 
 ## Enhancements:
@@ -510,7 +522,7 @@
 ## Breaking changes:
 
 * Removed deprecated `gem server` command. Pull request [#5034](https://github.com/rubygems/rubygems/pull/5034) by hsbt
-* Remove MacOS specific gem layout. Pull request [#4833](https://github.com/rubygems/rubygems/pull/4833) by deivid-rodriguez
+* Remove macOS specific gem layout. Pull request [#4833](https://github.com/rubygems/rubygems/pull/4833) by deivid-rodriguez
 * Default `gem update` documentation format is now only `ri`. Pull request
   [#3888](https://github.com/rubygems/rubygems/pull/3888) by hsbt
 

data/Manifest.txt

@@ -80,7 +80,6 @@ bundler/lib/bundler/gem_helpers.rb
 bundler/lib/bundler/gem_tasks.rb
 bundler/lib/bundler/gem_version_promoter.rb
 bundler/lib/bundler/graph.rb
-bundler/lib/bundler/incomplete_specification.rb
 bundler/lib/bundler/index.rb
 bundler/lib/bundler/injector.rb
 bundler/lib/bundler/inline.rb

data/bundler/CHANGELOG.md

@@ -1,3 +1,28 @@
+# 2.4.11 (April 10, 2023)
+
+## Security:
+
+  - Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) [#6558](https://github.com/rubygems/rubygems/pull/6558)
+
+## Enhancements:
+
+  - Remove one fallback to full indexes on big gemfiles [#6578](https://github.com/rubygems/rubygems/pull/6578)
+  - Generate native gems with `-fvisibility=hidden` [#6541](https://github.com/rubygems/rubygems/pull/6541)
+
+## Bug fixes:
+
+  - Fix resolver hangs when dealing with an incomplete lockfile [#6552](https://github.com/rubygems/rubygems/pull/6552)
+  - Fix prereleases not being considered by gem version promoter when there's no lockfile [#6537](https://github.com/rubygems/rubygems/pull/6537)
+
+# 2.4.10 (March 27, 2023)
+
+## Bug fixes:
+
+  - Fix some unnecessary top level dependency downgrades [#6535](https://github.com/rubygems/rubygems/pull/6535)
+  - Fix incorrect ruby platform removal from lockfile when adding Gemfile dependencies [#6540](https://github.com/rubygems/rubygems/pull/6540)
+  - Fix installing plugins in frozen mode [#6543](https://github.com/rubygems/rubygems/pull/6543)
+  - Restore "enumerability" of `SpecSet` [#6532](https://github.com/rubygems/rubygems/pull/6532)
+
 # 2.4.9 (March 20, 2023)
 
 ## Security:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-03-20".freeze
-    @git_commit_sha = "6f8e92bcc6".freeze
+    @built_at = "2023-04-10".freeze
+    @git_commit_sha = "be1d1b4623".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/definition.rb

@@ -668,9 +668,17 @@ module Bundler
     def check_missing_lockfile_specs
       all_locked_specs = @locked_specs.map(&:name) << "bundler"
 
-      @locked_specs.any? do |s|
+      missing = @locked_specs.select do |s|
         s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
       end
+
+      if missing.any?
+        @locked_specs.delete(missing)
+
+        true
+      else
+        false
+      end
     end
 
     def converge_paths
@@ -726,6 +734,8 @@ module Bundler
           dep.source = sources.get(dep.source)
         end
 
+        next if unlocking?
+
         unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
@@ -886,8 +896,9 @@ module Bundler
     end
 
     def additional_base_requirements_for_resolve(resolution_packages, last_resolve)
-      return resolution_packages unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
+      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
       converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
+        next if locked_spec.source.is_a?(Source::Path)
         resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
       resolution_packages
@@ -898,6 +909,7 @@ module Bundler
                 Bundler.local_platform == Gem::Platform::RUBY ||
                 !platforms.include?(Gem::Platform::RUBY) ||
                 (@new_platform && platforms.last == Gem::Platform::RUBY) ||
+                @dependency_changes ||
                 !@originally_locked_specs.incomplete_ruby_specs?(dependencies)
 
       remove_platform(Gem::Platform::RUBY)

data/bundler/lib/bundler/gem_version_promoter.rb

@@ -93,7 +93,7 @@ module Bundler
       locked_version = package.locked_version
 
       result = specs.sort do |a, b|
-        unless locked_version && (package.prerelease_specified? || pre?)
+        unless package.prerelease_specified? || pre?
           a_pre = a.prerelease?
           b_pre = b.prerelease?
 

data/bundler/lib/bundler/lazy_specification.rb

@@ -122,7 +122,7 @@ module Bundler
     end
 
     def to_s
-      @__to_s ||= if platform == Gem::Platform::RUBY
+      @to_s ||= if platform == Gem::Platform::RUBY
         "#{name} (#{version})"
       else
         "#{name} (#{version}-#{platform})"

data/bundler/lib/bundler/plugin/installer.rb

@@ -83,8 +83,11 @@ module Bundler
 
         Bundler.configure_gem_home_and_path(Plugin.root)
 
-        definition = Definition.new(nil, deps, source_list, true)
-        install_definition(definition)
+        Bundler.settings.temporary(:deployment => false, :frozen => false) do
+          definition = Definition.new(nil, deps, source_list, true)
+
+          install_definition(definition)
+        end
       end
 
       # Installs the plugins and deps from the provided specs and returns map of

data/bundler/lib/bundler/resolver/base.rb

@@ -34,12 +34,8 @@ module Bundler
         @base[name]
       end
 
-      def delete(incomplete_specs)
-        incomplete_specs.each do |incomplete_spec|
-          incomplete_spec.partially_complete_specs.each do |spec|
-            @base.delete(spec)
-          end
-        end
+      def delete(specs)
+        @base.delete(specs)
       end
 
       def get_package(name)
@@ -51,10 +47,18 @@ module Bundler
       end
 
       def unlock_names(names)
-        names.each do |name|
-          @base.delete_by_name(name)
+        indirect_pins = indirect_pins(names)
 
-          @base_requirements.delete(name)
+        if indirect_pins.any?
+          loosen_names(indirect_pins)
+        else
+          pins = pins(names)
+
+          if pins.any?
+            loosen_names(pins)
+          else
+            unrestrict_names(names)
+          end
         end
       end
 
@@ -66,6 +70,30 @@ module Bundler
 
       private
 
+      def indirect_pins(names)
+        names.select {|name| @base_requirements[name].exact? && @requirements.none? {|dep| dep.name == name } }
+      end
+
+      def pins(names)
+        names.select {|name| @base_requirements[name].exact? }
+      end
+
+      def loosen_names(names)
+        names.each do |name|
+          version = @base_requirements[name].requirements.first[1]
+
+          @base_requirements[name] = Gem::Requirement.new(">= #{version}")
+
+          @base.delete_by_name(name)
+        end
+      end
+
+      def unrestrict_names(names)
+        names.each do |name|
+          @base_requirements.delete(name)
+        end
+      end
+
       def build_base_requirements
         base_requirements = {}
         @base.each do |ls|

data/bundler/lib/bundler/ruby_version.rb

@@ -107,7 +107,7 @@ module Bundler
       ruby_engine_version = RUBY_ENGINE == "ruby" ? ruby_version : RUBY_ENGINE_VERSION.dup
       patchlevel = RUBY_PATCHLEVEL.to_s
 
-      @ruby_version ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
+      @system ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
     end
 
     private

data/bundler/lib/bundler/rubygems_ext.rb

@@ -66,7 +66,9 @@ module Gem
 
     alias_method :rg_extension_dir, :extension_dir
     def extension_dir
-      @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name)
+      # following instance variable is already used in original method
+      # and that is the reason to prefix it with bundler_ and add rubocop exception
+      @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name) # rubocop:disable Naming/MemoizedInstanceVariableName
         unique_extension_dir = [source.extension_dir_name, File.basename(full_gem_path)].uniq.join("-")
         File.expand_path(File.join(extensions_dir, unique_extension_dir))
       else
@@ -203,9 +205,9 @@ module Gem
         protected
 
         def _requirements_sorted?
-          return @_are_requirements_sorted if defined?(@_are_requirements_sorted)
+          return @_requirements_sorted if defined?(@_requirements_sorted)
           strings = as_list
-          @_are_requirements_sorted = strings == strings.sort
+          @_requirements_sorted = strings == strings.sort
         end
 
         def _with_sorted_requirements

data/bundler/lib/bundler/source/rubygems.rb

@@ -7,8 +7,6 @@ module Bundler
     class Rubygems < Source
       autoload :Remote, File.expand_path("rubygems/remote", __dir__)
 
-      # Use the API when installing less than X gems
-      API_REQUEST_LIMIT = 500
       # Ask for X gems per API request
       API_REQUEST_SIZE = 50
 
@@ -401,12 +399,11 @@ module Bundler
           # gather lists from non-api sites
           fetch_names(index_fetchers, nil, idx, false)
 
-          # because ensuring we have all the gems we need involves downloading
-          # the gemspecs of those gems, if the non-api sites contain more than
-          # about 500 gems, we treat all sites as non-api for speed.
-          allow_api = idx.size < API_REQUEST_LIMIT && dependency_names.size < API_REQUEST_LIMIT
-          Bundler.ui.debug "Need to query more than #{API_REQUEST_LIMIT} gems." \
-            " Downloading full index instead..." unless allow_api
+          # legacy multi-remote sources need special logic to figure out
+          # dependency names and that logic can be very costly if one remote
+          # uses the dependency API but others don't. So use full indexes
+          # consistently in that particular case.
+          allow_api = !multiple_remotes?
 
           fetch_names(api_fetchers, allow_api && dependency_names, idx, false)
         end

data/bundler/lib/bundler/spec_set.rb

@@ -7,8 +7,11 @@ module Bundler
     include Enumerable
     include TSort
 
-    def initialize(specs)
+    attr_reader :incomplete_specs
+
+    def initialize(specs, incomplete_specs = [])
       @specs = specs
+      @incomplete_specs = incomplete_specs
     end
 
     def for(dependencies, check = false, platforms = [nil])
@@ -42,7 +45,7 @@ module Bundler
         end
 
         if incomplete && check
-          specs << IncompleteSpecification.new(name, lookup[name])
+          @incomplete_specs += lookup[name].any? ? lookup[name] : [LazySpecification.new(name, nil, nil)]
         end
       end
 
@@ -60,8 +63,8 @@ module Bundler
       @sorted = nil
     end
 
-    def delete(spec)
-      @specs.delete(spec)
+    def delete(specs)
+      specs.each {|spec| @specs.delete(spec) }
       @lookup = nil
       @sorted = nil
     end
@@ -78,10 +81,10 @@ module Bundler
       lookup.dup
     end
 
-    def materialize(deps, platforms = [nil])
-      materialized = self.for(deps, true, platforms)
+    def materialize(deps)
+      materialized = self.for(deps, true)
 
-      SpecSet.new(materialized)
+      SpecSet.new(materialized, incomplete_specs)
     end
 
     # Materialize for all the specs in the spec set, regardless of what platform they're for
@@ -100,17 +103,17 @@ module Bundler
     def incomplete_ruby_specs?(deps)
       return false if @specs.empty?
 
-      materialize(deps, [Gem::Platform::RUBY]).incomplete_specs.any?
+      @incomplete_specs = []
+
+      self.for(deps, true, [Gem::Platform::RUBY])
+
+      @incomplete_specs.any?
     end
 
     def missing_specs
       @specs.select {|s| s.is_a?(LazySpecification) }
     end
 
-    def incomplete_specs
-      @specs.select {|s| s.is_a?(IncompleteSpecification) }
-    end
-
     def merge(set)
       arr = sorted.dup
       set.each do |set_spec|

data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt

@@ -2,4 +2,9 @@
 
 require "mkmf"
 
+# Makes all symbols private by default to avoid unintended conflict
+# with other gems. To explicitly export symbols you can use RUBY_FUNC_EXPORTED
+# selectively, or entirely remove this flag.
+append_cflags("-fvisibility=hidden")
+
 create_makefile(<%= config[:makefile_path].inspect %>)

data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt

@@ -2,7 +2,7 @@
 
 VALUE rb_m<%= config[:constant_array].join %>;
 
-void
+RUBY_FUNC_EXPORTED void
 Init_<%= config[:underscored_name] %>(void)
 {
   rb_m<%= config[:constant_array].join %> = rb_define_module(<%= config[:constant_name].inspect %>);

data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb

@@ -2,8 +2,8 @@
 module Bundler::URI
   class RFC3986_Parser # :nodoc:
     # Bundler::URI defined in RFC3986
-    RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
-    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
+    RFC3986_URI = /\A(?<Bundler::URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
+    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
     attr_reader :regexp
 
     def initialize

data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb

@@ -1,6 +1,6 @@
 module Bundler::URI
   # :stopdoc:
-  VERSION_CODE = '001200'.freeze
+  VERSION_CODE = '001201'.freeze
   VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
   # :startdoc:
 end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.4.9".freeze
+  VERSION = "2.4.11".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/bundler/lib/bundler.rb

@@ -62,7 +62,6 @@ module Bundler
   autoload :GemHelpers,             File.expand_path("bundler/gem_helpers", __dir__)
   autoload :GemVersionPromoter,     File.expand_path("bundler/gem_version_promoter", __dir__)
   autoload :Graph,                  File.expand_path("bundler/graph", __dir__)
-  autoload :IncompleteSpecification, File.expand_path("bundler/incomplete_specification", __dir__)
   autoload :Index,                  File.expand_path("bundler/index", __dir__)
   autoload :Injector,               File.expand_path("bundler/injector", __dir__)
   autoload :Installer,              File.expand_path("bundler/installer", __dir__)
@@ -90,7 +89,7 @@ module Bundler
 
   class << self
     def configure
-      @configured ||= configure_gem_home_and_path
+      @configure ||= configure_gem_home_and_path
     end
 
     def ui
@@ -582,7 +581,7 @@ EOF
       @bin_path = nil
       @bundler_major_version = nil
       @bundle_path = nil
-      @configured = nil
+      @configure = nil
       @configured_bundle_path = nil
       @definition = nil
       @load = nil

data/lib/rubygems/command_manager.rb

@@ -83,7 +83,7 @@ class Gem::CommandManager
   # Return the authoritative instance of the command manager.
 
   def self.instance
-    @command_manager ||= new
+    @instance ||= new
   end
 
   ##
@@ -98,7 +98,7 @@ class Gem::CommandManager
   # Reset the authoritative instance of the command manager.
 
   def self.reset
-    @command_manager = nil
+    @instance = nil
   end
 
   ##

data/lib/rubygems/installer.rb

@@ -388,7 +388,7 @@ class Gem::Installer
   # we'll be installing into.
 
   def installed_specs
-    @specs ||= begin
+    @installed_specs ||= begin
       specs = []
 
       Gem::Util.glob_files_in_dir("*.gemspec", File.join(gem_home, "specifications")).each do |path|

data/lib/rubygems/request_set.rb

@@ -107,7 +107,7 @@ class Gem::RequestSet
     @requests            = []
     @sets                = []
     @soft_missing        = false
-    @sorted              = nil
+    @sorted_requests     = nil
     @specs               = nil
     @vendor_set          = nil
     @source_set          = nil
@@ -424,7 +424,7 @@ class Gem::RequestSet
   end
 
   def sorted_requests
-    @sorted ||= strongly_connected_components.flatten
+    @sorted_requests ||= strongly_connected_components.flatten
   end
 
   def specs

data/lib/rubygems/specification.rb

@@ -2233,7 +2233,7 @@ class Gem::Specification < Gem::BasicSpecification
   # The platform this gem runs on.  See Gem::Platform for details.
 
   def platform
-    @new_platform ||= Gem::Platform::RUBY
+    @new_platform ||= Gem::Platform::RUBY # rubocop:disable Naming/MemoizedInstanceVariableName
   end
 
   def pretty_print(q) # :nodoc:
@@ -2712,6 +2712,8 @@ class Gem::Specification < Gem::BasicSpecification
     end
 
     @installed_by_version ||= nil
+
+    nil
   end
 
   def flatten_require_paths # :nodoc:

data/lib/rubygems/stub_specification.rb

@@ -183,7 +183,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
   ##
   # The full Gem::Specification for this gem, loaded from evalling its gemspec
 
-  def to_spec
+  def spec
     @spec ||= if @data
       loaded = Gem.loaded_specs[name]
       loaded if loaded && loaded.version == version
@@ -191,6 +191,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
 
     @spec ||= Gem::Specification.load(loaded_from)
   end
+  alias_method :to_spec, :spec
 
   ##
   # Is this StubSpecification valid? i.e. have we found a stub line, OR does

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "3.4.9"
+  VERSION = "3.4.11"
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.4.9"
+  s.version = "3.4.11"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/helper.rb

@@ -1179,6 +1179,20 @@ Also, a list:
     RUBY_PLATFORM.match("mswin")
   end
 
+  ##
+  # Is this test being run on a version of Ruby built with mingw?
+
+  def self.mingw_windows?
+    RUBY_PLATFORM.match("mingw")
+  end
+
+  ##
+  # Is this test being run on a version of Ruby built with mingw?
+
+  def mingw_windows?
+    RUBY_PLATFORM.match("mingw")
+  end
+
   ##
   # Is this test being run on a ruby/ruby repository?
   #

data/test/rubygems/test_bundled_ca.rb

@@ -14,7 +14,7 @@ require "rubygems/request"
 # The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9
 #
 
-class TestBundledCA < Gem::TestCase
+class TestGemBundledCA < Gem::TestCase
   def bundled_certificate_store
     store = OpenSSL::X509::Store.new
 

data/test/rubygems/test_config.rb

@@ -3,7 +3,7 @@ require_relative "helper"
 require "rubygems"
 require "shellwords"
 
-class TestConfig < Gem::TestCase
+class TestGemConfig < Gem::TestCase
   def test_datadir
     util_make_gems
     spec = Gem::Specification.find_by_name("a")

data/test/rubygems/test_deprecate.rb

@@ -2,7 +2,7 @@
 require_relative "helper"
 require "rubygems/deprecate"
 
-class TestDeprecate < Gem::TestCase
+class TestGemDeprecate < Gem::TestCase
   def setup
     super
 

data/test/rubygems/test_exit.rb

@@ -3,7 +3,7 @@
 require_relative "helper"
 require "rubygems"
 
-class TestExit < Gem::TestCase
+class TestGemExit < Gem::TestCase
   def test_exit
     system(*ruby_with_rubygems_in_load_path, "-e", "raise Gem::SystemExitException.new(2)")
     assert_equal 2, $?.exitstatus

data/test/rubygems/test_gem_ext_cargo_builder.rb

@@ -87,7 +87,7 @@ class TestGemExtCargoBuilder < Gem::TestCase
       end
     end
 
-    assert_match /cargo\s.*\sfailed/, error.message
+    assert_match(/cargo\s.*\sfailed/, error.message)
   end
 
   def test_full_integration
@@ -145,6 +145,7 @@ class TestGemExtCargoBuilder < Gem::TestCase
     system(@rust_envs, "cargo", "-V", out: IO::NULL, err: [:child, :out])
     pend "cargo not present" unless $?.success?
     pend "ruby.h is not provided by ruby repo" if ruby_repo?
+    pend "rust toolchain of mingw is broken" if mingw_windows?
   end
 
   def assert_ffi_handle(bundle, name)

data/test/rubygems/test_kernel.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require_relative "helper"
 
-class TestKernel < Gem::TestCase
+class TestGemKernel < Gem::TestCase
   def setup
     super
 

data/test/rubygems/test_project_sanity.rb

@@ -3,13 +3,36 @@
 require_relative "helper"
 require "open3"
 
-class TestProjectSanity < Gem::TestCase
+class TestGemProjectSanity < Gem::TestCase
+  def setup
+  end
+
+  def teardown
+  end
+
   def test_manifest_is_up_to_date
-    pend unless File.exist?(File.expand_path("../../Rakefile", __dir__))
+    pend unless File.exist?("#{root}/Rakefile")
 
     _, status = Open3.capture2e("rake check_manifest")
 
-    assert status.success?, "Expected Manifest.txt to be up to date, but it's not. Run `rake update_manifest` to sync it."
+    unless status.success?
+      original_contents = File.read("#{root}/Manifest.txt")
+
+      # Update the manifest to see if it fixes the problem
+      Open3.capture2e("rake update_manifest")
+
+      out, status = Open3.capture2e("rake check_manifest")
+
+      # If `rake update_manifest` fixed the problem, that was the original
+      # issue, otherwise it was an unknown error, so print the error output
+      if status.success?
+        File.write("#{root}/Manifest.txt", original_contents)
+
+        raise "Expected Manifest.txt to be up to date, but it's not. Run `rake update_manifest` to sync it."
+      else
+        raise "There was an error running `rake check_manifest`: #{out}"
+      end
+    end
   end
 
   def test_require_rubygems_package
@@ -17,4 +40,10 @@ class TestProjectSanity < Gem::TestCase
 
     assert status.success?, err
   end
+
+  private
+
+  def root
+    File.expand_path("../..", __dir__)
+  end
 end

data/test/rubygems/test_remote_fetch_error.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require_relative "helper"
 
-class TestRemoteFetchError < Gem::TestCase
+class TestGemRemoteFetchError < Gem::TestCase
   def test_password_redacted
     error = Gem::RemoteFetcher::FetchError.new("There was an error fetching", "https://user:secret@gemsource.org")
     refute_match %r{secret}, error.to_s

data/test/rubygems/utilities.rb

@@ -167,7 +167,7 @@ end
 #
 # Example:
 #
-#   HTTPResponseFactory.create(
+#   Gem::HTTPResponseFactory.create(
 #     body: "",
 #     code: 301,
 #     msg: "Moved Permanently",
@@ -175,7 +175,7 @@ end
 #   )
 #
 
-class HTTPResponseFactory
+class Gem::HTTPResponseFactory
   def self.create(body:, code:, msg:, headers: {})
     response = Net::HTTPResponse.send(:response_class, code.to_s).new("1.0", code.to_s, msg)
     response.instance_variable_set(:@body, body)
@@ -372,7 +372,7 @@ end
 #
 # This class was added to flush out problems in Rubinius' IO implementation.
 
-class TempIO < Tempfile
+class Gem::TempIO < Tempfile
   ##
   # Creates a new TempIO that will be initialized to contain +string+.
 
@@ -391,3 +391,8 @@ class TempIO < Tempfile
     Gem.read_binary path
   end
 end
+
+class Gem::TestCase
+  TempIO = Gem::TempIO
+  HTTPResponseFactory = Gem::HTTPResponseFactory
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.4.9
+  version: 3.4.11
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-20 00:00:00.000000000 Z
+date: 2023-04-10 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality
@@ -136,7 +136,6 @@ files:
 - bundler/lib/bundler/gem_tasks.rb
 - bundler/lib/bundler/gem_version_promoter.rb
 - bundler/lib/bundler/graph.rb
-- bundler/lib/bundler/incomplete_specification.rb
 - bundler/lib/bundler/index.rb
 - bundler/lib/bundler/injector.rb
 - bundler/lib/bundler/inline.rb
@@ -837,7 +836,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.9
+rubygems_version: 3.4.11
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby.

data/bundler/lib/bundler/incomplete_specification.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-module Bundler
-  #
-  # Represents a package name that was found to be incomplete when trying to
-  # materialize a fresh resolution or the lockfile.
-  #
-  # Holds the actual partially complete set of specifications for the name.
-  # These are used so that they can be unlocked in a future resolution, and fix
-  # the situation.
-  #
-  class IncompleteSpecification
-    attr_reader :name, :partially_complete_specs
-
-    def initialize(name, partially_complete_specs = [])
-      @name = name
-      @partially_complete_specs = partially_complete_specs
-    end
-
-    def ==(other)
-      partially_complete_specs == other.partially_complete_specs
-    end
-  end
-end