rubygems-update 3.5.22 → 3.6.0

data/bundler/lib/bundler/dsl.rb

@@ -66,7 +66,7 @@ module Bundler
       development_group = opts[:development_group] || :development
       expanded_path     = gemfile_root.join(path)
 
-      gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).map {|g| Bundler.load_gemspec(g) }.compact
+      gemspecs = Gem::Util.glob_files_in_dir("{,*}.gemspec", expanded_path).filter_map {|g| Bundler.load_gemspec(g) }
       gemspecs.reject! {|s| s.name != name } if name
       specs_by_name_and_version = gemspecs.group_by {|s| [s.name, s.version] }
 
@@ -110,9 +110,23 @@ module Bundler
           if gemspec_dep
             gemfile_dep = [dep, current].find(&:runtime?)
 
-            unless current_requirement_open
+            if gemfile_dep && !current_requirement_open
               Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
                               "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
+            elsif gemfile_dep.nil?
+              require_relative "vendor/pub_grub/lib/pub_grub/version_range"
+              require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
+              require_relative "vendor/pub_grub/lib/pub_grub/version_union"
+              require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
+
+              current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
+              next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
+
+              if current_gemspec_range.intersects?(next_gemspec_range)
+                dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
+              else
+                raise GemfileError, "Two gemspecs have conflicting requirements on the same gem: #{dep} and #{current}"
+              end
             end
           else
             update_prompt = ""
@@ -133,20 +147,22 @@ module Bundler
           end
         end
 
-        # Always prefer the dependency from the Gemfile
-        if current.gemspec_dev_dep?
-          @dependencies.delete(current)
-        elsif dep.gemspec_dev_dep?
-          return
-        elsif current.source != dep.source
-          raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                          "You specified that #{dep.name} (#{dep.requirement}) should come from " \
-                          "#{current.source || "an unspecified source"} and #{dep.source}\n"
-        else
-          Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
-                          "You should probably keep only one of them.\n" \
-                          "Remove any duplicate entries and specify the gem only once.\n" \
-                          "While it's not a problem now, it could cause errors if you change the version of one of them later."
+        unless current.gemspec_dev_dep? && dep.gemspec_dev_dep?
+          # Always prefer the dependency from the Gemfile
+          if current.gemspec_dev_dep?
+            @dependencies.delete(current)
+          elsif dep.gemspec_dev_dep?
+            return
+          elsif current.source != dep.source
+            raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
+                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                            "#{current.source || "an unspecified source"} and #{dep.source}\n"
+          else
+            Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
+                            "You should probably keep only one of them.\n" \
+                            "Remove any duplicate entries and specify the gem only once.\n" \
+                            "While it's not a problem now, it could cause errors if you change the version of one of them later."
+          end
         end
       end
 
@@ -487,18 +503,7 @@ module Bundler
     end
 
     def check_rubygems_source_safety
-      if @sources.implicit_global_source?
-        implicit_global_source_warning
-      elsif @sources.aggregate_global_source?
-        multiple_global_source_warning
-      end
-    end
-
-    def implicit_global_source_warning
-      Bundler::SharedHelpers.major_deprecation 2, "This Gemfile does not include an explicit global source. " \
-        "Not using an explicit global source may result in a different lockfile being generated depending on " \
-        "the gems you have installed locally before bundler is run. " \
-        "Instead, define a global source in your Gemfile like this: source \"https://rubygems.org\"."
+      multiple_global_source_warning if @sources.aggregate_global_source?
     end
 
     def multiple_global_source_warning

data/bundler/lib/bundler/endpoint_specification.rb

@@ -6,7 +6,7 @@ module Bundler
     include MatchRemoteMetadata
 
     attr_reader :name, :version, :platform, :checksum
-    attr_accessor :source, :remote, :dependencies
+    attr_accessor :remote, :dependencies, :locked_platform
 
     def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
       super()
@@ -18,10 +18,15 @@ module Bundler
 
       @loaded_from          = nil
       @remote_specification = nil
+      @locked_platform = nil
 
       parse_metadata(metadata)
     end
 
+    def insecurely_materialized?
+      @locked_platform.to_s != @platform.to_s
+    end
+
     def fetch_platform
       @platform
     end
@@ -115,6 +120,10 @@ module Bundler
       @remote_specification = spec
     end
 
+    def inspect
+      "#<#{self.class} @name=\"#{name}\" (#{full_name.delete_prefix("#{name}-")})>"
+    end
+
     private
 
     def _remote_specification

data/bundler/lib/bundler/errors.rb

@@ -246,4 +246,14 @@ module Bundler
   end
 
   class InvalidArgumentError < BundlerError; status_code(40); end
+
+  class IncorrectLockfileDependencies < BundlerError
+    attr_reader :spec
+
+    def initialize(spec)
+      @spec = spec
+    end
+
+    status_code(41)
+  end
 end

data/bundler/lib/bundler/feature_flag.rb

@@ -33,6 +33,7 @@ module Bundler
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
+    settings_flag(:lockfile_checksums) { bundler_3_mode? }
     settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
     settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
     settings_flag(:print_only_version_number) { bundler_3_mode? }

data/bundler/lib/bundler/fetcher/compact_index.rb

@@ -10,7 +10,7 @@ module Bundler
         method = instance_method(method_name)
         undef_method(method_name)
         define_method(method_name) do |*args, &blk|
-          method.bind(self).call(*args, &blk)
+          method.bind_call(self, *args, &blk)
         rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
           raise HTTPError, e.message
         rescue AuthenticationRequiredError, BadAuthenticationError

data/bundler/lib/bundler/fetcher.rb

@@ -37,8 +37,9 @@ module Bundler
     # This is the error raised when a source is HTTPS and OpenSSL didn't load
     class SSLError < HTTPError
       def initialize(msg = nil)
-        super msg || "Could not load OpenSSL.\n" \
-            "You must recompile Ruby with OpenSSL support."
+        super "Could not load OpenSSL.\n" \
+          "You must recompile Ruby with OpenSSL support.\n" \
+          "original error: #{msg}\n"
       end
     end
 
@@ -251,7 +252,13 @@ module Bundler
         needs_ssl = remote_uri.scheme == "https" ||
                     Bundler.settings[:ssl_verify_mode] ||
                     Bundler.settings[:ssl_client_cert]
-        raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
+        if needs_ssl
+          begin
+            require "openssl"
+          rescue StandardError, LoadError => e
+            raise SSLError.new(e.message)
+          end
+        end
 
         con = Gem::Net::HTTP::Persistent.new name: "bundler", proxy: :ENV
         if gem_proxy = Gem.configuration[:http_proxy]

data/bundler/lib/bundler/gem_helpers.rb

@@ -46,7 +46,7 @@ module Bundler
     end
     module_function :platform_specificity_match
 
-    def select_best_platform_match(specs, platform, force_ruby: false, prefer_locked: false)
+    def select_all_platform_match(specs, platform, force_ruby: false, prefer_locked: false)
       matching = if force_ruby
         specs.select {|spec| spec.match_platform(Gem::Platform::RUBY) && spec.force_ruby_platform! }
       else
@@ -58,24 +58,40 @@ module Bundler
         return locked_originally if locked_originally.any?
       end
 
-      sort_best_platform_match(matching, platform)
+      matching
+    end
+    module_function :select_all_platform_match
+
+    def select_best_platform_match(specs, platform, force_ruby: false, prefer_locked: false)
+      matching = select_all_platform_match(specs, platform, force_ruby: force_ruby, prefer_locked: prefer_locked)
+
+      sort_and_filter_best_platform_match(matching, platform)
     end
     module_function :select_best_platform_match
 
     def select_best_local_platform_match(specs, force_ruby: false)
-      select_best_platform_match(specs, local_platform, force_ruby: force_ruby).map(&:materialize_for_installation).compact
+      matching = select_all_platform_match(specs, local_platform, force_ruby: force_ruby).filter_map(&:materialized_for_installation)
+
+      sort_best_platform_match(matching, local_platform)
     end
     module_function :select_best_local_platform_match
 
-    def sort_best_platform_match(matching, platform)
+    def sort_and_filter_best_platform_match(matching, platform)
+      return matching if matching.one?
+
       exact = matching.select {|spec| spec.platform == platform }
       return exact if exact.any?
 
-      sorted_matching = matching.sort_by {|spec| platform_specificity_match(spec.platform, platform) }
+      sorted_matching = sort_best_platform_match(matching, platform)
       exemplary_spec = sorted_matching.first
 
       sorted_matching.take_while {|spec| same_specificity(platform, spec, exemplary_spec) && same_deps(spec, exemplary_spec) }
     end
+    module_function :sort_and_filter_best_platform_match
+
+    def sort_best_platform_match(matching, platform)
+      matching.sort_by {|spec| platform_specificity_match(spec.platform, platform) }
+    end
     module_function :sort_best_platform_match
 
     class PlatformMatch

data/bundler/lib/bundler/injector.rb

@@ -41,7 +41,7 @@ module Bundler
 
         # resolve to see if the new deps broke anything
         @definition = builder.to_definition(lockfile_path, {})
-        @definition.resolve_remotely!
+        @definition.remotely!
 
         # since nothing broke, we can add those gems to the gemfile
         append_to(gemfile_path, build_gem_lines(@options[:conservative_versioning])) if @deps.any?
@@ -184,7 +184,7 @@ module Bundler
     # @param [Array] gems            Array of names of gems to be removed.
     # @param [Pathname] gemfile_path The Gemfile from which to remove dependencies.
     def remove_gems_from_gemfile(gems, gemfile_path)
-      patterns = /gem\s+(['"])#{Regexp.union(gems)}\1|gem\s*\((['"])#{Regexp.union(gems)}\2\)/
+      patterns = /gem\s+(['"])#{Regexp.union(gems)}\1|gem\s*\((['"])#{Regexp.union(gems)}\2.*\)/
       new_gemfile = []
       multiline_removal = false
       File.readlines(gemfile_path).each do |line|

data/bundler/lib/bundler/inline.rb

@@ -1,16 +1,20 @@
 # frozen_string_literal: true
 
-# Allows for declaring a Gemfile inline in a ruby script, optionally installing
-# any gems that aren't already installed on the user's system.
+# Allows for declaring a Gemfile inline in a ruby script, installing any gems
+# that aren't already installed on the user's system.
 #
 # @note Every gem that is specified in this 'Gemfile' will be `require`d, as if
 #       the user had manually called `Bundler.require`. To avoid a requested gem
 #       being automatically required, add the `:require => false` option to the
 #       `gem` dependency declaration.
 #
-# @param install [Boolean] whether gems that aren't already installed on the
-#                          user's system should be installed.
-#                          Defaults to `false`.
+# @param force_latest_compatible [Boolean] Force installing the *latest*
+#                                          compatible versions of the gems,
+#                                          even if compatible versions are
+#                                          already installed locally.
+#                                          This also logs output if the
+#                                          `:quiet` option is not set.
+#                                          Defaults to `false`.
 #
 # @param gemfile [Proc]    a block that is evaluated as a `Gemfile`.
 #
@@ -29,13 +33,13 @@
 #
 #          puts Pod::VERSION # => "0.34.4"
 #
-def gemfile(install = false, options = {}, &gemfile)
+def gemfile(force_latest_compatible = false, options = {}, &gemfile)
   require_relative "../bundler"
   Bundler.reset!
 
   opts = options.dup
   ui = opts.delete(:ui) { Bundler::UI::Shell.new }
-  ui.level = "silent" if opts.delete(:quiet) || !install
+  ui.level = "silent" if opts.delete(:quiet) || !force_latest_compatible
   Bundler.ui = ui
   raise ArgumentError, "Unknown options: #{opts.keys.join(", ")}" unless opts.empty?
 
@@ -55,7 +59,7 @@ def gemfile(install = false, options = {}, &gemfile)
       definition = builder.to_definition(nil, true)
       definition.validate_runtime!
 
-      if install || definition.missing_specs?
+      if force_latest_compatible || definition.missing_specs?
         Bundler.settings.temporary(inline: true, no_install: false) do
           installer = Bundler::Installer.install(Bundler.root, definition, system: true)
           installer.post_install_messages.each do |name, message|

data/bundler/lib/bundler/installer/standalone.rb

@@ -28,7 +28,7 @@ module Bundler
     private
 
     def paths
-      @specs.map do |spec|
+      @specs.flat_map do |spec|
         next if spec.name == "bundler"
         Array(spec.require_paths).map do |path|
           gem_path(path, spec).
@@ -36,7 +36,7 @@ module Bundler
             sub(extensions_dir, 'extensions/\k<platform>/#{Gem.extension_api_version}')
           # This is a static string intentionally. It's interpolated at a later time.
         end
-      end.flatten.compact
+      end.compact
     end
 
     def version_dir

data/bundler/lib/bundler/installer.rb

@@ -77,12 +77,9 @@ module Bundler
           return
         end
 
-        if resolve_if_needed(options)
+        if @definition.setup_domain!(options)
           ensure_specs_are_compatible!
-          load_plugins
-          options.delete(:jobs)
-        else
-          options[:jobs] = 1 # to avoid the overhead of Bundler::Worker
+          Bundler.load_plugins(@definition)
         end
         install(options)
 
@@ -197,18 +194,14 @@ module Bundler
       standalone = options[:standalone]
       force = options[:force]
       local = options[:local]
-      jobs = installation_parallelization(options)
+      jobs = installation_parallelization
       spec_installations = ParallelInstaller.call(self, @definition.specs, jobs, standalone, force, local: local)
       spec_installations.each do |installation|
         post_install_messages[installation.name] = installation.post_install_message if installation.has_post_install_message?
       end
     end
 
-    def installation_parallelization(options)
-      if jobs = options.delete(:jobs)
-        return jobs
-      end
-
+    def installation_parallelization
       if jobs = Bundler.settings[:jobs]
         return jobs
       end
@@ -216,20 +209,6 @@ module Bundler
       Bundler.settings.processor_count
     end
 
-    def load_plugins
-      Gem.load_plugins
-
-      requested_path_gems = @definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
-      path_plugin_files = requested_path_gems.map do |spec|
-        spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
-      rescue TypeError
-        error_message = "#{spec.name} #{spec.version} has an invalid gemspec"
-        raise Gem::InvalidSpecificationException, error_message
-      end.flatten
-      Gem.load_plugin_files(path_plugin_files)
-      Gem.load_env_plugins
-    end
-
     def ensure_specs_are_compatible!
       @definition.specs.each do |spec|
         unless spec.matches_current_ruby?
@@ -243,19 +222,6 @@ module Bundler
       end
     end
 
-    # returns whether or not a re-resolve was needed
-    def resolve_if_needed(options)
-      @definition.prefer_local! if options[:"prefer-local"]
-
-      if options[:local] || (@definition.no_resolve_needed? && !@definition.missing_specs?)
-        @definition.resolve_with_cache!
-        false
-      else
-        @definition.resolve_remotely!
-        true
-      end
-    end
-
     def lock
       @definition.lock
     end

data/bundler/lib/bundler/lazy_specification.rb

@@ -8,14 +8,26 @@ module Bundler
     include MatchPlatform
     include ForcePlatform
 
-    attr_reader :name, :version, :platform
+    attr_reader :name, :version, :platform, :materialization
     attr_accessor :source, :remote, :force_ruby_platform, :dependencies, :required_ruby_version, :required_rubygems_version
 
+    #
+    # For backwards compatibility with existing lockfiles, if the most specific
+    # locked platform is not a specific platform like x86_64-linux or
+    # universal-java-11, then we keep the previous behaviour of resolving the
+    # best platform variant at materiliazation time. For previous bundler
+    # versions (before 2.2.0) this was always the case (except when the lockfile
+    # only included non-ruby platforms), but we're also keeping this behaviour
+    # on newer bundlers unless users generate the lockfile from scratch or
+    # explicitly add a more specific platform.
+    #
+    attr_accessor :most_specific_locked_platform
+
     alias_method :runtime_dependencies, :dependencies
 
     def self.from_spec(s)
       lazy_spec = new(s.name, s.version, s.platform, s.source)
-      lazy_spec.dependencies = s.dependencies
+      lazy_spec.dependencies = s.runtime_dependencies
       lazy_spec.required_ruby_version = s.required_ruby_version
       lazy_spec.required_rubygems_version = s.required_rubygems_version
       lazy_spec
@@ -27,9 +39,26 @@ module Bundler
       @dependencies  = []
       @required_ruby_version = Gem::Requirement.default
       @required_rubygems_version = Gem::Requirement.default
-      @platform      = platform || Gem::Platform::RUBY
-      @source        = source
+      @platform = platform || Gem::Platform::RUBY
+
+      @original_source = source
+      @source = source
+
       @force_ruby_platform = default_force_ruby_platform
+      @most_specific_locked_platform = nil
+      @materialization = nil
+    end
+
+    def missing?
+      @materialization == self
+    end
+
+    def incomplete?
+      @materialization.nil?
+    end
+
+    def source_changed?
+      @original_source != source
     end
 
     def full_name
@@ -92,16 +121,31 @@ module Bundler
       out
     end
 
-    def materialize_for_installation
+    def materialize_strictly
       source.local!
 
-      matching_specs = source.specs.search(use_exact_resolved_specifications? ? self : [name, version])
+      matching_specs = source.specs.search(self)
       return self if matching_specs.empty?
 
-      candidates = if use_exact_resolved_specifications?
-        matching_specs
+      __materialize__(matching_specs)
+    end
+
+    def materialized_for_installation
+      @materialization = materialize_for_installation
+
+      self unless incomplete?
+    end
+
+    def materialize_for_installation
+      source.local!
+
+      if use_exact_resolved_specifications?
+        materialize_strictly
       else
-        target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform
+        matching_specs = source.specs.search([name, version])
+        return self if matching_specs.empty?
+
+        target_platform = source.is_a?(Source::Path) ? platform : local_platform
 
         installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
 
@@ -112,10 +156,8 @@ module Bundler
           installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform)
         end
 
-        installable_candidates
+        __materialize__(installable_candidates)
       end
-
-      __materialize__(candidates)
     end
 
     # If in frozen mode, we fallback to a non-installable candidate because by
@@ -129,12 +171,28 @@ module Bundler
       end
       if search.nil? && fallback_to_non_installable
         search = candidates.last
-      else
-        search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
+      elsif search && search.full_name == full_name
+        # We don't validate locally installed dependencies but accept what's in
+        # the lockfile instead for performance, since loading locally installed
+        # dependencies would mean evaluating all gemspecs, which would affect
+        # `bundler/setup` performance
+        if search.is_a?(StubSpecification)
+          search.dependencies = dependencies
+        else
+          if !source.is_a?(Source::Path) && search.runtime_dependencies.sort != dependencies.sort
+            raise IncorrectLockfileDependencies.new(self)
+          end
+
+          search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
+        end
       end
       search
     end
 
+    def inspect
+      "#<#{self.class} @name=\"#{name}\" (#{full_name.delete_prefix("#{name}-")})>"
+    end
+
     def to_s
       lock_name
     end
@@ -151,23 +209,13 @@ module Bundler
     private
 
     def use_exact_resolved_specifications?
-      @use_exact_resolved_specifications ||= !source.is_a?(Source::Path) && ruby_platform_materializes_to_ruby_platform?
+      !source.is_a?(Source::Path) && ruby_platform_materializes_to_ruby_platform?
     end
 
-    #
-    # For backwards compatibility with existing lockfiles, if the most specific
-    # locked platform is not a specific platform like x86_64-linux or
-    # universal-java-11, then we keep the previous behaviour of resolving the
-    # best platform variant at materiliazation time. For previous bundler
-    # versions (before 2.2.0) this was always the case (except when the lockfile
-    # only included non-ruby platforms), but we're also keeping this behaviour
-    # on newer bundlers unless users generate the lockfile from scratch or
-    # explicitly add a more specific platform.
-    #
     def ruby_platform_materializes_to_ruby_platform?
       generic_platform = generic_local_platform == Gem::Platform::JAVA ? Gem::Platform::JAVA : Gem::Platform::RUBY
 
-      !Bundler.most_specific_locked_platform?(generic_platform) || force_ruby_platform || Bundler.settings[:force_ruby_platform]
+      (most_specific_locked_platform != generic_platform) || force_ruby_platform || Bundler.settings[:force_ruby_platform]
     end
   end
 end

data/bundler/lib/bundler/lockfile_generator.rb

@@ -29,7 +29,7 @@ module Bundler
     private
 
     def add_sources
-      definition.send(:sources).lock_sources.each_with_index do |source, idx|
+      definition.sources.lock_sources.each_with_index do |source, idx|
         out << "\n" unless idx.zero?
 
         # Add the source header

data/bundler/lib/bundler/lockfile_parser.rb

@@ -2,6 +2,8 @@
 
 module Bundler
   class LockfileParser
+    include GemHelpers
+
     class Position
       attr_reader :line, :column
       def initialize(line, column)
@@ -29,6 +31,7 @@ module Bundler
       :dependencies,
       :specs,
       :platforms,
+      :most_specific_locked_platform,
       :bundler_version,
       :ruby_version,
       :checksums,
@@ -136,7 +139,12 @@ module Bundler
         end
         @pos.advance!(line)
       end
-      @specs = @specs.values.sort_by!(&:full_name)
+      @most_specific_locked_platform = @platforms.min_by do |bundle_platform|
+        platform_specificity_match(bundle_platform, local_platform)
+      end
+      @specs = @specs.values.sort_by!(&:full_name).each do |spec|
+        spec.most_specific_locked_platform = @most_specific_locked_platform
+      end
     rescue ArgumentError => e
       Bundler.ui.debug(e)
       raise LockfileError, "Your lockfile is unreadable. Run `rm #{@lockfile_path}` " \