rubygems-update 3.5.9 → 3.5.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -0
  3. data/POLICIES.md +75 -6
  4. data/bundler/CHANGELOG.md +24 -0
  5. data/bundler/lib/bundler/build_metadata.rb +2 -2
  6. data/bundler/lib/bundler/cli.rb +5 -22
  7. data/bundler/lib/bundler/definition.rb +57 -28
  8. data/bundler/lib/bundler/dependency.rb +2 -1
  9. data/bundler/lib/bundler/environment_preserver.rb +2 -20
  10. data/bundler/lib/bundler/injector.rb +2 -1
  11. data/bundler/lib/bundler/man/bundle-add.1 +1 -1
  12. data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
  13. data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
  14. data/bundler/lib/bundler/man/bundle-check.1 +3 -1
  15. data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
  16. data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
  17. data/bundler/lib/bundler/man/bundle-config.1 +1 -3
  18. data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
  19. data/bundler/lib/bundler/man/bundle-console.1 +1 -1
  20. data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
  21. data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
  22. data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
  23. data/bundler/lib/bundler/man/bundle-help.1 +1 -1
  24. data/bundler/lib/bundler/man/bundle-info.1 +1 -1
  25. data/bundler/lib/bundler/man/bundle-init.1 +1 -1
  26. data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
  27. data/bundler/lib/bundler/man/bundle-install.1 +1 -1
  28. data/bundler/lib/bundler/man/bundle-list.1 +1 -1
  29. data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
  30. data/bundler/lib/bundler/man/bundle-open.1 +1 -1
  31. data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
  32. data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
  33. data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
  34. data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
  35. data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
  36. data/bundler/lib/bundler/man/bundle-show.1 +1 -1
  37. data/bundler/lib/bundler/man/bundle-update.1 +1 -1
  38. data/bundler/lib/bundler/man/bundle-version.1 +1 -1
  39. data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
  40. data/bundler/lib/bundler/man/bundle.1 +1 -1
  41. data/bundler/lib/bundler/man/gemfile.5 +1 -1
  42. data/bundler/lib/bundler/rubygems_ext.rb +12 -0
  43. data/bundler/lib/bundler/settings.rb +0 -1
  44. data/bundler/lib/bundler/setup.rb +3 -0
  45. data/bundler/lib/bundler/source/rubygems.rb +3 -16
  46. data/bundler/lib/bundler/source_list.rb +15 -2
  47. data/bundler/lib/bundler/spec_set.rb +1 -1
  48. data/bundler/lib/bundler/version.rb +1 -1
  49. data/bundler/lib/bundler.rb +20 -0
  50. data/lib/rubygems/commands/update_command.rb +8 -9
  51. data/lib/rubygems/deprecate.rb +79 -77
  52. data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
  53. data/lib/rubygems/package.rb +11 -5
  54. data/lib/rubygems.rb +1 -1
  55. data/rubygems-update.gemspec +1 -1
  56. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ab914e068825c9de5c8d4452b8567dafcd64c4caf771657e3b345acf5280148
4
- data.tar.gz: adcba32efcf1df21e5cf908ecb21a3e4aafa3b0d701cf90dfd4dabe9105f471d
3
+ metadata.gz: 97ec064ecaff6444c3f5d4886ab9f26d8816ecbfd69bde14cc9d9748fd5216ca
4
+ data.tar.gz: 8faa5fd2aff20db824858c72c8630330d756a0c1ed4be3ebed776f34312d78a7
5
5
  SHA512:
6
- metadata.gz: 64ee2b3cd6e7f2697ceae3e588e413896410e80fa7038f2cf9c6c59f1ee423c216e79bfa22c6c1775aa6ae286d110dbc949b331edb87f7e08e202af89634d1ef
7
- data.tar.gz: 610bc73529da5c2093c09712ac75d93fdb3896a9391425364e3bd9f419db93ee5989ad3e0c4fdd309c9d758bd4f925a90f52ed5e30e0f137a1b5403bdb235421
6
+ metadata.gz: efd2a5427612ce3ba3752fabb0b8bb3896fc39bcbbec9b96b901cae4ea1f11b074865a5a1d1a2d648b6557a0cd8bca53701ad9479f2b2d9492da0f58bdfb20d0
7
+ data.tar.gz: 9cc9ec7254e49127dbf7f48c1d052ff86195075e09d7e59b0ed5d053233fd7e1f0dffc5ba7def7f5d3e71102d8efbcabac0616c0e47caef385bf96fe18012a50
data/CHANGELOG.md CHANGED
@@ -1,3 +1,24 @@
1
+ # 3.5.10 / 2024-05-03
2
+
3
+ ## Security:
4
+
5
+ * Add a limit to the size of the metadata and checksums files in a gem
6
+ package. Pull request
7
+ [#7568](https://github.com/rubygems/rubygems/pull/7568) by segiddins
8
+
9
+ ## Enhancements:
10
+
11
+ * Don't fully require `rubygems` from `rubygems/package` to prevent some
12
+ circular require warnings when using Bundler. Pull request
13
+ [#7612](https://github.com/rubygems/rubygems/pull/7612) by
14
+ deivid-rodriguez
15
+ * Installs bundler 2.5.10 as a default gem.
16
+
17
+ ## Bug fixes:
18
+
19
+ * Rename credential email to identifier in WebAuthn poller. Pull request
20
+ [#7623](https://github.com/rubygems/rubygems/pull/7623) by jenshenny
21
+
1
22
  # 3.5.9 / 2024-04-12
2
23
 
3
24
  ## Enhancements:
data/POLICIES.md CHANGED
@@ -65,6 +65,59 @@ Bundler:
65
65
  have to work on weekends.
66
66
  * Continue with the regular release process below.
67
67
 
68
+ ### Branching
69
+
70
+ Bundler releases are synchronized with rubygems releases at the moment. That
71
+ means that releases for both share the same stable branch, and they should
72
+ generally happen together.
73
+
74
+ The current conventional naming for stable branches is `x+1.y`, where `x.y` is
75
+ the version of `bundler` that will be released. This is because `rubygems-x+1.y`
76
+ will be released at the same time.
77
+
78
+ For example, `rubygems-3.2.0` and `bundler-2.2.0` were both released from the
79
+ `3.2` stable branch.
80
+
81
+ Once a stable branch has been cut from `master`, changes for that minor release
82
+ series are only made _intentionally_, via patch releases. That is to say,
83
+ changes to `master` by default _won't_ make their way into the current stable
84
+ branch, and development on `master` will be targeting the next minor
85
+ or major release.
86
+
87
+ There is a `rake prepare_release[<target_rubygems_version>]` rake task
88
+ that helps with creating a release. It takes a single argument, the _exact
89
+ rubygems release_ being made (e.g. `3.2.3` when releasing bundler `2.2.3`).
90
+ This task checks out the appropriate stable branch (`3.2`, for example), grabs
91
+ all merged but unreleased PRs from both bundler & rubygems from GitHub that are
92
+ compatible with the target release level, and then cherry-picks those changes
93
+ (and only those changes) to a new branch based off the stable branch. Then bumps
94
+ the version in all version files, synchronizes both changelogs to include all
95
+ backported changes and commits that change on top of the cherry-picks.
96
+
97
+ Note that this task requires all user facing pull requests to be tagged with
98
+ specific labels. See [Merging a PR](/bundler/doc/playbooks/MERGING_A_PR.md) for details.
99
+
100
+ Also note that when this task cherry-picks, it cherry-picks the merge commits
101
+ using the following command:
102
+
103
+ ```bash
104
+ $ git cherry-pick -m 1 MERGE_COMMIT_SHAS
105
+ ```
106
+
107
+ For example, for PR [#5029](https://github.com/rubygems/bundler/pull/5029), we
108
+ cherry picked commit [dd6aef9](https://github.com/rubygems/bundler/commit/dd6aef97a5f2e7173f406267256a8c319d6134ab),
109
+ not [4fe9291](https://github.com/rubygems/bundler/commit/4fe92919f51e3463f0aad6fa833ab68044311f03)
110
+ using:
111
+
112
+ ```bash
113
+ $ git cherry-pick -m 1 dd6aef9
114
+ ```
115
+
116
+ After running the task, you'll have a release branch ready to be merged into the
117
+ stable branch. You'll want to open a PR from this branch into the stable branch
118
+ and provided CI is green, you can go ahead, merge the PR and run release tasks
119
+ as specified below from the updated stable branch.
120
+
68
121
  ### Automatic changelog and backport generation
69
122
 
70
123
  PR labels and titles are used to automatically generate changelogs for patch and
@@ -85,12 +138,28 @@ backporting a PR generates conflicts that are solved by backporting another PR
85
138
  with no user visible changes. You can use these special labels to also backport
86
139
  the other PR and not get any conflicts.
87
140
 
141
+ ### Breaking changes
142
+
143
+ Bundler cares a lot about preserving compatibility. As a result, changes that
144
+ break backwards compatibility should (whenever this is possible) include a feature
145
+ release that is backwards compatible, and issue warnings for all options and
146
+ behaviors that will change.
147
+
148
+ We only release major breaking changes when incrementing the _major_ version of
149
+ Bundler and RubyGems. However, experience shows that almost every single part of
150
+ Bundler and RubyGems is depended on by someone in ways hard to anticipate. So if
151
+ we were strict about breaking changes we'd need to hold on from making progress
152
+ a lot, or continuously increment the major version, emptying "really major"
153
+ versions from their meaning. Because of this, we also may release "small"
154
+ breaking changes in minor releases. "Small" here means that we expect them to
155
+ affect only very few users in rare cases.
156
+
88
157
  ### Steps for patch releases
89
158
 
90
159
  * Confirm all PRs that you want backported are properly tagged with `rubygems:
91
160
  <type>` or `bundler: <type>` labels at GitHub.
92
- * Run `rake prepare_release[<target_version>]`. This will create a PR to the
93
- stable branch with the backports included in the release, and proper
161
+ * Run `rake prepare_release[<target_rubygems_version>]`. This will create a PR
162
+ to the stable branch with the backports included in the release, and proper
94
163
  changelogs and version bumps. It will also create a PR to merge release
95
164
  changelogs into master.
96
165
  * Once CI passes, merge the release PR, switch to the stable branch and pull
@@ -102,10 +171,10 @@ the other PR and not get any conflicts.
102
171
 
103
172
  * Confirm all PRs that you want listed in changelogs are properly tagged with
104
173
  `rubygems: <type>` or `bundler: <type>` labels at GitHub.
105
- * Run `rake prepare_release[<target_version>]`. This will create a new stable
106
- branch off the master branch, and create a PR to it with the proper version
107
- bumps and changelogs. It will also create a PR to merge release changelogs
108
- into master.
174
+ * Run `rake prepare_release[<target_rubygems_version>]`. This will create a
175
+ new stable branch off the master branch, and create a PR to it with the
176
+ proper version bumps and changelogs. It will also create a PR to merge
177
+ release changelogs into master.
109
178
  * Replace the stable branch in the workflows with the new stable branch, and
110
179
  push that change to the release PR.
111
180
  * Replace version numbers with the next ".dev" version, and push that change
data/bundler/CHANGELOG.md CHANGED
@@ -1,3 +1,27 @@
1
+ # 2.5.10 (May 3, 2024)
2
+
3
+ ## Security:
4
+
5
+ - Never write credentials to lockfiles [#7560](https://github.com/rubygems/rubygems/pull/7560)
6
+
7
+ ## Enhancements:
8
+
9
+ - Add auto_install support to require "bundler/setup" [#6561](https://github.com/rubygems/rubygems/pull/6561)
10
+ - Add `--glob` flag to `bundle add` [#7557](https://github.com/rubygems/rubygems/pull/7557)
11
+
12
+ ## Bug fixes:
13
+
14
+ - Make sure `bundle update <specific_gems>` can always update to the latest resolvable version of each requested gem [#7558](https://github.com/rubygems/rubygems/pull/7558)
15
+ - Show better error when installed gemspecs are unreadable [#7603](https://github.com/rubygems/rubygems/pull/7603)
16
+ - Fix `bundle update` not working on an out of sync lockfile [#7607](https://github.com/rubygems/rubygems/pull/7607)
17
+ - Don't upcase Windows ENV before backing it up [#7574](https://github.com/rubygems/rubygems/pull/7574)
18
+ - Properly resolve aliases when `bundle help` is run [#7601](https://github.com/rubygems/rubygems/pull/7601)
19
+ - Fix issue installing gems with linux-musl variant on non musl linux [#7583](https://github.com/rubygems/rubygems/pull/7583)
20
+
21
+ ## Documentation:
22
+
23
+ - Clarify `bundle check` behaviour in docs [#7613](https://github.com/rubygems/rubygems/pull/7613)
24
+
1
25
  # 2.5.9 (April 12, 2024)
2
26
 
3
27
  ## Bug fixes:
@@ -4,8 +4,8 @@ module Bundler
4
4
  # Represents metadata from when the Bundler gem was built.
5
5
  module BuildMetadata
6
6
  # begin ivars
7
- @built_at = "2024-04-12".freeze
8
- @git_commit_sha = "4304697e0c".freeze
7
+ @built_at = "2024-05-03".freeze
8
+ @git_commit_sha = "24cac00613".freeze
9
9
  @release = true
10
10
  # end ivars
11
11
 
@@ -5,6 +5,7 @@ require_relative "vendored_thor"
5
5
  module Bundler
6
6
  class CLI < Thor
7
7
  require_relative "cli/common"
8
+ require_relative "cli/install"
8
9
 
9
10
  package_name "Bundler"
10
11
 
@@ -69,7 +70,7 @@ module Bundler
69
70
  Bundler.settings.set_command_option_if_given :retry, options[:retry]
70
71
 
71
72
  current_cmd = args.last[:current_command].name
72
- auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
73
+ Bundler.auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
73
74
  rescue UnknownArgumentError => e
74
75
  raise InvalidOption, e.message
75
76
  ensure
@@ -114,6 +115,8 @@ module Bundler
114
115
  class_option "verbose", type: :boolean, desc: "Enable verbose output mode", aliases: "-V"
115
116
 
116
117
  def help(cli = nil)
118
+ cli = self.class.all_aliases[cli] if self.class.all_aliases[cli]
119
+
117
120
  case cli
118
121
  when "gemfile" then command = "gemfile"
119
122
  when nil then command = "bundle"
@@ -347,6 +350,7 @@ module Bundler
347
350
  method_option "github", type: :string
348
351
  method_option "branch", type: :string
349
352
  method_option "ref", type: :string
353
+ method_option "glob", type: :string, banner: "The location of a dependency's .gemspec, expanded within Ruby (single quotes recommended)"
350
354
  method_option "skip-install", type: :boolean, banner: "Adds gem to the Gemfile but does not install it"
351
355
  method_option "optimistic", type: :boolean, banner: "Adds optimistic declaration of version to gem"
352
356
  method_option "strict", type: :boolean, banner: "Adds strict declaration of version to gem"
@@ -682,7 +686,6 @@ module Bundler
682
686
  exec_used = args.index {|a| exec_commands.include? a }
683
687
 
684
688
  command = args.find {|a| bundler_commands.include? a }
685
- command = all_aliases[command] if all_aliases[command]
686
689
 
687
690
  if exec_used && help_used
688
691
  if exec_used + help_used == 1
@@ -735,26 +738,6 @@ module Bundler
735
738
 
736
739
  private
737
740
 
738
- # Automatically invoke `bundle install` and resume if
739
- # Bundler.settings[:auto_install] exists. This is set through config cmd
740
- # `bundle config set --global auto_install 1`.
741
- #
742
- # Note that this method `nil`s out the global Definition object, so it
743
- # should be called first, before you instantiate anything like an
744
- # `Installer` that'll keep a reference to the old one instead.
745
- def auto_install
746
- return unless Bundler.settings[:auto_install]
747
-
748
- begin
749
- Bundler.definition.specs
750
- rescue GemNotFound, GitError
751
- Bundler.ui.info "Automatically installing missing gems."
752
- Bundler.reset!
753
- invoke :install, []
754
- Bundler.reset!
755
- end
756
- end
757
-
758
741
  def current_command
759
742
  _, _, config = @_initializer
760
743
  config[:current_command]
@@ -92,11 +92,12 @@ module Bundler
92
92
  @platforms = @locked_platforms.dup
93
93
  @locked_bundler_version = @locked_gems.bundler_version
94
94
  @locked_ruby_version = @locked_gems.ruby_version
95
+ @originally_locked_deps = @locked_gems.dependencies
95
96
  @originally_locked_specs = SpecSet.new(@locked_gems.specs)
96
97
  @locked_checksums = @locked_gems.checksums
97
98
 
98
99
  if unlock != true
99
- @locked_deps = @locked_gems.dependencies
100
+ @locked_deps = @originally_locked_deps
100
101
  @locked_specs = @originally_locked_specs
101
102
  @locked_sources = @locked_gems.sources
102
103
  else
@@ -111,6 +112,7 @@ module Bundler
111
112
  @locked_gems = nil
112
113
  @locked_deps = {}
113
114
  @locked_specs = SpecSet.new([])
115
+ @originally_locked_deps = {}
114
116
  @originally_locked_specs = @locked_specs
115
117
  @locked_sources = []
116
118
  @locked_platforms = []
@@ -130,7 +132,7 @@ module Bundler
130
132
  @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
131
133
  end
132
134
 
133
- @unlock[:sources] ||= []
135
+ @sources_to_unlock = @unlock.delete(:sources) || []
134
136
  @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
135
137
  @ruby_version.diff(locked_ruby_version_object)
136
138
  end
@@ -142,11 +144,13 @@ module Bundler
142
144
  @path_changes = converge_paths
143
145
  @source_changes = converge_sources
144
146
 
147
+ @explicit_unlocks = @unlock.delete(:gems) || []
148
+
145
149
  if @unlock[:conservative]
146
- @unlock[:gems] ||= @dependencies.map(&:name)
150
+ @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
147
151
  else
148
- eager_unlock = (@unlock[:gems] || []).map {|name| Dependency.new(name, ">= 0") }
149
- @unlock[:gems] = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq
152
+ eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
153
+ @gems_to_unlock = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq
150
154
  end
151
155
 
152
156
  @dependency_changes = converge_dependencies
@@ -225,7 +229,6 @@ module Bundler
225
229
  @resolver = nil
226
230
  @resolution_packages = nil
227
231
  @specs = nil
228
- @gem_version_promoter = nil
229
232
 
230
233
  Bundler.ui.debug "The definition is missing dependencies, failed to resolve & materialize locally (#{e})"
231
234
  true
@@ -566,8 +569,10 @@ module Bundler
566
569
  @resolution_packages ||= begin
567
570
  last_resolve = converge_locked_specs
568
571
  remove_invalid_platforms!(current_dependencies)
569
- packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlock[:gems], prerelease: gem_version_promoter.pre?)
570
- additional_base_requirements_for_resolve(packages, last_resolve)
572
+ packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?)
573
+ packages = additional_base_requirements_to_prevent_downgrades(packages, last_resolve)
574
+ packages = additional_base_requirements_to_force_updates(packages)
575
+ packages
571
576
  end
572
577
  end
573
578
 
@@ -671,14 +676,18 @@ module Bundler
671
676
 
672
677
  def change_reason
673
678
  if unlocking?
674
- unlock_reason = @unlock.reject {|_k, v| Array(v).empty? }.map do |k, v|
675
- if v == true
676
- k.to_s
677
- else
678
- v = Array(v)
679
- "#{k}: (#{v.join(", ")})"
680
- end
681
- end.join(", ")
679
+ unlock_targets = if @gems_to_unlock.any?
680
+ ["gems", @gems_to_unlock]
681
+ elsif @sources_to_unlock.any?
682
+ ["sources", @sources_to_unlock]
683
+ end
684
+
685
+ unlock_reason = if unlock_targets
686
+ "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
687
+ else
688
+ @unlock[:ruby] ? "ruby" : ""
689
+ end
690
+
682
691
  return "bundler is unlocking #{unlock_reason}"
683
692
  end
684
693
  [
@@ -733,7 +742,7 @@ module Bundler
733
742
  spec = @dependencies.find {|s| s.name == k }
734
743
  source = spec&.source
735
744
  if source&.respond_to?(:local_override!)
736
- source.unlock! if @unlock[:gems].include?(spec.name)
745
+ source.unlock! if @gems_to_unlock.include?(spec.name)
737
746
  locals << [source, source.local_override!(v)]
738
747
  end
739
748
  end
@@ -741,7 +750,7 @@ module Bundler
741
750
  sources_with_changes = locals.select do |source, changed|
742
751
  changed || specs_changed?(source)
743
752
  end.map(&:first)
744
- !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
753
+ !sources_with_changes.each {|source| @sources_to_unlock << source.name }.empty?
745
754
  end
746
755
 
747
756
  def check_lockfile
@@ -818,7 +827,7 @@ module Bundler
818
827
  # gem), unlock it. For git sources, this means to unlock the revision, which
819
828
  # will cause the `ref` used to be the most recent for the branch (or master) if
820
829
  # an explicit `ref` is not used.
821
- if source.respond_to?(:unlock!) && @unlock[:sources].include?(source.name)
830
+ if source.respond_to?(:unlock!) && @sources_to_unlock.include?(source.name)
822
831
  source.unlock!
823
832
  changes = true
824
833
  end
@@ -835,9 +844,7 @@ module Bundler
835
844
  dep.source = sources.get(dep.source)
836
845
  end
837
846
 
838
- next if unlocking?
839
-
840
- unless locked_dep = @locked_deps[dep.name]
847
+ unless locked_dep = @originally_locked_deps[dep.name]
841
848
  changes = true
842
849
  next
843
850
  end
@@ -864,7 +871,7 @@ module Bundler
864
871
  def converge_locked_specs
865
872
  converged = converge_specs(@locked_specs)
866
873
 
867
- resolve = SpecSet.new(converged.reject {|s| @unlock[:gems].include?(s.name) })
874
+ resolve = SpecSet.new(converged.reject {|s| @gems_to_unlock.include?(s.name) })
868
875
 
869
876
  diff = nil
870
877
 
@@ -897,7 +904,7 @@ module Bundler
897
904
 
898
905
  @specs_that_changed_sources << s if gemfile_source != lockfile_source
899
906
  deps << dep if !dep.source || lockfile_source.include?(dep.source)
900
- @unlock[:gems] << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
907
+ @gems_to_unlock << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
901
908
 
902
909
  # Replace the locked dependency's source with the equivalent source from the Gemfile
903
910
  s.source = gemfile_source
@@ -906,7 +913,7 @@ module Bundler
906
913
  s.source = default_source unless sources.get(lockfile_source)
907
914
  end
908
915
 
909
- next if @unlock[:sources].include?(s.source.name)
916
+ next if @sources_to_unlock.include?(s.source.name)
910
917
 
911
918
  # Path sources have special logic
912
919
  if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
@@ -928,12 +935,12 @@ module Bundler
928
935
  else
929
936
  # If the spec is no longer in the path source, unlock it. This
930
937
  # commonly happens if the version changed in the gemspec
931
- @unlock[:gems] << name
938
+ @gems_to_unlock << name
932
939
  end
933
940
  end
934
941
 
935
942
  if dep.nil? && requested_dependencies.find {|d| name == d.name }
936
- @unlock[:gems] << s.name
943
+ @gems_to_unlock << s.name
937
944
  else
938
945
  converged << s
939
946
  end
@@ -1010,7 +1017,7 @@ module Bundler
1010
1017
  current == proposed
1011
1018
  end
1012
1019
 
1013
- def additional_base_requirements_for_resolve(resolution_packages, last_resolve)
1020
+ def additional_base_requirements_to_prevent_downgrades(resolution_packages, last_resolve)
1014
1021
  return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
1015
1022
  converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
1016
1023
  next if locked_spec.source.is_a?(Source::Path)
@@ -1019,6 +1026,28 @@ module Bundler
1019
1026
  resolution_packages
1020
1027
  end
1021
1028
 
1029
+ def additional_base_requirements_to_force_updates(resolution_packages)
1030
+ return resolution_packages if @explicit_unlocks.empty?
1031
+ full_update = dup_for_full_unlock.resolve
1032
+ @explicit_unlocks.each do |name|
1033
+ version = full_update[name].first&.version
1034
+ resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
1035
+ end
1036
+ resolution_packages
1037
+ end
1038
+
1039
+ def dup_for_full_unlock
1040
+ unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
1041
+ unlocked_definition.resolution_mode = { "local" => !@remote }
1042
+ unlocked_definition.setup_sources_for_resolve
1043
+ unlocked_definition.gem_version_promoter.tap do |gvp|
1044
+ gvp.level = gem_version_promoter.level
1045
+ gvp.strict = gem_version_promoter.strict
1046
+ gvp.pre = gem_version_promoter.pre
1047
+ end
1048
+ unlocked_definition
1049
+ end
1050
+
1022
1051
  def remove_invalid_platforms!(dependencies)
1023
1052
  return if Bundler.frozen_bundle?
1024
1053
 
@@ -7,7 +7,7 @@ require_relative "rubygems_ext"
7
7
  module Bundler
8
8
  class Dependency < Gem::Dependency
9
9
  attr_reader :autorequire
10
- attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
10
+ attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref, :glob
11
11
 
12
12
  ALL_RUBY_VERSIONS = (18..27).to_a.concat((30..34).to_a).freeze
13
13
  PLATFORM_MAP = {
@@ -39,6 +39,7 @@ module Bundler
39
39
  @github = options["github"]
40
40
  @branch = options["branch"]
41
41
  @ref = options["ref"]
42
+ @glob = options["glob"]
42
43
  @platforms = Array(options["platforms"])
43
44
  @env = options["env"]
44
45
  @should_include = options.fetch("should_include", true)
@@ -19,14 +19,7 @@ module Bundler
19
19
  BUNDLER_PREFIX = "BUNDLER_ORIG_"
20
20
 
21
21
  def self.from_env
22
- new(env_to_hash(ENV), BUNDLER_KEYS)
23
- end
24
-
25
- def self.env_to_hash(env)
26
- to_hash = env.to_hash
27
- return to_hash unless Gem.win_platform?
28
-
29
- to_hash.each_with_object({}) {|(k,v), a| a[k.upcase] = v }
22
+ new(ENV.to_hash, BUNDLER_KEYS)
30
23
  end
31
24
 
32
25
  # @param env [Hash]
@@ -39,18 +32,7 @@ module Bundler
39
32
 
40
33
  # Replaces `ENV` with the bundler environment variables backed up
41
34
  def replace_with_backup
42
- unless Gem.win_platform?
43
- ENV.replace(backup)
44
- return
45
- end
46
-
47
- # Fallback logic for Windows below to workaround
48
- # https://bugs.ruby-lang.org/issues/16798. Can be dropped once all
49
- # supported rubies include the fix for that.
50
-
51
- ENV.clear
52
-
53
- backup.each {|k, v| ENV[k] = v }
35
+ ENV.replace(backup)
54
36
  end
55
37
 
56
38
  # @return [Hash]
@@ -120,9 +120,10 @@ module Bundler
120
120
  github = ", :github => \"#{d.github}\"" unless d.github.nil?
121
121
  branch = ", :branch => \"#{d.branch}\"" unless d.branch.nil?
122
122
  ref = ", :ref => \"#{d.ref}\"" unless d.ref.nil?
123
+ glob = ", :glob => \"#{d.glob}\"" unless d.glob.nil?
123
124
  require_path = ", :require => #{convert_autorequire(d.autorequire)}" unless d.autorequire.nil?
124
125
 
125
- %(gem #{name}#{requirement}#{group}#{source}#{path}#{git}#{github}#{branch}#{ref}#{require_path})
126
+ %(gem #{name}#{requirement}#{group}#{source}#{path}#{git}#{github}#{branch}#{ref}#{glob}#{require_path})
126
127
  end.join("\n")
127
128
  end
128
129
 
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-ADD" "1" "March 2024" ""
3
+ .TH "BUNDLE\-ADD" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-BINSTUBS" "1" "March 2024" ""
3
+ .TH "BUNDLE\-BINSTUBS" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-CACHE" "1" "March 2024" ""
3
+ .TH "BUNDLE\-CACHE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-CHECK" "1" "March 2024" ""
3
+ .TH "BUNDLE\-CHECK" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
6
6
  .SH "SYNOPSIS"
@@ -9,6 +9,8 @@
9
9
  \fBcheck\fR searches the local machine for each of the gems requested in the Gemfile\. If all gems are found, Bundler prints a success message and exits with a status of 0\.
10
10
  .P
11
11
  If not, the first missing gem is listed and Bundler exits status 1\.
12
+ .P
13
+ If the lockfile needs to be updated then it will be resolved using the gems installed on the local machine, if they satisfy the requirements\.
12
14
  .SH "OPTIONS"
13
15
  .TP
14
16
  \fB\-\-dry\-run\fR
@@ -15,6 +15,9 @@ a status of 0.
15
15
 
16
16
  If not, the first missing gem is listed and Bundler exits status 1.
17
17
 
18
+ If the lockfile needs to be updated then it will be resolved using the gems
19
+ installed on the local machine, if they satisfy the requirements.
20
+
18
21
  ## OPTIONS
19
22
 
20
23
  * `--dry-run`:
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-CLEAN" "1" "March 2024" ""
3
+ .TH "BUNDLE\-CLEAN" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-CONFIG" "1" "March 2024" ""
3
+ .TH "BUNDLE\-CONFIG" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-config\fR \- Set bundler configuration options
6
6
  .SH "SYNOPSIS"
@@ -95,8 +95,6 @@ Any periods in the configuration keys must be replaced with two underscores when
95
95
  .SH "LIST OF AVAILABLE KEYS"
96
96
  The following is a list of all configuration keys and their purpose\. You can learn more about their operation in bundle install(1) \fIbundle\-install\.1\.html\fR\.
97
97
  .IP "\(bu" 4
98
- \fBallow_deployment_source_credential_changes\fR (\fBBUNDLE_ALLOW_DEPLOYMENT_SOURCE_CREDENTIAL_CHANGES\fR): When in deployment mode, allow changing the credentials to a gem's source\. Ex: \fBhttps://some\.host\.com/gems/path/\fR \-> \fBhttps://user_name:password@some\.host\.com/gems/path\fR
99
- .IP "\(bu" 4
100
98
  \fBallow_offline_install\fR (\fBBUNDLE_ALLOW_OFFLINE_INSTALL\fR): Allow Bundler to use cached data when installing without network access\.
101
99
  .IP "\(bu" 4
102
100
  \fBauto_clean_without_path\fR (\fBBUNDLE_AUTO_CLEAN_WITHOUT_PATH\fR): Automatically run \fBbundle clean\fR after installing when an explicit \fBpath\fR has not been set and Bundler is not installing into the system gems\.
@@ -137,9 +137,6 @@ the environment variable `BUNDLE_LOCAL__RACK`.
137
137
  The following is a list of all configuration keys and their purpose. You can
138
138
  learn more about their operation in [bundle install(1)](bundle-install.1.html).
139
139
 
140
- * `allow_deployment_source_credential_changes` (`BUNDLE_ALLOW_DEPLOYMENT_SOURCE_CREDENTIAL_CHANGES`):
141
- When in deployment mode, allow changing the credentials to a gem's source.
142
- Ex: `https://some.host.com/gems/path/` -> `https://user_name:password@some.host.com/gems/path`
143
140
  * `allow_offline_install` (`BUNDLE_ALLOW_OFFLINE_INSTALL`):
144
141
  Allow Bundler to use cached data when installing without network access.
145
142
  * `auto_clean_without_path` (`BUNDLE_AUTO_CLEAN_WITHOUT_PATH`):
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-CONSOLE" "1" "March 2024" ""
3
+ .TH "BUNDLE\-CONSOLE" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-console\fR \- Deprecated way to open an IRB session with the bundle pre\-loaded
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-DOCTOR" "1" "March 2024" ""
3
+ .TH "BUNDLE\-DOCTOR" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-doctor\fR \- Checks the bundle for common problems
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-EXEC" "1" "March 2024" ""
3
+ .TH "BUNDLE\-EXEC" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-exec\fR \- Execute a command in the context of the bundle
6
6
  .SH "SYNOPSIS"
@@ -1,6 +1,6 @@
1
1
  .\" generated with nRonn/v0.11.1
2
2
  .\" https://github.com/n-ronn/nronn/tree/0.11.1
3
- .TH "BUNDLE\-GEM" "1" "March 2024" ""
3
+ .TH "BUNDLE\-GEM" "1" "April 2024" ""
4
4
  .SH "NAME"
5
5
  \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem
6
6
  .SH "SYNOPSIS"