rubygems-update 3.5.9 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/POLICIES.md +75 -6
- data/bundler/CHANGELOG.md +24 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli.rb +5 -22
- data/bundler/lib/bundler/definition.rb +57 -28
- data/bundler/lib/bundler/dependency.rb +2 -1
- data/bundler/lib/bundler/environment_preserver.rb +2 -20
- data/bundler/lib/bundler/injector.rb +2 -1
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +3 -1
- data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -3
- data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +1 -1
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +1 -1
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +1 -1
- data/bundler/lib/bundler/rubygems_ext.rb +12 -0
- data/bundler/lib/bundler/settings.rb +0 -1
- data/bundler/lib/bundler/setup.rb +3 -0
- data/bundler/lib/bundler/source/rubygems.rb +3 -16
- data/bundler/lib/bundler/source_list.rb +15 -2
- data/bundler/lib/bundler/spec_set.rb +1 -1
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler.rb +20 -0
- data/lib/rubygems/commands/update_command.rb +8 -9
- data/lib/rubygems/deprecate.rb +79 -77
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
- data/lib/rubygems/package.rb +11 -5
- data/lib/rubygems.rb +1 -1
- data/rubygems-update.gemspec +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 97ec064ecaff6444c3f5d4886ab9f26d8816ecbfd69bde14cc9d9748fd5216ca
|
4
|
+
data.tar.gz: 8faa5fd2aff20db824858c72c8630330d756a0c1ed4be3ebed776f34312d78a7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efd2a5427612ce3ba3752fabb0b8bb3896fc39bcbbec9b96b901cae4ea1f11b074865a5a1d1a2d648b6557a0cd8bca53701ad9479f2b2d9492da0f58bdfb20d0
|
7
|
+
data.tar.gz: 9cc9ec7254e49127dbf7f48c1d052ff86195075e09d7e59b0ed5d053233fd7e1f0dffc5ba7def7f5d3e71102d8efbcabac0616c0e47caef385bf96fe18012a50
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,24 @@
|
|
1
|
+
# 3.5.10 / 2024-05-03
|
2
|
+
|
3
|
+
## Security:
|
4
|
+
|
5
|
+
* Add a limit to the size of the metadata and checksums files in a gem
|
6
|
+
package. Pull request
|
7
|
+
[#7568](https://github.com/rubygems/rubygems/pull/7568) by segiddins
|
8
|
+
|
9
|
+
## Enhancements:
|
10
|
+
|
11
|
+
* Don't fully require `rubygems` from `rubygems/package` to prevent some
|
12
|
+
circular require warnings when using Bundler. Pull request
|
13
|
+
[#7612](https://github.com/rubygems/rubygems/pull/7612) by
|
14
|
+
deivid-rodriguez
|
15
|
+
* Installs bundler 2.5.10 as a default gem.
|
16
|
+
|
17
|
+
## Bug fixes:
|
18
|
+
|
19
|
+
* Rename credential email to identifier in WebAuthn poller. Pull request
|
20
|
+
[#7623](https://github.com/rubygems/rubygems/pull/7623) by jenshenny
|
21
|
+
|
1
22
|
# 3.5.9 / 2024-04-12
|
2
23
|
|
3
24
|
## Enhancements:
|
data/POLICIES.md
CHANGED
@@ -65,6 +65,59 @@ Bundler:
|
|
65
65
|
have to work on weekends.
|
66
66
|
* Continue with the regular release process below.
|
67
67
|
|
68
|
+
### Branching
|
69
|
+
|
70
|
+
Bundler releases are synchronized with rubygems releases at the moment. That
|
71
|
+
means that releases for both share the same stable branch, and they should
|
72
|
+
generally happen together.
|
73
|
+
|
74
|
+
The current conventional naming for stable branches is `x+1.y`, where `x.y` is
|
75
|
+
the version of `bundler` that will be released. This is because `rubygems-x+1.y`
|
76
|
+
will be released at the same time.
|
77
|
+
|
78
|
+
For example, `rubygems-3.2.0` and `bundler-2.2.0` were both released from the
|
79
|
+
`3.2` stable branch.
|
80
|
+
|
81
|
+
Once a stable branch has been cut from `master`, changes for that minor release
|
82
|
+
series are only made _intentionally_, via patch releases. That is to say,
|
83
|
+
changes to `master` by default _won't_ make their way into the current stable
|
84
|
+
branch, and development on `master` will be targeting the next minor
|
85
|
+
or major release.
|
86
|
+
|
87
|
+
There is a `rake prepare_release[<target_rubygems_version>]` rake task
|
88
|
+
that helps with creating a release. It takes a single argument, the _exact
|
89
|
+
rubygems release_ being made (e.g. `3.2.3` when releasing bundler `2.2.3`).
|
90
|
+
This task checks out the appropriate stable branch (`3.2`, for example), grabs
|
91
|
+
all merged but unreleased PRs from both bundler & rubygems from GitHub that are
|
92
|
+
compatible with the target release level, and then cherry-picks those changes
|
93
|
+
(and only those changes) to a new branch based off the stable branch. Then bumps
|
94
|
+
the version in all version files, synchronizes both changelogs to include all
|
95
|
+
backported changes and commits that change on top of the cherry-picks.
|
96
|
+
|
97
|
+
Note that this task requires all user facing pull requests to be tagged with
|
98
|
+
specific labels. See [Merging a PR](/bundler/doc/playbooks/MERGING_A_PR.md) for details.
|
99
|
+
|
100
|
+
Also note that when this task cherry-picks, it cherry-picks the merge commits
|
101
|
+
using the following command:
|
102
|
+
|
103
|
+
```bash
|
104
|
+
$ git cherry-pick -m 1 MERGE_COMMIT_SHAS
|
105
|
+
```
|
106
|
+
|
107
|
+
For example, for PR [#5029](https://github.com/rubygems/bundler/pull/5029), we
|
108
|
+
cherry picked commit [dd6aef9](https://github.com/rubygems/bundler/commit/dd6aef97a5f2e7173f406267256a8c319d6134ab),
|
109
|
+
not [4fe9291](https://github.com/rubygems/bundler/commit/4fe92919f51e3463f0aad6fa833ab68044311f03)
|
110
|
+
using:
|
111
|
+
|
112
|
+
```bash
|
113
|
+
$ git cherry-pick -m 1 dd6aef9
|
114
|
+
```
|
115
|
+
|
116
|
+
After running the task, you'll have a release branch ready to be merged into the
|
117
|
+
stable branch. You'll want to open a PR from this branch into the stable branch
|
118
|
+
and provided CI is green, you can go ahead, merge the PR and run release tasks
|
119
|
+
as specified below from the updated stable branch.
|
120
|
+
|
68
121
|
### Automatic changelog and backport generation
|
69
122
|
|
70
123
|
PR labels and titles are used to automatically generate changelogs for patch and
|
@@ -85,12 +138,28 @@ backporting a PR generates conflicts that are solved by backporting another PR
|
|
85
138
|
with no user visible changes. You can use these special labels to also backport
|
86
139
|
the other PR and not get any conflicts.
|
87
140
|
|
141
|
+
### Breaking changes
|
142
|
+
|
143
|
+
Bundler cares a lot about preserving compatibility. As a result, changes that
|
144
|
+
break backwards compatibility should (whenever this is possible) include a feature
|
145
|
+
release that is backwards compatible, and issue warnings for all options and
|
146
|
+
behaviors that will change.
|
147
|
+
|
148
|
+
We only release major breaking changes when incrementing the _major_ version of
|
149
|
+
Bundler and RubyGems. However, experience shows that almost every single part of
|
150
|
+
Bundler and RubyGems is depended on by someone in ways hard to anticipate. So if
|
151
|
+
we were strict about breaking changes we'd need to hold on from making progress
|
152
|
+
a lot, or continuously increment the major version, emptying "really major"
|
153
|
+
versions from their meaning. Because of this, we also may release "small"
|
154
|
+
breaking changes in minor releases. "Small" here means that we expect them to
|
155
|
+
affect only very few users in rare cases.
|
156
|
+
|
88
157
|
### Steps for patch releases
|
89
158
|
|
90
159
|
* Confirm all PRs that you want backported are properly tagged with `rubygems:
|
91
160
|
<type>` or `bundler: <type>` labels at GitHub.
|
92
|
-
* Run `rake prepare_release[<
|
93
|
-
stable branch with the backports included in the release, and proper
|
161
|
+
* Run `rake prepare_release[<target_rubygems_version>]`. This will create a PR
|
162
|
+
to the stable branch with the backports included in the release, and proper
|
94
163
|
changelogs and version bumps. It will also create a PR to merge release
|
95
164
|
changelogs into master.
|
96
165
|
* Once CI passes, merge the release PR, switch to the stable branch and pull
|
@@ -102,10 +171,10 @@ the other PR and not get any conflicts.
|
|
102
171
|
|
103
172
|
* Confirm all PRs that you want listed in changelogs are properly tagged with
|
104
173
|
`rubygems: <type>` or `bundler: <type>` labels at GitHub.
|
105
|
-
* Run `rake prepare_release[<
|
106
|
-
branch off the master branch, and create a PR to it with the
|
107
|
-
bumps and changelogs. It will also create a PR to merge
|
108
|
-
into master.
|
174
|
+
* Run `rake prepare_release[<target_rubygems_version>]`. This will create a
|
175
|
+
new stable branch off the master branch, and create a PR to it with the
|
176
|
+
proper version bumps and changelogs. It will also create a PR to merge
|
177
|
+
release changelogs into master.
|
109
178
|
* Replace the stable branch in the workflows with the new stable branch, and
|
110
179
|
push that change to the release PR.
|
111
180
|
* Replace version numbers with the next ".dev" version, and push that change
|
data/bundler/CHANGELOG.md
CHANGED
@@ -1,3 +1,27 @@
|
|
1
|
+
# 2.5.10 (May 3, 2024)
|
2
|
+
|
3
|
+
## Security:
|
4
|
+
|
5
|
+
- Never write credentials to lockfiles [#7560](https://github.com/rubygems/rubygems/pull/7560)
|
6
|
+
|
7
|
+
## Enhancements:
|
8
|
+
|
9
|
+
- Add auto_install support to require "bundler/setup" [#6561](https://github.com/rubygems/rubygems/pull/6561)
|
10
|
+
- Add `--glob` flag to `bundle add` [#7557](https://github.com/rubygems/rubygems/pull/7557)
|
11
|
+
|
12
|
+
## Bug fixes:
|
13
|
+
|
14
|
+
- Make sure `bundle update <specific_gems>` can always update to the latest resolvable version of each requested gem [#7558](https://github.com/rubygems/rubygems/pull/7558)
|
15
|
+
- Show better error when installed gemspecs are unreadable [#7603](https://github.com/rubygems/rubygems/pull/7603)
|
16
|
+
- Fix `bundle update` not working on an out of sync lockfile [#7607](https://github.com/rubygems/rubygems/pull/7607)
|
17
|
+
- Don't upcase Windows ENV before backing it up [#7574](https://github.com/rubygems/rubygems/pull/7574)
|
18
|
+
- Properly resolve aliases when `bundle help` is run [#7601](https://github.com/rubygems/rubygems/pull/7601)
|
19
|
+
- Fix issue installing gems with linux-musl variant on non musl linux [#7583](https://github.com/rubygems/rubygems/pull/7583)
|
20
|
+
|
21
|
+
## Documentation:
|
22
|
+
|
23
|
+
- Clarify `bundle check` behaviour in docs [#7613](https://github.com/rubygems/rubygems/pull/7613)
|
24
|
+
|
1
25
|
# 2.5.9 (April 12, 2024)
|
2
26
|
|
3
27
|
## Bug fixes:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2024-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2024-05-03".freeze
|
8
|
+
@git_commit_sha = "24cac00613".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
data/bundler/lib/bundler/cli.rb
CHANGED
@@ -5,6 +5,7 @@ require_relative "vendored_thor"
|
|
5
5
|
module Bundler
|
6
6
|
class CLI < Thor
|
7
7
|
require_relative "cli/common"
|
8
|
+
require_relative "cli/install"
|
8
9
|
|
9
10
|
package_name "Bundler"
|
10
11
|
|
@@ -69,7 +70,7 @@ module Bundler
|
|
69
70
|
Bundler.settings.set_command_option_if_given :retry, options[:retry]
|
70
71
|
|
71
72
|
current_cmd = args.last[:current_command].name
|
72
|
-
auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
|
73
|
+
Bundler.auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
|
73
74
|
rescue UnknownArgumentError => e
|
74
75
|
raise InvalidOption, e.message
|
75
76
|
ensure
|
@@ -114,6 +115,8 @@ module Bundler
|
|
114
115
|
class_option "verbose", type: :boolean, desc: "Enable verbose output mode", aliases: "-V"
|
115
116
|
|
116
117
|
def help(cli = nil)
|
118
|
+
cli = self.class.all_aliases[cli] if self.class.all_aliases[cli]
|
119
|
+
|
117
120
|
case cli
|
118
121
|
when "gemfile" then command = "gemfile"
|
119
122
|
when nil then command = "bundle"
|
@@ -347,6 +350,7 @@ module Bundler
|
|
347
350
|
method_option "github", type: :string
|
348
351
|
method_option "branch", type: :string
|
349
352
|
method_option "ref", type: :string
|
353
|
+
method_option "glob", type: :string, banner: "The location of a dependency's .gemspec, expanded within Ruby (single quotes recommended)"
|
350
354
|
method_option "skip-install", type: :boolean, banner: "Adds gem to the Gemfile but does not install it"
|
351
355
|
method_option "optimistic", type: :boolean, banner: "Adds optimistic declaration of version to gem"
|
352
356
|
method_option "strict", type: :boolean, banner: "Adds strict declaration of version to gem"
|
@@ -682,7 +686,6 @@ module Bundler
|
|
682
686
|
exec_used = args.index {|a| exec_commands.include? a }
|
683
687
|
|
684
688
|
command = args.find {|a| bundler_commands.include? a }
|
685
|
-
command = all_aliases[command] if all_aliases[command]
|
686
689
|
|
687
690
|
if exec_used && help_used
|
688
691
|
if exec_used + help_used == 1
|
@@ -735,26 +738,6 @@ module Bundler
|
|
735
738
|
|
736
739
|
private
|
737
740
|
|
738
|
-
# Automatically invoke `bundle install` and resume if
|
739
|
-
# Bundler.settings[:auto_install] exists. This is set through config cmd
|
740
|
-
# `bundle config set --global auto_install 1`.
|
741
|
-
#
|
742
|
-
# Note that this method `nil`s out the global Definition object, so it
|
743
|
-
# should be called first, before you instantiate anything like an
|
744
|
-
# `Installer` that'll keep a reference to the old one instead.
|
745
|
-
def auto_install
|
746
|
-
return unless Bundler.settings[:auto_install]
|
747
|
-
|
748
|
-
begin
|
749
|
-
Bundler.definition.specs
|
750
|
-
rescue GemNotFound, GitError
|
751
|
-
Bundler.ui.info "Automatically installing missing gems."
|
752
|
-
Bundler.reset!
|
753
|
-
invoke :install, []
|
754
|
-
Bundler.reset!
|
755
|
-
end
|
756
|
-
end
|
757
|
-
|
758
741
|
def current_command
|
759
742
|
_, _, config = @_initializer
|
760
743
|
config[:current_command]
|
@@ -92,11 +92,12 @@ module Bundler
|
|
92
92
|
@platforms = @locked_platforms.dup
|
93
93
|
@locked_bundler_version = @locked_gems.bundler_version
|
94
94
|
@locked_ruby_version = @locked_gems.ruby_version
|
95
|
+
@originally_locked_deps = @locked_gems.dependencies
|
95
96
|
@originally_locked_specs = SpecSet.new(@locked_gems.specs)
|
96
97
|
@locked_checksums = @locked_gems.checksums
|
97
98
|
|
98
99
|
if unlock != true
|
99
|
-
@locked_deps = @
|
100
|
+
@locked_deps = @originally_locked_deps
|
100
101
|
@locked_specs = @originally_locked_specs
|
101
102
|
@locked_sources = @locked_gems.sources
|
102
103
|
else
|
@@ -111,6 +112,7 @@ module Bundler
|
|
111
112
|
@locked_gems = nil
|
112
113
|
@locked_deps = {}
|
113
114
|
@locked_specs = SpecSet.new([])
|
115
|
+
@originally_locked_deps = {}
|
114
116
|
@originally_locked_specs = @locked_specs
|
115
117
|
@locked_sources = []
|
116
118
|
@locked_platforms = []
|
@@ -130,7 +132,7 @@ module Bundler
|
|
130
132
|
@sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
|
131
133
|
end
|
132
134
|
|
133
|
-
@unlock
|
135
|
+
@sources_to_unlock = @unlock.delete(:sources) || []
|
134
136
|
@unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
|
135
137
|
@ruby_version.diff(locked_ruby_version_object)
|
136
138
|
end
|
@@ -142,11 +144,13 @@ module Bundler
|
|
142
144
|
@path_changes = converge_paths
|
143
145
|
@source_changes = converge_sources
|
144
146
|
|
147
|
+
@explicit_unlocks = @unlock.delete(:gems) || []
|
148
|
+
|
145
149
|
if @unlock[:conservative]
|
146
|
-
@
|
150
|
+
@gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
|
147
151
|
else
|
148
|
-
eager_unlock =
|
149
|
-
@
|
152
|
+
eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
|
153
|
+
@gems_to_unlock = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq
|
150
154
|
end
|
151
155
|
|
152
156
|
@dependency_changes = converge_dependencies
|
@@ -225,7 +229,6 @@ module Bundler
|
|
225
229
|
@resolver = nil
|
226
230
|
@resolution_packages = nil
|
227
231
|
@specs = nil
|
228
|
-
@gem_version_promoter = nil
|
229
232
|
|
230
233
|
Bundler.ui.debug "The definition is missing dependencies, failed to resolve & materialize locally (#{e})"
|
231
234
|
true
|
@@ -566,8 +569,10 @@ module Bundler
|
|
566
569
|
@resolution_packages ||= begin
|
567
570
|
last_resolve = converge_locked_specs
|
568
571
|
remove_invalid_platforms!(current_dependencies)
|
569
|
-
packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @
|
570
|
-
|
572
|
+
packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?)
|
573
|
+
packages = additional_base_requirements_to_prevent_downgrades(packages, last_resolve)
|
574
|
+
packages = additional_base_requirements_to_force_updates(packages)
|
575
|
+
packages
|
571
576
|
end
|
572
577
|
end
|
573
578
|
|
@@ -671,14 +676,18 @@ module Bundler
|
|
671
676
|
|
672
677
|
def change_reason
|
673
678
|
if unlocking?
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
|
678
|
-
|
679
|
-
|
680
|
-
|
681
|
-
|
679
|
+
unlock_targets = if @gems_to_unlock.any?
|
680
|
+
["gems", @gems_to_unlock]
|
681
|
+
elsif @sources_to_unlock.any?
|
682
|
+
["sources", @sources_to_unlock]
|
683
|
+
end
|
684
|
+
|
685
|
+
unlock_reason = if unlock_targets
|
686
|
+
"#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
|
687
|
+
else
|
688
|
+
@unlock[:ruby] ? "ruby" : ""
|
689
|
+
end
|
690
|
+
|
682
691
|
return "bundler is unlocking #{unlock_reason}"
|
683
692
|
end
|
684
693
|
[
|
@@ -733,7 +742,7 @@ module Bundler
|
|
733
742
|
spec = @dependencies.find {|s| s.name == k }
|
734
743
|
source = spec&.source
|
735
744
|
if source&.respond_to?(:local_override!)
|
736
|
-
source.unlock! if @
|
745
|
+
source.unlock! if @gems_to_unlock.include?(spec.name)
|
737
746
|
locals << [source, source.local_override!(v)]
|
738
747
|
end
|
739
748
|
end
|
@@ -741,7 +750,7 @@ module Bundler
|
|
741
750
|
sources_with_changes = locals.select do |source, changed|
|
742
751
|
changed || specs_changed?(source)
|
743
752
|
end.map(&:first)
|
744
|
-
!sources_with_changes.each {|source| @
|
753
|
+
!sources_with_changes.each {|source| @sources_to_unlock << source.name }.empty?
|
745
754
|
end
|
746
755
|
|
747
756
|
def check_lockfile
|
@@ -818,7 +827,7 @@ module Bundler
|
|
818
827
|
# gem), unlock it. For git sources, this means to unlock the revision, which
|
819
828
|
# will cause the `ref` used to be the most recent for the branch (or master) if
|
820
829
|
# an explicit `ref` is not used.
|
821
|
-
if source.respond_to?(:unlock!) && @
|
830
|
+
if source.respond_to?(:unlock!) && @sources_to_unlock.include?(source.name)
|
822
831
|
source.unlock!
|
823
832
|
changes = true
|
824
833
|
end
|
@@ -835,9 +844,7 @@ module Bundler
|
|
835
844
|
dep.source = sources.get(dep.source)
|
836
845
|
end
|
837
846
|
|
838
|
-
|
839
|
-
|
840
|
-
unless locked_dep = @locked_deps[dep.name]
|
847
|
+
unless locked_dep = @originally_locked_deps[dep.name]
|
841
848
|
changes = true
|
842
849
|
next
|
843
850
|
end
|
@@ -864,7 +871,7 @@ module Bundler
|
|
864
871
|
def converge_locked_specs
|
865
872
|
converged = converge_specs(@locked_specs)
|
866
873
|
|
867
|
-
resolve = SpecSet.new(converged.reject {|s| @
|
874
|
+
resolve = SpecSet.new(converged.reject {|s| @gems_to_unlock.include?(s.name) })
|
868
875
|
|
869
876
|
diff = nil
|
870
877
|
|
@@ -897,7 +904,7 @@ module Bundler
|
|
897
904
|
|
898
905
|
@specs_that_changed_sources << s if gemfile_source != lockfile_source
|
899
906
|
deps << dep if !dep.source || lockfile_source.include?(dep.source)
|
900
|
-
@
|
907
|
+
@gems_to_unlock << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
|
901
908
|
|
902
909
|
# Replace the locked dependency's source with the equivalent source from the Gemfile
|
903
910
|
s.source = gemfile_source
|
@@ -906,7 +913,7 @@ module Bundler
|
|
906
913
|
s.source = default_source unless sources.get(lockfile_source)
|
907
914
|
end
|
908
915
|
|
909
|
-
next if @
|
916
|
+
next if @sources_to_unlock.include?(s.source.name)
|
910
917
|
|
911
918
|
# Path sources have special logic
|
912
919
|
if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
|
@@ -928,12 +935,12 @@ module Bundler
|
|
928
935
|
else
|
929
936
|
# If the spec is no longer in the path source, unlock it. This
|
930
937
|
# commonly happens if the version changed in the gemspec
|
931
|
-
@
|
938
|
+
@gems_to_unlock << name
|
932
939
|
end
|
933
940
|
end
|
934
941
|
|
935
942
|
if dep.nil? && requested_dependencies.find {|d| name == d.name }
|
936
|
-
@
|
943
|
+
@gems_to_unlock << s.name
|
937
944
|
else
|
938
945
|
converged << s
|
939
946
|
end
|
@@ -1010,7 +1017,7 @@ module Bundler
|
|
1010
1017
|
current == proposed
|
1011
1018
|
end
|
1012
1019
|
|
1013
|
-
def
|
1020
|
+
def additional_base_requirements_to_prevent_downgrades(resolution_packages, last_resolve)
|
1014
1021
|
return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
|
1015
1022
|
converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
|
1016
1023
|
next if locked_spec.source.is_a?(Source::Path)
|
@@ -1019,6 +1026,28 @@ module Bundler
|
|
1019
1026
|
resolution_packages
|
1020
1027
|
end
|
1021
1028
|
|
1029
|
+
def additional_base_requirements_to_force_updates(resolution_packages)
|
1030
|
+
return resolution_packages if @explicit_unlocks.empty?
|
1031
|
+
full_update = dup_for_full_unlock.resolve
|
1032
|
+
@explicit_unlocks.each do |name|
|
1033
|
+
version = full_update[name].first&.version
|
1034
|
+
resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
|
1035
|
+
end
|
1036
|
+
resolution_packages
|
1037
|
+
end
|
1038
|
+
|
1039
|
+
def dup_for_full_unlock
|
1040
|
+
unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
|
1041
|
+
unlocked_definition.resolution_mode = { "local" => !@remote }
|
1042
|
+
unlocked_definition.setup_sources_for_resolve
|
1043
|
+
unlocked_definition.gem_version_promoter.tap do |gvp|
|
1044
|
+
gvp.level = gem_version_promoter.level
|
1045
|
+
gvp.strict = gem_version_promoter.strict
|
1046
|
+
gvp.pre = gem_version_promoter.pre
|
1047
|
+
end
|
1048
|
+
unlocked_definition
|
1049
|
+
end
|
1050
|
+
|
1022
1051
|
def remove_invalid_platforms!(dependencies)
|
1023
1052
|
return if Bundler.frozen_bundle?
|
1024
1053
|
|
@@ -7,7 +7,7 @@ require_relative "rubygems_ext"
|
|
7
7
|
module Bundler
|
8
8
|
class Dependency < Gem::Dependency
|
9
9
|
attr_reader :autorequire
|
10
|
-
attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
|
10
|
+
attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref, :glob
|
11
11
|
|
12
12
|
ALL_RUBY_VERSIONS = (18..27).to_a.concat((30..34).to_a).freeze
|
13
13
|
PLATFORM_MAP = {
|
@@ -39,6 +39,7 @@ module Bundler
|
|
39
39
|
@github = options["github"]
|
40
40
|
@branch = options["branch"]
|
41
41
|
@ref = options["ref"]
|
42
|
+
@glob = options["glob"]
|
42
43
|
@platforms = Array(options["platforms"])
|
43
44
|
@env = options["env"]
|
44
45
|
@should_include = options.fetch("should_include", true)
|
@@ -19,14 +19,7 @@ module Bundler
|
|
19
19
|
BUNDLER_PREFIX = "BUNDLER_ORIG_"
|
20
20
|
|
21
21
|
def self.from_env
|
22
|
-
new(
|
23
|
-
end
|
24
|
-
|
25
|
-
def self.env_to_hash(env)
|
26
|
-
to_hash = env.to_hash
|
27
|
-
return to_hash unless Gem.win_platform?
|
28
|
-
|
29
|
-
to_hash.each_with_object({}) {|(k,v), a| a[k.upcase] = v }
|
22
|
+
new(ENV.to_hash, BUNDLER_KEYS)
|
30
23
|
end
|
31
24
|
|
32
25
|
# @param env [Hash]
|
@@ -39,18 +32,7 @@ module Bundler
|
|
39
32
|
|
40
33
|
# Replaces `ENV` with the bundler environment variables backed up
|
41
34
|
def replace_with_backup
|
42
|
-
|
43
|
-
ENV.replace(backup)
|
44
|
-
return
|
45
|
-
end
|
46
|
-
|
47
|
-
# Fallback logic for Windows below to workaround
|
48
|
-
# https://bugs.ruby-lang.org/issues/16798. Can be dropped once all
|
49
|
-
# supported rubies include the fix for that.
|
50
|
-
|
51
|
-
ENV.clear
|
52
|
-
|
53
|
-
backup.each {|k, v| ENV[k] = v }
|
35
|
+
ENV.replace(backup)
|
54
36
|
end
|
55
37
|
|
56
38
|
# @return [Hash]
|
@@ -120,9 +120,10 @@ module Bundler
|
|
120
120
|
github = ", :github => \"#{d.github}\"" unless d.github.nil?
|
121
121
|
branch = ", :branch => \"#{d.branch}\"" unless d.branch.nil?
|
122
122
|
ref = ", :ref => \"#{d.ref}\"" unless d.ref.nil?
|
123
|
+
glob = ", :glob => \"#{d.glob}\"" unless d.glob.nil?
|
123
124
|
require_path = ", :require => #{convert_autorequire(d.autorequire)}" unless d.autorequire.nil?
|
124
125
|
|
125
|
-
%(gem #{name}#{requirement}#{group}#{source}#{path}#{git}#{github}#{branch}#{ref}#{require_path})
|
126
|
+
%(gem #{name}#{requirement}#{group}#{source}#{path}#{git}#{github}#{branch}#{ref}#{glob}#{require_path})
|
126
127
|
end.join("\n")
|
127
128
|
end
|
128
129
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-BINSTUBS" "1" "
|
3
|
+
.TH "BUNDLE\-BINSTUBS" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-CACHE" "1" "
|
3
|
+
.TH "BUNDLE\-CACHE" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-CHECK" "1" "
|
3
|
+
.TH "BUNDLE\-CHECK" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
|
6
6
|
.SH "SYNOPSIS"
|
@@ -9,6 +9,8 @@
|
|
9
9
|
\fBcheck\fR searches the local machine for each of the gems requested in the Gemfile\. If all gems are found, Bundler prints a success message and exits with a status of 0\.
|
10
10
|
.P
|
11
11
|
If not, the first missing gem is listed and Bundler exits status 1\.
|
12
|
+
.P
|
13
|
+
If the lockfile needs to be updated then it will be resolved using the gems installed on the local machine, if they satisfy the requirements\.
|
12
14
|
.SH "OPTIONS"
|
13
15
|
.TP
|
14
16
|
\fB\-\-dry\-run\fR
|
@@ -15,6 +15,9 @@ a status of 0.
|
|
15
15
|
|
16
16
|
If not, the first missing gem is listed and Bundler exits status 1.
|
17
17
|
|
18
|
+
If the lockfile needs to be updated then it will be resolved using the gems
|
19
|
+
installed on the local machine, if they satisfy the requirements.
|
20
|
+
|
18
21
|
## OPTIONS
|
19
22
|
|
20
23
|
* `--dry-run`:
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-CLEAN" "1" "
|
3
|
+
.TH "BUNDLE\-CLEAN" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
|
6
6
|
.SH "SYNOPSIS"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-CONFIG" "1" "
|
3
|
+
.TH "BUNDLE\-CONFIG" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-config\fR \- Set bundler configuration options
|
6
6
|
.SH "SYNOPSIS"
|
@@ -95,8 +95,6 @@ Any periods in the configuration keys must be replaced with two underscores when
|
|
95
95
|
.SH "LIST OF AVAILABLE KEYS"
|
96
96
|
The following is a list of all configuration keys and their purpose\. You can learn more about their operation in bundle install(1) \fIbundle\-install\.1\.html\fR\.
|
97
97
|
.IP "\(bu" 4
|
98
|
-
\fBallow_deployment_source_credential_changes\fR (\fBBUNDLE_ALLOW_DEPLOYMENT_SOURCE_CREDENTIAL_CHANGES\fR): When in deployment mode, allow changing the credentials to a gem's source\. Ex: \fBhttps://some\.host\.com/gems/path/\fR \-> \fBhttps://user_name:password@some\.host\.com/gems/path\fR
|
99
|
-
.IP "\(bu" 4
|
100
98
|
\fBallow_offline_install\fR (\fBBUNDLE_ALLOW_OFFLINE_INSTALL\fR): Allow Bundler to use cached data when installing without network access\.
|
101
99
|
.IP "\(bu" 4
|
102
100
|
\fBauto_clean_without_path\fR (\fBBUNDLE_AUTO_CLEAN_WITHOUT_PATH\fR): Automatically run \fBbundle clean\fR after installing when an explicit \fBpath\fR has not been set and Bundler is not installing into the system gems\.
|
@@ -137,9 +137,6 @@ the environment variable `BUNDLE_LOCAL__RACK`.
|
|
137
137
|
The following is a list of all configuration keys and their purpose. You can
|
138
138
|
learn more about their operation in [bundle install(1)](bundle-install.1.html).
|
139
139
|
|
140
|
-
* `allow_deployment_source_credential_changes` (`BUNDLE_ALLOW_DEPLOYMENT_SOURCE_CREDENTIAL_CHANGES`):
|
141
|
-
When in deployment mode, allow changing the credentials to a gem's source.
|
142
|
-
Ex: `https://some.host.com/gems/path/` -> `https://user_name:password@some.host.com/gems/path`
|
143
140
|
* `allow_offline_install` (`BUNDLE_ALLOW_OFFLINE_INSTALL`):
|
144
141
|
Allow Bundler to use cached data when installing without network access.
|
145
142
|
* `auto_clean_without_path` (`BUNDLE_AUTO_CLEAN_WITHOUT_PATH`):
|
@@ -1,6 +1,6 @@
|
|
1
1
|
.\" generated with nRonn/v0.11.1
|
2
2
|
.\" https://github.com/n-ronn/nronn/tree/0.11.1
|
3
|
-
.TH "BUNDLE\-CONSOLE" "1" "
|
3
|
+
.TH "BUNDLE\-CONSOLE" "1" "April 2024" ""
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-console\fR \- Deprecated way to open an IRB session with the bundle pre\-loaded
|
6
6
|
.SH "SYNOPSIS"
|