rubygems-update 3.6.7 → 3.6.9

data/bundler/lib/bundler/cli/doctor.rb

@@ -1,161 +1,33 @@
 # frozen_string_literal: true
 
-require "rbconfig"
-require "shellwords"
-
 module Bundler
-  class CLI::Doctor
-    DARWIN_REGEX = /\s+(.+) \(compatibility /
-    LDD_REGEX = /\t\S+ => (\S+) \(\S+\)/
-
-    attr_reader :options
-
-    def initialize(options)
-      @options = options
-    end
-
-    def otool_available?
-      Bundler.which("otool")
-    end
-
-    def ldd_available?
-      Bundler.which("ldd")
-    end
-
-    def dylibs_darwin(path)
-      output = `/usr/bin/otool -L #{path.shellescape}`.chomp
-      dylibs = output.split("\n")[1..-1].map {|l| l.match(DARWIN_REGEX).captures[0] }.uniq
-      # ignore @rpath and friends
-      dylibs.reject {|dylib| dylib.start_with? "@" }
-    end
-
-    def dylibs_ldd(path)
-      output = `/usr/bin/ldd #{path.shellescape}`.chomp
-      output.split("\n").filter_map do |l|
-        match = l.match(LDD_REGEX)
-        next if match.nil?
-        match.captures[0]
-      end
-    end
-
-    def dylibs(path)
-      case RbConfig::CONFIG["host_os"]
-      when /darwin/
-        return [] unless otool_available?
-        dylibs_darwin(path)
-      when /(linux|solaris|bsd)/
-        return [] unless ldd_available?
-        dylibs_ldd(path)
-      else # Windows, etc.
-        Bundler.ui.warn("Dynamic library check not supported on this platform.")
-        []
-      end
-    end
-
-    def bundles_for_gem(spec)
-      Dir.glob("#{spec.full_gem_path}/**/*.bundle")
-    end
-
-    def lookup_with_fiddle(path)
-      require "fiddle"
-      Fiddle.dlopen(path)
-      false
-    rescue Fiddle::DLError
-      true
-    end
-
-    def check!
-      require_relative "check"
-      Bundler::CLI::Check.new({}).run
-    end
-
-    def run
-      Bundler.ui.level = "warn" if options[:quiet]
-      Bundler.settings.validate!
-      check!
-
-      definition = Bundler.definition
-      broken_links = {}
-
-      definition.specs.each do |spec|
-        bundles_for_gem(spec).each do |bundle|
-          bad_paths = dylibs(bundle).select do |f|
-            lookup_with_fiddle(f)
-          end
-          if bad_paths.any?
-            broken_links[spec] ||= []
-            broken_links[spec].concat(bad_paths)
-          end
-        end
-      end
-
-      permissions_valid = check_home_permissions
-
-      if broken_links.any?
-        message = "The following gems are missing OS dependencies:"
-        broken_links.flat_map do |spec, paths|
-          paths.uniq.map do |path|
-            "\n * #{spec.name}: #{path}"
-          end
-        end.sort.each {|m| message += m }
-        raise ProductionError, message
-      elsif permissions_valid
-        Bundler.ui.info "No issues found with the installed bundle"
-      end
-    end
-
-    private
-
-    def check_home_permissions
-      require "find"
-      files_not_readable = []
-      files_not_readable_and_owned_by_different_user = []
-      files_not_owned_by_current_user_but_still_readable = []
-      broken_symlinks = []
-      Find.find(Bundler.bundle_path.to_s).each do |f|
-        if !File.exist?(f)
-          broken_symlinks << f
-        elsif !File.readable?(f)
-          if File.stat(f).uid != Process.uid
-            files_not_readable_and_owned_by_different_user << f
-          else
-            files_not_readable << f
-          end
-        elsif File.stat(f).uid != Process.uid
-          files_not_owned_by_current_user_but_still_readable << f
-        end
-      end
-
-      ok = true
-
-      if broken_symlinks.any?
-        Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
-
-        ok = false
-      end
-
-      if files_not_owned_by_current_user_but_still_readable.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, but are still readable. These files are:\n - #{files_not_owned_by_current_user_but_still_readable.join("\n - ")}"
-
-        ok = false
-      end
-
-      if files_not_readable_and_owned_by_different_user.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, and are not readable. These files are:\n - #{files_not_readable_and_owned_by_different_user.join("\n - ")}"
-
-        ok = false
-      end
-
-      if files_not_readable.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are not " \
-          "readable by the current user. These files are:\n - #{files_not_readable.join("\n - ")}"
-
-        ok = false
-      end
-
-      ok
+  class CLI::Doctor < Thor
+    default_command(:diagnose)
+
+    desc "diagnose [OPTIONS]", "Checks the bundle for common problems"
+    long_desc <<-D
+      Doctor scans the OS dependencies of each of the gems requested in the Gemfile. If
+      missing dependencies are detected, Bundler prints them and exits status 1.
+      Otherwise, Bundler prints a success message and exits with a status of 0.
+    D
+    method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
+    method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
+    method_option "ssl", type: :boolean, default: false, banner: "Diagnose SSL problems."
+    def diagnose
+      require_relative "doctor/diagnose"
+      Diagnose.new(options).run
+    end
+
+    desc "ssl [OPTIONS]", "Diagnose SSL problems"
+    long_desc <<-D
+      Diagnose SSL problems, especially related to certificates or TLS version while connecting to https://rubygems.org.
+    D
+    method_option "host", type: :string, banner: "The host to diagnose."
+    method_option "tls-version", type: :string, banner: "Specify the SSL/TLS version when running the diagnostic. Accepts either <1.1> or <1.2>"
+    method_option "verify-mode", type: :string, banner: "Specify the mode used for certification verification. Accepts either <peer> or <none>"
+    def ssl
+      require_relative "doctor/ssl"
+      SSL.new(options).run
     end
   end
 end

data/bundler/lib/bundler/cli/issue.rb

@@ -34,8 +34,8 @@ module Bundler
     end
 
     def doctor
-      require_relative "doctor"
-      Bundler::CLI::Doctor.new({}).run
+      require_relative "doctor/diagnose"
+      Bundler::CLI::Doctor::Diagnose.new({}).run
     end
   end
 end

data/bundler/lib/bundler/cli.rb

@@ -610,17 +610,8 @@ module Bundler
     end
 
     desc "doctor [OPTIONS]", "Checks the bundle for common problems"
-    long_desc <<-D
-      Doctor scans the OS dependencies of each of the gems requested in the Gemfile. If
-      missing dependencies are detected, Bundler prints them and exits status 1.
-      Otherwise, Bundler prints a success message and exits with a status of 0.
-    D
-    method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
-    method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
-    def doctor
-      require_relative "cli/doctor"
-      Doctor.new(options).run
-    end
+    require_relative "cli/doctor"
+    subcommand("doctor", Doctor)
 
     desc "issue", "Learn how to report an issue in Bundler"
     def issue

data/bundler/lib/bundler/definition.rb

@@ -257,7 +257,7 @@ module Bundler
     rescue BundlerError => e
       @resolve = nil
       @resolver = nil
-      @resolution_packages = nil
+      @resolution_base = nil
       @source_requirements = nil
       @specs = nil
 
@@ -337,11 +337,7 @@ module Bundler
           end
         end
       else
-        if lockfile_exists?
-          Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
-        else
-          Bundler.ui.debug "Resolving dependencies because there's no lockfile"
-        end
+        Bundler.ui.debug resolve_needed_reason
 
         start_resolution
       end
@@ -465,7 +461,7 @@ module Bundler
     end
 
     def normalize_platforms
-      @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
+      resolve.normalize_platforms!(current_dependencies, platforms)
 
       @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
     end
@@ -537,9 +533,7 @@ module Bundler
 
       return unless added.any? || deleted.any? || changed.any? || resolve_needed?
 
-      reason = resolve_needed? ? change_reason : "some dependencies were deleted from your gemfile"
-
-      msg = String.new("#{reason.capitalize.strip}, but ")
+      msg = String.new("#{change_reason.capitalize.strip}, but ")
       msg << "the lockfile " unless msg.start_with?("Your lockfile")
       msg << "can't be updated because #{update_refused_reason}"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
@@ -620,7 +614,7 @@ module Bundler
     end
 
     def resolver
-      @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
     end
 
     def expanded_dependencies
@@ -634,15 +628,15 @@ module Bundler
       [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
 
-    def resolution_packages
-      @resolution_packages ||= begin
+    def resolution_base
+      @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
         new_resolution_platforms = @current_platform_missing ? @new_platforms + [local_platform] : @new_platforms
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
-        packages = additional_base_requirements_to_prevent_downgrades(packages)
-        packages = additional_base_requirements_to_force_updates(packages)
-        packages
+        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = additional_base_requirements_to_prevent_downgrades(base)
+        base = additional_base_requirements_to_force_updates(base)
+        base
       end
     end
 
@@ -717,8 +711,7 @@ module Bundler
         still_incomplete_specs = resolve.incomplete_specs
 
         if still_incomplete_specs == incomplete_specs
-          package = resolution_packages.get_package(incomplete_specs.first.name)
-          resolver.raise_not_found! package
+          resolver.raise_incomplete! incomplete_specs
         end
 
         incomplete_specs = still_incomplete_specs
@@ -740,7 +733,7 @@ module Bundler
     end
 
     def reresolve_without(incomplete_specs)
-      resolution_packages.delete(incomplete_specs)
+      resolution_base.delete(incomplete_specs)
       @resolve = start_resolution
     end
 
@@ -753,8 +746,16 @@ module Bundler
 
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
 
+      @new_platforms.each do |platform|
+        incomplete_specs = result.incomplete_specs_for_platform(current_dependencies, platform)
+
+        if incomplete_specs.any?
+          resolver.raise_incomplete! incomplete_specs
+        end
+      end
+
       if @most_specific_non_local_locked_platform
-        if spec_set_incomplete_for_platform?(result, @most_specific_non_local_locked_platform)
+        if result.incomplete_for_platform?(current_dependencies, @most_specific_non_local_locked_platform)
           @platforms.delete(@most_specific_non_local_locked_platform)
         elsif local_platform_needed_for_resolvability
           @platforms.delete(local_platform)
@@ -796,22 +797,47 @@ module Bundler
       @most_specific_locked_platform
     end
 
-    def change_reason
-      if unlocking?
-        unlock_targets = if @gems_to_unlock.any?
-          ["gems", @gems_to_unlock]
-        elsif @sources_to_unlock.any?
-          ["sources", @sources_to_unlock]
+    def resolve_needed_reason
+      if lockfile_exists?
+        if unlocking?
+          "Re-resolving dependencies because #{unlocking_reason}"
+        else
+          "Found changes from the lockfile, re-resolving dependencies because #{lockfile_changed_reason}"
         end
+      else
+        "Resolving dependencies because there's no lockfile"
+      end
+    end
 
-        unlock_reason = if unlock_targets
-          "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+    def change_reason
+      if resolve_needed?
+        if unlocking?
+          unlocking_reason
         else
-          @unlocking_ruby ? "ruby" : ""
+          lockfile_changed_reason
         end
+      else
+        "some dependencies were deleted from your gemfile"
+      end
+    end
 
-        return "bundler is unlocking #{unlock_reason}"
+    def unlocking_reason
+      unlock_targets = if @gems_to_unlock.any?
+        ["gems", @gems_to_unlock]
+      elsif @sources_to_unlock.any?
+        ["sources", @sources_to_unlock]
       end
+
+      unlock_reason = if unlock_targets
+        "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+      else
+        @unlocking_ruby ? "ruby" : ""
+      end
+
+      "bundler is unlocking #{unlock_reason}"
+    end
+
+    def lockfile_changed_reason
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
@@ -1105,27 +1131,27 @@ module Bundler
       current == proposed
     end
 
-    def additional_base_requirements_to_prevent_downgrades(resolution_packages)
-      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+    def additional_base_requirements_to_prevent_downgrades(resolution_base)
+      return resolution_base unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
       @originally_locked_specs.each do |locked_spec|
         next if locked_spec.source.is_a?(Source::Path)
 
         name = locked_spec.name
         next if @changed_dependencies.include?(name)
 
-        resolution_packages.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
+        resolution_base.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
-      resolution_packages
+      resolution_base
     end
 
-    def additional_base_requirements_to_force_updates(resolution_packages)
-      return resolution_packages if @explicit_unlocks.empty?
+    def additional_base_requirements_to_force_updates(resolution_base)
+      return resolution_base if @explicit_unlocks.empty?
       full_update = dup_for_full_unlock.resolve
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
+        resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
-      resolution_packages
+      resolution_base
     end
 
     def dup_for_full_unlock
@@ -1142,25 +1168,16 @@ module Bundler
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
 
-      @originally_invalid_platforms = platforms.select do |platform|
-        next if local_platform == platform ||
-                @new_platforms.include?(platform)
-
-        # We should probably avoid removing non-ruby platforms, since that means
-        # lockfile will no longer install on those platforms, so a error to give
-        # heads up to the user may be better. However, we have tests expecting
-        # non ruby platform autoremoval to work, so leaving that in place for
-        # now.
-        next if @dependency_changes && platform != Gem::Platform::RUBY
+      skips = (@new_platforms + [local_platform]).uniq
 
-        spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
-      end
-
-      @platforms -= @originally_invalid_platforms
-    end
+      # We should probably avoid removing non-ruby platforms, since that means
+      # lockfile will no longer install on those platforms, so a error to give
+      # heads up to the user may be better. However, we have tests expecting
+      # non ruby platform autoremoval to work, so leaving that in place for
+      # now.
+      skips |= platforms - [Gem::Platform::RUBY] if @dependency_changes
 
-    def spec_set_incomplete_for_platform?(spec_set, platform)
-      spec_set.incomplete_for_platform?(current_dependencies, platform)
+      @originally_invalid_platforms = @originally_locked_specs.remove_invalid_platforms!(current_dependencies, platforms, skips: skips)
     end
 
     def source_map

data/bundler/lib/bundler/friendly_errors.rb

@@ -80,7 +80,7 @@ module Bundler
         First, try this link to see if there are any existing issue reports for this error:
         #{issues_url(e)}
 
-        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}, and copy and paste the report template above in there.
+        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}. Make sure to copy and paste the full output of this command under the "What happened instead?" section.
       EOS
     end
 

data/bundler/lib/bundler/installer.rb

@@ -212,7 +212,7 @@ module Bundler
     def load_plugins
       Gem.load_plugins
 
-      requested_path_gems = @definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
+      requested_path_gems = @definition.specs.select {|s| s.source.is_a?(Source::Path) }
       path_plugin_files = requested_path_gems.flat_map do |spec|
         spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
       rescue TypeError

data/bundler/lib/bundler/lazy_specification.rb

@@ -213,22 +213,31 @@ module Bundler
       end
       if search.nil? && fallback_to_non_installable
         search = candidates.last
-      elsif search && search.full_name == full_name
-        # We don't validate locally installed dependencies but accept what's in
-        # the lockfile instead for performance, since loading locally installed
-        # dependencies would mean evaluating all gemspecs, which would affect
-        # `bundler/setup` performance
-        if search.is_a?(StubSpecification)
-          search.dependencies = dependencies
-        else
-          if !source.is_a?(Source::Path) && search.runtime_dependencies.sort != dependencies.sort
-            raise IncorrectLockfileDependencies.new(self)
-          end
+      end
 
-          search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
-        end
+      if search
+        validate_dependencies(search) if search.platform == platform
+
+        search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
       end
       search
     end
+
+    # Validate dependencies of this locked spec are consistent with dependencies
+    # of the actual spec that was materialized.
+    #
+    # Note that we don't validate dependencies of locally installed gems but
+    # accept what's in the lockfile instead for performance, since loading
+    # dependencies of locally installed gems would mean evaluating all gemspecs,
+    # which would affect `bundler/setup` performance.
+    def validate_dependencies(spec)
+      if spec.is_a?(StubSpecification)
+        spec.dependencies = dependencies
+      else
+        if !source.is_a?(Source::Path) && spec.runtime_dependencies.sort != dependencies.sort
+          raise IncorrectLockfileDependencies.new(self)
+        end
+      end
+    end
   end
 end

data/bundler/lib/bundler/resolver.rb

@@ -312,6 +312,16 @@ module Bundler
       "Gemfile"
     end
 
+    def raise_incomplete!(incomplete_specs)
+      raise_not_found!(@base.get_package(incomplete_specs.first.name))
+    end
+
+    def sort_versions_by_preferred(package, versions)
+      @gem_version_promoter.sort_versions(package, versions)
+    end
+
+    private
+
     def raise_not_found!(package)
       name = package.name
       source = source_for(name)
@@ -348,12 +358,6 @@ module Bundler
       raise GemNotFound, message
     end
 
-    def sort_versions_by_preferred(package, versions)
-      @gem_version_promoter.sort_versions(package, versions)
-    end
-
-    private
-
     def filtered_versions_for(package)
       @gem_version_promoter.filter_versions(package, @all_versions[package])
     end

data/bundler/lib/bundler/spec_set.rb

@@ -29,9 +29,10 @@ module Bundler
     end
 
     def normalize_platforms!(deps, platforms)
-      complete_platforms = add_extra_platforms!(platforms)
+      remove_invalid_platforms!(deps, platforms)
+      add_extra_platforms!(platforms)
 
-      complete_platforms.map do |platform|
+      platforms.map! do |platform|
         next platform if platform == Gem::Platform::RUBY
 
         begin
@@ -44,7 +45,7 @@ module Bundler
         next platform if incomplete_for_platform?(deps, less_specific_platform)
 
         less_specific_platform
-      end.uniq
+      end.uniq!
     end
 
     def add_originally_invalid_platforms!(platforms, originally_invalid_platforms)
@@ -53,6 +54,20 @@ module Bundler
       end
     end
 
+    def remove_invalid_platforms!(deps, platforms, skips: [])
+      invalid_platforms = []
+
+      platforms.reject! do |platform|
+        next false if skips.include?(platform)
+
+        invalid = incomplete_for_platform?(deps, platform)
+        invalid_platforms << platform if invalid
+        invalid
+      end
+
+      invalid_platforms
+    end
+
     def add_extra_platforms!(platforms)
       if @specs.empty?
         platforms.concat([Gem::Platform::RUBY]).uniq
@@ -68,6 +83,7 @@ module Bundler
       return if new_platforms.empty?
 
       platforms.concat(new_platforms)
+      return if new_platforms.include?(Bundler.local_platform)
 
       less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform && platform === Bundler.local_platform }
       platforms.delete(Bundler.local_platform) if less_specific_platform
@@ -129,12 +145,15 @@ module Bundler
     end
 
     def incomplete_for_platform?(deps, platform)
-      return false if @specs.empty?
+      incomplete_specs_for_platform(deps, platform).any?
+    end
+
+    def incomplete_specs_for_platform(deps, platform)
+      return [] if @specs.empty?
 
       validation_set = self.class.new(@specs)
       validation_set.for(deps, [platform])
-
-      validation_set.incomplete_specs.any?
+      validation_set.incomplete_specs
     end
 
     def missing_specs_for(deps)
@@ -180,7 +199,7 @@ module Bundler
     end
 
     def version_for(name)
-      self[name].first&.version
+      exemplary_spec(name)&.version
     end
 
     def what_required(spec)
@@ -285,8 +304,13 @@ module Bundler
     end
 
     def additional_variants_from(other)
-      other.select do |spec|
-        version_for(spec.name) == spec.version && valid_dependencies?(spec)
+      other.select do |other_spec|
+        spec = exemplary_spec(other_spec.name)
+        next unless spec
+
+        selected = spec.version == other_spec.version && valid_dependencies?(other_spec)
+        other_spec.source = spec.source if selected
+        selected
       end
     end
 
@@ -363,5 +387,9 @@ module Bundler
       hash[key] ||= []
       hash[key] << value
     end
+
+    def exemplary_spec(name)
+      self[name].first
+    end
   end
 end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.6.7".freeze
+  VERSION = "2.6.9".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/doc/rubygems/CONTRIBUTING.md

@@ -70,10 +70,6 @@ And to run an individual test method named `test_default` within a test file, yo
 
 ### Running bundler tests
 
-To setup bundler tests:
-
-    bin/rake spec:parallel_deps
-
 To run the entire bundler test suite in parallel (it takes a while), run the following from the `bundler/` subfolder:
 
     bin/parallel_rspec