rubygems-update 4.0.0.beta1 → 4.0.0

data/bundler/lib/bundler/man/bundle-install.1.ronn

@@ -8,7 +8,9 @@ bundle-install(1) -- Install the dependencies specified in your Gemfile
                  [--gemfile=GEMFILE]
                  [--jobs=NUMBER]
                  [--local]
+                 [--lockfile=LOCKFILE]
                  [--no-cache]
+                 [--no-lock]
                  [--prefer-local]
                  [--quiet]
                  [--retry=NUMBER]
@@ -60,6 +62,10 @@ update process below under [CONSERVATIVE UPDATING][].
   appropriate platform-specific gem exists on `rubygems.org` it will not be
   found.
 
+* `--lockfile=LOCKFILE`:
+  The location of the lockfile which Bundler should use. This defaults
+  to the Gemfile location with `.lock` appended.
+
 * `--prefer-local`:
   Force using locally installed gems, or gems already present in Rubygems' cache
   or in `vendor/cache`, when resolving, even if newer versions are available
@@ -71,6 +77,15 @@ update process below under [CONSERVATIVE UPDATING][].
   does not remove any gems in the cache but keeps the newly bundled gems from
   being cached during the install.
 
+* `--no-lock`:
+  Do not create a lockfile. Useful if you want to install dependencies but not
+  lock versions of gems. Recommended for library development, and other
+  situations where the code is expected to work with a range of dependency
+  versions.
+
+  This has the same effect as using `lockfile false` in the Gemfile.
+  See gemfile(5) for more information.
+
 * `--quiet`:
   Do not print progress information to the standard output.
 

data/bundler/lib/bundler/man/gemfile.5

@@ -469,4 +469,35 @@ For implicit gems (dependencies of explicit gems), any source, git, or path repo
 .IP "3." 4
 If neither of the above conditions are met, the global source will be used\. If multiple global sources are specified, they will be prioritized from last to first, but this is deprecated since Bundler 1\.13, so Bundler prints a warning and will abort with an error in the future\.
 .IP "" 0
+.SH "LOCKFILE"
+By default, Bundler will create a lockfile by adding \fB\.lock\fR to the end of the Gemfile name\. To change this, use the \fBlockfile\fR method:
+.IP "" 4
+.nf
+lockfile "/path/to/lockfile\.lock"
+.fi
+.IP "" 0
+.P
+This is useful when you want to use different lockfiles per ruby version or platform\.
+.P
+To avoid writing a lock file, use \fBfalse\fR as the argument:
+.IP "" 4
+.nf
+lockfile false
+.fi
+.IP "" 0
+.P
+This is useful for library development and other situations where the code is expected to work with a range of dependency versions\.
+.SS "LOCKFILE PRECEDENCE"
+When determining path to the lockfile or whether to create a lockfile, the following precedence is used:
+.IP "1." 4
+The \fBbundle install\fR \fB\-\-no\-lock\fR option (which disables lockfile creation)\.
+.IP "2." 4
+The \fBbundle install\fR \fB\-\-lockfile\fR option\.
+.IP "3." 4
+The \fBBUNDLE_LOCKFILE\fR environment variable\.
+.IP "4." 4
+The \fBlockfile\fR method in the Gemfile\.
+.IP "5." 4
+The default behavior of adding \fB\.lock\fR to the end of the Gemfile name\.
+.IP "" 0
 

data/bundler/lib/bundler/man/gemfile.5.ronn

@@ -556,3 +556,31 @@ bundler uses the following priority order:
      If multiple global sources are specified, they will be prioritized from
      last to first, but this is deprecated since Bundler 1.13, so Bundler prints
      a warning and will abort with an error in the future.
+
+## LOCKFILE
+
+By default, Bundler will create a lockfile by adding `.lock` to the end of the
+Gemfile name. To change this, use the `lockfile` method:
+
+    lockfile "/path/to/lockfile.lock"
+
+This is useful when you want to use different lockfiles per ruby version or
+platform.
+
+To avoid writing a lock file, use `false` as the argument:
+
+    lockfile false
+
+This is useful for library development and other situations where the code is
+expected to work with a range of dependency versions.
+
+### LOCKFILE PRECEDENCE
+
+When determining path to the lockfile or whether to create a lockfile, the
+following precedence is used:
+
+1. The `bundle install` `--no-lock` option (which disables lockfile creation).
+1. The `bundle install` `--lockfile` option.
+1. The `BUNDLE_LOCKFILE` environment variable.
+1. The `lockfile` method in the Gemfile.
+1. The default behavior of adding `.lock` to the end of the Gemfile name.

data/bundler/lib/bundler/runtime.rb

@@ -240,7 +240,11 @@ module Bundler
 
         cached.each do |path|
           Bundler.ui.info "  * #{File.basename(path)}"
-          File.delete(path)
+
+          begin
+            File.delete(path)
+          rescue Errno::ENOENT
+          end
         end
       end
     end

data/bundler/lib/bundler/settings.rb

@@ -65,6 +65,7 @@ module Bundler
       gem.rubocop
       gem.test
       gemfile
+      lockfile
       path
       shebang
       simulate_version

data/bundler/lib/bundler/shared_helpers.rb

@@ -23,6 +23,9 @@ module Bundler
     end
 
     def default_lockfile
+      given = ENV["BUNDLE_LOCKFILE"]
+      return Pathname.new(given) if given && !given.empty?
+
       gemfile = default_gemfile
 
       case gemfile.basename.to_s
@@ -297,6 +300,7 @@ module Bundler
     def set_bundle_variables
       Bundler::SharedHelpers.set_env "BUNDLE_BIN_PATH", bundle_bin_path
       Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", find_gemfile.to_s
+      Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", default_lockfile.to_s
       Bundler::SharedHelpers.set_env "BUNDLER_VERSION", Bundler::VERSION
       Bundler::SharedHelpers.set_env "BUNDLER_SETUP", File.expand_path("setup", __dir__)
     end

data/bundler/lib/bundler/templates/newgem/Rakefile.tt

@@ -59,6 +59,11 @@ Rake::ExtensionTask.new("<%= config[:underscored_name] %>", GEMSPEC) do |ext|
 end
 <% end -%>
 
+<% if config[:ext] == "go" -%>
+require "go_gem/rake_task"
+
+GoGem::RakeTask.new("<%= config[:underscored_name] %>")
+<% end -%>
 <% end -%>
 <% if default_task_names.size == 1 -%>
 task default: <%= default_task_names.first.inspect %>

data/bundler/lib/bundler/ui/shell.rb

@@ -17,6 +17,7 @@ module Bundler
         @level = ENV["DEBUG"] ? "debug" : "info"
         @warning_history = []
         @output_stream = :stdout
+        @thread_safe_logger_key = "logger_level_#{object_id}"
       end
 
       def add_color(string, *color)
@@ -97,11 +98,13 @@ module Bundler
       end
 
       def level(name = nil)
-        return @level unless name
+        current_level = Thread.current.thread_variable_get(@thread_safe_logger_key) || @level
+        return current_level unless name
+
         unless index = LEVELS.index(name)
           raise "#{name.inspect} is not a valid level"
         end
-        index <= LEVELS.index(@level)
+        index <= LEVELS.index(current_level)
       end
 
       def output_stream=(symbol)
@@ -167,12 +170,13 @@ module Bundler
         end * "\n"
       end
 
-      def with_level(level)
-        original = @level
-        @level = level
+      def with_level(desired_level)
+        old_level = level
+        Thread.current.thread_variable_set(@thread_safe_logger_key, desired_level)
+
         yield
       ensure
-        @level = original
+        Thread.current.thread_variable_set(@thread_safe_logger_key, old_level)
       end
 
       def with_output_stream(symbol)

data/bundler/lib/bundler/vendor/thor/lib/thor.rb

@@ -625,7 +625,7 @@ class Bundler::Thor
     # alias name.
     def find_command_possibilities(meth)
       len = meth.to_s.length
-      possibilities = all_commands.merge(map).keys.select { |n| meth == n[0, len] }.sort
+      possibilities = all_commands.reject { |_k, c| c.hidden? }.merge(map).keys.select { |n| meth == n[0, len] }.sort
       unique_possibilities = possibilities.map { |k| map[k] || k }.uniq
 
       if possibilities.include?(meth)

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.0.beta1".freeze
+  VERSION = "4.0.0".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

data/doc/UPGRADING.md

@@ -0,0 +1,28 @@
+# How to upgrade/downgrade Rubygems and Bundler:
+
+## Upgrade Recipe
+
+    $ gem update --system
+
+    $ gem install bundler
+    $ bundle update --bundler
+
+## Downgrade Recipe
+
+    $ gem update --system 3.7.2
+
+    $ gem install bundler -v 2.7.2
+    $ bundle update --bundler=2.7.2
+
+## Install a pre-release version
+
+    $ gem update --system --pre
+
+    $ gem install bundler --pre
+    $ bundle update --bundler=4.0.0.beta1
+
+## Install from source
+
+*   Download from: https://rubygems.org/pages/download
+*   Unpack into a directory and `cd` there
+*   Install with: `ruby setup.rb`

data/doc/rubygems/POLICIES.md

@@ -40,150 +40,6 @@ releases will only support Ruby 2.3 and above. As of this writing RubyGems is
 at version 2.7, so when RubyGems 2.8 is released, it will only support Ruby
 2.3 and later.
 
-## Release Process
-
-### Permissions
-
-You'll need the following environment variables set to release RubyGems &
-Bundler:
-
-* AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY: to be able to push RubyGems zip
-  files to s3 so that they appear at RubyGems [download page].
-
-* GITHUB_RELEASE_PAT: A [GitHub PAT] with repo permissions, in order to push
-  GitHub releases and to use the GitHub API for changelog generation.
-
-[download page]: https://rubygems.org/pages/download
-[GitHub PAT]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
-
-### Recommendations for security releases
-
-*   Obtain CVE numbers as needed from HackerOne or Red Hat.
-*   Agree on a release date with ruby-core, so patches can be backported to
-    older Ruby versions as needed.
-*   Avoid releasing security updates on Fridays, so platform services don't
-    have to work on weekends.
-*   Continue with the regular release process below.
-
-### Branching
-
-Bundler releases are synchronized with rubygems releases at the moment. That
-means that releases for both share the same stable branch, and they should
-generally happen together.
-
-The current conventional naming for stable branches is `x+1.y`, where `x.y` is
-the version of `bundler` that will be released. This is because `rubygems-x+1.y`
-will be released at the same time.
-
-For example, `rubygems-3.2.0` and `bundler-2.2.0` were both released from the
-`3.2` stable branch.
-
-Once a stable branch has been cut from `master`, changes for that minor release
-series are only made _intentionally_, via patch releases. That is to say,
-changes to `master` by default _won't_ make their way into the current stable
-branch, and development on `master` will be targeting the next minor
-or major release.
-
-There is a `bin/rake prepare_release[<target_rubygems_version>]` rake task
-that helps with creating a release. It takes a single argument, the _exact
-rubygems release_ being made (e.g.  `3.2.3` when releasing bundler `2.2.3`).
-This task checks out the appropriate stable branch (`3.2`, for example), grabs
-all merged but unreleased PRs from both bundler & rubygems from GitHub that are
-compatible with the target release level, and then cherry-picks those changes
-(and only those changes) to a new branch based off the stable branch. Then bumps
-the version in all version files, synchronizes both changelogs to include all
-backported changes and commits that change on top of the cherry-picks.
-
-Note that this task requires all user facing pull requests to be tagged with
-specific labels. See [Merging a PR](../bundler/playbooks/MERGING_A_PR.md) for details.
-
-Also note that when this task cherry-picks, it cherry-picks the merge commits
-using the following command:
-
-```bash
-$ git cherry-pick -m 1 MERGE_COMMIT_SHAS
-```
-
-For example, for PR [#5029](https://github.com/rubygems/bundler/pull/5029), we
-cherry picked commit [dd6aef9](https://github.com/rubygems/bundler/commit/dd6aef97a5f2e7173f406267256a8c319d6134ab),
-not [4fe9291](https://github.com/rubygems/bundler/commit/4fe92919f51e3463f0aad6fa833ab68044311f03)
-using:
-
-```bash
-$ git cherry-pick -m 1 dd6aef9
-```
-
-After running the task, you'll have a release branch ready to be merged into the
-stable branch. You'll want to open a PR from this branch into the stable branch
-and provided CI is green, you can go ahead, merge the PR and run release tasks
-as specified below from the updated stable branch.
-
-### Automatic changelog and backport generation
-
-PR labels and titles are used to automatically generate changelogs for patch and
-minor releases.
-
-When releasing, a changelog generation script goes through all PRs that have
-never made it into a release, and selects only the ones with specific labels as
-detailed in the `.changelog.yml` and `bundler/.changelog.yml` files. Those
-particular PRs get backported to the stable branch and included in the release
-changelog.
-
-If PRs don't have a proper label, they won't be backported to patch releases.
-
-If you want a PR to be backported to a patch level release, but don't want to
-include it in the changelog, you can use the special `rubygems: skip changelog`
-and `bundler: skip changelog` labels. For example, this is useful when
-backporting a PR generates conflicts that are solved by backporting another PR
-with no user visible changes. You can use these special labels to also backport
-the other PR and not get any conflicts.
-
-### Breaking changes
-
-Bundler cares a lot about preserving compatibility. As a result, changes that
-break backwards compatibility should (whenever this is possible) include a feature
-release that is backwards compatible, and issue warnings for all options and
-behaviors that will change.
-
-We only release major breaking changes when incrementing the _major_ version of
-Bundler and RubyGems. However, experience shows that almost every single part of
-Bundler and RubyGems is depended on by someone in ways hard to anticipate. So if
-we were strict about breaking changes we'd need to hold on from making progress
-a lot, or continuously increment the major version, emptying "really major"
-versions from their meaning. Because of this, we also may release "small"
-breaking changes in minor releases. "Small" here means that we expect them to
-affect only very few users in rare cases.
-
-### Steps for patch releases
-
-*   Confirm all PRs that you want backported are properly tagged with `rubygems:
-    <type>` or `bundler: <type>` labels at GitHub.
-*   Run `bin/rake prepare_release[<target_rubygems_version>]`. This will create
-    a PR to the stable branch with the backports included in the release, and
-    proper changelogs and version bumps. It will also create a PR to merge
-    release changelogs into master.
-*   Once CI passes, merge the release PR, switch to the stable branch and pull
-    the PR just merged.
-*   Release `bundler` with `bin/rake bundler:release`.
-*   Release `rubygems` with `bin/rake release`.
-
-### Steps for minor and major releases
-
-*   Confirm all PRs that you want listed in changelogs are properly tagged with
-    `rubygems: <type>` or `bundler: <type>` labels at GitHub.
-*   Run `bin/rake prepare_release[<target_rubygems_version>]`. This will create
-    a new stable branch off the master branch, and create a PR to it with the
-    proper version bumps and changelogs. It will also create a PR to merge
-    release changelogs into master.
-*   Replace the stable branch in the workflows with the new stable branch, and
-    push that change to the release PR.
-*   Replace version numbers with the next ".dev" version, and push that change
-    to the master PR.
-*   Once CI passes, merge the release PR, switch to  the stable branch and pull
-    the PR just merged.
-*   Release `bundler` with `bin/rake bundler:release`.
-*   Release `rubygems` with `bin/rake release`.
-
 ## Committer Access
 
 RubyGems committers may lose their commit privileges if they are inactive for

data/lib/rubygems/bundler_version_finder.rb

@@ -2,6 +2,8 @@
 
 module Gem::BundlerVersionFinder
   def self.bundler_version
+    return if bundle_config_version == "system"
+
     v = ENV["BUNDLER_VERSION"]
     v = nil if v&.empty?
 
@@ -65,9 +67,12 @@ module Gem::BundlerVersionFinder
 
     return unless gemfile
 
-    lockfile = case gemfile
-               when "gems.rb" then "gems.locked"
-               else "#{gemfile}.lock"
+    lockfile = ENV["BUNDLE_LOCKFILE"]
+    lockfile = nil if lockfile&.empty?
+
+    lockfile ||= case gemfile
+                 when "gems.rb" then "gems.locked"
+                 else "#{gemfile}.lock"
     end
 
     return unless File.file?(lockfile)
@@ -75,4 +80,33 @@ module Gem::BundlerVersionFinder
     File.read(lockfile)
   end
   private_class_method :lockfile_contents
+
+  def self.bundle_config_version
+    config_file = bundler_config_file
+    return unless config_file && File.file?(config_file)
+
+    contents = File.read(config_file)
+    contents =~ /^BUNDLE_VERSION:\s*["']?([^"'\s]+)["']?\s*$/
+
+    $1
+  end
+  private_class_method :bundle_config_version
+
+  def self.bundler_config_file
+    # see Bundler::Settings#global_config_file and local_config_file
+    # global
+    if ENV["BUNDLE_CONFIG"] && !ENV["BUNDLE_CONFIG"].empty?
+      ENV["BUNDLE_CONFIG"]
+    elsif ENV["BUNDLE_USER_CONFIG"] && !ENV["BUNDLE_USER_CONFIG"].empty?
+      ENV["BUNDLE_USER_CONFIG"]
+    elsif ENV["BUNDLE_USER_HOME"] && !ENV["BUNDLE_USER_HOME"].empty?
+      ENV["BUNDLE_USER_HOME"] + "config"
+    elsif Gem.user_home && !Gem.user_home.empty?
+      Gem.user_home + ".bundle/config"
+    else
+      # local
+      "config"
+    end
+  end
+  private_class_method :bundler_config_file
 end

data/lib/rubygems/ext/ext_conf_builder.rb

@@ -40,6 +40,9 @@ class Gem::Ext::ExtConfBuilder < Gem::Ext::Builder
       end
 
       ENV["DESTDIR"] = nil
+      unless RUBY_PLATFORM.include?("mswin") && RbConfig::CONFIG["configure_args"]&.include?("nmake")
+        ENV["MAKEFLAGS"] ||= "-j#{Etc.nprocessors + 1}"
+      end
 
       make dest_path, results, extension_dir, tmp_dest_relative, target_rbconfig: target_rbconfig
 

data/lib/rubygems/version.rb

@@ -339,11 +339,14 @@ class Gem::Version
   ##
   # Compares this version with +other+ returning -1, 0, or 1 if the
   # other version is larger, the same, or smaller than this
-  # one. Attempts to compare to something that's not a
-  # <tt>Gem::Version</tt> or a valid version String return +nil+.
+  # one. +other+ must be an instance of Gem::Version, comparing with
+  # other types may raise an exception.
 
   def <=>(other)
-    return self <=> self.class.new(other) if (String === other) && self.class.correct?(other)
+    if String === other
+      return unless self.class.correct?(other)
+      return self <=> self.class.new(other)
+    end
 
     return unless Gem::Version === other
     return 0 if @version == other.version || canonical_segments == other.canonical_segments

data/lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "4.0.0.beta1"
+  VERSION = "4.0.0"
 end
 
 require_relative "rubygems/defaults"
@@ -287,7 +287,7 @@ module Gem
       # RubyGems now uses this new `Gem.activate_and_load_bin_path` helper in
       # binstubs, which is of course not overridden in Bundler since it didn't
       # exist at the time. So, include the override here to workaround that.
-      load ENV["BUNDLE_BIN_PATH"] if ENV["BUNDLE_BIN_PATH"] && spec.version <= "2.5.22"
+      load ENV["BUNDLE_BIN_PATH"] if ENV["BUNDLE_BIN_PATH"] && spec.version <= Gem::Version.create("2.5.22")
 
       # Make sure there's no version of Bundler in `$LOAD_PATH` that's different
       # from the version we just activated. If that was the case (it happens
@@ -666,7 +666,7 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
   # warnings in platform constants
 
   def self.load_bundler_extensions(version)
-    return unless version <= "2.6.9"
+    return unless version <= Gem::Version.create("2.6.9")
 
     previous_platforms = {}
 

data/rubygems-update.gemspec

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
+version = File.read(File.join(__dir__, "lib", "rubygems.rb"))[/^\s*VERSION\s*=\s*"(.*)"/, 1]
+
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "4.0.0.beta1"
+  s.version = version
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 
@@ -30,7 +32,7 @@ Gem::Specification.new do |s|
   s.extra_rdoc_files = [
     "LICENSE.txt", "doc/MAINTAINERS.txt",
     "MIT.txt", "Manifest.txt", "README.md",
-    "doc/rubygems/UPGRADING.md", "doc/rubygems/POLICIES.md", "CODE_OF_CONDUCT.md",
+    "doc/UPGRADING.md", "doc/rubygems/POLICIES.md", "CODE_OF_CONDUCT.md",
     "doc/rubygems/CONTRIBUTING.md",
     "bundler/LICENSE.md", "bundler/README.md",
     "hide_lib_for_update/note.txt", *Dir["bundler/lib/bundler/man/*.1", base: __dir__]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 4.0.0.beta1
+  version: 4.0.0
 platform: ruby
 authors:
 - Jim Weirich
@@ -76,9 +76,9 @@ extra_rdoc_files:
 - bundler/lib/bundler/man/bundle-version.1
 - bundler/lib/bundler/man/bundle.1
 - doc/MAINTAINERS.txt
+- doc/UPGRADING.md
 - doc/rubygems/CONTRIBUTING.md
 - doc/rubygems/POLICIES.md
-- doc/rubygems/UPGRADING.md
 - hide_lib_for_update/note.txt
 files:
 - CHANGELOG.md
@@ -435,10 +435,9 @@ files:
 - bundler/lib/bundler/worker.rb
 - bundler/lib/bundler/yaml_serializer.rb
 - doc/MAINTAINERS.txt
-- doc/bundler/UPGRADING.md
+- doc/UPGRADING.md
 - doc/rubygems/CONTRIBUTING.md
 - doc/rubygems/POLICIES.md
-- doc/rubygems/UPGRADING.md
 - exe/gem
 - exe/update_rubygems
 - hide_lib_for_update/note.txt