rubygems-update 3.2.14 → 3.2.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 183f3b2ffdc6ae6ff74b07aa4fb847ce8dad2346d34053258d1f4a1dae58ee75
-  data.tar.gz: 65ebe08bd47e237947d6292a1d8bd8eacfdb02ba2ca0c49abbb46dfb5d4508ba
+  metadata.gz: 12f7d1b385b073b255590e0eee7807d5bb588ab877a9928e5edee6f3701e47b6
+  data.tar.gz: 425d632864b300c71cd1d62e9fdd045f94f4a6a088dbfc0a3a29977950958787
 SHA512:
-  metadata.gz: 6bab93bbd24b3fb753b6a2818cecaad7dffff505937f4a3a0625c9c6f8ccfcb1742d642fc74ab7e8aed5bc505aa18651aed3ced2e794efa0b0a758ac5fab50a8
-  data.tar.gz: 1a5c4126510e7dfb037e52f3da7a2cc815d14b925089ebf3aed4c120c95580a6e1e119fc3cc205bf320baf02cd140e3a2cd17499dd4b6c9b2747004654ae82bb
+  metadata.gz: ed5579f01a5c0a2d832779331df8900db7e0ed9bc6dc03f6f449ff76f9552f378d771424354629fbc34bd2ace0a9ab486cf79743065ece6d89d832a79383b97a
+  data.tar.gz: bf54441188feb5c8388676a46713113097aa978270514a3bcadf12564f8dd50ec671c0067c55727a927e7f6dfac27ce05bf13ba04731a44e749ce8c1b16d0470

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+# 3.2.15 / 2021-03-18
+
+## Enhancements:
+
+* Prevent downgrades to untested rubygems versions. Pull request #4460 by
+  deivid-rodriguez
+
+## Bug fixes:
+
+* Fix missing require breaking `gem cert`. Pull request #4464 by lukehinds
+
 # 3.2.14 / 2021-03-08
 
 ## Enhancements:

data/bundler/CHANGELOG.md

@@ -1,3 +1,15 @@
+# 2.2.15 (March 18, 2021)
+
+## Enhancements:
+
+  - Add a hint about bundler installing executables for path gems [#4461](https://github.com/rubygems/rubygems/pull/4461)
+  - Warn lockfiles with incorrect resolutions [#4459](https://github.com/rubygems/rubygems/pull/4459)
+  - Don't generate duplicate redundant sources in the lockfile [#4456](https://github.com/rubygems/rubygems/pull/4456)
+
+## Bug fixes:
+
+  - Respect running ruby when resolving platforms [#4449](https://github.com/rubygems/rubygems/pull/4449)
+
 # 2.2.14 (March 8, 2021)
 
 ## Security fixes:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-03-08".freeze
-    @git_commit_sha = "3a169d80c1".freeze
+    @built_at = "2021-03-19".freeze
+    @git_commit_sha = "3dbcc68293".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/installer/parallel_installer.rb

@@ -6,10 +6,11 @@ require_relative "gem_installer"
 module Bundler
   class ParallelInstaller
     class SpecInstallation
-      attr_accessor :spec, :name, :post_install_message, :state, :error
+      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error
       def initialize(spec)
         @spec = spec
         @name = spec.name
+        @full_name = spec.full_name
         @state = :none
         @post_install_message = ""
         @error = nil
@@ -49,14 +50,11 @@ module Bundler
       # Represents only the non-development dependencies, the ones that are
       # itself and are in the total list.
       def dependencies
-        @dependencies ||= begin
-          all_dependencies.reject {|dep| ignorable_dependency? dep }
-        end
+        @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
       end
 
       def missing_lockfile_dependencies(all_spec_names)
-        deps = all_dependencies.reject {|dep| ignorable_dependency? dep }
-        deps.reject {|dep| all_spec_names.include? dep.name }
+        dependencies.reject {|dep| all_spec_names.include? dep.name }
       end
 
       # Represents all dependencies
@@ -65,7 +63,7 @@ module Bundler
       end
 
       def to_s
-        "#<#{self.class} #{@spec.full_name} (#{state})>"
+        "#<#{self.class} #{full_name} (#{state})>"
       end
     end
 
@@ -99,12 +97,37 @@ module Bundler
         install_serially
       end
 
+      check_for_unmet_dependencies
+
       handle_error if failed_specs.any?
       @specs
     ensure
       worker_pool && worker_pool.stop
     end
 
+    def check_for_unmet_dependencies
+      unmet_dependencies = @specs.map do |s|
+        [
+          s,
+          s.dependencies.reject {|dep| @specs.any? {|spec| dep.matches_spec?(spec.spec) } },
+        ]
+      end.reject {|a| a.last.empty? }
+      return if unmet_dependencies.empty?
+
+      warning = []
+      warning << "Your lockfile doesn't include a valid resolution."
+      warning << "You can fix this by regenerating your lockfile or trying to manually editing the bad locked gems to a version that satisfies all dependencies."
+      warning << "The unmet dependencies are:"
+
+      unmet_dependencies.each do |spec, unmet_spec_dependencies|
+        unmet_spec_dependencies.each do |unmet_spec_dependency|
+          warning << "* #{unmet_spec_dependency}, depended upon #{spec.full_name}, unsatisfied by #{@specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }.full_name}"
+        end
+      end
+
+      Bundler.ui.warn(warning.join("\n"))
+    end
+
     def check_for_corrupt_lockfile
       missing_dependencies = @specs.map do |s|
         [

data/bundler/lib/bundler/lazy_specification.rb

@@ -73,7 +73,12 @@ module Bundler
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
-        search = same_platform_candidates.last || candidates.last
+        installable_candidates = same_platform_candidates.select do |spec|
+          !spec.is_a?(RemoteSpecification) &&
+            spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+            spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version)
+        end
+        search = installable_candidates.last || same_platform_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end

data/bundler/lib/bundler/source/path.rb

@@ -82,7 +82,9 @@ module Bundler
       end
 
       def install(spec, options = {})
-        print_using_message "Using #{version_message(spec)} from #{self}"
+        using_message = "Using #{version_message(spec)} from #{self}"
+        using_message += " and installing its executables" unless spec.executables.empty?
+        print_using_message using_message
         generate_bin(spec, :disable_extensions => true)
         nil # no post-install message
       end

data/bundler/lib/bundler/source/path/installer.rb

@@ -35,7 +35,7 @@ module Bundler
             run_hooks(:post_build)
           end
 
-          generate_bin unless spec.executables.nil? || spec.executables.empty?
+          generate_bin unless spec.executables.empty?
 
           run_hooks(:post_install)
         ensure

data/bundler/lib/bundler/source_list.rb

@@ -88,7 +88,7 @@ module Bundler
     def lock_sources
       lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
       if disable_multisource?
-        lock_sources + rubygems_sources.sort_by(&:to_s)
+        lock_sources + rubygems_sources.sort_by(&:to_s).uniq
       else
         lock_sources << combine_rubygems_sources
       end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.2.14".freeze
+  VERSION = "2.2.15".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = "3.2.14".freeze
+  VERSION = "3.2.15".freeze
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/commands/update_command.rb

@@ -76,7 +76,7 @@ command to remove old versions.
 
   def check_oldest_rubygems(version) # :nodoc:
     if oldest_supported_version > version
-      alert_error "rubygems #{version} is not supported. The oldest supported version is #{oldest_supported_version}"
+      alert_error "rubygems #{version} is not supported on #{RUBY_VERSION}. The oldest version supported by this ruby is #{oldest_supported_version}"
       terminate_interaction 1
     end
   end
@@ -322,8 +322,26 @@ command to remove old versions.
 
   private
 
+  #
+  # Oldest version we support downgrading to. This is the version that
+  # originally ships with the first patch version of each ruby, because we never
+  # test each ruby against older rubygems, so we can't really guarantee it
+  # works. Version list can be checked here: https://stdgems.org/rubygems
+  #
   def oldest_supported_version
-    # for Ruby 2.3
-    @oldest_supported_version ||= Gem::Version.new("2.5.2")
+    @oldest_supported_version ||=
+      if Gem.ruby_version > Gem::Version.new("3.0.a")
+        Gem::Version.new("3.2.3")
+      elsif Gem.ruby_version > Gem::Version.new("2.7.a")
+        Gem::Version.new("3.1.2")
+      elsif Gem.ruby_version > Gem::Version.new("2.6.a")
+        Gem::Version.new("3.0.1")
+      elsif Gem.ruby_version > Gem::Version.new("2.5.a")
+        Gem::Version.new("2.7.3")
+      elsif Gem.ruby_version > Gem::Version.new("2.4.a")
+        Gem::Version.new("2.6.8")
+      else
+        Gem::Version.new("2.5.2")
+      end
   end
 end

data/lib/rubygems/security/trust_dir.rb

@@ -104,6 +104,7 @@ class Gem::Security::TrustDir
   # permissions.
 
   def verify
+    require 'fileutils'
     if File.exist? @dir
       raise Gem::Security::Exception,
         "trust directory #{@dir} is not a directory" unless

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.2.14"
+  s.version = "3.2.15"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/test_gem_commands_update_command.rb

@@ -168,6 +168,15 @@ class TestGemCommandsUpdateCommand < Gem::TestCase
     @cmd.options[:args]          = []
     @cmd.options[:system]        = "2.5.1"
 
+    oldest_version_mod = Module.new do
+      def oldest_supported_version
+        Gem::Version.new("2.5.2")
+      end
+      private :oldest_supported_version
+    end
+
+    @cmd.extend(oldest_version_mod)
+
     assert_raises Gem::MockGemUi::TermError do
       use_ui @ui do
         @cmd.execute
@@ -175,7 +184,7 @@ class TestGemCommandsUpdateCommand < Gem::TestCase
     end
 
     assert_empty @ui.output
-    assert_equal "ERROR:  rubygems 2.5.1 is not supported. The oldest supported version is 2.5.2\n", @ui.error
+    assert_equal "ERROR:  rubygems 2.5.1 is not supported on #{RUBY_VERSION}. The oldest version supported by this ruby is 2.5.2\n", @ui.error
   end
 
   def test_execute_system_specific_older_than_3_2_removes_plugins_dir
@@ -185,6 +194,15 @@ class TestGemCommandsUpdateCommand < Gem::TestCase
       end
     end
 
+    oldest_version_mod = Module.new do
+      def oldest_supported_version
+        Gem::Version.new("2.5.2")
+      end
+      private :oldest_supported_version
+    end
+
+    @cmd.extend(oldest_version_mod)
+
     @cmd.options[:args]          = []
     @cmd.options[:system]        = "3.1"
 
@@ -203,6 +221,15 @@ class TestGemCommandsUpdateCommand < Gem::TestCase
       end
     end
 
+    oldest_version_mod = Module.new do
+      def oldest_supported_version
+        Gem::Version.new("2.5.2")
+      end
+      private :oldest_supported_version
+    end
+
+    @cmd.extend(oldest_version_mod)
+
     @cmd.options[:args]          = []
     @cmd.options[:system]        = "3.2.a"
 

data/test/rubygems/test_gem_remote_fetcher.rb

@@ -1000,12 +1000,6 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg==
     end
   end
 
-  def test_tcpsocketext_require
-    with_configured_fetcher(":ipv4_fallback_enabled: true") do |fetcher|
-      refute require('rubygems/core_ext/tcpsocket_init')
-    end
-  end
-
   def with_configured_fetcher(config_str = nil, &block)
     if config_str
       temp_conf = File.join @tempdir, '.gemrc'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.2.14
+  version: 3.2.15
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-08 00:00:00.000000000 Z
+date: 2021-03-19 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality
@@ -768,7 +768,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.14
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby.