RubyGems - bundler - Versions diffs - 2.6.7 → 2.6.9 - Mend

bundler 2.6.7 → 2.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +25 -0
data/lib/bundler/build_metadata.rb +1 -1
data/lib/bundler/cli/doctor/diagnose.rb +167 -0
data/lib/bundler/cli/doctor/ssl.rb +249 -0
data/lib/bundler/cli/doctor.rb +27 -155
data/lib/bundler/cli/issue.rb +2 -2
data/lib/bundler/cli.rb +2 -11
data/lib/bundler/definition.rb +73 -56
data/lib/bundler/friendly_errors.rb +1 -1
data/lib/bundler/installer.rb +1 -1
data/lib/bundler/lazy_specification.rb +22 -13
data/lib/bundler/resolver.rb +10 -6
data/lib/bundler/spec_set.rb +37 -9
data/lib/bundler/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9135fec12672acb616058b986f9ee528f8dbaf5b5452a413a93bf4188f381813
-  data.tar.gz: 8b5ffbe95febae6b17210c94972b43ecf3009c665720e976156a8ecbb4d0cc8b
+  metadata.gz: 855ce06e8526e58b49de6b5872997ade47beb38288f5cf783ad551417accfa2c
+  data.tar.gz: bfa8b4371917aa0b993a31d9452196c00239de57803b0a233795040be5e158f0
 SHA512:
-  metadata.gz: 246ae795176220dde699c7d808bc876d4cbf0180b4eb58521efb6785ab699266ffbfbee550380e4e98c002a74cfca386eb7e238d37286775b7a870b4521abcda
-  data.tar.gz: '040083539b5e2bd6d968a80de1314c65bc46bb3652189dc0849b73653aed0825993770adc5e7eca99099078be3aba7b47cc34fe10e4c8bfa5fc6927328aaf12f'
+  metadata.gz: bdf0dab626499ae76ef5fae750d9354c8c064fc19cb4b357de8e11bb1036246d8b0aed7fe12d2dbec3a81745db31b6268c4c4fec14111c5b224c96217834f8d9
+  data.tar.gz: c297223566644f831412d15723e0cd96a1f9d7c9d6d2985596716dd1a00d7b3f386014402403fbefb0fa0805e36662de35268bd3b2ab7168ce08f1ee34a31f29

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,28 @@
+# 2.6.9 (May 13, 2025)
+## Enhancements:
+  - Fix doctor command parsing of otool output [#8665](https://github.com/rubygems/rubygems/pull/8665)
+  - Add SSL troubleshooting to `bundle doctor` [#8624](https://github.com/rubygems/rubygems/pull/8624)
+  - Let `bundle lock --normalize-platforms` remove invalid platforms [#8631](https://github.com/rubygems/rubygems/pull/8631)
+## Bug fixes:
+  - Fix `bundle lock` sometimes allowing invalid platforms into the lockfile [#8630](https://github.com/rubygems/rubygems/pull/8630)
+  - Fix false positive warning about insecure materialization in frozen mode [#8629](https://github.com/rubygems/rubygems/pull/8629)
+# 2.6.8 (April 13, 2025)
+## Enhancements:
+  - Refine `bundle update --verbose` logs [#8627](https://github.com/rubygems/rubygems/pull/8627)
+  - Improve bug report instructions [#8607](https://github.com/rubygems/rubygems/pull/8607)
+## Bug fixes:
+  - Fix `bundle update` crash in an edge case [#8626](https://github.com/rubygems/rubygems/pull/8626)
+  - Fix `bundle lock --normalize-platforms` regression [#8620](https://github.com/rubygems/rubygems/pull/8620)
 # 2.6.7 (April 3, 2025)
 ## Enhancements:

data/lib/bundler/build_metadata.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Bundler
   module BuildMetadata
     # begin ivars
     @built_at = "1980-01-02".freeze
-    @git_commit_sha = "32896b3570e".freeze
+    @git_commit_sha = "8a2a14d63da".freeze
     @release = true
     # end ivars

data/lib/bundler/cli/doctor/diagnose.rb ADDED Viewed

@@ -0,0 +1,167 @@
+# frozen_string_literal: true
+require "rbconfig"
+require "shellwords"
+module Bundler
+  class CLI::Doctor::Diagnose
+    DARWIN_REGEX = /\s+(.+) \(compatibility /
+    LDD_REGEX = /\t\S+ => (\S+) \(\S+\)/
+    attr_reader :options
+    def initialize(options)
+      @options = options
+    end
+    def otool_available?
+      Bundler.which("otool")
+    end
+    def ldd_available?
+      Bundler.which("ldd")
+    end
+    def dylibs_darwin(path)
+      output = `/usr/bin/otool -L #{path.shellescape}`.chomp
+      dylibs = output.split("\n")[1..-1].filter_map {|l| l.match(DARWIN_REGEX)&.match(1) }.uniq
+      # ignore @rpath and friends
+      dylibs.reject {|dylib| dylib.start_with? "@" }
+    end
+    def dylibs_ldd(path)
+      output = `/usr/bin/ldd #{path.shellescape}`.chomp
+      output.split("\n").filter_map do |l|
+        match = l.match(LDD_REGEX)
+        next if match.nil?
+        match.captures[0]
+      end
+    end
+    def dylibs(path)
+      case RbConfig::CONFIG["host_os"]
+      when /darwin/
+        return [] unless otool_available?
+        dylibs_darwin(path)
+      when /(linux|solaris|bsd)/
+        return [] unless ldd_available?
+        dylibs_ldd(path)
+      else # Windows, etc.
+        Bundler.ui.warn("Dynamic library check not supported on this platform.")
+        []
+      end
+    end
+    def bundles_for_gem(spec)
+      Dir.glob("#{spec.full_gem_path}/**/*.bundle")
+    end
+    def lookup_with_fiddle(path)
+      require "fiddle"
+      Fiddle.dlopen(path)
+      false
+    rescue Fiddle::DLError
+      true
+    end
+    def check!
+      require_relative "../check"
+      Bundler::CLI::Check.new({}).run
+    end
+    def diagnose_ssl
+      require_relative "ssl"
+      Bundler::CLI::Doctor::SSL.new({}).run
+    end
+    def run
+      Bundler.ui.level = "warn" if options[:quiet]
+      Bundler.settings.validate!
+      check!
+      diagnose_ssl if options[:ssl]
+      definition = Bundler.definition
+      broken_links = {}
+      definition.specs.each do |spec|
+        bundles_for_gem(spec).each do |bundle|
+          bad_paths = dylibs(bundle).select do |f|
+            lookup_with_fiddle(f)
+          end
+          if bad_paths.any?
+            broken_links[spec] ||= []
+            broken_links[spec].concat(bad_paths)
+          end
+        end
+      end
+      permissions_valid = check_home_permissions
+      if broken_links.any?
+        message = "The following gems are missing OS dependencies:"
+        broken_links.flat_map do |spec, paths|
+          paths.uniq.map do |path|
+            "\n * #{spec.name}: #{path}"
+          end
+        end.sort.each {|m| message += m }
+        raise ProductionError, message
+      elsif permissions_valid
+        Bundler.ui.info "No issues found with the installed bundle"
+      end
+    end
+    private
+    def check_home_permissions
+      require "find"
+      files_not_readable = []
+      files_not_readable_and_owned_by_different_user = []
+      files_not_owned_by_current_user_but_still_readable = []
+      broken_symlinks = []
+      Find.find(Bundler.bundle_path.to_s).each do |f|
+        if !File.exist?(f)
+          broken_symlinks << f
+        elsif !File.readable?(f)
+          if File.stat(f).uid != Process.uid
+            files_not_readable_and_owned_by_different_user << f
+          else
+            files_not_readable << f
+          end
+        elsif File.stat(f).uid != Process.uid
+          files_not_owned_by_current_user_but_still_readable << f
+        end
+      end
+      ok = true
+      if broken_symlinks.any?
+        Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
+        ok = false
+      end
+      if files_not_owned_by_current_user_but_still_readable.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
+          "user, but are still readable. These files are:\n - #{files_not_owned_by_current_user_but_still_readable.join("\n - ")}"
+        ok = false
+      end
+      if files_not_readable_and_owned_by_different_user.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
+          "user, and are not readable. These files are:\n - #{files_not_readable_and_owned_by_different_user.join("\n - ")}"
+        ok = false
+      end
+      if files_not_readable.any?
+        Bundler.ui.warn "Files exist in the Bundler home that are not " \
+          "readable by the current user. These files are:\n - #{files_not_readable.join("\n - ")}"
+        ok = false
+      end
+      ok
+    end
+  end
+end

data/lib/bundler/cli/doctor/ssl.rb ADDED Viewed

@@ -0,0 +1,249 @@
+# frozen_string_literal: true
+require "rubygems/remote_fetcher"
+require "uri"
+module Bundler
+  class CLI::Doctor::SSL
+    attr_reader :options
+    def initialize(options)
+      @options = options
+    end
+    def run
+      return unless openssl_installed?
+      output_ssl_environment
+      bundler_success = bundler_connection_successful?
+      rubygem_success = rubygem_connection_successful?
+      return unless net_http_connection_successful?
+      Explanation.summarize(bundler_success, rubygem_success, host)
+    end
+    private
+    def host
+      @options[:host] || "rubygems.org"
+    end
+    def tls_version
+      @options[:"tls-version"].then do |version|
+        "TLS#{version.sub(".", "_")}".to_sym if version
+      end
+    end
+    def verify_mode
+      mode = @options[:"verify-mode"] || :peer
+      @verify_mode ||= mode.then {|mod| OpenSSL::SSL.const_get("verify_#{mod}".upcase) }
+    end
+    def uri
+      @uri ||= URI("https://#{host}")
+    end
+    def openssl_installed?
+      require "openssl"
+      true
+    rescue LoadError
+      Bundler.ui.warn(<<~MSG)
+        Oh no! Your Ruby doesn't have OpenSSL, so it can't connect to #{host}.
+        You'll need to recompile or reinstall Ruby with OpenSSL support and try again.
+      MSG
+      false
+    end
+    def output_ssl_environment
+      Bundler.ui.info(<<~MESSAGE)
+        Here's your OpenSSL environment:
+        OpenSSL:       #{OpenSSL::VERSION}
+        Compiled with: #{OpenSSL::OPENSSL_VERSION}
+        Loaded with:   #{OpenSSL::OPENSSL_LIBRARY_VERSION}
+      MESSAGE
+    end
+    def bundler_connection_successful?
+      Bundler.ui.info("\nTrying connections to #{uri}:\n")
+      bundler_uri = Gem::URI(uri.to_s)
+      Bundler::Fetcher.new(
+        Bundler::Source::Rubygems::Remote.new(bundler_uri)
+      ).send(:connection).request(bundler_uri)
+      Bundler.ui.info("Bundler:       success")
+      true
+    rescue StandardError => error
+      Bundler.ui.warn("Bundler:       failed     (#{Explanation.explain_bundler_or_rubygems_error(error)})")
+      false
+    end
+    def rubygem_connection_successful?
+      Gem::RemoteFetcher.fetcher.fetch_path(uri)
+      Bundler.ui.info("RubyGems:      success")
+      true
+    rescue StandardError => error
+      Bundler.ui.warn("RubyGems:      failed     (#{Explanation.explain_bundler_or_rubygems_error(error)})")
+      false
+    end
+    def net_http_connection_successful?
+      ::Gem::Net::HTTP.new(uri.host, uri.port).tap do |http|
+        http.use_ssl = true
+        http.min_version = tls_version
+        http.max_version = tls_version
+        http.verify_mode = verify_mode
+      end.start
+      Bundler.ui.info("Ruby net/http: success")
+      warn_on_unsupported_tls12
+      true
+    rescue StandardError => error
+      Bundler.ui.warn(<<~MSG)
+        Ruby net/http: failed
+        Unfortunately, this Ruby can't connect to #{host}.
+        #{Explanation.explain_net_http_error(error, host, tls_version)}
+      MSG
+      false
+    end
+    def warn_on_unsupported_tls12
+      ctx = OpenSSL::SSL::SSLContext.new
+      supported = true
+      if ctx.respond_to?(:min_version=)
+        begin
+          ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+        rescue OpenSSL::SSL::SSLError, NameError
+          supported = false
+        end
+      else
+        supported = OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) # rubocop:disable Naming/VariableNumber
+      end
+      Bundler.ui.warn(<<~EOM) unless supported
+        WARNING: Although your Ruby can connect to #{host} today, your OpenSSL is very old!
+        WARNING: You will need to upgrade OpenSSL to use #{host}.
+      EOM
+    end
+    module Explanation
+      extend self
+      def explain_bundler_or_rubygems_error(error)
+        case error.message
+        when /certificate verify failed/
+          "certificate verification"
+        when /read server hello A/
+          "SSL/TLS protocol version mismatch"
+        when /tlsv1 alert protocol version/
+          "requested TLS version is too old"
+        else
+          error.message
+        end
+      end
+      def explain_net_http_error(error, host, tls_version)
+        case error.message
+        # Check for certificate errors
+        when /certificate verify failed/
+          <<~MSG
+            #{show_ssl_certs}
+            Your Ruby can't connect to #{host} because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine #{host} servers.
+          MSG
+        # Check for TLS version errors
+        when /read server hello A/, /tlsv1 alert protocol version/
+          if tls_version.to_s == "TLS1_3"
+            "Your Ruby can't connect to #{host} because #{tls_version} isn't supported yet.\n"
+          else
+            <<~MSG
+              Your Ruby can't connect to #{host} because your version of OpenSSL is too old.
+              You'll need to upgrade your OpenSSL install and/or recompile Ruby to use a newer OpenSSL.
+            MSG
+          end
+        # OpenSSL doesn't support TLS version specified by argument
+        when /unknown SSL method/
+          "Your Ruby can't connect because #{tls_version} isn't supported by your version of OpenSSL."
+        else
+          <<~MSG
+            Even worse, we're not sure why.
+            Here's the full error information:
+            #{error.class}: #{error.message}
+              #{error.backtrace.join("\n  ")}
+            You might have more luck using Mislav's SSL doctor.rb script. You can get it here:
+            https://github.com/mislav/ssl-tools/blob/8b3dec4/doctor.rb
+            Read more about the script and how to use it in this blog post:
+            https://mislav.net/2013/07/ruby-openssl/
+          MSG
+        end
+      end
+      def summarize(bundler_success, rubygems_success, host)
+        guide_url = "http://ruby.to/ssl-check-failed"
+        message = if bundler_success && rubygems_success
+          <<~MSG
+            Hooray! This Ruby can connect to #{host}.
+            You are all set to use Bundler and RubyGems.
+          MSG
+        elsif !bundler_success && !rubygems_success
+          <<~MSG
+            For some reason, your Ruby installation can connect to #{host}, but neither RubyGems nor Bundler can.
+            The most likely fix is to manually upgrade RubyGems by following the instructions at #{guide_url}.
+            After you've done that, run `gem install bundler` to upgrade Bundler, and then run this script again to make sure everything worked. ❣
+          MSG
+        elsif !bundler_success
+          <<~MSG
+            Although your Ruby installation and RubyGems can both connect to #{host}, Bundler is having trouble.
+            The most likely way to fix this is to upgrade Bundler by running `gem install bundler`.
+            Run this script again after doing that to make sure everything is all set.
+            If you're still having trouble, check out the troubleshooting guide at #{guide_url}.
+          MSG
+        else
+          <<~MSG
+            It looks like Ruby and Bundler can connect to #{host}, but RubyGems itself cannot.
+            You can likely solve this by manually downloading and installing a RubyGems update.
+            Visit #{guide_url} for instructions on how to manually upgrade RubyGems.
+          MSG
+        end
+        Bundler.ui.info("\n#{message}")
+      end
+      private
+      def show_ssl_certs
+        ssl_cert_file = ENV["SSL_CERT_FILE"] || OpenSSL::X509::DEFAULT_CERT_FILE
+        ssl_cert_dir  = ENV["SSL_CERT_DIR"]  || OpenSSL::X509::DEFAULT_CERT_DIR
+        <<~MSG
+          Below affect only Ruby net/http connections:
+          SSL_CERT_FILE: #{File.exist?(ssl_cert_file) ? "exists     #{ssl_cert_file}" : "is missing #{ssl_cert_file}"}
+          SSL_CERT_DIR:  #{Dir.exist?(ssl_cert_dir)   ? "exists     #{ssl_cert_dir}"  : "is missing #{ssl_cert_dir}"}
+        MSG
+      end
+    end
+  end
+end

data/lib/bundler/cli/doctor.rb CHANGED Viewed

@@ -1,161 +1,33 @@
 # frozen_string_literal: true
-require "rbconfig"
-require "shellwords"
 module Bundler
-  class CLI::Doctor
-    DARWIN_REGEX = /\s+(.+) \(compatibility /
-    LDD_REGEX = /\t\S+ => (\S+) \(\S+\)/
-    attr_reader :options
-    def initialize(options)
-      @options = options
-    end
-    def otool_available?
-      Bundler.which("otool")
-    end
-    def ldd_available?
-      Bundler.which("ldd")
-    end
-    def dylibs_darwin(path)
-      output = `/usr/bin/otool -L #{path.shellescape}`.chomp
-      dylibs = output.split("\n")[1..-1].map {|l| l.match(DARWIN_REGEX).captures[0] }.uniq
-      # ignore @rpath and friends
-      dylibs.reject {|dylib| dylib.start_with? "@" }
-    end
-    def dylibs_ldd(path)
-      output = `/usr/bin/ldd #{path.shellescape}`.chomp
-      output.split("\n").filter_map do |l|
-        match = l.match(LDD_REGEX)
-        next if match.nil?
-        match.captures[0]
-      end
-    end
-    def dylibs(path)
-      case RbConfig::CONFIG["host_os"]
-      when /darwin/
-        return [] unless otool_available?
-        dylibs_darwin(path)
-      when /(linux|solaris|bsd)/
-        return [] unless ldd_available?
-        dylibs_ldd(path)
-      else # Windows, etc.
-        Bundler.ui.warn("Dynamic library check not supported on this platform.")
-        []
-      end
-    end
-    def bundles_for_gem(spec)
-      Dir.glob("#{spec.full_gem_path}/**/*.bundle")
-    end
-    def lookup_with_fiddle(path)
-      require "fiddle"
-      Fiddle.dlopen(path)
-      false
-    rescue Fiddle::DLError
-      true
-    end
-    def check!
-      require_relative "check"
-      Bundler::CLI::Check.new({}).run
-    end
-    def run
-      Bundler.ui.level = "warn" if options[:quiet]
-      Bundler.settings.validate!
-      check!
-      definition = Bundler.definition
-      broken_links = {}
-      definition.specs.each do |spec|
-        bundles_for_gem(spec).each do |bundle|
-          bad_paths = dylibs(bundle).select do |f|
-            lookup_with_fiddle(f)
-          end
-          if bad_paths.any?
-            broken_links[spec] ||= []
-            broken_links[spec].concat(bad_paths)
-          end
-        end
-      end
-      permissions_valid = check_home_permissions
-      if broken_links.any?
-        message = "The following gems are missing OS dependencies:"
-        broken_links.flat_map do |spec, paths|
-          paths.uniq.map do |path|
-            "\n * #{spec.name}: #{path}"
-          end
-        end.sort.each {|m| message += m }
-        raise ProductionError, message
-      elsif permissions_valid
-        Bundler.ui.info "No issues found with the installed bundle"
-      end
-    end
-    private
-    def check_home_permissions
-      require "find"
-      files_not_readable = []
-      files_not_readable_and_owned_by_different_user = []
-      files_not_owned_by_current_user_but_still_readable = []
-      broken_symlinks = []
-      Find.find(Bundler.bundle_path.to_s).each do |f|
-        if !File.exist?(f)
-          broken_symlinks << f
-        elsif !File.readable?(f)
-          if File.stat(f).uid != Process.uid
-            files_not_readable_and_owned_by_different_user << f
-          else
-            files_not_readable << f
-          end
-        elsif File.stat(f).uid != Process.uid
-          files_not_owned_by_current_user_but_still_readable << f
-        end
-      end
-      ok = true
-      if broken_symlinks.any?
-        Bundler.ui.warn "Broken links exist in the Bundler home. Please report them to the offending gem's upstream repo. These files are:\n - #{broken_symlinks.join("\n - ")}"
-        ok = false
-      end
-      if files_not_owned_by_current_user_but_still_readable.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, but are still readable. These files are:\n - #{files_not_owned_by_current_user_but_still_readable.join("\n - ")}"
-        ok = false
-      end
-      if files_not_readable_and_owned_by_different_user.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are owned by another " \
-          "user, and are not readable. These files are:\n - #{files_not_readable_and_owned_by_different_user.join("\n - ")}"
-        ok = false
-      end
-      if files_not_readable.any?
-        Bundler.ui.warn "Files exist in the Bundler home that are not " \
-          "readable by the current user. These files are:\n - #{files_not_readable.join("\n - ")}"
-        ok = false
-      end
-      ok
+  class CLI::Doctor < Thor
+    default_command(:diagnose)
+    desc "diagnose [OPTIONS]", "Checks the bundle for common problems"
+    long_desc <<-D
+      Doctor scans the OS dependencies of each of the gems requested in the Gemfile. If
+      missing dependencies are detected, Bundler prints them and exits status 1.
+      Otherwise, Bundler prints a success message and exits with a status of 0.
+    D
+    method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
+    method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
+    method_option "ssl", type: :boolean, default: false, banner: "Diagnose SSL problems."
+    def diagnose
+      require_relative "doctor/diagnose"
+      Diagnose.new(options).run
+    end
+    desc "ssl [OPTIONS]", "Diagnose SSL problems"
+    long_desc <<-D
+      Diagnose SSL problems, especially related to certificates or TLS version while connecting to https://rubygems.org.
+    D
+    method_option "host", type: :string, banner: "The host to diagnose."
+    method_option "tls-version", type: :string, banner: "Specify the SSL/TLS version when running the diagnostic. Accepts either <1.1> or <1.2>"
+    method_option "verify-mode", type: :string, banner: "Specify the mode used for certification verification. Accepts either <peer> or <none>"
+    def ssl
+      require_relative "doctor/ssl"
+      SSL.new(options).run
     end
   end
 end

data/lib/bundler/cli/issue.rb CHANGED Viewed

@@ -34,8 +34,8 @@ module Bundler
     end
     def doctor
-      require_relative "doctor"
-      Bundler::CLI::Doctor.new({}).run
+      require_relative "doctor/diagnose"
+      Bundler::CLI::Doctor::Diagnose.new({}).run
     end
   end
 end

data/lib/bundler/cli.rb CHANGED Viewed

@@ -610,17 +610,8 @@ module Bundler
     end
     desc "doctor [OPTIONS]", "Checks the bundle for common problems"
-    long_desc <<-D
-      Doctor scans the OS dependencies of each of the gems requested in the Gemfile. If
-      missing dependencies are detected, Bundler prints them and exits status 1.
-      Otherwise, Bundler prints a success message and exits with a status of 0.
-    D
-    method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
-    method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
-    def doctor
-      require_relative "cli/doctor"
-      Doctor.new(options).run
-    end
+    require_relative "cli/doctor"
+    subcommand("doctor", Doctor)
     desc "issue", "Learn how to report an issue in Bundler"
     def issue

data/lib/bundler/definition.rb CHANGED Viewed

@@ -257,7 +257,7 @@ module Bundler
     rescue BundlerError => e
       @resolve = nil
       @resolver = nil
-      @resolution_packages = nil
+      @resolution_base = nil
       @source_requirements = nil
       @specs = nil
@@ -337,11 +337,7 @@ module Bundler
           end
         end
       else
-        if lockfile_exists?
-          Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
-        else
-          Bundler.ui.debug "Resolving dependencies because there's no lockfile"
-        end
+        Bundler.ui.debug resolve_needed_reason
         start_resolution
       end
@@ -465,7 +461,7 @@ module Bundler
     end
     def normalize_platforms
-      @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
+      resolve.normalize_platforms!(current_dependencies, platforms)
       @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
     end
@@ -537,9 +533,7 @@ module Bundler
       return unless added.any? || deleted.any? || changed.any? || resolve_needed?
-      reason = resolve_needed? ? change_reason : "some dependencies were deleted from your gemfile"
-      msg = String.new("#{reason.capitalize.strip}, but ")
+      msg = String.new("#{change_reason.capitalize.strip}, but ")
       msg << "the lockfile " unless msg.start_with?("Your lockfile")
       msg << "can't be updated because #{update_refused_reason}"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
@@ -620,7 +614,7 @@ module Bundler
     end
     def resolver
-      @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
     end
     def expanded_dependencies
@@ -634,15 +628,15 @@ module Bundler
       [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
-    def resolution_packages
-      @resolution_packages ||= begin
+    def resolution_base
+      @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
         new_resolution_platforms = @current_platform_missing ? @new_platforms + [local_platform] : @new_platforms
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
-        packages = additional_base_requirements_to_prevent_downgrades(packages)
-        packages = additional_base_requirements_to_force_updates(packages)
-        packages
+        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = additional_base_requirements_to_prevent_downgrades(base)
+        base = additional_base_requirements_to_force_updates(base)
+        base
       end
     end
@@ -717,8 +711,7 @@ module Bundler
         still_incomplete_specs = resolve.incomplete_specs
         if still_incomplete_specs == incomplete_specs
-          package = resolution_packages.get_package(incomplete_specs.first.name)
-          resolver.raise_not_found! package
+          resolver.raise_incomplete! incomplete_specs
         end
         incomplete_specs = still_incomplete_specs
@@ -740,7 +733,7 @@ module Bundler
     end
     def reresolve_without(incomplete_specs)
-      resolution_packages.delete(incomplete_specs)
+      resolution_base.delete(incomplete_specs)
       @resolve = start_resolution
     end
@@ -753,8 +746,16 @@ module Bundler
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+      @new_platforms.each do |platform|
+        incomplete_specs = result.incomplete_specs_for_platform(current_dependencies, platform)
+        if incomplete_specs.any?
+          resolver.raise_incomplete! incomplete_specs
+        end
+      end
       if @most_specific_non_local_locked_platform
-        if spec_set_incomplete_for_platform?(result, @most_specific_non_local_locked_platform)
+        if result.incomplete_for_platform?(current_dependencies, @most_specific_non_local_locked_platform)
           @platforms.delete(@most_specific_non_local_locked_platform)
         elsif local_platform_needed_for_resolvability
           @platforms.delete(local_platform)
@@ -796,22 +797,47 @@ module Bundler
       @most_specific_locked_platform
     end
-    def change_reason
-      if unlocking?
-        unlock_targets = if @gems_to_unlock.any?
-          ["gems", @gems_to_unlock]
-        elsif @sources_to_unlock.any?
-          ["sources", @sources_to_unlock]
+    def resolve_needed_reason
+      if lockfile_exists?
+        if unlocking?
+          "Re-resolving dependencies because #{unlocking_reason}"
+        else
+          "Found changes from the lockfile, re-resolving dependencies because #{lockfile_changed_reason}"
         end
+      else
+        "Resolving dependencies because there's no lockfile"
+      end
+    end
-        unlock_reason = if unlock_targets
-          "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+    def change_reason
+      if resolve_needed?
+        if unlocking?
+          unlocking_reason
         else
-          @unlocking_ruby ? "ruby" : ""
+          lockfile_changed_reason
         end
+      else
+        "some dependencies were deleted from your gemfile"
+      end
+    end
-        return "bundler is unlocking #{unlock_reason}"
+    def unlocking_reason
+      unlock_targets = if @gems_to_unlock.any?
+        ["gems", @gems_to_unlock]
+      elsif @sources_to_unlock.any?
+        ["sources", @sources_to_unlock]
       end
+      unlock_reason = if unlock_targets
+        "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+      else
+        @unlocking_ruby ? "ruby" : ""
+      end
+      "bundler is unlocking #{unlock_reason}"
+    end
+    def lockfile_changed_reason
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
@@ -1105,27 +1131,27 @@ module Bundler
       current == proposed
     end
-    def additional_base_requirements_to_prevent_downgrades(resolution_packages)
-      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+    def additional_base_requirements_to_prevent_downgrades(resolution_base)
+      return resolution_base unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
       @originally_locked_specs.each do |locked_spec|
         next if locked_spec.source.is_a?(Source::Path)
         name = locked_spec.name
         next if @changed_dependencies.include?(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
+        resolution_base.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
-      resolution_packages
+      resolution_base
     end
-    def additional_base_requirements_to_force_updates(resolution_packages)
-      return resolution_packages if @explicit_unlocks.empty?
+    def additional_base_requirements_to_force_updates(resolution_base)
+      return resolution_base if @explicit_unlocks.empty?
       full_update = dup_for_full_unlock.resolve
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
+        resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
-      resolution_packages
+      resolution_base
     end
     def dup_for_full_unlock
@@ -1142,25 +1168,16 @@ module Bundler
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
-      @originally_invalid_platforms = platforms.select do |platform|
-        next if local_platform == platform ||
-                @new_platforms.include?(platform)
-        # We should probably avoid removing non-ruby platforms, since that means
-        # lockfile will no longer install on those platforms, so a error to give
-        # heads up to the user may be better. However, we have tests expecting
-        # non ruby platform autoremoval to work, so leaving that in place for
-        # now.
-        next if @dependency_changes && platform != Gem::Platform::RUBY
+      skips = (@new_platforms + [local_platform]).uniq
-        spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
-      end
-      @platforms -= @originally_invalid_platforms
-    end
+      # We should probably avoid removing non-ruby platforms, since that means
+      # lockfile will no longer install on those platforms, so a error to give
+      # heads up to the user may be better. However, we have tests expecting
+      # non ruby platform autoremoval to work, so leaving that in place for
+      # now.
+      skips |= platforms - [Gem::Platform::RUBY] if @dependency_changes
-    def spec_set_incomplete_for_platform?(spec_set, platform)
-      spec_set.incomplete_for_platform?(current_dependencies, platform)
+      @originally_invalid_platforms = @originally_locked_specs.remove_invalid_platforms!(current_dependencies, platforms, skips: skips)
     end
     def source_map

data/lib/bundler/friendly_errors.rb CHANGED Viewed

@@ -80,7 +80,7 @@ module Bundler
         First, try this link to see if there are any existing issue reports for this error:
         #{issues_url(e)}
-        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}, and copy and paste the report template above in there.
+        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}. Make sure to copy and paste the full output of this command under the "What happened instead?" section.
       EOS
     end

data/lib/bundler/installer.rb CHANGED Viewed

@@ -212,7 +212,7 @@ module Bundler
     def load_plugins
       Gem.load_plugins
-      requested_path_gems = @definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
+      requested_path_gems = @definition.specs.select {|s| s.source.is_a?(Source::Path) }
       path_plugin_files = requested_path_gems.flat_map do |spec|
         spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
       rescue TypeError

data/lib/bundler/lazy_specification.rb CHANGED Viewed

@@ -213,22 +213,31 @@ module Bundler
       end
       if search.nil? && fallback_to_non_installable
         search = candidates.last
-      elsif search && search.full_name == full_name
-        # We don't validate locally installed dependencies but accept what's in
-        # the lockfile instead for performance, since loading locally installed
-        # dependencies would mean evaluating all gemspecs, which would affect
-        # `bundler/setup` performance
-        if search.is_a?(StubSpecification)
-          search.dependencies = dependencies
-        else
-          if !source.is_a?(Source::Path) && search.runtime_dependencies.sort != dependencies.sort
-            raise IncorrectLockfileDependencies.new(self)
-          end
+      end
-          search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
-        end
+      if search
+        validate_dependencies(search) if search.platform == platform
+        search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
       end
       search
     end
+    # Validate dependencies of this locked spec are consistent with dependencies
+    # of the actual spec that was materialized.
+    #
+    # Note that we don't validate dependencies of locally installed gems but
+    # accept what's in the lockfile instead for performance, since loading
+    # dependencies of locally installed gems would mean evaluating all gemspecs,
+    # which would affect `bundler/setup` performance.
+    def validate_dependencies(spec)
+      if spec.is_a?(StubSpecification)
+        spec.dependencies = dependencies
+      else
+        if !source.is_a?(Source::Path) && spec.runtime_dependencies.sort != dependencies.sort
+          raise IncorrectLockfileDependencies.new(self)
+        end
+      end
+    end
   end
 end

data/lib/bundler/resolver.rb CHANGED Viewed

@@ -312,6 +312,16 @@ module Bundler
       "Gemfile"
     end
+    def raise_incomplete!(incomplete_specs)
+      raise_not_found!(@base.get_package(incomplete_specs.first.name))
+    end
+    def sort_versions_by_preferred(package, versions)
+      @gem_version_promoter.sort_versions(package, versions)
+    end
+    private
     def raise_not_found!(package)
       name = package.name
       source = source_for(name)
@@ -348,12 +358,6 @@ module Bundler
       raise GemNotFound, message
     end
-    def sort_versions_by_preferred(package, versions)
-      @gem_version_promoter.sort_versions(package, versions)
-    end
-    private
     def filtered_versions_for(package)
       @gem_version_promoter.filter_versions(package, @all_versions[package])
     end

data/lib/bundler/spec_set.rb CHANGED Viewed

@@ -29,9 +29,10 @@ module Bundler
     end
     def normalize_platforms!(deps, platforms)
-      complete_platforms = add_extra_platforms!(platforms)
+      remove_invalid_platforms!(deps, platforms)
+      add_extra_platforms!(platforms)
-      complete_platforms.map do |platform|
+      platforms.map! do |platform|
         next platform if platform == Gem::Platform::RUBY
         begin
@@ -44,7 +45,7 @@ module Bundler
         next platform if incomplete_for_platform?(deps, less_specific_platform)
         less_specific_platform
-      end.uniq
+      end.uniq!
     end
     def add_originally_invalid_platforms!(platforms, originally_invalid_platforms)
@@ -53,6 +54,20 @@ module Bundler
       end
     end
+    def remove_invalid_platforms!(deps, platforms, skips: [])
+      invalid_platforms = []
+      platforms.reject! do |platform|
+        next false if skips.include?(platform)
+        invalid = incomplete_for_platform?(deps, platform)
+        invalid_platforms << platform if invalid
+        invalid
+      end
+      invalid_platforms
+    end
     def add_extra_platforms!(platforms)
       if @specs.empty?
         platforms.concat([Gem::Platform::RUBY]).uniq
@@ -68,6 +83,7 @@ module Bundler
       return if new_platforms.empty?
       platforms.concat(new_platforms)
+      return if new_platforms.include?(Bundler.local_platform)
       less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform && platform === Bundler.local_platform }
       platforms.delete(Bundler.local_platform) if less_specific_platform
@@ -129,12 +145,15 @@ module Bundler
     end
     def incomplete_for_platform?(deps, platform)
-      return false if @specs.empty?
+      incomplete_specs_for_platform(deps, platform).any?
+    end
+    def incomplete_specs_for_platform(deps, platform)
+      return [] if @specs.empty?
       validation_set = self.class.new(@specs)
       validation_set.for(deps, [platform])
-      validation_set.incomplete_specs.any?
+      validation_set.incomplete_specs
     end
     def missing_specs_for(deps)
@@ -180,7 +199,7 @@ module Bundler
     end
     def version_for(name)
-      self[name].first&.version
+      exemplary_spec(name)&.version
     end
     def what_required(spec)
@@ -285,8 +304,13 @@ module Bundler
     end
     def additional_variants_from(other)
-      other.select do |spec|
-        version_for(spec.name) == spec.version && valid_dependencies?(spec)
+      other.select do |other_spec|
+        spec = exemplary_spec(other_spec.name)
+        next unless spec
+        selected = spec.version == other_spec.version && valid_dependencies?(other_spec)
+        other_spec.source = spec.source if selected
+        selected
       end
     end
@@ -363,5 +387,9 @@ module Bundler
       hash[key] ||= []
       hash[key] << value
     end
+    def exemplary_spec(name)
+      self[name].first
+    end
   end
 end

data/lib/bundler/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 module Bundler
-  VERSION = "2.6.7".freeze
+  VERSION = "2.6.9".freeze
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.6.7
+  version: 2.6.9
 platform: ruby
 authors:
 - André Arko
@@ -55,6 +55,8 @@ files:
 - lib/bundler/cli/config.rb
 - lib/bundler/cli/console.rb
 - lib/bundler/cli/doctor.rb
+- lib/bundler/cli/doctor/diagnose.rb
+- lib/bundler/cli/doctor/ssl.rb
 - lib/bundler/cli/exec.rb
 - lib/bundler/cli/fund.rb
 - lib/bundler/cli/gem.rb
@@ -412,7 +414,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.3.3
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: The best way to manage your application's dependencies
 test_files: []