ruby-changes:65446

https://git.ruby-lang.org/ruby.git/commit/?id=f375bc77d2

From f375bc77d2f347dd2a44705b8abd29398feae427 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@r...>
Date: Tue, 2 Mar 2021 20:37:31 +0900
Subject: Merge RubyGems-3.2.11 and Bundler-2.2.11

---
 lib/bundler/definition.rb                         |  74 ++----
 lib/bundler/dsl.rb                                |  63 ++---
 lib/bundler/feature_flag.rb                       |   1 +
 lib/bundler/inline.rb                             |   1 -
 lib/bundler/lockfile_parser.rb                    |  20 +-
 lib/bundler/man/bundle-config.1                   |   6 +
 lib/bundler/man/bundle-config.1.ronn              |   8 +
 lib/bundler/plugin.rb                             |   1 -
 lib/bundler/plugin/installer.rb                   |  17 +-
 lib/bundler/resolver.rb                           |  62 ++---
 lib/bundler/settings.rb                           |   1 +
 lib/bundler/source/rubygems.rb                    |  11 +-
 lib/bundler/source_list.rb                        |  53 ++---
 lib/bundler/version.rb                            |   2 +-
 lib/rubygems.rb                                   |   2 +-
 lib/rubygems/config_file.rb                       |   9 +
 lib/rubygems/core_ext/tcpsocket_init.rb           |  49 ++++
 lib/rubygems/remote_fetcher.rb                    |   1 +
 spec/bundler/bundler/dsl_spec.rb                  |  15 +-
 spec/bundler/bundler/plugin_spec.rb               |   1 -
 spec/bundler/bundler/source_list_spec.rb          |  21 +-
 spec/bundler/commands/exec_spec.rb                |   3 +-
 spec/bundler/commands/post_bundle_message_spec.rb |  11 +-
 spec/bundler/install/gemfile/gemspec_spec.rb      |  15 +-
 spec/bundler/install/gemfile/sources_spec.rb      | 271 ++++++++--------------
 spec/bundler/install/gems/flex_spec.rb            |  32 ++-
 spec/bundler/lock/lockfile_spec.rb                |  35 ++-
 spec/bundler/other/major_deprecation_spec.rb      | 104 +++------
 spec/bundler/support/indexes.rb                   |   2 +-
 test/rubygems/test_gem.rb                         |  10 +-
 test/rubygems/test_gem_config_file.rb             |  10 +
 test/rubygems/test_gem_remote_fetcher.rb          |   6 +
 32 files changed, 468 insertions(+), 449 deletions(-)
 create mode 100644 lib/rubygems/core_ext/tcpsocket_init.rb

diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index 9178f01..3c25149 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -106,19 +106,6 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L106
         @locked_platforms = []
       end
 
-      @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
-
-      unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
-          "You should regenerate your lockfile in a non frozen environment."
-
-        Bundler::SharedHelpers.major_deprecation 2, msg
-
-        @sources.allow_multisource!
-        @locked_gem_sources.each(&:allow_multisource!)
-      end
-
       @unlock[:gems] ||= []
       @unlock[:sources] ||= []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
@@ -158,14 +145,6 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L145
       end
     end
 
-    def disable_multisource?
-      @disable_multisource
-    end
-
-    def allow_multisource!
-      @disable_multisource = false
-    end
-
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -285,7 +264,7 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L264
           # Run a resolve against the locally available gems
           Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
           expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
-          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+          Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
         end
       end
     end
@@ -551,9 +530,6 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L530
     attr_reader :sources
     private :sources
 
-    attr_reader :locked_gem_sources
-    private :locked_gem_sources
-
     def nothing_changed?
       !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
     end
@@ -678,20 +654,21 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L654
     end
 
     def converge_rubygems_sources
-      return false if disable_multisource?
+      return false if Bundler.feature_flag.disable_multisource?
 
-      return false if locked_gem_sources.empty?
+      changes = false
 
+      # Get the RubyGems sources from the Gemfile.lock
+      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
       # Get the RubyGems remotes from the Gemfile
       actual_remotes = sources.rubygems_remotes
-      return false if actual_remotes.empty?
-
-      changes = false
 
       # If there is a RubyGems source in both
-      locked_gem_sources.each do |locked_gem|
-        # Merge the remotes from the Gemfile into the Gemfile.lock
-        changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
+      if !locked_gem_sources.empty? && !actual_remotes.empty?
+        locked_gem_sources.each do |locked_gem|
+          # Merge the remotes from the Gemfile into the Gemfile.lock
+          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
+        end
       end
 
       changes
@@ -916,18 +893,30 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L893
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
-      source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
+      default = sources.default_source
+      source_requirements = { :default => default }
+      default = nil unless Bundler.feature_flag.disable_multisource?
+      dependencies.each do |dep|
+        next unless source = dep.source || default
+        source_requirements[dep.name] = source
+      end
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:global] = index unless disable_multisource?
       source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
       source_requirements
     end
 
     def pinned_spec_names(skip = nil)
-      dependency_source_requirements.reject {|_, source| source == skip }.keys
+      pinned_names = []
+      default = Bundler.feature_flag.disable_multisource? && sources.default_source
+      @dependencies.each do |dep|
+        next unless dep_source = dep.source || default
+        next if dep_source == skip
+        pinned_names << dep.name
+      end
+      pinned_names
     end
 
     def requested_groups
@@ -984,18 +973,5 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/definition.rb#L973
 
       Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
     end
-
-    def dependency_source_requirements
-      @dependency_source_requirements ||= begin
-        source_requirements = {}
-        default = disable_multisource? && sources.default_source
-        dependencies.each do |dep|
-          dep_source = dep.source || default
-          next unless dep_source
-          source_requirements[dep.name] = dep_source
-        end
-        source_requirements
-      end
-    end
   end
 end
diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb
index ef5aaf6..1cc7908 100644
--- a/lib/bundler/dsl.rb
+++ b/lib/bundler/dsl.rb
@@ -24,9 +24,6 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/dsl.rb#L24
     def initialize
       @source               = nil
       @sources              = SourceList.new
-
-      @global_rubygems_sources = []
-
       @git_sources          = {}
       @dependencies         = []
       @groups               = []
@@ -48,7 +45,6 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/dsl.rb#L45
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
       instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
-      check_primary_source_safety
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -168,7 +164,8 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/dsl.rb#L164
       elsif block_given?
         with_source(@sources.add_rubygems_source("remotes" => source), &blk)
       else
-        @global_rubygems_sources << source
+        check_primary_source_safety(@sources)
+        @sources.global_rubygems_source = source
       end
     end
 
@@ -186,14 +183,24 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/dsl.rb#L183
     end
 
     def path(path, options = {}, &blk)
+      unless block_given?
+        msg = "You can no longer specify a pat (... truncated)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/