Merge RubyGems-3.4.19 and Bundler-2.4.19

lib/bundler.rb

@@ -524,7 +524,7 @@ def load_gemspec(file, validate = false)
       @gemspec_cache[key] ||= load_gemspec_uncached(file, validate)
       # Protect against caching side-effected gemspecs by returning a
       # new instance each time.
-      @gemspec_cache[key].dup if @gemspec_cache[key]
+      @gemspec_cache[key]&.dup
     end
 
     def load_gemspec_uncached(file, validate = false)

lib/bundler/cli/binstubs.rb

@@ -11,7 +11,7 @@ def initialize(options, gems)
     def run
       Bundler.definition.validate_runtime!
       path_option = options["path"]
-      path_option = nil if path_option && path_option.empty?
+      path_option = nil if path_option&.empty?
       Bundler.settings.set_command_option :bin, path_option if options["path"]
       Bundler.settings.set_command_option_if_given :shebang, options["shebang"]
       installer = Installer.new(Bundler.root, Bundler.definition)

lib/bundler/cli/info.rb

@@ -33,7 +33,7 @@ def spec_for_gem(gem_name)
     def default_gem_spec(gem_name)
       return unless Gem::Specification.respond_to?(:find_all_by_name)
       gem_spec = Gem::Specification.find_all_by_name(gem_name).last
-      return gem_spec if gem_spec && gem_spec.respond_to?(:default_gem?) && gem_spec.default_gem?
+      return gem_spec if gem_spec&.default_gem?
     end
 
     def spec_not_found(gem_name)

lib/bundler/cli/install.rb

@@ -154,7 +154,7 @@ def normalize_settings
       end
 
       bin_option = options["binstubs"]
-      bin_option = nil if bin_option && bin_option.empty?
+      bin_option = nil if bin_option&.empty?
       Bundler.settings.set_command_option :bin, bin_option if options["binstubs"]
 
       Bundler.settings.set_command_option_if_given :shebang, options["shebang"]

lib/bundler/cli/outdated.rb

@@ -194,7 +194,7 @@ def print_gem(current_spec, active_spec, dependency, groups)
       end
       current_version = "#{current_spec.version}#{current_spec.git_version}"
 
-      if dependency && dependency.specific?
+      if dependency&.specific?
         dependency_version = %(, requested #{dependency.requirement})
       end
 

lib/bundler/cli/platform.rb

@@ -8,12 +8,12 @@ def initialize(options)
     end
 
     def run
-      platforms, ruby_version = Bundler.ui.silence do
-        locked_ruby_version = Bundler.locked_gems && Bundler.locked_gems.ruby_version&.gsub(/p\d+\Z/, "")
-        gemfile_ruby_version = Bundler.definition.ruby_version && Bundler.definition.ruby_version.single_version_string
-        [Bundler.definition.platforms.map {|p| "* #{p}" },
-         locked_ruby_version || gemfile_ruby_version]
+      ruby_version = if Bundler.locked_gems
+        Bundler.locked_gems.ruby_version&.gsub(/p\d+\Z/, "")
+      else
+        Bundler.definition.ruby_version&.single_version_string
       end
+
       output = []
 
       if options[:ruby]
@@ -23,6 +23,8 @@ def run
           output << "No ruby version specified"
         end
       else
+        platforms = Bundler.definition.platforms.map {|p| "* #{p}" }
+
         output << "Your platform is: #{Gem::Platform.local}"
         output << "Your app has gems that work on these platforms:\n#{platforms.join("\n")}"
 

lib/bundler/definition.rb

@@ -390,8 +390,8 @@ def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
       both_sources.each do |name, (dep, lock_dep)|
         next if dep.nil? || lock_dep.nil?
 
-        gemfile_source = dep.source || sources.default_source
-        lock_source = lock_dep.source || sources.default_source
+        gemfile_source = dep.source || default_source
+        lock_source = lock_dep.source || default_source
         next if lock_source.include?(gemfile_source)
 
         gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
@@ -671,8 +671,8 @@ def converge_locals
 
       Bundler.settings.local_overrides.map do |k, v|
         spec   = @dependencies.find {|s| s.name == k }
-        source = spec && spec.source
-        if source && source.respond_to?(:local_override!)
+        source = spec&.source
+        if source&.respond_to?(:local_override!)
           source.unlock! if @unlock[:gems].include?(spec.name)
           locals << [source, source.local_override!(v)]
         end
@@ -805,26 +805,27 @@ def converge_locked_specs
 
     def converge_specs(specs)
       converged = []
-
-      deps = @dependencies.select do |dep|
-        specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
-      end
+      deps = []
 
       @specs_that_changed_sources = []
 
       specs.each do |s|
+        name = s.name
         dep = @dependencies.find {|d| s.satisfies?(d) }
+        lockfile_source = s.source
 
-        # Replace the locked dependency's source with the equivalent source from the Gemfile
-        s.source = if dep && dep.source
-          gemfile_source = dep.source
-          lockfile_source = s.source
+        if dep
+          gemfile_source = dep.source || default_source
 
           @specs_that_changed_sources << s if gemfile_source != lockfile_source
+          deps << dep if !dep.source || lockfile_source.include?(dep.source)
+          @unlock[:gems] << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source
 
-          gemfile_source
+          # Replace the locked dependency's source with the equivalent source from the Gemfile
+          s.source = gemfile_source
         else
-          sources.get_with_fallback(s.source)
+          # Replace the locked dependency's source with the default source, if the locked source is no longer in the Gemfile
+          s.source = default_source unless sources.get(lockfile_source)
         end
 
         next if @unlock[:sources].include?(s.source.name)
@@ -833,9 +834,9 @@ def converge_specs(specs)
         if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
           new_specs = begin
             s.source.specs
-          rescue PathError, GitError
+          rescue PathError
             # if we won't need the source (according to the lockfile),
-            # don't error if the path/git source isn't available
+            # don't error if the path source isn't available
             next if specs.
                     for(requested_dependencies, false).
                     none? {|locked_spec| locked_spec.source == s.source }
@@ -849,11 +850,11 @@ def converge_specs(specs)
           else
             # If the spec is no longer in the path source, unlock it. This
             # commonly happens if the version changed in the gemspec
-            @unlock[:gems] << s.name
+            @unlock[:gems] << name
           end
         end
 
-        if dep.nil? && requested_dependencies.find {|d| s.name == d.name }
+        if dep.nil? && requested_dependencies.find {|d| name == d.name }
           @unlock[:gems] << s.name
         else
           converged << s
@@ -877,7 +878,7 @@ def source_requirements
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
         all_requirements = source_map.all_requirements
         all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
-        { :default => sources.default_source }.merge(all_requirements)
+        { :default => default_source }.merge(all_requirements)
       else
         { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
@@ -886,7 +887,7 @@ def source_requirements
         source_requirements[dep.name] = sources.metadata_source
       end
 
-      default_bundler_source = source_requirements["bundler"] || sources.default_source
+      default_bundler_source = source_requirements["bundler"] || default_source
 
       if @unlocking_bundler
         default_bundler_source.add_dependency_names("bundler")
@@ -899,6 +900,10 @@ def source_requirements
       source_requirements
     end
 
+    def default_source
+      sources.default_source
+    end
+
     def verify_changed_sources!
       @specs_that_changed_sources.each do |s|
         if s.source.specs.search(s.name).empty?

lib/bundler/dsl.rb

@@ -41,7 +41,7 @@ def initialize
     end
 
     def eval_gemfile(gemfile, contents = nil)
-      expanded_gemfile_path = Pathname.new(gemfile).expand_path(@gemfile && @gemfile.parent)
+      expanded_gemfile_path = Pathname.new(gemfile).expand_path(@gemfile&.parent)
       original_gemfile = @gemfile
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path

lib/bundler/env.rb

@@ -122,7 +122,7 @@ def self.environment
         specs = Bundler.rubygems.find_name(name)
         out << ["  #{name}", "(#{specs.map(&:version).join(",")})"] unless specs.empty?
       end
-      if (exe = caller.last.split(":").first) && exe =~ %r{(exe|bin)/bundler?\z}
+      if (exe = caller.last.split(":").first)&.match? %r{(exe|bin)/bundler?\z}
         shebang = File.read(exe).lines.first
         shebang.sub!(/^#!\s*/, "")
         unless shebang.start_with?(Gem.ruby, "/usr/bin/env ruby")

lib/bundler/fetcher.rb

@@ -61,6 +61,16 @@ def initialize(remote_uri)
       end
     end
 
+    # This error is raised if HTTP authentication is correct, but lacks
+    # necessary permissions.
+    class AuthenticationForbiddenError < HTTPError
+      def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
+        super "Access token could not be authenticated for #{remote_uri}.\n" \
+          "Make sure it's valid and has the necessary scopes configured."
+      end
+    end
+
     # Exceptions classes that should bypass retry attempts. If your password didn't work the
     # first time, it's not going to the third time.
     NET_ERRORS = [:HTTPBadGateway, :HTTPBadRequest, :HTTPFailedDependency,
@@ -70,7 +80,7 @@ def initialize(remote_uri)
                   :HTTPRequestURITooLong, :HTTPUnauthorized, :HTTPUnprocessableEntity,
                   :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
     FAIL_ERRORS = begin
-      fail_errors = [AuthenticationRequiredError, BadAuthenticationError, FallbackError]
+      fail_errors = [AuthenticationRequiredError, BadAuthenticationError, AuthenticationForbiddenError, FallbackError]
       fail_errors << Gem::Requirement::BadRequirementError
       fail_errors.concat(NET_ERRORS.map {|e| Net.const_get(e) })
     end.freeze

lib/bundler/fetcher/compact_index.rb

@@ -15,7 +15,7 @@ def self.compact_index_request(method_name)
           method.bind(self).call(*args, &blk)
         rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
           raise HTTPError, e.message
-        rescue AuthenticationRequiredError
+        rescue AuthenticationRequiredError, BadAuthenticationError
           # Fail since we got a 401 from the server.
           raise
         rescue HTTPError => e
@@ -40,7 +40,7 @@ def specs_for_names(gem_names)
           deps = begin
                    parallel_compact_index_client.dependencies(remaining_gems)
                  rescue TooManyRequestsError
-                   @bundle_worker.stop if @bundle_worker
+                   @bundle_worker&.stop
                    @bundle_worker = nil # reset it.  Not sure if necessary
                    serial_compact_index_client.dependencies(remaining_gems)
                  end
@@ -49,7 +49,7 @@ def specs_for_names(gem_names)
           complete_gems.concat(deps.map(&:first)).uniq!
           remaining_gems = next_gems - complete_gems
         end
-        @bundle_worker.stop if @bundle_worker
+        @bundle_worker&.stop
         @bundle_worker = nil # reset it.  Not sure if necessary
 
         gem_info

lib/bundler/fetcher/downloader.rb

@@ -41,6 +41,8 @@ def fetch(uri, headers = {}, counter = 0)
         when Net::HTTPUnauthorized
           raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
+        when Net::HTTPForbidden
+          raise AuthenticationForbiddenError, uri.host
         when Net::HTTPNotFound
           raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
         else

lib/bundler/fetcher/index.rb

@@ -15,8 +15,7 @@ def specs(_gem_names)
           raise BadAuthenticationError, remote_uri if remote_uri.userinfo
           raise AuthenticationRequiredError, remote_uri
         when /403/
-          raise BadAuthenticationError, remote_uri if remote_uri.userinfo
-          raise AuthenticationRequiredError, remote_uri
+          raise AuthenticationForbiddenError, remote_uri
         else
           raise HTTPError, "Could not fetch specs from #{display_uri} due to underlying error <#{e.message}>"
         end

lib/bundler/friendly_errors.rb

@@ -95,7 +95,7 @@ def exception_message(error)
     def serialized_exception_for(e)
       <<-EOS.gsub(/^ {8}/, "")
         #{e.class}: #{e.message}
-          #{e.backtrace && e.backtrace.join("\n          ").chomp}
+          #{e.backtrace&.join("\n          ")&.chomp}
       EOS
     end
 

lib/bundler/gem_helper.rb

@@ -21,7 +21,7 @@ def tag_prefix=(prefix)
 
       def gemspec(&block)
         gemspec = instance.gemspec
-        block.call(gemspec) if block
+        block&.call(gemspec)
         gemspec
       end
     end
@@ -152,8 +152,7 @@ def allowed_push_host
 
     def gem_push_host
       env_rubygems_host = ENV["RUBYGEMS_HOST"]
-      env_rubygems_host = nil if
-        env_rubygems_host && env_rubygems_host.empty?
+      env_rubygems_host = nil if env_rubygems_host&.empty?
 
       allowed_push_host || env_rubygems_host || "rubygems.org"
     end
@@ -218,7 +217,7 @@ def sh_with_status(cmd, &block)
       SharedHelpers.chdir(base) do
         outbuf = IO.popen(cmd, :err => [:child, :out], &:read)
         status = $?
-        block.call(outbuf) if status.success? && block
+        block&.call(outbuf) if status.success?
         [outbuf, status]
       end
     end

lib/bundler/installer/parallel_installer.rb

@@ -96,7 +96,7 @@ def call
       handle_error if failed_specs.any?
       @specs
     ensure
-      worker_pool && worker_pool.stop
+      worker_pool&.stop
     end
 
     def check_for_unmet_dependencies

lib/bundler/man/bundle-add.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-ADD" "1" "July 2023" "" ""
+.TH "BUNDLE\-ADD" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install

lib/bundler/man/bundle-binstubs.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-BINSTUBS" "1" "July 2023" "" ""
+.TH "BUNDLE\-BINSTUBS" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems

lib/bundler/man/bundle-cache.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CACHE" "1" "July 2023" "" ""
+.TH "BUNDLE\-CACHE" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application

lib/bundler/man/bundle-check.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CHECK" "1" "July 2023" "" ""
+.TH "BUNDLE\-CHECK" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems

lib/bundler/man/bundle-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CLEAN" "1" "July 2023" "" ""
+.TH "BUNDLE\-CLEAN" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory

lib/bundler/man/bundle-config.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CONFIG" "1" "July 2023" "" ""
+.TH "BUNDLE\-CONFIG" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options

lib/bundler/man/bundle-console.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CONSOLE" "1" "July 2023" "" ""
+.TH "BUNDLE\-CONSOLE" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-console\fR \- Deprecated way to open an IRB session with the bundle pre\-loaded

lib/bundler/man/bundle-doctor.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-DOCTOR" "1" "July 2023" "" ""
+.TH "BUNDLE\-DOCTOR" "1" "August 2023" "" ""
 .
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems