diff options
| author | David RodrÃguez <deivid.rodriguez@riseup.net> | 2025-04-12 15:53:13 +0200 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2025-04-15 16:47:16 +0900 |
| commit | 00389b664bc6f5faaaaef9ddb2fb706052a20de4 (patch) | |
| tree | 363343760018fa4abbd9d3551e115954b1bfd96f | |
| parent | 72dc16aa65a9d46f032d7a8d0292f5a5df6aade5 (diff) | |
[rubygems/rubygems] Fix false positive warning about insecurely materialized gem
In frozen mode, the previous logic would not set the platform locked
originally in the materialized specification, and that would trigger the
warning about insecure materialization incorrectly.
https://github.com/rubygems/rubygems/commit/a18001e10c
| -rw-r--r-- | lib/bundler/lazy_specification.rb | 8 | ||||
| -rw-r--r-- | spec/bundler/install/gems/resolving_spec.rb | 5 |
2 files changed, 7 insertions, 6 deletions
diff --git a/lib/bundler/lazy_specification.rb b/lib/bundler/lazy_specification.rb index e617d32410..99970f8336 100644 --- a/lib/bundler/lazy_specification.rb +++ b/lib/bundler/lazy_specification.rb @@ -213,7 +213,9 @@ module Bundler end if search.nil? && fallback_to_non_installable search = candidates.last - elsif search && search.full_name == full_name + end + + if search && search.full_name == full_name # We don't validate locally installed dependencies but accept what's in # the lockfile instead for performance, since loading locally installed # dependencies would mean evaluating all gemspecs, which would affect @@ -224,9 +226,9 @@ module Bundler if !source.is_a?(Source::Path) && search.runtime_dependencies.sort != dependencies.sort raise IncorrectLockfileDependencies.new(self) end - - search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification) end + + search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification) end search end diff --git a/spec/bundler/install/gems/resolving_spec.rb b/spec/bundler/install/gems/resolving_spec.rb index d5335e25bf..21e4a12107 100644 --- a/spec/bundler/install/gems/resolving_spec.rb +++ b/spec/bundler/install/gems/resolving_spec.rb @@ -305,11 +305,10 @@ RSpec.describe "bundle install with install-time dependencies" do it "gives a meaningful error if we're in frozen mode" do expect do - bundle "install --verbose", env: { "BUNDLE_FROZEN" => "true" }, raise_on_error: false + bundle "install", env: { "BUNDLE_FROZEN" => "true" }, raise_on_error: false end.not_to change { lockfile } - expect(err).to include("parallel_tests-3.8.0 requires ruby version >= #{next_ruby_minor}") - expect(err).not_to include("That means the author of parallel_tests (3.8.0) has removed it.") + expect(err).to eq("parallel_tests-3.8.0 requires ruby version >= #{next_ruby_minor}, which is incompatible with the current version, #{Gem.ruby_version}") end end |