summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Rodríguez <2887858+deivid-rodriguez@users.noreply.github.com>2025-09-10 10:43:30 +0200
committerHiroshi SHIBATA <hsbt@ruby-lang.org>2025-09-16 17:17:32 +0900
commit26f9911c7190d5343fb775f54fc2472cd6fe632b (patch)
treebd603d77f70595865ee578af292f519cdae205a3
parent0a5a0eeab45fb2db176b681159b328b3fdf95408 (diff)
[rubygems/rubygems] Multisource checks are only relevant when there's a lockfile
https://github.com/rubygems/rubygems/commit/4c110d3289
-rw-r--r--lib/bundler/definition.rb26
1 files changed, 13 insertions, 13 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index bd424609c9..dbfed9f67f 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -117,6 +117,19 @@ module Bundler
@locked_specs = @originally_locked_specs
@locked_sources = @originally_locked_sources
end
+
+ locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+ @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
+
+ if @multisource_allowed
+ unless sources.aggregate_global_source?
+ msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+
+ Bundler::SharedHelpers.major_deprecation 2, msg
+ end
+
+ @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
+ end
else
@locked_gems = nil
@locked_platforms = []
@@ -130,19 +143,6 @@ module Bundler
@locked_checksums = Bundler.feature_flag.lockfile_checksums?
end
- locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
- @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
-
- if @multisource_allowed
- unless sources.aggregate_global_source?
- msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
-
- Bundler::SharedHelpers.major_deprecation 2, msg
- end
-
- @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
- end
-
@unlocking_ruby ||= if @ruby_version && locked_ruby_version_object
@ruby_version.diff(locked_ruby_version_object)
end