diff options
| author | David RodrÃguez <2887858+deivid-rodriguez@users.noreply.github.com> | 2025-09-10 10:43:30 +0200 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2025-09-16 17:17:32 +0900 |
| commit | 26f9911c7190d5343fb775f54fc2472cd6fe632b (patch) | |
| tree | bd603d77f70595865ee578af292f519cdae205a3 | |
| parent | 0a5a0eeab45fb2db176b681159b328b3fdf95408 (diff) | |
[rubygems/rubygems] Multisource checks are only relevant when there's a lockfile
https://github.com/rubygems/rubygems/commit/4c110d3289
| -rw-r--r-- | lib/bundler/definition.rb | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index bd424609c9..dbfed9f67f 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -117,6 +117,19 @@ module Bundler @locked_specs = @originally_locked_specs @locked_sources = @originally_locked_sources end + + locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } + @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle? + + if @multisource_allowed + unless sources.aggregate_global_source? + msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." + + Bundler::SharedHelpers.major_deprecation 2, msg + end + + @sources.merged_gem_lockfile_sections!(locked_gem_sources.first) + end else @locked_gems = nil @locked_platforms = [] @@ -130,19 +143,6 @@ module Bundler @locked_checksums = Bundler.feature_flag.lockfile_checksums? end - locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } - @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle? - - if @multisource_allowed - unless sources.aggregate_global_source? - msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." - - Bundler::SharedHelpers.major_deprecation 2, msg - end - - @sources.merged_gem_lockfile_sections!(locked_gem_sources.first) - end - @unlocking_ruby ||= if @ruby_version && locked_ruby_version_object @ruby_version.diff(locked_ruby_version_object) end |