diff options
author | Daniel Niknam <mhmd.niknam@gmail.com> | 2021-07-24 17:25:48 +1000 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-07-27 09:25:57 +0900 |
commit | 1ef360230ec0bf078124a3001ef2e1ae7886e236 (patch) | |
tree | a3fefe258b29fd1b569b5feddb5728bdeffaa67d /lib/bundler/dsl.rb | |
parent | 2f9e0cf1819b8679abe79494f622e1a42d7e021d (diff) |
[rubygems/rubygems] Deprecate Gemfile without an explicit global source
Raise a warning when parsing a Gemfile and it doesn't have a global source. Gemfiles like this, specially now that rubygems sources are are no longer merged into a single source for security, are very confusing because they generate a different lockfile depending on the gems you have locally installed. This is because bundler always use an implicit global source that defaults to locally installed gems.
https://github.com/rubygems/rubygems/commit/b7523ad21c
Diffstat (limited to 'lib/bundler/dsl.rb')
-rw-r--r-- | lib/bundler/dsl.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb index ac955894a7..4e38df1ce9 100644 --- a/lib/bundler/dsl.rb +++ b/lib/bundler/dsl.rb @@ -447,6 +447,13 @@ repo_name ||= user_name end def check_rubygems_source_safety + if @sources.implicit_global_source? + Bundler::SharedHelpers.major_deprecation 2, "This Gemfile does not include an explicit global source. " \ + "Not using an explicit global source may result in a different lockfile being generated depending on " \ + "the gems you have installed locally before bundler is run." \ + "Instead, define a global source in your Gemfile like this: source \"https://rubygems.org\"." + end + return unless @sources.aggregate_global_source? if Bundler.feature_flag.bundler_3_mode? |