Merge pull request #7322 from rubygems/release/bundler_2.5.3_rubygems_3.5.3

Prepare RubyGems 3.5.3 and Bundler 2.5.3

Author: deivid-rodriguez

CHANGELOG.md

@@ -1,3 +1,9 @@
+# 3.5.3 / 2023-12-22
+
+## Enhancements:
+
+* Installs bundler 2.5.3 as a default gem.
+
 # 3.5.2 / 2023-12-21
 
 ## Enhancements:

bundler/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 2.5.3 (December 22, 2023)
+
+## Bug fixes:
+
+  - Fix incorrect error when Gemfile overrides a gemspec development dependency [#7319](https://github.com/rubygems/rubygems/pull/7319)
+
 # 2.5.2 (December 21, 2023)
 
 ## Enhancements:

bundler/lib/bundler/dependency.rb

@@ -68,6 +68,10 @@ def should_include?
       @should_include && current_env? && current_platform?
     end
 
+    def gemspec_dev_dep?
+      type == :development
+    end
+
     def current_env?
       return true unless @env
       if @env.is_a?(Hash)

bundler/lib/bundler/dsl.rb

@@ -103,16 +103,21 @@ def gem(name, *args)
       # if there's already a dependency with this name we try to prefer one
       if current = @dependencies.find {|d| d.name == dep.name }
         # Always prefer the dependency from the Gemfile
-        deleted_dep = @dependencies.delete(current) if current.type == :development
+        @dependencies.delete(current) if current.gemspec_dev_dep?
 
         if current.requirement != dep.requirement
           current_requirement_open = current.requirements_list.include?(">= 0")
 
-          if current.type == :development
-            unless current_requirement_open || dep.type == :development
-              Bundler.ui.warn "A gemspec development dependency (#{dep.name}, #{current.requirement}) is being overridden by a Gemfile dependency (#{dep.name}, #{dep.requirement}).\n" \
-                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n" \
+          gemspec_dep = [dep, current].find(&:gemspec_dev_dep?)
+          if gemspec_dep
+            gemfile_dep = [dep, current].find(&:runtime?)
+
+            unless current_requirement_open
+              Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
+                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
             end
+
+            return if dep.gemspec_dev_dep?
           else
             update_prompt = ""
 
@@ -130,8 +135,8 @@ def gem(name, *args)
                            "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
                            "#{update_prompt}"
           end
-        elsif current.type == :development || dep.type == :development
-          return if deleted_dep.nil?
+        elsif current.gemspec_dev_dep? || dep.gemspec_dev_dep?
+          return if dep.gemspec_dev_dep?
         elsif current.source != dep.source
           raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
                           "You specified that #{dep.name} (#{dep.requirement}) should come from " \

bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.2".freeze
+  VERSION = "2.5.3".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

bundler/spec/commands/install_spec.rb

@@ -460,6 +460,35 @@
       expect(the_bundle).to include_gems("rubocop 1.37.1")
     end
 
+    it "warns when a Gemfile dependency is overriding a gemspec development dependency, with different requirements" do
+      build_lib "my-gem", path: bundled_app do |s|
+        s.add_development_dependency "rails", ">= 5"
+      end
+
+      build_repo4 do
+        build_gem "rails", "7.0.8"
+      end
+
+      gemfile <<~G
+        source "#{file_uri_for(gem_repo4)}"
+
+        gem "rails", "~> 7.0.8"
+
+        gemspec
+      G
+
+      bundle :install
+
+      expect(err).to include("A gemspec development dependency (rails, >= 5) is being overridden by a Gemfile dependency (rails, ~> 7.0.8).")
+      expect(err).to include("This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement")
+
+      # This is not the best behavior I believe, it would be better if both
+      # requirements are considered if they are compatible, and a version
+      # satisfying both is chosen. But not sure about changing it right now, so
+      # I went with a warning for the time being.
+      expect(the_bundle).to include_gems("rails 7.0.8")
+    end
+
     it "does not warn if a gem is added once in Gemfile and also inside a gemspec as a development dependency, with same requirements, and different sources" do
       build_lib "my-gem", path: bundled_app do |s|
         s.add_development_dependency "activesupport"

lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "3.5.2"
+  VERSION = "3.5.3"
 end
 
 # Must be first since it unloads the prelude from 1.9.2

lib/rubygems/safe_marshal/elements.rb

@@ -133,6 +133,14 @@ def initialize(sign, data)
         end
         attr_reader :sign, :data
       end
+
+      class UserClass < Element
+        def initialize(name, wrapped_object)
+          @name = name
+          @wrapped_object = wrapped_object
+        end
+        attr_reader :name, :wrapped_object
+      end
     end
   end
 end

lib/rubygems/safe_marshal/reader.rb

@@ -299,7 +299,9 @@ def read_struct
       end
 
       def read_user_class
-        raise NotImplementedError, "Reading Marshal objects of type user_class is not implemented"
+        name = read_element
+        wrapped_object = read_element
+        Elements::UserClass.new(name, wrapped_object)
       end
     end
   end

lib/rubygems/safe_marshal/visitors/to_ruby.rb

@@ -247,6 +247,30 @@ def visit_Gem_SafeMarshal_Elements_Bignum(b)
         end
       end
 
+      def visit_Gem_SafeMarshal_Elements_UserClass(r)
+        if resolve_class(r.name) == ::Hash && r.wrapped_object.is_a?(Elements::Hash)
+
+          hash = register_object({}.compare_by_identity)
+
+          o = r.wrapped_object
+          o.pairs.each_with_index do |(k, v), i|
+            push_stack i
+            k = visit(k)
+            push_stack k
+            hash[k] = visit(v)
+          end
+
+          if o.is_a?(Elements::HashWithDefaultValue)
+            push_stack :default
+            hash.default = visit(o.default)
+          end
+
+          hash
+        else
+          raise UnsupportedError.new("Unsupported user class #{resolve_class(r.name)} in marshal stream", stack: formatted_stack)
+        end
+      end
+
       def resolve_class(n)
         @class_cache[n] ||= begin
           to_s = resolve_symbol_name(n)
@@ -375,6 +399,12 @@ def initialize(name:, stack:)
         end
       end
 
+      class UnsupportedError < Error
+        def initialize(message, stack:)
+          super "#{message} @ #{stack.join "."}"
+        end
+      end
+
       class FormatError < Error
       end