Port behavior to bundler 2

[chrismo]

2-0-dev-update is the current branch for 2.0 code.

• unify bundler outdated code? in 1.12 it got some upgrades with --major, --minor, and --patch flags
• 2.0 allows breaking, so make the default level patch.
• Which terminology to use for third version? bundler-patch uses release. outdated uses --patch. SemVer uses patch. Use patch.
• with a little refactoring of Bundler, this code could go into Bundler 1.x, though default behavior would have to change to prevent breaking behavior.
• update --dry-run to match outdated pretty & parseable
• patch includes vulnerable gems - should that behavior go as well? prolly not
• if we include vulnerable gems, what about the modification of the Gemfile requirements to fit the patched version? and esp. Vulnerability code will update gem requirement, broaden into an option. #7. prolly not

Any additional options that Bundler core team decides to exclude in Bundler can stay in this plugin.

[chrismo]

Earlier today, ran existing bundler-patch code against a locally built 2.0.0.dev gem and except for a bug around parsing .ruby-version, all the unit tests passed.

[chrismo]

bundle outdated just grabs the version bundle update would result in and then if it's a major change, outputs it, unless --minor is specified then IF it's a minor change lists it, unless --patch is specified then IF it's a patch change lists it.

[chrismo@momac bundler]$ cat Gemfile
source 'https://rubygems.org'

gem 'rack'
[chrismo@momac bundler]$ cat Gemfile.lock
GEM
  remote: https://rubygems.org/
  specs:
    rack (1.0.0)

PLATFORMS
  ruby

DEPENDENCIES
  rack (= 1.0.0)

BUNDLED WITH
   1.12.4

[chrismo@momac bundler]$ bundle outdated
/Users/chrismo/.rbenv/versions/2.3.0/bin/ruby: warning: RUBY_HEAP_MIN_SLOTS is obsolete. Use RUBY_GC_HEAP_INIT_SLOTS instead.
Fetching source index from https://rubygems.org/
Resolving dependencies....

Outdated gems included in the bundle:
  * rack (newest 1.6.4, installed 1.0.0) in group "default"
[chrismo@momac bundler]$ bundle outdated --patch
/Users/chrismo/.rbenv/versions/2.3.0/bin/ruby: warning: RUBY_HEAP_MIN_SLOTS is obsolete. Use RUBY_GC_HEAP_INIT_SLOTS instead.
Fetching source index from https://rubygems.org/
Resolving dependencies....

Bundle up to date!

... which personally I find confusing, but makes some sense given limitations of bundler update.

question is what should outdated show in that --patch case. it’s correct in that bundle update isn’t going to be able to just patch up to 1.0.1 — it’s incorrect in that the “Bundle up to date!” statement is false.

But, the bottom line for Bundler 2 code, is there's nothing too complicated in outdated that we'd need to reconcile, but we'd want outdated to reflect the output from the resolution bundle patch would do.

[chrismo]

(the flags can be passed in combinations on outdated - my text in prior comment doesn't really call that out)

[chrismo]

Currently trying to setup definition tests in the Bundler codebase. What's there is minimal. I have a lot of testing at that level ... but ... transferring these don't appear to be simple. What I started doing was making a definition builder - there are many other builders there ...

spec/resolver/basic_spec.rb does exist, I don't think I'd found that before. That's good news, minus the bad news of needing to reformat my tests to fit.

I wonder now how duplicative the definition and resolver tests are ... fairly. conservative_definition only has one bit of important code if we're updating all gems, to capture the locked_specs.

Ok, so ... I could let go of definition tests, if I focus in on resolver/basic_spec.rb, and then something at the update 'integration' level ... spec/commands/update_spec.rb

[chrismo]

rubygems/bundler#4676

[chrismo]

A note to future self: IRL Bundler 2 was Bundler 1 minus support for older Rubies and the Bundler 2 referenced in this issue #13 is now slated to be Bundler 3.