RubyGems - bundler - Versions diffs - 1.17.3 → 2.6.3 - Mend

bundler 1.17.3 → 2.6.3

Files changed (426) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3354 -1258
data/LICENSE.md +18 -19
data/README.md +10 -15
data/bundler.gemspec +15 -33
data/exe/bundle +8 -10
data/exe/bundler +1 -1
data/lib/bundler/.document +1 -0
data/lib/bundler/build_metadata.rb +5 -13
data/lib/bundler/capistrano.rb +5 -5
data/lib/bundler/checksum.rb +254 -0
data/lib/bundler/ci_detector.rb +75 -0
data/lib/bundler/cli/add.rb +29 -15
data/lib/bundler/cli/binstubs.rb +13 -5
data/lib/bundler/cli/cache.rb +24 -17
data/lib/bundler/cli/check.rb +7 -5
data/lib/bundler/cli/clean.rb +1 -1
data/lib/bundler/cli/common.rb +50 -14
data/lib/bundler/cli/config.rb +171 -86
data/lib/bundler/cli/console.rb +3 -6
data/lib/bundler/cli/doctor.rb +29 -12
data/lib/bundler/cli/exec.rb +9 -25
data/lib/bundler/cli/fund.rb +36 -0
data/lib/bundler/cli/gem.rb +268 -53
data/lib/bundler/cli/info.rb +51 -18
data/lib/bundler/cli/init.rb +7 -3
data/lib/bundler/cli/inject.rb +2 -2
data/lib/bundler/cli/install.rb +55 -73
data/lib/bundler/cli/issue.rb +9 -8
data/lib/bundler/cli/list.rb +19 -11
data/lib/bundler/cli/lock.rb +56 -26
data/lib/bundler/cli/open.rb +10 -7
data/lib/bundler/cli/outdated.rb +159 -128
data/lib/bundler/cli/platform.rb +8 -6
data/lib/bundler/cli/plugin.rb +23 -12
data/lib/bundler/cli/pristine.rb +39 -26
data/lib/bundler/cli/remove.rb +1 -2
data/lib/bundler/cli/show.rb +7 -7
data/lib/bundler/cli/update.rb +51 -19
data/lib/bundler/cli/viz.rb +1 -1
data/lib/bundler/cli.rb +399 -390
data/lib/bundler/compact_index_client/cache.rb +55 -77
data/lib/bundler/compact_index_client/cache_file.rb +148 -0
data/lib/bundler/compact_index_client/gem_parser.rb +32 -0
data/lib/bundler/compact_index_client/parser.rb +84 -0
data/lib/bundler/compact_index_client/updater.rb +72 -84
data/lib/bundler/compact_index_client.rb +61 -73
data/lib/bundler/constants.rb +9 -2
data/lib/bundler/current_ruby.rb +20 -21
data/lib/bundler/definition.rb +663 -505
data/lib/bundler/dependency.rb +38 -71
data/lib/bundler/deployment.rb +1 -1
data/lib/bundler/digest.rb +71 -0
data/lib/bundler/dsl.rb +171 -152
data/lib/bundler/endpoint_specification.rb +43 -17
data/lib/bundler/env.rb +11 -18
data/lib/bundler/environment_preserver.rb +17 -8
data/lib/bundler/errors.rb +115 -14
data/lib/bundler/feature_flag.rb +15 -39
data/lib/bundler/fetcher/base.rb +12 -12
data/lib/bundler/fetcher/compact_index.rb +41 -47
data/lib/bundler/fetcher/dependency.rb +4 -8
data/lib/bundler/fetcher/downloader.rb +27 -20
data/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
data/lib/bundler/fetcher/index.rb +6 -33
data/lib/bundler/fetcher.rb +109 -90
data/lib/bundler/force_platform.rb +16 -0
data/lib/bundler/friendly_errors.rb +50 -55
data/lib/bundler/gem_helper.rb +81 -46
data/lib/bundler/gem_helpers.rb +78 -29
data/lib/bundler/gem_tasks.rb +1 -1
data/lib/bundler/gem_version_promoter.rb +68 -109
data/lib/bundler/graph.rb +11 -11
data/lib/bundler/index.rb +74 -82
data/lib/bundler/injector.rb +58 -26
data/lib/bundler/inline.rb +59 -35
data/lib/bundler/installer/gem_installer.rb +29 -29
data/lib/bundler/installer/parallel_installer.rb +38 -68
data/lib/bundler/installer/standalone.rb +76 -16
data/lib/bundler/installer.rb +60 -135
data/lib/bundler/lazy_specification.rb +161 -63
data/lib/bundler/lockfile_generator.rb +14 -5
data/lib/bundler/lockfile_parser.rb +150 -109
data/lib/bundler/man/bundle-add.1 +76 -0
data/lib/bundler/man/bundle-add.1.ronn +87 -0
data/{man → lib/bundler/man}/bundle-binstubs.1 +15 -22
data/{man/bundle-binstubs.ronn → lib/bundler/man/bundle-binstubs.1.ronn} +8 -7
data/lib/bundler/man/bundle-cache.1 +68 -0
data/lib/bundler/man/bundle-cache.1.ronn +108 -0
data/{man → lib/bundler/man}/bundle-check.1 +7 -14
data/{man/bundle-check.ronn → lib/bundler/man/bundle-check.1.ronn} +7 -2
data/{man → lib/bundler/man}/bundle-clean.1 +4 -11
data/{man/bundle-clean.ronn → lib/bundler/man/bundle-clean.1.ronn} +1 -1
data/{man → lib/bundler/man}/bundle-config.1 +80 -260
data/{man/bundle-config.ronn → lib/bundler/man/bundle-config.1.ronn} +104 -98
data/lib/bundler/man/bundle-console.1 +33 -0
data/lib/bundler/man/bundle-console.1.ronn +39 -0
data/{man → lib/bundler/man}/bundle-doctor.1 +5 -19
data/{man/bundle-doctor.ronn → lib/bundler/man/bundle-doctor.1.ronn} +1 -1
data/lib/bundler/man/bundle-env.1 +9 -0
data/lib/bundler/man/bundle-env.1.ronn +10 -0
data/{man → lib/bundler/man}/bundle-exec.1 +20 -78
data/{man/bundle-exec.ronn → lib/bundler/man/bundle-exec.1.ronn} +12 -10
data/lib/bundler/man/bundle-fund.1 +22 -0
data/lib/bundler/man/bundle-fund.1.ronn +25 -0
data/lib/bundler/man/bundle-gem.1 +87 -0
data/lib/bundler/man/bundle-gem.1.ronn +149 -0
data/lib/bundler/man/bundle-help.1 +9 -0
data/lib/bundler/man/bundle-help.1.ronn +12 -0
data/lib/bundler/man/bundle-info.1 +17 -0
data/lib/bundler/man/bundle-info.1.ronn +21 -0
data/{man → lib/bundler/man}/bundle-init.1 +8 -13
data/{man/bundle-init.ronn → lib/bundler/man/bundle-init.1.ronn} +5 -2
data/lib/bundler/man/bundle-inject.1 +31 -0
data/{man/bundle-inject.ronn → lib/bundler/man/bundle-inject.1.ronn} +12 -2
data/{man → lib/bundler/man}/bundle-install.1 +65 -155
data/{man/bundle-install.ronn → lib/bundler/man/bundle-install.1.ronn} +66 -57
data/lib/bundler/man/bundle-issue.1 +45 -0
data/lib/bundler/man/bundle-issue.1.ronn +37 -0
data/lib/bundler/man/bundle-licenses.1 +9 -0
data/lib/bundler/man/bundle-licenses.1.ronn +10 -0
data/{man → lib/bundler/man}/bundle-list.1 +9 -24
data/{man/bundle-list.ronn → lib/bundler/man/bundle-list.1.ronn} +10 -7
data/{man → lib/bundler/man}/bundle-lock.1 +25 -34
data/{man/bundle-lock.ronn → lib/bundler/man/bundle-lock.1.ronn} +25 -4
data/lib/bundler/man/bundle-open.1 +32 -0
data/{man/bundle-open.ronn → lib/bundler/man/bundle-open.1.ronn} +10 -1
data/{man → lib/bundler/man}/bundle-outdated.1 +23 -75
data/{man/bundle-outdated.ronn → lib/bundler/man/bundle-outdated.1.ronn} +21 -22
data/lib/bundler/man/bundle-platform.1 +49 -0
data/{man/bundle-platform.ronn → lib/bundler/man/bundle-platform.1.ronn} +14 -7
data/lib/bundler/man/bundle-plugin.1 +58 -0
data/lib/bundler/man/bundle-plugin.1.ronn +63 -0
data/{man → lib/bundler/man}/bundle-pristine.1 +5 -16
data/{man/bundle-pristine.ronn → lib/bundler/man/bundle-pristine.1.ronn} +1 -1
data/{man → lib/bundler/man}/bundle-remove.1 +4 -14
data/{man/bundle-remove.ronn → lib/bundler/man/bundle-remove.1.ronn} +1 -1
data/{man → lib/bundler/man}/bundle-show.1 +7 -11
data/{man/bundle-show.ronn → lib/bundler/man/bundle-show.1.ronn} +4 -0
data/{man → lib/bundler/man}/bundle-update.1 +35 -148
data/{man/bundle-update.ronn → lib/bundler/man/bundle-update.1.ronn} +21 -12
data/lib/bundler/man/bundle-version.1 +22 -0
data/lib/bundler/man/bundle-version.1.ronn +24 -0
data/{man → lib/bundler/man}/bundle-viz.1 +9 -18
data/{man/bundle-viz.ronn → lib/bundler/man/bundle-viz.1.ronn} +9 -3
data/{man → lib/bundler/man}/bundle.1 +19 -53
data/{man/bundle.ronn → lib/bundler/man/bundle.1.ronn} +14 -9
data/{man → lib/bundler/man}/gemfile.5 +139 -356
data/{man → lib/bundler/man}/gemfile.5.ronn +134 -97
data/{man → lib/bundler/man}/index.txt +9 -1
data/lib/bundler/match_metadata.rb +17 -0
data/lib/bundler/match_platform.rb +2 -3
data/lib/bundler/match_remote_metadata.rb +29 -0
data/lib/bundler/materialization.rb +59 -0
data/lib/bundler/mirror.rb +10 -12
data/lib/bundler/plugin/api/source.rb +34 -18
data/lib/bundler/plugin/api.rb +1 -1
data/lib/bundler/plugin/dsl.rb +1 -1
data/lib/bundler/plugin/events.rb +24 -0
data/lib/bundler/plugin/index.rb +44 -9
data/lib/bundler/plugin/installer/git.rb +0 -4
data/lib/bundler/plugin/installer/path.rb +18 -0
data/lib/bundler/plugin/installer/rubygems.rb +1 -9
data/lib/bundler/plugin/installer.rb +63 -27
data/lib/bundler/plugin/source_list.rb +5 -1
data/lib/bundler/plugin.rb +131 -45
data/lib/bundler/process_lock.rb +10 -14
data/lib/bundler/remote_specification.rb +22 -10
data/lib/bundler/resolver/base.rb +118 -0
data/lib/bundler/resolver/candidate.rb +82 -0
data/lib/bundler/resolver/incompatibility.rb +15 -0
data/lib/bundler/resolver/package.rb +90 -0
data/lib/bundler/resolver/root.rb +25 -0
data/lib/bundler/resolver/spec_group.rb +60 -68
data/lib/bundler/resolver.rb +454 -303
data/lib/bundler/retry.rb +6 -6
data/lib/bundler/ruby_dsl.rb +51 -7
data/lib/bundler/ruby_version.rb +23 -38
data/lib/bundler/rubygems_ext.rb +357 -98
data/lib/bundler/rubygems_gem_installer.rb +131 -65
data/lib/bundler/rubygems_integration.rb +149 -591
data/lib/bundler/runtime.rb +51 -51
data/lib/bundler/safe_marshal.rb +31 -0
data/lib/bundler/self_manager.rb +206 -0
data/lib/bundler/settings.rb +271 -135
data/lib/bundler/setup.rb +23 -12
data/lib/bundler/shared_helpers.rb +127 -117
data/lib/bundler/similarity_detector.rb +3 -3
data/lib/bundler/source/git/git_proxy.rb +326 -127
data/lib/bundler/source/git.rb +207 -88
data/lib/bundler/source/metadata.rb +19 -18
data/lib/bundler/source/path/installer.rb +11 -32
data/lib/bundler/source/path.rb +39 -38
data/lib/bundler/source/rubygems/remote.rb +3 -4
data/lib/bundler/source/rubygems.rb +223 -255
data/lib/bundler/source/rubygems_aggregate.rb +68 -0
data/lib/bundler/source.rb +33 -11
data/lib/bundler/source_list.rb +131 -66
data/lib/bundler/source_map.rb +71 -0
data/lib/bundler/spec_set.rb +239 -94
data/lib/bundler/stub_specification.rb +77 -39
data/lib/bundler/templates/Executable +3 -5
data/lib/bundler/templates/Executable.bundler +23 -19
data/lib/bundler/templates/Executable.standalone +4 -4
data/lib/bundler/templates/Gemfile +0 -2
data/lib/bundler/templates/newgem/CHANGELOG.md.tt +5 -0
data/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +104 -46
data/lib/bundler/templates/newgem/Cargo.toml.tt +7 -0
data/lib/bundler/templates/newgem/Gemfile.tt +19 -2
data/lib/bundler/templates/newgem/README.md.tt +18 -16
data/lib/bundler/templates/newgem/Rakefile.tt +44 -6
data/lib/bundler/templates/newgem/bin/console.tt +1 -4
data/lib/bundler/templates/newgem/circleci/config.yml.tt +25 -0
data/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +15 -0
data/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt +10 -0
data/lib/bundler/templates/newgem/ext/newgem/extconf-rust.rb.tt +6 -0
data/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +1 -1
data/lib/bundler/templates/newgem/ext/newgem/src/lib.rs.tt +12 -0
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +37 -0
data/lib/bundler/templates/newgem/gitignore.tt +3 -0
data/lib/bundler/templates/newgem/gitlab-ci.yml.tt +18 -0
data/lib/bundler/templates/newgem/lib/newgem/version.rb.tt +2 -0
data/lib/bundler/templates/newgem/lib/newgem.rb.tt +4 -2
data/lib/bundler/templates/newgem/newgem.gemspec.tt +37 -40
data/lib/bundler/templates/newgem/rubocop.yml.tt +8 -0
data/lib/bundler/templates/newgem/sig/newgem.rbs.tt +8 -0
data/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +2 -0
data/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +2 -1
data/lib/bundler/templates/newgem/standard.yml.tt +3 -0
data/lib/bundler/templates/newgem/test/minitest/test_helper.rb.tt +6 -0
data/lib/bundler/templates/newgem/test/{newgem_test.rb.tt → minitest/test_newgem.rb.tt} +3 -1
data/lib/bundler/templates/newgem/test/test-unit/newgem_test.rb.tt +15 -0
data/lib/bundler/templates/newgem/test/test-unit/test_helper.rb.tt +6 -0
data/lib/bundler/ui/rg_proxy.rb +2 -2
data/lib/bundler/ui/shell.rb +64 -23
data/lib/bundler/ui/silent.rb +33 -6
data/lib/bundler/ui.rb +3 -3
data/lib/bundler/uri_credentials_filter.rb +11 -5
data/lib/bundler/uri_normalizer.rb +23 -0
data/lib/bundler/vendor/.document +1 -0
data/lib/bundler/vendor/connection_pool/.document +1 -0
data/lib/bundler/vendor/connection_pool/LICENSE +20 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +174 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +3 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +56 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +175 -0
data/lib/bundler/vendor/fileutils/.document +1 -0
data/lib/bundler/vendor/fileutils/COPYING +56 -0
data/lib/bundler/vendor/fileutils/lib/fileutils.rb +1490 -432
data/lib/bundler/vendor/net-http-persistent/.document +1 -0
data/lib/bundler/vendor/net-http-persistent/README.rdoc +82 -0
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +41 -0
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +65 -0
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +79 -0
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +362 -484
data/lib/bundler/vendor/pub_grub/.document +1 -0
data/lib/bundler/vendor/pub_grub/LICENSE.txt +21 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/assignment.rb +20 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/basic_package_source.rb +189 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/failure_writer.rb +182 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/incompatibility.rb +150 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/package.rb +43 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/partial_solution.rb +121 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/rubygems.rb +45 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/solve_failure.rb +19 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +61 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/term.rb +105 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version.rb +3 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_constraint.rb +129 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_range.rb +411 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb +248 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_union.rb +178 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub.rb +31 -0
data/lib/bundler/vendor/securerandom/.document +1 -0
data/lib/bundler/vendor/securerandom/COPYING +56 -0
data/lib/bundler/vendor/securerandom/lib/securerandom.rb +102 -0
data/lib/bundler/vendor/thor/.document +1 -0
data/lib/bundler/vendor/thor/LICENSE.md +20 -0
data/lib/bundler/vendor/thor/lib/thor/actions/create_file.rb +4 -3
data/lib/bundler/vendor/thor/lib/thor/actions/create_link.rb +3 -2
data/lib/bundler/vendor/thor/lib/thor/actions/directory.rb +8 -18
data/lib/bundler/vendor/thor/lib/thor/actions/empty_directory.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +27 -20
data/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb +34 -13
data/lib/bundler/vendor/thor/lib/thor/actions.rb +47 -28
data/lib/bundler/vendor/thor/lib/thor/base.rb +200 -54
data/lib/bundler/vendor/thor/lib/thor/command.rb +34 -18
data/lib/bundler/vendor/thor/lib/thor/core_ext/hash_with_indifferent_access.rb +10 -0
data/lib/bundler/vendor/thor/lib/thor/error.rb +74 -0
data/lib/bundler/vendor/thor/lib/thor/group.rb +15 -4
data/lib/bundler/vendor/thor/lib/thor/invocation.rb +2 -1
data/lib/bundler/vendor/thor/lib/thor/line_editor/basic.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/line_editor/readline.rb +6 -6
data/lib/bundler/vendor/thor/lib/thor/line_editor.rb +2 -2
data/lib/bundler/vendor/thor/lib/thor/nested_context.rb +29 -0
data/lib/bundler/vendor/thor/lib/thor/parser/argument.rb +17 -1
data/lib/bundler/vendor/thor/lib/thor/parser/arguments.rb +35 -15
data/lib/bundler/vendor/thor/lib/thor/parser/option.rb +45 -13
data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +86 -13
data/lib/bundler/vendor/thor/lib/thor/parser.rb +4 -4
data/lib/bundler/vendor/thor/lib/thor/rake_compat.rb +3 -2
data/lib/bundler/vendor/thor/lib/thor/runner.rb +51 -40
data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +99 -148
data/lib/bundler/vendor/thor/lib/thor/shell/color.rb +6 -43
data/lib/bundler/vendor/thor/lib/thor/shell/column_printer.rb +29 -0
data/lib/bundler/vendor/thor/lib/thor/shell/html.rb +4 -49
data/lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb +118 -0
data/lib/bundler/vendor/thor/lib/thor/shell/terminal.rb +42 -0
data/lib/bundler/vendor/thor/lib/thor/shell/wrapped_printer.rb +38 -0
data/lib/bundler/vendor/thor/lib/thor/shell.rb +6 -6
data/lib/bundler/vendor/thor/lib/thor/util.rb +26 -9
data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor.rb +182 -17
data/lib/bundler/vendor/tsort/.document +1 -0
data/lib/bundler/vendor/tsort/LICENSE.txt +22 -0
data/lib/bundler/vendor/tsort/lib/tsort.rb +455 -0
data/lib/bundler/vendor/uri/.document +1 -0
data/lib/bundler/vendor/uri/COPYING +56 -0
data/lib/bundler/vendor/uri/lib/uri/common.rb +876 -0
data/lib/bundler/vendor/uri/lib/uri/file.rb +100 -0
data/lib/bundler/vendor/uri/lib/uri/ftp.rb +267 -0
data/lib/bundler/vendor/uri/lib/uri/generic.rb +1578 -0
data/lib/bundler/vendor/uri/lib/uri/http.rb +125 -0
data/lib/bundler/vendor/uri/lib/uri/https.rb +23 -0
data/lib/bundler/vendor/uri/lib/uri/ldap.rb +261 -0
data/lib/bundler/vendor/uri/lib/uri/ldaps.rb +22 -0
data/lib/bundler/vendor/uri/lib/uri/mailto.rb +293 -0
data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +546 -0
data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +206 -0
data/lib/bundler/vendor/uri/lib/uri/version.rb +6 -0
data/lib/bundler/vendor/uri/lib/uri/ws.rb +83 -0
data/lib/bundler/vendor/uri/lib/uri/wss.rb +23 -0
data/lib/bundler/vendor/uri/lib/uri.rb +104 -0
data/lib/bundler/vendored_fileutils.rb +1 -6
data/lib/bundler/vendored_net_http.rb +23 -0
data/lib/bundler/vendored_persistent.rb +1 -42
data/lib/bundler/{vendored_molinillo.rb → vendored_pub_grub.rb} +1 -1
data/lib/bundler/vendored_securerandom.rb +12 -0
data/lib/bundler/vendored_thor.rb +2 -2
data/lib/bundler/vendored_timeout.rb +12 -0
data/lib/bundler/vendored_tsort.rb +4 -0
data/lib/bundler/vendored_uri.rb +21 -0
data/lib/bundler/version.rb +5 -20
data/lib/bundler/vlad.rb +3 -3
data/lib/bundler/worker.rb +26 -15
data/lib/bundler/yaml_serializer.rb +21 -13
data/lib/bundler.rb +364 -230
metadata +186 -218
data/exe/bundle_ruby +0 -60
data/lib/bundler/cli/package.rb +0 -49
data/lib/bundler/compatibility_guard.rb +0 -14
data/lib/bundler/dep_proxy.rb +0 -48
data/lib/bundler/gem_remote_fetcher.rb +0 -43
data/lib/bundler/gemdeps.rb +0 -29
data/lib/bundler/psyched_yaml.rb +0 -37
data/lib/bundler/ssl_certs/certificate_manager.rb +0 -66
data/lib/bundler/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem +0 -21
data/lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem +0 -23
data/lib/bundler/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem +0 -25
data/lib/bundler/templates/gems.rb +0 -8
data/lib/bundler/templates/newgem/ext/newgem/extconf.rb.tt +0 -3
data/lib/bundler/templates/newgem/test/test_helper.rb.tt +0 -4
data/lib/bundler/templates/newgem/travis.yml.tt +0 -7
data/lib/bundler/vendor/molinillo/lib/molinillo/compatibility.rb +0 -26
data/lib/bundler/vendor/molinillo/lib/molinillo/delegates/resolution_state.rb +0 -57
data/lib/bundler/vendor/molinillo/lib/molinillo/delegates/specification_provider.rb +0 -81
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb +0 -36
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +0 -66
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +0 -62
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +0 -63
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +0 -61
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/log.rb +0 -126
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/set_payload.rb +0 -46
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +0 -36
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +0 -136
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +0 -223
data/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +0 -143
data/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +0 -6
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +0 -101
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/ui.rb +0 -67
data/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +0 -837
data/lib/bundler/vendor/molinillo/lib/molinillo/resolver.rb +0 -46
data/lib/bundler/vendor/molinillo/lib/molinillo/state.rb +0 -58
data/lib/bundler/vendor/molinillo/lib/molinillo.rb +0 -12
data/lib/bundler/vendor/net-http-persistent/lib/net/http/faster.rb +0 -27
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/ssl_reuse.rb +0 -129
data/lib/bundler/vendor/thor/lib/thor/core_ext/io_binary_read.rb +0 -12
data/lib/bundler/vendor/thor/lib/thor/core_ext/ordered_hash.rb +0 -129
data/lib/bundler/version_ranges.rb +0 -76
data/man/bundle-add.1 +0 -58
data/man/bundle-add.1.txt +0 -52
data/man/bundle-add.ronn +0 -40
data/man/bundle-binstubs.1.txt +0 -48
data/man/bundle-check.1.txt +0 -33
data/man/bundle-clean.1.txt +0 -26
data/man/bundle-config.1.txt +0 -529
data/man/bundle-doctor.1.txt +0 -44
data/man/bundle-exec.1.txt +0 -178
data/man/bundle-gem.1 +0 -80
data/man/bundle-gem.1.txt +0 -91
data/man/bundle-gem.ronn +0 -78
data/man/bundle-info.1 +0 -20
data/man/bundle-info.1.txt +0 -21
data/man/bundle-info.ronn +0 -17
data/man/bundle-init.1.txt +0 -34
data/man/bundle-inject.1 +0 -33
data/man/bundle-inject.1.txt +0 -32
data/man/bundle-install.1.txt +0 -396
data/man/bundle-list.1.txt +0 -43
data/man/bundle-lock.1.txt +0 -93
data/man/bundle-open.1 +0 -32
data/man/bundle-open.1.txt +0 -29
data/man/bundle-outdated.1.txt +0 -131
data/man/bundle-package.1 +0 -55
data/man/bundle-package.1.txt +0 -79
data/man/bundle-package.ronn +0 -72
data/man/bundle-platform.1 +0 -61
data/man/bundle-platform.1.txt +0 -57
data/man/bundle-pristine.1.txt +0 -44
data/man/bundle-remove.1.txt +0 -34
data/man/bundle-show.1.txt +0 -27
data/man/bundle-update.1.txt +0 -391
data/man/bundle-viz.1.txt +0 -39
data/man/bundle.1.txt +0 -116
data/man/gemfile.5.txt +0 -653
/data/lib/bundler/{ssl_certs → man}/.document +0 -0

data/lib/bundler/definition.rb CHANGED Viewed

@@ -1,21 +1,26 @@
 # frozen_string_literal: true
-require "bundler/lockfile_parser"
-require "set"
+require_relative "lockfile_parser"
 module Bundler
   class Definition
     include GemHelpers
+    class << self
+      # Do not create or modify a lockfile (Makes #lock a noop)
+      attr_accessor :no_lock
+    end
     attr_reader(
       :dependencies,
+      :locked_checksums,
       :locked_deps,
       :locked_gems,
       :platforms,
-      :requires,
       :ruby_version,
       :lockfile,
-      :gemfiles
+      :gemfiles,
+      :sources
     )
     # Given a gemfile and lockfile creates a Bundler definition
@@ -57,38 +62,44 @@ module Bundler
         @unlocking_bundler = false
         @unlocking = unlock
       else
-        unlock = unlock.dup
         @unlocking_bundler = unlock.delete(:bundler)
-        unlock.delete_if {|_k, v| Array(v).empty? }
-        @unlocking = !unlock.empty?
+        @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
       end
       @dependencies    = dependencies
       @sources         = sources
       @unlock          = unlock
       @optional_groups = optional_groups
-      @remote          = false
+      @prefer_local    = false
       @specs           = nil
       @ruby_version    = ruby_version
       @gemfiles        = gemfiles
       @lockfile               = lockfile
       @lockfile_contents      = String.new
       @locked_bundler_version = nil
-      @locked_ruby_version    = nil
-      @locked_specs_incomplete_for_platform = false
+      @resolved_bundler_version = nil
-      if lockfile && File.exist?(lockfile)
+      @locked_ruby_version = nil
+      @new_platforms = []
+      @removed_platform = nil
+      if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
         @locked_gems = LockfileParser.new(@lockfile_contents)
         @locked_platforms = @locked_gems.platforms
+        @most_specific_locked_platform = @locked_gems.most_specific_locked_platform
         @platforms = @locked_platforms.dup
         @locked_bundler_version = @locked_gems.bundler_version
         @locked_ruby_version = @locked_gems.ruby_version
+        @originally_locked_deps = @locked_gems.dependencies
+        @originally_locked_specs = SpecSet.new(@locked_gems.specs)
+        @locked_checksums = @locked_gems.checksums
         if unlock != true
-          @locked_deps    = @locked_gems.dependencies
-          @locked_specs   = SpecSet.new(@locked_gems.specs)
+          @locked_deps    = @originally_locked_deps
+          @locked_specs   = @originally_locked_specs
           @locked_sources = @locked_gems.sources
         else
           @unlock         = {}
@@ -98,64 +109,117 @@ module Bundler
         end
       else
         @unlock         = {}
-        @platforms      = []
         @locked_gems    = nil
+        @locked_platforms = []
+        @most_specific_locked_platform = nil
+        @platforms      = []
         @locked_deps    = {}
         @locked_specs   = SpecSet.new([])
+        @originally_locked_deps = {}
+        @originally_locked_specs = @locked_specs
         @locked_sources = []
-        @locked_platforms = []
+        @locked_checksums = Bundler.feature_flag.lockfile_checksums?
+      end
+      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+      @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
+      if @multisource_allowed
+        unless sources.aggregate_global_source?
+          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+          Bundler::SharedHelpers.major_deprecation 2, msg
+        end
+        @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
       end
-      @unlock[:gems] ||= []
-      @unlock[:sources] ||= []
+      @sources_to_unlock = @unlock.delete(:sources) || []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
         @ruby_version.diff(locked_ruby_version_object)
       end
       @unlocking ||= @unlock[:ruby] ||= (!@locked_ruby_version ^ !@ruby_version)
-      add_current_platform unless Bundler.frozen_bundle?
+      @current_platform_missing = add_current_platform unless Bundler.frozen_bundle?
       converge_path_sources_to_gemspec_sources
       @path_changes = converge_paths
       @source_changes = converge_sources
-      unless @unlock[:lock_shared_dependencies]
-        eager_unlock = expand_dependencies(@unlock[:gems], true)
-        @unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
+      @explicit_unlocks = @unlock.delete(:gems) || []
+      if @unlock[:conservative]
+        @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
+      else
+        eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
+        @gems_to_unlock = @locked_specs.for(eager_unlock, platforms).map(&:name).uniq
       end
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
-      @requires = compute_requires
+      check_lockfile
     end
     def gem_version_promoter
-      @gem_version_promoter ||= begin
-        locked_specs =
-          if unlocking? && @locked_specs.empty? && !@lockfile_contents.empty?
-            # Definition uses an empty set of locked_specs to indicate all gems
-            # are unlocked, but GemVersionPromoter needs the locked_specs
-            # for conservative comparison.
-            Bundler::SpecSet.new(@locked_gems.specs)
-          else
-            @locked_specs
-          end
-        GemVersionPromoter.new(locked_specs, @unlock[:gems])
+      @gem_version_promoter ||= GemVersionPromoter.new
+    end
+    def check!
+      # If dependencies have changed, we need to resolve remotely. Otherwise,
+      # since we'll be resolving with a single local source, we may end up
+      # locking gems under the wrong source in the lockfile, and missing lockfile
+      # checksums
+      resolve_remotely! if @dependency_changes
+      # Now do a local only resolve, to verify if any gems are missing locally
+      sources.local_only!
+      resolve
+    end
+    #
+    # Setup sources according to the given options and the state of the
+    # definition.
+    #
+    # @return [Boolean] Whether fetching remote information will be necessary or not
+    #
+    def setup_domain!(options = {})
+      prefer_local! if options[:"prefer-local"]
+      if options[:add_checksums] || (!options[:local] && install_needed?)
+        remotely!
+        true
+      else
+        Bundler.settings.set_command_option(:jobs, 1) unless install_needed? # to avoid the overhead of Bundler::Worker
+        with_cache!
+        false
       end
     end
     def resolve_with_cache!
-      raise "Specs already loaded" if @specs
+      with_cache!
+      resolve
+    end
+    def with_cache!
+      sources.local!
       sources.cached!
-      specs
     end
     def resolve_remotely!
-      raise "Specs already loaded" if @specs
-      @remote = true
+      remotely!
+      resolve
+    end
+    def remotely!
+      sources.cached!
       sources.remote!
-      specs
+    end
+    def prefer_local!
+      @prefer_local = true
     end
     # For given dependency list returns a SpecSet with Gemspec of all the required
@@ -165,25 +229,7 @@ module Bundler
     #
     # @return [Bundler::SpecSet]
     def specs
-      @specs ||= begin
-        begin
-          specs = resolve.materialize(Bundler.settings[:cache_all_platforms] ? dependencies : requested_dependencies)
-        rescue GemNotFound => e # Handle yanked gem
-          gem_name, gem_version = extract_gem_info(e)
-          locked_gem = @locked_specs[gem_name].last
-          raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote
-          raise GemNotFound, "Your bundle is locked to #{locked_gem}, but that version could not " \
-                             "be found in any of the sources listed in your Gemfile. If you haven't changed sources, " \
-                             "that means the author of #{locked_gem} has removed it. You'll need to update your bundle " \
-                             "to a version other than #{locked_gem} that hasn't been removed in order to install."
-        end
-        unless specs["bundler"].any?
-          bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
-          specs["bundler"] = bundler
-        end
-        specs
-      end
+      @specs ||= materialize(requested_dependencies)
     end
     def new_specs
@@ -194,14 +240,8 @@ module Bundler
       @locked_specs - specs
     end
-    def new_platform?
-      @new_platform
-    end
     def missing_specs
-      missing = []
-      resolve.materialize(requested_dependencies, missing)
-      missing
+      resolve.missing_specs_for(requested_dependencies)
     end
     def missing_specs?
@@ -210,31 +250,64 @@ module Bundler
       Bundler.ui.debug "The definition is missing #{missing.map(&:full_name)}"
       true
     rescue BundlerError => e
-      @index = nil
       @resolve = nil
+      @resolver = nil
+      @resolution_packages = nil
+      @source_requirements = nil
       @specs = nil
-      @gem_version_promoter = nil
       Bundler.ui.debug "The definition is missing dependencies, failed to resolve & materialize locally (#{e})"
       true
     end
     def requested_specs
-      @requested_specs ||= begin
-        groups = requested_groups
-        groups.map!(&:to_sym)
-        specs_for(groups)
-      end
+      specs_for(requested_groups)
+    end
+    def requested_dependencies
+      dependencies_for(requested_groups)
     end
     def current_dependencies
-      dependencies.select(&:should_include?)
+      filter_relevant(dependencies)
+    end
+    def current_locked_dependencies
+      filter_relevant(locked_dependencies)
+    end
+    def filter_relevant(dependencies)
+      platforms_array = [generic_local_platform].freeze
+      dependencies.select do |d|
+        d.should_include? && !d.gem_platforms(platforms_array).empty?
+      end
+    end
+    def locked_dependencies
+      @locked_deps.values
+    end
+    def new_deps
+      @new_deps ||= @dependencies - locked_dependencies
+    end
+    def deleted_deps
+      @deleted_deps ||= locked_dependencies - @dependencies
     end
     def specs_for(groups)
-      deps = dependencies.select {|d| (d.groups & groups).any? }
-      deps.delete_if {|d| !d.should_include? }
-      specs.for(expand_dependencies(deps))
+      return specs if groups.empty?
+      deps = dependencies_for(groups)
+      materialize(deps)
+    end
+    def dependencies_for(groups)
+      groups.map!(&:to_sym)
+      deps = current_dependencies # always returns a new array
+      deps.select! do |d|
+        d.groups.intersect?(groups)
+      end
+      deps
     end
     # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -243,124 +316,60 @@ module Bundler
     #
     # @return [SpecSet] resolved dependencies
     def resolve
-      @resolve ||= begin
-        last_resolve = converge_locked_specs
-        resolve =
-          if Bundler.frozen_bundle?
-            Bundler.ui.debug "Frozen, using resolution from the lockfile"
-            last_resolve
-          elsif !unlocking? && nothing_changed?
-            Bundler.ui.debug("Found no changes, using resolution from the lockfile")
-            last_resolve
+      @resolve ||= if Bundler.frozen_bundle?
+        Bundler.ui.debug "Frozen, using resolution from the lockfile"
+        @locked_specs
+      elsif no_resolve_needed?
+        if deleted_deps.any?
+          Bundler.ui.debug "Some dependencies were deleted, using a subset of the resolution from the lockfile"
+          SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
+        else
+          Bundler.ui.debug "Found no changes, using resolution from the lockfile"
+          if @removed_platform || @locked_gems.may_include_redundant_platform_specific_gems?
+            SpecSet.new(filter_specs(@locked_specs, @dependencies))
           else
-            # Run a resolve against the locally available gems
-            Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-            last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+            @locked_specs
           end
-        # filter out gems that _can_ be installed on multiple platforms, but don't need
-        # to be
-        resolve.for(expand_dependencies(dependencies, true), [], false, false, false)
-      end
-    end
-    def index
-      @index ||= Index.build do |idx|
-        dependency_names = @dependencies.map(&:name)
-        sources.all_sources.each do |source|
-          source.dependency_names = dependency_names - pinned_spec_names(source)
-          idx.add_source source.specs
-          dependency_names.concat(source.unmet_deps).uniq!
         end
-        double_check_for_index(idx, dependency_names)
-      end
-    end
-    # Suppose the gem Foo depends on the gem Bar.  Foo exists in Source A.  Bar has some versions that exist in both
-    # sources A and B.  At this point, the API request will have found all the versions of Bar in source A,
-    # but will not have found any versions of Bar from source B, which is a problem if the requested version
-    # of Foo specifically depends on a version of Bar that is only found in source B. This ensures that for
-    # each spec we found, we add all possible versions from all sources to the index.
-    def double_check_for_index(idx, dependency_names)
-      pinned_names = pinned_spec_names
-      loop do
-        idxcount = idx.size
-        names = :names # do this so we only have to traverse to get dependency_names from the index once
-        unmet_dependency_names = lambda do
-          return names unless names == :names
-          new_names = sources.all_sources.map(&:dependency_names_to_double_check)
-          return names = nil if new_names.compact!
-          names = new_names.flatten(1).concat(dependency_names)
-          names.uniq!
-          names -= pinned_names
-          names
-        end
-        sources.all_sources.each do |source|
-          source.double_check_for(unmet_dependency_names)
+      else
+        if lockfile_exists?
+          Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
+        else
+          Bundler.ui.debug "Resolving dependencies because there's no lockfile"
         end
-        break if idxcount == idx.size
+        start_resolution
       end
     end
-    private :double_check_for_index
-    def has_rubygems_remotes?
-      sources.rubygems_sources.any? {|s| s.remotes.any? }
-    end
-    def has_local_dependencies?
-      !sources.path_sources.empty? || !sources.git_sources.empty?
-    end
     def spec_git_paths
-      sources.git_sources.map {|s| s.path.to_s }
+      sources.git_sources.filter_map {|s| File.realpath(s.path) if File.exist?(s.path) }
     end
     def groups
-      dependencies.map(&:groups).flatten.uniq
+      dependencies.flat_map(&:groups).uniq
     end
-    def lock(file, preserve_unknown_sections = false)
-      contents = to_lock
-      # Convert to \r\n if the existing lock has them
-      # i.e., Windows with `git config core.autocrlf=true`
-      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match("\r\n")
-      if @locked_bundler_version
-        locked_major = @locked_bundler_version.segments.first
-        current_major = Gem::Version.create(Bundler::VERSION).segments.first
+    def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
+      if [true, false, nil].include?(file_or_preserve_unknown_sections)
+        target_lockfile = lockfile
+        preserve_unknown_sections = file_or_preserve_unknown_sections
+      else
+        target_lockfile = file_or_preserve_unknown_sections
+        preserve_unknown_sections = preserve_unknown_sections_or_unused
-        if updating_major = locked_major < current_major
-          Bundler.ui.warn "Warning: the lockfile is being updated to Bundler #{current_major}, " \
-                          "after which you will be unable to return to Bundler #{@locked_bundler_version.segments.first}."
+        suggestion = if target_lockfile == lockfile
+          "To fix this warning, remove it from the `Definition#lock` call."
+        else
+          "Instead, instantiate a new definition passing `#{target_lockfile}`, and call `lock` without a file argument on that definition"
         end
-      end
-      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
-      return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
-      if Bundler.frozen_bundle?
-        Bundler.ui.error "Cannot write a changed lockfile while frozen."
-        return
-      end
-      SharedHelpers.filesystem_access(file) do |p|
-        File.open(p, "wb") {|f| f.puts(contents) }
-      end
-    end
+        msg = "`Definition#lock` was passed a target file argument. #{suggestion}"
-    def locked_bundler_version
-      if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION)
-        new_version = Bundler::VERSION
+        Bundler::SharedHelpers.major_deprecation 2, msg
       end
-      new_version || @locked_bundler_version || Bundler::VERSION
+      write_lock(target_lockfile, preserve_unknown_sections)
     end
     def locked_ruby_version
@@ -384,28 +393,19 @@ module Bundler
       end
     end
+    def bundler_version_to_lock
+      @resolved_bundler_version || Bundler.gem_version
+    end
     def to_lock
-      require "bundler/lockfile_generator"
+      require_relative "lockfile_generator"
       LockfileGenerator.generate(self)
     end
     def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
-      msg = String.new
-      msg << "You are trying to install in deployment mode after changing\n" \
-             "your Gemfile. Run `bundle install` elsewhere and add the\n" \
-             "updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control."
+      return unless Bundler.frozen_bundle?
-      unless explicit_flag
-        suggested_command = if Bundler.settings.locations("frozen")[:global]
-          "bundle config --delete frozen"
-        elsif Bundler.settings.locations("deployment").keys.&([:global, :local]).any?
-          "bundle config --delete deployment"
-        else
-          "bundle install --no-deployment"
-        end
-        msg << "\n\nIf this is a development machine, remove the #{Bundler.default_gemfile} " \
-               "freeze \nby running `#{suggested_command}`."
-      end
+      raise ProductionError, "Frozen mode is set, but there's no lockfile" unless lockfile_exists?
       added =   []
       deleted = []
@@ -416,52 +416,40 @@ module Bundler
       added.concat new_platforms.map {|p| "* platform: #{p}" }
       deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
-      gemfile_sources = sources.lock_sources
-      new_sources = gemfile_sources - @locked_sources
-      deleted_sources = @locked_sources - gemfile_sources
-      new_deps = @dependencies - @locked_deps.values
-      deleted_deps = @locked_deps.values - @dependencies
-      # Check if it is possible that the source is only changed thing
-      if (new_deps.empty? && deleted_deps.empty?) && (!new_sources.empty? && !deleted_sources.empty?)
-        new_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-        deleted_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-      end
-      if @locked_sources != gemfile_sources
-        if new_sources.any?
-          added.concat new_sources.map {|source| "* source: #{source}" }
-        end
-        if deleted_sources.any?
-          deleted.concat deleted_sources.map {|source| "* source: #{source}" }
-        end
-      end
       added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      if deleted_deps.any?
-        deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" }
-      end
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
       both_sources = Hash.new {|h, k| h[k] = [] }
-      @dependencies.each {|d| both_sources[d.name][0] = d }
-      @locked_deps.each  {|name, d| both_sources[name][1] = d.source }
+      current_dependencies.each {|d| both_sources[d.name][0] = d }
+      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
+        gemfile_source = dep.source || default_source
+        lock_source = lock_dep.source || default_source
+        next if lock_source.include?(gemfile_source)
-      both_sources.each do |name, (dep, lock_source)|
-        next unless (dep.nil? && !lock_source.nil?) || (!dep.nil? && !lock_source.nil? && !lock_source.can_lock?(dep))
-        gemfile_source_name = (dep && dep.source) || "no specified source"
-        lockfile_source_name = lock_source || "no specified source"
-        changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
+        gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
       end
-      reason = change_reason
-      msg << "\n\n#{reason.split(", ").map(&:capitalize).join("\n")}" unless reason.strip.empty?
+      reason = nothing_changed? ? "some dependencies were deleted from your gemfile" : change_reason
+      msg = String.new
+      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n"
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n"
+      unless explicit_flag
+        suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
+          "bundle config set frozen false"
+        end
+        msg << "If this is a development machine, remove the #{SharedHelpers.relative_lockfile_path} " \
+               "freeze by running `#{suggested_command}`." if suggested_command
+      end
       raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed?
     end
@@ -497,78 +485,324 @@ module Bundler
     end
     def validate_platforms!
-      return if @platforms.any? do |bundle_platform|
-        Bundler.rubygems.platforms.any? do |local_platform|
-          MatchPlatform.platforms_match?(bundle_platform, local_platform)
-        end
-      end
+      return if current_platform_locked?
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
-        "but your local platforms are #{Bundler.rubygems.platforms.map(&:to_s)}, and " \
-        "there's no compatible match between those two lists."
+        "but your local platform is #{local_platform}. " \
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
+    end
+    def normalize_platforms
+      @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
+      @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
     end
     def add_platform(platform)
-      @new_platform ||= !@platforms.include?(platform)
-      @platforms |= [platform]
+      return if @platforms.include?(platform)
+      @new_platforms << platform
+      @platforms << platform
     end
     def remove_platform(platform)
-      return if @platforms.delete(Gem::Platform.new(platform))
+      removed_platform = @platforms.delete(Gem::Platform.new(platform))
+      @removed_platform ||= removed_platform
+      return if removed_platform
       raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}"
     end
-    def add_current_platform
-      current_platform = Bundler.local_platform
-      add_platform(current_platform) if Bundler.feature_flag.specific_platform?
-      add_platform(generic(current_platform))
+    def nothing_changed?
+      !something_changed?
     end
-    def find_resolved_spec(current_spec)
-      specs.find_by_name_and_platform(current_spec.name, current_spec.platform)
+    def no_resolve_needed?
+      !resolve_needed?
     end
-    def find_indexed_specs(current_spec)
-      index[current_spec.name].select {|spec| spec.match_platform(current_spec.platform) }.sort_by(&:version)
+    def unlocking?
+      @unlocking
     end
-    attr_reader :sources
-    private :sources
+    attr_writer :source_requirements
-    def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
+    def add_checksums
+      @locked_checksums = true
+      setup_domain!(add_checksums: true)
+      specs # force materialization to real specifications, so that checksums are fetched
     end
-    def unlocking?
-      @unlocking
+    private
+    def install_needed?
+      resolve_needed? || missing_specs?
     end
-  private
+    def something_changed?
+      return true unless lockfile_exists?
-    def change_reason
-      if unlocking?
-        unlock_reason = @unlock.reject {|_k, v| Array(v).empty? }.map do |k, v|
-          if v == true
-            k.to_s
+      @source_changes ||
+        @dependency_changes ||
+        @current_platform_missing ||
+        @new_platforms.any? ||
+        @path_changes ||
+        @local_changes ||
+        @missing_lockfile_dep ||
+        @unlocking_bundler ||
+        @locked_spec_with_missing_deps ||
+        @locked_spec_with_invalid_deps
+    end
+    def resolve_needed?
+      unlocking? || something_changed?
+    end
+    def should_add_extra_platforms?
+      !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
+    end
+    def lockfile_exists?
+      lockfile && File.exist?(lockfile)
+    end
+    def write_lock(file, preserve_unknown_sections)
+      return if Definition.no_lock || file.nil?
+      contents = to_lock
+      # Convert to \r\n if the existing lock has them
+      # i.e., Windows with `git config core.autocrlf=true`
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
+      if @locked_bundler_version
+        locked_major = @locked_bundler_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
+        updating_major = locked_major < current_major
+      end
+      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+      if File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
+      if Bundler.frozen_bundle?
+        Bundler.ui.error "Cannot write a changed lockfile while frozen."
+        return
+      end
+      SharedHelpers.filesystem_access(file) do |p|
+        File.open(p, "wb") {|f| f.puts(contents) }
+      end
+    end
+    def resolver
+      @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
+    end
+    def expanded_dependencies
+      dependencies_with_bundler + metadata_dependencies
+    end
+    def dependencies_with_bundler
+      return dependencies unless @unlocking_bundler
+      return dependencies if dependencies.any? {|d| d.name == "bundler" }
+      [Dependency.new("bundler", @unlocking_bundler)] + dependencies
+    end
+    def resolution_packages
+      @resolution_packages ||= begin
+        last_resolve = converge_locked_specs
+        remove_invalid_platforms!
+        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local)
+        packages = additional_base_requirements_to_prevent_downgrades(packages, last_resolve)
+        packages = additional_base_requirements_to_force_updates(packages)
+        packages
+      end
+    end
+    def filter_specs(specs, deps, skips: [])
+      SpecSet.new(specs).for(deps, platforms, skips: skips)
+    end
+    def materialize(dependencies)
+      # Tracks potential endless loops trying to re-resolve.
+      # TODO: Remove as dead code if not reports are received in a while
+      incorrect_spec = nil
+      specs = begin
+        resolve.materialize(dependencies)
+      rescue IncorrectLockfileDependencies => e
+        spec = e.spec
+        raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
+        incorrect_spec = spec
+        reresolve_without([spec])
+        retry
+      end
+      missing_specs = resolve.missing_specs
+      if missing_specs.any?
+        missing_specs.each do |s|
+          locked_gem = @locked_specs[s.name].last
+          next if locked_gem.nil? || locked_gem.version != s.version || sources.local_mode?
+          message = if sources.implicit_global_source?
+            "Because your Gemfile specifies no global remote source, your bundle is locked to " \
+            "#{locked_gem} from #{locked_gem.source}. However, #{locked_gem} is not installed. You'll " \
+            "need to either add a global remote source to your Gemfile or make sure #{locked_gem} is " \
+            "available locally before rerunning Bundler."
           else
-            v = Array(v)
-            "#{k}: (#{v.join(", ")})"
+            "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
+            "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
+            "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
+            "removed in order to install."
           end
-        end.join(", ")
+          raise GemNotFound, message
+        end
+        missing_specs_list = missing_specs.group_by(&:source).map do |source, missing_specs_for_source|
+          "#{missing_specs_for_source.map(&:full_name).join(", ")} in #{source}"
+        end
+        raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}"
+      end
+      partially_missing_specs = resolve.partially_missing_specs
+      if partially_missing_specs.any? && !sources.local_mode?
+        Bundler.ui.warn "Some locked specs have possibly been yanked (#{partially_missing_specs.map(&:full_name).join(", ")}). Ignoring them..."
+        resolve.delete(partially_missing_specs)
+      end
+      incomplete_specs = resolve.incomplete_specs
+      loop do
+        break if incomplete_specs.empty?
+        Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies")
+        sources.remote!
+        reresolve_without(incomplete_specs)
+        specs = resolve.materialize(dependencies)
+        still_incomplete_specs = resolve.incomplete_specs
+        if still_incomplete_specs == incomplete_specs
+          package = resolution_packages.get_package(incomplete_specs.first.name)
+          resolver.raise_not_found! package
+        end
+        incomplete_specs = still_incomplete_specs
+      end
+      insecurely_materialized_specs = resolve.insecurely_materialized_specs
+      if insecurely_materialized_specs.any?
+        Bundler.ui.warn "The following platform specific gems are getting installed, yet the lockfile includes only their generic ruby version:\n" \
+                        " * #{insecurely_materialized_specs.map(&:full_name).join("\n * ")}\n" \
+                        "Please run `bundle lock --normalize-platforms` and commit the resulting lockfile.\n" \
+                        "Alternatively, you may run `bundle lock --add-platform <list-of-platforms-that-you-want-to-support>`"
+      end
+      bundler = sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
+      specs["bundler"] = bundler
+      specs
+    end
+    def reresolve_without(incomplete_specs)
+      resolution_packages.delete(incomplete_specs)
+      @resolve = start_resolution
+    end
+    def start_resolution
+      local_platform_needed_for_resolvability = @most_specific_non_local_locked_ruby_platform && !@platforms.include?(local_platform)
+      @platforms << local_platform if local_platform_needed_for_resolvability
+      add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
+      result = SpecSet.new(resolver.start)
+      @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+      if @most_specific_non_local_locked_ruby_platform
+        if spec_set_incomplete_for_platform?(result, @most_specific_non_local_locked_ruby_platform)
+          @platforms.delete(@most_specific_non_local_locked_ruby_platform)
+        elsif local_platform_needed_for_resolvability
+          @platforms.delete(local_platform)
+        end
+      end
+      @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
+      SpecSet.new(result.for(dependencies, @platforms | [Gem::Platform::RUBY]))
+    end
+    def precompute_source_requirements_for_indirect_dependencies?
+      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
+    end
+    def current_platform_locked?
+      @platforms.any? do |bundle_platform|
+        MatchPlatform.platforms_match?(bundle_platform, local_platform)
+      end
+    end
+    def add_current_platform
+      return if @platforms.include?(local_platform)
+      @most_specific_non_local_locked_ruby_platform = find_most_specific_locked_ruby_platform
+      return if @most_specific_non_local_locked_ruby_platform
+      @platforms << local_platform
+      true
+    end
+    def find_most_specific_locked_ruby_platform
+      return unless generic_local_platform_is_ruby? && current_platform_locked?
+      @most_specific_locked_platform
+    end
+    def change_reason
+      if unlocking?
+        unlock_targets = if @gems_to_unlock.any?
+          ["gems", @gems_to_unlock]
+        elsif @sources_to_unlock.any?
+          ["sources", @sources_to_unlock]
+        end
+        unlock_reason = if unlock_targets
+          "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+        else
+          @unlock[:ruby] ? "ruby" : ""
+        end
         return "bundler is unlocking #{unlock_reason}"
       end
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
-        [@new_platform, "you added a new platform to your gemfile"],
+        [@current_platform_missing, "your lockfile does not include the current platform"],
+        [@new_platforms.any?, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@locked_specs_incomplete_for_platform, "the lockfile does not have all gems needed for the current platform"],
+        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
+        [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
+        [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
     end
-    def pretty_dep(dep, source = false)
-      SharedHelpers.pretty_dependency(dep, source)
+    def pretty_dep(dep)
+      SharedHelpers.pretty_dependency(dep)
     end
     # Check if the specs of the given source changed
@@ -581,17 +815,16 @@ module Bundler
     def dependencies_for_source_changed?(source, locked_source = source)
       deps_for_source = @dependencies.select {|s| s.source == source }
-      locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
+      locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
-      Set.new(deps_for_source) != Set.new(locked_deps_for_source)
+      deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
     def specs_for_source_changed?(source)
       locked_index = Index.new
       locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
-      # order here matters, since Index#== is checking source.specs.include?(locked_index)
-      locked_index != source.specs
+      !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
       Bundler.ui.debug "Assuming that #{source} has not changed since fetching its specs errored (#{e})"
       false
@@ -605,9 +838,9 @@ module Bundler
       Bundler.settings.local_overrides.map do |k, v|
         spec   = @dependencies.find {|s| s.name == k }
-        source = spec && spec.source
-        if source && source.respond_to?(:local_override!)
-          source.unlock! if @unlock[:gems].include?(spec.name)
+        source = spec&.source
+        if source&.respond_to?(:local_override!)
+          source.unlock! if @gems_to_unlock.include?(spec.name)
           locals << [source, source.local_override!(v)]
         end
       end
@@ -615,7 +848,40 @@ module Bundler
       sources_with_changes = locals.select do |source, changed|
         changed || specs_changed?(source)
       end.map(&:first)
-      !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
+      !sources_with_changes.each {|source| @sources_to_unlock << source.name }.empty?
+    end
+    def check_lockfile
+      @missing_lockfile_dep = nil
+      @locked_spec_with_invalid_deps = nil
+      @locked_spec_with_missing_deps = nil
+      missing = []
+      invalid = []
+      @locked_specs.each do |s|
+        validation = @locked_specs.validate_deps(s)
+        missing << s if validation == :missing
+        invalid << s if validation == :invalid
+      end
+      if missing.any?
+        @locked_specs.delete(missing)
+        @locked_spec_with_missing_deps = missing.first.name
+      elsif !@dependency_changes
+        @missing_lockfile_dep = current_dependencies.find do |d|
+          @locked_specs[d.name].empty? && d.name != "bundler"
+        end&.name
+      end
+      if invalid.any?
+        @locked_specs.delete(invalid)
+        @locked_spec_with_invalid_deps = invalid.first.name
+      end
     end
     def converge_paths
@@ -642,44 +908,24 @@ module Bundler
       end
     end
-    def converge_rubygems_sources
-      return false if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
-      changes = false
-      # Get the RubyGems sources from the Gemfile.lock
-      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      # Get the RubyGems remotes from the Gemfile
-      actual_remotes = sources.rubygems_remotes
-      # If there is a RubyGems source in both
-      if !locked_gem_sources.empty? && !actual_remotes.empty?
-        locked_gem_sources.each do |locked_gem|
-          # Merge the remotes from the Gemfile into the Gemfile.lock
-          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
-        end
-      end
-      changes
-    end
     def converge_sources
-      changes = false
-      changes |= converge_rubygems_sources
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
       # source in the Gemfile.lock, use the one from the Gemfile.
-      changes |= sources.replace_sources!(@locked_sources)
+      changes = sources.replace_sources!(@locked_sources)
       sources.all_sources.each do |source|
+        # has to be done separately, because we want to keep the locked checksum
+        # store for a source, even when doing a full update
+        if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
+          source.checksum_store.merge!(locked_source.checksum_store)
+        end
         # If the source is unlockable and the current command allows an unlock of
         # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
         # gem), unlock it. For git sources, this means to unlock the revision, which
         # will cause the `ref` used to be the most recent for the branch (or master) if
         # an explicit `ref` is not used.
-        if source.respond_to?(:unlock!) && @unlock[:sources].include?(source.name)
+        if source.respond_to?(:unlock!) && @sources_to_unlock.include?(source.name)
           source.unlock!
           changes = true
         end
@@ -689,28 +935,14 @@ module Bundler
     end
     def converge_dependencies
-      frozen = Bundler.frozen_bundle?
-      (@dependencies + @locked_deps.values).each do |dep|
-        locked_source = @locked_deps[dep.name]
-        # This is to make sure that if bundler is installing in deployment mode and
-        # after locked_source and sources don't match, we still use locked_source.
-        if frozen && !locked_source.nil? &&
-            locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
-          dep.source = locked_source.source
-        elsif dep.source
+      changes = false
+      @dependencies.each do |dep|
+        if dep.source
           dep.source = sources.get(dep.source)
         end
-        if dep.source.is_a?(Source::Gemspec)
-          dep.platforms.concat(@platforms.map {|p| Dependency::REVERSE_PLATFORM_MAP[p] }.flatten(1)).uniq!
-        end
-      end
-      changes = false
-      # We want to know if all match, but don't want to check all entries
-      # This means we need to return false if any dependency doesn't match
-      # the lock or doesn't exist in the lock.
-      @dependencies.each do |dependency|
-        unless locked_dep = @locked_deps[dependency.name]
+        unless locked_dep = @originally_locked_deps[dep.name]
           changes = true
           next
         end
@@ -721,11 +953,11 @@ module Bundler
         # directive, the lockfile dependencies and resolved dependencies end up
         # with a mismatch on #type. Work around that by setting the type on the
         # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dependency.type)
+        locked_dep.instance_variable_set(:@type, dep.type)
         # We already know the name matches from the hash lookup
         # so we only need to check the requirement now
-        changes ||= dependency.requirement != locked_dep.requirement
+        changes ||= dep.requirement != locked_dep.requirement
       end
       changes
@@ -735,85 +967,11 @@ module Bundler
     # commonly happen if the Gemfile has changed since the lockfile was last
     # generated
     def converge_locked_specs
-      deps = []
-      # Build a list of dependencies that are the same in the Gemfile
-      # and Gemfile.lock. If the Gemfile modified a dependency, but
-      # the gem in the Gemfile.lock still satisfies it, this is fine
-      # too.
-      @dependencies.each do |dep|
-        locked_dep = @locked_deps[dep.name]
-        # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep
-        locked_dep = nil unless locked_dep == dep
-        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
-          deps << dep
-        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
-          @locked_specs.each do |s|
-            @unlock[:gems] << s.name if s.source == dep.source
-          end
-          dep.source.unlock! if dep.source.respond_to?(:unlock!)
-          dep.source.specs.each {|s| @unlock[:gems] << s.name }
-        end
-      end
-      unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
-      converged = []
-      @locked_specs.each do |s|
-        # Replace the locked dependency's source with the equivalent source from the Gemfile
-        dep = @dependencies.find {|d| s.satisfies?(d) }
-        s.source = (dep && dep.source) || sources.get(s.source)
-        # Don't add a spec to the list if its source is expired. For example,
-        # if you change a Git gem to RubyGems.
-        next if s.source.nil?
-        next if @unlock[:sources].include?(s.source.name)
-        # XXX This is a backwards-compatibility fix to preserve the ability to
-        # unlock a single gem by passing its name via `--source`. See issue #3759
-        # TODO: delete in Bundler 2
-        next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
-        # If the spec is from a path source and it doesn't exist anymore
-        # then we unlock it.
-        # Path sources have special logic
-        if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
-          other_sources_specs = begin
-            s.source.specs
-          rescue PathError, GitError
-            # if we won't need the source (according to the lockfile),
-            # don't error if the path/git source isn't available
-            next if @locked_specs.
-                    for(requested_dependencies, [], false, true, false).
-                    none? {|locked_spec| locked_spec.source == s.source }
-            raise
-          end
-          other = other_sources_specs[s].first
-          # If the spec is no longer in the path source, unlock it. This
-          # commonly happens if the version changed in the gemspec
-          next unless other
-          deps2 = other.dependencies.select {|d| d.type != :development }
-          runtime_dependencies = s.dependencies.select {|d| d.type != :development }
-          # If the dependencies of the path source have changed, unlock it
-          next unless runtime_dependencies.sort == deps2.sort
-        end
-        converged << s
-      end
+      converged = converge_specs(@locked_specs)
       resolve = SpecSet.new(converged)
-      expanded_deps = expand_dependencies(deps, true)
-      @locked_specs_incomplete_for_platform = !resolve.for(expanded_deps, @unlock[:gems], true, true)
-      resolve = resolve.for(expanded_deps, @unlock[:gems], false, false, false)
-      diff    = nil
+      diff = nil
       # Now, we unlock any sources that do not have anymore gems pinned to it
       sources.all_sources.each do |source|
@@ -828,125 +986,107 @@ module Bundler
       resolve
     end
-    def in_locked_deps?(dep, locked_dep)
-      # Because the lockfile can't link a dep to a specific remote, we need to
-      # treat sources as equivalent anytime the locked dep has all the remotes
-      # that the Gemfile dep does.
-      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
-    end
+    def converge_specs(specs)
+      converged = []
+      deps = []
-    def satisfies_locked_spec?(dep)
-      @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
-    end
+      specs.each do |s|
+        name = s.name
+        dep = @dependencies.find {|d| s.satisfies?(d) }
+        lockfile_source = s.source
-    # This list of dependencies is only used in #resolve, so it's OK to add
-    # the metadata dependencies here
-    def expanded_dependencies
-      @expanded_dependencies ||= begin
-        expand_dependencies(dependencies + metadata_dependencies, @remote)
-      end
-    end
+        if dep
+          gemfile_source = dep.source || default_source
-    def metadata_dependencies
-      @metadata_dependencies ||= begin
-        ruby_versions = concat_ruby_version_requirements(@ruby_version)
-        if ruby_versions.empty? || !@ruby_version.exact?
-          concat_ruby_version_requirements(RubyVersion.system)
-          concat_ruby_version_requirements(locked_ruby_version_object) unless @unlock[:ruby]
+          deps << dep if !dep.source || lockfile_source.include?(dep.source) || new_deps.include?(dep)
+          # Replace the locked dependency's source with the equivalent source from the Gemfile
+          s.source = gemfile_source
+        else
+          # Replace the locked dependency's source with the default source, if the locked source is no longer in the Gemfile
+          s.source = default_source unless sources.get(lockfile_source)
         end
-        [
-          Dependency.new("ruby\0", ruby_versions),
-          Dependency.new("rubygems\0", Gem::VERSION),
-        ]
-      end
-    end
-    def concat_ruby_version_requirements(ruby_version, ruby_versions = [])
-      return ruby_versions unless ruby_version
-      if ruby_version.patchlevel
-        ruby_versions << ruby_version.to_gem_version_with_patchlevel
-      else
-        ruby_versions.concat(ruby_version.versions.map do |version|
-          requirement = Gem::Requirement.new(version)
-          if requirement.exact?
-            "~> #{version}.0"
+        source = s.source
+        next if @sources_to_unlock.include?(source.name)
+        # Path sources have special logic
+        if source.instance_of?(Source::Path) || source.instance_of?(Source::Gemspec) || (source.instance_of?(Source::Git) && !@gems_to_unlock.include?(name) && deps.include?(dep))
+          new_spec = source.specs[s].first
+          if new_spec
+            s.runtime_dependencies.replace(new_spec.runtime_dependencies)
           else
-            requirement
+            # If the spec is no longer in the path source, unlock it. This
+            # commonly happens if the version changed in the gemspec
+            @gems_to_unlock << name
           end
-        end)
-      end
-    end
-    def expand_dependencies(dependencies, remote = false)
-      sorted_platforms = Resolver.sort_platforms(@platforms)
-      deps = []
-      dependencies.each do |dep|
-        dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name)
-        next if !remote && !dep.current_platform?
-        platforms = dep.gem_platforms(sorted_platforms)
-        if platforms.empty? && !Bundler.settings[:disable_platform_warnings]
-          mapped_platforms = dep.platforms.map {|p| Dependency::PLATFORM_MAP[p] }
-          Bundler.ui.warn \
-            "The dependency #{dep} will be unused by any of the platforms Bundler is installing for. " \
-            "Bundler is installing for #{@platforms.join ", "} but the dependency " \
-            "is only for #{mapped_platforms.join ", "}. " \
-            "To add those platforms to the bundle, " \
-            "run `bundle lock --add-platform #{mapped_platforms.join " "}`."
         end
-        platforms.each do |p|
-          deps << DepProxy.new(dep, p) if remote || p == generic_local_platform
+        if dep.nil? && requested_dep = requested_dependencies.find {|d| name == d.name }
+          @gems_to_unlock << name
+          deps << requested_dep
         end
+        converged << s
       end
-      deps
+      filter_specs(converged, deps, skips: @gems_to_unlock)
     end
-    def requested_dependencies
-      groups = requested_groups
-      groups.map!(&:to_sym)
-      dependencies.reject {|d| !d.should_include? || (d.groups & groups).empty? }
+    def metadata_dependencies
+      @metadata_dependencies ||= [
+        Dependency.new("Ruby\0", Bundler::RubyVersion.system.gem_version),
+        Dependency.new("RubyGems\0", Gem::VERSION),
+      ]
     end
     def source_requirements
-      # Load all specs from remote sources
-      index
+      @source_requirements ||= find_source_requirements
+    end
+    def find_source_requirements
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
-      default = sources.default_source
-      source_requirements = { :default => default }
-      default = nil unless Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
-      dependencies.each do |dep|
-        next unless source = dep.source || default
-        source_requirements[dep.name] = source
+      source_requirements = if precompute_source_requirements_for_indirect_dependencies?
+        all_requirements = source_map.all_requirements
+        { default: default_source }.merge(all_requirements)
+      else
+        { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
+      source_requirements.merge!(source_map.locked_requirements) if nothing_changed?
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+      default_bundler_source = source_requirements["bundler"] || default_source
+      if @unlocking_bundler
+        default_bundler_source.add_dependency_names("bundler")
+      else
+        source_requirements[:default_bundler] = default_bundler_source
+        source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+      end
       source_requirements
     end
-    def pinned_spec_names(skip = nil)
-      pinned_names = []
-      default = Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? && sources.default_source
-      @dependencies.each do |dep|
-        next unless dep_source = dep.source || default
-        next if dep_source == skip
-        pinned_names << dep.name
-      end
-      pinned_names
+    def default_source
+      sources.default_source
     end
     def requested_groups
-      groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
+      values = groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
+      values &= Bundler.settings[:only] unless Bundler.settings[:only].empty?
+      values
     end
     def lockfiles_equal?(current, proposed, preserve_unknown_sections)
       if preserve_unknown_sections
         sections_to_ignore = LockfileParser.sections_to_ignore(@locked_bundler_version)
         sections_to_ignore += LockfileParser.unknown_sections_in_lockfile(current)
-        sections_to_ignore += LockfileParser::ENVIRONMENT_VERSION_SECTIONS
+        sections_to_ignore << LockfileParser::RUBY
+        sections_to_ignore << LockfileParser::BUNDLED unless @unlocking_bundler
         pattern = /#{Regexp.union(sections_to_ignore)}\n(\s{2,}.*\n)+/
         whitespace_cleanup = /\n{2,}/
         current = current.gsub(pattern, "\n").gsub(whitespace_cleanup, "\n\n").strip
@@ -955,39 +1095,57 @@ module Bundler
       current == proposed
     end
-    def extract_gem_info(error)
-      # This method will extract the error message like "Could not find foo-1.2.3 in any of the sources"
-      # to an array. The first element will be the gem name (e.g. foo), the second will be the version number.
-      error.message.scan(/Could not find (\w+)-(\d+(?:\.\d+)+)/).flatten
+    def additional_base_requirements_to_prevent_downgrades(resolution_packages, last_resolve)
+      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+      converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
+        next if locked_spec.source.is_a?(Source::Path)
+        resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}")
+      end
+      resolution_packages
     end
-    def compute_requires
-      dependencies.reduce({}) do |requires, dep|
-        next requires unless dep.should_include?
-        requires[dep.name] = Array(dep.autorequire || dep.name).map do |file|
-          # Allow `require: true` as an alias for `require: <name>`
-          file == true ? dep.name : file
-        end
-        requires
+    def additional_base_requirements_to_force_updates(resolution_packages)
+      return resolution_packages if @explicit_unlocks.empty?
+      full_update = dup_for_full_unlock.resolve
+      @explicit_unlocks.each do |name|
+        version = full_update.version_for(name)
+        resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
+      resolution_packages
     end
-    def additional_base_requirements_for_resolve
-      return [] unless @locked_gems && Bundler.feature_flag.only_update_to_newer_versions?
-      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
-      @locked_gems.specs.reduce({}) do |requirements, locked_spec|
-        name = locked_spec.name
-        next requirements if @locked_gems.dependencies[name] != dependencies_by_name[name]
-        dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
-        requirements[name] = DepProxy.new(dep, locked_spec.platform)
-        requirements
-      end.values
+    def dup_for_full_unlock
+      unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
+      unlocked_definition.source_requirements = source_requirements
+      unlocked_definition.gem_version_promoter.tap do |gvp|
+        gvp.level = gem_version_promoter.level
+        gvp.strict = gem_version_promoter.strict
+        gvp.pre = gem_version_promoter.pre
+      end
+      unlocked_definition
     end
-    def equivalent_rubygems_remotes?(source)
-      return false unless source.is_a?(Source::Rubygems)
+    def remove_invalid_platforms!
+      return if Bundler.frozen_bundle?
+      platforms.reverse_each do |platform|
+        next if local_platform == platform ||
+                @new_platforms.include?(platform) ||
+                @path_changes ||
+                @dependency_changes ||
+                @locked_spec_with_invalid_deps ||
+                !spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
+        remove_platform(platform)
+      end
+    end
+    def spec_set_incomplete_for_platform?(spec_set, platform)
+      spec_set.incomplete_for_platform?(current_dependencies, platform)
+    end
-      Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
+    def source_map
+      @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
   end
 end