RubyGems - bundler - Versions diffs - 2.2.11 → 2.3.26 - Mend

bundler 2.2.11 → 2.3.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (211) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +721 -5
data/README.md +1 -1
data/bundler.gemspec +8 -11
data/exe/bundle +7 -8
data/exe/bundler +1 -1
data/lib/bundler/.document +1 -0
data/lib/bundler/build_metadata.rb +3 -3
data/lib/bundler/cli/cache.rb +1 -1
data/lib/bundler/cli/check.rb +4 -2
data/lib/bundler/cli/common.rb +17 -3
data/lib/bundler/cli/config.rb +10 -1
data/lib/bundler/cli/doctor.rb +24 -5
data/lib/bundler/cli/exec.rb +1 -6
data/lib/bundler/cli/gem.rb +130 -26
data/lib/bundler/cli/info.rb +27 -6
data/lib/bundler/cli/init.rb +5 -1
data/lib/bundler/cli/install.rb +23 -54
data/lib/bundler/cli/issue.rb +4 -3
data/lib/bundler/cli/list.rb +7 -1
data/lib/bundler/cli/lock.rb +5 -1
data/lib/bundler/cli/open.rb +1 -2
data/lib/bundler/cli/outdated.rb +22 -14
data/lib/bundler/cli/platform.rb +2 -2
data/lib/bundler/cli/remove.rb +1 -2
data/lib/bundler/cli/show.rb +1 -1
data/lib/bundler/cli/update.rb +17 -8
data/lib/bundler/cli.rb +51 -63
data/lib/bundler/compact_index_client/cache.rb +0 -9
data/lib/bundler/compact_index_client/updater.rb +26 -14
data/lib/bundler/compact_index_client.rb +2 -8
data/lib/bundler/current_ruby.rb +17 -6
data/lib/bundler/definition.rb +260 -362
data/lib/bundler/dependency.rb +23 -71
data/lib/bundler/digest.rb +71 -0
data/lib/bundler/dsl.rb +72 -76
data/lib/bundler/endpoint_specification.rb +19 -13
data/lib/bundler/env.rb +1 -1
data/lib/bundler/environment_preserver.rb +4 -1
data/lib/bundler/errors.rb +29 -3
data/lib/bundler/feature_flag.rb +0 -5
data/lib/bundler/fetcher/base.rb +6 -8
data/lib/bundler/fetcher/compact_index.rb +10 -15
data/lib/bundler/fetcher/downloader.rb +9 -6
data/lib/bundler/fetcher/index.rb +0 -27
data/lib/bundler/fetcher.rb +22 -23
data/lib/bundler/friendly_errors.rb +26 -36
data/lib/bundler/gem_helper.rb +21 -16
data/lib/bundler/gem_helpers.rb +9 -2
data/lib/bundler/gem_version_promoter.rb +14 -25
data/lib/bundler/index.rb +11 -46
data/lib/bundler/injector.rb +18 -4
data/lib/bundler/inline.rb +4 -13
data/lib/bundler/installer/gem_installer.rb +16 -21
data/lib/bundler/installer/parallel_installer.rb +36 -15
data/lib/bundler/installer/standalone.rb +42 -10
data/lib/bundler/installer.rb +25 -41
data/lib/bundler/lazy_specification.rb +52 -30
data/lib/bundler/lockfile_generator.rb +2 -2
data/lib/bundler/lockfile_parser.rb +18 -43
data/lib/bundler/man/bundle-add.1 +21 -5
data/lib/bundler/man/bundle-add.1.ronn +16 -4
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +7 -1
data/lib/bundler/man/bundle-cache.1.ronn +7 -0
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +2 -2
data/lib/bundler/man/bundle-clean.1.ronn +1 -1
data/lib/bundler/man/bundle-config.1 +49 -22
data/lib/bundler/man/bundle-config.1.ronn +49 -30
data/lib/bundler/man/bundle-console.1 +53 -0
data/lib/bundler/man/bundle-console.1.ronn +44 -0
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +2 -2
data/lib/bundler/man/bundle-exec.1.ronn +1 -1
data/lib/bundler/man/bundle-gem.1 +14 -1
data/lib/bundler/man/bundle-gem.1.ronn +16 -0
data/lib/bundler/man/bundle-help.1 +13 -0
data/lib/bundler/man/bundle-help.1.ronn +12 -0
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +5 -2
data/lib/bundler/man/bundle-inject.1.ronn +3 -1
data/lib/bundler/man/bundle-install.1 +6 -2
data/lib/bundler/man/bundle-install.1.ronn +8 -2
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +3 -10
data/lib/bundler/man/bundle-outdated.1.ronn +1 -10
data/lib/bundler/man/bundle-platform.1 +16 -6
data/lib/bundler/man/bundle-platform.1.ronn +14 -7
data/lib/bundler/man/bundle-plugin.1 +81 -0
data/lib/bundler/man/bundle-plugin.1.ronn +59 -0
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +5 -5
data/lib/bundler/man/bundle-update.1.ronn +5 -4
data/lib/bundler/man/bundle-version.1 +35 -0
data/lib/bundler/man/bundle-version.1.ronn +24 -0
data/lib/bundler/man/bundle-viz.1 +4 -1
data/lib/bundler/man/bundle-viz.1.ronn +2 -0
data/lib/bundler/man/bundle.1 +15 -10
data/lib/bundler/man/bundle.1.ronn +12 -7
data/lib/bundler/man/gemfile.5 +117 -80
data/lib/bundler/man/gemfile.5.ronn +105 -84
data/lib/bundler/man/index.txt +4 -0
data/lib/bundler/match_metadata.rb +13 -0
data/lib/bundler/match_platform.rb +0 -1
data/lib/bundler/match_remote_metadata.rb +29 -0
data/lib/bundler/plugin/api/source.rb +24 -8
data/lib/bundler/plugin/index.rb +4 -1
data/lib/bundler/plugin/installer/git.rb +0 -4
data/lib/bundler/plugin/installer/rubygems.rb +0 -4
data/lib/bundler/plugin/installer.rb +10 -10
data/lib/bundler/plugin/source_list.rb +4 -0
data/lib/bundler/plugin.rb +30 -8
data/lib/bundler/process_lock.rb +1 -1
data/lib/bundler/remote_specification.rb +10 -4
data/lib/bundler/resolver/base.rb +50 -0
data/lib/bundler/resolver/spec_group.rb +31 -73
data/lib/bundler/resolver.rb +193 -292
data/lib/bundler/retry.rb +1 -1
data/lib/bundler/ruby_dsl.rb +1 -1
data/lib/bundler/ruby_version.rb +5 -18
data/lib/bundler/rubygems_ext.rb +160 -26
data/lib/bundler/rubygems_gem_installer.rb +86 -9
data/lib/bundler/rubygems_integration.rb +46 -93
data/lib/bundler/runtime.rb +18 -12
data/lib/bundler/self_manager.rb +168 -0
data/lib/bundler/settings.rb +98 -22
data/lib/bundler/setup.rb +2 -2
data/lib/bundler/shared_helpers.rb +15 -31
data/lib/bundler/source/git/git_proxy.rb +8 -6
data/lib/bundler/source/git.rb +29 -13
data/lib/bundler/source/metadata.rb +3 -7
data/lib/bundler/source/path/installer.rb +1 -1
data/lib/bundler/source/path.rb +3 -1
data/lib/bundler/source/rubygems.rb +199 -182
data/lib/bundler/source/rubygems_aggregate.rb +68 -0
data/lib/bundler/source.rb +24 -4
data/lib/bundler/source_list.rb +104 -60
data/lib/bundler/source_map.rb +71 -0
data/lib/bundler/spec_set.rb +58 -52
data/lib/bundler/stub_specification.rb +13 -3
data/lib/bundler/templates/Executable +2 -4
data/lib/bundler/templates/Executable.bundler +8 -8
data/lib/bundler/templates/Executable.standalone +2 -4
data/lib/bundler/templates/Gemfile +0 -2
data/lib/bundler/templates/gems.rb +0 -3
data/lib/bundler/templates/newgem/Gemfile.tt +5 -2
data/lib/bundler/templates/newgem/README.md.tt +8 -12
data/lib/bundler/templates/newgem/Rakefile.tt +15 -2
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +16 -7
data/lib/bundler/templates/newgem/gitlab-ci.yml.tt +5 -4
data/lib/bundler/templates/newgem/newgem.gemspec.tt +19 -17
data/lib/bundler/templates/newgem/sig/newgem.rbs.tt +8 -0
data/lib/bundler/templates/newgem/standard.yml.tt +3 -0
data/lib/bundler/templates/newgem/test/minitest/{newgem_test.rb.tt → test_newgem.rb.tt} +1 -1
data/lib/bundler/ui/shell.rb +1 -1
data/lib/bundler/vendor/.document +1 -0
data/lib/bundler/vendor/connection_pool/LICENSE +20 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +19 -21
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +57 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +39 -74
data/lib/bundler/vendor/fileutils/LICENSE.txt +22 -0
data/lib/bundler/vendor/molinillo/LICENSE +9 -0
data/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +3 -3
data/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +32 -26
data/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +1 -1
data/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +1 -1
data/lib/bundler/vendor/net-http-persistent/README.rdoc +82 -0
data/lib/bundler/vendor/thor/LICENSE.md +20 -0
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +5 -5
data/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb +1 -2
data/lib/bundler/vendor/thor/lib/thor/actions.rb +6 -2
data/lib/bundler/vendor/thor/lib/thor/core_ext/hash_with_indifferent_access.rb +6 -0
data/lib/bundler/vendor/thor/lib/thor/error.rb +9 -4
data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +19 -1
data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +22 -4
data/lib/bundler/vendor/thor/lib/thor/shell.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/util.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
data/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +1 -1
data/lib/bundler/vendor/tsort/LICENSE.txt +22 -0
data/lib/bundler/vendor/tsort/lib/tsort.rb +452 -0
data/lib/bundler/vendor/uri/LICENSE.txt +22 -0
data/lib/bundler/vendor/uri/lib/uri/common.rb +17 -80
data/lib/bundler/vendor/uri/lib/uri/ftp.rb +0 -1
data/lib/bundler/vendor/uri/lib/uri/generic.rb +5 -6
data/lib/bundler/vendor/uri/lib/uri/http.rb +0 -1
data/lib/bundler/vendor/uri/lib/uri/https.rb +0 -1
data/lib/bundler/vendor/uri/lib/uri/ldap.rb +1 -1
data/lib/bundler/vendor/uri/lib/uri/mailto.rb +0 -1
data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +1 -14
data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +1 -12
data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/lib/bundler/vendor/uri/lib/uri/ws.rb +84 -0
data/lib/bundler/vendor/uri/lib/uri/wss.rb +22 -0
data/lib/bundler/vendor/uri/lib/uri.rb +0 -1
data/lib/bundler/vendored_tsort.rb +4 -0
data/lib/bundler/version.rb +1 -1
data/lib/bundler/worker.rb +19 -4
data/lib/bundler.rb +46 -39
metadata +39 -12
data/lib/bundler/dep_proxy.rb +0 -55
data/lib/bundler/gemdeps.rb +0 -29
data/lib/bundler/psyched_yaml.rb +0 -22
data/lib/bundler/vendor/connection_pool/lib/connection_pool/monotonic_time.rb +0 -66

data/lib/bundler/definition.rb CHANGED Viewed

@@ -6,6 +6,11 @@ module Bundler
   class Definition
     include GemHelpers
+    class << self
+      # Do not create or modify a lockfile (Makes #lock a noop)
+      attr_accessor :no_lock
+    end
     attr_reader(
       :dependencies,
       :locked_deps,
@@ -56,10 +61,8 @@ module Bundler
         @unlocking_bundler = false
         @unlocking = unlock
       else
-        unlock = unlock.dup
         @unlocking_bundler = unlock.delete(:bundler)
-        unlock.delete_if {|_k, v| Array(v).empty? }
-        @unlocking = !unlock.empty?
+        @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
       end
       @dependencies    = dependencies
@@ -67,6 +70,7 @@ module Bundler
       @unlock          = unlock
       @optional_groups = optional_groups
       @remote          = false
+      @prefer_local    = false
       @specs           = nil
       @ruby_version    = ruby_version
       @gemfiles        = gemfiles
@@ -75,7 +79,6 @@ module Bundler
       @lockfile_contents      = String.new
       @locked_bundler_version = nil
       @locked_ruby_version    = nil
-      @locked_specs_incomplete_for_platform = false
       @new_platform = nil
       if lockfile && File.exist?(lockfile)
@@ -85,10 +88,11 @@ module Bundler
         @platforms = @locked_platforms.dup
         @locked_bundler_version = @locked_gems.bundler_version
         @locked_ruby_version = @locked_gems.ruby_version
+        @originally_locked_specs = SpecSet.new(@locked_gems.specs)
         if unlock != true
           @locked_deps    = @locked_gems.dependencies
-          @locked_specs   = SpecSet.new(@locked_gems.specs)
+          @locked_specs   = @originally_locked_specs
           @locked_sources = @locked_gems.sources
         else
           @unlock         = {}
@@ -102,11 +106,24 @@ module Bundler
         @locked_gems    = nil
         @locked_deps    = {}
         @locked_specs   = SpecSet.new([])
+        @originally_locked_specs = @locked_specs
         @locked_sources = []
         @locked_platforms = []
       end
-      @unlock[:gems] ||= []
+      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+      @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
+      if @multisource_allowed
+        unless sources.aggregate_global_source?
+          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+          Bundler::SharedHelpers.major_deprecation 2, msg
+        end
+        @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
+      end
       @unlock[:sources] ||= []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
         @ruby_version.diff(locked_ruby_version_object)
@@ -119,9 +136,11 @@ module Bundler
       @path_changes = converge_paths
       @source_changes = converge_sources
-      unless @unlock[:lock_shared_dependencies]
-        eager_unlock = expand_dependencies(@unlock[:gems], true)
-        @unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name)
+      if @unlock[:conservative]
+        @unlock[:gems] ||= @dependencies.map(&:name)
+      else
+        eager_unlock = (@unlock[:gems] || []).map {|name| Dependency.new(name, ">= 0") }
+        @unlock[:gems] = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq
       end
       @dependency_changes = converge_dependencies
@@ -131,31 +150,31 @@ module Bundler
     end
     def gem_version_promoter
-      @gem_version_promoter ||= begin
-        locked_specs =
-          if unlocking? && @locked_specs.empty? && !@lockfile_contents.empty?
-            # Definition uses an empty set of locked_specs to indicate all gems
-            # are unlocked, but GemVersionPromoter needs the locked_specs
-            # for conservative comparison.
-            Bundler::SpecSet.new(@locked_gems.specs)
-          else
-            @locked_specs
-          end
-        GemVersionPromoter.new(locked_specs, @unlock[:gems])
-      end
+      @gem_version_promoter ||= GemVersionPromoter.new(@originally_locked_specs, @unlock[:gems])
+    end
+    def resolve_only_locally!
+      @remote = false
+      sources.local_only!
+      resolve
+    end
+    def resolve_prefering_local!
+      @prefer_local = true
+      @remote = true
+      sources.remote!
+      resolve
     end
     def resolve_with_cache!
-      raise "Specs already loaded" if @specs
       sources.cached!
-      specs
+      resolve
     end
     def resolve_remotely!
-      return if @specs
       @remote = true
       sources.remote!
-      specs
+      resolve
     end
     # For given dependency list returns a SpecSet with Gemspec of all the required
@@ -165,25 +184,7 @@ module Bundler
     #
     # @return [Bundler::SpecSet]
     def specs
-      @specs ||= begin
-        begin
-          specs = resolve.materialize(requested_dependencies)
-        rescue GemNotFound => e # Handle yanked gem
-          gem_name, gem_version = extract_gem_info(e)
-          locked_gem = @locked_specs[gem_name].last
-          raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote
-          raise GemNotFound, "Your bundle is locked to #{locked_gem}, but that version could not " \
-                             "be found in any of the sources listed in your Gemfile. If you haven't changed sources, " \
-                             "that means the author of #{locked_gem} has removed it. You'll need to update your bundle " \
-                             "to a version other than #{locked_gem} that hasn't been removed in order to install."
-        end
-        unless specs["bundler"].any?
-          bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
-          specs["bundler"] = bundler
-        end
-        specs
-      end
+      @specs ||= materialize(requested_dependencies)
     end
     def new_specs
@@ -195,9 +196,7 @@ module Bundler
     end
     def missing_specs
-      missing = []
-      resolve.materialize(requested_dependencies, missing)
-      missing
+      resolve.materialize(requested_dependencies).missing_specs
     end
     def missing_specs?
@@ -206,8 +205,8 @@ module Bundler
       Bundler.ui.debug "The definition is missing #{missing.map(&:full_name)}"
       true
     rescue BundlerError => e
-      @index = nil
       @resolve = nil
+      @resolver = nil
       @specs = nil
       @gem_version_promoter = nil
@@ -216,31 +215,39 @@ module Bundler
     end
     def requested_specs
-      @requested_specs ||= begin
-        groups = requested_groups
-        groups.map!(&:to_sym)
-        specs_for(groups)
-      end
+      specs_for(requested_groups)
     end
     def requested_dependencies
-      groups = requested_groups
-      groups.map!(&:to_sym)
-      dependencies_for(groups)
+      dependencies_for(requested_groups)
     end
     def current_dependencies
       dependencies.select do |d|
-        d.should_include? && !d.gem_platforms(@platforms).empty?
+        d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
       end
     end
+    def locked_dependencies
+      @locked_deps.values
+    end
+    def new_deps
+      @new_deps ||= @dependencies - locked_dependencies
+    end
+    def deleted_deps
+      @deleted_deps ||= locked_dependencies - @dependencies
+    end
     def specs_for(groups)
+      return specs if groups.empty?
       deps = dependencies_for(groups)
-      specs.for(expand_dependencies(deps))
+      materialize(deps)
     end
     def dependencies_for(groups)
+      groups.map!(&:to_sym)
       current_dependencies.reject do |d|
         (d.groups & groups).empty?
       end
@@ -252,70 +259,26 @@ module Bundler
     #
     # @return [SpecSet] resolved dependencies
     def resolve
-      @resolve ||= begin
-        last_resolve = converge_locked_specs
-        if Bundler.frozen_bundle?
-          Bundler.ui.debug "Frozen, using resolution from the lockfile"
-          last_resolve
-        elsif !unlocking? && nothing_changed?
-          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
-          last_resolve
+      @resolve ||= if Bundler.frozen_bundle?
+        Bundler.ui.debug "Frozen, using resolution from the lockfile"
+        @locked_specs
+      elsif !unlocking? && nothing_changed?
+        if deleted_deps.any?
+          Bundler.ui.debug("Some dependencies were deleted, using a subset of the resolution from the lockfile")
+          SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
         else
-          # Run a resolve against the locally available gems
-          Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
-          Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
-        end
-      end
-    end
-    def index
-      @index ||= Index.build do |idx|
-        dependency_names = @dependencies.map(&:name)
-        sources.all_sources.each do |source|
-          source.dependency_names = dependency_names - pinned_spec_names(source)
-          idx.add_source source.specs
-          dependency_names.concat(source.unmet_deps).uniq!
-        end
-        double_check_for_index(idx, dependency_names)
-      end
-    end
-    # Suppose the gem Foo depends on the gem Bar.  Foo exists in Source A.  Bar has some versions that exist in both
-    # sources A and B.  At this point, the API request will have found all the versions of Bar in source A,
-    # but will not have found any versions of Bar from source B, which is a problem if the requested version
-    # of Foo specifically depends on a version of Bar that is only found in source B. This ensures that for
-    # each spec we found, we add all possible versions from all sources to the index.
-    def double_check_for_index(idx, dependency_names)
-      pinned_names = pinned_spec_names
-      loop do
-        idxcount = idx.size
-        names = :names # do this so we only have to traverse to get dependency_names from the index once
-        unmet_dependency_names = lambda do
-          return names unless names == :names
-          new_names = sources.all_sources.map(&:dependency_names_to_double_check)
-          return names = nil if new_names.compact!
-          names = new_names.flatten(1).concat(dependency_names)
-          names.uniq!
-          names -= pinned_names
-          names
-        end
-        sources.all_sources.each do |source|
-          source.double_check_for(unmet_dependency_names)
+          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
+          if @locked_gems.may_include_redundant_platform_specific_gems?
+            SpecSet.new(filter_specs(@locked_specs, @dependencies))
+          else
+            @locked_specs
+          end
         end
-        break if idxcount == idx.size
+      else
+        Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
+        resolver.start(expanded_dependencies)
       end
     end
-    private :double_check_for_index
-    def has_rubygems_remotes?
-      sources.rubygems_sources.any? {|s| s.remotes.any? }
-    end
     def spec_git_paths
       sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
@@ -326,6 +289,8 @@ module Bundler
     end
     def lock(file, preserve_unknown_sections = false)
+      return if Definition.no_lock
       contents = to_lock
       # Convert to \r\n if the existing lock has them
@@ -336,10 +301,7 @@ module Bundler
         locked_major = @locked_bundler_version.segments.first
         current_major = Gem::Version.create(Bundler::VERSION).segments.first
-        if updating_major = locked_major < current_major
-          Bundler.ui.warn "Warning: the lockfile is being updated to Bundler #{current_major}, " \
-                          "after which you will be unable to return to Bundler #{@locked_bundler_version.segments.first}."
-        end
+        updating_major = locked_major < current_major
       end
       preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
@@ -356,14 +318,6 @@ module Bundler
       end
     end
-    def locked_bundler_version
-      if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION)
-        new_version = Bundler::VERSION
-      end
-      new_version || @locked_bundler_version || Bundler::VERSION
-    end
     def locked_ruby_version
       return unless ruby_version
       if @unlock[:ruby] || !@locked_ruby_version
@@ -403,7 +357,7 @@ module Bundler
           "bundle config unset deployment"
         end
         msg << "\n\nIf this is a development machine, remove the #{Bundler.default_gemfile} " \
-               "freeze \nby running `#{suggested_command}`."
+               "freeze \nby running `#{suggested_command}`." if suggested_command
       end
       added =   []
@@ -415,44 +369,28 @@ module Bundler
       added.concat new_platforms.map {|p| "* platform: #{p}" }
       deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
-      gemfile_sources = sources.lock_sources
-      new_sources = gemfile_sources - @locked_sources
-      deleted_sources = @locked_sources - gemfile_sources
-      new_deps = @dependencies - @locked_deps.values
-      deleted_deps = @locked_deps.values - @dependencies
+      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
-      # Check if it is possible that the source is only changed thing
-      if (new_deps.empty? && deleted_deps.empty?) && (!new_sources.empty? && !deleted_sources.empty?)
-        new_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-        deleted_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-      end
+      both_sources = Hash.new {|h, k| h[k] = [] }
+      @dependencies.each {|d| both_sources[d.name][0] = d }
-      if @locked_sources != gemfile_sources
-        if new_sources.any?
-          added.concat new_sources.map {|source| "* source: #{source}" }
-        end
+      locked_dependencies.each do |d|
+        next if !Bundler.feature_flag.bundler_3_mode? && @locked_specs[d.name].empty?
-        if deleted_sources.any?
-          deleted.concat deleted_sources.map {|source| "* source: #{source}" }
-        end
+        both_sources[d.name][1] = d
       end
-      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      if deleted_deps.any?
-        deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" }
-      end
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
-      both_sources = Hash.new {|h, k| h[k] = [] }
-      @dependencies.each {|d| both_sources[d.name][0] = d }
-      @locked_deps.each  {|name, d| both_sources[name][1] = d.source }
+        gemfile_source = dep.source || sources.default_source
+        lock_source = lock_dep.source || sources.default_source
+        next if lock_source.include?(gemfile_source)
-      both_sources.each do |name, (dep, lock_source)|
-        next if lock_source.nil? || (dep && lock_source.can_lock?(dep))
-        gemfile_source_name = (dep && dep.source) || "no specified source"
-        lockfile_source_name = lock_source
-        changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
+        gemfile_source_name = dep.source ? gemfile_source.identifier : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.identifier : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
       end
       reason = change_reason
@@ -500,7 +438,7 @@ module Bundler
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
         "but your local platform is #{Bundler.local_platform}. " \
-        "Add the current platform to the lockfile with `bundle lock --add-platform #{Bundler.local_platform}` and try again."
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{Bundler.local_platform}` and try again."
     end
     def add_platform(platform)
@@ -519,19 +457,11 @@ module Bundler
       end
     end
-    def find_resolved_spec(current_spec)
-      specs.find_by_name_and_platform(current_spec.name, current_spec.platform)
-    end
-    def find_indexed_specs(current_spec)
-      index[current_spec.name].select {|spec| spec.match_platform(current_spec.platform) }.sort_by(&:version)
-    end
     attr_reader :sources
     private :sources
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes
     end
     def unlocking?
@@ -540,8 +470,78 @@ module Bundler
     private
+    def resolver
+      @resolver ||= begin
+        last_resolve = converge_locked_specs
+        remove_ruby_from_platforms_if_necessary!(current_dependencies)
+        Resolver.new(source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve(last_resolve), platforms)
+      end
+    end
+    def expanded_dependencies
+      @expanded_dependencies ||= dependencies + metadata_dependencies
+    end
+    def filter_specs(specs, deps)
+      SpecSet.new(specs).for(deps, false, platforms)
+    end
+    def materialize(dependencies)
+      specs = resolve.materialize(dependencies)
+      missing_specs = specs.missing_specs
+      if missing_specs.any?
+        missing_specs.each do |s|
+          locked_gem = @locked_specs[s.name].last
+          next if locked_gem.nil? || locked_gem.version != s.version || !@remote
+          raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \
+                             "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \
+                             "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \
+                             "removed in order to install."
+        end
+        missing_specs_list = missing_specs.group_by(&:source).map do |source, missing_specs_for_source|
+          "#{missing_specs_for_source.map(&:full_name).join(", ")} in #{source}"
+        end
+        raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}"
+      end
+      loop do
+        incomplete_specs = specs.incomplete_specs
+        break if incomplete_specs.empty?
+        Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies")
+        @resolve = resolver.start(expanded_dependencies, :exclude_specs => incomplete_specs)
+        specs = resolve.materialize(dependencies)
+      end
+      bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last
+      specs["bundler"] = bundler
+      specs
+    end
+    def precompute_source_requirements_for_indirect_dependencies?
+      @remote && sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
+    end
+    def pin_locally_available_names(source_requirements)
+      source_requirements.each_with_object({}) do |(name, original_source), new_source_requirements|
+        local_source = original_source.dup
+        local_source.local_only!
+        new_source_requirements[name] = if local_source.specs.search(name).any?
+          local_source
+        else
+          original_source
+        end
+      end
+    end
     def current_ruby_platform_locked?
       return false unless generic_local_platform == Gem::Platform::RUBY
+      return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
       current_platform_locked?
     end
@@ -574,12 +574,11 @@ module Bundler
         [@new_platform, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@locked_specs_incomplete_for_platform, "the lockfile does not have all gems needed for the current platform"],
       ].select(&:first).map(&:last).join(", ")
     end
-    def pretty_dep(dep, source = false)
-      SharedHelpers.pretty_dependency(dep, source)
+    def pretty_dep(dep)
+      SharedHelpers.pretty_dependency(dep)
     end
     # Check if the specs of the given source changed
@@ -592,9 +591,9 @@ module Bundler
     def dependencies_for_source_changed?(source, locked_source = source)
       deps_for_source = @dependencies.select {|s| s.source == source }
-      locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source }
+      locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
-      deps_for_source.sort != locked_deps_for_source.sort
+      deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
     def specs_for_source_changed?(source)
@@ -653,36 +652,11 @@ module Bundler
       end
     end
-    def converge_rubygems_sources
-      return false if Bundler.feature_flag.disable_multisource?
-      changes = false
-      # Get the RubyGems sources from the Gemfile.lock
-      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      # Get the RubyGems remotes from the Gemfile
-      actual_remotes = sources.rubygems_remotes
-      # If there is a RubyGems source in both
-      if !locked_gem_sources.empty? && !actual_remotes.empty?
-        locked_gem_sources.each do |locked_gem|
-          # Merge the remotes from the Gemfile into the Gemfile.lock
-          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
-        end
-      end
-      changes
-    end
     def converge_sources
-      changes = false
-      changes |= converge_rubygems_sources
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
       # source in the Gemfile.lock, use the one from the Gemfile.
-      changes |= sources.replace_sources!(@locked_sources)
+      changes = sources.replace_sources!(@locked_sources)
       sources.all_sources.each do |source|
         # If the source is unlockable and the current command allows an unlock of
@@ -700,25 +674,14 @@ module Bundler
     end
     def converge_dependencies
-      frozen = Bundler.frozen_bundle?
-      (@dependencies + @locked_deps.values).each do |dep|
-        locked_source = @locked_deps[dep.name]
-        # This is to make sure that if bundler is installing in deployment mode and
-        # after locked_source and sources don't match, we still use locked_source.
-        if frozen && !locked_source.nil? &&
-            locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
-          dep.source = locked_source.source
-        elsif dep.source
+      changes = false
+      @dependencies.each do |dep|
+        if dep.source
           dep.source = sources.get(dep.source)
         end
-      end
-      changes = false
-      # We want to know if all match, but don't want to check all entries
-      # This means we need to return false if any dependency doesn't match
-      # the lock or doesn't exist in the lock.
-      @dependencies.each do |dependency|
-        unless locked_dep = @locked_deps[dependency.name]
+        unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
         end
@@ -729,11 +692,11 @@ module Bundler
         # directive, the lockfile dependencies and resolved dependencies end up
         # with a mismatch on #type. Work around that by setting the type on the
         # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dependency.type)
+        locked_dep.instance_variable_set(:@type, dep.type)
         # We already know the name matches from the hash lookup
         # so we only need to check the requirement now
-        changes ||= dependency.requirement != locked_dep.requirement
+        changes ||= dep.requirement != locked_dep.requirement
       end
       changes
@@ -743,50 +706,50 @@ module Bundler
     # commonly happen if the Gemfile has changed since the lockfile was last
     # generated
     def converge_locked_specs
-      deps = []
+      converged = converge_specs(@locked_specs)
-      # Build a list of dependencies that are the same in the Gemfile
-      # and Gemfile.lock. If the Gemfile modified a dependency, but
-      # the gem in the Gemfile.lock still satisfies it, this is fine
-      # too.
-      @dependencies.each do |dep|
-        locked_dep = @locked_deps[dep.name]
+      resolve = SpecSet.new(converged.reject {|s| @unlock[:gems].include?(s.name) })
-        # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep
-        locked_dep = nil unless locked_dep == dep
+      diff = nil
-        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
-          deps << dep
-        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
-          @locked_specs.each do |s|
-            @unlock[:gems] << s.name if s.source == dep.source
-          end
+      # Now, we unlock any sources that do not have anymore gems pinned to it
+      sources.all_sources.each do |source|
+        next unless source.respond_to?(:unlock!)
-          dep.source.unlock! if dep.source.respond_to?(:unlock!)
-          dep.source.specs.each {|s| @unlock[:gems] << s.name }
+        unless resolve.any? {|s| s.source == source }
+          diff ||= @locked_specs.to_a - resolve.to_a
+          source.unlock! if diff.any? {|s| s.source == source }
         end
       end
-      unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec?
+      resolve
+    end
+    def converge_specs(specs)
       converged = []
-      @locked_specs.each do |s|
-        # Replace the locked dependency's source with the equivalent source from the Gemfile
+      deps = @dependencies.select do |dep|
+        specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+      end
+      @specs_that_changed_sources = []
+      specs.each do |s|
         dep = @dependencies.find {|d| s.satisfies?(d) }
-        s.source = (dep && dep.source) || sources.get(s.source)
-        # Don't add a spec to the list if its source is expired. For example,
-        # if you change a Git gem to RubyGems.
-        next if s.source.nil?
-        next if @unlock[:sources].include?(s.source.name)
+        # Replace the locked dependency's source with the equivalent source from the Gemfile
+        s.source = if dep && dep.source
+          gemfile_source = dep.source
+          lockfile_source = s.source
-        # XXX This is a backwards-compatibility fix to preserve the ability to
-        # unlock a single gem by passing its name via `--source`. See issue #3759
-        # TODO: delete in Bundler 2
-        next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name)
+          @specs_that_changed_sources << s if gemfile_source != lockfile_source
-        # If the spec is from a path source and it doesn't exist anymore
-        # then we unlock it.
+          gemfile_source
+        else
+          sources.get_with_fallback(s.source)
+        end
+        next if @unlock[:sources].include?(s.source.name)
         # Path sources have special logic
         if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec)
@@ -795,8 +758,8 @@ module Bundler
           rescue PathError, GitError
             # if we won't need the source (according to the lockfile),
             # don't error if the path/git source isn't available
-            next if @locked_specs.
-                    for(requested_dependencies, [], false, true, false).
+            next if specs.
+                    for(requested_dependencies, false).
                     none? {|locked_spec| locked_spec.source == s.source }
             raise
@@ -811,116 +774,56 @@ module Bundler
           s.dependencies.replace(new_spec.dependencies)
         end
-        converged << s
-      end
-      resolve = SpecSet.new(converged)
-      @locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), @unlock[:gems], true, true)
-      resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems], false, false, false)
-      diff    = nil
-      # Now, we unlock any sources that do not have anymore gems pinned to it
-      sources.all_sources.each do |source|
-        next unless source.respond_to?(:unlock!)
-        unless resolve.any? {|s| s.source == source }
-          diff ||= @locked_specs.to_a - resolve.to_a
-          source.unlock! if diff.any? {|s| s.source == source }
+        if dep.nil? && requested_dependencies.find {|d| s.name == d.name }
+          @unlock[:gems] << s.name
+        else
+          converged << s
         end
       end
-      resolve
-    end
-    def in_locked_deps?(dep, locked_dep)
-      # Because the lockfile can't link a dep to a specific remote, we need to
-      # treat sources as equivalent anytime the locked dep has all the remotes
-      # that the Gemfile dep does.
-      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
-    end
-    def satisfies_locked_spec?(dep)
-      @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+      filter_specs(converged, deps)
     end
     def metadata_dependencies
-      @metadata_dependencies ||= begin
-        ruby_versions = ruby_version_requirements(@ruby_version)
-        [
-          Dependency.new("Ruby\0", ruby_versions),
-          Dependency.new("RubyGems\0", Gem::VERSION),
-        ]
-      end
-    end
-    def ruby_version_requirements(ruby_version)
-      return [] unless ruby_version
-      if ruby_version.patchlevel
-        [ruby_version.to_gem_version_with_patchlevel]
-      else
-        ruby_version.versions.map do |version|
-          requirement = Gem::Requirement.new(version)
-          if requirement.exact?
-            "~> #{version}.0"
-          else
-            requirement
-          end
-        end
-      end
-    end
-    def expand_dependencies(dependencies, remote = false)
-      deps = []
-      dependencies.each do |dep|
-        dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name)
-        next unless remote || dep.current_platform?
-        target_platforms = dep.gem_platforms(remote ? @platforms : [generic_local_platform])
-        deps += expand_dependency_with_platforms(dep, target_platforms)
-      end
-      deps
-    end
-    def expand_dependency_with_platforms(dep, platforms)
-      platforms.map do |p|
-        DepProxy.get_proxy(dep, p)
-      end
+      @metadata_dependencies ||= [
+        Dependency.new("Ruby\0", Gem.ruby_version),
+        Dependency.new("RubyGems\0", Gem::VERSION),
+      ]
     end
     def source_requirements
-      # Load all specs from remote sources
-      index
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
-      default = sources.default_source
-      source_requirements = { :default => default }
-      default = nil unless Bundler.feature_flag.disable_multisource?
-      dependencies.each do |dep|
-        next unless source = dep.source || default
-        source_requirements[dep.name] = source
+      source_requirements = if precompute_source_requirements_for_indirect_dependencies?
+        all_requirements = source_map.all_requirements
+        all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
+        { :default => sources.default_source }.merge(all_requirements)
+      else
+        { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
+      source_requirements.merge!(source_map.locked_requirements) unless @remote
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
+      source_requirements[:default_bundler] = source_requirements["bundler"] || sources.default_source
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+      verify_changed_sources!
       source_requirements
     end
-    def pinned_spec_names(skip = nil)
-      pinned_names = []
-      default = Bundler.feature_flag.disable_multisource? && sources.default_source
-      @dependencies.each do |dep|
-        next unless dep_source = dep.source || default
-        next if dep_source == skip
-        pinned_names << dep.name
+    def verify_changed_sources!
+      @specs_that_changed_sources.each do |s|
+        if s.source.specs.search(s.name).empty?
+          raise GemNotFound, "Could not find gem '#{s.name}' in #{s.source}"
+        end
       end
-      pinned_names
     end
     def requested_groups
-      groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
+      values = groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with]
+      values &= Bundler.settings[:only] unless Bundler.settings[:only].empty?
+      values
     end
     def lockfiles_equal?(current, proposed, preserve_unknown_sections)
@@ -936,12 +839,6 @@ module Bundler
       current == proposed
     end
-    def extract_gem_info(error)
-      # This method will extract the error message like "Could not find foo-1.2.3 in any of the sources"
-      # to an array. The first element will be the gem name (e.g. foo), the second will be the version number.
-      error.message.scan(/Could not find (\w+)-(\d+(?:\.\d+)+)/).flatten
-    end
     def compute_requires
       dependencies.reduce({}) do |requires, dep|
         next requires unless dep.should_include?
@@ -953,25 +850,26 @@ module Bundler
       end
     end
-    def additional_base_requirements_for_resolve
-      return [] unless @locked_gems && Bundler.feature_flag.only_update_to_newer_versions?
-      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
-      @locked_gems.specs.reduce({}) do |requirements, locked_spec|
-        name = locked_spec.name
-        dependency = dependencies_by_name[name]
-        next requirements unless dependency
-        next requirements if @locked_gems.dependencies[name] != dependency
-        next requirements if dependency.source.is_a?(Source::Path)
-        dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
-        requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
-        requirements
-      end.values
+    def additional_base_requirements_for_resolve(last_resolve)
+      return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
+      converge_specs(@originally_locked_specs - last_resolve).map do |locked_spec|
+        Dependency.new(locked_spec.name, ">= #{locked_spec.version}")
+      end.uniq
     end
-    def equivalent_rubygems_remotes?(source)
-      return false unless source.is_a?(Source::Rubygems)
+    def remove_ruby_from_platforms_if_necessary!(dependencies)
+      return if Bundler.frozen_bundle? ||
+                Bundler.local_platform == Gem::Platform::RUBY ||
+                !platforms.include?(Gem::Platform::RUBY) ||
+                (@new_platform && platforms.last == Gem::Platform::RUBY) ||
+                !@originally_locked_specs.incomplete_ruby_specs?(dependencies)
+      remove_platform(Gem::Platform::RUBY)
+      add_current_platform
+    end
-      Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
+    def source_map
+      @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
   end
 end