bundler 2.2.3 → 2.3.5

data/lib/bundler/installer.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "rubygems/dependency_installer"
 require_relative "worker"
 require_relative "installer/parallel_installer"
 require_relative "installer/standalone"
@@ -82,7 +81,6 @@ module Bundler
 
         if resolve_if_needed(options)
           ensure_specs_are_compatible!
-          warn_on_incompatible_bundler_deps
           load_plugins
           options.delete(:jobs)
         else
@@ -90,6 +88,8 @@ module Bundler
         end
         install(options)
 
+        Gem::Specification.reset # invalidate gem specification cache so that installed gems are immediately available
+
         lock unless Bundler.frozen_bundle?
         Standalone.new(options[:standalone], @definition).generate if options[:standalone]
       end
@@ -134,7 +134,7 @@ module Bundler
           next
         end
 
-        mode = Bundler::WINDOWS ? "wb:UTF-8" : "w"
+        mode = Gem.win_platform? ? "wb:UTF-8" : "w"
         require "erb"
         content = if RUBY_VERSION >= "2.6"
           ERB.new(template, :trim_mode => "-").result(binding)
@@ -143,7 +143,7 @@ module Bundler
         end
 
         File.write(binstub_path, content, :mode => mode, :perm => 0o777 & ~File.umask)
-        if Bundler::WINDOWS || options[:all_platforms]
+        if Gem.win_platform? || options[:all_platforms]
           prefix = "@ruby -x \"%~f0\" %*\n@exit /b %ERRORLEVEL%\n\n"
           File.write("#{binstub_path}.cmd", prefix + content, :mode => mode)
         end
@@ -181,7 +181,7 @@ module Bundler
         executable_path = Pathname(spec.full_gem_path).join(spec.bindir, executable).relative_path_from(bin_path)
         executable_path = executable_path
 
-        mode = Bundler::WINDOWS ? "wb:UTF-8" : "w"
+        mode = Gem.win_platform? ? "wb:UTF-8" : "w"
         require "erb"
         content = if RUBY_VERSION >= "2.6"
           ERB.new(template, :trim_mode => "-").result(binding)
@@ -190,7 +190,7 @@ module Bundler
         end
 
         File.write("#{bin_path}/#{executable}", content, :mode => mode, :perm => 0o755)
-        if Bundler::WINDOWS || options[:all_platforms]
+        if Gem.win_platform? || options[:all_platforms]
           prefix = "@ruby -x \"%~f0\" %*\n@exit /b %ERRORLEVEL%\n\n"
           File.write("#{bin_path}/#{executable}.cmd", prefix + content, :mode => mode)
         end
@@ -218,17 +218,7 @@ module Bundler
         return jobs
       end
 
-      # Parallelization has some issues on Windows, so it's not yet the default
-      return 1 if Gem.win_platform?
-
-      processor_count
-    end
-
-    def processor_count
-      require "etc"
-      Etc.nprocessors
-    rescue StandardError
-      1
+      Bundler.settings.processor_count
     end
 
     def load_plugins
@@ -249,7 +239,7 @@ module Bundler
 
     def ensure_specs_are_compatible!
       system_ruby = Bundler::RubyVersion.system
-      rubygems_version = Gem::Version.create(Gem::VERSION)
+      rubygems_version = Bundler.rubygems.version
       @definition.specs.each do |spec|
         if required_ruby_version = spec.required_ruby_version
           unless required_ruby_version.satisfied_by?(system_ruby.gem_version)
@@ -265,22 +255,6 @@ module Bundler
       end
     end
 
-    def warn_on_incompatible_bundler_deps
-      bundler_version = Gem::Version.create(Bundler::VERSION)
-      @definition.specs.each do |spec|
-        spec.dependencies.each do |dep|
-          next if dep.type == :development
-          next unless dep.name == "bundler".freeze
-          next if dep.requirement.satisfied_by?(bundler_version)
-
-          Bundler.ui.warn "#{spec.name} (#{spec.version}) has dependency" \
-            " #{SharedHelpers.pretty_dependency(dep)}" \
-            ", which is unsatisfied by the current bundler version #{VERSION}" \
-            ", so the dependency is being ignored"
-        end
-      end
-    end
-
     def install_in_parallel(size, standalone, force = false)
       spec_installations = ParallelInstaller.call(self, @definition.specs, size, standalone, force)
       spec_installations.each do |installation|

data/lib/bundler/lazy_specification.rb

@@ -4,22 +4,6 @@ require_relative "match_platform"
 
 module Bundler
   class LazySpecification
-    Identifier = Struct.new(:name, :version, :platform)
-    class Identifier
-      include Comparable
-      def <=>(other)
-        return unless other.is_a?(Identifier)
-        [name, version, platform_string] <=> [other.name, other.version, other.platform_string]
-      end
-
-      protected
-
-      def platform_string
-        platform_string = platform.to_s
-        platform_string == Index::RUBY ? Index::NULL : platform_string
-      end
-    end
-
     include MatchPlatform
 
     attr_reader :name, :version, :dependencies, :platform
@@ -54,8 +38,24 @@ module Bundler
       identifier.hash
     end
 
+    ##
+    # Does this locked specification satisfy +dependency+?
+    #
+    # NOTE: Rubygems default requirement is ">= 0", which doesn't match
+    # prereleases of 0 versions, like "0.0.0.dev" or "0.0.0.SNAPSHOT". However,
+    # bundler users expect those to work. We need to make sure that Gemfile
+    # dependencies without explicit requirements (which use ">= 0" under the
+    # hood by default) are still valid for locked specs using this kind of
+    # versions. The method implements an ad-hoc fix for that. A better solution
+    # might be to change default rubygems requirement of dependencies to be ">=
+    # 0.A" but that's a major refactoring likely to break things. Hopefully we
+    # can attempt it in the future.
+    #
+
     def satisfies?(dependency)
-      @name == dependency.name && dependency.requirement.satisfied_by?(Gem::Version.new(@version))
+      effective_requirement = dependency.requirement == Gem::Requirement.default ? Gem::Requirement.new(">= 0.A") : dependency.requirement
+
+      @name == dependency.name && effective_requirement.satisfied_by?(Gem::Version.new(@version))
     end
 
     def to_lock
@@ -89,7 +89,12 @@ module Bundler
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
-        search = same_platform_candidates.last || candidates.last
+        installable_candidates = same_platform_candidates.select do |spec|
+          spec.is_a?(StubSpecification) ||
+            (spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+              spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version))
+        end
+        search = installable_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end
@@ -108,7 +113,7 @@ module Bundler
     end
 
     def identifier
-      @__identifier ||= Identifier.new(name, version, platform)
+      @__identifier ||= [name, version, platform_string]
     end
 
     def git_version
@@ -116,6 +121,13 @@ module Bundler
       " #{source.revision[0..6]}"
     end
 
+    protected
+
+    def platform_string
+      platform_string = platform.to_s
+      platform_string == Index::RUBY ? Index::NULL : platform_string
+    end
+
     private
 
     def to_ary
@@ -140,7 +152,7 @@ module Bundler
     # explicitly add a more specific platform.
     #
     def ruby_platform_materializes_to_ruby_platform?
-      !Bundler.most_specific_locked_platform?(Gem::Platform::RUBY)
+      !Bundler.most_specific_locked_platform?(Gem::Platform::RUBY) || Bundler.settings[:force_ruby_platform]
     end
   end
 end

data/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,7 @@ module Bundler
     end
 
     def add_bundled_with
-      add_section("BUNDLED WITH", definition.locked_bundler_version.to_s)
+      add_section("BUNDLED WITH", Bundler::VERSION)
     end
 
     def add_section(name, value)

data/lib/bundler/lockfile_parser.rb

@@ -1,16 +1,5 @@
 # frozen_string_literal: true
 
-#--
-# Some versions of the Bundler 1.1 RC series introduced corrupted
-# lockfiles. There were two major problems:
-#
-# * multiple copies of the same GIT section appeared in the lockfile
-# * when this happened, those sections got multiple copies of gems
-#   in those sections.
-#
-# As a result, Bundler 1.1 contains code that fixes the earlier
-# corruption. We will remove this fix-up code in Bundler 1.2.
-
 module Bundler
   class LockfileParser
     attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
@@ -57,6 +46,16 @@ module Bundler
       attributes
     end
 
+    def self.bundled_with
+      lockfile = Bundler.default_lockfile
+      return unless lockfile.file?
+
+      lockfile_contents = Bundler.read_file(lockfile)
+      return unless lockfile_contents.include?(BUNDLED)
+
+      lockfile_contents.split(BUNDLED).last.strip
+    end
+
     def initialize(lockfile)
       @platforms    = []
       @sources      = []
@@ -64,8 +63,6 @@ module Bundler
       @state        = nil
       @specs        = {}
 
-      @rubygems_aggregate = Source::Rubygems.new
-
       if lockfile.match(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
         raise LockfileError, "Your #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} contains merge conflicts.\n" \
           "Run `git checkout HEAD -- #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` first to get a clean lock."
@@ -89,26 +86,13 @@ module Bundler
           send("parse_#{@state}", line)
         end
       end
-      @sources << @rubygems_aggregate unless Bundler.feature_flag.disable_multisource?
       @specs = @specs.values.sort_by(&:identifier)
-      warn_for_outdated_bundler_version
     rescue ArgumentError => e
       Bundler.ui.debug(e)
       raise LockfileError, "Your lockfile is unreadable. Run `rm #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` " \
         "and then `bundle install` to generate a new lockfile."
     end
 
-    def warn_for_outdated_bundler_version
-      return unless bundler_version
-      prerelease_text = bundler_version.prerelease? ? " --pre" : ""
-      current_version = Gem::Version.create(Bundler::VERSION)
-      return unless current_version < bundler_version
-      Bundler.ui.warn "Warning: the running version of Bundler (#{current_version}) is older " \
-           "than the version that created the lockfile (#{bundler_version}). We suggest you to " \
-           "upgrade to the version that created the lockfile by running `gem install " \
-           "bundler:#{bundler_version}#{prerelease_text}`.\n"
-    end
-
     private
 
     TYPES = {
@@ -127,23 +111,11 @@ module Bundler
           @sources << @current_source
         when GIT
           @current_source = TYPES[@type].from_lock(@opts)
-          # Strip out duplicate GIT sections
-          if @sources.include?(@current_source)
-            @current_source = @sources.find {|s| s == @current_source }
-          else
-            @sources << @current_source
-          end
+          @sources << @current_source
         when GEM
-          if Bundler.feature_flag.disable_multisource?
-            @opts["remotes"] = @opts.delete("remote")
-            @current_source = TYPES[@type].from_lock(@opts)
-            @sources << @current_source
-          else
-            Array(@opts["remote"]).each do |url|
-              @rubygems_aggregate.add_remote(url)
-            end
-            @current_source = @rubygems_aggregate
-          end
+          @opts["remotes"] = Array(@opts.delete("remote")).reverse
+          @current_source = TYPES[@type].from_lock(@opts)
+          @sources << @current_source
         when PLUGIN
           @current_source = Plugin.source_from_lock(@opts)
           @sources << @current_source
@@ -221,10 +193,9 @@ module Bundler
         platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
         @current_spec = LazySpecification.new(name, version, platform)
         @current_spec.source = @current_source
+        @current_source.add_dependency_names(name)
 
-        # Avoid introducing multiple copies of the same spec (caused by
-        # duplicate GIT sections)
-        @specs[@current_spec.identifier] ||= @current_spec
+        @specs[@current_spec.identifier] = @current_spec
       elsif spaces.size == 6
         version = version.split(",").map(&:strip) if version
         dep = Gem::Dependency.new(name, version)

data/{man → lib/bundler/man}/bundle-add.1

@@ -1,13 +1,13 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-ADD" "1" "November 2020" "" ""
+.TH "BUNDLE\-ADD" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .
 .SH "SYNOPSIS"
-\fBbundle add\fR \fIGEM_NAME\fR [\-\-group=GROUP] [\-\-version=VERSION] [\-\-source=SOURCE] [\-\-git=GIT] [\-\-branch=BRANCH] [\-\-skip\-install] [\-\-strict] [\-\-optimistic]
+\fBbundle add\fR \fIGEM_NAME\fR [\-\-group=GROUP] [\-\-version=VERSION] [\-\-source=SOURCE] [\-\-git=GIT] [\-\-github=GITHUB] [\-\-branch=BRANCH] [\-\-ref=REF] [\-\-skip\-install] [\-\-strict] [\-\-optimistic]
 .
 .SH "DESCRIPTION"
 Adds the named gem to the Gemfile and run \fBbundle install\fR\. \fBbundle install\fR can be avoided by using the flag \fB\-\-skip\-install\fR\.
@@ -49,10 +49,18 @@ Specify the source for the added gem\.
 Specify the git source for the added gem\.
 .
 .TP
+\fB\-\-github\fR
+Specify the github source for the added gem\.
+.
+.TP
 \fB\-\-branch\fR
 Specify the git branch for the added gem\.
 .
 .TP
+\fB\-\-ref\fR
+Specify the git ref for the added gem\.
+.
+.TP
 \fB\-\-skip\-install\fR
 Adds the gem to the Gemfile but does not install it\.
 .

data/lib/bundler/man/bundle-add.1.ronn

@@ -3,7 +3,7 @@ bundle-add(1) -- Add gem to the Gemfile and run bundle install
 
 ## SYNOPSIS
 
-`bundle add` <GEM_NAME> [--group=GROUP] [--version=VERSION] [--source=SOURCE] [--git=GIT] [--branch=BRANCH] [--skip-install] [--strict] [--optimistic]
+`bundle add` <GEM_NAME> [--group=GROUP] [--version=VERSION] [--source=SOURCE] [--git=GIT] [--github=GITHUB] [--branch=BRANCH] [--ref=REF] [--skip-install] [--strict] [--optimistic]
 
 ## DESCRIPTION
 Adds the named gem to the Gemfile and run `bundle install`. `bundle install` can be avoided by using the flag `--skip-install`.
@@ -33,9 +33,15 @@ bundle add rails --group "development, test"
 * `--git`:
   Specify the git source for the added gem.
 
+* `--github`:
+  Specify the github source for the added gem.
+
 * `--branch`:
   Specify the git branch for the added gem.
 
+* `--ref`:
+  Specify the git ref for the added gem.
+
 * `--skip-install`:
   Adds the gem to the Gemfile but does not install it.
 

data/{man → lib/bundler/man}/bundle-binstubs.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-BINSTUBS" "1" "November 2020" "" ""
+.TH "BUNDLE\-BINSTUBS" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems

data/{man → lib/bundler/man}/bundle-cache.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CACHE" "1" "November 2020" "" ""
+.TH "BUNDLE\-CACHE" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application

data/{man → lib/bundler/man}/bundle-check.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CHECK" "1" "November 2020" "" ""
+.TH "BUNDLE\-CHECK" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems

data/{man → lib/bundler/man}/bundle-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CLEAN" "1" "November 2020" "" ""
+.TH "BUNDLE\-CLEAN" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory

data/{man → lib/bundler/man}/bundle-config.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CONFIG" "1" "November 2020" "" ""
+.TH "BUNDLE\-CONFIG" "1" "December 2021" "" ""
 .
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
@@ -56,9 +56,6 @@ Executing \fBbundle config unset \-\-local <name> <value>\fR will delete the con
 .P
 Executing bundle with the \fBBUNDLE_IGNORE_CONFIG\fR environment variable set will cause it to ignore all configuration\.
 .
-.P
-Executing \fBbundle config set \-\-local disable_multisource true\fR upgrades the warning about the Gemfile containing multiple primary sources to an error\. Executing \fBbundle config unset disable_multisource\fR downgrades this error to a warning\.
-.
 .SH "REMEMBERING OPTIONS"
 Flags passed to \fBbundle install\fR or the Bundler runtime, such as \fB\-\-path foo\fR or \fB\-\-without production\fR, are remembered between commands and saved to your local application\'s configuration (normally, \fB\./\.bundle/config\fR)\.
 .
@@ -136,9 +133,6 @@ Any periods in the configuration keys must be replaced with two underscores when
 The following is a list of all configuration keys and their purpose\. You can learn more about their operation in bundle install(1) \fIbundle\-install\.1\.html\fR\.
 .
 .IP "\(bu" 4
-\fBallow_bundler_dependency_conflicts\fR (\fBBUNDLE_ALLOW_BUNDLER_DEPENDENCY_CONFLICTS\fR): Allow resolving to specifications that have dependencies on \fBbundler\fR that are incompatible with the running Bundler version\.
-.
-.IP "\(bu" 4
 \fBallow_deployment_source_credential_changes\fR (\fBBUNDLE_ALLOW_DEPLOYMENT_SOURCE_CREDENTIAL_CHANGES\fR): When in deployment mode, allow changing the credentials to a gem\'s source\. Ex: \fBhttps://some\.host\.com/gems/path/\fR \-> \fBhttps://user_name:password@some\.host\.com/gems/path\fR
 .
 .IP "\(bu" 4
@@ -184,7 +178,7 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBdisable_local_branch_check\fR (\fBBUNDLE_DISABLE_LOCAL_BRANCH_CHECK\fR): Allow Bundler to use a local git override without a branch specified in the Gemfile\.
 .
 .IP "\(bu" 4
-\fBdisable_multisource\fR (\fBBUNDLE_DISABLE_MULTISOURCE\fR): When set, Gemfiles containing multiple sources will produce errors instead of warnings\. Use \fBbundle config unset disable_multisource\fR to unset\.
+\fBdisable_local_revision_check\fR (\fBBUNDLE_DISABLE_LOCAL_REVISION_CHECK\fR): Allow Bundler to use a local git override without checking if the revision present in the lockfile is present in the repository\.
 .
 .IP "\(bu" 4
 \fBdisable_shared_gems\fR (\fBBUNDLE_DISABLE_SHARED_GEMS\fR): Stop Bundler from accessing gems installed to RubyGems\' normal location\.
@@ -199,6 +193,9 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBfrozen\fR (\fBBUNDLE_FROZEN\fR): Disallow changes to the \fBGemfile\fR\. When the \fBGemfile\fR is changed and the lockfile has not been updated, running Bundler commands will be blocked\. Defaults to \fBtrue\fR when \fB\-\-deployment\fR is used\.
 .
 .IP "\(bu" 4
+\fBgem\.github_username\fR (\fBBUNDLE_GEM__GITHUB_USERNAME\fR): Sets a GitHub username or organization to be used in \fBREADME\fR file when you create a new gem via \fBbundle gem\fR command\. It can be overridden by passing an explicit \fB\-\-github\-username\fR flag to \fBbundle gem\fR\.
+.
+.IP "\(bu" 4
 \fBgem\.push_key\fR (\fBBUNDLE_GEM__PUSH_KEY\fR): Sets the \fB\-\-key\fR parameter for \fBgem push\fR when using the \fBrake release\fR command with a private gemstash server\.
 .
 .IP "\(bu" 4
@@ -211,10 +208,10 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBignore_messages\fR (\fBBUNDLE_IGNORE_MESSAGES\fR): When set, no post install messages will be printed\. To silence a single gem, use dot notation like \fBignore_messages\.httparty true\fR\.
 .
 .IP "\(bu" 4
-\fBinit_gems_rb\fR (\fBBUNDLE_INIT_GEMS_RB\fR) Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init\fR\.
+\fBinit_gems_rb\fR (\fBBUNDLE_INIT_GEMS_RB\fR): Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init\fR\.
 .
 .IP "\(bu" 4
-\fBjobs\fR (\fBBUNDLE_JOBS\fR): The number of gems Bundler can install in parallel\. Defaults to 1\.
+\fBjobs\fR (\fBBUNDLE_JOBS\fR): The number of gems Bundler can install in parallel\. Defaults to the number of available processors\.
 .
 .IP "\(bu" 4
 \fBno_install\fR (\fBBUNDLE_NO_INSTALL\fR): Whether \fBbundle package\fR should skip installing gems\.
@@ -223,9 +220,6 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBno_prune\fR (\fBBUNDLE_NO_PRUNE\fR): Whether Bundler should leave outdated gems unpruned when caching\.
 .
 .IP "\(bu" 4
-\fBonly_update_to_newer_versions\fR (\fBBUNDLE_ONLY_UPDATE_TO_NEWER_VERSIONS\fR): During \fBbundle update\fR, only resolve to newer versions of the gems in the lockfile\.
-.
-.IP "\(bu" 4
 \fBpath\fR (\fBBUNDLE_PATH\fR): The location on disk where all gems in your bundle will be located regardless of \fB$GEM_HOME\fR or \fB$GEM_PATH\fR values\. Bundle gems not found in this location will be installed by \fBbundle install\fR\. Defaults to \fBGem\.dir\fR\. When \-\-deployment is used, defaults to vendor/bundle\.
 .
 .IP "\(bu" 4
@@ -241,7 +235,7 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBprefer_patch\fR (BUNDLE_PREFER_PATCH): Prefer updating only to next patch version during updates\. Makes \fBbundle update\fR calls equivalent to \fBbundler update \-\-patch\fR\.
 .
 .IP "\(bu" 4
-\fBprint_only_version_number\fR (\fBBUNDLE_PRINT_ONLY_VERSION_NUMBER\fR) Print only version number from \fBbundler \-\-version\fR\.
+\fBprint_only_version_number\fR (\fBBUNDLE_PRINT_ONLY_VERSION_NUMBER\fR): Print only version number from \fBbundler \-\-version\fR\.
 .
 .IP "\(bu" 4
 \fBredirect\fR (\fBBUNDLE_REDIRECT\fR): The number of redirects allowed for network requests\. Defaults to \fB5\fR\.
@@ -280,10 +274,7 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBtimeout\fR (\fBBUNDLE_TIMEOUT\fR): The seconds allowed before timing out for network requests\. Defaults to \fB10\fR\.
 .
 .IP "\(bu" 4
-\fBunlock_source_unlocks_spec\fR (\fBBUNDLE_UNLOCK_SOURCE_UNLOCKS_SPEC\fR): Whether running \fBbundle update \-\-source NAME\fR unlocks a gem with the given name\. Defaults to \fBtrue\fR\.
-.
-.IP "\(bu" 4
-\fBupdate_requires_all_flag\fR (\fBBUNDLE_UPDATE_REQUIRES_ALL_FLAG\fR) Require passing \fB\-\-all\fR to \fBbundle update\fR when everything should be updated, and disallow passing no options to \fBbundle update\fR\.
+\fBupdate_requires_all_flag\fR (\fBBUNDLE_UPDATE_REQUIRES_ALL_FLAG\fR): Require passing \fB\-\-all\fR to \fBbundle update\fR when everything should be updated, and disallow passing no options to \fBbundle update\fR\.
 .
 .IP "\(bu" 4
 \fBuser_agent\fR (\fBBUNDLE_USER_AGENT\fR): The custom user agent fragment Bundler includes in API requests\.
@@ -458,7 +449,7 @@ export BUNDLE_GITHUB__COM=username:password
 .IP "" 0
 .
 .P
-This is especially useful for private repositories on hosts such as Github, where you can use personal OAuth tokens:
+This is especially useful for private repositories on hosts such as GitHub, where you can use personal OAuth tokens:
 .
 .IP "" 4
 .
@@ -470,6 +461,23 @@ export BUNDLE_GITHUB__COM=abcd0123generatedtoken:x\-oauth\-basic
 .
 .IP "" 0
 .
+.P
+Note that any configured credentials will be redacted by informative commands such as \fBbundle config list\fR or \fBbundle config get\fR, unless you use the \fB\-\-parseable\fR flag\. This is to avoid unintentionally leaking credentials when copy\-pasting bundler output\.
+.
+.P
+Also note that to guarantee a sane mapping between valid environment variable names and valid host names, bundler makes the following transformations:
+.
+.IP "\(bu" 4
+Any \fB\-\fR characters in a host name are mapped to a triple dash (\fB___\fR) in the corresponding environment variable\.
+.
+.IP "\(bu" 4
+Any \fB\.\fR characters in a host name are mapped to a double dash (\fB__\fR) in the corresponding environment variable\.
+.
+.IP "" 0
+.
+.P
+This means that if you have a gem server named \fBmy\.gem\-host\.com\fR, you\'ll need to use the \fBBUNDLE_MY__GEM___HOST__COM\fR variable to configure credentials for it through ENV\.
+.
 .SH "CONFIGURE BUNDLER DIRECTORIES"
 Bundler\'s home, config, cache and plugin directories are able to be configured through environment variables\. The default location for Bundler\'s home directory is \fB~/\.bundle\fR, which all directories inherit from by default\. The following outlines the available environment variables and their default values
 .