bundler 2.3.14 → 2.3.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64817a3760b34f35e53aea5e788049373a97d786d75921aa67fbd6a676eb5bcb
-  data.tar.gz: 584ecd0d1b0a738a7de9e95f9cdbfef0ca3e8ac00f2a928fd5e23b4777b073e7
+  metadata.gz: 364d4bc2c2c1f342aa034417b9e30074317878931bf34e90ddf6c42d3ae539c2
+  data.tar.gz: dad782afd5246e703b67d004c7282a89132f0ebe699d8e8306387fb8db179193
 SHA512:
-  metadata.gz: 5397e12203b667c6870f7ee605c7ad2b43c31af5716c45c2376577cc5a2a2be93b1e48ae36eab6e23f7b49e1942a21d9e8c3c04d2ea8d18606fd3e4ea2b4f1ac
-  data.tar.gz: 1db7fcf817b82739a0b6867e532705fec37e82b571103b9e2b688374f208f4d5ce9e9daad3bdd0062abddfb9025190953535c100c3365c0b3109e993efdb1ea6
+  metadata.gz: 463cc7534f4164ae4d2e4c67d1ed57dcc9a40494c496f0b06e11ac8f2b3599ea0dbc74be8772a98abb2d09c119db2da8f1d85cde6bafe83319051de3e24a46f2
+  data.tar.gz: 61b997e77634dc3a7d812adb805f899bb8bbae48bd25aad2884906c818d21853e76fd0db8bfbd95ee79689c25567e346e9c468fbe1321768c2614518f0e78356

data/CHANGELOG.md

@@ -1,3 +1,49 @@
+# 2.3.17 (June 29, 2022)
+
+## Enhancements:
+
+  - Add support for platform `:x64_mingw` to correctly lookup "x64-mingw-ucrt" [#5649](https://github.com/rubygems/rubygems/pull/5649)
+  - Fix some errors being printed twice in `--verbose` mode [#5654](https://github.com/rubygems/rubygems/pull/5654)
+  - Fix extension paths in generated standalone script [#5632](https://github.com/rubygems/rubygems/pull/5632)
+
+## Bug fixes:
+
+  - Raise if ruby platform is forced and there are no ruby variants [#5495](https://github.com/rubygems/rubygems/pull/5495)
+  - Fix `bundle package --no-install` no longer skipping install [#5639](https://github.com/rubygems/rubygems/pull/5639)
+
+## Performance:
+
+  - Improve performance of `Bundler::SpecSet#for` by using hash lookup of handled deps [#5537](https://github.com/rubygems/rubygems/pull/5537)
+
+## Documentation:
+
+  - Fix formatting issue in `bundle add` man page [#5642](https://github.com/rubygems/rubygems/pull/5642)
+
+# 2.3.16 (June 15, 2022)
+
+## Performance:
+
+  - Improve performance of installing gems from gem server sources [#5614](https://github.com/rubygems/rubygems/pull/5614)
+
+# 2.3.15 (June 1, 2022)
+
+## Enhancements:
+
+  - Show better error when previous installation fails to be removed [#5564](https://github.com/rubygems/rubygems/pull/5564)
+  - Show exception cause in bug report template [#5563](https://github.com/rubygems/rubygems/pull/5563)
+
+## Bug fixes:
+
+  - Fix `bundle remove` by invalidating cached `Bundle.definition` [#5443](https://github.com/rubygems/rubygems/pull/5443)
+  - Fix generated standalone script when it includes default gems [#5586](https://github.com/rubygems/rubygems/pull/5586)
+  - Skip duplicated dependency warning for gemspec dev deps [#5587](https://github.com/rubygems/rubygems/pull/5587)
+  - Give better conflict resolution advice [#5581](https://github.com/rubygems/rubygems/pull/5581)
+  - Fix crash when commenting out a mirror in configuration [#5576](https://github.com/rubygems/rubygems/pull/5576)
+  - Fix crash when installing gems with symlinks [#5570](https://github.com/rubygems/rubygems/pull/5570)
+  - Ignore `Errno::EROFS` errors when creating `bundler.lock` [#5580](https://github.com/rubygems/rubygems/pull/5580)
+  - Ignore `Errno::EPERM` errors when creating `bundler.lock` [#5579](https://github.com/rubygems/rubygems/pull/5579)
+  - Fix crash when printing resolution conflicts on metadata requirements [#5562](https://github.com/rubygems/rubygems/pull/5562)
+
 # 2.3.14 (May 18, 2022)
 
 ## Bug fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2022-05-18".freeze
-    @git_commit_sha = "467ad58a7c".freeze
+    @built_at = "2022-06-29".freeze
+    @git_commit_sha = "539b20c172".freeze
     @release = true
     # end ivars
 

data/lib/bundler/current_ruby.rb

@@ -78,7 +78,7 @@ module Bundler
     end
 
     def x64_mingw?
-      Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os == "mingw32" && Bundler.local_platform.cpu == "x64"
+      Gem.win_platform? && Bundler.local_platform != Gem::Platform::RUBY && Bundler.local_platform.os.start_with?("mingw") && Bundler.local_platform.cpu == "x64"
     end
 
     (KNOWN_MINOR_VERSIONS + KNOWN_MAJOR_VERSIONS).each do |version|

data/lib/bundler/definition.rb

@@ -255,20 +255,18 @@ module Bundler
     #
     # @return [SpecSet] resolved dependencies
     def resolve
-      @resolve ||= begin
-        if Bundler.frozen_bundle?
-          Bundler.ui.debug "Frozen, using resolution from the lockfile"
-          @locked_specs
-        elsif !unlocking? && nothing_changed?
-          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
-          SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? }))
-        else
-          last_resolve = converge_locked_specs
-          # Run a resolve against the locally available gems
-          Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true)
-          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
-        end
+      @resolve ||= if Bundler.frozen_bundle?
+        Bundler.ui.debug "Frozen, using resolution from the lockfile"
+        @locked_specs
+      elsif !unlocking? && nothing_changed?
+        Bundler.ui.debug("Found no changes, using resolution from the lockfile")
+        SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? }))
+      else
+        last_resolve = converge_locked_specs
+        # Run a resolve against the locally available gems
+        Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
+        expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true)
+        Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
       end
     end
 
@@ -735,12 +733,10 @@ module Bundler
     end
 
     def metadata_dependencies
-      @metadata_dependencies ||= begin
-        [
-          Dependency.new("Ruby\0", RubyVersion.system.gem_version),
-          Dependency.new("RubyGems\0", Gem::VERSION),
-        ]
-      end
+      @metadata_dependencies ||= [
+        Dependency.new("Ruby\0", RubyVersion.system.gem_version),
+        Dependency.new("RubyGems\0", Gem::VERSION),
+      ]
     end
 
     def expand_dependencies(dependencies, remote = false)

data/lib/bundler/dependency.rb

@@ -9,6 +9,7 @@ module Bundler
     attr_reader :autorequire
     attr_reader :groups, :platforms, :gemfile, :git, :github, :branch, :ref
 
+    # rubocop:disable Naming/VariableNumber
     PLATFORM_MAP = {
       :ruby     => Gem::Platform::RUBY,
       :ruby_18  => Gem::Platform::RUBY,
@@ -91,6 +92,7 @@ module Bundler
       :x64_mingw_30 => Gem::Platform::X64_MINGW,
       :x64_mingw_31 => Gem::Platform::X64_MINGW,
     }.freeze
+    # rubocop:enable Naming/VariableNumber
 
     def initialize(name, version, options = {}, &blk)
       type = options["type"] || :runtime
@@ -120,7 +122,7 @@ module Bundler
     end
 
     def expanded_platforms
-      @expanded_platforms ||= @platforms.map {|pl| PLATFORM_MAP[pl] }.compact.uniq
+      @expanded_platforms ||= @platforms.map {|pl| PLATFORM_MAP[pl] }.compact.flatten.uniq
     end
 
     def should_include?

data/lib/bundler/dsl.rb

@@ -124,19 +124,17 @@ module Bundler
             raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
                             "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
                              "#{update_prompt}"
+          elsif current.source != dep.source
+            return if dep.type == :development
+            raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
+                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                            "#{current.source || "an unspecified source"} and #{dep.source}\n"
           else
             Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
                             "You should probably keep only one of them.\n" \
                             "Remove any duplicate entries and specify the gem only once.\n" \
                             "While it's not a problem now, it could cause errors if you change the version of one of them later."
           end
-
-          if current.source != dep.source
-            return if dep.type == :development
-            raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
-                            "#{current.source || "an unspecified source"} and #{dep.source}\n"
-          end
         end
       end
 
@@ -513,9 +511,7 @@ module Bundler
       #         be raised.
       #
       def contents
-        @contents ||= begin
-          dsl_path && File.exist?(dsl_path) && File.read(dsl_path)
-        end
+        @contents ||= dsl_path && File.exist?(dsl_path) && File.read(dsl_path)
       end
 
       # The message of the exception reports the content of podspec for the

data/lib/bundler/errors.rb

@@ -41,12 +41,14 @@ module Bundler
   class GemspecError < BundlerError; status_code(14); end
   class InvalidOption < BundlerError; status_code(15); end
   class ProductionError < BundlerError; status_code(16); end
+
   class HTTPError < BundlerError
     status_code(17)
     def filter_uri(uri)
       URICredentialsFilter.credential_filtered_uri(uri)
     end
   end
+
   class RubyVersionMismatch < BundlerError; status_code(18); end
   class SecurityError < BundlerError; status_code(19); end
   class LockfileError < BundlerError; status_code(20); end
@@ -79,10 +81,6 @@ module Bundler
       case @permission_type
       when :create
         "executable permissions for all parent directories and write permissions for `#{parent_folder}`"
-      when :delete
-        permissions = "executable permissions for all parent directories and write permissions for `#{parent_folder}`"
-        permissions += ", and the same thing for all subdirectories inside #{@path}" if File.directory?(@path)
-        permissions
       else
         "#{@permission_type} permissions for that path"
       end
@@ -172,4 +170,16 @@ module Bundler
 
     status_code(32)
   end
+
+  class DirectoryRemovalError < BundlerError
+    def initialize(orig_exception, msg)
+      full_message = "#{msg}.\n" \
+                     "The underlying error was #{orig_exception.class}: #{orig_exception.message}, with backtrace:\n" \
+                     "  #{orig_exception.backtrace.join("\n  ")}\n\n" \
+                     "Bundler Error Backtrace:"
+      super(full_message)
+    end
+
+    status_code(36)
+  end
 end

data/lib/bundler/fetcher/base.rb

@@ -19,14 +19,12 @@ module Bundler
       end
 
       def fetch_uri
-        @fetch_uri ||= begin
-          if remote_uri.host == "rubygems.org"
-            uri = remote_uri.dup
-            uri.host = "index.rubygems.org"
-            uri
-          else
-            remote_uri
-          end
+        @fetch_uri ||= if remote_uri.host == "rubygems.org"
+          uri = remote_uri.dup
+          uri.host = "index.rubygems.org"
+          uri
+        else
+          remote_uri
         end
       end
 

data/lib/bundler/fetcher.rb

@@ -20,6 +20,7 @@ module Bundler
     class TooManyRequestsError < HTTPError; end
     # This error is raised if the API returns a 413 (only printed in verbose)
     class FallbackError < HTTPError; end
+
     # This is the error raised if OpenSSL fails the cert verification
     class CertificateFailureError < HTTPError
       def initialize(remote_uri)
@@ -33,6 +34,7 @@ module Bundler
           " sources and change 'https' to 'http'."
       end
     end
+
     # This is the error raised when a source is HTTPS and OpenSSL didn't load
     class SSLError < HTTPError
       def initialize(msg = nil)
@@ -42,6 +44,7 @@ module Bundler
             "using RVM are available at rvm.io/packages/openssl."
       end
     end
+
     # This error is raised if HTTP authentication is required, but not provided.
     class AuthenticationRequiredError < HTTPError
       def initialize(remote_uri)
@@ -52,6 +55,7 @@ module Bundler
           "or by storing the credentials in the `#{Settings.key_for(remote_uri)}` environment variable"
       end
     end
+
     # This error is raised if HTTP authentication is provided, but incorrect.
     class BadAuthenticationError < HTTPError
       def initialize(remote_uri)

data/lib/bundler/friendly_errors.rb

@@ -29,8 +29,11 @@ module Bundler
         Bundler.ui.error error.message
         Bundler.ui.trace error.orig_exception
       when BundlerError
-        Bundler.ui.error error.message, :wrap => true
-        Bundler.ui.trace error
+        if Bundler.ui.debug?
+          Bundler.ui.trace error
+        else
+          Bundler.ui.error error.message, :wrap => true
+        end
       when Thor::Error
         Bundler.ui.error error.message
       when LoadError
@@ -65,8 +68,7 @@ module Bundler
         --- ERROR REPORT TEMPLATE -------------------------------------------------------
 
         ```
-        #{e.class}: #{e.message}
-          #{e.backtrace && e.backtrace.join("\n          ").chomp}
+        #{exception_message(e)}
         ```
 
         #{Bundler::Env.report}
@@ -85,6 +87,21 @@ module Bundler
       EOS
     end
 
+    def exception_message(error)
+      message = serialized_exception_for(error)
+      cause = error.cause
+      return message unless cause
+
+      message + serialized_exception_for(cause)
+    end
+
+    def serialized_exception_for(e)
+      <<-EOS.gsub(/^ {8}/, "")
+        #{e.class}: #{e.message}
+          #{e.backtrace && e.backtrace.join("\n          ").chomp}
+      EOS
+    end
+
     def issues_url(exception)
       message = exception.message.lines.first.tr(":", " ").chomp
       message = message.split("-").first if exception.is_a?(Errno)

data/lib/bundler/gem_helpers.rb

@@ -10,6 +10,7 @@ module Bundler
       [Gem::Platform.new("universal-mingw32"), Gem::Platform.new("universal-mingw32")],
       [Gem::Platform.new("x64-mingw32"), Gem::Platform.new("x64-mingw32")],
       [Gem::Platform.new("x86_64-mingw32"), Gem::Platform.new("x64-mingw32")],
+      [Gem::Platform.new("x64-mingw-ucrt"), Gem::Platform.new("x64-mingw-ucrt")],
       [Gem::Platform.new("mingw32"), Gem::Platform.new("x86-mingw32")],
     ].freeze
 

data/lib/bundler/index.rb

@@ -192,11 +192,7 @@ module Bundler
         specs += base if base
         found = specs.select do |spec|
           next true if spec.source.is_a?(Source::Gemspec)
-          if base # allow all platforms when searching from a lockfile
-            dependency.matches_spec?(spec)
-          else
-            dependency.matches_spec?(spec) && Gem::Platform.match_spec?(spec)
-          end
+          dependency.matches_spec?(spec)
         end
 
         found

data/lib/bundler/injector.rb

@@ -72,6 +72,10 @@ module Bundler
 
         deps.each {|dep| Bundler.ui.confirm "#{SharedHelpers.pretty_dependency(dep, false)} was removed." }
       end
+
+      # Invalidate the cached Bundler.definition.
+      # This prevents e.g. `bundle remove ...` from using outdated information.
+      Bundler.reset_paths!
     end
 
     private

data/lib/bundler/inline.rb

@@ -38,12 +38,7 @@ def gemfile(install = false, options = {}, &gemfile)
   raise ArgumentError, "Unknown options: #{opts.keys.join(", ")}" unless opts.empty?
 
   begin
-    old_root = Bundler.method(:root)
-    bundler_module = class << Bundler; self; end
-    bundler_module.send(:remove_method, :root)
-    def Bundler.root
-      Bundler::SharedHelpers.pwd.expand_path
-    end
+    Bundler.instance_variable_set(:@bundle_path, Pathname.new(Gem.dir))
     old_gemfile = ENV["BUNDLE_GEMFILE"]
     Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", "Gemfile"
 
@@ -71,11 +66,6 @@ def gemfile(install = false, options = {}, &gemfile)
       runtime.setup.require
     end
   ensure
-    if bundler_module
-      bundler_module.send(:remove_method, :root)
-      bundler_module.send(:define_method, :root, old_root)
-    end
-
     if old_gemfile
       ENV["BUNDLE_GEMFILE"] = old_gemfile
     else

data/lib/bundler/installer/standalone.rb

@@ -12,6 +12,7 @@ module Bundler
       end
       File.open File.join(bundler_path, "setup.rb"), "w" do |file|
         file.puts "require 'rbconfig'"
+        file.puts define_path_helpers
         file.puts reverse_rubygems_kernel_mixin
         paths.each do |path|
           if Pathname.new(path).absolute?
@@ -29,14 +30,20 @@ module Bundler
       @specs.map do |spec|
         next if spec.name == "bundler"
         Array(spec.require_paths).map do |path|
-          gem_path(path, spec).sub(version_dir, '#{RUBY_ENGINE}/#{RbConfig::CONFIG["ruby_version"]}')
+          gem_path(path, spec).
+            sub(version_dir, '#{RUBY_ENGINE}/#{Gem.ruby_api_version}').
+            sub(extensions_dir, 'extensions/\k<platform>/#{Gem.extension_api_version}')
           # This is a static string intentionally. It's interpolated at a later time.
         end
       end.flatten.compact
     end
 
     def version_dir
-      "#{RUBY_ENGINE}/#{RbConfig::CONFIG["ruby_version"]}"
+      "#{RUBY_ENGINE}/#{Gem.ruby_api_version}"
+    end
+
+    def extensions_dir
+      %r{extensions/(?<platform>[^/]+)/#{Regexp.escape(Gem.extension_api_version)}}
     end
 
     def bundler_path
@@ -55,6 +62,26 @@ module Bundler
       raise Gem::InvalidSpecificationException.new(error_message)
     end
 
+    def define_path_helpers
+      <<~'END'
+        unless defined?(Gem)
+          module Gem
+            def self.ruby_api_version
+              RbConfig::CONFIG["ruby_version"]
+            end
+
+            def self.extension_api_version
+              if 'no' == RbConfig::CONFIG['ENABLE_SHARED']
+                "#{ruby_api_version}-static"
+              else
+                ruby_api_version
+              end
+            end
+          end
+        end
+      END
+    end
+
     def reverse_rubygems_kernel_mixin
       <<~END
       kernel = (class << ::Kernel; self; end)

data/lib/bundler/installer.rb

@@ -66,7 +66,7 @@ module Bundler
     # require paths and save them in a `setup.rb` file. See `bundle standalone --help` for more
     # information.
     def run(options)
-      create_bundle_path
+      Bundler.create_bundle_path
 
       ProcessLock.lock do
         if Bundler.frozen_bundle?
@@ -262,15 +262,6 @@ module Bundler
       end
     end
 
-    def create_bundle_path
-      SharedHelpers.filesystem_access(Bundler.bundle_path.to_s) do |p|
-        Bundler.mkdir_p(p)
-      end unless Bundler.bundle_path.exist?
-    rescue Errno::EEXIST
-      raise PathError, "Could not install to path `#{Bundler.bundle_path}` " \
-        "because a file already exists at that path. Either remove or rename the file so the directory can be created."
-    end
-
     # returns whether or not a re-resolve was needed
     def resolve_if_needed(options)
       if !@definition.unlocking? && !options["force"] && !Bundler.settings[:inline] && Bundler.default_lockfile.file?

data/lib/bundler/lazy_specification.rb

@@ -84,7 +84,7 @@ module Bundler
         else
           ruby_platform_materializes_to_ruby_platform? ? self : Dependency.new(name, version)
         end
-        platform_object = Gem::Platform.new(platform)
+        platform_object = ruby_platform_materializes_to_ruby_platform? ? Gem::Platform.new(platform) : Gem::Platform.local
         candidates = source.specs.search(search_object)
         same_platform_candidates = candidates.select do |spec|
           MatchPlatform.platforms_match?(spec.platform, platform_object)
@@ -152,7 +152,7 @@ module Bundler
     # explicitly add a more specific platform.
     #
     def ruby_platform_materializes_to_ruby_platform?
-      !Bundler.most_specific_locked_platform?(Gem::Platform::RUBY) || Bundler.settings[:force_ruby_platform]
+      !Bundler.most_specific_locked_platform?(generic_local_platform) || Bundler.settings[:force_ruby_platform]
     end
   end
 end

data/lib/bundler/man/bundle-add.1

@@ -41,7 +41,7 @@ Specify version requirements(s) for the added gem\.
 Specify the group(s) for the added gem\. Multiple groups should be separated by commas\.
 .
 .TP
-\fB\-\-source\fR, , \fB\-s\fR
+\fB\-\-source\fR, \fB\-s\fR
 Specify the source for the added gem\.
 .
 .TP

data/lib/bundler/man/bundle-add.1.ronn

@@ -27,7 +27,7 @@ bundle add rails --group "development, test"
 * `--group`, `-g`:
   Specify the group(s) for the added gem. Multiple groups should be separated by commas.
 
-* `--source`, , `-s`:
+* `--source`, `-s`:
   Specify the source for the added gem.
 
 * `--require`, `-r`:

data/lib/bundler/match_platform.rb

@@ -15,7 +15,6 @@ module Bundler
       return true if Gem::Platform::RUBY == gemspec_platform
       return true if local_platform == gemspec_platform
       gemspec_platform = Gem::Platform.new(gemspec_platform)
-      return true if GemHelpers.generic(gemspec_platform) === local_platform
       return true if gemspec_platform === local_platform
 
       false

data/lib/bundler/plugin/api/source.rb

@@ -258,7 +258,7 @@ module Bundler
           @dependencies |= Array(names)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def can_lock?(spec)
           spec.source == self
         end
@@ -285,7 +285,7 @@ module Bundler
         end
         alias_method :identifier, :to_s
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def include?(other)
           other == self
         end
@@ -294,7 +294,7 @@ module Bundler
           SharedHelpers.digest(:SHA1).hexdigest(uri)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def gem_install_dir
           Bundler.install_path
         end

data/lib/bundler/process_lock.rb

@@ -12,7 +12,7 @@ module Bundler
         yield
         f.flock(File::LOCK_UN)
       end
-    rescue Errno::EACCES, Errno::ENOLCK, Errno::ENOTSUP
+    rescue Errno::EACCES, Errno::ENOLCK, Errno::ENOTSUP, Errno::EPERM, Errno::EROFS
       # In the case the user does not have access to
       # create the lock file or is using NFS where
       # locks are not available we skip locking.

data/lib/bundler/resolver.rb

@@ -19,13 +19,15 @@ module Bundler
     #   collection of gemspecs is returned. Otherwise, nil is returned.
     def self.resolve(requirements, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
       base = SpecSet.new(base) unless base.is_a?(SpecSet)
-      resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+      metadata_requirements, regular_requirements = requirements.partition {|dep| dep.name.end_with?("\0") }
+      resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms, metadata_requirements)
       result = resolver.start(requirements)
-      SpecSet.new(SpecSet.new(result).for(requirements.reject {|dep| dep.name.end_with?("\0") }))
+      SpecSet.new(SpecSet.new(result).for(regular_requirements))
     end
 
-    def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+    def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms, metadata_requirements)
       @source_requirements = source_requirements
+      @metadata_requirements = metadata_requirements
       @base = base
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
@@ -231,19 +233,17 @@ module Bundler
     # before dependencies that are unconstrained
     def amount_constrained(dependency)
       @amount_constrained ||= {}
-      @amount_constrained[dependency.name] ||= begin
-        if (base = @base[dependency.name]) && !base.empty?
-          dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
-        else
-          all = index_for(dependency).search(dependency.name).size
+      @amount_constrained[dependency.name] ||= if (base = @base[dependency.name]) && !base.empty?
+        dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
+      else
+        all = index_for(dependency).search(dependency.name).size
 
-          if all <= 1
-            all - 1_000_000
-          else
-            search = search_for(dependency)
-            search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
-            search - all
-          end
+        if all <= 1
+          all - 1_000_000
+        else
+          search = search_for(dependency)
+          search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
+          search - all
         end
       end
     end
@@ -284,7 +284,7 @@ module Bundler
       if specs_matching_requirement.any?
         specs = specs_matching_requirement
         matching_part = requirement_label
-        requirement_label = "#{requirement_label} #{requirement.__platform}"
+        requirement_label = "#{requirement_label}' with platform '#{requirement.__platform}"
       end
 
       message = String.new("Could not find gem '#{requirement_label}'#{extra_message} in #{source}#{cache_message}.\n")
@@ -344,8 +344,6 @@ module Bundler
             trees.sort_by! {|t| t.reverse.map(&:name) }
           end
 
-          metadata_requirements = {}
-
           o << trees.map do |tree|
             t = "".dup
             depth = 2
@@ -354,7 +352,6 @@ module Bundler
             base_tree_name = base_tree.name
 
             if base_tree_name.end_with?("\0")
-              metadata_requirements[base_tree_name] = base_tree
               t = nil
             else
               tree.each do |req|
@@ -393,10 +390,10 @@ module Bundler
               end
             end
           elsif name.end_with?("\0")
-            o << %(\n  Current #{name} version:\n    #{SharedHelpers.pretty_dependency(metadata_requirements[name])}\n\n)
+            o << %(\n  Current #{name} version:\n    #{SharedHelpers.pretty_dependency(@metadata_requirements.find {|req| req.name == name })}\n\n)
           elsif conflict.locked_requirement
             o << "\n"
-            o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
+            o << %(Deleting your #{name_for_locking_dependency_source} file and running `bundle install` will rebuild your snapshot from scratch, using only\n)
             o << %(the gems in your Gemfile, which may resolve the conflict.\n)
           elsif !conflict.existing
             o << "\n"

data/lib/bundler/rubygems_ext.rb

@@ -216,11 +216,12 @@ module Gem
   require "rubygems/platform"
 
   class Platform
-    JAVA  = Gem::Platform.new("java") unless defined?(JAVA)
-    MSWIN = Gem::Platform.new("mswin32") unless defined?(MSWIN)
-    MSWIN64 = Gem::Platform.new("mswin64") unless defined?(MSWIN64)
-    MINGW = Gem::Platform.new("x86-mingw32") unless defined?(MINGW)
-    X64_MINGW = Gem::Platform.new("x64-mingw32") unless defined?(X64_MINGW)
+    JAVA  = Gem::Platform.new("java")
+    MSWIN = Gem::Platform.new("mswin32")
+    MSWIN64 = Gem::Platform.new("mswin64")
+    MINGW = Gem::Platform.new("x86-mingw32")
+    X64_MINGW = [Gem::Platform.new("x64-mingw32"),
+                 Gem::Platform.new("x64-mingw-ucrt")].freeze
   end
 
   Platform.singleton_class.module_eval do

data/lib/bundler/rubygems_gem_installer.rb

@@ -90,17 +90,20 @@ module Bundler
       end
     end
 
+    def spec
+      if Bundler.rubygems.provides?("< 3.3.12") # RubyGems implementation rescues and re-raises errors before 3.3.12 and we don't want that
+        @package.spec
+      else
+        super
+      end
+    end
+
     private
 
     def strict_rm_rf(dir)
-      # FileUtils.rm_rf should probably rise in case of permission issues like
-      # `rm -rf` does. However, it fails to delete the folder silently due to
-      # https://github.com/ruby/fileutils/issues/57. It should probably be fixed
-      # inside `fileutils` but for now I`m checking whether the folder was
-      # removed after it completes, and raising otherwise.
-      FileUtils.rm_rf dir
-
-      raise PermissionError.new(dir, :delete) if File.directory?(dir)
+      Bundler.rm_rf dir
+    rescue Errno::ENOTEMPTY => e
+      raise DirectoryRemovalError.new(e.cause, "Could not delete previous installation of `#{dir}`")
     end
 
     def validate_bundler_checksum(checksum)

data/lib/bundler/rubygems_integration.rb

@@ -203,20 +203,9 @@ module Bundler
       EXT_LOCK
     end
 
-    def spec_from_gem(path, policy = nil)
-      require "rubygems/security"
-      require "psych"
-      gem_from_path(path, security_policies[policy]).spec
-    rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
-      if e.is_a?(Gem::Security::Exception) ||
-          e.message =~ /unknown trust policy|unsigned gem/i ||
-          e.message =~ /couldn't verify (meta)?data signature/i
-        raise SecurityError,
-          "The gem #{File.basename(path, ".gem")} can't be installed because " \
-          "the security policy didn't allow it, with the message: #{e.message}"
-      else
-        raise e
-      end
+    def spec_from_gem(path)
+      require "rubygems/package"
+      Gem::Package.new(path).spec
     end
 
     def build_gem(gem_dir, spec)
@@ -514,13 +503,6 @@ module Bundler
       Gem::RemoteFetcher.new(proxy)
     end
 
-    def gem_from_path(path, policy = nil)
-      require "rubygems/package"
-      p = Gem::Package.new(path)
-      p.security_policy = policy if policy
-      p
-    end
-
     def build(spec, skip_validation = false)
       require "rubygems/package"
       Gem::Package.build(spec, skip_validation)

data/lib/bundler/settings.rb

@@ -487,7 +487,7 @@ module Bundler
       /ix.freeze
 
     def self.key_for(key)
-      key = normalize_uri(key).to_s if key.is_a?(String) && /https?:/ =~ key
+      key = normalize_uri(key).to_s if key.is_a?(String) && key.start_with?("http", "mirror.http")
       key = key.to_s.gsub(".", "__").gsub("-", "___").upcase
       "BUNDLE_#{key}"
     end

data/lib/bundler/source/git.rb

@@ -219,13 +219,11 @@ module Bundler
       # across different projects, this cache will be shared.
       # When using local git repos, this is set to the local repo.
       def cache_path
-        @cache_path ||= begin
-          if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
-            Bundler.user_cache
-          else
-            Bundler.bundle_path.join("cache", "bundler")
-          end.join("git", git_scope)
-        end
+        @cache_path ||= if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
+          Bundler.user_cache
+        else
+          Bundler.bundle_path.join("cache", "bundler")
+        end.join("git", git_scope)
       end
 
       def app_cache_dirname

data/lib/bundler/source/rubygems.rb

@@ -139,13 +139,9 @@ module Bundler
         force = options[:force]
         ensure_builtin_gems_cached = options[:ensure_builtin_gems_cached]
 
-        if ensure_builtin_gems_cached && spec.default_gem?
-          if !cached_path(spec)
-            cached_built_in_gem(spec) unless spec.remote
-            force = true
-          else
-            spec.loaded_from = loaded_from(spec)
-          end
+        if ensure_builtin_gems_cached && spec.default_gem? && !cached_path(spec)
+          cached_built_in_gem(spec) unless spec.remote
+          force = true
         end
 
         if installed?(spec) && !force
@@ -153,84 +149,92 @@ module Bundler
           return nil # no post-install message
         end
 
-        # Download the gem to get the spec, because some specs that are returned
-        # by rubygems.org are broken and wrong.
         if spec.remote
           # Check for this spec from other sources
-          uris = [spec.remote.anonymized_uri]
-          uris += remotes_for_spec(spec).map(&:anonymized_uri)
-          uris.uniq!
+          uris = [spec.remote, *remotes_for_spec(spec)].map(&:anonymized_uri).uniq
           Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1
 
           path = fetch_gem(spec, options[:previous_spec])
-          begin
-            s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"])
-            spec.__swap__(s)
+        else
+          path = cached_gem(spec)
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
+        end
+
+        return if Bundler.settings[:no_install]
+
+        if requires_sudo?
+          install_path = Bundler.tmp(spec.full_name)
+          bin_path     = install_path.join("bin")
+        else
+          install_path = rubygems_dir
+          bin_path     = Bundler.system_bindir
+        end
+
+        Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
+
+        require_relative "../rubygems_gem_installer"
+
+        installer = Bundler::RubyGemsGemInstaller.at(
+          path,
+          :security_policy     => Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
+          :install_dir         => install_path.to_s,
+          :bin_dir             => bin_path.to_s,
+          :ignore_dependencies => true,
+          :wrappers            => true,
+          :env_shebang         => true,
+          :build_args          => options[:build_args],
+          :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
+          :bundler_extension_cache_path => extension_cache_path(spec)
+        )
+
+        if spec.remote
+          s = begin
+            installer.spec
           rescue Gem::Package::FormatError
             Bundler.rm_rf(path)
             raise
+          rescue Gem::Security::Exception => e
+            raise SecurityError,
+             "The gem #{File.basename(path, ".gem")} can't be installed because " \
+             "the security policy didn't allow it, with the message: #{e.message}"
           end
+
+          spec.__swap__(s)
         end
 
-        unless Bundler.settings[:no_install]
-          message = "Installing #{version_message(spec, options[:previous_spec])}"
-          message += " with native extensions" if spec.extensions.any?
-          Bundler.ui.confirm message
+        message = "Installing #{version_message(spec, options[:previous_spec])}"
+        message += " with native extensions" if spec.extensions.any?
+        Bundler.ui.confirm message
 
-          path = cached_gem(spec)
-          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
-          if requires_sudo?
-            install_path = Bundler.tmp(spec.full_name)
-            bin_path     = install_path.join("bin")
-          else
-            install_path = rubygems_dir
-            bin_path     = Bundler.system_bindir
-          end
+        installed_spec = installer.install
 
-          Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
-
-          require_relative "../rubygems_gem_installer"
-
-          installed_spec = Bundler::RubyGemsGemInstaller.at(
-            path,
-            :install_dir         => install_path.to_s,
-            :bin_dir             => bin_path.to_s,
-            :ignore_dependencies => true,
-            :wrappers            => true,
-            :env_shebang         => true,
-            :build_args          => options[:build_args],
-            :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
-            :bundler_extension_cache_path => extension_cache_path(spec)
-          ).install
-          spec.full_gem_path = installed_spec.full_gem_path
-
-          # SUDO HAX
-          if requires_sudo?
-            Bundler.rubygems.repository_subdirectories.each do |name|
-              src = File.join(install_path, name, "*")
-              dst = File.join(rubygems_dir, name)
-              if name == "extensions" && Dir.glob(src).any?
-                src = File.join(src, "*/*")
-                ext_src = Dir.glob(src).first
-                ext_src.gsub!(src[0..-6], "")
-                dst = File.dirname(File.join(dst, ext_src))
-              end
-              SharedHelpers.filesystem_access(dst) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+        spec.full_gem_path = installed_spec.full_gem_path
+        spec.loaded_from = installed_spec.loaded_from
+
+        # SUDO HAX
+        if requires_sudo?
+          Bundler.rubygems.repository_subdirectories.each do |name|
+            src = File.join(install_path, name, "*")
+            dst = File.join(rubygems_dir, name)
+            if name == "extensions" && Dir.glob(src).any?
+              src = File.join(src, "*/*")
+              ext_src = Dir.glob(src).first
+              ext_src.gsub!(src[0..-6], "")
+              dst = File.dirname(File.join(dst, ext_src))
             end
+            SharedHelpers.filesystem_access(dst) do |p|
+              Bundler.mkdir_p(p)
+            end
+            Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+          end
 
-            spec.executables.each do |exe|
-              SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
+          spec.executables.each do |exe|
+            SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
+              Bundler.mkdir_p(p)
             end
+            Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
           end
-          installed_spec.loaded_from = loaded_from(spec)
         end
-        spec.loaded_from = loaded_from(spec)
 
         spec.post_install_message
       ensure
@@ -348,10 +352,6 @@ module Bundler
         end
       end
 
-      def loaded_from(spec)
-        "#{rubygems_dir}/specifications/#{spec.full_name}.gemspec"
-      end
-
       def cached_gem(spec)
         if spec.default_gem?
           cached_built_in_gem(spec)
@@ -364,10 +364,14 @@ module Bundler
         global_cache_path = download_cache_path(spec)
         @caches << global_cache_path if global_cache_path
 
-        possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" }
+        possibilities = @caches.map {|p| package_path(p, spec) }
         possibilities.find {|p| File.exist?(p) }
       end
 
+      def package_path(cache_path, spec)
+        "#{cache_path}/#{spec.file_name}"
+      end
+
       def normalize_uri(uri)
         uri = uri.to_s
         uri = "#{uri}/" unless uri =~ %r{/$}
@@ -459,12 +463,11 @@ module Bundler
       end
 
       def fetch_gem(spec, previous_spec = nil)
-        return false unless spec.remote
-
         spec.fetch_platform
 
         cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir)
-        gem_path = "#{cache_path}/#{spec.file_name}"
+        gem_path = package_path(cache_path, spec)
+        return gem_path if File.exist?(gem_path)
 
         if requires_sudo?
           download_path = Bundler.tmp(spec.full_name)
@@ -482,7 +485,7 @@ module Bundler
           SharedHelpers.filesystem_access(cache_path) do |p|
             Bundler.mkdir_p(p)
           end
-          Bundler.sudo "mv #{download_cache_path}/#{spec.file_name} #{gem_path}"
+          Bundler.sudo "mv #{package_path(download_cache_path, spec)} #{gem_path}"
         end
 
         gem_path
@@ -499,7 +502,7 @@ module Bundler
       end
 
       def rubygems_dir
-        Bundler.rubygems.gem_dir
+        Bundler.bundle_path
       end
 
       def default_cache_path_for(dir)

data/lib/bundler/spec_set.rb

@@ -12,17 +12,19 @@ module Bundler
     end
 
     def for(dependencies, check = false, match_current_platform = false)
-      handled = []
+      # dep.name => [list, of, deps]
+      handled = Hash.new {|h, k| h[k] = [] }
       deps = dependencies.dup
       specs = []
 
       loop do
         break unless dep = deps.shift
-        next if handled.any? {|d| d.name == dep.name && (match_current_platform || d.__platform == dep.__platform) } || dep.name == "bundler"
+        next if handled[dep.name].any? {|d| match_current_platform || d.__platform == dep.__platform } || dep.name == "bundler"
 
-        handled << dep
+        # use a hash here to ensure constant lookup time in the `any?` call above
+        handled[dep.name] << dep
 
-        specs_for_dep = spec_for_dependency(dep, match_current_platform)
+        specs_for_dep = specs_for_dependency(dep, match_current_platform)
         if specs_for_dep.any?
           specs.concat(specs_for_dep)
 
@@ -171,12 +173,13 @@ module Bundler
       @specs.sort_by(&:name).each {|s| yield s }
     end
 
-    def spec_for_dependency(dep, match_current_platform)
-      specs_for_platforms = lookup[dep.name]
+    def specs_for_dependency(dep, match_current_platform)
+      specs_for_name = lookup[dep.name]
       if match_current_platform
-        GemHelpers.select_best_platform_match(specs_for_platforms.select {|s| Gem::Platform.match_spec?(s) }, Bundler.local_platform)
+        GemHelpers.select_best_platform_match(specs_for_name.select {|s| Gem::Platform.match_spec?(s) }, Bundler.local_platform)
       else
-        GemHelpers.select_best_platform_match(specs_for_platforms, dep.__platform)
+        specs_for_name_and_platform = GemHelpers.select_best_platform_match(specs_for_name, dep.__platform)
+        specs_for_name_and_platform.any? ? specs_for_name_and_platform : specs_for_name
       end
     end
 

data/lib/bundler/stub_specification.rb

@@ -64,9 +64,11 @@ module Bundler
     end
 
     def full_gem_path
-      # deleted gems can have their stubs return nil, so in that case grab the
-      # expired path from the full spec
-      stub.full_gem_path || method_missing(:full_gem_path)
+      stub.full_gem_path
+    end
+
+    def full_gem_path=(path)
+      stub.full_gem_path = path
     end
 
     def full_require_paths

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.3.14".freeze
+  VERSION = "2.3.17".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -97,6 +97,17 @@ module Bundler
       @bundle_path ||= Pathname.new(configured_bundle_path.path).expand_path(root)
     end
 
+    def create_bundle_path
+      SharedHelpers.filesystem_access(bundle_path.to_s) do |p|
+        mkdir_p(p)
+      end unless bundle_path.exist?
+
+      @bundle_path = bundle_path.realpath
+    rescue Errno::EEXIST
+      raise PathError, "Could not install to path `#{bundle_path}` " \
+        "because a file already exists at that path. Either remove or rename the file so the directory can be created."
+    end
+
     def configured_bundle_path
       @configured_bundle_path ||= settings.path.tap(&:validate!)
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.3.14
+  version: 2.3.17
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-05-18 00:00:00.000000000 Z
+date: 2022-06-29 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -369,7 +369,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.3.14
+rubygems_version: 3.3.17
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies