bundler 2.3.3 → 2.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88610a0ccc28d334ac316852f804afb36dc3d727790261c4f7d1c35d16e30cbf
-  data.tar.gz: 47dd496494e214a5679a93dc32822ba2469a96e46d39f57de1daee0cbe26f23e
+  metadata.gz: afa073e2d0f107d4d7c2c6906c399d5a04973d85c45416643a40ae23cf2acfe7
+  data.tar.gz: 7173281106d774a25a867f141a752e7b9617a36811375276d592f208e1dd7646
 SHA512:
-  metadata.gz: 4d8153145686030bcdde4b49d3ae5124cac3a621310e89427b4e88e8363d6700220415f16c112b4ae516437d02f2656d33a64aa9e61b8b5f324ed5ace3c0c4d7
-  data.tar.gz: fad2d2b90df5e52e986507ad6f54063476aae11ef365550118bfd0556d95d3c79b2e218bdf8fcb82c15d2a32bac824b77249cafc647b18a2eea4367e429bd1d6
+  metadata.gz: 6c97e621ce961b554ce5a20ee0e78d4ada40fdf169994e9a67dd45bd1df4a29fe936dc79bfb3b4d01a3eb1bf91ae6d33b5028f291ba59cefaf506dccb9e4d53c
+  data.tar.gz: 6d58dbb998751182e6b9fb3f1b6cd41626202dfb92c76a7744346068b0e854d6813e8b62cf5288170f04f3744cc5ea5cb55fcf6da80b17c37ad7db3f15d0098a

data/CHANGELOG.md

@@ -1,3 +1,53 @@
+# 2.3.7 (February 9, 2022)
+
+## Enhancements:
+
+  - Don't activate `yaml` gem from Bundler [#5277](https://github.com/rubygems/rubygems/pull/5277)
+  - Add Reverse Dependencies section to info command [#3966](https://github.com/rubygems/rubygems/pull/3966)
+
+## Bug fixes:
+
+  - Don't silently persist `BUNDLE_WITH` and `BUNDLE_WITHOUT` envs locally [#5335](https://github.com/rubygems/rubygems/pull/5335)
+  - Fix `bundle config` inside an application saving configuration globally [#4152](https://github.com/rubygems/rubygems/pull/4152)
+
+# 2.3.6 (January 26, 2022)
+
+## Enhancements:
+
+  - Use `Gem::Platform.local` instead of `RUBY_PLATFORM` when displaying local platform [#5306](https://github.com/rubygems/rubygems/pull/5306)
+  - Lock standard.yml to the required ruby version [#5284](https://github.com/rubygems/rubygems/pull/5284)
+  - Use `Fiddle` in `bundle doctor` to check for dynamic library presence [#5173](https://github.com/rubygems/rubygems/pull/5173)
+
+## Bug fixes:
+
+  - Fix edge case where gems were incorrectly removed from the lockfile [#5302](https://github.com/rubygems/rubygems/pull/5302)
+  - Fix `force_ruby_platform` ignored when lockfile includes current specific platform [#5304](https://github.com/rubygems/rubygems/pull/5304)
+  - Create minitest file to underscored path in "bundle gem" command with dashed gem name [#5273](https://github.com/rubygems/rubygems/pull/5273)
+  - Fix regression with old marshaled specs having null `required_rubygems_version` [#5291](https://github.com/rubygems/rubygems/pull/5291)
+
+# 2.3.5 (January 12, 2022)
+
+## Enhancements:
+
+  - Make `bundle update --bundler` actually lock to the latest bundler version (even if not yet installed) [#5182](https://github.com/rubygems/rubygems/pull/5182)
+  - Use thor-1.2.1 [#5260](https://github.com/rubygems/rubygems/pull/5260)
+  - Exclude bin directory for newgem template [#5259](https://github.com/rubygems/rubygems/pull/5259)
+
+## Bug fixes:
+
+  - Fix metadata requirements being bypassed when custom gem servers are used [#5256](https://github.com/rubygems/rubygems/pull/5256)
+  - Fix `rake build:checksum` writing checksum of package path, not package contents [#5250](https://github.com/rubygems/rubygems/pull/5250)
+
+# 2.3.4 (December 29, 2021)
+
+## Enhancements:
+
+  - Improve error message when `BUNDLED WITH` version does not exist [#5205](https://github.com/rubygems/rubygems/pull/5205)
+
+## Bug fixes:
+
+  - Fix `bundle update --bundler` no longer updating lockfile [#5224](https://github.com/rubygems/rubygems/pull/5224)
+
 # 2.3.3 (December 24, 2021)
 
 ## Bug fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-12-24".freeze
-    @git_commit_sha = "688b71febc".freeze
+    @built_at = "2022-02-09".freeze
+    @git_commit_sha = "bafe43c593".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/config.rb

@@ -180,7 +180,7 @@ module Bundler
         scopes = %w[global local].select {|s| options[s] }
         case scopes.size
         when 0
-          @scope = "global"
+          @scope = inside_app? ? "local" : "global"
           @explicit_scope = false
         when 1
           @scope = scopes.first
@@ -189,6 +189,15 @@ module Bundler
             "The options #{scopes.join " and "} were specified. Please only use one of the switches at a time."
         end
       end
+
+      private
+
+      def inside_app?
+        Bundler.root
+        true
+      rescue GemfileNotFound
+        false
+      end
     end
   end
 end

data/lib/bundler/cli/doctor.rb

@@ -2,6 +2,7 @@
 
 require "rbconfig"
 require "shellwords"
+require "fiddle"
 
 module Bundler
   class CLI::Doctor
@@ -71,7 +72,14 @@ module Bundler
 
       definition.specs.each do |spec|
         bundles_for_gem(spec).each do |bundle|
-          bad_paths = dylibs(bundle).select {|f| !File.exist?(f) }
+          bad_paths = dylibs(bundle).select do |f|
+            begin
+              Fiddle.dlopen(f)
+              false
+            rescue Fiddle::DLError
+              true
+            end
+          end
           if bad_paths.any?
             broken_links[spec] ||= []
             broken_links[spec].concat(bad_paths)

data/lib/bundler/cli/gem.rb

@@ -38,6 +38,7 @@ module Bundler
       namespaced_path = name.tr("-", "/")
       constant_name = name.gsub(/-[_-]*(?![_-]|$)/) { "::" }.gsub(/([_-]+|(::)|^)(.|$)/) { $2.to_s + $3.upcase }
       constant_array = constant_name.split("::")
+      minitest_constant_name = constant_array.clone.tap {|a| a[-1] = "Test#{a[-1]}" }.join("::") # Foo::Bar => Foo::TestBar
 
       use_git = Bundler.git_present? && options[:git]
 
@@ -69,6 +70,7 @@ module Bundler
         :git              => use_git,
         :github_username  => github_username.empty? ? "[USERNAME]" : github_username,
         :required_ruby_version => required_ruby_version,
+        :minitest_constant_name => minitest_constant_name,
       }
       ensure_safe_gem_name(name, constant_array)
 
@@ -104,9 +106,17 @@ module Bundler
           )
           config[:test_task] = :spec
         when "minitest"
+          # Generate path for minitest target file (FileList["test/**/test_*.rb"])
+          #   foo     => test/test_foo.rb
+          #   foo-bar => test/foo/test_bar.rb
+          #   foo_bar => test/test_foo_bar.rb
+          paths = namespaced_path.rpartition("/")
+          paths[2] = "test_#{paths[2]}"
+          minitest_namespaced_path = paths.join("")
+
           templates.merge!(
             "test/minitest/test_helper.rb.tt" => "test/test_helper.rb",
-            "test/minitest/test_newgem.rb.tt" => "test/test_#{namespaced_path}.rb"
+            "test/minitest/test_newgem.rb.tt" => "test/#{minitest_namespaced_path}.rb"
           )
           config[:test_task] = :test
         when "test-unit"

data/lib/bundler/cli/info.rb

@@ -73,7 +73,8 @@ module Bundler
       gem_info << "\tBug Tracker: #{metadata["bug_tracker_uri"]}\n" if metadata.key?("bug_tracker_uri")
       gem_info << "\tMailing List: #{metadata["mailing_list_uri"]}\n" if metadata.key?("mailing_list_uri")
       gem_info << "\tPath: #{spec.full_gem_path}\n"
-      gem_info << "\tDefault Gem: yes" if spec.respond_to?(:default_gem?) && spec.default_gem?
+      gem_info << "\tDefault Gem: yes\n" if spec.respond_to?(:default_gem?) && spec.default_gem?
+      gem_info << "\tReverse Dependencies: \n\t\t#{gem_dependencies.join("\n\t\t")}" if gem_dependencies.any?
 
       if name != "bundler" && spec.deleted_gem?
         return Bundler.ui.warn "The gem #{name} has been deleted. Gemspec information is still available though:\n#{gem_info}"
@@ -81,5 +82,13 @@ module Bundler
 
       Bundler.ui.info gem_info
     end
+
+    def gem_dependencies
+      @gem_dependencies ||= Bundler.definition.specs.map do |spec|
+        dependency = spec.dependencies.find {|dep| dep.name == gem_name }
+        next unless dependency
+        "#{spec.name} (#{spec.version}) depends on #{gem_name} (#{dependency.requirements_list.join(", ")})"
+      end.compact.sort
+    end
   end
 end

data/lib/bundler/cli/install.rb

@@ -135,32 +135,13 @@ module Bundler
     end
 
     def normalize_groups
-      options[:with] &&= options[:with].join(":").tr(" ", ":").split(":")
-      options[:without] &&= options[:without].join(":").tr(" ", ":").split(":")
-
       check_for_group_conflicts_in_cli_options
 
-      Bundler.settings.set_command_option :with, nil if options[:with] == []
-      Bundler.settings.set_command_option :without, nil if options[:without] == []
-
-      with = options.fetch(:with, [])
-      with |= Bundler.settings[:with].map(&:to_s)
-      with -= options[:without] if options[:without]
-
-      without = options.fetch(:without, [])
-      without |= Bundler.settings[:without].map(&:to_s)
-      without -= options[:with] if options[:with]
-
-      options[:with]    = with
-      options[:without] = without
-
-      unless Bundler.settings[:without] == options[:without] && Bundler.settings[:with] == options[:with]
-        # need to nil them out first to get around validation for backwards compatibility
-        Bundler.settings.set_command_option :without, nil
-        Bundler.settings.set_command_option :with,    nil
-        Bundler.settings.set_command_option :without, options[:without] - options[:with]
-        Bundler.settings.set_command_option :with,    options[:with]
-      end
+      # need to nil them out first to get around validation for backwards compatibility
+      Bundler.settings.set_command_option :without, nil
+      Bundler.settings.set_command_option :with,    nil
+      Bundler.settings.set_command_option :without, options[:without]
+      Bundler.settings.set_command_option :with,    options[:with]
     end
 
     def normalize_settings
@@ -184,7 +165,7 @@ module Bundler
 
       Bundler.settings.set_command_option_if_given :clean, options["clean"]
 
-      normalize_groups
+      normalize_groups if options[:without] || options[:with]
 
       options[:force] = options[:redownload]
     end

data/lib/bundler/cli/platform.rb

@@ -23,7 +23,7 @@ module Bundler
           output << "No ruby version specified"
         end
       else
-        output << "Your platform is: #{RUBY_PLATFORM}"
+        output << "Your platform is: #{Gem::Platform.local}"
         output << "Your app has gems that work on these platforms:\n#{platforms.join("\n")}"
 
         if ruby_version

data/lib/bundler/cli/update.rb

@@ -11,12 +11,16 @@ module Bundler
     def run
       Bundler.ui.level = "warn" if options[:quiet]
 
+      update_bundler = options[:bundler]
+
+      Bundler.self_manager.update_bundler_and_restart_with_it_if_needed(update_bundler) if update_bundler
+
       Plugin.gemfile_install(Bundler.default_gemfile) if Bundler.feature_flag.plugins?
 
       sources = Array(options[:source])
       groups  = Array(options[:group]).map(&:to_sym)
 
-      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !options[:bundler]
+      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !update_bundler
 
       if full_update && !options[:all]
         if Bundler.feature_flag.update_requires_all_flag?
@@ -49,7 +53,7 @@ module Bundler
 
         Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
                            :conservative => conservative,
-                           :bundler => options[:bundler])
+                           :bundler => update_bundler)
       end
 
       Bundler::CLI::Common.configure_gem_version_promoter(Bundler.definition, options)

data/lib/bundler/cli.rb

@@ -809,17 +809,10 @@ module Bundler
 
       current = Gem::Version.new(VERSION)
       return if current >= latest
-      latest_installed = Bundler.rubygems.find_name("bundler").map(&:version).max
 
-      installation = "To install the latest version, run `gem install bundler#{" --pre" if latest.prerelease?}`"
-      if latest_installed && latest_installed > current
-        suggestion = "To update to the most recent installed version (#{latest_installed}), run `bundle update --bundler`"
-        suggestion = "#{installation}\n#{suggestion}" if latest_installed < latest
-      else
-        suggestion = installation
-      end
-
-      Bundler.ui.warn "The latest bundler is #{latest}, but you are currently running #{current}.\n#{suggestion}"
+      Bundler.ui.warn \
+        "The latest bundler is #{latest}, but you are currently running #{current}.\n" \
+        "To update to the most recent version, run `bundle update --bundler`"
     rescue RuntimeError
       nil
     end

data/lib/bundler/compact_index_client/cache.rb

@@ -76,15 +76,6 @@ module Bundler
         end
       end
 
-      def specific_dependency(name, version, platform)
-        pattern = [version, platform].compact.join("-")
-        return nil if pattern.empty?
-
-        gem_lines = info_path(name).read
-        gem_line = gem_lines[/^#{Regexp.escape(pattern)}\b.*/, 0]
-        gem_line ? parse_gem(gem_line) : nil
-      end
-
       private
 
       def lines(path)

data/lib/bundler/compact_index_client.rb

@@ -73,12 +73,6 @@ module Bundler
       end.flatten(1)
     end
 
-    def spec(name, version, platform = nil)
-      Bundler::CompactIndexClient.debug { "spec(name = #{name}, version = #{version}, platform = #{platform})" }
-      update_info(name)
-      @cache.specific_dependency(name, version, platform)
-    end
-
     def update_and_parse_checksums!
       Bundler::CompactIndexClient.debug { "update_and_parse_checksums!" }
       return @info_checksums_by_name if @parsed_checksums

data/lib/bundler/definition.rb

@@ -265,7 +265,7 @@ module Bundler
         else
           # Run a resolve against the locally available gems
           Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
+          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true)
           Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
         end
       end
@@ -309,14 +309,6 @@ module Bundler
       end
     end
 
-    def locked_bundler_version
-      if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION)
-        new_version = Bundler::VERSION
-      end
-
-      new_version || @locked_bundler_version || Bundler::VERSION
-    end
-
     def locked_ruby_version
       return unless ruby_version
       if @unlock[:ruby] || !@locked_ruby_version
@@ -503,6 +495,7 @@ module Bundler
 
     def current_ruby_platform_locked?
       return false unless generic_local_platform == Gem::Platform::RUBY
+      return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
 
       current_platform_locked?
     end

data/lib/bundler/endpoint_specification.rb

@@ -5,14 +5,15 @@ module Bundler
   class EndpointSpecification < Gem::Specification
     include MatchPlatform
 
-    attr_reader :name, :version, :platform, :required_rubygems_version, :required_ruby_version, :checksum
+    attr_reader :name, :version, :platform, :checksum
     attr_accessor :source, :remote, :dependencies
 
-    def initialize(name, version, platform, dependencies, metadata = nil)
+    def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
       super()
       @name         = name
       @version      = Gem::Version.create version
       @platform     = platform
+      @spec_fetcher = spec_fetcher
       @dependencies = dependencies.map {|dep, reqs| build_dependency(dep, reqs) }
 
       @loaded_from          = nil
@@ -21,6 +22,14 @@ module Bundler
       parse_metadata(metadata)
     end
 
+    def required_ruby_version
+      @required_ruby_version ||= _remote_specification.required_ruby_version
+    end
+
+    def required_rubygems_version
+      @required_rubygems_version ||= _remote_specification.required_rubygems_version
+    end
+
     def fetch_platform
       @platform
     end
@@ -105,12 +114,21 @@ module Bundler
 
     private
 
+    def _remote_specification
+      @_remote_specification ||= @spec_fetcher.fetch_spec([@name, @version, @platform])
+    end
+
     def local_specification_path
       "#{base_dir}/specifications/#{full_name}.gemspec"
     end
 
     def parse_metadata(data)
-      return unless data
+      unless data
+        @required_ruby_version = nil
+        @required_rubygems_version = nil
+        return
+      end
+
       data.each do |k, v|
         next unless v
         case k.to_s

data/lib/bundler/env.rb

@@ -71,7 +71,7 @@ module Bundler
     def self.ruby_version
       str = String.new(RUBY_VERSION)
       str << "p#{RUBY_PATCHLEVEL}" if defined? RUBY_PATCHLEVEL
-      str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{RUBY_PLATFORM}]"
+      str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
     end
 
     def self.git_version

data/lib/bundler/fetcher/compact_index.rb

@@ -57,16 +57,6 @@ module Bundler
         gem_info
       end
 
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        contents = compact_index_client.spec(*spec)
-        return nil if contents.nil?
-        contents.unshift(spec.first)
-        contents[3].map! {|d| Gem::Dependency.new(*d) }
-        EndpointSpecification.new(*contents)
-      end
-      compact_index_request :fetch_spec
-
       def available?
         unless SharedHelpers.md5_available?
           Bundler.ui.debug("FIPS mode is enabled, bundler can't use the CompactIndex API")

data/lib/bundler/fetcher/index.rb

@@ -21,32 +21,6 @@ module Bundler
           raise HTTPError, "Could not fetch specs from #{display_uri} due to underlying error <#{e.message}>"
         end
       end
-
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        spec_file_name = "#{spec.join "-"}.gemspec"
-
-        uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
-        if uri.scheme == "file"
-          path = Bundler.rubygems.correct_for_windows_path(uri.path)
-          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
-        elsif cached_spec_path = gemspec_cached_path(spec_file_name)
-          Bundler.load_gemspec(cached_spec_path)
-        else
-          Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
-        end
-      rescue MarshalError
-        raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
-          "Your network or your gem server is probably having issues right now."
-      end
-
-      private
-
-      # cached gem specification path, if one exists
-      def gemspec_cached_path(spec_file_name)
-        paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-        paths.find {|path| File.file? path }
-      end
     end
   end
 end

data/lib/bundler/fetcher.rb

@@ -129,17 +129,15 @@ module Bundler
         specs = fetchers.last.specs(gem_names)
       else
         specs = []
-        fetchers.shift until fetchers.first.available? || fetchers.empty?
-        fetchers.dup.each do |f|
-          break unless f.api_fetcher? && !gem_names || !specs = f.specs(gem_names)
-          fetchers.delete(f)
+        @fetchers = fetchers.drop_while do |f|
+          !f.available? || (f.api_fetcher? && !gem_names) || !specs = f.specs(gem_names)
         end
         @use_api = false if fetchers.none?(&:api_fetcher?)
       end
 
       specs.each do |name, version, platform, dependencies, metadata|
         spec = if dependencies
-          EndpointSpecification.new(name, version, platform, dependencies, metadata)
+          EndpointSpecification.new(name, version, platform, self, dependencies, metadata)
         else
           RemoteSpecification.new(name, version, platform, self)
         end
@@ -242,7 +240,7 @@ module Bundler
         raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
 
         con = PersistentHTTP.new :name => "bundler", :proxy => :ENV
-        if gem_proxy = Bundler.rubygems.configuration[:http_proxy]
+        if gem_proxy = Gem.configuration[:http_proxy]
           con.proxy = Bundler::URI.parse(gem_proxy) if gem_proxy != :no_proxy
         end
 
@@ -253,8 +251,8 @@ module Bundler
         end
 
         ssl_client_cert = Bundler.settings[:ssl_client_cert] ||
-          (Bundler.rubygems.configuration.ssl_client_cert if
-            Bundler.rubygems.configuration.respond_to?(:ssl_client_cert))
+          (Gem.configuration.ssl_client_cert if
+            Gem.configuration.respond_to?(:ssl_client_cert))
         if ssl_client_cert
           pem = File.read(ssl_client_cert)
           con.cert = OpenSSL::X509::Certificate.new(pem)
@@ -272,8 +270,7 @@ module Bundler
     # cached gem specification path, if one exists
     def gemspec_cached_path(spec_file_name)
       paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-      paths = paths.select {|path| File.file? path }
-      paths.first
+      paths.find {|path| File.file? path }
     end
 
     HTTP_ERRORS = [
@@ -286,8 +283,8 @@ module Bundler
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
       ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
-        (Bundler.rubygems.configuration.ssl_ca_cert if
-          Bundler.rubygems.configuration.respond_to?(:ssl_ca_cert))
+        (Gem.configuration.ssl_ca_cert if
+          Gem.configuration.respond_to?(:ssl_ca_cert))
       if ssl_ca_cert
         if File.directory? ssl_ca_cert
           store.add_path ssl_ca_cert
@@ -301,8 +298,6 @@ module Bundler
       store
     end
 
-    private
-
     def remote_uri
       @remote.uri
     end

data/lib/bundler/gem_helper.rb

@@ -107,9 +107,9 @@ module Bundler
       SharedHelpers.filesystem_access(File.join(base, "checksums")) {|p| FileUtils.mkdir_p(p) }
       file_name = "#{File.basename(built_gem_path)}.sha512"
       require "digest/sha2"
-      checksum = ::Digest::SHA512.new.hexdigest(built_gem_path.to_s)
+      checksum = ::Digest::SHA512.file(built_gem_path).hexdigest
       target = File.join(base, "checksums", file_name)
-      File.write(target, checksum)
+      File.write(target, checksum + "\n")
       Bundler.ui.confirm "#{name} #{version} checksum written to checksums/#{file_name}."
     end
 

data/lib/bundler/lazy_specification.rb

@@ -90,11 +90,11 @@ module Bundler
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
         installable_candidates = same_platform_candidates.select do |spec|
-          !spec.is_a?(EndpointSpecification) ||
+          spec.is_a?(StubSpecification) ||
             (spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
               spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version))
         end
-        search = installable_candidates.last || same_platform_candidates.last
+        search = installable_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end

data/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,7 @@ module Bundler
     end
 
     def add_bundled_with
-      add_section("BUNDLED WITH", definition.locked_bundler_version.to_s)
+      add_section("BUNDLED WITH", Bundler::VERSION)
     end
 
     def add_section(name, value)

data/lib/bundler/remote_specification.rb

@@ -27,6 +27,13 @@ module Bundler
       @platform = _remote_specification.platform
     end
 
+    # A fallback is included because the original version of the specification
+    # API didn't include that field, so some marshalled specs in the index have it
+    # set to +nil+.
+    def required_rubygems_version
+      @required_rubygems_version ||= _remote_specification.required_rubygems_version || Gem::Requirement.default
+    end
+
     def full_name
       if platform == Gem::Platform::RUBY || platform.nil?
         "#{@name}-#{@version}"

data/lib/bundler/resolver/spec_group.rb

@@ -95,7 +95,7 @@ module Bundler
 
       def metadata_dependencies(platform)
         spec = @specs[platform].first
-        return [] unless spec.is_a?(Gem::Specification)
+        return [] if spec.is_a?(LazySpecification)
         dependencies = []
         if !spec.required_ruby_version.nil? && !spec.required_ruby_version.none?
           dependencies << DepProxy.get_proxy(Gem::Dependency.new("Ruby\0", spec.required_ruby_version), platform)

data/lib/bundler/resolver.rb

@@ -249,10 +249,11 @@ module Bundler
     end
 
     def verify_gemfile_dependencies_are_found!(requirements)
-      requirements.each do |requirement|
+      requirements.map! do |requirement|
         name = requirement.name
-        next if name == "bundler"
-        next unless search_for(requirement).empty?
+        next requirement if name == "bundler"
+        next requirement unless search_for(requirement).empty?
+        next unless requirement.current_platform?
 
         if (base = @base[name]) && !base.empty?
           version = base.first.version
@@ -266,7 +267,7 @@ module Bundler
           message = gem_not_found_message(name, requirement, source_for(name))
         end
         raise GemNotFound, message
-      end
+      end.compact!
     end
 
     def gem_not_found_message(name, requirement, source, extra_message = "")
@@ -358,24 +359,18 @@ module Bundler
             o << "\n"
             o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
             o << %(the gems in your Gemfile, which may resolve the conflict.\n)
-          elsif !conflict.existing
+          elsif !conflict.existing && !name.end_with?("\0")
             o << "\n"
 
             relevant_source = conflict.requirement.source || source_for(name)
 
-            metadata_requirement = name.end_with?("\0")
-
             extra_message = if conflict.requirement_trees.first.size > 1
               ", which is required by gem '#{SharedHelpers.pretty_dependency(conflict.requirement_trees.first[-2])}',"
             else
               ""
             end
 
-            if metadata_requirement
-              o << "#{SharedHelpers.pretty_dependency(conflict.requirement)}#{extra_message} is not available in #{relevant_source}"
-            else
-              o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
-            end
+            o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
           end
         end,
         :version_for_spec => lambda {|spec| spec.version },

data/lib/bundler/ruby_version.rb

@@ -103,7 +103,7 @@ module Bundler
 
     def self.system
       ruby_engine = RUBY_ENGINE.dup
-      ruby_version = ENV.fetch("BUNDLER_SPEC_RUBY_VERSION") { RUBY_VERSION }.dup
+      ruby_version = RUBY_VERSION.dup
       ruby_engine_version = RUBY_ENGINE_VERSION.dup
       patchlevel = RUBY_PATCHLEVEL.to_s
 

data/lib/bundler/rubygems_ext.rb

@@ -4,14 +4,12 @@ require "pathname"
 
 require "rubygems/specification"
 
-# Possible use in Gem::Specification#source below and require
-# shouldn't be deferred.
-require "rubygems/source"
-
 require_relative "match_platform"
 
 module Gem
   class Specification
+    include ::Bundler::MatchPlatform
+
     attr_accessor :remote, :location, :relative_loaded_from
 
     remove_method :source
@@ -81,6 +79,17 @@ module Gem
       gemfile
     end
 
+    # Backfill missing YAML require when not defined. Fixed since 3.1.0.pre1.
+    module YamlBackfiller
+      def to_yaml(opts = {})
+        Gem.load_yaml unless defined?(::YAML)
+
+        super(opts)
+      end
+    end
+
+    prepend YamlBackfiller
+
     def nondevelopment_dependencies
       dependencies - development_dependencies
     end
@@ -228,9 +237,3 @@ module Gem
     end
   end
 end
-
-module Gem
-  class Specification
-    include ::Bundler::MatchPlatform
-  end
-end

data/lib/bundler/rubygems_integration.rb

@@ -104,18 +104,6 @@ module Bundler
       obj.to_s
     end
 
-    def configuration
-      require_relative "psyched_yaml"
-      Gem.configuration
-    rescue Gem::SystemExitException, LoadError => e
-      Bundler.ui.error "#{e.class}: #{e.message}"
-      Bundler.ui.trace e
-      raise
-    rescue ::Psych::SyntaxError => e
-      raise YamlSyntaxError.new(e, "Your RubyGems configuration, which is " \
-        "usually located in ~/.gemrc, contains invalid YAML syntax.")
-    end
-
     def ruby_engine
       Gem.ruby_engine
     end
@@ -217,7 +205,7 @@ module Bundler
 
     def spec_from_gem(path, policy = nil)
       require "rubygems/security"
-      require_relative "psyched_yaml"
+      require "psych"
       gem_from_path(path, security_policies[policy]).spec
     rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
       if e.is_a?(Gem::Security::Exception) ||
@@ -522,7 +510,7 @@ module Bundler
 
     def gem_remote_fetcher
       require "rubygems/remote_fetcher"
-      proxy = configuration[:http_proxy]
+      proxy = Gem.configuration[:http_proxy]
       Gem::RemoteFetcher.new(proxy)
     end
 

data/lib/bundler/self_manager.rb

@@ -9,7 +9,7 @@ module Bundler
     def restart_with_locked_bundler_if_needed
       return unless needs_switching? && installed?
 
-      restart_with_locked_bundler
+      restart_with(lockfile_version)
     end
 
     def install_locked_bundler_and_restart_with_it_if_needed
@@ -19,23 +19,48 @@ module Bundler
         "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
         "Installing Bundler #{lockfile_version} and restarting using that version."
 
-      install_and_restart_with_locked_bundler
+      install_and_restart_with(lockfile_version)
+    end
+
+    def update_bundler_and_restart_with_it_if_needed(target)
+      return unless autoswitching_applies?
+
+      spec = resolve_update_version_from(target)
+      return unless spec
+
+      version = spec.version
+
+      Bundler.ui.info "Updating bundler to #{version}."
+
+      install(spec)
+
+      restart_with(version)
     end
 
     private
 
-    def install_and_restart_with_locked_bundler
-      bundler_dep = Gem::Dependency.new("bundler", lockfile_version)
+    def install_and_restart_with(version)
+      requirement = Gem::Requirement.new(version)
+      spec = find_latest_matching_spec(requirement)
 
-      Gem.install(bundler_dep)
+      if spec.nil?
+        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
+        return
+      end
+
+      install(spec)
     rescue StandardError => e
       Bundler.ui.trace e
       Bundler.ui.warn "There was an error installing the locked bundler version (#{lockfile_version}), rerun with the `--verbose` flag for more details. Going on using bundler #{current_version}."
     else
-      restart_with_locked_bundler
+      restart_with(version)
+    end
+
+    def install(spec)
+      spec.source.install(spec)
     end
 
-    def restart_with_locked_bundler
+    def restart_with(version)
       configured_gem_home = ENV["GEM_HOME"]
       configured_gem_path = ENV["GEM_PATH"]
 
@@ -44,33 +69,100 @@ module Bundler
 
       Bundler.with_original_env do
         Kernel.exec(
-          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => lockfile_version },
+          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => version.to_s },
           *cmd
         )
       end
     end
 
     def needs_switching?
+      autoswitching_applies? &&
+        released?(lockfile_version) &&
+        !running?(lockfile_version) &&
+        !updating?
+    end
+
+    def autoswitching_applies?
       ENV["BUNDLER_VERSION"].nil? &&
         Bundler.rubygems.supports_bundler_trampolining? &&
         SharedHelpers.in_bundle? &&
-        lockfile_version &&
-        !lockfile_version.end_with?(".dev") &&
-        lockfile_version != current_version
+        lockfile_version
+    end
+
+    def resolve_update_version_from(target)
+      requirement = Gem::Requirement.new(target)
+      update_candidate = find_latest_matching_spec(requirement)
+
+      if update_candidate.nil?
+        raise InvalidOption, "The `bundle update --bundler` target version (#{target}) does not exist"
+      end
+
+      resolved_version = update_candidate.version
+      needs_update = requirement.specific? ? !running?(resolved_version) : running_older_than?(resolved_version)
+
+      return unless needs_update
+
+      update_candidate
+    end
+
+    def local_specs
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+    end
+
+    def remote_specs
+      @remote_specs ||= begin
+        source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
+        source.remote!
+        source.add_dependency_names("bundler")
+        source.specs
+      end
+    end
+
+    def find_latest_matching_spec(requirement)
+      local_result = find_latest_matching_spec_from_collection(local_specs, requirement)
+      return local_result if local_result && requirement.specific?
+
+      remote_result = find_latest_matching_spec_from_collection(remote_specs, requirement)
+      return remote_result if local_result.nil?
+
+      [local_result, remote_result].max
+    end
+
+    def find_latest_matching_spec_from_collection(specs, requirement)
+      specs.sort.reverse_each.find {|spec| requirement.satisfied_by?(spec.version) }
+    end
+
+    def running?(version)
+      version == current_version
+    end
+
+    def running_older_than?(version)
+      current_version < version
+    end
+
+    def released?(version)
+      !version.to_s.end_with?(".dev")
+    end
+
+    def updating?
+      "update".start_with?(ARGV.first || " ") && ARGV[1..-1].any? {|a| a.start_with?("--bundler") }
     end
 
     def installed?
       Bundler.configure
 
-      Bundler.rubygems.find_bundler(lockfile_version)
+      Bundler.rubygems.find_bundler(lockfile_version.to_s)
     end
 
     def current_version
-      @current_version ||= Bundler::VERSION
+      @current_version ||= Gem::Version.new(Bundler::VERSION)
     end
 
     def lockfile_version
-      @lockfile_version ||= Bundler::LockfileParser.bundled_with
+      return @lockfile_version if defined?(@lockfile_version)
+
+      parsed_version = Bundler::LockfileParser.bundled_with
+      @lockfile_version = parsed_version ? Gem::Version.new(parsed_version) : nil
     end
   end
 end

data/lib/bundler/settings.rb

@@ -367,7 +367,7 @@ module Bundler
 
     def to_array(value)
       return [] unless value
-      value.split(":").map(&:to_sym)
+      value.tr(" ", ":").split(":").map(&:to_sym)
     end
 
     def array_to_s(array)

data/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
     end
   end
   spec.bindir = "exe"

data/lib/bundler/templates/newgem/standard.yml.tt

@@ -1,2 +1,3 @@
 # For available configuration options, see:
 #   https://github.com/testdouble/standard
+ruby_version: <%= ::Gem::Version.new(config[:required_ruby_version]).segments[0..1].join(".") %>

data/lib/bundler/templates/newgem/test/minitest/test_newgem.rb.tt

@@ -2,7 +2,7 @@
 
 require "test_helper"
 
-class Test<%= config[:constant_name] %> < Minitest::Test
+class <%= config[:minitest_constant_name] %> < Minitest::Test
   def test_that_it_has_a_version_number
     refute_nil ::<%= config[:constant_name] %>::VERSION
   end

data/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb

@@ -107,10 +107,7 @@ class Bundler::Thor
       #
       def replace!(regexp, string, force)
         content = File.read(destination)
-        before, after = content.split(regexp, 2)
-        snippet = (behavior == :after ? after : before).to_s
-
-        if force || !snippet.include?(replacement)
+        if force || !content.include?(replacement)
           success = content.gsub!(regexp, string)
 
           File.open(destination, "wb") { |file| file.write(content) } unless pretend?

data/lib/bundler/vendor/thor/lib/thor/version.rb

@@ -1,3 +1,3 @@
 class Bundler::Thor
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.3.3".freeze
+  VERSION = "2.3.7".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -654,7 +654,7 @@ EOF
     private
 
     def eval_yaml_gemspec(path, contents)
-      require_relative "bundler/psyched_yaml"
+      Kernel.require "psych"
 
       Gem::Specification.from_yaml(contents)
     rescue ::Psych::SyntaxError, ArgumentError, Gem::EndOfYAMLException, Gem::Exception

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.3.3
+  version: 2.3.7
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-24 00:00:00.000000000 Z
+date: 2022-02-09 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -178,7 +178,6 @@ files:
 - lib/bundler/plugin/installer/rubygems.rb
 - lib/bundler/plugin/source_list.rb
 - lib/bundler/process_lock.rb
-- lib/bundler/psyched_yaml.rb
 - lib/bundler/remote_specification.rb
 - lib/bundler/resolver.rb
 - lib/bundler/resolver/spec_group.rb
@@ -370,7 +369,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies

data/lib/bundler/psyched_yaml.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-begin
-  require "psych"
-rescue LoadError
-  # Apparently Psych wasn't available. Oh well.
-end
-
-# At least load the YAML stdlib, whatever that may be
-require "yaml" unless defined?(YAML.dump)