bundler 2.3.6 → 2.3.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a47da55ac7611bc2d11a3e51335e288b92eee55c4f9fc9359372cd6f22ee4467
-  data.tar.gz: dcc894fbd93a03bf1b7e26613ae130524f54dbc8f16bad8d8adf94920138b733
+  metadata.gz: ca4612ca3c9f9acd51a52eec231ee4e24ef8ad71d1969ac3c13c838b2b0e6e02
+  data.tar.gz: f46c141021cf42282aeb235f781435ade45c2e29aea19275678d81cfa85beace
 SHA512:
-  metadata.gz: 4be9c6e3666eca2820132aaf02969ace58cbe9530743cbe34192c626f777a71c9997ad3e4d82a5c06dbcc111a5b45c669ffdde45b855cb62e49df2667b0c088e
-  data.tar.gz: 6cddfad4cec130c09bab8abef8608a1379bf07782bb36960fffbe4db071231e9dd3e4f0617573b9131b7a1a2e2faf3af81654b39a42d1c7e506297c0492f04d6
+  metadata.gz: 759454ffe3fd64d2f408166aceb9a37935a35513ccfb6870bee2280769e382ebadb09709069b82ebdd971bbb4c99a59372673a6ba0960c13a157b70e2f7afe4a
+  data.tar.gz: b5291cdc8f5c842f1e7a11a6b2ca86981b7222f7d52457e4ce0121c5526e786aecae09b435e76d088b02bebf13b948688a9509e03639e6f6b656657ea5d9bdcb

data/CHANGELOG.md

@@ -1,3 +1,38 @@
+# 2.3.9 (March 9, 2022)
+
+## Enhancements:
+
+  - Add newline to validate_platforms! message when platform is missing [#5353](https://github.com/rubygems/rubygems/pull/5353)
+  - Suggest quicker `bundle add` for installation in `README.md` generated by `bundle gem` [#5337](https://github.com/rubygems/rubygems/pull/5337)
+  - Make `--strict` flag of `update` and `outdated` commands consistent [#5379](https://github.com/rubygems/rubygems/pull/5379)
+
+## Bug fixes:
+
+  - Fix regression when activating gem executables caused by Bundler monkey patches to RubyGems [#5386](https://github.com/rubygems/rubygems/pull/5386)
+
+# 2.3.8 (February 23, 2022)
+
+## Bug fixes:
+
+  - Fix corrupted lockfile when running `bundle check` and having to re-resolve locally [#5344](https://github.com/rubygems/rubygems/pull/5344)
+  - Fix typo in multiple gemfiles warning [#5342](https://github.com/rubygems/rubygems/pull/5342)
+
+## Documentation:
+
+  - Add clarification for bundle-config "with" option [#5346](https://github.com/rubygems/rubygems/pull/5346)
+
+# 2.3.7 (February 9, 2022)
+
+## Enhancements:
+
+  - Don't activate `yaml` gem from Bundler [#5277](https://github.com/rubygems/rubygems/pull/5277)
+  - Add Reverse Dependencies section to info command [#3966](https://github.com/rubygems/rubygems/pull/3966)
+
+## Bug fixes:
+
+  - Don't silently persist `BUNDLE_WITH` and `BUNDLE_WITHOUT` envs locally [#5335](https://github.com/rubygems/rubygems/pull/5335)
+  - Fix `bundle config` inside an application saving configuration globally [#4152](https://github.com/rubygems/rubygems/pull/4152)
+
 # 2.3.6 (January 26, 2022)
 
 ## Enhancements:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2022-01-26".freeze
-    @git_commit_sha = "056f64c33a".freeze
+    @built_at = "2022-03-09".freeze
+    @git_commit_sha = "7f90c0083a".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/common.rb

@@ -109,7 +109,7 @@ module Bundler
 
       definition.gem_version_promoter.tap do |gvp|
         gvp.level = patch_level.first || :major
-        gvp.strict = options[:strict] || options["update-strict"] || options["filter-strict"]
+        gvp.strict = options[:strict] || options["filter-strict"]
       end
     end
 

data/lib/bundler/cli/config.rb

@@ -180,7 +180,7 @@ module Bundler
         scopes = %w[global local].select {|s| options[s] }
         case scopes.size
         when 0
-          @scope = "global"
+          @scope = inside_app? ? "local" : "global"
           @explicit_scope = false
         when 1
           @scope = scopes.first
@@ -189,6 +189,15 @@ module Bundler
             "The options #{scopes.join " and "} were specified. Please only use one of the switches at a time."
         end
       end
+
+      private
+
+      def inside_app?
+        Bundler.root
+        true
+      rescue GemfileNotFound
+        false
+      end
     end
   end
 end

data/lib/bundler/cli/info.rb

@@ -73,7 +73,8 @@ module Bundler
       gem_info << "\tBug Tracker: #{metadata["bug_tracker_uri"]}\n" if metadata.key?("bug_tracker_uri")
       gem_info << "\tMailing List: #{metadata["mailing_list_uri"]}\n" if metadata.key?("mailing_list_uri")
       gem_info << "\tPath: #{spec.full_gem_path}\n"
-      gem_info << "\tDefault Gem: yes" if spec.respond_to?(:default_gem?) && spec.default_gem?
+      gem_info << "\tDefault Gem: yes\n" if spec.respond_to?(:default_gem?) && spec.default_gem?
+      gem_info << "\tReverse Dependencies: \n\t\t#{gem_dependencies.join("\n\t\t")}" if gem_dependencies.any?
 
       if name != "bundler" && spec.deleted_gem?
         return Bundler.ui.warn "The gem #{name} has been deleted. Gemspec information is still available though:\n#{gem_info}"
@@ -81,5 +82,13 @@ module Bundler
 
       Bundler.ui.info gem_info
     end
+
+    def gem_dependencies
+      @gem_dependencies ||= Bundler.definition.specs.map do |spec|
+        dependency = spec.dependencies.find {|dep| dep.name == gem_name }
+        next unless dependency
+        "#{spec.name} (#{spec.version}) depends on #{gem_name} (#{dependency.requirements_list.join(", ")})"
+      end.compact.sort
+    end
   end
 end

data/lib/bundler/cli/install.rb

@@ -135,32 +135,13 @@ module Bundler
     end
 
     def normalize_groups
-      options[:with] &&= options[:with].join(":").tr(" ", ":").split(":")
-      options[:without] &&= options[:without].join(":").tr(" ", ":").split(":")
-
       check_for_group_conflicts_in_cli_options
 
-      Bundler.settings.set_command_option :with, nil if options[:with] == []
-      Bundler.settings.set_command_option :without, nil if options[:without] == []
-
-      with = options.fetch(:with, [])
-      with |= Bundler.settings[:with].map(&:to_s)
-      with -= options[:without] if options[:without]
-
-      without = options.fetch(:without, [])
-      without |= Bundler.settings[:without].map(&:to_s)
-      without -= options[:with] if options[:with]
-
-      options[:with]    = with
-      options[:without] = without
-
-      unless Bundler.settings[:without] == options[:without] && Bundler.settings[:with] == options[:with]
-        # need to nil them out first to get around validation for backwards compatibility
-        Bundler.settings.set_command_option :without, nil
-        Bundler.settings.set_command_option :with,    nil
-        Bundler.settings.set_command_option :without, options[:without] - options[:with]
-        Bundler.settings.set_command_option :with,    options[:with]
-      end
+      # need to nil them out first to get around validation for backwards compatibility
+      Bundler.settings.set_command_option :without, nil
+      Bundler.settings.set_command_option :with,    nil
+      Bundler.settings.set_command_option :without, options[:without]
+      Bundler.settings.set_command_option :with,    options[:with]
     end
 
     def normalize_settings
@@ -184,7 +165,7 @@ module Bundler
 
       Bundler.settings.set_command_option_if_given :clean, options["clean"]
 
-      normalize_groups
+      normalize_groups if options[:without] || options[:with]
 
       options[:force] = options[:redownload]
     end

data/lib/bundler/cli.rb

@@ -391,7 +391,7 @@ module Bundler
       are up to date, Bundler will exit with a status of 0. Otherwise, it will exit 1.
 
       For more information on patch level options (--major, --minor, --patch,
-      --update-strict) see documentation on the same options on the update command.
+      --strict) see documentation on the same options on the update command.
     D
     method_option "group", :type => :string, :banner => "List gems from a specific group"
     method_option "groups", :type => :boolean, :banner => "List gems organized by groups"
@@ -399,10 +399,9 @@ module Bundler
       "Do not attempt to fetch gems remotely and use the gem cache instead"
     method_option "pre", :type => :boolean, :banner => "Check for newer pre-release gems"
     method_option "source", :type => :array, :banner => "Check against a specific source"
-    strict_is_update = Bundler.feature_flag.forget_cli_options?
-    method_option "filter-strict", :type => :boolean, :aliases => strict_is_update ? [] : %w[--strict], :banner =>
+    method_option "filter-strict", :type => :boolean, :banner =>
       "Only list newer versions allowed by your Gemfile requirements"
-    method_option "update-strict", :type => :boolean, :aliases => strict_is_update ? %w[--strict] : [], :banner =>
+    method_option "strict", :type => :boolean, :aliases => "--update-strict", :banner =>
       "Strict conservative resolution, do not allow any gem to be updated past latest --patch | --minor | --major"
     method_option "minor", :type => :boolean, :banner => "Prefer updating only to next minor version"
     method_option "major", :type => :boolean, :banner => "Prefer updating to next major version (default)"

data/lib/bundler/definition.rb

@@ -432,7 +432,7 @@ module Bundler
 
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
         "but your local platform is #{Bundler.local_platform}. " \
-        "Add the current platform to the lockfile with `bundle lock --add-platform #{Bundler.local_platform}` and try again."
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{Bundler.local_platform}` and try again."
     end
 
     def add_platform(platform)
@@ -782,6 +782,7 @@ module Bundler
       else
         { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
+      source_requirements.merge!(source_map.locked_requirements) unless @remote
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
@@ -828,7 +829,7 @@ module Bundler
     end
 
     def source_map
-      @source_map ||= SourceMap.new(sources, dependencies)
+      @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
   end
 end

data/lib/bundler/fetcher.rb

@@ -240,7 +240,7 @@ module Bundler
         raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
 
         con = PersistentHTTP.new :name => "bundler", :proxy => :ENV
-        if gem_proxy = Bundler.rubygems.configuration[:http_proxy]
+        if gem_proxy = Gem.configuration[:http_proxy]
           con.proxy = Bundler::URI.parse(gem_proxy) if gem_proxy != :no_proxy
         end
 
@@ -251,8 +251,8 @@ module Bundler
         end
 
         ssl_client_cert = Bundler.settings[:ssl_client_cert] ||
-          (Bundler.rubygems.configuration.ssl_client_cert if
-            Bundler.rubygems.configuration.respond_to?(:ssl_client_cert))
+          (Gem.configuration.ssl_client_cert if
+            Gem.configuration.respond_to?(:ssl_client_cert))
         if ssl_client_cert
           pem = File.read(ssl_client_cert)
           con.cert = OpenSSL::X509::Certificate.new(pem)
@@ -283,8 +283,8 @@ module Bundler
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
       ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
-        (Bundler.rubygems.configuration.ssl_ca_cert if
-          Bundler.rubygems.configuration.respond_to?(:ssl_ca_cert))
+        (Gem.configuration.ssl_ca_cert if
+          Gem.configuration.respond_to?(:ssl_ca_cert))
       if ssl_ca_cert
         if File.directory? ssl_ca_cert
           store.add_path ssl_ca_cert

data/lib/bundler/man/bundle-add.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-ADD" "1" "December 2021" "" ""
+.TH "BUNDLE\-ADD" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install

data/lib/bundler/man/bundle-binstubs.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-BINSTUBS" "1" "December 2021" "" ""
+.TH "BUNDLE\-BINSTUBS" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems

data/lib/bundler/man/bundle-cache.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CACHE" "1" "December 2021" "" ""
+.TH "BUNDLE\-CACHE" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application

data/lib/bundler/man/bundle-check.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CHECK" "1" "December 2021" "" ""
+.TH "BUNDLE\-CHECK" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems

data/lib/bundler/man/bundle-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CLEAN" "1" "December 2021" "" ""
+.TH "BUNDLE\-CLEAN" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory

data/lib/bundler/man/bundle-config.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-CONFIG" "1" "December 2021" "" ""
+.TH "BUNDLE\-CONFIG" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
@@ -83,7 +83,7 @@ A space\-separated list of groups referencing gems to skip during installation\.
 .
 .TP
 \fBwith\fR
-A space\-separated list of groups referencing gems to include during installation\.
+A space\-separated list of \fBoptional\fR groups referencing gems to include during installation\.
 .
 .SH "BUILD OPTIONS"
 You can use \fBbundle config\fR to give Bundler the flags to pass to the gem installer every time bundler tries to install a particular gem\.

data/lib/bundler/man/bundle-config.1.ronn

@@ -83,7 +83,7 @@ The options that can be configured are:
    A space-separated list of groups referencing gems to skip during installation.
 
 * `with`:
-  A space-separated list of groups referencing gems to include during installation.
+  A space-separated list of **optional** groups referencing gems to include during installation.
 
 ## BUILD OPTIONS
 

data/lib/bundler/man/bundle-doctor.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-DOCTOR" "1" "December 2021" "" ""
+.TH "BUNDLE\-DOCTOR" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems

data/lib/bundler/man/bundle-exec.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-EXEC" "1" "December 2021" "" ""
+.TH "BUNDLE\-EXEC" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle

data/lib/bundler/man/bundle-gem.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-GEM" "1" "December 2021" "" ""
+.TH "BUNDLE\-GEM" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem

data/lib/bundler/man/bundle-info.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-INFO" "1" "December 2021" "" ""
+.TH "BUNDLE\-INFO" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-info\fR \- Show information for the given gem in your bundle

data/lib/bundler/man/bundle-init.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-INIT" "1" "December 2021" "" ""
+.TH "BUNDLE\-INIT" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-init\fR \- Generates a Gemfile into the current working directory

data/lib/bundler/man/bundle-inject.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-INJECT" "1" "December 2021" "" ""
+.TH "BUNDLE\-INJECT" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile

data/lib/bundler/man/bundle-install.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-INSTALL" "1" "December 2021" "" ""
+.TH "BUNDLE\-INSTALL" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile

data/lib/bundler/man/bundle-list.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-LIST" "1" "December 2021" "" ""
+.TH "BUNDLE\-LIST" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle

data/lib/bundler/man/bundle-lock.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-LOCK" "1" "December 2021" "" ""
+.TH "BUNDLE\-LOCK" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing

data/lib/bundler/man/bundle-open.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-OPEN" "1" "December 2021" "" ""
+.TH "BUNDLE\-OPEN" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle

data/lib/bundler/man/bundle-outdated.1

@@ -1,13 +1,13 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-OUTDATED" "1" "December 2021" "" ""
+.TH "BUNDLE\-OUTDATED" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available
 .
 .SH "SYNOPSIS"
-\fBbundle outdated\fR [GEM] [\-\-local] [\-\-pre] [\-\-source] [\-\-strict] [\-\-parseable | \-\-porcelain] [\-\-group=GROUP] [\-\-groups] [\-\-update\-strict] [\-\-patch|\-\-minor|\-\-major] [\-\-filter\-major] [\-\-filter\-minor] [\-\-filter\-patch] [\-\-only\-explicit]
+\fBbundle outdated\fR [GEM] [\-\-local] [\-\-pre] [\-\-source] [\-\-strict] [\-\-parseable | \-\-porcelain] [\-\-group=GROUP] [\-\-groups] [\-\-patch|\-\-minor|\-\-major] [\-\-filter\-major] [\-\-filter\-minor] [\-\-filter\-patch] [\-\-only\-explicit]
 .
 .SH "DESCRIPTION"
 Outdated lists the names and versions of gems that have a newer version available in the given source\. Calling outdated with [GEM [GEM]] will only check for newer versions of the given gems\. Prerelease gems are ignored by default\. If your gems are up to date, Bundler will exit with a status of 0\. Otherwise, it will exit 1\.
@@ -28,7 +28,7 @@ Check against a specific source\.
 .
 .TP
 \fB\-\-strict\fR
-Only list newer versions allowed by your Gemfile requirements\.
+Only list newer versions allowed by your Gemfile requirements, also respecting conservative update flags (\-\-patch, \-\-minor, \-\-major)\.
 .
 .TP
 \fB\-\-parseable\fR, \fB\-\-porcelain\fR
@@ -43,10 +43,6 @@ List gems from a specific group\.
 List gems organized by groups\.
 .
 .TP
-\fB\-\-update\-strict\fR
-Strict conservative resolution, do not allow any gem to be updated past latest \-\-patch | \-\-minor| \-\-major\.
-.
-.TP
 \fB\-\-minor\fR
 Prefer updating only to next minor version\.
 .
@@ -77,9 +73,6 @@ Only list gems specified in your Gemfile, not their dependencies\.
 .SH "PATCH LEVEL OPTIONS"
 See bundle update(1) \fIbundle\-update\.1\.html\fR for details\.
 .
-.P
-One difference between the patch level options in \fBbundle update\fR and here is the \fB\-\-strict\fR option\. \fB\-\-strict\fR was already an option on outdated before the patch level options were added\. \fB\-\-strict\fR wasn\'t altered, and the \fB\-\-update\-strict\fR option on \fBoutdated\fR reflects what \fB\-\-strict\fR does on \fBbundle update\fR\.
-.
 .SH "FILTERING OUTPUT"
 The 3 filtering options do not affect the resolution of versions, merely what versions are shown in the output\.
 .

data/lib/bundler/man/bundle-outdated.1.ronn

@@ -10,7 +10,6 @@ bundle-outdated(1) -- List installed gems with newer versions available
                         [--parseable | --porcelain]
                         [--group=GROUP]
                         [--groups]
-                        [--update-strict]
                         [--patch|--minor|--major]
                         [--filter-major]
                         [--filter-minor]
@@ -36,7 +35,7 @@ are up to date, Bundler will exit with a status of 0. Otherwise, it will exit 1.
   Check against a specific source.
 
 * `--strict`:
-  Only list newer versions allowed by your Gemfile requirements.
+  Only list newer versions allowed by your Gemfile requirements, also respecting conservative update flags (--patch, --minor, --major).
 
 * `--parseable`, `--porcelain`:
    Use minimal formatting for more parseable output.
@@ -47,9 +46,6 @@ are up to date, Bundler will exit with a status of 0. Otherwise, it will exit 1.
 * `--groups`:
   List gems organized by groups.
 
-* `--update-strict`:
-  Strict conservative resolution, do not allow any gem to be updated past latest --patch | --minor| --major.
-
 * `--minor`:
   Prefer updating only to next minor version.
 
@@ -75,11 +71,6 @@ are up to date, Bundler will exit with a status of 0. Otherwise, it will exit 1.
 
 See [bundle update(1)](bundle-update.1.html) for details.
 
-One difference between the patch level options in `bundle update` and here is the `--strict` option.
-`--strict` was already an option on outdated before the patch level options were added. `--strict`
-wasn't altered, and the `--update-strict` option on `outdated` reflects what `--strict` does on
-`bundle update`.
-
 ## FILTERING OUTPUT
 
 The 3 filtering options do not affect the resolution of versions, merely what versions are shown

data/lib/bundler/man/bundle-platform.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-PLATFORM" "1" "December 2021" "" ""
+.TH "BUNDLE\-PLATFORM" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information

data/lib/bundler/man/bundle-pristine.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-PRISTINE" "1" "December 2021" "" ""
+.TH "BUNDLE\-PRISTINE" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition

data/lib/bundler/man/bundle-remove.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-REMOVE" "1" "December 2021" "" ""
+.TH "BUNDLE\-REMOVE" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile

data/lib/bundler/man/bundle-show.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-SHOW" "1" "December 2021" "" ""
+.TH "BUNDLE\-SHOW" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem

data/lib/bundler/man/bundle-update.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-UPDATE" "1" "December 2021" "" ""
+.TH "BUNDLE\-UPDATE" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions

data/lib/bundler/man/bundle-viz.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE\-VIZ" "1" "December 2021" "" ""
+.TH "BUNDLE\-VIZ" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile

data/lib/bundler/man/bundle.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "BUNDLE" "1" "December 2021" "" ""
+.TH "BUNDLE" "1" "March 2022" "" ""
 .
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management

data/lib/bundler/man/gemfile.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GEMFILE" "5" "December 2021" "" ""
+.TH "GEMFILE" "5" "March 2022" "" ""
 .
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs

data/lib/bundler/plugin/api/source.rb

@@ -308,12 +308,6 @@ module Bundler
           Bundler.root
         end
 
-        # @private
-        # Returns true
-        def bundler_plugin_api_source?
-          true
-        end
-
         # @private
         # This API on source might not be stable, and for now we expect plugins
         # to download all specs in `#specs`, so we implement the method for

data/lib/bundler/rubygems_ext.rb

@@ -4,14 +4,23 @@ require "pathname"
 
 require "rubygems/specification"
 
-# Possible use in Gem::Specification#source below and require
-# shouldn't be deferred.
+# We can't let `Gem::Source` be autoloaded in the `Gem::Specification#source`
+# redefinition below, so we need to load it upfront. The reason is that if
+# Bundler monkeypatches are loaded before RubyGems activates an executable (for
+# example, through `ruby -rbundler -S irb`), gem activation might end up calling
+# the redefined `Gem::Specification#source` and triggering the `Gem::Source`
+# autoload. That would result in requiring "rubygems/source" inside another
+# require, which would trigger a monitor error and cause the `autoload` to
+# eventually fail. A better solution is probably to completely avoid autoloading
+# `Gem::Source` from the redefined `Gem::Specification#source`.
 require "rubygems/source"
 
 require_relative "match_platform"
 
 module Gem
   class Specification
+    include ::Bundler::MatchPlatform
+
     attr_accessor :remote, :location, :relative_loaded_from
 
     remove_method :source
@@ -24,11 +33,7 @@ module Gem
     alias_method :rg_loaded_from,   :loaded_from
 
     def full_gem_path
-      # this cannot check source.is_a?(Bundler::Plugin::API::Source)
-      # because that _could_ trip the autoload, and if there are unresolved
-      # gems at that time, this method could be called inside another require,
-      # thus raising with that constant being undefined. Better to check a method
-      if source.respond_to?(:path) || (source.respond_to?(:bundler_plugin_api_source?) && source.bundler_plugin_api_source?)
+      if source.respond_to?(:root)
         Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap{|x| x.untaint if RUBY_VERSION < "2.7" }
       else
         rg_full_gem_path
@@ -81,6 +86,17 @@ module Gem
       gemfile
     end
 
+    # Backfill missing YAML require when not defined. Fixed since 3.1.0.pre1.
+    module YamlBackfiller
+      def to_yaml(opts = {})
+        Gem.load_yaml unless defined?(::YAML)
+
+        super(opts)
+      end
+    end
+
+    prepend YamlBackfiller
+
     def nondevelopment_dependencies
       dependencies - development_dependencies
     end
@@ -228,9 +244,3 @@ module Gem
     end
   end
 end
-
-module Gem
-  class Specification
-    include ::Bundler::MatchPlatform
-  end
-end

data/lib/bundler/rubygems_integration.rb

@@ -104,18 +104,6 @@ module Bundler
       obj.to_s
     end
 
-    def configuration
-      require_relative "psyched_yaml"
-      Gem.configuration
-    rescue Gem::SystemExitException, LoadError => e
-      Bundler.ui.error "#{e.class}: #{e.message}"
-      Bundler.ui.trace e
-      raise
-    rescue ::Psych::SyntaxError => e
-      raise YamlSyntaxError.new(e, "Your RubyGems configuration, which is " \
-        "usually located in ~/.gemrc, contains invalid YAML syntax.")
-    end
-
     def ruby_engine
       Gem.ruby_engine
     end
@@ -217,7 +205,7 @@ module Bundler
 
     def spec_from_gem(path, policy = nil)
       require "rubygems/security"
-      require_relative "psyched_yaml"
+      require "psych"
       gem_from_path(path, security_policies[policy]).spec
     rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
       if e.is_a?(Gem::Security::Exception) ||
@@ -522,7 +510,7 @@ module Bundler
 
     def gem_remote_fetcher
       require "rubygems/remote_fetcher"
-      proxy = configuration[:http_proxy]
+      proxy = Gem.configuration[:http_proxy]
       Gem::RemoteFetcher.new(proxy)
     end
 

data/lib/bundler/settings.rb

@@ -367,7 +367,7 @@ module Bundler
 
     def to_array(value)
       return [] unless value
-      value.split(":").map(&:to_sym)
+      value.tr(" ", ":").split(":").map(&:to_sym)
     end
 
     def array_to_s(array)

data/lib/bundler/shared_helpers.rb

@@ -141,7 +141,7 @@ module Bundler
       end
       return unless multiple_gemfiles
       message = "Multiple gemfiles (gems.rb and Gemfile) detected. " \
-                "Make sure you remove Gemfile and Gemfile.lock since bundler is ignoring them in favor of gems.rb and gems.rb.locked."
+                "Make sure you remove Gemfile and Gemfile.lock since bundler is ignoring them in favor of gems.rb and gems.locked."
       Bundler.ui.warn message
     end
 

data/lib/bundler/source_map.rb

@@ -2,11 +2,12 @@
 
 module Bundler
   class SourceMap
-    attr_reader :sources, :dependencies
+    attr_reader :sources, :dependencies, :locked_specs
 
-    def initialize(sources, dependencies)
+    def initialize(sources, dependencies, locked_specs)
       @sources = sources
       @dependencies = dependencies
+      @locked_specs = locked_specs
     end
 
     def pinned_spec_names(skip = nil)
@@ -54,5 +55,17 @@ module Bundler
         requirements
       end
     end
+
+    def locked_requirements
+      @locked_requirements ||= begin
+        requirements = {}
+        locked_specs.each do |locked_spec|
+          source = locked_spec.source
+          source.add_dependency_names(locked_spec.name)
+          requirements[locked_spec.name] = source
+        end
+        requirements
+      end
+    end
   end
 end

data/lib/bundler/templates/newgem/README.md.tt

@@ -6,17 +6,11 @@ TODO: Delete this and the text above, and describe your gem
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Install the gem and add to the application's Gemfile by executing:
 
-```ruby
-gem '<%= config[:name] %>'
-```
+    $ bundle add <%= config[:name] %>
 
-And then execute:
-
-    $ bundle install
-
-Or install it yourself as:
+If bundler is not being used to manage dependencies, install the gem by executing:
 
     $ gem install <%= config[:name] %>
 

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.3.6".freeze
+  VERSION = "2.3.9".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler.rb

@@ -654,7 +654,7 @@ EOF
     private
 
     def eval_yaml_gemspec(path, contents)
-      require_relative "bundler/psyched_yaml"
+      Kernel.require "psych"
 
       Gem::Specification.from_yaml(contents)
     rescue ::Psych::SyntaxError, ArgumentError, Gem::EndOfYAMLException, Gem::Exception

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.3.6
+  version: 2.3.9
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-01-26 00:00:00.000000000 Z
+date: 2022-03-09 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -178,7 +178,6 @@ files:
 - lib/bundler/plugin/installer/rubygems.rb
 - lib/bundler/plugin/source_list.rb
 - lib/bundler/process_lock.rb
-- lib/bundler/psyched_yaml.rb
 - lib/bundler/remote_specification.rb
 - lib/bundler/resolver.rb
 - lib/bundler/resolver/spec_group.rb
@@ -370,7 +369,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.2
 requirements: []
-rubygems_version: 3.3.6
+rubygems_version: 3.3.9
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies

data/lib/bundler/psyched_yaml.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-begin
-  require "psych"
-rescue LoadError
-  # Apparently Psych wasn't available. Oh well.
-end
-
-# At least load the YAML stdlib, whatever that may be
-require "yaml" unless defined?(YAML.dump)