bundler 2.5.16 → 2.5.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 736fcd6d7bb9c8f0aaa8187d662846d4a17dc827b580d7912350e1e11f7b8c2a
-  data.tar.gz: 793b6ad42430c89e42202dc735637373f7e7e780e286c63ca603e05712cd4bc1
+  metadata.gz: 5385db419c628f24a112828aaa2154b615e4654418efcd0ca7429b15bf3849e5
+  data.tar.gz: f8854df0d8ba8b5b93b0f2984d0f640a8582cae6aca768fbd1a71d9652ac4b78
 SHA512:
-  metadata.gz: 9246f1b4a399b0f70fc9309365922cd4759dab87cce71f1048c36c50ec5ebc2563c5942c72bf9815a1b9fe13656d3e59b9fd1b490b1f8e32db8f24769b5bdd02
-  data.tar.gz: d18554604463d8c50739086ee2c9587ca13d44fc24171ed8f4e4759be9a8f71902026a942cf7dcc6ecec74943f6b2c901d71c5455a152a21d5c304ccec87f70d
+  metadata.gz: 0aea6d055bd4fab23aa27f322af55f1b021155d80a0352e40d7025e99006ee88843db327ed7bab1e2210d3c065bf201e11cc31a9fa46075e6abf2b67f85b6821
+  data.tar.gz: 041fcf5abd1f69f26fdf3f11eb4fced176c30ac3f0dbfb47df1c40d5308dacc9179ae32438737db6a5d9300a20b0f6bc4122c0fb762ee83b442144f969c328e4

data/CHANGELOG.md

@@ -1,3 +1,37 @@
+# 2.5.18 (August 26, 2024)
+
+## Enhancements:
+
+  - Don't remove existing platform gems when PLATFORMS section is badly indented [#7916](https://github.com/rubygems/rubygems/pull/7916)
+
+## Bug fixes:
+
+  - Fix error message when Bundler refuses to install due to frozen being set without a lockfile [#7955](https://github.com/rubygems/rubygems/pull/7955)
+  - Fix several issues with the `--prefer-local` flag [#7951](https://github.com/rubygems/rubygems/pull/7951)
+  - Restore support for passing relative paths to `git:` sources [#7950](https://github.com/rubygems/rubygems/pull/7950)
+  - Regenerate previous git application caches that didn't include bare repos [#7926](https://github.com/rubygems/rubygems/pull/7926)
+  - Fix `bundle update <indirect_dep>` failing to upgrade when versions present in two different sources [#7915](https://github.com/rubygems/rubygems/pull/7915)
+
+## Documentation:
+
+  - Change new gem README template to have copyable code blocks [#7935](https://github.com/rubygems/rubygems/pull/7935)
+
+# 2.5.17 (August 1, 2024)
+
+## Enhancements:
+
+  - Print better log message when current platform is not present in the lockfile [#7891](https://github.com/rubygems/rubygems/pull/7891)
+  - Explicitly encode `Gem::Dependency` to yaml [#7867](https://github.com/rubygems/rubygems/pull/7867)
+  - Enable lockfile checksums on future Bundler 3 when there's no previous lockfile [#7805](https://github.com/rubygems/rubygems/pull/7805)
+
+## Bug fixes:
+
+  - Fix truffleruby removing gems from lockfile [#7795](https://github.com/rubygems/rubygems/pull/7795)
+  - Fix `bundle check` exit code when gem git source is not checked out [#7894](https://github.com/rubygems/rubygems/pull/7894)
+  - Generate gems.rb from Gemfile.tt template for `bundle-gem` [#7853](https://github.com/rubygems/rubygems/pull/7853)
+  - Fix git source cache being used as the install location [#4469](https://github.com/rubygems/rubygems/pull/4469)
+  - Fix `bundle exec gem uninstall` [#7886](https://github.com/rubygems/rubygems/pull/7886)
+
 # 2.5.16 (July 18, 2024)
 
 ## Bug fixes:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-07-18".freeze
-    @git_commit_sha = "f49d3d48c9".freeze
+    @built_at = "2024-08-26".freeze
+    @git_commit_sha = "c218aab519".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/check.rb

@@ -17,7 +17,7 @@ module Bundler
       begin
         definition.resolve_only_locally!
         not_installed = definition.missing_specs
-      rescue GemNotFound, SolveFailure
+      rescue GemNotFound, GitError, SolveFailure
         Bundler.ui.error "Bundler can't satisfy your Gemfile's dependencies."
         Bundler.ui.warn "Install missing gems with `bundle install`."
         exit 1

data/lib/bundler/cli/gem.rb

@@ -79,7 +79,7 @@ module Bundler
       ensure_safe_gem_name(name, constant_array)
 
       templates = {
-        "#{Bundler.preferred_gemfile_name}.tt" => Bundler.preferred_gemfile_name,
+        "Gemfile.tt" => Bundler.preferred_gemfile_name,
         "lib/newgem.rb.tt" => "lib/#{namespaced_path}.rb",
         "lib/newgem/version.rb.tt" => "lib/#{namespaced_path}/version.rb",
         "sig/newgem.rbs.tt" => "sig/#{namespaced_path}.rbs",

data/lib/bundler/cli/install.rb

@@ -25,9 +25,10 @@ module Bundler
 
       if options[:deployment] || options[:frozen] || Bundler.frozen_bundle?
         unless Bundler.default_lockfile.exist?
-          flag   = "--deployment flag" if options[:deployment]
-          flag ||= "--frozen flag"     if options[:frozen]
-          flag ||= "deployment setting"
+          flag = "--deployment flag" if options[:deployment]
+          flag ||= "--frozen flag" if options[:frozen]
+          flag ||= "deployment setting" if Bundler.settings[:deployment]
+          flag ||= "frozen setting" if Bundler.settings[:frozen]
           raise ProductionError, "The #{flag} requires a lockfile. Please make " \
                                  "sure you have checked your #{SharedHelpers.relative_lockfile_path} into version control " \
                                  "before deploying."

data/lib/bundler/cli.rb

@@ -110,8 +110,8 @@ module Bundler
     default_task(Bundler.feature_flag.default_cli_command)
 
     class_option "no-color", type: :boolean, desc: "Disable colorization in output"
-    class_option "retry",    type: :numeric, aliases: "-r", banner: "NUM",
-                             desc: "Specify the number of times you wish to attempt network commands"
+    class_option "retry", type: :numeric, aliases: "-r", banner: "NUM",
+                          desc: "Specify the number of times you wish to attempt network commands"
     class_option "verbose", type: :boolean, desc: "Enable verbose output mode", aliases: "-V"
 
     def help(cli = nil)
@@ -260,15 +260,15 @@ module Bundler
     method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
     method_option "group", aliases: "-g", type: :array, banner: "Update a specific group"
     method_option "jobs", aliases: "-j", type: :numeric, banner: "Specify the number of jobs to run in parallel"
-    method_option "local", type: :boolean, banner:       "Do not attempt to fetch gems remotely and use the gem cache instead"
-    method_option "quiet", type: :boolean, banner:       "Only output warnings and errors."
+    method_option "local", type: :boolean, banner: "Do not attempt to fetch gems remotely and use the gem cache instead"
+    method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
     method_option "source", type: :array, banner: "Update a specific source (and all gems associated with it)"
     method_option "redownload", type: :boolean, aliases: "--force", banner: "Force downloading every gem."
     method_option "ruby", type: :boolean, banner: "Update ruby specified in Gemfile.lock"
     method_option "bundler", type: :string, lazy_default: "> 0.a", banner: "Update the locked version of bundler"
-    method_option "patch", type: :boolean, banner:       "Prefer updating only to next patch version"
-    method_option "minor", type: :boolean, banner:       "Prefer updating only to next minor version"
-    method_option "major", type: :boolean, banner:       "Prefer updating to next major version (default)"
+    method_option "patch", type: :boolean, banner: "Prefer updating only to next patch version"
+    method_option "minor", type: :boolean, banner: "Prefer updating only to next minor version"
+    method_option "major", type: :boolean, banner: "Prefer updating to next major version (default)"
     method_option "pre", type: :boolean, banner: "Always choose the highest allowed version when updating gems, regardless of prerelease status"
     method_option "strict", type: :boolean, banner: "Do not allow any gem to be updated past latest --patch | --minor | --major"
     method_option "conservative", type: :boolean, banner: "Use bundle install conservative update behavior and do not allow shared dependencies to be updated."
@@ -397,11 +397,11 @@ module Bundler
     end
 
     desc "cache [OPTIONS]", "Locks and then caches all of the gems into vendor/cache"
-    method_option "all",  type: :boolean,
-                          default: Bundler.feature_flag.cache_all?,
-                          banner: "Include all sources (including path and git)."
+    method_option "all", type: :boolean,
+                         default: Bundler.feature_flag.cache_all?,
+                         banner: "Include all sources (including path and git)."
     method_option "all-platforms", type: :boolean, banner: "Include gems for all platforms present in the lockfile, not only the current one"
-    method_option "cache-path", type: :string, banner:       "Specify a different cache path than the default (vendor/cache)."
+    method_option "cache-path", type: :string, banner: "Specify a different cache path than the default (vendor/cache)."
     method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
     method_option "no-install", type: :boolean, banner: "Don't install the gems, only update the cache."
     method_option "no-prune", type: :boolean, banner: "Don't remove stale gems from the cache."
@@ -605,7 +605,7 @@ module Bundler
     end
 
     desc "inject GEM VERSION", "Add the named gem, with version requirements, to the resolved Gemfile", hide: true
-    method_option "source", type: :string, banner:      "Install gem from the given source"
+    method_option "source", type: :string, banner: "Install gem from the given source"
     method_option "group", type: :string, banner: "Install gem into a bundler group"
     def inject(name, version)
       SharedHelpers.major_deprecation 2, "The `inject` command has been replaced by the `add` command"
@@ -615,16 +615,16 @@ module Bundler
 
     desc "lock", "Creates a lockfile without installing"
     method_option "update", type: :array, lazy_default: true, banner: "ignore the existing lockfile, update all gems by default, or update list of given gems"
-    method_option "local", type: :boolean, default: false, banner:       "do not attempt to fetch remote gemspecs and use the local gem cache only"
-    method_option "print", type: :boolean, default: false, banner:       "print the lockfile to STDOUT instead of writing to the file system"
+    method_option "local", type: :boolean, default: false, banner: "do not attempt to fetch remote gemspecs and use the local gem cache only"
+    method_option "print", type: :boolean, default: false, banner: "print the lockfile to STDOUT instead of writing to the file system"
     method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
     method_option "lockfile", type: :string, default: nil, banner: "the path the lockfile should be written to"
     method_option "full-index", type: :boolean, default: false, banner: "Fall back to using the single-file index of all gems"
     method_option "add-platform", type: :array, default: [], banner: "Add a new platform to the lockfile"
-    method_option "remove-platform", type: :array, default: [], banner:       "Remove a platform from the lockfile"
-    method_option "patch", type: :boolean, banner:       "If updating, prefer updating only to next patch version"
-    method_option "minor", type: :boolean, banner:       "If updating, prefer updating only to next minor version"
-    method_option "major", type: :boolean, banner:       "If updating, prefer updating to next major version (default)"
+    method_option "remove-platform", type: :array, default: [], banner: "Remove a platform from the lockfile"
+    method_option "patch", type: :boolean, banner: "If updating, prefer updating only to next patch version"
+    method_option "minor", type: :boolean, banner: "If updating, prefer updating only to next minor version"
+    method_option "major", type: :boolean, banner: "If updating, prefer updating to next major version (default)"
     method_option "pre", type: :boolean, banner: "If updating, always choose the highest allowed version, regardless of prerelease status"
     method_option "strict", type: :boolean, banner: "If updating, do not allow any gem to be updated past latest --patch | --minor | --major"
     method_option "conservative", type: :boolean, banner: "If updating, use bundle install conservative update behavior and do not allow shared dependencies to be updated"

data/lib/bundler/definition.rb

@@ -115,7 +115,7 @@ module Bundler
         @originally_locked_specs = @locked_specs
         @locked_sources = []
         @locked_platforms = []
-        @locked_checksums = nil
+        @locked_checksums = Bundler.feature_flag.bundler_3_mode?
       end
 
       locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@@ -137,7 +137,7 @@ module Bundler
       end
       @unlocking ||= @unlock[:ruby] ||= (!@locked_ruby_version ^ !@ruby_version)
 
-      add_current_platform unless Bundler.frozen_bundle?
+      @current_platform_missing = add_current_platform unless Bundler.frozen_bundle?
 
       converge_path_sources_to_gemspec_sources
       @path_changes = converge_paths
@@ -214,6 +214,7 @@ module Bundler
       @resolve = nil
       @resolver = nil
       @resolution_packages = nil
+      @source_requirements = nil
       @specs = nil
 
       Bundler.ui.debug "The definition is missing dependencies, failed to resolve & materialize locally (#{e})"
@@ -476,14 +477,12 @@ module Bundler
       end
     end
 
-    attr_reader :sources
-    private :sources
-
     def nothing_changed?
       return false unless lockfile_exists?
 
       !@source_changes &&
         !@dependency_changes &&
+        !@current_platform_missing &&
         @new_platforms.empty? &&
         !@path_changes &&
         !@local_changes &&
@@ -501,8 +500,12 @@ module Bundler
       @unlocking
     end
 
+    attr_writer :source_requirements
+
     private
 
+    attr_reader :sources
+
     def should_add_extra_platforms?
       !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
     end
@@ -568,7 +571,7 @@ module Bundler
       @resolution_packages ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?)
+        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local)
         packages = additional_base_requirements_to_prevent_downgrades(packages, last_resolve)
         packages = additional_base_requirements_to_force_updates(packages)
         packages
@@ -629,6 +632,7 @@ module Bundler
     def start_resolution
       local_platform_needed_for_resolvability = @most_specific_non_local_locked_ruby_platform && !@platforms.include?(local_platform)
       @platforms << local_platform if local_platform_needed_for_resolvability
+      add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
 
       result = SpecSet.new(resolver.start)
 
@@ -651,19 +655,6 @@ module Bundler
       sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
     end
 
-    def pin_locally_available_names(source_requirements)
-      source_requirements.each_with_object({}) do |(name, original_source), new_source_requirements|
-        local_source = original_source.dup
-        local_source.local_only!
-
-        new_source_requirements[name] = if local_source.specs.search(name).any?
-          local_source
-        else
-          original_source
-        end
-      end
-    end
-
     def current_platform_locked?
       @platforms.any? do |bundle_platform|
         MatchPlatform.platforms_match?(bundle_platform, local_platform)
@@ -671,19 +662,19 @@ module Bundler
     end
 
     def add_current_platform
-      @most_specific_non_local_locked_ruby_platform = find_most_specific_non_local_locked_ruby_platform
+      return if @platforms.include?(local_platform)
+
+      @most_specific_non_local_locked_ruby_platform = find_most_specific_locked_ruby_platform
       return if @most_specific_non_local_locked_ruby_platform
 
-      add_platform(local_platform)
+      @platforms << local_platform
+      true
     end
 
-    def find_most_specific_non_local_locked_ruby_platform
+    def find_most_specific_locked_ruby_platform
       return unless generic_local_platform_is_ruby? && current_platform_locked?
 
-      most_specific_locked_ruby_platform = most_specific_locked_platform
-      return unless most_specific_locked_ruby_platform != local_platform
-
-      most_specific_locked_ruby_platform
+      most_specific_locked_platform
     end
 
     def change_reason
@@ -705,6 +696,7 @@ module Bundler
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
+        [@current_platform_missing, "your lockfile does not include the current platform"],
         [@new_platforms.any?, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
@@ -969,12 +961,15 @@ module Bundler
     end
 
     def source_requirements
+      @source_requirements ||= find_source_requirements
+    end
+
+    def find_source_requirements
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
         all_requirements = source_map.all_requirements
-        all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
         { default: default_source }.merge(all_requirements)
       else
         { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
@@ -1050,6 +1045,7 @@ module Bundler
 
     def dup_for_full_unlock
       unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
+      unlocked_definition.source_requirements = source_requirements
       unlocked_definition.gem_version_promoter.tap do |gvp|
         gvp.level = gem_version_promoter.level
         gvp.strict = gem_version_promoter.strict

data/lib/bundler/force_platform.rb

@@ -2,8 +2,6 @@
 
 module Bundler
   module ForcePlatform
-    private
-
     # The `:force_ruby_platform` value used by dependencies for resolution, and
     # by locked specifications for materialization is `false` by default, except
     # for TruffleRuby. TruffleRuby generally needs to force the RUBY platform

data/lib/bundler/lockfile_parser.rb

@@ -272,7 +272,7 @@ module Bundler
     end
 
     def parse_platform(line)
-      @platforms << Gem::Platform.new($1) if line =~ /^  (.*)$/
+      @platforms << Gem::Platform.new($1.strip) if line =~ /^  (.*)$/
     end
 
     def parse_bundled_with(line)

data/lib/bundler/plugin/api/source.rb

@@ -196,6 +196,7 @@ module Bundler
 
           FileUtils.rm_rf(new_cache_path)
           FileUtils.cp_r(install_path, new_cache_path)
+          FileUtils.rm_rf(app_cache_path.join(".git"))
           FileUtils.touch(app_cache_path.join(".bundlecache"))
         end
 

data/lib/bundler/resolver/base.rb

@@ -72,6 +72,12 @@ module Bundler
         end
       end
 
+      def include_remote_specs(names)
+        names.each do |name|
+          get_package(name).consider_remote_versions!
+        end
+      end
+
       private
 
       def indirect_pins(names)

data/lib/bundler/resolver/package.rb

@@ -15,7 +15,7 @@ module Bundler
     class Package
       attr_reader :name, :platforms, :dependency, :locked_version
 
-      def initialize(name, platforms, locked_specs:, unlock:, prerelease: false, dependency: nil)
+      def initialize(name, platforms, locked_specs:, unlock:, prerelease: false, prefer_local: false, dependency: nil)
         @name = name
         @platforms = platforms
         @locked_version = locked_specs[name].first&.version
@@ -23,6 +23,7 @@ module Bundler
         @dependency = dependency || Dependency.new(name, @locked_version)
         @top_level = !dependency.nil?
         @prerelease = @dependency.prerelease? || @locked_version&.prerelease? || prerelease ? :consider_first : :ignore
+        @prefer_local = prefer_local
       end
 
       def platform_specs(specs)
@@ -69,6 +70,14 @@ module Bundler
         @prerelease = :consider_last
       end
 
+      def prefer_local?
+        @prefer_local
+      end
+
+      def consider_remote_versions!
+        @prefer_local = false
+      end
+
       def force_ruby_platform?
         @dependency.force_ruby_platform
       end

data/lib/bundler/resolver.rb

@@ -84,9 +84,9 @@ module Bundler
     rescue PubGrub::SolveFailure => e
       incompatibility = e.incompatibility
 
-      names_to_unlock, names_to_allow_prereleases_for, extended_explanation = find_names_to_relax(incompatibility)
+      names_to_unlock, names_to_allow_prereleases_for, names_to_allow_remote_specs_for, extended_explanation = find_names_to_relax(incompatibility)
 
-      names_to_relax = names_to_unlock + names_to_allow_prereleases_for
+      names_to_relax = names_to_unlock + names_to_allow_prereleases_for + names_to_allow_remote_specs_for
 
       if names_to_relax.any?
         if names_to_unlock.any?
@@ -96,11 +96,17 @@ module Bundler
         end
 
         if names_to_allow_prereleases_for.any?
-          Bundler.ui.debug "Found conflicts with dependencies with prereleases. Will retrying considering prereleases for #{names_to_allow_prereleases_for.join(", ")}...", true
+          Bundler.ui.debug "Found conflicts with dependencies with prereleases. Will retry considering prereleases for #{names_to_allow_prereleases_for.join(", ")}...", true
 
           @base.include_prereleases(names_to_allow_prereleases_for)
         end
 
+        if names_to_allow_remote_specs_for.any?
+          Bundler.ui.debug "Found conflicts with local versions of #{names_to_allow_remote_specs_for.join(", ")}. Will retry considering remote versions...", true
+
+          @base.include_remote_specs(names_to_allow_remote_specs_for)
+        end
+
         root, logger = setup_solver
 
         Bundler.ui.debug "Retrying resolution...", true
@@ -120,6 +126,7 @@ module Bundler
     def find_names_to_relax(incompatibility)
       names_to_unlock = []
       names_to_allow_prereleases_for = []
+      names_to_allow_remote_specs_for = []
       extended_explanation = nil
 
       while incompatibility.conflict?
@@ -134,6 +141,8 @@ module Bundler
             names_to_unlock << name
           elsif package.ignores_prereleases? && @all_specs[name].any? {|s| s.version.prerelease? }
             names_to_allow_prereleases_for << name
+          elsif package.prefer_local? && @all_specs[name].any? {|s| !s.is_a?(StubSpecification) }
+            names_to_allow_remote_specs_for << name
           end
 
           no_versions_incompat = [cause.incompatibility, cause.satisfier].find {|incompat| incompat.cause.is_a?(PubGrub::Incompatibility::NoVersions) }
@@ -143,7 +152,7 @@ module Bundler
         end
       end
 
-      [names_to_unlock.uniq, names_to_allow_prereleases_for.uniq, extended_explanation]
+      [names_to_unlock.uniq, names_to_allow_prereleases_for.uniq, names_to_allow_remote_specs_for.uniq, extended_explanation]
     end
 
     def parse_dependency(package, dependency)
@@ -244,7 +253,7 @@ module Bundler
 
     def all_versions_for(package)
       name = package.name
-      results = (@base[name] + filter_prereleases(@all_specs[name], package)).uniq {|spec| [spec.version.hash, spec.platform] }
+      results = (@base[name] + filter_specs(@all_specs[name], package)).uniq {|spec| [spec.version.hash, spec.platform] }
 
       if name == "bundler" && !bundler_pinned_to_current_version?
         bundler_spec = Gem.loaded_specs["bundler"]
@@ -368,12 +377,22 @@ module Bundler
       end
     end
 
+    def filter_specs(specs, package)
+      filter_remote_specs(filter_prereleases(specs, package), package)
+    end
+
     def filter_prereleases(specs, package)
       return specs unless package.ignores_prereleases? && specs.size > 1
 
       specs.reject {|s| s.version.prerelease? }
     end
 
+    def filter_remote_specs(specs, package)
+      return specs unless package.prefer_local?
+
+      specs.select {|s| s.is_a?(StubSpecification) }
+    end
+
     # Ignore versions that depend on themselves incorrectly
     def filter_invalid_self_dependencies(specs, name)
       specs.reject do |s|
@@ -405,10 +424,13 @@ module Bundler
 
         dep_range = dep_constraint.range
         versions = select_sorted_versions(dep_package, dep_range)
-        if versions.empty? && dep_package.ignores_prereleases?
-          @all_versions.delete(dep_package)
-          @sorted_versions.delete(dep_package)
-          dep_package.consider_prereleases!
+        if versions.empty?
+          if dep_package.ignores_prereleases? || dep_package.prefer_local?
+            @all_versions.delete(dep_package)
+            @sorted_versions.delete(dep_package)
+          end
+          dep_package.consider_prereleases! if dep_package.ignores_prereleases?
+          dep_package.consider_remote_versions! if dep_package.prefer_local?
           versions = select_sorted_versions(dep_package, dep_range)
         end
 

data/lib/bundler/rubygems_ext.rb

@@ -237,26 +237,20 @@ module Gem
 
     include ::Bundler::ForcePlatform
 
+    attr_reader :force_ruby_platform
+
     attr_accessor :source, :groups
 
     alias_method :eql?, :==
 
-    def force_ruby_platform
-      return @force_ruby_platform if defined?(@force_ruby_platform) && !@force_ruby_platform.nil?
-
-      @force_ruby_platform = default_force_ruby_platform
-    end
-
-    def encode_with(coder)
-      to_yaml_properties.each do |ivar|
-        coder[ivar.to_s.sub(/^@/, "")] = instance_variable_get(ivar)
+    unless method_defined?(:encode_with, false)
+      def encode_with(coder)
+        [:@name, :@requirement, :@type, :@prerelease, :@version_requirements].each do |ivar|
+          coder[ivar.to_s.sub(/^@/, "")] = instance_variable_get(ivar)
+        end
       end
     end
 
-    def to_yaml_properties
-      instance_variables.reject {|p| ["@source", "@groups"].include?(p.to_s) }
-    end
-
     def to_lock
       out = String.new("  #{name}")
       unless requirement.none?

data/lib/bundler/runtime.rb

@@ -128,11 +128,6 @@ module Bundler
         spec.source.cache(spec, custom_path) if spec.source.respond_to?(:cache)
       end
 
-      Dir[cache_path.join("*/.git")].each do |git_dir|
-        FileUtils.rm_rf(git_dir)
-        FileUtils.touch(File.expand_path("../.bundlecache", git_dir))
-      end
-
       prune_cache(cache_path) unless Bundler.settings[:no_prune]
     end
 

data/lib/bundler/source/git/git_proxy.rb

@@ -84,6 +84,10 @@ module Bundler
           end
         end
 
+        def not_a_bare_repository?
+          git_local("rev-parse", "--is-bare-repository", dir: path).strip == "false"
+        end
+
         def contains?(commit)
           allowed_with_path do
             result, status = git_null("branch", "--contains", commit, dir: path)
@@ -332,8 +336,6 @@ module Bundler
             config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
             remote.userinfo ||= config_auth
             remote.to_s
-          elsif File.exist?(uri)
-            "file://#{uri}"
           else
             uri.to_s
           end

data/lib/bundler/source/git.rb

@@ -164,7 +164,8 @@ module Bundler
             "does not exist. Run `bundle config unset local.#{override_for(original_path)}` to remove the local override"
         end
 
-        set_local!(path)
+        @local = true
+        set_paths!(path)
 
         # Create a new git proxy without the cached revision
         # so the Gemfile.lock always picks up the new revision.
@@ -187,13 +188,13 @@ module Bundler
       end
 
       def specs(*)
-        set_local!(app_cache_path) if has_app_cache? && !local?
+        set_cache_path!(app_cache_path) if use_app_cache?
 
         if requires_checkout? && !@copied
+          FileUtils.rm_rf(app_cache_path) if use_app_cache? && git_proxy.not_a_bare_repository?
+
           fetch
-          git_proxy.copy_to(install_path, submodules)
-          serialize_gemspecs_in(install_path)
-          @copied = true
+          checkout
         end
 
         local_specs
@@ -206,10 +207,7 @@ module Bundler
         print_using_message "Using #{version_message(spec, options[:previous_spec])} from #{self}"
 
         if (requires_checkout? && !@copied) || force
-          Bundler.ui.debug "  * Checking out revision: #{ref}"
-          git_proxy.copy_to(install_path, submodules)
-          serialize_gemspecs_in(install_path)
-          @copied = true
+          checkout
         end
 
         generate_bin_options = { disable_extensions: !Bundler.rubygems.spec_missing_extensions?(spec), build_args: options[:build_args] }
@@ -221,12 +219,13 @@ module Bundler
       def cache(spec, custom_path = nil)
         app_cache_path = app_cache_path(custom_path)
         return unless Bundler.feature_flag.cache_all?
-        return if path == app_cache_path
+        return if install_path == app_cache_path
+        return if cache_path == app_cache_path
         cached!
         FileUtils.rm_rf(app_cache_path)
         git_proxy.checkout if requires_checkout?
-        git_proxy.copy_to(app_cache_path, @submodules)
-        serialize_gemspecs_in(app_cache_path)
+        FileUtils.cp_r("#{cache_path}/.", app_cache_path)
+        FileUtils.touch(app_cache_path.join(".bundlecache"))
       end
 
       def load_spec_files
@@ -270,6 +269,13 @@ module Bundler
 
       private
 
+      def checkout
+        Bundler.ui.debug "  * Checking out revision: #{ref}"
+        git_proxy.copy_to(install_path, submodules)
+        serialize_gemspecs_in(install_path)
+        @copied = true
+      end
+
       def humanized_ref
         if local?
           path
@@ -298,16 +304,29 @@ module Bundler
         end
       end
 
-      def set_local!(path)
-        @local       = true
-        @local_specs = @git_proxy = nil
-        @cache_path  = @install_path = path
+      def set_paths!(path)
+        set_cache_path!(path)
+        set_install_path!(path)
+      end
+
+      def set_cache_path!(path)
+        @git_proxy = nil
+        @cache_path = path
+      end
+
+      def set_install_path!(path)
+        @local_specs = nil
+        @install_path = path
       end
 
       def has_app_cache?
         cached_revision && super
       end
 
+      def use_app_cache?
+        has_app_cache? && !local?
+      end
+
       def requires_checkout?
         allow_git_ops? && !local? && !cached_revision_checked_out?
       end

data/lib/bundler/spec_set.rb

@@ -94,7 +94,7 @@ module Bundler
     end
 
     def delete(specs)
-      specs.each {|spec| @specs.delete(spec) }
+      Array(specs).each {|spec| @specs.delete(spec) }
 
       reset!
     end
@@ -280,7 +280,7 @@ module Bundler
       if platform
         GemHelpers.select_best_platform_match(specs_for_name, platform, force_ruby: dep.force_ruby_platform)
       else
-        GemHelpers.select_best_local_platform_match(specs_for_name, force_ruby: dep.force_ruby_platform)
+        GemHelpers.select_best_local_platform_match(specs_for_name, force_ruby: dep.force_ruby_platform || dep.default_force_ruby_platform)
       end
     end
 

data/lib/bundler/templates/newgem/README.md.tt

@@ -10,11 +10,15 @@ TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_O
 
 Install the gem and add to the application's Gemfile by executing:
 
-    $ bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```bash
+bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
 
 If bundler is not being used to manage dependencies, install the gem by executing:
 
-    $ gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```bash
+gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```
 
 ## Usage
 

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.16".freeze
+  VERSION = "2.5.18".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler/yaml_serializer.rb

@@ -41,7 +41,7 @@ module Bundler
     HASH_REGEX = /
       ^
       ([ ]*) # indentations
-      (.+) # key
+      ([^#]+) # key excludes comment char '#'
       (?::(?=(?:\s|$))) # :  (without the lookahead the #key includes this when : is present in value)
       [ ]?
       (['"]?) # optional opening quote

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.16
+  version: 2.5.18
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-18 00:00:00.000000000 Z
+date: 2024-08-26 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -400,7 +400,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.18
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies