bundler 2.5.4 → 2.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d1486cdeb45a181fff50c3940e818b84c05507d4e29bfe7b0843b6dc15be6213
-  data.tar.gz: 111e63453cbc876227f8e702d6c3921bff91707c8705a56c89b78fed7963f618
+  metadata.gz: 39c97ec41b023928932bc15dd7a27d7d6c44a1081d8d8a8d929323acc7923516
+  data.tar.gz: fcee9b11554764b4b762fbeff5be2afa1747bb00522f76a8f2ed8910af6140ba
 SHA512:
-  metadata.gz: e5e225950c1192971b49fedab22bd2d1703609df034f0fe3a6f71685f864947ea4583c5e6301ebffd0accc8567232d90da9926b532f1729e20db08c94394406c
-  data.tar.gz: dab198d801aef8569466dffbfbafe9bdc0fd781ae6ba610a2be13915b85ea2a40984e90d30bc5635a3a3a786a3d78c50672088e8fd8d5094b2058bf975f292c1
+  metadata.gz: 3f0e03b892ab04ffbbe98dc64a8edf39976e9f06f7e3c3f0d023760de2c10335975dd6658081fe9f6daf259f19e84bb829196f9387c3037ddd3fea9fdb865c80
+  data.tar.gz: c483f1305486133a2a0845c4ad13de99baf81b456d88d0e899726db2d1257c445625aeb3f4b32a4b6717f42da23858336284ffecc5fd9ce9a15a6ca797349c75

data/CHANGELOG.md

@@ -1,4 +1,30 @@
-# 2.5.4 (January 3, 2024)
+# 2.5.6 (February 6, 2024)
+
+## Deprecations:
+
+  - Refactor lockfile generation and deprecate `Definition#lock` with explicit lockfile [#7047](https://github.com/rubygems/rubygems/pull/7047)
+
+## Enhancements:
+
+  - Bump `required_ruby_version` to be used in `bundle gem` template [#7430](https://github.com/rubygems/rubygems/pull/7430)
+
+## Bug fixes:
+
+  - Fix musl platform not being added to the lockfile [#7441](https://github.com/rubygems/rubygems/pull/7441)
+  - Let `Bundler.with_original_env` properly restore env variables originally empty [#7383](https://github.com/rubygems/rubygems/pull/7383)
+
+# 2.5.5 (January 18, 2024)
+
+## Bug fixes:
+
+  - Fix development dependency not being added if introduced by two gemspecs [#7358](https://github.com/rubygems/rubygems/pull/7358)
+  - Fix ETag quoting regression in If-None-Match header of compact index request [#7352](https://github.com/rubygems/rubygems/pull/7352)
+
+## Documentation:
+
+  - Refer to underscores as underscores [#7364](https://github.com/rubygems/rubygems/pull/7364)
+
+# 2.5.4 (January 4, 2024)
 
 ## Bug fixes:
 

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-01-04".freeze
-    @git_commit_sha = "7ffda9ba9b".freeze
+    @built_at = "2024-02-06".freeze
+    @git_commit_sha = "7ac045dcaa".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/gem.rb

@@ -437,7 +437,7 @@ module Bundler
     end
 
     def required_ruby_version
-      "2.6.0"
+      "3.0.0"
     end
 
     def rubocop_version

data/lib/bundler/cli/lock.rb

@@ -33,8 +33,11 @@ module Bundler
         update = { bundler: bundler }
       end
 
+      file = options[:lockfile]
+      file = file ? Pathname.new(file).expand_path : Bundler.default_lockfile
+
       Bundler.settings.temporary(frozen: false) do
-        definition = Bundler.definition(update)
+        definition = Bundler.definition(update, file)
 
         Bundler::CLI::Common.configure_gem_version_promoter(definition, options) if options[:update]
 
@@ -60,10 +63,8 @@ module Bundler
         if print
           puts definition.to_lock
         else
-          file = options[:lockfile]
-          file = file ? File.expand_path(file) : Bundler.default_lockfile
           puts "Writing lockfile to #{file}"
-          definition.lock(file)
+          definition.lock
         end
       end
 

data/lib/bundler/cli.rb

@@ -785,7 +785,7 @@ module Bundler
       return unless SharedHelpers.md5_available?
 
       latest = Fetcher::CompactIndex.
-               new(nil, Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil, nil).
+               new(nil, Source::Rubygems::Remote.new(Gem::URI("https://rubygems.org")), nil, nil).
                send(:compact_index_client).
                instance_variable_get(:@cache).
                dependencies("bundler").

data/lib/bundler/compact_index_client/updater.rb

@@ -42,7 +42,7 @@ module Bundler
           else
             file.write(response.body)
           end
-          CacheFile.write(etag_path, etag(response))
+          CacheFile.write(etag_path, etag_from_response(response))
           true
         end
       end
@@ -53,13 +53,13 @@ module Bundler
         response = @fetcher.call(remote_path, request_headers(etag))
         return true if response.is_a?(Gem::Net::HTTPNotModified)
         CacheFile.write(local_path, response.body, parse_digests(response))
-        CacheFile.write(etag_path, etag(response))
+        CacheFile.write(etag_path, etag_from_response(response))
       end
 
       def request_headers(etag, range_start = nil)
         headers = {}
         headers["Range"] = "bytes=#{range_start}-" if range_start
-        headers["If-None-Match"] = etag if etag
+        headers["If-None-Match"] = %("#{etag}") if etag
         headers
       end
 
@@ -77,7 +77,7 @@ module Bundler
         etag
       end
 
-      def etag(response)
+      def etag_from_response(response)
         return unless response["ETag"]
         etag = response["ETag"].delete_prefix("W/")
         return if etag.delete_prefix!('"') && !etag.delete_suffix!('"')

data/lib/bundler/definition.rb

@@ -320,38 +320,26 @@ module Bundler
       dependencies.map(&:groups).flatten.uniq
     end
 
-    def lock(file, preserve_unknown_sections = false)
-      return if Definition.no_lock
-
-      contents = to_lock
-
-      # Convert to \r\n if the existing lock has them
-      # i.e., Windows with `git config core.autocrlf=true`
-      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
-
-      if @locked_bundler_version
-        locked_major = @locked_bundler_version.segments.first
-        current_major = bundler_version_to_lock.segments.first
-
-        updating_major = locked_major < current_major
-      end
+    def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
+      if [true, false, nil].include?(file_or_preserve_unknown_sections)
+        target_lockfile = lockfile || Bundler.default_lockfile
+        preserve_unknown_sections = file_or_preserve_unknown_sections
+      else
+        target_lockfile = file_or_preserve_unknown_sections
+        preserve_unknown_sections = preserve_unknown_sections_or_unused
 
-      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+        suggestion = if target_lockfile == lockfile
+          "To fix this warning, remove it from the `Definition#lock` call."
+        else
+          "Instead, instantiate a new definition passing `#{target_lockfile}`, and call `lock` without a file argument on that definition"
+        end
 
-      if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
-        return if Bundler.frozen_bundle?
-        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
-        return
-      end
+        msg = "`Definition#lock` was passed a target file argument. #{suggestion}"
 
-      if Bundler.frozen_bundle?
-        Bundler.ui.error "Cannot write a changed lockfile while frozen."
-        return
+        Bundler::SharedHelpers.major_deprecation 2, msg
       end
 
-      SharedHelpers.filesystem_access(file) do |p|
-        File.open(p, "wb") {|f| f.puts(contents) }
-      end
+      write_lock(target_lockfile, preserve_unknown_sections)
     end
 
     def locked_ruby_version
@@ -518,7 +506,45 @@ module Bundler
     end
 
     def lockfile_exists?
-      lockfile && File.exist?(lockfile)
+      file_exists?(lockfile)
+    end
+
+    def file_exists?(file)
+      file && File.exist?(file)
+    end
+
+    def write_lock(file, preserve_unknown_sections)
+      return if Definition.no_lock
+
+      contents = to_lock
+
+      # Convert to \r\n if the existing lock has them
+      # i.e., Windows with `git config core.autocrlf=true`
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
+
+      if @locked_bundler_version
+        locked_major = @locked_bundler_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
+
+        updating_major = locked_major < current_major
+      end
+
+      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+
+      if file_exists?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
+
+      if Bundler.frozen_bundle?
+        Bundler.ui.error "Cannot write a changed lockfile while frozen."
+        return
+      end
+
+      SharedHelpers.filesystem_access(file) do |p|
+        File.open(p, "wb") {|f| f.puts(contents) }
+      end
     end
 
     def resolver

data/lib/bundler/dsl.rb

@@ -102,9 +102,6 @@ module Bundler
 
       # if there's already a dependency with this name we try to prefer one
       if current = @dependencies.find {|d| d.name == dep.name }
-        # Always prefer the dependency from the Gemfile
-        @dependencies.delete(current) if current.gemspec_dev_dep?
-
         if current.requirement != dep.requirement
           current_requirement_open = current.requirements_list.include?(">= 0")
 
@@ -116,8 +113,6 @@ module Bundler
               Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
                               "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
             end
-
-            return if dep.gemspec_dev_dep?
           else
             update_prompt = ""
 
@@ -135,8 +130,13 @@ module Bundler
                            "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
                            "#{update_prompt}"
           end
-        elsif current.gemspec_dev_dep? || dep.gemspec_dev_dep?
-          return if dep.gemspec_dev_dep?
+        end
+
+        # Always prefer the dependency from the Gemfile
+        if current.gemspec_dev_dep?
+          @dependencies.delete(current)
+        elsif dep.gemspec_dev_dep?
+          return
         elsif current.source != dep.source
           raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
                           "You specified that #{dep.name} (#{dep.requirement}) should come from " \

data/lib/bundler/environment_preserver.rb

@@ -58,9 +58,9 @@ module Bundler
       env = @original.clone
       @keys.each do |key|
         value = env[key]
-        if !value.nil? && !value.empty?
+        if !value.nil?
           env[@prefix + key] ||= value
-        elsif value.nil?
+        else
           env[@prefix + key] ||= INTENTIONALLY_NIL
         end
       end
@@ -72,7 +72,7 @@ module Bundler
       env = @original.clone
       @keys.each do |key|
         value_original = env[@prefix + key]
-        next if value_original.nil? || value_original.empty?
+        next if value_original.nil?
         if value_original == INTENTIONALLY_NIL
           env.delete(key)
         else

data/lib/bundler/fetcher/downloader.rb

@@ -23,7 +23,7 @@ module Bundler
         when Gem::Net::HTTPSuccess, Gem::Net::HTTPNotModified
           response
         when Gem::Net::HTTPRedirection
-          new_uri = Bundler::URI.parse(response["location"])
+          new_uri = Gem::URI.parse(response["location"])
           if new_uri.host == uri.host
             new_uri.user = uri.user
             new_uri.password = uri.password

data/lib/bundler/fetcher.rb

@@ -111,7 +111,7 @@ module Bundler
       spec -= [nil, "ruby", ""]
       spec_file_name = "#{spec.join "-"}.gemspec"
 
-      uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
+      uri = Gem::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
       spec = if uri.scheme == "file"
         path = Gem::Util.correct_for_windows_path(uri.path)
         Bundler.safe_load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
@@ -255,7 +255,7 @@ module Bundler
 
         con = Gem::Net::HTTP::Persistent.new name: "bundler", proxy: :ENV
         if gem_proxy = Gem.configuration[:http_proxy]
-          con.proxy = Bundler::URI.parse(gem_proxy) if gem_proxy != :no_proxy
+          con.proxy = Gem::URI.parse(gem_proxy) if gem_proxy != :no_proxy
         end
 
         if remote_uri.scheme == "https"

data/lib/bundler/injector.rb

@@ -50,7 +50,7 @@ module Bundler
         append_to(gemfile_path, build_gem_lines(@options[:conservative_versioning])) if @deps.any?
 
         # since we resolved successfully, write out the lockfile
-        @definition.lock(Bundler.default_lockfile)
+        @definition.lock
 
         # invalidate the cached Bundler.definition
         Bundler.reset_paths!

data/lib/bundler/installer.rb

@@ -260,8 +260,8 @@ module Bundler
       true
     end
 
-    def lock(opts = {})
-      @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
+    def lock
+      @definition.lock
     end
   end
 end

data/lib/bundler/man/bundle-config.1

@@ -302,9 +302,9 @@ Note that any configured credentials will be redacted by informative commands su
 .P
 Also note that to guarantee a sane mapping between valid environment variable names and valid host names, bundler makes the following transformations:
 .IP "\(bu" 4
-Any \fB\-\fR characters in a host name are mapped to a triple dash (\fB___\fR) in the corresponding environment variable\.
+Any \fB\-\fR characters in a host name are mapped to a triple underscore (\fB___\fR) in the corresponding environment variable\.
 .IP "\(bu" 4
-Any \fB\.\fR characters in a host name are mapped to a double dash (\fB__\fR) in the corresponding environment variable\.
+Any \fB\.\fR characters in a host name are mapped to a double underscore (\fB__\fR) in the corresponding environment variable\.
 .IP "" 0
 .P
 This means that if you have a gem server named \fBmy\.gem\-host\.com\fR, you'll need to use the \fBBUNDLE_MY__GEM___HOST__COM\fR variable to configure credentials for it through ENV\.

data/lib/bundler/man/bundle-config.1.ronn

@@ -388,10 +388,10 @@ copy-pasting bundler output.
 Also note that to guarantee a sane mapping between valid environment variable
 names and valid host names, bundler makes the following transformations:
 
-* Any `-` characters in a host name are mapped to a triple dash (`___`) in the
+* Any `-` characters in a host name are mapped to a triple underscore (`___`) in the
   corresponding environment variable.
 
-* Any `.` characters in a host name are mapped to a double dash (`__`) in the
+* Any `.` characters in a host name are mapped to a double underscore (`__`) in the
   corresponding environment variable.
 
 This means that if you have a gem server named `my.gem-host.com`, you'll need to

data/lib/bundler/mirror.rb

@@ -47,7 +47,7 @@ module Bundler
 
       def fetch_valid_mirror_for(uri)
         downcased = uri.to_s.downcase
-        mirror = @mirrors[downcased] || @mirrors[Bundler::URI(downcased).host] || Mirror.new(uri)
+        mirror = @mirrors[downcased] || @mirrors[Gem::URI(downcased).host] || Mirror.new(uri)
         mirror.validate!(@prober)
         mirror = Mirror.new(uri) unless mirror.valid?
         mirror
@@ -74,7 +74,7 @@ module Bundler
         @uri = if uri.nil?
           nil
         else
-          Bundler::URI(uri.to_s)
+          Gem::URI(uri.to_s)
         end
         @valid = nil
       end
@@ -126,7 +126,7 @@ module Bundler
         if uri == "all"
           @all = true
         else
-          @uri = Bundler::URI(uri).absolute? ? Settings.normalize_uri(uri) : uri
+          @uri = Gem::URI(uri).absolute? ? Settings.normalize_uri(uri) : uri
         end
         @value = value
       end

data/lib/bundler/plugin/api/source.rb

@@ -107,7 +107,7 @@ module Bundler
         def install_path
           @install_path ||=
             begin
-              base_name = File.basename(Bundler::URI.parse(uri).normalize.path)
+              base_name = File.basename(Gem::URI.parse(uri).normalize.path)
 
               gem_install_dir.join("#{base_name}-#{uri_hash[0..11]}")
             end
@@ -176,7 +176,7 @@ module Bundler
         #
         # This is used by `app_cache_path`
         def app_cache_dirname
-          base_name = File.basename(Bundler::URI.parse(uri).normalize.path)
+          base_name = File.basename(Gem::URI.parse(uri).normalize.path)
           "#{base_name}-#{uri_hash}"
         end
 

data/lib/bundler/runtime.rb

@@ -95,7 +95,7 @@ module Bundler
 
     def lock(opts = {})
       return if @definition.no_resolve_needed?
-      @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
+      @definition.lock(opts[:preserve_unknown_sections])
     end
 
     alias_method :gems, :specs

data/lib/bundler/settings.rb

@@ -189,7 +189,7 @@ module Bundler
     def mirror_for(uri)
       if uri.is_a?(String)
         require_relative "vendored_uri"
-        uri = Bundler::URI(uri)
+        uri = Gem::URI(uri)
       end
 
       gem_mirrors.for(uri.to_s).uri
@@ -549,7 +549,7 @@ module Bundler
       end
       uri = URINormalizer.normalize_suffix(uri)
       require_relative "vendored_uri"
-      uri = Bundler::URI(uri)
+      uri = Gem::URI(uri)
       unless uri.absolute?
         raise ArgumentError, format("Gem sources must be absolute. You provided '%s'.", uri)
       end
@@ -564,7 +564,7 @@ module Bundler
           key
         when Symbol
           key.name
-        when Bundler::URI::HTTP
+        when Gem::URI::HTTP
           key.to_s
         else
           raise ArgumentError, "Invalid key: #{key.inspect}"
@@ -577,7 +577,7 @@ module Bundler
           key
         when Symbol
           key.to_s
-        when Bundler::URI::HTTP
+        when Gem::URI::HTTP
           key.to_s
         else
           raise ArgumentError, "Invalid key: #{key.inspect}"

data/lib/bundler/source/git/git_proxy.rb

@@ -320,7 +320,7 @@ module Bundler
         # Adds credentials to the URI
         def configured_uri
           if /https?:/.match?(uri)
-            remote = Bundler::URI(uri)
+            remote = Gem::URI(uri)
             config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
             remote.userinfo ||= config_auth
             remote.to_s

data/lib/bundler/source/git.rb

@@ -326,7 +326,7 @@ module Bundler
         if %r{^\w+://(\w+@)?}.match?(uri)
           # Downcase the domain component of the URI
           # and strip off a trailing slash, if one is present
-          input = Bundler::URI.parse(uri).normalize.to_s.sub(%r{/$}, "")
+          input = Gem::URI.parse(uri).normalize.to_s.sub(%r{/$}, "")
         else
           # If there is no URI scheme, assume it is an ssh/git URI
           input = uri

data/lib/bundler/source/rubygems/remote.rb

@@ -48,7 +48,7 @@ module Bundler
           end
 
           uri
-        rescue Bundler::URI::InvalidComponentError
+        rescue Gem::URI::InvalidComponentError
           error_message = "Please CGI escape your usernames and passwords before " \
                           "setting them for authentication."
           raise HTTPError.new(error_message)

data/lib/bundler/source/rubygems.rb

@@ -349,9 +349,9 @@ module Bundler
       def normalize_uri(uri)
         uri = URINormalizer.normalize_suffix(uri.to_s)
         require_relative "../vendored_uri"
-        uri = Bundler::URI(uri)
+        uri = Gem::URI(uri)
         raise ArgumentError, "The source must be an absolute URI. For example:\n" \
-          "source 'https://rubygems.org'" if !uri.absolute? || (uri.is_a?(Bundler::URI::HTTP) && uri.host.nil?)
+          "source 'https://rubygems.org'" if !uri.absolute? || (uri.is_a?(Gem::URI::HTTP) && uri.host.nil?)
         uri
       end
 

data/lib/bundler/spec_set.rb

@@ -65,7 +65,7 @@ module Bundler
 
       platforms.concat(new_platforms)
 
-      less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && platform === Bundler.local_platform }
+      less_specific_platform = new_platforms.find {|platform| platform != Gem::Platform::RUBY && Bundler.local_platform === platform }
       platforms.delete(Bundler.local_platform) if less_specific_platform
 
       platforms

data/lib/bundler/uri_credentials_filter.rb

@@ -11,7 +11,7 @@ module Bundler
         return uri if File.exist?(uri)
 
         require_relative "vendored_uri"
-        uri = Bundler::URI(uri)
+        uri = Gem::URI(uri)
       end
 
       if uri.userinfo
@@ -25,7 +25,7 @@ module Bundler
       end
       return uri.to_s if uri_to_anonymize.is_a?(String)
       uri
-    rescue Bundler::URI::InvalidURIError # uri is not canonical uri scheme
+    rescue Gem::URI::InvalidURIError # uri is not canonical uri scheme
       uri
     end
 

data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -1,5 +1,5 @@
 require_relative '../../../../../vendored_net_http'
-require_relative '../../../../uri/lib/uri'
+require_relative '../../../../../vendored_uri'
 require 'cgi' # for escaping
 require_relative '../../../../connection_pool/lib/connection_pool'
 
@@ -22,7 +22,7 @@ autoload :OpenSSL, 'openssl'
 #
 #   require 'bundler/vendor/net-http-persistent/lib/net/http/persistent'
 #
-#   uri = Bundler::URI 'http://example.com/awesome/web/service'
+#   uri = Gem::URI 'http://example.com/awesome/web/service'
 #
 #   http = Gem::Net::HTTP::Persistent.new
 #
@@ -39,17 +39,17 @@ autoload :OpenSSL, 'openssl'
 #   post = Gem::Net::HTTP::Post.new post_uri.path
 #   post.set_form_data 'some' => 'cool data'
 #
-#   # perform the POST, the Bundler::URI is always required
+#   # perform the POST, the Gem::URI is always required
 #   response http.request post_uri, post
 #
 # Note that for GET, HEAD and other requests that do not have a body you want
-# to use Bundler::URI#request_uri not Bundler::URI#path.  The request_uri contains the query
+# to use Gem::URI#request_uri not Gem::URI#path.  The request_uri contains the query
 # params which are sent in the body for other requests.
 #
 # == TLS/SSL
 #
 # TLS connections are automatically created depending upon the scheme of the
-# Bundler::URI.  TLS connections are automatically verified against the default
+# Gem::URI.  TLS connections are automatically verified against the default
 # certificate store for your computer.  You can override this by changing
 # verify_mode or by specifying an alternate cert_store.
 #
@@ -72,7 +72,7 @@ autoload :OpenSSL, 'openssl'
 # == Proxies
 #
 # A proxy can be set through #proxy= or at initialization time by providing a
-# second argument to ::new.  The proxy may be the Bundler::URI of the proxy server or
+# second argument to ::new.  The proxy may be the Gem::URI of the proxy server or
 # <code>:ENV</code> which will consult environment variables.
 #
 # See #proxy= and #proxy_from_env for details.
@@ -197,7 +197,7 @@ class Gem::Net::HTTP::Persistent
   # NOTE:  This may not work on ruby > 1.9.
 
   def self.detect_idle_timeout uri, max = 10
-    uri = Bundler::URI uri unless Bundler::URI::Generic === uri
+    uri = Gem::URI uri unless Gem::URI::Generic === uri
     uri += '/'
 
     req = Gem::Net::HTTP::Head.new uri.request_uri
@@ -455,13 +455,13 @@ class Gem::Net::HTTP::Persistent
   # Set a +name+ for fun.  Your library name should be good enough, but this
   # otherwise has no purpose.
   #
-  # +proxy+ may be set to a Bundler::URI::HTTP or :ENV to pick up proxy options from
+  # +proxy+ may be set to a Gem::URI::HTTP or :ENV to pick up proxy options from
   # the environment.  See proxy_from_env for details.
   #
-  # In order to use a Bundler::URI for the proxy you may need to do some extra work
-  # beyond Bundler::URI parsing if the proxy requires a password:
+  # In order to use a Gem::URI for the proxy you may need to do some extra work
+  # beyond Gem::URI parsing if the proxy requires a password:
   #
-  #   proxy = Bundler::URI 'http://proxy.example'
+  #   proxy = Gem::URI 'http://proxy.example'
   #   proxy.user     = 'AzureDiamond'
   #   proxy.password = 'hunter2'
   #
@@ -510,7 +510,7 @@ class Gem::Net::HTTP::Persistent
     @verify_mode        = nil
     @cert_store         = nil
 
-    @generation         = 0 # incremented when proxy Bundler::URI changes
+    @generation         = 0 # incremented when proxy Gem::URI changes
 
     if HAVE_OPENSSL then
       @verify_mode        = OpenSSL::SSL::VERIFY_PEER
@@ -720,12 +720,12 @@ class Gem::Net::HTTP::Persistent
   alias key= private_key=
 
   ##
-  # Sets the proxy server.  The +proxy+ may be the Bundler::URI of the proxy server,
+  # Sets the proxy server.  The +proxy+ may be the Gem::URI of the proxy server,
   # the symbol +:ENV+ which will read the proxy from the environment or nil to
   # disable use of a proxy.  See #proxy_from_env for details on setting the
   # proxy from the environment.
   #
-  # If the proxy Bundler::URI is set after requests have been made, the next request
+  # If the proxy Gem::URI is set after requests have been made, the next request
   # will shut-down and re-open all connections.
   #
   # The +no_proxy+ query parameter can be used to specify hosts which shouldn't
@@ -736,9 +736,9 @@ class Gem::Net::HTTP::Persistent
   def proxy= proxy
     @proxy_uri = case proxy
                  when :ENV      then proxy_from_env
-                 when Bundler::URI::HTTP then proxy
+                 when Gem::URI::HTTP then proxy
                  when nil       then # ignore
-                 else raise ArgumentError, 'proxy must be :ENV or a Bundler::URI::HTTP'
+                 else raise ArgumentError, 'proxy must be :ENV or a Gem::URI::HTTP'
                  end
 
     @no_proxy.clear
@@ -763,13 +763,13 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a Bundler::URI for an HTTP proxy server from ENV variables.
+  # Creates a Gem::URI for an HTTP proxy server from ENV variables.
   #
   # If +HTTP_PROXY+ is set a proxy will be returned.
   #
-  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Bundler::URI is given the
+  # If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the Gem::URI is given the
   # indicated user and password unless HTTP_PROXY contains either of these in
-  # the Bundler::URI.
+  # the Gem::URI.
   #
   # The +NO_PROXY+ ENV variable can be used to specify hosts which shouldn't
   # be reached via proxy; if set it should be a comma separated list of
@@ -785,7 +785,7 @@ class Gem::Net::HTTP::Persistent
 
     return nil if env_proxy.nil? or env_proxy.empty?
 
-    uri = Bundler::URI normalize_uri env_proxy
+    uri = Gem::URI normalize_uri env_proxy
 
     env_no_proxy = ENV['no_proxy'] || ENV['NO_PROXY']
 
@@ -863,7 +863,7 @@ class Gem::Net::HTTP::Persistent
   # +req+ must be a Gem::Net::HTTPGenericRequest subclass (see Gem::Net::HTTP for a list).
 
   def request uri, req = nil, &block
-    uri      = Bundler::URI uri
+    uri      = Gem::URI uri
     req      = request_setup req || uri
     response = nil
 
@@ -896,7 +896,7 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Creates a GET request if +req_or_uri+ is a Bundler::URI and adds headers to the
+  # Creates a GET request if +req_or_uri+ is a Gem::URI and adds headers to the
   # request.
   #
   # Returns the request.

data/lib/bundler/vendored_uri.rb

@@ -1,4 +1,21 @@
 # frozen_string_literal: true
 
 module Bundler; end
-require_relative "vendor/uri/lib/uri"
+
+# Use RubyGems vendored copy when available. Otherwise fallback to Bundler
+# vendored copy. The vendored copy in Bundler can be removed once support for
+# RubyGems 3.5 is dropped.
+
+begin
+  require "rubygems/vendor/uri/lib/uri"
+rescue LoadError
+  require_relative "vendor/uri/lib/uri"
+  Gem::URI = Bundler::URI
+
+  module Gem
+    def URI(uri) # rubocop:disable Naming/MethodName
+      Bundler::URI(uri)
+    end
+    module_function :URI
+  end
+end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.4".freeze
+  VERSION = "2.5.6".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/bundler/yaml_serializer.rb

@@ -58,6 +58,8 @@ module Bundler
       str.split(/\r?\n/) do |line|
         if match = HASH_REGEX.match(line)
           indent, key, quote, val = match.captures
+          val = strip_comment(val)
+
           convert_to_backward_compatible_key!(key)
           depth = indent.size / 2
           if quote.empty? && val.empty?
@@ -72,6 +74,8 @@ module Bundler
           end
         elsif match = ARRAY_REGEX.match(line)
           _, val = match.captures
+          val = strip_comment(val)
+
           last_hash[last_empty_key] = [] unless last_hash[last_empty_key].is_a?(Array)
 
           last_hash[last_empty_key].push(val)
@@ -80,6 +84,14 @@ module Bundler
       res
     end
 
+    def strip_comment(val)
+      if val.include?("#") && !val.start_with?("#")
+        val.split("#", 2).first.strip
+      else
+        val
+      end
+    end
+
     # for settings' keys
     def convert_to_backward_compatible_key!(key)
       key << "/" if /https?:/i.match?(key) && !%r{/\Z}.match?(key)

data/lib/bundler.rb

@@ -200,12 +200,13 @@ module Bundler
     #
     # @param unlock [Hash, Boolean, nil] Gems that have been requested
     #   to be updated or true if all gems should be updated
+    # @param lockfile [Pathname] Path to Gemfile.lock
     # @return [Bundler::Definition]
-    def definition(unlock = nil)
+    def definition(unlock = nil, lockfile = default_lockfile)
       @definition = nil if unlock
       @definition ||= begin
         configure
-        Definition.build(default_gemfile, default_lockfile, unlock)
+        Definition.build(default_gemfile, lockfile, unlock)
       end
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.4
+  version: 2.5.6
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-04 00:00:00.000000000 Z
+date: 2024-02-06 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -398,7 +398,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.4
+rubygems_version: 3.5.6
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies