bundler 2.5.6 → 2.5.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39c97ec41b023928932bc15dd7a27d7d6c44a1081d8d8a8d929323acc7923516
-  data.tar.gz: fcee9b11554764b4b762fbeff5be2afa1747bb00522f76a8f2ed8910af6140ba
+  metadata.gz: a5b022aa2fbcb7dc23d00521f4d06a6d47ac0c59fe82da544b25ec46b82d80a3
+  data.tar.gz: 95f43a8fb90cd87a9749746121fe46cdab001476b04c99bdf16ac388912c6bfd
 SHA512:
-  metadata.gz: 3f0e03b892ab04ffbbe98dc64a8edf39976e9f06f7e3c3f0d023760de2c10335975dd6658081fe9f6daf259f19e84bb829196f9387c3037ddd3fea9fdb865c80
-  data.tar.gz: c483f1305486133a2a0845c4ad13de99baf81b456d88d0e899726db2d1257c445625aeb3f4b32a4b6717f42da23858336284ffecc5fd9ce9a15a6ca797349c75
+  metadata.gz: 5915fb8ba535b49dbe06042a31564614e86928b4d6a75935a7a3aa782ffd713bb1c5f95be3ffc028ae1337367e46e708a9a59d38601a268c54f7814ec0dcea32
+  data.tar.gz: 18300e1cf1066cbbc36cc70822f80a0d46eabd5330b7dadf47993cd00cb1c1762ab663c582a18cec055309d5893ea7a241d7eecd0915654bc2fb5d1c8165b2e7

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+# 2.5.8 (April 11, 2024)
+
+## Enhancements:
+
+  - Allow installing plugins from path via CLI [#6960](https://github.com/rubygems/rubygems/pull/6960)
+  - Improve validation of `bundle plugin install` options [#7529](https://github.com/rubygems/rubygems/pull/7529)
+
+## Bug fixes:
+
+  - Fix resolver error message when it runs out of versions due to `--strict --patch` filtering out everything [#7527](https://github.com/rubygems/rubygems/pull/7527)
+  - Fix incorrect `bundle update --bundler` message [#7516](https://github.com/rubygems/rubygems/pull/7516)
+
+# 2.5.7 (March 22, 2024)
+
+## Deprecations:
+
+  - Deprecate `bundle plugin install --local-git=` [#7048](https://github.com/rubygems/rubygems/pull/7048)
+
+## Enhancements:
+
+  - Ignore commented out keys in config file [#7514](https://github.com/rubygems/rubygems/pull/7514)
+  - Fix exclusion of `.gemspec` file itself in `bundle gem` generated gemspec file [#7488](https://github.com/rubygems/rubygems/pull/7488)
+  - Remove redundant configs from `bundle gem` generated rubocop configuration [#7478](https://github.com/rubygems/rubygems/pull/7478)
+  - Add `gitlab:` git source shorthand [#7449](https://github.com/rubygems/rubygems/pull/7449)
+  - Use full path for `instance_eval` in `Bundler::DSL#eval_gemfile` [#7471](https://github.com/rubygems/rubygems/pull/7471)
+
+## Documentation:
+
+  - Use https instead of http in documentation links [#7481](https://github.com/rubygems/rubygems/pull/7481)
+
 # 2.5.6 (February 6, 2024)
 
 ## Deprecations:

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2024-02-06".freeze
-    @git_commit_sha = "7ac045dcaa".freeze
+    @built_at = "2024-04-11".freeze
+    @git_commit_sha = "cf66a7369b".freeze
     @release = true
     # end ivars
 

data/lib/bundler/cli/binstubs.rb

@@ -45,7 +45,7 @@ module Bundler
             next
           end
 
-          Bundler.settings.temporary(path: (Bundler.settings[:path] || Bundler.root)) do
+          Bundler.settings.temporary(path: Bundler.settings[:path] || Bundler.root) do
             installer.generate_standalone_bundler_executable_stubs(spec, installer_opts)
           end
         else

data/lib/bundler/cli/plugin.rb

@@ -5,14 +5,15 @@ module Bundler
   class CLI::Plugin < Thor
     desc "install PLUGINS", "Install the plugin from the source"
     long_desc <<-D
-      Install plugins either from the rubygems source provided (with --source option) or from a git source provided with --git (for remote repos) or --local_git (for local repos). If no sources are provided, it uses Gem.sources
+      Install plugins either from the rubygems source provided (with --source option), from a git source provided with --git, or a local path provided with --path. If no sources are provided, it uses Gem.sources
    D
     method_option "source", type: :string, default: nil, banner: "URL of the RubyGems source to fetch the plugin from"
     method_option "version", type: :string, default: nil, banner: "The version of the plugin to fetch"
     method_option "git", type: :string, default: nil, banner: "URL of the git repo to fetch from"
-    method_option "local_git", type: :string, default: nil, banner: "Path of the local git repo to fetch from"
+    method_option "local_git", type: :string, default: nil, banner: "Path of the local git repo to fetch from (deprecated)"
     method_option "branch", type: :string, default: nil, banner: "The git branch to checkout"
     method_option "ref", type: :string, default: nil, banner: "The git revision to check out"
+    method_option "path", type: :string, default: nil, banner: "Path of a local gem to directly use"
     def install(*plugins)
       Bundler::Plugin.install(plugins, options)
     end

data/lib/bundler/cli.rb

@@ -620,7 +620,7 @@ module Bundler
     method_option "major", type: :boolean, banner:       "If updating, prefer updating to next major version (default)"
     method_option "pre", type: :boolean, banner: "If updating, always choose the highest allowed version, regardless of prerelease status"
     method_option "strict", type: :boolean, banner: "If updating, do not allow any gem to be updated past latest --patch | --minor | --major"
-    method_option "conservative", type: :boolean, banner:       "If updating, use bundle install conservative update behavior and do not allow shared dependencies to be updated"
+    method_option "conservative", type: :boolean, banner: "If updating, use bundle install conservative update behavior and do not allow shared dependencies to be updated"
     method_option "bundler", type: :string, lazy_default: "> 0.a", banner: "Update the locked version of bundler"
     def lock
       require_relative "cli/lock"

data/lib/bundler/dsl.rb

@@ -19,6 +19,7 @@ module Bundler
                     platform platforms type source install_if gemfile force_ruby_platform].freeze
 
     GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}
+    GITLAB_MERGE_REQUEST_URL = %r{\Ahttps://gitlab\.com/([A-Za-z0-9_\-\./]+)/-/merge_requests/(\d+)\z}
 
     attr_reader :gemspecs, :gemfile
     attr_accessor :dependencies
@@ -46,7 +47,7 @@ module Bundler
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents, gemfile.to_s, 1)
+      instance_eval(contents, @gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -308,6 +309,20 @@ module Bundler
         repo_name ||= user_name
         "https://#{user_name}@bitbucket.org/#{user_name}/#{repo_name}.git"
       end
+
+      git_source(:gitlab) do |repo_name|
+        if repo_name =~ GITLAB_MERGE_REQUEST_URL
+          {
+            "git" => "https://gitlab.com/#{$1}.git",
+            "branch" => nil,
+            "ref" => "refs/merge-requests/#{$2}/head",
+            "tag" => nil,
+          }
+        else
+          repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
+          "https://gitlab.com/#{repo_name}.git"
+        end
+      end
     end
 
     def with_source(source)

data/lib/bundler/gem_version_promoter.rb

@@ -45,17 +45,37 @@ module Bundler
 
     # Given a Resolver::Package and an Array of Specifications of available
     # versions for a gem, this method will return the Array of Specifications
-    # sorted (and possibly truncated if strict is true) in an order to give
-    # preference to the current level (:major, :minor or :patch) when resolution
-    # is deciding what versions best resolve all dependencies in the bundle.
+    # sorted in an order to give preference to the current level (:major, :minor
+    # or :patch) when resolution is deciding what versions best resolve all
+    # dependencies in the bundle.
     # @param package [Resolver::Package] The package being resolved.
     # @param specs [Specification] An array of Specifications for the package.
-    # @return [Specification] A new instance of the Specification Array sorted and
-    #    possibly filtered.
+    # @return [Specification] A new instance of the Specification Array sorted.
     def sort_versions(package, specs)
-      specs = filter_dep_specs(specs, package) if strict
+      locked_version = package.locked_version
 
-      sort_dep_specs(specs, package)
+      result = specs.sort do |a, b|
+        unless package.prerelease_specified? || pre?
+          a_pre = a.prerelease?
+          b_pre = b.prerelease?
+
+          next 1 if a_pre && !b_pre
+          next -1 if b_pre && !a_pre
+        end
+
+        if major? || locked_version.nil?
+          b <=> a
+        elsif either_version_older_than_locked?(a, b, locked_version)
+          b <=> a
+        elsif segments_do_not_match?(a, b, :major)
+          a <=> b
+        elsif !minor? && segments_do_not_match?(a, b, :minor)
+          a <=> b
+        else
+          b <=> a
+        end
+      end
+      post_sort(result, package.unlock?, locked_version)
     end
 
     # @return [bool] Convenience method for testing value of level variable.
@@ -73,9 +93,18 @@ module Bundler
       pre == true
     end
 
-    private
+    # Given a Resolver::Package and an Array of Specifications of available
+    # versions for a gem, this method will truncate the Array if strict
+    # is true. That means filtering out downgrades from the version currently
+    # locked, and filtering out upgrades that go past the selected level (major,
+    # minor, or patch).
+    # @param package [Resolver::Package] The package being resolved.
+    # @param specs [Specification] An array of Specifications for the package.
+    # @return [Specification] A new instance of the Specification Array
+    #   truncated.
+    def filter_versions(package, specs)
+      return specs unless strict
 
-    def filter_dep_specs(specs, package)
       locked_version = package.locked_version
       return specs if locked_version.nil? || major?
 
@@ -89,32 +118,7 @@ module Bundler
       end
     end
 
-    def sort_dep_specs(specs, package)
-      locked_version = package.locked_version
-
-      result = specs.sort do |a, b|
-        unless package.prerelease_specified? || pre?
-          a_pre = a.prerelease?
-          b_pre = b.prerelease?
-
-          next -1 if a_pre && !b_pre
-          next  1 if b_pre && !a_pre
-        end
-
-        if major? || locked_version.nil?
-          a <=> b
-        elsif either_version_older_than_locked?(a, b, locked_version)
-          a <=> b
-        elsif segments_do_not_match?(a, b, :major)
-          b <=> a
-        elsif !minor? && segments_do_not_match?(a, b, :minor)
-          b <=> a
-        else
-          a <=> b
-        end
-      end
-      post_sort(result, package.unlock?, locked_version)
-    end
+    private
 
     def either_version_older_than_locked?(a, b, locked_version)
       a.version < locked_version || b.version < locked_version
@@ -133,13 +137,13 @@ module Bundler
       if unlock || locked_version.nil?
         result
       else
-        move_version_to_end(result, locked_version)
+        move_version_to_beginning(result, locked_version)
       end
     end
 
-    def move_version_to_end(result, version)
+    def move_version_to_beginning(result, version)
       move, keep = result.partition {|s| s.version.to_s == version.to_s }
-      keep.concat(move)
+      move.concat(keep)
     end
   end
 end

data/lib/bundler/man/bundle-add.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-ADD" "1" "December 2023" ""
+.TH "BUNDLE\-ADD" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-binstubs.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-BINSTUBS" "1" "December 2023" ""
+.TH "BUNDLE\-BINSTUBS" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-cache.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CACHE" "1" "December 2023" ""
+.TH "BUNDLE\-CACHE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-check.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CHECK" "1" "December 2023" ""
+.TH "BUNDLE\-CHECK" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-clean.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CLEAN" "1" "December 2023" ""
+.TH "BUNDLE\-CLEAN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-config.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CONFIG" "1" "December 2023" ""
+.TH "BUNDLE\-CONFIG" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-console.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-CONSOLE" "1" "December 2023" ""
+.TH "BUNDLE\-CONSOLE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-console\fR \- Deprecated way to open an IRB session with the bundle pre\-loaded
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-doctor.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-DOCTOR" "1" "December 2023" ""
+.TH "BUNDLE\-DOCTOR" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-exec.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-EXEC" "1" "December 2023" ""
+.TH "BUNDLE\-EXEC" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-gem.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-GEM" "1" "December 2023" ""
+.TH "BUNDLE\-GEM" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-help.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-HELP" "1" "December 2023" ""
+.TH "BUNDLE\-HELP" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-help\fR \- Displays detailed help for each subcommand
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-info.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INFO" "1" "December 2023" ""
+.TH "BUNDLE\-INFO" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-info\fR \- Show information for the given gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-init.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INIT" "1" "December 2023" ""
+.TH "BUNDLE\-INIT" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-init\fR \- Generates a Gemfile into the current working directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-inject.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INJECT" "1" "December 2023" ""
+.TH "BUNDLE\-INJECT" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-inject\fR \- Add named gem(s) with version requirements to Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-install.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-INSTALL" "1" "December 2023" ""
+.TH "BUNDLE\-INSTALL" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"
@@ -208,8 +208,8 @@ To explicitly update \fBactionpack\fR, including its dependencies which other ge
 \fBSummary\fR: In general, after making a change to the Gemfile(5) , you should first try to run \fBbundle install\fR, which will guarantee that no other gem in the Gemfile(5) is impacted by the change\. If that does not work, run bundle update(1) \fIbundle\-update\.1\.html\fR\.
 .SH "SEE ALSO"
 .IP "\(bu" 4
-Gem install docs \fIhttp://guides\.rubygems\.org/rubygems\-basics/#installing\-gems\fR
+Gem install docs \fIhttps://guides\.rubygems\.org/rubygems\-basics/#installing\-gems\fR
 .IP "\(bu" 4
-Rubygems signing docs \fIhttp://guides\.rubygems\.org/security/\fR
+Rubygems signing docs \fIhttps://guides\.rubygems\.org/security/\fR
 .IP "" 0
 

data/lib/bundler/man/bundle-install.1.ronn

@@ -379,5 +379,5 @@ does not work, run [bundle update(1)](bundle-update.1.html).
 
 ## SEE ALSO
 
-* [Gem install docs](http://guides.rubygems.org/rubygems-basics/#installing-gems)
-* [Rubygems signing docs](http://guides.rubygems.org/security/)
+* [Gem install docs](https://guides.rubygems.org/rubygems-basics/#installing-gems)
+* [Rubygems signing docs](https://guides.rubygems.org/security/)

data/lib/bundler/man/bundle-list.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-LIST" "1" "December 2023" ""
+.TH "BUNDLE\-LIST" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-lock.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-LOCK" "1" "December 2023" ""
+.TH "BUNDLE\-LOCK" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-open.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-OPEN" "1" "December 2023" ""
+.TH "BUNDLE\-OPEN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-outdated.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-OUTDATED" "1" "December 2023" ""
+.TH "BUNDLE\-OUTDATED" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-platform.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PLATFORM" "1" "December 2023" ""
+.TH "BUNDLE\-PLATFORM" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-plugin.1

@@ -1,10 +1,10 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PLUGIN" "1" "December 2023" ""
+.TH "BUNDLE\-PLUGIN" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-plugin\fR \- Manage Bundler plugins
 .SH "SYNOPSIS"
-\fBbundle plugin\fR install PLUGINS [\-\-source=\fISOURCE\fR] [\-\-version=\fIversion\fR] [\-\-git|\-\-local_git=\fIgit\-url\fR] [\-\-branch=\fIbranch\fR|\-\-ref=\fIrev\fR]
+\fBbundle plugin\fR install PLUGINS [\-\-source=\fISOURCE\fR] [\-\-version=\fIversion\fR] [\-\-git=\fIgit\-url\fR] [\-\-branch=\fIbranch\fR|\-\-ref=\fIrev\fR] [\-\-path=\fIpath\fR]
 .br
 \fBbundle plugin\fR uninstall PLUGINS
 .br
@@ -27,7 +27,7 @@ Install bundler\-graph gem from example\.com\. The global source, specified in s
 You can specify the version of the gem via \fB\-\-version\fR\.
 .TP
 \fBbundle plugin install bundler\-graph \-\-git https://github\.com/rubygems/bundler\-graph\fR
-Install bundler\-graph gem from Git repository\. \fB\-\-git\fR can be replaced with \fB\-\-local\-git\fR\. You cannot use both \fB\-\-git\fR and \fB\-\-local\-git\fR\. You can use standard Git URLs like:
+Install bundler\-graph gem from Git repository\. You can use standard Git URLs like:
 .IP
 \fBssh://[user@]host\.xz[:port]/path/to/repo\.git\fR
 .br
@@ -37,7 +37,10 @@ Install bundler\-graph gem from Git repository\. \fB\-\-git\fR can be replaced w
 .br
 \fBfile:///path/to/repo\fR
 .IP
-When you specify \fB\-\-git\fR/\fB\-\-local\-git\fR, you can use \fB\-\-branch\fR or \fB\-\-ref\fR to specify any branch, tag, or commit hash (revision) to use\. When you specify both, only the latter is used\.
+When you specify \fB\-\-git\fR, you can use \fB\-\-branch\fR or \fB\-\-ref\fR to specify any branch, tag, or commit hash (revision) to use\.
+.TP
+\fBbundle plugin install bundler\-graph \-\-path \.\./bundler\-graph\fR
+Install bundler\-graph gem from a local path\.
 .SS "uninstall"
 Uninstall the plugin(s) specified in PLUGINS\.
 .SS "list"

data/lib/bundler/man/bundle-plugin.1.ronn

@@ -4,7 +4,8 @@ bundle-plugin(1) -- Manage Bundler plugins
 ## SYNOPSIS
 
 `bundle plugin` install PLUGINS [--source=<SOURCE>] [--version=<version>]
-                              [--git|--local_git=<git-url>] [--branch=<branch>|--ref=<rev>]<br>
+                              [--git=<git-url>] [--branch=<branch>|--ref=<rev>]
+                              [--path=<path>]<br>
 `bundle plugin` uninstall PLUGINS<br>
 `bundle plugin` list<br>
 `bundle plugin` help [COMMAND]
@@ -29,14 +30,17 @@ Install the given plugin(s).
   You can specify the version of the gem via `--version`.
 
 * `bundle plugin install bundler-graph --git https://github.com/rubygems/bundler-graph`:
-  Install bundler-graph gem from Git repository. `--git` can be replaced with `--local-git`. You cannot use both `--git` and `--local-git`. You can use standard Git URLs like:
+  Install bundler-graph gem from Git repository. You can use standard Git URLs like:
 
   `ssh://[user@]host.xz[:port]/path/to/repo.git`<br>
   `http[s]://host.xz[:port]/path/to/repo.git`<br>
   `/path/to/repo`<br>
   `file:///path/to/repo`
 
-  When you specify `--git`/`--local-git`, you can use `--branch` or `--ref` to specify any branch, tag, or commit hash (revision) to use. When you specify both, only the latter is used.
+  When you specify `--git`, you can use `--branch` or `--ref` to specify any branch, tag, or commit hash (revision) to use.
+
+* `bundle plugin install bundler-graph --path ../bundler-graph`:
+  Install bundler-graph gem from a local path.
 
 ### uninstall
 

data/lib/bundler/man/bundle-pristine.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-PRISTINE" "1" "December 2023" ""
+.TH "BUNDLE\-PRISTINE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-remove.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-REMOVE" "1" "December 2023" ""
+.TH "BUNDLE\-REMOVE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-show.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-SHOW" "1" "December 2023" ""
+.TH "BUNDLE\-SHOW" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-update.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-UPDATE" "1" "December 2023" ""
+.TH "BUNDLE\-UPDATE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-version.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-VERSION" "1" "December 2023" ""
+.TH "BUNDLE\-VERSION" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-version\fR \- Prints Bundler version information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-viz.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE\-VIZ" "1" "December 2023" ""
+.TH "BUNDLE\-VIZ" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\-viz\fR \- Generates a visual dependency graph for your Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle.1

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "BUNDLE" "1" "December 2023" ""
+.TH "BUNDLE" "1" "March 2024" ""
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management
 .SH "SYNOPSIS"

data/lib/bundler/man/gemfile.5

@@ -1,6 +1,6 @@
 .\" generated with nRonn/v0.11.1
 .\" https://github.com/n-ronn/nronn/tree/0.11.1
-.TH "GEMFILE" "5" "December 2023" ""
+.TH "GEMFILE" "5" "March 2024" ""
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
 .SH "SYNOPSIS"
@@ -72,7 +72,7 @@ A Ruby engine is an implementation of the Ruby language\.
 .IP "\(bu" 4
 For background: the reference or original implementation of the Ruby programming language is called Matz's Ruby Interpreter \fIhttps://en\.wikipedia\.org/wiki/Ruby_MRI\fR, or MRI for short\. This is named after Ruby creator Yukihiro Matsumoto, also known as Matz\. MRI is also known as CRuby, because it is written in C\. MRI is the most widely used Ruby engine\.
 .IP "\(bu" 4
-Other implementations \fIhttps://www\.ruby\-lang\.org/en/about/\fR of Ruby exist\. Some of the more well\-known implementations include JRuby \fIhttp://jruby\.org/\fR and TruffleRuby \fIhttps://www\.graalvm\.org/ruby/\fR\. Rubinius is an alternative implementation of Ruby written in Ruby\. JRuby is an implementation of Ruby on the JVM, short for Java Virtual Machine\. TruffleRuby is a Ruby implementation on the GraalVM, a language toolkit built on the JVM\.
+Other implementations \fIhttps://www\.ruby\-lang\.org/en/about/\fR of Ruby exist\. Some of the more well\-known implementations include JRuby \fIhttps://www\.jruby\.org/\fR and TruffleRuby \fIhttps://www\.graalvm\.org/ruby/\fR\. Rubinius is an alternative implementation of Ruby written in Ruby\. JRuby is an implementation of Ruby on the JVM, short for Java Virtual Machine\. TruffleRuby is a Ruby implementation on the GraalVM, a language toolkit built on the JVM\.
 .IP "" 0
 .SS "ENGINE VERSION"
 Each application \fImay\fR specify a Ruby engine version\. If an engine version is specified, an engine \fImust\fR also be specified\. If the engine is "ruby" the engine version specified \fImust\fR match the Ruby version\.
@@ -449,7 +449,7 @@ end
 .fi
 .IP "" 0
 .SH "GEMSPEC"
-The \fB\.gemspec\fR \fIhttp://guides\.rubygems\.org/specification\-reference/\fR file is where you provide metadata about your gem to Rubygems\. Some required Gemspec attributes include the name, description, and homepage of your gem\. This is also where you specify the dependencies your gem needs to run\.
+The \fB\.gemspec\fR \fIhttps://guides\.rubygems\.org/specification\-reference/\fR file is where you provide metadata about your gem to Rubygems\. Some required Gemspec attributes include the name, description, and homepage of your gem\. This is also where you specify the dependencies your gem needs to run\.
 .P
 If you wish to use Bundler to help install dependencies for a gem while it is being developed, use the \fBgemspec\fR method to pull in the dependencies listed in the \fB\.gemspec\fR file\.
 .P

data/lib/bundler/man/gemfile.5.ronn

@@ -96,7 +96,7 @@ What exactly is an Engine?
 
   - [Other implementations](https://www.ruby-lang.org/en/about/) of Ruby exist.
     Some of the more well-known implementations include
-    [JRuby](http://jruby.org/) and [TruffleRuby](https://www.graalvm.org/ruby/).
+    [JRuby](https://www.jruby.org/) and [TruffleRuby](https://www.graalvm.org/ruby/).
     Rubinius is an alternative implementation of Ruby written in Ruby.
     JRuby is an implementation of Ruby on the JVM, short for Java Virtual Machine.
     TruffleRuby is a Ruby implementation on the GraalVM, a language toolkit built on the JVM.
@@ -509,7 +509,7 @@ software is installed or some other conditions are met.
 
 ## GEMSPEC
 
-The [`.gemspec`](http://guides.rubygems.org/specification-reference/) file is where
+The [`.gemspec`](https://guides.rubygems.org/specification-reference/) file is where
  you provide metadata about your gem to Rubygems. Some required Gemspec
  attributes include the name, description, and homepage of your gem. This is
  also where you specify the dependencies your gem needs to run.

data/lib/bundler/plugin/installer/path.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Bundler
+  module Plugin
+    class Installer
+      class Path < Bundler::Source::Path
+        def root
+          Plugin.root
+        end
+
+        def generate_bin(spec, disable_extensions = false)
+          # Need to find a way without code duplication
+          # For now, we can ignore this
+        end
+      end
+    end
+  end
+end

data/lib/bundler/plugin/installer.rb

@@ -10,6 +10,7 @@ module Bundler
     class Installer
       autoload :Rubygems, File.expand_path("installer/rubygems", __dir__)
       autoload :Git,      File.expand_path("installer/git", __dir__)
+      autoload :Path, File.expand_path("installer/path", __dir__)
 
       def install(names, options)
         check_sources_consistency!(options)
@@ -18,8 +19,8 @@ module Bundler
 
         if options[:git]
           install_git(names, version, options)
-        elsif options[:local_git]
-          install_local_git(names, version, options)
+        elsif options[:path]
+          install_path(names, version, options[:path])
         else
           sources = options[:source] || Gem.sources
           install_rubygems(names, version, sources)
@@ -45,20 +46,40 @@ module Bundler
         if options.key?(:git) && options.key?(:local_git)
           raise InvalidOption, "Remote and local plugin git sources can't be both specified"
         end
+
+        # back-compat; local_git is an alias for git
+        if options.key?(:local_git)
+          Bundler::SharedHelpers.major_deprecation(2, "--local_git is deprecated, use --git")
+          options[:git] = options.delete(:local_git)
+        end
+
+        if (options.keys & [:source, :git, :path]).length > 1
+          raise InvalidOption, "Only one of --source, --git, or --path may be specified"
+        end
+
+        if (options.key?(:branch) || options.key?(:ref)) && !options.key?(:git)
+          raise InvalidOption, "--#{options.key?(:branch) ? "branch" : "ref"} can only be used with git sources"
+        end
+
+        if options.key?(:branch) && options.key?(:ref)
+          raise InvalidOption, "--branch and --ref can't be both specified"
+        end
       end
 
       def install_git(names, version, options)
-        uri = options.delete(:git)
-        options["uri"] = uri
+        source_list = SourceList.new
+        source = source_list.add_git_source({ "uri" => options[:git],
+                                              "branch" => options[:branch],
+                                              "ref" => options[:ref] })
 
-        install_all_sources(names, version, options, options[:source])
+        install_all_sources(names, version, source_list, source)
       end
 
-      def install_local_git(names, version, options)
-        uri = options.delete(:local_git)
-        options["uri"] = uri
+      def install_path(names, version, path)
+        source_list = SourceList.new
+        source = source_list.add_path_source({ "path" => path })
 
-        install_all_sources(names, version, options, options[:source])
+        install_all_sources(names, version, source_list, source)
       end
 
       # Installs the plugin from rubygems source and returns the path where the
@@ -70,16 +91,15 @@ module Bundler
       #
       # @return [Hash] map of names to the specs of plugins installed
       def install_rubygems(names, version, sources)
-        install_all_sources(names, version, nil, sources)
-      end
-
-      def install_all_sources(names, version, git_source_options, rubygems_source)
         source_list = SourceList.new
 
-        source_list.add_git_source(git_source_options) if git_source_options
-        Array(rubygems_source).each {|remote| source_list.add_global_rubygems_remote(remote) } if rubygems_source
+        Array(sources).each {|remote| source_list.add_global_rubygems_remote(remote) }
+
+        install_all_sources(names, version, source_list)
+      end
 
-        deps = names.map {|name| Dependency.new name, version }
+      def install_all_sources(names, version, source_list, source = nil)
+        deps = names.map {|name| Dependency.new(name, version, { "source" => source }) }
 
         Bundler.configure_gem_home_and_path(Plugin.root)
 

data/lib/bundler/plugin/source_list.rb

@@ -9,6 +9,10 @@ module Bundler
         add_source_to_list Plugin::Installer::Git.new(options), git_sources
       end
 
+      def add_path_source(options = {})
+        add_source_to_list Plugin::Installer::Path.new(options), path_sources
+      end
+
       def add_rubygems_source(options = {})
         add_source_to_list Plugin::Installer::Rubygems.new(options), @rubygems_sources
       end
@@ -17,10 +21,6 @@ module Bundler
         path_sources + git_sources + rubygems_sources + [metadata_source]
       end
 
-      def default_source
-        git_sources.first || global_rubygems_source
-      end
-
       private
 
       def rubygems_aggregate_class

data/lib/bundler/resolver/candidate.rb

@@ -15,7 +15,7 @@ module Bundler
     # considered separately.
     #
     # Some candidates may also keep some information explicitly about the
-    # package the refer to. These candidates are referred to as "canonical" and
+    # package they refer to. These candidates are referred to as "canonical" and
     # are used when materializing resolution results back into RubyGems
     # specifications that can be installed, written to lock files, and so on.
     #

data/lib/bundler/resolver.rb

@@ -50,26 +50,26 @@ module Bundler
         specs[name] = matches.sort_by {|s| [s.version, s.platform.to_s] }
       end
 
+      @all_versions = Hash.new do |candidates, package|
+        candidates[package] = all_versions_for(package)
+      end
+
       @sorted_versions = Hash.new do |candidates, package|
-        candidates[package] = if package.root?
-          [root_version]
-        else
-          all_versions_for(package).sort
-        end
+        candidates[package] = filtered_versions_for(package).sort
       end
 
+      @sorted_versions[root] = [root_version]
+
       root_dependencies = prepare_dependencies(@requirements, @packages)
 
       @cached_dependencies = Hash.new do |dependencies, package|
-        dependencies[package] = if package.root?
-          { root_version => root_dependencies }
-        else
-          Hash.new do |versions, version|
-            versions[version] = to_dependency_hash(version.dependencies.reject {|d| d.name == package.name }, @packages)
-          end
+        dependencies[package] = Hash.new do |versions, version|
+          versions[version] = to_dependency_hash(version.dependencies.reject {|d| d.name == package.name }, @packages)
         end
       end
 
+      @cached_dependencies[root] = { root_version => root_dependencies }
+
       logger = Bundler::UI::Shell.new
       logger.level = debug? ? "debug" : "warn"
 
@@ -156,9 +156,15 @@ module Bundler
     end
 
     def versions_for(package, range=VersionRange.any)
-      versions = range.select_versions(@sorted_versions[package])
+      versions = select_sorted_versions(package, range)
 
-      sort_versions(package, versions)
+      # Conditional avoids (among other things) calling
+      # sort_versions_by_preferred with the root package
+      if versions.size > 1
+        sort_versions_by_preferred(package, versions)
+      else
+        versions
+      end
     end
 
     def no_versions_incompatibility_for(package, unsatisfied_term)
@@ -247,7 +253,7 @@ module Bundler
       locked_requirement = base_requirements[name]
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
-      versions = results.group_by(&:version).reduce([]) do |groups, (version, specs)|
+      results.group_by(&:version).reduce([]) do |groups, (version, specs)|
         platform_specs = package.platforms.map {|platform| select_best_platform_match(specs, platform) }
 
         # If package is a top-level dependency,
@@ -274,8 +280,6 @@ module Bundler
 
         groups
       end
-
-      sort_versions(package, versions)
     end
 
     def source_for(name)
@@ -334,6 +338,21 @@ module Bundler
 
     private
 
+    def filtered_versions_for(package)
+      @gem_version_promoter.filter_versions(package, @all_versions[package])
+    end
+
+    def raise_all_versions_filtered_out!(package)
+      level = @gem_version_promoter.level
+      name = package.name
+      locked_version = package.locked_version
+      requirement = package.dependency
+
+      raise GemNotFound,
+        "#{name} is locked to #{locked_version}, while Gemfile is requesting #{requirement}. " \
+        "--strict --#{level} was specified, but there are no #{level} level upgrades from #{locked_version} satisfying #{requirement}, so version solving has failed"
+    end
+
     def filter_matching_specs(specs, requirements)
       Array(requirements).flat_map do |requirement|
         specs.select {| spec| requirement_satisfied_by?(requirement, spec) }
@@ -357,12 +376,8 @@ module Bundler
       requirement.satisfied_by?(spec.version) || spec.source.is_a?(Source::Gemspec)
     end
 
-    def sort_versions(package, versions)
-      if versions.size > 1
-        @gem_version_promoter.sort_versions(package, versions).reverse
-      else
-        versions
-      end
+    def sort_versions_by_preferred(package, versions)
+      @gem_version_promoter.sort_versions(package, versions)
     end
 
     def repository_for(package)
@@ -379,12 +394,19 @@ module Bundler
 
         next [dep_package, dep_constraint] if name == "bundler"
 
-        versions = versions_for(dep_package, dep_constraint.range)
+        dep_range = dep_constraint.range
+        versions = select_sorted_versions(dep_package, dep_range)
         if versions.empty? && dep_package.ignores_prereleases?
+          @all_versions.delete(dep_package)
           @sorted_versions.delete(dep_package)
           dep_package.consider_prereleases!
-          versions = versions_for(dep_package, dep_constraint.range)
+          versions = select_sorted_versions(dep_package, dep_range)
         end
+
+        if versions.empty? && select_all_versions(dep_package, dep_range).any?
+          raise_all_versions_filtered_out!(dep_package)
+        end
+
         next [dep_package, dep_constraint] unless versions.empty?
 
         next unless dep_package.current_platform?
@@ -393,6 +415,14 @@ module Bundler
       end.compact.to_h
     end
 
+    def select_sorted_versions(package, range)
+      range.select_versions(@sorted_versions[package])
+    end
+
+    def select_all_versions(package, range)
+      range.select_versions(@all_versions[package])
+    end
+
     def other_specs_matching_message(specs, requirement)
       message = String.new("The source contains the following gems matching '#{requirement}':\n")
       message << specs.map {|s| "  * #{s.full_name}" }.join("\n")

data/lib/bundler/self_manager.rb

@@ -113,7 +113,7 @@ module Bundler
     end
 
     def local_specs
-      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true, "allow_cached" => true).specs.select {|spec| spec.name == "bundler" }
     end
 
     def remote_specs

data/lib/bundler/settings.rb

@@ -492,16 +492,19 @@ module Bundler
         valid_file = file.exist? && !file.size.zero?
         return {} unless valid_file
         serializer_class.load(file.read).inject({}) do |config, (k, v)|
-          if k.include?("-")
-            Bundler.ui.warn "Your #{file} config includes `#{k}`, which contains the dash character (`-`).\n" \
-              "This is deprecated, because configuration through `ENV` should be possible, but `ENV` keys cannot include dashes.\n" \
-              "Please edit #{file} and replace any dashes in configuration keys with a triple underscore (`___`)."
+          unless k.start_with?("#")
+            if k.include?("-")
+              Bundler.ui.warn "Your #{file} config includes `#{k}`, which contains the dash character (`-`).\n" \
+                "This is deprecated, because configuration through `ENV` should be possible, but `ENV` keys cannot include dashes.\n" \
+                "Please edit #{file} and replace any dashes in configuration keys with a triple underscore (`___`)."
 
-            # string hash keys are frozen
-            k = k.gsub("-", "___")
+              # string hash keys are frozen
+              k = k.gsub("-", "___")
+            end
+
+            config[k] = v
           end
 
-          config[k] = v
           config
         end
       end

data/lib/bundler/source/rubygems.rb

@@ -17,7 +17,7 @@ module Bundler
         @remotes = []
         @dependency_names = []
         @allow_remote = false
-        @allow_cached = false
+        @allow_cached = options["allow_cached"] || false
         @allow_local = options["allow_local"] || false
         @checksum_store = Checksum::Store.new
 
@@ -133,7 +133,7 @@ module Bundler
           # sources, and large_idx.merge! small_idx is way faster than
           # small_idx.merge! large_idx.
           index = @allow_remote ? remote_specs.dup : Index.new
-          index.merge!(cached_specs) if @allow_cached || @allow_remote
+          index.merge!(cached_specs) if @allow_cached
           index.merge!(installed_specs) if @allow_local
           index
         end

data/lib/bundler/source_list.rb

@@ -9,7 +9,7 @@ module Bundler
       :metadata_source
 
     def global_rubygems_source
-      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
+      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true, "allow_cached" => true)
     end
 
     def initialize
@@ -174,7 +174,7 @@ module Bundler
       replacement_source = replacement_sources.find {|s| s == global_rubygems_source }
       return global_rubygems_source unless replacement_source
 
-      replacement_source.local!
+      replacement_source.cached!
       replacement_source
     end
 

data/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -27,9 +27,10 @@ Gem::Specification.new do |spec|
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (File.expand_path(f) == __FILE__) ||
+  gemspec = File.basename(__FILE__)
+  spec.files = IO.popen(%w[git ls-files -z], chdir: __dir__, err: IO::NULL) do |ls|
+    ls.readlines("\x0", chomp: true).reject do |f|
+      (f == gemspec) ||
         f.start_with?(*%w[bin/ test/ spec/ features/ .git <%= config[:ci_config_path] %>appveyor Gemfile])
     end
   end

data/lib/bundler/templates/newgem/rubocop.yml.tt

@@ -2,12 +2,7 @@ AllCops:
   TargetRubyVersion: <%= ::Gem::Version.new(config[:required_ruby_version]).segments[0..1].join(".") %>
 
 Style/StringLiterals:
-  Enabled: true
   EnforcedStyle: double_quotes
 
 Style/StringLiteralsInInterpolation:
-  Enabled: true
   EnforcedStyle: double_quotes
-
-Layout/LineLength:
-  Max: 120

data/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb

@@ -1,4 +1,5 @@
 require_relative 'package'
+require_relative 'rubygems'
 require_relative 'version_constraint'
 require_relative 'incompatibility'
 require_relative 'basic_package_source'

data/lib/bundler/vendored_net_http.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
 begin
-  require "rubygems/net/http"
+  require "rubygems/vendored_net_http"
 rescue LoadError
-  require "net/http"
-  Gem::Net = Net
+  begin
+    require "rubygems/net/http"
+  rescue LoadError
+    require "net/http"
+    Gem::Net = Net
+  end
 end

data/lib/bundler/vendored_timeout.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
 begin
-  require "rubygems/timeout"
+  require "rubygems/vendored_timeout"
 rescue LoadError
-  require "timeout"
-  Gem::Timeout = Timeout
+  begin
+    require "rubygems/timeout"
+  rescue LoadError
+    require "timeout"
+    Gem::Timeout = Timeout
+  end
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.6".freeze
+  VERSION = "2.5.8".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 2.5.6
+  version: 2.5.8
 platform: ruby
 authors:
 - André Arko
@@ -22,7 +22,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-02-06 00:00:00.000000000 Z
+date: 2024-04-11 00:00:00.000000000 Z
 dependencies: []
 description: Bundler manages an application's dependencies through its entire life,
   across many machines, systematically and repeatably
@@ -189,6 +189,7 @@ files:
 - lib/bundler/plugin/index.rb
 - lib/bundler/plugin/installer.rb
 - lib/bundler/plugin/installer/git.rb
+- lib/bundler/plugin/installer/path.rb
 - lib/bundler/plugin/installer/rubygems.rb
 - lib/bundler/plugin/source_list.rb
 - lib/bundler/process_lock.rb
@@ -398,7 +399,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.2.3
 requirements: []
-rubygems_version: 3.5.6
+rubygems_version: 3.5.8
 signing_key:
 specification_version: 4
 summary: The best way to manage your application's dependencies