RubyGems - bundler - Versions diffs - 2.6.3 → 2.6.9 - Mend

bundler 2.6.3 → 2.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +119 -6
data/README.md +1 -1
data/lib/bundler/build_metadata.rb +2 -2
data/lib/bundler/checksum.rb +22 -12
data/lib/bundler/cli/console.rb +8 -6
data/lib/bundler/cli/doctor/diagnose.rb +167 -0
data/lib/bundler/cli/doctor/ssl.rb +249 -0
data/lib/bundler/cli/doctor.rb +27 -151
data/lib/bundler/cli/info.rb +4 -4
data/lib/bundler/cli/inject.rb +2 -2
data/lib/bundler/cli/issue.rb +3 -3
data/lib/bundler/cli/lock.rb +2 -1
data/lib/bundler/cli/show.rb +1 -1
data/lib/bundler/cli.rb +2 -11
data/lib/bundler/compact_index_client/cache.rb +1 -1
data/lib/bundler/compact_index_client/parser.rb +1 -1
data/lib/bundler/compact_index_client/updater.rb +2 -1
data/lib/bundler/current_ruby.rb +23 -33
data/lib/bundler/definition.rb +220 -184
data/lib/bundler/dependency.rb +92 -47
data/lib/bundler/dsl.rb +84 -80
data/lib/bundler/endpoint_specification.rb +10 -3
data/lib/bundler/errors.rb +22 -0
data/lib/bundler/friendly_errors.rb +1 -1
data/lib/bundler/gem_helpers.rb +4 -10
data/lib/bundler/gem_version_promoter.rb +0 -2
data/lib/bundler/injector.rb +9 -9
data/lib/bundler/installer.rb +2 -2
data/lib/bundler/lazy_specification.rb +67 -45
data/lib/bundler/lockfile_parser.rb +8 -5
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +6 -6
data/lib/bundler/man/bundle-config.1.ronn +9 -4
data/lib/bundler/man/bundle-console.1 +1 -1
data/lib/bundler/man/bundle-doctor.1 +1 -1
data/lib/bundler/man/bundle-env.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +3 -3
data/lib/bundler/man/bundle-exec.1.ronn +2 -2
data/lib/bundler/man/bundle-fund.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +1 -1
data/lib/bundler/man/bundle-help.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +1 -1
data/lib/bundler/man/bundle-install.1 +1 -1
data/lib/bundler/man/bundle-issue.1 +1 -1
data/lib/bundler/man/bundle-licenses.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-plugin.1 +1 -1
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +1 -1
data/lib/bundler/man/bundle-version.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/match_metadata.rb +13 -0
data/lib/bundler/plugin/api/source.rb +1 -1
data/lib/bundler/plugin/index.rb +1 -1
data/lib/bundler/plugin/installer/path.rb +8 -0
data/lib/bundler/plugin.rb +1 -1
data/lib/bundler/resolver/candidate.rb +12 -9
data/lib/bundler/resolver/package.rb +7 -3
data/lib/bundler/resolver/spec_group.rb +1 -25
data/lib/bundler/resolver/strategy.rb +40 -0
data/lib/bundler/resolver.rb +29 -27
data/lib/bundler/rubygems_ext.rb +97 -81
data/lib/bundler/rubygems_integration.rb +2 -3
data/lib/bundler/runtime.rb +27 -29
data/lib/bundler/shared_helpers.rb +4 -0
data/lib/bundler/source/gemspec.rb +1 -4
data/lib/bundler/source/git/git_proxy.rb +14 -3
data/lib/bundler/source/git.rb +5 -1
data/lib/bundler/source/path.rb +2 -2
data/lib/bundler/source/rubygems/remote.rb +11 -3
data/lib/bundler/source/rubygems.rb +19 -4
data/lib/bundler/source.rb +2 -0
data/lib/bundler/source_list.rb +33 -11
data/lib/bundler/spec_set.rb +98 -40
data/lib/bundler/templates/newgem/Gemfile.tt +1 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +53 -3
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +11 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/basic_package_source.rb +4 -24
data/lib/bundler/vendor/pub_grub/lib/pub_grub/strategy.rb +42 -0
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_range.rb +20 -8
data/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb +17 -29
data/lib/bundler/vendor/uri/lib/uri/common.rb +7 -3
data/lib/bundler/vendor/uri/lib/uri/generic.rb +12 -11
data/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +6 -6
data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/lib/bundler/version.rb +1 -1
metadata +7 -4
data/lib/bundler/compact_index_client/gem_parser.rb +0 -32

data/lib/bundler/definition.rb CHANGED Viewed

@@ -58,17 +58,28 @@ module Bundler
     # @param ruby_version [Bundler::RubyVersion, nil] Requested Ruby Version
     # @param optional_groups [Array(String)] A list of optional groups
     def initialize(lockfile, dependencies, sources, unlock, ruby_version = nil, optional_groups = [], gemfiles = [])
-      if [true, false].include?(unlock)
+      unlock ||= {}
+      if unlock == true
+        @unlocking_all = true
         @unlocking_bundler = false
         @unlocking = unlock
+        @sources_to_unlock = []
+        @unlocking_ruby = false
+        @explicit_unlocks = []
+        conservative = false
       else
+        @unlocking_all = false
         @unlocking_bundler = unlock.delete(:bundler)
         @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
+        @sources_to_unlock = unlock.delete(:sources) || []
+        @unlocking_ruby = unlock.delete(:ruby)
+        @explicit_unlocks = unlock.delete(:gems) || []
+        conservative = unlock.delete(:conservative)
       end
       @dependencies    = dependencies
       @sources         = sources
-      @unlock          = unlock
       @optional_groups = optional_groups
       @prefer_local    = false
       @specs           = nil
@@ -83,7 +94,8 @@ module Bundler
       @locked_ruby_version = nil
       @new_platforms = []
-      @removed_platform = nil
+      @removed_platforms = []
+      @originally_invalid_platforms = []
       if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
@@ -93,29 +105,24 @@ module Bundler
         @platforms = @locked_platforms.dup
         @locked_bundler_version = @locked_gems.bundler_version
         @locked_ruby_version = @locked_gems.ruby_version
-        @originally_locked_deps = @locked_gems.dependencies
+        @locked_deps = @locked_gems.dependencies
         @originally_locked_specs = SpecSet.new(@locked_gems.specs)
         @locked_checksums = @locked_gems.checksums
-        if unlock != true
-          @locked_deps    = @originally_locked_deps
-          @locked_specs   = @originally_locked_specs
-          @locked_sources = @locked_gems.sources
-        else
-          @unlock         = {}
-          @locked_deps    = {}
+        if @unlocking_all
           @locked_specs   = SpecSet.new([])
           @locked_sources = []
+        else
+          @locked_specs   = @originally_locked_specs
+          @locked_sources = @locked_gems.sources
         end
       else
-        @unlock         = {}
-        @locked_gems    = nil
+        @locked_gems = nil
         @locked_platforms = []
         @most_specific_locked_platform = nil
         @platforms      = []
         @locked_deps    = {}
         @locked_specs   = SpecSet.new([])
-        @originally_locked_deps = {}
         @originally_locked_specs = @locked_specs
         @locked_sources = []
         @locked_checksums = Bundler.feature_flag.lockfile_checksums?
@@ -134,21 +141,17 @@ module Bundler
         @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
       end
-      @sources_to_unlock = @unlock.delete(:sources) || []
-      @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
+      @unlocking_ruby ||= if @ruby_version && locked_ruby_version_object
         @ruby_version.diff(locked_ruby_version_object)
       end
-      @unlocking ||= @unlock[:ruby] ||= (!@locked_ruby_version ^ !@ruby_version)
+      @unlocking ||= @unlocking_ruby ||= (!@locked_ruby_version ^ !@ruby_version)
       @current_platform_missing = add_current_platform unless Bundler.frozen_bundle?
-      converge_path_sources_to_gemspec_sources
-      @path_changes = converge_paths
       @source_changes = converge_sources
+      @path_changes = converge_paths
-      @explicit_unlocks = @unlock.delete(:gems) || []
-      if @unlock[:conservative]
+      if conservative
         @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
       else
         eager_unlock = @explicit_unlocks.map {|name| Dependency.new(name, ">= 0") }
@@ -220,6 +223,8 @@ module Bundler
     def prefer_local!
       @prefer_local = true
+      sources.prefer_local!
     end
     # For given dependency list returns a SpecSet with Gemspec of all the required
@@ -252,7 +257,7 @@ module Bundler
     rescue BundlerError => e
       @resolve = nil
       @resolver = nil
-      @resolution_packages = nil
+      @resolution_base = nil
       @source_requirements = nil
       @specs = nil
@@ -325,18 +330,14 @@ module Bundler
           SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
         else
           Bundler.ui.debug "Found no changes, using resolution from the lockfile"
-          if @removed_platform || @locked_gems.may_include_redundant_platform_specific_gems?
+          if @removed_platforms.any? || @locked_gems.may_include_redundant_platform_specific_gems?
             SpecSet.new(filter_specs(@locked_specs, @dependencies))
           else
             @locked_specs
           end
         end
       else
-        if lockfile_exists?
-          Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}"
-        else
-          Bundler.ui.debug "Resolving dependencies because there's no lockfile"
-        end
+        Bundler.ui.debug resolve_needed_reason
         start_resolution
       end
@@ -374,7 +375,7 @@ module Bundler
     def locked_ruby_version
       return unless ruby_version
-      if @unlock[:ruby] || !@locked_ruby_version
+      if @unlocking_ruby || !@locked_ruby_version
         Bundler::RubyVersion.system
       else
         @locked_ruby_version
@@ -407,51 +408,18 @@ module Bundler
       raise ProductionError, "Frozen mode is set, but there's no lockfile" unless lockfile_exists?
-      added =   []
-      deleted = []
-      changed = []
-      new_platforms = @platforms - @locked_platforms
-      deleted_platforms = @locked_platforms - @platforms
-      added.concat new_platforms.map {|p| "* platform: #{p}" }
-      deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
-      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
-      both_sources = Hash.new {|h, k| h[k] = [] }
-      current_dependencies.each {|d| both_sources[d.name][0] = d }
-      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
-      both_sources.each do |name, (dep, lock_dep)|
-        next if dep.nil? || lock_dep.nil?
-        gemfile_source = dep.source || default_source
-        lock_source = lock_dep.source || default_source
-        next if lock_source.include?(gemfile_source)
-        gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
-        lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source"
-        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
-      end
-      reason = nothing_changed? ? "some dependencies were deleted from your gemfile" : change_reason
-      msg = String.new
-      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set"
-      msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
-      msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
-      msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n"
+      msg = lockfile_changes_summary("frozen mode is set")
+      return unless msg
       unless explicit_flag
         suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
           "bundle config set frozen false"
         end
-        msg << "If this is a development machine, remove the #{SharedHelpers.relative_lockfile_path} " \
+        msg << "\n\nIf this is a development machine, remove the #{SharedHelpers.relative_lockfile_path} " \
                "freeze by running `#{suggested_command}`." if suggested_command
       end
-      raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed?
+      raise ProductionError, msg
     end
     def validate_runtime!
@@ -485,7 +453,7 @@ module Bundler
     end
     def validate_platforms!
-      return if current_platform_locked?
+      return if current_platform_locked? || @platforms.include?(Gem::Platform::RUBY)
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
         "but your local platform is #{local_platform}. " \
@@ -493,7 +461,7 @@ module Bundler
     end
     def normalize_platforms
-      @platforms = resolve.normalize_platforms!(current_dependencies, platforms)
+      resolve.normalize_platforms!(current_dependencies, platforms)
       @resolve = SpecSet.new(resolve.for(current_dependencies, @platforms))
     end
@@ -506,10 +474,10 @@ module Bundler
     end
     def remove_platform(platform)
-      removed_platform = @platforms.delete(Gem::Platform.new(platform))
-      @removed_platform ||= removed_platform
-      return if removed_platform
-      raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}"
+      raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}" unless @platforms.include?(platform)
+      @removed_platforms << platform
+      @platforms.delete(platform)
     end
     def nothing_changed?
@@ -536,6 +504,45 @@ module Bundler
     private
+    def lockfile_changes_summary(update_refused_reason)
+      added =   []
+      deleted = []
+      changed = []
+      added.concat @new_platforms.map {|p| "* platform: #{p}" }
+      deleted.concat @removed_platforms.map {|p| "* platform: #{p}" }
+      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
+      both_sources = Hash.new {|h, k| h[k] = [] }
+      current_dependencies.each {|d| both_sources[d.name][0] = d }
+      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
+        gemfile_source = dep.source || default_source
+        lock_source = lock_dep.source || default_source
+        next if lock_source.include?(gemfile_source)
+        gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
+      end
+      return unless added.any? || deleted.any? || changed.any? || resolve_needed?
+      msg = String.new("#{change_reason.capitalize.strip}, but ")
+      msg << "the lockfile " unless msg.start_with?("Your lockfile")
+      msg << "can't be updated because #{update_refused_reason}"
+      msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
+      msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
+      msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_lockfile_path} to version control.\n" unless unlocking?
+      msg
+    end
     def install_needed?
       resolve_needed? || missing_specs?
     end
@@ -551,6 +558,7 @@ module Bundler
         @local_changes ||
         @missing_lockfile_dep ||
         @unlocking_bundler ||
+        @locked_spec_with_missing_checksums ||
         @locked_spec_with_missing_deps ||
         @locked_spec_with_invalid_deps
     end
@@ -596,13 +604,17 @@ module Bundler
         return
       end
-      SharedHelpers.filesystem_access(file) do |p|
-        File.open(p, "wb") {|f| f.puts(contents) }
+      begin
+        SharedHelpers.filesystem_access(file) do |p|
+          File.open(p, "wb") {|f| f.puts(contents) }
+        end
+      rescue ReadOnlyFileSystemError
+        raise ProductionError, lockfile_changes_summary("file system is read-only")
       end
     end
     def resolver
-      @resolver ||= Resolver.new(resolution_packages, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
     end
     def expanded_dependencies
@@ -616,14 +628,15 @@ module Bundler
       [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
-    def resolution_packages
-      @resolution_packages ||= begin
+    def resolution_base
+      @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local)
-        packages = additional_base_requirements_to_prevent_downgrades(packages, last_resolve)
-        packages = additional_base_requirements_to_force_updates(packages)
-        packages
+        new_resolution_platforms = @current_platform_missing ? @new_platforms + [local_platform] : @new_platforms
+        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = additional_base_requirements_to_prevent_downgrades(base)
+        base = additional_base_requirements_to_force_updates(base)
+        base
       end
     end
@@ -639,6 +652,8 @@ module Bundler
       specs = begin
         resolve.materialize(dependencies)
       rescue IncorrectLockfileDependencies => e
+        raise if Bundler.frozen_bundle?
         spec = e.spec
         raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
@@ -696,8 +711,7 @@ module Bundler
         still_incomplete_specs = resolve.incomplete_specs
         if still_incomplete_specs == incomplete_specs
-          package = resolution_packages.get_package(incomplete_specs.first.name)
-          resolver.raise_not_found! package
+          resolver.raise_incomplete! incomplete_specs
         end
         incomplete_specs = still_incomplete_specs
@@ -719,12 +733,12 @@ module Bundler
     end
     def reresolve_without(incomplete_specs)
-      resolution_packages.delete(incomplete_specs)
+      resolution_base.delete(incomplete_specs)
       @resolve = start_resolution
     end
     def start_resolution
-      local_platform_needed_for_resolvability = @most_specific_non_local_locked_ruby_platform && !@platforms.include?(local_platform)
+      local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(local_platform)
       @platforms << local_platform if local_platform_needed_for_resolvability
       add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
@@ -732,15 +746,27 @@ module Bundler
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
-      if @most_specific_non_local_locked_ruby_platform
-        if spec_set_incomplete_for_platform?(result, @most_specific_non_local_locked_ruby_platform)
-          @platforms.delete(@most_specific_non_local_locked_ruby_platform)
+      @new_platforms.each do |platform|
+        incomplete_specs = result.incomplete_specs_for_platform(current_dependencies, platform)
+        if incomplete_specs.any?
+          resolver.raise_incomplete! incomplete_specs
+        end
+      end
+      if @most_specific_non_local_locked_platform
+        if result.incomplete_for_platform?(current_dependencies, @most_specific_non_local_locked_platform)
+          @platforms.delete(@most_specific_non_local_locked_platform)
         elsif local_platform_needed_for_resolvability
           @platforms.delete(local_platform)
         end
       end
-      @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
+      if should_add_extra_platforms?
+        result.add_extra_platforms!(platforms)
+      elsif @originally_invalid_platforms.any?
+        result.add_originally_invalid_platforms!(platforms, @originally_invalid_platforms)
+      end
       SpecSet.new(result.for(dependencies, @platforms | [Gem::Platform::RUBY]))
     end
@@ -751,52 +777,78 @@ module Bundler
     def current_platform_locked?
       @platforms.any? do |bundle_platform|
-        MatchPlatform.platforms_match?(bundle_platform, local_platform)
+        generic_local_platform == bundle_platform || local_platform === bundle_platform
       end
     end
     def add_current_platform
       return if @platforms.include?(local_platform)
-      @most_specific_non_local_locked_ruby_platform = find_most_specific_locked_ruby_platform
-      return if @most_specific_non_local_locked_ruby_platform
+      @most_specific_non_local_locked_platform = find_most_specific_locked_platform
+      return if @most_specific_non_local_locked_platform
       @platforms << local_platform
       true
     end
-    def find_most_specific_locked_ruby_platform
-      return unless generic_local_platform_is_ruby? && current_platform_locked?
+    def find_most_specific_locked_platform
+      return unless current_platform_locked?
       @most_specific_locked_platform
     end
-    def change_reason
-      if unlocking?
-        unlock_targets = if @gems_to_unlock.any?
-          ["gems", @gems_to_unlock]
-        elsif @sources_to_unlock.any?
-          ["sources", @sources_to_unlock]
+    def resolve_needed_reason
+      if lockfile_exists?
+        if unlocking?
+          "Re-resolving dependencies because #{unlocking_reason}"
+        else
+          "Found changes from the lockfile, re-resolving dependencies because #{lockfile_changed_reason}"
         end
+      else
+        "Resolving dependencies because there's no lockfile"
+      end
+    end
-        unlock_reason = if unlock_targets
-          "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+    def change_reason
+      if resolve_needed?
+        if unlocking?
+          unlocking_reason
         else
-          @unlock[:ruby] ? "ruby" : ""
+          lockfile_changed_reason
         end
+      else
+        "some dependencies were deleted from your gemfile"
+      end
+    end
+    def unlocking_reason
+      unlock_targets = if @gems_to_unlock.any?
+        ["gems", @gems_to_unlock]
+      elsif @sources_to_unlock.any?
+        ["sources", @sources_to_unlock]
+      end
-        return "bundler is unlocking #{unlock_reason}"
+      unlock_reason = if unlock_targets
+        "#{unlock_targets.first}: (#{unlock_targets.last.join(", ")})"
+      else
+        @unlocking_ruby ? "ruby" : ""
       end
+      "bundler is unlocking #{unlock_reason}"
+    end
+    def lockfile_changed_reason
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
-        [@current_platform_missing, "your lockfile does not include the current platform"],
-        [@new_platforms.any?, "you added a new platform to your gemfile"],
+        [@current_platform_missing, "your lockfile is missing the current platform"],
+        [@new_platforms.any?, "you are adding a new platform to your lockfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@missing_lockfile_dep, "your lockfile is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
-        [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
+        [@locked_spec_with_missing_checksums, "your lockfile is missing a CHECKSUMS entry for \"#{@locked_spec_with_missing_checksums}\""],
+        [@locked_spec_with_missing_deps, "your lockfile includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
         [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
     end
@@ -813,8 +865,8 @@ module Bundler
       !locked || dependencies_for_source_changed?(source, locked) || specs_for_source_changed?(source)
     end
-    def dependencies_for_source_changed?(source, locked_source = source)
-      deps_for_source = @dependencies.select {|s| s.source == source }
+    def dependencies_for_source_changed?(source, locked_source)
+      deps_for_source = @dependencies.select {|dep| dep.source == source }
       locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
       deps_for_source.uniq.sort != locked_deps_for_source.sort
@@ -822,7 +874,7 @@ module Bundler
     def specs_for_source_changed?(source)
       locked_index = Index.new
-      locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
+      locked_index.use(@locked_specs.select {|s| s.replace_source_with!(source) })
       !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
@@ -852,29 +904,29 @@ module Bundler
     end
     def check_lockfile
-      @missing_lockfile_dep = nil
       @locked_spec_with_invalid_deps = nil
       @locked_spec_with_missing_deps = nil
+      @locked_spec_with_missing_checksums = nil
-      missing = []
+      missing_deps = []
+      missing_checksums = []
       invalid = []
       @locked_specs.each do |s|
+        missing_checksums << s if @locked_checksums && s.source.checksum_store.missing?(s)
         validation = @locked_specs.validate_deps(s)
-        missing << s if validation == :missing
+        missing_deps << s if validation == :missing
         invalid << s if validation == :invalid
       end
-      if missing.any?
-        @locked_specs.delete(missing)
+      @locked_spec_with_missing_checksums = missing_checksums.first.name if missing_checksums.any?
-        @locked_spec_with_missing_deps = missing.first.name
-      elsif !@dependency_changes
-        @missing_lockfile_dep = current_dependencies.find do |d|
-          @locked_specs[d.name].empty? && d.name != "bundler"
-        end&.name
+      if missing_deps.any?
+        @locked_specs.delete(missing_deps)
+        @locked_spec_with_missing_deps = missing_deps.first.name
       end
       if invalid.any?
@@ -890,24 +942,6 @@ module Bundler
       end
     end
-    def converge_path_source_to_gemspec_source(source)
-      return source unless source.instance_of?(Source::Path)
-      gemspec_source = sources.path_sources.find {|s| s.is_a?(Source::Gemspec) && s.as_path_source == source }
-      gemspec_source || source
-    end
-    def converge_path_sources_to_gemspec_sources
-      @locked_sources.map! do |source|
-        converge_path_source_to_gemspec_source(source)
-      end
-      @locked_specs.each do |spec|
-        spec.source &&= converge_path_source_to_gemspec_source(spec.source)
-      end
-      @locked_deps.each do |_, dep|
-        dep.source &&= converge_path_source_to_gemspec_source(dep.source)
-      end
-    end
     def converge_sources
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
@@ -935,32 +969,39 @@ module Bundler
     end
     def converge_dependencies
-      changes = false
+      @missing_lockfile_dep = nil
+      @changed_dependencies = []
-      @dependencies.each do |dep|
+      current_dependencies.each do |dep|
         if dep.source
           dep.source = sources.get(dep.source)
         end
-        unless locked_dep = @originally_locked_deps[dep.name]
-          changes = true
-          next
+        name = dep.name
+        dep_changed = @locked_deps[name].nil?
+        unless name == "bundler"
+          locked_specs = @originally_locked_specs[name]
+          if locked_specs.empty?
+            @missing_lockfile_dep = name if dep_changed == false
+          else
+            if locked_specs.map(&:source).uniq.size > 1
+              @locked_specs.delete(locked_specs.select {|s| s.source != dep.source })
+            end
+            unless dep.matches_spec?(locked_specs.first)
+              @gems_to_unlock << name
+              dep_changed = true
+            end
+          end
         end
-        # Gem::Dependency#== matches Gem::Dependency#type. As the lockfile
-        # doesn't carry a notion of the dependency type, if you use
-        # add_development_dependency in a gemspec that's loaded with the gemspec
-        # directive, the lockfile dependencies and resolved dependencies end up
-        # with a mismatch on #type. Work around that by setting the type on the
-        # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dep.type)
-        # We already know the name matches from the hash lookup
-        # so we only need to check the requirement now
-        changes ||= dep.requirement != locked_dep.requirement
+        @changed_dependencies << name if dep_changed
       end
-      changes
+      @changed_dependencies.any?
     end
     # Remove elements from the locked specs that are expired. This will most
@@ -1022,11 +1063,6 @@ module Bundler
           end
         end
-        if dep.nil? && requested_dep = requested_dependencies.find {|d| name == d.name }
-          @gems_to_unlock << name
-          deps << requested_dep
-        end
         converged << s
       end
@@ -1095,23 +1131,27 @@ module Bundler
       current == proposed
     end
-    def additional_base_requirements_to_prevent_downgrades(resolution_packages, last_resolve)
-      return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
-      converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec|
+    def additional_base_requirements_to_prevent_downgrades(resolution_base)
+      return resolution_base unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+      @originally_locked_specs.each do |locked_spec|
         next if locked_spec.source.is_a?(Source::Path)
-        resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}")
+        name = locked_spec.name
+        next if @changed_dependencies.include?(name)
+        resolution_base.base_requirements[name] = Gem::Requirement.new(">= #{locked_spec.version}")
       end
-      resolution_packages
+      resolution_base
     end
-    def additional_base_requirements_to_force_updates(resolution_packages)
-      return resolution_packages if @explicit_unlocks.empty?
+    def additional_base_requirements_to_force_updates(resolution_base)
+      return resolution_base if @explicit_unlocks.empty?
       full_update = dup_for_full_unlock.resolve
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
-        resolution_packages.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
+        resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
       end
-      resolution_packages
+      resolution_base
     end
     def dup_for_full_unlock
@@ -1128,20 +1168,16 @@ module Bundler
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
-      platforms.reverse_each do |platform|
-        next if local_platform == platform ||
-                @new_platforms.include?(platform) ||
-                @path_changes ||
-                @dependency_changes ||
-                @locked_spec_with_invalid_deps ||
-                !spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
+      skips = (@new_platforms + [local_platform]).uniq
-        remove_platform(platform)
-      end
-    end
+      # We should probably avoid removing non-ruby platforms, since that means
+      # lockfile will no longer install on those platforms, so a error to give
+      # heads up to the user may be better. However, we have tests expecting
+      # non ruby platform autoremoval to work, so leaving that in place for
+      # now.
+      skips |= platforms - [Gem::Platform::RUBY] if @dependency_changes
-    def spec_set_incomplete_for_platform?(spec_set, platform)
-      spec_set.incomplete_for_platform?(current_dependencies, platform)
+      @originally_invalid_platforms = @originally_locked_specs.remove_invalid_platforms!(current_dependencies, platforms, skips: skips)
     end
     def source_map