bundler 2.6.5 → 2.7.1

data/lib/bundler/dsl.rb

@@ -73,11 +73,11 @@ module Bundler
       case specs_by_name_and_version.size
       when 1
         specs = specs_by_name_and_version.values.first
-        spec = specs.find {|s| s.match_platform(Bundler.local_platform) } || specs.first
+        spec = specs.find {|s| s.installable_on_platform?(Bundler.local_platform) } || specs.first
 
         @gemspecs << spec
 
-        path path, "glob" => glob, "name" => spec.name do
+        path path, "glob" => glob, "name" => spec.name, "gemspec" => spec do
           add_dependency spec.name
         end
 
@@ -141,8 +141,7 @@ module Bundler
     def path(path, options = {}, &blk)
       source_options = normalize_hash(options).merge(
         "path" => Pathname.new(path),
-        "root_path" => gemfile_root,
-        "gemspec" => gemspecs.find {|g| g.name == options["name"] }
+        "root_path" => gemfile_root
       )
 
       source_options["global"] = true unless block_given?
@@ -241,28 +240,27 @@ module Bundler
       dep = Dependency.new(name, version, options)
 
       # if there's already a dependency with this name we try to prefer one
-      if current = @dependencies.find {|d| d.name == dep.name }
+      if current = @dependencies.find {|d| d.name == name }
         if current.requirement != dep.requirement
           current_requirement_open = current.requirements_list.include?(">= 0")
 
           gemspec_dep = [dep, current].find(&:gemspec_dev_dep?)
           if gemspec_dep
-            gemfile_dep = [dep, current].find(&:gemfile_dep?)
-
-            if gemfile_dep && !current_requirement_open
-              Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
-                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
-            elsif gemfile_dep.nil?
-              require_relative "vendor/pub_grub/lib/pub_grub/version_range"
-              require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
-              require_relative "vendor/pub_grub/lib/pub_grub/version_union"
-              require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
-
-              current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
-              next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
-
-              if current_gemspec_range.intersects?(next_gemspec_range)
-                dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
+            require_relative "vendor/pub_grub/lib/pub_grub/version_range"
+            require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
+            require_relative "vendor/pub_grub/lib/pub_grub/version_union"
+            require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
+
+            current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
+            next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
+
+            if current_gemspec_range.intersects?(next_gemspec_range)
+              dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
+            else
+              gemfile_dep = [dep, current].find(&:gemfile_dep?)
+
+              if gemfile_dep
+                raise GemfileError, "The #{name} dependency has conflicting requirements in Gemfile (#{gemfile_dep.requirement}) and gemspec (#{gemspec_dep.requirement})"
               else
                 raise GemfileError, "Two gemspec development dependencies have conflicting requirements on the same gem: #{dep} and #{current}"
               end
@@ -274,14 +272,14 @@ module Bundler
               if dep.requirements_list.include?(">= 0") && !current_requirement_open
                 update_prompt = ". Gem already added"
               else
-                update_prompt = ". If you want to update the gem version, run `bundle update #{current.name}`"
+                update_prompt = ". If you want to update the gem version, run `bundle update #{name}`"
 
                 update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current_requirement_open
               end
             end
 
             raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
-                           "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
+                           "You specified: #{name} (#{current.requirement}) and #{name} (#{dep.requirement})" \
                            "#{update_prompt}"
           end
         end
@@ -294,10 +292,10 @@ module Bundler
             return
           elsif current.source != dep.source
             raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                            "You specified that #{name} (#{dep.requirement}) should come from " \
                             "#{current.source || "an unspecified source"} and #{dep.source}\n"
           else
-            Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
+            Bundler.ui.warn "Your Gemfile lists the gem #{name} (#{current.requirement}) more than once.\n" \
                             "You should probably keep only one of them.\n" \
                             "Remove any duplicate entries and specify the gem only once.\n" \
                             "While it's not a problem now, it could cause errors if you change the version of one of them later."
@@ -413,6 +411,7 @@ module Bundler
         next if VALID_PLATFORMS.include?(p)
         raise GemfileError, "`#{p}` is not a valid platform. The available options are: #{VALID_PLATFORMS.inspect}"
       end
+      deprecate_legacy_windows_platforms(platforms)
 
       # Save sources passed in a key
       if opts.key?("source")
@@ -493,6 +492,16 @@ module Bundler
       end
     end
 
+    def deprecate_legacy_windows_platforms(platforms)
+      windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
+      return if windows_platforms.empty?
+
+      windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
+      message = "Platform #{windows_platforms} is deprecated. Please use platform :windows instead."
+      removed_message = "Platform #{windows_platforms} has been removed. Please use platform :windows instead."
+      Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
+    end
+
     def check_path_source_safety
       return if @sources.global_path_source.nil?
 
@@ -512,7 +521,7 @@ module Bundler
     end
 
     def multiple_global_source_warning
-      if Bundler.feature_flag.bundler_3_mode?
+      if Bundler.feature_flag.bundler_4_mode?
         msg = "This Gemfile contains multiple global sources. " \
           "Each source after the first must include a block to indicate which gems " \
           "should come from that source"

data/lib/bundler/errors.rb

@@ -193,6 +193,24 @@ module Bundler
     status_code(31)
   end
 
+  class ReadOnlyFileSystemError < PermissionError
+    def message
+      "There was an error while trying to #{action} `#{@path}`. " \
+      "File system is read-only."
+    end
+
+    status_code(42)
+  end
+
+  class OperationNotPermittedError < PermissionError
+    def message
+      "There was an error while trying to #{action} `#{@path}`. " \
+      "Underlying OS system call raised an EPERM error."
+    end
+
+    status_code(43)
+  end
+
   class GenericSystemCallError < BundlerError
     attr_reader :underlying_error
 

data/lib/bundler/feature_flag.rb

@@ -27,20 +27,23 @@ module Bundler
 
     (1..10).each {|v| define_method("bundler_#{v}_mode?") { @major_version >= v } }
 
-    settings_flag(:allow_offline_install) { bundler_3_mode? }
-    settings_flag(:auto_clean_without_path) { bundler_3_mode? }
-    settings_flag(:cache_all) { bundler_3_mode? }
-    settings_flag(:default_install_uses_path) { bundler_3_mode? }
-    settings_flag(:forget_cli_options) { bundler_3_mode? }
-    settings_flag(:global_gem_cache) { bundler_3_mode? }
-    settings_flag(:lockfile_checksums) { bundler_3_mode? }
-    settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
+    settings_flag(:allow_offline_install) { bundler_4_mode? }
+    settings_flag(:cache_all) { bundler_4_mode? }
+    settings_flag(:forget_cli_options) { bundler_4_mode? }
+    settings_flag(:global_gem_cache) { bundler_4_mode? }
+    settings_flag(:lockfile_checksums) { bundler_4_mode? }
     settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
-    settings_flag(:print_only_version_number) { bundler_3_mode? }
-    settings_flag(:setup_makes_kernel_gem_public) { !bundler_3_mode? }
-    settings_flag(:update_requires_all_flag) { bundler_4_mode? }
+    settings_flag(:update_requires_all_flag) { bundler_5_mode? }
 
-    settings_option(:default_cli_command) { bundler_3_mode? ? :cli_help : :install }
+    settings_option(:default_cli_command) { bundler_4_mode? ? :cli_help : :install }
+
+    def removed_major?(target_major_version)
+      @major_version > target_major_version
+    end
+
+    def deprecated_major?(target_major_version)
+      @major_version >= target_major_version
+    end
 
     def initialize(bundler_version)
       @bundler_version = Gem::Version.create(bundler_version)

data/lib/bundler/fetcher/dependency.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 require_relative "base"
-require "cgi"
+require "cgi/escape"
+require "cgi/util" unless defined?(CGI::EscapeExt)
 
 module Bundler
   class Fetcher

data/lib/bundler/fetcher/downloader.rb

@@ -3,6 +3,28 @@
 module Bundler
   class Fetcher
     class Downloader
+      HTTP_NON_RETRYABLE_ERRORS = [
+        SocketError,
+        Errno::EADDRNOTAVAIL,
+        Errno::ENETDOWN,
+        Errno::ENETUNREACH,
+        Gem::Net::HTTP::Persistent::Error,
+        Errno::EHOSTUNREACH,
+      ].freeze
+
+      HTTP_RETRYABLE_ERRORS = [
+        Gem::Timeout::Error,
+        EOFError,
+        Errno::EINVAL,
+        Errno::ECONNRESET,
+        Errno::ETIMEDOUT,
+        Errno::EAGAIN,
+        Gem::Net::HTTPBadResponse,
+        Gem::Net::HTTPHeaderSyntaxError,
+        Gem::Net::ProtocolError,
+        Zlib::BufError,
+      ].freeze
+
       attr_reader :connection
       attr_reader :redirect_limit
 
@@ -67,15 +89,19 @@ module Bundler
         connection.request(uri, req)
       rescue OpenSSL::SSL::SSLError
         raise CertificateFailureError.new(uri)
-      rescue *HTTP_ERRORS => e
+      rescue *HTTP_NON_RETRYABLE_ERRORS => e
         Bundler.ui.trace e
-        if e.is_a?(SocketError) || e.message.to_s.include?("host down:")
-          raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
-            "connection and try again."
-        else
-          raise HTTPError, "Network error while fetching #{filtered_uri}" \
+
+        host = uri.host
+        host_port = "#{host}:#{uri.port}"
+        host = host_port if filtered_uri.to_s.include?(host_port)
+        raise NetworkDownError, "Could not reach host #{host}. Check your network " \
+          "connection and try again."
+      rescue *HTTP_RETRYABLE_ERRORS => e
+        Bundler.ui.trace e
+
+        raise HTTPError, "Network error while fetching #{filtered_uri}" \
             " (#{e})"
-        end
       end
 
       private

data/lib/bundler/fetcher.rb

@@ -2,7 +2,6 @@
 
 require_relative "vendored_persistent"
 require_relative "vendored_timeout"
-require "cgi"
 require_relative "vendored_securerandom"
 require "zlib"
 
@@ -73,19 +72,57 @@ module Bundler
       end
     end
 
+    HTTP_ERRORS = (Downloader::HTTP_RETRYABLE_ERRORS + Downloader::HTTP_NON_RETRYABLE_ERRORS).freeze
+    deprecate_constant :HTTP_ERRORS
+
+    NET_ERRORS = [
+      :HTTPBadGateway,
+      :HTTPBadRequest,
+      :HTTPFailedDependency,
+      :HTTPForbidden,
+      :HTTPInsufficientStorage,
+      :HTTPMethodNotAllowed,
+      :HTTPMovedPermanently,
+      :HTTPNoContent,
+      :HTTPNotFound,
+      :HTTPNotImplemented,
+      :HTTPPreconditionFailed,
+      :HTTPRequestEntityTooLarge,
+      :HTTPRequestURITooLong,
+      :HTTPUnauthorized,
+      :HTTPUnprocessableEntity,
+      :HTTPUnsupportedMediaType,
+      :HTTPVersionNotSupported,
+    ].freeze
+    deprecate_constant :NET_ERRORS
+
     # Exceptions classes that should bypass retry attempts. If your password didn't work the
     # first time, it's not going to the third time.
-    NET_ERRORS = [:HTTPBadGateway, :HTTPBadRequest, :HTTPFailedDependency,
-                  :HTTPForbidden, :HTTPInsufficientStorage, :HTTPMethodNotAllowed,
-                  :HTTPMovedPermanently, :HTTPNoContent, :HTTPNotFound,
-                  :HTTPNotImplemented, :HTTPPreconditionFailed, :HTTPRequestEntityTooLarge,
-                  :HTTPRequestURITooLong, :HTTPUnauthorized, :HTTPUnprocessableEntity,
-                  :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
-    FAIL_ERRORS = begin
-      fail_errors = [AuthenticationRequiredError, BadAuthenticationError, AuthenticationForbiddenError, FallbackError, SecurityError]
-      fail_errors << Gem::Requirement::BadRequirementError
-      fail_errors.concat(NET_ERRORS.map {|e| Gem::Net.const_get(e) })
-    end.freeze
+    FAIL_ERRORS = [
+      AuthenticationRequiredError,
+      BadAuthenticationError,
+      AuthenticationForbiddenError,
+      FallbackError,
+      SecurityError,
+      Gem::Requirement::BadRequirementError,
+      Gem::Net::HTTPBadGateway,
+      Gem::Net::HTTPBadRequest,
+      Gem::Net::HTTPFailedDependency,
+      Gem::Net::HTTPForbidden,
+      Gem::Net::HTTPInsufficientStorage,
+      Gem::Net::HTTPMethodNotAllowed,
+      Gem::Net::HTTPMovedPermanently,
+      Gem::Net::HTTPNoContent,
+      Gem::Net::HTTPNotFound,
+      Gem::Net::HTTPNotImplemented,
+      Gem::Net::HTTPPreconditionFailed,
+      Gem::Net::HTTPRequestEntityTooLarge,
+      Gem::Net::HTTPRequestURITooLong,
+      Gem::Net::HTTPUnauthorized,
+      Gem::Net::HTTPUnprocessableEntity,
+      Gem::Net::HTTPUnsupportedMediaType,
+      Gem::Net::HTTPVersionNotSupported,
+    ].freeze
 
     class << self
       attr_accessor :disable_endpoint, :api_timeout, :redirect_limit, :max_retries
@@ -294,13 +331,6 @@ module Bundler
       paths.find {|path| File.file? path }
     end
 
-    HTTP_ERRORS = [
-      Gem::Timeout::Error, EOFError, SocketError, Errno::ENETDOWN, Errno::ENETUNREACH,
-      Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN,
-      Gem::Net::HTTPBadResponse, Gem::Net::HTTPHeaderSyntaxError, Gem::Net::ProtocolError,
-      Gem::Net::HTTP::Persistent::Error, Zlib::BufError, Errno::EHOSTUNREACH
-    ].freeze
-
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
       ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||

data/lib/bundler/friendly_errors.rb

@@ -80,7 +80,7 @@ module Bundler
         First, try this link to see if there are any existing issue reports for this error:
         #{issues_url(e)}
 
-        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}, and copy and paste the report template above in there.
+        If there aren't any reports for this error yet, please fill in the new issue form located at #{new_issue_url}. Make sure to copy and paste the full output of this command under the "What happened instead?" section.
       EOS
     end
 
@@ -102,7 +102,8 @@ module Bundler
     def issues_url(exception)
       message = exception.message.lines.first.tr(":", " ").chomp
       message = message.split("-").first if exception.is_a?(Errno)
-      require "cgi"
+      require "cgi/escape"
+      require "cgi/util" unless defined?(CGI::EscapeExt)
       "https://github.com/rubygems/rubygems/search?q=" \
         "#{CGI.escape(message)}&type=Issues"
     end

data/lib/bundler/index.rb

@@ -131,6 +131,11 @@ module Bundler
       return unless other
       other.each do |spec|
         if existing = find_by_spec(spec)
+          unless dependencies_eql?(existing, spec)
+            Bundler.ui.warn "Local specification for #{spec.full_name} has different dependencies than the remote gem, ignoring it"
+            next
+          end
+
           add_duplicate(existing)
         end
         add spec
@@ -153,8 +158,8 @@ module Bundler
     end
 
     def dependencies_eql?(spec, other_spec)
-      deps       = spec.dependencies.select {|d| d.type != :development }
-      other_deps = other_spec.dependencies.select {|d| d.type != :development }
+      deps       = spec.runtime_dependencies
+      other_deps = other_spec.runtime_dependencies
       deps.sort == other_deps.sort
     end
 

data/lib/bundler/injector.rb

@@ -108,17 +108,17 @@ module Bundler
         end
 
         if d.groups != Array(:default)
-          group = d.groups.size == 1 ? ", :group => #{d.groups.first.inspect}" : ", :groups => #{d.groups.inspect}"
+          group = d.groups.size == 1 ? ", group: #{d.groups.first.inspect}" : ", groups: #{d.groups.inspect}"
         end
 
-        source = ", :source => \"#{d.source}\"" unless d.source.nil?
-        path = ", :path => \"#{d.path}\"" unless d.path.nil?
-        git = ", :git => \"#{d.git}\"" unless d.git.nil?
-        github = ", :github => \"#{d.github}\"" unless d.github.nil?
-        branch = ", :branch => \"#{d.branch}\"" unless d.branch.nil?
-        ref = ", :ref => \"#{d.ref}\"" unless d.ref.nil?
-        glob = ", :glob => \"#{d.glob}\"" unless d.glob.nil?
-        require_path = ", :require => #{convert_autorequire(d.autorequire)}" unless d.autorequire.nil?
+        source = ", source: \"#{d.source}\"" unless d.source.nil?
+        path = ", path: \"#{d.path}\"" unless d.path.nil?
+        git = ", git: \"#{d.git}\"" unless d.git.nil?
+        github = ", github: \"#{d.github}\"" unless d.github.nil?
+        branch = ", branch: \"#{d.branch}\"" unless d.branch.nil?
+        ref = ", ref: \"#{d.ref}\"" unless d.ref.nil?
+        glob = ", glob: \"#{d.glob}\"" unless d.glob.nil?
+        require_path = ", require: #{convert_autorequire(d.autorequire)}" unless d.autorequire.nil?
 
         %(gem #{name}#{requirement}#{group}#{source}#{path}#{git}#{github}#{branch}#{ref}#{glob}#{require_path})
       end.join("\n")

data/lib/bundler/installer.rb

@@ -91,6 +91,11 @@ module Bundler
     end
 
     def generate_bundler_executable_stubs(spec, options = {})
+      if spec.name == "bundler"
+        Bundler.ui.warn "Bundler itself does not use binstubs because its version is selected by RubyGems"
+        return
+      end
+
       if options[:binstubs_cmd] && spec.executables.empty?
         options = {}
         spec.runtime_dependencies.each do |dep|
@@ -115,10 +120,6 @@ module Bundler
       ruby_command = Thor::Util.ruby_command
       ruby_command = ruby_command
       template_path = File.expand_path("templates/Executable", __dir__)
-      if spec.name == "bundler"
-        template_path += ".bundler"
-        spec.executables = %(bundle)
-      end
       template = File.read(template_path)
 
       exists = []
@@ -212,7 +213,7 @@ module Bundler
     def load_plugins
       Gem.load_plugins
 
-      requested_path_gems = @definition.requested_specs.select {|s| s.source.is_a?(Source::Path) }
+      requested_path_gems = @definition.specs.select {|s| s.source.is_a?(Source::Path) }
       path_plugin_files = requested_path_gems.flat_map do |spec|
         spec.matches_for_glob("rubygems_plugin#{Bundler.rubygems.suffix_pattern}")
       rescue TypeError

data/lib/bundler/lazy_specification.rb

@@ -33,7 +33,7 @@ module Bundler
       lazy_spec
     end
 
-    def initialize(name, version, platform, source = nil)
+    def initialize(name, version, platform, source = nil, **materialization_options)
       @name          = name
       @version       = version
       @dependencies  = []
@@ -43,6 +43,7 @@ module Bundler
 
       @original_source = source
       @source = source
+      @materialization_options = materialization_options
 
       @force_ruby_platform = default_force_ruby_platform
       @most_specific_locked_platform = nil
@@ -142,15 +143,15 @@ module Bundler
         end
       else
         materialize([name, version]) do |matching_specs|
-          target_platform = source.is_a?(Source::Path) ? platform : local_platform
+          target_platform = source.is_a?(Source::Path) ? platform : Bundler.local_platform
 
-          installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
+          installable_candidates = MatchPlatform.select_best_platform_match(matching_specs, target_platform)
 
           specification = choose_compatible(installable_candidates, fallback_to_non_installable: false)
           return specification unless specification.nil?
 
           if target_platform != platform
-            installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform)
+            installable_candidates = MatchPlatform.select_best_platform_match(matching_specs, platform)
           end
 
           choose_compatible(installable_candidates)
@@ -175,6 +176,14 @@ module Bundler
       @force_ruby_platform = true
     end
 
+    def replace_source_with!(gemfile_source)
+      return unless gemfile_source.can_lock?(self)
+
+      @source = gemfile_source
+
+      true
+    end
+
     private
 
     def use_exact_resolved_specifications?
@@ -182,7 +191,7 @@ module Bundler
     end
 
     def ruby_platform_materializes_to_ruby_platform?
-      generic_platform = generic_local_platform == Gem::Platform::JAVA ? Gem::Platform::JAVA : Gem::Platform::RUBY
+      generic_platform = Bundler.generic_local_platform == Gem::Platform::JAVA ? Gem::Platform::JAVA : Gem::Platform::RUBY
 
       (most_specific_locked_platform != generic_platform) || force_ruby_platform || Bundler.settings[:force_ruby_platform]
     end
@@ -196,7 +205,7 @@ module Bundler
 
     # If in frozen mode, we fallback to a non-installable candidate because by
     # doing this we avoid re-resolving and potentially end up changing the
-    # lock file, which is not allowed. In that case, we will give a proper error
+    # lockfile, which is not allowed. In that case, we will give a proper error
     # about the mismatch higher up the stack, right before trying to install the
     # bad gem.
     def choose_compatible(candidates, fallback_to_non_installable: Bundler.frozen_bundle?)
@@ -205,22 +214,32 @@ module Bundler
       end
       if search.nil? && fallback_to_non_installable
         search = candidates.last
-      elsif search && search.full_name == full_name
-        # We don't validate locally installed dependencies but accept what's in
-        # the lockfile instead for performance, since loading locally installed
-        # dependencies would mean evaluating all gemspecs, which would affect
-        # `bundler/setup` performance
-        if search.is_a?(StubSpecification)
-          search.dependencies = dependencies
-        else
-          if !source.is_a?(Source::Path) && search.runtime_dependencies.sort != dependencies.sort
-            raise IncorrectLockfileDependencies.new(self)
-          end
+      end
 
-          search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
-        end
+      if search
+        validate_dependencies(search) if search.platform == platform
+
+        search.locked_platform = platform if search.instance_of?(RemoteSpecification) || search.instance_of?(EndpointSpecification)
       end
       search
     end
+
+    # Validate dependencies of this locked spec are consistent with dependencies
+    # of the actual spec that was materialized.
+    #
+    # Note that unless we are in strict mode (which we set during installation)
+    # we don't validate dependencies of locally installed gems but
+    # accept what's in the lockfile instead for performance, since loading
+    # dependencies of locally installed gems would mean evaluating all gemspecs,
+    # which would affect `bundler/setup` performance.
+    def validate_dependencies(spec)
+      if !@materialization_options[:strict] && spec.is_a?(StubSpecification)
+        spec.dependencies = dependencies
+      else
+        if !source.is_a?(Source::Path) && spec.runtime_dependencies.sort != dependencies.sort
+          raise IncorrectLockfileDependencies.new(self)
+        end
+      end
+    end
   end
 end

data/lib/bundler/lockfile_parser.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
+require_relative "shared_helpers"
+
 module Bundler
   class LockfileParser
-    include GemHelpers
-
     class Position
       attr_reader :line, :column
       def initialize(line, column)
@@ -94,7 +94,7 @@ module Bundler
       lockfile_contents.split(BUNDLED).last.strip
     end
 
-    def initialize(lockfile)
+    def initialize(lockfile, strict: false)
       @platforms    = []
       @sources      = []
       @dependencies = {}
@@ -106,6 +106,7 @@ module Bundler
         "Gemfile.lock"
       end
       @pos = Position.new(1, 1)
+      @strict = strict
 
       if lockfile.match?(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
         raise LockfileError, "Your #{@lockfile_path} contains merge conflicts.\n" \
@@ -139,8 +140,23 @@ module Bundler
         end
         @pos.advance!(line)
       end
+
+      if !Bundler.frozen_bundle? && @platforms.include?(Gem::Platform::X64_MINGW_LEGACY)
+        if @platforms.include?(Gem::Platform::X64_MINGW)
+          @platforms.delete(Gem::Platform::X64_MINGW_LEGACY)
+          SharedHelpers.major_deprecation(2,
+            "Found x64-mingw32 in lockfile, which is deprecated. Removing it. Support for x64-mingw32 will be removed in Bundler 4.0.",
+            removed_message: "Found x64-mingw32 in lockfile, which is no longer supported as of Bundler 4.0.")
+        else
+          @platforms[@platforms.index(Gem::Platform::X64_MINGW_LEGACY)] = Gem::Platform::X64_MINGW
+          SharedHelpers.major_deprecation(2,
+            "Found x64-mingw32 in lockfile, which is deprecated. Using x64-mingw-ucrt, the replacement for x64-mingw32 in modern rubies, instead. Support for x64-mingw32 will be removed in Bundler 4.0.",
+            removed_message: "Found x64-mingw32 in lockfile, which is no longer supported as of Bundler 4.0.")
+        end
+      end
+
       @most_specific_locked_platform = @platforms.min_by do |bundle_platform|
-        platform_specificity_match(bundle_platform, local_platform)
+        Gem::Platform.platform_specificity_match(bundle_platform, Bundler.local_platform)
       end
       @specs = @specs.values.sort_by!(&:full_name).each do |spec|
         spec.most_specific_locked_platform = @most_specific_locked_platform
@@ -239,7 +255,6 @@ module Bundler
       spaces = $1
       return unless spaces.size == 2
       checksums = $6
-      return unless checksums
       name = $2
       version = $3
       platform = $4
@@ -249,10 +264,14 @@ module Bundler
       full_name = Gem::NameTuple.new(name, version, platform).full_name
       return unless spec = @specs[full_name]
 
-      checksums.split(",") do |lock_checksum|
-        column = line.index(lock_checksum) + 1
-        checksum = Checksum.from_lock(lock_checksum, "#{@lockfile_path}:#{@pos.line}:#{column}")
-        spec.source.checksum_store.register(spec, checksum)
+      if checksums
+        checksums.split(",") do |lock_checksum|
+          column = line.index(lock_checksum) + 1
+          checksum = Checksum.from_lock(lock_checksum, "#{@lockfile_path}:#{@pos.line}:#{column}")
+          spec.source.checksum_store.register(spec, checksum)
+        end
+      else
+        spec.source.checksum_store.register(spec, nil)
       end
     end
 
@@ -268,7 +287,7 @@ module Bundler
 
         version = Gem::Version.new(version)
         platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
-        @current_spec = LazySpecification.new(name, version, platform, @current_source)
+        @current_spec = LazySpecification.new(name, version, platform, @current_source, strict: @strict)
         @current_source.add_dependency_names(name)
 
         @specs[@current_spec.full_name] = @current_spec