bundler 2.6.9 → 2.7.2

data/lib/bundler/cli.rb

@@ -77,7 +77,7 @@ module Bundler
       self.options ||= {}
       unprinted_warnings = Bundler.ui.unprinted_warnings
       Bundler.ui = UI::Shell.new(options)
-      Bundler.ui.level = "debug" if options["verbose"]
+      Bundler.ui.level = "debug" if options[:verbose] || Bundler.settings[:verbose]
       unprinted_warnings.each {|w| Bundler.ui.warn(w) }
     end
 
@@ -130,7 +130,7 @@ module Bundler
 
       if man_pages.include?(command)
         man_page = man_pages[command]
-        if Bundler.which("man") && !man_path.match?(%r{^file:/.+!/META-INF/jruby.home/.+})
+        if Bundler.which("man") && !man_path.match?(%r{^(?:file:/.+!|uri:classloader:)/META-INF/jruby.home/.+})
           Kernel.exec("man", man_page)
         else
           puts File.read("#{man_path}/#{File.basename(man_page)}.ronn")
@@ -220,7 +220,7 @@ module Bundler
     method_option "local", type: :boolean, banner: "Do not attempt to fetch gems remotely and use the gem cache instead"
     method_option "prefer-local", type: :boolean, banner: "Only attempt to fetch gems remotely if not present locally, even if newer versions are available remotely"
     method_option "no-cache", type: :boolean, banner: "Don't update the existing gem cache."
-    method_option "redownload", type: :boolean, aliases: "--force", banner: "Force downloading every gem."
+    method_option "force", type: :boolean, aliases: "--redownload", banner: "Force reinstalling every gem, even if already installed"
     method_option "no-prune", type: :boolean, banner: "Don't remove stale gems from the cache."
     method_option "path", type: :string, banner: "Specify a different path than the system default ($BUNDLE_PATH or $GEM_HOME).#{" Bundler will remember this value for future installs on this machine" unless Bundler.feature_flag.forget_cli_options?}"
     method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
@@ -232,15 +232,13 @@ module Bundler
     method_option "without", type: :array, banner: "Exclude gems that are part of the specified named group."
     method_option "with", type: :array, banner: "Include gems that are part of the specified named group."
     def install
-      SharedHelpers.major_deprecation(2, "The `--force` option has been renamed to `--redownload`") if ARGV.include?("--force")
-
       %w[clean deployment frozen no-prune path shebang without with].each do |option|
         remembered_flag_deprecation(option)
       end
 
       print_remembered_flag_deprecation("--system", "path.system", "true") if ARGV.include?("--system")
 
-      remembered_negative_flag_deprecation("no-deployment")
+      remembered_flag_deprecation("deployment", negative: true)
 
       require_relative "cli/install"
       Bundler.settings.temporary(no_install: false) do
@@ -263,7 +261,7 @@ module Bundler
     method_option "local", type: :boolean, banner: "Do not attempt to fetch gems remotely and use the gem cache instead"
     method_option "quiet", type: :boolean, banner: "Only output warnings and errors."
     method_option "source", type: :array, banner: "Update a specific source (and all gems associated with it)"
-    method_option "redownload", type: :boolean, aliases: "--force", banner: "Force downloading every gem."
+    method_option "force", type: :boolean, aliases: "--redownload", banner: "Force reinstalling every gem, even if already installed"
     method_option "ruby", type: :boolean, banner: "Update ruby specified in Gemfile.lock"
     method_option "bundler", type: :string, lazy_default: "> 0.a", banner: "Update the locked version of bundler"
     method_option "patch", type: :boolean, banner: "Prefer updating only to next patch version"
@@ -274,7 +272,6 @@ module Bundler
     method_option "conservative", type: :boolean, banner: "Use bundle install conservative update behavior and do not allow shared dependencies to be updated."
     method_option "all", type: :boolean, banner: "Update everything."
     def update(*gems)
-      SharedHelpers.major_deprecation(2, "The `--force` option has been renamed to `--redownload`") if ARGV.include?("--force")
       require_relative "cli/update"
       Bundler.settings.temporary(no_install: false) do
         Update.new(options, gems).run
@@ -290,8 +287,8 @@ module Bundler
     method_option "outdated", type: :boolean, banner: "Show verbose output including whether gems are outdated."
     def show(gem_name = nil)
       if ARGV.include?("--outdated")
-        message = "the `--outdated` flag to `bundle show` was undocumented and will be removed without replacement"
-        removed_message = "the `--outdated` flag to `bundle show` was undocumented and has been removed without replacement"
+        message = "the `--outdated` flag to `bundle show` will be removed in favor of `bundle show --verbose`"
+        removed_message = "the `--outdated` flag to `bundle show` has been removed in favor of `bundle show --verbose`"
         SharedHelpers.major_deprecation(2, message, removed_message: removed_message)
       end
       require_relative "cli/show"
@@ -331,6 +328,8 @@ module Bundler
     method_option "all", type: :boolean, banner: "Install binstubs for all gems"
     method_option "all-platforms", type: :boolean, default: false, banner: "Install binstubs for all platforms"
     def binstubs(*gems)
+      remembered_flag_deprecation("path", option_name: "bin")
+
       require_relative "cli/binstubs"
       Binstubs.new(options, gems).run
     end
@@ -413,8 +412,13 @@ module Bundler
     D
     def cache
       print_remembered_flag_deprecation("--all", "cache_all", "true") if ARGV.include?("--all")
+      print_remembered_flag_deprecation("--no-all", "cache_all", "false") if ARGV.include?("--no-all")
 
-      if ARGV.include?("--path")
+      %w[frozen no-prune].each do |option|
+        remembered_flag_deprecation(option)
+      end
+
+      if flag_passed?("--path")
         message =
           "The `--path` flag is deprecated because its semantics are unclear. " \
           "Use `bundle config cache_path` to configure the path of your cache of gems, " \
@@ -486,13 +490,13 @@ module Bundler
     def version
       cli_help = current_command.name == "cli_help"
       if cli_help || ARGV.include?("version")
-        build_info = " (#{BuildMetadata.built_at} commit #{BuildMetadata.git_commit_sha})"
+        build_info = " (#{BuildMetadata.timestamp} commit #{BuildMetadata.git_commit_sha})"
       end
 
-      if !cli_help && Bundler.feature_flag.print_only_version_number?
-        Bundler.ui.info "#{Bundler::VERSION}#{build_info}"
+      if !cli_help && Bundler.feature_flag.bundler_4_mode?
+        Bundler.ui.info "#{Bundler.verbose_version}#{build_info}"
       else
-        Bundler.ui.info "Bundler version #{Bundler::VERSION}#{build_info}"
+        Bundler.ui.info "Bundler version #{Bundler.verbose_version}#{build_info}"
       end
     end
 
@@ -512,18 +516,18 @@ module Bundler
       end
     end
 
-    unless Bundler.feature_flag.bundler_3_mode?
+    unless Bundler.feature_flag.bundler_4_mode?
       desc "viz [OPTIONS]", "Generates a visual dependency graph", hide: true
       long_desc <<-D
         Viz generates a PNG file of the current Gemfile as a dependency graph.
         Viz requires the ruby-graphviz gem (and its dependencies).
         The associated gems must also be installed via 'bundle install'.
       D
-      method_option :file, type: :string, default: "gem_graph", aliases: "-f", desc: "The name to use for the generated file. see format option"
-      method_option :format, type: :string, default: "png", aliases: "-F", desc: "This is output format option. Supported format is png, jpg, svg, dot ..."
-      method_option :requirements, type: :boolean, default: false, aliases: "-R", desc: "Set to show the version of each required dependency."
-      method_option :version, type: :boolean, default: false, aliases: "-v", desc: "Set to show each gem version."
-      method_option :without, type: :array, default: [], aliases: "-W", banner: "GROUP[ GROUP...]", desc: "Exclude gems that are part of the specified named group."
+      method_option :file, type: :string, default: "gem_graph", aliases: "-f", banner: "The name to use for the generated file. see format option"
+      method_option :format, type: :string, default: "png", aliases: "-F", banner: "This is output format option. Supported format is png, jpg, svg, dot ..."
+      method_option :requirements, type: :boolean, default: false, aliases: "-R", banner: "Set to show the version of each required dependency."
+      method_option :version, type: :boolean, default: false, aliases: "-v", banner: "Set to show each gem version."
+      method_option :without, type: :array, default: [], aliases: "-W", banner: "Exclude gems that are part of the specified named group."
       def viz
         SharedHelpers.major_deprecation 2, "The `viz` command has been renamed to `graph` and moved to a plugin. See https://github.com/rubygems/bundler-graph"
         require_relative "cli/viz"
@@ -532,18 +536,19 @@ module Bundler
     end
 
     desc "gem NAME [OPTIONS]", "Creates a skeleton for creating a rubygem"
-    method_option :exe, type: :boolean, default: false, aliases: ["--bin", "-b"], desc: "Generate a binary executable for your library."
-    method_option :coc, type: :boolean, desc: "Generate a code of conduct file. Set a default with `bundle config set --global gem.coc true`."
-    method_option :edit, type: :string, aliases: "-e", required: false, banner: "EDITOR", lazy_default: [ENV["BUNDLER_EDITOR"], ENV["VISUAL"], ENV["EDITOR"]].find {|e| !e.nil? && !e.empty? }, desc: "Open generated gemspec in the specified editor (defaults to $EDITOR or $BUNDLER_EDITOR)"
-    method_option :ext, type: :string, desc: "Generate the boilerplate for C extension code.", enum: EXTENSIONS
-    method_option :git, type: :boolean, default: true, desc: "Initialize a git repo inside your library."
-    method_option :mit, type: :boolean, desc: "Generate an MIT license file. Set a default with `bundle config set --global gem.mit true`."
-    method_option :rubocop, type: :boolean, desc: "Add rubocop to the generated Rakefile and gemspec. Set a default with `bundle config set --global gem.rubocop true`."
-    method_option :changelog, type: :boolean, desc: "Generate changelog file. Set a default with `bundle config set --global gem.changelog true`."
+    method_option :exe, type: :boolean, default: false, aliases: ["--bin", "-b"], banner: "Generate a binary executable for your library."
+    method_option :coc, type: :boolean, banner: "Generate a code of conduct file. Set a default with `bundle config set --global gem.coc true`."
+    method_option :edit, type: :string, aliases: "-e", required: false, lazy_default: [ENV["BUNDLER_EDITOR"], ENV["VISUAL"], ENV["EDITOR"]].find {|e| !e.nil? && !e.empty? }, banner: "Open generated gemspec in the specified editor (defaults to $EDITOR or $BUNDLER_EDITOR)"
+    method_option :ext, type: :string, banner: "Generate the boilerplate for C extension code.", enum: EXTENSIONS
+    method_option :git, type: :boolean, default: true, banner: "Initialize a git repo inside your library."
+    method_option :mit, type: :boolean, banner: "Generate an MIT license file. Set a default with `bundle config set --global gem.mit true`."
+    method_option :rubocop, type: :boolean, banner: "Add rubocop to the generated Rakefile and gemspec. Set a default with `bundle config set --global gem.rubocop true`."
+    method_option :changelog, type: :boolean, banner: "Generate changelog file. Set a default with `bundle config set --global gem.changelog true`."
     method_option :test, type: :string, lazy_default: Bundler.settings["gem.test"] || "", aliases: "-t", banner: "Use the specified test framework for your library", enum: %w[rspec minitest test-unit], desc: "Generate a test directory for your library, either rspec, minitest or test-unit. Set a default with `bundle config set --global gem.test (rspec|minitest|test-unit)`."
-    method_option :ci, type: :string, lazy_default: Bundler.settings["gem.ci"] || "", enum: %w[github gitlab circle], desc: "Generate CI configuration, either GitHub Actions, GitLab CI or CircleCI. Set a default with `bundle config set --global gem.ci (github|gitlab|circle)`"
-    method_option :linter, type: :string, lazy_default: Bundler.settings["gem.linter"] || "", enum: %w[rubocop standard], desc: "Add a linter and code formatter, either RuboCop or Standard. Set a default with `bundle config set --global gem.linter (rubocop|standard)`"
+    method_option :ci, type: :string, lazy_default: Bundler.settings["gem.ci"] || "", enum: %w[github gitlab circle], banner: "Generate CI configuration, either GitHub Actions, GitLab CI or CircleCI. Set a default with `bundle config set --global gem.ci (github|gitlab|circle)`"
+    method_option :linter, type: :string, lazy_default: Bundler.settings["gem.linter"] || "", enum: %w[rubocop standard], banner: "Add a linter and code formatter, either RuboCop or Standard. Set a default with `bundle config set --global gem.linter (rubocop|standard)`"
     method_option :github_username, type: :string, default: Bundler.settings["gem.github_username"], banner: "Set your username on GitHub", desc: "Fill in GitHub username on README so that you don't have to do it manually. Set a default with `bundle config set --global gem.github_username <your_username>`."
+    method_option :bundle, type: :boolean, default: Bundler.settings["gem.bundle"], banner: "Automatically run `bundle install` after creation. Set a default with `bundle config set --global gem.bundle true`"
 
     def gem(name)
       require_relative "cli/gem"
@@ -720,7 +725,7 @@ module Bundler
       end
       command << Thor::Options.to_switches(options_to_print.sort_by(&:first)).strip
       command.reject!(&:empty?)
-      Bundler.ui.info "Running `#{command * " "}` with bundler #{Bundler::VERSION}"
+      Bundler.ui.info "Running `#{command * " "}` with bundler #{Bundler.verbose_version}"
     end
 
     def warn_on_outdated_bundler
@@ -747,30 +752,17 @@ module Bundler
       nil
     end
 
-    def remembered_negative_flag_deprecation(name)
-      positive_name = name.gsub(/\Ano-/, "")
-      option = current_command.options[positive_name]
-      flag_name = "--no-" + option.switch_name.gsub(/\A--/, "")
-
-      flag_deprecation(positive_name, flag_name, option)
-    end
-
-    def remembered_flag_deprecation(name)
+    def remembered_flag_deprecation(name, negative: false, option_name: nil)
       option = current_command.options[name]
       flag_name = option.switch_name
-
-      flag_deprecation(name, flag_name, option)
-    end
-
-    def flag_deprecation(name, flag_name, option)
-      name_index = ARGV.find {|arg| flag_name == arg.split("=")[0] }
-      return unless name_index
+      flag_name = "--no-" + flag_name.gsub(/\A--/, "") if negative
+      return unless flag_passed?(flag_name)
 
       value = options[name]
       value = value.join(" ").to_s if option.type == :array
       value = "'#{value}'" unless option.type == :boolean
 
-      print_remembered_flag_deprecation(flag_name, name.tr("-", "_"), value)
+      print_remembered_flag_deprecation(flag_name, option_name || name.tr("-", "_"), value)
     end
 
     def print_remembered_flag_deprecation(flag_name, option_name, option_value)
@@ -786,5 +778,9 @@ module Bundler
         "#{option_value}`, and stop using this flag"
       Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
     end
+
+    def flag_passed?(name)
+      ARGV.any? {|arg| name == arg.split("=")[0] }
+    end
   end
 end

data/lib/bundler/compact_index_client.rb

@@ -28,11 +28,7 @@ module Bundler
   # It may be called concurrently without global interpreter lock in some Rubies.
   # As a result, some methods may look more complex than necessary to save memory or time.
   class CompactIndexClient
-    # NOTE: MD5 is here not because we expect a server to respond with it, but
-    # because we use it to generate the etag on first request during the upgrade
-    # to the compact index client that uses opaque etags saved to files.
-    # Remove once 2.5.0 has been out for a while.
-    SUPPORTED_DIGESTS = { "sha-256" => :SHA256, "md5" => :MD5 }.freeze
+    SUPPORTED_DIGESTS = { "sha-256" => :SHA256 }.freeze
     DEBUG_MUTEX = Thread::Mutex.new
 
     # info returns an Array of INFO Arrays. Each INFO Array has the following indices:

data/lib/bundler/current_ruby.rb

@@ -32,7 +32,7 @@ module Bundler
     end.freeze
 
     def ruby?
-      return true if Bundler::GemHelpers.generic_local_platform_is_ruby?
+      return true if Bundler::MatchPlatform.generic_local_platform_is_ruby?
 
       !windows? && (RUBY_ENGINE == "ruby" || RUBY_ENGINE == "rbx" || RUBY_ENGINE == "maglev" || RUBY_ENGINE == "truffleruby")
     end
@@ -50,6 +50,18 @@ module Bundler
     end
 
     def maglev?
+      message =
+        "`CurrentRuby#maglev?` is deprecated with no replacement. Please use the " \
+        "built-in Ruby `RUBY_ENGINE` constant to check the Ruby implementation you are running on."
+      removed_message =
+        "`CurrentRuby#maglev?` was removed with no replacement. Please use the " \
+        "built-in Ruby `RUBY_ENGINE` constant to check the Ruby implementation you are running on."
+      internally_exempted = caller_locations(1, 1).first.path == __FILE__
+
+      unless internally_exempted
+        SharedHelpers.major_deprecation(2, message, removed_message: removed_message, print_caller_location: true)
+      end
+
       RUBY_ENGINE == "maglev"
     end
 
@@ -71,12 +83,24 @@ module Bundler
         RUBY_VERSION.start_with?("#{version}.")
       end
 
-      all_platforms = PLATFORM_MAP.keys << "maglev"
-      all_platforms.each do |platform|
+      PLATFORM_MAP.keys.each do |platform|
         define_method(:"#{platform}_#{trimmed_version}?") do
           send(:"#{platform}?") && send(:"on_#{trimmed_version}?")
         end
       end
+
+      define_method(:"maglev_#{trimmed_version}?") do
+        message =
+          "`CurrentRuby##{__method__}` is deprecated with no replacement. Please use the " \
+          "built-in Ruby `RUBY_ENGINE` and `RUBY_VERSION` constants to perform a similar check."
+        removed_message =
+          "`CurrentRuby##{__method__}` was removed with no replacement. Please use the " \
+          "built-in Ruby `RUBY_ENGINE` and `RUBY_VERSION` constants to perform a similar check."
+
+        SharedHelpers.major_deprecation(2, message, removed_message: removed_message, print_caller_location: true)
+
+        send(:"maglev?") && send(:"on_#{trimmed_version}?")
+      end
     end
   end
 end

data/lib/bundler/definition.rb

@@ -4,8 +4,6 @@ require_relative "lockfile_parser"
 
 module Bundler
   class Definition
-    include GemHelpers
-
     class << self
       # Do not create or modify a lockfile (Makes #lock a noop)
       attr_accessor :no_lock
@@ -62,6 +60,7 @@ module Bundler
 
       if unlock == true
         @unlocking_all = true
+        strict = false
         @unlocking_bundler = false
         @unlocking = unlock
         @sources_to_unlock = []
@@ -70,6 +69,7 @@ module Bundler
         conservative = false
       else
         @unlocking_all = false
+        strict = unlock.delete(:strict)
         @unlocking_bundler = unlock.delete(:bundler)
         @unlocking = unlock.any? {|_k, v| !Array(v).empty? }
         @sources_to_unlock = unlock.delete(:sources) || []
@@ -99,7 +99,7 @@ module Bundler
 
       if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
-        @locked_gems = LockfileParser.new(@lockfile_contents)
+        @locked_gems = LockfileParser.new(@lockfile_contents, strict: strict)
         @locked_platforms = @locked_gems.platforms
         @most_specific_locked_platform = @locked_gems.most_specific_locked_platform
         @platforms = @locked_platforms.dup
@@ -189,12 +189,14 @@ module Bundler
     def setup_domain!(options = {})
       prefer_local! if options[:"prefer-local"]
 
+      sources.cached!
+
       if options[:add_checksums] || (!options[:local] && install_needed?)
-        remotely!
+        sources.remote!
         true
       else
         Bundler.settings.set_command_option(:jobs, 1) unless install_needed? # to avoid the overhead of Bundler::Worker
-        with_cache!
+        sources.local!
         false
       end
     end
@@ -282,7 +284,7 @@ module Bundler
     end
 
     def filter_relevant(dependencies)
-      platforms_array = [generic_local_platform].freeze
+      platforms_array = [Bundler.generic_local_platform].freeze
       dependencies.select do |d|
         d.should_include? && !d.gem_platforms(platforms_array).empty?
       end
@@ -373,6 +375,44 @@ module Bundler
       write_lock(target_lockfile, preserve_unknown_sections)
     end
 
+    def write_lock(file, preserve_unknown_sections)
+      return if Definition.no_lock || file.nil?
+
+      contents = to_lock
+
+      # Convert to \r\n if the existing lock has them
+      # i.e., Windows with `git config core.autocrlf=true`
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
+
+      if @locked_bundler_version
+        locked_major = @locked_bundler_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
+
+        updating_major = locked_major < current_major
+      end
+
+      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+
+      if File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
+
+      if Bundler.frozen_bundle?
+        Bundler.ui.error "Cannot write a changed lockfile while frozen."
+        return
+      end
+
+      begin
+        SharedHelpers.filesystem_access(file) do |p|
+          File.open(p, "wb") {|f| f.puts(contents) }
+        end
+      rescue ReadOnlyFileSystemError
+        raise ProductionError, lockfile_changes_summary("file system is read-only")
+      end
+    end
+
     def locked_ruby_version
       return unless ruby_version
       if @unlocking_ruby || !@locked_ruby_version
@@ -456,8 +496,8 @@ module Bundler
       return if current_platform_locked? || @platforms.include?(Gem::Platform::RUBY)
 
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
-        "but your local platform is #{local_platform}. " \
-        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
+        "but your local platform is #{Bundler.local_platform}. " \
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{Bundler.local_platform}` and try again."
     end
 
     def normalize_platforms
@@ -492,8 +532,6 @@ module Bundler
       @unlocking
     end
 
-    attr_writer :source_requirements
-
     def add_checksums
       @locked_checksums = true
 
@@ -533,7 +571,7 @@ module Bundler
 
       return unless added.any? || deleted.any? || changed.any? || resolve_needed?
 
-      msg = String.new("#{change_reason.capitalize.strip}, but ")
+      msg = String.new("#{change_reason[0].upcase}#{change_reason[1..-1].strip}, but ")
       msg << "the lockfile " unless msg.start_with?("Your lockfile")
       msg << "can't be updated because #{update_refused_reason}"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
@@ -559,6 +597,7 @@ module Bundler
         @missing_lockfile_dep ||
         @unlocking_bundler ||
         @locked_spec_with_missing_checksums ||
+        @locked_spec_with_empty_checksums ||
         @locked_spec_with_missing_deps ||
         @locked_spec_with_invalid_deps
     end
@@ -568,53 +607,15 @@ module Bundler
     end
 
     def should_add_extra_platforms?
-      !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
+      !lockfile_exists? && Bundler::MatchPlatform.generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
     end
 
     def lockfile_exists?
       lockfile && File.exist?(lockfile)
     end
 
-    def write_lock(file, preserve_unknown_sections)
-      return if Definition.no_lock || file.nil?
-
-      contents = to_lock
-
-      # Convert to \r\n if the existing lock has them
-      # i.e., Windows with `git config core.autocrlf=true`
-      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
-
-      if @locked_bundler_version
-        locked_major = @locked_bundler_version.segments.first
-        current_major = bundler_version_to_lock.segments.first
-
-        updating_major = locked_major < current_major
-      end
-
-      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
-
-      if File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
-        return if Bundler.frozen_bundle?
-        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
-        return
-      end
-
-      if Bundler.frozen_bundle?
-        Bundler.ui.error "Cannot write a changed lockfile while frozen."
-        return
-      end
-
-      begin
-        SharedHelpers.filesystem_access(file) do |p|
-          File.open(p, "wb") {|f| f.puts(contents) }
-        end
-      rescue ReadOnlyFileSystemError
-        raise ProductionError, lockfile_changes_summary("file system is read-only")
-      end
-    end
-
     def resolver
-      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= new_resolver(resolution_base)
     end
 
     def expanded_dependencies
@@ -632,8 +633,7 @@ module Bundler
       @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        new_resolution_platforms = @current_platform_missing ? @new_platforms + [local_platform] : @new_platforms
-        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = new_resolution_base(last_resolve: last_resolve, unlock: @unlocking_all || @gems_to_unlock)
         base = additional_base_requirements_to_prevent_downgrades(base)
         base = additional_base_requirements_to_force_updates(base)
         base
@@ -738,9 +738,8 @@ module Bundler
     end
 
     def start_resolution
-      local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(local_platform)
-      @platforms << local_platform if local_platform_needed_for_resolvability
-      add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
+      local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(Bundler.local_platform)
+      @platforms << Bundler.local_platform if local_platform_needed_for_resolvability
 
       result = SpecSet.new(resolver.start)
 
@@ -758,7 +757,7 @@ module Bundler
         if result.incomplete_for_platform?(current_dependencies, @most_specific_non_local_locked_platform)
           @platforms.delete(@most_specific_non_local_locked_platform)
         elsif local_platform_needed_for_resolvability
-          @platforms.delete(local_platform)
+          @platforms.delete(Bundler.local_platform)
         end
       end
 
@@ -777,17 +776,17 @@ module Bundler
 
     def current_platform_locked?
       @platforms.any? do |bundle_platform|
-        generic_local_platform == bundle_platform || local_platform === bundle_platform
+        Bundler.generic_local_platform == bundle_platform || Bundler.local_platform === bundle_platform
       end
     end
 
     def add_current_platform
-      return if @platforms.include?(local_platform)
+      return if @platforms.include?(Bundler.local_platform)
 
       @most_specific_non_local_locked_platform = find_most_specific_locked_platform
       return if @most_specific_non_local_locked_platform
 
-      @platforms << local_platform
+      @platforms << Bundler.local_platform
       true
     end
 
@@ -848,6 +847,7 @@ module Bundler
         [@missing_lockfile_dep, "your lockfile is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
         [@locked_spec_with_missing_checksums, "your lockfile is missing a CHECKSUMS entry for \"#{@locked_spec_with_missing_checksums}\""],
+        [@locked_spec_with_empty_checksums, "your lockfile has an empty CHECKSUMS entry for \"#{@locked_spec_with_empty_checksums}\""],
         [@locked_spec_with_missing_deps, "your lockfile includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
         [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
@@ -907,13 +907,23 @@ module Bundler
       @locked_spec_with_invalid_deps = nil
       @locked_spec_with_missing_deps = nil
       @locked_spec_with_missing_checksums = nil
+      @locked_spec_with_empty_checksums = nil
 
       missing_deps = []
       missing_checksums = []
+      empty_checksums = []
       invalid = []
 
       @locked_specs.each do |s|
-        missing_checksums << s if @locked_checksums && s.source.checksum_store.missing?(s)
+        if @locked_checksums
+          checksum_store = s.source.checksum_store
+
+          if checksum_store.missing?(s)
+            missing_checksums << s
+          elsif checksum_store.empty?(s)
+            empty_checksums << s
+          end
+        end
 
         validation = @locked_specs.validate_deps(s)
 
@@ -922,6 +932,7 @@ module Bundler
       end
 
       @locked_spec_with_missing_checksums = missing_checksums.first.name if missing_checksums.any?
+      @locked_spec_with_empty_checksums = empty_checksums.first.name if empty_checksums.any?
 
       if missing_deps.any?
         @locked_specs.delete(missing_deps)
@@ -1037,17 +1048,16 @@ module Bundler
         lockfile_source = s.source
 
         if dep
-          gemfile_source = dep.source || default_source
-
-          deps << dep if !dep.source || lockfile_source.include?(dep.source) || new_deps.include?(dep)
+          replacement_source = dep.source
 
-          # Replace the locked dependency's source with the equivalent source from the Gemfile
-          s.source = gemfile_source
+          deps << dep if !replacement_source || lockfile_source.include?(replacement_source) || new_deps.include?(dep)
         else
-          # Replace the locked dependency's source with the default source, if the locked source is no longer in the Gemfile
-          s.source = default_source unless sources.get(lockfile_source)
+          replacement_source = sources.get(lockfile_source)
         end
 
+        # Replace the locked dependency's source with the equivalent source from the Gemfile
+        s.source = replacement_source || default_source
+
         source = s.source
         next if @sources_to_unlock.include?(source.name)
 
@@ -1146,7 +1156,7 @@ module Bundler
 
     def additional_base_requirements_to_force_updates(resolution_base)
       return resolution_base if @explicit_unlocks.empty?
-      full_update = dup_for_full_unlock.resolve
+      full_update = SpecSet.new(new_resolver_for_full_update.start)
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
         resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
@@ -1154,21 +1164,10 @@ module Bundler
       resolution_base
     end
 
-    def dup_for_full_unlock
-      unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
-      unlocked_definition.source_requirements = source_requirements
-      unlocked_definition.gem_version_promoter.tap do |gvp|
-        gvp.level = gem_version_promoter.level
-        gvp.strict = gem_version_promoter.strict
-        gvp.pre = gem_version_promoter.pre
-      end
-      unlocked_definition
-    end
-
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
 
-      skips = (@new_platforms + [local_platform]).uniq
+      skips = (@new_platforms + [Bundler.local_platform]).uniq
 
       # We should probably avoid removing non-ruby platforms, since that means
       # lockfile will no longer install on those platforms, so a error to give
@@ -1183,5 +1182,22 @@ module Bundler
     def source_map
       @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
+
+    def new_resolver_for_full_update
+      new_resolver(unlocked_resolution_base)
+    end
+
+    def unlocked_resolution_base
+      new_resolution_base(last_resolve: SpecSet.new([]), unlock: true)
+    end
+
+    def new_resolution_base(last_resolve:, unlock:)
+      new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
+      Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+    end
+
+    def new_resolver(base)
+      Resolver.new(base, gem_version_promoter, @most_specific_locked_platform)
+    end
   end
 end

data/lib/bundler/dependency.rb

@@ -99,7 +99,7 @@ module Bundler
       return RUBY_PLATFORM_ARRAY if force_ruby_platform
       return valid_platforms if platforms.empty?
 
-      valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }
+      valid_platforms.select {|p| expanded_platforms.include?(Gem::Platform.generic(p)) }
     end
 
     def expanded_platforms