RubyGems - bundler - Versions diffs - 2.6.9 → 2.7.2 - Mend

bundler 2.6.9 → 2.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +1136 -1033
data/README.md +7 -7
data/bundler.gemspec +2 -2
data/lib/bundler/build_metadata.rb +10 -11
data/lib/bundler/checksum.rb +6 -0
data/lib/bundler/cli/cache.rb +0 -1
data/lib/bundler/cli/common.rb +1 -1
data/lib/bundler/cli/config.rb +2 -2
data/lib/bundler/cli/gem.rb +62 -30
data/lib/bundler/cli/install.rb +5 -7
data/lib/bundler/cli/lock.rb +5 -5
data/lib/bundler/cli/outdated.rb +1 -1
data/lib/bundler/cli/show.rb +2 -6
data/lib/bundler/cli/update.rb +3 -3
data/lib/bundler/cli.rb +45 -49
data/lib/bundler/compact_index_client.rb +1 -5
data/lib/bundler/current_ruby.rb +27 -3
data/lib/bundler/definition.rb +97 -81
data/lib/bundler/dependency.rb +1 -1
data/lib/bundler/dsl.rb +34 -24
data/lib/bundler/feature_flag.rb +15 -12
data/lib/bundler/fetcher/dependency.rb +2 -1
data/lib/bundler/fetcher/downloader.rb +33 -7
data/lib/bundler/fetcher.rb +49 -19
data/lib/bundler/friendly_errors.rb +2 -1
data/lib/bundler/index.rb +7 -2
data/lib/bundler/installer.rb +5 -4
data/lib/bundler/lazy_specification.rb +9 -7
data/lib/bundler/lockfile_parser.rb +21 -5
data/lib/bundler/man/bundle-add.1 +1 -1
data/lib/bundler/man/bundle-binstubs.1 +1 -1
data/lib/bundler/man/bundle-cache.1 +1 -1
data/lib/bundler/man/bundle-check.1 +1 -1
data/lib/bundler/man/bundle-clean.1 +1 -1
data/lib/bundler/man/bundle-config.1 +200 -137
data/lib/bundler/man/bundle-config.1.ronn +138 -109
data/lib/bundler/man/bundle-console.1 +1 -1
data/lib/bundler/man/bundle-doctor.1 +43 -4
data/lib/bundler/man/bundle-doctor.1.ronn +48 -4
data/lib/bundler/man/bundle-env.1 +1 -1
data/lib/bundler/man/bundle-exec.1 +1 -1
data/lib/bundler/man/bundle-fund.1 +1 -1
data/lib/bundler/man/bundle-gem.1 +67 -44
data/lib/bundler/man/bundle-gem.1.ronn +8 -4
data/lib/bundler/man/bundle-help.1 +1 -1
data/lib/bundler/man/bundle-info.1 +1 -1
data/lib/bundler/man/bundle-init.1 +1 -1
data/lib/bundler/man/bundle-inject.1 +2 -2
data/lib/bundler/man/bundle-inject.1.ronn +1 -1
data/lib/bundler/man/bundle-install.1 +4 -4
data/lib/bundler/man/bundle-install.1.ronn +3 -4
data/lib/bundler/man/bundle-issue.1 +1 -1
data/lib/bundler/man/bundle-licenses.1 +1 -1
data/lib/bundler/man/bundle-list.1 +1 -1
data/lib/bundler/man/bundle-lock.1 +1 -1
data/lib/bundler/man/bundle-open.1 +1 -1
data/lib/bundler/man/bundle-outdated.1 +1 -1
data/lib/bundler/man/bundle-platform.1 +1 -1
data/lib/bundler/man/bundle-plugin.1 +40 -15
data/lib/bundler/man/bundle-plugin.1.ronn +44 -15
data/lib/bundler/man/bundle-pristine.1 +1 -1
data/lib/bundler/man/bundle-remove.1 +1 -1
data/lib/bundler/man/bundle-show.1 +1 -1
data/lib/bundler/man/bundle-update.1 +5 -5
data/lib/bundler/man/bundle-update.1.ronn +4 -4
data/lib/bundler/man/bundle-version.1 +1 -1
data/lib/bundler/man/bundle-viz.1 +1 -1
data/lib/bundler/man/bundle.1 +1 -1
data/lib/bundler/man/gemfile.5 +1 -1
data/lib/bundler/match_platform.rb +31 -12
data/lib/bundler/materialization.rb +2 -2
data/lib/bundler/resolver/package.rb +2 -1
data/lib/bundler/resolver.rb +1 -3
data/lib/bundler/rubygems_ext.rb +116 -120
data/lib/bundler/rubygems_integration.rb +11 -6
data/lib/bundler/runtime.rb +1 -1
data/lib/bundler/self_manager.rb +32 -42
data/lib/bundler/settings/validator.rb +0 -23
data/lib/bundler/settings.rb +4 -6
data/lib/bundler/shared_helpers.rb +6 -4
data/lib/bundler/source/gemspec.rb +4 -0
data/lib/bundler/source/git/git_proxy.rb +3 -3
data/lib/bundler/source/path.rb +9 -0
data/lib/bundler/source_list.rb +1 -5
data/lib/bundler/source_map.rb +1 -1
data/lib/bundler/spec_set.rb +7 -3
data/lib/bundler/templates/Executable +0 -11
data/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -0
data/lib/bundler/templates/newgem/newgem.gemspec.tt +6 -5
data/lib/bundler/ui/shell.rb +2 -2
data/lib/bundler/vendor/net-http-persistent/README.rdoc +1 -1
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +2 -1
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +81 -42
data/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +42 -6
data/lib/bundler/vendor/thor/lib/thor/parser/options.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/runner.rb +1 -1
data/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +3 -7
data/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
data/lib/bundler/version.rb +10 -2
data/lib/bundler/worker.rb +1 -1
data/lib/bundler.rb +14 -12
metadata +4 -14
data/lib/bundler/gem_helpers.rb +0 -144
data/lib/bundler/templates/Executable.bundler +0 -109
data/lib/bundler/vendor/connection_pool/.document +0 -1
data/lib/bundler/vendor/fileutils/.document +0 -1
data/lib/bundler/vendor/net-http-persistent/.document +0 -1
data/lib/bundler/vendor/pub_grub/.document +0 -1
data/lib/bundler/vendor/securerandom/.document +0 -1
data/lib/bundler/vendor/thor/.document +0 -1
data/lib/bundler/vendor/tsort/.document +0 -1
data/lib/bundler/vendor/uri/.document +0 -1

data/lib/bundler/dsl.rb CHANGED Viewed

@@ -73,7 +73,7 @@ module Bundler
       case specs_by_name_and_version.size
       when 1
         specs = specs_by_name_and_version.values.first
-        spec = specs.find {|s| s.match_platform(Bundler.local_platform) } || specs.first
+        spec = specs.find {|s| s.installable_on_platform?(Bundler.local_platform) } || specs.first
         @gemspecs << spec
@@ -240,28 +240,27 @@ module Bundler
       dep = Dependency.new(name, version, options)
       # if there's already a dependency with this name we try to prefer one
-      if current = @dependencies.find {|d| d.name == dep.name }
+      if current = @dependencies.find {|d| d.name == name }
         if current.requirement != dep.requirement
           current_requirement_open = current.requirements_list.include?(">= 0")
           gemspec_dep = [dep, current].find(&:gemspec_dev_dep?)
           if gemspec_dep
-            gemfile_dep = [dep, current].find(&:gemfile_dep?)
-            if gemfile_dep && !current_requirement_open
-              Bundler.ui.warn "A gemspec development dependency (#{gemspec_dep.name}, #{gemspec_dep.requirement}) is being overridden by a Gemfile dependency (#{gemfile_dep.name}, #{gemfile_dep.requirement}).\n" \
-                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n"
-            elsif gemfile_dep.nil?
-              require_relative "vendor/pub_grub/lib/pub_grub/version_range"
-              require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
-              require_relative "vendor/pub_grub/lib/pub_grub/version_union"
-              require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
-              current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
-              next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
-              if current_gemspec_range.intersects?(next_gemspec_range)
-                dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
+            require_relative "vendor/pub_grub/lib/pub_grub/version_range"
+            require_relative "vendor/pub_grub/lib/pub_grub/version_constraint"
+            require_relative "vendor/pub_grub/lib/pub_grub/version_union"
+            require_relative "vendor/pub_grub/lib/pub_grub/rubygems"
+            current_gemspec_range = PubGrub::RubyGems.requirement_to_range(current.requirement)
+            next_gemspec_range = PubGrub::RubyGems.requirement_to_range(dep.requirement)
+            if current_gemspec_range.intersects?(next_gemspec_range)
+              dep = Dependency.new(name, current.requirement.as_list + dep.requirement.as_list, options)
+            else
+              gemfile_dep = [dep, current].find(&:gemfile_dep?)
+              if gemfile_dep
+                raise GemfileError, "The #{name} dependency has conflicting requirements in Gemfile (#{gemfile_dep.requirement}) and gemspec (#{gemspec_dep.requirement})"
               else
                 raise GemfileError, "Two gemspec development dependencies have conflicting requirements on the same gem: #{dep} and #{current}"
               end
@@ -273,14 +272,14 @@ module Bundler
               if dep.requirements_list.include?(">= 0") && !current_requirement_open
                 update_prompt = ". Gem already added"
               else
-                update_prompt = ". If you want to update the gem version, run `bundle update #{current.name}`"
+                update_prompt = ". If you want to update the gem version, run `bundle update #{name}`"
                 update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current_requirement_open
               end
             end
             raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
-                           "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
+                           "You specified: #{name} (#{current.requirement}) and #{name} (#{dep.requirement})" \
                            "#{update_prompt}"
           end
         end
@@ -291,12 +290,12 @@ module Bundler
             @dependencies.delete(current)
           elsif dep.gemspec_dev_dep?
             return
-          elsif current.source != dep.source
+          elsif current.source.to_s != dep.source.to_s
             raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                            "You specified that #{name} (#{dep.requirement}) should come from " \
                             "#{current.source || "an unspecified source"} and #{dep.source}\n"
           else
-            Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
+            Bundler.ui.warn "Your Gemfile lists the gem #{name} (#{current.requirement}) more than once.\n" \
                             "You should probably keep only one of them.\n" \
                             "Remove any duplicate entries and specify the gem only once.\n" \
                             "While it's not a problem now, it could cause errors if you change the version of one of them later."
@@ -412,6 +411,7 @@ module Bundler
         next if VALID_PLATFORMS.include?(p)
         raise GemfileError, "`#{p}` is not a valid platform. The available options are: #{VALID_PLATFORMS.inspect}"
       end
+      deprecate_legacy_windows_platforms(platforms)
       # Save sources passed in a key
       if opts.key?("source")
@@ -492,6 +492,16 @@ module Bundler
       end
     end
+    def deprecate_legacy_windows_platforms(platforms)
+      windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
+      return if windows_platforms.empty?
+      windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
+      message = "Platform #{windows_platforms} is deprecated. Please use platform :windows instead."
+      removed_message = "Platform #{windows_platforms} has been removed. Please use platform :windows instead."
+      Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
+    end
     def check_path_source_safety
       return if @sources.global_path_source.nil?
@@ -511,7 +521,7 @@ module Bundler
     end
     def multiple_global_source_warning
-      if Bundler.feature_flag.bundler_3_mode?
+      if Bundler.feature_flag.bundler_4_mode?
         msg = "This Gemfile contains multiple global sources. " \
           "Each source after the first must include a block to indicate which gems " \
           "should come from that source"

data/lib/bundler/feature_flag.rb CHANGED Viewed

@@ -27,20 +27,23 @@ module Bundler
     (1..10).each {|v| define_method("bundler_#{v}_mode?") { @major_version >= v } }
-    settings_flag(:allow_offline_install) { bundler_3_mode? }
-    settings_flag(:auto_clean_without_path) { bundler_3_mode? }
-    settings_flag(:cache_all) { bundler_3_mode? }
-    settings_flag(:default_install_uses_path) { bundler_3_mode? }
-    settings_flag(:forget_cli_options) { bundler_3_mode? }
-    settings_flag(:global_gem_cache) { bundler_3_mode? }
-    settings_flag(:lockfile_checksums) { bundler_3_mode? }
-    settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
+    settings_flag(:allow_offline_install) { bundler_4_mode? }
+    settings_flag(:cache_all) { bundler_4_mode? }
+    settings_flag(:forget_cli_options) { bundler_4_mode? }
+    settings_flag(:global_gem_cache) { bundler_5_mode? }
+    settings_flag(:lockfile_checksums) { bundler_4_mode? }
     settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
-    settings_flag(:print_only_version_number) { bundler_3_mode? }
-    settings_flag(:setup_makes_kernel_gem_public) { !bundler_3_mode? }
-    settings_flag(:update_requires_all_flag) { bundler_4_mode? }
+    settings_flag(:update_requires_all_flag) { bundler_5_mode? }
-    settings_option(:default_cli_command) { bundler_3_mode? ? :cli_help : :install }
+    settings_option(:default_cli_command) { bundler_4_mode? ? :cli_help : :install }
+    def removed_major?(target_major_version)
+      @major_version > target_major_version
+    end
+    def deprecated_major?(target_major_version)
+      @major_version >= target_major_version
+    end
     def initialize(bundler_version)
       @bundler_version = Gem::Version.create(bundler_version)

data/lib/bundler/fetcher/dependency.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 require_relative "base"
-require "cgi"
+require "cgi/escape"
+require "cgi/util" unless defined?(CGI::EscapeExt)
 module Bundler
   class Fetcher

data/lib/bundler/fetcher/downloader.rb CHANGED Viewed

@@ -3,6 +3,28 @@
 module Bundler
   class Fetcher
     class Downloader
+      HTTP_NON_RETRYABLE_ERRORS = [
+        SocketError,
+        Errno::EADDRNOTAVAIL,
+        Errno::ENETDOWN,
+        Errno::ENETUNREACH,
+        Gem::Net::HTTP::Persistent::Error,
+        Errno::EHOSTUNREACH,
+      ].freeze
+      HTTP_RETRYABLE_ERRORS = [
+        Gem::Timeout::Error,
+        EOFError,
+        Errno::EINVAL,
+        Errno::ECONNRESET,
+        Errno::ETIMEDOUT,
+        Errno::EAGAIN,
+        Gem::Net::HTTPBadResponse,
+        Gem::Net::HTTPHeaderSyntaxError,
+        Gem::Net::ProtocolError,
+        Zlib::BufError,
+      ].freeze
       attr_reader :connection
       attr_reader :redirect_limit
@@ -67,15 +89,19 @@ module Bundler
         connection.request(uri, req)
       rescue OpenSSL::SSL::SSLError
         raise CertificateFailureError.new(uri)
-      rescue *HTTP_ERRORS => e
+      rescue *HTTP_NON_RETRYABLE_ERRORS => e
         Bundler.ui.trace e
-        if e.is_a?(SocketError) || e.message.to_s.include?("host down:")
-          raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
-            "connection and try again."
-        else
-          raise HTTPError, "Network error while fetching #{filtered_uri}" \
+        host = uri.host
+        host_port = "#{host}:#{uri.port}"
+        host = host_port if filtered_uri.to_s.include?(host_port)
+        raise NetworkDownError, "Could not reach host #{host}. Check your network " \
+          "connection and try again."
+      rescue *HTTP_RETRYABLE_ERRORS => e
+        Bundler.ui.trace e
+        raise HTTPError, "Network error while fetching #{filtered_uri}" \
             " (#{e})"
-        end
       end
       private

data/lib/bundler/fetcher.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 require_relative "vendored_persistent"
 require_relative "vendored_timeout"
-require "cgi"
 require_relative "vendored_securerandom"
 require "zlib"
@@ -73,19 +72,57 @@ module Bundler
       end
     end
+    HTTP_ERRORS = (Downloader::HTTP_RETRYABLE_ERRORS + Downloader::HTTP_NON_RETRYABLE_ERRORS).freeze
+    deprecate_constant :HTTP_ERRORS
+    NET_ERRORS = [
+      :HTTPBadGateway,
+      :HTTPBadRequest,
+      :HTTPFailedDependency,
+      :HTTPForbidden,
+      :HTTPInsufficientStorage,
+      :HTTPMethodNotAllowed,
+      :HTTPMovedPermanently,
+      :HTTPNoContent,
+      :HTTPNotFound,
+      :HTTPNotImplemented,
+      :HTTPPreconditionFailed,
+      :HTTPRequestEntityTooLarge,
+      :HTTPRequestURITooLong,
+      :HTTPUnauthorized,
+      :HTTPUnprocessableEntity,
+      :HTTPUnsupportedMediaType,
+      :HTTPVersionNotSupported,
+    ].freeze
+    deprecate_constant :NET_ERRORS
     # Exceptions classes that should bypass retry attempts. If your password didn't work the
     # first time, it's not going to the third time.
-    NET_ERRORS = [:HTTPBadGateway, :HTTPBadRequest, :HTTPFailedDependency,
-                  :HTTPForbidden, :HTTPInsufficientStorage, :HTTPMethodNotAllowed,
-                  :HTTPMovedPermanently, :HTTPNoContent, :HTTPNotFound,
-                  :HTTPNotImplemented, :HTTPPreconditionFailed, :HTTPRequestEntityTooLarge,
-                  :HTTPRequestURITooLong, :HTTPUnauthorized, :HTTPUnprocessableEntity,
-                  :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
-    FAIL_ERRORS = begin
-      fail_errors = [AuthenticationRequiredError, BadAuthenticationError, AuthenticationForbiddenError, FallbackError, SecurityError]
-      fail_errors << Gem::Requirement::BadRequirementError
-      fail_errors.concat(NET_ERRORS.map {|e| Gem::Net.const_get(e) })
-    end.freeze
+    FAIL_ERRORS = [
+      AuthenticationRequiredError,
+      BadAuthenticationError,
+      AuthenticationForbiddenError,
+      FallbackError,
+      SecurityError,
+      Gem::Requirement::BadRequirementError,
+      Gem::Net::HTTPBadGateway,
+      Gem::Net::HTTPBadRequest,
+      Gem::Net::HTTPFailedDependency,
+      Gem::Net::HTTPForbidden,
+      Gem::Net::HTTPInsufficientStorage,
+      Gem::Net::HTTPMethodNotAllowed,
+      Gem::Net::HTTPMovedPermanently,
+      Gem::Net::HTTPNoContent,
+      Gem::Net::HTTPNotFound,
+      Gem::Net::HTTPNotImplemented,
+      Gem::Net::HTTPPreconditionFailed,
+      Gem::Net::HTTPRequestEntityTooLarge,
+      Gem::Net::HTTPRequestURITooLong,
+      Gem::Net::HTTPUnauthorized,
+      Gem::Net::HTTPUnprocessableEntity,
+      Gem::Net::HTTPUnsupportedMediaType,
+      Gem::Net::HTTPVersionNotSupported,
+    ].freeze
     class << self
       attr_accessor :disable_endpoint, :api_timeout, :redirect_limit, :max_retries
@@ -294,13 +331,6 @@ module Bundler
       paths.find {|path| File.file? path }
     end
-    HTTP_ERRORS = [
-      Gem::Timeout::Error, EOFError, SocketError, Errno::ENETDOWN, Errno::ENETUNREACH,
-      Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN,
-      Gem::Net::HTTPBadResponse, Gem::Net::HTTPHeaderSyntaxError, Gem::Net::ProtocolError,
-      Gem::Net::HTTP::Persistent::Error, Zlib::BufError, Errno::EHOSTUNREACH
-    ].freeze
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
       ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||

data/lib/bundler/friendly_errors.rb CHANGED Viewed

@@ -102,7 +102,8 @@ module Bundler
     def issues_url(exception)
       message = exception.message.lines.first.tr(":", " ").chomp
       message = message.split("-").first if exception.is_a?(Errno)
-      require "cgi"
+      require "cgi/escape"
+      require "cgi/util" unless defined?(CGI::EscapeExt)
       "https://github.com/rubygems/rubygems/search?q=" \
         "#{CGI.escape(message)}&type=Issues"
     end

data/lib/bundler/index.rb CHANGED Viewed

@@ -131,6 +131,11 @@ module Bundler
       return unless other
       other.each do |spec|
         if existing = find_by_spec(spec)
+          unless dependencies_eql?(existing, spec)
+            Bundler.ui.warn "Local specification for #{spec.full_name} has different dependencies than the remote gem, ignoring it"
+            next
+          end
           add_duplicate(existing)
         end
         add spec
@@ -153,8 +158,8 @@ module Bundler
     end
     def dependencies_eql?(spec, other_spec)
-      deps       = spec.dependencies.select {|d| d.type != :development }
-      other_deps = other_spec.dependencies.select {|d| d.type != :development }
+      deps       = spec.runtime_dependencies
+      other_deps = other_spec.runtime_dependencies
       deps.sort == other_deps.sort
     end

data/lib/bundler/installer.rb CHANGED Viewed

@@ -91,6 +91,11 @@ module Bundler
     end
     def generate_bundler_executable_stubs(spec, options = {})
+      if spec.name == "bundler"
+        Bundler.ui.warn "Bundler itself does not use binstubs because its version is selected by RubyGems"
+        return
+      end
       if options[:binstubs_cmd] && spec.executables.empty?
         options = {}
         spec.runtime_dependencies.each do |dep|
@@ -115,10 +120,6 @@ module Bundler
       ruby_command = Thor::Util.ruby_command
       ruby_command = ruby_command
       template_path = File.expand_path("templates/Executable", __dir__)
-      if spec.name == "bundler"
-        template_path += ".bundler"
-        spec.executables = %(bundle)
-      end
       template = File.read(template_path)
       exists = []

data/lib/bundler/lazy_specification.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module Bundler
       lazy_spec
     end
-    def initialize(name, version, platform, source = nil)
+    def initialize(name, version, platform, source = nil, **materialization_options)
       @name          = name
       @version       = version
       @dependencies  = []
@@ -43,6 +43,7 @@ module Bundler
       @original_source = source
       @source = source
+      @materialization_options = materialization_options
       @force_ruby_platform = default_force_ruby_platform
       @most_specific_locked_platform = nil
@@ -142,15 +143,15 @@ module Bundler
         end
       else
         materialize([name, version]) do |matching_specs|
-          target_platform = source.is_a?(Source::Path) ? platform : local_platform
+          target_platform = source.is_a?(Source::Path) ? platform : Bundler.local_platform
-          installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
+          installable_candidates = MatchPlatform.select_best_platform_match(matching_specs, target_platform)
           specification = choose_compatible(installable_candidates, fallback_to_non_installable: false)
           return specification unless specification.nil?
           if target_platform != platform
-            installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform)
+            installable_candidates = MatchPlatform.select_best_platform_match(matching_specs, platform)
           end
           choose_compatible(installable_candidates)
@@ -190,7 +191,7 @@ module Bundler
     end
     def ruby_platform_materializes_to_ruby_platform?
-      generic_platform = generic_local_platform == Gem::Platform::JAVA ? Gem::Platform::JAVA : Gem::Platform::RUBY
+      generic_platform = Bundler.generic_local_platform == Gem::Platform::JAVA ? Gem::Platform::JAVA : Gem::Platform::RUBY
       (most_specific_locked_platform != generic_platform) || force_ruby_platform || Bundler.settings[:force_ruby_platform]
     end
@@ -226,12 +227,13 @@ module Bundler
     # Validate dependencies of this locked spec are consistent with dependencies
     # of the actual spec that was materialized.
     #
-    # Note that we don't validate dependencies of locally installed gems but
+    # Note that unless we are in strict mode (which we set during installation)
+    # we don't validate dependencies of locally installed gems but
     # accept what's in the lockfile instead for performance, since loading
     # dependencies of locally installed gems would mean evaluating all gemspecs,
     # which would affect `bundler/setup` performance.
     def validate_dependencies(spec)
-      if spec.is_a?(StubSpecification)
+      if !@materialization_options[:strict] && spec.is_a?(StubSpecification)
         spec.dependencies = dependencies
       else
         if !source.is_a?(Source::Path) && spec.runtime_dependencies.sort != dependencies.sort

data/lib/bundler/lockfile_parser.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
+require_relative "shared_helpers"
 module Bundler
   class LockfileParser
-    include GemHelpers
     class Position
       attr_reader :line, :column
       def initialize(line, column)
@@ -94,7 +94,7 @@ module Bundler
       lockfile_contents.split(BUNDLED).last.strip
     end
-    def initialize(lockfile)
+    def initialize(lockfile, strict: false)
       @platforms    = []
       @sources      = []
       @dependencies = {}
@@ -106,6 +106,7 @@ module Bundler
         "Gemfile.lock"
       end
       @pos = Position.new(1, 1)
+      @strict = strict
       if lockfile.match?(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
         raise LockfileError, "Your #{@lockfile_path} contains merge conflicts.\n" \
@@ -139,8 +140,23 @@ module Bundler
         end
         @pos.advance!(line)
       end
+      if !Bundler.frozen_bundle? && @platforms.include?(Gem::Platform::X64_MINGW_LEGACY)
+        if @platforms.include?(Gem::Platform::X64_MINGW)
+          @platforms.delete(Gem::Platform::X64_MINGW_LEGACY)
+          SharedHelpers.major_deprecation(2,
+            "Found x64-mingw32 in lockfile, which is deprecated. Removing it. Support for x64-mingw32 will be removed in Bundler 4.0.",
+            removed_message: "Found x64-mingw32 in lockfile, which is no longer supported as of Bundler 4.0.")
+        else
+          @platforms[@platforms.index(Gem::Platform::X64_MINGW_LEGACY)] = Gem::Platform::X64_MINGW
+          SharedHelpers.major_deprecation(2,
+            "Found x64-mingw32 in lockfile, which is deprecated. Using x64-mingw-ucrt, the replacement for x64-mingw32 in modern rubies, instead. Support for x64-mingw32 will be removed in Bundler 4.0.",
+            removed_message: "Found x64-mingw32 in lockfile, which is no longer supported as of Bundler 4.0.")
+        end
+      end
       @most_specific_locked_platform = @platforms.min_by do |bundle_platform|
-        platform_specificity_match(bundle_platform, local_platform)
+        Gem::Platform.platform_specificity_match(bundle_platform, Bundler.local_platform)
       end
       @specs = @specs.values.sort_by!(&:full_name).each do |spec|
         spec.most_specific_locked_platform = @most_specific_locked_platform
@@ -271,7 +287,7 @@ module Bundler
         version = Gem::Version.new(version)
         platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
-        @current_spec = LazySpecification.new(name, version, platform, @current_source)
+        @current_spec = LazySpecification.new(name, version, platform, @current_source, strict: @strict)
         @current_source.add_dependency_names(name)
         @specs[@current_spec.full_name] = @current_spec

data/lib/bundler/man/bundle-add.1 CHANGED Viewed

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ADD" "1" "March 2025" ""
+.TH "BUNDLE\-ADD" "1" "August 2025" ""
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-binstubs.1 CHANGED Viewed

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-BINSTUBS" "1" "March 2025" ""
+.TH "BUNDLE\-BINSTUBS" "1" "August 2025" ""
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-cache.1 CHANGED Viewed

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CACHE" "1" "March 2025" ""
+.TH "BUNDLE\-CACHE" "1" "August 2025" ""
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-check.1 CHANGED Viewed

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CHECK" "1" "March 2025" ""
+.TH "BUNDLE\-CHECK" "1" "August 2025" ""
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-clean.1 CHANGED Viewed

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CLEAN" "1" "March 2025" ""
+.TH "BUNDLE\-CLEAN" "1" "August 2025" ""
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
 .SH "SYNOPSIS"