bundler 2.7.0 → 4.0.1

data/lib/bundler/definition.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "lockfile_parser"
+require_relative "worker"
 
 module Bundler
   class Definition
@@ -9,6 +10,8 @@ module Bundler
       attr_accessor :no_lock
     end
 
+    attr_writer :lockfile
+
     attr_reader(
       :dependencies,
       :locked_checksums,
@@ -107,6 +110,7 @@ module Bundler
         @locked_ruby_version = @locked_gems.ruby_version
         @locked_deps = @locked_gems.dependencies
         @originally_locked_specs = SpecSet.new(@locked_gems.specs)
+        @originally_locked_sources = @locked_gems.sources
         @locked_checksums = @locked_gems.checksums
 
         if @unlocking_all
@@ -114,7 +118,16 @@ module Bundler
           @locked_sources = []
         else
           @locked_specs   = @originally_locked_specs
-          @locked_sources = @locked_gems.sources
+          @locked_sources = @originally_locked_sources
+        end
+
+        locked_gem_sources = @originally_locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+        multisource_lockfile = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes?
+
+        if multisource_lockfile
+          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
+
+          Bundler::SharedHelpers.feature_removed! msg
         end
       else
         @locked_gems = nil
@@ -123,22 +136,10 @@ module Bundler
         @platforms      = []
         @locked_deps    = {}
         @locked_specs   = SpecSet.new([])
-        @originally_locked_specs = @locked_specs
         @locked_sources = []
-        @locked_checksums = Bundler.feature_flag.lockfile_checksums?
-      end
-
-      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle?
-
-      if @multisource_allowed
-        unless sources.aggregate_global_source?
-          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
-
-          Bundler::SharedHelpers.major_deprecation 2, msg
-        end
-
-        @sources.merged_gem_lockfile_sections!(locked_gem_sources.first)
+        @originally_locked_specs = @locked_specs
+        @originally_locked_sources = @locked_sources
+        @locked_checksums = Bundler.settings[:lockfile_checksums]
       end
 
       @unlocking_ruby ||= if @ruby_version && locked_ruby_version_object
@@ -189,12 +190,14 @@ module Bundler
     def setup_domain!(options = {})
       prefer_local! if options[:"prefer-local"]
 
+      sources.cached!
+
       if options[:add_checksums] || (!options[:local] && install_needed?)
-        remotely!
+        sources.remote!
         true
       else
         Bundler.settings.set_command_option(:jobs, 1) unless install_needed? # to avoid the overhead of Bundler::Worker
-        with_cache!
+        sources.local!
         false
       end
     end
@@ -282,12 +285,17 @@ module Bundler
     end
 
     def filter_relevant(dependencies)
-      platforms_array = [Bundler.generic_local_platform].freeze
       dependencies.select do |d|
-        d.should_include? && !d.gem_platforms(platforms_array).empty?
+        relevant_deps?(d)
       end
     end
 
+    def relevant_deps?(dep)
+      platforms_array = [Bundler.generic_local_platform].freeze
+
+      dep.should_include? && !dep.gem_platforms(platforms_array).empty?
+    end
+
     def locked_dependencies
       @locked_deps.values
     end
@@ -367,12 +375,50 @@ module Bundler
 
         msg = "`Definition#lock` was passed a target file argument. #{suggestion}"
 
-        Bundler::SharedHelpers.major_deprecation 2, msg
+        Bundler::SharedHelpers.feature_removed! msg
       end
 
       write_lock(target_lockfile, preserve_unknown_sections)
     end
 
+    def write_lock(file, preserve_unknown_sections)
+      return if Definition.no_lock || !lockfile || file.nil?
+
+      contents = to_lock
+
+      # Convert to \r\n if the existing lock has them
+      # i.e., Windows with `git config core.autocrlf=true`
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
+
+      if @locked_bundler_version
+        locked_major = @locked_bundler_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
+
+        updating_major = locked_major < current_major
+      end
+
+      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
+
+      if File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
+
+      if Bundler.frozen_bundle?
+        Bundler.ui.error "Cannot write a changed lockfile while frozen."
+        return
+      end
+
+      begin
+        SharedHelpers.filesystem_access(file) do |p|
+          File.open(p, "wb") {|f| f.puts(contents) }
+        end
+      rescue ReadOnlyFileSystemError
+        raise ProductionError, lockfile_changes_summary("file system is read-only")
+      end
+    end
+
     def locked_ruby_version
       return unless ruby_version
       if @unlocking_ruby || !@locked_ruby_version
@@ -492,14 +538,25 @@ module Bundler
       @unlocking
     end
 
-    attr_writer :source_requirements
-
     def add_checksums
+      require "rubygems/package"
+
       @locked_checksums = true
 
       setup_domain!(add_checksums: true)
 
-      specs # force materialization to real specifications, so that checksums are fetched
+      # force materialization to real specifications, so that checksums are fetched
+      specs.each do |spec|
+        next unless spec.source.is_a?(Bundler::Source::Rubygems)
+        # Checksum was fetched from the compact index API.
+        next if !spec.source.checksum_store.missing?(spec) && !spec.source.checksum_store.empty?(spec)
+        # The gem isn't installed, can't compute the checksum.
+        next unless spec.loaded_from
+
+        package = Gem::Package.new(spec.source.cached_built_in_gem(spec))
+        checksum = Checksum.from_gem_package(package)
+        spec.source.checksum_store.register(spec, checksum)
+      end
     end
 
     private
@@ -533,7 +590,7 @@ module Bundler
 
       return unless added.any? || deleted.any? || changed.any? || resolve_needed?
 
-      msg = String.new("#{change_reason.capitalize.strip}, but ")
+      msg = String.new("#{change_reason[0].upcase}#{change_reason[1..-1].strip}, but ")
       msg << "the lockfile " unless msg.start_with?("Your lockfile")
       msg << "can't be updated because #{update_refused_reason}"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
@@ -559,6 +616,7 @@ module Bundler
         @missing_lockfile_dep ||
         @unlocking_bundler ||
         @locked_spec_with_missing_checksums ||
+        @locked_spec_with_empty_checksums ||
         @locked_spec_with_missing_deps ||
         @locked_spec_with_invalid_deps
     end
@@ -575,46 +633,8 @@ module Bundler
       lockfile && File.exist?(lockfile)
     end
 
-    def write_lock(file, preserve_unknown_sections)
-      return if Definition.no_lock || file.nil?
-
-      contents = to_lock
-
-      # Convert to \r\n if the existing lock has them
-      # i.e., Windows with `git config core.autocrlf=true`
-      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n")
-
-      if @locked_bundler_version
-        locked_major = @locked_bundler_version.segments.first
-        current_major = bundler_version_to_lock.segments.first
-
-        updating_major = locked_major < current_major
-      end
-
-      preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
-
-      if File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
-        return if Bundler.frozen_bundle?
-        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
-        return
-      end
-
-      if Bundler.frozen_bundle?
-        Bundler.ui.error "Cannot write a changed lockfile while frozen."
-        return
-      end
-
-      begin
-        SharedHelpers.filesystem_access(file) do |p|
-          File.open(p, "wb") {|f| f.puts(contents) }
-        end
-      rescue ReadOnlyFileSystemError
-        raise ProductionError, lockfile_changes_summary("file system is read-only")
-      end
-    end
-
     def resolver
-      @resolver ||= Resolver.new(resolution_base, gem_version_promoter, @most_specific_locked_platform)
+      @resolver ||= new_resolver(resolution_base)
     end
 
     def expanded_dependencies
@@ -632,8 +652,7 @@ module Bundler
       @resolution_base ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!
-        new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
-        base = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlocking_all || @gems_to_unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+        base = new_resolution_base(last_resolve: last_resolve, unlock: @unlocking_all || @gems_to_unlock)
         base = additional_base_requirements_to_prevent_downgrades(base)
         base = additional_base_requirements_to_force_updates(base)
         base
@@ -645,20 +664,12 @@ module Bundler
     end
 
     def materialize(dependencies)
-      # Tracks potential endless loops trying to re-resolve.
-      # TODO: Remove as dead code if not reports are received in a while
-      incorrect_spec = nil
-
       specs = begin
         resolve.materialize(dependencies)
       rescue IncorrectLockfileDependencies => e
         raise if Bundler.frozen_bundle?
 
-        spec = e.spec
-        raise "Infinite loop while fixing lockfile dependencies" if incorrect_spec == spec
-
-        incorrect_spec = spec
-        reresolve_without([spec])
+        reresolve_without([e.spec])
         retry
       end
 
@@ -740,7 +751,6 @@ module Bundler
     def start_resolution
       local_platform_needed_for_resolvability = @most_specific_non_local_locked_platform && !@platforms.include?(Bundler.local_platform)
       @platforms << Bundler.local_platform if local_platform_needed_for_resolvability
-      add_platform(Gem::Platform::RUBY) if RUBY_ENGINE == "truffleruby"
 
       result = SpecSet.new(resolver.start)
 
@@ -772,7 +782,7 @@ module Bundler
     end
 
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
+      sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
     end
 
     def current_platform_locked?
@@ -848,6 +858,7 @@ module Bundler
         [@missing_lockfile_dep, "your lockfile is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
         [@locked_spec_with_missing_checksums, "your lockfile is missing a CHECKSUMS entry for \"#{@locked_spec_with_missing_checksums}\""],
+        [@locked_spec_with_empty_checksums, "your lockfile has an empty CHECKSUMS entry for \"#{@locked_spec_with_empty_checksums}\""],
         [@locked_spec_with_missing_deps, "your lockfile includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
         [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
@@ -907,13 +918,23 @@ module Bundler
       @locked_spec_with_invalid_deps = nil
       @locked_spec_with_missing_deps = nil
       @locked_spec_with_missing_checksums = nil
+      @locked_spec_with_empty_checksums = nil
 
       missing_deps = []
       missing_checksums = []
+      empty_checksums = []
       invalid = []
 
       @locked_specs.each do |s|
-        missing_checksums << s if @locked_checksums && s.source.checksum_store.missing?(s)
+        if @locked_checksums
+          checksum_store = s.source.checksum_store
+
+          if checksum_store.missing?(s)
+            missing_checksums << s
+          elsif checksum_store.empty?(s)
+            empty_checksums << s
+          end
+        end
 
         validation = @locked_specs.validate_deps(s)
 
@@ -922,6 +943,7 @@ module Bundler
       end
 
       @locked_spec_with_missing_checksums = missing_checksums.first.name if missing_checksums.any?
+      @locked_spec_with_empty_checksums = empty_checksums.first.name if empty_checksums.any?
 
       if missing_deps.any?
         @locked_specs.delete(missing_deps)
@@ -951,7 +973,7 @@ module Bundler
       sources.all_sources.each do |source|
         # has to be done separately, because we want to keep the locked checksum
         # store for a source, even when doing a full update
-        if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
+        if @locked_checksums && @locked_gems && locked_source = @originally_locked_sources.find {|s| s == source && !s.equal?(source) }
           source.checksum_store.merge!(locked_source.checksum_store)
         end
         # If the source is unlockable and the current command allows an unlock of
@@ -972,10 +994,11 @@ module Bundler
       @missing_lockfile_dep = nil
       @changed_dependencies = []
 
-      current_dependencies.each do |dep|
+      @dependencies.each do |dep|
         if dep.source
           dep.source = sources.get(dep.source)
         end
+        next unless relevant_deps?(dep)
 
         name = dep.name
 
@@ -1033,6 +1056,8 @@ module Bundler
 
       specs.each do |s|
         name = s.name
+        next if @gems_to_unlock.include?(name)
+
         dep = @dependencies.find {|d| s.satisfies?(d) }
         lockfile_source = s.source
 
@@ -1046,12 +1071,13 @@ module Bundler
 
         # Replace the locked dependency's source with the equivalent source from the Gemfile
         s.source = replacement_source || default_source
+        next if s.source_changed?
 
         source = s.source
         next if @sources_to_unlock.include?(source.name)
 
         # Path sources have special logic
-        if source.instance_of?(Source::Path) || source.instance_of?(Source::Gemspec) || (source.instance_of?(Source::Git) && !@gems_to_unlock.include?(name) && deps.include?(dep))
+        if source.is_a?(Source::Path)
           new_spec = source.specs[s].first
           if new_spec
             s.runtime_dependencies.replace(new_spec.runtime_dependencies)
@@ -1079,7 +1105,23 @@ module Bundler
       @source_requirements ||= find_source_requirements
     end
 
+    def preload_git_source_worker
+      @preload_git_source_worker ||= Bundler::Worker.new(5, "Git source preloading", ->(source, _) { source.specs })
+    end
+
+    def preload_git_sources
+      sources.git_sources.each {|source| preload_git_source_worker.enq(source) }
+    ensure
+      preload_git_source_worker.stop
+    end
+
     def find_source_requirements
+      if Gem.ruby_version >= Gem::Version.new("3.3")
+        # Ruby 3.2 has a bug that incorrectly triggers a circular dependency warning. This version will continue to
+        # fetch git repositories one by one.
+        preload_git_sources
+      end
+
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
@@ -1131,9 +1173,9 @@ module Bundler
     end
 
     def additional_base_requirements_to_prevent_downgrades(resolution_base)
-      return resolution_base unless @locked_gems && !sources.expired_sources?(@locked_gems.sources)
+      return resolution_base unless @locked_gems
       @originally_locked_specs.each do |locked_spec|
-        next if locked_spec.source.is_a?(Source::Path)
+        next if locked_spec.source.is_a?(Source::Path) || locked_spec.source_changed?
 
         name = locked_spec.name
         next if @changed_dependencies.include?(name)
@@ -1145,7 +1187,7 @@ module Bundler
 
     def additional_base_requirements_to_force_updates(resolution_base)
       return resolution_base if @explicit_unlocks.empty?
-      full_update = dup_for_full_unlock.resolve
+      full_update = SpecSet.new(new_resolver_for_full_update.start)
       @explicit_unlocks.each do |name|
         version = full_update.version_for(name)
         resolution_base.base_requirements[name] = Gem::Requirement.new("= #{version}") if version
@@ -1153,17 +1195,6 @@ module Bundler
       resolution_base
     end
 
-    def dup_for_full_unlock
-      unlocked_definition = self.class.new(@lockfile, @dependencies, @sources, true, @ruby_version, @optional_groups, @gemfiles)
-      unlocked_definition.source_requirements = source_requirements
-      unlocked_definition.gem_version_promoter.tap do |gvp|
-        gvp.level = gem_version_promoter.level
-        gvp.strict = gem_version_promoter.strict
-        gvp.pre = gem_version_promoter.pre
-      end
-      unlocked_definition
-    end
-
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
 
@@ -1182,5 +1213,22 @@ module Bundler
     def source_map
       @source_map ||= SourceMap.new(sources, dependencies, @locked_specs)
     end
+
+    def new_resolver_for_full_update
+      new_resolver(unlocked_resolution_base)
+    end
+
+    def unlocked_resolution_base
+      new_resolution_base(last_resolve: SpecSet.new([]), unlock: true)
+    end
+
+    def new_resolution_base(last_resolve:, unlock:)
+      new_resolution_platforms = @current_platform_missing ? @new_platforms + [Bundler.local_platform] : @new_platforms
+      Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: unlock, prerelease: gem_version_promoter.pre?, prefer_local: @prefer_local, new_platforms: new_resolution_platforms)
+    end
+
+    def new_resolver(base)
+      Resolver.new(base, gem_version_promoter, @most_specific_locked_platform)
+    end
   end
 end

data/lib/bundler/deployment.rb

@@ -1,69 +1,6 @@
 # frozen_string_literal: true
 
 require_relative "shared_helpers"
-Bundler::SharedHelpers.major_deprecation 2, "Bundler no longer integrates with " \
+Bundler::SharedHelpers.feature_removed! "Bundler no longer integrates with " \
   "Capistrano, but Capistrano provides its own integration with " \
   "Bundler via the capistrano-bundler gem. Use it instead."
-
-module Bundler
-  class Deployment
-    def self.define_task(context, task_method = :task, opts = {})
-      if defined?(Capistrano) && context.is_a?(Capistrano::Configuration)
-        context_name = "capistrano"
-        role_default = "{:except => {:no_release => true}}"
-        error_type = ::Capistrano::CommandError
-      else
-        context_name = "vlad"
-        role_default = "[:app]"
-        error_type = ::Rake::CommandFailedError
-      end
-
-      roles = context.fetch(:bundle_roles, false)
-      opts[:roles] = roles if roles
-
-      context.send :namespace, :bundle do
-        send :desc, <<-DESC
-          Install the current Bundler environment. By default, gems will be \
-          installed to the shared/bundle path. Gems in the development and \
-          test group will not be installed. The install command is executed \
-          with the --deployment and --quiet flags. If the bundle cmd cannot \
-          be found then you can override the bundle_cmd variable to specify \
-          which one it should use. The base path to the app is fetched from \
-          the :latest_release variable. Set it for custom deploy layouts.
-
-          You can override any of these defaults by setting the variables shown below.
-
-          N.B. bundle_roles must be defined before you require 'bundler/#{context_name}' \
-          in your deploy.rb file.
-
-            set :bundle_gemfile,  "Gemfile"
-            set :bundle_dir,      File.join(fetch(:shared_path), 'bundle')
-            set :bundle_flags,    "--deployment --quiet"
-            set :bundle_without,  [:development, :test]
-            set :bundle_with,     [:mysql]
-            set :bundle_cmd,      "bundle" # e.g. "/opt/ruby/bin/bundle"
-            set :bundle_roles,    #{role_default} # e.g. [:app, :batch]
-        DESC
-        send task_method, :install, opts do
-          bundle_cmd     = context.fetch(:bundle_cmd, "bundle")
-          bundle_flags   = context.fetch(:bundle_flags, "--deployment --quiet")
-          bundle_dir     = context.fetch(:bundle_dir, File.join(context.fetch(:shared_path), "bundle"))
-          bundle_gemfile = context.fetch(:bundle_gemfile, "Gemfile")
-          bundle_without = [*context.fetch(:bundle_without, [:development, :test])].compact
-          bundle_with    = [*context.fetch(:bundle_with, [])].compact
-          app_path = context.fetch(:latest_release)
-          if app_path.to_s.empty?
-            raise error_type.new("Cannot detect current release path - make sure you have deployed at least once.")
-          end
-          args = ["--gemfile #{File.join(app_path, bundle_gemfile)}"]
-          args << "--path #{bundle_dir}" unless bundle_dir.to_s.empty?
-          args << bundle_flags.to_s
-          args << "--without #{bundle_without.join(" ")}" unless bundle_without.empty?
-          args << "--with #{bundle_with.join(" ")}" unless bundle_with.empty?
-
-          run "cd #{app_path} && #{bundle_cmd} install #{args.join(" ")}"
-        end
-      end
-    end
-  end
-end

data/lib/bundler/digest.rb

@@ -26,7 +26,7 @@ module Bundler
           end
           a, b, c, d, e = *words
           (16..79).each do |i|
-            w[i] = SHA1_MASK & rotate((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]), 1)
+            w[i] = SHA1_MASK & rotate(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1)
           end
           0.upto(79) do |i|
             case i

data/lib/bundler/dsl.rb

@@ -9,8 +9,9 @@ module Bundler
 
     def self.evaluate(gemfile, lockfile, unlock)
       builder = new
+      builder.lockfile(lockfile)
       builder.eval_gemfile(gemfile)
-      builder.to_definition(lockfile, unlock)
+      builder.to_definition(builder.lockfile_path, unlock)
     end
 
     VALID_PLATFORMS = Bundler::CurrentRuby::PLATFORM_MAP.keys.freeze
@@ -38,6 +39,7 @@ module Bundler
       @gemspecs             = []
       @gemfile              = nil
       @gemfiles             = []
+      @lockfile             = nil
       add_git_sources
     end
 
@@ -101,6 +103,15 @@ module Bundler
       add_dependency(name, version, options)
     end
 
+    # For usage in Dsl.evaluate, since lockfile is used as part of the Gemfile.
+    def lockfile_path
+      @lockfile
+    end
+
+    def lockfile(file)
+      @lockfile = file
+    end
+
     def source(source, *args, &blk)
       options = args.last.is_a?(Hash) ? args.pop.dup : {}
       options = normalize_hash(options)
@@ -175,6 +186,7 @@ module Bundler
 
     def to_definition(lockfile, unlock)
       check_primary_source_safety
+      lockfile = @lockfile unless @lockfile.nil?
       Definition.new(lockfile, @dependencies, @sources, unlock, @ruby_version, @optional_groups, @gemfiles)
     end
 
@@ -290,7 +302,7 @@ module Bundler
             @dependencies.delete(current)
           elsif dep.gemspec_dev_dep?
             return
-          elsif current.source != dep.source
+          elsif current.source.to_s != dep.source.to_s
             raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
                             "You specified that #{name} (#{dep.requirement}) should come from " \
                             "#{current.source || "an unspecified source"} and #{dep.source}\n"
@@ -411,7 +423,13 @@ module Bundler
         next if VALID_PLATFORMS.include?(p)
         raise GemfileError, "`#{p}` is not a valid platform. The available options are: #{VALID_PLATFORMS.inspect}"
       end
-      deprecate_legacy_windows_platforms(platforms)
+
+      windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
+      if windows_platforms.any?
+        windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
+        deprecated_message = "Platform #{windows_platforms} will be removed in the future. Please use platform :windows instead."
+        Bundler::SharedHelpers.feature_deprecated! deprecated_message
+      end
 
       # Save sources passed in a key
       if opts.key?("source")
@@ -477,14 +495,10 @@ module Bundler
     def normalize_source(source)
       case source
       when :gemcutter, :rubygems, :rubyforge
-        message =
-          "The source :#{source} is deprecated because HTTP requests are insecure.\n" \
-          "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
         removed_message =
           "The source :#{source} is disallowed because HTTP requests are insecure.\n" \
           "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
-        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
-        "http://rubygems.org"
+        Bundler::SharedHelpers.feature_removed! removed_message
       when String
         source
       else
@@ -492,16 +506,6 @@ module Bundler
       end
     end
 
-    def deprecate_legacy_windows_platforms(platforms)
-      windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
-      return if windows_platforms.empty?
-
-      windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
-      message = "Platform #{windows_platforms} is deprecated. Please use platform :windows instead."
-      removed_message = "Platform #{windows_platforms} has been removed. Please use platform :windows instead."
-      Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
-    end
-
     def check_path_source_safety
       return if @sources.global_path_source.nil?
 
@@ -513,7 +517,7 @@ module Bundler
               "      gem 'rails'\n" \
               "    end\n\n"
 
-      SharedHelpers.major_deprecation(2, msg.strip)
+      SharedHelpers.feature_removed! msg.strip
     end
 
     def check_rubygems_source_safety
@@ -521,24 +525,10 @@ module Bundler
     end
 
     def multiple_global_source_warning
-      if Bundler.feature_flag.bundler_4_mode?
-        msg = "This Gemfile contains multiple global sources. " \
-          "Each source after the first must include a block to indicate which gems " \
-          "should come from that source"
-        raise GemfileEvalError, msg
-      else
-        message =
-          "Your Gemfile contains multiple global sources. " \
-          "Using `source` more than once without a block is a security risk, and " \
-          "may result in installing unexpected gems. To resolve this warning, use " \
-          "a block to indicate which gems should come from the secondary source."
-        removed_message =
-          "Your Gemfile contains multiple global sources. " \
-          "Using `source` more than once without a block is a security risk, and " \
-          "may result in installing unexpected gems. To resolve this error, use " \
-          "a block to indicate which gems should come from the secondary source."
-        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
-      end
+      msg = "This Gemfile contains multiple global sources. " \
+        "Each source after the first must include a block to indicate which gems " \
+        "should come from that source"
+      raise GemfileEvalError, msg
     end
 
     class DSLError < GemfileError

data/lib/bundler/environment_preserver.rb

@@ -6,6 +6,7 @@ module Bundler
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
+      BUNDLE_LOCKFILE
       BUNDLER_VERSION
       BUNDLER_SETUP
       GEM_HOME