rubygems-update 3.2.30 → 3.3.0

data/bundler/lib/bundler/definition.rb

@@ -6,6 +6,11 @@ module Bundler
   class Definition
     include GemHelpers
 
+    class << self
+      # Do not create or modify a lockfile (Makes #lock a noop)
+      attr_accessor :no_lock
+    end
+
     attr_reader(
       :dependencies,
       :locked_deps,
@@ -138,7 +143,7 @@ module Bundler
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
 
-      @locked_specs_incomplete_for_platform = !@locked_specs.for(expand_dependencies(requested_dependencies & locked_dependencies), true, true)
+      @locked_specs_incomplete_for_platform = !@locked_specs.for(requested_dependencies & expand_dependencies(locked_dependencies), true, true)
 
       @requires = compute_requires
     end
@@ -158,10 +163,6 @@ module Bundler
       end
     end
 
-    def multisource_allowed?
-      @multisource_allowed
-    end
-
     def resolve_only_locally!
       @remote = false
       sources.local_only!
@@ -234,16 +235,17 @@ module Bundler
     end
 
     def specs_for(groups)
-      groups = requested_groups if groups.empty?
+      return specs if groups.empty?
       deps = dependencies_for(groups)
-      materialize(expand_dependencies(deps))
+      materialize(deps)
     end
 
     def dependencies_for(groups)
       groups.map!(&:to_sym)
-      current_dependencies.reject do |d|
+      deps = current_dependencies.reject do |d|
         (d.groups & groups).empty?
       end
+      expand_dependencies(deps)
     end
 
     # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -278,6 +280,8 @@ module Bundler
     end
 
     def lock(file, preserve_unknown_sections = false)
+      return if Definition.no_lock
+
       contents = to_lock
 
       # Convert to \r\n if the existing lock has them
@@ -290,7 +294,7 @@ module Bundler
 
         if updating_major = locked_major < current_major
           Bundler.ui.warn "Warning: the lockfile is being updated to Bundler #{current_major}, " \
-                          "after which you will be unable to return to Bundler #{@locked_bundler_version.segments.first}."
+                          "after which you will be unable to return to Bundler #{locked_major}."
         end
       end
 
@@ -367,44 +371,31 @@ module Bundler
       added.concat new_platforms.map {|p| "* platform: #{p}" }
       deleted.concat deleted_platforms.map {|p| "* platform: #{p}" }
 
-      gemfile_sources = sources.lock_sources
-
-      new_sources = gemfile_sources - @locked_sources
-      deleted_sources = @locked_sources - gemfile_sources
-
       new_deps = @dependencies - locked_dependencies
       deleted_deps = locked_dependencies - @dependencies
 
-      # Check if it is possible that the source is only changed thing
-      if (new_deps.empty? && deleted_deps.empty?) && (!new_sources.empty? && !deleted_sources.empty?)
-        new_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-        deleted_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) }
-      end
+      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
+      deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
 
-      if @locked_sources != gemfile_sources
-        if new_sources.any?
-          added.concat new_sources.map {|source| "* source: #{source}" }
-        end
+      both_sources = Hash.new {|h, k| h[k] = [] }
+      @dependencies.each {|d| both_sources[d.name][0] = d }
 
-        if deleted_sources.any?
-          deleted.concat deleted_sources.map {|source| "* source: #{source}" }
-        end
-      end
+      locked_dependencies.each do |d|
+        next if !Bundler.feature_flag.bundler_3_mode? && @locked_specs[d.name].empty?
 
-      added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any?
-      if deleted_deps.any?
-        deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" }
+        both_sources[d.name][1] = d
       end
 
-      both_sources = Hash.new {|h, k| h[k] = [] }
-      @dependencies.each {|d| both_sources[d.name][0] = d }
-      @locked_deps.each  {|name, d| both_sources[name][1] = d.source }
+      both_sources.each do |name, (dep, lock_dep)|
+        next if dep.nil? || lock_dep.nil?
+
+        gemfile_source = dep.source || sources.default_source
+        lock_source = lock_dep.source || sources.default_source
+        next if lock_source.include?(gemfile_source)
 
-      both_sources.each do |name, (dep, lock_source)|
-        next if lock_source.nil? || (dep && lock_source.can_lock?(dep))
-        gemfile_source_name = (dep && dep.source) || "no specified source"
-        lockfile_source_name = lock_source
-        changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
+        gemfile_source_name = dep.source ? gemfile_source.identifier : "no specified source"
+        lockfile_source_name = lock_dep.source ? lock_source.identifier : "no specified source"
+        changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`"
       end
 
       reason = change_reason
@@ -648,25 +639,14 @@ module Bundler
     end
 
     def converge_dependencies
-      frozen = Bundler.frozen_bundle?
-      (@dependencies + locked_dependencies).each do |dep|
-        locked_source = @locked_deps[dep.name]
-        # This is to make sure that if bundler is installing in deployment mode and
-        # after locked_source and sources don't match, we still use locked_source.
-        if frozen && !locked_source.nil? &&
-            locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist?
-          dep.source = locked_source.source
-        elsif dep.source
+      changes = false
+
+      @dependencies.each do |dep|
+        if dep.source
           dep.source = sources.get(dep.source)
         end
-      end
 
-      changes = false
-      # We want to know if all match, but don't want to check all entries
-      # This means we need to return false if any dependency doesn't match
-      # the lock or doesn't exist in the lock.
-      @dependencies.each do |dependency|
-        unless locked_dep = @locked_deps[dependency.name]
+        unless locked_dep = @locked_deps[dep.name]
           changes = true
           next
         end
@@ -677,11 +657,11 @@ module Bundler
         # directive, the lockfile dependencies and resolved dependencies end up
         # with a mismatch on #type. Work around that by setting the type on the
         # dep from the lockfile.
-        locked_dep.instance_variable_set(:@type, dependency.type)
+        locked_dep.instance_variable_set(:@type, dep.type)
 
         # We already know the name matches from the hash lookup
         # so we only need to check the requirement now
-        changes ||= dependency.requirement != locked_dep.requirement
+        changes ||= dep.requirement != locked_dep.requirement
       end
 
       changes
@@ -691,39 +671,36 @@ module Bundler
     # commonly happen if the Gemfile has changed since the lockfile was last
     # generated
     def converge_locked_specs
-      deps = []
+      resolve = converge_specs(@locked_specs)
 
-      # Build a list of dependencies that are the same in the Gemfile
-      # and Gemfile.lock. If the Gemfile modified a dependency, but
-      # the gem in the Gemfile.lock still satisfies it, this is fine
-      # too.
-      @dependencies.each do |dep|
-        locked_dep = @locked_deps[dep.name]
-
-        # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep
-        locked_dep = nil unless locked_dep == dep
+      diff = nil
 
-        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
-          deps << dep
-        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
-          @locked_specs.each do |s|
-            @unlock[:gems] << s.name if s.source == dep.source
-          end
+      # Now, we unlock any sources that do not have anymore gems pinned to it
+      sources.all_sources.each do |source|
+        next unless source.respond_to?(:unlock!)
 
-          dep.source.unlock! if dep.source.respond_to?(:unlock!)
-          dep.source.specs.each {|s| @unlock[:gems] << s.name }
+        unless resolve.any? {|s| s.source == source }
+          diff ||= @locked_specs.to_a - resolve.to_a
+          source.unlock! if diff.any? {|s| s.source == source }
         end
       end
 
+      resolve
+    end
+
+    def converge_specs(specs)
+      deps = []
       converged = []
-      @locked_specs.each do |s|
+      specs.each do |s|
         # Replace the locked dependency's source with the equivalent source from the Gemfile
         dep = @dependencies.find {|d| s.satisfies?(d) }
-        s.source = (dep && dep.source) || sources.get(s.source) unless multisource_allowed?
 
-        # Don't add a spec to the list if its source is expired. For example,
-        # if you change a Git gem to RubyGems.
-        next if s.source.nil?
+        if dep && (!dep.source || s.source.include?(dep.source))
+          deps << dep
+        end
+
+        s.source = (dep && dep.source) || sources.get(s.source) || sources.default_source unless Bundler.frozen_bundle?
+
         next if @unlock[:sources].include?(s.source.name)
 
         # If the spec is from a path source and it doesn't exist anymore
@@ -736,7 +713,7 @@ module Bundler
           rescue PathError, GitError
             # if we won't need the source (according to the lockfile),
             # don't error if the path/git source isn't available
-            next if @locked_specs.
+            next if specs.
                     for(requested_dependencies, false, true).
                     none? {|locked_spec| locked_spec.source == s.source }
 
@@ -752,35 +729,15 @@ module Bundler
           s.dependencies.replace(new_spec.dependencies)
         end
 
-        converged << s
-      end
-
-      resolve = SpecSet.new(converged)
-      resolve = SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
-      diff    = nil
-
-      # Now, we unlock any sources that do not have anymore gems pinned to it
-      sources.all_sources.each do |source|
-        next unless source.respond_to?(:unlock!)
-
-        unless resolve.any? {|s| s.source == source }
-          diff ||= @locked_specs.to_a - resolve.to_a
-          source.unlock! if diff.any? {|s| s.source == source }
+        if dep.nil? && requested_dependencies.find {|d| s.name == d.name }
+          @unlock[:gems] << s.name
+        else
+          converged << s
         end
       end
 
-      resolve
-    end
-
-    def in_locked_deps?(dep, locked_dep)
-      # Because the lockfile can't link a dep to a specific remote, we need to
-      # treat sources as equivalent anytime the locked dep has all the remotes
-      # that the Gemfile dep does.
-      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
-    end
-
-    def satisfies_locked_spec?(dep)
-      @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+      resolve = SpecSet.new(converged)
+      SpecSet.new(resolve.for(expand_dependencies(deps, true), false, false).reject{|s| @unlock[:gems].include?(s.name) })
     end
 
     def metadata_dependencies
@@ -873,22 +830,11 @@ module Bundler
 
     def additional_base_requirements_for_resolve
       return [] unless @locked_gems && unlocking? && !sources.expired_sources?(@locked_gems.sources)
-      dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) }
-      @locked_gems.specs.reduce({}) do |requirements, locked_spec|
+      converge_specs(@locked_gems.specs).map do |locked_spec|
         name = locked_spec.name
-        dependency = dependencies_by_name[name]
-        next requirements if @locked_gems.dependencies[name] != dependency
-        next requirements if dependency && dependency.source.is_a?(Source::Path)
         dep = Gem::Dependency.new(name, ">= #{locked_spec.version}")
-        requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform)
-        requirements
-      end.values
-    end
-
-    def equivalent_rubygems_remotes?(source)
-      return false unless source.is_a?(Source::Rubygems)
-
-      Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
+        DepProxy.get_proxy(dep, locked_spec.platform)
+      end
     end
 
     def source_map

data/bundler/lib/bundler/dependency.rb

@@ -7,7 +7,7 @@ require_relative "rubygems_ext"
 module Bundler
   class Dependency < Gem::Dependency
     attr_reader :autorequire
-    attr_reader :groups, :platforms, :gemfile, :git, :branch
+    attr_reader :groups, :platforms, :gemfile, :git, :github, :branch, :ref
 
     PLATFORM_MAP = {
       :ruby     => Gem::Platform::RUBY,
@@ -82,7 +82,9 @@ module Bundler
       @groups         = Array(options["group"] || :default).map(&:to_sym)
       @source         = options["source"]
       @git            = options["git"]
+      @github         = options["github"]
       @branch         = options["branch"]
+      @ref            = options["ref"]
       @platforms      = Array(options["platforms"])
       @env            = options["env"]
       @should_include = options.fetch("should_include", true)
@@ -96,15 +98,11 @@ module Bundler
     def gem_platforms(valid_platforms)
       return valid_platforms if @platforms.empty?
 
-      valid_generic_platforms = valid_platforms.map {|p| [p, GemHelpers.generic(p)] }.to_h
-      @gem_platforms ||= expanded_platforms.compact.uniq
-
-      filtered_generic_platforms = valid_generic_platforms.values & @gem_platforms
-      valid_generic_platforms.select {|_, v| filtered_generic_platforms.include?(v) }.keys
+      valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }
     end
 
     def expanded_platforms
-      @platforms.map {|pl| PLATFORM_MAP[pl] }
+      @expanded_platforms ||= @platforms.map {|pl| PLATFORM_MAP[pl] }.compact.uniq
     end
 
     def should_include?

data/bundler/lib/bundler/dsl.rb

@@ -18,6 +18,8 @@ module Bundler
     VALID_KEYS = %w[group groups git path glob name branch ref tag require submodules
                     platform platforms type source install_if gemfile].freeze
 
+    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}.freeze
+
     attr_reader :gemspecs
     attr_accessor :dependencies
 
@@ -275,26 +277,24 @@ module Bundler
 
     def add_git_sources
       git_source(:github) do |repo_name|
-        warn_deprecated_git_source(:github, <<-'RUBY'.strip, 'Change any "reponame" :github sources to "username/reponame".')
-"https://github.com/#{repo_name}.git"
-        RUBY
-        repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-        "https://github.com/#{repo_name}.git"
+        if repo_name =~ GITHUB_PULL_REQUEST_URL
+          {
+            "git" => "https://github.com/#{$1}.git",
+            "branch" => "refs/pull/#{$2}/head",
+            "ref" => nil,
+            "tag" => nil,
+          }
+        else
+          repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
+          "https://github.com/#{repo_name}.git"
+        end
       end
 
       git_source(:gist) do |repo_name|
-        warn_deprecated_git_source(:gist, '"https://gist.github.com/#{repo_name}.git"')
-
         "https://gist.github.com/#{repo_name}.git"
       end
 
       git_source(:bitbucket) do |repo_name|
-        warn_deprecated_git_source(:bitbucket, <<-'RUBY'.strip)
-user_name, repo_name = repo_name.split("/")
-repo_name ||= user_name
-"https://#{user_name}@bitbucket.org/#{user_name}/#{repo_name}.git"
-        RUBY
-
         user_name, repo_name = repo_name.split("/")
         repo_name ||= user_name
         "https://#{user_name}@bitbucket.org/#{user_name}/#{repo_name}.git"
@@ -365,7 +365,11 @@ repo_name ||= user_name
 
       git_name = (git_names & opts.keys).last
       if @git_sources[git_name]
-        opts["git"] = @git_sources[git_name].call(opts[git_name])
+        git_opts = @git_sources[git_name].call(opts[git_name])
+        git_opts = { "git" => git_opts } if git_opts.is_a?(String)
+        opts.merge!(git_opts) do |key, _gemfile_value, _git_source_value|
+          raise GemfileError, %(The :#{key} option can't be used with `#{git_name}: #{opts[git_name].inspect}`)
+        end
       end
 
       %w[git path].each do |type|
@@ -475,22 +479,6 @@ repo_name ||= user_name
       end
     end
 
-    def warn_deprecated_git_source(name, replacement, additional_message = nil)
-      additional_message &&= " #{additional_message}"
-      replacement = if replacement.count("\n").zero?
-        "{|repo_name| #{replacement} }"
-      else
-        "do |repo_name|\n#{replacement.to_s.gsub(/^/, "      ")}\n    end"
-      end
-
-      Bundler::SharedHelpers.major_deprecation 3, <<-EOS
-The :#{name} git source is deprecated, and will be removed in the future.#{additional_message} Add this code to the top of your Gemfile to ensure it continues to work:
-
-    git_source(:#{name}) #{replacement}
-
-      EOS
-    end
-
     class DSLError < GemfileError
       # @return [String] the description that should be presented to the user.
       #

data/bundler/lib/bundler/endpoint_specification.rb

@@ -3,7 +3,6 @@
 module Bundler
   # used for Creating Specifications from the Gemcutter Endpoint
   class EndpointSpecification < Gem::Specification
-    ILLFORMED_MESSAGE = 'Ill-formed requirement ["#<YAML::Syck::DefaultKey'.freeze
     include MatchPlatform
 
     attr_reader :name, :version, :platform, :required_rubygems_version, :required_ruby_version, :checksum
@@ -129,13 +128,6 @@ module Bundler
 
     def build_dependency(name, requirements)
       Gem::Dependency.new(name, requirements)
-    rescue ArgumentError => e
-      raise unless e.message.include?(ILLFORMED_MESSAGE)
-      puts # we shouldn't print the error message on the "fetching info" status line
-      raise GemspecError,
-        "Unfortunately, the gem #{name} (#{version}) has an invalid " \
-        "gemspec.\nPlease ask the gem author to yank the bad version to fix " \
-        "this issue. For more information, see http://bit.ly/syck-defaultkey."
     end
   end
 end

data/bundler/lib/bundler/environment_preserver.rb

@@ -38,7 +38,10 @@ module Bundler
 
     # Replaces `ENV` with the bundler environment variables backed up
     def replace_with_backup
-      ENV.replace(backup) unless Gem.win_platform?
+      unless Gem.win_platform?
+        ENV.replace(backup)
+        return
+      end
 
       # Fallback logic for Windows below to workaround
       # https://bugs.ruby-lang.org/issues/16798. Can be dropped once all

data/bundler/lib/bundler/fetcher/compact_index.rb

@@ -68,11 +68,16 @@ module Bundler
       compact_index_request :fetch_spec
 
       def available?
-        return nil unless SharedHelpers.md5_available?
-        user_home = Bundler.user_home
-        return nil unless user_home.directory? && user_home.writable?
+        unless SharedHelpers.md5_available?
+          Bundler.ui.debug("FIPS mode is enabled, bundler can't use the CompactIndex API")
+          return nil
+        end
+        if fetch_uri.scheme == "file"
+          Bundler.ui.debug("Using a local server, bundler won't use the CompactIndex API")
+          return false
+        end
         # Read info file checksums out of /versions, so we can know if gems are up to date
-        fetch_uri.scheme != "file" && compact_index_client.update_and_parse_checksums!
+        compact_index_client.update_and_parse_checksums!
       rescue CompactIndexClient::Updater::MisMatchedChecksumError => e
         Bundler.ui.debug(e.message)
         nil

data/bundler/lib/bundler/fetcher.rb

@@ -71,8 +71,8 @@ module Bundler
                   :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
     FAIL_ERRORS = begin
       fail_errors = [AuthenticationRequiredError, BadAuthenticationError, FallbackError]
-      fail_errors << Gem::Requirement::BadRequirementError if defined?(Gem::Requirement::BadRequirementError)
-      fail_errors.concat(NET_ERRORS.map {|e| SharedHelpers.const_get_safely(e, Net) }.compact)
+      fail_errors << Gem::Requirement::BadRequirementError
+      fail_errors.concat(NET_ERRORS.map {|e| Net.const_get(e) })
     end.freeze
 
     class << self
@@ -122,7 +122,6 @@ module Bundler
 
     # return the specs in the bundler format as an index
     def specs(gem_names, source)
-      old = Bundler.rubygems.sources
       index = Bundler::Index.new
 
       if Bundler::Fetcher.disable_endpoint
@@ -153,8 +152,6 @@ module Bundler
     rescue CertificateFailureError
       Bundler.ui.info "" if gem_names && use_api # newline after dots
       raise
-    ensure
-      Bundler.rubygems.sources = old
     end
 
     def use_api

data/bundler/lib/bundler/gem_helper.rb

@@ -129,8 +129,8 @@ module Bundler
 
     def git_push(remote = nil)
       remote ||= default_remote
-      sh(%W[git push #{remote} refs/heads/#{current_branch}])
-      sh(%W[git push #{remote} refs/tags/#{version_tag}])
+      sh("git push #{remote} refs/heads/#{current_branch}".shellsplit)
+      sh("git push #{remote} refs/tags/#{version_tag}".shellsplit)
       Bundler.ui.confirm "Pushed git commits and release tag."
     end
 

data/bundler/lib/bundler/injector.rb

@@ -112,9 +112,12 @@ module Bundler
 
         source = ", :source => \"#{d.source}\"" unless d.source.nil?
         git = ", :git => \"#{d.git}\"" unless d.git.nil?
+        github = ", :github => \"#{d.github}\"" unless d.github.nil?
         branch = ", :branch => \"#{d.branch}\"" unless d.branch.nil?
+        ref = ", :ref => \"#{d.ref}\"" unless d.ref.nil?
+        require_path = ", :require => #{convert_autorequire(d.autorequire)}" unless d.autorequire.nil?
 
-        %(gem #{name}#{requirement}#{group}#{source}#{git}#{branch})
+        %(gem #{name}#{requirement}#{group}#{source}#{git}#{github}#{branch}#{ref}#{require_path})
       end.join("\n")
     end
 
@@ -269,5 +272,11 @@ module Bundler
     def show_warning(message)
       Bundler.ui.info Bundler.ui.add_color(message, :yellow)
     end
+
+    def convert_autorequire(autorequire)
+      autorequire = autorequire.first
+      return autorequire if autorequire == "false"
+      autorequire.inspect
+    end
   end
 end

data/bundler/lib/bundler/installer/gem_installer.rb

@@ -13,7 +13,7 @@ module Bundler
     end
 
     def install_from_spec
-      post_install_message = spec_settings ? install_with_settings : install
+      post_install_message = install
       Bundler.ui.debug "#{worker}:  #{spec.name} (#{spec.version}) from #{spec.loaded_from}"
       generate_executable_stubs
       return true, post_install_message
@@ -54,11 +54,6 @@ module Bundler
       spec.source.install(spec, :force => force, :ensure_builtin_gems_cached => standalone, :build_args => Array(spec_settings))
     end
 
-    def install_with_settings
-      # Build arguments are global, so this is mutexed
-      Bundler.rubygems.install_with_build_args([spec_settings]) { install }
-    end
-
     def out_of_space_message
       "#{install_error_message}\nYour disk is out of space. Free some space to be able to install your bundle."
     end

data/bundler/lib/bundler/installer.rb

@@ -218,9 +218,6 @@ module Bundler
         return jobs
       end
 
-      # Parallelization has some issues on Windows, so it's not yet the default
-      return 1 if Gem.win_platform?
-
       Bundler.settings.processor_count
     end
 
@@ -242,7 +239,7 @@ module Bundler
 
     def ensure_specs_are_compatible!
       system_ruby = Bundler::RubyVersion.system
-      rubygems_version = Gem::Version.create(Gem::VERSION)
+      rubygems_version = Bundler.rubygems.version
       @definition.specs.each do |spec|
         if required_ruby_version = spec.required_ruby_version
           unless required_ruby_version.satisfied_by?(system_ruby.gem_version)

data/bundler/lib/bundler/lazy_specification.rb

@@ -38,8 +38,24 @@ module Bundler
       identifier.hash
     end
 
+    ##
+    # Does this locked specification satisfy +dependency+?
+    #
+    # NOTE: Rubygems default requirement is ">= 0", which doesn't match
+    # prereleases of 0 versions, like "0.0.0.dev" or "0.0.0.SNAPSHOT". However,
+    # bundler users expect those to work. We need to make sure that Gemfile
+    # dependencies without explicit requirements (which use ">= 0" under the
+    # hood by default) are still valid for locked specs using this kind of
+    # versions. The method implements an ad-hoc fix for that. A better solution
+    # might be to change default rubygems requirement of dependencies to be ">=
+    # 0.A" but that's a major refactoring likely to break things. Hopefully we
+    # can attempt it in the future.
+    #
+
     def satisfies?(dependency)
-      @name == dependency.name && dependency.requirement.satisfied_by?(Gem::Version.new(@version))
+      effective_requirement = dependency.requirement == Gem::Requirement.default ? Gem::Requirement.new(">= 0.A") : dependency.requirement
+
+      @name == dependency.name && effective_requirement.satisfied_by?(Gem::Version.new(@version))
     end
 
     def to_lock

data/bundler/lib/bundler/lockfile_parser.rb

@@ -46,6 +46,16 @@ module Bundler
       attributes
     end
 
+    def self.bundled_with
+      lockfile = Bundler.default_lockfile
+      return unless lockfile.file?
+
+      lockfile_contents = Bundler.read_file(lockfile)
+      return unless lockfile_contents.include?(BUNDLED)
+
+      lockfile_contents.split(BUNDLED).last.strip
+    end
+
     def initialize(lockfile)
       @platforms    = []
       @sources      = []
@@ -77,24 +87,12 @@ module Bundler
         end
       end
       @specs = @specs.values.sort_by(&:identifier)
-      warn_for_outdated_bundler_version
     rescue ArgumentError => e
       Bundler.ui.debug(e)
       raise LockfileError, "Your lockfile is unreadable. Run `rm #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` " \
         "and then `bundle install` to generate a new lockfile."
     end
 
-    def warn_for_outdated_bundler_version
-      return unless bundler_version
-      prerelease_text = bundler_version.prerelease? ? " --pre" : ""
-      current_version = Gem::Version.create(Bundler::VERSION)
-      return unless current_version < bundler_version
-      Bundler.ui.warn "Warning: the running version of Bundler (#{current_version}) is older " \
-           "than the version that created the lockfile (#{bundler_version}). We suggest you to " \
-           "upgrade to the version that created the lockfile by running `gem install " \
-           "bundler:#{bundler_version}#{prerelease_text}`.\n"
-    end
-
     private
 
     TYPES = {