rubygems-update 3.4.10 → 3.4.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46744d5e03cb80dd7f581f3b934f104c88910b8442d3659b6d41d55777ab7f3a
-  data.tar.gz: d7a2016d3d9af5bc86f92ec7bdb8ec8199d7de024a5fbe4b4a2cd0584bcbcf37
+  metadata.gz: 79b6b95727a03e85042c318c19b9161d61f0f70813bd839229aafe15dd171044
+  data.tar.gz: 31630ced1a24e78dc72f9838f6869e4242418f63af238e4cbc15d697384f64ac
 SHA512:
-  metadata.gz: 8416a6fc4327c003c86b8f05dcebcb0c073cb098ccf3d08661a121aedfca3d493b7b6440a605b5c1711f57b77ff230124d58492f99a58a4f926dd94992b4355c
-  data.tar.gz: 67d782b6794632c09340a51b0f46cde1b82f70cc91aed59cb01961ed6ab57ee2c9a9043c08250c0c6889e2bab71faa6b6e6fa71de0e6cf5e85472ffade6ce73c
+  metadata.gz: 1d6488ea569f1b00fa710c3cf5aedff8f5f06ce2f019d6b8aa172aba4878457a877a4418301c98ed74b7f62ef97b64cca5929586eb60b7e33366f42511bc995d
+  data.tar.gz: 813e2629c91f36981977bd077e89deadee4eca9d503a2c5f72796665b7e771ae5f66b6a7f364a73bca39a170bc3d281fff042f990e04b82b360d81d1e66905a1

data/CHANGELOG.md

@@ -1,3 +1,53 @@
+# 3.4.15 / 2023-06-29
+
+## Enhancements:
+
+* Installs bundler 2.4.15 as a default gem.
+
+## Bug fixes:
+
+* Autoload shellwords when it's needed. Pull request
+  [#6734](https://github.com/rubygems/rubygems/pull/6734) by ioquatix
+
+## Documentation:
+
+* Update command to test local gem command changes. Pull request
+  [#6761](https://github.com/rubygems/rubygems/pull/6761) by jenshenny
+
+# 3.4.14 / 2023-06-12
+
+## Enhancements:
+
+* Load plugin immediately. Pull request
+  [#6673](https://github.com/rubygems/rubygems/pull/6673) by kou
+* Installs bundler 2.4.14 as a default gem.
+
+## Documentation:
+
+* Clarify what the `rubygems-update` gem is for, and link to source code
+  and guides. Pull request
+  [#6710](https://github.com/rubygems/rubygems/pull/6710) by davetron5000
+
+# 3.4.13 / 2023-05-09
+
+## Enhancements:
+
+* Installs bundler 2.4.13 as a default gem.
+
+# 3.4.12 / 2023-04-11
+
+## Enhancements:
+
+* [Experimental] Add WebAuthn Support to the CLI. Pull request
+  [#6560](https://github.com/rubygems/rubygems/pull/6560) by jenshenny
+* Installs bundler 2.4.12 as a default gem.
+
+# 3.4.11 / 2023-04-10
+
+## Enhancements:
+
+* Installs bundler 2.4.11 as a default gem.
+
 # 3.4.10 / 2023-03-27
 
 ## Enhancements:
@@ -666,7 +716,7 @@
 
 ## Enhancements:
 
-* Redact credentails when printing URI. Pull request [#4868](https://github.com/rubygems/rubygems/pull/4868) by intuxicated
+* Redact credentials when printing URI. Pull request [#4868](https://github.com/rubygems/rubygems/pull/4868) by intuxicated
 * Prefer `require_relative` to `require` for internal requires. Pull
   request [#4858](https://github.com/rubygems/rubygems/pull/4858) by deivid-rodriguez
 * Prioritise gems with higher version for fetching metadata, and stop

data/CONTRIBUTING.md

@@ -48,7 +48,7 @@ here: https://guides.rubygems.org/contributing/
 
 To run commands like `gem install` from the repo:
 
-    ruby -Ilib bin/gem install
+    ruby -Ilib exe/gem install
 
 To run commands like `bundle install` from the repo:
 

data/Manifest.txt

@@ -180,6 +180,7 @@ bundler/lib/bundler/rubygems_ext.rb
 bundler/lib/bundler/rubygems_gem_installer.rb
 bundler/lib/bundler/rubygems_integration.rb
 bundler/lib/bundler/runtime.rb
+bundler/lib/bundler/safe_marshal.rb
 bundler/lib/bundler/self_manager.rb
 bundler/lib/bundler/settings.rb
 bundler/lib/bundler/settings/validator.rb
@@ -508,6 +509,7 @@ lib/rubygems/security/policy.rb
 lib/rubygems/security/signer.rb
 lib/rubygems/security/trust_dir.rb
 lib/rubygems/security_option.rb
+lib/rubygems/shellwords.rb
 lib/rubygems/source.rb
 lib/rubygems/source/git.rb
 lib/rubygems/source/installed.rb
@@ -540,6 +542,8 @@ lib/rubygems/util/list.rb
 lib/rubygems/validator.rb
 lib/rubygems/version.rb
 lib/rubygems/version_option.rb
+lib/rubygems/webauthn_listener.rb
+lib/rubygems/webauthn_listener/response.rb
 rubygems-update.gemspec
 setup.rb
 test/rubygems/alternate_cert.pem
@@ -753,6 +757,8 @@ test/rubygems/test_project_sanity.rb
 test/rubygems/test_remote_fetch_error.rb
 test/rubygems/test_require.rb
 test/rubygems/test_rubygems.rb
+test/rubygems/test_webauthn_listener.rb
+test/rubygems/test_webauthn_listener_response.rb
 test/rubygems/utilities.rb
 test/rubygems/wrong_key_cert.pem
 test/rubygems/wrong_key_cert_32.pem

data/bundler/CHANGELOG.md

@@ -1,3 +1,61 @@
+# 2.4.15 (June 29, 2023)
+
+## Enhancements:
+
+  - Improve edge case error message [#6733](https://github.com/rubygems/rubygems/pull/6733)
+
+## Bug fixes:
+
+  - Fix `bundle lock --update --bundler` [#6213](https://github.com/rubygems/rubygems/pull/6213)
+
+# 2.4.14 (June 12, 2023)
+
+## Enhancements:
+
+  - Stop publishing Gemfile in default gem template [#6723](https://github.com/rubygems/rubygems/pull/6723)
+  - Avoid infinite loops when hitting resolution bugs [#6722](https://github.com/rubygems/rubygems/pull/6722)
+  - Make `LockfileParser` usable with just a lockfile [#6694](https://github.com/rubygems/rubygems/pull/6694)
+  - Always rely on `$LOAD_PATH` when jumping from `exe/` to `lib/` [#6702](https://github.com/rubygems/rubygems/pull/6702)
+  - Make `frozen` setting take precedence over `deployment` setting [#6685](https://github.com/rubygems/rubygems/pull/6685)
+  - Show an error when trying to update bundler in frozen mode [#6684](https://github.com/rubygems/rubygems/pull/6684)
+
+## Bug fixes:
+
+  - Fix `deployment` vs `path` precedence [#6703](https://github.com/rubygems/rubygems/pull/6703)
+  - Fix inline mode with multiple sources [#6699](https://github.com/rubygems/rubygems/pull/6699)
+
+# 2.4.13 (May 9, 2023)
+
+## Bug fixes:
+
+  - Fix unexpected fallbacks to full index by adding FalseClass and Time to the SafeMarshal list [#6655](https://github.com/rubygems/rubygems/pull/6655)
+
+## Documentation:
+
+  - Fix broken hyperlinks in bundle cache documentation [#6606](https://github.com/rubygems/rubygems/pull/6606)
+
+# 2.4.12 (April 11, 2023)
+
+## Enhancements:
+
+  - Remove reference to `pry` gem from generated `bin/console` file [#6515](https://github.com/rubygems/rubygems/pull/6515)
+
+# 2.4.11 (April 10, 2023)
+
+## Security:
+
+  - Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) [#6558](https://github.com/rubygems/rubygems/pull/6558)
+
+## Enhancements:
+
+  - Remove one fallback to full indexes on big gemfiles [#6578](https://github.com/rubygems/rubygems/pull/6578)
+  - Generate native gems with `-fvisibility=hidden` [#6541](https://github.com/rubygems/rubygems/pull/6541)
+
+## Bug fixes:
+
+  - Fix resolver hangs when dealing with an incomplete lockfile [#6552](https://github.com/rubygems/rubygems/pull/6552)
+  - Fix prereleases not being considered by gem version promoter when there's no lockfile [#6537](https://github.com/rubygems/rubygems/pull/6537)
+
 # 2.4.10 (March 27, 2023)
 
 ## Bug fixes:

data/bundler/exe/bundle

@@ -10,11 +10,11 @@ end
 base_path = File.expand_path("../lib", __dir__)
 
 if File.exist?(base_path)
-  require_relative "../lib/bundler"
-else
-  require "bundler"
+  $LOAD_PATH.unshift(base_path)
 end
 
+require "bundler"
+
 if Gem.rubygems_version < Gem::Version.new("3.2.3") && Gem.ruby_version < Gem::Version.new("2.7.a") && !ENV["BUNDLER_NO_OLD_RUBYGEMS_WARNING"]
   Bundler.ui.warn \
     "Your RubyGems version (#{Gem::VERSION}) has a bug that prevents " \
@@ -24,18 +24,10 @@ if Gem.rubygems_version < Gem::Version.new("3.2.3") && Gem.ruby_version < Gem::V
     "and silence this warning by running `gem update --system 3.2.3`"
 end
 
-if File.exist?(base_path)
-  require_relative "../lib/bundler/friendly_errors"
-else
-  require "bundler/friendly_errors"
-end
+require "bundler/friendly_errors"
 
 Bundler.with_friendly_errors do
-  if File.exist?(base_path)
-    require_relative "../lib/bundler/cli"
-  else
-    require "bundler/cli"
-  end
+  require "bundler/cli"
 
   # Allow any command to use --help flag to show help for that command
   help_flags = %w[--help -h]

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-03-27".freeze
-    @git_commit_sha = "7ffdec80d0".freeze
+    @built_at = "2023-06-29".freeze
+    @git_commit_sha = "702f922bf2".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/definition.rb

@@ -76,8 +76,11 @@ module Bundler
 
       @lockfile               = lockfile
       @lockfile_contents      = String.new
+
       @locked_bundler_version = nil
-      @locked_ruby_version    = nil
+      @resolved_bundler_version = nil
+
+      @locked_ruby_version = nil
       @new_platform = nil
       @removed_platform = nil
 
@@ -146,7 +149,7 @@ module Bundler
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
 
-      @incomplete_lockfile = check_missing_lockfile_specs
+      @missing_lockfile_dep = check_missing_lockfile_dep
     end
 
     def gem_version_promoter
@@ -217,6 +220,7 @@ module Bundler
     rescue BundlerError => e
       @resolve = nil
       @resolver = nil
+      @resolution_packages = nil
       @specs = nil
       @gem_version_promoter = nil
 
@@ -233,6 +237,14 @@ module Bundler
     end
 
     def current_dependencies
+      filter_relevant(dependencies)
+    end
+
+    def current_locked_dependencies
+      filter_relevant(locked_dependencies)
+    end
+
+    def filter_relevant(dependencies)
       dependencies.select do |d|
         d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
       end
@@ -272,7 +284,7 @@ module Bundler
       @resolve ||= if Bundler.frozen_bundle?
         Bundler.ui.debug "Frozen, using resolution from the lockfile"
         @locked_specs
-      elsif !unlocking? && nothing_changed?
+      elsif no_resolve_needed?
         if deleted_deps.any?
           Bundler.ui.debug "Some dependencies were deleted, using a subset of the resolution from the lockfile"
           SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps))
@@ -309,7 +321,7 @@ module Bundler
 
       if @locked_bundler_version
         locked_major = @locked_bundler_version.segments.first
-        current_major = Bundler.gem_version.segments.first
+        current_major = bundler_version_to_lock.segments.first
 
         updating_major = locked_major < current_major
       end
@@ -349,27 +361,16 @@ module Bundler
       end
     end
 
+    def bundler_version_to_lock
+      @resolved_bundler_version || Bundler.gem_version
+    end
+
     def to_lock
       require_relative "lockfile_generator"
       LockfileGenerator.generate(self)
     end
 
     def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
-      msg = String.new
-      msg << "You are trying to install in deployment mode after changing\n" \
-             "your Gemfile. Run `bundle install` elsewhere and add the\n" \
-             "updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control."
-
-      unless explicit_flag
-        suggested_command = if Bundler.settings.locations("frozen").keys.&([:global, :local]).any?
-          "bundle config unset frozen"
-        elsif Bundler.settings.locations("deployment").keys.&([:global, :local]).any?
-          "bundle config unset deployment"
-        end
-        msg << "\n\nIf this is a development machine, remove the #{Bundler.default_gemfile} " \
-               "freeze \nby running `#{suggested_command}`." if suggested_command
-      end
-
       added =   []
       deleted = []
       changed = []
@@ -383,13 +384,8 @@ module Bundler
       deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any?
 
       both_sources = Hash.new {|h, k| h[k] = [] }
-      @dependencies.each {|d| both_sources[d.name][0] = d }
-
-      locked_dependencies.each do |d|
-        next if !Bundler.feature_flag.bundler_3_mode? && @locked_specs[d.name].empty?
-
-        both_sources[d.name][1] = d
-      end
+      current_dependencies.each {|d| both_sources[d.name][0] = d }
+      current_locked_dependencies.each {|d| both_sources[d.name][1] = d }
 
       both_sources.each do |name, (dep, lock_dep)|
         next if dep.nil? || lock_dep.nil?
@@ -404,11 +400,20 @@ module Bundler
       end
 
       reason = change_reason
-      msg << "\n\n#{reason.split(", ").map(&:capitalize).join("\n")}" unless reason.strip.empty?
+      msg = String.new
+      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n"
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control.\n"
+
+      unless explicit_flag
+        suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
+          "bundle config set frozen false"
+        end
+        msg << "If this is a development machine, remove the #{Bundler.default_gemfile.relative_path_from(SharedHelpers.pwd)} " \
+               "freeze by running `#{suggested_command}`." if suggested_command
+      end
 
       raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed?
     end
@@ -473,7 +478,11 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@incomplete_lockfile
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@missing_lockfile_dep && !@unlocking_bundler
+    end
+
+    def no_resolve_needed?
+      !unlocking? && nothing_changed?
     end
 
     def unlocking?
@@ -487,7 +496,14 @@ module Bundler
     end
 
     def expanded_dependencies
-      dependencies + metadata_dependencies
+      dependencies_with_bundler + metadata_dependencies
+    end
+
+    def dependencies_with_bundler
+      return dependencies unless @unlocking_bundler
+      return dependencies if dependencies.map(&:name).include?("bundler")
+
+      [Dependency.new("bundler", @unlocking_bundler)] + dependencies
     end
 
     def resolution_packages
@@ -553,6 +569,8 @@ module Bundler
     def start_resolution
       result = resolver.start
 
+      @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+
       SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
     end
 
@@ -610,7 +628,8 @@ module Bundler
         [@new_platform, "you added a new platform to your gemfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@incomplete_lockfile, "your lock file is missing some gems"],
+        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -665,12 +684,24 @@ module Bundler
       !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
     end
 
-    def check_missing_lockfile_specs
+    def check_missing_lockfile_dep
       all_locked_specs = @locked_specs.map(&:name) << "bundler"
 
-      @locked_specs.any? do |s|
+      missing = @locked_specs.select do |s|
         s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
       end
+
+      if missing.any?
+        @locked_specs.delete(missing)
+
+        return missing.first.name
+      end
+
+      return if @dependency_changes
+
+      current_dependencies.find do |d|
+        @locked_specs[d.name].empty?
+      end&.name
     end
 
     def converge_paths
@@ -854,8 +885,16 @@ module Bundler
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:default_bundler] = source_requirements["bundler"] || sources.default_source
-      source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+
+      default_bundler_source = source_requirements["bundler"] || sources.default_source
+
+      if @unlocking_bundler
+        default_bundler_source.add_dependency_names("bundler")
+      else
+        source_requirements[:default_bundler] = default_bundler_source
+        source_requirements["bundler"] = sources.metadata_source # needs to come last to override
+      end
+
       verify_changed_sources!
       source_requirements
     end
@@ -878,7 +917,8 @@ module Bundler
       if preserve_unknown_sections
         sections_to_ignore = LockfileParser.sections_to_ignore(@locked_bundler_version)
         sections_to_ignore += LockfileParser.unknown_sections_in_lockfile(current)
-        sections_to_ignore += LockfileParser::ENVIRONMENT_VERSION_SECTIONS
+        sections_to_ignore << LockfileParser::RUBY
+        sections_to_ignore << LockfileParser::BUNDLED unless @unlocking_bundler
         pattern = /#{Regexp.union(sections_to_ignore)}\n(\s{2,}.*\n)+/
         whitespace_cleanup = /\n{2,}/
         current = current.gsub(pattern, "\n").gsub(whitespace_cleanup, "\n\n").strip

data/bundler/lib/bundler/gem_version_promoter.rb

@@ -93,7 +93,7 @@ module Bundler
       locked_version = package.locked_version
 
       result = specs.sort do |a, b|
-        unless locked_version && (package.prerelease_specified? || pre?)
+        unless package.prerelease_specified? || pre?
           a_pre = a.prerelease?
           b_pre = b.prerelease?
 

data/bundler/lib/bundler/installer.rb

@@ -90,7 +90,7 @@ module Bundler
 
         Gem::Specification.reset # invalidate gem specification cache so that installed gems are immediately available
 
-        lock unless Bundler.frozen_bundle?
+        lock
         Standalone.new(options[:standalone], @definition).generate if options[:standalone]
       end
     end

data/bundler/lib/bundler/lazy_specification.rb

@@ -122,7 +122,7 @@ module Bundler
     end
 
     def to_s
-      @__to_s ||= if platform == Gem::Platform::RUBY
+      @to_s ||= if platform == Gem::Platform::RUBY
         "#{name} (#{version})"
       else
         "#{name} (#{version}-#{platform})"

data/bundler/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,7 @@ module Bundler
     end
 
     def add_bundled_with
-      add_section("BUNDLED WITH", Bundler::VERSION)
+      add_section("BUNDLED WITH", definition.bundler_version_to_lock.to_s)
     end
 
     def add_section(name, value)

data/bundler/lib/bundler/lockfile_parser.rb

@@ -26,6 +26,7 @@ module Bundler
     KNOWN_SECTIONS = SECTIONS_BY_VERSION_INTRODUCED.values.flatten.freeze
 
     ENVIRONMENT_VERSION_SECTIONS = [BUNDLED, RUBY].freeze
+    deprecate_constant(:ENVIRONMENT_VERSION_SECTIONS)
 
     def self.sections_in_lockfile(lockfile_contents)
       lockfile_contents.scan(/^\w[\w ]*$/).uniq

data/bundler/lib/bundler/man/bundle-cache.1

@@ -13,7 +13,7 @@
 alias: \fBpackage\fR, \fBpack\fR
 .
 .SH "DESCRIPTION"
-Copy all of the \fB\.gem\fR files needed to run the application into the \fBvendor/cache\fR directory\. In the future, when running [bundle install(1)][bundle\-install], use the gems in the cache in preference to the ones on \fBrubygems\.org\fR\.
+Copy all of the \fB\.gem\fR files needed to run the application into the \fBvendor/cache\fR directory\. In the future, when running \fBbundle install(1)\fR \fIbundle\-install\.1\.html\fR, use the gems in the cache in preference to the ones on \fBrubygems\.org\fR\.
 .
 .SH "GIT AND PATH GEMS"
 The \fBbundle cache\fR command can also package \fB:git\fR and \fB:path\fR dependencies besides \.gem files\. This needs to be explicitly enabled via the \fB\-\-all\fR option\. Once used, the \fB\-\-all\fR option will be remembered\.
@@ -22,7 +22,7 @@ The \fBbundle cache\fR command can also package \fB:git\fR and \fB:path\fR depen
 When using gems that have different packages for different platforms, Bundler supports caching of gems for other platforms where the Gemfile has been resolved (i\.e\. present in the lockfile) in \fBvendor/cache\fR\. This needs to be enabled via the \fB\-\-all\-platforms\fR option\. This setting will be remembered in your local bundler configuration\.
 .
 .SH "REMOTE FETCHING"
-By default, if you run \fBbundle install(1)\fR](bundle\-install\.1\.html) after running bundle cache(1) \fIbundle\-cache\.1\.html\fR, bundler will still connect to \fBrubygems\.org\fR to check whether a platform\-specific gem exists for any of the gems in \fBvendor/cache\fR\.
+By default, if you run \fBbundle install(1)\fR \fIbundle\-install\.1\.html\fR after running bundle cache(1) \fIbundle\-cache\.1\.html\fR, bundler will still connect to \fBrubygems\.org\fR to check whether a platform\-specific gem exists for any of the gems in \fBvendor/cache\fR\.
 .
 .P
 For instance, consider this Gemfile(5):

data/bundler/lib/bundler/man/bundle-cache.1.ronn

@@ -10,7 +10,7 @@ alias: `package`, `pack`
 ## DESCRIPTION
 
 Copy all of the `.gem` files needed to run the application into the
-`vendor/cache` directory. In the future, when running [bundle install(1)][bundle-install],
+`vendor/cache` directory. In the future, when running [`bundle install(1)`](bundle-install.1.html),
 use the gems in the cache in preference to the ones on `rubygems.org`.
 
 ## GIT AND PATH GEMS
@@ -29,7 +29,7 @@ bundler configuration.
 
 ## REMOTE FETCHING
 
-By default, if you run `bundle install(1)`](bundle-install.1.html) after running
+By default, if you run [`bundle install(1)`](bundle-install.1.html) after running
 [bundle cache(1)](bundle-cache.1.html), bundler will still connect to `rubygems.org`
 to check whether a platform-specific gem exists for any of the gems
 in `vendor/cache`.

data/bundler/lib/bundler/resolver/base.rb

@@ -35,9 +35,7 @@ module Bundler
       end
 
       def delete(specs)
-        specs.each do |spec|
-          @base.delete(spec)
-        end
+        @base.delete(specs)
       end
 
       def get_package(name)

data/bundler/lib/bundler/resolver.rb

@@ -160,7 +160,7 @@ module Bundler
       constraint_string = constraint.constraint_string
       requirements = constraint_string.split(" OR ").map {|req| Gem::Requirement.new(req.split(",")) }
 
-      if name == "bundler"
+      if name == "bundler" && bundler_pinned_to_current_version?
         custom_explanation = "the current Bundler version (#{Bundler::VERSION}) does not satisfy #{constraint}"
         extended_explanation = bundler_not_found_message(requirements)
       else
@@ -230,6 +230,12 @@ module Bundler
     def all_versions_for(package)
       name = package.name
       results = (@base[name] + filter_prereleases(@all_specs[name], package)).uniq {|spec| [spec.version.hash, spec.platform] }
+
+      if name == "bundler" && !bundler_pinned_to_current_version?
+        bundler_spec = Gem.loaded_specs["bundler"]
+        results << bundler_spec if bundler_spec
+      end
+
       locked_requirement = base_requirements[name]
       results = filter_matching_specs(results, locked_requirement) if locked_requirement
 
@@ -254,6 +260,14 @@ module Bundler
       @source_requirements[name] || @source_requirements[:default]
     end
 
+    def default_bundler_source
+      @source_requirements[:default_bundler]
+    end
+
+    def bundler_pinned_to_current_version?
+      !default_bundler_source.nil?
+    end
+
     def name_for_explicit_dependency_source
       Bundler.default_gemfile.basename.to_s
     rescue StandardError
@@ -398,7 +412,7 @@ module Bundler
     end
 
     def bundler_not_found_message(conflict_dependencies)
-      candidate_specs = filter_matching_specs(source_for(:default_bundler).specs.search("bundler"), conflict_dependencies)
+      candidate_specs = filter_matching_specs(default_bundler_source.specs.search("bundler"), conflict_dependencies)
 
       if candidate_specs.any?
         target_version = candidate_specs.last.version

data/bundler/lib/bundler/ruby_version.rb

@@ -107,7 +107,7 @@ module Bundler
       ruby_engine_version = RUBY_ENGINE == "ruby" ? ruby_version : RUBY_ENGINE_VERSION.dup
       patchlevel = RUBY_PATCHLEVEL.to_s
 
-      @ruby_version ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
+      @system ||= RubyVersion.new(ruby_version, patchlevel, ruby_engine, ruby_engine_version)
     end
 
     private

data/bundler/lib/bundler/rubygems_ext.rb

@@ -66,7 +66,9 @@ module Gem
 
     alias_method :rg_extension_dir, :extension_dir
     def extension_dir
-      @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name)
+      # following instance variable is already used in original method
+      # and that is the reason to prefix it with bundler_ and add rubocop exception
+      @bundler_extension_dir ||= if source.respond_to?(:extension_dir_name) # rubocop:disable Naming/MemoizedInstanceVariableName
         unique_extension_dir = [source.extension_dir_name, File.basename(full_gem_path)].uniq.join("-")
         File.expand_path(File.join(extensions_dir, unique_extension_dir))
       else
@@ -203,9 +205,9 @@ module Gem
         protected
 
         def _requirements_sorted?
-          return @_are_requirements_sorted if defined?(@_are_requirements_sorted)
+          return @_requirements_sorted if defined?(@_requirements_sorted)
           strings = as_list
-          @_are_requirements_sorted = strings == strings.sort
+          @_requirements_sorted = strings == strings.sort
         end
 
         def _with_sorted_requirements

data/bundler/lib/bundler/runtime.rb

@@ -94,7 +94,7 @@ module Bundler
     definition_method :requires
 
     def lock(opts = {})
-      return if @definition.nothing_changed? && !@definition.unlocking?
+      return if @definition.no_resolve_needed?
       @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
     end