rubygems-update 3.4.20 → 3.4.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d7e2796bcbea4d90f69fc8e0b49f30ff512777fd1f72bfcace6618e01505a24
-  data.tar.gz: 1921651535aec5214a2504f28c7b62b405e75b15f01130753543e059bbe3f4e0
+  metadata.gz: d9b782e56366a59b623c07b32c0904f4513142800144c6696a711662e263eaff
+  data.tar.gz: b68d46e9eb675529b261a94fa642da2796cf72079d3b913efb4111ea869ef1c0
 SHA512:
-  metadata.gz: a8897e246b67854308c5bafd93f42d03bdc3290c63a1dc1c2d706aff9694c393059de946d75fd49c29a1db4d16fe317c6e418e1c93166e000c6a30635166d47f
-  data.tar.gz: 479607e63ac5901ed8b904e0502fd26bb671d2700a5343a812e9120cfabfa08d199ce4098ebce337ab47df09cb4fb1e644a850b361467fd40c2d8242e2e6d566
+  metadata.gz: f9c8dd30ce9c75aae03adb7d5aa98e717d11aaa3ea97dc0a02229c8ee9ad59c39300270b31557bcc8bee2b8a6cd5037aa5a50484ca6e352cc764d6cedd6bc34b
+  data.tar.gz: 5ecf50108472f52df50b05e05fc57ddf8bfc65c526e9ffd7e3623b0fd63d1d1714097617356b652d06f0bc7ee354a6b9a8b65b7856e0d1cdb2951407b16fb36d

data/CHANGELOG.md

@@ -1,3 +1,58 @@
+# 3.4.22 / 2023-11-09
+
+## Enhancements:
+
+* Update SPDX license list as of 2023-10-05. Pull request
+  [#7040](https://github.com/rubygems/rubygems/pull/7040) by
+  github-actions[bot]
+* Remove unnecessary rescue. Pull request
+  [#7109](https://github.com/rubygems/rubygems/pull/7109) by
+  deivid-rodriguez
+* Installs bundler 2.4.22 as a default gem.
+
+## Bug fixes:
+
+* Handle empty array at built-in YAML serializer. Pull request
+  [#7099](https://github.com/rubygems/rubygems/pull/7099) by hsbt
+* Ignore non-tar format `.gem` files during search. Pull request
+  [#7095](https://github.com/rubygems/rubygems/pull/7095) by dearblue
+* Allow explicitly uninstalling multiple versions of same gem. Pull
+  request [#7063](https://github.com/rubygems/rubygems/pull/7063) by
+  kstevens715
+
+## Performance:
+
+* Avoid regexp match on every call to `Gem::Platform.local`. Pull request
+  [#7104](https://github.com/rubygems/rubygems/pull/7104) by segiddins
+
+## Documentation:
+
+* Get `Gem::Specification#extensions_dir` documented. Pull request
+  [#6218](https://github.com/rubygems/rubygems/pull/6218) by
+  deivid-rodriguez
+
+# 3.4.21 / 2023-10-17
+
+## Enhancements:
+
+* Abort `setup.rb` if Ruby is too old. Pull request
+  [#7011](https://github.com/rubygems/rubygems/pull/7011) by
+  deivid-rodriguez
+* Remove usage of Dir.chdir that only execute a subprocess. Pull request
+  [#6930](https://github.com/rubygems/rubygems/pull/6930) by segiddins
+* Freeze more strings in generated gemspecs. Pull request
+  [#6974](https://github.com/rubygems/rubygems/pull/6974) by segiddins
+* Use pure-ruby YAML parser for loading configuration at RubyGems. Pull
+  request [#6615](https://github.com/rubygems/rubygems/pull/6615) by hsbt
+* Installs bundler 2.4.21 as a default gem.
+
+## Documentation:
+
+* Update suggested variable for bindir. Pull request
+  [#7028](https://github.com/rubygems/rubygems/pull/7028) by hsbt
+* Fix invalid links in documentation. Pull request
+  [#7008](https://github.com/rubygems/rubygems/pull/7008) by simi
+
 # 3.4.20 / 2023-09-27
 
 ## Enhancements:

data/Manifest.txt

@@ -302,7 +302,12 @@ bundler/lib/bundler/vendor/thor/lib/thor/runner.rb
 bundler/lib/bundler/vendor/thor/lib/thor/shell.rb
 bundler/lib/bundler/vendor/thor/lib/thor/shell/basic.rb
 bundler/lib/bundler/vendor/thor/lib/thor/shell/color.rb
+bundler/lib/bundler/vendor/thor/lib/thor/shell/column_printer.rb
 bundler/lib/bundler/vendor/thor/lib/thor/shell/html.rb
+bundler/lib/bundler/vendor/thor/lib/thor/shell/lcs_diff.rb
+bundler/lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb
+bundler/lib/bundler/vendor/thor/lib/thor/shell/terminal.rb
+bundler/lib/bundler/vendor/thor/lib/thor/shell/wrapped_printer.rb
 bundler/lib/bundler/vendor/thor/lib/thor/util.rb
 bundler/lib/bundler/vendor/thor/lib/thor/version.rb
 bundler/lib/bundler/vendor/tsort/LICENSE.txt
@@ -545,6 +550,7 @@ lib/rubygems/util/list.rb
 lib/rubygems/validator.rb
 lib/rubygems/version.rb
 lib/rubygems/version_option.rb
+lib/rubygems/yaml_serializer.rb
 rubygems-update.gemspec
 setup.rb
 test/rubygems/alternate_cert.pem

data/bundler/CHANGELOG.md

@@ -1,3 +1,56 @@
+# 2.4.22 (November 9, 2023)
+
+## Enhancements:
+
+  - Add Bundler::Plugin.loaded? helper [#6964](https://github.com/rubygems/rubygems/pull/6964)
+  - Give better error when previous installation folder is insecure to remove [#7030](https://github.com/rubygems/rubygems/pull/7030)
+  - Set file path when eval-ing local specification in EndpointSpecification [#7106](https://github.com/rubygems/rubygems/pull/7106)
+  - Git ignore the proper files for the CI service selected for `bundle gem` [#7101](https://github.com/rubygems/rubygems/pull/7101)
+  - Update vendored thor to v1.3.0 [#7078](https://github.com/rubygems/rubygems/pull/7078)
+  - Restore using old way of passing Ruby version to resolver [#7066](https://github.com/rubygems/rubygems/pull/7066)
+  - Bump vendored net-http-persistent to 4.0.2 [#6787](https://github.com/rubygems/rubygems/pull/6787)
+
+## Bug fixes:
+
+  - Fix regression when installing native extensions on universal rubies [#7077](https://github.com/rubygems/rubygems/pull/7077)
+  - Only remove bundler plugin gem when it's inside the cache [#7001](https://github.com/rubygems/rubygems/pull/7001)
+  - Don't show bug report template when GEM_HOME has no writable bit [#7113](https://github.com/rubygems/rubygems/pull/7113)
+  - Fix regression in old git versions [#7114](https://github.com/rubygems/rubygems/pull/7114)
+  - Handle empty array at built-in YAML serializer [#7099](https://github.com/rubygems/rubygems/pull/7099)
+  - Fix force_ruby_platform: when the lockfile only locks the ruby platform [#6936](https://github.com/rubygems/rubygems/pull/6936)
+
+# 2.4.21 (October 17, 2023)
+
+## Enhancements:
+
+  - Avoid duplicates -rbundler/setup in RUBYOPT with Ruby preview [#7002](https://github.com/rubygems/rubygems/pull/7002)
+  - Prevent gem activation in standalone mode [#6925](https://github.com/rubygems/rubygems/pull/6925)
+  - Support Ruby's preview version format (Ex: 3.3.0-preview2) in Gemfile [#7016](https://github.com/rubygems/rubygems/pull/7016)
+  - Fix `bundle install` when older revisions of git source [#6980](https://github.com/rubygems/rubygems/pull/6980)
+  - Remove usage of Dir.chdir that only execute a subprocess [#6930](https://github.com/rubygems/rubygems/pull/6930)
+
+## Bug fixes:
+
+  - Don't delete the release version from pre-release string more than once [#7054](https://github.com/rubygems/rubygems/pull/7054)
+  - Make the `lock` command not be affected by the `frozen` setting [#7034](https://github.com/rubygems/rubygems/pull/7034)
+  - Raise an error when adding a gem incompatible with some locked platform [#7035](https://github.com/rubygems/rubygems/pull/7035)
+  - Re-resolve when lockfile is invalid [#7020](https://github.com/rubygems/rubygems/pull/7020)
+  - Don't re-resolve with prereleases if unlocked gem has no prereleases [#7021](https://github.com/rubygems/rubygems/pull/7021)
+  - Include gemspec in ExtensionTask for native gem tasks [#7015](https://github.com/rubygems/rubygems/pull/7015)
+  - Avoid error reporting relative path when validating frozen [#5128](https://github.com/rubygems/rubygems/pull/5128)
+  - Fix `bundle lock --minor --update <dep>` edge case [#6992](https://github.com/rubygems/rubygems/pull/6992)
+  - Stop bundler eagerly loading all specs with exts [#6945](https://github.com/rubygems/rubygems/pull/6945)
+
+## Performance:
+
+  - Reduce allocations when parsing lockfile [#6976](https://github.com/rubygems/rubygems/pull/6976)
+  - Stop allocating the same settings keys repeatedly [#6963](https://github.com/rubygems/rubygems/pull/6963)
+
+## Documentation:
+
+  - Improve formatting and global source information in `bundle plugin` man page [#7045](https://github.com/rubygems/rubygems/pull/7045)
+  - Update man page of `bundle exec` to reflect default true of flag `--keep-file-descriptors` [#7033](https://github.com/rubygems/rubygems/pull/7033)
+
 # 2.4.20 (September 27, 2023)
 
 ## Enhancements:
@@ -21,7 +74,6 @@
 
   - Lazily construct fetcher debug messages [#6973](https://github.com/rubygems/rubygems/pull/6973)
   - Avoid allocating empty hashes in Index [#6962](https://github.com/rubygems/rubygems/pull/6962)
-  - Stop allocating the same settings keys repeatedly [#6963](https://github.com/rubygems/rubygems/pull/6963)
   - Improve `Bundler::Index` efficiency by removing unnecessary creation and dups [#6931](https://github.com/rubygems/rubygems/pull/6931)
   - (Further) Improve Bundler::Settings#[] performance and memory usage [#6923](https://github.com/rubygems/rubygems/pull/6923)
   - Don't use full indexes unnecessarily on legacy Gemfiles [#6916](https://github.com/rubygems/rubygems/pull/6916)
@@ -2182,7 +2234,7 @@ Changes
 
   - retry gem downloads ([#4846](https://github.com/rubygems/bundler/issues/4846), @jkeiser)
   - improve the CompactIndex to handle capitalized legacy gems ([#4867](https://github.com/rubygems/bundler/issues/4867), @segiddins)
-  - re-use persistent HTTP connections for CompactIndex (@NickLaMuro)
+  - reuse persistent HTTP connections for CompactIndex (@NickLaMuro)
   - respect `required_ruby_version` when Gemfile contains `ruby` version (@indirect)
   - allow `rake release` to sign git tags ([#4743](https://github.com/rubygems/bundler/issues/4743), @eagletmt)
   - set process titles when using `#load` during `exec` (@yob)
@@ -3378,7 +3430,7 @@ Changes
   - `gem` option --test can generate rspec stubs (@MafcoCinco)
   - `gem` option --test can generate minitest stubs (@kcurtin)
   - `gem` command generates MIT license (@BrentWheeldon)
-  - gem rake task 'release' resuses existing tags (@shtirlic)
+  - gem rake task 'release' reuses existing tags (@shtirlic)
 
 ## Bug fixes:
 

data/bundler/README.md

@@ -1,5 +1,4 @@
 [![Version ](https://img.shields.io/gem/v/bundler.svg?style=flat)](https://rubygems.org/gems/bundler)
-[![Slack   ](https://bundler-slackin.herokuapp.com/badge.svg)](https://bundler-slackin.herokuapp.com)
 
 # Bundler: a gem to bundle gems
 
@@ -38,7 +37,7 @@ Still stuck? Try [filing an issue](https://github.com/rubygems/rubygems/issues/n
 
 To see what has changed in recent versions of Bundler, see the [CHANGELOG](CHANGELOG.md).
 
-To get in touch with the Bundler core team and other Bundler users, please join [the Bundler slack](https://slack.bundler.io).
+To get in touch with the Bundler core team and other Bundler users, please join [the Bundler slack](https://join.slack.com/t/bundler/shared_invite/zt-1rrsuuv3m-OmXKWQf8K6iSla4~F1DBjQ).
 
 ### Contributing
 

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-09-27".freeze
-    @git_commit_sha = "de20c7e7b".freeze
+    @built_at = "2023-11-09".freeze
+    @git_commit_sha = "ec2089640".freeze
     @release = true
     # end ivars
 
@@ -31,7 +31,7 @@ module Bundler
       # commit instance variable then we can't determine its commits SHA.
       git_dir = File.expand_path("../../../.git", __dir__)
       if File.directory?(git_dir)
-        return @git_commit_sha = Dir.chdir(git_dir) { `git rev-parse --short HEAD`.strip.freeze }
+        return @git_commit_sha = IO.popen(%w[git rev-parse --short HEAD], { :chdir => git_dir }, &:read).strip.freeze
       end
 
       @git_commit_sha ||= "unknown"

data/bundler/lib/bundler/cli/check.rb

@@ -29,7 +29,7 @@ module Bundler
         Bundler.ui.warn "Install missing gems with `bundle install`"
         exit 1
       elsif !Bundler.default_lockfile.file? && Bundler.frozen_bundle?
-        Bundler.ui.error "This bundle has been frozen, but there is no #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} present"
+        Bundler.ui.error "This bundle has been frozen, but there is no #{SharedHelpers.relative_lockfile_path} present"
         exit 1
       else
         Bundler.load.lock(:preserve_unknown_sections => true) unless options[:"dry-run"]

data/bundler/lib/bundler/cli/gem.rb

@@ -137,10 +137,13 @@ module Bundler
       case config[:ci]
       when "github"
         templates.merge!("github/workflows/main.yml.tt" => ".github/workflows/main.yml")
+        config[:ci_config_path] = ".github "
       when "gitlab"
         templates.merge!("gitlab-ci.yml.tt" => ".gitlab-ci.yml")
+        config[:ci_config_path] = ".gitlab-ci.yml "
       when "circle"
         templates.merge!("circleci/config.yml.tt" => ".circleci/config.yml")
+        config[:ci_config_path] = ".circleci "
       end
 
       if ask_and_set(:mit, "Do you want to license your code permissively under the MIT license?",
@@ -233,9 +236,7 @@ module Bundler
       end
 
       if use_git
-        Dir.chdir(target) do
-          `git add .`
-        end
+        IO.popen(%w[git add .], { :chdir => target }, &:read)
       end
 
       # Open gemspec in editor

data/bundler/lib/bundler/cli/install.rb

@@ -28,8 +28,8 @@ module Bundler
           flag   = "--deployment flag" if options[:deployment]
           flag ||= "--frozen flag"     if options[:frozen]
           flag ||= "deployment setting"
-          raise ProductionError, "The #{flag} requires a #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}. Please make " \
-                                 "sure you have checked your #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} into version control " \
+          raise ProductionError, "The #{flag} requires a lockfile. Please make " \
+                                 "sure you have checked your #{SharedHelpers.relative_lockfile_path} into version control " \
                                  "before deploying."
         end
 

data/bundler/lib/bundler/cli/lock.rb

@@ -32,36 +32,39 @@ module Bundler
       elsif update && bundler
         update = { :bundler => bundler }
       end
-      definition = Bundler.definition(update)
 
-      Bundler::CLI::Common.configure_gem_version_promoter(Bundler.definition, options) if options[:update]
+      Bundler.settings.temporary(:frozen => false) do
+        definition = Bundler.definition(update)
 
-      options["remove-platform"].each do |platform|
-        definition.remove_platform(platform)
-      end
+        Bundler::CLI::Common.configure_gem_version_promoter(definition, options) if options[:update]
 
-      options["add-platform"].each do |platform_string|
-        platform = Gem::Platform.new(platform_string)
-        if platform.to_s == "unknown"
-          Bundler.ui.warn "The platform `#{platform_string}` is unknown to RubyGems " \
-            "and adding it will likely lead to resolution errors"
+        options["remove-platform"].each do |platform|
+          definition.remove_platform(platform)
         end
-        definition.add_platform(platform)
-      end
 
-      if definition.platforms.empty?
-        raise InvalidOption, "Removing all platforms from the bundle is not allowed"
-      end
+        options["add-platform"].each do |platform_string|
+          platform = Gem::Platform.new(platform_string)
+          if platform.to_s == "unknown"
+            Bundler.ui.warn "The platform `#{platform_string}` is unknown to RubyGems " \
+              "and adding it will likely lead to resolution errors"
+          end
+          definition.add_platform(platform)
+        end
 
-      definition.resolve_remotely! unless options[:local]
+        if definition.platforms.empty?
+          raise InvalidOption, "Removing all platforms from the bundle is not allowed"
+        end
+
+        definition.resolve_remotely! unless options[:local]
 
-      if print
-        puts definition.to_lock
-      else
-        file = options[:lockfile]
-        file = file ? File.expand_path(file) : Bundler.default_lockfile
-        puts "Writing lockfile to #{file}"
-        definition.lock(file)
+        if print
+          puts definition.to_lock
+        else
+          file = options[:lockfile]
+          file = file ? File.expand_path(file) : Bundler.default_lockfile
+          puts "Writing lockfile to #{file}"
+          definition.lock(file)
+        end
       end
 
       Bundler.ui.level = previous_ui_level

data/bundler/lib/bundler/cli/open.rb

@@ -18,13 +18,11 @@ module Bundler
         Bundler.ui.info "Unable to open #{name} because it's a default gem, so the directory it would normally be installed to does not exist."
       else
         root_path = spec.full_gem_path
-        Dir.chdir(root_path) do
-          require "shellwords"
-          command = Shellwords.split(editor) << File.join([root_path, path].compact)
-          Bundler.with_original_env do
-            system(*command)
-          end || Bundler.ui.info("Could not run '#{command.join(" ")}'")
-        end
+        require "shellwords"
+        command = Shellwords.split(editor) << File.join([root_path, path].compact)
+        Bundler.with_original_env do
+          system(*command, { :chdir => root_path })
+        end || Bundler.ui.info("Could not run '#{command.join(" ")}'")
       end
     end
   end

data/bundler/lib/bundler/definition.rb

@@ -149,7 +149,7 @@ module Bundler
       @dependency_changes = converge_dependencies
       @local_changes = converge_locals
 
-      @missing_lockfile_dep = check_missing_lockfile_dep
+      check_lockfile
     end
 
     def gem_version_promoter
@@ -405,13 +405,13 @@ module Bundler
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n\nRun `bundle install` elsewhere and add the updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control.\n"
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n"
 
       unless explicit_flag
         suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env)
           "bundle config set frozen false"
         end
-        msg << "If this is a development machine, remove the #{Bundler.default_gemfile.relative_path_from(SharedHelpers.pwd)} " \
+        msg << "If this is a development machine, remove the #{SharedHelpers.relative_lockfile_path} " \
                "freeze by running `#{suggested_command}`." if suggested_command
       end
 
@@ -452,8 +452,8 @@ module Bundler
       return if current_platform_locked?
 
       raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \
-        "but your local platform is #{Bundler.local_platform}. " \
-        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{Bundler.local_platform}` and try again."
+        "but your local platform is #{local_platform}. " \
+        "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again."
     end
 
     def add_platform(platform)
@@ -478,7 +478,7 @@ module Bundler
     private :sources
 
     def nothing_changed?
-      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@missing_lockfile_dep && !@unlocking_bundler
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@missing_lockfile_dep && !@unlocking_bundler && !@invalid_lockfile_dep
     end
 
     def no_resolve_needed?
@@ -509,7 +509,7 @@ module Bundler
     def resolution_packages
       @resolution_packages ||= begin
         last_resolve = converge_locked_specs
-        remove_ruby_from_platforms_if_necessary!(current_dependencies)
+        remove_invalid_platforms!(current_dependencies)
         packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, :locked_specs => @originally_locked_specs, :unlock => @unlock[:gems], :prerelease => gem_version_promoter.pre?)
         additional_base_requirements_for_resolve(packages, last_resolve)
       end
@@ -600,7 +600,7 @@ module Bundler
 
     def current_platform_locked?
       @platforms.any? do |bundle_platform|
-        MatchPlatform.platforms_match?(bundle_platform, Bundler.local_platform)
+        MatchPlatform.platforms_match?(bundle_platform, local_platform)
       end
     end
 
@@ -630,6 +630,7 @@ module Bundler
         [@local_changes, "the gemspecs for git local gems changed"],
         [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
+        [@invalid_lockfile_dep, "your lock file has an invalid dependency \"#{@invalid_lockfile_dep}\""],
       ].select(&:first).map(&:last).join(", ")
     end
 
@@ -684,24 +685,38 @@ module Bundler
       !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty?
     end
 
-    def check_missing_lockfile_dep
-      all_locked_specs = @locked_specs.map(&:name) << "bundler"
+    def check_lockfile
+      @invalid_lockfile_dep = nil
+      @missing_lockfile_dep = nil
 
-      missing = @locked_specs.select do |s|
-        s.dependencies.any? {|dep| !all_locked_specs.include?(dep.name) }
+      locked_names = @locked_specs.map(&:name)
+      missing = []
+      invalid = []
+
+      @locked_specs.each do |s|
+        s.dependencies.each do |dep|
+          next if dep.name == "bundler"
+
+          missing << s unless locked_names.include?(dep.name)
+          invalid << s if @locked_specs.none? {|spec| dep.matches_spec?(spec) }
+        end
       end
 
       if missing.any?
         @locked_specs.delete(missing)
 
-        return missing.first.name
+        @missing_lockfile_dep = missing.first.name
+      elsif !@dependency_changes
+        @missing_lockfile_dep = current_dependencies.find do |d|
+          @locked_specs[d.name].empty? && d.name != "bundler"
+        end&.name
       end
 
-      return if @dependency_changes
+      if invalid.any?
+        @locked_specs.delete(invalid)
 
-      current_dependencies.find do |d|
-        @locked_specs[d.name].empty? && d.name != "bundler"
-      end&.name
+        @invalid_lockfile_dep = invalid.first.name
+      end
     end
 
     def converge_paths
@@ -866,7 +881,7 @@ module Bundler
 
     def metadata_dependencies
       @metadata_dependencies ||= [
-        Dependency.new("Ruby\0", Gem.ruby_version),
+        Dependency.new("Ruby\0", Bundler::RubyVersion.system.gem_version),
         Dependency.new("RubyGems\0", Gem::VERSION),
       ]
     end
@@ -941,17 +956,19 @@ module Bundler
       resolution_packages
     end
 
-    def remove_ruby_from_platforms_if_necessary!(dependencies)
-      return if Bundler.frozen_bundle? ||
-                Bundler.local_platform == Gem::Platform::RUBY ||
-                !platforms.include?(Gem::Platform::RUBY) ||
-                (@new_platform && platforms.last == Gem::Platform::RUBY) ||
+    def remove_invalid_platforms!(dependencies)
+      return if Bundler.frozen_bundle?
+
+      platforms.each do |platform|
+        next if local_platform == platform ||
+                (@new_platform && platforms.last == platform) ||
                 @path_changes ||
                 @dependency_changes ||
-                !@originally_locked_specs.incomplete_ruby_specs?(dependencies)
+                !@originally_locked_specs.incomplete_for_platform?(dependencies, platform)
 
-      remove_platform(Gem::Platform::RUBY)
-      add_current_platform
+        remove_platform(platform)
+        add_current_platform if platform == Gem::Platform::RUBY
+      end
     end
 
     def source_map

data/bundler/lib/bundler/endpoint_specification.rb

@@ -94,7 +94,7 @@ module Bundler
 
     def _local_specification
       return unless @loaded_from && File.exist?(local_specification_path)
-      eval(File.read(local_specification_path)).tap do |spec|
+      eval(File.read(local_specification_path), nil, local_specification_path).tap do |spec|
         spec.loaded_from = @loaded_from
       end
     end

data/bundler/lib/bundler/env.rb

@@ -40,11 +40,11 @@ module Bundler
 
         out << "\n## Gemfile\n"
         gemfiles.each do |gemfile|
-          out << "\n### #{Pathname.new(gemfile).relative_path_from(SharedHelpers.pwd)}\n\n"
+          out << "\n### #{SharedHelpers.relative_path_to(gemfile)}\n\n"
           out << "```ruby\n" << read_file(gemfile).chomp << "\n```\n"
         end
 
-        out << "\n### #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}\n\n"
+        out << "\n### #{SharedHelpers.relative_path_to(Bundler.default_lockfile)}\n\n"
         out << "```\n" << read_file(Bundler.default_lockfile).chomp << "\n```\n"
       end
 

data/bundler/lib/bundler/errors.rb

@@ -172,4 +172,19 @@ module Bundler
 
     status_code(36)
   end
+
+  class InsecureInstallPathError < BundlerError
+    def initialize(path)
+      @path = path
+    end
+
+    def message
+      "The installation path is insecure. Bundler cannot continue.\n" \
+      "#{@path} is world-writable (without sticky bit).\n" \
+      "Bundler cannot safely replace gems in world-writeable directories due to potential vulnerabilities.\n" \
+      "Please change the permissions of this directory or choose a different install path."
+    end
+
+    status_code(38)
+  end
 end

data/bundler/lib/bundler/gem_helpers.rb

@@ -48,6 +48,13 @@ module Bundler
     end
     module_function :select_best_platform_match
 
+    def force_ruby_platform(specs)
+      matching = specs.select {|spec| spec.match_platform(Gem::Platform::RUBY) && spec.force_ruby_platform! }
+
+      sort_best_platform_match(matching, Gem::Platform::RUBY)
+    end
+    module_function :force_ruby_platform
+
     def sort_best_platform_match(matching, platform)
       exact = matching.select {|spec| spec.platform == platform }
       return exact if exact.any?

data/bundler/lib/bundler/gem_version_promoter.rb

@@ -101,7 +101,7 @@ module Bundler
           next  1 if b_pre && !a_pre
         end
 
-        if major?
+        if major? || locked_version.nil?
           a <=> b
         elsif either_version_older_than_locked?(a, b, locked_version)
           a <=> b
@@ -117,7 +117,7 @@ module Bundler
     end
 
     def either_version_older_than_locked?(a, b, locked_version)
-      locked_version && (a.version < locked_version || b.version < locked_version)
+      a.version < locked_version || b.version < locked_version
     end
 
     def segments_do_not_match?(a, b, level)

data/bundler/lib/bundler/injector.rb

@@ -86,7 +86,7 @@ module Bundler
       segments = version.segments
       seg_end_index = version >= Gem::Version.new("1.0") ? 1 : 2
 
-      prerelease_suffix = version.to_s.gsub(version.release.to_s, "") if version.prerelease?
+      prerelease_suffix = version.to_s.delete_prefix(version.release.to_s) if version.prerelease?
       "#{version_prefix}#{segments[0..seg_end_index].join(".")}#{prerelease_suffix}"
     end
 

data/bundler/lib/bundler/installer/gem_installer.rb

@@ -16,13 +16,13 @@ module Bundler
       post_install_message = install
       Bundler.ui.debug "#{worker}:  #{spec.name} (#{spec.version}) from #{spec.loaded_from}"
       generate_executable_stubs
-      return true, post_install_message
-    rescue Bundler::InstallHookError, Bundler::SecurityError, Bundler::APIResponseMismatchError
+      [true, post_install_message]
+    rescue Bundler::InstallHookError, Bundler::SecurityError, Bundler::APIResponseMismatchError, Bundler::InsecureInstallPathError
       raise
     rescue Errno::ENOSPC
-      return false, out_of_space_message
-    rescue Bundler::BundlerError, Gem::InstallError, Bundler::APIResponseInvalidDependenciesError => e
-      return false, specific_failure_message(e)
+      [false, out_of_space_message]
+    rescue Bundler::BundlerError, Gem::InstallError => e
+      [false, specific_failure_message(e)]
     end
 
     private

data/bundler/lib/bundler/installer/parallel_installer.rb

@@ -91,38 +91,12 @@ module Bundler
         install_serially
       end
 
-      check_for_unmet_dependencies
-
       handle_error if failed_specs.any?
       @specs
     ensure
       worker_pool&.stop
     end
 
-    def check_for_unmet_dependencies
-      unmet_dependencies = @specs.map do |s|
-        [
-          s,
-          s.dependencies.reject {|dep| @specs.any? {|spec| dep.matches_spec?(spec.spec) } },
-        ]
-      end.reject {|a| a.last.empty? }
-      return if unmet_dependencies.empty?
-
-      warning = []
-      warning << "Your lockfile doesn't include a valid resolution."
-      warning << "You can fix this by regenerating your lockfile or manually editing the bad locked gems to a version that satisfies all dependencies."
-      warning << "The unmet dependencies are:"
-
-      unmet_dependencies.each do |spec, unmet_spec_dependencies|
-        unmet_spec_dependencies.each do |unmet_spec_dependency|
-          found = @specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }
-          warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
-        end
-      end
-
-      Bundler.ui.warn(warning.join("\n"))
-    end
-
     private
 
     def failed_specs