RubyGems - rubygems-update - Versions diffs - 3.4.22 → 3.5.0 - Mend

rubygems-update 3.4.22 → 3.5.0

Files changed (528) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +99 -2
data/Manifest.txt +34 -221
data/README.md +1 -3
data/bundler/CHANGELOG.md +53 -0
data/bundler/bundler.gemspec +4 -2
data/bundler/exe/bundle +1 -10
data/bundler/lib/bundler/build_metadata.rb +3 -3
data/bundler/lib/bundler/capistrano.rb +1 -1
data/bundler/lib/bundler/checksum.rb +245 -0
data/bundler/lib/bundler/ci_detector.rb +75 -0
data/bundler/lib/bundler/cli/add.rb +3 -3
data/bundler/lib/bundler/cli/binstubs.rb +4 -4
data/bundler/lib/bundler/cli/cache.rb +1 -1
data/bundler/lib/bundler/cli/check.rb +1 -1
data/bundler/lib/bundler/cli/common.rb +9 -1
data/bundler/lib/bundler/cli/config.rb +8 -7
data/bundler/lib/bundler/cli/console.rb +3 -2
data/bundler/lib/bundler/cli/doctor.rb +2 -2
data/bundler/lib/bundler/cli/exec.rb +1 -1
data/bundler/lib/bundler/cli/gem.rb +28 -23
data/bundler/lib/bundler/cli/info.rb +2 -13
data/bundler/lib/bundler/cli/install.rb +5 -4
data/bundler/lib/bundler/cli/issue.rb +1 -1
data/bundler/lib/bundler/cli/lock.rb +4 -4
data/bundler/lib/bundler/cli/open.rb +1 -1
data/bundler/lib/bundler/cli/outdated.rb +6 -6
data/bundler/lib/bundler/cli/plugin.rb +7 -14
data/bundler/lib/bundler/cli/pristine.rb +38 -30
data/bundler/lib/bundler/cli/show.rb +2 -2
data/bundler/lib/bundler/cli/update.rb +5 -5
data/bundler/lib/bundler/cli.rb +215 -263
data/bundler/lib/bundler/compact_index_client/cache.rb +29 -9
data/bundler/lib/bundler/compact_index_client/cache_file.rb +153 -0
data/bundler/lib/bundler/compact_index_client/gem_parser.rb +7 -3
data/bundler/lib/bundler/compact_index_client/updater.rb +79 -81
data/bundler/lib/bundler/compact_index_client.rb +14 -7
data/bundler/lib/bundler/constants.rb +1 -1
data/bundler/lib/bundler/current_ruby.rb +5 -21
data/bundler/lib/bundler/definition.rb +42 -15
data/bundler/lib/bundler/dependency.rb +16 -12
data/bundler/lib/bundler/digest.rb +2 -2
data/bundler/lib/bundler/dsl.rb +43 -25
data/bundler/lib/bundler/endpoint_specification.rb +5 -1
data/bundler/lib/bundler/env.rb +1 -3
data/bundler/lib/bundler/errors.rb +43 -0
data/bundler/lib/bundler/fetcher/base.rb +3 -1
data/bundler/lib/bundler/fetcher/compact_index.rb +4 -4
data/bundler/lib/bundler/fetcher/downloader.rb +13 -11
data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
data/bundler/lib/bundler/fetcher/index.rb +1 -1
data/bundler/lib/bundler/fetcher.rb +28 -25
data/bundler/lib/bundler/friendly_errors.rb +5 -5
data/bundler/lib/bundler/gem_helper.rb +1 -1
data/bundler/lib/bundler/gem_helpers.rb +5 -2
data/bundler/lib/bundler/graph.rb +9 -9
data/bundler/lib/bundler/index.rb +1 -2
data/bundler/lib/bundler/injector.rb +1 -1
data/bundler/lib/bundler/inline.rb +3 -3
data/bundler/lib/bundler/installer/gem_installer.rb +5 -5
data/bundler/lib/bundler/installer/parallel_installer.rb +16 -8
data/bundler/lib/bundler/installer/standalone.rb +2 -3
data/bundler/lib/bundler/installer.rb +9 -9
data/bundler/lib/bundler/lazy_specification.rb +24 -17
data/bundler/lib/bundler/lockfile_generator.rb +9 -0
data/bundler/lib/bundler/lockfile_parser.rb +81 -10
data/bundler/lib/bundler/man/bundle-add.1 +3 -26
data/bundler/lib/bundler/man/bundle-binstubs.1 +4 -16
data/bundler/lib/bundler/man/bundle-cache.1 +3 -24
data/bundler/lib/bundler/man/bundle-check.1 +3 -12
data/bundler/lib/bundler/man/bundle-clean.1 +3 -10
data/bundler/lib/bundler/man/bundle-config.1 +20 -211
data/bundler/lib/bundler/man/bundle-config.1.ronn +6 -0
data/bundler/lib/bundler/man/bundle-console.1 +4 -22
data/bundler/lib/bundler/man/bundle-doctor.1 +4 -18
data/bundler/lib/bundler/man/bundle-exec.1 +12 -73
data/bundler/lib/bundler/man/bundle-gem.1 +13 -49
data/bundler/lib/bundler/man/bundle-help.1 +3 -7
data/bundler/lib/bundler/man/bundle-info.1 +3 -9
data/bundler/lib/bundler/man/bundle-init.1 +3 -12
data/bundler/lib/bundler/man/bundle-inject.1 +6 -19
data/bundler/lib/bundler/man/bundle-install.1 +27 -125
data/bundler/lib/bundler/man/bundle-install.1.ronn +1 -0
data/bundler/lib/bundler/man/bundle-list.1 +4 -19
data/bundler/lib/bundler/man/bundle-lock.1 +5 -29
data/bundler/lib/bundler/man/bundle-open.1 +7 -27
data/bundler/lib/bundler/man/bundle-outdated.1 +3 -55
data/bundler/lib/bundler/man/bundle-outdated.1.ronn +1 -0
data/bundler/lib/bundler/man/bundle-platform.1 +5 -27
data/bundler/lib/bundler/man/bundle-plugin.1 +3 -29
data/bundler/lib/bundler/man/bundle-pristine.1 +5 -16
data/bundler/lib/bundler/man/bundle-remove.1 +4 -14
data/bundler/lib/bundler/man/bundle-show.1 +3 -10
data/bundler/lib/bundler/man/bundle-update.1 +18 -137
data/bundler/lib/bundler/man/bundle-version.1 +3 -16
data/bundler/lib/bundler/man/bundle-viz.1 +4 -16
data/bundler/lib/bundler/man/bundle.1 +5 -44
data/bundler/lib/bundler/man/gemfile.5 +24 -301
data/bundler/lib/bundler/man/gemfile.5.ronn +4 -0
data/bundler/lib/bundler/match_metadata.rb +4 -0
data/bundler/lib/bundler/match_platform.rb +1 -1
data/bundler/lib/bundler/plugin/api/source.rb +3 -2
data/bundler/lib/bundler/plugin/installer.rb +1 -1
data/bundler/lib/bundler/plugin.rb +3 -3
data/bundler/lib/bundler/resolver/base.rb +1 -1
data/bundler/lib/bundler/resolver/incompatibility.rb +1 -1
data/bundler/lib/bundler/resolver/spec_group.rb +1 -4
data/bundler/lib/bundler/resolver.rb +16 -16
data/bundler/lib/bundler/ruby_dsl.rb +20 -12
data/bundler/lib/bundler/ruby_version.rb +1 -1
data/bundler/lib/bundler/rubygems_ext.rb +24 -50
data/bundler/lib/bundler/rubygems_gem_installer.rb +6 -56
data/bundler/lib/bundler/rubygems_integration.rb +25 -94
data/bundler/lib/bundler/runtime.rb +2 -2
data/bundler/lib/bundler/self_manager.rb +23 -7
data/bundler/lib/bundler/settings.rb +27 -7
data/bundler/lib/bundler/setup.rb +4 -1
data/bundler/lib/bundler/shared_helpers.rb +35 -13
data/bundler/lib/bundler/source/git/git_proxy.rb +15 -15
data/bundler/lib/bundler/source/git.rb +4 -3
data/bundler/lib/bundler/source/metadata.rb +15 -15
data/bundler/lib/bundler/source/path.rb +7 -6
data/bundler/lib/bundler/source/rubygems.rb +21 -14
data/bundler/lib/bundler/source.rb +2 -0
data/bundler/lib/bundler/spec_set.rb +38 -10
data/bundler/lib/bundler/stub_specification.rb +1 -0
data/bundler/lib/bundler/templates/Executable.bundler +1 -1
data/bundler/lib/bundler/templates/newgem/README.md.tt +3 -3
data/bundler/lib/bundler/templates/newgem/Rakefile.tt +2 -6
data/bundler/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +1 -1
data/bundler/lib/bundler/templates/newgem/standard.yml.tt +1 -1
data/bundler/lib/bundler/ui/shell.rb +1 -1
data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +53 -6
data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +8 -20
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +3 -3
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +2 -2
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +1 -1
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +35 -35
data/bundler/lib/bundler/vendor/tsort/lib/tsort.rb +3 -0
data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb +256 -132
data/bundler/lib/bundler/vendor/uri/lib/uri/generic.rb +1 -0
data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +95 -31
data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/bundler/lib/bundler/vendored_net_http.rb +8 -0
data/bundler/lib/bundler/vendored_persistent.rb +0 -4
data/bundler/lib/bundler/vendored_timeout.rb +8 -0
data/bundler/lib/bundler/version.rb +1 -1
data/bundler/lib/bundler/vlad.rb +1 -1
data/bundler/lib/bundler/yaml_serializer.rb +3 -3
data/bundler/lib/bundler.rb +38 -27
data/lib/rubygems/available_set.rb +4 -4
data/lib/rubygems/basic_specification.rb +35 -37
data/lib/rubygems/bundler_version_finder.rb +4 -4
data/lib/rubygems/ci_detector.rb +75 -0
data/lib/rubygems/command.rb +13 -15
data/lib/rubygems/command_manager.rb +5 -4
data/lib/rubygems/commands/build_command.rb +2 -2
data/lib/rubygems/commands/cert_command.rb +1 -2
data/lib/rubygems/commands/check_command.rb +4 -4
data/lib/rubygems/commands/cleanup_command.rb +12 -14
data/lib/rubygems/commands/contents_command.rb +4 -4
data/lib/rubygems/commands/dependency_command.rb +4 -5
data/lib/rubygems/commands/environment_command.rb +1 -3
data/lib/rubygems/commands/exec_command.rb +1 -1
data/lib/rubygems/commands/fetch_command.rb +2 -2
data/lib/rubygems/commands/generate_index_command.rb +39 -74
data/lib/rubygems/commands/help_command.rb +3 -3
data/lib/rubygems/commands/info_command.rb +2 -2
data/lib/rubygems/commands/install_command.rb +8 -16
data/lib/rubygems/commands/list_command.rb +2 -2
data/lib/rubygems/commands/lock_command.rb +1 -1
data/lib/rubygems/commands/open_command.rb +1 -1
data/lib/rubygems/commands/owner_command.rb +1 -1
data/lib/rubygems/commands/pristine_command.rb +13 -15
data/lib/rubygems/commands/push_command.rb +2 -2
data/lib/rubygems/commands/query_command.rb +4 -5
data/lib/rubygems/commands/rdoc_command.rb +2 -2
data/lib/rubygems/commands/search_command.rb +2 -2
data/lib/rubygems/commands/setup_command.rb +31 -34
data/lib/rubygems/commands/sources_command.rb +12 -12
data/lib/rubygems/commands/specification_command.rb +10 -10
data/lib/rubygems/commands/stale_command.rb +1 -1
data/lib/rubygems/commands/uninstall_command.rb +9 -10
data/lib/rubygems/commands/unpack_command.rb +4 -4
data/lib/rubygems/commands/update_command.rb +10 -12
data/lib/rubygems/commands/which_command.rb +1 -1
data/lib/rubygems/commands/yank_command.rb +1 -1
data/lib/rubygems/compatibility.rb +5 -6
data/lib/rubygems/config_file.rb +4 -4
data/lib/rubygems/core_ext/kernel_gem.rb +0 -2
data/lib/rubygems/core_ext/kernel_require.rb +19 -48
data/lib/rubygems/core_ext/kernel_warn.rb +1 -1
data/lib/rubygems/core_ext/tcpsocket_init.rb +1 -1
data/lib/rubygems/defaults.rb +15 -3
data/lib/rubygems/dependency.rb +12 -14
data/lib/rubygems/dependency_installer.rb +29 -30
data/lib/rubygems/dependency_list.rb +1 -1
data/lib/rubygems/deprecate.rb +16 -15
data/lib/rubygems/doctor.rb +5 -5
data/lib/rubygems/errors.rb +2 -6
data/lib/rubygems/exceptions.rb +2 -1
data/lib/rubygems/ext/builder.rb +15 -10
data/lib/rubygems/ext/cargo_builder.rb +5 -5
data/lib/rubygems/ext/ext_conf_builder.rb +1 -3
data/lib/rubygems/gem_runner.rb +4 -4
data/lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb +3 -3
data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -3
data/lib/rubygems/gemcutter_utilities.rb +18 -19
data/lib/rubygems/install_update_options.rb +18 -19
data/lib/rubygems/installer.rb +59 -33
data/lib/rubygems/installer_uninstaller_utils.rb +0 -2
data/lib/rubygems/local_remote_options.rb +7 -10
data/lib/rubygems/name_tuple.rb +7 -9
data/lib/rubygems/net/http.rb +3 -0
data/lib/rubygems/net-http/LICENSE.txt +22 -0
data/lib/rubygems/net-http/lib/net/http/backward.rb +40 -0
data/lib/rubygems/net-http/lib/net/http/exceptions.rb +34 -0
data/lib/rubygems/net-http/lib/net/http/generic_request.rb +414 -0
data/lib/rubygems/net-http/lib/net/http/header.rb +981 -0
data/lib/rubygems/net-http/lib/net/http/proxy_delta.rb +17 -0
data/lib/rubygems/net-http/lib/net/http/request.rb +88 -0
data/lib/rubygems/net-http/lib/net/http/requests.rb +425 -0
data/lib/rubygems/net-http/lib/net/http/response.rb +738 -0
data/lib/rubygems/net-http/lib/net/http/responses.rb +1174 -0
data/lib/rubygems/net-http/lib/net/http/status.rb +84 -0
data/lib/rubygems/net-http/lib/net/http.rb +2496 -0
data/lib/rubygems/net-http/lib/net/https.rb +23 -0
data/lib/rubygems/net-protocol/LICENSE.txt +22 -0
data/lib/rubygems/net-protocol/lib/net/protocol.rb +544 -0
data/lib/rubygems/optparse/lib/optparse.rb +39 -17
data/lib/rubygems/package/old.rb +2 -2
data/lib/rubygems/package/tar_header.rb +45 -39
data/lib/rubygems/package/tar_reader/entry.rb +5 -4
data/lib/rubygems/package/tar_reader.rb +5 -3
data/lib/rubygems/package/tar_writer.rb +19 -17
data/lib/rubygems/package.rb +27 -26
data/lib/rubygems/package_task.rb +2 -2
data/lib/rubygems/path_support.rb +9 -10
data/lib/rubygems/platform.rb +60 -45
data/lib/rubygems/query_utils.rb +7 -9
data/lib/rubygems/remote_fetcher.rb +15 -15
data/lib/rubygems/request/connection_pools.rb +3 -3
data/lib/rubygems/request.rb +20 -17
data/lib/rubygems/request_set/gem_dependency_api.rb +119 -122
data/lib/rubygems/request_set/lockfile/parser.rb +9 -9
data/lib/rubygems/request_set/lockfile/tokenizer.rb +20 -12
data/lib/rubygems/request_set/lockfile.rb +6 -11
data/lib/rubygems/request_set.rb +5 -5
data/lib/rubygems/requirement.rb +7 -7
data/lib/rubygems/resolv/LICENSE.txt +22 -0
data/lib/rubygems/resolv/lib/resolv.rb +3387 -0
data/lib/rubygems/resolver/activation_request.rb +1 -3
data/lib/rubygems/resolver/api_set/gem_parser.rb +7 -3
data/lib/rubygems/resolver/best_set.rb +1 -1
data/lib/rubygems/resolver/composed_set.rb +1 -1
data/lib/rubygems/resolver/conflict.rb +4 -12
data/lib/rubygems/resolver/index_set.rb +4 -4
data/lib/rubygems/resolver/index_specification.rb +2 -2
data/lib/rubygems/resolver/installer_set.rb +5 -6
data/lib/rubygems/resolver/lock_set.rb +1 -1
data/lib/rubygems/resolver.rb +3 -10
data/lib/rubygems/s3_uri_signer.rb +6 -6
data/lib/rubygems/safe_marshal/elements.rb +138 -0
data/lib/rubygems/safe_marshal/reader.rb +306 -0
data/lib/rubygems/safe_marshal/visitors/stream_printer.rb +31 -0
data/lib/rubygems/safe_marshal/visitors/to_ruby.rb +385 -0
data/lib/rubygems/safe_marshal/visitors/visitor.rb +74 -0
data/lib/rubygems/safe_marshal.rb +74 -0
data/lib/rubygems/safe_yaml.rb +5 -28
data/lib/rubygems/security/policies.rb +36 -38
data/lib/rubygems/security/policy.rb +7 -11
data/lib/rubygems/security/signer.rb +1 -1
data/lib/rubygems/security/trust_dir.rb +3 -3
data/lib/rubygems/security.rb +8 -22
data/lib/rubygems/source/git.rb +1 -3
data/lib/rubygems/source/installed.rb +0 -2
data/lib/rubygems/source/local.rb +5 -8
data/lib/rubygems/source/lock.rb +1 -3
data/lib/rubygems/source/specific_file.rb +0 -1
data/lib/rubygems/source/vendor.rb +0 -2
data/lib/rubygems/source.rb +12 -12
data/lib/rubygems/source_list.rb +4 -4
data/lib/rubygems/spec_fetcher.rb +29 -29
data/lib/rubygems/specification.rb +125 -138
data/lib/rubygems/specification_policy.rb +55 -25
data/lib/rubygems/stub_specification.rb +4 -5
data/lib/rubygems/text.rb +1 -2
data/lib/rubygems/timeout/LICENSE.txt +22 -0
data/lib/rubygems/timeout/lib/timeout.rb +199 -0
data/lib/rubygems/timeout.rb +3 -0
data/lib/rubygems/tsort/lib/tsort.rb +3 -0
data/lib/rubygems/uninstaller.rb +7 -9
data/lib/rubygems/update_suggestion.rb +5 -18
data/lib/rubygems/uri_formatter.rb +1 -1
data/lib/rubygems/user_interaction.rb +15 -21
data/lib/rubygems/util/licenses.rb +65 -35
data/lib/rubygems/util/list.rb +3 -1
data/lib/rubygems/util.rb +2 -4
data/lib/rubygems/validator.rb +5 -3
data/lib/rubygems/version.rb +34 -28
data/lib/rubygems/version_option.rb +2 -5
data/lib/rubygems/yaml_serializer.rb +3 -3
data/lib/rubygems.rb +37 -37
data/rubygems-update.gemspec +4 -4
data/setup.rb +2 -2
metadata +38 -225
data/lib/rubygems/indexer.rb +0 -428
data/lib/rubygems/mock_gem_ui.rb +0 -86
data/test/rubygems/alternate_cert.pem +0 -19
data/test/rubygems/alternate_cert_32.pem +0 -19
data/test/rubygems/alternate_key.pem +0 -27
data/test/rubygems/bad_rake.rb +0 -3
data/test/rubygems/bundler_test_gem.rb +0 -424
data/test/rubygems/ca_cert.pem +0 -77
data/test/rubygems/child_cert.pem +0 -19
data/test/rubygems/child_cert_32.pem +0 -19
data/test/rubygems/child_key.pem +0 -27
data/test/rubygems/client.pem +0 -107
data/test/rubygems/data/excon-0.7.7.gemspec.rz +0 -0
data/test/rubygems/data/gem-private_key.pem +0 -27
data/test/rubygems/data/gem-public_cert.pem +0 -20
data/test/rubygems/data/null-required-ruby-version.gemspec.rz +0 -0
data/test/rubygems/data/null-required-rubygems-version.gemspec.rz +0 -0
data/test/rubygems/data/pry-0.4.7.gemspec.rz +0 -0
data/test/rubygems/encrypted_private_key.pem +0 -30
data/test/rubygems/expired_cert.pem +0 -19
data/test/rubygems/fake_certlib/openssl.rb +0 -9
data/test/rubygems/foo/discover.rb +0 -1
data/test/rubygems/future_cert.pem +0 -19
data/test/rubygems/future_cert_32.pem +0 -19
data/test/rubygems/good_rake.rb +0 -3
data/test/rubygems/grandchild_cert.pem +0 -19
data/test/rubygems/grandchild_cert_32.pem +0 -19
data/test/rubygems/grandchild_key.pem +0 -27
data/test/rubygems/helper.rb +0 -1649
data/test/rubygems/installer_test_case.rb +0 -248
data/test/rubygems/invalid_client.pem +0 -49
data/test/rubygems/invalid_issuer_cert.pem +0 -20
data/test/rubygems/invalid_issuer_cert_32.pem +0 -20
data/test/rubygems/invalid_key.pem +0 -27
data/test/rubygems/invalid_signer_cert.pem +0 -19
data/test/rubygems/invalid_signer_cert_32.pem +0 -19
data/test/rubygems/invalidchild_cert.pem +0 -19
data/test/rubygems/invalidchild_cert_32.pem +0 -19
data/test/rubygems/invalidchild_key.pem +0 -27
data/test/rubygems/multifactor_auth_utilities.rb +0 -111
data/test/rubygems/package/tar_test_case.rb +0 -175
data/test/rubygems/packages/Bluebie-legs-0.6.2.gem +0 -0
data/test/rubygems/packages/ascii_binder-0.1.10.1.gem +0 -0
data/test/rubygems/packages/ill-formatted-platform-1.0.0.10.gem +0 -0
data/test/rubygems/plugin/exception/rubygems_plugin.rb +0 -4
data/test/rubygems/plugin/load/rubygems_plugin.rb +0 -5
data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +0 -4
data/test/rubygems/private3072_key.pem +0 -40
data/test/rubygems/private_ec_key.pem +0 -9
data/test/rubygems/private_key.pem +0 -27
data/test/rubygems/public3072_cert.pem +0 -25
data/test/rubygems/public_cert.pem +0 -20
data/test/rubygems/public_cert_32.pem +0 -19
data/test/rubygems/public_key.pem +0 -9
data/test/rubygems/rubygems/commands/crash_command.rb +0 -5
data/test/rubygems/rubygems_plugin.rb +0 -24
data/test/rubygems/sff/discover.rb +0 -1
data/test/rubygems/simple_gem.rb +0 -68
data/test/rubygems/specifications/bar-0.0.2.gemspec +0 -9
data/test/rubygems/specifications/foo-0.0.1-x86-mswin32.gemspec +0 -0
data/test/rubygems/specifications/rubyforge-0.0.1.gemspec +0 -14
data/test/rubygems/ssl_cert.pem +0 -80
data/test/rubygems/ssl_key.pem +0 -27
data/test/rubygems/test_bundled_ca.rb +0 -61
data/test/rubygems/test_config.rb +0 -28
data/test/rubygems/test_deprecate.rb +0 -158
data/test/rubygems/test_exit.rb +0 -17
data/test/rubygems/test_gem.rb +0 -1799
data/test/rubygems/test_gem_available_set.rb +0 -130
data/test/rubygems/test_gem_bundler_version_finder.rb +0 -127
data/test/rubygems/test_gem_command.rb +0 -403
data/test/rubygems/test_gem_command_manager.rb +0 -400
data/test/rubygems/test_gem_commands_build_command.rb +0 -739
data/test/rubygems/test_gem_commands_cert_command.rb +0 -866
data/test/rubygems/test_gem_commands_check_command.rb +0 -68
data/test/rubygems/test_gem_commands_cleanup_command.rb +0 -292
data/test/rubygems/test_gem_commands_contents_command.rb +0 -271
data/test/rubygems/test_gem_commands_dependency_command.rb +0 -228
data/test/rubygems/test_gem_commands_environment_command.rb +0 -169
data/test/rubygems/test_gem_commands_exec_command.rb +0 -857
data/test/rubygems/test_gem_commands_fetch_command.rb +0 -258
data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -81
data/test/rubygems/test_gem_commands_help_command.rb +0 -94
data/test/rubygems/test_gem_commands_info_command.rb +0 -70
data/test/rubygems/test_gem_commands_install_command.rb +0 -1573
data/test/rubygems/test_gem_commands_list_command.rb +0 -33
data/test/rubygems/test_gem_commands_lock_command.rb +0 -67
data/test/rubygems/test_gem_commands_mirror.rb +0 -20
data/test/rubygems/test_gem_commands_open_command.rb +0 -101
data/test/rubygems/test_gem_commands_outdated_command.rb +0 -50
data/test/rubygems/test_gem_commands_owner_command.rb +0 -503
data/test/rubygems/test_gem_commands_pristine_command.rb +0 -708
data/test/rubygems/test_gem_commands_push_command.rb +0 -603
data/test/rubygems/test_gem_commands_query_command.rb +0 -858
data/test/rubygems/test_gem_commands_search_command.rb +0 -16
data/test/rubygems/test_gem_commands_server_command.rb +0 -20
data/test/rubygems/test_gem_commands_setup_command.rb +0 -474
data/test/rubygems/test_gem_commands_signin_command.rb +0 -259
data/test/rubygems/test_gem_commands_signout_command.rb +0 -30
data/test/rubygems/test_gem_commands_sources_command.rb +0 -534
data/test/rubygems/test_gem_commands_specification_command.rb +0 -277
data/test/rubygems/test_gem_commands_stale_command.rb +0 -43
data/test/rubygems/test_gem_commands_uninstall_command.rb +0 -542
data/test/rubygems/test_gem_commands_unpack_command.rb +0 -224
data/test/rubygems/test_gem_commands_update_command.rb +0 -836
data/test/rubygems/test_gem_commands_which_command.rb +0 -85
data/test/rubygems/test_gem_commands_yank_command.rb +0 -299
data/test/rubygems/test_gem_config_file.rb +0 -551
data/test/rubygems/test_gem_dependency.rb +0 -398
data/test/rubygems/test_gem_dependency_installer.rb +0 -1190
data/test/rubygems/test_gem_dependency_list.rb +0 -265
data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -27
data/test/rubygems/test_gem_doctor.rb +0 -195
data/test/rubygems/test_gem_ext_builder.rb +0 -337
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/.gitignore +0 -1
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/custom_name.gemspec +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock +0 -249
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.toml +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/src/lib.rs +0 -27
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/lib/custom_name.rb +0 -3
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/.gitignore +0 -1
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock +0 -249
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/rust_ruby_example.gemspec +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/src/lib.rs +0 -51
data/test/rubygems/test_gem_ext_cargo_builder.rb +0 -167
data/test/rubygems/test_gem_ext_cargo_builder_link_flag_converter.rb +0 -34
data/test/rubygems/test_gem_ext_cargo_builder_unit.rb +0 -60
data/test/rubygems/test_gem_ext_cmake_builder.rb +0 -84
data/test/rubygems/test_gem_ext_configure_builder.rb +0 -80
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +0 -229
data/test/rubygems/test_gem_ext_rake_builder.rb +0 -113
data/test/rubygems/test_gem_gem_runner.rb +0 -119
data/test/rubygems/test_gem_gemcutter_utilities.rb +0 -361
data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -60
data/test/rubygems/test_gem_indexer.rb +0 -381
data/test/rubygems/test_gem_install_update_options.rb +0 -208
data/test/rubygems/test_gem_installer.rb +0 -2512
data/test/rubygems/test_gem_local_remote_options.rb +0 -133
data/test/rubygems/test_gem_name_tuple.rb +0 -43
data/test/rubygems/test_gem_package.rb +0 -1306
data/test/rubygems/test_gem_package_old.rb +0 -91
data/test/rubygems/test_gem_package_tar_header.rb +0 -226
data/test/rubygems/test_gem_package_tar_reader.rb +0 -150
data/test/rubygems/test_gem_package_tar_reader_entry.rb +0 -350
data/test/rubygems/test_gem_package_tar_writer.rb +0 -331
data/test/rubygems/test_gem_package_task.rb +0 -118
data/test/rubygems/test_gem_path_support.rb +0 -139
data/test/rubygems/test_gem_platform.rb +0 -497
data/test/rubygems/test_gem_rdoc.rb +0 -137
data/test/rubygems/test_gem_remote_fetcher.rb +0 -1227
data/test/rubygems/test_gem_request.rb +0 -547
data/test/rubygems/test_gem_request_connection_pools.rb +0 -152
data/test/rubygems/test_gem_request_set.rb +0 -672
data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +0 -853
data/test/rubygems/test_gem_request_set_lockfile.rb +0 -469
data/test/rubygems/test_gem_request_set_lockfile_parser.rb +0 -544
data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +0 -307
data/test/rubygems/test_gem_requirement.rb +0 -505
data/test/rubygems/test_gem_resolver.rb +0 -859
data/test/rubygems/test_gem_resolver_activation_request.rb +0 -43
data/test/rubygems/test_gem_resolver_api_set.rb +0 -210
data/test/rubygems/test_gem_resolver_api_specification.rb +0 -167
data/test/rubygems/test_gem_resolver_best_set.rb +0 -159
data/test/rubygems/test_gem_resolver_composed_set.rb +0 -44
data/test/rubygems/test_gem_resolver_conflict.rb +0 -82
data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -83
data/test/rubygems/test_gem_resolver_git_set.rb +0 -188
data/test/rubygems/test_gem_resolver_git_specification.rb +0 -114
data/test/rubygems/test_gem_resolver_index_set.rb +0 -88
data/test/rubygems/test_gem_resolver_index_specification.rb +0 -93
data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -47
data/test/rubygems/test_gem_resolver_installer_set.rb +0 -320
data/test/rubygems/test_gem_resolver_local_specification.rb +0 -44
data/test/rubygems/test_gem_resolver_lock_set.rb +0 -62
data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -98
data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -19
data/test/rubygems/test_gem_resolver_specification.rb +0 -63
data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -82
data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -82
data/test/rubygems/test_gem_security.rb +0 -341
data/test/rubygems/test_gem_security_policy.rb +0 -535
data/test/rubygems/test_gem_security_signer.rb +0 -218
data/test/rubygems/test_gem_security_trust_dir.rb +0 -99
data/test/rubygems/test_gem_silent_ui.rb +0 -123
data/test/rubygems/test_gem_source.rb +0 -254
data/test/rubygems/test_gem_source_fetch_problem.rb +0 -37
data/test/rubygems/test_gem_source_git.rb +0 -310
data/test/rubygems/test_gem_source_installed.rb +0 -35
data/test/rubygems/test_gem_source_list.rb +0 -119
data/test/rubygems/test_gem_source_local.rb +0 -107
data/test/rubygems/test_gem_source_lock.rb +0 -113
data/test/rubygems/test_gem_source_specific_file.rb +0 -76
data/test/rubygems/test_gem_source_subpath_problem.rb +0 -50
data/test/rubygems/test_gem_source_vendor.rb +0 -30
data/test/rubygems/test_gem_spec_fetcher.rb +0 -338
data/test/rubygems/test_gem_specification.rb +0 -3856
data/test/rubygems/test_gem_stream_ui.rb +0 -255
data/test/rubygems/test_gem_stub_specification.rb +0 -278
data/test/rubygems/test_gem_text.rb +0 -103
data/test/rubygems/test_gem_uninstaller.rb +0 -675
data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -31
data/test/rubygems/test_gem_update_suggestion.rb +0 -209
data/test/rubygems/test_gem_uri.rb +0 -41
data/test/rubygems/test_gem_uri_formatter.rb +0 -27
data/test/rubygems/test_gem_util.rb +0 -91
data/test/rubygems/test_gem_validator.rb +0 -42
data/test/rubygems/test_gem_version.rb +0 -305
data/test/rubygems/test_gem_version_option.rb +0 -165
data/test/rubygems/test_kernel.rb +0 -124
data/test/rubygems/test_project_sanity.rb +0 -49
data/test/rubygems/test_remote_fetch_error.rb +0 -20
data/test/rubygems/test_require.rb +0 -732
data/test/rubygems/test_rubygems.rb +0 -76
data/test/rubygems/test_webauthn_listener.rb +0 -143
data/test/rubygems/test_webauthn_listener_response.rb +0 -93
data/test/rubygems/test_webauthn_poller.rb +0 -124
data/test/rubygems/utilities.rb +0 -436
data/test/rubygems/wrong_key_cert.pem +0 -19
data/test/rubygems/wrong_key_cert_32.pem +0 -19
data/test/test_changelog_generator.rb +0 -17

data/bundler/lib/bundler/definition.rb CHANGED Viewed

@@ -18,7 +18,8 @@ module Bundler
       :platforms,
       :ruby_version,
       :lockfile,
-      :gemfiles
+      :gemfiles,
+      :locked_checksums
     )
     # Given a gemfile and lockfile creates a Bundler definition
@@ -84,7 +85,7 @@ module Bundler
       @new_platform = nil
       @removed_platform = nil
-      if lockfile && File.exist?(lockfile)
+      if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
         @locked_gems = LockfileParser.new(@lockfile_contents)
         @locked_platforms = @locked_gems.platforms
@@ -92,6 +93,7 @@ module Bundler
         @locked_bundler_version = @locked_gems.bundler_version
         @locked_ruby_version = @locked_gems.ruby_version
         @originally_locked_specs = SpecSet.new(@locked_gems.specs)
+        @locked_checksums = @locked_gems.checksums
         if unlock != true
           @locked_deps    = @locked_gems.dependencies
@@ -112,6 +114,7 @@ module Bundler
         @originally_locked_specs = @locked_specs
         @locked_sources = []
         @locked_platforms = []
+        @locked_checksums = nil
       end
       locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@@ -245,8 +248,9 @@ module Bundler
     end
     def filter_relevant(dependencies)
+      platforms_array = [generic_local_platform].freeze
       dependencies.select do |d|
-        d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
+        d.should_include? && !d.gem_platforms(platforms_array).empty?
       end
     end
@@ -270,9 +274,15 @@ module Bundler
     def dependencies_for(groups)
       groups.map!(&:to_sym)
-      current_dependencies.reject do |d|
-        (d.groups & groups).empty?
+      deps = current_dependencies # always returns a new array
+      deps.select! do |d|
+        if RUBY_VERSION >= "3.1"
+          d.groups.intersect?(groups)
+        else
+          !(d.groups & groups).empty?
+        end
       end
+      deps
     end
     # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -302,6 +312,10 @@ module Bundler
       end
     end
+    def should_complete_platforms?
+      !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
+    end
     def spec_git_paths
       sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
     end
@@ -328,7 +342,11 @@ module Bundler
       preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
-      return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+      if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
       if Bundler.frozen_bundle?
         Bundler.ui.error "Cannot write a changed lockfile while frozen."
@@ -491,6 +509,10 @@ module Bundler
     private
+    def lockfile_exists?
+      lockfile && File.exist?(lockfile)
+    end
     def resolver
       @resolver ||= Resolver.new(resolution_packages, gem_version_promoter)
     end
@@ -510,7 +532,7 @@ module Bundler
       @resolution_packages ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!(current_dependencies)
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, :locked_specs => @originally_locked_specs, :unlock => @unlock[:gems], :prerelease => gem_version_promoter.pre?)
+        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlock[:gems], prerelease: gem_version_promoter.pre?)
         additional_base_requirements_for_resolve(packages, last_resolve)
       end
     end
@@ -567,11 +589,12 @@ module Bundler
     end
     def start_resolution
-      result = resolver.start
+      result = SpecSet.new(resolver.start)
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+      @platforms = result.complete_platforms!(platforms) if should_complete_platforms?
-      SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
+      SpecSet.new(result.for(dependencies, false, @platforms))
     end
     def precompute_source_requirements_for_indirect_dependencies?
@@ -592,7 +615,7 @@ module Bundler
     end
     def current_ruby_platform_locked?
-      return false unless generic_local_platform == Gem::Platform::RUBY
+      return false unless generic_local_platform_is_ruby?
       return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
       current_platform_locked?
@@ -657,8 +680,7 @@ module Bundler
       locked_index = Index.new
       locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
-      # order here matters, since Index#== is checking source.specs.include?(locked_index)
-      locked_index != source.specs
+      !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
       Bundler.ui.debug "Assuming that #{source} has not changed since fetching its specs errored (#{e})"
       false
@@ -750,6 +772,11 @@ module Bundler
       changes = sources.replace_sources!(@locked_sources)
       sources.all_sources.each do |source|
+        # has to be done separately, because we want to keep the locked checksum
+        # store for a source, even when doing a full update
+        if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
+          source.checksum_store.merge!(locked_source.checksum_store)
+        end
         # If the source is unlockable and the current command allows an unlock of
         # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
         # gem), unlock it. For git sources, this means to unlock the revision, which
@@ -893,9 +920,9 @@ module Bundler
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
         all_requirements = source_map.all_requirements
         all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
-        { :default => default_source }.merge(all_requirements)
+        { default: default_source }.merge(all_requirements)
       else
-        { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
+        { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
       source_requirements.merge!(source_map.locked_requirements) unless @remote
       metadata_dependencies.each do |dep|
@@ -959,7 +986,7 @@ module Bundler
     def remove_invalid_platforms!(dependencies)
       return if Bundler.frozen_bundle?
-      platforms.each do |platform|
+      platforms.reverse_each do |platform|
         next if local_platform == platform ||
                 (@new_platform && platforms.last == platform) ||
                 @path_changes ||

data/bundler/lib/bundler/dependency.rb CHANGED Viewed

@@ -9,18 +9,19 @@ module Bundler
     attr_reader :autorequire
     attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
-    ALL_RUBY_VERSIONS = ((18..27).to_a + (30..33).to_a).freeze
+    ALL_RUBY_VERSIONS = (18..27).to_a.concat((30..34).to_a).freeze
     PLATFORM_MAP = {
-      :ruby => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :mri => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :rbx => [Gem::Platform::RUBY],
-      :truffleruby => [Gem::Platform::RUBY],
-      :jruby => [Gem::Platform::JAVA, [18, 19]],
-      :windows => [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
-      :mswin => [Gem::Platform::MSWIN,     ALL_RUBY_VERSIONS],
-      :mswin64 => [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
-      :mingw => [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
-      :x64_mingw => [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
+      ruby: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      mri: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      rbx: [Gem::Platform::RUBY],
+      truffleruby: [Gem::Platform::RUBY],
+      jruby: [Gem::Platform::JAVA, [18, 19]],
+      windows: [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
+      # deprecated
+      mswin: [Gem::Platform::MSWIN, ALL_RUBY_VERSIONS],
+      mswin64: [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
+      mingw: [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
+      x64_mingw: [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
     }.each_with_object({}) do |(platform, spec), hash|
       hash[platform] = spec[0]
       spec[1]&.each {|version| hash[:"#{platform}_#{version}"] = spec[0] }
@@ -47,10 +48,13 @@ module Bundler
       @autorequire = Array(options["require"] || []) if options.key?("require")
     end
+    RUBY_PLATFORM_ARRAY = [Gem::Platform::RUBY].freeze
+    private_constant :RUBY_PLATFORM_ARRAY
     # Returns the platforms this dependency is valid for, in the same order as
     # passed in the `valid_platforms` parameter
     def gem_platforms(valid_platforms)
-      return [Gem::Platform::RUBY] if force_ruby_platform
+      return RUBY_PLATFORM_ARRAY if force_ruby_platform
       return valid_platforms if @platforms.empty?
       valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }

data/bundler/lib/bundler/digest.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Bundler
           end
           a, b, c, d, e = *words
           (16..79).each do |i|
-            w[i] = SHA1_MASK & rotate((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1)
+            w[i] = SHA1_MASK & rotate((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]), 1)
           end
           0.upto(79) do |i|
             case i
@@ -50,7 +50,7 @@ module Bundler
           words.map!.with_index {|word, index| SHA1_MASK & (word + mutated[index]) }
         end
-        words.pack("N*").unpack("H*").first
+        words.pack("N*").unpack1("H*")
       end
       private

data/bundler/lib/bundler/dsl.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Bundler
     VALID_KEYS = %w[group groups git path glob name branch ref tag require submodules
                     platform platforms type source install_if gemfile force_ruby_platform].freeze
-    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}.freeze
+    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}
     attr_reader :gemspecs
     attr_accessor :dependencies
@@ -46,7 +46,7 @@ module Bundler
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.tap {|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+      instance_eval(contents, gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -76,11 +76,11 @@ module Bundler
         @gemspecs << spec
-        gem spec.name, :name => spec.name, :path => path, :glob => glob
+        gem spec.name, name: spec.name, path: path, glob: glob
         group(development_group) do
           spec.development_dependencies.each do |dep|
-            gem dep.name, *(dep.requirement.as_list + [:type => :development])
+            gem dep.name, *(dep.requirement.as_list + [type: :development])
           end
         end
       when 0
@@ -102,38 +102,45 @@ module Bundler
       # if there's already a dependency with this name we try to prefer one
       if current = @dependencies.find {|d| d.name == dep.name }
+        # Always prefer the dependency from the Gemfile
         deleted_dep = @dependencies.delete(current) if current.type == :development
-        unless deleted_dep
-          if current.requirement != dep.requirement
-            return if dep.type == :development
+        if current.requirement != dep.requirement
+          current_requirement_open = current.requirements_list.include?(">= 0")
+          if current.type == :development
+            unless current_requirement_open || dep.type == :development
+              Bundler.ui.warn "A gemspec development dependency (#{dep.name}, #{current.requirement}) is being overridden by a Gemfile dependency (#{dep.name}, #{dep.requirement}).\n" \
+                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n" \
+            end
+          else
             update_prompt = ""
             if File.basename(@gemfile) == Injector::INJECTED_GEMS
-              if dep.requirements_list.include?(">= 0") && !current.requirements_list.include?(">= 0")
+              if dep.requirements_list.include?(">= 0") && !current_requirement_open
                 update_prompt = ". Gem already added"
               else
                 update_prompt = ". If you want to update the gem version, run `bundle update #{current.name}`"
-                update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current.requirements_list.include?(">= 0")
+                update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current_requirement_open
               end
             end
             raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
-                            "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
-                             "#{update_prompt}"
-          elsif current.source != dep.source
-            return if dep.type == :development
-            raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
-                            "#{current.source || "an unspecified source"} and #{dep.source}\n"
-          else
-            Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
-                            "You should probably keep only one of them.\n" \
-                            "Remove any duplicate entries and specify the gem only once.\n" \
-                            "While it's not a problem now, it could cause errors if you change the version of one of them later."
+                           "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
+                           "#{update_prompt}"
           end
+        elsif current.type == :development || dep.type == :development
+          return if deleted_dep.nil?
+        elsif current.source != dep.source
+          raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
+                          "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                          "#{current.source || "an unspecified source"} and #{dep.source}\n"
+        else
+          Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
+                          "You should probably keep only one of them.\n" \
+                          "Remove any duplicate entries and specify the gem only once.\n" \
+                          "While it's not a problem now, it could cause errors if you change the version of one of them later."
         end
       end
@@ -422,9 +429,13 @@ module Bundler
     def normalize_source(source)
       case source
       when :gemcutter, :rubygems, :rubyforge
-        Bundler::SharedHelpers.major_deprecation 2, "The source :#{source} is deprecated because HTTP " \
-          "requests are insecure.\nPlease change your source to 'https://" \
-          "rubygems.org' if possible, or 'http://rubygems.org' if not."
+        message =
+          "The source :#{source} is deprecated because HTTP requests are insecure.\n" \
+          "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
+        removed_message =
+          "The source :#{source} is disallowed because HTTP requests are insecure.\n" \
+          "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
+        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
         "http://rubygems.org"
       when String
         source
@@ -469,10 +480,17 @@ module Bundler
           "should come from that source"
         raise GemfileEvalError, msg
       else
-        Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple global sources. " \
+        message =
+          "Your Gemfile contains multiple global sources. " \
           "Using `source` more than once without a block is a security risk, and " \
           "may result in installing unexpected gems. To resolve this warning, use " \
           "a block to indicate which gems should come from the secondary source."
+        removed_message =
+          "Your Gemfile contains multiple global sources. " \
+          "Using `source` more than once without a block is a security risk, and " \
+          "may result in installing unexpected gems. To resolve this error, use " \
+          "a block to indicate which gems should come from the secondary source."
+        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
       end
     end

data/bundler/lib/bundler/endpoint_specification.rb CHANGED Viewed

@@ -125,7 +125,11 @@ module Bundler
         next unless v
         case k.to_s
         when "checksum"
-          @checksum = v.last
+          begin
+            @checksum = Checksum.from_api(v.last, @spec_fetcher.uri)
+          rescue ArgumentError => e
+            raise ArgumentError, "Invalid checksum for #{full_name}: #{e.message}"
+          end
         when "rubygems"
           @required_rubygems_version = Gem::Requirement.new(v)
         when "ruby"

data/bundler/lib/bundler/env.rb CHANGED Viewed

@@ -69,9 +69,7 @@ module Bundler
     end
     def self.ruby_version
-      str = String.new(RUBY_VERSION)
-      str << "p#{RUBY_PATCHLEVEL}" if defined? RUBY_PATCHLEVEL
-      str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
+      "#{RUBY_VERSION}p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
     end
     def self.git_version

data/bundler/lib/bundler/errors.rb CHANGED Viewed

@@ -52,6 +52,49 @@ module Bundler
   class GemfileEvalError < GemfileError; end
   class MarshalError < StandardError; end
+  class ChecksumMismatchError < SecurityError
+    def initialize(lock_name, existing, checksum)
+      @lock_name = lock_name
+      @existing = existing
+      @checksum = checksum
+    end
+    def message
+      <<~MESSAGE
+        Bundler found mismatched checksums. This is a potential security risk.
+          #{@lock_name} #{@existing.to_lock}
+            from #{@existing.sources.join("\n    and ")}
+          #{@lock_name} #{@checksum.to_lock}
+            from #{@checksum.sources.join("\n    and ")}
+        #{mismatch_resolution_instructions}
+        To ignore checksum security warnings, disable checksum validation with
+          `bundle config set --local disable_checksum_validation true`
+      MESSAGE
+    end
+    def mismatch_resolution_instructions
+      removable, remote = [@existing, @checksum].partition(&:removable?)
+      case removable.size
+      when 0
+        msg = +"Mismatched checksums each have an authoritative source:\n"
+        msg << "  1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
+        msg << "  2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
+        msg << "You may need to alter your Gemfile sources to resolve this issue.\n"
+      when 1
+        msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n"
+        msg << removable.first.removal_instructions
+      when 2
+        msg = +"To resolve this issue you can either:\n"
+        msg << @checksum.removal_instructions
+        msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n"
+        msg << @existing.removal_instructions
+      end
+    end
+    status_code(37)
+  end
   class PermissionError < BundlerError
     def initialize(path, permission_type = :write)
       @path = path

data/bundler/lib/bundler/fetcher/base.rb CHANGED Viewed

@@ -6,12 +6,14 @@ module Bundler
       attr_reader :downloader
       attr_reader :display_uri
       attr_reader :remote
+      attr_reader :gem_remote_fetcher
-      def initialize(downloader, remote, display_uri)
+      def initialize(downloader, remote, display_uri, gem_remote_fetcher)
         raise "Abstract class" if self.class == Base
         @downloader = downloader
         @remote = remote
         @display_uri = display_uri
+        @gem_remote_fetcher = gem_remote_fetcher
       end
       def remote_uri

data/bundler/lib/bundler/fetcher/compact_index.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Bundler
         undef_method(method_name)
         define_method(method_name) do |*args, &blk|
           method.bind(self).call(*args, &blk)
-        rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
+        rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
           raise HTTPError, e.message
         rescue AuthenticationRequiredError, BadAuthenticationError
           # Fail since we got a 401 from the server.
@@ -44,7 +44,7 @@ module Bundler
                    @bundle_worker = nil # reset it.  Not sure if necessary
                    serial_compact_index_client.dependencies(remaining_gems)
                  end
-          next_gems = deps.map {|d| d[3].map(&:first).flatten(1) }.flatten(1).uniq
+          next_gems = deps.flat_map {|d| d[3].flat_map(&:first) }.uniq
           deps.each {|dep| gem_info << dep }
           complete_gems.concat(deps.map(&:first)).uniq!
           remaining_gems = next_gems - complete_gems
@@ -62,7 +62,7 @@ module Bundler
         end
         # Read info file checksums out of /versions, so we can know if gems are up to date
         compact_index_client.update_and_parse_checksums!
-      rescue CompactIndexClient::Updater::MisMatchedChecksumError => e
+      rescue CompactIndexClient::Updater::MismatchedChecksumError => e
         Bundler.ui.debug(e.message)
         nil
       end
@@ -121,7 +121,7 @@ module Bundler
         rescue NetworkDownError => e
           raise unless Bundler.feature_flag.allow_offline_install? && headers["If-None-Match"]
           ui.warn "Using the cached data for the new index because of a network error: #{e}"
-          Net::HTTPNotModified.new(nil, nil, nil)
+          Gem::Net::HTTPNotModified.new(nil, nil, nil)
         end
       end
     end

data/bundler/lib/bundler/fetcher/downloader.rb CHANGED Viewed

@@ -20,33 +20,35 @@ module Bundler
         Bundler.ui.debug("HTTP #{response.code} #{response.message} #{filtered_uri}")
         case response
-        when Net::HTTPSuccess, Net::HTTPNotModified
+        when Gem::Net::HTTPSuccess, Gem::Net::HTTPNotModified
           response
-        when Net::HTTPRedirection
+        when Gem::Net::HTTPRedirection
           new_uri = Bundler::URI.parse(response["location"])
           if new_uri.host == uri.host
             new_uri.user = uri.user
             new_uri.password = uri.password
           end
           fetch(new_uri, headers, counter + 1)
-        when Net::HTTPRequestedRangeNotSatisfiable
+        when Gem::Net::HTTPRequestedRangeNotSatisfiable
           new_headers = headers.dup
           new_headers.delete("Range")
           new_headers["Accept-Encoding"] = "gzip"
           fetch(uri, new_headers)
-        when Net::HTTPRequestEntityTooLarge
+        when Gem::Net::HTTPRequestEntityTooLarge
           raise FallbackError, response.body
-        when Net::HTTPTooManyRequests
+        when Gem::Net::HTTPTooManyRequests
           raise TooManyRequestsError, response.body
-        when Net::HTTPUnauthorized
+        when Gem::Net::HTTPUnauthorized
           raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
-        when Net::HTTPForbidden
+        when Gem::Net::HTTPForbidden
           raise AuthenticationForbiddenError, uri.host
-        when Net::HTTPNotFound
-          raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
+        when Gem::Net::HTTPNotFound
+          raise FallbackError, "Gem::Net::HTTPNotFound: #{filtered_uri}"
         else
-          raise HTTPError, "#{response.class}#{": #{response.body}" unless response.body.empty?}"
+          message = "Gem::#{response.class.name.gsub(/\AGem::/, "")}"
+          message += ": #{response.body}" unless response.body.empty?
+          raise HTTPError, message
         end
       end
@@ -56,7 +58,7 @@ module Bundler
         filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
         Bundler.ui.debug "HTTP GET #{filtered_uri}"
-        req = Net::HTTP::Get.new uri.request_uri, headers
+        req = Gem::Net::HTTP::Get.new uri.request_uri, headers
         if uri.user
           user = CGI.unescape(uri.user)
           password = uri.password ? CGI.unescape(uri.password) : nil

data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require "rubygems/remote_fetcher"
+module Bundler
+  class Fetcher
+    class GemRemoteFetcher < Gem::RemoteFetcher
+      def request(*args)
+        super do |req|
+          req.delete("User-Agent") if headers["User-Agent"]
+          yield req if block_given?
+        end
+      end
+    end
+  end
+end

data/bundler/lib/bundler/fetcher/index.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Bundler
   class Fetcher
     class Index < Base
       def specs(_gem_names)
-        Bundler.rubygems.fetch_all_remote_specs(remote)
+        Bundler.rubygems.fetch_all_remote_specs(remote, gem_remote_fetcher)
       rescue Gem::RemoteFetcher::FetchError => e
         case e.message
         when /certificate verify failed/