RubyGems - rubygems-update - Versions diffs - 3.4.22 → 3.5.1 - Mend

rubygems-update 3.4.22 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (540) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +105 -2
data/Manifest.txt +46 -221
data/README.md +1 -3
data/bundler/CHANGELOG.md +63 -0
data/bundler/bundler.gemspec +4 -2
data/bundler/exe/bundle +1 -10
data/bundler/lib/bundler/build_metadata.rb +3 -3
data/bundler/lib/bundler/capistrano.rb +1 -1
data/bundler/lib/bundler/checksum.rb +254 -0
data/bundler/lib/bundler/ci_detector.rb +75 -0
data/bundler/lib/bundler/cli/add.rb +3 -3
data/bundler/lib/bundler/cli/binstubs.rb +4 -4
data/bundler/lib/bundler/cli/cache.rb +1 -1
data/bundler/lib/bundler/cli/check.rb +1 -1
data/bundler/lib/bundler/cli/common.rb +9 -1
data/bundler/lib/bundler/cli/config.rb +8 -7
data/bundler/lib/bundler/cli/console.rb +3 -2
data/bundler/lib/bundler/cli/doctor.rb +2 -2
data/bundler/lib/bundler/cli/exec.rb +1 -1
data/bundler/lib/bundler/cli/gem.rb +28 -23
data/bundler/lib/bundler/cli/info.rb +2 -13
data/bundler/lib/bundler/cli/install.rb +5 -4
data/bundler/lib/bundler/cli/issue.rb +1 -1
data/bundler/lib/bundler/cli/lock.rb +4 -4
data/bundler/lib/bundler/cli/open.rb +1 -1
data/bundler/lib/bundler/cli/outdated.rb +6 -6
data/bundler/lib/bundler/cli/plugin.rb +7 -14
data/bundler/lib/bundler/cli/pristine.rb +38 -30
data/bundler/lib/bundler/cli/show.rb +2 -2
data/bundler/lib/bundler/cli/update.rb +5 -5
data/bundler/lib/bundler/cli.rb +215 -263
data/bundler/lib/bundler/compact_index_client/cache.rb +29 -9
data/bundler/lib/bundler/compact_index_client/cache_file.rb +153 -0
data/bundler/lib/bundler/compact_index_client/gem_parser.rb +7 -3
data/bundler/lib/bundler/compact_index_client/updater.rb +79 -81
data/bundler/lib/bundler/compact_index_client.rb +14 -7
data/bundler/lib/bundler/constants.rb +1 -1
data/bundler/lib/bundler/current_ruby.rb +5 -21
data/bundler/lib/bundler/definition.rb +42 -15
data/bundler/lib/bundler/dependency.rb +16 -12
data/bundler/lib/bundler/digest.rb +2 -2
data/bundler/lib/bundler/dsl.rb +46 -30
data/bundler/lib/bundler/endpoint_specification.rb +5 -1
data/bundler/lib/bundler/env.rb +1 -3
data/bundler/lib/bundler/errors.rb +43 -0
data/bundler/lib/bundler/fetcher/base.rb +3 -1
data/bundler/lib/bundler/fetcher/compact_index.rb +4 -4
data/bundler/lib/bundler/fetcher/downloader.rb +13 -11
data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
data/bundler/lib/bundler/fetcher/index.rb +1 -1
data/bundler/lib/bundler/fetcher.rb +28 -25
data/bundler/lib/bundler/friendly_errors.rb +5 -5
data/bundler/lib/bundler/gem_helper.rb +1 -1
data/bundler/lib/bundler/gem_helpers.rb +5 -2
data/bundler/lib/bundler/graph.rb +9 -9
data/bundler/lib/bundler/index.rb +1 -2
data/bundler/lib/bundler/injector.rb +1 -1
data/bundler/lib/bundler/inline.rb +3 -3
data/bundler/lib/bundler/installer/gem_installer.rb +5 -5
data/bundler/lib/bundler/installer/parallel_installer.rb +16 -8
data/bundler/lib/bundler/installer/standalone.rb +2 -3
data/bundler/lib/bundler/installer.rb +9 -9
data/bundler/lib/bundler/lazy_specification.rb +24 -17
data/bundler/lib/bundler/lockfile_generator.rb +9 -0
data/bundler/lib/bundler/lockfile_parser.rb +81 -10
data/bundler/lib/bundler/man/bundle-add.1 +3 -26
data/bundler/lib/bundler/man/bundle-binstubs.1 +4 -16
data/bundler/lib/bundler/man/bundle-cache.1 +3 -24
data/bundler/lib/bundler/man/bundle-check.1 +3 -12
data/bundler/lib/bundler/man/bundle-clean.1 +3 -10
data/bundler/lib/bundler/man/bundle-config.1 +20 -211
data/bundler/lib/bundler/man/bundle-config.1.ronn +6 -0
data/bundler/lib/bundler/man/bundle-console.1 +4 -22
data/bundler/lib/bundler/man/bundle-doctor.1 +4 -18
data/bundler/lib/bundler/man/bundle-exec.1 +12 -73
data/bundler/lib/bundler/man/bundle-gem.1 +13 -49
data/bundler/lib/bundler/man/bundle-help.1 +3 -7
data/bundler/lib/bundler/man/bundle-info.1 +3 -9
data/bundler/lib/bundler/man/bundle-init.1 +3 -12
data/bundler/lib/bundler/man/bundle-inject.1 +6 -19
data/bundler/lib/bundler/man/bundle-install.1 +27 -125
data/bundler/lib/bundler/man/bundle-install.1.ronn +1 -0
data/bundler/lib/bundler/man/bundle-list.1 +4 -19
data/bundler/lib/bundler/man/bundle-lock.1 +5 -29
data/bundler/lib/bundler/man/bundle-open.1 +7 -27
data/bundler/lib/bundler/man/bundle-outdated.1 +3 -55
data/bundler/lib/bundler/man/bundle-outdated.1.ronn +1 -0
data/bundler/lib/bundler/man/bundle-platform.1 +5 -27
data/bundler/lib/bundler/man/bundle-plugin.1 +3 -29
data/bundler/lib/bundler/man/bundle-pristine.1 +5 -16
data/bundler/lib/bundler/man/bundle-remove.1 +4 -14
data/bundler/lib/bundler/man/bundle-show.1 +3 -10
data/bundler/lib/bundler/man/bundle-update.1 +18 -137
data/bundler/lib/bundler/man/bundle-version.1 +3 -16
data/bundler/lib/bundler/man/bundle-viz.1 +4 -16
data/bundler/lib/bundler/man/bundle.1 +5 -44
data/bundler/lib/bundler/man/gemfile.5 +24 -301
data/bundler/lib/bundler/man/gemfile.5.ronn +4 -0
data/bundler/lib/bundler/match_metadata.rb +4 -0
data/bundler/lib/bundler/match_platform.rb +1 -1
data/bundler/lib/bundler/plugin/api/source.rb +3 -2
data/bundler/lib/bundler/plugin/installer.rb +1 -1
data/bundler/lib/bundler/plugin.rb +3 -3
data/bundler/lib/bundler/resolver/base.rb +1 -1
data/bundler/lib/bundler/resolver/incompatibility.rb +1 -1
data/bundler/lib/bundler/resolver/spec_group.rb +1 -4
data/bundler/lib/bundler/resolver.rb +16 -16
data/bundler/lib/bundler/ruby_dsl.rb +20 -12
data/bundler/lib/bundler/ruby_version.rb +1 -1
data/bundler/lib/bundler/rubygems_ext.rb +24 -50
data/bundler/lib/bundler/rubygems_gem_installer.rb +6 -56
data/bundler/lib/bundler/rubygems_integration.rb +25 -94
data/bundler/lib/bundler/runtime.rb +2 -2
data/bundler/lib/bundler/self_manager.rb +23 -7
data/bundler/lib/bundler/settings.rb +27 -7
data/bundler/lib/bundler/setup.rb +4 -1
data/bundler/lib/bundler/shared_helpers.rb +35 -13
data/bundler/lib/bundler/source/git/git_proxy.rb +15 -15
data/bundler/lib/bundler/source/git.rb +4 -3
data/bundler/lib/bundler/source/metadata.rb +15 -15
data/bundler/lib/bundler/source/path.rb +7 -6
data/bundler/lib/bundler/source/rubygems.rb +21 -14
data/bundler/lib/bundler/source.rb +2 -0
data/bundler/lib/bundler/spec_set.rb +38 -10
data/bundler/lib/bundler/stub_specification.rb +1 -0
data/bundler/lib/bundler/templates/Executable.bundler +1 -1
data/bundler/lib/bundler/templates/newgem/README.md.tt +3 -3
data/bundler/lib/bundler/templates/newgem/Rakefile.tt +2 -6
data/bundler/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +1 -1
data/bundler/lib/bundler/templates/newgem/standard.yml.tt +1 -1
data/bundler/lib/bundler/ui/shell.rb +1 -1
data/bundler/lib/bundler/vendor/connection_pool/.document +1 -0
data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +53 -6
data/bundler/lib/bundler/vendor/fileutils/.document +1 -0
data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +8 -20
data/bundler/lib/bundler/vendor/net-http-persistent/.document +1 -0
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +3 -3
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +2 -2
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +1 -1
data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +34 -34
data/bundler/lib/bundler/vendor/pub_grub/.document +1 -0
data/bundler/lib/bundler/vendor/thor/.document +1 -0
data/bundler/lib/bundler/vendor/tsort/.document +1 -0
data/bundler/lib/bundler/vendor/tsort/lib/tsort.rb +3 -0
data/bundler/lib/bundler/vendor/uri/.document +1 -0
data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb +256 -132
data/bundler/lib/bundler/vendor/uri/lib/uri/generic.rb +1 -0
data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +95 -31
data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/bundler/lib/bundler/vendored_net_http.rb +8 -0
data/bundler/lib/bundler/vendored_persistent.rb +0 -4
data/bundler/lib/bundler/vendored_timeout.rb +8 -0
data/bundler/lib/bundler/version.rb +1 -1
data/bundler/lib/bundler/vlad.rb +1 -1
data/bundler/lib/bundler/yaml_serializer.rb +3 -3
data/bundler/lib/bundler.rb +41 -32
data/lib/rubygems/available_set.rb +4 -4
data/lib/rubygems/basic_specification.rb +35 -37
data/lib/rubygems/bundler_version_finder.rb +4 -4
data/lib/rubygems/ci_detector.rb +75 -0
data/lib/rubygems/command.rb +13 -15
data/lib/rubygems/command_manager.rb +5 -4
data/lib/rubygems/commands/build_command.rb +2 -2
data/lib/rubygems/commands/cert_command.rb +1 -2
data/lib/rubygems/commands/check_command.rb +4 -4
data/lib/rubygems/commands/cleanup_command.rb +12 -14
data/lib/rubygems/commands/contents_command.rb +4 -4
data/lib/rubygems/commands/dependency_command.rb +4 -5
data/lib/rubygems/commands/environment_command.rb +1 -3
data/lib/rubygems/commands/exec_command.rb +1 -1
data/lib/rubygems/commands/fetch_command.rb +2 -2
data/lib/rubygems/commands/generate_index_command.rb +39 -74
data/lib/rubygems/commands/help_command.rb +3 -3
data/lib/rubygems/commands/info_command.rb +2 -2
data/lib/rubygems/commands/install_command.rb +8 -16
data/lib/rubygems/commands/list_command.rb +2 -2
data/lib/rubygems/commands/lock_command.rb +1 -1
data/lib/rubygems/commands/open_command.rb +1 -1
data/lib/rubygems/commands/owner_command.rb +1 -1
data/lib/rubygems/commands/pristine_command.rb +13 -15
data/lib/rubygems/commands/push_command.rb +2 -2
data/lib/rubygems/commands/query_command.rb +4 -5
data/lib/rubygems/commands/rdoc_command.rb +2 -2
data/lib/rubygems/commands/search_command.rb +2 -2
data/lib/rubygems/commands/setup_command.rb +31 -34
data/lib/rubygems/commands/sources_command.rb +12 -12
data/lib/rubygems/commands/specification_command.rb +10 -10
data/lib/rubygems/commands/stale_command.rb +1 -1
data/lib/rubygems/commands/uninstall_command.rb +9 -10
data/lib/rubygems/commands/unpack_command.rb +4 -4
data/lib/rubygems/commands/update_command.rb +10 -12
data/lib/rubygems/commands/which_command.rb +1 -1
data/lib/rubygems/commands/yank_command.rb +1 -1
data/lib/rubygems/compatibility.rb +5 -6
data/lib/rubygems/config_file.rb +4 -4
data/lib/rubygems/core_ext/kernel_gem.rb +0 -2
data/lib/rubygems/core_ext/kernel_require.rb +19 -48
data/lib/rubygems/core_ext/kernel_warn.rb +1 -1
data/lib/rubygems/core_ext/tcpsocket_init.rb +1 -1
data/lib/rubygems/defaults.rb +15 -3
data/lib/rubygems/dependency.rb +12 -14
data/lib/rubygems/dependency_installer.rb +29 -30
data/lib/rubygems/dependency_list.rb +1 -1
data/lib/rubygems/deprecate.rb +16 -15
data/lib/rubygems/doctor.rb +5 -5
data/lib/rubygems/errors.rb +2 -6
data/lib/rubygems/exceptions.rb +2 -1
data/lib/rubygems/ext/builder.rb +15 -10
data/lib/rubygems/ext/cargo_builder.rb +5 -5
data/lib/rubygems/ext/ext_conf_builder.rb +1 -3
data/lib/rubygems/gem_runner.rb +4 -4
data/lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb +3 -3
data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -3
data/lib/rubygems/gemcutter_utilities.rb +18 -19
data/lib/rubygems/install_update_options.rb +18 -19
data/lib/rubygems/installer.rb +59 -33
data/lib/rubygems/installer_uninstaller_utils.rb +0 -2
data/lib/rubygems/local_remote_options.rb +7 -10
data/lib/rubygems/name_tuple.rb +7 -9
data/lib/rubygems/net/http.rb +3 -0
data/lib/rubygems/net-http/.document +1 -0
data/lib/rubygems/net-http/LICENSE.txt +22 -0
data/lib/rubygems/net-http/lib/net/http/backward.rb +40 -0
data/lib/rubygems/net-http/lib/net/http/exceptions.rb +34 -0
data/lib/rubygems/net-http/lib/net/http/generic_request.rb +414 -0
data/lib/rubygems/net-http/lib/net/http/header.rb +981 -0
data/lib/rubygems/net-http/lib/net/http/proxy_delta.rb +17 -0
data/lib/rubygems/net-http/lib/net/http/request.rb +88 -0
data/lib/rubygems/net-http/lib/net/http/requests.rb +425 -0
data/lib/rubygems/net-http/lib/net/http/response.rb +738 -0
data/lib/rubygems/net-http/lib/net/http/responses.rb +1174 -0
data/lib/rubygems/net-http/lib/net/http/status.rb +84 -0
data/lib/rubygems/net-http/lib/net/http.rb +2496 -0
data/lib/rubygems/net-http/lib/net/https.rb +23 -0
data/lib/rubygems/net-protocol/.document +1 -0
data/lib/rubygems/net-protocol/LICENSE.txt +22 -0
data/lib/rubygems/net-protocol/lib/net/protocol.rb +544 -0
data/lib/rubygems/optparse/lib/optparse.rb +39 -17
data/lib/rubygems/package/old.rb +2 -2
data/lib/rubygems/package/tar_header.rb +45 -39
data/lib/rubygems/package/tar_reader/entry.rb +5 -4
data/lib/rubygems/package/tar_reader.rb +5 -3
data/lib/rubygems/package/tar_writer.rb +19 -17
data/lib/rubygems/package.rb +27 -26
data/lib/rubygems/package_task.rb +2 -2
data/lib/rubygems/path_support.rb +9 -10
data/lib/rubygems/platform.rb +60 -45
data/lib/rubygems/query_utils.rb +7 -9
data/lib/rubygems/remote_fetcher.rb +15 -15
data/lib/rubygems/request/connection_pools.rb +3 -3
data/lib/rubygems/request.rb +20 -17
data/lib/rubygems/request_set/gem_dependency_api.rb +119 -122
data/lib/rubygems/request_set/lockfile/parser.rb +9 -9
data/lib/rubygems/request_set/lockfile/tokenizer.rb +20 -12
data/lib/rubygems/request_set/lockfile.rb +6 -11
data/lib/rubygems/request_set.rb +5 -5
data/lib/rubygems/requirement.rb +7 -7
data/lib/rubygems/resolv/.document +1 -0
data/lib/rubygems/resolv/LICENSE.txt +22 -0
data/lib/rubygems/resolv/lib/resolv.rb +3387 -0
data/lib/rubygems/resolver/activation_request.rb +1 -3
data/lib/rubygems/resolver/api_set/gem_parser.rb +7 -3
data/lib/rubygems/resolver/best_set.rb +1 -1
data/lib/rubygems/resolver/composed_set.rb +1 -1
data/lib/rubygems/resolver/conflict.rb +4 -12
data/lib/rubygems/resolver/index_set.rb +4 -4
data/lib/rubygems/resolver/index_specification.rb +2 -2
data/lib/rubygems/resolver/installer_set.rb +5 -6
data/lib/rubygems/resolver/lock_set.rb +1 -1
data/lib/rubygems/resolver/molinillo/.document +1 -0
data/lib/rubygems/resolver.rb +3 -10
data/lib/rubygems/s3_uri_signer.rb +6 -6
data/lib/rubygems/safe_marshal/elements.rb +138 -0
data/lib/rubygems/safe_marshal/reader.rb +306 -0
data/lib/rubygems/safe_marshal/visitors/stream_printer.rb +31 -0
data/lib/rubygems/safe_marshal/visitors/to_ruby.rb +385 -0
data/lib/rubygems/safe_marshal/visitors/visitor.rb +74 -0
data/lib/rubygems/safe_marshal.rb +74 -0
data/lib/rubygems/safe_yaml.rb +5 -28
data/lib/rubygems/security/policies.rb +36 -38
data/lib/rubygems/security/policy.rb +7 -11
data/lib/rubygems/security/signer.rb +1 -1
data/lib/rubygems/security/trust_dir.rb +3 -3
data/lib/rubygems/security.rb +8 -22
data/lib/rubygems/source/git.rb +1 -3
data/lib/rubygems/source/installed.rb +0 -2
data/lib/rubygems/source/local.rb +5 -8
data/lib/rubygems/source/lock.rb +1 -3
data/lib/rubygems/source/specific_file.rb +0 -1
data/lib/rubygems/source/vendor.rb +0 -2
data/lib/rubygems/source.rb +12 -12
data/lib/rubygems/source_list.rb +4 -4
data/lib/rubygems/spec_fetcher.rb +29 -29
data/lib/rubygems/specification.rb +125 -138
data/lib/rubygems/specification_policy.rb +55 -25
data/lib/rubygems/stub_specification.rb +4 -5
data/lib/rubygems/text.rb +1 -2
data/lib/rubygems/timeout/.document +1 -0
data/lib/rubygems/timeout/LICENSE.txt +22 -0
data/lib/rubygems/timeout/lib/timeout.rb +199 -0
data/lib/rubygems/timeout.rb +3 -0
data/lib/rubygems/tsort/lib/tsort.rb +3 -0
data/lib/rubygems/uninstaller.rb +7 -9
data/lib/rubygems/update_suggestion.rb +5 -18
data/lib/rubygems/uri_formatter.rb +1 -1
data/lib/rubygems/user_interaction.rb +15 -21
data/lib/rubygems/util/licenses.rb +65 -35
data/lib/rubygems/util/list.rb +3 -1
data/lib/rubygems/util.rb +2 -4
data/lib/rubygems/validator.rb +5 -3
data/lib/rubygems/version.rb +34 -28
data/lib/rubygems/version_option.rb +2 -5
data/lib/rubygems/yaml_serializer.rb +3 -3
data/lib/rubygems.rb +37 -37
data/rubygems-update.gemspec +4 -4
data/setup.rb +2 -2
metadata +50 -225
data/lib/rubygems/indexer.rb +0 -428
data/lib/rubygems/mock_gem_ui.rb +0 -86
data/test/rubygems/alternate_cert.pem +0 -19
data/test/rubygems/alternate_cert_32.pem +0 -19
data/test/rubygems/alternate_key.pem +0 -27
data/test/rubygems/bad_rake.rb +0 -3
data/test/rubygems/bundler_test_gem.rb +0 -424
data/test/rubygems/ca_cert.pem +0 -77
data/test/rubygems/child_cert.pem +0 -19
data/test/rubygems/child_cert_32.pem +0 -19
data/test/rubygems/child_key.pem +0 -27
data/test/rubygems/client.pem +0 -107
data/test/rubygems/data/excon-0.7.7.gemspec.rz +0 -0
data/test/rubygems/data/gem-private_key.pem +0 -27
data/test/rubygems/data/gem-public_cert.pem +0 -20
data/test/rubygems/data/null-required-ruby-version.gemspec.rz +0 -0
data/test/rubygems/data/null-required-rubygems-version.gemspec.rz +0 -0
data/test/rubygems/data/pry-0.4.7.gemspec.rz +0 -0
data/test/rubygems/encrypted_private_key.pem +0 -30
data/test/rubygems/expired_cert.pem +0 -19
data/test/rubygems/fake_certlib/openssl.rb +0 -9
data/test/rubygems/foo/discover.rb +0 -1
data/test/rubygems/future_cert.pem +0 -19
data/test/rubygems/future_cert_32.pem +0 -19
data/test/rubygems/good_rake.rb +0 -3
data/test/rubygems/grandchild_cert.pem +0 -19
data/test/rubygems/grandchild_cert_32.pem +0 -19
data/test/rubygems/grandchild_key.pem +0 -27
data/test/rubygems/helper.rb +0 -1649
data/test/rubygems/installer_test_case.rb +0 -248
data/test/rubygems/invalid_client.pem +0 -49
data/test/rubygems/invalid_issuer_cert.pem +0 -20
data/test/rubygems/invalid_issuer_cert_32.pem +0 -20
data/test/rubygems/invalid_key.pem +0 -27
data/test/rubygems/invalid_signer_cert.pem +0 -19
data/test/rubygems/invalid_signer_cert_32.pem +0 -19
data/test/rubygems/invalidchild_cert.pem +0 -19
data/test/rubygems/invalidchild_cert_32.pem +0 -19
data/test/rubygems/invalidchild_key.pem +0 -27
data/test/rubygems/multifactor_auth_utilities.rb +0 -111
data/test/rubygems/package/tar_test_case.rb +0 -175
data/test/rubygems/packages/Bluebie-legs-0.6.2.gem +0 -0
data/test/rubygems/packages/ascii_binder-0.1.10.1.gem +0 -0
data/test/rubygems/packages/ill-formatted-platform-1.0.0.10.gem +0 -0
data/test/rubygems/plugin/exception/rubygems_plugin.rb +0 -4
data/test/rubygems/plugin/load/rubygems_plugin.rb +0 -5
data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +0 -4
data/test/rubygems/private3072_key.pem +0 -40
data/test/rubygems/private_ec_key.pem +0 -9
data/test/rubygems/private_key.pem +0 -27
data/test/rubygems/public3072_cert.pem +0 -25
data/test/rubygems/public_cert.pem +0 -20
data/test/rubygems/public_cert_32.pem +0 -19
data/test/rubygems/public_key.pem +0 -9
data/test/rubygems/rubygems/commands/crash_command.rb +0 -5
data/test/rubygems/rubygems_plugin.rb +0 -24
data/test/rubygems/sff/discover.rb +0 -1
data/test/rubygems/simple_gem.rb +0 -68
data/test/rubygems/specifications/bar-0.0.2.gemspec +0 -9
data/test/rubygems/specifications/foo-0.0.1-x86-mswin32.gemspec +0 -0
data/test/rubygems/specifications/rubyforge-0.0.1.gemspec +0 -14
data/test/rubygems/ssl_cert.pem +0 -80
data/test/rubygems/ssl_key.pem +0 -27
data/test/rubygems/test_bundled_ca.rb +0 -61
data/test/rubygems/test_config.rb +0 -28
data/test/rubygems/test_deprecate.rb +0 -158
data/test/rubygems/test_exit.rb +0 -17
data/test/rubygems/test_gem.rb +0 -1799
data/test/rubygems/test_gem_available_set.rb +0 -130
data/test/rubygems/test_gem_bundler_version_finder.rb +0 -127
data/test/rubygems/test_gem_command.rb +0 -403
data/test/rubygems/test_gem_command_manager.rb +0 -400
data/test/rubygems/test_gem_commands_build_command.rb +0 -739
data/test/rubygems/test_gem_commands_cert_command.rb +0 -866
data/test/rubygems/test_gem_commands_check_command.rb +0 -68
data/test/rubygems/test_gem_commands_cleanup_command.rb +0 -292
data/test/rubygems/test_gem_commands_contents_command.rb +0 -271
data/test/rubygems/test_gem_commands_dependency_command.rb +0 -228
data/test/rubygems/test_gem_commands_environment_command.rb +0 -169
data/test/rubygems/test_gem_commands_exec_command.rb +0 -857
data/test/rubygems/test_gem_commands_fetch_command.rb +0 -258
data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -81
data/test/rubygems/test_gem_commands_help_command.rb +0 -94
data/test/rubygems/test_gem_commands_info_command.rb +0 -70
data/test/rubygems/test_gem_commands_install_command.rb +0 -1573
data/test/rubygems/test_gem_commands_list_command.rb +0 -33
data/test/rubygems/test_gem_commands_lock_command.rb +0 -67
data/test/rubygems/test_gem_commands_mirror.rb +0 -20
data/test/rubygems/test_gem_commands_open_command.rb +0 -101
data/test/rubygems/test_gem_commands_outdated_command.rb +0 -50
data/test/rubygems/test_gem_commands_owner_command.rb +0 -503
data/test/rubygems/test_gem_commands_pristine_command.rb +0 -708
data/test/rubygems/test_gem_commands_push_command.rb +0 -603
data/test/rubygems/test_gem_commands_query_command.rb +0 -858
data/test/rubygems/test_gem_commands_search_command.rb +0 -16
data/test/rubygems/test_gem_commands_server_command.rb +0 -20
data/test/rubygems/test_gem_commands_setup_command.rb +0 -474
data/test/rubygems/test_gem_commands_signin_command.rb +0 -259
data/test/rubygems/test_gem_commands_signout_command.rb +0 -30
data/test/rubygems/test_gem_commands_sources_command.rb +0 -534
data/test/rubygems/test_gem_commands_specification_command.rb +0 -277
data/test/rubygems/test_gem_commands_stale_command.rb +0 -43
data/test/rubygems/test_gem_commands_uninstall_command.rb +0 -542
data/test/rubygems/test_gem_commands_unpack_command.rb +0 -224
data/test/rubygems/test_gem_commands_update_command.rb +0 -836
data/test/rubygems/test_gem_commands_which_command.rb +0 -85
data/test/rubygems/test_gem_commands_yank_command.rb +0 -299
data/test/rubygems/test_gem_config_file.rb +0 -551
data/test/rubygems/test_gem_dependency.rb +0 -398
data/test/rubygems/test_gem_dependency_installer.rb +0 -1190
data/test/rubygems/test_gem_dependency_list.rb +0 -265
data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -27
data/test/rubygems/test_gem_doctor.rb +0 -195
data/test/rubygems/test_gem_ext_builder.rb +0 -337
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/.gitignore +0 -1
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/custom_name.gemspec +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock +0 -249
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.toml +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/src/lib.rs +0 -27
data/test/rubygems/test_gem_ext_cargo_builder/custom_name/lib/custom_name.rb +0 -3
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/.gitignore +0 -1
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock +0 -249
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/rust_ruby_example.gemspec +0 -10
data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/src/lib.rs +0 -51
data/test/rubygems/test_gem_ext_cargo_builder.rb +0 -167
data/test/rubygems/test_gem_ext_cargo_builder_link_flag_converter.rb +0 -34
data/test/rubygems/test_gem_ext_cargo_builder_unit.rb +0 -60
data/test/rubygems/test_gem_ext_cmake_builder.rb +0 -84
data/test/rubygems/test_gem_ext_configure_builder.rb +0 -80
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +0 -229
data/test/rubygems/test_gem_ext_rake_builder.rb +0 -113
data/test/rubygems/test_gem_gem_runner.rb +0 -119
data/test/rubygems/test_gem_gemcutter_utilities.rb +0 -361
data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -60
data/test/rubygems/test_gem_indexer.rb +0 -381
data/test/rubygems/test_gem_install_update_options.rb +0 -208
data/test/rubygems/test_gem_installer.rb +0 -2512
data/test/rubygems/test_gem_local_remote_options.rb +0 -133
data/test/rubygems/test_gem_name_tuple.rb +0 -43
data/test/rubygems/test_gem_package.rb +0 -1306
data/test/rubygems/test_gem_package_old.rb +0 -91
data/test/rubygems/test_gem_package_tar_header.rb +0 -226
data/test/rubygems/test_gem_package_tar_reader.rb +0 -150
data/test/rubygems/test_gem_package_tar_reader_entry.rb +0 -350
data/test/rubygems/test_gem_package_tar_writer.rb +0 -331
data/test/rubygems/test_gem_package_task.rb +0 -118
data/test/rubygems/test_gem_path_support.rb +0 -139
data/test/rubygems/test_gem_platform.rb +0 -497
data/test/rubygems/test_gem_rdoc.rb +0 -137
data/test/rubygems/test_gem_remote_fetcher.rb +0 -1227
data/test/rubygems/test_gem_request.rb +0 -547
data/test/rubygems/test_gem_request_connection_pools.rb +0 -152
data/test/rubygems/test_gem_request_set.rb +0 -672
data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +0 -853
data/test/rubygems/test_gem_request_set_lockfile.rb +0 -469
data/test/rubygems/test_gem_request_set_lockfile_parser.rb +0 -544
data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +0 -307
data/test/rubygems/test_gem_requirement.rb +0 -505
data/test/rubygems/test_gem_resolver.rb +0 -859
data/test/rubygems/test_gem_resolver_activation_request.rb +0 -43
data/test/rubygems/test_gem_resolver_api_set.rb +0 -210
data/test/rubygems/test_gem_resolver_api_specification.rb +0 -167
data/test/rubygems/test_gem_resolver_best_set.rb +0 -159
data/test/rubygems/test_gem_resolver_composed_set.rb +0 -44
data/test/rubygems/test_gem_resolver_conflict.rb +0 -82
data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -83
data/test/rubygems/test_gem_resolver_git_set.rb +0 -188
data/test/rubygems/test_gem_resolver_git_specification.rb +0 -114
data/test/rubygems/test_gem_resolver_index_set.rb +0 -88
data/test/rubygems/test_gem_resolver_index_specification.rb +0 -93
data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -47
data/test/rubygems/test_gem_resolver_installer_set.rb +0 -320
data/test/rubygems/test_gem_resolver_local_specification.rb +0 -44
data/test/rubygems/test_gem_resolver_lock_set.rb +0 -62
data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -98
data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -19
data/test/rubygems/test_gem_resolver_specification.rb +0 -63
data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -82
data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -82
data/test/rubygems/test_gem_security.rb +0 -341
data/test/rubygems/test_gem_security_policy.rb +0 -535
data/test/rubygems/test_gem_security_signer.rb +0 -218
data/test/rubygems/test_gem_security_trust_dir.rb +0 -99
data/test/rubygems/test_gem_silent_ui.rb +0 -123
data/test/rubygems/test_gem_source.rb +0 -254
data/test/rubygems/test_gem_source_fetch_problem.rb +0 -37
data/test/rubygems/test_gem_source_git.rb +0 -310
data/test/rubygems/test_gem_source_installed.rb +0 -35
data/test/rubygems/test_gem_source_list.rb +0 -119
data/test/rubygems/test_gem_source_local.rb +0 -107
data/test/rubygems/test_gem_source_lock.rb +0 -113
data/test/rubygems/test_gem_source_specific_file.rb +0 -76
data/test/rubygems/test_gem_source_subpath_problem.rb +0 -50
data/test/rubygems/test_gem_source_vendor.rb +0 -30
data/test/rubygems/test_gem_spec_fetcher.rb +0 -338
data/test/rubygems/test_gem_specification.rb +0 -3856
data/test/rubygems/test_gem_stream_ui.rb +0 -255
data/test/rubygems/test_gem_stub_specification.rb +0 -278
data/test/rubygems/test_gem_text.rb +0 -103
data/test/rubygems/test_gem_uninstaller.rb +0 -675
data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -31
data/test/rubygems/test_gem_update_suggestion.rb +0 -209
data/test/rubygems/test_gem_uri.rb +0 -41
data/test/rubygems/test_gem_uri_formatter.rb +0 -27
data/test/rubygems/test_gem_util.rb +0 -91
data/test/rubygems/test_gem_validator.rb +0 -42
data/test/rubygems/test_gem_version.rb +0 -305
data/test/rubygems/test_gem_version_option.rb +0 -165
data/test/rubygems/test_kernel.rb +0 -124
data/test/rubygems/test_project_sanity.rb +0 -49
data/test/rubygems/test_remote_fetch_error.rb +0 -20
data/test/rubygems/test_require.rb +0 -732
data/test/rubygems/test_rubygems.rb +0 -76
data/test/rubygems/test_webauthn_listener.rb +0 -143
data/test/rubygems/test_webauthn_listener_response.rb +0 -93
data/test/rubygems/test_webauthn_poller.rb +0 -124
data/test/rubygems/utilities.rb +0 -436
data/test/rubygems/wrong_key_cert.pem +0 -19
data/test/rubygems/wrong_key_cert_32.pem +0 -19
data/test/test_changelog_generator.rb +0 -17

data/bundler/lib/bundler/definition.rb CHANGED Viewed

@@ -18,7 +18,8 @@ module Bundler
       :platforms,
       :ruby_version,
       :lockfile,
-      :gemfiles
+      :gemfiles,
+      :locked_checksums
     )
     # Given a gemfile and lockfile creates a Bundler definition
@@ -84,7 +85,7 @@ module Bundler
       @new_platform = nil
       @removed_platform = nil
-      if lockfile && File.exist?(lockfile)
+      if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
         @locked_gems = LockfileParser.new(@lockfile_contents)
         @locked_platforms = @locked_gems.platforms
@@ -92,6 +93,7 @@ module Bundler
         @locked_bundler_version = @locked_gems.bundler_version
         @locked_ruby_version = @locked_gems.ruby_version
         @originally_locked_specs = SpecSet.new(@locked_gems.specs)
+        @locked_checksums = @locked_gems.checksums
         if unlock != true
           @locked_deps    = @locked_gems.dependencies
@@ -112,6 +114,7 @@ module Bundler
         @originally_locked_specs = @locked_specs
         @locked_sources = []
         @locked_platforms = []
+        @locked_checksums = nil
       end
       locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@@ -245,8 +248,9 @@ module Bundler
     end
     def filter_relevant(dependencies)
+      platforms_array = [generic_local_platform].freeze
       dependencies.select do |d|
-        d.should_include? && !d.gem_platforms([generic_local_platform]).empty?
+        d.should_include? && !d.gem_platforms(platforms_array).empty?
       end
     end
@@ -270,9 +274,15 @@ module Bundler
     def dependencies_for(groups)
       groups.map!(&:to_sym)
-      current_dependencies.reject do |d|
-        (d.groups & groups).empty?
+      deps = current_dependencies # always returns a new array
+      deps.select! do |d|
+        if RUBY_VERSION >= "3.1"
+          d.groups.intersect?(groups)
+        else
+          !(d.groups & groups).empty?
+        end
       end
+      deps
     end
     # Resolve all the dependencies specified in Gemfile. It ensures that
@@ -302,6 +312,10 @@ module Bundler
       end
     end
+    def should_complete_platforms?
+      !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform]
+    end
     def spec_git_paths
       sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact
     end
@@ -328,7 +342,11 @@ module Bundler
       preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler))
-      return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+      if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections)
+        return if Bundler.frozen_bundle?
+        SharedHelpers.filesystem_access(file) { FileUtils.touch(file) }
+        return
+      end
       if Bundler.frozen_bundle?
         Bundler.ui.error "Cannot write a changed lockfile while frozen."
@@ -491,6 +509,10 @@ module Bundler
     private
+    def lockfile_exists?
+      lockfile && File.exist?(lockfile)
+    end
     def resolver
       @resolver ||= Resolver.new(resolution_packages, gem_version_promoter)
     end
@@ -510,7 +532,7 @@ module Bundler
       @resolution_packages ||= begin
         last_resolve = converge_locked_specs
         remove_invalid_platforms!(current_dependencies)
-        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, :locked_specs => @originally_locked_specs, :unlock => @unlock[:gems], :prerelease => gem_version_promoter.pre?)
+        packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlock[:gems], prerelease: gem_version_promoter.pre?)
         additional_base_requirements_for_resolve(packages, last_resolve)
       end
     end
@@ -567,11 +589,12 @@ module Bundler
     end
     def start_resolution
-      result = resolver.start
+      result = SpecSet.new(resolver.start)
       @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version
+      @platforms = result.complete_platforms!(platforms) if should_complete_platforms?
-      SpecSet.new(SpecSet.new(result).for(dependencies, false, @platforms))
+      SpecSet.new(result.for(dependencies, false, @platforms))
     end
     def precompute_source_requirements_for_indirect_dependencies?
@@ -592,7 +615,7 @@ module Bundler
     end
     def current_ruby_platform_locked?
-      return false unless generic_local_platform == Gem::Platform::RUBY
+      return false unless generic_local_platform_is_ruby?
       return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY)
       current_platform_locked?
@@ -657,8 +680,7 @@ module Bundler
       locked_index = Index.new
       locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
-      # order here matters, since Index#== is checking source.specs.include?(locked_index)
-      locked_index != source.specs
+      !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
       Bundler.ui.debug "Assuming that #{source} has not changed since fetching its specs errored (#{e})"
       false
@@ -750,6 +772,11 @@ module Bundler
       changes = sources.replace_sources!(@locked_sources)
       sources.all_sources.each do |source|
+        # has to be done separately, because we want to keep the locked checksum
+        # store for a source, even when doing a full update
+        if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
+          source.checksum_store.merge!(locked_source.checksum_store)
+        end
         # If the source is unlockable and the current command allows an unlock of
         # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
         # gem), unlock it. For git sources, this means to unlock the revision, which
@@ -893,9 +920,9 @@ module Bundler
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
         all_requirements = source_map.all_requirements
         all_requirements = pin_locally_available_names(all_requirements) if @prefer_local
-        { :default => default_source }.merge(all_requirements)
+        { default: default_source }.merge(all_requirements)
       else
-        { :default => Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
+        { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements)
       end
       source_requirements.merge!(source_map.locked_requirements) unless @remote
       metadata_dependencies.each do |dep|
@@ -959,7 +986,7 @@ module Bundler
     def remove_invalid_platforms!(dependencies)
       return if Bundler.frozen_bundle?
-      platforms.each do |platform|
+      platforms.reverse_each do |platform|
         next if local_platform == platform ||
                 (@new_platform && platforms.last == platform) ||
                 @path_changes ||

data/bundler/lib/bundler/dependency.rb CHANGED Viewed

@@ -9,18 +9,19 @@ module Bundler
     attr_reader :autorequire
     attr_reader :groups, :platforms, :gemfile, :path, :git, :github, :branch, :ref
-    ALL_RUBY_VERSIONS = ((18..27).to_a + (30..33).to_a).freeze
+    ALL_RUBY_VERSIONS = (18..27).to_a.concat((30..34).to_a).freeze
     PLATFORM_MAP = {
-      :ruby => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :mri => [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
-      :rbx => [Gem::Platform::RUBY],
-      :truffleruby => [Gem::Platform::RUBY],
-      :jruby => [Gem::Platform::JAVA, [18, 19]],
-      :windows => [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
-      :mswin => [Gem::Platform::MSWIN,     ALL_RUBY_VERSIONS],
-      :mswin64 => [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
-      :mingw => [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
-      :x64_mingw => [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
+      ruby: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      mri: [Gem::Platform::RUBY, ALL_RUBY_VERSIONS],
+      rbx: [Gem::Platform::RUBY],
+      truffleruby: [Gem::Platform::RUBY],
+      jruby: [Gem::Platform::JAVA, [18, 19]],
+      windows: [Gem::Platform::WINDOWS, ALL_RUBY_VERSIONS],
+      # deprecated
+      mswin: [Gem::Platform::MSWIN, ALL_RUBY_VERSIONS],
+      mswin64: [Gem::Platform::MSWIN64, ALL_RUBY_VERSIONS - [18]],
+      mingw: [Gem::Platform::MINGW, ALL_RUBY_VERSIONS],
+      x64_mingw: [Gem::Platform::X64_MINGW, ALL_RUBY_VERSIONS - [18, 19]],
     }.each_with_object({}) do |(platform, spec), hash|
       hash[platform] = spec[0]
       spec[1]&.each {|version| hash[:"#{platform}_#{version}"] = spec[0] }
@@ -47,10 +48,13 @@ module Bundler
       @autorequire = Array(options["require"] || []) if options.key?("require")
     end
+    RUBY_PLATFORM_ARRAY = [Gem::Platform::RUBY].freeze
+    private_constant :RUBY_PLATFORM_ARRAY
     # Returns the platforms this dependency is valid for, in the same order as
     # passed in the `valid_platforms` parameter
     def gem_platforms(valid_platforms)
-      return [Gem::Platform::RUBY] if force_ruby_platform
+      return RUBY_PLATFORM_ARRAY if force_ruby_platform
       return valid_platforms if @platforms.empty?
       valid_platforms.select {|p| expanded_platforms.include?(GemHelpers.generic(p)) }

data/bundler/lib/bundler/digest.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Bundler
           end
           a, b, c, d, e = *words
           (16..79).each do |i|
-            w[i] = SHA1_MASK & rotate((w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]), 1)
+            w[i] = SHA1_MASK & rotate((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]), 1)
           end
           0.upto(79) do |i|
             case i
@@ -50,7 +50,7 @@ module Bundler
           words.map!.with_index {|word, index| SHA1_MASK & (word + mutated[index]) }
         end
-        words.pack("N*").unpack("H*").first
+        words.pack("N*").unpack1("H*")
       end
       private

data/bundler/lib/bundler/dsl.rb CHANGED Viewed

@@ -18,9 +18,9 @@ module Bundler
     VALID_KEYS = %w[group groups git path glob name branch ref tag require submodules
                     platform platforms type source install_if gemfile force_ruby_platform].freeze
-    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}.freeze
+    GITHUB_PULL_REQUEST_URL = %r{\Ahttps://github\.com/([A-Za-z0-9_\-\.]+/[A-Za-z0-9_\-\.]+)/pull/(\d+)\z}
-    attr_reader :gemspecs
+    attr_reader :gemspecs, :gemfile
     attr_accessor :dependencies
     def initialize
@@ -46,7 +46,7 @@ module Bundler
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.tap {|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
+      instance_eval(contents, gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -76,11 +76,11 @@ module Bundler
         @gemspecs << spec
-        gem spec.name, :name => spec.name, :path => path, :glob => glob
+        gem spec.name, name: spec.name, path: path, glob: glob
         group(development_group) do
           spec.development_dependencies.each do |dep|
-            gem dep.name, *(dep.requirement.as_list + [:type => :development])
+            gem dep.name, *(dep.requirement.as_list + [type: :development])
           end
         end
       when 0
@@ -102,38 +102,45 @@ module Bundler
       # if there's already a dependency with this name we try to prefer one
       if current = @dependencies.find {|d| d.name == dep.name }
+        # Always prefer the dependency from the Gemfile
         deleted_dep = @dependencies.delete(current) if current.type == :development
-        unless deleted_dep
-          if current.requirement != dep.requirement
-            return if dep.type == :development
+        if current.requirement != dep.requirement
+          current_requirement_open = current.requirements_list.include?(">= 0")
+          if current.type == :development
+            unless current_requirement_open || dep.type == :development
+              Bundler.ui.warn "A gemspec development dependency (#{dep.name}, #{current.requirement}) is being overridden by a Gemfile dependency (#{dep.name}, #{dep.requirement}).\n" \
+                              "This behaviour may change in the future. Please remove either of them, or make sure they both have the same requirement\n" \
+            end
+          else
             update_prompt = ""
             if File.basename(@gemfile) == Injector::INJECTED_GEMS
-              if dep.requirements_list.include?(">= 0") && !current.requirements_list.include?(">= 0")
+              if dep.requirements_list.include?(">= 0") && !current_requirement_open
                 update_prompt = ". Gem already added"
               else
                 update_prompt = ". If you want to update the gem version, run `bundle update #{current.name}`"
-                update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current.requirements_list.include?(">= 0")
+                update_prompt += ". You may also need to change the version requirement specified in the Gemfile if it's too restrictive." unless current_requirement_open
               end
             end
             raise GemfileError, "You cannot specify the same gem twice with different version requirements.\n" \
-                            "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
-                             "#{update_prompt}"
-          elsif current.source != dep.source
-            return if dep.type == :development
-            raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
-                            "You specified that #{dep.name} (#{dep.requirement}) should come from " \
-                            "#{current.source || "an unspecified source"} and #{dep.source}\n"
-          else
-            Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
-                            "You should probably keep only one of them.\n" \
-                            "Remove any duplicate entries and specify the gem only once.\n" \
-                            "While it's not a problem now, it could cause errors if you change the version of one of them later."
+                           "You specified: #{current.name} (#{current.requirement}) and #{dep.name} (#{dep.requirement})" \
+                           "#{update_prompt}"
           end
+        elsif current.type == :development || dep.type == :development
+          return if deleted_dep.nil?
+        elsif current.source != dep.source
+          raise GemfileError, "You cannot specify the same gem twice coming from different sources.\n" \
+                          "You specified that #{dep.name} (#{dep.requirement}) should come from " \
+                          "#{current.source || "an unspecified source"} and #{dep.source}\n"
+        else
+          Bundler.ui.warn "Your Gemfile lists the gem #{current.name} (#{current.requirement}) more than once.\n" \
+                          "You should probably keep only one of them.\n" \
+                          "Remove any duplicate entries and specify the gem only once.\n" \
+                          "While it's not a problem now, it could cause errors if you change the version of one of them later."
         end
       end
@@ -397,13 +404,11 @@ module Bundler
     end
     def validate_keys(command, opts, valid_keys)
-      invalid_keys = opts.keys - valid_keys
-      git_source = opts.keys & @git_sources.keys.map(&:to_s)
-      if opts["branch"] && !(opts["git"] || opts["github"] || git_source.any?)
+      if opts["branch"] && !(opts["git"] || opts["github"] || (opts.keys & @git_sources.keys.map(&:to_s)).any?)
         raise GemfileError, %(The `branch` option for `#{command}` is not allowed. Only gems with a git source can specify a branch)
       end
+      invalid_keys = opts.keys - valid_keys
       return true unless invalid_keys.any?
       message = String.new
@@ -422,9 +427,13 @@ module Bundler
     def normalize_source(source)
       case source
       when :gemcutter, :rubygems, :rubyforge
-        Bundler::SharedHelpers.major_deprecation 2, "The source :#{source} is deprecated because HTTP " \
-          "requests are insecure.\nPlease change your source to 'https://" \
-          "rubygems.org' if possible, or 'http://rubygems.org' if not."
+        message =
+          "The source :#{source} is deprecated because HTTP requests are insecure.\n" \
+          "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
+        removed_message =
+          "The source :#{source} is disallowed because HTTP requests are insecure.\n" \
+          "Please change your source to 'https://rubygems.org' if possible, or 'http://rubygems.org' if not."
+        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
         "http://rubygems.org"
       when String
         source
@@ -469,10 +478,17 @@ module Bundler
           "should come from that source"
         raise GemfileEvalError, msg
       else
-        Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple global sources. " \
+        message =
+          "Your Gemfile contains multiple global sources. " \
           "Using `source` more than once without a block is a security risk, and " \
           "may result in installing unexpected gems. To resolve this warning, use " \
           "a block to indicate which gems should come from the secondary source."
+        removed_message =
+          "Your Gemfile contains multiple global sources. " \
+          "Using `source` more than once without a block is a security risk, and " \
+          "may result in installing unexpected gems. To resolve this error, use " \
+          "a block to indicate which gems should come from the secondary source."
+        Bundler::SharedHelpers.major_deprecation 2, message, removed_message: removed_message
       end
     end

data/bundler/lib/bundler/endpoint_specification.rb CHANGED Viewed

@@ -125,7 +125,11 @@ module Bundler
         next unless v
         case k.to_s
         when "checksum"
-          @checksum = v.last
+          begin
+            @checksum = Checksum.from_api(v.last, @spec_fetcher.uri)
+          rescue ArgumentError => e
+            raise ArgumentError, "Invalid checksum for #{full_name}: #{e.message}"
+          end
         when "rubygems"
           @required_rubygems_version = Gem::Requirement.new(v)
         when "ruby"

data/bundler/lib/bundler/env.rb CHANGED Viewed

@@ -69,9 +69,7 @@ module Bundler
     end
     def self.ruby_version
-      str = String.new(RUBY_VERSION)
-      str << "p#{RUBY_PATCHLEVEL}" if defined? RUBY_PATCHLEVEL
-      str << " (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
+      "#{RUBY_VERSION}p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE} revision #{RUBY_REVISION}) [#{Gem::Platform.local}]"
     end
     def self.git_version

data/bundler/lib/bundler/errors.rb CHANGED Viewed

@@ -52,6 +52,49 @@ module Bundler
   class GemfileEvalError < GemfileError; end
   class MarshalError < StandardError; end
+  class ChecksumMismatchError < SecurityError
+    def initialize(lock_name, existing, checksum)
+      @lock_name = lock_name
+      @existing = existing
+      @checksum = checksum
+    end
+    def message
+      <<~MESSAGE
+        Bundler found mismatched checksums. This is a potential security risk.
+          #{@lock_name} #{@existing.to_lock}
+            from #{@existing.sources.join("\n    and ")}
+          #{@lock_name} #{@checksum.to_lock}
+            from #{@checksum.sources.join("\n    and ")}
+        #{mismatch_resolution_instructions}
+        To ignore checksum security warnings, disable checksum validation with
+          `bundle config set --local disable_checksum_validation true`
+      MESSAGE
+    end
+    def mismatch_resolution_instructions
+      removable, remote = [@existing, @checksum].partition(&:removable?)
+      case removable.size
+      when 0
+        msg = +"Mismatched checksums each have an authoritative source:\n"
+        msg << "  1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
+        msg << "  2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
+        msg << "You may need to alter your Gemfile sources to resolve this issue.\n"
+      when 1
+        msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n"
+        msg << removable.first.removal_instructions
+      when 2
+        msg = +"To resolve this issue you can either:\n"
+        msg << @checksum.removal_instructions
+        msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n"
+        msg << @existing.removal_instructions
+      end
+    end
+    status_code(37)
+  end
   class PermissionError < BundlerError
     def initialize(path, permission_type = :write)
       @path = path

data/bundler/lib/bundler/fetcher/base.rb CHANGED Viewed

@@ -6,12 +6,14 @@ module Bundler
       attr_reader :downloader
       attr_reader :display_uri
       attr_reader :remote
+      attr_reader :gem_remote_fetcher
-      def initialize(downloader, remote, display_uri)
+      def initialize(downloader, remote, display_uri, gem_remote_fetcher)
         raise "Abstract class" if self.class == Base
         @downloader = downloader
         @remote = remote
         @display_uri = display_uri
+        @gem_remote_fetcher = gem_remote_fetcher
       end
       def remote_uri

data/bundler/lib/bundler/fetcher/compact_index.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Bundler
         undef_method(method_name)
         define_method(method_name) do |*args, &blk|
           method.bind(self).call(*args, &blk)
-        rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
+        rescue NetworkDownError, CompactIndexClient::Updater::MismatchedChecksumError => e
           raise HTTPError, e.message
         rescue AuthenticationRequiredError, BadAuthenticationError
           # Fail since we got a 401 from the server.
@@ -44,7 +44,7 @@ module Bundler
                    @bundle_worker = nil # reset it.  Not sure if necessary
                    serial_compact_index_client.dependencies(remaining_gems)
                  end
-          next_gems = deps.map {|d| d[3].map(&:first).flatten(1) }.flatten(1).uniq
+          next_gems = deps.flat_map {|d| d[3].flat_map(&:first) }.uniq
           deps.each {|dep| gem_info << dep }
           complete_gems.concat(deps.map(&:first)).uniq!
           remaining_gems = next_gems - complete_gems
@@ -62,7 +62,7 @@ module Bundler
         end
         # Read info file checksums out of /versions, so we can know if gems are up to date
         compact_index_client.update_and_parse_checksums!
-      rescue CompactIndexClient::Updater::MisMatchedChecksumError => e
+      rescue CompactIndexClient::Updater::MismatchedChecksumError => e
         Bundler.ui.debug(e.message)
         nil
       end
@@ -121,7 +121,7 @@ module Bundler
         rescue NetworkDownError => e
           raise unless Bundler.feature_flag.allow_offline_install? && headers["If-None-Match"]
           ui.warn "Using the cached data for the new index because of a network error: #{e}"
-          Net::HTTPNotModified.new(nil, nil, nil)
+          Gem::Net::HTTPNotModified.new(nil, nil, nil)
         end
       end
     end

data/bundler/lib/bundler/fetcher/downloader.rb CHANGED Viewed

@@ -20,33 +20,35 @@ module Bundler
         Bundler.ui.debug("HTTP #{response.code} #{response.message} #{filtered_uri}")
         case response
-        when Net::HTTPSuccess, Net::HTTPNotModified
+        when Gem::Net::HTTPSuccess, Gem::Net::HTTPNotModified
           response
-        when Net::HTTPRedirection
+        when Gem::Net::HTTPRedirection
           new_uri = Bundler::URI.parse(response["location"])
           if new_uri.host == uri.host
             new_uri.user = uri.user
             new_uri.password = uri.password
           end
           fetch(new_uri, headers, counter + 1)
-        when Net::HTTPRequestedRangeNotSatisfiable
+        when Gem::Net::HTTPRequestedRangeNotSatisfiable
           new_headers = headers.dup
           new_headers.delete("Range")
           new_headers["Accept-Encoding"] = "gzip"
           fetch(uri, new_headers)
-        when Net::HTTPRequestEntityTooLarge
+        when Gem::Net::HTTPRequestEntityTooLarge
           raise FallbackError, response.body
-        when Net::HTTPTooManyRequests
+        when Gem::Net::HTTPTooManyRequests
           raise TooManyRequestsError, response.body
-        when Net::HTTPUnauthorized
+        when Gem::Net::HTTPUnauthorized
           raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
-        when Net::HTTPForbidden
+        when Gem::Net::HTTPForbidden
           raise AuthenticationForbiddenError, uri.host
-        when Net::HTTPNotFound
-          raise FallbackError, "Net::HTTPNotFound: #{filtered_uri}"
+        when Gem::Net::HTTPNotFound
+          raise FallbackError, "Gem::Net::HTTPNotFound: #{filtered_uri}"
         else
-          raise HTTPError, "#{response.class}#{": #{response.body}" unless response.body.empty?}"
+          message = "Gem::#{response.class.name.gsub(/\AGem::/, "")}"
+          message += ": #{response.body}" unless response.body.empty?
+          raise HTTPError, message
         end
       end
@@ -56,7 +58,7 @@ module Bundler
         filtered_uri = URICredentialsFilter.credential_filtered_uri(uri)
         Bundler.ui.debug "HTTP GET #{filtered_uri}"
-        req = Net::HTTP::Get.new uri.request_uri, headers
+        req = Gem::Net::HTTP::Get.new uri.request_uri, headers
         if uri.user
           user = CGI.unescape(uri.user)
           password = uri.password ? CGI.unescape(uri.password) : nil

data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require "rubygems/remote_fetcher"
+module Bundler
+  class Fetcher
+    class GemRemoteFetcher < Gem::RemoteFetcher
+      def request(*args)
+        super do |req|
+          req.delete("User-Agent") if headers["User-Agent"]
+          yield req if block_given?
+        end
+      end
+    end
+  end
+end

data/bundler/lib/bundler/fetcher/index.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Bundler
   class Fetcher
     class Index < Base
       def specs(_gem_names)
-        Bundler.rubygems.fetch_all_remote_specs(remote)
+        Bundler.rubygems.fetch_all_remote_specs(remote, gem_remote_fetcher)
       rescue Gem::RemoteFetcher::FetchError => e
         case e.message
         when /certificate verify failed/