rubygems-update 3.4.7 → 3.4.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce0db157a5beb6c516383463604a7bcfd5f69f6314b44a07428b8e2ef0ce7466
-  data.tar.gz: a0ed37a3997da0b7f7e21a239482830023eefcf60fe0e70e793f07ebeb36aefa
+  metadata.gz: a0ce67a665c26fdc475dafc0858072799332dc0b01b57143bd46a25bd3d07c8d
+  data.tar.gz: 88d69d29ecde40e8ca5112f6ee1d706a66c7819842902a0515b322eeff6187f8
 SHA512:
-  metadata.gz: 8f601f949d72477e06ec2e6ceb7eb12ef189370e49da57430fc7bdf3937f74f24f678f411e0e791cf7a22fb8911f61ac25f7d8f3f922a587150a54fd431fe726
-  data.tar.gz: 761cba346c2cb4bf07c552396c10d8aecda68888768a146afdc4a9cf2393ee67b32427b26c3fdc9e93d1f78875abe02e7aec0d8604b33b5cd5794b151d66ce64
+  metadata.gz: fd112dabe5437ac6a58a3bbcb73bd08bbc4061cce3c9e2923fead4816bdf956eb6ce4315fb16d40fc78179939bdb516c748fdb0a7a09debad2f520599968f137
+  data.tar.gz: 1a2ec92153d67b8d8deb53ead80c6ab7652d709cceb4ffe9d97528f1adcd0be95892e90a573a6ff305b82b5fd1ead9c48223bce93bf6d6bfe960c1bd71478629

data/CHANGELOG.md

@@ -1,3 +1,60 @@
+# 3.4.9 / 2023-03-20
+
+## Enhancements:
+
+* Improve `TarHeader#calculate_checksum` speed and readability. Pull
+  request [#6476](https://github.com/rubygems/rubygems/pull/6476) by
+  Maumagnaguagno
+* Added only missing extensions option into pristine command. Pull request
+  [#6446](https://github.com/rubygems/rubygems/pull/6446) by hsbt
+* Installs bundler 2.4.9 as a default gem.
+
+## Bug fixes:
+
+* Fix `$LOAD_PATH` in rake and ext_conf builder. Pull request
+  [#6490](https://github.com/rubygems/rubygems/pull/6490) by ntkme
+* Fix `gem uninstall` with `--install-dir`. Pull request
+  [#6481](https://github.com/rubygems/rubygems/pull/6481) by
+  deivid-rodriguez
+
+## Documentation:
+
+* Document our current release policy. Pull request
+  [#6450](https://github.com/rubygems/rubygems/pull/6450) by
+  deivid-rodriguez
+
+# 3.4.8 / 2023-03-08
+
+## Enhancements:
+
+* Add TarReader::Entry#seek to seek within the tar file entry. Pull
+  request [#6390](https://github.com/rubygems/rubygems/pull/6390) by
+  martinemde
+* Avoid calling String#dup in Gem::Version#marshal_dump. Pull request
+  [#6438](https://github.com/rubygems/rubygems/pull/6438) by segiddins
+* Remove hardcoded "master" branch references. Pull request
+  [#6425](https://github.com/rubygems/rubygems/pull/6425) by
+  deivid-rodriguez
+* [Experimental] Add `gem exec` command to run executables from gems that
+  may or may not be installed. Pull request
+  [#6309](https://github.com/rubygems/rubygems/pull/6309) by segiddins
+* Installs bundler 2.4.8 as a default gem.
+
+## Bug fixes:
+
+* Fix installation error of same version of default gems with local
+  installation. Pull request
+  [#6430](https://github.com/rubygems/rubygems/pull/6430) by hsbt
+* Use proper memoized var name for Gem.state_home. Pull request
+  [#6420](https://github.com/rubygems/rubygems/pull/6420) by simi
+
+## Documentation:
+
+* Switch supporting explanations to all Ruby Central. Pull request
+  [#6419](https://github.com/rubygems/rubygems/pull/6419) by indirect
+* Update the link to OpenSource.org. Pull request
+  [#6392](https://github.com/rubygems/rubygems/pull/6392) by nobu
+
 # 3.4.7 / 2023-02-15
 
 ## Enhancements:

data/Manifest.txt

@@ -80,6 +80,7 @@ bundler/lib/bundler/gem_helpers.rb
 bundler/lib/bundler/gem_tasks.rb
 bundler/lib/bundler/gem_version_promoter.rb
 bundler/lib/bundler/graph.rb
+bundler/lib/bundler/incomplete_specification.rb
 bundler/lib/bundler/index.rb
 bundler/lib/bundler/injector.rb
 bundler/lib/bundler/inline.rb
@@ -243,6 +244,7 @@ bundler/lib/bundler/ui/rg_proxy.rb
 bundler/lib/bundler/ui/shell.rb
 bundler/lib/bundler/ui/silent.rb
 bundler/lib/bundler/uri_credentials_filter.rb
+bundler/lib/bundler/uri_normalizer.rb
 bundler/lib/bundler/vendor/.document
 bundler/lib/bundler/vendor/connection_pool/LICENSE
 bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb
@@ -347,6 +349,7 @@ lib/rubygems/commands/cleanup_command.rb
 lib/rubygems/commands/contents_command.rb
 lib/rubygems/commands/dependency_command.rb
 lib/rubygems/commands/environment_command.rb
+lib/rubygems/commands/exec_command.rb
 lib/rubygems/commands/fetch_command.rb
 lib/rubygems/commands/generate_index_command.rb
 lib/rubygems/commands/help_command.rb
@@ -616,6 +619,7 @@ test/rubygems/test_gem_commands_cleanup_command.rb
 test/rubygems/test_gem_commands_contents_command.rb
 test/rubygems/test_gem_commands_dependency_command.rb
 test/rubygems/test_gem_commands_environment_command.rb
+test/rubygems/test_gem_commands_exec_command.rb
 test/rubygems/test_gem_commands_fetch_command.rb
 test/rubygems/test_gem_commands_generate_index_command.rb
 test/rubygems/test_gem_commands_help_command.rb

data/POLICIES.md

@@ -128,8 +128,8 @@ permissions compromised or exposed.
 
 ## Changing These Policies
 
-These policies were set in order to reduce the burden of maintenance and to
-keep committers current with existing development and policies. RubyGems work
-is primarily volunteer-driven which limits the ability to provide long-term
-support. By joining [Ruby Together](https://rubytogether.org) you can help
-extend support for older RubyGems versions.
+These policies were set in order to reduce the burden of maintenance and to keep
+committers current with existing development and policies. RubyGems work is
+primarily volunteer-driven which limits the ability to provide long-term
+support. By joining [Ruby Central](https://rubycentral.org/#/portal/signup) you
+can help extend support for older RubyGems versions.

data/README.md

@@ -64,6 +64,22 @@ To upgrade to the latest RubyGems, run:
 
 See [UPGRADING](UPGRADING.md) for more details and alternative instructions.
 
+## Release policy
+
+RubyGems and Bundler are released in sync, although they do not share their
+major version number. It is planned that also their major version numbers will
+be sync'ed in the future.
+
+The release policy is somewhat similar to the release policy of Ruby itself:
+
+* Frequent patch releases (every 2-4 weeks) including bug fixes, minor
+  enhancements, small features, or even medium sized features declared as
+  experimental for battle testing.
+* Yearly minor releases including bigger features, and minor breaking changes
+  (affecting only edge cases and a very small set of users).
+* Occasional major releases (replacing yearly minors) including major breaking
+  changes.
+
 ## Documentation
 
 RubyGems uses [rdoc](https://github.com/rdoc/rdoc) for documentation. A compiled set of the docs
@@ -87,15 +103,12 @@ See https://bundler.io/compatibility for known issues.
 
 ### Supporting
 
-<a href="https://rubytogether.org/"><img src="https://rubytogether.org/images/rubies.svg" width=200></a><br/>
-<a href="https://rubytogether.org/">Ruby Together</a> pays some RubyGems maintainers for their ongoing work. As a grassroots initiative committed to supporting the critical Ruby infrastructure you rely on, Ruby Together is funded entirely by the Ruby community. Contribute today <a href="https://rubytogether.org/developers">as an individual</a> or even better, <a href="https://rubytogether.org/companies">as a company</a>, and ensure that RubyGems, Bundler, and other shared tooling is around for years to come.
+RubyGems is managed by [Ruby Central](https://rubycentral.org), a non-profit organization that supports the Ruby community through projects like this one, as well as [RubyConf](https://rubyconf.org), [RailsConf](https://railsconf.org), and [RubyGems.org](https://rubygems.org). You can support Ruby Central by attending or [sponsoring](sponsors@rubycentral.org) a conference, or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).
 
 ### Contributing
 
 If you'd like to contribute to RubyGems, that's awesome, and we <3 you. Check out our [guide to contributing](CONTRIBUTING.md) for more information.
 
-While some RubyGems contributors are compensated by Ruby Together, the project maintainers make decisions independent of Ruby Together. As a project, we welcome contributions regardless of the author’s affiliation with Ruby Together.
-
 ### Code of Conduct
 
 Everyone interacting in the RubyGems project’s codebases, issue trackers, chat rooms, and mailing lists is expected to follow the [contributor code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).

data/bundler/CHANGELOG.md

@@ -1,3 +1,51 @@
+# 2.4.9 (March 20, 2023)
+
+## Security:
+
+  - Don't recommend `--full-index` on errors [#6493](https://github.com/rubygems/rubygems/pull/6493)
+
+## Enhancements:
+
+  - Fix duplicated specs in some error messages [#6475](https://github.com/rubygems/rubygems/pull/6475)
+  - When running `bundle lock --update <name>`, checkout locked revision of unrelated git sources directly [#6459](https://github.com/rubygems/rubygems/pull/6459)
+  - Avoid expiring git sources when unnecessary [#6458](https://github.com/rubygems/rubygems/pull/6458)
+  - Use `RbSys::ExtensionTask` when creating new rust gems [#6352](https://github.com/rubygems/rubygems/pull/6352)
+  - Don't ignore pre-releases when there's only one candidate [#6441](https://github.com/rubygems/rubygems/pull/6441)
+
+## Bug fixes:
+
+  - Fix incorrect removal of ruby platform when auto-healing corrupted lockfiles [#6495](https://github.com/rubygems/rubygems/pull/6495)
+  - Don't consider platform specific candidates when `force_ruby_platform` set [#6442](https://github.com/rubygems/rubygems/pull/6442)
+  - Better deal with circular dependencies [#6330](https://github.com/rubygems/rubygems/pull/6330)
+
+## Documentation:
+
+  - Add debugging docs [#6387](https://github.com/rubygems/rubygems/pull/6387)
+  - Document our current release policy [#6450](https://github.com/rubygems/rubygems/pull/6450)
+
+# 2.4.8 (March 8, 2023)
+
+## Security:
+
+  - Safe load all marshaled data [#6384](https://github.com/rubygems/rubygems/pull/6384)
+
+## Enhancements:
+
+  - Better suggestion when `bundler/setup` fails due to missing gems and Gemfile is not the default [#6428](https://github.com/rubygems/rubygems/pull/6428)
+  - Simplify the gem package file filter in the gemspec template [#6344](https://github.com/rubygems/rubygems/pull/6344)
+  - Auto-heal corrupted `Gemfile.lock` with no specs [#6423](https://github.com/rubygems/rubygems/pull/6423)
+  - Auto-heal on corrupted lockfile with missing deps [#6400](https://github.com/rubygems/rubygems/pull/6400)
+  - Give a better message when Gemfile branch does not exist [#6383](https://github.com/rubygems/rubygems/pull/6383)
+
+## Bug fixes:
+
+  - Respect --no-install option for git: sources [#6088](https://github.com/rubygems/rubygems/pull/6088)
+  - Fix `gems.rb` lockfile for bundler version lookup in template [#6413](https://github.com/rubygems/rubygems/pull/6413)
+
+## Documentation:
+
+  - Switch supporting explanations to all Ruby Central [#6419](https://github.com/rubygems/rubygems/pull/6419)
+
 # 2.4.7 (February 15, 2023)
 
 ## Enhancements:

data/bundler/README.md

@@ -46,12 +46,9 @@ If you'd like to contribute to Bundler, that's awesome, and we <3 you. We've put
 
 If you'd like to request a substantial change to Bundler or its documentation, refer to the [Bundler RFC process](https://github.com/rubygems/rfcs) for more information.
 
-While some Bundler contributors are compensated by Ruby Together, the project maintainers make decisions independent of Ruby Together. As a project, we welcome contributions regardless of the author's affiliation with Ruby Together.
-
 ### Supporting
 
-<a href="https://rubytogether.org/"><img src="https://rubytogether.org/images/rubies.svg" width="150"></a><br>
-<a href="https://rubytogether.org/">Ruby Together</a> pays some Bundler maintainers for their ongoing work. As a grassroots initiative committed to supporting the critical Ruby infrastructure you rely on, Ruby Together is funded entirely by the Ruby community. Contribute today <a href="https://rubytogether.org/developers">as an individual</a> or (better yet) <a href="https://rubytogether.org/companies">as a company</a> to ensure that Bundler, RubyGems, and other shared tooling is around for years to come.
+RubyGems is managed by [Ruby Central](https://rubycentral.org), a non-profit organization that supports the Ruby community through projects like this one, as well as [RubyConf](https://rubyconf.org), [RailsConf](https://railsconf.org), and [RubyGems.org](https://rubygems.org). You can support Ruby Central by attending or [sponsoring](sponsors@rubycentral.org) a conference, or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).
 
 ### Code of Conduct
 

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2023-02-15".freeze
-    @git_commit_sha = "5d717a27e0".freeze
+    @built_at = "2023-03-20".freeze
+    @git_commit_sha = "6f8e92bcc6".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/endpoint_specification.rb

@@ -26,10 +26,6 @@ module Bundler
       @platform
     end
 
-    def identifier
-      @__identifier ||= [name, version, platform.to_s]
-    end
-
     # needed for standalone, load required_paths from local gemspec
     # after the gem is installed
     def require_paths

data/bundler/lib/bundler/environment_preserver.rb

@@ -2,7 +2,7 @@
 
 module Bundler
   class EnvironmentPreserver
-    INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL".freeze
+    INTENTIONALLY_NIL = "BUNDLER_ENVIRONMENT_PRESERVER_INTENTIONALLY_NIL"
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
@@ -16,7 +16,7 @@ module Bundler
       RUBYLIB
       RUBYOPT
     ].map(&:freeze).freeze
-    BUNDLER_PREFIX = "BUNDLER_ORIG_".freeze
+    BUNDLER_PREFIX = "BUNDLER_ORIG_"
 
     def self.from_env
       new(env_to_hash(ENV), BUNDLER_KEYS)

data/bundler/lib/bundler/fetcher/dependency.rb

@@ -34,14 +34,10 @@ module Bundler
 
         returned_gems = spec_list.map(&:first).uniq
         specs(deps_list, full_dependency_list + returned_gems, spec_list + last_spec_list)
-      rescue MarshalError
+      rescue MarshalError, HTTPError, GemspecError
         Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
         Bundler.ui.debug "could not fetch from the dependency API, trying the full index"
         nil
-      rescue HTTPError, GemspecError
-        Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
-        Bundler.ui.debug "could not fetch from the dependency API\nit's suggested to retry using the full index via `bundle install --full-index`"
-        nil
       end
 
       def dependency_specs(gem_names)

data/bundler/lib/bundler/fetcher.rb

@@ -102,11 +102,11 @@ module Bundler
       uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
       if uri.scheme == "file"
         path = Bundler.rubygems.correct_for_windows_path(uri.path)
-        Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
+        Bundler.safe_load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
       elsif cached_spec_path = gemspec_cached_path(spec_file_name)
         Bundler.load_gemspec(cached_spec_path)
       else
-        Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
+        Bundler.safe_load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
       end
     rescue MarshalError
       raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \

data/bundler/lib/bundler/incomplete_specification.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Bundler
+  #
+  # Represents a package name that was found to be incomplete when trying to
+  # materialize a fresh resolution or the lockfile.
+  #
+  # Holds the actual partially complete set of specifications for the name.
+  # These are used so that they can be unlocked in a future resolution, and fix
+  # the situation.
+  #
+  class IncompleteSpecification
+    attr_reader :name, :partially_complete_specs
+
+    def initialize(name, partially_complete_specs = [])
+      @name = name
+      @partially_complete_specs = partially_complete_specs
+    end
+
+    def ==(other)
+      partially_complete_specs == other.partially_complete_specs
+    end
+  end
+end

data/bundler/lib/bundler/index.rb

@@ -13,8 +13,8 @@ module Bundler
     attr_reader :specs, :all_specs, :sources
     protected :specs, :all_specs
 
-    RUBY = "ruby".freeze
-    NULL = "\0".freeze
+    RUBY = "ruby"
+    NULL = "\0"
 
     def initialize
       @sources = []

data/bundler/lib/bundler/injector.rb

@@ -2,7 +2,7 @@
 
 module Bundler
   class Injector
-    INJECTED_GEMS = "injected gems".freeze
+    INJECTED_GEMS = "injected gems"
 
     def self.inject(new_deps, options = {})
       injector = new(new_deps, options)

data/bundler/lib/bundler/installer/parallel_installer.rb

@@ -47,13 +47,6 @@ module Bundler
         dependencies.all? {|d| installed_specs.include? d.name }
       end
 
-      # Check whether spec's dependencies are missing, which can indicate a
-      # corrupted lockfile
-      def dependencies_missing?(all_specs)
-        spec_names = all_specs.map(&:name)
-        dependencies.any? {|d| !spec_names.include? d.name }
-      end
-
       # Represents only the non-development dependencies, the ones that are
       # itself and are in the total list.
       def dependencies
@@ -123,11 +116,7 @@ module Bundler
       unmet_dependencies.each do |spec, unmet_spec_dependencies|
         unmet_spec_dependencies.each do |unmet_spec_dependency|
           found = @specs.find {|s| s.name == unmet_spec_dependency.name && !unmet_spec_dependency.matches_spec?(s.spec) }
-          if found
-            warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
-          else
-            warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name} but missing from lockfile"
-          end
+          warning << "* #{unmet_spec_dependency}, dependency of #{spec.full_name}, unsatisfied by #{found.full_name}"
         end
       end
 
@@ -224,8 +213,6 @@ module Bundler
         if spec.dependencies_installed? @specs
           spec.state = :enqueued
           worker_pool.enq spec
-        elsif spec.dependencies_missing? @specs
-          spec.state = :failed
         end
       end
     end

data/bundler/lib/bundler/lazy_specification.rb

@@ -20,7 +20,7 @@ module Bundler
     end
 
     def full_name
-      if platform == Gem::Platform::RUBY
+      @full_name ||= if platform == Gem::Platform::RUBY
         "#{@name}-#{@version}"
       else
         "#{@name}-#{@version}-#{platform}"
@@ -28,15 +28,15 @@ module Bundler
     end
 
     def ==(other)
-      identifier == other.identifier
+      full_name == other.full_name
     end
 
     def eql?(other)
-      identifier.eql?(other.identifier)
+      full_name.eql?(other.full_name)
     end
 
     def hash
-      identifier.hash
+      full_name.hash
     end
 
     ##
@@ -129,10 +129,6 @@ module Bundler
       end
     end
 
-    def identifier
-      @__identifier ||= [name, version, platform.to_s]
-    end
-
     def git_version
       return unless source.is_a?(Bundler::Source::Git)
       " #{source.revision[0..6]}"

data/bundler/lib/bundler/lockfile_generator.rb

@@ -45,7 +45,7 @@ module Bundler
       # gems with the same name, but different platform
       # are ordered consistently
       specs.sort_by(&:full_name).each do |spec|
-        next if spec.name == "bundler".freeze
+        next if spec.name == "bundler"
         out << spec.to_lock
       end
     end

data/bundler/lib/bundler/lockfile_parser.rb

@@ -4,15 +4,15 @@ module Bundler
   class LockfileParser
     attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
 
-    BUNDLED      = "BUNDLED WITH".freeze
-    DEPENDENCIES = "DEPENDENCIES".freeze
-    PLATFORMS    = "PLATFORMS".freeze
-    RUBY         = "RUBY VERSION".freeze
-    GIT          = "GIT".freeze
-    GEM          = "GEM".freeze
-    PATH         = "PATH".freeze
-    PLUGIN       = "PLUGIN SOURCE".freeze
-    SPECS        = "  specs:".freeze
+    BUNDLED      = "BUNDLED WITH"
+    DEPENDENCIES = "DEPENDENCIES"
+    PLATFORMS    = "PLATFORMS"
+    RUBY         = "RUBY VERSION"
+    GIT          = "GIT"
+    GEM          = "GEM"
+    PATH         = "PATH"
+    PLUGIN       = "PLUGIN SOURCE"
+    SPECS        = "  specs:"
     OPTIONS      = /^  ([a-z]+): (.*)$/i.freeze
     SOURCE       = [GIT, GEM, PATH, PLUGIN].freeze
 
@@ -86,7 +86,7 @@ module Bundler
           send("parse_#{@state}", line)
         end
       end
-      @specs = @specs.values.sort_by(&:identifier)
+      @specs = @specs.values.sort_by(&:full_name)
     rescue ArgumentError => e
       Bundler.ui.debug(e)
       raise LockfileError, "Your lockfile is unreadable. Run `rm #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` " \
@@ -199,7 +199,7 @@ module Bundler
         @current_spec.source = @current_source
         @current_source.add_dependency_names(name)
 
-        @specs[@current_spec.identifier] = @current_spec
+        @specs[@current_spec.full_name] = @current_spec
       elsif spaces.size == 6
         version = version.split(",").map(&:strip) if version
         dep = Gem::Dependency.new(name, version)

data/bundler/lib/bundler/plugin.rb

@@ -15,7 +15,7 @@ module Bundler
     class UnknownSourceError < PluginError; end
     class PluginInstallError < PluginError; end
 
-    PLUGIN_FILE_NAME = "plugins.rb".freeze
+    PLUGIN_FILE_NAME = "plugins.rb"
 
     module_function
 

data/bundler/lib/bundler/remote_specification.rb

@@ -29,12 +29,8 @@ module Bundler
       @platform = _remote_specification.platform
     end
 
-    def identifier
-      @__identifier ||= [name, version, @platform.to_s]
-    end
-
     def full_name
-      if @platform == Gem::Platform::RUBY
+      @full_name ||= if @platform == Gem::Platform::RUBY
         "#{@name}-#{@version}"
       else
         "#{@name}-#{@version}-#{@platform}"
@@ -106,7 +102,7 @@ module Bundler
     def _remote_specification
       @_remote_specification ||= @spec_fetcher.fetch_spec([@name, @version, @original_platform])
       @_remote_specification || raise(GemspecError, "Gemspec data for #{full_name} was" \
-        " missing from the server! Try installing with `--full-index` as a workaround.")
+        " missing from the server!")
     end
 
     def method_missing(method, *args, &blk)

data/bundler/lib/bundler/resolver/base.rb

@@ -34,9 +34,11 @@ module Bundler
         @base[name]
       end
 
-      def delete(specs)
-        specs.each do |spec|
-          @base.delete(spec)
+      def delete(incomplete_specs)
+        incomplete_specs.each do |incomplete_spec|
+          incomplete_spec.partially_complete_specs.each do |spec|
+            @base.delete(spec)
+          end
         end
       end
 

data/bundler/lib/bundler/resolver.rb

@@ -37,7 +37,9 @@ module Bundler
       root_version = Resolver::Candidate.new(0)
 
       @all_specs = Hash.new do |specs, name|
-        specs[name] = source_for(name).specs.search(name).sort_by {|s| [s.version, s.platform.to_s] }
+        specs[name] = source_for(name).specs.search(name).reject do |s|
+          s.dependencies.any? {|d| d.name == name && !d.requirement.satisfied_by?(s.version) } # ignore versions that depend on themselves incorrectly
+        end.sort_by {|s| [s.version, s.platform.to_s] }
       end
 
       @sorted_versions = Hash.new do |candidates, package|
@@ -55,7 +57,7 @@ module Bundler
           { root_version => root_dependencies }
         else
           Hash.new do |versions, version|
-            versions[version] = to_dependency_hash(version.dependencies, @packages)
+            versions[version] = to_dependency_hash(version.dependencies.reject {|d| d.name == package.name }, @packages)
           end
         end
       end
@@ -186,11 +188,6 @@ module Bundler
       package_deps = @cached_dependencies[package]
       sorted_versions = @sorted_versions[package]
       package_deps[version].map do |dep_package, dep_constraint|
-        if package == dep_package
-          cause = PubGrub::Incompatibility::CircularDependency.new(dep_package, dep_constraint.constraint_string)
-          return [PubGrub::Incompatibility.new([PubGrub::Term.new(dep_constraint, true)], :cause => cause)]
-        end
-
         low = high = sorted_versions.index(version)
 
         # find version low such that all >= low share the same dep
@@ -243,7 +240,7 @@ module Bundler
         ruby_specs = select_best_platform_match(specs, Gem::Platform::RUBY)
         groups << Resolver::Candidate.new(version, :specs => ruby_specs) if ruby_specs.any?
 
-        next groups if platform_specs == ruby_specs
+        next groups if platform_specs == ruby_specs || package.force_ruby_platform?
 
         groups << Resolver::Candidate.new(version, :specs => platform_specs)
 
@@ -302,7 +299,7 @@ module Bundler
     end
 
     def filter_prereleases(specs, package)
-      return specs unless package.ignores_prereleases?
+      return specs unless package.ignores_prereleases? && specs.size > 1
 
       specs.reject {|s| s.version.prerelease? }
     end

data/bundler/lib/bundler/rubygems_integration.rb

@@ -453,7 +453,7 @@ module Bundler
       fetcher = gem_remote_fetcher
       fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri
       string = fetcher.fetch_path(path)
-      Bundler.load_marshal(string)
+      Bundler.safe_load_marshal(string)
     rescue Gem::RemoteFetcher::FetchError
       # it's okay for prerelease to fail
       raise unless name == "prerelease_specs"

data/bundler/lib/bundler/settings.rb

@@ -495,7 +495,7 @@ module Bundler
         uri = $2
         suffix = $3
       end
-      uri = "#{uri}/" unless uri.end_with?("/")
+      uri = URINormalizer.normalize_suffix(uri)
       require_relative "vendored_uri"
       uri = Bundler::URI(uri)
       unless uri.absolute?

data/bundler/lib/bundler/setup.rb

@@ -12,7 +12,10 @@ if Bundler::SharedHelpers.in_bundle?
       Bundler.ui.error e.message
       Bundler.ui.warn e.backtrace.join("\n") if ENV["DEBUG"]
       if e.is_a?(Bundler::GemNotFound)
-        Bundler.ui.warn "Run `bundle install` to install missing gems."
+        suggested_cmd = "bundle install"
+        original_gemfile = Bundler.original_env["BUNDLE_GEMFILE"]
+        suggested_cmd += " --gemfile #{original_gemfile}" if original_gemfile
+        Bundler.ui.warn "Run `#{suggested_cmd}` to install missing gems."
       end
       exit e.status_code
     end

data/bundler/lib/bundler/shared_helpers.rb

@@ -160,7 +160,7 @@ module Bundler
         " (was expecting #{old_deps.map(&:to_s)}, but the real spec has #{new_deps.map(&:to_s)})"
       raise APIResponseMismatchError,
         "Downloading #{spec.full_name} revealed dependencies not in the API or the lockfile (#{extra_deps.join(", ")})." \
-        "\nEither installing with `--full-index` or running `bundle update #{spec.name}` should fix the problem."
+        "\nRunning `bundle update #{spec.name}` should fix the problem."
     end
 
     def pretty_dependency(dep)