rubygems-update 3.6.8 → 3.7.0

data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb

@@ -1,6 +1,7 @@
 require_relative '../../../../../vendored_net_http'
 require_relative '../../../../../vendored_uri'
-require 'cgi' # for escaping
+require 'cgi/escape'
+require 'cgi/util' unless defined?(CGI::EscapeExt)
 require_relative '../../../../connection_pool/lib/connection_pool'
 
 autoload :OpenSSL, 'openssl'
@@ -42,9 +43,8 @@ autoload :OpenSSL, 'openssl'
 #   # perform the POST, the Gem::URI is always required
 #   response http.request post_uri, post
 #
-# Note that for GET, HEAD and other requests that do not have a body you want
-# to use Gem::URI#request_uri not Gem::URI#path.  The request_uri contains the query
-# params which are sent in the body for other requests.
+# ⚠ Note that for GET, HEAD and other requests that do not have a body,
+# it uses Gem::URI#request_uri as default to send query params
 #
 # == TLS/SSL
 #
@@ -60,6 +60,7 @@ autoload :OpenSSL, 'openssl'
 # #ca_path            :: Directory with certificate-authorities
 # #cert_store         :: An SSL certificate store
 # #ciphers            :: List of SSl ciphers allowed
+# #extra_chain_cert   :: Extra certificates to be added to the certificate chain
 # #private_key        :: The client's SSL private key
 # #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
 #                        connection
@@ -176,7 +177,7 @@ class Gem::Net::HTTP::Persistent
   ##
   # The version of Gem::Net::HTTP::Persistent you are using
 
-  VERSION = '4.0.4'
+  VERSION = '4.0.6'
 
   ##
   # Error class for errors raised by Gem::Net::HTTP::Persistent.  Various
@@ -267,6 +268,11 @@ class Gem::Net::HTTP::Persistent
 
   attr_reader :ciphers
 
+  ##
+  # Extra certificates to be added to the certificate chain
+
+  attr_reader :extra_chain_cert
+
   ##
   # Sends debug_output to this IO via Gem::Net::HTTP#set_debug_output.
   #
@@ -587,6 +593,21 @@ class Gem::Net::HTTP::Persistent
     reconnect_ssl
   end
 
+  if Gem::Net::HTTP.method_defined?(:extra_chain_cert=)
+    ##
+    # Extra certificates to be added to the certificate chain.
+    # It is only supported starting from Gem::Net::HTTP version 0.1.1
+    def extra_chain_cert= extra_chain_cert
+      @extra_chain_cert = extra_chain_cert
+
+      reconnect_ssl
+    end
+  else
+    def extra_chain_cert= _extra_chain_cert
+      raise "extra_chain_cert= is not supported by this version of Gem::Net::HTTP"
+    end
+  end
+
   ##
   # Creates a new connection for +uri+
 
@@ -605,47 +626,49 @@ class Gem::Net::HTTP::Persistent
 
     connection = @pool.checkout net_http_args
 
-    http = connection.http
+    begin
+      http = connection.http
 
-    connection.ressl @ssl_generation if
-      connection.ssl_generation != @ssl_generation
+      connection.ressl @ssl_generation if
+        connection.ssl_generation != @ssl_generation
 
-    if not http.started? then
-      ssl   http if use_ssl
-      start http
-    elsif expired? connection then
-      reset connection
-    end
+      if not http.started? then
+        ssl   http if use_ssl
+        start http
+      elsif expired? connection then
+        reset connection
+      end
 
-    http.keep_alive_timeout = @idle_timeout  if @idle_timeout
-    http.max_retries        = @max_retries   if http.respond_to?(:max_retries=)
-    http.read_timeout       = @read_timeout  if @read_timeout
-    http.write_timeout      = @write_timeout if
-      @write_timeout && http.respond_to?(:write_timeout=)
+      http.keep_alive_timeout = @idle_timeout  if @idle_timeout
+      http.max_retries        = @max_retries   if http.respond_to?(:max_retries=)
+      http.read_timeout       = @read_timeout  if @read_timeout
+      http.write_timeout      = @write_timeout if
+        @write_timeout && http.respond_to?(:write_timeout=)
+
+      return yield connection
+    rescue Errno::ECONNREFUSED
+      if http.proxy?
+        address = http.proxy_address
+        port    = http.proxy_port
+      else
+        address = http.address
+        port    = http.port
+      end
 
-    return yield connection
-  rescue Errno::ECONNREFUSED
-    if http.proxy?
-      address = http.proxy_address
-      port    = http.proxy_port
-    else
-      address = http.address
-      port    = http.port
-    end
+      raise Error, "connection refused: #{address}:#{port}"
+    rescue Errno::EHOSTDOWN
+      if http.proxy?
+        address = http.proxy_address
+        port    = http.proxy_port
+      else
+        address = http.address
+        port    = http.port
+      end
 
-    raise Error, "connection refused: #{address}:#{port}"
-  rescue Errno::EHOSTDOWN
-    if http.proxy?
-      address = http.proxy_address
-      port    = http.proxy_port
-    else
-      address = http.address
-      port    = http.port
+      raise Error, "host down: #{address}:#{port}"
+    ensure
+      @pool.checkin net_http_args
     end
-
-    raise Error, "host down: #{address}:#{port}"
-  ensure
-    @pool.checkin net_http_args
   end
 
   ##
@@ -782,7 +805,7 @@ class Gem::Net::HTTP::Persistent
       @proxy_connection_id = [nil, *@proxy_args].join ':'
 
       if @proxy_uri.query then
-        @no_proxy = CGI.parse(@proxy_uri.query)['no_proxy'].join(',').downcase.split(',').map { |x| x.strip }.reject { |x| x.empty? }
+        @no_proxy = Gem::URI.decode_www_form(@proxy_uri.query).filter_map { |k, v| v if k == 'no_proxy' }.join(',').downcase.split(',').map { |x| x.strip }.reject { |x| x.empty? }
       end
     end
 
@@ -953,7 +976,8 @@ class Gem::Net::HTTP::Persistent
   end
 
   ##
-  # Shuts down all connections
+  # Shuts down all connections. Attempting to checkout a connection after
+  # shutdown will raise an error.
   #
   # *NOTE*: Calling shutdown for can be dangerous!
   #
@@ -964,6 +988,17 @@ class Gem::Net::HTTP::Persistent
     @pool.shutdown { |http| http.finish }
   end
 
+  ##
+  # Discard all existing connections. Subsequent checkouts will create
+  # new connections as needed.
+  #
+  # If any thread is still using a connection it may cause an error!  Call
+  # #reload when you are completely done making requests!
+
+  def reload
+    @pool.reload { |http| http.finish }
+  end
+
   ##
   # Enables SSL on +connection+
 
@@ -1021,6 +1056,10 @@ application:
       connection.key  = @private_key
     end
 
+    if defined?(@extra_chain_cert) and @extra_chain_cert
+      connection.extra_chain_cert = @extra_chain_cert
+    end
+
     connection.cert_store = if @cert_store then
                               @cert_store
                             else

data/bundler/lib/bundler/version.rb

@@ -1,13 +1,21 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.6.8".freeze
+  VERSION = "2.7.0".freeze
 
   def self.bundler_major_version
-    @bundler_major_version ||= VERSION.split(".").first.to_i
+    @bundler_major_version ||= gem_version.segments.first
   end
 
   def self.gem_version
     @gem_version ||= Gem::Version.create(VERSION)
   end
+
+  def self.verbose_version
+    @verbose_version ||= "#{VERSION}#{simulated_version ? " (simulating Bundler #{simulated_version})" : ""}"
+  end
+
+  def self.simulated_version
+    @simulated_version ||= Bundler.settings[:simulate_version]
+  end
 end

data/bundler/lib/bundler/worker.rb

@@ -88,7 +88,7 @@ module Bundler
 
       @threads = Array.new(@size) do |i|
         Thread.start { process_queue(i) }.tap do |thread|
-          thread.name = "#{name} Worker ##{i}" if thread.respond_to?(:name=)
+          thread.name = "#{name} Worker ##{i}"
         end
       rescue ThreadError => e
         creation_errors << e

data/bundler/lib/bundler.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require_relative "bundler/rubygems_ext"
 require_relative "bundler/vendored_fileutils"
 require "pathname"
 require "rbconfig"
@@ -7,7 +8,6 @@ require "rbconfig"
 require_relative "bundler/errors"
 require_relative "bundler/environment_preserver"
 require_relative "bundler/plugin"
-require_relative "bundler/rubygems_ext"
 require_relative "bundler/rubygems_integration"
 require_relative "bundler/version"
 require_relative "bundler/current_ruby"
@@ -53,7 +53,6 @@ module Bundler
   autoload :FeatureFlag,            File.expand_path("bundler/feature_flag", __dir__)
   autoload :FREEBSD,                File.expand_path("bundler/constants", __dir__)
   autoload :GemHelper,              File.expand_path("bundler/gem_helper", __dir__)
-  autoload :GemHelpers,             File.expand_path("bundler/gem_helpers", __dir__)
   autoload :GemVersionPromoter,     File.expand_path("bundler/gem_version_promoter", __dir__)
   autoload :Graph,                  File.expand_path("bundler/graph", __dir__)
   autoload :Index,                  File.expand_path("bundler/index", __dir__)
@@ -114,13 +113,13 @@ module Bundler
     end
 
     def configured_bundle_path
-      @configured_bundle_path ||= settings.path.tap(&:validate!)
+      @configured_bundle_path ||= Bundler.settings.path.tap(&:validate!)
     end
 
     # Returns absolute location of where binstubs are installed to.
     def bin_path
       @bin_path ||= begin
-        path = settings[:bin] || "bin"
+        path = Bundler.settings[:bin] || "bin"
         path = Pathname.new(path).expand_path(root).expand_path
         mkdir_p(path)
         path
@@ -174,14 +173,14 @@ module Bundler
       self_manager.restart_with_locked_bundler_if_needed
     end
 
-    # Automatically install dependencies if Bundler.settings[:auto_install] exists.
+    # Automatically install dependencies if settings[:auto_install] exists.
     # This is set through config cmd `bundle config set --global auto_install 1`.
     #
     # Note that this method `nil`s out the global Definition object, so it
     # should be called first, before you instantiate anything like an
     # `Installer` that'll keep a reference to the old one instead.
     def auto_install
-      return unless settings[:auto_install]
+      return unless Bundler.settings[:auto_install]
 
       begin
         definition.specs
@@ -239,10 +238,10 @@ module Bundler
     end
 
     def frozen_bundle?
-      frozen = settings[:frozen]
+      frozen = Bundler.settings[:frozen]
       return frozen unless frozen.nil?
 
-      settings[:deployment]
+      Bundler.settings[:deployment]
     end
 
     def locked_gems
@@ -343,7 +342,7 @@ module Bundler
 
     def app_cache(custom_path = nil)
       path = custom_path || root
-      Pathname.new(path).join(settings.app_cache_path)
+      Pathname.new(path).join(Bundler.settings.app_cache_path)
     end
 
     def tmp(name = Process.pid.to_s)
@@ -455,10 +454,14 @@ module Bundler
     end
 
     def local_platform
-      return Gem::Platform::RUBY if settings[:force_ruby_platform]
+      return Gem::Platform::RUBY if Bundler.settings[:force_ruby_platform]
       Gem::Platform.local
     end
 
+    def generic_local_platform
+      Gem::Platform.generic(local_platform)
+    end
+
     def default_gemfile
       SharedHelpers.default_gemfile
     end
@@ -564,7 +567,7 @@ module Bundler
     end
 
     def feature_flag
-      @feature_flag ||= FeatureFlag.new(VERSION)
+      @feature_flag ||= FeatureFlag.new(Bundler.settings[:simulate_version] || VERSION)
     end
 
     def reset!
@@ -580,7 +583,6 @@ module Bundler
 
     def reset_paths!
       @bin_path = nil
-      @bundler_major_version = nil
       @bundle_path = nil
       @configure = nil
       @configured_bundle_path = nil

data/doc/bundler/UPGRADING.md

@@ -1,150 +1,85 @@
 # Upgrading
 
-## Bundler 3
+## Bundler 4
 
-The following is a summary of the changes that we plan to introduce in Bundler
-3, why we will be making those changes, and what the deprecation process will
-look like. All these deprecations are printed by default in the Bundler 2.1 release.
-
-If you don't want to deal with deprecations right now and want to toggle them
-off, you can do it through configuration. Set the `BUNDLE_SILENCE_DEPRECATIONS`
-environment variable to "true", or configure it through `bundle config` either
-globally through `bundle config set --global silence_deprecations true` command, or
-locally through `bundle config set --local silence_deprecations true`. From now
-on in this document we will assume that all three of these configuration options
-are available, but will only mention `bundle config set <option> <value>`.
-
-As a general note, these changes are intended to improve the experience using
-bundler for _new_ users, who have no existing usage routines nor possibly biased
-opinions about how the tool should work based on how it has historically worked.
-We do understand that changing behaviour that have been existing for years can
-be annoying for old users, that's why we intend to make this process as smooth
-as possible for everyone.
-
-I'll be dividing the deprecations into four groups: CLI deprecations, Helper
-deprecations, DSL deprecations, and misc deprecations. Let's dive into each of
-them.
-
-### CLI deprecations
-
-The CLI defines a set of commands and options that can be used by our users to
-create command lines that bundler can understand. There's a number of changes
-in the upcoming 3 version.
-
-* Flags passed to `bundle install` that relied on being remembered across invocations have been deprecated.
-
-  In particular, the `--clean`, `--deployment`, `--frozen`,
-  `--no-prune`, `--path`, `--shebang`, `--system`, `--without`, and `--with`
-  options to `bundle install`.
-
-  Remembering CLI options has been a source of historical confusion and bug
-  reports, not only for beginners but also for experienced users. A CLI tool
-  should not behave differently across exactly the same invocations _unless_
-  explicitly configured to do so. This is what configuration is about after all,
-  and things should never be silently configured without the user knowing about
-  it.
-
-  The problem with changing this behavior is that very common workflows are
-  relying on it. For example, when you run `bundle install --without
-  development:test` in production, those flags are persisted in the app's
-  configuration file and further `bundle` invocations will happily ignore
-  development and test gems.  This magic will disappear from bundler 3, and
-  you will explicitly need to configure it, either through environment
-  variables, application configuration, or machine configuration. For example,
-  with `bundle config set --local without development test`.
-
-  The removal of this kind of flag also applies to analogous commands, for
-  example, to `bundle check --path`.
-
-* The `--force` flag to `bundle install` and `bundle update` has been renamed to `--redownload`.
-
-  This is just a simple rename of the flag, to make more apparent what it
-  actually does. This flag forces redownloading every gem, it doesn't "force"
-  anything else.
-
-* `bundle viz` will be removed and extracted to a plugin.
-
-  This is the only bundler command requiring external dependencies, both an OS
-  dependency (the `graphviz` package) and a gem dependency (the `ruby-graphviz`
-  gem). Removing these dependencies will make development easier and it was also
-  seen by the bundler team as an opportunity to develop a bundler plugin that
-  it's officially maintained by the bundler team, and that users can take as a
-  reference to develop their own plugins. The plugin will contain the same code
-  as the old core command, the only difference being that the command is now
-  implemented as `bundle graph` which is much easier to understand. However, the
-  details of the plugin are under discussion. See [#3333](https://github.com/rubygems/rubygems/issues/3333).
+In order to prepare for Bundler 4, you can easily configure Bundler 2.7 to
+behave exactly like Bundler 4 will behave. To do so, set the environment
+variable `BUNDLE_SIMULATE_VERSION` to `4`. Alternatively, you can use `bundle
+config` and enable "Bundler 4 mode" either globally through `bundle config set
+--global simulate_version 4`, or locally through `bundle config set --local
+simulate_version 4`. From now on in this document we will assume that all three
+of these configuration options are available, but will only mention `bundle
+config set <option> <value>`.
 
-* The `bundle console` will be removed and replaced with `bin/console`.
+The following is a summary of the changes that we plan to introduce in Bundler
+4, and why we will be making those changes. Some of them should be well known
+already by existing users, because we have been printing deprecation messages
+for years, but some of them are defaults that will be switched in Bundler 4 and
+needs some heads up.
 
-  Over time we found `bundle console` hard to maintain because every user would
-  want to add her own specific tweaks to it. In order to ease maintenance and
-  reduce bikeshedding discussions, we're removing the `bundle console` command
-  in favor of a `bin/console` script created by `bundle gem` on gem generation
-  that users can tweak to their needs.
+### Running just `bundle`  will print help usage
 
+We're changing this default to make Bundler more friendly for new users. We do
+understand that long time users already know how Bundler works and find useful
+that just `bundle` defaults to `bundle install`. Those users can keep the
+existing default by configuring
 
-* The `bundle install` command will no longer accept a `--binstubs` flag.
+```
+bundle config default_cli_command install
+```
 
-  The `--binstubs` option has been removed from `bundle install` and replaced
-  with the `bundle binstubs` command. The `--binstubs` flag would create
-  binstubs for all executables present inside the gems in the project. This was
-  hardly useful since most users will only use a subset of all the binstubs
-  available to them. Also, it would force the introduction of a bunch of most
-  likely unused files into source control. Because of this, binstubs now must
-  be created and checked into version control individually.
-
-
-* The `bundle inject` command is deprecated and replaced with `bundle add`.
-
-  We believe the new command fits the user's mental model better and it supports
-  a wider set of use cases. The interface supported by `bundle inject` works
-  exactly the same in `bundle add`, so it should be easy to migrate to the new
-  command.
+### Bundler will install to a `.bundle` folder relative to repository root by default
 
-#### Cancelled CLI deprecations
+We're making this change to improve isolation.
 
-These deprecations have been initially announced before, but the deprecations
-were cancelled before the release of Bundler 2.1.0 in [rubygems/bundler#7475](https://github.com/rubygems/bundler/pull/7475).
+The previous default of installing to system changes can be kept with `bundle
+config path.system true`.
 
-* ~The `bundle update` command will no longer update all gems, you'll need to pass `--all` to it.~ (postponed)
+Related to this change, and to alleviate potential bad consequences from it,
+we're also shipping some related changes:
 
-* ~The `bundle config` command will no longer accept old subcommand-based interface before Bundler 2.1.~ (postponed)
+* To keep disk usage under control, Bundler will cleanup unused gems when
+  installing gems per application using the new default. This new behavior can
+  be disabled by toggling back installing to system gems as explained before, or
+  by configuring `bundle config clean false`.
 
-### Helper deprecations
+* To avoid duplicate downloads of `.gem` packages and recompilation of
+  extensions, Bundler will keep a global cache of gem packages and compiled
+  extensions. This new behaviour can be disabled with `bundle config
+  global_gem_cache false`, or by toggling back installing to system gems as
+  explained before.
 
-* `Bundler.clean_env`, `Bundler.with_clean_env`, `Bundler.clean_system`, and `Bundler.clean_exec` are deprecated.
+### Flags passed to `bundle install` that relied on being remembered across invocations will be removed
 
-  All of these helpers ultimately use `Bundler.clean_env` under the hood, which
-  makes sure all bundler-related environment are removed inside the block it
-  yields.
+In particular, the `--clean`, `--deployment`, `--frozen`, `--no-prune`,
+`--path`, `--shebang`, `--system`, `--without`, and `--with` options to `bundle
+install`.
 
-  After quite a lot user reports, we noticed that users don't usually want this
-  but instead want the bundler environment as it was before the current process
-  was started. Thus, `Bundler.with_original_env`, `Bundler.original_system`, and
-  `Bundler.original_exec` were born. They all use the new `Bundler.original_env`
-  under the hood.
+Remembering CLI options has been a source of historical confusion and bug
+reports, not only for beginners but also for experienced users. A CLI tool
+should not behave differently across exactly the same invocations _unless_
+explicitly configured to do so. This is what configuration is about after all,
+and things should never be silently configured without the user knowing about
+it.
 
-  There's however some specific cases where the good old `Bundler.clean_env`
-  behavior can be useful. For example, when testing Rails generators, you really
-  want an environment where `bundler` is out of the picture. This is why we
-  decided to keep the old behavior under a new more clear name, because we
-  figured the word "clean" was too ambiguous. So we have introduced
-  `Bundler.unbundled_env`, `Bundler.with_unbundled_env`,
-  `Bundler.unbundled_system`, and `Bundler.unbundled_exec`.
+The problem with changing this behavior is that very common workflows are
+relying on it. For example, when you run `bundle install --without
+development:test` in production, those flags are persisted in the app's
+configuration file and further `bundle` invocations will happily ignore
+development and test gems.  This magic will disappear from bundler 4, and you
+will explicitly need to configure it, either through environment variables,
+application configuration, or machine configuration. For example, with `bundle
+config set --local without development test`.
 
-* `Bundler.environment` is deprecated in favor of `Bundler.load`.
+### Bundler will include checksums in the lockfile by default
 
-  We're not sure how people might be using this directly but we have removed the
-  `Bundler::Environment` class which was instantiated by `Bundler.environment`
-  since we realized the `Bundler::Runtime` class was the same thing. During the
-  transition `Bundler.environment` will delegate to `Bundler.load`, which holds
-  the reference to the `Bundler::Environment`.
+We shipped this security feature recently and we believe it's time to turn it on
+by default, so that everyone benefits from the extra security assurances by default.
 
-#### DSL deprecations
+### Strict source pinning in Gemfile is enforced by default
 
-The following deprecations in bundler's DSL are meant to prepare for the strict
-source pinning in bundler 3, where the source for every dependency will be
-unambiguously defined.
+In bundler 4, the source for every dependency will be unambiguously defined, and
+Bundler will refuse to run otherwise.
 
 * Multiple global Gemfile sources will no longer be supported.
 
@@ -207,7 +142,82 @@ unambiguously defined.
   end
   ```
 
-#### Misc deprecations
+#### Notable CLI changes
+
+* The `--force` flag to `bundle install` and `bundle update` will be renamed to `--redownload`.
+
+  This is just a simple rename of the flag, to make more apparent what it
+  actually does. This flag forces redownloading every gem, it doesn't "force"
+  anything else.
+
+* `bundle viz` will be removed and extracted to a plugin.
+
+  This is the only bundler command requiring external dependencies, both an OS
+  dependency (the `graphviz` package) and a gem dependency (the `ruby-graphviz`
+  gem). Removing these dependencies will make development easier and it was also
+  seen by the bundler team as an opportunity to develop a bundler plugin that
+  it's officially maintained by the bundler team, and that users can take as a
+  reference to develop their own plugins. The plugin will contain the same code
+  as the old core command, the only difference being that the command is now
+  implemented as `bundle graph` which is much easier to understand. However, the
+  details of the plugin are under discussion. See [#3333](https://github.com/rubygems/rubygems/issues/3333).
+
+* The `bundle install` command will no longer accept a `--binstubs` flag.
+
+  The `--binstubs` option has been removed from `bundle install` and replaced
+  with the `bundle binstubs` command. The `--binstubs` flag would create
+  binstubs for all executables present inside the gems in the project. This was
+  hardly useful since most users will only use a subset of all the binstubs
+  available to them. Also, it would force the introduction of a bunch of most
+  likely unused files into source control. Because of this, binstubs now must
+  be created and checked into version control individually.
+
+* The `bundle inject` command will be replaced with `bundle add`
+
+  We believe the new command fits the user's mental model better and it supports
+  a wider set of use cases. The interface supported by `bundle inject` works
+  exactly the same in `bundle add`, so it should be easy to migrate to the new
+  command.
+
+### Other notable changes
+
+* Git and Path gems will be included in `vendor/cache` by default
+
+  We're unsure why these gems were treated specially so we'll start caching them
+  normally.
+
+* Bundler will use cached local data if available when network issues are found
+  during resolution.
+
+  Just trying to provide a more resilient behavior here.
+
+* `Bundler.clean_env`, `Bundler.with_clean_env`, `Bundler.clean_system`, and `Bundler.clean_exec` will be removed
+
+  All of these helpers ultimately use `Bundler.clean_env` under the hood, which
+  makes sure all bundler-related environment are removed inside the block it
+  yields.
+
+  After quite a lot user reports, we noticed that users don't usually want this
+  but instead want the bundler environment as it was before the current process
+  was started. Thus, `Bundler.with_original_env`, `Bundler.original_system`, and
+  `Bundler.original_exec` were born. They all use the new `Bundler.original_env`
+  under the hood.
+
+  There's however some specific cases where the good old `Bundler.clean_env`
+  behavior can be useful. For example, when testing Rails generators, you really
+  want an environment where `bundler` is out of the picture. This is why we
+  decided to keep the old behavior under a new more clear name, because we
+  figured the word "clean" was too ambiguous. So we have introduced
+  `Bundler.unbundled_env`, `Bundler.with_unbundled_env`,
+  `Bundler.unbundled_system`, and `Bundler.unbundled_exec`.
+
+* `Bundler.environment` is deprecated in favor of `Bundler.load`.
+
+  We're not sure how people might be using this directly but we have removed the
+  `Bundler::Environment` class which was instantiated by `Bundler.environment`
+  since we realized the `Bundler::Runtime` class was the same thing. During the
+  transition `Bundler.environment` will delegate to `Bundler.load`, which holds
+  the reference to the `Bundler::Environment`.
 
 * Deployment helpers for `vlad` and `capistrano` are being removed.
 

data/doc/rubygems/CONTRIBUTING.md

@@ -52,7 +52,7 @@ To run commands like `gem install` from the repo:
 
 To run commands like `bundle install` from the repo:
 
-    ruby bundler/spec/support/bundle.rb install
+    bundler/bin/bundle install
 
 ### Running Tests