rubygems-update 3.3.4 → 3.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8b1ab86a06b30bdc5a03f3124e2e2c7ac40db3e5c5fb5d2e2ae9f42c6bfd549
-  data.tar.gz: c885501752d796f4a2b656a537242e889c04bb1e67f1d6d21da9047225e5d89f
+  metadata.gz: 9648fb20873191a9544a114fb8924f9f08625fa63d590a3a0434e3b2b95b516d
+  data.tar.gz: b29121744e804674e10ae19f1cbc9525a8c8c0ee73072e27baf726479b995180
 SHA512:
-  metadata.gz: bb514eb2ad2813f5ecf90fbe3ffd1c04bf5af6b34cad1b18f77da08a99c0755b18af42314c2ca1073b2d8af58db2eee81a946dd1890c5098ddaabf263cace321
-  data.tar.gz: 978538c03440b713418a53126275355e4b0cc3bf31ea0b6574c1813fcaa8b9efe643dcde824a48b2f19eebdf706d5aeba6a10e6ae488e928cf3058f00e2c6e9a
+  metadata.gz: 5b8f751c2bd5a5bca0b8c7baa474ac226cb697275582681f14cb57326279e5f17db249803f33177344f7ebb199fef3c1c396c7aaf749950b3b8bb62e47b16dce
+  data.tar.gz: c5be5acbc735daa56571bbf4b51a1edf0271c8c6d56d7a7a403401a03863580669cdca71b9d426434701200a2cd10e20b215d1b6b17f8d1bebe4cd2bcdf91ed2

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+# 3.3.5 / 2022-01-12
+
+## Enhancements:
+
+* Don't activate `yaml` gem from RubyGems. Pull request #5266 by
+  deivid-rodriguez
+* Let `gem fetch` understand `<gem>:<version>` syntax and
+  `--[no-]suggestions` flag. Pull request #5242 by ximenasandoval
+* Installs bundler 2.3.5 as a default gem.
+
+## Bug fixes:
+
+* Fix `gem install <non-existent-gem> --force` crash. Pull request #5262
+  by deivid-rodriguez
+* Fix longstanding `gem install` failure on JRuby. Pull request #5228 by
+  deivid-rodriguez
+
+## Documentation:
+
+* Markup `Gem::Specification` documentation with RDoc notations. Pull
+  request #5268 by nobu
+
 # 3.3.4 / 2021-12-29
 
 ## Enhancements:

data/bundler/CHANGELOG.md

@@ -1,3 +1,16 @@
+# 2.3.5 (January 12, 2022)
+
+## Enhancements:
+
+  - Make `bundle update --bundler` actually lock to the latest bundler version (even if not yet installed) [#5182](https://github.com/rubygems/rubygems/pull/5182)
+  - Use thor-1.2.1 [#5260](https://github.com/rubygems/rubygems/pull/5260)
+  - Exclude bin directory for newgem template [#5259](https://github.com/rubygems/rubygems/pull/5259)
+
+## Bug fixes:
+
+  - Fix metadata requirements being bypassed when custom gem servers are used [#5256](https://github.com/rubygems/rubygems/pull/5256)
+  - Fix `rake build:checksum` writing checksum of package path, not package contents [#5250](https://github.com/rubygems/rubygems/pull/5250)
+
 # 2.3.4 (December 29, 2021)
 
 ## Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2021-12-29".freeze
-    @git_commit_sha = "2296a0d6cc".freeze
+    @built_at = "2022-01-12".freeze
+    @git_commit_sha = "a13d015fcb".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/cli/update.rb

@@ -11,12 +11,16 @@ module Bundler
     def run
       Bundler.ui.level = "warn" if options[:quiet]
 
+      update_bundler = options[:bundler]
+
+      Bundler.self_manager.update_bundler_and_restart_with_it_if_needed(update_bundler) if update_bundler
+
       Plugin.gemfile_install(Bundler.default_gemfile) if Bundler.feature_flag.plugins?
 
       sources = Array(options[:source])
       groups  = Array(options[:group]).map(&:to_sym)
 
-      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !options[:bundler]
+      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !update_bundler
 
       if full_update && !options[:all]
         if Bundler.feature_flag.update_requires_all_flag?
@@ -49,7 +53,7 @@ module Bundler
 
         Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
                            :conservative => conservative,
-                           :bundler => options[:bundler])
+                           :bundler => update_bundler)
       end
 
       Bundler::CLI::Common.configure_gem_version_promoter(Bundler.definition, options)

data/bundler/lib/bundler/cli.rb

@@ -809,17 +809,10 @@ module Bundler
 
       current = Gem::Version.new(VERSION)
       return if current >= latest
-      latest_installed = Bundler.rubygems.find_name("bundler").map(&:version).max
 
-      installation = "To install the latest version, run `gem install bundler#{" --pre" if latest.prerelease?}`"
-      if latest_installed && latest_installed > current
-        suggestion = "To update to the most recent installed version (#{latest_installed}), run `bundle update --bundler`"
-        suggestion = "#{installation}\n#{suggestion}" if latest_installed < latest
-      else
-        suggestion = installation
-      end
-
-      Bundler.ui.warn "The latest bundler is #{latest}, but you are currently running #{current}.\n#{suggestion}"
+      Bundler.ui.warn \
+        "The latest bundler is #{latest}, but you are currently running #{current}.\n" \
+        "To update to the most recent version, run `bundle update --bundler`"
     rescue RuntimeError
       nil
     end

data/bundler/lib/bundler/compact_index_client/cache.rb

@@ -76,15 +76,6 @@ module Bundler
         end
       end
 
-      def specific_dependency(name, version, platform)
-        pattern = [version, platform].compact.join("-")
-        return nil if pattern.empty?
-
-        gem_lines = info_path(name).read
-        gem_line = gem_lines[/^#{Regexp.escape(pattern)}\b.*/, 0]
-        gem_line ? parse_gem(gem_line) : nil
-      end
-
       private
 
       def lines(path)

data/bundler/lib/bundler/compact_index_client.rb

@@ -73,12 +73,6 @@ module Bundler
       end.flatten(1)
     end
 
-    def spec(name, version, platform = nil)
-      Bundler::CompactIndexClient.debug { "spec(name = #{name}, version = #{version}, platform = #{platform})" }
-      update_info(name)
-      @cache.specific_dependency(name, version, platform)
-    end
-
     def update_and_parse_checksums!
       Bundler::CompactIndexClient.debug { "update_and_parse_checksums!" }
       return @info_checksums_by_name if @parsed_checksums

data/bundler/lib/bundler/definition.rb

@@ -309,14 +309,6 @@ module Bundler
       end
     end
 
-    def locked_bundler_version
-      if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION)
-        new_version = Bundler::VERSION
-      end
-
-      new_version || @locked_bundler_version || Bundler::VERSION
-    end
-
     def locked_ruby_version
       return unless ruby_version
       if @unlock[:ruby] || !@locked_ruby_version

data/bundler/lib/bundler/endpoint_specification.rb

@@ -5,14 +5,15 @@ module Bundler
   class EndpointSpecification < Gem::Specification
     include MatchPlatform
 
-    attr_reader :name, :version, :platform, :required_rubygems_version, :required_ruby_version, :checksum
+    attr_reader :name, :version, :platform, :checksum
     attr_accessor :source, :remote, :dependencies
 
-    def initialize(name, version, platform, dependencies, metadata = nil)
+    def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
       super()
       @name         = name
       @version      = Gem::Version.create version
       @platform     = platform
+      @spec_fetcher = spec_fetcher
       @dependencies = dependencies.map {|dep, reqs| build_dependency(dep, reqs) }
 
       @loaded_from          = nil
@@ -21,6 +22,14 @@ module Bundler
       parse_metadata(metadata)
     end
 
+    def required_ruby_version
+      @required_ruby_version ||= _remote_specification.required_ruby_version
+    end
+
+    def required_rubygems_version
+      @required_rubygems_version ||= _remote_specification.required_rubygems_version
+    end
+
     def fetch_platform
       @platform
     end
@@ -105,12 +114,21 @@ module Bundler
 
     private
 
+    def _remote_specification
+      @_remote_specification ||= @spec_fetcher.fetch_spec([@name, @version, @platform])
+    end
+
     def local_specification_path
       "#{base_dir}/specifications/#{full_name}.gemspec"
     end
 
     def parse_metadata(data)
-      return unless data
+      unless data
+        @required_ruby_version = nil
+        @required_rubygems_version = nil
+        return
+      end
+
       data.each do |k, v|
         next unless v
         case k.to_s

data/bundler/lib/bundler/fetcher/compact_index.rb

@@ -57,16 +57,6 @@ module Bundler
         gem_info
       end
 
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        contents = compact_index_client.spec(*spec)
-        return nil if contents.nil?
-        contents.unshift(spec.first)
-        contents[3].map! {|d| Gem::Dependency.new(*d) }
-        EndpointSpecification.new(*contents)
-      end
-      compact_index_request :fetch_spec
-
       def available?
         unless SharedHelpers.md5_available?
           Bundler.ui.debug("FIPS mode is enabled, bundler can't use the CompactIndex API")

data/bundler/lib/bundler/fetcher/index.rb

@@ -21,32 +21,6 @@ module Bundler
           raise HTTPError, "Could not fetch specs from #{display_uri} due to underlying error <#{e.message}>"
         end
       end
-
-      def fetch_spec(spec)
-        spec -= [nil, "ruby", ""]
-        spec_file_name = "#{spec.join "-"}.gemspec"
-
-        uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
-        if uri.scheme == "file"
-          path = Bundler.rubygems.correct_for_windows_path(uri.path)
-          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
-        elsif cached_spec_path = gemspec_cached_path(spec_file_name)
-          Bundler.load_gemspec(cached_spec_path)
-        else
-          Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
-        end
-      rescue MarshalError
-        raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
-          "Your network or your gem server is probably having issues right now."
-      end
-
-      private
-
-      # cached gem specification path, if one exists
-      def gemspec_cached_path(spec_file_name)
-        paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-        paths.find {|path| File.file? path }
-      end
     end
   end
 end

data/bundler/lib/bundler/fetcher.rb

@@ -129,17 +129,15 @@ module Bundler
         specs = fetchers.last.specs(gem_names)
       else
         specs = []
-        fetchers.shift until fetchers.first.available? || fetchers.empty?
-        fetchers.dup.each do |f|
-          break unless f.api_fetcher? && !gem_names || !specs = f.specs(gem_names)
-          fetchers.delete(f)
+        @fetchers = fetchers.drop_while do |f|
+          !f.available? || (f.api_fetcher? && !gem_names) || !specs = f.specs(gem_names)
         end
         @use_api = false if fetchers.none?(&:api_fetcher?)
       end
 
       specs.each do |name, version, platform, dependencies, metadata|
         spec = if dependencies
-          EndpointSpecification.new(name, version, platform, dependencies, metadata)
+          EndpointSpecification.new(name, version, platform, self, dependencies, metadata)
         else
           RemoteSpecification.new(name, version, platform, self)
         end
@@ -272,8 +270,7 @@ module Bundler
     # cached gem specification path, if one exists
     def gemspec_cached_path(spec_file_name)
       paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-      paths = paths.select {|path| File.file? path }
-      paths.first
+      paths.find {|path| File.file? path }
     end
 
     HTTP_ERRORS = [
@@ -301,8 +298,6 @@ module Bundler
       store
     end
 
-    private
-
     def remote_uri
       @remote.uri
     end

data/bundler/lib/bundler/gem_helper.rb

@@ -107,9 +107,9 @@ module Bundler
       SharedHelpers.filesystem_access(File.join(base, "checksums")) {|p| FileUtils.mkdir_p(p) }
       file_name = "#{File.basename(built_gem_path)}.sha512"
       require "digest/sha2"
-      checksum = ::Digest::SHA512.new.hexdigest(built_gem_path.to_s)
+      checksum = ::Digest::SHA512.file(built_gem_path).hexdigest
       target = File.join(base, "checksums", file_name)
-      File.write(target, checksum)
+      File.write(target, checksum + "\n")
       Bundler.ui.confirm "#{name} #{version} checksum written to checksums/#{file_name}."
     end
 

data/bundler/lib/bundler/lazy_specification.rb

@@ -90,11 +90,11 @@ module Bundler
           MatchPlatform.platforms_match?(spec.platform, platform_object)
         end
         installable_candidates = same_platform_candidates.select do |spec|
-          !spec.is_a?(EndpointSpecification) ||
+          spec.is_a?(StubSpecification) ||
             (spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
               spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version))
         end
-        search = installable_candidates.last || same_platform_candidates.last
+        search = installable_candidates.last
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
         search
       end

data/bundler/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,7 @@ module Bundler
     end
 
     def add_bundled_with
-      add_section("BUNDLED WITH", definition.locked_bundler_version.to_s)
+      add_section("BUNDLED WITH", Bundler::VERSION)
     end
 
     def add_section(name, value)

data/bundler/lib/bundler/resolver/spec_group.rb

@@ -95,7 +95,7 @@ module Bundler
 
       def metadata_dependencies(platform)
         spec = @specs[platform].first
-        return [] unless spec.is_a?(Gem::Specification)
+        return [] if spec.is_a?(LazySpecification)
         dependencies = []
         if !spec.required_ruby_version.nil? && !spec.required_ruby_version.none?
           dependencies << DepProxy.get_proxy(Gem::Dependency.new("Ruby\0", spec.required_ruby_version), platform)

data/bundler/lib/bundler/resolver.rb

@@ -358,24 +358,18 @@ module Bundler
             o << "\n"
             o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
             o << %(the gems in your Gemfile, which may resolve the conflict.\n)
-          elsif !conflict.existing
+          elsif !conflict.existing && !name.end_with?("\0")
             o << "\n"
 
             relevant_source = conflict.requirement.source || source_for(name)
 
-            metadata_requirement = name.end_with?("\0")
-
             extra_message = if conflict.requirement_trees.first.size > 1
               ", which is required by gem '#{SharedHelpers.pretty_dependency(conflict.requirement_trees.first[-2])}',"
             else
               ""
             end
 
-            if metadata_requirement
-              o << "#{SharedHelpers.pretty_dependency(conflict.requirement)}#{extra_message} is not available in #{relevant_source}"
-            else
-              o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
-            end
+            o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
           end
         end,
         :version_for_spec => lambda {|spec| spec.version },

data/bundler/lib/bundler/self_manager.rb

@@ -9,46 +9,58 @@ module Bundler
     def restart_with_locked_bundler_if_needed
       return unless needs_switching? && installed?
 
-      restart_with_locked_bundler
+      restart_with(lockfile_version)
     end
 
     def install_locked_bundler_and_restart_with_it_if_needed
       return unless needs_switching?
 
-      install_and_restart_with_locked_bundler
+      Bundler.ui.info \
+        "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
+        "Installing Bundler #{lockfile_version} and restarting using that version."
+
+      install_and_restart_with(lockfile_version)
+    end
+
+    def update_bundler_and_restart_with_it_if_needed(target)
+      return unless autoswitching_applies?
+
+      spec = resolve_update_version_from(target)
+      return unless spec
+
+      version = spec.version
+
+      Bundler.ui.info "Updating bundler to #{version}."
+
+      install(spec)
+
+      restart_with(version)
     end
 
     private
 
-    def install_and_restart_with_locked_bundler
-      bundler_dep = Gem::Dependency.new("bundler", lockfile_version)
-      spec = fetch_spec_for(bundler_dep)
-      return if spec.nil?
+    def install_and_restart_with(version)
+      requirement = Gem::Requirement.new(version)
+      spec = find_latest_matching_spec(requirement)
 
-      Bundler.ui.info \
-        "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
-        "Installing Bundler #{lockfile_version} and restarting using that version."
+      if spec.nil?
+        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
+        return
+      end
 
-      spec.source.install(spec)
+      install(spec)
     rescue StandardError => e
       Bundler.ui.trace e
       Bundler.ui.warn "There was an error installing the locked bundler version (#{lockfile_version}), rerun with the `--verbose` flag for more details. Going on using bundler #{current_version}."
     else
-      restart_with_locked_bundler
+      restart_with(version)
     end
 
-    def fetch_spec_for(bundler_dep)
-      source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
-      source.remote!
-      source.add_dependency_names("bundler")
-      spec = source.specs.search(bundler_dep).first
-      if spec.nil?
-        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
-      end
-      spec
+    def install(spec)
+      spec.source.install(spec)
     end
 
-    def restart_with_locked_bundler
+    def restart_with(version)
       configured_gem_home = ENV["GEM_HOME"]
       configured_gem_path = ENV["GEM_PATH"]
 
@@ -57,20 +69,79 @@ module Bundler
 
       Bundler.with_original_env do
         Kernel.exec(
-          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => lockfile_version },
+          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => version.to_s },
           *cmd
         )
       end
     end
 
     def needs_switching?
+      autoswitching_applies? &&
+        released?(lockfile_version) &&
+        !running?(lockfile_version) &&
+        !updating?
+    end
+
+    def autoswitching_applies?
       ENV["BUNDLER_VERSION"].nil? &&
         Bundler.rubygems.supports_bundler_trampolining? &&
         SharedHelpers.in_bundle? &&
-        lockfile_version &&
-        !lockfile_version.end_with?(".dev") &&
-        lockfile_version != current_version &&
-        !updating?
+        lockfile_version
+    end
+
+    def resolve_update_version_from(target)
+      requirement = Gem::Requirement.new(target)
+      update_candidate = find_latest_matching_spec(requirement)
+
+      if update_candidate.nil?
+        raise InvalidOption, "The `bundle update --bundler` target version (#{target}) does not exist"
+      end
+
+      resolved_version = update_candidate.version
+      needs_update = requirement.specific? ? !running?(resolved_version) : running_older_than?(resolved_version)
+
+      return unless needs_update
+
+      update_candidate
+    end
+
+    def local_specs
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+    end
+
+    def remote_specs
+      @remote_specs ||= begin
+        source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
+        source.remote!
+        source.add_dependency_names("bundler")
+        source.specs
+      end
+    end
+
+    def find_latest_matching_spec(requirement)
+      local_result = find_latest_matching_spec_from_collection(local_specs, requirement)
+      return local_result if local_result && requirement.specific?
+
+      remote_result = find_latest_matching_spec_from_collection(remote_specs, requirement)
+      return remote_result if local_result.nil?
+
+      [local_result, remote_result].max
+    end
+
+    def find_latest_matching_spec_from_collection(specs, requirement)
+      specs.sort.reverse_each.find {|spec| requirement.satisfied_by?(spec.version) }
+    end
+
+    def running?(version)
+      version == current_version
+    end
+
+    def running_older_than?(version)
+      current_version < version
+    end
+
+    def released?(version)
+      !version.to_s.end_with?(".dev")
     end
 
     def updating?
@@ -80,15 +151,18 @@ module Bundler
     def installed?
       Bundler.configure
 
-      Bundler.rubygems.find_bundler(lockfile_version)
+      Bundler.rubygems.find_bundler(lockfile_version.to_s)
     end
 
     def current_version
-      @current_version ||= Bundler::VERSION
+      @current_version ||= Gem::Version.new(Bundler::VERSION)
     end
 
     def lockfile_version
-      @lockfile_version ||= Bundler::LockfileParser.bundled_with
+      return @lockfile_version if defined?(@lockfile_version)
+
+      parsed_version = Bundler::LockfileParser.bundled_with
+      @lockfile_version = parsed_version ? Gem::Version.new(parsed_version) : nil
     end
   end
 end

data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
     end
   end
   spec.bindir = "exe"

data/bundler/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb

@@ -107,10 +107,7 @@ class Bundler::Thor
       #
       def replace!(regexp, string, force)
         content = File.read(destination)
-        before, after = content.split(regexp, 2)
-        snippet = (behavior == :after ? after : before).to_s
-
-        if force || !snippet.include?(replacement)
+        if force || !content.include?(replacement)
           success = content.gsub!(regexp, string)
 
           File.open(destination, "wb") { |file| file.write(content) } unless pretend?

data/bundler/lib/bundler/vendor/thor/lib/thor/version.rb

@@ -1,3 +1,3 @@
 class Bundler::Thor
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.3.4".freeze
+  VERSION = "2.3.5".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/rubygems/commands/fetch_command.rb

@@ -8,7 +8,12 @@ class Gem::Commands::FetchCommand < Gem::Command
   include Gem::VersionOption
 
   def initialize
-    super 'fetch', 'Download a gem and place it in the current directory'
+    defaults = {
+      :suggest_alternate => true,
+      :version           => Gem::Requirement.default,
+    }
+
+    super 'fetch', 'Download a gem and place it in the current directory', defaults
 
     add_bulk_threshold_option
     add_proxy_option
@@ -18,6 +23,10 @@ class Gem::Commands::FetchCommand < Gem::Command
     add_version_option
     add_platform_option
     add_prerelease_option
+
+    add_option '--[no-]suggestions', 'Suggest alternates when gems are not found' do |value, options|
+      options[:suggest_alternate] = value
+    end
   end
 
   def arguments # :nodoc:
@@ -42,15 +51,27 @@ then repackaging it.
     "#{program_name} GEMNAME [GEMNAME ...]"
   end
 
+  def check_version # :nodoc:
+    if options[:version] != Gem::Requirement.default and
+         get_all_gem_names.size > 1
+      alert_error "Can't use --version with multiple gems. You can specify multiple gems with" \
+                  " version requirements using `gem fetch 'my_gem:1.0.0' 'my_other_gem:~>2.0.0'`"
+      terminate_interaction 1
+    end
+  end
+
   def execute
-    version = options[:version] || Gem::Requirement.default
+    check_version
+    version = options[:version]
 
     platform  = Gem.platforms.last
-    gem_names = get_all_gem_names
+    gem_names = get_all_gem_names_and_versions
 
-    gem_names.each do |gem_name|
-      dep = Gem::Dependency.new gem_name, version
+    gem_names.each do |gem_name, gem_version|
+      gem_version ||= version
+      dep = Gem::Dependency.new gem_name, gem_version
       dep.prerelease = options[:prerelease]
+      suppress_suggestions = !options[:suggest_alternate]
 
       specs_and_sources, errors =
         Gem::SpecFetcher.fetcher.spec_for_dependency dep
@@ -63,12 +84,10 @@ then repackaging it.
       spec, source = specs_and_sources.max_by {|s,| s }
 
       if spec.nil?
-        show_lookup_failure gem_name, version, errors, options[:domain]
+        show_lookup_failure gem_name, gem_version, errors, suppress_suggestions, options[:domain]
         next
       end
-
       source.download spec
-
       say "Downloaded #{spec.full_name}"
     end
   end

data/lib/rubygems/package/old.rb

@@ -145,7 +145,7 @@ class Gem::Package::Old < Gem::Package
 
     begin
       @spec = Gem::Specification.from_yaml yaml
-    rescue YAML::SyntaxError
+    rescue Psych::SyntaxError
       raise Gem::Exception, "Failed to parse gem specification out of gem file"
     end
   rescue ArgumentError

data/lib/rubygems/package.rb

@@ -230,7 +230,7 @@ class Gem::Package
 
     tar.add_file_signed 'checksums.yaml.gz', 0444, @signer do |io|
       gzip_to io do |gz_io|
-        YAML.dump checksums_by_algorithm, gz_io
+        Psych.dump checksums_by_algorithm, gz_io
       end
     end
   end

data/lib/rubygems/psych_additions.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 # This exists just to satisfy bugs in marshal'd gemspecs that
-# contain a reference to YAML::PrivateType. We prune these out
+# contain a reference to Psych::PrivateType. We prune these out
 # in Specification._load, but if we don't have the constant, Marshal
 # blows up.
 

data/lib/rubygems/resolver/installer_set.rb

@@ -76,21 +76,21 @@ class Gem::Resolver::InstallerSet < Gem::Resolver::Set
 
     newest = found.last
 
+    unless newest
+      exc = Gem::UnsatisfiableDependencyError.new request
+      exc.errors = errors
+
+      raise exc
+    end
+
     unless @force
       found_matching_metadata = found.reverse.find do |spec|
         metadata_satisfied?(spec)
       end
 
       if found_matching_metadata.nil?
-        if newest
-          ensure_required_ruby_version_met(newest.spec)
-          ensure_required_rubygems_version_met(newest.spec)
-        else
-          exc = Gem::UnsatisfiableDependencyError.new request
-          exc.errors = errors
-
-          raise exc
-        end
+        ensure_required_ruby_version_met(newest.spec)
+        ensure_required_rubygems_version_met(newest.spec)
       else
         newest = found_matching_metadata
       end

data/lib/rubygems/safe_yaml.rb

@@ -24,33 +24,33 @@ module Gem
       runtime
     ].freeze
 
-    if ::YAML.respond_to? :safe_load
+    if ::Psych.respond_to? :safe_load
       def self.safe_load(input)
         if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
-          ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
+          ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
         else
-          ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
+          ::Psych.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
         end
       end
 
       def self.load(input)
         if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
-          ::YAML.safe_load(input, permitted_classes: [::Symbol])
+          ::Psych.safe_load(input, permitted_classes: [::Symbol])
         else
-          ::YAML.safe_load(input, [::Symbol])
+          ::Psych.safe_load(input, [::Symbol])
         end
       end
     else
       unless Gem::Deprecate.skip
-        warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+        warn "Psych safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
       end
 
       def self.safe_load(input, *args)
-        ::YAML.load input
+        ::Psych.load input
       end
 
       def self.load(input)
-        ::YAML.load input
+        ::Psych.load input
       end
     end
   end

data/lib/rubygems/security.rb

@@ -261,7 +261,7 @@ require_relative 'openssl'
 # 2. Grab the public key from the gemspec
 #
 #      gem spec some_signed_gem-1.0.gem cert_chain | \
-#        ruby -ryaml -e 'puts YAML.load($stdin)' > public_key.crt
+#        ruby -rpsych -e 'puts Psych.load($stdin)' > public_key.crt
 #
 # 3. Generate a SHA1 hash of the data.tar.gz
 #

data/lib/rubygems/specification.rb

@@ -225,7 +225,7 @@ class Gem::Specification < Gem::BasicSpecification
   attr_reader :version
 
   ##
-  # A short summary of this gem's description.  Displayed in `gem list -d`.
+  # A short summary of this gem's description.  Displayed in <tt>gem list -d</tt>.
   #
   # The #description should be more detailed than the summary.
   #
@@ -271,7 +271,7 @@ class Gem::Specification < Gem::BasicSpecification
   # A list of authors for this gem.
   #
   # Alternatively, a single author can be specified by assigning a string to
-  # `spec.author`
+  # +spec.author+
   #
   # Usage:
   #
@@ -1279,10 +1279,10 @@ class Gem::Specification < Gem::BasicSpecification
       raise TypeError, "invalid Gem::Specification format #{array.inspect}"
     end
 
-    # Cleanup any YAML::PrivateType. They only show up for an old bug
+    # Cleanup any Psych::PrivateType. They only show up for an old bug
     # where nil => null, so just convert them to nil based on the type.
 
-    array.map! {|e| e.kind_of?(YAML::PrivateType) ? nil : e }
+    array.map! {|e| e.kind_of?(Psych::PrivateType) ? nil : e }
 
     spec.instance_variable_set :@rubygems_version,          array[0]
     # spec version

data/lib/rubygems/stub_specification.rb

@@ -190,9 +190,6 @@ class Gem::StubSpecification < Gem::BasicSpecification
               end
 
     @spec ||= Gem::Specification.load(loaded_from)
-    @spec.ignored = @ignored if @spec
-
-    @spec
   end
 
   ##

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = "3.3.4".freeze
+  VERSION = "3.3.5".freeze
 end
 
 # Must be first since it unloads the prelude from 1.9.2
@@ -606,17 +606,10 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
   def self.load_yaml
     return if @yaml_loaded
 
-    begin
-      # Try requiring the gem version *or* stdlib version of psych.
-      require 'psych'
-    rescue ::LoadError
-      # If we can't load psych, that's fine, go on.
-    else
-      require_relative 'rubygems/psych_additions'
-      require_relative 'rubygems/psych_tree'
-    end
+    require 'psych'
+    require_relative 'rubygems/psych_additions'
+    require_relative 'rubygems/psych_tree'
 
-    require 'yaml'
     require_relative 'rubygems/safe_yaml'
 
     @yaml_loaded = true

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.3.4"
+  s.version = "3.3.5"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/helper.rb

@@ -685,10 +685,10 @@ class Gem::TestCase < Test::Unit::TestCase
   # Load a YAML string, the psych 3 way
 
   def load_yaml(yaml)
-    if YAML.respond_to?(:unsafe_load)
-      YAML.unsafe_load(yaml)
+    if Psych.respond_to?(:unsafe_load)
+      Psych.unsafe_load(yaml)
     else
-      YAML.load(yaml)
+      Psych.load(yaml)
     end
   end
 
@@ -696,10 +696,10 @@ class Gem::TestCase < Test::Unit::TestCase
   # Load a YAML file, the psych 3 way
 
   def load_yaml_file(file)
-    if YAML.respond_to?(:unsafe_load_file)
-      YAML.unsafe_load_file(file)
+    if Psych.respond_to?(:unsafe_load_file)
+      Psych.unsafe_load_file(file)
     else
-      YAML.load_file(file)
+      Psych.load_file(file)
     end
   end
 

data/test/rubygems/test_gem_commands_fetch_command.rb

@@ -157,4 +157,101 @@ class TestGemCommandsFetchCommand < Gem::TestCase
     assert_path_exist(File.join(@tempdir, a1.file_name),
                        "#{a1.full_name} not fetched")
   end
+
+  def test_execute_version_specified_by_colon
+    specs = spec_fetcher do |fetcher|
+      fetcher.gem 'a', 1
+    end
+
+    @cmd.options[:args] = %w[a:1]
+
+    use_ui @ui do
+      Dir.chdir @tempdir do
+        @cmd.execute
+      end
+    end
+
+    a1 = specs['a-1']
+
+    assert_path_exist(File.join(@tempdir, a1.file_name),
+                       "#{a1.full_name} not fetched")
+  end
+
+  def test_execute_two_version
+    @cmd.options[:args] = %w[a b]
+    @cmd.options[:version] = Gem::Requirement.new '1'
+
+    use_ui @ui do
+      assert_raise Gem::MockGemUi::TermError, @ui.error do
+        @cmd.execute
+      end
+    end
+
+    msg = "ERROR:  Can't use --version with multiple gems. You can specify multiple gems with" \
+      " version requirements using `gem fetch 'my_gem:1.0.0' 'my_other_gem:~>2.0.0'`"
+
+    assert_empty @ui.output
+    assert_equal msg, @ui.error.chomp
+  end
+
+  def test_execute_two_version_specified_by_colon
+    specs = spec_fetcher do |fetcher|
+      fetcher.gem 'a', 1
+      fetcher.gem 'b', 1
+    end
+
+    @cmd.options[:args] = %w[a:1 b:1]
+
+    use_ui @ui do
+      Dir.chdir @tempdir do
+        @cmd.execute
+      end
+    end
+
+    a1 = specs['a-1']
+    b1 = specs['b-1']
+
+    assert_path_exist(File.join(@tempdir, a1.file_name),
+                       "#{a1.full_name} not fetched")
+    assert_path_exist(File.join(@tempdir, b1.file_name),
+                       "#{b1.full_name} not fetched")
+  end
+
+  def test_execute_version_nonexistent
+    spec_fetcher do |fetcher|
+      fetcher.spec 'foo', 1
+    end
+
+    @cmd.options[:args] = %w[foo:2]
+
+    use_ui @ui do
+      @cmd.execute
+    end
+
+    expected = <<-EXPECTED
+ERROR:  Could not find a valid gem 'foo' (2) in any repository
+ERROR:  Possible alternatives: foo
+    EXPECTED
+
+    assert_equal expected, @ui.error
+  end
+
+  def test_execute_nonexistent_hint_disabled
+    spec_fetcher do |fetcher|
+      fetcher.spec 'foo', 1
+    end
+
+    @cmd.options[:args] = %w[foo:2]
+    @cmd.options[:suggest_alternate] = false
+
+    use_ui @ui do
+      @cmd.execute
+    end
+
+    expected = <<-EXPECTED
+ERROR:  Could not find a valid gem 'foo' (2) in any repository
+    EXPECTED
+
+    assert_equal expected, @ui.error
+  end
 end

data/test/rubygems/test_gem_commands_install_command.rb

@@ -277,6 +277,22 @@ ERROR:  Could not find a valid gem 'bar' (= 0.5) (required by 'foo' (>= 0)) in a
     assert_match(/ould not find a valid gem 'nonexistent'/, @ui.error)
   end
 
+  def test_execute_nonexistent_force
+    spec_fetcher
+
+    @cmd.options[:args] = %w[nonexistent]
+    @cmd.options[:force] = true
+
+    use_ui @ui do
+      e = assert_raise Gem::MockGemUi::TermError do
+        @cmd.execute
+      end
+      assert_equal 2, e.exit_code
+    end
+
+    assert_match(/ould not find a valid gem 'nonexistent'/, @ui.error)
+  end
+
   def test_execute_dependency_nonexistent
     spec_fetcher do |fetcher|
       fetcher.spec 'foo', 2, 'bar' => '0.5'

data/test/rubygems/test_gem_package.rb

@@ -822,7 +822,7 @@ class TestGemPackage < Gem::Package::TarTestCase
       }
       tar.add_file 'checksums.yaml.gz', 0444 do |io|
         Zlib::GzipWriter.wrap io do |gz_io|
-          gz_io.write YAML.dump bogus_checksums
+          gz_io.write Psych.dump bogus_checksums
         end
       end
     end
@@ -868,7 +868,7 @@ class TestGemPackage < Gem::Package::TarTestCase
 
       tar.add_file 'checksums.yaml.gz', 0444 do |io|
         Zlib::GzipWriter.wrap io do |gz_io|
-          gz_io.write YAML.dump checksums
+          gz_io.write Psych.dump checksums
         end
       end
 

data/test/rubygems/test_gem_stub_specification.rb

@@ -180,22 +180,6 @@ class TestStubSpecification < Gem::TestCase
     assert bar.to_spec
   end
 
-  def test_to_spec_activated
-    assert @foo.to_spec.is_a?(Gem::Specification)
-    assert_equal "foo", @foo.to_spec.name
-    refute @foo.to_spec.instance_variable_get :@ignored
-  end
-
-  def test_to_spec_missing_extensions
-    stub = stub_with_extension
-
-    capture_output do
-      stub.contains_requirable_file? 'nonexistent'
-    end
-
-    assert stub.to_spec.instance_variable_get :@ignored
-  end
-
   def stub_with_version
     spec = File.join @gemhome, 'specifications', 'stub_e-2.gemspec'
     File.open spec, 'w' do |io|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 3.3.4
+  version: 3.3.5
 platform: ruby
 authors:
 - Jim Weirich
@@ -16,7 +16,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-29 00:00:00.000000000 Z
+date: 2022-01-12 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A package (also known as a library) contains a set of functionality
@@ -804,7 +804,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.4
+rubygems_version: 3.3.5
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby.