rubygems-update 4.0.11 → 4.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '096dab65b2e989b2033cbf8aff7d547855316525f62a0303db2a78c936913ae1'
-  data.tar.gz: ccaf6e838015f6379612821a3b5d9302191602c43e6ce638e85f6698f5e07f50
+  metadata.gz: 7d207eaa8ea0c17596ba6919cee2053ab7044e1a33c1928e61887a06b2a74700
+  data.tar.gz: 83258ebcc931736a81fc787b12ea9e8f6ecbc20973230ac542326dff6c8e1ae6
 SHA512:
-  metadata.gz: 93585d30c81cd070091f3a36919bcc95d603824aef4d275ce76c203a2d827ff3418e7417fee889215f4fde8d96fe79faaa1b171386856127f8cbf4aaf3fce5c4
-  data.tar.gz: def8489db13223f31532db270f844add16fe82279f46b45fab175d7f7e8989a44300a814a750ebc69ee4851df48608ebf4e1e784edb1dd10534a572b92d06678
+  metadata.gz: fde24bf1c702d73c532d60c5bedff3e8876b6bf6200779abbdf0a959e96570fb9c8b0c3db27dbd4899a3b1db5f3d011c9255d9ab2c6df4c212a020a2290dcf45
+  data.tar.gz: 669918da9e6e3552a74057002a34f54a73c5aef7b0043f510578ae46ec6fb4ae40060a437aaed13c7de0e47f2fdc5ab9432315f0954a5c429ffff7381f1f93ee

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 4.0.12 / 2026-05-20
+
+### Enhancements:
+
+* Remove cygwin from WIN_PATTERNS. Pull request [#9527](https://github.com/ruby/rubygems/pull/9527) by fd00
+* Installs bundler 4.0.12 as a default gem.
+
+### Bug fixes:
+
+* Fall back to lockfile version when `BUNDLE_VERSION` is "lockfile". Pull request [#9545](https://github.com/ruby/rubygems/pull/9545) by hsbt
+* Read `BUNDLE_VERSION` env var in `BundlerVersionFinder`. Pull request [#9538](https://github.com/ruby/rubygems/pull/9538) by hsbt
+
 ## 4.0.11 / 2026-04-30
 
 ### Enhancements:

data/bundler/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## 4.0.12 / 2026-05-20
+
+### Enhancements:
+
+* Make `bundle config get` return status 1 when the value is not set. Pull request [#9505](https://github.com/ruby/rubygems/pull/9505) by willnet
+* Use Pathname#absolute?. Pull request [#9529](https://github.com/ruby/rubygems/pull/9529) by nobu
+* Deprecate parsing non-lockfile content in LockfileParser. Pull request [#9502](https://github.com/ruby/rubygems/pull/9502) by kurotaky
+* Print a warning for a potential confusion from the indirect dependencies. Pull request [#5029](https://github.com/ruby/rubygems/pull/5029) by junaruga
+* Respect Gemfile bundler setting in `Bundler.setup`. Pull request [#4892](https://github.com/ruby/rubygems/pull/4892) by godfat
+
+### Bug fixes:
+
+* Gracefully handle missing checksums in Compact Index. Pull request [#9492](https://github.com/ruby/rubygems/pull/9492) by jneen
+* Skip git source exclusion when lockfile cannot backfill. Pull request [#9544](https://github.com/ruby/rubygems/pull/9544) by yahonda
+* Fix bundle config gemfile unset behavior. Pull request [#9514](https://github.com/ruby/rubygems/pull/9514) by afurm
+
 ## 4.0.11 / 2026-04-30
 
 ### Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -5,7 +5,7 @@ module Bundler
   module BuildMetadata
     # begin ivars
     @built_at = nil
-    @git_commit_sha = "b7155a3865".freeze
+    @git_commit_sha = "665f998196".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/bundler/lib/bundler/cli/config.rb

@@ -87,16 +87,21 @@ module Bundler
 
         if value.nil?
           warn_unused_scope "Ignoring --#{scope} since no value to set was given"
+          current_value = Bundler.settings[name]
 
           if options[:parseable]
             if value = Bundler.settings[name]
               Bundler.ui.info("#{name}=#{value}")
             end
-            return
+          else
+            confirm(name)
           end
 
-          confirm(name)
-          return
+          if current_value.nil?
+            exit 1
+          else
+            return
+          end
         end
 
         Bundler.ui.info(message) if message

data/bundler/lib/bundler/cli.rb

@@ -61,18 +61,18 @@ module Bundler
 
       current_cmd = args.last[:current_command].name
 
-      custom_gemfile = options[:gemfile] || Bundler.settings[:gemfile]
-      if custom_gemfile && !custom_gemfile.empty?
-        Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
-        reset_settings = true
-      end
-
-      # lock --lockfile works differently than install --lockfile
-      unless current_cmd == "lock"
-        custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
-        if custom_lockfile && !custom_lockfile.empty?
-          Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
-          reset_settings = true
+      # `bundle config` manages stored settings, so avoid promoting settings
+      # like `gemfile` or `lockfile` to environment variables before it runs.
+      unless current_cmd == "config"
+        Bundler.configure_custom_gemfile(options[:gemfile])
+
+        # lock --lockfile works differently than install --lockfile
+        unless current_cmd == "lock"
+          custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
+          if custom_lockfile && !custom_lockfile.empty?
+            Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
+            reset_settings = true
+          end
         end
       end
 

data/bundler/lib/bundler/compact_index_client/parser.rb

@@ -71,7 +71,10 @@ module Bundler
       # This method gets called at least once for every gem when parsing versions.
       def parse_version_checksum(line, checksums)
         return unless (name_end = line.index(" ")) # Artifactory bug causes blank lines in artifactor index files
-        return unless (checksum_start = line.index(" ", name_end + 1) + 1)
+        checksum_start = line.index(" ", name_end + 1)
+        return unless checksum_start
+        checksum_start += 1
+
         checksum_end = line.size - checksum_start
 
         line.freeze # allows slicing into the string to not allocate a copy of the line

data/bundler/lib/bundler/definition.rb

@@ -783,7 +783,25 @@ module Bundler
     end
 
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
+      if sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
+        true
+      else
+        non_dependency_api_warning
+        false
+      end
+    end
+
+    def non_dependency_api_warning
+      non_api_sources = sources.non_global_rubygems_sources.reject(&:dependency_api_available?)
+      non_api_source_names = non_api_sources.map {|d| "  * #{d}" }.join("\n")
+
+      msg = String.new
+      msg << "Your Gemfile contains scoped sources that don't implement a dependency API, namely:\n\n"
+      msg << non_api_source_names
+      msg << "\n\nUsing the above gem servers may result in installing unexpected gems. " \
+        "To resolve this warning, make sure you use gem servers that implement dependency APIs, " \
+        "such as gemstash or geminabox gem servers."
+      Bundler.ui.warn msg
     end
 
     def current_platform_locked?
@@ -1159,16 +1177,20 @@ module Bundler
     def find_source_requirements
       preload_git_sources
 
+      # Only safe to exclude when locked_requirements (merged below) backfills the gap.
+      nothing_changed = nothing_changed?
+      excluded = nothing_changed ? excluded_git_sources : []
+
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
-        all_requirements = source_map.all_requirements(excluded_git_sources)
+        all_requirements = source_map.all_requirements(excluded)
         { default: default_source }.merge(all_requirements)
       else
-        { default: Source::RubygemsAggregate.new(sources, source_map, excluded_git_sources) }.merge(source_map.direct_requirements)
+        { default: Source::RubygemsAggregate.new(sources, source_map, excluded) }.merge(source_map.direct_requirements)
       end
-      source_requirements.merge!(source_map.locked_requirements) if nothing_changed?
+      source_requirements.merge!(source_map.locked_requirements) if nothing_changed
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end

data/bundler/lib/bundler/lockfile_parser.rb

@@ -115,6 +115,17 @@ module Bundler
           "Run `git checkout HEAD -- #{@lockfile_path}` first to get a clean lock."
       end
 
+      @valid = lockfile.strip.empty? ||
+               lockfile.split(/(?:\r?\n)+/).any? {|l| KNOWN_SECTIONS.include?(l) }
+
+      unless @valid
+        SharedHelpers.feature_deprecated!(
+          "Your #{@lockfile_path} does not appear to be a valid lockfile. " \
+          "Run `rm #{@lockfile_path}` and then `bundle install` to generate a new lockfile. " \
+          "This will raise a LockfileError in a future version of Bundler."
+        )
+      end
+
       lockfile.split(/((?:\r?\n)+)/) do |line|
         # split alternates between the line and the following whitespace
         next @pos.advance!(line) if line.match?(/^\s*$/)
@@ -164,6 +175,10 @@ module Bundler
       bundler_version.nil? || bundler_version < Gem::Version.new("1.16.2")
     end
 
+    def valid?
+      @valid
+    end
+
     private
 
     TYPES = {

data/bundler/lib/bundler/source/path.rb

@@ -220,10 +220,11 @@ module Bundler
         # Some gem authors put absolute paths in their gemspec
         # and we have to save them from themselves
         spec.files = spec.files.filter_map do |path|
-          next path unless /\A#{Pathname::SEPARATOR_PAT}/o.match?(path)
+          pathname = Pathname.new(path)
+          next path unless pathname.absolute?
           next if File.directory?(path)
           begin
-            Pathname.new(path).relative_path_from(gem_dir).to_s
+            pathname.relative_path_from(gem_dir).to_s
           rescue ArgumentError
             path
           end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.11".freeze
+  VERSION = "4.0.12".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

data/bundler/lib/bundler.rb

@@ -156,6 +156,7 @@ module Bundler
       # Return if all groups are already loaded
       return @setup if defined?(@setup) && @setup
 
+      configure_custom_gemfile
       definition.validate_runtime!
 
       SharedHelpers.print_major_deprecations!
@@ -586,6 +587,15 @@ module Bundler
       Bundler.rubygems.clear_paths
     end
 
+    def configure_custom_gemfile(custom_gemfile = nil)
+      custom_gemfile ||= Bundler.settings[:gemfile]
+
+      if custom_gemfile && !custom_gemfile.empty?
+        Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
+        reset_settings_and_root!
+      end
+    end
+
     def self_manager
       @self_manager ||= begin
                           require_relative "bundler/self_manager"

data/lib/rubygems/bundler_version_finder.rb

@@ -2,7 +2,8 @@
 
 module Gem::BundlerVersionFinder
   def self.bundler_version
-    return if bundle_config_version == "system"
+    bcv = bundle_config_version
+    return if bcv == "system"
 
     v = ENV["BUNDLER_VERSION"]
     v = nil if v&.empty?
@@ -10,7 +11,7 @@ module Gem::BundlerVersionFinder
     v ||= bundle_update_bundler_version
     return if v == true
 
-    v ||= bundle_config_version
+    v ||= bcv unless bcv == "lockfile"
 
     v ||= lockfile_version
     return unless v
@@ -70,6 +71,9 @@ module Gem::BundlerVersionFinder
   private_class_method :lockfile_contents
 
   def self.bundle_config_version
+    env_version = ENV["BUNDLE_VERSION"]
+    return env_version if env_version && !env_version.empty?
+
     version = nil
 
     [bundler_local_config_file, bundler_global_config_file].each do |config_file|

data/lib/rubygems/win_platform.rb

@@ -8,7 +8,6 @@ module Gem
 
   WIN_PATTERNS = [
     /bccwin/i,
-    /cygwin/i,
     /djgpp/i,
     /mingw/i,
     /mswin/i,

data/lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "4.0.11"
+  VERSION = "4.0.12"
 end
 
 require_relative "rubygems/defaults"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 4.0.11
+  version: 4.0.12
 platform: ruby
 authors:
 - Jim Weirich
@@ -724,7 +724,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.10
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby. This gem is downloaded
   and installed by `gem update --system`, so that the `gem` CLI can update itself.