rubygems-update 4.0.7 → 4.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd74ce9ba4fda49012edabc1f3ac73712a3d4e5cac0a0093731b71dbfe5c7e0e
-  data.tar.gz: 513137267bce8b486aa2b239c05ddfa7f0a85c5bc3a2a495e9a8e50a179f51f3
+  metadata.gz: 5f238fb097512e0240397998ccc336ee348bedcf0618f1968a60e41272d77539
+  data.tar.gz: 0e9260dd18ac27c9bcea0d941a5b179a66a7626f4300ee02eab89dd7ecfa9a44
 SHA512:
-  metadata.gz: c2c8b03826b7117d507149efd79904e4bf6028da39569dfd2e4a7301a1273064d2069e89c22adee81b1c2b80804f1a23cc635154df0d0f42467c5a83f44e2508
-  data.tar.gz: 0517c93d395ef01d37f9f3375ed5c93a11836b8dc1adec94c01181fe7f14243ef517a840f0692c33b04c8c963007556604d955aee5d5a3ebaf72fdc0224107bc
+  metadata.gz: 0136f709eb566f26bffa87d5c7c87b1ee62e6310c66a5f174f65591f46eb7a26aeafeaf244934be67d91d6263e2d66368256b44f97a6f92cda8c269561bfcb6c
+  data.tar.gz: 8d87a706aad6a67bfdd877103e4aa2e0e021d217dbdf57f41cde9e1c0fcda6a7f53a50f98fef5bd2d471ac90f2e1fa0f64622a79023476510ea339b46c05d945

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## 4.0.8 / 2026-03-11
+
+### Enhancements:
+
+* Use JSON for cargo metadata parsing. Pull request
+  [#9373](https://github.com/ruby/rubygems/pull/9373) by hsbt
+* Fix NameError in Gem::Request.get_proxy_from_env when requiring
+  rubygems/request directly. Pull request
+  [#9362](https://github.com/ruby/rubygems/pull/9362) by afurm
+* Installs bundler 4.0.8 as a default gem.
+
+### Documentation:
+
+* Unify Compact Index API naming. Pull request
+  [#9372](https://github.com/ruby/rubygems/pull/9372) by simi
+
 ## 4.0.7 / 2026-02-25
 
 ### Enhancements:

data/bundler/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 4.0.8 (2026-03-11)
+
+### Enhancements:
+
+  - Add a new Bundler config to control how many specs are fetched [#9363](https://github.com/ruby/rubygems/pull/9363)
+  - Restrict GitHub Actions workflow permissions for newgem [#9361](https://github.com/ruby/rubygems/pull/9361)
+
+### Bug fixes:
+
+  - Fix plugin new version not registering [#9355](https://github.com/ruby/rubygems/pull/9355)
+
 ## 4.0.7 (2026-02-25)
 
 ### Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2026-02-25".freeze
-    @git_commit_sha = "049c458564".freeze
+    @built_at = "2026-03-11".freeze
+    @git_commit_sha = "1a32b76b73".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/bundler/lib/bundler/fetcher/dependency.rb

@@ -50,7 +50,7 @@ module Bundler
 
       def unmarshalled_dep_gems(gem_names)
         gem_list = []
-        gem_names.each_slice(Source::Rubygems::API_REQUEST_SIZE) do |names|
+        gem_names.each_slice(api_request_size) do |names|
           marshalled_deps = downloader.fetch(dependency_api_uri(names)).body
           gem_list.concat(Bundler.safe_load_marshal(marshalled_deps))
         end
@@ -74,6 +74,12 @@ module Bundler
         uri.query = "gems=#{CGI.escape(gem_names.sort.join(","))}" if gem_names.any?
         uri
       end
+
+      private
+
+      def api_request_size
+        Bundler.settings[:api_request_size]&.to_i || Source::Rubygems::API_REQUEST_SIZE
+      end
     end
   end
 end

data/bundler/lib/bundler/man/bundle-add.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ADD" "1" "February 2026" ""
+.TH "BUNDLE\-ADD" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-binstubs.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-BINSTUBS" "1" "February 2026" ""
+.TH "BUNDLE\-BINSTUBS" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-cache.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CACHE" "1" "February 2026" ""
+.TH "BUNDLE\-CACHE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-check.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CHECK" "1" "February 2026" ""
+.TH "BUNDLE\-CHECK" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-clean.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CLEAN" "1" "February 2026" ""
+.TH "BUNDLE\-CLEAN" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-config.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CONFIG" "1" "February 2026" ""
+.TH "BUNDLE\-CONFIG" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
 .SH "SYNOPSIS"
@@ -70,6 +70,9 @@ Any periods in the configuration keys must be replaced with two underscores when
 .SH "LIST OF AVAILABLE KEYS"
 The following is a list of all configuration keys and their purpose\. You can learn more about their operation in bundle install(1) \fIbundle\-install\.1\.html\fR\.
 .TP
+\fBapi_request_size\fR (\fBBUNDLE_API_REQUEST_SIZE\fR)
+Configure how many dependencies to fetch when resolving the specifications\. This configuration is only used when fetchig specifications from RubyGems servers that didn't implement the Compact Index API\. Defaults to 100\.
+.TP
 \fBauto_install\fR (\fBBUNDLE_AUTO_INSTALL\fR)
 Automatically run \fBbundle install\fR when gems are missing\.
 .TP

data/bundler/lib/bundler/man/bundle-config.1.ronn

@@ -106,6 +106,11 @@ the environment variable `BUNDLE_LOCAL__RACK`.
 The following is a list of all configuration keys and their purpose. You can
 learn more about their operation in [bundle install(1)](bundle-install.1.html).
 
+* `api_request_size` (`BUNDLE_API_REQUEST_SIZE`):
+   Configure how many dependencies to fetch when resolving the specifications.
+   This configuration is only used when fetchig specifications from RubyGems
+   servers that didn't implement the Compact Index API.
+   Defaults to 100.
 * `auto_install` (`BUNDLE_AUTO_INSTALL`):
    Automatically run `bundle install` when gems are missing.
 * `bin` (`BUNDLE_BIN`):

data/bundler/lib/bundler/man/bundle-console.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CONSOLE" "1" "February 2026" ""
+.TH "BUNDLE\-CONSOLE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-console\fR \- Open an IRB session with the bundle pre\-loaded
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-doctor.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-DOCTOR" "1" "February 2026" ""
+.TH "BUNDLE\-DOCTOR" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-env.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ENV" "1" "February 2026" ""
+.TH "BUNDLE\-ENV" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-env\fR \- Print information about the environment Bundler is running under
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-exec.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-EXEC" "1" "February 2026" ""
+.TH "BUNDLE\-EXEC" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-fund.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-FUND" "1" "February 2026" ""
+.TH "BUNDLE\-FUND" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-fund\fR \- Lists information about gems seeking funding assistance
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-gem.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-GEM" "1" "February 2026" ""
+.TH "BUNDLE\-GEM" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-help.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-HELP" "1" "February 2026" ""
+.TH "BUNDLE\-HELP" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-help\fR \- Displays detailed help for each subcommand
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-info.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INFO" "1" "February 2026" ""
+.TH "BUNDLE\-INFO" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-info\fR \- Show information for the given gem in your bundle
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-init.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INIT" "1" "February 2026" ""
+.TH "BUNDLE\-INIT" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-init\fR \- Generates a Gemfile into the current working directory
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-install.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INSTALL" "1" "February 2026" ""
+.TH "BUNDLE\-INSTALL" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-issue.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ISSUE" "1" "February 2026" ""
+.TH "BUNDLE\-ISSUE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-issue\fR \- Get help reporting Bundler issues
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-licenses.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LICENSES" "1" "February 2026" ""
+.TH "BUNDLE\-LICENSES" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-licenses\fR \- Print the license of all gems in the bundle
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-list.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LIST" "1" "February 2026" ""
+.TH "BUNDLE\-LIST" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-lock.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LOCK" "1" "February 2026" ""
+.TH "BUNDLE\-LOCK" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-open.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-OPEN" "1" "February 2026" ""
+.TH "BUNDLE\-OPEN" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-outdated.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-OUTDATED" "1" "February 2026" ""
+.TH "BUNDLE\-OUTDATED" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-platform.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PLATFORM" "1" "February 2026" ""
+.TH "BUNDLE\-PLATFORM" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-plugin.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PLUGIN" "1" "February 2026" ""
+.TH "BUNDLE\-PLUGIN" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-plugin\fR \- Manage Bundler plugins
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-pristine.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PRISTINE" "1" "February 2026" ""
+.TH "BUNDLE\-PRISTINE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-remove.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-REMOVE" "1" "February 2026" ""
+.TH "BUNDLE\-REMOVE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-show.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-SHOW" "1" "February 2026" ""
+.TH "BUNDLE\-SHOW" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-update.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-UPDATE" "1" "February 2026" ""
+.TH "BUNDLE\-UPDATE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle-version.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-VERSION" "1" "February 2026" ""
+.TH "BUNDLE\-VERSION" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\-version\fR \- Prints Bundler version information
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/bundle.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE" "1" "February 2026" ""
+.TH "BUNDLE" "1" "March 2026" ""
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management
 .SH "SYNOPSIS"

data/bundler/lib/bundler/man/gemfile.5

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "GEMFILE" "5" "February 2026" ""
+.TH "GEMFILE" "5" "March 2026" ""
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
 .SH "SYNOPSIS"

data/bundler/lib/bundler/plugin/index.rb

@@ -119,6 +119,12 @@ module Bundler
         @plugin_paths[name]
       end
 
+      def up_to_date?(spec)
+        path = installed?(spec.name)
+
+        path == spec.full_gem_path
+      end
+
       def installed_plugins
         @plugin_paths.keys
       end

data/bundler/lib/bundler/plugin.rb

@@ -113,7 +113,7 @@ module Bundler
 
         return if definition.dependencies.empty?
 
-        plugins = definition.dependencies.map(&:name).reject {|p| index.installed? p }
+        plugins = definition.dependencies.map(&:name)
         installed_specs = Installer.new.install_definition(definition)
 
         save_plugins plugins, installed_specs, builder.inferred_plugins
@@ -258,7 +258,7 @@ module Bundler
         # It's possible that the `plugin` found in the Gemfile don't appear in the specs. For instance when
         # calling `BUNDLE_WITHOUT=default bundle install`, the plugins will not get installed.
         next if spec.nil?
-        next if index.installed?(name)
+        next if index.up_to_date?(spec)
 
         save_plugin(name, spec, optional_plugins.include?(name))
       end

data/bundler/lib/bundler/templates/newgem/github/workflows/build-gems.yml.tt

@@ -8,6 +8,10 @@ on:
       - "cross-gem/*"
   workflow_dispatch:
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   ci-data:
     runs-on: ubuntu-latest
@@ -25,7 +29,7 @@ jobs:
   source-gem:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - uses: ruby/setup-ruby@v1
         with:
@@ -34,7 +38,7 @@ jobs:
       - name: Build gem
         run: bundle exec rake build
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v7
         with:
           name: source-gem
           path: pkg/*.gem
@@ -47,7 +51,7 @@ jobs:
       matrix:
         platform: ${{ fromJSON(needs.ci-data.outputs.result).supported-ruby-platforms }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - uses: ruby/setup-ruby@v1
         with:
@@ -59,7 +63,7 @@ jobs:
           platform: ${{ matrix.platform }}
           ruby-versions: ${{ join(fromJSON(needs.ci-data.outputs.result).stable-ruby-versions, ',') }}
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v7
         with:
           name: cross-gem
           path: ${{ steps.cross-gem.outputs.gem-path }}

data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt

@@ -7,6 +7,9 @@ on:
 
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -17,7 +20,7 @@ jobs:
           - '<%= RUBY_VERSION %>'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 <%- if config[:ext] == 'rust' -%>

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.7".freeze
+  VERSION = "4.0.8".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

data/lib/rubygems/ext/cargo_builder.rb

@@ -227,10 +227,9 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
       raise Gem::InstallError, "cargo metadata failed#{exit_reason}"
     end
 
-    # cargo metadata output is specified as json, but with the
-    # --format-version 1 option the output is compatible with YAML, so we can
-    # avoid the json dependency
-    metadata = Gem::SafeYAML.safe_load(output)
+    # cargo metadata output is specified as json
+    require "json"
+    metadata = JSON.parse(output)
     package = metadata["packages"].find {|pkg| normalize_path(pkg["manifest_path"]) == manifest_path }
     unless package
       found = metadata["packages"].map {|md| "#{md["name"]} at #{md["manifest_path"]}" }

data/lib/rubygems/request.rb

@@ -2,6 +2,7 @@
 
 require_relative "vendored_net_http"
 require_relative "user_interaction"
+require_relative "uri_formatter"
 
 class Gem::Request
   extend Gem::UserInteraction

data/lib/rubygems/resolver/api_set.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
 ##
-# The global rubygems pool, available via the rubygems.org API.
+# The global rubygems pool, available via the Compact Index API.
 # Returns instances of APISpecification.
 
 class Gem::Resolver::APISet < Gem::Resolver::Set
   autoload :GemParser, File.expand_path("api_set/gem_parser", __dir__)
 
   ##
-  # The URI for the dependency API this APISet uses.
+  # The URI for the Compact Index API this APISet uses.
 
   attr_reader :dep_uri # :nodoc:
 
@@ -23,9 +23,9 @@ class Gem::Resolver::APISet < Gem::Resolver::Set
   attr_reader :uri
 
   ##
-  # Creates a new APISet that will retrieve gems from +uri+ using the RubyGems
-  # API URL +dep_uri+ which is described at
-  # https://guides.rubygems.org/rubygems-org-api
+  # Creates a new APISet that will retrieve gems from +uri+ using the Compact
+  # Index API URL +dep_uri+ which is described at
+  # https://guides.rubygems.org/rubygems-org-compact-index-api
 
   def initialize(dep_uri = "https://index.rubygems.org/info/")
     super()

data/lib/rubygems/resolver/api_specification.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 ##
-# Represents a specification retrieved via the rubygems.org API.
+# Represents a specification retrieved via the Compact Index API.
 #
 # This is used to avoid loading the full Specification object when all we need
 # is the name, version, and dependencies.
@@ -19,10 +19,10 @@ class Gem::Resolver::APISpecification < Gem::Resolver::Specification
   end
 
   ##
-  # Creates an APISpecification for the given +set+ from the rubygems.org
+  # Creates an APISpecification for the given +set+ from the Compact Index API
   # +api_data+.
   #
-  # See https://guides.rubygems.org/rubygems-org-api/#misc-methods for the
+  # See https://guides.rubygems.org/rubygems-org-compact-index-api for the
   # format of the +api_data+.
 
   def initialize(set, api_data)

data/lib/rubygems/source.rb

@@ -5,7 +5,7 @@ require_relative "text"
 # A Source knows how to list and fetch gems from a RubyGems marshal index.
 #
 # There are other Source subclasses for installed gems, local gems, the
-# bundler dependency API and so-forth.
+# Compact Index API and so-forth.
 
 class Gem::Source
   include Comparable

data/lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "4.0.7"
+  VERSION = "4.0.8"
 end
 
 require_relative "rubygems/defaults"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 4.0.7
+  version: 4.0.8
 platform: ruby
 authors:
 - Jim Weirich