rubygems-update 4.0.8 → 4.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f238fb097512e0240397998ccc336ee348bedcf0618f1968a60e41272d77539
-  data.tar.gz: 0e9260dd18ac27c9bcea0d941a5b179a66a7626f4300ee02eab89dd7ecfa9a44
+  metadata.gz: 83f0e21ae1b782d7223eeef031d3e934a1418acd8c25d45f57ab1aaae1974399
+  data.tar.gz: 1a2f70f09a5f83ade52b6b414566d155058ac7143a86e1c52f1fe72caf1b738f
 SHA512:
-  metadata.gz: 0136f709eb566f26bffa87d5c7c87b1ee62e6310c66a5f174f65591f46eb7a26aeafeaf244934be67d91d6263e2d66368256b44f97a6f92cda8c269561bfcb6c
-  data.tar.gz: 8d87a706aad6a67bfdd877103e4aa2e0e021d217dbdf57f41cde9e1c0fcda6a7f53a50f98fef5bd2d471ac90f2e1fa0f64622a79023476510ea339b46c05d945
+  metadata.gz: 1fdb7b4a286c354a34e07f4226019fd0bb20eed57bb5cec941096d1263fde3fcd116c26206021b954a27477f329d324cfeb868462625c67131c3fae023ebbedd
+  data.tar.gz: 02ad6fca35638236ffee0c971d15702a33ec632998c88af3dc914b612f2bee1a7e191405dbbe2376ccbbc1b020bf6a692dd3c1ff81cf4c582190e2d523f4ae8c

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## 4.0.9 / 2026-03-25
+
+### Enhancements:
+
+* Fix: include owner role in `gem owner`. Pull request [#9403](https://github.com/ruby/rubygems/pull/9403) by gjtorikian
+* Installs bundler 4.0.9 as a default gem.
+
+### Bug fixes:
+
+* Fix: Ensure trailing slash is added to source URIs added via gem sources. Pull request [#9055](https://github.com/ruby/rubygems/pull/9055) by zirni
+
+### Documentation:
+
+* [DOC] Fix link. Pull request [#9409](https://github.com/ruby/rubygems/pull/9409) by BurdetteLamar
+
 ## 4.0.8 / 2026-03-11
 
 ### Enhancements:

data/bundler/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 4.0.9 / 2026-03-25
+
+### Enhancements:
+
+* Check the git version only **once** per `bundle install`. Pull request [#9406](https://github.com/ruby/rubygems/pull/9406) by Edouard-chin
+* Normalize the number of workers when performing parallel operations. Pull request [#9400](https://github.com/ruby/rubygems/pull/9400) by Edouard-chin
+* Add exponential backoff to bundler retries. Pull request [#9163](https://github.com/ruby/rubygems/pull/9163) by ChrisBr
+* Introduce a priority queue. Pull request [#9389](https://github.com/ruby/rubygems/pull/9389) by Edouard-chin
+* Split the download and install process of a gem. Pull request [#9381](https://github.com/ruby/rubygems/pull/9381) by Edouard-chin
+
+### Bug fixes:
+
+* Retry git fetch without --depth for dumb HTTP transport. Pull request [#9405](https://github.com/ruby/rubygems/pull/9405) by hsbt
+
 ## 4.0.8 (2026-03-11)
 
 ### Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2026-03-11".freeze
-    @git_commit_sha = "1a32b76b73".freeze
+    @built_at = nil
+    @git_commit_sha = "3ce4a32411".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/bundler/lib/bundler/cli/pristine.rb

@@ -53,7 +53,7 @@ module Bundler
           true
         end.map(&:name)
 
-        jobs = installer.send(:installation_parallelization)
+        jobs = Bundler.settings.installation_parallelization
         pristine_count = definition.specs.count - installed_specs.count
         # allow a pristining a single gem to skip the parallel worker
         jobs = [jobs, pristine_count].min

data/bundler/lib/bundler/definition.rb

@@ -1122,7 +1122,9 @@ module Bundler
     end
 
     def preload_git_source_worker
-      @preload_git_source_worker ||= Bundler::Worker.new(5, "Git source preloading", ->(source, _) { source.specs })
+      workers = Bundler.settings.installation_parallelization
+
+      @preload_git_source_worker ||= Bundler::Worker.new(workers, "Git source preloading", ->(source, _) { source.specs })
     end
 
     def preload_git_sources

data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb

@@ -8,7 +8,7 @@ module Bundler
       def initialize(*)
         super
 
-        @pool_size = 5
+        @pool_size = Bundler.settings.installation_parallelization
       end
 
       def request(*args)

data/bundler/lib/bundler/installer/gem_installer.rb

@@ -25,6 +25,20 @@ module Bundler
       [false, specific_failure_message(e)]
     end
 
+    def download
+      spec.source.download(
+        spec,
+        force: force,
+        local: local,
+        build_args: Array(spec_settings),
+        previous_spec: previous_spec,
+      )
+
+      [true, nil]
+    rescue Bundler::BundlerError => e
+      [false, specific_failure_message(e)]
+    end
+
     private
 
     def specific_failure_message(e)

data/bundler/lib/bundler/installer/parallel_installer.rb

@@ -24,6 +24,10 @@ module Bundler
         state == :enqueued
       end
 
+      def enqueue_with_priority?
+        state == :installable && spec.extensions.any?
+      end
+
       def failed?
         state == :failed
       end
@@ -32,6 +36,12 @@ module Bundler
         state == :none
       end
 
+      def ready_to_install?(installed_specs)
+        return false unless state == :downloaded
+
+        spec.extensions.none? || dependencies_installed?(installed_specs)
+      end
+
       def has_post_install_message?
         !post_install_message.empty?
       end
@@ -84,6 +94,7 @@ module Bundler
 
     def call
       if @rake
+        do_download(@rake, 0)
         do_install(@rake, 0)
         Gem::Specification.reset
       end
@@ -107,26 +118,54 @@ module Bundler
     end
 
     def install_with_worker
-      enqueue_specs
-      process_specs until finished_installing?
+      installed_specs = {}
+      enqueue_specs(installed_specs)
+
+      process_specs(installed_specs) until finished_installing?
     end
 
     def install_serially
       until finished_installing?
         raise "failed to find a spec to enqueue while installing serially" unless spec_install = @specs.find(&:ready_to_enqueue?)
         spec_install.state = :enqueued
+        do_download(spec_install, 0)
         do_install(spec_install, 0)
       end
     end
 
     def worker_pool
       @worker_pool ||= Bundler::Worker.new @size, "Parallel Installer", lambda {|spec_install, worker_num|
-        do_install(spec_install, worker_num)
+        case spec_install.state
+        when :enqueued
+          do_download(spec_install, worker_num)
+        when :installable
+          do_install(spec_install, worker_num)
+        else
+          spec_install
+        end
       }
     end
 
-    def do_install(spec_install, worker_num)
+    def do_download(spec_install, worker_num)
       Plugin.hook(Plugin::Events::GEM_BEFORE_INSTALL, spec_install)
+
+      gem_installer = Bundler::GemInstaller.new(
+        spec_install.spec, @installer, @standalone, worker_num, @force, @local
+      )
+
+      success, message = gem_installer.download
+
+      if success
+        spec_install.state = :downloaded
+      else
+        spec_install.error = "#{message}\n\n#{require_tree_for_spec(spec_install.spec)}"
+        spec_install.state = :failed
+      end
+
+      spec_install
+    end
+
+    def do_install(spec_install, worker_num)
       gem_installer = Bundler::GemInstaller.new(
         spec_install.spec, @installer, @standalone, worker_num, @force, @local
       )
@@ -147,9 +186,19 @@ module Bundler
     # Some specs might've had to wait til this spec was installed to be
     # processed so the call to `enqueue_specs` is important after every
     # dequeue.
-    def process_specs
-      worker_pool.deq
-      enqueue_specs
+    def process_specs(installed_specs)
+      spec = worker_pool.deq
+
+      if spec.installed?
+        installed_specs[spec.name] = true
+        return
+      elsif spec.failed?
+        return
+      elsif spec.ready_to_install?(installed_specs)
+        spec.state = :installable
+      end
+
+      worker_pool.enq(spec, priority: spec.enqueue_with_priority?)
     end
 
     def finished_installing?
@@ -185,18 +234,15 @@ module Bundler
     # Later we call this lambda again to install specs that depended on
     # previously installed specifications. We continue until all specs
     # are installed.
-    def enqueue_specs
-      installed_specs = {}
-      @specs.each do |spec|
-        next unless spec.installed?
-        installed_specs[spec.name] = true
-      end
-
+    def enqueue_specs(installed_specs)
       @specs.each do |spec|
-        if spec.ready_to_enqueue? && spec.dependencies_installed?(installed_specs)
-          spec.state = :enqueued
-          worker_pool.enq spec
+        if spec.installed?
+          installed_specs[spec.name] = true
+          next
         end
+
+        spec.state = :enqueued
+        worker_pool.enq spec
       end
     end
   end

data/bundler/lib/bundler/installer.rb

@@ -189,21 +189,13 @@ module Bundler
       standalone = options[:standalone]
       force = options[:force]
       local = options[:local] || options[:"prefer-local"]
-      jobs = installation_parallelization
+      jobs = Bundler.settings.installation_parallelization
       spec_installations = ParallelInstaller.call(self, @definition.specs, jobs, standalone, force, local: local)
       spec_installations.each do |installation|
         post_install_messages[installation.name] = installation.post_install_message if installation.has_post_install_message?
       end
     end
 
-    def installation_parallelization
-      if jobs = Bundler.settings[:jobs]
-        return jobs
-      end
-
-      Bundler.settings.processor_count
-    end
-
     def load_plugins
       Gem.load_plugins
 

data/bundler/lib/bundler/man/bundle-config.1

@@ -146,7 +146,7 @@ When set, no post install messages will be printed\. To silence a single gem, us
 Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init\fR\.
 .TP
 \fBjobs\fR (\fBBUNDLE_JOBS\fR)
-The number of gems Bundler can install in parallel\. Defaults to the number of available processors\.
+The number of gems Bundler can download and install in parallel\. Defaults to the number of available processors\.
 .TP
 \fBlockfile\fR (\fBBUNDLE_LOCKFILE\fR)
 The path to the lockfile that bundler should use\. By default, Bundler adds \fB\.lock\fR to the end of the \fBgemfile\fR entry\. Can be set to \fBfalse\fR in the Gemfile to disable lockfile creation entirely (see gemfile(5))\.

data/bundler/lib/bundler/man/bundle-config.1.ronn

@@ -192,8 +192,8 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `init_gems_rb` (`BUNDLE_INIT_GEMS_RB`):
    Generate a `gems.rb` instead of a `Gemfile` when running `bundle init`.
 * `jobs` (`BUNDLE_JOBS`):
-   The number of gems Bundler can install in parallel. Defaults to the number of
-   available processors.
+   The number of gems Bundler can download and install in parallel.
+   Defaults to the number of available processors.
 * `lockfile` (`BUNDLE_LOCKFILE`):
    The path to the lockfile that bundler should use. By default, Bundler adds
    `.lock` to the end of the `gemfile` entry. Can be set to `false` in the

data/bundler/lib/bundler/plugin/api/source.rb

@@ -74,6 +74,14 @@ module Bundler
           {}
         end
 
+        # Download the gem specified by the spec at appropriate path.
+        #
+        # A source plugin can implement this method to split the download and the
+        # installation of a gem.
+        #
+        # @return [Boolean] Whether the download of the gem succeeded.
+        def download(spec, opts); end
+
         # Install the gem specified by the spec at appropriate path.
         # `install_path` provides a sufficient default, if the source can only
         # satisfy one gem,  but is not binding.

data/bundler/lib/bundler/plugin/installer.rb

@@ -110,7 +110,8 @@ module Bundler
         paths = {}
 
         specs.each do |spec|
-          spec.source.install spec
+          spec.source.download(spec)
+          spec.source.install(spec)
 
           paths[spec.name] = spec
         end

data/bundler/lib/bundler/retry.rb

@@ -6,6 +6,8 @@ module Bundler
     attr_accessor :name, :total_runs, :current_run
 
     class << self
+      attr_accessor :default_base_delay
+
       def default_attempts
         default_retries + 1
       end
@@ -16,11 +18,17 @@ module Bundler
       end
     end
 
-    def initialize(name, exceptions = nil, retries = self.class.default_retries)
+    # Set default base delay for exponential backoff
+    self.default_base_delay = 1.0
+
+    def initialize(name, exceptions = nil, retries = self.class.default_retries, opts = {})
       @name = name
       @retries = retries
       @exceptions = Array(exceptions) || []
       @total_runs = @retries + 1 # will run once, then upto attempts.times
+      @base_delay = opts[:base_delay] || self.class.default_base_delay
+      @max_delay = opts[:max_delay] || 60.0
+      @jitter = opts[:jitter] || 0.5
     end
 
     def attempt(&block)
@@ -48,9 +56,27 @@ module Bundler
         Bundler.ui.info "" unless Bundler.ui.debug?
         raise e
       end
-      return true unless name
-      Bundler.ui.info "" unless Bundler.ui.debug? # Add new line in case dots preceded this
-      Bundler.ui.warn "Retrying #{name} due to error (#{current_run.next}/#{total_runs}): #{e.class} #{e.message}", true
+      if name
+        Bundler.ui.info "" unless Bundler.ui.debug? # Add new line in case dots preceded this
+        Bundler.ui.warn "Retrying #{name} due to error (#{current_run.next}/#{total_runs}): #{e.class} #{e.message}", true
+      end
+      backoff_sleep if @base_delay > 0
+      true
+    end
+
+    def backoff_sleep
+      # Exponential backoff: delay = base_delay * 2^(attempt - 1)
+      # Add jitter to prevent thundering herd: random value between 0 and jitter seconds
+      delay = @base_delay * (2**(@current_run - 1))
+      delay = [@max_delay, delay].min
+      jitter_amount = rand * @jitter
+      total_delay = delay + jitter_amount
+      Bundler.ui.debug "Sleeping for #{total_delay.round(2)} seconds before retry"
+      sleep(total_delay)
+    end
+
+    def sleep(duration)
+      Kernel.sleep(duration)
     end
 
     def keep_trying?

data/bundler/lib/bundler/self_manager.rb

@@ -63,6 +63,7 @@ module Bundler
     end
 
     def install(spec)
+      spec.source.download(spec)
       spec.source.install(spec)
     end
 

data/bundler/lib/bundler/settings.rb

@@ -303,6 +303,10 @@ module Bundler
       @app_cache_path ||= self[:cache_path] || "vendor/cache"
     end
 
+    def installation_parallelization
+      self[:jobs] || processor_count
+    end
+
     def validate!
       all.each do |raw_key|
         [@local_config, @env_config, @global_config].each do |settings|

data/bundler/lib/bundler/source/git/git_proxy.rb

@@ -57,6 +57,29 @@ module Bundler
         attr_accessor :path, :uri, :branch, :tag, :ref, :explicit_ref
         attr_writer :revision
 
+        def self.version
+          @version ||= full_version[/((\.?\d+)+).*/, 1]
+        end
+
+        def self.full_version
+          @full_version ||= begin
+            raise GitNotInstalledError.new unless Bundler.git_present?
+
+            require "open3"
+            out, err, status = Open3.capture3("git", "--version")
+
+            raise GitCommandError.new("--version", SharedHelpers.pwd, err) unless status.success?
+            Bundler.ui.warn err unless err.empty?
+
+            out.sub(/git version\s*/, "").strip
+          end
+        end
+
+        def self.reset
+          @version = nil
+          @full_version = nil
+        end
+
         def initialize(path, uri, options = {}, revision = nil, git = nil)
           @path     = path
           @uri      = uri
@@ -92,11 +115,11 @@ module Bundler
         end
 
         def version
-          @version ||= full_version.match(/((\.?\d+)+).*/)[1]
+          self.class.version
         end
 
         def full_version
-          @full_version ||= git_local("--version").sub(/git version\s*/, "").strip
+          self.class.full_version
         end
 
         def checkout
@@ -156,7 +179,7 @@ module Bundler
         private
 
         def git_remote_fetch(args)
-          command = ["fetch", "--force", "--quiet", "--no-tags", *args, "--", configured_uri, refspec].compact
+          command = fetch_command(args)
           command_with_no_credentials = check_allowed(command)
 
           Bundler::Retry.new("`#{command_with_no_credentials}` at #{path}", [MissingGitRevisionError]).attempts do
@@ -166,6 +189,11 @@ module Bundler
             if err.include?("couldn't find remote ref") || err.include?("not our ref")
               raise MissingGitRevisionError.new(command_with_no_credentials, path, commit || explicit_ref, credential_filtered_uri)
             else
+              if shallow?
+                args -= depth_args
+                command = fetch_command(args)
+                command_with_no_credentials = check_allowed(command)
+              end
               raise GitCommandError.new(command_with_no_credentials, path, err)
             end
           end
@@ -178,7 +206,8 @@ module Bundler
             FileUtils.mkdir_p(p)
           end
 
-          command = ["clone", "--bare", "--no-hardlinks", "--quiet", *extra_clone_args, "--", configured_uri, path.to_s]
+          clone_args = extra_clone_args
+          command = clone_command(clone_args)
           command_with_no_credentials = check_allowed(command)
 
           Bundler::Retry.new("`#{command_with_no_credentials}`", [MissingGitRevisionError]).attempts do
@@ -189,13 +218,10 @@ module Bundler
                err.include?("Remote branch #{branch_option} not found") # git 2.49 or higher
               raise MissingGitRevisionError.new(command_with_no_credentials, nil, explicit_ref, credential_filtered_uri)
             else
-              idx = command.index("--depth")
-              if idx
-                command.delete_at(idx)
-                command.delete_at(idx)
+              if shallow?
+                clone_args -= depth_args
+                command = clone_command(clone_args)
                 command_with_no_credentials = check_allowed(command)
-
-                err += "Retrying without --depth argument."
               end
               raise GitCommandError.new(command_with_no_credentials, path, err)
             end
@@ -204,14 +230,14 @@ module Bundler
 
         def clone_needs_unshallow?
           return false unless path.join("shallow").exist?
-          return true if full_clone?
+          return true unless shallow?
 
           @revision && @revision != head_revision
         end
 
         def extra_ref
           return false if not_pinned?
-          return true unless full_clone?
+          return true if shallow?
 
           ref.start_with?("refs/")
         end
@@ -427,8 +453,16 @@ module Bundler
           args
         end
 
+        def fetch_command(args)
+          ["fetch", "--force", "--quiet", "--no-tags", *args, "--", configured_uri, refspec].compact
+        end
+
+        def clone_command(args)
+          ["clone", "--bare", "--no-hardlinks", "--quiet", *args, "--", configured_uri, path.to_s]
+        end
+
         def depth_args
-          return [] if full_clone?
+          return [] unless shallow?
 
           ["--depth", depth.to_s]
         end
@@ -443,8 +477,8 @@ module Bundler
           branch || tag
         end
 
-        def full_clone?
-          depth.nil?
+        def shallow?
+          !depth.nil?
         end
 
         def needs_allow_any_sha1_in_want?

data/bundler/lib/bundler/source/rubygems.rb

@@ -9,6 +9,7 @@ module Bundler
 
       # Ask for X gems per API request
       API_REQUEST_SIZE = 100
+      REQUIRE_MUTEX = Mutex.new
 
       attr_accessor :remotes
 
@@ -21,6 +22,8 @@ module Bundler
         @allow_local = options["allow_local"] || false
         @prefer_local = false
         @checksum_store = Checksum::Store.new
+        @gem_installers = {}
+        @gem_installers_mutex = Mutex.new
 
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
 
@@ -162,49 +165,40 @@ module Bundler
         end
       end
 
-      def install(spec, options = {})
+      def download(spec, options = {})
         if (spec.default_gem? && !cached_built_in_gem(spec, local: options[:local])) || (installed?(spec) && !options[:force])
-          print_using_message "Using #{version_message(spec, options[:previous_spec])}"
-          return nil # no post-install message
+          return true
         end
 
-        path = fetch_gem_if_possible(spec, options[:previous_spec])
-        raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
-
-        return if Bundler.settings[:no_install]
-
-        install_path = rubygems_dir
-        bin_path     = Bundler.system_bindir
-
-        require_relative "../rubygems_gem_installer"
-
-        installer = Bundler::RubyGemsGemInstaller.at(
-          path,
-          security_policy: Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
-          install_dir: install_path.to_s,
-          bin_dir: bin_path.to_s,
-          ignore_dependencies: true,
-          wrappers: true,
-          env_shebang: true,
-          build_args: options[:build_args],
-          bundler_extension_cache_path: extension_cache_path(spec)
-        )
+        installer = rubygems_gem_installer(spec, options)
 
         if spec.remote
           s = begin
             installer.spec
           rescue Gem::Package::FormatError
-            Bundler.rm_rf(path)
+            Bundler.rm_rf(installer.gem)
             raise
           rescue Gem::Security::Exception => e
             raise SecurityError,
-             "The gem #{File.basename(path, ".gem")} can't be installed because " \
+             "The gem #{installer.gem} can't be installed because " \
              "the security policy didn't allow it, with the message: #{e.message}"
           end
 
           spec.__swap__(s)
         end
 
+        spec
+      end
+
+      def install(spec, options = {})
+        if (spec.default_gem? && !cached_built_in_gem(spec, local: options[:local])) || (installed?(spec) && !options[:force])
+          print_using_message "Using #{version_message(spec, options[:previous_spec])}"
+          return nil # no post-install message
+        end
+
+        return if Bundler.settings[:no_install]
+
+        installer = rubygems_gem_installer(spec, options)
         spec.source.checksum_store.register(spec, installer.gem_checksum)
 
         message = "Installing #{version_message(spec, options[:previous_spec])}"
@@ -511,6 +505,34 @@ module Bundler
         return unless remote = spec.remote
         remote.cache_slug
       end
+
+      # We are using a mutex to reaed and write from/to the hash.
+      # The reason this double synchronization was added is for performance
+      # and lock the mutex for the shortest possible amount of time. Otherwise,
+      # all threads are fighting over this mutex and when it gets acquired it gets locked
+      # until a threads finishes downloading a gem, leaving the other threads waiting
+      # doing nothing.
+      def rubygems_gem_installer(spec, options)
+        @gem_installers_mutex.synchronize { @gem_installers[spec.name] } || begin
+          path = fetch_gem_if_possible(spec, options[:previous_spec])
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
+
+          REQUIRE_MUTEX.synchronize { require_relative "../rubygems_gem_installer" }
+
+          installer = Bundler::RubyGemsGemInstaller.at(
+            path,
+            security_policy: Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
+            install_dir: rubygems_dir.to_s,
+            bin_dir: Bundler.system_bindir.to_s,
+            ignore_dependencies: true,
+            wrappers: true,
+            env_shebang: true,
+            build_args: options[:build_args],
+            bundler_extension_cache_path: extension_cache_path(spec)
+          )
+          @gem_installers_mutex.synchronize { @gem_installers[spec.name] ||= installer }
+        end
+      end
     end
   end
 end

data/bundler/lib/bundler/source.rb

@@ -31,6 +31,8 @@ module Bundler
       message
     end
 
+    def download(*); end
+
     def can_lock?(spec)
       spec.source == self
     end

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.8".freeze
+  VERSION = "4.0.9".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

data/bundler/lib/bundler/worker.rb

@@ -22,6 +22,7 @@ module Bundler
     def initialize(size, name, func)
       @name = name
       @request_queue = Thread::Queue.new
+      @request_queue_with_priority = Thread::Queue.new
       @response_queue = Thread::Queue.new
       @func = func
       @size = size
@@ -32,9 +33,10 @@ module Bundler
     # Enqueue a request to be executed in the worker pool
     #
     # @param obj [String] mostly it is name of spec that should be downloaded
-    def enq(obj)
+    def enq(obj, priority: false)
+      queue = priority ? @request_queue_with_priority : @request_queue
       create_threads unless @threads
-      @request_queue.enq obj
+      queue.enq obj
     end
 
     # Retrieves results of job function being executed in worker pool
@@ -52,7 +54,13 @@ module Bundler
 
     def process_queue(i)
       loop do
-        obj = @request_queue.deq
+        obj = begin
+          @request_queue_with_priority.deq(true)
+        rescue ThreadError
+          @request_queue.deq(false, timeout: 0.05)
+        end
+
+        next if obj.nil?
         break if obj.equal? POISON
         @response_queue.enq apply_func(obj, i)
       end

data/lib/rubygems/commands/owner_command.rb

@@ -79,7 +79,8 @@ permission to.
 
       say "Owners for gem: #{name}"
       owners.each do |owner|
-        say "- #{owner["email"] || owner["handle"] || owner["id"]}"
+        identifier = owner["email"] || owner["handle"] || owner["id"]
+        say "- #{identifier} (#{owner["role"]})"
       end
     end
   end

data/lib/rubygems/commands/sources_command.rb

@@ -50,11 +50,8 @@ class Gem::Commands::SourcesCommand < Gem::Command
   end
 
   def add_source(source_uri) # :nodoc:
-    check_rubygems_https source_uri
-
-    source = Gem::Source.new source_uri
-
-    check_typo_squatting(source)
+    source = build_new_source(source_uri)
+    source_uri = source.uri.to_s
 
     begin
       if Gem.sources.include? source
@@ -76,11 +73,8 @@ class Gem::Commands::SourcesCommand < Gem::Command
   end
 
   def append_source(source_uri) # :nodoc:
-    check_rubygems_https source_uri
-
-    source = Gem::Source.new source_uri
-
-    check_typo_squatting(source)
+    source = build_new_source(source_uri)
+    source_uri = source.uri.to_s
 
     begin
       source.load_specs :released
@@ -103,11 +97,8 @@ class Gem::Commands::SourcesCommand < Gem::Command
   end
 
   def prepend_source(source_uri) # :nodoc:
-    check_rubygems_https source_uri
-
-    source = Gem::Source.new source_uri
-
-    check_typo_squatting(source)
+    source = build_new_source(source_uri)
+    source_uri = source.uri.to_s
 
     begin
       source.load_specs :released
@@ -141,6 +132,19 @@ Do you want to add this source?
     end
   end
 
+  def normalize_source_uri(source_uri) # :nodoc:
+    # Ensure the source URI has a trailing slash for proper RFC 2396 path merging
+    # Without a trailing slash, the last path segment is treated as a file and removed
+    # during relative path resolution (e.g., "/blish" + "gems/foo.gem" = "/gems/foo.gem")
+    # With a trailing slash, it's treated as a directory (e.g., "/blish/" + "gems/foo.gem" = "/blish/gems/foo.gem")
+    uri = Gem::URI.parse(source_uri)
+    uri.path = uri.path.gsub(%r{/+\z}, "") + "/" if uri.path && !uri.path.empty?
+    uri.to_s
+  rescue Gem::URI::Error
+    # If parsing fails, return the original URI and let later validation handle it
+    source_uri
+  end
+
   def check_rubygems_https(source_uri) # :nodoc:
     uri = Gem::URI source_uri
 
@@ -273,7 +277,8 @@ To remove a source use the --remove argument:
   end
 
   def remove_source(source_uri) # :nodoc:
-    source = Gem::Source.new source_uri
+    source = build_source(source_uri)
+    source_uri = source.uri.to_s
 
     if configured_sources&.include? source
       Gem.sources.delete source
@@ -328,4 +333,16 @@ To remove a source use the --remove argument:
   def config_file_name
     Gem.configuration.config_file_name
   end
+
+  def build_source(source_uri)
+    source_uri = normalize_source_uri(source_uri)
+    Gem::Source.new(source_uri)
+  end
+
+  def build_new_source(source_uri)
+    source = build_source(source_uri)
+    check_rubygems_https(source.uri.to_s)
+    check_typo_squatting(source)
+    source
+  end
 end

data/lib/rubygems.rb

@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "4.0.8"
+  VERSION = "4.0.9"
 end
 
 require_relative "rubygems/defaults"
@@ -37,7 +37,7 @@ require_relative "rubygems/win_platform"
 # Further RubyGems documentation can be found at:
 #
 # * {RubyGems Guides}[https://guides.rubygems.org]
-# * {RubyGems API}[https://www.rubydoc.info/github/ruby/rubygems] (also available from
+# * {RubyGems API}[https://guides.rubygems.org/rubygems-org-api/] (also available from
 #   <tt>gem server</tt>)
 #
 # == RubyGems Plugins

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 4.0.8
+  version: 4.0.9
 platform: ruby
 authors:
 - Jim Weirich
@@ -724,7 +724,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby. This gem is downloaded
   and installed by `gem update --system`, so that the `gem` CLI can update itself.