Merge RubyGems-3.5.20 and Bundler-2.5.20

20 files changed, 178 insertions, 66 deletions

diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb
index 0ed8bc6ea2..eb6c45e112 100644
--- a/lib/bundler/cli/install.rb
+++ b/lib/bundler/cli/install.rb
@@ -12,7 +12,11 @@ module Bundler
 
       warn_if_root
 
-      Bundler.self_manager.install_locked_bundler_and_restart_with_it_if_needed
+      if options[:local]
+        Bundler.self_manager.restart_with_locked_bundler_if_needed
+      else
+        Bundler.self_manager.install_locked_bundler_and_restart_with_it_if_needed
+      end
 
       Bundler::SharedHelpers.set_env "RB_USER_INSTALL", "1" if Gem.freebsd_platform?
 
diff --git a/lib/bundler/cli/outdated.rb b/lib/bundler/cli/outdated.rb
index 64a83fd57e..75fcdca641 100644
--- a/lib/bundler/cli/outdated.rb
+++ b/lib/bundler/cli/outdated.rb
@@ -97,28 +97,26 @@ module Bundler
         }
       end
 
-      if outdated_gems.empty?
+      relevant_outdated_gems = if options_include_groups
+        outdated_gems.group_by {|g| g[:groups] }.sort.flat_map do |groups, gems|
+          contains_group = groups.split(", ").include?(options[:group])
+          next unless options[:groups] || contains_group
+
+          gems
+        end.compact
+      else
+        outdated_gems
+      end
+
+      if relevant_outdated_gems.empty?
         unless options[:parseable]
           Bundler.ui.info(nothing_outdated_message)
         end
       else
-        if options_include_groups
-          relevant_outdated_gems = outdated_gems.group_by {|g| g[:groups] }.sort.flat_map do |groups, gems|
-            contains_group = groups.split(", ").include?(options[:group])
-            next unless options[:groups] || contains_group
-
-            gems
-          end.compact
-
-          if options[:parseable]
-            print_gems(relevant_outdated_gems)
-          else
-            print_gems_table(relevant_outdated_gems)
-          end
-        elsif options[:parseable]
-          print_gems(outdated_gems)
+        if options[:parseable]
+          print_gems(relevant_outdated_gems)
         else
-          print_gems_table(outdated_gems)
+          print_gems_table(relevant_outdated_gems)
         end
 
         exit 1
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index 75eb5ffa1b..e7e6c49e6c 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -317,7 +317,7 @@ module Bundler
 
     def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
       if [true, false, nil].include?(file_or_preserve_unknown_sections)
-        target_lockfile = lockfile || Bundler.default_lockfile
+        target_lockfile = lockfile
         preserve_unknown_sections = file_or_preserve_unknown_sections
       else
         target_lockfile = file_or_preserve_unknown_sections
diff --git a/lib/bundler/self_manager.rb b/lib/bundler/self_manager.rb
index ea7c014f3c..a6d93f20ff 100644
--- a/lib/bundler/self_manager.rb
+++ b/lib/bundler/self_manager.rb
@@ -98,10 +98,10 @@ module Bundler
 
     def needs_switching?
       autoswitching_applies? &&
-        released?(lockfile_version) &&
-        !running?(lockfile_version) &&
-        !updating? &&
-        Bundler.settings[:version] != "system"
+        Bundler.settings[:version] != "system" &&
+        released?(restart_version) &&
+        !running?(restart_version) &&
+        !updating?
     end
 
     def autoswitching_applies?
diff --git a/lib/bundler/source/git.rb b/lib/bundler/source/git.rb
index 2a327e5fb6..91e1743961 100644
--- a/lib/bundler/source/git.rb
+++ b/lib/bundler/source/git.rb
@@ -188,7 +188,7 @@ module Bundler
       end
 
       def specs(*)
-        set_cache_path!(app_cache_path) if use_app_cache?
+        set_up_app_cache!(app_cache_path) if use_app_cache?
 
         if requires_checkout? && !@copied
           FileUtils.rm_rf(app_cache_path) if use_app_cache? && git_proxy.not_a_bare_repository?
@@ -320,6 +320,11 @@ module Bundler
         @install_path = path
       end
 
+      def set_up_app_cache!(path)
+        FileUtils.mkdir_p(path.join("refs"))
+        set_cache_path!(path)
+      end
+
       def has_app_cache?
         cached_revision && super
       end
diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb
index 2fd56109d1..c743f5ea29 100644
--- a/lib/bundler/version.rb
+++ b/lib/bundler/version.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.19".freeze
+  VERSION = "2.5.20".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i
diff --git a/lib/rubygems.rb b/lib/rubygems.rb
index 7c4aeebe9c..ef0ee71418 100644
--- a/lib/rubygems.rb
+++ b/lib/rubygems.rb
@@ -9,7 +9,7 @@
 require "rbconfig"
 
 module Gem
-  VERSION = "3.5.19"
+  VERSION = "3.5.20"
 end
 
 # Must be first since it unloads the prelude from 1.9.2
diff --git a/spec/bundler/cache/git_spec.rb b/spec/bundler/cache/git_spec.rb
index 7c577b105e..88436c79aa 100644
--- a/spec/bundler/cache/git_spec.rb
+++ b/spec/bundler/cache/git_spec.rb
@@ -212,6 +212,34 @@ RSpec.describe "bundle cache with git" do
     expect(the_bundle).to include_gem "foo 1.0"
   end
 
+  it "can install after bundle cache without cloning remote repositories with only git tracked files" do
+    build_git "foo"
+
+    gemfile <<-G
+      source "https://gem.repo1"
+      gem "foo", :git => '#{lib_path("foo-1.0")}'
+    G
+    bundle "config set cache_all true"
+    bundle :cache, "all-platforms" => true
+    FileUtils.rm_rf Dir.glob(default_bundle_path("bundler/gems/extensions/**/foo-1.0-*")).first.to_s
+    FileUtils.rm_rf Dir.glob(default_bundle_path("bundler/gems/foo-1.0-*")).first.to_s
+
+    simulate_new_machine
+    bundle "config set frozen true"
+    FileUtils.rm_rf "#{default_bundle_path}/cache/bundler/git/foo-1.0-*"
+
+    # Remove untracked files (including the empty refs dir in the cache)
+    Dir.chdir(bundled_app) do
+      system(*%W[git init --quiet])
+      system(*%W[git add --all])
+      system(*%W[git clean -d --force --quiet])
+    end
+
+    bundle "install --local --verbose"
+    expect(out).to_not include("Fetching")
+    expect(the_bundle).to include_gem "foo 1.0"
+  end
+
   it "copies repository to vendor cache" do
     # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
     system(*%W[git config --global protocol.file.allow always])
diff --git a/spec/bundler/commands/binstubs_spec.rb b/spec/bundler/commands/binstubs_spec.rb
index 74582226f8..87a68a9cf1 100644
--- a/spec/bundler/commands/binstubs_spec.rb
+++ b/spec/bundler/commands/binstubs_spec.rb
@@ -115,7 +115,8 @@ RSpec.describe "bundle binstubs <gem>" do
           build_gem "prints_loaded_gems", "1.0" do |s|
             s.executables = "print_loaded_gems"
             s.bindir = "exe"
-            s.write "exe/print_loaded_gems", <<-R
+            s.write "exe/print_loaded_gems", <<~R
+              #!/usr/bin/env ruby
               specs = Gem.loaded_specs.values.reject {|s| s.default_gem? }
               puts specs.map(&:full_name).sort.inspect
             R
diff --git a/spec/bundler/commands/outdated_spec.rb b/spec/bundler/commands/outdated_spec.rb
index 8bf3a468b4..449fba5935 100644
--- a/spec/bundler/commands/outdated_spec.rb
+++ b/spec/bundler/commands/outdated_spec.rb
@@ -251,6 +251,14 @@ RSpec.describe "bundle outdated" do
       expect(out).to end_with("Bundle up to date!")
     end
 
+    it "works when only out of date gems are not in given group" do
+      update_repo2 do
+        build_gem "terranova", "9"
+      end
+      bundle "outdated --group development"
+      expect(out).to end_with("Bundle up to date!")
+    end
+
     it "returns a sorted list of outdated gems from one group => 'default'" do
       test_group_option("default")
 
diff --git a/spec/bundler/commands/update_spec.rb b/spec/bundler/commands/update_spec.rb
index e87fecaa6d..1683827636 100644
--- a/spec/bundler/commands/update_spec.rb
+++ b/spec/bundler/commands/update_spec.rb
@@ -1202,10 +1202,10 @@ RSpec.describe "bundle update when a gem depends on a newer version of bundler"
   before do
     build_repo2 do
       build_gem "rails", "3.0.1" do |s|
-        s.add_dependency "bundler", Bundler::VERSION.succ
+        s.add_dependency "bundler", "9.9.9"
       end
 
-      build_gem "bundler", Bundler::VERSION.succ
+      build_gem "bundler", "9.9.9"
     end
 
     gemfile <<-G
@@ -1218,7 +1218,7 @@ RSpec.describe "bundle update when a gem depends on a newer version of bundler"
     bundle "update", all: true, raise_on_error: false
     expect(last_command.stdboth).not_to match(/in snapshot/i)
     expect(err).to match(/current Bundler version/i).
-      and match(/Install the necessary version with `gem install bundler:#{Bundler::VERSION.succ}`/i)
+      and match(/Install the necessary version with `gem install bundler:9\.9\.9`/i)
   end
 end
 
diff --git a/spec/bundler/install/bundler_spec.rb b/spec/bundler/install/bundler_spec.rb
index 95edf7859d..56f8431181 100644
--- a/spec/bundler/install/bundler_spec.rb
+++ b/spec/bundler/install/bundler_spec.rb
@@ -5,7 +5,7 @@ RSpec.describe "bundle install" do
     before(:each) do
       build_repo2 do
         build_gem "rails", "3.0" do |s|
-          s.add_dependency "bundler", ">= 0.9.0.pre"
+          s.add_dependency "bundler", ">= 0.9.0"
         end
         build_gem "bundler", "0.9.1"
         build_gem "bundler", Bundler::VERSION
@@ -59,8 +59,8 @@ RSpec.describe "bundle install" do
       nice_error = <<~E.strip
         Could not find compatible versions
 
-        Because rails >= 3.0 depends on bundler >= 0.9.0.pre
-          and the current Bundler version (#{Bundler::VERSION}) does not satisfy bundler >= 0.9.0.pre, < 1.A,
+        Because rails >= 3.0 depends on bundler >= 0.9.0
+          and the current Bundler version (#{Bundler::VERSION}) does not satisfy bundler >= 0.9.0, < 1.A,
           rails >= 3.0 requires bundler >= 1.A.
         So, because Gemfile depends on rails = 3.0
           and Gemfile depends on bundler ~> 0.8,
diff --git a/spec/bundler/install/gems/dependency_api_fallback_spec.rb b/spec/bundler/install/gems/dependency_api_fallback_spec.rb
index 5e700ea976..107da15d67 100644
--- a/spec/bundler/install/gems/dependency_api_fallback_spec.rb
+++ b/spec/bundler/install/gems/dependency_api_fallback_spec.rb
@@ -15,13 +15,15 @@ RSpec.describe "gemcutter's dependency API" do
       # mustermann depends on URI::RFC2396_PARSER behavior
       URI.parser = URI::RFC2396_PARSER if URI.respond_to?(:parser=)
 
+      require "rackup/server"
+
       @t = Thread.new do
-        server = Rack::Server.start(app: EndpointTimeout,
-                                    Host: "0.0.0.0",
-                                    Port: port,
-                                    server: "webrick",
-                                    AccessLog: [],
-                                    Logger: Spec::SilentLogger.new)
+        server = Rackup::Server.start(app: EndpointTimeout,
+                                      Host: "0.0.0.0",
+                                      Port: port,
+                                      server: "webrick",
+                                      AccessLog: [],
+                                      Logger: Spec::SilentLogger.new)
         server.start
       end
       @t.run
diff --git a/spec/bundler/realworld/gemfile_source_header_spec.rb b/spec/bundler/realworld/gemfile_source_header_spec.rb
index 45f5d0fd22..f47ba3a855 100644
--- a/spec/bundler/realworld/gemfile_source_header_spec.rb
+++ b/spec/bundler/realworld/gemfile_source_header_spec.rb
@@ -39,13 +39,15 @@ RSpec.describe "fetching dependencies with a mirrored source", realworld: true d
 
     require_relative "../support/artifice/endpoint_mirror_source"
 
+    require "rackup/server"
+
     @t = Thread.new do
-      Rack::Server.start(app: EndpointMirrorSource,
-                         Host: "0.0.0.0",
-                         Port: @port,
-                         server: "webrick",
-                         AccessLog: [],
-                         Logger: Spec::SilentLogger.new)
+      Rackup::Server.start(app: EndpointMirrorSource,
+                           Host: "0.0.0.0",
+                           Port: @port,
+                           server: "webrick",
+                           AccessLog: [],
+                           Logger: Spec::SilentLogger.new)
     end.run
 
     wait_for_server("127.0.0.1", @port)
diff --git a/spec/bundler/realworld/mirror_probe_spec.rb b/spec/bundler/realworld/mirror_probe_spec.rb
index fc97f92375..61312860d1 100644
--- a/spec/bundler/realworld/mirror_probe_spec.rb
+++ b/spec/bundler/realworld/mirror_probe_spec.rb
@@ -112,13 +112,15 @@ RSpec.describe "fetching dependencies with a not available mirror", realworld: t
 
     require_relative "../support/artifice/endpoint"
 
+    require "rackup/server"
+
     @server_thread = Thread.new do
-      Rack::Server.start(app: Endpoint,
-                         Host: host,
-                         Port: @server_port,
-                         server: "webrick",
-                         AccessLog: [],
-                         Logger: Spec::SilentLogger.new)
+      Rackup::Server.start(app: Endpoint,
+                           Host: host,
+                           Port: @server_port,
+                           server: "webrick",
+                           AccessLog: [],
+                           Logger: Spec::SilentLogger.new)
     end.run
 
     wait_for_server(host, @server_port)
diff --git a/spec/bundler/runtime/inline_spec.rb b/spec/bundler/runtime/inline_spec.rb
index 2deda75509..5ff555ab0d 100644
--- a/spec/bundler/runtime/inline_spec.rb
+++ b/spec/bundler/runtime/inline_spec.rb
@@ -656,6 +656,20 @@ RSpec.describe "bundler/inline#gemfile" do
     expect(out).to include("after: [\"Test_Variable\"]")
   end
 
+  it "does not create a lockfile" do
+    script <<-RUBY
+      require 'bundler/inline'
+
+      gemfile do
+        source "https://gem.repo1"
+      end
+
+      puts Dir.glob("Gemfile.lock")
+    RUBY
+
+    expect(out).to be_empty
+  end
+
   it "does not load specified version of psych and stringio", :ruby_repo do
     build_repo4 do
       build_gem "psych", "999"
@@ -678,4 +692,25 @@ RSpec.describe "bundler/inline#gemfile" do
     expect(out).to include("The psych gem was resolved to 999")
     expect(out).to include("The stringio gem was resolved to 999")
   end
+
+  it "leaves a lockfile in the same directory as the inline script alone" do
+    install_gemfile <<~G
+      source "https://gem.repo1"
+      gem "foo"
+    G
+
+    original_lockfile = lockfile
+
+    script <<-RUBY, env: { "BUNDLER_SPEC_GEM_REPO" => gem_repo1.to_s }
+      require "bundler/inline"
+
+      gemfile(true) do
+        source "https://gem.repo1"
+
+        gem "myrack"
+      end
+    RUBY
+
+    expect(lockfile).to eq(original_lockfile)
+  end
 end
diff --git a/spec/bundler/runtime/self_management_spec.rb b/spec/bundler/runtime/self_management_spec.rb
index d2472dece2..c6910e95c0 100644
--- a/spec/bundler/runtime/self_management_spec.rb
+++ b/spec/bundler/runtime/self_management_spec.rb
@@ -131,6 +131,17 @@ RSpec.describe "Self management", rubygems: ">= 3.3.0.dev" do
       expect(out).to eq(Bundler::VERSION[0] == "2" ? "Bundler version #{Bundler::VERSION}" : Bundler::VERSION)
     end
 
+    it "does not try to install when --local is passed" do
+      lockfile_bundled_with(previous_minor)
+      system_gems "myrack-1.0.0", path: default_bundle_path
+
+      bundle "install --local"
+      expect(out).not_to match(/Installing Bundler/)
+
+      bundle "-v"
+      expect(out).to eq(Bundler::VERSION[0] == "2" ? "Bundler version #{Bundler::VERSION}" : Bundler::VERSION)
+    end
+
     it "shows a discrete message if locked bundler does not exist" do
       missing_minor = "#{Bundler::VERSION[0]}.999.999"
 
@@ -165,6 +176,17 @@ RSpec.describe "Self management", rubygems: ">= 3.3.0.dev" do
       expect(out).to eq(Bundler::VERSION[0] == "2" ? "Bundler version #{Bundler::VERSION}" : Bundler::VERSION)
     end
 
+    it "does not try to install when using bundle config version <dev-version>" do
+      lockfile_bundled_with(previous_minor)
+
+      bundle "config set version #{previous_minor}.dev"
+      bundle "install"
+      expect(out).not_to match(/restarting using that version/)
+
+      bundle "-v"
+      expect(out).to eq(Bundler::VERSION[0] == "2" ? "Bundler version #{Bundler::VERSION}" : Bundler::VERSION)
+    end
+
     it "ignores malformed lockfile version" do
       lockfile_bundled_with("2.3.")
 
diff --git a/spec/bundler/support/builders.rb b/spec/bundler/support/builders.rb
index a0b94004f2..a187d2ae48 100644
--- a/spec/bundler/support/builders.rb
+++ b/spec/bundler/support/builders.rb
@@ -153,7 +153,7 @@ module Spec
 
         build_gem "bundler", "0.9" do |s|
           s.executables = "bundle"
-          s.write "bin/bundle", "puts 'FAIL'"
+          s.write "bin/bundle", "#!/usr/bin/env ruby\nputs 'FAIL'"
         end
 
         # The bundler 0.8 gem has a rubygems plugin that always loads :(
@@ -456,6 +456,7 @@ module Spec
           s.email       = "foo@bar.baz"
           s.homepage    = "http://example.com"
           s.license     = "MIT"
+          s.required_ruby_version = ">= 3.0"
         end
         @files = {}
       end
@@ -472,11 +473,7 @@ module Spec
         @spec.executables = Array(val)
         @spec.executables.each do |file|
           executable = "#{@spec.bindir}/#{file}"
-          shebang = if Bundler.current_ruby.jruby?
-            "#!/usr/bin/env jruby\n"
-          else
-            "#!/usr/bin/env ruby\n"
-          end
+          shebang = "#!/usr/bin/env ruby\n"
           @spec.files << executable
           write executable, "#{shebang}require_relative '../lib/#{@name}' ; puts #{Builders.constantize(@name)}"
         end
@@ -537,10 +534,10 @@ module Spec
         end
 
         @files.each do |file, source|
-          file = Pathname.new(path).join(file)
-          FileUtils.mkdir_p(file.dirname)
-          File.open(file, "w") {|f| f.puts source }
-          File.chmod("+x", file) if @spec.executables.map {|exe| "#{@spec.bindir}/#{exe}" }.include?(file)
+          full_path = Pathname.new(path).join(file)
+          FileUtils.mkdir_p(full_path.dirname)
+          File.open(full_path, "w") {|f| f.puts source }
+          FileUtils.chmod("+x", full_path) if @spec.executables.map {|exe| "#{@spec.bindir}/#{exe}" }.include?(file)
         end
         path
       end
diff --git a/spec/bundler/support/helpers.rb b/spec/bundler/support/helpers.rb
index ef52e88eed..145008ab42 100644
--- a/spec/bundler/support/helpers.rb
+++ b/spec/bundler/support/helpers.rb
@@ -186,7 +186,10 @@ module Spec
       env = options[:env] || {}
       env["RUBYOPT"] = opt_add(opt_add("-r#{spec_dir}/support/hax.rb", env["RUBYOPT"]), ENV["RUBYOPT"])
       options[:env] = env
-      sys_exec("#{Path.gem_bin} #{command}", options)
+      output = sys_exec("#{Path.gem_bin} #{command}", options)
+      stderr = last_command.stderr
+      raise stderr if stderr.include?("WARNING") && !allowed_rubygems_warning?(stderr)
+      output
     end
 
     def rake
@@ -542,6 +545,10 @@ module Spec
 
     private
 
+    def allowed_rubygems_warning?(text)
+      text.include?("open-ended") || text.include?("is a symlink") || text.include?("rake based") || text.include?("expected RubyGems version")
+    end
+
     def match_source(contents)
       match = /source ["']?(?<source>http[^"']+)["']?/.match(contents)
       return unless match
diff --git a/tool/bundler/test_gems.rb b/tool/bundler/test_gems.rb
index 32cb6b34ee..bb7d4edb9a 100644
--- a/tool/bundler/test_gems.rb
+++ b/tool/bundler/test_gems.rb
@@ -2,12 +2,13 @@
 
 source "https://rubygems.org"
 
-gem "rack", "~> 2.0"
+gem "rack", "~> 3.0"
+gem "rackup", "~> 2.1"
 gem "base64"
-gem "webrick", "1.7.0"
-gem "rack-test", "~> 1.1"
+gem "webrick", "~> 1.8"
+gem "rack-test", "~> 2.1"
 gem "compact_index", "~> 0.15.0"
-gem "sinatra", "~> 3.0"
+gem "sinatra", "~> 4.0"
 gem "rake", "~> 13.1"
 gem "builder", "~> 3.2"
 gem "rb_sys"