Merge RubyGems-3.2.21 and Bundler-2.2.21

16 files changed, 147 insertions, 39 deletions

diff --git a/lib/bundler.rb b/lib/bundler.rb
index b2363a25f4..8b9e870f7b 100644
--- a/lib/bundler.rb
+++ b/lib/bundler.rb
@@ -198,7 +198,7 @@ module Bundler
 
     def frozen_bundle?
       frozen = settings[:deployment]
-      frozen ||= settings[:frozen] unless feature_flag.deployment_means_frozen?
+      frozen ||= settings[:frozen]
       frozen
     end
 
diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb
index c702eb14d1..47c1da10e7 100644
--- a/lib/bundler/cli/install.rb
+++ b/lib/bundler/cli/install.rb
@@ -33,12 +33,8 @@ module Bundler
 
         options[:local] = true if Bundler.app_cache.exist?
 
-        if Bundler.feature_flag.deployment_means_frozen?
-          Bundler.settings.set_command_option :deployment, true
-        else
-          Bundler.settings.set_command_option :deployment, true if options[:deployment]
-          Bundler.settings.set_command_option :frozen, true if options[:frozen]
-        end
+        Bundler.settings.set_command_option :deployment, true if options[:deployment]
+        Bundler.settings.set_command_option :frozen, true if options[:frozen]
       end
 
       # When install is called with --no-deployment, disable deployment mode
@@ -62,7 +58,10 @@ module Bundler
       definition.validate_runtime!
 
       installer = Installer.install(Bundler.root, definition, options)
-      Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
+
+      Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do
+        Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle?
+      end
 
       Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}."
       Bundler::CLI::Common.output_without_groups_message(:install)
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index bc75e83908..274b558c1b 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -107,12 +107,14 @@ module Bundler
       end
 
       @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
+      @multisource_allowed = @locked_gem_sources.any?(&:multiple_remotes?) && (sources.aggregate_global_source? || Bundler.frozen_bundle?)
 
-      unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
+      if @multisource_allowed
+        unless sources.aggregate_global_source?
+          msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure."
 
-        Bundler::SharedHelpers.major_deprecation 2, msg
+          Bundler::SharedHelpers.major_deprecation 2, msg
+        end
 
         @sources.merged_gem_lockfile_sections!
       end
@@ -156,8 +158,8 @@ module Bundler
       end
     end
 
-    def disable_multisource?
-      @disable_multisource
+    def multisource_allowed?
+      @multisource_allowed
     end
 
     def resolve_only_locally!
@@ -510,7 +512,7 @@ module Bundler
     private
 
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.no_aggregate_global_source?
+      sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source?
     end
 
     def current_ruby_platform_locked?
@@ -627,7 +629,7 @@ module Bundler
     end
 
     def converge_rubygems_sources
-      return false if disable_multisource?
+      return false unless multisource_allowed?
 
       return false if locked_gem_sources.empty?
 
diff --git a/lib/bundler/feature_flag.rb b/lib/bundler/feature_flag.rb
index 53d76b8ae8..aee127ba80 100644
--- a/lib/bundler/feature_flag.rb
+++ b/lib/bundler/feature_flag.rb
@@ -31,7 +31,6 @@ module Bundler
     settings_flag(:auto_clean_without_path) { bundler_3_mode? }
     settings_flag(:cache_all) { bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
-    settings_flag(:deployment_means_frozen) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
     settings_flag(:path_relative_to_cwd) { bundler_3_mode? }
diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb
index 0304155bdd..bc69b884ec 100644
--- a/lib/bundler/fetcher/compact_index.rb
+++ b/lib/bundler/fetcher/compact_index.rb
@@ -111,7 +111,7 @@ module Bundler
       def bundle_worker(func = nil)
         @bundle_worker ||= begin
           worker_name = "Compact Index (#{display_uri.host})"
-          Bundler::Worker.new(Bundler.current_ruby.rbx? ? 1 : 25, worker_name, func)
+          Bundler::Worker.new(Bundler.settings.processor_count, worker_name, func)
         end
         @bundle_worker.tap do |worker|
           worker.instance_variable_set(:@func, func) if func
diff --git a/lib/bundler/installer.rb b/lib/bundler/installer.rb
index 09c8b1c157..a88fb91cb5 100644
--- a/lib/bundler/installer.rb
+++ b/lib/bundler/installer.rb
@@ -222,14 +222,7 @@ module Bundler
       # Parallelization has some issues on Windows, so it's not yet the default
       return 1 if Gem.win_platform?
 
-      processor_count
-    end
-
-    def processor_count
-      require "etc"
-      Etc.nprocessors
-    rescue StandardError
-      1
+      Bundler.settings.processor_count
     end
 
     def load_plugins
diff --git a/lib/bundler/resolver.rb b/lib/bundler/resolver.rb
index 9a25e49d4b..fac5070619 100644
--- a/lib/bundler/resolver.rb
+++ b/lib/bundler/resolver.rb
@@ -30,8 +30,10 @@ module Bundler
       @resolver = Molinillo::Resolver.new(self, self)
       @search_for = {}
       @base_dg = Molinillo::DependencyGraph.new
+      aggregate_global_source = @source_requirements[:default].is_a?(Source::RubygemsAggregate)
       @base.each do |ls|
         dep = Dependency.new(ls.name, ls.version)
+        ls.source = source_for(ls.name) unless aggregate_global_source
         @base_dg.add_vertex(ls.name, DepProxy.get_proxy(dep, ls.platform), true)
       end
       additional_base_requirements.each {|d| @base_dg.add_vertex(d.name, d) }
diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb
index 11227314a7..13fcb447d0 100644
--- a/lib/bundler/settings.rb
+++ b/lib/bundler/settings.rb
@@ -16,7 +16,6 @@ module Bundler
       clean
       default_install_uses_path
       deployment
-      deployment_means_frozen
       disable_checksum_validation
       disable_exec_load
       disable_local_branch_check
@@ -210,6 +209,13 @@ module Bundler
       locations
     end
 
+    def processor_count
+      require "etc"
+      Etc.nprocessors
+    rescue StandardError
+      1
+    end
+
     # for legacy reasons, in Bundler 2, we do not respect :disable_shared_gems
     def path
       configs.each do |_level, settings|
diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb
index 590c3ec939..0e9b4e02a5 100644
--- a/lib/bundler/source/rubygems.rb
+++ b/lib/bundler/source/rubygems.rb
@@ -67,12 +67,12 @@ module Bundler
         o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
       end
 
-      def disable_multisource?
-        @remotes.size <= 1
+      def multiple_remotes?
+        @remotes.size > 1
       end
 
       def can_lock?(spec)
-        return super if disable_multisource?
+        return super unless multiple_remotes?
         spec.source.is_a?(Rubygems)
       end
 
diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb
index 584d693dea..9a7f0ea0a2 100644
--- a/lib/bundler/source_list.rb
+++ b/lib/bundler/source_list.rb
@@ -32,8 +32,8 @@ module Bundler
       @merged_gem_lockfile_sections = true
     end
 
-    def no_aggregate_global_source?
-      global_rubygems_source.remotes.size <= 1
+    def aggregate_global_source?
+      global_rubygems_source.multiple_remotes?
     end
 
     def add_path_source(options = {})
@@ -185,6 +185,8 @@ module Bundler
     end
 
     def equal_source?(source, other_source)
+      return source.include?(other_source) if source.is_a?(Source::Rubygems) && other_source.is_a?(Source::Rubygems) && !merged_gem_lockfile_sections?
+
       source == other_source
     end
 
diff --git a/lib/bundler/templates/newgem/newgem.gemspec.tt b/lib/bundler/templates/newgem/newgem.gemspec.tt
index 7032004076..91ce856bff 100644
--- a/lib/bundler/templates/newgem/newgem.gemspec.tt
+++ b/lib/bundler/templates/newgem/newgem.gemspec.tt
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
 <%- end -%>
   spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>"
 
-  spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'"
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb
index 4302fb9892..1c34797243 100644
--- a/lib/bundler/version.rb
+++ b/lib/bundler/version.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.2.20".freeze
+  VERSION = "2.2.21".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i
diff --git a/lib/rubygems.rb b/lib/rubygems.rb
index 57d0140d8b..9d16f6ecf8 100644
--- a/lib/rubygems.rb
+++ b/lib/rubygems.rb
@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = "3.2.20".freeze
+  VERSION = "3.2.21".freeze
 end
 
 # Must be first since it unloads the prelude from 1.9.2
diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb
index 9dc41a2995..3746d7aab0 100644
--- a/lib/rubygems/config_file.rb
+++ b/lib/rubygems/config_file.rb
@@ -320,7 +320,7 @@ if you believe they were disclosed to a third party.
     config = load_file(credentials_path).merge(host => api_key)
 
     dirname = File.dirname credentials_path
-    Dir.mkdir(dirname) unless File.exist? dirname
+    FileUtils.mkdir_p(dirname) unless File.exist? dirname
 
     Gem.load_yaml
 
diff --git a/lib/rubygems/request.rb b/lib/rubygems/request.rb
index 1ed0fbcb99..5bda0b2e5e 100644
--- a/lib/rubygems/request.rb
+++ b/lib/rubygems/request.rb
@@ -44,7 +44,7 @@ class Gem::Request
   end
 
   def self.configure_connection_for_https(connection, cert_files)
-    raise Gem::Exception.new('OpenSSl is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources') unless Gem::HAVE_OPENSSL
+    raise Gem::Exception.new('OpenSSL is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources') unless Gem::HAVE_OPENSSL
 
     connection.use_ssl = true
     connection.verify_mode =
diff --git a/lib/rubygems/util/licenses.rb b/lib/rubygems/util/licenses.rb
index 29bf310ea0..98cbd8929b 100644
--- a/lib/rubygems/util/licenses.rb
+++ b/lib/rubygems/util/licenses.rb
@@ -18,6 +18,8 @@ class Gem::Licenses
     AFL-2.1
     AFL-3.0
     AGPL-1.0
+    AGPL-1.0-only
+    AGPL-1.0-or-later
     AGPL-3.0
     AGPL-3.0-only
     AGPL-3.0-or-later
@@ -25,6 +27,7 @@ class Gem::Licenses
     AML
     AMPAS
     ANTLR-PD
+    ANTLR-PD-fallback
     APAFML
     APL-1.0
     APSL-1.0
@@ -48,29 +51,41 @@ class Gem::Licenses
     BSD-2-Clause-FreeBSD
     BSD-2-Clause-NetBSD
     BSD-2-Clause-Patent
+    BSD-2-Clause-Views
     BSD-3-Clause
     BSD-3-Clause-Attribution
     BSD-3-Clause-Clear
     BSD-3-Clause-LBNL
+    BSD-3-Clause-Modification
+    BSD-3-Clause-No-Military-License
     BSD-3-Clause-No-Nuclear-License
     BSD-3-Clause-No-Nuclear-License-2014
     BSD-3-Clause-No-Nuclear-Warranty
+    BSD-3-Clause-Open-MPI
     BSD-4-Clause
+    BSD-4-Clause-Shortened
     BSD-4-Clause-UC
     BSD-Protection
     BSD-Source-Code
     BSL-1.0
+    BUSL-1.1
     Bahyph
     Barr
     Beerware
     BitTorrent-1.0
     BitTorrent-1.1
+    BlueOak-1.0.0
     Borceux
+    C-UDA-1.0
+    CAL-1.0
+    CAL-1.0-Combined-Work-Exception
     CATOSL-1.1
     CC-BY-1.0
     CC-BY-2.0
     CC-BY-2.5
     CC-BY-3.0
+    CC-BY-3.0-AT
+    CC-BY-3.0-US
     CC-BY-4.0
     CC-BY-NC-1.0
     CC-BY-NC-2.0
@@ -81,6 +96,7 @@ class Gem::Licenses
     CC-BY-NC-ND-2.0
     CC-BY-NC-ND-2.5
     CC-BY-NC-ND-3.0
+    CC-BY-NC-ND-3.0-IGO
     CC-BY-NC-ND-4.0
     CC-BY-NC-SA-1.0
     CC-BY-NC-SA-2.0
@@ -94,12 +110,17 @@ class Gem::Licenses
     CC-BY-ND-4.0
     CC-BY-SA-1.0
     CC-BY-SA-2.0
+    CC-BY-SA-2.0-UK
+    CC-BY-SA-2.1-JP
     CC-BY-SA-2.5
     CC-BY-SA-3.0
+    CC-BY-SA-3.0-AT
     CC-BY-SA-4.0
+    CC-PDDC
     CC0-1.0
     CDDL-1.0
     CDDL-1.1
+    CDL-1.0
     CDLA-Permissive-1.0
     CDLA-Sharing-1.0
     CECILL-1.0
@@ -108,6 +129,11 @@ class Gem::Licenses
     CECILL-2.1
     CECILL-B
     CECILL-C
+    CERN-OHL-1.1
+    CERN-OHL-1.2
+    CERN-OHL-P-2.0
+    CERN-OHL-S-2.0
+    CERN-OHL-W-2.0
     CNRI-Jython
     CNRI-Python
     CNRI-Python-GPL-Compatible
@@ -123,12 +149,14 @@ class Gem::Licenses
     Cube
     D-FSL-1.0
     DOC
+    DRL-1.0
     DSDP
     Dotseqn
     ECL-1.0
     ECL-2.0
     EFL-1.0
     EFL-2.0
+    EPICS
     EPL-1.0
     EPL-2.0
     EUDatagrid
@@ -144,17 +172,32 @@ class Gem::Licenses
     FTL
     Fair
     Frameworx-1.0
+    FreeBSD-DOC
     FreeImage
+    GD
     GFDL-1.1
+    GFDL-1.1-invariants-only
+    GFDL-1.1-invariants-or-later
+    GFDL-1.1-no-invariants-only
+    GFDL-1.1-no-invariants-or-later
     GFDL-1.1-only
     GFDL-1.1-or-later
     GFDL-1.2
+    GFDL-1.2-invariants-only
+    GFDL-1.2-invariants-or-later
+    GFDL-1.2-no-invariants-only
+    GFDL-1.2-no-invariants-or-later
     GFDL-1.2-only
     GFDL-1.2-or-later
     GFDL-1.3
+    GFDL-1.3-invariants-only
+    GFDL-1.3-invariants-or-later
+    GFDL-1.3-no-invariants-only
+    GFDL-1.3-no-invariants-or-later
     GFDL-1.3-only
     GFDL-1.3-or-later
     GL2PS
+    GLWTPL
     GPL-1.0
     GPL-1.0+
     GPL-1.0-only
@@ -178,7 +221,10 @@ class Gem::Licenses
     Glide
     Glulxe
     HPND
+    HPND-sell-variant
+    HTMLTIDY
     HaskellReport
+    Hippocratic-2.1
     IBM-pibs
     ICU
     IJG
@@ -191,6 +237,7 @@ class Gem::Licenses
     Intel
     Intel-ACPI
     Interbase-1.0
+    JPNIC
     JSON
     JasPer-2.0
     LAL-1.2
@@ -221,11 +268,15 @@ class Gem::Licenses
     LiLiQ-R-1.1
     LiLiQ-Rplus-1.1
     Libpng
+    Linux-OpenIB
     MIT
+    MIT-0
     MIT-CMU
+    MIT-Modern-Variant
     MIT-advertising
     MIT-enna
     MIT-feh
+    MIT-open-group
     MITNFA
     MPL-1.0
     MPL-1.1
@@ -237,12 +288,18 @@ class Gem::Licenses
     MakeIndex
     MirOS
     Motosoto
+    MulanPSL-1.0
+    MulanPSL-2.0
     Multics
     Mup
+    NAIST-2003
     NASA-1.3
     NBPL-1.0
+    NCGL-UK-2.0
     NCSA
     NGPL
+    NIST-PD
+    NIST-PD-fallback
     NLOD-1.0
     NLPL
     NOSL
@@ -251,6 +308,7 @@ class Gem::Licenses
     NPOSL-3.0
     NRL
     NTP
+    NTP-0
     Naumen
     Net-SNMP
     NetCDF
@@ -258,11 +316,23 @@ class Gem::Licenses
     Nokia
     Noweb
     Nunit
+    O-UDA-1.0
     OCCT-PL
     OCLC-2.0
+    ODC-By-1.0
     ODbL-1.0
     OFL-1.0
+    OFL-1.0-RFN
+    OFL-1.0-no-RFN
     OFL-1.1
+    OFL-1.1-RFN
+    OFL-1.1-no-RFN
+    OGC-1.0
+    OGDL-Taiwan-1.0
+    OGL-Canada-2.0
+    OGL-UK-1.0
+    OGL-UK-2.0
+    OGL-UK-3.0
     OGTSL
     OLDAP-1.1
     OLDAP-1.2
@@ -292,7 +362,12 @@ class Gem::Licenses
     PDDL-1.0
     PHP-3.0
     PHP-3.01
+    PSF-2.0
+    Parity-6.0.0
+    Parity-7.0.0
     Plexus
+    PolyForm-Noncommercial-1.0.0
+    PolyForm-Small-Business-1.0.0
     PostgreSQL
     Python-2.0
     QPL-1.0
@@ -310,15 +385,21 @@ class Gem::Licenses
     SGI-B-1.0
     SGI-B-1.1
     SGI-B-2.0
+    SHL-0.5
+    SHL-0.51
     SISSL
     SISSL-1.2
     SMLNJ
     SMPPL
     SNIA
     SPL-1.0
+    SSH-OpenSSH
+    SSH-short
+    SSPL-1.0
     SWL
     Saxpath
     Sendmail
+    Sendmail-8.23
     SimPL-2.0
     Sleepycat
     Spencer-86
@@ -326,11 +407,15 @@ class Gem::Licenses
     Spencer-99
     StandardML-NJ
     SugarCRM-1.1.3
+    TAPR-OHL-1.0
     TCL
     TCP-wrappers
     TMate
     TORQUE-1.1
     TOSL
+    TU-Berlin-1.0
+    TU-Berlin-2.0
+    UCL-1.0
     UPL-1.0
     Unicode-DFS-2015
     Unicode-DFS-2016
@@ -360,16 +445,22 @@ class Gem::Licenses
     Zimbra-1.3
     Zimbra-1.4
     Zlib
+    blessing
     bzip2-1.0.5
     bzip2-1.0.6
+    copyleft-next-0.3.0
+    copyleft-next-0.3.1
     curl
     diffmark
     dvipdfm
     eCos-2.0
     eGenix
+    etalab-2.0
     gSOAP-1.3b
     gnuplot
     iMatix
+    libpng-2.0
+    libselinux-1.0
     libtiff
     mpich2
     psfrag
@@ -395,12 +486,26 @@ class Gem::Licenses
     Font-exception-2.0
     GCC-exception-2.0
     GCC-exception-3.1
+    GPL-3.0-linking-exception
+    GPL-3.0-linking-source-exception
+    GPL-CC-1.0
+    LGPL-3.0-linking-exception
+    LLVM-exception
     LZMA-exception
     Libtool-exception
     Linux-syscall-note
     Nokia-Qt-exception-1.1
     OCCT-exception-1.0
+    OCaml-LGPL-linking-exception
+    OpenJDK-assembly-exception-1.0
+    PS-or-PDF-font-exception-20170817
+    Qt-GPL-exception-1.0
+    Qt-LGPL-exception-1.1
     Qwt-exception-1.0
+    SHL-2.0
+    SHL-2.1
+    Swift-exception
+    Universal-FOSS-exception-1.0
     WxWindows-exception-3.1
     eCos-exception-2.0
     freertos-exception-2.0
@@ -413,10 +518,10 @@ class Gem::Licenses
 
   REGEXP = %r{
     \A
-    (
+    (?:
       #{Regexp.union(LICENSE_IDENTIFIERS)}
       \+?
-      (\s WITH \s #{Regexp.union(EXCEPTION_IDENTIFIERS)})?
+      (?:\s WITH \s #{Regexp.union(EXCEPTION_IDENTIFIERS)})?
       | #{NONSTANDARD}
     )
     \Z