Merge rubygems/rubygems HEAD.

Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a
Merged: https://github.com/ruby/ruby/pull/5462
2022-11-09 12:17:21 -05:00 · 2022-01-19 13:28:23 +09:00 · 2022-01-19 13:28:23 +09:00 · d22511fd75 · 2022-01-19 15:02:05 +09:00
commit d22511fd75
parent 5646f4b67b
35 changed files with 417 additions and 251 deletions
--- a/lib/bundler/cli.rb
+++ b/lib/bundler/cli.rb
@ -809,17 +809,10 @@ module Bundler
      current = Gem::Version.new(VERSION)
      return if current >= latest
      latest_installed = Bundler.rubygems.find_name("bundler").map(&:version).max
-      installation = "To install the latest version, run `gem install bundler#{" --pre" if latest.prerelease?}`"
+      Bundler.ui.warn \
-      if latest_installed && latest_installed > current
+        "The latest bundler is #{latest}, but you are currently running #{current}.\n" \
-        suggestion = "To update to the most recent installed version (#{latest_installed}), run `bundle update --bundler`"
+        "To update to the most recent version, run `bundle update --bundler`"
        suggestion = "#{installation}\n#{suggestion}" if latest_installed < latest
      else
        suggestion = installation
      end
      Bundler.ui.warn "The latest bundler is #{latest}, but you are currently running #{current}.\n#{suggestion}"
    rescue RuntimeError
      nil
    end
--- a/lib/bundler/cli/update.rb
+++ b/lib/bundler/cli/update.rb
@ -11,12 +11,16 @@ module Bundler
    def run
      Bundler.ui.level = "warn" if options[:quiet]
      update_bundler = options[:bundler]
      Bundler.self_manager.update_bundler_and_restart_with_it_if_needed(update_bundler) if update_bundler
      Plugin.gemfile_install(Bundler.default_gemfile) if Bundler.feature_flag.plugins?
      sources = Array(options[:source])
      groups  = Array(options[:group]).map(&:to_sym)
-      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !options[:bundler]
+      full_update = gems.empty? && sources.empty? && groups.empty? && !options[:ruby] && !update_bundler
      if full_update && !options[:all]
        if Bundler.feature_flag.update_requires_all_flag?
@ -49,7 +53,7 @@ module Bundler
        Bundler.definition(:gems => gems, :sources => sources, :ruby => options[:ruby],
                           :conservative => conservative,
-                           :bundler => options[:bundler])
+                           :bundler => update_bundler)
      end
      Bundler::CLI::Common.configure_gem_version_promoter(Bundler.definition, options)
--- a/lib/bundler/compact_index_client.rb
+++ b/lib/bundler/compact_index_client.rb
@ -73,12 +73,6 @@ module Bundler
      end.flatten(1)
    end
    def spec(name, version, platform = nil)
      Bundler::CompactIndexClient.debug { "spec(name = #{name}, version = #{version}, platform = #{platform})" }
      update_info(name)
      @cache.specific_dependency(name, version, platform)
    end
    def update_and_parse_checksums!
      Bundler::CompactIndexClient.debug { "update_and_parse_checksums!" }
      return @info_checksums_by_name if @parsed_checksums
--- a/lib/bundler/compact_index_client/cache.rb
+++ b/lib/bundler/compact_index_client/cache.rb
@ -76,15 +76,6 @@ module Bundler
        end
      end
      def specific_dependency(name, version, platform)
        pattern = [version, platform].compact.join("-")
        return nil if pattern.empty?
        gem_lines = info_path(name).read
        gem_line = gem_lines[/^#{Regexp.escape(pattern)}\b.*/, 0]
        gem_line ? parse_gem(gem_line) : nil
      end
      private
      def lines(path)
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@ -310,14 +310,6 @@ module Bundler
      end
    end
    def locked_bundler_version
      if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION)
        new_version = Bundler::VERSION
      end
      new_version || @locked_bundler_version || Bundler::VERSION
    end
    def locked_ruby_version
      return unless ruby_version
      if @unlock[:ruby] || !@locked_ruby_version
--- a/lib/bundler/endpoint_specification.rb
+++ b/lib/bundler/endpoint_specification.rb
@ -5,14 +5,15 @@ module Bundler
  class EndpointSpecification < Gem::Specification
    include MatchPlatform
-    attr_reader :name, :version, :platform, :required_rubygems_version, :required_ruby_version, :checksum
+    attr_reader :name, :version, :platform, :checksum
    attr_accessor :source, :remote, :dependencies
-    def initialize(name, version, platform, dependencies, metadata = nil)
+    def initialize(name, version, platform, spec_fetcher, dependencies, metadata = nil)
      super()
      @name         = name
      @version      = Gem::Version.create version
      @platform     = platform
      @spec_fetcher = spec_fetcher
      @dependencies = dependencies.map {|dep, reqs| build_dependency(dep, reqs) }
      @loaded_from          = nil
@ -21,6 +22,14 @@ module Bundler
      parse_metadata(metadata)
    end
    def required_ruby_version
      @required_ruby_version ||= _remote_specification.required_ruby_version
    end
    def required_rubygems_version
      @required_rubygems_version ||= _remote_specification.required_rubygems_version
    end
    def fetch_platform
      @platform
    end
@ -105,12 +114,21 @@ module Bundler
    private
    def _remote_specification
      @_remote_specification ||= @spec_fetcher.fetch_spec([@name, @version, @platform])
    end
    def local_specification_path
      "#{base_dir}/specifications/#{full_name}.gemspec"
    end
    def parse_metadata(data)
-      return unless data
+      unless data
        @required_ruby_version = nil
        @required_rubygems_version = nil
        return
      end
      data.each do |k, v|
        next unless v
        case k.to_s
--- a/lib/bundler/fetcher.rb
+++ b/lib/bundler/fetcher.rb
@ -129,17 +129,15 @@ module Bundler
        specs = fetchers.last.specs(gem_names)
      else
        specs = []
-        fetchers.shift until fetchers.first.available? || fetchers.empty?
+        @fetchers = fetchers.drop_while do |f|
-        fetchers.dup.each do |f|
+          !f.available? || (f.api_fetcher? && !gem_names) || !specs = f.specs(gem_names)
          break unless f.api_fetcher? && !gem_names || !specs = f.specs(gem_names)
          fetchers.delete(f)
        end
        @use_api = false if fetchers.none?(&:api_fetcher?)
      end
      specs.each do |name, version, platform, dependencies, metadata|
        spec = if dependencies
-          EndpointSpecification.new(name, version, platform, dependencies, metadata)
+          EndpointSpecification.new(name, version, platform, self, dependencies, metadata)
        else
          RemoteSpecification.new(name, version, platform, self)
        end
@ -272,8 +270,7 @@ module Bundler
    # cached gem specification path, if one exists
    def gemspec_cached_path(spec_file_name)
      paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
-      paths = paths.select {|path| File.file? path }
+      paths.find {|path| File.file? path }
      paths.first
    end
    HTTP_ERRORS = [
@ -301,8 +298,6 @@ module Bundler
      store
    end
    private
    def remote_uri
      @remote.uri
    end
--- a/lib/bundler/fetcher/compact_index.rb
+++ b/lib/bundler/fetcher/compact_index.rb
@ -57,16 +57,6 @@ module Bundler
        gem_info
      end
      def fetch_spec(spec)
        spec -= [nil, "ruby", ""]
        contents = compact_index_client.spec(*spec)
        return nil if contents.nil?
        contents.unshift(spec.first)
        contents[3].map! {|d| Gem::Dependency.new(*d) }
        EndpointSpecification.new(*contents)
      end
      compact_index_request :fetch_spec
      def available?
        unless SharedHelpers.md5_available?
          Bundler.ui.debug("FIPS mode is enabled, bundler can't use the CompactIndex API")
--- a/lib/bundler/fetcher/index.rb
+++ b/lib/bundler/fetcher/index.rb
@ -21,32 +21,6 @@ module Bundler
          raise HTTPError, "Could not fetch specs from #{display_uri} due to underlying error <#{e.message}>"
        end
      end
      def fetch_spec(spec)
        spec -= [nil, "ruby", ""]
        spec_file_name = "#{spec.join "-"}.gemspec"
        uri = Bundler::URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
        if uri.scheme == "file"
          path = Bundler.rubygems.correct_for_windows_path(uri.path)
          Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(path))
        elsif cached_spec_path = gemspec_cached_path(spec_file_name)
          Bundler.load_gemspec(cached_spec_path)
        else
          Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
        end
      rescue MarshalError
        raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
          "Your network or your gem server is probably having issues right now."
      end
      private
      # cached gem specification path, if one exists
      def gemspec_cached_path(spec_file_name)
        paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
        paths.find {|path| File.file? path }
      end
    end
  end
 end
--- a/lib/bundler/lazy_specification.rb
+++ b/lib/bundler/lazy_specification.rb
@ -90,11 +90,11 @@ module Bundler
          MatchPlatform.platforms_match?(spec.platform, platform_object)
        end
        installable_candidates = same_platform_candidates.select do |spec|
-          !spec.is_a?(EndpointSpecification) ||
+          spec.is_a?(StubSpecification) ||
            (spec.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
              spec.required_rubygems_version.satisfied_by?(Gem.rubygems_version))
        end
-        search = installable_candidates.last || same_platform_candidates.last
+        search = installable_candidates.last
        search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
        search
      end
--- a/lib/bundler/lockfile_generator.rb
+++ b/lib/bundler/lockfile_generator.rb
@ -71,7 +71,7 @@ module Bundler
    end
    def add_bundled_with
-      add_section("BUNDLED WITH", definition.locked_bundler_version.to_s)
+      add_section("BUNDLED WITH", Bundler::VERSION)
    end
    def add_section(name, value)
--- a/lib/bundler/resolver.rb
+++ b/lib/bundler/resolver.rb
@ -358,24 +358,18 @@ module Bundler
            o << "\n"
            o << %(Running `bundle update` will rebuild your snapshot from scratch, using only\n)
            o << %(the gems in your Gemfile, which may resolve the conflict.\n)
-          elsif !conflict.existing
+          elsif !conflict.existing && !name.end_with?("\0")
            o << "\n"
            relevant_source = conflict.requirement.source || source_for(name)
            metadata_requirement = name.end_with?("\0")
            extra_message = if conflict.requirement_trees.first.size > 1
              ", which is required by gem '#{SharedHelpers.pretty_dependency(conflict.requirement_trees.first[-2])}',"
            else
              ""
            end
-            if metadata_requirement
+            o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
              o << "#{SharedHelpers.pretty_dependency(conflict.requirement)}#{extra_message} is not available in #{relevant_source}"
            else
              o << gem_not_found_message(name, conflict.requirement, relevant_source, extra_message)
            end
          end
        end,
        :version_for_spec => lambda {|spec| spec.version },
--- a/lib/bundler/resolver/spec_group.rb
+++ b/lib/bundler/resolver/spec_group.rb
@ -95,7 +95,7 @@ module Bundler
      def metadata_dependencies(platform)
        spec = @specs[platform].first
-        return [] unless spec.is_a?(Gem::Specification)
+        return [] if spec.is_a?(LazySpecification)
        dependencies = []
        if !spec.required_ruby_version.nil? && !spec.required_ruby_version.none?
          dependencies << DepProxy.get_proxy(Gem::Dependency.new("Ruby\0", spec.required_ruby_version), platform)
--- a/lib/bundler/self_manager.rb
+++ b/lib/bundler/self_manager.rb
@ -9,46 +9,58 @@ module Bundler
    def restart_with_locked_bundler_if_needed
      return unless needs_switching? && installed?
-      restart_with_locked_bundler
+      restart_with(lockfile_version)
    end
    def install_locked_bundler_and_restart_with_it_if_needed
      return unless needs_switching?
      install_and_restart_with_locked_bundler
    end
    private
    def install_and_restart_with_locked_bundler
      bundler_dep = Gem::Dependency.new("bundler", lockfile_version)
      spec = fetch_spec_for(bundler_dep)
      return if spec.nil?
      Bundler.ui.info \
        "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
        "Installing Bundler #{lockfile_version} and restarting using that version."
-      spec.source.install(spec)
+      install_and_restart_with(lockfile_version)
    end
    def update_bundler_and_restart_with_it_if_needed(target)
      return unless autoswitching_applies?
      spec = resolve_update_version_from(target)
      return unless spec
      version = spec.version
      Bundler.ui.info "Updating bundler to #{version}."
      install(spec)
      restart_with(version)
    end
    private
    def install_and_restart_with(version)
      requirement = Gem::Requirement.new(version)
      spec = find_latest_matching_spec(requirement)
      if spec.nil?
        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
        return
      end
      install(spec)
    rescue StandardError => e
      Bundler.ui.trace e
      Bundler.ui.warn "There was an error installing the locked bundler version (#{lockfile_version}), rerun with the `--verbose` flag for more details. Going on using bundler #{current_version}."
    else
-      restart_with_locked_bundler
+      restart_with(version)
    end
-    def fetch_spec_for(bundler_dep)
+    def install(spec)
-      source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
+      spec.source.install(spec)
      source.remote!
      source.add_dependency_names("bundler")
      spec = source.specs.search(bundler_dep).first
      if spec.nil?
        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
      end
      spec
    end
-    def restart_with_locked_bundler
+    def restart_with(version)
      configured_gem_home = ENV["GEM_HOME"]
      configured_gem_path = ENV["GEM_PATH"]
@ -57,20 +69,79 @@ module Bundler
      Bundler.with_original_env do
        Kernel.exec(
-          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => lockfile_version },
+          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => version.to_s },
          *cmd
        )
      end
    end
    def needs_switching?
      autoswitching_applies? &&
        released?(lockfile_version) &&
        !running?(lockfile_version) &&
        !updating?
    end
    def autoswitching_applies?
      ENV["BUNDLER_VERSION"].nil? &&
        Bundler.rubygems.supports_bundler_trampolining? &&
        SharedHelpers.in_bundle? &&
-        lockfile_version &&
+        lockfile_version
-        !lockfile_version.end_with?(".dev") &&
+    end
-        lockfile_version != current_version &&
+
-        !updating?
+    def resolve_update_version_from(target)
      requirement = Gem::Requirement.new(target)
      update_candidate = find_latest_matching_spec(requirement)
      if update_candidate.nil?
        raise InvalidOption, "The `bundle update --bundler` target version (#{target}) does not exist"
      end
      resolved_version = update_candidate.version
      needs_update = requirement.specific? ? !running?(resolved_version) : running_older_than?(resolved_version)
      return unless needs_update
      update_candidate
    end
    def local_specs
      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
    end
    def remote_specs
      @remote_specs ||= begin
        source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
        source.remote!
        source.add_dependency_names("bundler")
        source.specs
      end
    end
    def find_latest_matching_spec(requirement)
      local_result = find_latest_matching_spec_from_collection(local_specs, requirement)
      return local_result if local_result && requirement.specific?
      remote_result = find_latest_matching_spec_from_collection(remote_specs, requirement)
      return remote_result if local_result.nil?
      [local_result, remote_result].max
    end
    def find_latest_matching_spec_from_collection(specs, requirement)
      specs.sort.reverse_each.find {|spec| requirement.satisfied_by?(spec.version) }
    end
    def running?(version)
      version == current_version
    end
    def running_older_than?(version)
      current_version < version
    end
    def released?(version)
      !version.to_s.end_with?(".dev")
    end
    def updating?
@ -80,15 +151,18 @@ module Bundler
    def installed?
      Bundler.configure
-      Bundler.rubygems.find_bundler(lockfile_version)
+      Bundler.rubygems.find_bundler(lockfile_version.to_s)
    end
    def current_version
-      @current_version ||= Bundler::VERSION
+      @current_version ||= Gem::Version.new(Bundler::VERSION)
    end
    def lockfile_version
-      @lockfile_version ||= Bundler::LockfileParser.bundled_with
+      return @lockfile_version if defined?(@lockfile_version)
      parsed_version = Bundler::LockfileParser.bundled_with
      @lockfile_version = parsed_version ? Gem::Version.new(parsed_version) : nil
    end
  end
 end
--- a/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb
+++ b/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb
@ -107,10 +107,7 @@ class Bundler::Thor
      #
      def replace!(regexp, string, force)
        content = File.read(destination)
-        before, after = content.split(regexp, 2)
+        if force || !content.include?(replacement)
        snippet = (behavior == :after ? after : before).to_s
        if force || !snippet.include?(replacement)
          success = content.gsub!(regexp, string)
          File.open(destination, "wb") { |file| file.write(content) } unless pretend?
--- a/lib/bundler/vendor/thor/lib/thor/version.rb
+++ b/lib/bundler/vendor/thor/lib/thor/version.rb
@ -1,3 +1,3 @@
 class Bundler::Thor
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end
--- a/lib/rubygems.rb
+++ b/lib/rubygems.rb
@ -606,17 +606,10 @@ An Array (#{env.inspect}) was passed in from #{caller[3]}
  def self.load_yaml
    return if @yaml_loaded
-    begin
+    require 'psych'
-      # Try requiring the gem version *or* stdlib version of psych.
+    require_relative 'rubygems/psych_additions'
-      require 'psych'
+    require_relative 'rubygems/psych_tree'
    rescue ::LoadError
      # If we can't load psych, that's fine, go on.
    else
      require_relative 'rubygems/psych_additions'
      require_relative 'rubygems/psych_tree'
    end
    require 'yaml'
    require_relative 'rubygems/safe_yaml'
    @yaml_loaded = true
--- a/lib/rubygems/package.rb
+++ b/lib/rubygems/package.rb
@ -230,7 +230,7 @@ class Gem::Package
    tar.add_file_signed 'checksums.yaml.gz', 0444, @signer do |io|
      gzip_to io do |gz_io|
-        YAML.dump checksums_by_algorithm, gz_io
+        Psych.dump checksums_by_algorithm, gz_io
      end
    end
  end
--- a/lib/rubygems/package/old.rb
+++ b/lib/rubygems/package/old.rb
@ -145,7 +145,7 @@ class Gem::Package::Old < Gem::Package
    begin
      @spec = Gem::Specification.from_yaml yaml
-    rescue YAML::SyntaxError
+    rescue Psych::SyntaxError
      raise Gem::Exception, "Failed to parse gem specification out of gem file"
    end
  rescue ArgumentError
--- a/lib/rubygems/psych_additions.rb
+++ b/lib/rubygems/psych_additions.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
 # This exists just to satisfy bugs in marshal'd gemspecs that
-# contain a reference to YAML::PrivateType. We prune these out
+# contain a reference to Psych::PrivateType. We prune these out
 # in Specification._load, but if we don't have the constant, Marshal
 # blows up.
--- a/lib/rubygems/safe_yaml.rb
+++ b/lib/rubygems/safe_yaml.rb
@ -24,33 +24,33 @@ module Gem
      runtime
    ].freeze
-    if ::YAML.respond_to? :safe_load
+    if ::Psych.respond_to? :safe_load
      def self.safe_load(input)
        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
-          ::YAML.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
+          ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
        else
-          ::YAML.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
+          ::Psych.safe_load(input, PERMITTED_CLASSES, PERMITTED_SYMBOLS, true)
        end
      end
      def self.load(input)
        if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
-          ::YAML.safe_load(input, permitted_classes: [::Symbol])
+          ::Psych.safe_load(input, permitted_classes: [::Symbol])
        else
-          ::YAML.safe_load(input, [::Symbol])
+          ::Psych.safe_load(input, [::Symbol])
        end
      end
    else
      unless Gem::Deprecate.skip
-        warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+        warn "Psych safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
      end
      def self.safe_load(input, *args)
-        ::YAML.load input
+        ::Psych.load input
      end
      def self.load(input)
-        ::YAML.load input
+        ::Psych.load input
      end
    end
  end
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@ -261,7 +261,7 @@ require_relative 'openssl'
 # 2. Grab the public key from the gemspec
 #
 #      gem spec some_signed_gem-1.0.gem cert_chain | \
-#        ruby -ryaml -e 'puts YAML.load($stdin)' > public_key.crt
+#        ruby -rpsych -e 'puts Psych.load($stdin)' > public_key.crt
 #
 # 3. Generate a SHA1 hash of the data.tar.gz
 #
--- a/lib/rubygems/specification.rb
+++ b/lib/rubygems/specification.rb
@ -1279,10 +1279,10 @@ class Gem::Specification < Gem::BasicSpecification
      raise TypeError, "invalid Gem::Specification format #{array.inspect}"
    end
-    # Cleanup any YAML::PrivateType. They only show up for an old bug
+    # Cleanup any Psych::PrivateType. They only show up for an old bug
    # where nil => null, so just convert them to nil based on the type.
-    array.map! {|e| e.kind_of?(YAML::PrivateType) ? nil : e }
+    array.map! {|e| e.kind_of?(Psych::PrivateType) ? nil : e }
    spec.instance_variable_set :@rubygems_version,          array[0]
    # spec version
--- a/spec/bundler/bundler/cli_spec.rb
+++ b/spec/bundler/bundler/cli_spec.rb
@ -170,7 +170,7 @@ RSpec.describe "bundle executable" do
        bundle "fail", :env => { "BUNDLER_VERSION" => bundler_version }, :raise_on_error => false
        expect(err).to start_with(<<-EOS.strip)
 The latest bundler is #{latest_version}, but you are currently running #{bundler_version}.
-To install the latest version, run `gem install bundler`
+To update to the most recent version, run `bundle update --bundler`
        EOS
      end
@ -195,7 +195,7 @@ To install the latest version, run `gem install bundler`
          bundle "fail", :env => { "BUNDLER_VERSION" => bundler_version }, :raise_on_error => false
          expect(err).to start_with(<<-EOS.strip)
 The latest bundler is #{latest_version}, but you are currently running #{bundler_version}.
-To install the latest version, run `gem install bundler --pre`
+To update to the most recent version, run `bundle update --bundler`
          EOS
        end
      end
--- a/spec/bundler/bundler/endpoint_specification_spec.rb
+++ b/spec/bundler/bundler/endpoint_specification_spec.rb
@ -5,9 +5,10 @@ RSpec.describe Bundler::EndpointSpecification do
  let(:version)      { "1.0.0" }
  let(:platform)     { Gem::Platform::RUBY }
  let(:dependencies) { [] }
  let(:spec_fetcher) { double(:spec_fetcher) }
  let(:metadata)     { nil }
-  subject(:spec) { described_class.new(name, version, platform, dependencies, metadata) }
+  subject(:spec) { described_class.new(name, version, platform, spec_fetcher, dependencies, metadata) }
  describe "#build_dependency" do
    let(:name)           { "foo" }
@ -48,7 +49,9 @@ RSpec.describe Bundler::EndpointSpecification do
  end
  it "supports equality comparison" do
-    other_spec = described_class.new("bar", version, platform, dependencies, metadata)
+    remote_spec = double(:remote_spec, :required_ruby_version => nil, :required_rubygems_version => nil)
    allow(spec_fetcher).to receive(:fetch_spec).and_return(remote_spec)
    other_spec = described_class.new("bar", version, platform, spec_fetcher, dependencies, metadata)
    expect(spec).to eql(spec)
    expect(spec).to_not eql(other_spec)
  end
--- a/spec/bundler/commands/binstubs_spec.rb
+++ b/spec/bundler/commands/binstubs_spec.rb
@ -182,7 +182,7 @@ RSpec.describe "bundle binstubs <gem>" do
        end
        context "and the version is older and the same major" do
-          let(:system_bundler_version) { "2.3.1" }
+          let(:system_bundler_version) { "2.3.3" }
          before do
            lockfile lockfile.gsub(/BUNDLED WITH\n   .*$/m, "BUNDLED WITH\n   2.3.0")
@ -191,7 +191,7 @@ RSpec.describe "bundle binstubs <gem>" do
          it "installs and runs the exact version of bundler", :rubygems => ">= 3.3.0.dev" do
            sys_exec "bin/bundle install --verbose", :artifice => "vcr"
            expect(exitstatus).not_to eq(42)
-            expect(out).to include("Bundler 2.3.1 is running, but your lockfile was generated with 2.3.0. Installing Bundler 2.3.0 and restarting using that version.")
+            expect(out).to include("Bundler 2.3.3 is running, but your lockfile was generated with 2.3.0. Installing Bundler 2.3.0 and restarting using that version.")
            expect(out).to include("Using bundler 2.3.0")
            expect(err).not_to include("Activating bundler (~> 2.3.0) failed:")
          end
@ -199,8 +199,8 @@ RSpec.describe "bundle binstubs <gem>" do
          it "runs the available version of bundler", :rubygems => "< 3.3.0.dev" do
            sys_exec "bin/bundle install --verbose"
            expect(exitstatus).not_to eq(42)
-            expect(out).not_to include("Bundler 2.3.1 is running, but your lockfile was generated with 2.3.0. Installing Bundler 2.3.0 and restarting using that version.")
+            expect(out).not_to include("Bundler 2.3.3 is running, but your lockfile was generated with 2.3.0. Installing Bundler 2.3.0 and restarting using that version.")
-            expect(out).to include("Using bundler 2.3.1")
+            expect(out).to include("Using bundler 2.3.3")
            expect(err).not_to include("Activating bundler (~> 2.3.0) failed:")
          end
        end
--- a/spec/bundler/commands/update_spec.rb
+++ b/spec/bundler/commands/update_spec.rb
@ -1120,31 +1120,11 @@ RSpec.describe "bundle update --bundler" do
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    allow(Bundler::SharedHelpers).to receive(:find_gemfile).and_return(bundled_app_gemfile)
    lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, '\11.0.0\2')
    FileUtils.rm_r gem_repo4
-    bundle :update, :bundler => true, :verbose => true
+    bundle :update, :bundler => true, :artifice => "compact_index", :verbose => true
    expect(the_bundle).to include_gem "rack 1.0"
    expect(the_bundle.locked_gems.bundler_version).to eq v(Bundler::VERSION)
  end
  it "updates the bundler version in the lockfile without re-resolving if the locked version is already installed" do
    system_gems "bundler-2.3.3"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.3")
    bundle :update, :bundler => true, :artifice => "vcr", :verbose => true
    expect(out).to include("Using bundler #{Bundler::VERSION}")
    expect(lockfile).to eq <<~L
@ -1165,6 +1145,184 @@ RSpec.describe "bundle update --bundler" do
    expect(the_bundle).to include_gem "rack 1.0"
  end
  it "updates the bundler version in the lockfile without re-resolving if the highest version is already installed" do
    system_gems "bundler-2.3.3"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.3")
    bundle :update, :bundler => true, :artifice => "compact_index", :verbose => true
    expect(out).to include("Using bundler #{Bundler::VERSION}")
    expect(lockfile).to eq <<~L
      GEM
        remote: #{file_uri_for(gem_repo4)}/
        specs:
          rack (1.0)
      PLATFORMS
        #{lockfile_platforms}
      DEPENDENCIES
        rack
      BUNDLED WITH
         #{Bundler::VERSION}
    L
    expect(the_bundle).to include_gem "rack 1.0"
  end
  it "updates the bundler version in the lockfile even if the latest version is not installed", :ruby_repo, :realworld do
    pristine_system_gems "bundler-2.3.3"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.3")
    bundle :update, :bundler => true, :artifice => "vcr", :verbose => true
    # Only updates properly on modern RubyGems.
    if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
      expect(out).to include("Updating bundler to 2.3.4")
      expect(out).to include("Using bundler 2.3.4")
      expect(out).not_to include("Installing Bundler 2.3.3 and restarting using that version.")
      expect(lockfile).to eq <<~L
        GEM
          remote: #{file_uri_for(gem_repo4)}/
          specs:
            rack (1.0)
        PLATFORMS
          #{lockfile_platforms}
        DEPENDENCIES
          rack
        BUNDLED WITH
           2.3.4
      L
      expect(the_bundle).to include_gems "bundler 2.3.4"
    end
    expect(the_bundle).to include_gems "rack 1.0"
  end
  it "errors if the explicit target version does not exist", :realworld do
    pristine_system_gems "bundler-2.3.3"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.3")
    bundle :update, :bundler => "999.999.999", :artifice => "vcr", :raise_on_error => false
    # Only gives a meaningful error message on modern RubyGems.
    if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
      expect(last_command).to be_failure
      expect(err).to include("The `bundle update --bundler` target version (999.999.999) does not exist")
    end
  end
  it "allows updating to development versions if already installed locally" do
    system_gems "bundler-2.3.0.dev"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    bundle :update, :bundler => "2.3.0.dev"
    # Only updates properly on modern RubyGems.
    if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
      expect(lockfile).to eq <<~L
        GEM
          remote: #{file_uri_for(gem_repo4)}/
          specs:
            rack (1.0)
        PLATFORMS
          #{lockfile_platforms}
        DEPENDENCIES
          rack
        BUNDLED WITH
           2.3.0.dev
      L
      expect(out).to include("Using bundler 2.3.0.dev")
    end
  end
  it "does not touch the network if not necessary" do
    system_gems "bundler-2.3.3"
    build_repo4 do
      build_gem "rack", "1.0"
    end
    install_gemfile <<-G
      source "#{file_uri_for(gem_repo4)}"
      gem "rack"
    G
    bundle :update, :bundler => "2.3.3", :raise_on_error => false
    expect(out).not_to include("Fetching gem metadata from https://rubygems.org/")
    # Only updates properly on modern RubyGems.
    if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
      expect(lockfile).to eq <<~L
        GEM
          remote: #{file_uri_for(gem_repo4)}/
          specs:
            rack (1.0)
        PLATFORMS
          #{lockfile_platforms}
        DEPENDENCIES
          rack
        BUNDLED WITH
           2.3.3
      L
      expect(out).to include("Using bundler 2.3.3")
    end
  end
 end
 # these specs are slow and focus on integration and therefore are not exhaustive. unit specs elsewhere handle that.
--- a/spec/bundler/install/gemfile/gemspec_spec.rb
+++ b/spec/bundler/install/gemfile/gemspec_spec.rb
@ -179,7 +179,7 @@ RSpec.describe "bundle install from an existing gemspec" do
      gemspec :path => '#{tmp.join("foo")}'
    G
-    bundle "update --bundler", :verbose => true
+    bundle "update --bundler", :artifice => "compact_index", :verbose => true
    expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 JAVA"
  end
--- a/spec/bundler/install/gems/dependency_api_spec.rb
+++ b/spec/bundler/install/gems/dependency_api_spec.rb
@ -402,17 +402,6 @@ RSpec.describe "gemcutter's dependency API" do
    expect(the_bundle).to include_gems "back_deps 1.0"
  end
  it "uses the endpoint if all sources support it" do
    gemfile <<-G
      source "#{source_uri}"
      gem 'foo'
    G
    bundle :install, :artifice => "endpoint_api_missing"
    expect(the_bundle).to include_gems "foo 1.0"
  end
  it "fetches again when more dependencies are found in subsequent sources using deployment mode", :bundler => "< 3" do
    build_repo2 do
      build_gem "back_deps" do |s|
--- a/spec/bundler/install/gems/resolving_spec.rb
+++ b/spec/bundler/install/gems/resolving_spec.rb
@ -224,6 +224,27 @@ RSpec.describe "bundle install with install-time dependencies" do
        expect(the_bundle).to include_gems("rack 1.2")
      end
      it "installs the older version when using servers not implementing the compact index API" do
        build_repo2 do
          build_gem "rack", "1.2" do |s|
            s.executables = "rackup"
          end
          build_gem "rack", "9001.0.0" do |s|
            s.required_ruby_version = "> 9000"
          end
        end
        install_gemfile <<-G, :artifice => "endpoint", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }
          ruby "#{RUBY_VERSION}"
          source "http://localgemserver.test/"
          gem 'rack'
        G
        expect(out).to_not include("rack-9001.0.0 requires ruby version > 9000")
        expect(the_bundle).to include_gems("rack 1.2")
      end
      it "installs the older version under rate limiting conditions" do
        build_repo4 do
          build_gem "rack", "9001.0.0" do |s|
@ -284,8 +305,6 @@ RSpec.describe "bundle install with install-time dependencies" do
      shared_examples_for "ruby version conflicts" do
        it "raises an error during resolution" do
          skip "ruby requirement includes platform and it shouldn't" if Gem.win_platform?
          install_gemfile <<-G, :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }, :raise_on_error => false
            source "http://localgemserver.test/"
            ruby #{ruby_requirement}
@ -301,8 +320,6 @@ RSpec.describe "bundle install with install-time dependencies" do
                require_ruby was resolved to 1.0, which depends on
                  Ruby\0 (> 9000)
            Ruby\0 (> 9000), which is required by gem 'require_ruby', is not available in the local ruby installation
          E
          expect(err).to end_with(nice_error)
        end
@ -341,7 +358,15 @@ RSpec.describe "bundle install with install-time dependencies" do
      G
      expect(err).to_not include("Gem::InstallError: require_rubygems requires RubyGems version > 9000")
-      expect(err).to include("require_rubygems-1.0 requires rubygems version > 9000, which is incompatible with the current version, #{Gem::VERSION}")
+      nice_error = strip_whitespace(<<-E).strip
        Bundler found conflicting requirements for the RubyGems\0 version:
          In Gemfile:
            RubyGems\0 (= #{Gem::VERSION})
            require_rubygems was resolved to 1.0, which depends on
              RubyGems\0 (> 9000)
      E
      expect(err).to end_with(nice_error)
    end
  end
 end
--- a/spec/bundler/support/artifice/endpoint_api_missing.rb
+++ b/spec/bundler/support/artifice/endpoint_api_missing.rb
@ -1,18 +0,0 @@
 # frozen_string_literal: true
 require_relative "endpoint"
 Artifice.deactivate
 class EndpointApiMissing < Endpoint
  get "/fetch/actual/gem/:id" do
    warn params[:id]
    if params[:id] == "rack-1.0.gemspec.rz"
      halt 404
    else
      File.binread("#{gem_repo2}/quick/Marshal.4.8/#{params[:id]}")
    end
  end
 end
 Artifice.activate_with(EndpointApiMissing)
--- a/test/rubygems/helper.rb
+++ b/test/rubygems/helper.rb
@ -685,10 +685,10 @@ class Gem::TestCase < Test::Unit::TestCase
  # Load a YAML string, the psych 3 way
  def load_yaml(yaml)
-    if YAML.respond_to?(:unsafe_load)
+    if Psych.respond_to?(:unsafe_load)
-      YAML.unsafe_load(yaml)
+      Psych.unsafe_load(yaml)
    else
-      YAML.load(yaml)
+      Psych.load(yaml)
    end
  end
@ -696,10 +696,10 @@ class Gem::TestCase < Test::Unit::TestCase
  # Load a YAML file, the psych 3 way
  def load_yaml_file(file)
-    if YAML.respond_to?(:unsafe_load_file)
+    if Psych.respond_to?(:unsafe_load_file)
-      YAML.unsafe_load_file(file)
+      Psych.unsafe_load_file(file)
    else
-      YAML.load_file(file)
+      Psych.load_file(file)
    end
  end
--- a/test/rubygems/test_gem_package.rb
+++ b/test/rubygems/test_gem_package.rb
@ -822,7 +822,7 @@ class TestGemPackage < Gem::Package::TarTestCase
      }
      tar.add_file 'checksums.yaml.gz', 0444 do |io|
        Zlib::GzipWriter.wrap io do |gz_io|
-          gz_io.write YAML.dump bogus_checksums
+          gz_io.write Psych.dump bogus_checksums
        end
      end
    end
@ -868,7 +868,7 @@ class TestGemPackage < Gem::Package::TarTestCase
      tar.add_file 'checksums.yaml.gz', 0444 do |io|
        Zlib::GzipWriter.wrap io do |gz_io|
-          gz_io.write YAML.dump checksums
+          gz_io.write Psych.dump checksums
        end
      end
--- a/tool/bundler/rubocop_gems.rb.lock
+++ b/tool/bundler/rubocop_gems.rb.lock
@ -2,17 +2,17 @@ GEM
  remote: https://rubygems.org/
  specs:
    ast (2.4.2)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
-    minitest (5.14.4)
+    minitest (5.15.0)
    parallel (1.21.0)
-    parser (3.0.2.0)
+    parser (3.1.0.0)
      ast (~> 2.4.1)
    power_assert (2.0.1)
-    rainbow (3.0.0)
+    rainbow (3.1.1)
    rake (13.0.6)
-    rake-compiler (1.1.1)
+    rake-compiler (1.1.7)
      rake
-    regexp_parser (2.1.1)
+    regexp_parser (2.2.0)
    rexml (3.2.5)
    rspec (3.10.0)
      rspec-core (~> 3.10.0)
@ -27,19 +27,19 @@ GEM
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-support (3.10.3)
-    rubocop (1.23.0)
+    rubocop (1.24.1)
      parallel (~> 1.10)
      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml
-      rubocop-ast (>= 1.12.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.13.0)
+    rubocop-ast (1.15.1)
      parser (>= 3.0.1.1)
    ruby-progressbar (1.11.0)
-    test-unit (3.5.1)
+    test-unit (3.5.3)
      power_assert
    unicode-display_width (2.1.0)
--- a/tool/bundler/standard_gems.rb.lock
+++ b/tool/bundler/standard_gems.rb.lock
@ -2,17 +2,17 @@ GEM
  remote: https://rubygems.org/
  specs:
    ast (2.4.2)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
-    minitest (5.14.4)
+    minitest (5.15.0)
    parallel (1.21.0)
-    parser (3.0.2.0)
+    parser (3.1.0.0)
      ast (~> 2.4.1)
    power_assert (2.0.1)
-    rainbow (3.0.0)
+    rainbow (3.1.1)
    rake (13.0.6)
-    rake-compiler (1.1.1)
+    rake-compiler (1.1.7)
      rake
-    regexp_parser (2.1.1)
+    regexp_parser (2.2.0)
    rexml (3.2.5)
    rspec (3.10.0)
      rspec-core (~> 3.10.0)
@ -27,25 +27,25 @@ GEM
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-support (3.10.3)
-    rubocop (1.22.3)
+    rubocop (1.24.1)
      parallel (~> 1.10)
      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml
-      rubocop-ast (>= 1.12.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.13.0)
+    rubocop-ast (1.15.1)
      parser (>= 3.0.1.1)
-    rubocop-performance (1.11.5)
+    rubocop-performance (1.13.1)
      rubocop (>= 1.7.0, < 2.0)
      rubocop-ast (>= 0.4.0)
    ruby-progressbar (1.11.0)
-    standard (1.4.0)
+    standard (1.6.0)
-      rubocop (= 1.22.3)
+      rubocop (= 1.24.1)
-      rubocop-performance (= 1.11.5)
+      rubocop-performance (= 1.13.1)
-    test-unit (3.5.1)
+    test-unit (3.5.3)
      power_assert
    unicode-display_width (2.1.0)