Merge RubyGems-3.2.11 and Bundler-2.2.11

2025-09-19 18:43:59 +02:00 · 2021-03-02 20:37:31 +09:00 · 2021-03-02 20:37:31 +09:00 · f375bc77d2
commit f375bc77d2
parent 38f8b8d070
32 changed files with 478 additions and 459 deletions
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@ -106,19 +106,6 @@ module Bundler
        @locked_platforms = []
      end
      @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
      @disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
      unless @disable_multisource
        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
          "You should regenerate your lockfile in a non frozen environment."
        Bundler::SharedHelpers.major_deprecation 2, msg
        @sources.allow_multisource!
        @locked_gem_sources.each(&:allow_multisource!)
      end
      @unlock[:gems] ||= []
      @unlock[:sources] ||= []
      @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
@ -158,14 +145,6 @@ module Bundler
      end
    end
    def disable_multisource?
      @disable_multisource
    end
    def allow_multisource!
      @disable_multisource = false
    end
    def resolve_with_cache!
      raise "Specs already loaded" if @specs
      sources.cached!
@ -285,7 +264,7 @@ module Bundler
          # Run a resolve against the locally available gems
          Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
-          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+          Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
        end
      end
    end
@ -551,9 +530,6 @@ module Bundler
    attr_reader :sources
    private :sources
    attr_reader :locked_gem_sources
    private :locked_gem_sources
    def nothing_changed?
      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
    end
@ -678,21 +654,22 @@ module Bundler
    end
    def converge_rubygems_sources
-      return false if disable_multisource?
+      return false if Bundler.feature_flag.disable_multisource?
      return false if locked_gem_sources.empty?
      # Get the RubyGems remotes from the Gemfile
      actual_remotes = sources.rubygems_remotes
      return false if actual_remotes.empty?
      changes = false
      # Get the RubyGems sources from the Gemfile.lock
      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
      # Get the RubyGems remotes from the Gemfile
      actual_remotes = sources.rubygems_remotes
      # If there is a RubyGems source in both
      if !locked_gem_sources.empty? && !actual_remotes.empty?
        locked_gem_sources.each do |locked_gem|
          # Merge the remotes from the Gemfile into the Gemfile.lock
          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
        end
      end
      changes
    end
@ -916,18 +893,30 @@ module Bundler
      # Record the specs available in each gem's source, so that those
      # specs will be available later when the resolver knows where to
      # look for that gemspec (or its dependencies)
-      source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
+      default = sources.default_source
      source_requirements = { :default => default }
      default = nil unless Bundler.feature_flag.disable_multisource?
      dependencies.each do |dep|
        next unless source = dep.source || default
        source_requirements[dep.name] = source
      end
      metadata_dependencies.each do |dep|
        source_requirements[dep.name] = sources.metadata_source
      end
      source_requirements[:global] = index unless disable_multisource?
      source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
      source_requirements["bundler"] = sources.metadata_source # needs to come last to override
      source_requirements
    end
    def pinned_spec_names(skip = nil)
-      dependency_source_requirements.reject {|_, source| source == skip }.keys
+      pinned_names = []
      default = Bundler.feature_flag.disable_multisource? && sources.default_source
      @dependencies.each do |dep|
        next unless dep_source = dep.source || default
        next if dep_source == skip
        pinned_names << dep.name
      end
      pinned_names
    end
    def requested_groups
@ -984,18 +973,5 @@ module Bundler
      Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
    end
    def dependency_source_requirements
      @dependency_source_requirements ||= begin
        source_requirements = {}
        default = disable_multisource? && sources.default_source
        dependencies.each do |dep|
          dep_source = dep.source || default
          next unless dep_source
          source_requirements[dep.name] = dep_source
        end
        source_requirements
      end
    end
  end
 end
--- a/lib/bundler/dsl.rb
+++ b/lib/bundler/dsl.rb
@ -24,9 +24,6 @@ module Bundler
    def initialize
      @source               = nil
      @sources              = SourceList.new
      @global_rubygems_sources = []
      @git_sources          = {}
      @dependencies         = []
      @groups               = []
@ -48,7 +45,6 @@ module Bundler
      @gemfiles << expanded_gemfile_path
      contents ||= Bundler.read_file(@gemfile.to_s)
      instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
      check_primary_source_safety
    rescue Exception => e # rubocop:disable Lint/RescueException
      message = "There was an error " \
        "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@ -168,7 +164,8 @@ module Bundler
      elsif block_given?
        with_source(@sources.add_rubygems_source("remotes" => source), &blk)
      else
-        @global_rubygems_sources << source
+        check_primary_source_safety(@sources)
        @sources.global_rubygems_source = source
      end
    end
@ -186,14 +183,24 @@ module Bundler
    end
    def path(path, options = {}, &blk)
      unless block_given?
        msg = "You can no longer specify a path source by itself. Instead, \n" \
              "either use the :path option on a gem, or specify the gems that \n" \
              "bundler should find in the path source by passing a block to \n" \
              "the path method, like: \n\n" \
              "    path 'dir/containing/rails' do\n" \
              "      gem 'rails'\n" \
              "    end\n\n"
        raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
        SharedHelpers.major_deprecation(2, msg.strip)
      end
      source_options = normalize_hash(options).merge(
        "path" => Pathname.new(path),
        "root_path" => gemfile_root,
        "gemspec" => gemspecs.find {|g| g.name == options["name"] }
      )
      source_options["global"] = true unless block_given?
      source = @sources.add_path_source(source_options)
      with_source(source, &blk)
    end
@ -272,11 +279,6 @@ module Bundler
      raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
    end
    def check_primary_source_safety
      check_path_source_safety
      check_rubygems_source_safety
    end
    private
    def add_git_sources
@ -438,40 +440,25 @@ repo_name ||= user_name
      end
    end
-    def check_path_source_safety
+    def check_primary_source_safety(source_list)
-      return if @sources.global_path_source.nil?
+      return if source_list.rubygems_primary_remotes.empty? && source_list.global_rubygems_source.nil?
-      msg = "You can no longer specify a path source by itself. Instead, \n" \
+      if Bundler.feature_flag.disable_multisource?
              "either use the :path option on a gem, or specify the gems that \n" \
              "bundler should find in the path source by passing a block to \n" \
              "the path method, like: \n\n" \
              "    path 'dir/containing/rails' do\n" \
              "      gem 'rails'\n" \
              "    end\n\n"
      SharedHelpers.major_deprecation(2, msg.strip)
    end
    def check_rubygems_source_safety
      if @global_rubygems_sources.size <= 1
        @sources.global_rubygems_source = @global_rubygems_sources.first
        return
      end
      @global_rubygems_sources.each do |source|
        @sources.add_rubygems_remote(source)
      end
      if Bundler.feature_flag.bundler_3_mode?
        msg = "This Gemfile contains multiple primary sources. " \
          "Each source after the first must include a block to indicate which gems " \
          "should come from that source"
        unless Bundler.feature_flag.bundler_2_mode?
          msg += ". To downgrade this error to a warning, run " \
            "`bundle config unset disable_multisource`"
        end
        raise GemfileEvalError, msg
      else
        Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
          "Using `source` more than once without a block is a security risk, and " \
          "may result in installing unexpected gems. To resolve this warning, use " \
-          "a block to indicate which gems should come from the secondary source."
+          "a block to indicate which gems should come from the secondary source. " \
          "To upgrade this warning to an error, run `bundle config set --local " \
          "disable_multisource true`."
      end
    end
--- a/lib/bundler/feature_flag.rb
+++ b/lib/bundler/feature_flag.rb
@ -32,6 +32,7 @@ module Bundler
    settings_flag(:cache_all) { bundler_3_mode? }
    settings_flag(:default_install_uses_path) { bundler_3_mode? }
    settings_flag(:deployment_means_frozen) { bundler_3_mode? }
    settings_flag(:disable_multisource) { bundler_3_mode? }
    settings_flag(:forget_cli_options) { bundler_3_mode? }
    settings_flag(:global_gem_cache) { bundler_3_mode? }
    settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }
--- a/lib/bundler/inline.rb
+++ b/lib/bundler/inline.rb
@ -50,7 +50,6 @@ def gemfile(install = false, options = {}, &gemfile)
    Bundler::Plugin.gemfile_install(&gemfile) if Bundler.feature_flag.plugins?
    builder = Bundler::Dsl.new
    builder.instance_eval(&gemfile)
    builder.check_primary_source_safety
    Bundler.settings.temporary(:frozen => false) do
      definition = builder.to_definition(nil, true)
--- a/lib/bundler/lockfile_parser.rb
+++ b/lib/bundler/lockfile_parser.rb
@ -64,6 +64,8 @@ module Bundler
      @state        = nil
      @specs        = {}
      @rubygems_aggregate = Source::Rubygems.new
      if lockfile.match(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
        raise LockfileError, "Your #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} contains merge conflicts.\n" \
          "Run `git checkout HEAD -- #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` first to get a clean lock."
@ -87,6 +89,7 @@ module Bundler
          send("parse_#{@state}", line)
        end
      end
      @sources << @rubygems_aggregate unless Bundler.feature_flag.disable_multisource?
      @specs = @specs.values.sort_by(&:identifier)
      warn_for_outdated_bundler_version
    rescue ArgumentError => e
@ -131,19 +134,16 @@ module Bundler
            @sources << @current_source
          end
        when GEM
-          source_remotes = Array(@opts["remote"])
+          if Bundler.feature_flag.disable_multisource?
          if source_remotes.size == 1
            @opts["remotes"] = @opts.delete("remote")
            @current_source = TYPES[@type].from_lock(@opts)
          else
            source_remotes.each do |url|
              rubygems_aggregate.add_remote(url)
            end
            @current_source = rubygems_aggregate
          end
            @sources << @current_source
          else
            Array(@opts["remote"]).each do |url|
              @rubygems_aggregate.add_remote(url)
            end
            @current_source = @rubygems_aggregate
          end
        when PLUGIN
          @current_source = Plugin.source_from_lock(@opts)
          @sources << @current_source
@ -245,9 +245,5 @@ module Bundler
    def parse_ruby(line)
      @ruby_version = line.strip
    end
    def rubygems_aggregate
      @rubygems_aggregate ||= Source::Rubygems.new
    end
  end
 end
--- a/lib/bundler/man/bundle-config.1
+++ b/lib/bundler/man/bundle-config.1
@ -56,6 +56,9 @@ Executing \fBbundle config unset \-\-local <name> <value>\fR will delete the con
 .P
 Executing bundle with the \fBBUNDLE_IGNORE_CONFIG\fR environment variable set will cause it to ignore all configuration\.
 .
 .P
 Executing \fBbundle config set \-\-local disable_multisource true\fR upgrades the warning about the Gemfile containing multiple primary sources to an error\. Executing \fBbundle config unset disable_multisource\fR downgrades this error to a warning\.
 .
 .SH "REMEMBERING OPTIONS"
 Flags passed to \fBbundle install\fR or the Bundler runtime, such as \fB\-\-path foo\fR or \fB\-\-without production\fR, are remembered between commands and saved to your local application\'s configuration (normally, \fB\./\.bundle/config\fR)\.
 .
@ -181,6 +184,9 @@ The following is a list of all configuration keys and their purpose\. You can le
 \fBdisable_local_revision_check\fR (\fBBUNDLE_DISABLE_LOCAL_REVISION_CHECK\fR): Allow Bundler to use a local git override without checking if the revision present in the lockfile is present in the repository\.
 .
 .IP "\(bu" 4
 \fBdisable_multisource\fR (\fBBUNDLE_DISABLE_MULTISOURCE\fR): When set, Gemfiles containing multiple sources will produce errors instead of warnings\. Use \fBbundle config unset disable_multisource\fR to unset\.
 .
 .IP "\(bu" 4
 \fBdisable_shared_gems\fR (\fBBUNDLE_DISABLE_SHARED_GEMS\fR): Stop Bundler from accessing gems installed to RubyGems\' normal location\.
 .
 .IP "\(bu" 4
--- a/lib/bundler/man/bundle-config.1.ronn
+++ b/lib/bundler/man/bundle-config.1.ronn
@ -47,6 +47,10 @@ configuration only from the local application.
 Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
 cause it to ignore all configuration.
 Executing `bundle config set --local disable_multisource true` upgrades the warning about
 the Gemfile containing multiple primary sources to an error. Executing `bundle
 config unset disable_multisource` downgrades this error to a warning.
 ## REMEMBERING OPTIONS
 Flags passed to `bundle install` or the Bundler runtime, such as `--path foo` or
@ -174,6 +178,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `disable_local_revision_check` (`BUNDLE_DISABLE_LOCAL_REVISION_CHECK`):
   Allow Bundler to use a local git override without checking if the revision
   present in the lockfile is present in the repository.
 * `disable_multisource` (`BUNDLE_DISABLE_MULTISOURCE`):
   When set, Gemfiles containing multiple sources will produce errors
   instead of warnings.
   Use `bundle config unset disable_multisource` to unset.
 * `disable_shared_gems` (`BUNDLE_DISABLE_SHARED_GEMS`):
   Stop Bundler from accessing gems installed to RubyGems' normal location.
 * `disable_version_check` (`BUNDLE_DISABLE_VERSION_CHECK`):
--- a/lib/bundler/plugin.rb
+++ b/lib/bundler/plugin.rb
@ -105,7 +105,6 @@ module Bundler
        else
          builder.eval_gemfile(gemfile)
        end
        builder.check_primary_source_safety
        definition = builder.to_definition(nil, true)
        return if definition.dependencies.empty?
--- a/lib/bundler/plugin/installer.rb
+++ b/lib/bundler/plugin/installer.rb
@ -16,6 +16,7 @@ module Bundler
        version = options[:version] || [">= 0"]
        Bundler.settings.temporary(:disable_multisource => false) do
          if options[:git]
            install_git(names, version, options)
          elsif options[:local_git]
@ -25,6 +26,7 @@ module Bundler
            install_rubygems(names, version, sources)
          end
        end
      end
      # Installs the plugin from Definition object created by limited parsing of
      # Gemfile searching for plugins to be installed
@ -82,7 +84,6 @@ module Bundler
        deps = names.map {|name| Dependency.new name, version }
        definition = Definition.new(nil, deps, source_list, true)
        definition.allow_multisource!
        install_definition(definition)
      end
--- a/lib/bundler/resolver.rb
+++ b/lib/bundler/resolver.rb
@ -17,14 +17,15 @@ module Bundler
    # ==== Returns
    # <GemBundle>,nil:: If the list of dependencies can be resolved, a
    #   collection of gemspecs is returned. Otherwise, nil is returned.
-    def self.resolve(requirements, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
+    def self.resolve(requirements, index, source_requirements = {}, base = [], gem_version_promoter = GemVersionPromoter.new, additional_base_requirements = [], platforms = nil)
      base = SpecSet.new(base) unless base.is_a?(SpecSet)
-      resolver = new(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+      resolver = new(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
      result = resolver.start(requirements)
      SpecSet.new(result)
    end
-    def initialize(source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
+    def initialize(index, source_requirements, base, gem_version_promoter, additional_base_requirements, platforms)
      @index = index
      @source_requirements = source_requirements
      @base = base
      @resolver = Molinillo::Resolver.new(self, self)
@ -39,7 +40,7 @@ module Bundler
      @resolving_only_for_ruby = platforms == [Gem::Platform::RUBY]
      @gem_version_promoter = gem_version_promoter
      @use_gvp = Bundler.feature_flag.use_gem_version_promoter_for_major_updates? || !@gem_version_promoter.major?
-      @no_aggregate_global_source = @source_requirements[:global].nil?
+      @lockfile_uses_separate_rubygems_sources = Bundler.feature_flag.disable_multisource?
      @variant_specific_names = []
      @generic_names = ["Ruby\0", "RubyGems\0"]
@ -124,7 +125,8 @@ module Bundler
      dependency = dependency_proxy.dep
      name = dependency.name
      search_result = @search_for[dependency_proxy] ||= begin
-        results = results_for(dependency, @base[name])
+        index = index_for(dependency)
        results = index.search(dependency, @base[name])
        if vertex = @base_dg.vertex_named(name)
          locked_requirement = vertex.payload.requirement
@ -193,26 +195,23 @@ module Bundler
      search_result
    end
-    def index_for(dependency, base)
+    def index_for(dependency)
      source = @source_requirements[dependency.name]
      if source
        source.specs
-      elsif @no_aggregate_global_source
+      elsif @lockfile_uses_separate_rubygems_sources
-        dependency.all_sources.find(-> { Index.new }) do |s|
+        Index.build do |idx|
-          idx = s.specs
+          if dependency.all_sources
-          results = idx.search(dependency, base)
+            dependency.all_sources.each {|s| idx.add_source(s.specs) if s }
-          next if results.empty? || results == base
+          else
-          return idx
+            idx.add_source @source_requirements[:default].specs
          end
        end
      else
-        @source_requirements[:global]
+        @index
      end
    end
    def results_for(dependency, base)
      index_for(dependency, base).search(dependency, base)
    end
    def name_for(dependency)
      dependency.name
    end
@ -239,13 +238,11 @@ module Bundler
    def relevant_sources_for_vertex(vertex)
      if vertex.root?
-        [@source_requirements[vertex.name]].compact
+        [@source_requirements[vertex.name]]
-      elsif @no_aggregate_global_source
+      elsif @lockfile_uses_separate_rubygems_sources
        vertex.recursive_predecessors.map do |v|
          @source_requirements[v.name]
-        end.compact << @source_requirements[:default]
+        end << @source_requirements[:default]
      else
        []
      end
    end
@ -286,7 +283,7 @@ module Bundler
        if (base = @base[dependency.name]) && !base.empty?
          dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
        else
-          all = index_for(dependency, base).search(dependency.name).size
+          all = index_for(dependency).search(dependency.name).size
          if all <= 1
            all - 1_000_000
@ -329,7 +326,7 @@ module Bundler
            "The source does not contain any versions of '#{name}'"
          end
        else
-          message = "Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in any of the gem sources " \
+          message = "Could not find gem '#{requirement}' in any of the gem sources " \
            "listed in your Gemfile#{cache_message}."
        end
        raise GemNotFound, message
@ -414,8 +411,14 @@ module Bundler
            relevant_sources = if conflict.requirement.source
              [conflict.requirement.source]
-            else
+            elsif conflict.requirement.all_sources
              conflict.requirement.all_sources
            elsif @lockfile_uses_separate_rubygems_sources
              # every conflict should have an explicit group of sources when we
              # enforce strict pinning
              raise "no source set for #{conflict}"
            else
              []
            end.compact.map(&:to_s).uniq.sort
            metadata_requirement = name.end_with?("\0")
@ -452,8 +455,7 @@ module Bundler
    def validate_resolved_specs!(resolved_specs)
      resolved_specs.each do |v|
        name = v.name
-        sources = relevant_sources_for_vertex(v)
+        next unless sources = relevant_sources_for_vertex(v)
        next unless sources.any?
        sources.compact!
        if default_index = sources.index(@source_requirements[:default])
          sources.delete_at(default_index)
@ -462,12 +464,14 @@ module Bundler
        sources.uniq!
        next if sources.size <= 1
        multisource_disabled = Bundler.feature_flag.disable_multisource?
        msg = ["The gem '#{name}' was found in multiple relevant sources."]
        msg.concat sources.map {|s| "  * #{s}" }.sort
-        msg << "You #{@no_aggregate_global_source ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+        msg << "You #{multisource_disabled ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
        msg = msg.join("\n")
-        raise SecurityError, msg if @no_aggregate_global_source
+        raise SecurityError, msg if multisource_disabled
        Bundler.ui.warn "Warning: #{msg}"
      end
    end
--- a/lib/bundler/settings.rb
+++ b/lib/bundler/settings.rb
@ -20,6 +20,7 @@ module Bundler
      disable_exec_load
      disable_local_branch_check
      disable_local_revision_check
      disable_multisource
      disable_shared_gems
      disable_version_check
      force_ruby_platform
--- a/lib/bundler/source/rubygems.rb
+++ b/lib/bundler/source/rubygems.rb
@ -21,7 +21,6 @@ module Bundler
        @allow_remote = false
        @allow_cached = false
        @caches = [cache_path, *Bundler.rubygems.gem_cache]
        @disable_multisource = true
        Array(options["remotes"] || []).reverse_each {|r| add_remote(r) }
      end
@ -50,16 +49,8 @@ module Bundler
        o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
      end
      def disable_multisource?
        @disable_multisource
      end
      def allow_multisource!
        @disable_multisource = false
      end
      def can_lock?(spec)
-        return super if disable_multisource?
+        return super if Bundler.feature_flag.disable_multisource?
        spec.source.is_a?(Rubygems)
      end
--- a/lib/bundler/source_list.rb
+++ b/lib/bundler/source_list.rb
@ -5,41 +5,24 @@ module Bundler
    attr_reader :path_sources,
      :git_sources,
      :plugin_sources,
-      :global_path_source,
+      :global_rubygems_source,
-      :metadata_source,
+      :metadata_source
      :disable_multisource
    def global_rubygems_source
      @global_rubygems_source ||= rubygems_aggregate_class.new
    end
    def initialize
      @path_sources           = []
      @git_sources            = []
      @plugin_sources         = []
      @global_rubygems_source = nil
-      @global_path_source     = nil
+      @rubygems_aggregate     = rubygems_aggregate_class.new
      @rubygems_sources       = []
      @metadata_source        = Source::Metadata.new
      @disable_multisource    = true
    end
    def disable_multisource?
      @disable_multisource
    end
    def allow_multisource!
      rubygems_sources.map(&:allow_multisource!)
      @disable_multisource = false
    end
    def add_path_source(options = {})
      if options["gemspec"]
        add_source_to_list Source::Gemspec.new(options), path_sources
      else
-        path_source = add_source_to_list Source::Path.new(options), path_sources
+        add_source_to_list Source::Path.new(options), path_sources
        @global_path_source ||= path_source if options["global"]
        path_source
      end
    end
@ -58,20 +41,24 @@ module Bundler
    end
    def global_rubygems_source=(uri)
      if Bundler.feature_flag.disable_multisource?
        @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
      end
      add_rubygems_remote(uri)
    end
    def add_rubygems_remote(uri)
-      global_rubygems_source.add_remote(uri)
+      return if Bundler.feature_flag.disable_multisource?
-      global_rubygems_source
+      @rubygems_aggregate.add_remote(uri)
      @rubygems_aggregate
    end
    def default_source
-      global_path_source || global_rubygems_source
+      global_rubygems_source || @rubygems_aggregate
    end
    def rubygems_sources
-      @rubygems_sources + [global_rubygems_source]
+      @rubygems_sources + [default_source]
    end
    def rubygems_remotes
@ -88,7 +75,7 @@ module Bundler
    def lock_sources
      lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
-      if disable_multisource?
+      if Bundler.feature_flag.disable_multisource?
        lock_sources + rubygems_sources.sort_by(&:to_s)
      else
        lock_sources << combine_rubygems_sources
@ -105,9 +92,9 @@ module Bundler
        end
      end
-      replacement_rubygems = !disable_multisource? &&
+      replacement_rubygems = !Bundler.feature_flag.disable_multisource? &&
        replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
-      @global_rubygems_source = replacement_rubygems if replacement_rubygems
+      @rubygems_aggregate = replacement_rubygems if replacement_rubygems
      return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
      return true if replacement_rubygems && rubygems_remotes.sort_by(&:to_s) != replacement_rubygems.remotes.sort_by(&:to_s)
@ -123,6 +110,10 @@ module Bundler
      all_sources.each(&:remote!)
    end
    def rubygems_primary_remotes
      @rubygems_aggregate.remotes
    end
    private
    def rubygems_aggregate_class
@ -145,9 +136,7 @@ module Bundler
    end
    def combine_rubygems_sources
-      aggregate_source = Source::Rubygems.new("remotes" => rubygems_remotes)
+      Source::Rubygems.new("remotes" => rubygems_remotes)
      aggregate_source.allow_multisource! unless disable_multisource?
      aggregate_source
    end
    def warn_on_git_protocol(source)
--- a/lib/bundler/version.rb
+++ b/lib/bundler/version.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: false
 module Bundler
-  VERSION = "2.2.10".freeze
+  VERSION = "2.2.11".freeze
  def self.bundler_major_version
    @bundler_major_version ||= VERSION.split(".").first.to_i
--- a/lib/rubygems.rb
+++ b/lib/rubygems.rb
@ -8,7 +8,7 @@
 require 'rbconfig'
 module Gem
-  VERSION = "3.2.10".freeze
+  VERSION = "3.2.11".freeze
 end
 # Must be first since it unloads the prelude from 1.9.2
--- a/lib/rubygems/config_file.rb
+++ b/lib/rubygems/config_file.rb
@ -45,6 +45,7 @@ class Gem::ConfigFile
  DEFAULT_UPDATE_SOURCES = true
  DEFAULT_CONCURRENT_DOWNLOADS = 8
  DEFAULT_CERT_EXPIRATION_LENGTH_DAYS = 365
  DEFAULT_IPV4_FALLBACK_ENABLED = false
  ##
  # For Ruby packagers to set configuration defaults.  Set in
@ -140,6 +141,12 @@ class Gem::ConfigFile
  attr_accessor :cert_expiration_length_days
  ##
  # == Experimental ==
  # Fallback to IPv4 when IPv6 is not reachable or slow (default: false)
  attr_accessor :ipv4_fallback_enabled
  ##
  # Path name of directory or file of openssl client certificate, used for remote https connection with client authentication
@ -175,6 +182,7 @@ class Gem::ConfigFile
    @update_sources = DEFAULT_UPDATE_SOURCES
    @concurrent_downloads = DEFAULT_CONCURRENT_DOWNLOADS
    @cert_expiration_length_days = DEFAULT_CERT_EXPIRATION_LENGTH_DAYS
    @ipv4_fallback_enabled = ENV['IPV4_FALLBACK_ENABLED'] == 'true' || DEFAULT_IPV4_FALLBACK_ENABLED
    operating_system_config = Marshal.load Marshal.dump(OPERATING_SYSTEM_DEFAULTS)
    platform_config = Marshal.load Marshal.dump(PLATFORM_DEFAULTS)
@ -203,6 +211,7 @@ class Gem::ConfigFile
    @disable_default_gem_server  = @hash[:disable_default_gem_server]  if @hash.key? :disable_default_gem_server
    @sources                     = @hash[:sources]                     if @hash.key? :sources
    @cert_expiration_length_days = @hash[:cert_expiration_length_days] if @hash.key? :cert_expiration_length_days
    @ipv4_fallback_enabled       = @hash[:ipv4_fallback_enabled]       if @hash.key? :ipv4_fallback_enabled
    @ssl_verify_mode  = @hash[:ssl_verify_mode]  if @hash.key? :ssl_verify_mode
    @ssl_ca_cert      = @hash[:ssl_ca_cert]      if @hash.key? :ssl_ca_cert
--- a/lib/rubygems/core_ext/tcpsocket_init.rb
+++ b/lib/rubygems/core_ext/tcpsocket_init.rb
@ -0,0 +1,49 @@
 require 'socket'
 module CoreExtensions
  module TCPSocketExt
    def self.prepended(base)
      base.prepend Initializer
    end
    module Initializer
      CONNECTION_TIMEOUT = 5
      IPV4_DELAY_SECONDS = 0.1
      def initialize(host, serv, *rest)
        mutex = Mutex.new
        addrs = []
        cond_var = ConditionVariable.new
        Addrinfo.foreach(host, serv, nil, :STREAM) do |addr|
          Thread.report_on_exception = false if defined? Thread.report_on_exception = ()
          Thread.new(addr) do
            # give head start to ipv6 addresses
            sleep IPV4_DELAY_SECONDS if addr.ipv4?
            # raises Errno::ECONNREFUSED when ip:port is unreachable
            Socket.tcp(addr.ip_address, serv, connect_timeout: CONNECTION_TIMEOUT).close
            mutex.synchronize do
              addrs << addr.ip_address
              cond_var.signal
            end
          end
        end
        mutex.synchronize do
          timeout_time = CONNECTION_TIMEOUT + Time.now.to_f
          while addrs.empty? && (remaining_time = timeout_time - Time.now.to_f) > 0
            cond_var.wait(mutex, remaining_time)
          end
          host = addrs.shift unless addrs.empty?
        end
        super(host, serv, *rest)
      end
    end
  end
 end
 TCPSocket.prepend CoreExtensions::TCPSocketExt
--- a/lib/rubygems/remote_fetcher.rb
+++ b/lib/rubygems/remote_fetcher.rb
@ -78,6 +78,7 @@ class Gem::RemoteFetcher
  #            fetching the gem.
  def initialize(proxy=nil, dns=nil, headers={})
    require 'rubygems/core_ext/tcpsocket_init' if Gem.configuration.ipv4_fallback_enabled
    require 'net/http'
    require 'stringio'
    require 'uri'
--- a/spec/bundler/bundler/dsl_spec.rb
+++ b/spec/bundler/bundler/dsl_spec.rb
@ -25,7 +25,7 @@ RSpec.describe Bundler::Dsl do
      expect { subject.git_source(:example) }.to raise_error(Bundler::InvalidOption)
    end
-    context "default hosts", :bundler => "< 3" do
+    context "default hosts", :bundler => "2" do
      it "converts :github to URI using https" do
        subject.gem("sparks", :github => "indirect/sparks")
        github_uri = "https://github.com/indirect/sparks.git"
@ -195,6 +195,19 @@ RSpec.describe Bundler::Dsl do
    #   gem 'spree_api'
    #   gem 'spree_backend'
    # end
    describe "#github", :bundler => "< 3" do
      it "from github" do
        spree_gems = %w[spree_core spree_api spree_backend]
        subject.github "spree" do
          spree_gems.each {|spree_gem| subject.send :gem, spree_gem }
        end
        subject.dependencies.each do |d|
          expect(d.source.uri).to eq("https://github.com/spree/spree.git")
        end
      end
    end
    describe "#github" do
      it "from github" do
        spree_gems = %w[spree_core spree_api spree_backend]
--- a/spec/bundler/bundler/plugin_spec.rb
+++ b/spec/bundler/bundler/plugin_spec.rb
@ -112,7 +112,6 @@ RSpec.describe Bundler::Plugin do
    before do
      allow(Plugin::DSL).to receive(:new) { builder }
      allow(builder).to receive(:eval_gemfile).with(gemfile)
      allow(builder).to receive(:check_primary_source_safety)
      allow(builder).to receive(:to_definition) { definition }
      allow(builder).to receive(:inferred_plugins) { [] }
    end
--- a/spec/bundler/bundler/source_list_spec.rb
+++ b/spec/bundler/bundler/source_list_spec.rb
@ -372,7 +372,26 @@ RSpec.describe Bundler::SourceList do
      source_list.add_git_source("uri" => "git://first-git.org/path.git")
    end
-    it "returns all sources, without combining rubygems sources" do
+    it "combines the rubygems sources into a single instance, removing duplicate remotes from the end", :bundler => "< 3" do
      expect(source_list.lock_sources).to eq [
        Bundler::Source::Git.new("uri" => "git://first-git.org/path.git"),
        Bundler::Source::Git.new("uri" => "git://second-git.org/path.git"),
        Bundler::Source::Git.new("uri" => "git://third-git.org/path.git"),
        ASourcePlugin.new("uri" => "https://second-plugin.org/random"),
        ASourcePlugin.new("uri" => "https://third-bar.org/foo"),
        Bundler::Source::Path.new("path" => "/first/path/to/gem"),
        Bundler::Source::Path.new("path" => "/second/path/to/gem"),
        Bundler::Source::Path.new("path" => "/third/path/to/gem"),
        Bundler::Source::Rubygems.new("remotes" => [
          "https://duplicate-rubygems.org",
          "https://first-rubygems.org",
          "https://second-rubygems.org",
          "https://third-rubygems.org",
        ]),
      ]
    end
    it "returns all sources, without combining rubygems sources", :bundler => "3" do
      expect(source_list.lock_sources).to eq [
        Bundler::Source::Git.new("uri" => "git://first-git.org/path.git"),
        Bundler::Source::Git.new("uri" => "git://second-git.org/path.git"),
--- a/spec/bundler/commands/exec_spec.rb
+++ b/spec/bundler/commands/exec_spec.rb
@ -762,8 +762,7 @@ RSpec.describe "bundle exec" do
      let(:exit_code) { Bundler::GemNotFound.new.status_code }
      let(:expected) { "" }
      let(:expected_err) { <<-EOS.strip }
-\e[31mCould not find gem 'rack (= 2)' in locally installed gems.
+\e[31mCould not find gem 'rack (= 2)' in any of the gem sources listed in your Gemfile.\e[0m
 The source contains the following versions of 'rack': 0.9.1, 1.0.0\e[0m
 \e[33mRun `bundle install` to install missing gems.\e[0m
      EOS
--- a/spec/bundler/commands/post_bundle_message_spec.rb
+++ b/spec/bundler/commands/post_bundle_message_spec.rb
@ -113,7 +113,16 @@ RSpec.describe "post bundle message" do
        bundle "config set force_ruby_platform true"
      end
-      it "should report a helpful error message" do
+      it "should report a helpful error message", :bundler => "< 3" do
        install_gemfile <<-G, :raise_on_error => false
          source "#{file_uri_for(gem_repo1)}"
          gem "rack"
          gem "not-a-gem", :group => :development
        G
        expect(err).to include("Could not find gem 'not-a-gem' in any of the gem sources listed in your Gemfile.")
      end
      it "should report a helpful error message", :bundler => "3" do
        install_gemfile <<-G, :raise_on_error => false
          source "#{file_uri_for(gem_repo1)}"
          gem "rack"
--- a/spec/bundler/install/gemfile/gemspec_spec.rb
+++ b/spec/bundler/install/gemfile/gemspec_spec.rb
@ -422,13 +422,14 @@ RSpec.describe "bundle install from an existing gemspec" do
          end
        end
-        gemfile <<-G
+        %w[ruby jruby].each do |platform|
          simulate_platform(platform) do
            install_gemfile <<-G
              source "#{file_uri_for(gem_repo2)}"
              gemspec
            G
-
+          end
-        simulate_platform("ruby") { bundle "install" }
+        end
        simulate_platform("jruby") { bundle "install" }
      end
      context "on ruby" do
--- a/spec/bundler/install/gemfile/sources_spec.rb
+++ b/spec/bundler/install/gemfile/sources_spec.rb
@ -27,7 +27,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
        G
      end
-      it "warns about ambiguous gems, but installs anyway, prioritizing sources last to first", :bundler => "< 3" do
+      it "warns about ambiguous gems, but installs anyway, prioritizing sources last to first", :bundler => "2" do
        bundle :install
        expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
@ -54,7 +54,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
        G
      end
-      it "warns about ambiguous gems, but installs anyway", :bundler => "< 3" do
+      it "warns about ambiguous gems, but installs anyway", :bundler => "2" do
        bundle :install
        expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
        expect(err).to include("Installed from: #{file_uri_for(gem_repo1)}")
@ -96,7 +96,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
      it "installs the gems without any warning" do
        bundle :install
-        expect(err).not_to include("Warning")
+        expect(out).not_to include("Warning")
        expect(the_bundle).to include_gems("rack-obama 1.0.0")
        expect(the_bundle).to include_gems("rack 1.0.0", :source => "remote1")
      end
@ -128,7 +128,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
          end
        end
-        install_gemfile <<-G
+        gemfile <<-G
          source "#{file_uri_for(gem_repo3)}"
          gem "rack-obama" # should come from repo3!
          gem "rack", :source => "#{file_uri_for(gem_repo1)}"
@ -136,7 +136,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
      end
      it "installs the gems without any warning" do
-        expect(err).not_to include("Warning")
+        bundle :install
        expect(out).not_to include("Warning")
        expect(the_bundle).to include_gems("rack-obama 1.0.0", "rack 1.0.0")
      end
    end
@ -172,8 +173,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
          it "installs from the same source without any warning" do
            bundle :install
-            expect(err).not_to include("Warning")
+            expect(out).not_to include("Warning")
-            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0", :source => "remote3")
+            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0")
          end
        end
@ -187,38 +188,27 @@ RSpec.describe "bundle install with gems on multiple sources" do
            end
          end
          context "when disable_multisource is set" do
            before do
              bundle "config set disable_multisource true"
            end
            it "installs from the same source without any warning" do
              bundle :install
              expect(out).not_to include("Warning: the gem 'rack' was found in multiple sources.")
              expect(err).not_to include("Warning: the gem 'rack' was found in multiple sources.")
-            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0", :source => "remote3")
+              expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0")
            # In https://github.com/bundler/bundler/issues/3585 this failed
              # when there is already a lock file, and the gems are missing, so try again
              system_gems []
              bundle :install
              expect(out).not_to include("Warning: the gem 'rack' was found in multiple sources.")
              expect(err).not_to include("Warning: the gem 'rack' was found in multiple sources.")
-            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0", :source => "remote3")
+              expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0")
            end
          end
        context "and in another source with a higher version" do
          before do
            # need this to be broken to check for correct source ordering
            build_repo gem_repo2 do
              build_gem "rack", "1.0.1" do |s|
                s.write "lib/rack.rb", "RACK = 'FAIL'"
              end
            end
          end
          it "installs from the same source without any warning" do
            bundle :install
            expect(err).not_to include("Warning: the gem 'rack' was found in multiple sources.")
            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0", :source => "remote3")
          end
        end
      end
@ -232,7 +222,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
        context "and not in any other sources" do
          before do
-            install_gemfile <<-G
+            gemfile <<-G
              source "#{file_uri_for(gem_repo2)}"
              source "#{file_uri_for(gem_repo3)}" do
                gem "depends_on_rack"
@ -241,7 +231,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
          end
          it "installs from the other source without any warning" do
-            expect(err).not_to include("Warning")
+            bundle :install
            expect(out).not_to include("Warning")
            expect(the_bundle).to include_gems("depends_on_rack 1.0.1", "rack 1.0.0")
          end
        end
@ -257,7 +248,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
            G
          end
-          it "installs from the other source and warns about ambiguous gems", :bundler => "< 3" do
+          it "installs from the other source and warns about ambiguous gems", :bundler => "2" do
            bundle :install
            expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
            expect(err).to include("Installed from: #{file_uri_for(gem_repo2)}")
@ -289,7 +280,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
            G
          end
-          it "installs the dependency from the pinned source without warning", :bundler => "< 3" do
+          it "installs the dependency from the pinned source without warning", :bundler => "2" do
            bundle :install
            expect(err).not_to include("Warning: the gem 'rack' was found in multiple sources.")
@ -314,6 +305,11 @@ RSpec.describe "bundle install with gems on multiple sources" do
    end
    context "when a top-level gem has an indirect dependency" do
      context "when disable_multisource is set" do
        before do
          bundle "config set disable_multisource true"
        end
        before do
          build_repo gem_repo2 do
            build_gem "depends_on_rack", "1.0.1" do |s|
@ -385,6 +381,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
          end
        end
      end
    end
    context "with a gem that is only found in the wrong source" do
      before do
@ -392,14 +389,15 @@ RSpec.describe "bundle install with gems on multiple sources" do
          build_gem "not_in_repo1", "1.0.0"
        end
-        install_gemfile <<-G, :raise_on_error => false
+        gemfile <<-G
          source "#{file_uri_for(gem_repo3)}"
          gem "not_in_repo1", :source => "#{file_uri_for(gem_repo1)}"
        G
      end
      it "does not install the gem" do
-        expect(err).to include("Could not find gem 'not_in_repo1")
+        bundle :install, :raise_on_error => false
        expect(err).to include("Could not find gem 'not_in_repo1'")
      end
    end
@ -435,92 +433,6 @@ RSpec.describe "bundle install with gems on multiple sources" do
      end
    end
    context "with a lockfile with aggregated rubygems sources" do
      let(:aggregate_gem_section_lockfile) do
        <<~L
          GEM
            remote: #{file_uri_for(gem_repo1)}/
            remote: #{file_uri_for(gem_repo3)}/
            specs:
              rack (0.9.1)
          PLATFORMS
            #{specific_local_platform}
          DEPENDENCIES
            rack!
          BUNDLED WITH
             #{Bundler::VERSION}
        L
      end
      let(:split_gem_section_lockfile) do
        <<~L
          GEM
            remote: #{file_uri_for(gem_repo1)}/
            specs:
          GEM
            remote: #{file_uri_for(gem_repo3)}/
            specs:
              rack (0.9.1)
          PLATFORMS
            #{specific_local_platform}
          DEPENDENCIES
            rack!
          BUNDLED WITH
             #{Bundler::VERSION}
        L
      end
      before do
        build_repo gem_repo3 do
          build_gem "rack", "0.9.1"
        end
        gemfile <<-G
          source "#{file_uri_for(gem_repo1)}"
          source "#{file_uri_for(gem_repo3)}" do
            gem 'rack'
          end
        G
        lockfile aggregate_gem_section_lockfile
      end
      it "installs a lockfile with separate rubygems source sections if not in frozen mode" do
        bundle "install"
        expect(lockfile).to eq(split_gem_section_lockfile)
        expect(the_bundle).to include_gems("rack 0.9.1", :source => "remote3")
      end
      it "installs the existing lockfile but prints a warning if in frozen mode", :bundler => "< 3" do
        bundle "config set --local deployment true"
        bundle "install"
        expect(lockfile).to eq(aggregate_gem_section_lockfile)
        expect(the_bundle).to include_gems("rack 0.9.1", :source => "remote3")
      end
      it "refuses to install the existing lockfile and prints an error if in frozen mode", :bundler => "3" do
        bundle "config set --local deployment true"
        bundle "install", :raise_on_error =>false
        expect(lockfile).to eq(aggregate_gem_section_lockfile)
        expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.")
        expect(out).to be_empty
      end
    end
    context "with a path gem in the same Gemfile" do
      before do
        build_lib "foo"
@ -545,13 +457,14 @@ RSpec.describe "bundle install with gems on multiple sources" do
    before do
      system_gems "rack-0.9.1"
-      install_gemfile <<-G
+      gemfile <<-G
        source "#{file_uri_for(gem_repo1)}"
        gem "rack" # shoud come from repo1!
      G
    end
    it "installs the gems without any warning" do
      bundle :install
      expect(err).not_to include("Warning")
      expect(the_bundle).to include_gems("rack 1.0.0")
    end
@ -702,12 +615,16 @@ RSpec.describe "bundle install with gems on multiple sources" do
      G
    end
-    it "installs the higher version in the new repo" do
+    it "keeps the old version", :bundler => "2" do
      expect(the_bundle).to include_gems("rack 1.0.0")
    end
    it "installs the higher version in the new repo", :bundler => "3" do
      expect(the_bundle).to include_gems("rack 1.2")
    end
  end
-  context "when a gem is available from multiple ambiguous sources" do
+  context "when a gem is available from multiple ambiguous sources", :bundler => "3" do
    it "raises, suggesting a source block" do
      build_repo4 do
        build_gem "depends_on_rack" do |s|
--- a/spec/bundler/install/gems/flex_spec.rb
+++ b/spec/bundler/install/gems/flex_spec.rb
@ -245,7 +245,37 @@ RSpec.describe "bundle flex_install" do
  end
  describe "when adding a new source" do
-    it "updates the lockfile" do
+    it "updates the lockfile", :bundler => "< 3" do
      build_repo2
      install_gemfile <<-G
        source "#{file_uri_for(gem_repo1)}"
        gem "rack"
      G
      install_gemfile <<-G
        source "#{file_uri_for(gem_repo1)}"
        source "#{file_uri_for(gem_repo2)}"
        gem "rack"
      G
      lockfile_should_be <<-L
      GEM
        remote: #{file_uri_for(gem_repo1)}/
        remote: #{file_uri_for(gem_repo2)}/
        specs:
          rack (1.0.0)
      PLATFORMS
        #{lockfile_platforms}
      DEPENDENCIES
        rack
      BUNDLED WITH
         #{Bundler::VERSION}
      L
    end
    it "updates the lockfile", :bundler => "3" do
      build_repo2
      install_gemfile <<-G
        source "#{file_uri_for(gem_repo1)}"
--- a/spec/bundler/lock/lockfile_spec.rb
+++ b/spec/bundler/lock/lockfile_spec.rb
@ -318,7 +318,40 @@ RSpec.describe "the lockfile format" do
    G
  end
-  it "generates a lockfile without credentials for a configured source" do
+  it "generates a lockfile without credentials for a configured source", :bundler => "< 3" do
    bundle "config set http://localgemserver.test/ user:pass"
    install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true)
      source "http://localgemserver.test/" do
      end
      source "http://user:pass@othergemserver.test/" do
        gem "rack-obama", ">= 1.0"
      end
    G
    lockfile_should_be <<-G
      GEM
        remote: http://localgemserver.test/
        remote: http://user:pass@othergemserver.test/
        specs:
          rack (1.0.0)
          rack-obama (1.0)
            rack
      PLATFORMS
        #{lockfile_platforms}
      DEPENDENCIES
        rack-obama (>= 1.0)!
      BUNDLED WITH
         #{Bundler::VERSION}
    G
  end
  it "generates a lockfile without credentials for a configured source", :bundler => "3" do
    bundle "config set http://localgemserver.test/ user:pass"
    install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true)
--- a/spec/bundler/other/major_deprecation_spec.rb
+++ b/spec/bundler/other/major_deprecation_spec.rb
@ -17,7 +17,7 @@ RSpec.describe "major deprecations" do
        bundle "exec ruby -e #{source.dump}"
      end
-      it "is deprecated in favor of .unbundled_env", :bundler => "< 3" do
+      it "is deprecated in favor of .unbundled_env", :bundler => "2" do
        expect(deprecations).to include \
          "`Bundler.clean_env` has been deprecated in favor of `Bundler.unbundled_env`. " \
          "If you instead want the environment before bundler was originally loaded, use `Bundler.original_env` " \
@ -33,7 +33,7 @@ RSpec.describe "major deprecations" do
        bundle "exec ruby -e #{source.dump}"
      end
-      it "is deprecated in favor of .unbundled_env", :bundler => "< 3" do
+      it "is deprecated in favor of .unbundled_env", :bundler => "2" do
        expect(deprecations).to include(
          "`Bundler.with_clean_env` has been deprecated in favor of `Bundler.with_unbundled_env`. " \
          "If you instead want the environment before bundler was originally loaded, use `Bundler.with_original_env` " \
@ -50,7 +50,7 @@ RSpec.describe "major deprecations" do
        bundle "exec ruby -e #{source.dump}"
      end
-      it "is deprecated in favor of .unbundled_system", :bundler => "< 3" do
+      it "is deprecated in favor of .unbundled_system", :bundler => "2" do
        expect(deprecations).to include(
          "`Bundler.clean_system` has been deprecated in favor of `Bundler.unbundled_system`. " \
          "If you instead want to run the command in the environment before bundler was originally loaded, use `Bundler.original_system` " \
@ -67,7 +67,7 @@ RSpec.describe "major deprecations" do
        bundle "exec ruby -e #{source.dump}"
      end
-      it "is deprecated in favor of .unbundled_exec", :bundler => "< 3" do
+      it "is deprecated in favor of .unbundled_exec", :bundler => "2" do
        expect(deprecations).to include(
          "`Bundler.clean_exec` has been deprecated in favor of `Bundler.unbundled_exec`. " \
          "If you instead want to exec to a command in the environment before bundler was originally loaded, use `Bundler.original_exec` " \
@ -84,7 +84,7 @@ RSpec.describe "major deprecations" do
        bundle "exec ruby -e #{source.dump}"
      end
-      it "is deprecated in favor of .load", :bundler => "< 3" do
+      it "is deprecated in favor of .load", :bundler => "2" do
        expect(deprecations).to include "Bundler.environment has been removed in favor of Bundler.load (called at -e:1)"
      end
@ -109,7 +109,7 @@ RSpec.describe "major deprecations" do
      bundle "check --path vendor/bundle", :raise_on_error => false
    end
-    it "should print a deprecation warning", :bundler => "< 3" do
+    it "should print a deprecation warning", :bundler => "2" do
      expect(deprecations).to include(
        "The `--path` flag is deprecated because it relies on being " \
        "remembered across bundler invocations, which bundler will no " \
@ -118,7 +118,7 @@ RSpec.describe "major deprecations" do
      )
    end
-    pending "fails with a helpful error", :bundler => "3"
+    pending "should fail with a helpful error", :bundler => "3"
  end
  context "bundle check --path=" do
@ -131,7 +131,7 @@ RSpec.describe "major deprecations" do
      bundle "check --path=vendor/bundle", :raise_on_error => false
    end
-    it "should print a deprecation warning", :bundler => "< 3" do
+    it "should print a deprecation warning", :bundler => "2" do
      expect(deprecations).to include(
        "The `--path` flag is deprecated because it relies on being " \
        "remembered across bundler invocations, which bundler will no " \
@ -140,7 +140,7 @@ RSpec.describe "major deprecations" do
      )
    end
-    pending "fails with a helpful error", :bundler => "3"
+    pending "should fail with a helpful error", :bundler => "3"
  end
  context "bundle cache --all" do
@ -153,7 +153,7 @@ RSpec.describe "major deprecations" do
      bundle "cache --all", :raise_on_error => false
    end
-    it "should print a deprecation warning", :bundler => "< 3" do
+    it "should print a deprecation warning", :bundler => "2" do
      expect(deprecations).to include(
        "The `--all` flag is deprecated because it relies on being " \
        "remembered across bundler invocations, which bundler will no " \
@ -162,7 +162,7 @@ RSpec.describe "major deprecations" do
      )
    end
-    pending "fails with a helpful error", :bundler => "3"
+    pending "should fail with a helpful error", :bundler => "3"
  end
  describe "bundle config" do
@ -292,7 +292,7 @@ RSpec.describe "major deprecations" do
      G
    end
-    it "should output a deprecation warning", :bundler => "< 3" do
+    it "should output a deprecation warning", :bundler => "2" do
      expect(deprecations).to include("The --binstubs option will be removed in favor of `bundle binstubs --all`")
    end
@ -356,7 +356,7 @@ RSpec.describe "major deprecations" do
          bundle "install #{flag_name} #{value}"
        end
-        it "should print a deprecation warning", :bundler => "< 3" do
+        it "should print a deprecation warning", :bundler => "2" do
          expect(deprecations).to include(
            "The `#{flag_name}` flag is deprecated because it relies on " \
            "being remembered across bundler invocations, which bundler " \
@ -365,7 +365,7 @@ RSpec.describe "major deprecations" do
          )
        end
-        pending "fails with a helpful error", :bundler => "3"
+        pending "should fail with a helpful error", :bundler => "3"
      end
    end
  end
@ -378,58 +378,18 @@ RSpec.describe "major deprecations" do
      G
    end
-    it "shows a deprecation", :bundler => "< 3" do
+    it "shows a deprecation", :bundler => "2" do
      expect(deprecations).to include(
        "Your Gemfile contains multiple primary sources. " \
        "Using `source` more than once without a block is a security risk, and " \
        "may result in installing unexpected gems. To resolve this warning, use " \
-        "a block to indicate which gems should come from the secondary source."
+        "a block to indicate which gems should come from the secondary source. " \
        "To upgrade this warning to an error, run `bundle config set --local " \
        "disable_multisource true`."
      )
    end
-    pending "fails with a helpful error", :bundler => "3"
+    pending "should fail with a helpful error", :bundler => "3"
  end
  context "bundle install with a lockfile with a single rubygems section with multiple remotes in frozen mode" do
    before do
      build_repo gem_repo3 do
        build_gem "rack", "0.9.1"
      end
      gemfile <<-G
        source "#{file_uri_for(gem_repo1)}"
        source "#{file_uri_for(gem_repo3)}" do
          gem 'rack'
        end
      G
      lockfile <<~L
        GEM
          remote: #{file_uri_for(gem_repo1)}/
          remote: #{file_uri_for(gem_repo3)}/
          specs:
            rack (0.9.1)
        PLATFORMS
          ruby
        DEPENDENCIES
          rack!
        BUNDLED WITH
           #{Bundler::VERSION}
      L
      bundle "config set --local deployment true"
    end
    it "shows a deprecation", :bundler => "< 3" do
      bundle "install"
      expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should regenerate your lockfile in a non frozen environment.")
    end
    pending "fails with a helpful error", :bundler => "3"
  end
  context "when Bundler.setup is run in a ruby script" do
@ -462,14 +422,14 @@ RSpec.describe "major deprecations" do
      RUBY
    end
-    it "should print a capistrano deprecation warning", :bundler => "< 3" do
+    it "should print a capistrano deprecation warning", :bundler => "2" do
      expect(deprecations).to include("Bundler no longer integrates " \
                             "with Capistrano, but Capistrano provides " \
                             "its own integration with Bundler via the " \
                             "capistrano-bundler gem. Use it instead.")
    end
-    pending "fails with a helpful error", :bundler => "3"
+    pending "should fail with a helpful error", :bundler => "3"
  end
  describe Bundler::Dsl do
@ -479,7 +439,7 @@ RSpec.describe "major deprecations" do
    end
    context "with github gems" do
-      it "does not warn about removal", :bundler => "< 3" do
+      it "does not warn about removal", :bundler => "2" do
        expect(Bundler.ui).not_to receive(:warn)
        subject.gem("sparks", :github => "indirect/sparks")
        github_uri = "https://github.com/indirect/sparks.git"
@ -501,7 +461,7 @@ The :github git source is deprecated, and will be removed in the future. Change
    end
    context "with bitbucket gems" do
-      it "does not warn about removal", :bundler => "< 3" do
+      it "does not warn about removal", :bundler => "2" do
        expect(Bundler.ui).not_to receive(:warn)
        subject.gem("not-really-a-gem", :bitbucket => "mcorp/flatlab-rails")
      end
@ -523,7 +483,7 @@ The :bitbucket git source is deprecated, and will be removed in the future. Add
    end
    context "with gist gems" do
-      it "does not warn about removal", :bundler => "< 3" do
+      it "does not warn about removal", :bundler => "2" do
        expect(Bundler.ui).not_to receive(:warn)
        subject.gem("not-really-a-gem", :gist => "1234")
      end
@ -554,7 +514,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle :show
      end
-      it "prints a deprecation warning recommending `bundle list`", :bundler => "< 3" do
+      it "prints a deprecation warning recommending `bundle list`", :bundler => "2" do
        expect(deprecations).to include("use `bundle list` instead of `bundle show`")
      end
@ -566,7 +526,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle "show --outdated"
      end
-      it "prints a deprecation warning informing about its removal", :bundler => "< 3" do
+      it "prints a deprecation warning informing about its removal", :bundler => "2" do
        expect(deprecations).to include("the `--outdated` flag to `bundle show` was undocumented and will be removed without replacement")
      end
@ -578,7 +538,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle "show --verbose"
      end
-      it "prints a deprecation warning informing about its removal", :bundler => "< 3" do
+      it "prints a deprecation warning informing about its removal", :bundler => "2" do
        expect(deprecations).to include("the `--verbose` flag to `bundle show` was undocumented and will be removed without replacement")
      end
@ -590,7 +550,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle "show rack"
      end
-      it "prints a deprecation warning recommending `bundle info`", :bundler => "< 3" do
+      it "prints a deprecation warning recommending `bundle info`", :bundler => "2" do
        expect(deprecations).to include("use `bundle info rack` instead of `bundle show rack`")
      end
@ -602,7 +562,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle "show --paths"
      end
-      it "prints a deprecation warning recommending `bundle list`", :bundler => "< 3" do
+      it "prints a deprecation warning recommending `bundle list`", :bundler => "2" do
        expect(deprecations).to include("use `bundle list` instead of `bundle show --paths`")
      end
@ -614,7 +574,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
        bundle "show rack --paths"
      end
-      it "prints deprecation warning recommending `bundle info`", :bundler => "< 3" do
+      it "prints deprecation warning recommending `bundle info`", :bundler => "2" do
        expect(deprecations).to include("use `bundle info rack --path` instead of `bundle show rack --paths`")
      end
@ -627,7 +587,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
      bundle "console", :raise_on_error => false
    end
-    it "prints a deprecation warning", :bundler => "< 3" do
+    it "prints a deprecation warning", :bundler => "2" do
      expect(deprecations).to include \
        "bundle console will be replaced by `bin/console` generated by `bundle gem <name>`"
    end
@ -643,7 +603,7 @@ The :gist git source is deprecated, and will be removed in the future. Add this
      bundle "viz"
    end
-    it "prints a deprecation warning", :bundler => "< 3" do
+    it "prints a deprecation warning", :bundler => "2" do
      expect(deprecations).to include "The `viz` command has been moved to the `bundle-viz` gem, see https://github.com/bundler/bundler-viz"
    end
--- a/spec/bundler/support/indexes.rb
+++ b/spec/bundler/support/indexes.rb
@ -30,7 +30,7 @@ module Spec
      args[1] ||= Bundler::GemVersionPromoter.new # gem_version_promoter
      args[2] ||= [] # additional_base_requirements
      args[3] ||= @platforms # platforms
-      Bundler::Resolver.resolve(deps, source_requirements, *args)
+      Bundler::Resolver.resolve(deps, @index, source_requirements, *args)
    end
    def should_resolve_as(specs)
--- a/test/rubygems/test_gem.rb
+++ b/test/rubygems/test_gem.rb
@ -1958,9 +1958,15 @@ class TestGem < Gem::TestCase
      io.write 'gem "a"'
    end
    platform = Bundler::GemHelpers.generic_local_platform
    if platform == Gem::Platform::RUBY
      platform = ''
    else
      platform = " #{platform}"
    end
    expected = <<-EXPECTED
-Could not find gem 'a' in locally installed gems.
+Could not find gem 'a#{platform}' in any of the gem sources listed in your Gemfile.
 The source does not contain any versions of 'a'
 You may need to `gem install -g` to install missing gems
    EXPECTED
--- a/test/rubygems/test_gem_config_file.rb
+++ b/test/rubygems/test_gem_config_file.rb
@ -41,6 +41,7 @@ class TestGemConfigFile < Gem::TestCase
    assert_equal true, @cfg.verbose
    assert_equal [@gem_repo], Gem.sources
    assert_equal 365, @cfg.cert_expiration_length_days
    assert_equal false, @cfg.ipv4_fallback_enabled
    File.open @temp_conf, 'w' do |fp|
      fp.puts ":backtrace: true"
@ -56,6 +57,7 @@ class TestGemConfigFile < Gem::TestCase
      fp.puts ":ssl_verify_mode: 0"
      fp.puts ":ssl_ca_cert: /etc/ssl/certs"
      fp.puts ":cert_expiration_length_days: 28"
      fp.puts ":ipv4_fallback_enabled: true"
    end
    util_config_file
@ -70,6 +72,14 @@ class TestGemConfigFile < Gem::TestCase
    assert_equal 0, @cfg.ssl_verify_mode
    assert_equal '/etc/ssl/certs', @cfg.ssl_ca_cert
    assert_equal 28, @cfg.cert_expiration_length_days
    assert_equal true, @cfg.ipv4_fallback_enabled
  end
  def test_initialize_ipv4_fallback_enabled_env
    ENV['IPV4_FALLBACK_ENABLED'] = 'true'
    util_config_file %W[--config-file #{@temp_conf}]
    assert_equal true, @cfg.ipv4_fallback_enabled
  end
  def test_initialize_handle_arguments_config_file
--- a/test/rubygems/test_gem_remote_fetcher.rb
+++ b/test/rubygems/test_gem_remote_fetcher.rb
@ -962,6 +962,12 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg==
    end
  end
  def test_tcpsocketext_require
    with_configured_fetcher(":ipv4_fallback_enabled: true") do |fetcher|
      refute require('rubygems/core_ext/tcpsocket_init')
    end
  end
  def with_configured_fetcher(config_str = nil, &block)
    if config_str
      temp_conf = File.join @tempdir, '.gemrc'