ruby
diff --git a/‎.github/workflows/scorecards.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecards.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎bundler/CHANGELOG.md‎
Lines changed: 13 additions & 0 deletions b/‎bundler/CHANGELOG.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎bundler/lib/bundler/cli/install.rb‎
Lines changed: 5 additions & 1 deletion b/‎bundler/lib/bundler/cli/install.rb‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎bundler/lib/bundler/cli/outdated.rb‎
Lines changed: 15 additions & 17 deletions b/‎bundler/lib/bundler/cli/outdated.rb‎
Lines changed: 15 additions & 17 deletions
diff --git a/‎bundler/lib/bundler/definition.rb‎
Lines changed: 1 addition & 1 deletion b/‎bundler/lib/bundler/definition.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bundler/lib/bundler/self_manager.rb‎
Lines changed: 4 additions & 4 deletions b/‎bundler/lib/bundler/self_manager.rb‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎bundler/lib/bundler/source/git.rb‎
Lines changed: 6 additions & 1 deletion b/‎bundler/lib/bundler/source/git.rb‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎bundler/lib/bundler/version.rb‎
Lines changed: 1 addition & 1 deletion b/‎bundler/lib/bundler/version.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bundler/spec/cache/git_spec.rb‎
Lines changed: 28 additions & 0 deletions b/‎bundler/spec/cache/git_spec.rb‎
Lines changed: 28 additions & 0 deletions
@@ -49,6 +49,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           sarif_file: results.sarif
@@ -1,3 +1,9 @@
+# 3.5.20 / 2024-09-24
+
+## Enhancements:
+
+* Installs bundler 2.5.20 as a default gem.
+
 # 3.5.19 / 2024-09-18
 
 ## Enhancements:
 
@@ -1,3 +1,16 @@
+# 2.5.20 (September 24, 2024)
+
+## Enhancements:
+
+  - Don't try to auto-install dev versions of Bundler not available remotely [#8045](https://github.com/rubygems/rubygems/pull/8045)
+  - Don't try to install locked bundler when `--local` is passed [#8041](https://github.com/rubygems/rubygems/pull/8041)
+
+## Bug fixes:
+
+  - Fix `bundler/inline` overwriting lockfiles [#8055](https://github.com/rubygems/rubygems/pull/8055)
+  - Ensure refs directory in cached git source [#8047](https://github.com/rubygems/rubygems/pull/8047)
+  - Fix `bundle outdated` with `--group` option [#8052](https://github.com/rubygems/rubygems/pull/8052)
+
 # 2.5.19 (September 18, 2024)
 
 ## Enhancements:
 
@@ -12,7 +12,11 @@ def run
 
       warn_if_root
 
-      Bundler.self_manager.install_locked_bundler_and_restart_with_it_if_needed
+      if options[:local]
+        Bundler.self_manager.restart_with_locked_bundler_if_needed
+      else
+        Bundler.self_manager.install_locked_bundler_and_restart_with_it_if_needed
+      end
 
       Bundler::SharedHelpers.set_env "RB_USER_INSTALL", "1" if Gem.freebsd_platform?
 
 
@@ -97,28 +97,26 @@ def run
         }
       end
 
-      if outdated_gems.empty?
+      relevant_outdated_gems = if options_include_groups
+        outdated_gems.group_by {|g| g[:groups] }.sort.flat_map do |groups, gems|
+          contains_group = groups.split(", ").include?(options[:group])
+          next unless options[:groups] || contains_group
+
+          gems
+        end.compact
+      else
+        outdated_gems
+      end
+
+      if relevant_outdated_gems.empty?
         unless options[:parseable]
           Bundler.ui.info(nothing_outdated_message)
         end
       else
-        if options_include_groups
-          relevant_outdated_gems = outdated_gems.group_by {|g| g[:groups] }.sort.flat_map do |groups, gems|
-            contains_group = groups.split(", ").include?(options[:group])
-            next unless options[:groups] || contains_group
-
-            gems
-          end.compact
-
-          if options[:parseable]
-            print_gems(relevant_outdated_gems)
-          else
-            print_gems_table(relevant_outdated_gems)
-          end
-        elsif options[:parseable]
-          print_gems(outdated_gems)
+        if options[:parseable]
+          print_gems(relevant_outdated_gems)
         else
-          print_gems_table(outdated_gems)
+          print_gems_table(relevant_outdated_gems)
         end
 
         exit 1
 
@@ -317,7 +317,7 @@ def groups
 
     def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false)
       if [true, false, nil].include?(file_or_preserve_unknown_sections)
-        target_lockfile = lockfile || Bundler.default_lockfile
+        target_lockfile = lockfile
         preserve_unknown_sections = file_or_preserve_unknown_sections
       else
         target_lockfile = file_or_preserve_unknown_sections
 
@@ -98,10 +98,10 @@ def restart_with(version)
 
     def needs_switching?
       autoswitching_applies? &&
-        released?(lockfile_version) &&
-        !running?(lockfile_version) &&
-        !updating? &&
-        Bundler.settings[:version] != "system"
+        Bundler.settings[:version] != "system" &&
+        released?(restart_version) &&
+        !running?(restart_version) &&
+        !updating?
     end
 
     def autoswitching_applies?
 
@@ -188,7 +188,7 @@ def local_override!(path)
       end
 
       def specs(*)
-        set_cache_path!(app_cache_path) if use_app_cache?
+        set_up_app_cache!(app_cache_path) if use_app_cache?
 
         if requires_checkout? && !@copied
           FileUtils.rm_rf(app_cache_path) if use_app_cache? && git_proxy.not_a_bare_repository?
@@ -320,6 +320,11 @@ def set_install_path!(path)
         @install_path = path
       end
 
+      def set_up_app_cache!(path)
+        FileUtils.mkdir_p(path.join("refs"))
+        set_cache_path!(path)
+      end
+
       def has_app_cache?
         cached_revision && super
       end
 
@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.5.19".freeze
+  VERSION = "2.5.20".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i
 
@@ -212,6 +212,34 @@
     expect(the_bundle).to include_gem "foo 1.0"
   end
 
+  it "can install after bundle cache without cloning remote repositories with only git tracked files" do
+    build_git "foo"
+
+    gemfile <<-G
+      source "https://gem.repo1"
+      gem "foo", :git => '#{lib_path("foo-1.0")}'
+    G
+    bundle "config set cache_all true"
+    bundle :cache, "all-platforms" => true
+    FileUtils.rm_rf Dir.glob(default_bundle_path("bundler/gems/extensions/**/foo-1.0-*")).first.to_s
+    FileUtils.rm_rf Dir.glob(default_bundle_path("bundler/gems/foo-1.0-*")).first.to_s
+
+    simulate_new_machine
+    bundle "config set frozen true"
+    FileUtils.rm_rf "#{default_bundle_path}/cache/bundler/git/foo-1.0-*"
+
+    # Remove untracked files (including the empty refs dir in the cache)
+    Dir.chdir(bundled_app) do
+      system(*%W[git init --quiet])
+      system(*%W[git add --all])
+      system(*%W[git clean -d --force --quiet])
+    end
+
+    bundle "install --local --verbose"
+    expect(out).to_not include("Fetching")
+    expect(the_bundle).to include_gem "foo 1.0"
+  end
+
   it "copies repository to vendor cache" do
     # CVE-2022-39253: https://lore.kernel.org/lkml/[email protected]/
     system(*%W[git config --global protocol.file.allow always])