What does this MR do and why?

Add a way to pin RubyGems and pin to 3.2

The bundled RubyGems for Ruby 2.7 is 3.1.6, which has a bug that is breaking JiHu: gitlab!90487 (comment 998489659)

Ruby 2.7 upgraded RubyGems to 3.2.33: https://gitlab.com/gitlab-org/gitlab-build-images/-/jobs/2620663198#L4090
- It also upgraded Bundler to 2.2.33 along the way
Ruby 3.0 has up-to-date RubyGems therefore it does nothing: https://gitlab.com/gitlab-org/gitlab-build-images/-/jobs/2620663240#L4110

Changes from RubyGems 3.1.6 -> 3.2.33

3.2.33 / 2021-12-07

Deprecations:

Deprecate typo name. Pull request #5109 by nobu

Enhancements:

Add login & logout alias for the signin & signout commands. Pull request #5133 by colby-swandale
Fix race conditions when reading & writing gemspecs concurrently. Pull request #4408 by deivid-rodriguez
Installs bundler 2.2.33 as a default gem.

Bug fixes:

Fix ruby setup.rb trying to write outside of --destdir. Pull request #5053 by deivid-rodriguez

Documentation:

Move required_ruby_version gemspec attribute to recommended section. Pull request #5130 by simi
Ignore to generate the documentation from vendored libraries. Pull request #5118 by hsbt

3.2.32 / 2021-11-23

Enhancements:

Refactor installer thread safety protections. Pull request #5050 by deivid-rodriguez
Allow gem activation from operating_system.rb. Pull request #5044 by deivid-rodriguez
Installs bundler 2.2.32 as a default gem.

3.2.31 / 2021-11-08

Enhancements:

Don't pass empty DESTDIR to nmake since it works differently from standard make. Pull request #5057 by hsbt
Fix gem install vs gem fetch inconsistency. Pull request #5037 by deivid-rodriguez
Lazily load and vendor optparse. Pull request #4881 by deivid-rodriguez
Use a vendored copy of tsort internally. Pull request #5027 by deivid-rodriguez
Install bundler 2.2.31 as a default gem.

Bug fixes:

Fix ruby setup.rb when --prefix is passed. Pull request #5051 by deivid-rodriguez
Don't apply --destdir twice when running setup.rb. Pull request #2768 by alyssais

3.2.30 / 2021-10-26

Enhancements:

Add support to build and sign certificates with multiple key algorithms. Pull request #4991 by doodzik
Avoid loading the digest gem unnecessarily. Pull request #4979 by deivid-rodriguez
Prefer require_relative for all internal requires. Pull request #4978 by deivid-rodriguez
Add missing require of time within Gem::Request.verify_certificate_message. Pull request #4975 by nobu
Install bundler 2.2.30 as a default gem.

Performance:

Speed up gem install, specially under Windows. Pull request #4960 by deivid-rodriguez

3.2.29 / 2021-10-08

Enhancements:

Only disallow FIXME/TODO for first word of gemspec description. Pull request #4937 by duckinator
Install bundler 2.2.29 as a default gem.

Bug fixes:

Fix wordy method in SourceFetchProblem changing the password of source. Pull request #4910 by Huangxiaodui

Performance:

Improve require performance, particularly on systems with a lot of gems installed. Pull request #4951 by pocke

3.2.28 / 2021-09-23

Enhancements:

Support MINGW-UCRT. Pull request #4925 by hsbt
Only check if descriptions start with FIXME/TODO. Pull request #4841 by duckinator
Avoid loading uri unnecessarily when activating gems. Pull request #4897 by deivid-rodriguez
Install bundler 2.2.28 as a default gem.

Bug fixes:

Fix redacted credentials being sent to gemserver. Pull request #4919 by jdliss

3.2.27 / 2021-09-03

Enhancements:

Redact credentails when printing URI. Pull request #4868 by intuxicated
Prefer require_relative to require for internal requires. Pull request #4858 by deivid-rodriguez
Prioritise gems with higher version for fetching metadata, and stop fetching once we find a valid candidate. Pull request #4843 by intuxicated
Install bundler 2.2.27 as a default gem.

3.2.26 / 2021-08-17

Enhancements:

Enhance the error handling for loading the rubygems/defaults/operating_system file. Pull request #4824 by intuxicated
Ignore RUBYGEMS_GEMDEPS for the bundler gem. Pull request #4532 by deivid-rodriguez
Install bundler 2.2.26 as a default gem.

Bug fixes:

Also load user installed rubygems plugins. Pull request #4829 by deivid-rodriguez

3.2.25 / 2021-07-30

Enhancements:

Don't load the base64 library since it's not used. Pull request #4785 by deivid-rodriguez
Don't load the resolv library since it's not used. Pull request #4784 by deivid-rodriguez
Lazily load shellwords library. Pull request #4783 by deivid-rodriguez
Check requirements class before loading marshalled requirements. Pull request #4651 by nobu
Install bundler 2.2.25 as a default gem.

Bug fixes:

Add missing require 'fileutils' in Gem::ConfigFile. Pull request #4768 by ybiquitous

3.2.24 / 2021-07-15

Enhancements:

Install bundler 2.2.24 as a default gem.

Bug fixes:

Fix contradictory message about deletion of default gem. Pull request #4739 by jaredbeck

Documentation:

Add a description about GEM_HOST_OTP_CODE to help text. Pull request #4742 by ybiquitous

3.2.23 / 2021-07-09

Enhancements:

Rewind IO source to allow working with contents in memory. Pull request #4729 by drcapulet
Install bundler 2.2.23 as a default gem.

3.2.22 / 2021-07-06

Enhancements:

Allow setting --otp via GEM_HOST_OTP_CODE. Pull request #4697 by CGA1123
Fixes for the edge case when openssl library is missing. Pull request #4695 by rhenium
Install bundler 2.2.22 as a default gem.

3.2.21 / 2021-06-23

Enhancements:

Fix typo in OpenSSL detection. Pull request #4679 by osyoyu
Add the most recent licenses from spdx.org. Pull request #4662 by nobu
Simplify setup.rb code to allow installing rubygems from source on truffleruby 21.0 and 21.1. Pull request #4624 by deivid-rodriguez
Install bundler 2.2.21 as a default gem.

Bug fixes:

Create credentials folder when setting API keys if not there yet. Pull request #4665 by deivid-rodriguez

3.2.20 / 2021-06-11

Security fixes:

Verify plaform before installing to avoid potential remote code execution. Pull request #4667 by sonalkr132

Enhancements:

Add better specification policy error description. Pull request #4658 by ceritium
Install bundler 2.2.20 as a default gem.

3.2.19 / 2021-05-31

Enhancements:

Fix gem help build output format. Pull request #4613 by tnir
Install bundler 2.2.19 as a default gem.

3.2.18 / 2021-05-25

Enhancements:

Don't leave temporary directory around when building extensions to improve build reproducibility. Pull request #4610 by baloo
Install bundler 2.2.18 as a default gem.

3.2.17 / 2021-05-05

Enhancements:

Only print month & year in deprecation messages. Pull request #3085 by Schwad
Make deprecate method support ruby3's keyword arguments. Pull request #4558 by mame
Update the default bindir on macOS. Pull request #4524 by nobu
Prefer File.open instead of Kernel#open. Pull request #4529 by mame
Install bundler 2.2.17 as a default gem.

Documentation:

Fix usage messages to reflect the current POSIX-compatible behaviour. Pull request #4551 by graywolf-at-work

3.2.16 / 2021-04-08

Enhancements:

Install bundler 2.2.16 as a default gem.

Bug fixes:

Correctly handle symlinks. Pull request #2836 by voxik

3.2.15 / 2021-03-19

Enhancements:

Prevent downgrades to untested rubygems versions. Pull request #4460 by deivid-rodriguez
Install bundler 2.2.15 as a default gem.

Bug fixes:

Fix missing require breaking gem cert. Pull request #4464 by lukehinds

3.2.14 / 2021-03-08

Enhancements:

Less wrapping of network errors. Pull request #4064 by deivid-rodriguez
Install bundler 2.2.14 as a default gem.

Bug fixes:

Revert addition of support for musl variants to restore graceful fallback on Alpine. Pull request #4434 by deivid-rodriguez

3.2.13 / 2021-03-03

Enhancements:

Install bundler 2.2.13 as a default gem.

Bug fixes:

Support non-gnu libc linux platforms. Pull request #4082 by lloeki

3.2.12 / 2021-03-01

Enhancements:

Install bundler 2.2.12 as a default gem.

Bug fixes:

Restore the ability to manually install extension gems. Pull request #4384 by cfis

3.2.11 / 2021-02-17

Enhancements:

Optionally fallback to IPv4 when IPv6 is unreachable. Pull request #2662 by sonalkr132
Install bundler 2.2.11 as a default gem.

3.2.10 / 2021-02-15

Enhancements:

Install bundler 2.2.10 as a default gem.

Documentation:

Add a gem push example to gem help. Pull request #4373 by deivid-rodriguez
Improve documentation for required_ruby_version. Pull request #4343 by AlexWayfer

3.2.9 / 2021-02-08

Enhancements:

Install bundler 2.2.9 as a default gem.

Bug fixes:

Fix error message when underscore selection can't find bundler. Pull request #4363 by deivid-rodriguez
Fix Gem::Specification.stubs_for returning wrong named specs. Pull request #4356 by tompng
Don't error out when activating a binstub unless necessary. Pull request #4351 by deivid-rodriguez
Fix gem outdated incorrectly handling platform specific gems. Pull request #4248 by deivid-rodriguez

3.2.8 / 2021-02-02

Enhancements:

Install bundler 2.2.8 as a default gem.

Bug fixes:

Fix gem install crashing on gemspec with nil required_ruby_version. Pull request #4334 by pbernays

3.2.7 / 2021-01-26

Enhancements:

Install bundler 2.2.7 as a default gem.

Bug fixes:

Generate plugin wrappers with relative requires. Pull request #4317 by deivid-rodriguez

3.2.6 / 2021-01-18

Enhancements:

Fix Gem::Platform#inspect showing duplicate information. Pull request #4276 by deivid-rodriguez
Install bundler 2.2.6 as a default gem.

Bug fixes:

Swallow any system call error in ensure_gem_subdirs to support jruby embedded paths. Pull request #4291 by kares
Restore accepting custom make command with extra options as the make env variable. Pull request #4271 by terceiro

3.2.5 / 2021-01-11

Enhancements:

Install bundler 2.2.5 as a default gem.

Bug fixes:

Don't load more specs after the whole set of specs has been setup. Pull request #4262 by deivid-rodriguez
Fix broken bundler executable after gem update --system. Pull request #4221 by deivid-rodriguez

3.2.4 / 2020-12-31

Enhancements:

Use a CHANGELOG in markdown for rubygems. Pull request #4168 by deivid-rodriguez
Never spawn subshells when building extensions. Pull request #4190 by deivid-rodriguez
Install bundler 2.2.4 as a default gem.

Bug fixes:

Fix fallback to the old index and installation from it not working. Pull request #4213 by deivid-rodriguez
Fix installing from source on truffleruby. Pull request #4201 by deivid-rodriguez

3.2.3 / 2020-12-22

Enhancements:

Fix misspellings in default API key name. Pull request #4177 by hsbt
Install bundler 2.2.3 as a default gem.

Bug fixes:

Respect required_ruby_version and required_rubygems_version constraints when looking for gem install candidates. Pull request #4110 by deivid-rodriguez

3.2.2 / 2020-12-17

Enhancements:

Install bundler 2.2.2 as a default gem.

Bug fixes:

Fix issue where CLI commands making more than one request to rubygems.org needing an OTP code would crash or ask for the code twice. Pull request #4162 by sonalkr132
Fix building rake extensions that require openssl. Pull request #4165 by deivid-rodriguez
Fix gem update --system displaying too many changelog entries. Pull request #4145 by deivid-rodriguez

3.2.1 / 2020-12-14

Enhancements:

Added help message for gem i webrick in gem server command. Pull request #4117 by hsbt
Install bundler 2.2.1 as a default gem.

Bug fixes:

Added the missing loading of fileutils same as load_specs. Pull request #4124 by hsbt
Fix Resolver::APISet to always include prereleases when necessary. Pull request #4113 by deivid-rodriguez

3.2.0 / 2020-12-07

Enhancements:

Do not override Kernel#warn when there is no need. Pull request #4075 by eregon
Update endpoint of gem signin command. Pull request #3840 by sonalkr132
Omit deprecated commands from command help output. Pull request #4023 by landongrindheim
Suggest alternatives in gem query deprecation. Pull request #4021 by landongrindheim
Lazily load time, cgi, and zlib. Pull request #4010 by deivid-rodriguez
Don't hit the network when installing dependencyless local gemspec. Pull request #3968 by deivid-rodriguez
Add --force option to gem sources command. Pull request #3956 by andy-smith-msm
Lazily load openssl. Pull request #3850 by deivid-rodriguez
Pass more information when comparing platforms. Pull request #3817 by eregon
Install bundler 2.2.0 as a default gem.

Bug fixes:

Use better owner & group for files in rubygems package. Pull request #4065 by deivid-rodriguez
Improve gem build -C flag. Pull request #3983 by bronzdoc
Handle unexpected behavior with URI#merge and subpaths missing trailing slashes. Pull request #3123 by drcapulet
Add missing fileutils require in rubygems installer. Pull request #4036 by deivid-rodriguez
Fix --platform option to gem specification being ignored. Pull request #4043 by deivid-rodriguez
Expose --no-minimal-deps flag to install the latest version of dependencies. Pull request #4030 by deivid-rodriguez
Fix "stack level too deep" error when overriding Warning.warn. Pull request #3987 by eregon
Append '.gemspec' extension only when it is not present. Pull request #3988 by voxik
Install to correct plugins dir when using --build-root. Pull request #3972 by deivid-rodriguez
Fix --build-root flag under Windows. Pull request #3975 by deivid-rodriguez
Fix typo_squatting? false positive for rubygems.org itself. Pull request #3951 by andy-smith-msm
Make --default and --install-dir options to gem install play nice together. Pull request #3906 by deivid-rodriguez

Deprecations:

Deprecate server command. Pull request #3868 by bronzdoc

Performance:

Don't change ruby process CWD when building extensions. Pull request #3498 by deivid-rodriguez

3.2.0.rc.2 / 2020-10-08

Enhancements:

Make --dry-run flag consistent across rubygems commands. Pull request #3867 by bronzdoc
Disallow downgrades to too old versions. Pull request #3566 by deivid-rodriguez
Added --platform option to build command. Pull request #3079 by nobu
Have "gem update --system" pass through the --silent flag. Pull request #3789 by duckinator
Add writable check for cache dir. Pull request #3876 by xndcn
Warn on duplicate dependency in a specification. Pull request #3864 by bronzdoc
Fix indentation in gem env. Pull request #3861 by colby-swandale
Let more exceptions flow. Pull request #3819 by deivid-rodriguez
Ignore internal frames in RubyGems' Kernel#warn. Pull request #3810 by eregon

Bug fixes:

Add missing fileutils require. Pull request #3911 by deivid-rodriguez
Fix false positive warning on Windows when PATH has File::ALT_SEPARATOR. Pull request #3829 by deivid-rodriguez
Fix Kernel#warn override to handle backtrace location with nil path. Pull request #3852 by jeremyevans
Don't format executables on gem update --system. Pull request #3811 by deivid-rodriguez
gem install --user fails with Gem::FilePermissionError on the system plugins directory. Pull request #3804 by nobu

Performance:

Avoid duplicated generation of APISpecification objects. Pull request #3940 by mame
Eval defaults with frozen_string_literal: true. Pull request #3847 by casperisfine
Deduplicate the requirement operators in memory. Pull request #3846 by casperisfine
Optimize Gem.already_loaded?. Pull request #3793 by casperisfine

3.2.0.rc.1 / 2020-07-04

Enhancements:

Test TruffleRuby in CI. Pull request #2797 by Benoit Daloze.
Rework plugins system and speed up rubygems. Pull request #3108 by David Rodríguez.
Specify explicit separator not to be affected by $;. Pull request #3424 by Nobuyoshi Nakada.
Enable Layout/ExtraSpacing cop. Pull request #3449 by David Rodríguez.
Rollback gem deprecate. Pull request #3530 by Luis Sagastume.
Normalize heredoc delimiters. Pull request #3533 by David Rodríguez.
Log messages to stdout in rake package. Pull request #3632 by David Rodríguez.
Remove explicit psych activation. Pull request #3636 by David Rodríguez.
Delay fileutils loading to fix some warnings. Pull request #3637 by David Rodríguez.
Make sure rubygems/package can be directly required reliably. Pull request #3670 by Luis Sagastume.
Make sure tmp folder exists before calling Dir.tmpdir. Pull request #3711 by David Rodríguez.
Add Gem.disable_system_update_message to disable gem update --system if needed. Pull request #3720 by Josef Šimánek.
Tweaks to play nice with ruby-core setup. Pull request #3733 by David Rodríguez.
Remove explicit require for auto-loaded constant. Pull request #3751 by Karol Bucek.
Test files should not be included in spec.files. Pull request #3758 by Marc-André Lafortune.
Remove TODO comment about warning on setting instead of pushing. Pull request #2823 by Luis Sagastume.
Add deprecate command method. Pull request #2935 by Luis Sagastume.
Simplify deprecate command method. Pull request #2974 by Luis Sagastume.
Fix Gem::LOADED_SPECS_MUTEX handling for recursive locking. Pull request #2985 by MSP-Greg.
Add funding_uri metadata field to gemspec. Pull request #3060 by Colby Swandale.
Updates to some old gem-signing docs. Pull request #3063 by Tieg Zaharia.
Update the gem method for Gem::Installer. Pull request #3137 by Daniel Berger.
Simplify initial gem help output. Pull request #3148 by Olivier Lacan.
Resolve latest version via gem contents. Pull request #3149 by Dan Rice.
Install suggestions. Pull request #3151 by Sophia Castellarin.
Only rescue the errors we actually want to rescue. Pull request #3156 by David Rodríguez.

Bug fixes:

Accept not only /usr/bin/env but also /bin/env in some tests. Pull request #3422 by Yusuke Endoh.
Skip a test that attempts to remove the current directory on Solaris. Pull request #3423 by Yusuke Endoh.
Fix race condition on bundler's parallel installer. Pull request #3440 by David Rodríguez.
Fix platform comparison check in #contains_requirable_file?. Pull request #3495 by Benoit Daloze.
Improve missing spec error. Pull request #3559 by Luis Sagastume.
Fix hidden bundler template installation from rubygems updater. Pull request #3674 by David Rodríguez.
Fix gem update --user-install. Pull request #2901 by Luis Sagastume.
Correct conflict list when uninstallation is prevented. Pull request #2973 by David Rodríguez.
Fix error when trying to find bundler with a deleted "working directo…. Pull request #3090 by Luis Sagastume.
Fix -I require priority. Pull request #3124 by David Rodríguez.
Fix ruby setup.rb for new plugins layout. Pull request #3144 by David Rodríguez.

Deprecations:

Set deprecation warning on query command. Pull request #2967 by Luis Sagastume.

Breaking changes:

Remove ruby 1.8 leftovers. Pull request #3442 by David Rodríguez.
Minitest cleanup. Pull request #3445 by David Rodríguez.
Remove builder gem requirement for gem regenerate_index. Pull request #3552 by David Rodríguez.
Remove modelines for consistency. Pull request #3714 by David Rodríguez.
Stop using deprecated OpenSSL::Digest constants. Pull request #3763 by Bart de Water.
Remove Gem module deprecated methods. Pull request #3101 by Luis Sagastume.
Remove ubygems.rb. Pull request #3102 by Luis Sagastume.
Remove Gem::Commands::QueryCommand. Pull request #3104 by Luis Sagastume.
Remove dependency installer deprecated methods. Pull request #3106 by Luis Sagastume.
Remove Gem::UserInteraction#debug method. Pull request #3107 by Luis Sagastume.
Remove options from Gem::GemRunner.new. Pull request #3110 by Luis Sagastume.
Remove deprecated Gem::RemoteFetcher#fetch_size. Pull request #3111 by Luis Sagastume.
Remove source_exception from Gem::Exception. Pull request #3112 by Luis Sagastume.
Requiring rubygems/source_specific_file is deprecated, remove it. Pull request #3114 by Luis Sagastume.

Edited Jun 21, 2022 by Lin Jen-Shin