[rubygems/rubygems] Prevent gem activation in standalone mode

As discussed in https://github.com/rubygems/rubygems/issues/6273#issuecomment-1449176658

The `gem` method behaves awkwardly in standalone mode. Assuming bundler
isn't loaded at all, a call to gem might activate a gem that is not part
of the bundle (because it's the gem method defined in
lib/rubygems/core_ext/kernel_gem.rb and not
lib/bundler/rubygems_integration.rb). And when running with
`--disable-gems`, the gem method won't be defined at all so we'll get a
NoMethodError.

Calls to `gem` can appear in dependencies outside an application's
control. To work around this at GitHub we defined our own `Kernel#gem`
that no-ops.

I agree with https://github.com/rubygems/rubygems/issues/6273#issuecomment-1440755882

> people using standalone mode don't want to activate gems like Kernel.gem

This commit redefines `Kernel#gem` in the standalone script to no-op.

https://github.com/rubygems/rubygems/commit/bea17b55f1

1 files changed, 16 insertions, 0 deletions

diff --git a/spec/bundler/install/gems/standalone_spec.rb b/spec/bundler/install/gems/standalone_spec.rb
index 4d08752256..edb7a0e6bc 100644
--- a/spec/bundler/install/gems/standalone_spec.rb
+++ b/spec/bundler/install/gems/standalone_spec.rb
@@ -101,6 +101,22 @@ RSpec.shared_examples "bundle install --standalone" do
 
       expect(out).to eq(expected_gems.values.join("\n"))
     end
+
+    it "skips activating gems" do
+      testrb = String.new <<-RUBY
+        $:.unshift File.expand_path("bundle")
+        require "bundler/setup"
+
+        gem "do_not_activate_me"
+      RUBY
+      expected_gems.each do |k, _|
+        testrb << "\nrequire \"#{k}\""
+        testrb << "\nputs #{k.upcase}"
+      end
+      sys_exec %(#{Gem.ruby} -w -e #{testrb.shellescape})
+
+      expect(out).to eq(expected_gems.values.join("\n"))
+    end
   end
 
   describe "with simple gems" do