diff --git a/lib/bundler.rb b/lib/bundler.rb
index 4321a7ed3dc..46f7818e82c 100644
--- a/lib/bundler.rb
+++ b/lib/bundler.rb
@@ -20,6 +20,11 @@ module Bundler
   ENV.replace(environment_preserver.backup)
   SUDO_MUTEX = Mutex.new
 
+  # Taint support is deprecated in Ruby 2.7.
+  # This allows switching ".untaint" to ".tap(&Bundler::UNTAINT)",
+  # to avoid deprecation warnings in Ruby 2.7.
+  UNTAINT = RUBY_VERSION < "2.7" ? :untaint.to_sym : proc{}
+
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :DepProxy,               File.expand_path("bundler/dep_proxy", __dir__)
diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb
index cc23f9b389a..ea3a8d5ddcd 100644
--- a/lib/bundler/dsl.rb
+++ b/lib/bundler/dsl.rb
@@ -44,7 +44,7 @@ def eval_gemfile(gemfile, contents = nil)
       @gemfile = expanded_gemfile_path
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
-      instance_eval(contents.dup.untaint, gemfile.to_s, 1)
+      instance_eval(contents.dup.tap(&Bundler::UNTAINT), gemfile.to_s, 1)
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
diff --git a/lib/bundler/rubygems_ext.rb b/lib/bundler/rubygems_ext.rb
index 96b93836c7f..fd6ded7e243 100644
--- a/lib/bundler/rubygems_ext.rb
+++ b/lib/bundler/rubygems_ext.rb
@@ -29,7 +29,7 @@ def full_gem_path
       # gems at that time, this method could be called inside another require,
       # thus raising with that constant being undefined. Better to check a method
       if source.respond_to?(:path) || (source.respond_to?(:bundler_plugin_api_source?) && source.bundler_plugin_api_source?)
-        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.untaint
+        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap(&Bundler::UNTAINT)
       else
         rg_full_gem_path
       end
diff --git a/lib/bundler/shared_helpers.rb b/lib/bundler/shared_helpers.rb
index dc44f8345c6..fbe992c62a7 100644
--- a/lib/bundler/shared_helpers.rb
+++ b/lib/bundler/shared_helpers.rb
@@ -13,13 +13,13 @@ module SharedHelpers
     def root
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path.parent
+      Pathname.new(gemfile).tap(&Bundler::UNTAINT).expand_path.parent
     end
 
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile).untaint.expand_path
+      Pathname.new(gemfile).tap(&Bundler::UNTAINT).expand_path
     end
 
     def default_lockfile
@@ -28,7 +28,7 @@ def default_lockfile
       case gemfile.basename.to_s
       when "gems.rb" then Pathname.new(gemfile.sub(/.rb$/, ".locked"))
       else Pathname.new("#{gemfile}.lock")
-      end.untaint
+      end.tap(&Bundler::UNTAINT)
     end
 
     def default_bundle_dir
@@ -100,7 +100,7 @@ def set_bundle_environment
     #
     # @see {Bundler::PermissionError}
     def filesystem_access(path, action = :write, &block)
-      yield(path.dup.untaint)
+      yield(path.dup.tap(&Bundler::UNTAINT))
     rescue Errno::EACCES
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN
@@ -268,7 +268,7 @@ def find_directory(*names)
 
     def search_up(*names)
       previous = nil
-      current  = File.expand_path(SharedHelpers.pwd).untaint
+      current  = File.expand_path(SharedHelpers.pwd).tap(&Bundler::UNTAINT)
 
       until !File.directory?(current) || current == previous
         if ENV["BUNDLE_SPEC_RUN"]
diff --git a/lib/bundler/source/git.rb b/lib/bundler/source/git.rb
index 73123622d4f..028d41c2f4e 100644
--- a/lib/bundler/source/git.rb
+++ b/lib/bundler/source/git.rb
@@ -316,7 +316,7 @@ def validate_spec(_spec); end
 
       def load_gemspec(file)
         stub = Gem::StubSpecification.gemspec_stub(file, install_path.parent, install_path.parent)
-        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.untaint
+        stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.tap(&Bundler::UNTAINT)
         StubSpecification.from_stub(stub)
       end
 
diff --git a/lib/bundler/vendor/fileutils/lib/fileutils.rb b/lib/bundler/vendor/fileutils/lib/fileutils.rb
index e495d01aa5d..491d3a6d954 100644
--- a/lib/bundler/vendor/fileutils/lib/fileutils.rb
+++ b/lib/bundler/vendor/fileutils/lib/fileutils.rb
@@ -1300,7 +1300,7 @@ def entries
            .reject {|n| n == '.' or n == '..' }
       end
 
-      files.map {|n| Entry_.new(prefix(), join(rel(), n.untaint)) }
+      files.map {|n| Entry_.new(prefix(), join(rel(), n.tap(&Bundler::UNTAINT))) }
     end
 
     def stat