Update dependency bundler to v4 (!441) · Merge requests · GitLab.org / GitLab Omnibus Builder

This MR contains the following updates:

Package	Update	Change
bundler (source, changelog)	major	`2.4.12` -> `4.0.1`

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

ruby/rubygems (bundler)

`v4.0.1`

Compare Source

Performance:

Increase connection pool to allow for up to 70% speed increase on bundle install #9087

Enhancements:

Fix the config suggestion in the warning for $ bundle #9164
Fix native extension loading in newgem template for RHEL-based systems #9156

Bug fixes:

Fix Bundler removing executables after creating them #9169

`v4.0.0`

Compare Source

Features:

Support bundle install --lockfile option #9111
Add support for lockfile in Gemfile and bundle install --no-lock #9059
Add --ext=go to bundle gem #8183
Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS #9058
Introduce bundle list --format=json #8728

Performance:

Run git operations in parallel to speed things up: #9100
Replace instance method look up in plugin installer #9094
Adjust the API_REQUEST_LIMIT to make less network roundtrip #9071

Enhancements:

Make BUNDLE_LOCKFILE environment variable have precedence over lockfile method in Gemfile #9146
Improve banner message for the default command #9145
Introduce install_or_cli_help and use it default bundle command #9136
Add go_gem/rake_task for Go native extension gem skeleton #9105
Warn users that bundle now display the help: #9092
Use DidYouMean::SpellChecker for gem suggestions in Bundler #3857
Update all vendored libraries to latest version #9089
We don't need to allow some warning now #9074
Support to embedded Pathname #9056
Enforce activation of irb when running with bundle console #9033
Update Magnus version in Rust extension gem template #9025
Add checksum of gems hosted on private servers: #9004
Loading support on Windows #8254
Improve error message when the same source is specified through gemspec and path #8460
Raise an error in frozen mode if some registry gems have empty checksums #8888
Bump vendored thor to 1.4.0 #8883
Delay default path and global cache changes to Bundler 5 #8867
Fix spacing in bundle gem newgem.gemspec.tt #8865
Add some missing deprecation messages #8844

Bug fixes:

Fixed checksums generation issue when no source is specified #9133
Check for file existence before deletion from cache #9095
Use method_defined?(:method, false) #9098
Handle BUNDLER_VERSION being set to an empty string #6928
Fix bundle install when the Gemfile contains "install_if" git gems: #8992
Fix installation issue related to path sources and precompiled gems #8973
Fix outdated lockfile during bundle lock when source changes #8962
Raise error on missing version file #8963
Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #8926
Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #8925
Fix bundle lock --update <gem> with --lockfile flag updating all gems #8922
Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #8915
Fix bundle cache --no-all not printing a deprecation warning #8912
Fix bundle update foo unable to update foo in an edge case #8897
Fix Bundler printing more flags than actually passed in verbose mode #8914
Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #8872
Cancel deprecation of --force flag to bundle install and bundle update #8843

Security:

Bump up vendored URI to 1.0.4 #9031

Breaking changes:

Fix triple spacing when generating lockfile #9076
Hide patchlevel from lockfile #7772
Remove bundler_4_mode #9038
Pick and add extra changes for 4.0.0 version #9018
Replaced Bundler::SharedHelpers.major_deprecation to feature_removed! or feature_deprecated! #9016
Removed legacy_check option from SpecSet#for #9015
Make update_requires_all_flag to settings #9011
Make default cli command settings #9010
Make global_gem_cache flag to settings #9009
Consolidate removal of Bundler.rubygems.all_specs #9008
Consolidate removal of Bundler::SpecSet#- and Bundler::SpecSet#<< #9007
Replaced Bundler.feature_flag.plugins? to Bundler.settings #9006
Make bundle show --outdated raise an error #8980
Make --local-git flag to bundle plugin install raise an error #8979
Switch cache_all to be true by default #8975
Completely forbid passing --ext to bundle gem without a value #8976
Switch lockfile_checksums to be true by default #8981
Make bundle install --binstubs raise an error #8978
Make bundle remove --install raise an error #8977
Remove support for multiple global sources in Gemfile & lockfile #8968
Remove allow_offline_install setting #8969
Completely remove --rubocop flag to bundle gem, and related configuration #8967
Completely remove all remembered CLI flags #8958
Remove implementation of deployment, capistrano and vlad entrypoints #8957
Remove deprecated Bundler.*clean*, and Bundler.environment helpers #8924
Remove deprecated bundle viz and bundle inject commands #8923
Removed to workaround for Bundler 2.2 #8903

Documentation:

Unified UPGRADING.md and extract blog.rubygems.org #9148
Remove italic formatting from changelog section headers #9128
Small clarifications to Bundler 4 upgrade docs #8964
Improve documentation of bundle doctor, bundle plugin, and bundle config #8919
Make sure all CLI flags and subcommands are documented #8861
Clarify documentation about new default gem installation directory in Bundler 4 #8857
Use mailto link in Code of Conduct #8849
Update Code of Conduct email to conduct@rubygems.org #8848
Add missing link to irb repo in DEBUGGING.md #8842

`v2.7.2`

Compare Source

Enhancements:

Improve error message when the same source is specified through gemspec and path #8460
Raise an error in frozen mode if some registry gems have empty checksums #8888
Bump vendored thor to 1.4.0 #8883
Delay default path and global cache changes to Bundler 5 #8867
Fix spacing in bundle gem newgem.gemspec.tt #8865

Bug fixes:

Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #8926
Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #8925
Fix bundle lock --update <gem> with --lockfile flag updating all gems #8922
Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #8915
Fix bundle cache --no-all not printing a deprecation warning #8912
Fix bundle update foo unable to update foo in an edge case #8897
Fix Bundler printing more flags than actually passed in verbose mode #8914
Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #8872

Documentation:

Improve documentation of bundle doctor, bundle plugin, and bundle config #8919
Make sure all CLI flags and subcommands are documented #8861

`v2.7.1`

Compare Source

Enhancements:

Add some missing deprecation messages #8844

Bug fixes:

Cancel deprecation of --force flag to bundle install and bundle update #8843

Documentation:

Clarify documentation about new default gem installation directory in Bundler 4 #8857
Use mailto link in Code of Conduct #8849
Update Code of Conduct email to conduct@rubygems.org #8848
Add missing link to irb repo in DEBUGGING.md #8842

`v2.7.0`

Compare Source

Breaking changes:

Stop allowing calling #gem on random objects #8819
Remove path_relative_to_cwd setting #8815
Remove the default_install_uses_path and auto_clean_without_path settings #8814
Remove print_only_version_number setting #8799
Drop support for Ruby 3.1 #8634
Raise an error if incompatible or merge if compatible when a gemspec development dep is duplicated in Gemfile #8556
Remove MD5 digesting of compact index responses #8530
Stop generating binstubs for Bundler itself #8345

Deprecations:

Deprecate unused Bundler::SpecSet methods #8777
Deprecate x64-mingw32 in favour of x64-mingw-ucrt #8733
Deprecate legacy windows platforms (:mswin, :mingw) in Gemfile DSL in favor of :windows #8447
Deprecate CurrentRuby#maglev? and other related maglev methods #8452

Features:

Allow simulating "Bundler 4 mode" more easily #6472

Performance:

Cache git sources with commit SHA refs #8741

Enhancements:

Load RubyGems extensions in the first place #8835
Update gemspec based on provided github username when exists #8790
Fail fast when connection errors happen #8784
Introduce a verbose setting to enable verbose output for all commands #8801
Introduce gem.bundle setting to run bundle install automatically after bundle gem, and make it the default #8671
Handle Errno::EADDRNOTAVAIL errors gracefully #8776
Use persist-credentials: false in workflow generated by bundle gem #8779
Recognize JRuby loaded from a classloader, not just any JAR #8567
Validate lockfile dependencies with bundle install #8666
Ignore local specifications if they have incorrect dependencies #8647
Move most of Bundler::GemHelpers to Gem::Platform #8703
Improve spec.files in the .gemspec template #8732

Bug fixes:

Fix double bundle gem prompts #8825
Fix date displayed in bundle version help text #8806
Fix bundle console printing bug report template on NameError during require #8804
Fix Bundler.original_env['GEM_HOME'] when Bundler is trampolined #8781
Fix rdoc issues when running gem commands in a bundle exec context #8770
Never ignore gems from path sources during activation #8766
Fix bundle install after pinning a git source with subgems #8745
Let bundle update --bundler upgrade bundler even if restarts are disabled #8729

Documentation:

Rewrite and complete UPGRADING document #8817
Document that global_gem_cache also caches compiled extensions #8823
Add default_cli_command documentation #8816
Add a root CONTRIBUTING.md file #8822
Add a SECURITY.md file #8812
Update man pages for the bundle doctor ssl subcommand #8803
Remove duplicate documentation for --changelog flag #8756
Fix typos making some lists in documentation render incorrectly #8759
Fix heading ranks in documentation #8711
Clarify differences between frozen and deployment settings, and other bundle-config documentation improvements #8715

`v2.6.9`

Compare Source

Enhancements:

Fix doctor command parsing of otool output #8665
Add SSL troubleshooting to bundle doctor #8624
Let bundle lock --normalize-platforms remove invalid platforms #8631

Bug fixes:

Fix bundle lock sometimes allowing invalid platforms into the lockfile #8630
Fix false positive warning about insecure materialization in frozen mode #8629

`v2.6.8`

Compare Source

Enhancements:

Refine bundle update --verbose logs #8627
Improve bug report instructions #8607

Bug fixes:

Fix bundle update crash in an edge case #8626
Fix bundle lock --normalize-platforms regression #8620

`v2.6.7`

Compare Source

Enhancements:

Fix crash when server compact index API implementation only lists versions #8594
Fix lockfile when a gem ends up accidentally under two different sources #8579
Refuse to install and print an error in frozen mode if some entries are missing in CHECKSUMS lockfile section #8563
Support git 2.49 #8581
Improve wording of a few messages #8570

Bug fixes:

Fix bundle add sometimes generating invalid lockfiles #8586

Performance:

Implement pub_grub strategy interface #8589
Update vendored pub_grub #8571

`v2.6.6`

Compare Source

Enhancements:

Fix ENAMETOOLONG error when creating compact index cache #5578
Use shorthand hash syntax for bundle add #8547
Update vendored uri to 1.0.3 #8534
Retry gracefully on blank partial response in compact index #8524
Give a better error when trying to write the lock file on a read-only filesystem #5920
Improve log messages when lockfile platforms are added #8523
Allow noop bundle install to work on read-only or protected folders #8519

Bug fixes:

Detect partial gem installs from a git source so that they are reinstalled on a successive run #8539
Modify bundle doctor to not report issue when files aren't writable #8520

Performance:

Optimize resolution by removing an array allocation from Candidate#<=> #8559

Documentation:

Update docs for with/without consistency #8555
Recommend non-deprecated methods in bundle exec documentation #8537
Hint about default group when using only configuration option #8536

`v2.6.5`

Compare Source

Enhancements:

Fix lockfile platforms inconveniently added on JRuby #8494

Bug fixes:

Fix resolver issue due to ill-defined version ranges being created #8503
Make sure empty gems are not reinstalled every time #8502

`v2.6.4`

Compare Source

Enhancements:

Make Bundler never instantiate development dependencies #8486
Fix some invalid options to gem DSL not getting reported as invalid #8480
Add irb to a Gemfile for a newly created gem #8467
Auto-heal empty installation directory #8457
Fix bundle console unnecessarily trying to load IRB twice #8443
Add ruby_34 and ruby_35 as valid platform: #8430
Consider gems under platform: :windows filter in Gemfile when running on Windows with ARM architecture #8428

Bug fixes:

Fix regression when running bundle update <foo> would sometimes downgrade a top level dependency #8491
Fix dependency locking when Bundler finds incorrect lockfile dependencies #8489
Raise error when lockfile is missing deps in frozen mode #8483
Fix bundle install --prefer-local sometimes installing very old versions #8484
Fix incorrect error message when running bundle update in frozen mode #8481
Keep platform variants in vendor/cache even if incompatible with the current Ruby version #8471
Fix bundle console printing bug report template incorrectly #8436
Fix --prefer-local not respecting default gems #8412

Performance:

Improve resolution performance #8458

Documentation:

Fix more broken links #8416

`v2.6.3`

Compare Source

Enhancements:

Don't fallback to evaluating YAML gemspecs as Ruby code #8404
Print message when blocking on file locks #8299
Add support for mise version manager file #8356
Add Ruby 3.5 to Gemfile DSL platform values #8365

Bug fixes:

Revert RubyGems plugins getting loaded on Bundler.require #8410
Fix platform specific gems sometimes being removed from the lockfile #8401
Serialize gemspec when caching git source #8403
Fix crash on read-only filesystems in Ruby 3.4 #8372
Fix bundle outdated <GEM> failing if not all gems are installed #8361
Fix bundle install crash on Windows #8362

Documentation:

Fix broken links in the documents #8389

`v2.6.2`

Compare Source

Bug fixes:

Restart using Process.argv0 only if $PROGRAM_NAME is not a script #8343

Documentation:

Fix typo in bundle lock man page synopsis (--add-checkums → --add-checksums) #8350

`v2.6.1`

Compare Source

Bug fixes:

Fix missing Gem::Uri.redact on some Ruby 3.1 versions #8337
Fix bundle lock --add-checksums when gems are already installed #8326

`v2.6.0`

Compare Source

Security:

Fix gemfury credentials written to logs in verbose mode #8283
Fix private registry credentials being written to logs #8222

Breaking changes:

Drop ruby 3.0 support #8091
Remove client-side MD5 ETag transition from compact index client #7677

Deprecations:

Cancel bundle console deprecation #8218
Warn when platform of installed gem differs from platform in the lockfile #8029
Cancel deprecation of Gemfiles without a global source #8213

Features:

Add a lockfile_checksums configuration to include checksums in fresh lockfiles #8219
Add bundle lock --add-checksums to add checksums to an existing lockfile #8214

Performance:

Enable a couple of performance cops #8261
Remove override of worker jobs for bundle install --local #8248

Enhancements:

Support bundle exec <relative-path-to-script> when Kernel.exec is used under the hood #8294
Improve working with different rubies using the same lockfile #8251
Define a few inspect methods to help debugging #8266
Include original error when openssl fails to load #8232
Automatically fix lockfile when it's missing dependencies #8103
Fix some JRuby warnings when using bundler/setup with Ruby's -w flag #8205
Add a --normalize-platforms flag to bundle lock #7896
Add plugin hooks for Bundler.require #3439

Bug fixes:

Fix restarting with locked version when $PROGRAM_NAME has been changed #8320
Restore the previous cache format for git sources #8296
Fix installs of subdependencies of unlocked dependencies to be conservative #8281
Fix test task name on generated readme when using test-unit #8291
Fix bundle exec executable detection on windows #8276
Fix bundle remove sometimes not removing gems #8278
Fix issue with git gems locking incorrect specs sometimes #8269

Documentation:

Normalize command flag documentation and make sure all flags are documented #8313
Add missing man pages for bundle env and bundle licenses #8315
Add man page for 'bundle issue' command #8271
Add man page for 'bundle fund' command #8258
Move pry-related contents to debugging.md #8263
Add debugging instruction on Windows #8236
Unify rubygems and bundler docs directory #8159

`v2.5.23`

Compare Source

Enhancements:

Add useful error message for plugin load #7639
Indent github workflow steps for generated gems #8193
Improve several permission errors #8168
Add bundle add --quiet option #8157

Bug fixes:

Fix incompatible encodings error when paths with UTF-8 characters are involved #8196
Update --ext=rust to support compiling the native extension from source #7610
Print a proper error when there's a previous empty installation path with bad permissions #8169
Fix running bundler (with a final r) in a bundle exec context #8165
Handle two gemspec usages in same Gemfile with same dep and compatible requirements #7999
Fix bundle check sometimes locking gems under the wrong source #8148

Documentation:

Remove confusing bundle config documentation #8177
Rename bundler inline's install parameter and clarify docs #8170
Clarify bundle install --quiet documentation #8163

`v2.5.22`

Compare Source

Enhancements:

Update vendored uri and net-http #8112

Bug fixes:

Fix bundler sometimes crashing because of trying to use a version of psych compiled for a different Ruby #8104

`v2.5.21`

Compare Source

Bug fixes:

Fix bug report template printed when changing a path source to a git source in frozen mode #8079
Fix stub.activated? sometimes returning false after activation under bundler #8073
Fix old cache format detection when application is not source controlled #8076
Fix bundler/inline resetting ENV changes #8059

`v2.5.20`

Compare Source

Enhancements:

Don't try to auto-install dev versions of Bundler not available remotely #8045
Don't try to install locked bundler when --local is passed #8041

Bug fixes:

Fix bundler/inline overwriting lockfiles #8055
Ensure refs directory in cached git source #8047
Fix bundle outdated with --group option #8052

`v2.5.19`

Compare Source

Enhancements:

Raise original errors when unexpected errors happen during Gemfile evaluation #8003
Make an exe file executable when generating new gems #8020
Gracefully handle gem activation conflicts in inline mode #5535
Don't include hook templates in cached git source #8013
Fix some errors about a previous installation folder that's unsafe to remove, when there's no need to remove it #7985
Emit progress to stderr during bundle outdated --parseable #7966
Reject unknown platforms when running bundle lock --add-platform #7967
Emit progress to stderr when --print is passed to bundle lock #7957

Bug fixes:

Fix bundle install --local hitting the network when default gems are included #8027
Remove temporary .lock files unintentionally left around by gem installer #8022
Fix bundle exec rake install failing when local gem has extensions #7977
Load gemspecs in the context of its parent also when using local overrides #7993
Fix bundler/inline failing in Ruby 3.2 due to conflicting securerandom versions #7984
Don't blow up when explicit version is removed from some git sources #7973
Fix gem exec rails new project failing on Ruby 3.2 #7960

Documentation:

Improve bundle add man page #5903
Add some documentation about backwards compatibility #7964

`v2.5.18`

Compare Source

Enhancements:

Don't remove existing platform gems when PLATFORMS section is badly indented #7916

Bug fixes:

Fix error message when Bundler refuses to install due to frozen being set without a lockfile #7955
Fix several issues with the --prefer-local flag #7951
Restore support for passing relative paths to git: sources #7950
Regenerate previous git application caches that didn't include bare repos #7926
Fix bundle update <indirect_dep> failing to upgrade when versions present in two different sources #7915

Documentation:

Change new gem README template to have copyable code blocks #7935

`v2.5.17`

Compare Source

Enhancements:

Print better log message when current platform is not present in the lockfile #7891
Explicitly encode Gem::Dependency to yaml #7867
Enable lockfile checksums on future Bundler 3 when there's no previous lockfile #7805

Bug fixes:

Fix truffleruby removing gems from lockfile #7795
Fix bundle check exit code when gem git source is not checked out #7894
Generate gems.rb from Gemfile.tt template for bundle-gem #7853
Fix git source cache being used as the install location #4469
Fix bundle exec gem uninstall #7886

`v2.5.16`

Compare Source

Bug fixes:

Fix platform removal regression when platforms: used in the Gemfile #7864
Fix standalone script when default gems with extensions are used #7870
Fix another case of bundle lock --add-platform doing nothing #7848
Fix bad error messages when using bundle add with frozen mode set #7845
Fix generic platform gems getting incorrectly removed from lockfile #7833

Performance:

Use caller_locations instead of splitting caller #7708

`v2.5.15`

Compare Source

Enhancements:

Support --no-test, --no-ci, and --no-linter options #7780
Allow bundle command in new gems with invalid metadata #7707

Bug fixes:

Protect creating RubyGems binstubs with a file lock #7841
Only allow valid values for --test, --ci, and --linter options #7801
Fix bundle lock --add-platform <current_platform> doing nothing #7803
Print a proper error when bin dir does not have writable permission bit #7794

Documentation:

Regenerate bundler docs for June 2024 #7787

`v2.5.14`

Compare Source

Bug fixes:

Fix credentials being re-added when re-resolving without a full unlock #7767
Fix bundle update <gem_name> edge case #7770
Fix bundle fund when the gemfile contains optional groups #7758

`v2.5.13`

Compare Source

Bug fixes:

Fix funding metadata not being printed in some situations #7746
Make sure to not re-resolve when a not fully specific local platform is locked #7751
Don't print bug report template when bin dir is not writable #7748

`v2.5.12`

Compare Source

Enhancements:

Keep credentials in lockfile if they are already there #7720
Auto switch to locked bundler version even when using binstubs #7719
Don't validate local gemspecs twice unnecessarily #7725
Improve default gem handling by treating default gems as any other gem #7673

Bug fixes:

Fix slow and incorrect resolution when adding sorbet to a Gemfile and the lockfile only includes "RUBY" in the platforms section #7731
Fix duplicated config keys generated when fallback_timeout uri option is used #7704
Fix bundle exec no longer working in truffleruby after explicit require of pathname was removed #7703
Don't let bundle config report a path without a Gemfile as "local app" #7687

Documentation:

Clarify BUNDLE_USER_CONFIG is a file #7668

`v2.5.11`

Compare Source

Deprecations:

Deprecate Bundler constants #7653

Enhancements:

Bump bundle gem generated COC to Contributor Covenant 2.1 #7692
Retry a full clone when git server does not support shallow capabilities #7649

Bug fixes:

Fix regression when caching gems from secondary sources #7659
Fix error when Bundler installation is corrupted #7642
Fix crash caused by RubyGems require gem activation logic running before Bundler can properly register its own monkeypatches #7647

Performance:

Update cache checksums to decrease string allocations #7637
Fix performance regression in applications with a local cache #7680

Documentation:

Recommend bin/rake over rake in contributing docs #7648
Monthly man update for May 2024 #7640
Clarify Bundler support policy #7633

`v2.5.10`

Compare Source

Security:

Never write credentials to lockfiles #7560

Enhancements:

Add auto_install support to require "bundler/setup" #6561
Add --glob flag to bundle add #7557

Bug fixes:

Make sure bundle update <specific_gems> can always update to the latest resolvable version of each requested gem #7558
Show better error when installed gemspecs are unreadable #7603
Fix bundle update not working on an out of sync lockfile #7607
Don't upcase Windows ENV before backing it up #7574
Properly resolve aliases when bundle help is run #7601
Fix issue installing gems with linux-musl variant on non musl linux #7583

Documentation:

Clarify bundle check behaviour in docs #7613

`v2.5.9`

Compare Source

Bug fixes:

Fix installing plugins via relative paths #7571

`v2.5.8`

Compare Source

Enhancements:

Allow installing plugins from path via CLI #6960
Improve validation of bundle plugin install options #7529

Bug fixes:

Fix resolver error message when it runs out of versions due to --strict --patch filtering out everything #7527
Fix incorrect bundle update --bundler message #7516

`v2.5.7`

Compare Source

Deprecations:

Deprecate bundle plugin install --local-git= #7048

Enhancements:

Ignore commented out keys in config file #7514
Fix exclusion of .gemspec file itself in bundle gem generated gemspec file #7488
Remove redundant configs from bundle gem generated rubocop configuration #7478
Add gitlab: git source shorthand #7449
Use full path for instance_eval in Bundler::DSL#eval_gemfile #7471

Documentation:

Use https instead of http in documentation links #7481

`v2.5.6`

Compare Source

Deprecations:

Refactor lockfile generation and deprecate Definition#lock with explicit lockfile #7047

Enhancements:

Bump required_ruby_version to be used in bundle gem template #7430

Bug fixes:

Fix musl platform not being added to the lockfile #7441
Let Bundler.with_original_env properly restore env variables originally empty #7383

`v2.5.5`

Compare Source

Bug fixes:

Fix development dependency not being added if introduced by two gemspecs #7358
Fix ETag quoting regression in If-None-Match header of compact index request #7352

Documentation:

Refer to underscores as underscores #7364

`v2.5.4`

Compare Source

Bug fixes:

Fix resolution when different platform specific gems have different dependencies #7324

`v2.5.3`

Compare Source

Bug fixes:

Fix incorrect error when Gemfile overrides a gemspec development dependency #7319

`v2.5.2`

Compare Source

Enhancements:

Add useful error message for plugin load #7639
Indent github workflow steps for generated gems #8193
Improve several permission errors #8168
Add bundle add --quiet option #8157

Bug fixes:

Fix incompatible encodings error when paths with UTF-8 characters are involved #8196
Update --ext=rust to support compiling the native extension from source #7610
Print a proper error when there's a previous empty installation path with bad permissions #8169
Fix running bundler (with a final r) in a bundle exec context #8165
Handle two gemspec usages in same Gemfile with same dep and compatible requirements #7999
Fix bundle check sometimes locking gems under the wrong source #8148

Documentation:

Remove confusing bundle config documentation #8177
Rename bundler inline's install parameter and clarify docs #8170
Clarify bundle install --quiet documentation #8163

`v2.5.1`

Compare Source

Enhancements:

Raise original errors when unexpected errors happen during Gemfile evaluation #8003
Make an exe file executable when generating new gems #8020
Gracefully handle gem activation conflicts in inline mode #5535
Don't include hook templates in cached git source #8013
Fix some errors about a previous installation folder that's unsafe to remove, when there's no need to remove it #7985
Emit progress to stderr during bundle outdated --parseable #7966
Reject unknown platforms when running bundle lock --add-platform #7967
Emit progress to stderr when --print is passed to bundle lock #7957

Bug fixes:

Fix bundle install --local hitting the network when default gems are included #8027
Remove temporary .lock files unintentionally left around by gem installer #8022
Fix bundle exec rake install failing when local gem has extensions #7977
Load gemspecs in the context of its parent also when using local overrides #7993
Fix bundler/inline failing in Ruby 3.2 due to conflicting securerandom versions #7984
Don't blow up when explicit version is removed from some git sources #7973
Fix gem exec rails new project failing on Ruby 3.2 #7960

Documentation:

Improve bundle add man page #5903
Add some documentation about backwards compatibility #7964

`v2.5.0`

Compare Source

Breaking changes:

Drop ruby 2.6 and 2.7 support #7116
The :mswin, :mswin64, :mingw, and :x64_mingw Gemfile platform values are soft-deprecated and aliased to :windows #6391

Features:

Leverage ruby feature to warn when requiring default gems not included in the bundle that will be turned into bundled gems in the future #6831
Introduce bundle config set version feature to choose the version of Bundler that should be used and potentially disable using the lockfile version by setting it to system #6817

Performance:

Use match? when regexp match data is unused #7263
Avoid some allocations when evaluating ruby Gemfile DSL #7251
Reduce array allocations when loading definition #7199
Avoid re-compiling static regexp in a loop #7198
Reduce allocations when installing gems with bundler #6977
Use a shared connection pool for fetching gems #7079
Reduce allocations when parsing compact index #6971

Enhancements:

Add 3.4 as a supported ruby version in Gemfile DSL #7264
Improve install advice when some gems are not found #7265
Vendor net-http, net-protocol, resolv, and timeout to reduce conflicts between Gemfile gems and internal dependencies #6793
Allow bundle pristine to run in parallel #6927
Make bundle lock always touch the lockfile in non-frozen mode #7220
Use Minitest::TestTask in a template file for minitest #7234
Add missing services to CI detection and make it consistent between RubyGems and Bundler #7205
Allow auto-install to install missing git gems #7197
Stop remembering cli flags like --jobs or --retry in configuration #7191
Simplify remembered flags deprecation message #7189
Make sure to require "rubygems" explicitly #7139
Handle development dependencies duplicated in gemspec vs Gemfile #6014
Make lockfiles generated on macOS include a lock for Linux by default #5700
Only add a dummy bundler spec to the metadata source when necessary #4443

Bug fixes:

Resolve ruby file: ".ruby-version" relative to containing Gemfile #7250
Implement opaque ETag in Compact Index to avoid falling back to old index in servers with different etag implementations #7122
Fix bundle install --system deprecation advice #7190
Fix invalid platform removal missing adjacent platforms #7170

Documentation:

Add missing --prefer-local to Synopsis in bundle-install.1.ronn #7194
Update GitHub organization of Standard Ruby in bundle gem output and generated configuration #6818
Replace "prior to" with "immediately after" in bundle gem generated README file #6338

`v2.4.22`

Compare Source

Enhancements:

Add Bundler::Plugin.loaded? helper #6964
Give better error when previous installation folder is insecure to remove #7030
Set file path when eval-ing local specification in EndpointSpecification #7106
Git ignore the proper files for the CI service selected for bundle gem #7101
Update vendored thor to v1.3.0 #7078
Restore using old way of passing Ruby version to resolver #7066
Bump vendored net-http-persistent to 4.0.2 #6787

Bug fixes:

Fix regression when installing native extensions on universal rubies #7077
Only remove bundler plugin gem when it's inside the cache #7001
Don't show bug report template when GEM_HOME has no writable bit #7113
Fix regression in old git versions #7114
Handle empty array at built-in YAML serializer #7099
Fix force_ruby_platform: when the lockfile only locks the ruby platform #6936

`v2.4.21`

Compare Source

Enhancements:

Avoid duplicates -rbundler/setup in RUBYOPT with Ruby preview #7002
Prevent gem activation in standalone mode #6925
Support Ruby's preview version format (Ex: 3.3.0-preview2) in Gemfile #7016
Fix bundle install when older revisions of git source #6980
Remove usage of Dir.chdir that only execute a subprocess #6930

Bug fixes:

Don't delete the release version from pre-release string more than once #7054
Make the lock command not be affected by the frozen setting #7034
Raise an error when adding a gem incompatible with some locked platform #7035
Re-resolve when lockfile is invalid #7020
Don't re-resolve with prereleases if unlocked gem has no prereleases #7021
Include gemspec in ExtensionTask for native gem tasks #7015
Avoid error reporting relative path when validating frozen #5128
Fix bundle lock --minor --update <dep> edge case #6992
Stop bundler eagerly loading all specs with exts #6945

Performance:

Reduce allocations when parsing lockfile #6976
Stop allocating the same settings keys repeatedly #6963

Documentation:

Improve formatting and global source information in bundle plugin man page #7045
Update man page of bundle exec to reflect default true of flag --keep-file-descriptors #7033

`v2.4.20`

Compare Source

Enhancements:

Bump actions/checkout to v4 in bundler gem template #6966
Add support for the ruby-3.2.2 format in the ruby file: Gemfile directive, and explicitly test the 3.2.2@gemset format as rejected #6954
Support ruby file: ".tool-versions" in Gemfile #6898
Unify LockfileParser loading of SPECS section #6933
Only check circular deps when dependency api is available, not on full index sources #6919

Bug fixes:

Allow standalone mode to work on a Windows edge case #6989
Fix bundle outdated crashing when both ref and branch specified for a git gem in Gemfile #6959
Fix bundle update --redownload #6924
Fixed malformed bundler version in lockfile making Bundler crash #6920
Fix standalone install crashing when using legacy gemfiles with multiple global sources #6918
Resolve ruby version file relative to bundle root #6892

Performance:

Lazily construct fetcher debug messages #6973
Avoid allocating empty hashes in Index #6962
Improve Bundler::Index efficiency by removing unnecessary creation and dups #6931
(Further) Improve Bundler::Settings#[] performance and memory usage #6923
Don't use full indexes unnecessarily on legacy Gemfiles #6916
Improve memory usage in Bundler::Settings, and thus improve boot time #6884

`v2.4.19`

Compare Source

Enhancements:

Add file option to ruby method in Gemfile #6876
Show better error when PAT can't authenticate to a private server #6871
Don't fallback to old dependency API when bad credentials are configured #6869

Bug fixes:

Fix git source conservativeness #6850

Documentation:

Clarify that bundle info takes a gem name #6875

`v2.4.18`

Compare Source

Security:

Merge URI-0.12.2 for Bundler #6779

Enhancements:

Update Magnus version in Rust extension gem template #6843

Documentation:

Update bundle-outdated(1) man to use table output #6833

`v2.4.17`

Compare Source

Enhancements:

Avoid printing "Using ..." messages when version has not changed #6804

Bug fixes:

Fix bundler/setup unintendedly writing to the filesystem #6814

`v2.4.16`

Compare Source

Bug fixes:

Exclude Bundler from missing locked dependencies check #6792
Fix another incorrect removal of "ruby" platform from lockfile when changing path sources #6784
Fix git source lockfile instability #6786