chore(deps): update dependency bundler to v4 [security]

[sc-renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
bundler (source, changelog)	"~> 1.0" → "~> 4.0"

GitHub Vulnerability Alerts

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

---

Release Notes

ruby/rubygems (bundler)

v4.0.14

Compare Source

Bug fixes:

• Preserve per-source cooldown when converging sources from the lockfile. Pull request #​9601 by bryanwoods
• Don't exclude the locked version from cooldown during bundle update. Pull request #​9599 by hsbt

v4.0.13

Compare Source

Enhancements:

• Do not hard-code permissions for new gem directories during bundle install. Pull request #​9557 by maxfelsher-cgi
• Clear gem specification cache after acquiring process lock. Pull request #​9310 by ngan
• Show release date with bundle outdated. Pull request #​9337 by hsbt

Bug fixes:

• Apply cooldown to locally installed gem versions. Pull request #​9582 by hsbt

Security:

• Add cooldown to delay newly published gem. Pull request #​9576 by hsbt

v4.0.12

Compare Source

Enhancements:

• Make bundle config get return status 1 when the value is not set. Pull request #​9505 by willnet
• Use Pathname#absolute?. Pull request #​9529 by nobu
• Deprecate parsing non-lockfile content in LockfileParser. Pull request #​9502 by kurotaky
• Print a warning for a potential confusion from the indirect dependencies. Pull request #​5029 by junaruga
• Respect Gemfile bundler setting in Bundler.setup. Pull request #​4892 by godfat

Bug fixes:

• Gracefully handle missing checksums in Compact Index. Pull request #​9492 by jneen
• Skip git source exclusion when lockfile cannot backfill. Pull request #​9544 by yahonda
• Fix bundle config gemfile unset behavior. Pull request #​9514 by afurm

v4.0.11

Compare Source

Enhancements:

• Update gem creation guide URL to rubygems.org. Pull request #​9500 by nissyi-gh
• Lock the checksum of Bundler itself in the lockfile. Pull request #​9366 by Edouard-chin

Bug fixes:

• Fix installing gems with native extensions + transitive dependencies. Pull request #​9477 by nicholasdower
• Fix the bundler version not being updated in dev/test lockfile. Pull request #​9463 by Edouard-chin
• Ensure the release CI doesn't break due to the Bundler checksum feature. Pull request #​9436 by Edouard-chin

Documentation:

• Fix formatting for BUNDLE_PREFER_PATCH variable in man page. Pull request #​9474 by toy

v4.0.10

Compare Source

Enhancements:

• Ignore warnings with spec different platforms. Pull request #​8508 by hsbt
• Improve error message when current platform is not in lockfile. Pull request #​9439 by 55728
• Cache package version selection. Pull request #​9410 by Edouard-chin
• Check happy path first when comparing gem version. Pull request #​9417 by Edouard-chin
• [feature] default_cli_command for config what command bundler runs when no specific command is provided. Pull request #​8886 by jonbarlo
• Introduce a fast path for comparing Gem::Version. Pull request #​9414 by Edouard-chin

Bug fixes:

• Restore rb_sys dependency for Rust. Pull request #​9416 by bangseongbeom

v4.0.9

Compare Source

Enhancements:

• Check the git version only once per bundle install. Pull request #​9406 by Edouard-chin
• Normalize the number of workers when performing parallel operations. Pull request #​9400 by Edouard-chin
• Add exponential backoff to bundler retries. Pull request #​9163 by ChrisBr
• Introduce a priority queue. Pull request #​9389 by Edouard-chin
• Split the download and install process of a gem. Pull request #​9381 by Edouard-chin

Bug fixes:

• Retry git fetch without --depth for dumb HTTP transport. Pull request #​9405 by hsbt

v4.0.8

Compare Source

Enhancements:

• Add a new Bundler config to control how many specs are fetched #​9363
• Restrict GitHub Actions workflow permissions for newgem #​9361

Bug fixes:

• Fix plugin new version not registering #​9355

v4.0.7

Compare Source

Enhancements:

• Don't check whether a plugin needs to be installed: #​9328
• [rust gem] Major improvements for gem scaffolding (rebased) #​8455
• Fix(bundler): only preload git sources for requested groups #​9234
• Raise error when gem contains capital letters #​5432

Bug fixes:

• Fix Bundler crashing when it tries to install plugin: #​9335
• Run git operations in parallel (take 2): #​9323
• Add support for help flag in plugin commands #​9263

Documentation:

• [DOC] Fix link in Bundler #​9315

v4.0.6

Compare Source

Bug fixes:

• Fix gzip cache corruption when recovering from HTTP 416 responses #​9272
• Fallback git/path sources to default source #​9301
• Ensure revision is always re-resolved in git_proxy.rb #​9294

Documentation:

• Clarify local gem override docs to require git-sourced gems #​9305

v4.0.5

Compare Source

Enhancements:

• Fix Bundler that re-exec $0 when a version is present in the config: #​9249

Bug fixes:

• Only use parent source with Git and Path sources #​9269

v4.0.4

Compare Source

Enhancements:

• Validate more options for add sub-command #​5905
• Support Ruby 4.1 #​9219

Bug fixes:

• Fix dependency source bug in bundler #​9213
• Retain current bundler version on bundle clean #​9221

v4.0.3

Compare Source

Enhancements:

• Fall back to ruby platform gem when precompiled variant is incompatible #​9211

v4.0.2

Compare Source

Enhancements:

• Support single quotes in mise format ruby version #​9183
• Tweak the Bundler's "X gems now installed message": #​9194

Bug fixes:

• Allow to show cli_help with bundler executable #​9198
• Allow bundle pristine to work for git gems in the same repo #​9196

v4.0.1

Compare Source

Enhancements:

• Do not hard-code permissions for new gem directories during bundle install. Pull request #​9557 by maxfelsher-cgi
• Clear gem specification cache after acquiring process lock. Pull request #​9310 by ngan
• Show release date with bundle outdated. Pull request #​9337 by hsbt

Bug fixes:

• Apply cooldown to locally installed gem versions. Pull request #​9582 by hsbt

Security:

• Add cooldown to delay newly published gem. Pull request #​9576 by hsbt

v4.0.0

Compare Source

Features:

• Support bundle install --lockfile option #​9111
• Add support for lockfile in Gemfile and bundle install --no-lock #​9059
• Add --ext=go to bundle gem #​8183
• Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS #​9058
• Introduce bundle list --format=json #​8728

Performance:

• Run git operations in parallel to speed things up: #​9100
• Replace instance method look up in plugin installer #​9094
• Adjust the API_REQUEST_LIMIT to make less network roundtrip #​9071

Enhancements:

• Make BUNDLE_LOCKFILE environment variable have precedence over lockfile method in Gemfile #​9146
• Improve banner message for the default command #​9145
• Introduce install_or_cli_help and use it default bundle command #​9136
• Add go_gem/rake_task for Go native extension gem skeleton #​9105
• Warn users that bundle now display the help: #​9092
• Use DidYouMean::SpellChecker for gem suggestions in Bundler #​3857
• Update all vendored libraries to latest version #​9089
• We don't need to allow some warning now #​9074
• Support to embedded Pathname #​9056
• Enforce activation of irb when running with bundle console #​9033
• Update Magnus version in Rust extension gem template #​9025
• Add checksum of gems hosted on private servers: #​9004
• Loading support on Windows #​8254
• Improve error message when the same source is specified through gemspec and path #​8460
• Raise an error in frozen mode if some registry gems have empty checksums #​8888
• Bump vendored thor to 1.4.0 #​8883
• Delay default path and global cache changes to Bundler 5 #​8867
• Fix spacing in bundle gem newgem.gemspec.tt #​8865
• Add some missing deprecation messages #​8844

Bug fixes:

• Fixed checksums generation issue when no source is specified #​9133
• Check for file existence before deletion from cache #​9095
• Use method_defined?(:method, false) #​9098
• Handle BUNDLER_VERSION being set to an empty string #​6928
• Fix bundle install when the Gemfile contains "install_if" git gems: #​8992
• Fix installation issue related to path sources and precompiled gems #​8973
• Fix outdated lockfile during bundle lock when source changes #​8962
• Raise error on missing version file #​8963
• Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #​8926
• Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #​8925
• Fix bundle lock --update <gem> with --lockfile flag updating all gems #​8922
• Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #​8915
• Fix bundle cache --no-all not printing a deprecation warning #​8912
• Fix bundle update foo unable to update foo in an edge case #​8897
• Fix Bundler printing more flags than actually passed in verbose mode #​8914
• Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #​8872
• Cancel deprecation of --force flag to bundle install and bundle update #​8843

Security:

• Bump up vendored URI to 1.0.4 #​9031

Breaking changes:

• Fix triple spacing when generating lockfile #​9076
• Hide patchlevel from lockfile #​7772
• Remove bundler_4_mode #​9038
• Pick and add extra changes for 4.0.0 version #​9018
• Replaced Bundler::SharedHelpers.major_deprecation to feature_removed! or feature_deprecated! #​9016
• Removed legacy_check option from SpecSet#for #​9015
• Make update_requires_all_flag to settings #​9011
• Make default cli command settings #​9010
• Make global_gem_cache flag to settings #​9009
• Consolidate removal of Bundler.rubygems.all_specs #​9008
• Consolidate removal of Bundler::SpecSet#- and Bundler::SpecSet#<< #​9007
• Replaced Bundler.feature_flag.plugins? to Bundler.settings #​9006
• Make bundle show --outdated raise an error #​8980
• Make --local-git flag to bundle plugin install raise an error #​8979
• Switch cache_all to be true by default #​8975
• Completely forbid passing --ext to bundle gem without a value #​8976
• Switch lockfile_checksums to be true by default #​8981
• Make bundle install --binstubs raise an error #​8978
• Make bundle remove --install raise an error #​8977
• Remove support for multiple global sources in Gemfile & lockfile #​8968
• Remove allow_offline_install setting #​8969
• Completely remove --rubocop flag to bundle gem, and related configuration #​8967
• Completely remove all remembered CLI flags #​8958
• Remove implementation of deployment, capistrano and vlad entrypoints #​8957
• Remove deprecated Bundler.*clean*, and Bundler.environment helpers #​8924
• Remove deprecated bundle viz and bundle inject commands #​8923
• Removed to workaround for Bundler 2.2 #​8903

Documentation:

• Unified UPGRADING.md and extract blog.rubygems.org #​9148
• Remove italic formatting from changelog section headers #​9128
• Small clarifications to Bundler 4 upgrade docs #​8964
• Improve documentation of bundle doctor, bundle plugin, and bundle config #​8919
• Make sure all CLI flags and subcommands are documented #​8861
• Clarify documentation about new default gem installation directory in Bundler 4 #​8857
• Use mailto link in Code of Conduct #​8849
• Update Code of Conduct email to conduct@rubygems.org #​8848
• Add missing link to irb repo in DEBUGGING.md #​8842

v2.7.2

Compare Source

Enhancements:

• Improve error message when the same source is specified through gemspec and path #​8460
• Raise an error in frozen mode if some registry gems have empty checksums #​8888
• Bump vendored thor to 1.4.0 #​8883
• Delay default path and global cache changes to Bundler 5 #​8867
• Fix spacing in bundle gem newgem.gemspec.tt #​8865

Bug fixes:

• Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #​8926
• Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #​8925
• Fix bundle lock --update <gem> with --lockfile flag updating all gems #​8922
• Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #​8915
• Fix bundle cache --no-all not printing a deprecation warning #​8912
• Fix bundle update foo unable to update foo in an edge case #​8897
• Fix Bundler printing more flags than actually passed in verbose mode #​8914
• Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #​8872

Documentation:

• Improve documentation of bundle doctor, bundle plugin, and bundle config #​8919
• Make sure all CLI flags and subcommands are documented #​8861

v2.7.1

Compare Source

Enhancements:

• Add some missing deprecation messages #​8844

Bug fixes:

• Cancel deprecation of --force flag to bundle install and bundle update #​8843

Documentation:

• Clarify documentation about new default gem installation directory in Bundler 4 #​8857
• Use mailto link in Code of Conduct #​8849
• Update Code of Conduct email to conduct@rubygems.org #​8848
• Add missing link to irb repo in DEBUGGING.md #​8842

v2.7.0

Compare Source

Breaking changes:

• Stop allowing calling #gem on random objects #​8819
• Remove path_relative_to_cwd setting #​8815
• Remove the default_install_uses_path and auto_clean_without_path settings #​8814
• Remove print_only_version_number setting #​8799
• Drop support for Ruby 3.1 #​8634
• Raise an error if incompatible or merge if compatible when a gemspec development dep is duplicated in Gemfile #​8556
• Remove MD5 digesting of compact index responses #​8530
• Stop generating binstubs for Bundler itself #​8345

Deprecations:

• Deprecate unused Bundler::SpecSet methods #​8777
• Deprecate x64-mingw32 in favour of x64-mingw-ucrt #​8733
• Deprecate legacy windows platforms (:mswin, :mingw) in Gemfile DSL in favor of :windows #​8447
• Deprecate CurrentRuby#maglev? and other related maglev methods #​8452

Features:

• Allow simulating "Bundler 4 mode" more easily #​6472

Performance:

• Cache git sources with commit SHA refs #​8741

Enhancements:

• Load RubyGems extensions in the first place #​8835
• Update gemspec based on provided github username when exists #​8790
• Fail fast when connection errors happen #​8784
• Introduce a verbose setting to enable verbose output for all commands #​8801
• Introduce gem.bundle setting to run bundle install automatically after bundle gem, and make it the default #​8671
• Handle Errno::EADDRNOTAVAIL errors gracefully #​8776
• Use persist-credentials: false in workflow generated by bundle gem #​8779
• Recognize JRuby loaded from a classloader, not just any JAR #​8567
• Validate lockfile dependencies with bundle install #​8666
• Ignore local specifications if they have incorrect dependencies #​8647
• Move most of Bundler::GemHelpers to Gem::Platform #​8703
• Improve spec.files in the .gemspec template #​8732

Bug fixes:

• Fix double bundle gem prompts #​8825
• Fix date displayed in bundle version help text #​8806
• Fix bundle console printing bug report template on NameError during require #​8804
• Fix Bundler.original_env['GEM_HOME'] when Bundler is trampolined #​8781
• Fix rdoc issues when running gem commands in a bundle exec context #​8770
• Never ignore gems from path sources during activation #​8766
• Fix bundle install after pinning a git source with subgems #​8745
• Let bundle update --bundler upgrade bundler even if restarts are disabled #​8729

Documentation:

• Rewrite and complete UPGRADING document #​8817
• Document that global_gem_cache also caches compiled extensions #​8823
• Add default_cli_command documentation #​8816
• Add a root CONTRIBUTING.md file #​8822
• Add a SECURITY.md file #​8812
• Update man pages for the bundle doctor ssl subcommand #​8803
• Remove duplicate documentation for --changelog flag #​8756
• Fix typos making some lists in documentation render incorrectly #​8759
• Fix heading ranks in documentation #​8711
• Clarify differences between frozen and deployment settings, and other bundle-config documentation improvements #​8715

v2.6.9

Compare Source

Enhancements:

• Fix doctor command parsing of otool output #​8665
• Add SSL troubleshooting to bundle doctor #​8624
• Let bundle lock --normalize-platforms remove invalid platforms #​8631

Bug fixes:

• Fix bundle lock sometimes allowing invalid platforms into the lockfile #​8630
• Fix false positive warning about insecure materialization in frozen mode #​8629

v2.6.8

Compare Source

Enhancements:

• Refine bundle update --verbose logs #​8627
• Improve bug report instructions #​8607

Bug fixes:

• Fix bundle update crash in an edge case #​8626
• Fix bundle lock --normalize-platforms regression #​8620

v2.6.7

Compare Source

Enhancements:

• Fix crash when server compact index API implementation only lists versions #​8594
• Fix lockfile when a gem ends up accidentally under two different sources #​8579
• Refuse to install and print an error in frozen mode if some entries are missing in CHECKSUMS lockfile section #​8563
• Support git 2.49 #​8581
• Improve wording of a few messages #​8570

Bug fixes:

• Fix bundle add sometimes generating invalid lockfiles #​8586

Performance:

• Implement pub_grub strategy interface #​8589
• Update vendored pub_grub #​8571

v2.6.6

Compare Source

Enhancements:

• Fix ENAMETOOLONG error when creating compact index cache #​5578
• Use shorthand hash syntax for bundle add #​8547
• Update vendored uri to 1.0.3 #​8534
• Retry gracefully on blank partial response in compact index #​8524
• Give a better error when trying to write the lock file on a read-only filesystem #​5920
• Improve log messages when lockfile platforms are added #​8523
• Allow noop bundle install to work on read-only or protected folders #​8519

Bug fixes:

• Detect partial gem installs from a git source so that they are reinstalled on a successive run #​8539
• Modify bundle doctor to not report issue when files aren't writable #​8520

Performance:

• Optimize resolution by removing an array allocation from Candidate#<=> #​8559

Documentation:

• Update docs for with/without consistency #​8555
• Recommend non-deprecated methods in bundle exec documentation #​8537
• Hint about default group when using only configuration option #​8536

v2.6.5

Compare Source

Enhancements:

• Fix lockfile platforms inconveniently added on JRuby #​8494

Bug fixes:

• Fix resolver issue due to ill-defined version ranges being created #​8503
• Make sure empty gems are not reinstalled every time #​8502

v2.6.4

Compare Source

Enhancements:

• Make Bundler never instantiate development dependencies #​8486
• Fix some invalid options to gem DSL not getting reported as invalid #​8480
• Add irb to a Gemfile for a newly created gem #​8467
• Auto-heal empty installation directory #​8457
• Fix bundle console unnecessarily trying to load IRB twice #​8443
• Add ruby_34 and ruby_35 as valid platform: #​8430
• Consider gems under platform: :windows filter in Gemfile when running on Windows with ARM architecture #​8428

Bug fixes:

• Fix regression when running bundle update <foo> would sometimes downgrade a top level dependency #​8491
• Fix dependency locking when Bundler finds incorrect lockfile dependencies #​8489
• Raise error when lockfile is missing deps in frozen mode #​8483
• Fix bundle install --prefer-local sometimes installing very old versions #​8484
• Fix incorrect error message when running bundle update in frozen mode #​8481
• Keep platform variants in vendor/cache even if incompatible with the current Ruby version #​8471
• Fix bundle console printing bug report template incorrectly #​8436
• Fix --prefer-local not respecting default gems #​8412

Performance:

• Improve resolution performance #​8458

Documentation:

• Fix more broken links #​8416

v2.6.3

Compare Source

Enhancements:

• Don't fallback to evaluating YAML gemspecs as Ruby code #​8404
• Print message when blocking on file locks #​8299
• Add support for mise version manager file #​8356
• Add Ruby 3.5 to Gemfile DSL platform values #​8365

Bug fixes:

• Revert RubyGems plugins getting loaded on Bundler.require #​8410
• Fix platform specific gems sometimes being removed from the lockfile #​8401
• Serialize gemspec when caching git source #​8403
• Fix crash on read-only filesystems in Ruby 3.4 #​8372
• Fix bundle outdated <GEM> failing if not all gems are installed #​8361
• Fix bundle install crash on Windows #​8362

Documentation:

• Fix broken links in the documents #​8389

v2.6.2

Compare Source

Bug fixes:

• Restart using Process.argv0 only if $PROGRAM_NAME is not a script #​8343

Documentation:

• Fix typo in bundle lock man page synopsis (--add-checkums → --add-checksums) #​8350

v2.6.1

Compare Source

Bug fixes:

• Fix missing Gem::Uri.redact on some Ruby 3.1 versions #​8337
• Fix bundle lock --add-checksums when gems are already installed #​8326

v2.6.0

Compare Source

Security:

• Fix gemfury credentials written to logs in verbose mode #​8283
• Fix private registry credentials being written to logs #​8222

Breaking changes:

• Drop ruby 3.0 support #​8091
• Remove client-side MD5 ETag transition from compact index client #​7677

Deprecations:

• Cancel bundle console deprecation #​8218
• Warn when platform of installed gem differs from platform in the lockfile #​8029
• Cancel deprecation of Gemfiles without a global source #​8213

Features:

• Add a lockfile_checksums configuration to include checksums in fresh lockfiles #​8219
• Add bundle lock --add-checksums to add checksums to an existing lockfile #​8214

Performance:

• Enable a couple of performance cops #​8261
• Remove override of worker jobs for bundle install --local #​8248

Enhancements:

• Support bundle exec <relative-path-to-script> when Kernel.exec is used under the hood #​8294
• Improve working with different rubies using the same lockfile #​8251
• Define a few inspect methods to help debugging #​8266
• Include original error when openssl fails to load #​8232
• Automatically fix lockfile when it's missing dependencies #​8103
• Fix some JRuby warnings when using bundler/setup with Ruby's -w flag #​8205
• Add a --normalize-platforms flag to bundle lock #​7896
• Add plugin hooks for Bundler.require #​3439

Bug fixes:

• Fix restarting with locked version when $PROGRAM_NAME has been changed #​8320
• Restore the previous cache format for git sources #​8296
• Fix installs of subdependencies of unlocked dependencies to be conservative #​8281
• Fix test task name on generated readme when using test-unit #​8291
• Fix bundle exec executable detection on windows #​8276
• Fix bundle remove sometimes not removing gems #​8278
• Fix issue with git gems locking incorrect specs sometimes #​8269

Documentation:

• Normalize command flag documentation and make sure all flags are documented #​8313
• Add missing man pages for bundle env and bundle licenses #​8315
• Add man page for 'bundle issue' command #​8271
• Add man page for 'bundle fund' command #​8258
• Move pry-related contents to debugging.md #​8263
• Add debugging instruction on Windows #​8236
• Unify rubygems and bundler docs directory #​8159

v2.5.23

Compare Source

Enhancements:

• Add useful error message for plugin load #​7639
• Indent github workflow steps for generated gems #​8193
• Improve several permission errors #​8168
• Add bundle add --quiet option #​8157

Bug fixes:

• Fix incompatible encodings error when paths with UTF-8 characters are involved #​8196
• Update --ext=rust to support compiling the native extension from source #​7610
• Print a proper error when there's a previous empty installation path with bad permissions #​8169
• Fix running bundler (with a final r) in a bundle exec context #​8165
• Handle two gemspec usages in same Gemfile with same dep and compatible requirements #​7999
• Fix bundle check sometimes locking gems under the wrong source #​8148

Documentation:

• Remove confusing bundle config documentation #​8177
• Rename bundler inline's install parameter and clarify docs #​8170
• Clarify bundle install --quiet documentation #​8163

v2.5.22

Compare Source

Enhancements:

• Update vendored uri and net-http #​8112

Bug fixes:

• Fix bundler sometimes crashing because of trying to use a version of psych compiled for a different Ruby #​8104

v2.5.21

Compare Source

Bug fixes:

• Fix bug report template printed when changing a path source to a git source in frozen mode #​8079
• Fix stub.activated? sometimes returning false after activation under bundler #​8073
• Fix old cache format detection when application is not source controlled #​8076
• Fix bundler/inline resetting ENV changes #​8059

v2.5.20

Compare Source

Enhancements:

• Don't try to auto-install dev versions of Bundler not available remotely #​8045
• Don't try to install locked bundler when --local is passed #​8041

Bug fixes:

• Fix bundler/inline overwriting lockfiles #​8055
• Ensure refs directory in cached git source #​8047
• Fix bundle outdated with --group option #​8052

v2.5.19

Compare Source

Enhancements:

• Raise original errors when unexpected errors happen during Gemfile evaluation #​8003
• Make an exe file executable when generating new gems #​8020
• Gracefully handle gem activation conflicts in inline mode #​5535
• Don't include hook templates in cached git source #​8013
• Fix some errors about a previous installation folder that's unsafe to remove, when there's no need to remove it #​7985
• Emit progress to stderr during bundle outdated --parseable #​7966
• Reject unknown platforms when running bundle lock --add-platform #​7967
• Emit progress to stderr when --print is passed to bundle lock #​7957

Bug fixes:

• Fix bundle install --local hitting the network when default gems are included #​8027
• Remove temporary .lock files unintentionally left around by gem installer #​8022
• Fix bundle exec rake install failing when local gem has extensions #​7977
• Load gemspecs in the context of its parent also when using local overrides #​7993
• Fix bundler/inline failing in Ruby 3.2 due to conflicting securerandom versions #​7984
• Don't blow up when explicit version is removed from some git sources #​7973
• Fix gem exec rails new project failing on Ruby 3.2 #​7960

Documentation:

• Improve bundle add man page #​5903
• Add some documentation about backwards compatibility #​7964

v2.5.18

Compare Source

Enhancements:

• Don't remove existing platform gems when PLATFORMS section is badly indented #​7916

Bug fixes:

• Fix error message when Bundler refuses to install due to frozen being set without a lockfile #​7955
• Fix several issues with the --prefer-local flag #​7951
• Restore support for passing relative paths to git: sources #​7950
• Regenerate previous git application caches that didn't include bare repos #​7926
• Fix bundle update <indirect_dep> failing to upgrade when versions present in two different sources #​7915

Documentation:

• Change new gem README template to have copyable code blocks #​7935

v2.5.17

Compare Source

Enhancements:

• Print better log message when current platform is not present in the lockfile #​7891
• Explicitly encode Gem::Dependency to yaml #​7867
• Enable lockfile checksums on future Bundler 3 when there's no previous

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.