chore(deps): update dependency gem:bundler to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
gem:bundler (source, changelog)	2.6.3 → 4.0.3

---

Release Notes

ruby/rubygems (gem:bundler)

v4.0.3

Compare Source

Enhancements:

• Fall back to ruby platform gem when precompiled variant is incompatible #​9211

v4.0.2

Compare Source

Enhancements:

• Support single quotes in mise format ruby version #​9183
• Tweak the Bundler's "X gems now installed message": #​9194

Bug fixes:

• Allow to show cli_help with bundler executable #​9198
• Allow bundle pristine to work for git gems in the same repo #​9196

v4.0.1

Compare Source

Performance:

• Increase connection pool to allow for up to 70% speed increase on bundle install #​9087

Enhancements:

• Fix the config suggestion in the warning for $ bundle #​9164
• Fix native extension loading in newgem template for RHEL-based systems #​9156

Bug fixes:

• Fix Bundler removing executables after creating them #​9169

v4.0.0

Compare Source

Features:

• Support bundle install --lockfile option #​9111
• Add support for lockfile in Gemfile and bundle install --no-lock #​9059
• Add --ext=go to bundle gem #​8183
• Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS #​9058
• Introduce bundle list --format=json #​8728

Performance:

• Run git operations in parallel to speed things up: #​9100
• Replace instance method look up in plugin installer #​9094
• Adjust the API_REQUEST_LIMIT to make less network roundtrip #​9071

Enhancements:

• Make BUNDLE_LOCKFILE environment variable have precedence over lockfile method in Gemfile #​9146
• Improve banner message for the default command #​9145
• Introduce install_or_cli_help and use it default bundle command #​9136
• Add go_gem/rake_task for Go native extension gem skeleton #​9105
• Warn users that bundle now display the help: #​9092
• Use DidYouMean::SpellChecker for gem suggestions in Bundler #​3857
• Update all vendored libraries to latest version #​9089
• We don't need to allow some warning now #​9074
• Support to embedded Pathname #​9056
• Enforce activation of irb when running with bundle console #​9033
• Update Magnus version in Rust extension gem template #​9025
• Add checksum of gems hosted on private servers: #​9004
• Loading support on Windows #​8254
• Improve error message when the same source is specified through gemspec and path #​8460
• Raise an error in frozen mode if some registry gems have empty checksums #​8888
• Bump vendored thor to 1.4.0 #​8883
• Delay default path and global cache changes to Bundler 5 #​8867
• Fix spacing in bundle gem newgem.gemspec.tt #​8865
• Add some missing deprecation messages #​8844

Bug fixes:

• Fixed checksums generation issue when no source is specified #​9133
• Check for file existence before deletion from cache #​9095
• Use method_defined?(:method, false) #​9098
• Handle BUNDLER_VERSION being set to an empty string #​6928
• Fix bundle install when the Gemfile contains "install_if" git gems: #​8992
• Fix installation issue related to path sources and precompiled gems #​8973
• Fix outdated lockfile during bundle lock when source changes #​8962
• Raise error on missing version file #​8963
• Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #​8926
• Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #​8925
• Fix bundle lock --update <gem> with --lockfile flag updating all gems #​8922
• Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #​8915
• Fix bundle cache --no-all not printing a deprecation warning #​8912
• Fix bundle update foo unable to update foo in an edge case #​8897
• Fix Bundler printing more flags than actually passed in verbose mode #​8914
• Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #​8872
• Cancel deprecation of --force flag to bundle install and bundle update #​8843

Security:

• Bump up vendored URI to 1.0.4 #​9031

Breaking changes:

• Fix triple spacing when generating lockfile #​9076
• Hide patchlevel from lockfile #​7772
• Remove bundler_4_mode #​9038
• Pick and add extra changes for 4.0.0 version #​9018
• Replaced Bundler::SharedHelpers.major_deprecation to feature_removed! or feature_deprecated! #​9016
• Removed legacy_check option from SpecSet#for #​9015
• Make update_requires_all_flag to settings #​9011
• Make default cli command settings #​9010
• Make global_gem_cache flag to settings #​9009
• Consolidate removal of Bundler.rubygems.all_specs #​9008
• Consolidate removal of Bundler::SpecSet#- and Bundler::SpecSet#<< #​9007
• Replaced Bundler.feature_flag.plugins? to Bundler.settings #​9006
• Make bundle show --outdated raise an error #​8980
• Make --local-git flag to bundle plugin install raise an error #​8979
• Switch cache_all to be true by default #​8975
• Completely forbid passing --ext to bundle gem without a value #​8976
• Switch lockfile_checksums to be true by default #​8981
• Make bundle install --binstubs raise an error #​8978
• Make bundle remove --install raise an error #​8977
• Remove support for multiple global sources in Gemfile & lockfile #​8968
• Remove allow_offline_install setting #​8969
• Completely remove --rubocop flag to bundle gem, and related configuration #​8967
• Completely remove all remembered CLI flags #​8958
• Remove implementation of deployment, capistrano and vlad entrypoints #​8957
• Remove deprecated Bundler.*clean*, and Bundler.environment helpers #​8924
• Remove deprecated bundle viz and bundle inject commands #​8923
• Removed to workaround for Bundler 2.2 #​8903

Documentation:

• Unified UPGRADING.md and extract blog.rubygems.org #​9148
• Remove italic formatting from changelog section headers #​9128
• Small clarifications to Bundler 4 upgrade docs #​8964
• Improve documentation of bundle doctor, bundle plugin, and bundle config #​8919
• Make sure all CLI flags and subcommands are documented #​8861
• Clarify documentation about new default gem installation directory in Bundler 4 #​8857
• Use mailto link in Code of Conduct #​8849
• Update Code of Conduct email to conduct@rubygems.org #​8848
• Add missing link to irb repo in DEBUGGING.md #​8842

v2.7.2

Compare Source

Enhancements:

• Improve error message when the same source is specified through gemspec and path #​8460
• Raise an error in frozen mode if some registry gems have empty checksums #​8888
• Bump vendored thor to 1.4.0 #​8883
• Delay default path and global cache changes to Bundler 5 #​8867
• Fix spacing in bundle gem newgem.gemspec.tt #​8865

Bug fixes:

• Fix bundle cache --frozen and bundle cache --no-prune not printing a deprecation message #​8926
• Fix local installation incorrectly forced if there's a vendor/cache directory and frozen mode is set #​8925
• Fix bundle lock --update <gem> with --lockfile flag updating all gems #​8922
• Fix bundle show --verbose and recommend it as an alternative to bundle show --outdated #​8915
• Fix bundle cache --no-all not printing a deprecation warning #​8912
• Fix bundle update foo unable to update foo in an edge case #​8897
• Fix Bundler printing more flags than actually passed in verbose mode #​8914
• Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile #​8872

Documentation:

• Improve documentation of bundle doctor, bundle plugin, and bundle config #​8919
• Make sure all CLI flags and subcommands are documented #​8861

v2.7.1

Compare Source

Enhancements:

• Add some missing deprecation messages #​8844

Bug fixes:

• Cancel deprecation of --force flag to bundle install and bundle update #​8843

Documentation:

• Clarify documentation about new default gem installation directory in Bundler 4 #​8857
• Use mailto link in Code of Conduct #​8849
• Update Code of Conduct email to conduct@rubygems.org #​8848
• Add missing link to irb repo in DEBUGGING.md #​8842

v2.7.0

Compare Source

Breaking changes:

• Stop allowing calling #gem on random objects #​8819
• Remove path_relative_to_cwd setting #​8815
• Remove the default_install_uses_path and auto_clean_without_path settings #​8814
• Remove print_only_version_number setting #​8799
• Drop support for Ruby 3.1 #​8634
• Raise an error if incompatible or merge if compatible when a gemspec development dep is duplicated in Gemfile #​8556
• Remove MD5 digesting of compact index responses #​8530
• Stop generating binstubs for Bundler itself #​8345

Deprecations:

• Deprecate unused Bundler::SpecSet methods #​8777
• Deprecate x64-mingw32 in favour of x64-mingw-ucrt #​8733
• Deprecate legacy windows platforms (:mswin, :mingw) in Gemfile DSL in favor of :windows #​8447
• Deprecate CurrentRuby#maglev? and other related maglev methods #​8452

Features:

• Allow simulating "Bundler 4 mode" more easily #​6472

Performance:

• Cache git sources with commit SHA refs #​8741

Enhancements:

• Load RubyGems extensions in the first place #​8835
• Update gemspec based on provided github username when exists #​8790
• Fail fast when connection errors happen #​8784
• Introduce a verbose setting to enable verbose output for all commands #​8801
• Introduce gem.bundle setting to run bundle install automatically after bundle gem, and make it the default #​8671
• Handle Errno::EADDRNOTAVAIL errors gracefully #​8776
• Use persist-credentials: false in workflow generated by bundle gem #​8779
• Recognize JRuby loaded from a classloader, not just any JAR #​8567
• Validate lockfile dependencies with bundle install #​8666
• Ignore local specifications if they have incorrect dependencies #​8647
• Move most of Bundler::GemHelpers to Gem::Platform #​8703
• Improve spec.files in the .gemspec template #​8732

Bug fixes:

• Fix double bundle gem prompts #​8825
• Fix date displayed in bundle version help text #​8806
• Fix bundle console printing bug report template on NameError during require #​8804
• Fix Bundler.original_env['GEM_HOME'] when Bundler is trampolined #​8781
• Fix rdoc issues when running gem commands in a bundle exec context #​8770
• Never ignore gems from path sources during activation #​8766
• Fix bundle install after pinning a git source with subgems #​8745
• Let bundle update --bundler upgrade bundler even if restarts are disabled #​8729

Documentation:

• Rewrite and complete UPGRADING document #​8817
• Document that global_gem_cache also caches compiled extensions #​8823
• Add default_cli_command documentation #​8816
• Add a root CONTRIBUTING.md file #​8822
• Add a SECURITY.md file #​8812
• Update man pages for the bundle doctor ssl subcommand #​8803
• Remove duplicate documentation for --changelog flag #​8756
• Fix typos making some lists in documentation render incorrectly #​8759
• Fix heading ranks in documentation #​8711
• Clarify differences between frozen and deployment settings, and other bundle-config documentation improvements #​8715

v2.6.9

Compare Source

Enhancements:

• Fix doctor command parsing of otool output #​8665
• Add SSL troubleshooting to bundle doctor #​8624
• Let bundle lock --normalize-platforms remove invalid platforms #​8631

Bug fixes:

• Fix bundle lock sometimes allowing invalid platforms into the lockfile #​8630
• Fix false positive warning about insecure materialization in frozen mode #​8629

v2.6.8

Compare Source

Enhancements:

• Refine bundle update --verbose logs #​8627
• Improve bug report instructions #​8607

Bug fixes:

• Fix bundle update crash in an edge case #​8626
• Fix bundle lock --normalize-platforms regression #​8620

v2.6.7

Compare Source

Enhancements:

• Fix crash when server compact index API implementation only lists versions #​8594
• Fix lockfile when a gem ends up accidentally under two different sources #​8579
• Refuse to install and print an error in frozen mode if some entries are missing in CHECKSUMS lockfile section #​8563
• Support git 2.49 #​8581
• Improve wording of a few messages #​8570

Bug fixes:

• Fix bundle add sometimes generating invalid lockfiles #​8586

Performance:

• Implement pub_grub strategy interface #​8589
• Update vendored pub_grub #​8571

v2.6.6

Compare Source

Enhancements:

• Fix ENAMETOOLONG error when creating compact index cache #​5578
• Use shorthand hash syntax for bundle add #​8547
• Update vendored uri to 1.0.3 #​8534
• Retry gracefully on blank partial response in compact index #​8524
• Give a better error when trying to write the lock file on a read-only filesystem #​5920
• Improve log messages when lockfile platforms are added #​8523
• Allow noop bundle install to work on read-only or protected folders #​8519

Bug fixes:

• Detect partial gem installs from a git source so that they are reinstalled on a successive run #​8539
• Modify bundle doctor to not report issue when files aren't writable #​8520

Performance:

• Optimize resolution by removing an array allocation from Candidate#<=> #​8559

Documentation:

• Update docs for with/without consistency #​8555
• Recommend non-deprecated methods in bundle exec documentation #​8537
• Hint about default group when using only configuration option #​8536

v2.6.5

Compare Source

Enhancements:

• Fix lockfile platforms inconveniently added on JRuby #​8494

Bug fixes:

• Fix resolver issue due to ill-defined version ranges being created #​8503
• Make sure empty gems are not reinstalled every time #​8502

v2.6.4

Compare Source

Enhancements:

• Make Bundler never instantiate development dependencies #​8486
• Fix some invalid options to gem DSL not getting reported as invalid #​8480
• Add irb to a Gemfile for a newly created gem #​8467
• Auto-heal empty installation directory #​8457
• Fix bundle console unnecessarily trying to load IRB twice #​8443
• Add ruby_34 and ruby_35 as valid platform: #​8430
• Consider gems under platform: :windows filter in Gemfile when running on Windows with ARM architecture #​8428

Bug fixes:

• Fix regression when running bundle update <foo> would sometimes downgrade a top level dependency #​8491
• Fix dependency locking when Bundler finds incorrect lockfile dependencies #​8489
• Raise error when lockfile is missing deps in frozen mode #​8483
• Fix bundle install --prefer-local sometimes installing very old versions #​8484
• Fix incorrect error message when running bundle update in frozen mode #​8481
• Keep platform variants in vendor/cache even if incompatible with the current Ruby version #​8471
• Fix bundle console printing bug report template incorrectly #​8436
• Fix --prefer-local not respecting default gems #​8412

Performance:

• Improve resolution performance #​8458

Documentation:

• Fix more broken links #​8416

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.