chore(deps): update dependency bundler from v2.3.27 to '~> 2.5.0'

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bundler (source, changelog)	'~> 2.3.22' -> '~> 2.5.0'

---

Release Notes

rubygems/rubygems (bundler)

v2.5.6

Compare Source

Deprecations:

• Refactor lockfile generation and deprecate Definition#lock with explicit lockfile #​7047

Enhancements:

• Bump required_ruby_version to be used in bundle gem template #​7430

Bug fixes:

• Fix musl platform not being added to the lockfile #​7441
• Let Bundler.with_original_env properly restore env variables originally empty #​7383

v2.5.5

Compare Source

Bug fixes:

• Fix development dependency not being added if introduced by two gemspecs #​7358
• Fix ETag quoting regression in If-None-Match header of compact index request #​7352

Documentation:

• Refer to underscores as underscores #​7364

v2.5.4

Compare Source

Bug fixes:

• Fix resolution when different platform specific gems have different dependencies #​7324

v2.5.3

Compare Source

Bug fixes:

• Fix incorrect error when Gemfile overrides a gemspec development dependency #​7319

v2.5.2

Compare Source

Enhancements:

• Avoid vendored thor gem polluting the global namespace #​7305

Bug fixes:

• Fix bundle update --bundler when latest version does not support current ruby #​7310
• Fix incorrect lockfiles being generated in some situations #​7307
• Fix incorrect re-resolve messages #​7306

v2.5.1

Compare Source

Bug fixes:

• Fix ruby Gemfile DSL with file: parameter no longer working #​7288

Performance:

• Save array allocation for every dependency in Gemfile #​7270

v2.5.0

Compare Source

Breaking changes:

• Drop ruby 2.6 and 2.7 support #​7116
• The :mswin, :mswin64, :mingw, and :x64_mingw Gemfile platform values are soft-deprecated and aliased to :windows #​6391

Features:

• Leverage ruby feature to warn when requiring default gems not included in the bundle that will be turned into bundled gems in the future #​6831
• Introduce bundle config set version feature to choose the version of Bundler that should be used and potentially disable using the lockfile version by setting it to system #​6817

Performance:

• Use match? when regexp match data is unused #​7263
• Avoid some allocations when evaluating ruby Gemfile DSL #​7251
• Reduce array allocations when loading definition #​7199
• Avoid re-compiling static regexp in a loop #​7198
• Reduce allocations when installing gems with bundler #​6977
• Use a shared connection pool for fetching gems #​7079
• Reduce allocations when parsing compact index #​6971

Enhancements:

• Add 3.4 as a supported ruby version in Gemfile DSL #​7264
• Improve install advice when some gems are not found #​7265
• Vendor net-http, net-protocol, resolv, and timeout to reduce conflicts between Gemfile gems and internal dependencies #​6793
• Allow bundle pristine to run in parallel #​6927
• Make bundle lock always touch the lockfile in non-frozen mode #​7220
• Use Minitest::TestTask in a template file for minitest #​7234
• Add missing services to CI detection and make it consistent between RubyGems and Bundler #​7205
• Allow auto-install to install missing git gems #​7197
• Stop remembering cli flags like --jobs or --retry in configuration #​7191
• Simplify remembered flags deprecation message #​7189
• Make sure to require "rubygems" explicitly #​7139
• Handle development dependencies duplicated in gemspec vs Gemfile #​6014
• Make lockfiles generated on macOS include a lock for Linux by default #​5700
• Only add a dummy bundler spec to the metadata source when necessary #​4443

Bug fixes:

• Resolve ruby file: ".ruby-version" relative to containing Gemfile #​7250
• Implement opaque ETag in Compact Index to avoid falling back to old index in servers with different etag implementations #​7122
• Fix bundle install --system deprecation advice #​7190
• Fix invalid platform removal missing adjacent platforms #​7170

Documentation:

• Add missing --prefer-local to Synopsis in bundle-install.1.ronn #​7194
• Update GitHub organization of Standard Ruby in bundle gem output and generated configuration #​6818
• Replace "prior to" with "immediately after" in bundle gem generated README file #​6338

v2.4.22

Compare Source

Enhancements:

• Add Bundler::Plugin.loaded? helper #​6964
• Give better error when previous installation folder is insecure to remove #​7030
• Set file path when eval-ing local specification in EndpointSpecification #​7106
• Git ignore the proper files for the CI service selected for bundle gem #​7101
• Update vendored thor to v1.3.0 #​7078
• Restore using old way of passing Ruby version to resolver #​7066
• Bump vendored net-http-persistent to 4.0.2 #​6787

Bug fixes:

• Fix regression when installing native extensions on universal rubies #​7077
• Only remove bundler plugin gem when it's inside the cache #​7001
• Don't show bug report template when GEM_HOME has no writable bit #​7113
• Fix regression in old git versions #​7114
• Handle empty array at built-in YAML serializer #​7099
• Fix force_ruby_platform: when the lockfile only locks the ruby platform #​6936

v2.4.21

Compare Source

Enhancements:

• Avoid duplicates -rbundler/setup in RUBYOPT with Ruby preview #​7002
• Prevent gem activation in standalone mode #​6925
• Support Ruby's preview version format (Ex: 3.3.0-preview2) in Gemfile #​7016
• Fix bundle install when older revisions of git source #​6980
• Remove usage of Dir.chdir that only execute a subprocess #​6930

Bug fixes:

• Don't delete the release version from pre-release string more than once #​7054
• Make the lock command not be affected by the frozen setting #​7034
• Raise an error when adding a gem incompatible with some locked platform #​7035
• Re-resolve when lockfile is invalid #​7020
• Don't re-resolve with prereleases if unlocked gem has no prereleases #​7021
• Include gemspec in ExtensionTask for native gem tasks #​7015
• Avoid error reporting relative path when validating frozen #​5128
• Fix bundle lock --minor --update <dep> edge case #​6992
• Stop bundler eagerly loading all specs with exts #​6945

Performance:

• Reduce allocations when parsing lockfile #​6976
• Stop allocating the same settings keys repeatedly #​6963

Documentation:

• Improve formatting and global source information in bundle plugin man page #​7045
• Update man page of bundle exec to reflect default true of flag --keep-file-descriptors #​7033

v2.4.20

Compare Source

Enhancements:

• Bump actions/checkout to v4 in bundler gem template #​6966
• Add support for the ruby-3.2.2 format in the ruby file: Gemfile directive, and explicitly test the 3.2.2@​gemset format as rejected #​6954
• Support ruby file: ".tool-versions" in Gemfile #​6898
• Unify LockfileParser loading of SPECS section #​6933
• Only check circular deps when dependency api is available, not on full index sources #​6919

Bug fixes:

• Allow standalone mode to work on a Windows edge case #​6989
• Fix bundle outdated crashing when both ref and branch specified for a git gem in Gemfile #​6959
• Fix bundle update --redownload #​6924
• Fixed malformed bundler version in lockfile making Bundler crash #​6920
• Fix standalone install crashing when using legacy gemfiles with multiple global sources #​6918
• Resolve ruby version file relative to bundle root #​6892

Performance:

• Lazily construct fetcher debug messages #​6973
• Avoid allocating empty hashes in Index #​6962
• Improve Bundler::Index efficiency by removing unnecessary creation and dups #​6931
• (Further) Improve Bundler::Settings#[] performance and memory usage #​6923
• Don't use full indexes unnecessarily on legacy Gemfiles #​6916
• Improve memory usage in Bundler::Settings, and thus improve boot time #​6884

v2.4.19

Compare Source

Enhancements:

• Add file option to ruby method in Gemfile #​6876
• Show better error when PAT can't authenticate to a private server #​6871
• Don't fallback to old dependency API when bad credentials are configured #​6869

Bug fixes:

• Fix git source conservativeness #​6850

Documentation:

• Clarify that bundle info takes a gem name #​6875

v2.4.18

Compare Source

Security:

• Merge URI-0.12.2 for Bundler #​6779

Enhancements:

• Update Magnus version in Rust extension gem template #​6843

Documentation:

• Update bundle-outdated(1) man to use table output #​6833

v2.4.17

Compare Source

Enhancements:

• Avoid printing "Using ..." messages when version has not changed #​6804

Bug fixes:

• Fix bundler/setup unintendedly writing to the filesystem #​6814

v2.4.16

Compare Source

Bug fixes:

• Exclude Bundler from missing locked dependencies check #​6792
• Fix another incorrect removal of "ruby" platform from lockfile when changing path sources #​6784
• Fix git source lockfile instability #​6786

Documentation:

• gemfile.5: Code format the default glob to escape Markdown #​6790

v2.4.15

Compare Source

Enhancements:

• Improve edge case error message #​6733

Bug fixes:

• Fix bundle lock --update --bundler #​6213

v2.4.14

Compare Source

Enhancements:

• Stop publishing Gemfile in default gem template #​6723
• Avoid infinite loops when hitting resolution bugs #​6722
• Make LockfileParser usable with just a lockfile #​6694
• Always rely on $LOAD_PATH when jumping from exe/ to lib/ #​6702
• Make frozen setting take precedence over deployment setting #​6685
• Show an error when trying to update bundler in frozen mode #​6684

Bug fixes:

• Fix deployment vs path precedence #​6703
• Fix inline mode with multiple sources #​6699

v2.4.13

Compare Source

Bug fixes:

• Fix unexpected fallbacks to full index by adding FalseClass and Time to the SafeMarshal list #​6655

Documentation:

• Fix broken hyperlinks in bundle cache documentation #​6606

v2.4.12

Compare Source

Enhancements:

• Remove reference to pry gem from generated bin/console file #​6515

v2.4.11

Compare Source

Security:

• Use URI-0.12.1 (safe against CVE-2023-28755 ReDoS vulnerability) #​6558

Enhancements:

• Remove one fallback to full indexes on big gemfiles #​6578
• Generate native gems with -fvisibility=hidden #​6541

Bug fixes:

• Fix resolver hangs when dealing with an incomplete lockfile #​6552
• Fix prereleases not being considered by gem version promoter when there's no lockfile #​6537

v2.4.10

Compare Source

Bug fixes:

• Fix some unnecessary top level dependency downgrades #​6535
• Fix incorrect ruby platform removal from lockfile when adding Gemfile dependencies #​6540
• Fix installing plugins in frozen mode #​6543
• Restore "enumerability" of SpecSet #​6532

v2.4.9

Compare Source

Security:

• Don't recommend --full-index on errors #​6493

Enhancements:

• Fix duplicated specs in some error messages #​6475
• When running bundle lock --update <name>, checkout locked revision of unrelated git sources directly #​6459
• Avoid expiring git sources when unnecessary #​6458
• Use RbSys::ExtensionTask when creating new rust gems #​6352
• Don't ignore pre-releases when there's only one candidate #​6441

Bug fixes:

• Fix incorrect removal of ruby platform when auto-healing corrupted lockfiles #​6495
• Don't consider platform specific candidates when force_ruby_platform set #​6442
• Better deal with circular dependencies #​6330

Documentation:

• Add debugging docs #​6387
• Document our current release policy #​6450

v2.4.8

Compare Source

Security:

• Safe load all marshaled data #​6384

Enhancements:

• Better suggestion when bundler/setup fails due to missing gems and Gemfile is not the default #​6428
• Simplify the gem package file filter in the gemspec template #​6344
• Auto-heal corrupted Gemfile.lock with no specs #​6423
• Auto-heal on corrupted lockfile with missing deps #​6400
• Give a better message when Gemfile branch does not exist #​6383

Bug fixes:

• Respect --no-install option for git: sources #​6088
• Fix gems.rb lockfile for bundler version lookup in template #​6413

Documentation:

• Switch supporting explanations to all Ruby Central #​6419

v2.4.7

Compare Source

Enhancements:

• Add --gemfile flag to bundle init to configure gemfile name to generate #​6046
• Improve solve failure explanations by using better wording #​6366
• Restore better error message when locked ref does not exist #​6356
• Avoid crashing when installing from a corrupted lockfile #​6355
• Improve wording of unmet dependencies warning #​6357
• Add Ruby 3.2 and 3.3 platforms to Gemfile DSL #​6346

Bug fixes:

• Fix crash in pub grub involving empty ranges #​6365
• Make gemspec file generated by bundle gem properly exclude itself from packaged gem #​6339
• Preserve relative path sources in standalone setup #​6327

v2.4.6

Compare Source

Enhancements:

• Don't warn on bundle binstubs --standalone --all #​6312

Bug fixes:

• Don't undo require decorations made by other gems #​6308
• Fix bundler/inline not properly installing gems with extensions when used more than once #​6306
• Fix bundler/inline not skipping installation when gems already there, when used more than once #​6305

v2.4.5

Compare Source

Bug fixes:

• Fix bundler/inline not resolving properly if gems not preinstalled #​6282
• Fix packages for external platforms being introduced in lockfile when Bundler retries resolution #​6285

Documentation:

• Update bundle-exec man page to not use deprecated Bundler.with_clean_env #​6284

v2.4.4

Compare Source

Bug fixes:

• Fix platform specific gems removed from the lockfile #​6266
• Properly handle incompatibilities on platform specific gems #​6270
• Optimistically exclude prereleases from initial resolution #​6246
• Fix another case of not properly falling back to ruby variant when materializing #​6261
• Skip setting BUNDLER_SETUP on Ruby 2.6 #​6252
• Let resolver deal with legacy gems with equivalent version and different dependencies #​6219

v2.4.3

Compare Source

Enhancements:

• Enhance bundle open command to allow opening subdir/file of gem #​6146

Bug fixes:

• Fix pointing GitHub sources to PRs #​6241
• Fix version ranges incorrectly handling platforms #​6240
• Cleanup unnecessary gems when removing lockfile platforms #​6234
• When auto-removing RUBY platform don't add specific platform if not needed #​6233
• Fallback to selecting installable candidates if possible when materializing specs #​6225

Documentation:

• Fix several typos #​6224

v2.4.2

Compare Source

Enhancements:

• Add Bundler::Plugin.loaded? helper #​6964
• Give better error when previous installation folder is insecure to remove #​7030
• Set file path when eval-ing local specification in EndpointSpecification #​7106
• Git ignore the proper files for the CI service selected for bundle gem #​7101
• Update vendored thor to v1.3.0 #​7078
• Restore using old way of passing Ruby version to resolver #​7066
• Bump vendored net-http-persistent to 4.0.2 #​6787

Bug fixes:

• Fix regression when installing native extensions on universal rubies #​7077
• Only remove bundler plugin gem when it's inside the cache #​7001
• Don't show bug report template when GEM_HOME has no writable bit #​7113
• Fix regression in old git versions #​7114
• Handle empty array at built-in YAML serializer #​7099
• Fix force_ruby_platform: when the lockfile only locks the ruby platform #​6936

v2.4.1

Compare Source

Enhancements:

• Add file option to ruby method in Gemfile #​6876
• Show better error when PAT can't authenticate to a private server #​6871
• Don't fallback to old dependency API when bad credentials are configured #​6869

Bug fixes:

• Fix git source conservativeness #​6850

Documentation:

• Clarify that bundle info takes a gem name #​6875

v2.4.0

Compare Source

Security:

• In README generated by bundle gem, do not fill rubygems.org install commands with the gem name automatically #​6093
• Use safe Marshal deserialization for dependency API response #​6141

Breaking changes:

• Remove Travis CI from gem skeleton #​6150
• Drop support for Ruby 2.3, 2.4, 2.5 and RubyGems 2.5, 2.6, 2.7 #​6107
• Completely remove "auto-sudo" feature #​5888

Deprecations:

• Turn --ext option of bundle gem into string. Deprecate usage without explicit value #​6144

Features:

• Add --ext=rust support to bundle gem for creating simple gems with Rust extensions #​6149
• Migrate our resolver engine to PubGrub #​5960

Performance:

• Make cloning git repos faster #​4475

Enhancements:

• Add bundle lock --update --bundler #​6134
• Support for pre flag in bundle update/bundle lock #​5258
• Improve error message when changing Gemfile to a mistyped git ref #​6130
• Remove special handling of some LoadError and NoMethodError #​6115

Bug fixes:

• Don't unlock dependencies of a gemspec when its version changes #​6184
• Fix platform specific version for libv8-node and other allowlisted gems not being chosen in Truffleruby #​6169
• Fix bundle outdated with both --groups and --parseable flags #​6148
• Auto-heal lockfile when it's missing specs #​6132
• Fix unintentional downgrades when gemspec DSL is used #​6131
• Fix display of previous gem version when previously downloaded already #​6110
• Fix hang when a lockfile gem does not resolve on the current platform #​6070

Documentation:

• Improve Bundler setup docs for development #​6154
• Fx link in bundle-platform man page #​6071

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock

Could not find gem 'bundler'.
Did you mean builder?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud