bundler 4.0.0.beta1 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ea78831fde425df537d3ff1df353f5a3aca9f487ce4afa9e46299fa9dc97156
-  data.tar.gz: 6a00156d2407d372ee1e53ea9e8410a47c3ab253f022316001781e051c9cdb48
+  metadata.gz: ff773a79d243042d8e5f038f26bed5bb2d2b7278b8c1917874e63d5a49824c33
+  data.tar.gz: b201596e375da2a5928dc5a907f11af3a6f2327730b20e54bcb00a1ac7f731d3
 SHA512:
-  metadata.gz: b019a26c02b28e3f2e9d09dc52651549395248978130e40413800ebd738140bc3451639a112a0475a4cfa43818798aaff4d88b0105633e035133f7cc985d3003
-  data.tar.gz: dead007ff8a70c1bde02642b9c22c4eeb038cddb9751d175c4106ad030284ed2a71b84f4861e23e83d9be48e47bf3c5085e0ba0e80d9a10902ce042b6a78939b
+  metadata.gz: 9c8b6e998ebb4a1c77d35148a1ff2ceaf04061552080db9dca5d39c743980d285142139cb469f5e8ea4640259314e2300c3397460594d7b795c7e5c426ed191a
+  data.tar.gz: 0d6f774a34a05a23074b74e19d6a776c8d771affe729aa83292df730d28bb5e80b038c6c16645198f6dd29c11c2d9da49f589291fc85370813596910cc967bad

data/CHANGELOG.md

@@ -1,6 +1,62 @@
 # Changelog
 
-## 4.0.0.beta1 (2025-11-20)
+## 4.0.0 (2025-12-03)
+
+### Features:
+
+  - Support bundle install --lockfile option [#9111](https://github.com/ruby/rubygems/pull/9111)
+  - Add support for lockfile in Gemfile and bundle install --no-lock [#9059](https://github.com/ruby/rubygems/pull/9059)
+  - Add `--ext=go` to `bundle gem` [#8183](https://github.com/ruby/rubygems/pull/8183)
+  - Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS [#9058](https://github.com/ruby/rubygems/pull/9058)
+  - Introduce `bundle list --format=json` [#8728](https://github.com/ruby/rubygems/pull/8728)
+
+### Performance:
+
+  - Run git operations in parallel to speed things up: [#9100](https://github.com/ruby/rubygems/pull/9100)
+  - Replace instance method look up in plugin installer [#9094](https://github.com/ruby/rubygems/pull/9094)
+  - Adjust the API_REQUEST_LIMIT to make less network roundtrip [#9071](https://github.com/ruby/rubygems/pull/9071)
+
+### Enhancements:
+
+  - Make BUNDLE_LOCKFILE environment variable have precedence over lockfile method in Gemfile [#9146](https://github.com/ruby/rubygems/pull/9146)
+  - Improve banner message for the default command [#9145](https://github.com/ruby/rubygems/pull/9145)
+  - Introduce `install_or_cli_help` and use it default `bundle` command [#9136](https://github.com/ruby/rubygems/pull/9136)
+  - Add go_gem/rake_task for Go native extension gem skeleton [#9105](https://github.com/ruby/rubygems/pull/9105)
+  - Warn users that `bundle` now display the help: [#9092](https://github.com/ruby/rubygems/pull/9092)
+  - Use DidYouMean::SpellChecker for gem suggestions in Bundler [#3857](https://github.com/ruby/rubygems/pull/3857)
+  - Update all vendored libraries to latest version [#9089](https://github.com/ruby/rubygems/pull/9089)
+  - We don't need to allow some warning now [#9074](https://github.com/ruby/rubygems/pull/9074)
+  - Support to embedded Pathname [#9056](https://github.com/ruby/rubygems/pull/9056)
+  - Enforce activation of irb when running with bundle console [#9033](https://github.com/ruby/rubygems/pull/9033)
+  - Update Magnus version in Rust extension gem template [#9025](https://github.com/ruby/rubygems/pull/9025)
+  - Add checksum of gems hosted on private servers: [#9004](https://github.com/ruby/rubygems/pull/9004)
+  - Loading support on Windows [#8254](https://github.com/ruby/rubygems/pull/8254)
+  - Improve error message when the same source is specified through `gemspec` and `path` [#8460](https://github.com/ruby/rubygems/pull/8460)
+  - Raise an error in frozen mode if some registry gems have empty checksums [#8888](https://github.com/ruby/rubygems/pull/8888)
+  - Bump vendored thor to 1.4.0 [#8883](https://github.com/ruby/rubygems/pull/8883)
+  - Delay default path and global cache changes to Bundler 5 [#8867](https://github.com/ruby/rubygems/pull/8867)
+  - Fix spacing in bundle gem newgem.gemspec.tt [#8865](https://github.com/ruby/rubygems/pull/8865)
+  - Add some missing deprecation messages [#8844](https://github.com/ruby/rubygems/pull/8844)
+
+### Bug fixes:
+
+  - Fixed checksums generation issue when no source is specified [#9133](https://github.com/ruby/rubygems/pull/9133)
+  - Check for file existence before deletion from cache [#9095](https://github.com/ruby/rubygems/pull/9095)
+  - Use method_defined?(:method, false) [#9098](https://github.com/ruby/rubygems/pull/9098)
+  - Handle BUNDLER_VERSION being set to an empty string [#6928](https://github.com/ruby/rubygems/pull/6928)
+  - Fix `bundle install` when the Gemfile contains "install_if" git gems: [#8992](https://github.com/ruby/rubygems/pull/8992)
+  - Fix installation issue related to path sources and precompiled gems [#8973](https://github.com/ruby/rubygems/pull/8973)
+  - Fix outdated lockfile during `bundle lock` when source changes [#8962](https://github.com/ruby/rubygems/pull/8962)
+  - Raise error on missing version file [#8963](https://github.com/ruby/rubygems/pull/8963)
+  - Fix `bundle cache --frozen` and `bundle cache --no-prune` not printing a deprecation message [#8926](https://github.com/ruby/rubygems/pull/8926)
+  - Fix local installation incorrectly forced if there's a `vendor/cache` directory and frozen mode is set [#8925](https://github.com/ruby/rubygems/pull/8925)
+  - Fix `bundle lock --update <gem>` with `--lockfile` flag updating all gems [#8922](https://github.com/ruby/rubygems/pull/8922)
+  - Fix `bundle show --verbose` and recommend it as an alternative to `bundle show --outdated` [#8915](https://github.com/ruby/rubygems/pull/8915)
+  - Fix `bundle cache --no-all` not printing a deprecation warning [#8912](https://github.com/ruby/rubygems/pull/8912)
+  - Fix `bundle update foo` unable to update foo in an edge case [#8897](https://github.com/ruby/rubygems/pull/8897)
+  - Fix Bundler printing more flags than actually passed in verbose mode [#8914](https://github.com/ruby/rubygems/pull/8914)
+  - Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile [#8872](https://github.com/ruby/rubygems/pull/8872)
+  - Cancel deprecation of `--force` flag to `bundle install` and `bundle update` [#8843](https://github.com/ruby/rubygems/pull/8843)
 
 ### Security:
 
@@ -14,14 +70,12 @@
   - Pick and add extra changes for 4.0.0 version [#9018](https://github.com/ruby/rubygems/pull/9018)
   - Replaced Bundler::SharedHelpers.major_deprecation to feature_removed! or feature_deprecated! [#9016](https://github.com/ruby/rubygems/pull/9016)
   - Removed legacy_check option from SpecSet#for [#9015](https://github.com/ruby/rubygems/pull/9015)
-  - Removed deprecated legacy windows platform support [#9013](https://github.com/ruby/rubygems/pull/9013)
   - Make update_requires_all_flag to settings [#9011](https://github.com/ruby/rubygems/pull/9011)
   - Make default cli command settings [#9010](https://github.com/ruby/rubygems/pull/9010)
   - Make global_gem_cache flag to settings [#9009](https://github.com/ruby/rubygems/pull/9009)
   - Consolidate removal of `Bundler.rubygems.all_specs` [#9008](https://github.com/ruby/rubygems/pull/9008)
   - Consolidate removal of `Bundler::SpecSet#-` and `Bundler::SpecSet#<<` [#9007](https://github.com/ruby/rubygems/pull/9007)
   - Replaced Bundler.feature_flag.plugins? to Bundler.settings [#9006](https://github.com/ruby/rubygems/pull/9006)
-  - Switch to 4.0.0.dev in development version [#9002](https://github.com/ruby/rubygems/pull/9002)
   - Make `bundle show --outdated` raise an error [#8980](https://github.com/ruby/rubygems/pull/8980)
   - Make `--local-git` flag to `bundle plugin install` raise an error [#8979](https://github.com/ruby/rubygems/pull/8979)
   - Switch `cache_all` to be `true` by default [#8975](https://github.com/ruby/rubygems/pull/8975)
@@ -38,40 +92,17 @@
   - Remove deprecated `bundle viz` and `bundle inject` commands [#8923](https://github.com/ruby/rubygems/pull/8923)
   - Removed to workaround for Bundler 2.2 [#8903](https://github.com/ruby/rubygems/pull/8903)
 
-### Features:
-
-  - Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS [#9058](https://github.com/ruby/rubygems/pull/9058)
-  - Introduce `bundle list --format=json` [#8728](https://github.com/ruby/rubygems/pull/8728)
-
-### Performance:
-
-  - Replace instance method look up in plugin installer [#9094](https://github.com/ruby/rubygems/pull/9094)
-  - Adjust the API_REQUEST_LIMIT to make less network roundtrip [#9071](https://github.com/ruby/rubygems/pull/9071)
-
-### Enhancements:
-
-  - Use DidYouMean::SpellChecker for gem suggestions in Bundler [#3857](https://github.com/ruby/rubygems/pull/3857)
-  - Update all vendored libraries to latest version [#9089](https://github.com/ruby/rubygems/pull/9089)
-  - We don't need to allow some warning now [#9074](https://github.com/ruby/rubygems/pull/9074)
-  - Shell out fewer times [#9068](https://github.com/ruby/rubygems/pull/9068)
-  - Build gems directly instead of shelling out [#9053](https://github.com/ruby/rubygems/pull/9053)
-  - Support to embedded Pathname [#9056](https://github.com/ruby/rubygems/pull/9056)
-  - Forcely activate irb when running with bundle console [#9033](https://github.com/ruby/rubygems/pull/9033)
-  - Update Magnus version in Rust extension gem template [#9025](https://github.com/ruby/rubygems/pull/9025)
-  - Postpone to remove legacy mingw platform [#9023](https://github.com/ruby/rubygems/pull/9023)
-  - Add checksum of gems hosted on private servers: [#9004](https://github.com/ruby/rubygems/pull/9004)
-  - Loading support on Windows [#8254](https://github.com/ruby/rubygems/pull/8254)
-
-### Bug fixes:
-
-  - Fix `bundle install` when the Gemfile contains "install_if" git gems: [#8992](https://github.com/ruby/rubygems/pull/8992)
-  - Fix installation issue related to path sources and precompiled gems [#8973](https://github.com/ruby/rubygems/pull/8973)
-  - Fix outdated lockfile during `bundle lock` when source changes [#8962](https://github.com/ruby/rubygems/pull/8962)
-  - Raise error on missing version file [#8963](https://github.com/ruby/rubygems/pull/8963)
-
 ### Documentation:
 
+  - Unified UPGRADING.md and extract blog.rubygems.org [#9148](https://github.com/ruby/rubygems/pull/9148)
+  - Remove italic formatting from changelog section headers [#9128](https://github.com/ruby/rubygems/pull/9128)
   - Small clarifications to Bundler 4 upgrade docs [#8964](https://github.com/ruby/rubygems/pull/8964)
+  - Improve documentation of `bundle doctor`, `bundle plugin`, and `bundle config` [#8919](https://github.com/ruby/rubygems/pull/8919)
+  - Make sure all CLI flags and subcommands are documented [#8861](https://github.com/ruby/rubygems/pull/8861)
+  - Clarify documentation about new default gem installation directory in Bundler 4 [#8857](https://github.com/ruby/rubygems/pull/8857)
+  - Use mailto link in Code of Conduct [#8849](https://github.com/ruby/rubygems/pull/8849)
+  - Update Code of Conduct email to conduct@rubygems.org [#8848](https://github.com/ruby/rubygems/pull/8848)
+  - Add missing link to `irb` repo in DEBUGGING.md [#8842](https://github.com/ruby/rubygems/pull/8842)
 
 ## 2.7.2 (2025-09-09)
 

data/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2025-11-20".freeze
-    @git_commit_sha = "9be811c01a".freeze
+    @built_at = "2025-12-03".freeze
+    @git_commit_sha = "64d0dfe695".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/lib/bundler/cli/install.rb

@@ -44,6 +44,8 @@ module Bundler
       # (rather than some optimizations we perform at app runtime).
       definition = Bundler.definition(strict: true)
       definition.validate_runtime!
+      definition.lockfile = options["lockfile"] if options["lockfile"]
+      definition.lockfile = false if options["no-lock"]
 
       installer = Installer.install(Bundler.root, definition, options)
 

data/lib/bundler/cli.rb

@@ -59,17 +59,29 @@ module Bundler
     def initialize(*args)
       super
 
+      current_cmd = args.last[:current_command].name
+
       custom_gemfile = options[:gemfile] || Bundler.settings[:gemfile]
       if custom_gemfile && !custom_gemfile.empty?
         Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
-        Bundler.reset_settings_and_root!
+        reset_settings = true
+      end
+
+      # lock --lockfile works differently than install --lockfile
+      unless current_cmd == "lock"
+        custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
+        if custom_lockfile && !custom_lockfile.empty?
+          Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
+          reset_settings = true
+        end
       end
 
+      Bundler.reset_settings_and_root! if reset_settings
+
       Bundler.auto_switch
 
       Bundler.settings.set_command_option_if_given :retry, options[:retry]
 
-      current_cmd = args.last[:current_command].name
       Bundler.auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
     rescue UnknownArgumentError => e
       raise InvalidOption, e.message
@@ -108,20 +120,28 @@ module Bundler
       self.class.send(:class_options_help, shell)
     end
 
+    desc "install_or_cli_help", "Tries to run bundle install but prints a summary of bundler commands if there is no Gemfile", hide: true
+    def install_or_cli_help
+      invoke_other_command("install")
+    rescue GemfileNotFound => error
+      Bundler.ui.error error.message, wrap: true
+      invoke_other_command("cli_help")
+    end
+
     def self.default_command(meth = nil)
       return super if meth
 
-      default_cli_command = Bundler.settings[:default_cli_command]
-      return default_cli_command if default_cli_command
-
-      Bundler.ui.warn(<<~MSG)
-        In the next version of Bundler, running `bundle` without argument will no longer run `bundle install`.
-        Instead, the `help` command will be displayed.
-
-        If you'd like to keep the previous behaviour please run `bundle config set default_cli_command install --global`.
-      MSG
+      unless Bundler.settings[:default_cli_command]
+        Bundler.ui.info <<-MSG
+          In a future version of Bundler, running `bundle` without argument will no longer run `bundle install`.
+          Instead, the `cli_help` command will be displayed. Please use `bundle install` explicitly for scripts like CI/CD.
+          You can use the future behavior now with `bundle config set default_cli_command cli_help --global`,
+          or you can continue to use the current behavior with `bundle config set default_cli_command install_or_cli_help --global`.
+          This message will be removed after a default_cli_command value is set.
+        MSG
+      end
 
-      "install"
+      Bundler.settings[:default_cli_command] || "install_or_cli_help"
     end
 
     class_option "no-color", type: :boolean, desc: "Disable colorization in output"
@@ -232,8 +252,10 @@ module Bundler
     method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
     method_option "jobs", aliases: "-j", type: :numeric, banner: "Specify the number of jobs to run in parallel"
     method_option "local", type: :boolean, banner: "Do not attempt to fetch gems remotely and use the gem cache instead"
+    method_option "lockfile", type: :string, banner: "Use the specified lockfile instead of the default."
     method_option "prefer-local", type: :boolean, banner: "Only attempt to fetch gems remotely if not present locally, even if newer versions are available remotely"
     method_option "no-cache", type: :boolean, banner: "Don't update the existing gem cache."
+    method_option "no-lock", type: :boolean, banner: "Don't create a lockfile."
     method_option "force", type: :boolean, aliases: "--redownload", banner: "Force reinstalling every gem, even if already installed"
     method_option "no-prune", type: :boolean, banner: "Don't remove stale gems from the cache (removed)."
     method_option "path", type: :string, banner: "Specify a different path than the system default, namely, $BUNDLE_PATH or $GEM_HOME (removed)."
@@ -260,8 +282,10 @@ module Bundler
       end
 
       require_relative "cli/install"
+      options = self.options.dup
+      options["lockfile"] ||= ENV["BUNDLE_LOCKFILE"]
       Bundler.settings.temporary(no_install: false) do
-        Install.new(options.dup).run
+        Install.new(options).run
       end
     end
 
@@ -709,6 +733,19 @@ module Bundler
       config[:current_command]
     end
 
+    def invoke_other_command(name)
+      _, _, config = @_initializer
+      original_command = config[:current_command]
+      command = self.class.all_commands[name]
+      config[:current_command] = command
+      send(name)
+    ensure
+      config[:current_command] = original_command
+    end
+
+    def current_command=(command)
+    end
+
     def print_command
       return unless Bundler.ui.debug?
       cmd = current_command

data/lib/bundler/definition.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "lockfile_parser"
+require_relative "worker"
 
 module Bundler
   class Definition
@@ -9,6 +10,8 @@ module Bundler
       attr_accessor :no_lock
     end
 
+    attr_writer :lockfile
+
     attr_reader(
       :dependencies,
       :locked_checksums,
@@ -379,7 +382,7 @@ module Bundler
     end
 
     def write_lock(file, preserve_unknown_sections)
-      return if Definition.no_lock || file.nil?
+      return if Definition.no_lock || !lockfile || file.nil?
 
       contents = to_lock
 
@@ -536,6 +539,8 @@ module Bundler
     end
 
     def add_checksums
+      require "rubygems/package"
+
       @locked_checksums = true
 
       setup_domain!(add_checksums: true)
@@ -1100,7 +1105,23 @@ module Bundler
       @source_requirements ||= find_source_requirements
     end
 
+    def preload_git_source_worker
+      @preload_git_source_worker ||= Bundler::Worker.new(5, "Git source preloading", ->(source, _) { source.specs })
+    end
+
+    def preload_git_sources
+      sources.git_sources.each {|source| preload_git_source_worker.enq(source) }
+    ensure
+      preload_git_source_worker.stop
+    end
+
     def find_source_requirements
+      if Gem.ruby_version >= Gem::Version.new("3.3")
+        # Ruby 3.2 has a bug that incorrectly triggers a circular dependency warning. This version will continue to
+        # fetch git repositories one by one.
+        preload_git_sources
+      end
+
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)

data/lib/bundler/dsl.rb

@@ -9,8 +9,9 @@ module Bundler
 
     def self.evaluate(gemfile, lockfile, unlock)
       builder = new
+      builder.lockfile(lockfile)
       builder.eval_gemfile(gemfile)
-      builder.to_definition(lockfile, unlock)
+      builder.to_definition(builder.lockfile_path, unlock)
     end
 
     VALID_PLATFORMS = Bundler::CurrentRuby::PLATFORM_MAP.keys.freeze
@@ -38,6 +39,7 @@ module Bundler
       @gemspecs             = []
       @gemfile              = nil
       @gemfiles             = []
+      @lockfile             = nil
       add_git_sources
     end
 
@@ -101,6 +103,15 @@ module Bundler
       add_dependency(name, version, options)
     end
 
+    # For usage in Dsl.evaluate, since lockfile is used as part of the Gemfile.
+    def lockfile_path
+      @lockfile
+    end
+
+    def lockfile(file)
+      @lockfile = file
+    end
+
     def source(source, *args, &blk)
       options = args.last.is_a?(Hash) ? args.pop.dup : {}
       options = normalize_hash(options)
@@ -175,6 +186,7 @@ module Bundler
 
     def to_definition(lockfile, unlock)
       check_primary_source_safety
+      lockfile = @lockfile unless @lockfile.nil?
       Definition.new(lockfile, @dependencies, @sources, unlock, @ruby_version, @optional_groups, @gemfiles)
     end
 
@@ -415,8 +427,8 @@ module Bundler
       windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
       if windows_platforms.any?
         windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
-        removed_message = "Platform #{windows_platforms} has been removed. Please use platform :windows instead."
-        Bundler::SharedHelpers.feature_removed! removed_message
+        deprecated_message = "Platform #{windows_platforms} will be removed in the future. Please use platform :windows instead."
+        Bundler::SharedHelpers.feature_deprecated! deprecated_message
       end
 
       # Save sources passed in a key

data/lib/bundler/environment_preserver.rb

@@ -6,6 +6,7 @@ module Bundler
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
+      BUNDLE_LOCKFILE
       BUNDLER_VERSION
       BUNDLER_SETUP
       GEM_HOME

data/lib/bundler/inline.rb

@@ -44,12 +44,14 @@ def gemfile(force_latest_compatible = false, options = {}, &gemfile)
   raise ArgumentError, "Unknown options: #{opts.keys.join(", ")}" unless opts.empty?
 
   old_gemfile = ENV["BUNDLE_GEMFILE"]
+  old_lockfile = ENV["BUNDLE_LOCKFILE"]
 
   Bundler.unbundle_env!
 
   begin
     Bundler.instance_variable_set(:@bundle_path, Pathname.new(Gem.dir))
     Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", "Gemfile"
+    Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", "Gemfile.lock"
 
     Bundler::Plugin.gemfile_install(&gemfile) if Bundler.settings[:plugins]
     builder = Bundler::Dsl.new
@@ -94,5 +96,11 @@ def gemfile(force_latest_compatible = false, options = {}, &gemfile)
     else
       ENV["BUNDLE_GEMFILE"] = ""
     end
+
+    if old_lockfile
+      ENV["BUNDLE_LOCKFILE"] = old_lockfile
+    else
+      ENV["BUNDLE_LOCKFILE"] = ""
+    end
   end
 end

data/lib/bundler/man/bundle-config.1

@@ -145,6 +145,9 @@ Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init
 \fBjobs\fR (\fBBUNDLE_JOBS\fR)
 The number of gems Bundler can install in parallel\. Defaults to the number of available processors\.
 .TP
+\fBlockfile\fR (\fBBUNDLE_LOCKFILE\fR)
+The path to the lockfile that bundler should use\. By default, Bundler adds \fB\.lock\fR to the end of the \fBgemfile\fR entry\. Can be set to \fBfalse\fR in the Gemfile to disable lockfile creation entirely (see gemfile(5))\.
+.TP
 \fBlockfile_checksums\fR (\fBBUNDLE_LOCKFILE_CHECKSUMS\fR)
 Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources\. Defaults to true\.
 .TP

data/lib/bundler/man/bundle-config.1.ronn

@@ -189,6 +189,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `jobs` (`BUNDLE_JOBS`):
    The number of gems Bundler can install in parallel. Defaults to the number of
    available processors.
+* `lockfile` (`BUNDLE_LOCKFILE`):
+   The path to the lockfile that bundler should use. By default, Bundler adds
+   `.lock` to the end of the `gemfile` entry. Can be set to `false` in the
+   Gemfile to disable lockfile creation entirely (see gemfile(5)).
 * `lockfile_checksums` (`BUNDLE_LOCKFILE_CHECKSUMS`):
    Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources. Defaults to true.
 * `no_install` (`BUNDLE_NO_INSTALL`):

data/lib/bundler/man/bundle-install.1

@@ -4,7 +4,7 @@
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"
-\fBbundle install\fR [\-\-force] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-jobs=NUMBER] [\-\-local] [\-\-no\-cache] [\-\-prefer\-local] [\-\-quiet] [\-\-retry=NUMBER] [\-\-standalone[=GROUP[ GROUP\|\.\|\.\|\.]]] [\-\-trust\-policy=TRUST\-POLICY] [\-\-target\-rbconfig=TARGET\-RBCONFIG]
+\fBbundle install\fR [\-\-force] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-jobs=NUMBER] [\-\-local] [\-\-lockfile=LOCKFILE] [\-\-no\-cache] [\-\-no\-lock] [\-\-prefer\-local] [\-\-quiet] [\-\-retry=NUMBER] [\-\-standalone[=GROUP[ GROUP\|\.\|\.\|\.]]] [\-\-trust\-policy=TRUST\-POLICY] [\-\-target\-rbconfig=TARGET\-RBCONFIG]
 .SH "DESCRIPTION"
 Install the gems specified in your Gemfile(5)\. If this is the first time you run bundle install (and a \fBGemfile\.lock\fR does not exist), Bundler will fetch all remote sources, resolve dependencies and install all needed gems\.
 .P
@@ -28,12 +28,20 @@ The maximum number of parallel download and install jobs\. The default is the nu
 \fB\-\-local\fR
 Do not attempt to connect to \fBrubygems\.org\fR\. Instead, Bundler will use the gems already present in Rubygems' cache or in \fBvendor/cache\fR\. Note that if an appropriate platform\-specific gem exists on \fBrubygems\.org\fR it will not be found\.
 .TP
+\fB\-\-lockfile=LOCKFILE\fR
+The location of the lockfile which Bundler should use\. This defaults to the Gemfile location with \fB\.lock\fR appended\.
+.TP
 \fB\-\-prefer\-local\fR
 Force using locally installed gems, or gems already present in Rubygems' cache or in \fBvendor/cache\fR, when resolving, even if newer versions are available remotely\. Only attempt to connect to \fBrubygems\.org\fR for gems that are not present locally\.
 .TP
 \fB\-\-no\-cache\fR
 Do not update the cache in \fBvendor/cache\fR with the newly bundled gems\. This does not remove any gems in the cache but keeps the newly bundled gems from being cached during the install\.
 .TP
+\fB\-\-no\-lock\fR
+Do not create a lockfile\. Useful if you want to install dependencies but not lock versions of gems\. Recommended for library development, and other situations where the code is expected to work with a range of dependency versions\.
+.IP
+This has the same effect as using \fBlockfile false\fR in the Gemfile\. See gemfile(5) for more information\.
+.TP
 \fB\-\-quiet\fR
 Do not print progress information to the standard output\.
 .TP

data/lib/bundler/man/bundle-install.1.ronn

@@ -8,7 +8,9 @@ bundle-install(1) -- Install the dependencies specified in your Gemfile
                  [--gemfile=GEMFILE]
                  [--jobs=NUMBER]
                  [--local]
+                 [--lockfile=LOCKFILE]
                  [--no-cache]
+                 [--no-lock]
                  [--prefer-local]
                  [--quiet]
                  [--retry=NUMBER]
@@ -60,6 +62,10 @@ update process below under [CONSERVATIVE UPDATING][].
   appropriate platform-specific gem exists on `rubygems.org` it will not be
   found.
 
+* `--lockfile=LOCKFILE`:
+  The location of the lockfile which Bundler should use. This defaults
+  to the Gemfile location with `.lock` appended.
+
 * `--prefer-local`:
   Force using locally installed gems, or gems already present in Rubygems' cache
   or in `vendor/cache`, when resolving, even if newer versions are available
@@ -71,6 +77,15 @@ update process below under [CONSERVATIVE UPDATING][].
   does not remove any gems in the cache but keeps the newly bundled gems from
   being cached during the install.
 
+* `--no-lock`:
+  Do not create a lockfile. Useful if you want to install dependencies but not
+  lock versions of gems. Recommended for library development, and other
+  situations where the code is expected to work with a range of dependency
+  versions.
+
+  This has the same effect as using `lockfile false` in the Gemfile.
+  See gemfile(5) for more information.
+
 * `--quiet`:
   Do not print progress information to the standard output.
 

data/lib/bundler/man/gemfile.5

@@ -469,4 +469,35 @@ For implicit gems (dependencies of explicit gems), any source, git, or path repo
 .IP "3." 4
 If neither of the above conditions are met, the global source will be used\. If multiple global sources are specified, they will be prioritized from last to first, but this is deprecated since Bundler 1\.13, so Bundler prints a warning and will abort with an error in the future\.
 .IP "" 0
+.SH "LOCKFILE"
+By default, Bundler will create a lockfile by adding \fB\.lock\fR to the end of the Gemfile name\. To change this, use the \fBlockfile\fR method:
+.IP "" 4
+.nf
+lockfile "/path/to/lockfile\.lock"
+.fi
+.IP "" 0
+.P
+This is useful when you want to use different lockfiles per ruby version or platform\.
+.P
+To avoid writing a lock file, use \fBfalse\fR as the argument:
+.IP "" 4
+.nf
+lockfile false
+.fi
+.IP "" 0
+.P
+This is useful for library development and other situations where the code is expected to work with a range of dependency versions\.
+.SS "LOCKFILE PRECEDENCE"
+When determining path to the lockfile or whether to create a lockfile, the following precedence is used:
+.IP "1." 4
+The \fBbundle install\fR \fB\-\-no\-lock\fR option (which disables lockfile creation)\.
+.IP "2." 4
+The \fBbundle install\fR \fB\-\-lockfile\fR option\.
+.IP "3." 4
+The \fBBUNDLE_LOCKFILE\fR environment variable\.
+.IP "4." 4
+The \fBlockfile\fR method in the Gemfile\.
+.IP "5." 4
+The default behavior of adding \fB\.lock\fR to the end of the Gemfile name\.
+.IP "" 0
 

data/lib/bundler/man/gemfile.5.ronn

@@ -556,3 +556,31 @@ bundler uses the following priority order:
      If multiple global sources are specified, they will be prioritized from
      last to first, but this is deprecated since Bundler 1.13, so Bundler prints
      a warning and will abort with an error in the future.
+
+## LOCKFILE
+
+By default, Bundler will create a lockfile by adding `.lock` to the end of the
+Gemfile name. To change this, use the `lockfile` method:
+
+    lockfile "/path/to/lockfile.lock"
+
+This is useful when you want to use different lockfiles per ruby version or
+platform.
+
+To avoid writing a lock file, use `false` as the argument:
+
+    lockfile false
+
+This is useful for library development and other situations where the code is
+expected to work with a range of dependency versions.
+
+### LOCKFILE PRECEDENCE
+
+When determining path to the lockfile or whether to create a lockfile, the
+following precedence is used:
+
+1. The `bundle install` `--no-lock` option (which disables lockfile creation).
+1. The `bundle install` `--lockfile` option.
+1. The `BUNDLE_LOCKFILE` environment variable.
+1. The `lockfile` method in the Gemfile.
+1. The default behavior of adding `.lock` to the end of the Gemfile name.

data/lib/bundler/runtime.rb

@@ -240,7 +240,11 @@ module Bundler
 
         cached.each do |path|
           Bundler.ui.info "  * #{File.basename(path)}"
-          File.delete(path)
+
+          begin
+            File.delete(path)
+          rescue Errno::ENOENT
+          end
         end
       end
     end

data/lib/bundler/settings.rb

@@ -65,6 +65,7 @@ module Bundler
       gem.rubocop
       gem.test
       gemfile
+      lockfile
       path
       shebang
       simulate_version

data/lib/bundler/shared_helpers.rb

@@ -23,6 +23,9 @@ module Bundler
     end
 
     def default_lockfile
+      given = ENV["BUNDLE_LOCKFILE"]
+      return Pathname.new(given) if given && !given.empty?
+
       gemfile = default_gemfile
 
       case gemfile.basename.to_s
@@ -297,6 +300,7 @@ module Bundler
     def set_bundle_variables
       Bundler::SharedHelpers.set_env "BUNDLE_BIN_PATH", bundle_bin_path
       Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", find_gemfile.to_s
+      Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", default_lockfile.to_s
       Bundler::SharedHelpers.set_env "BUNDLER_VERSION", Bundler::VERSION
       Bundler::SharedHelpers.set_env "BUNDLER_SETUP", File.expand_path("setup", __dir__)
     end

data/lib/bundler/templates/newgem/Rakefile.tt

@@ -59,6 +59,11 @@ Rake::ExtensionTask.new("<%= config[:underscored_name] %>", GEMSPEC) do |ext|
 end
 <% end -%>
 
+<% if config[:ext] == "go" -%>
+require "go_gem/rake_task"
+
+GoGem::RakeTask.new("<%= config[:underscored_name] %>")
+<% end -%>
 <% end -%>
 <% if default_task_names.size == 1 -%>
 task default: <%= default_task_names.first.inspect %>

data/lib/bundler/ui/shell.rb

@@ -17,6 +17,7 @@ module Bundler
         @level = ENV["DEBUG"] ? "debug" : "info"
         @warning_history = []
         @output_stream = :stdout
+        @thread_safe_logger_key = "logger_level_#{object_id}"
       end
 
       def add_color(string, *color)
@@ -97,11 +98,13 @@ module Bundler
       end
 
       def level(name = nil)
-        return @level unless name
+        current_level = Thread.current.thread_variable_get(@thread_safe_logger_key) || @level
+        return current_level unless name
+
         unless index = LEVELS.index(name)
           raise "#{name.inspect} is not a valid level"
         end
-        index <= LEVELS.index(@level)
+        index <= LEVELS.index(current_level)
       end
 
       def output_stream=(symbol)
@@ -167,12 +170,13 @@ module Bundler
         end * "\n"
       end
 
-      def with_level(level)
-        original = @level
-        @level = level
+      def with_level(desired_level)
+        old_level = level
+        Thread.current.thread_variable_set(@thread_safe_logger_key, desired_level)
+
         yield
       ensure
-        @level = original
+        Thread.current.thread_variable_set(@thread_safe_logger_key, old_level)
       end
 
       def with_output_stream(symbol)

data/lib/bundler/vendor/thor/lib/thor.rb

@@ -625,7 +625,7 @@ class Bundler::Thor
     # alias name.
     def find_command_possibilities(meth)
       len = meth.to_s.length
-      possibilities = all_commands.merge(map).keys.select { |n| meth == n[0, len] }.sort
+      possibilities = all_commands.reject { |_k, c| c.hidden? }.merge(map).keys.select { |n| meth == n[0, len] }.sort
       unique_possibilities = possibilities.map { |k| map[k] || k }.uniq
 
       if possibilities.include?(meth)

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.0.beta1".freeze
+  VERSION = "4.0.0".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 4.0.0.beta1
+  version: 4.0.0
 platform: ruby
 authors:
 - André Arko