bundler 4.0.10 → 4.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 54c40beb5b2e8ef4f0a575b9d408fe571ef2b1089099fc09d4b46a6adc4307ea
-  data.tar.gz: 591339a1a0a4512ae8c386c24b98f09ca48ed571a011141dee4874ead6555a2e
+  metadata.gz: 94fc49b469e2eb2c15c70f7bb43e4503f0de0962380b5b6eea5909bff3a08d1e
+  data.tar.gz: 301b0eb9cb089ba4fda55fcbcd1ad1e65c608c35107906a415546245d58d1368
 SHA512:
-  metadata.gz: 15c2b8ba181ff0f418ce40b488b3d148e661992058ed0f1af8a58c3adb774b00fc39e29211c0abd22f51b85098840514fbf35dbb8c5d0c0773f0e4cf22facb8c
-  data.tar.gz: bf33570321010bd7e2283384c1331ee13bc1f3176de52c16c34a2e56b461c625fc955dfef9ba0d9b157ff0f11591892832eea06621a88facd7e187e85bd8c468
+  metadata.gz: ca630b85c261a32145258e2264627f9beca9c45c72cc21ad195a72774d28808fbe57a9b6242af937ac2ee85d636f0f7f73278c97aeae7cf8a7b1de58f7480f50
+  data.tar.gz: 40329f0aa226b3e314c740e765ae8d22e298666fcf05454bb9b1788639e4ef1b8bea18cb74f2da33245b0faefcd2dac70175169067f375841decc36bd01523d7

data/CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## 4.0.12 / 2026-05-20
+
+### Enhancements:
+
+* Make `bundle config get` return status 1 when the value is not set. Pull request [#9505](https://github.com/ruby/rubygems/pull/9505) by willnet
+* Use Pathname#absolute?. Pull request [#9529](https://github.com/ruby/rubygems/pull/9529) by nobu
+* Deprecate parsing non-lockfile content in LockfileParser. Pull request [#9502](https://github.com/ruby/rubygems/pull/9502) by kurotaky
+* Print a warning for a potential confusion from the indirect dependencies. Pull request [#5029](https://github.com/ruby/rubygems/pull/5029) by junaruga
+* Respect Gemfile bundler setting in `Bundler.setup`. Pull request [#4892](https://github.com/ruby/rubygems/pull/4892) by godfat
+
+### Bug fixes:
+
+* Gracefully handle missing checksums in Compact Index. Pull request [#9492](https://github.com/ruby/rubygems/pull/9492) by jneen
+* Skip git source exclusion when lockfile cannot backfill. Pull request [#9544](https://github.com/ruby/rubygems/pull/9544) by yahonda
+* Fix bundle config gemfile unset behavior. Pull request [#9514](https://github.com/ruby/rubygems/pull/9514) by afurm
+
+## 4.0.11 / 2026-04-30
+
+### Enhancements:
+
+* Update gem creation guide URL to rubygems.org. Pull request [#9500](https://github.com/ruby/rubygems/pull/9500) by nissyi-gh
+* Lock the checksum of Bundler itself in the lockfile. Pull request [#9366](https://github.com/ruby/rubygems/pull/9366) by Edouard-chin
+
+### Bug fixes:
+
+* Fix installing gems with native extensions + transitive dependencies. Pull request [#9477](https://github.com/ruby/rubygems/pull/9477) by nicholasdower
+* Fix the bundler version not being updated in dev/test lockfile. Pull request [#9463](https://github.com/ruby/rubygems/pull/9463) by Edouard-chin
+* Ensure the release CI doesn't break due to the Bundler checksum feature. Pull request [#9436](https://github.com/ruby/rubygems/pull/9436) by Edouard-chin
+
+### Documentation:
+
+* Fix formatting for BUNDLE_PREFER_PATCH variable in man page. Pull request [#9474](https://github.com/ruby/rubygems/pull/9474) by toy
+
 ## 4.0.10 / 2026-04-08
 
 ### Enhancements:

data/lib/bundler/build_metadata.rb

@@ -5,7 +5,7 @@ module Bundler
   module BuildMetadata
     # begin ivars
     @built_at = nil
-    @git_commit_sha = "1c1d885018".freeze
+    @git_commit_sha = "665f998196".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/lib/bundler/cli/config.rb

@@ -87,16 +87,21 @@ module Bundler
 
         if value.nil?
           warn_unused_scope "Ignoring --#{scope} since no value to set was given"
+          current_value = Bundler.settings[name]
 
           if options[:parseable]
             if value = Bundler.settings[name]
               Bundler.ui.info("#{name}=#{value}")
             end
-            return
+          else
+            confirm(name)
           end
 
-          confirm(name)
-          return
+          if current_value.nil?
+            exit 1
+          else
+            return
+          end
         end
 
         Bundler.ui.info(message) if message

data/lib/bundler/cli/gem.rb

@@ -288,7 +288,7 @@ module Bundler
       open_editor(options["edit"], target.join("#{name}.gemspec")) if options[:edit]
 
       Bundler.ui.info "\nGem '#{name}' was successfully created. " \
-        "For more information on making a RubyGem visit https://bundler.io/guides/creating_gem.html"
+        "For more information on making a RubyGem visit https://guides.rubygems.org/make-your-own-gem/"
     end
 
     private

data/lib/bundler/cli.rb

@@ -61,18 +61,18 @@ module Bundler
 
       current_cmd = args.last[:current_command].name
 
-      custom_gemfile = options[:gemfile] || Bundler.settings[:gemfile]
-      if custom_gemfile && !custom_gemfile.empty?
-        Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
-        reset_settings = true
-      end
-
-      # lock --lockfile works differently than install --lockfile
-      unless current_cmd == "lock"
-        custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
-        if custom_lockfile && !custom_lockfile.empty?
-          Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
-          reset_settings = true
+      # `bundle config` manages stored settings, so avoid promoting settings
+      # like `gemfile` or `lockfile` to environment variables before it runs.
+      unless current_cmd == "config"
+        Bundler.configure_custom_gemfile(options[:gemfile])
+
+        # lock --lockfile works differently than install --lockfile
+        unless current_cmd == "lock"
+          custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
+          if custom_lockfile && !custom_lockfile.empty?
+            Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
+            reset_settings = true
+          end
         end
       end
 

data/lib/bundler/compact_index_client/parser.rb

@@ -71,7 +71,10 @@ module Bundler
       # This method gets called at least once for every gem when parsing versions.
       def parse_version_checksum(line, checksums)
         return unless (name_end = line.index(" ")) # Artifactory bug causes blank lines in artifactor index files
-        return unless (checksum_start = line.index(" ", name_end + 1) + 1)
+        checksum_start = line.index(" ", name_end + 1)
+        return unless checksum_start
+        checksum_start += 1
+
         checksum_end = line.size - checksum_start
 
         line.freeze # allows slicing into the string to not allocate a copy of the line

data/lib/bundler/definition.rb

@@ -783,7 +783,25 @@ module Bundler
     end
 
     def precompute_source_requirements_for_indirect_dependencies?
-      sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
+      if sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
+        true
+      else
+        non_dependency_api_warning
+        false
+      end
+    end
+
+    def non_dependency_api_warning
+      non_api_sources = sources.non_global_rubygems_sources.reject(&:dependency_api_available?)
+      non_api_source_names = non_api_sources.map {|d| "  * #{d}" }.join("\n")
+
+      msg = String.new
+      msg << "Your Gemfile contains scoped sources that don't implement a dependency API, namely:\n\n"
+      msg << non_api_source_names
+      msg << "\n\nUsing the above gem servers may result in installing unexpected gems. " \
+        "To resolve this warning, make sure you use gem servers that implement dependency APIs, " \
+        "such as gemstash or geminabox gem servers."
+      Bundler.ui.warn msg
     end
 
     def current_platform_locked?
@@ -988,6 +1006,8 @@ module Bundler
         end
       end
 
+      sources.metadata_source.checksum_store.merge!(@locked_gems.metadata_source.checksum_store) if @locked_gems
+
       changes
     end
 
@@ -1157,16 +1177,20 @@ module Bundler
     def find_source_requirements
       preload_git_sources
 
+      # Only safe to exclude when locked_requirements (merged below) backfills the gap.
+      nothing_changed = nothing_changed?
+      excluded = nothing_changed ? excluded_git_sources : []
+
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
       source_requirements = if precompute_source_requirements_for_indirect_dependencies?
-        all_requirements = source_map.all_requirements(excluded_git_sources)
+        all_requirements = source_map.all_requirements(excluded)
         { default: default_source }.merge(all_requirements)
       else
-        { default: Source::RubygemsAggregate.new(sources, source_map, excluded_git_sources) }.merge(source_map.direct_requirements)
+        { default: Source::RubygemsAggregate.new(sources, source_map, excluded) }.merge(source_map.direct_requirements)
       end
-      source_requirements.merge!(source_map.locked_requirements) if nothing_changed?
+      source_requirements.merge!(source_map.locked_requirements) if nothing_changed
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end

data/lib/bundler/installer/parallel_installer.rb

@@ -6,7 +6,7 @@ require_relative "gem_installer"
 module Bundler
   class ParallelInstaller
     class SpecInstallation
-      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error
+      attr_accessor :spec, :name, :full_name, :post_install_message, :state, :error, :dependencies
       def initialize(spec)
         @spec = spec
         @name = spec.name
@@ -46,25 +46,11 @@ module Bundler
         !post_install_message.empty?
       end
 
-      def ignorable_dependency?(dep)
-        dep.type == :development || dep.name == @name
-      end
-
-      # Checks installed dependencies against spec's dependencies to make
-      # sure needed dependencies have been installed.
+      # Recursively checks that all dependencies (direct and transitive) have been installed.
       def dependencies_installed?(installed_specs)
-        dependencies.all? {|d| installed_specs.include? d.name }
-      end
-
-      # Represents only the non-development dependencies, the ones that are
-      # itself and are in the total list.
-      def dependencies
-        @dependencies ||= all_dependencies.reject {|dep| ignorable_dependency? dep }
-      end
-
-      # Represents all dependencies
-      def all_dependencies
-        @spec.dependencies
+        dependencies.all? do |dep|
+          installed_specs.include?(dep.name) && dep.dependencies_installed?(installed_specs)
+        end
       end
 
       def to_s
@@ -85,6 +71,12 @@ module Bundler
       @force = force
       @local = local
       @specs = all_specs.map {|s| SpecInstallation.new(s) }
+      specs_by_name = @specs.to_h {|s| [s.name, s] }
+      @specs.each do |spec_install|
+        spec_install.dependencies = spec_install.spec.dependencies.filter_map do |dep|
+          specs_by_name[dep.name] unless dep.type == :development || dep.name == spec_install.name
+        end
+      end
       @specs.each do |spec_install|
         spec_install.state = :installed if skip.include?(spec_install.name)
       end if skip

data/lib/bundler/lockfile_generator.rb

@@ -71,7 +71,8 @@ module Bundler
       checksums = definition.resolve.map do |spec|
         spec.source.checksum_store.to_lock(spec)
       end
-      add_section("CHECKSUMS", checksums)
+
+      add_section("CHECKSUMS", checksums + bundler_checksum)
     end
 
     def add_locked_ruby_version
@@ -100,5 +101,19 @@ module Bundler
         raise ArgumentError, "#{value.inspect} can't be serialized in a lockfile"
       end
     end
+
+    def bundler_checksum
+      return [] if Bundler.gem_version.to_s.end_with?(".dev") || ENV["SKIP_BUNDLER_CHECKSUM"]
+
+      bundler_spec = definition.sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
+      return [] unless File.exist?(bundler_spec.cache_file)
+
+      require "rubygems/package"
+
+      package = Gem::Package.new(bundler_spec.cache_file)
+      definition.sources.metadata_source.checksum_store.register(bundler_spec, Checksum.from_gem_package(package))
+
+      [definition.sources.metadata_source.checksum_store.to_lock(bundler_spec)]
+    end
   end
 end

data/lib/bundler/lockfile_parser.rb

@@ -28,6 +28,7 @@ module Bundler
 
     attr_reader(
       :sources,
+      :metadata_source,
       :dependencies,
       :specs,
       :platforms,
@@ -97,6 +98,7 @@ module Bundler
     def initialize(lockfile, strict: false)
       @platforms    = []
       @sources      = []
+      @metadata_source = Source::Metadata.new
       @dependencies = {}
       @parse_method = nil
       @specs        = {}
@@ -113,6 +115,17 @@ module Bundler
           "Run `git checkout HEAD -- #{@lockfile_path}` first to get a clean lock."
       end
 
+      @valid = lockfile.strip.empty? ||
+               lockfile.split(/(?:\r?\n)+/).any? {|l| KNOWN_SECTIONS.include?(l) }
+
+      unless @valid
+        SharedHelpers.feature_deprecated!(
+          "Your #{@lockfile_path} does not appear to be a valid lockfile. " \
+          "Run `rm #{@lockfile_path}` and then `bundle install` to generate a new lockfile. " \
+          "This will raise a LockfileError in a future version of Bundler."
+        )
+      end
+
       lockfile.split(/((?:\r?\n)+)/) do |line|
         # split alternates between the line and the following whitespace
         next @pos.advance!(line) if line.match?(/^\s*$/)
@@ -162,6 +175,10 @@ module Bundler
       bundler_version.nil? || bundler_version < Gem::Version.new("1.16.2")
     end
 
+    def valid?
+      @valid
+    end
+
     private
 
     TYPES = {
@@ -252,7 +269,12 @@ module Bundler
       version = Gem::Version.new(version)
       platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
       full_name = Gem::NameTuple.new(name, version, platform).full_name
-      return unless spec = @specs[full_name]
+      spec = @specs[full_name]
+
+      if name == "bundler"
+        spec ||= LazySpecification.new(name, version, platform, @metadata_source)
+      end
+      return unless spec
 
       if checksums
         checksums.split(",") do |lock_checksum|

data/lib/bundler/man/bundle-add.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ADD" "1" "March 2026" ""
+.TH "BUNDLE\-ADD" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-add\fR \- Add gem to the Gemfile and run bundle install
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-binstubs.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-BINSTUBS" "1" "March 2026" ""
+.TH "BUNDLE\-BINSTUBS" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-binstubs\fR \- Install the binstubs of the listed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-cache.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CACHE" "1" "March 2026" ""
+.TH "BUNDLE\-CACHE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-cache\fR \- Package your needed \fB\.gem\fR files into your application
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-check.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CHECK" "1" "March 2026" ""
+.TH "BUNDLE\-CHECK" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-check\fR \- Verifies if dependencies are satisfied by installed gems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-clean.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CLEAN" "1" "March 2026" ""
+.TH "BUNDLE\-CLEAN" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-clean\fR \- Cleans up unused gems in your bundler directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-config.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CONFIG" "1" "March 2026" ""
+.TH "BUNDLE\-CONFIG" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-config\fR \- Set bundler configuration options
 .SH "SYNOPSIS"
@@ -172,7 +172,7 @@ Whether Bundler will install gems into the default system path (\fBGem\.dir\fR)\
 \fBplugins\fR (\fBBUNDLE_PLUGINS\fR)
 Enable Bundler's experimental plugin system\.
 .TP
-\fBprefer_patch\fR (BUNDLE_PREFER_PATCH)
+\fBprefer_patch\fR (\fBBUNDLE_PREFER_PATCH\fR)
 Prefer updating only to next patch version during updates\. Makes \fBbundle update\fR calls equivalent to \fBbundler update \-\-patch\fR\.
 .TP
 \fBredirect\fR (\fBBUNDLE_REDIRECT\fR)

data/lib/bundler/man/bundle-config.1.ronn

@@ -223,7 +223,7 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
    Whether Bundler will install gems into the default system path (`Gem.dir`).
 * `plugins` (`BUNDLE_PLUGINS`):
    Enable Bundler's experimental plugin system.
-* `prefer_patch` (BUNDLE_PREFER_PATCH):
+* `prefer_patch` (`BUNDLE_PREFER_PATCH`):
    Prefer updating only to next patch version during updates. Makes `bundle update` calls equivalent to `bundler update --patch`.
 * `redirect` (`BUNDLE_REDIRECT`):
    The number of redirects allowed for network requests. Defaults to `5`.

data/lib/bundler/man/bundle-console.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-CONSOLE" "1" "March 2026" ""
+.TH "BUNDLE\-CONSOLE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-console\fR \- Open an IRB session with the bundle pre\-loaded
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-doctor.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-DOCTOR" "1" "March 2026" ""
+.TH "BUNDLE\-DOCTOR" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-doctor\fR \- Checks the bundle for common problems
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-env.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ENV" "1" "March 2026" ""
+.TH "BUNDLE\-ENV" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-env\fR \- Print information about the environment Bundler is running under
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-exec.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-EXEC" "1" "March 2026" ""
+.TH "BUNDLE\-EXEC" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-exec\fR \- Execute a command in the context of the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-fund.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-FUND" "1" "March 2026" ""
+.TH "BUNDLE\-FUND" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-fund\fR \- Lists information about gems seeking funding assistance
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-gem.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-GEM" "1" "March 2026" ""
+.TH "BUNDLE\-GEM" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-gem\fR \- Generate a project skeleton for creating a rubygem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-help.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-HELP" "1" "March 2026" ""
+.TH "BUNDLE\-HELP" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-help\fR \- Displays detailed help for each subcommand
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-info.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INFO" "1" "March 2026" ""
+.TH "BUNDLE\-INFO" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-info\fR \- Show information for the given gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-init.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INIT" "1" "March 2026" ""
+.TH "BUNDLE\-INIT" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-init\fR \- Generates a Gemfile into the current working directory
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-install.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-INSTALL" "1" "March 2026" ""
+.TH "BUNDLE\-INSTALL" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-issue.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-ISSUE" "1" "March 2026" ""
+.TH "BUNDLE\-ISSUE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-issue\fR \- Get help reporting Bundler issues
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-licenses.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LICENSES" "1" "March 2026" ""
+.TH "BUNDLE\-LICENSES" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-licenses\fR \- Print the license of all gems in the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-list.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LIST" "1" "March 2026" ""
+.TH "BUNDLE\-LIST" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-list\fR \- List all the gems in the bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-lock.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-LOCK" "1" "March 2026" ""
+.TH "BUNDLE\-LOCK" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-open.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-OPEN" "1" "March 2026" ""
+.TH "BUNDLE\-OPEN" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-open\fR \- Opens the source directory for a gem in your bundle
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-outdated.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-OUTDATED" "1" "March 2026" ""
+.TH "BUNDLE\-OUTDATED" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-outdated\fR \- List installed gems with newer versions available
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-platform.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PLATFORM" "1" "March 2026" ""
+.TH "BUNDLE\-PLATFORM" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-platform\fR \- Displays platform compatibility information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-plugin.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PLUGIN" "1" "March 2026" ""
+.TH "BUNDLE\-PLUGIN" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-plugin\fR \- Manage Bundler plugins
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-pristine.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-PRISTINE" "1" "March 2026" ""
+.TH "BUNDLE\-PRISTINE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-pristine\fR \- Restores installed gems to their pristine condition
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-remove.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-REMOVE" "1" "March 2026" ""
+.TH "BUNDLE\-REMOVE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-remove\fR \- Removes gems from the Gemfile
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-show.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-SHOW" "1" "March 2026" ""
+.TH "BUNDLE\-SHOW" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-show\fR \- Shows all the gems in your bundle, or the path to a gem
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-update.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-UPDATE" "1" "March 2026" ""
+.TH "BUNDLE\-UPDATE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-update\fR \- Update your gems to the latest available versions
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle-version.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE\-VERSION" "1" "March 2026" ""
+.TH "BUNDLE\-VERSION" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\-version\fR \- Prints Bundler version information
 .SH "SYNOPSIS"

data/lib/bundler/man/bundle.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "BUNDLE" "1" "March 2026" ""
+.TH "BUNDLE" "1" "April 2026" ""
 .SH "NAME"
 \fBbundle\fR \- Ruby Dependency Management
 .SH "SYNOPSIS"

data/lib/bundler/man/gemfile.5

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.10.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.10.1
-.TH "GEMFILE" "5" "March 2026" ""
+.TH "GEMFILE" "5" "April 2026" ""
 .SH "NAME"
 \fBGemfile\fR \- A format for describing gem dependencies for Ruby programs
 .SH "SYNOPSIS"

data/lib/bundler/source/metadata.rb

@@ -58,6 +58,10 @@ module Bundler
       def version_message(spec)
         "#{spec.name} #{spec.version}"
       end
+
+      def checksum_store
+        @checksum_store ||= Checksum::Store.new
+      end
     end
   end
 end

data/lib/bundler/source/path.rb

@@ -220,10 +220,11 @@ module Bundler
         # Some gem authors put absolute paths in their gemspec
         # and we have to save them from themselves
         spec.files = spec.files.filter_map do |path|
-          next path unless /\A#{Pathname::SEPARATOR_PAT}/o.match?(path)
+          pathname = Pathname.new(path)
+          next path unless pathname.absolute?
           next if File.directory?(path)
           begin
-            Pathname.new(path).relative_path_from(gem_dir).to_s
+            pathname.relative_path_from(gem_dir).to_s
           rescue ArgumentError
             path
           end

data/lib/bundler/source/rubygems.rb

@@ -508,7 +508,7 @@ module Bundler
 
       # We are using a mutex to reaed and write from/to the hash.
       # The reason this double synchronization was added is for performance
-      # and lock the mutex for the shortest possible amount of time. Otherwise,
+      # and to lock the mutex for the shortest possible amount of time. Otherwise,
       # all threads are fighting over this mutex and when it gets acquired it gets locked
       # until a threads finishes downloading a gem, leaving the other threads waiting
       # doing nothing.

data/lib/bundler/templates/newgem/newgem.gemspec.tt

@@ -22,6 +22,12 @@ Gem::Specification.new do |spec|
   spec.metadata["changelog_uri"] = "<%= config[:changelog_uri] %>"
 <%- end -%>
 
+  # Uncomment the line below to require MFA for gem pushes.
+  # This helps protect your gem from supply chain attacks by ensuring
+  # no one can publish a new version without multi-factor authentication.
+  # See: https://guides.rubygems.org/mfa-requirement-opt-in/
+  # spec.metadata["rubygems_mfa_required"] = "true"
+
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   gemspec = File.basename(__FILE__)
@@ -48,5 +54,5 @@ Gem::Specification.new do |spec|
 <%- end -%>
 
   # For more information and examples about making a new gem, check out our
-  # guide at: https://bundler.io/guides/creating_gem.html
+  # guide at: https://guides.rubygems.org/make-your-own-gem/
 end

data/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "4.0.10".freeze
+  VERSION = "4.0.12".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= gem_version.segments.first

data/lib/bundler.rb

@@ -156,6 +156,7 @@ module Bundler
       # Return if all groups are already loaded
       return @setup if defined?(@setup) && @setup
 
+      configure_custom_gemfile
       definition.validate_runtime!
 
       SharedHelpers.print_major_deprecations!
@@ -586,6 +587,15 @@ module Bundler
       Bundler.rubygems.clear_paths
     end
 
+    def configure_custom_gemfile(custom_gemfile = nil)
+      custom_gemfile ||= Bundler.settings[:gemfile]
+
+      if custom_gemfile && !custom_gemfile.empty?
+        Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
+        reset_settings_and_root!
+      end
+    end
+
     def self_manager
       @self_manager ||= begin
                           require_relative "bundler/self_manager"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 4.0.10
+  version: 4.0.12
 platform: ruby
 authors:
 - André Arko
@@ -402,7 +402,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.4.1
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.10
 specification_version: 4
 summary: The best way to manage your application's dependencies
 test_files: []