rubygems-update 4.0.0.beta1 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd1ea2419f2ef3948df14231dfd3235c479fecfba6bdcf1daacb7dca268dd444
-  data.tar.gz: 4039fbf0f8cf521d76e0bb3f68e6da28e311805fbad1e4673aac117a994eedf1
+  metadata.gz: e3a33e757835b567451e625eb60fd87dc9d40b5710c96f6a548cf493bb930f03
+  data.tar.gz: 95b7748028d7563f74e22aac82e4eab9766ba4aca0b29596af58264ac42721e6
 SHA512:
-  metadata.gz: 7df7f0a7e27074db3a5d1f8ca9944d0e61f0137f3ea87f4913b72ae0c3a52f1c2f236eaa888d2cb749c3c0dac337360b091c1e264b69836a7d331a4776d77546
-  data.tar.gz: e76d09561ab310ac1458bc1f28d0b4d59adcc52fbe138e06ba1d4fb9e40b09b6b9d74d40aa336151a4a2eecb1e5a0e195a0a35d3c630c6e869039b0a157c443f
+  metadata.gz: 86a9a29465975044bfc0ad313700a2037a3ef33182f905134df80ab09b43bb753ccd5512bc0cdcc4c8838648ed7e01cfa47d9348d3d482d43c6a045584119be4
+  data.tar.gz: aaa0136052ccb1ca34cbedc2d45707f34b82820d1b72859c9de97f959b861bddae87e77801a47a50c79f5b5fb3fe2ce56d8fc46c47506646e554629c3bb41cf4

data/CHANGELOG.md

@@ -1,37 +1,6 @@
 # Changelog
 
-## 4.0.0.beta1 / 2025-11-20
-
-### Security:
-
-* Bump up vendored URI to 1.0.4. Pull request
-  [#9031](https://github.com/ruby/rubygems/pull/9031) by hsbt
-
-### Breaking changes:
-
-* Removed deprecated `-C` option from gem build. Pull request
-  [#9088](https://github.com/ruby/rubygems/pull/9088) by hsbt
-* Removed deprecated Gem::Specification#has_rdoc, has_rdoc= and has_rdoc?.
-  Pull request [#9084](https://github.com/ruby/rubygems/pull/9084) by hsbt
-* Removed deprecated `gem query` command. Pull request
-  [#9083](https://github.com/ruby/rubygems/pull/9083) by hsbt
-* Removed deprecated Gem::DependencyInstaller#find_gems_with_sources. Pull
-  request [#9082](https://github.com/ruby/rubygems/pull/9082) by hsbt
-* Remove deprecated methods of RubyGems. Pull request
-  [#9081](https://github.com/ruby/rubygems/pull/9081) by hsbt
-* Make verification methods private. Pull request
-  [#9051](https://github.com/ruby/rubygems/pull/9051) by tenderlove
-* Deprecate `--default` option from install command. Pull request
-  [#7588](https://github.com/ruby/rubygems/pull/7588) by hsbt
-* Switch to 4.0.0.dev in development version. Pull request
-  [#9002](https://github.com/ruby/rubygems/pull/9002) by hsbt
-* Removed `compatibility.rb` for RG 4.0. Pull request
-  [#8899](https://github.com/ruby/rubygems/pull/8899) by hsbt
-
-### Deprecations:
-
-* Deprecate `Gem::Specification#datadir`. Pull request
-  [#8900](https://github.com/ruby/rubygems/pull/8900) by hsbt
+## 4.0.0 / 2025-12-03
 
 ### Features:
 
@@ -44,6 +13,8 @@
 
 ### Performance:
 
+* Add `MAKEFLAGS=-j` by default before compiling. Pull request
+  [#9131](https://github.com/ruby/rubygems/pull/9131) by Edouard-chin
 * Remove some memoization. Pull request
   [#9017](https://github.com/ruby/rubygems/pull/9017) by tenderlove
 * Pull `Gem.win_platform?` out of a hot path. Pull request
@@ -63,13 +34,9 @@
   [#9089](https://github.com/ruby/rubygems/pull/9089) by hsbt
 * Removed unused `Gem::Deprecate`. Pull request
   [#9090](https://github.com/ruby/rubygems/pull/9090) by hsbt
-* Test all tests of `make test-all` by ruby core. Pull request
-  [#9075](https://github.com/ruby/rubygems/pull/9075) by hsbt
 * Add debug logging information to see the time it took to download and
   install a gem. Pull request
   [#9066](https://github.com/ruby/rubygems/pull/9066) by Edouard-chin
-* Use `assert_ractor` for testing Ractor. Pull request
-  [#9069](https://github.com/ruby/rubygems/pull/9069) by hsbt
 * Fix constants in TAR to be frozen. Pull request
   [#9041](https://github.com/ruby/rubygems/pull/9041) by tenderlove
 * Remove open-ended and prerelease dependency warnings when building gems.
@@ -79,16 +46,81 @@
   [#8753](https://github.com/ruby/rubygems/pull/8753) by cfis
 * Restrict what schemes are acceptable in the remote fetcher. Pull request
   [#9022](https://github.com/ruby/rubygems/pull/9022) by tenderlove
+* `gem sources --prepend` and `--append` allow finer grained control of
+  sources. Pull request [#8901](https://github.com/ruby/rubygems/pull/8901)
+  by martinemde
+* Improve `gem sources --remove` output. Pull request
+  [#8909](https://github.com/ruby/rubygems/pull/8909) by deivid-rodriguez
+* Make `gem sources` output more clear. Pull request
+  [#8938](https://github.com/ruby/rubygems/pull/8938) by deivid-rodriguez
 * Don't fail if there is no makefile, simply don't do anything. Pull
   request [#8879](https://github.com/ruby/rubygems/pull/8879) by ioquatix
-* Installs bundler 4.0.0.beta1 as a default gem.
+* Use IMDSv2 for S3 instance credentials. Pull request
+  [#7709](https://github.com/ruby/rubygems/pull/7709) by folbricht-stripe
+* Fix regression in presence of RVM gems. Pull request
+  [#8854](https://github.com/ruby/rubygems/pull/8854) by deivid-rodriguez
+* Restore parsing "--" as an unknown platform rather than crashing. Pull
+  request [#8846](https://github.com/ruby/rubygems/pull/8846) by
+  deivid-rodriguez
+* Installs bundler 4.0.0 as a default gem.
+
+### Bug fixes:
+
+* Fix test failure of mswin and nmake. Pull request
+  [#9135](https://github.com/ruby/rubygems/pull/9135) by hsbt
+* Respect `BUNDLE_VERSION` config at Gem::BundlerVersionFinder. Pull
+  request [#9106](https://github.com/ruby/rubygems/pull/9106) by hsbt
+* Fix "did you mean" suggestions for unknown commands. Pull request
+  [#8948](https://github.com/ruby/rubygems/pull/8948) by deivid-rodriguez
+* Fix trailing slashes not considered by `gem sources --remove`. Pull
+  request [#8939](https://github.com/ruby/rubygems/pull/8939) by
+  deivid-rodriguez
+
+### Security:
+
+* Bump up vendored URI to 1.0.4. Pull request
+  [#9031](https://github.com/ruby/rubygems/pull/9031) by hsbt
+
+### Breaking changes:
+
+* Removed deprecated `-C` option from gem build. Pull request
+  [#9088](https://github.com/ruby/rubygems/pull/9088) by hsbt
+* Removed deprecated Gem::Specification#has_rdoc, has_rdoc= and has_rdoc?.
+  Pull request [#9084](https://github.com/ruby/rubygems/pull/9084) by hsbt
+* Removed deprecated `gem query` command. Pull request
+  [#9083](https://github.com/ruby/rubygems/pull/9083) by hsbt
+* Removed deprecated Gem::DependencyInstaller#find_gems_with_sources. Pull
+  request [#9082](https://github.com/ruby/rubygems/pull/9082) by hsbt
+* Remove deprecated methods of RubyGems. Pull request
+  [#9081](https://github.com/ruby/rubygems/pull/9081) by hsbt
+* Make verification methods private. Pull request
+  [#9051](https://github.com/ruby/rubygems/pull/9051) by tenderlove
+* Deprecate `--default` option from install command. Pull request
+  [#7588](https://github.com/ruby/rubygems/pull/7588) by hsbt
+* Removed `compatibility.rb` for RG 4.0. Pull request
+  [#8899](https://github.com/ruby/rubygems/pull/8899) by hsbt
+
+### Deprecations:
+
+* Deprecate `Gem::Specification#datadir`. Pull request
+  [#8900](https://github.com/ruby/rubygems/pull/8900) by hsbt
 
 ### Documentation:
 
+* Unified UPGRADING.md and extract blog.rubygems.org. Pull request
+  [#9148](https://github.com/ruby/rubygems/pull/9148) by hsbt
+* Remove italic formatting from changelog section headers. Pull request
+  [#9128](https://github.com/ruby/rubygems/pull/9128) by hsbt
 * [DOC] Fix the location of Gem::Deprecate document. Pull request
   [#9065](https://github.com/ruby/rubygems/pull/9065) by nobu
 * Fix typo. Pull request
   [#9012](https://github.com/ruby/rubygems/pull/9012) by etiennebarrie
+* Added document for Gem::Uninstaller. Pull request
+  [#8904](https://github.com/ruby/rubygems/pull/8904) by hsbt
+* Use mailto link in Code of Conduct. Pull request
+  [#8849](https://github.com/ruby/rubygems/pull/8849) by deivid-rodriguez
+* Update Code of Conduct email to conduct@rubygems.org. Pull request
+  [#8848](https://github.com/ruby/rubygems/pull/8848) by indirect
 
 ## 3.7.2 / 2025-09-09
 

data/Manifest.txt

@@ -352,10 +352,9 @@ bundler/lib/bundler/vlad.rb
 bundler/lib/bundler/worker.rb
 bundler/lib/bundler/yaml_serializer.rb
 doc/MAINTAINERS.txt
-doc/bundler/UPGRADING.md
+doc/UPGRADING.md
 doc/rubygems/CONTRIBUTING.md
 doc/rubygems/POLICIES.md
-doc/rubygems/UPGRADING.md
 exe/gem
 exe/update_rubygems
 hide_lib_for_update/note.txt

data/README.md

@@ -65,7 +65,7 @@ To upgrade to the latest RubyGems, run:
 
     $ gem update --system
 
-See [UPGRADING](doc/rubygems/UPGRADING.md) for more details and alternative instructions.
+See [UPGRADING](doc/UPGRADING.md) for more details and alternative instructions.
 
 ## Release policy
 

data/bundler/CHANGELOG.md

@@ -1,6 +1,62 @@
 # Changelog
 
-## 4.0.0.beta1 (2025-11-20)
+## 4.0.0 (2025-12-03)
+
+### Features:
+
+  - Support bundle install --lockfile option [#9111](https://github.com/ruby/rubygems/pull/9111)
+  - Add support for lockfile in Gemfile and bundle install --no-lock [#9059](https://github.com/ruby/rubygems/pull/9059)
+  - Add `--ext=go` to `bundle gem` [#8183](https://github.com/ruby/rubygems/pull/8183)
+  - Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS [#9058](https://github.com/ruby/rubygems/pull/9058)
+  - Introduce `bundle list --format=json` [#8728](https://github.com/ruby/rubygems/pull/8728)
+
+### Performance:
+
+  - Run git operations in parallel to speed things up: [#9100](https://github.com/ruby/rubygems/pull/9100)
+  - Replace instance method look up in plugin installer [#9094](https://github.com/ruby/rubygems/pull/9094)
+  - Adjust the API_REQUEST_LIMIT to make less network roundtrip [#9071](https://github.com/ruby/rubygems/pull/9071)
+
+### Enhancements:
+
+  - Make BUNDLE_LOCKFILE environment variable have precedence over lockfile method in Gemfile [#9146](https://github.com/ruby/rubygems/pull/9146)
+  - Improve banner message for the default command [#9145](https://github.com/ruby/rubygems/pull/9145)
+  - Introduce `install_or_cli_help` and use it default `bundle` command [#9136](https://github.com/ruby/rubygems/pull/9136)
+  - Add go_gem/rake_task for Go native extension gem skeleton [#9105](https://github.com/ruby/rubygems/pull/9105)
+  - Warn users that `bundle` now display the help: [#9092](https://github.com/ruby/rubygems/pull/9092)
+  - Use DidYouMean::SpellChecker for gem suggestions in Bundler [#3857](https://github.com/ruby/rubygems/pull/3857)
+  - Update all vendored libraries to latest version [#9089](https://github.com/ruby/rubygems/pull/9089)
+  - We don't need to allow some warning now [#9074](https://github.com/ruby/rubygems/pull/9074)
+  - Support to embedded Pathname [#9056](https://github.com/ruby/rubygems/pull/9056)
+  - Enforce activation of irb when running with bundle console [#9033](https://github.com/ruby/rubygems/pull/9033)
+  - Update Magnus version in Rust extension gem template [#9025](https://github.com/ruby/rubygems/pull/9025)
+  - Add checksum of gems hosted on private servers: [#9004](https://github.com/ruby/rubygems/pull/9004)
+  - Loading support on Windows [#8254](https://github.com/ruby/rubygems/pull/8254)
+  - Improve error message when the same source is specified through `gemspec` and `path` [#8460](https://github.com/ruby/rubygems/pull/8460)
+  - Raise an error in frozen mode if some registry gems have empty checksums [#8888](https://github.com/ruby/rubygems/pull/8888)
+  - Bump vendored thor to 1.4.0 [#8883](https://github.com/ruby/rubygems/pull/8883)
+  - Delay default path and global cache changes to Bundler 5 [#8867](https://github.com/ruby/rubygems/pull/8867)
+  - Fix spacing in bundle gem newgem.gemspec.tt [#8865](https://github.com/ruby/rubygems/pull/8865)
+  - Add some missing deprecation messages [#8844](https://github.com/ruby/rubygems/pull/8844)
+
+### Bug fixes:
+
+  - Fixed checksums generation issue when no source is specified [#9133](https://github.com/ruby/rubygems/pull/9133)
+  - Check for file existence before deletion from cache [#9095](https://github.com/ruby/rubygems/pull/9095)
+  - Use method_defined?(:method, false) [#9098](https://github.com/ruby/rubygems/pull/9098)
+  - Handle BUNDLER_VERSION being set to an empty string [#6928](https://github.com/ruby/rubygems/pull/6928)
+  - Fix `bundle install` when the Gemfile contains "install_if" git gems: [#8992](https://github.com/ruby/rubygems/pull/8992)
+  - Fix installation issue related to path sources and precompiled gems [#8973](https://github.com/ruby/rubygems/pull/8973)
+  - Fix outdated lockfile during `bundle lock` when source changes [#8962](https://github.com/ruby/rubygems/pull/8962)
+  - Raise error on missing version file [#8963](https://github.com/ruby/rubygems/pull/8963)
+  - Fix `bundle cache --frozen` and `bundle cache --no-prune` not printing a deprecation message [#8926](https://github.com/ruby/rubygems/pull/8926)
+  - Fix local installation incorrectly forced if there's a `vendor/cache` directory and frozen mode is set [#8925](https://github.com/ruby/rubygems/pull/8925)
+  - Fix `bundle lock --update <gem>` with `--lockfile` flag updating all gems [#8922](https://github.com/ruby/rubygems/pull/8922)
+  - Fix `bundle show --verbose` and recommend it as an alternative to `bundle show --outdated` [#8915](https://github.com/ruby/rubygems/pull/8915)
+  - Fix `bundle cache --no-all` not printing a deprecation warning [#8912](https://github.com/ruby/rubygems/pull/8912)
+  - Fix `bundle update foo` unable to update foo in an edge case [#8897](https://github.com/ruby/rubygems/pull/8897)
+  - Fix Bundler printing more flags than actually passed in verbose mode [#8914](https://github.com/ruby/rubygems/pull/8914)
+  - Fix bundler failing to install sorbet-static in truffleruby when there's no lockfile [#8872](https://github.com/ruby/rubygems/pull/8872)
+  - Cancel deprecation of `--force` flag to `bundle install` and `bundle update` [#8843](https://github.com/ruby/rubygems/pull/8843)
 
 ### Security:
 
@@ -14,14 +70,12 @@
   - Pick and add extra changes for 4.0.0 version [#9018](https://github.com/ruby/rubygems/pull/9018)
   - Replaced Bundler::SharedHelpers.major_deprecation to feature_removed! or feature_deprecated! [#9016](https://github.com/ruby/rubygems/pull/9016)
   - Removed legacy_check option from SpecSet#for [#9015](https://github.com/ruby/rubygems/pull/9015)
-  - Removed deprecated legacy windows platform support [#9013](https://github.com/ruby/rubygems/pull/9013)
   - Make update_requires_all_flag to settings [#9011](https://github.com/ruby/rubygems/pull/9011)
   - Make default cli command settings [#9010](https://github.com/ruby/rubygems/pull/9010)
   - Make global_gem_cache flag to settings [#9009](https://github.com/ruby/rubygems/pull/9009)
   - Consolidate removal of `Bundler.rubygems.all_specs` [#9008](https://github.com/ruby/rubygems/pull/9008)
   - Consolidate removal of `Bundler::SpecSet#-` and `Bundler::SpecSet#<<` [#9007](https://github.com/ruby/rubygems/pull/9007)
   - Replaced Bundler.feature_flag.plugins? to Bundler.settings [#9006](https://github.com/ruby/rubygems/pull/9006)
-  - Switch to 4.0.0.dev in development version [#9002](https://github.com/ruby/rubygems/pull/9002)
   - Make `bundle show --outdated` raise an error [#8980](https://github.com/ruby/rubygems/pull/8980)
   - Make `--local-git` flag to `bundle plugin install` raise an error [#8979](https://github.com/ruby/rubygems/pull/8979)
   - Switch `cache_all` to be `true` by default [#8975](https://github.com/ruby/rubygems/pull/8975)
@@ -38,40 +92,17 @@
   - Remove deprecated `bundle viz` and `bundle inject` commands [#8923](https://github.com/ruby/rubygems/pull/8923)
   - Removed to workaround for Bundler 2.2 [#8903](https://github.com/ruby/rubygems/pull/8903)
 
-### Features:
-
-  - Update Bundler::CurrentRuby::ALL_RUBY_VERSIONS [#9058](https://github.com/ruby/rubygems/pull/9058)
-  - Introduce `bundle list --format=json` [#8728](https://github.com/ruby/rubygems/pull/8728)
-
-### Performance:
-
-  - Replace instance method look up in plugin installer [#9094](https://github.com/ruby/rubygems/pull/9094)
-  - Adjust the API_REQUEST_LIMIT to make less network roundtrip [#9071](https://github.com/ruby/rubygems/pull/9071)
-
-### Enhancements:
-
-  - Use DidYouMean::SpellChecker for gem suggestions in Bundler [#3857](https://github.com/ruby/rubygems/pull/3857)
-  - Update all vendored libraries to latest version [#9089](https://github.com/ruby/rubygems/pull/9089)
-  - We don't need to allow some warning now [#9074](https://github.com/ruby/rubygems/pull/9074)
-  - Shell out fewer times [#9068](https://github.com/ruby/rubygems/pull/9068)
-  - Build gems directly instead of shelling out [#9053](https://github.com/ruby/rubygems/pull/9053)
-  - Support to embedded Pathname [#9056](https://github.com/ruby/rubygems/pull/9056)
-  - Forcely activate irb when running with bundle console [#9033](https://github.com/ruby/rubygems/pull/9033)
-  - Update Magnus version in Rust extension gem template [#9025](https://github.com/ruby/rubygems/pull/9025)
-  - Postpone to remove legacy mingw platform [#9023](https://github.com/ruby/rubygems/pull/9023)
-  - Add checksum of gems hosted on private servers: [#9004](https://github.com/ruby/rubygems/pull/9004)
-  - Loading support on Windows [#8254](https://github.com/ruby/rubygems/pull/8254)
-
-### Bug fixes:
-
-  - Fix `bundle install` when the Gemfile contains "install_if" git gems: [#8992](https://github.com/ruby/rubygems/pull/8992)
-  - Fix installation issue related to path sources and precompiled gems [#8973](https://github.com/ruby/rubygems/pull/8973)
-  - Fix outdated lockfile during `bundle lock` when source changes [#8962](https://github.com/ruby/rubygems/pull/8962)
-  - Raise error on missing version file [#8963](https://github.com/ruby/rubygems/pull/8963)
-
 ### Documentation:
 
+  - Unified UPGRADING.md and extract blog.rubygems.org [#9148](https://github.com/ruby/rubygems/pull/9148)
+  - Remove italic formatting from changelog section headers [#9128](https://github.com/ruby/rubygems/pull/9128)
   - Small clarifications to Bundler 4 upgrade docs [#8964](https://github.com/ruby/rubygems/pull/8964)
+  - Improve documentation of `bundle doctor`, `bundle plugin`, and `bundle config` [#8919](https://github.com/ruby/rubygems/pull/8919)
+  - Make sure all CLI flags and subcommands are documented [#8861](https://github.com/ruby/rubygems/pull/8861)
+  - Clarify documentation about new default gem installation directory in Bundler 4 [#8857](https://github.com/ruby/rubygems/pull/8857)
+  - Use mailto link in Code of Conduct [#8849](https://github.com/ruby/rubygems/pull/8849)
+  - Update Code of Conduct email to conduct@rubygems.org [#8848](https://github.com/ruby/rubygems/pull/8848)
+  - Add missing link to `irb` repo in DEBUGGING.md [#8842](https://github.com/ruby/rubygems/pull/8842)
 
 ## 2.7.2 (2025-09-09)
 

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2025-11-20".freeze
-    @git_commit_sha = "9be811c01a".freeze
+    @built_at = "2025-12-03".freeze
+    @git_commit_sha = "64d0dfe695".freeze
     # end ivars
 
     # A hash representation of the build metadata.

data/bundler/lib/bundler/cli/install.rb

@@ -44,6 +44,8 @@ module Bundler
       # (rather than some optimizations we perform at app runtime).
       definition = Bundler.definition(strict: true)
       definition.validate_runtime!
+      definition.lockfile = options["lockfile"] if options["lockfile"]
+      definition.lockfile = false if options["no-lock"]
 
       installer = Installer.install(Bundler.root, definition, options)
 

data/bundler/lib/bundler/cli.rb

@@ -59,17 +59,29 @@ module Bundler
     def initialize(*args)
       super
 
+      current_cmd = args.last[:current_command].name
+
       custom_gemfile = options[:gemfile] || Bundler.settings[:gemfile]
       if custom_gemfile && !custom_gemfile.empty?
         Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", File.expand_path(custom_gemfile)
-        Bundler.reset_settings_and_root!
+        reset_settings = true
+      end
+
+      # lock --lockfile works differently than install --lockfile
+      unless current_cmd == "lock"
+        custom_lockfile = options[:lockfile] || ENV["BUNDLE_LOCKFILE"] || Bundler.settings[:lockfile]
+        if custom_lockfile && !custom_lockfile.empty?
+          Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", File.expand_path(custom_lockfile)
+          reset_settings = true
+        end
       end
 
+      Bundler.reset_settings_and_root! if reset_settings
+
       Bundler.auto_switch
 
       Bundler.settings.set_command_option_if_given :retry, options[:retry]
 
-      current_cmd = args.last[:current_command].name
       Bundler.auto_install if AUTO_INSTALL_CMDS.include?(current_cmd)
     rescue UnknownArgumentError => e
       raise InvalidOption, e.message
@@ -108,20 +120,28 @@ module Bundler
       self.class.send(:class_options_help, shell)
     end
 
+    desc "install_or_cli_help", "Tries to run bundle install but prints a summary of bundler commands if there is no Gemfile", hide: true
+    def install_or_cli_help
+      invoke_other_command("install")
+    rescue GemfileNotFound => error
+      Bundler.ui.error error.message, wrap: true
+      invoke_other_command("cli_help")
+    end
+
     def self.default_command(meth = nil)
       return super if meth
 
-      default_cli_command = Bundler.settings[:default_cli_command]
-      return default_cli_command if default_cli_command
-
-      Bundler.ui.warn(<<~MSG)
-        In the next version of Bundler, running `bundle` without argument will no longer run `bundle install`.
-        Instead, the `help` command will be displayed.
-
-        If you'd like to keep the previous behaviour please run `bundle config set default_cli_command install --global`.
-      MSG
+      unless Bundler.settings[:default_cli_command]
+        Bundler.ui.info <<-MSG
+          In a future version of Bundler, running `bundle` without argument will no longer run `bundle install`.
+          Instead, the `cli_help` command will be displayed. Please use `bundle install` explicitly for scripts like CI/CD.
+          You can use the future behavior now with `bundle config set default_cli_command cli_help --global`,
+          or you can continue to use the current behavior with `bundle config set default_cli_command install_or_cli_help --global`.
+          This message will be removed after a default_cli_command value is set.
+        MSG
+      end
 
-      "install"
+      Bundler.settings[:default_cli_command] || "install_or_cli_help"
     end
 
     class_option "no-color", type: :boolean, desc: "Disable colorization in output"
@@ -232,8 +252,10 @@ module Bundler
     method_option "gemfile", type: :string, banner: "Use the specified gemfile instead of Gemfile"
     method_option "jobs", aliases: "-j", type: :numeric, banner: "Specify the number of jobs to run in parallel"
     method_option "local", type: :boolean, banner: "Do not attempt to fetch gems remotely and use the gem cache instead"
+    method_option "lockfile", type: :string, banner: "Use the specified lockfile instead of the default."
     method_option "prefer-local", type: :boolean, banner: "Only attempt to fetch gems remotely if not present locally, even if newer versions are available remotely"
     method_option "no-cache", type: :boolean, banner: "Don't update the existing gem cache."
+    method_option "no-lock", type: :boolean, banner: "Don't create a lockfile."
     method_option "force", type: :boolean, aliases: "--redownload", banner: "Force reinstalling every gem, even if already installed"
     method_option "no-prune", type: :boolean, banner: "Don't remove stale gems from the cache (removed)."
     method_option "path", type: :string, banner: "Specify a different path than the system default, namely, $BUNDLE_PATH or $GEM_HOME (removed)."
@@ -260,8 +282,10 @@ module Bundler
       end
 
       require_relative "cli/install"
+      options = self.options.dup
+      options["lockfile"] ||= ENV["BUNDLE_LOCKFILE"]
       Bundler.settings.temporary(no_install: false) do
-        Install.new(options.dup).run
+        Install.new(options).run
       end
     end
 
@@ -709,6 +733,19 @@ module Bundler
       config[:current_command]
     end
 
+    def invoke_other_command(name)
+      _, _, config = @_initializer
+      original_command = config[:current_command]
+      command = self.class.all_commands[name]
+      config[:current_command] = command
+      send(name)
+    ensure
+      config[:current_command] = original_command
+    end
+
+    def current_command=(command)
+    end
+
     def print_command
       return unless Bundler.ui.debug?
       cmd = current_command

data/bundler/lib/bundler/definition.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "lockfile_parser"
+require_relative "worker"
 
 module Bundler
   class Definition
@@ -9,6 +10,8 @@ module Bundler
       attr_accessor :no_lock
     end
 
+    attr_writer :lockfile
+
     attr_reader(
       :dependencies,
       :locked_checksums,
@@ -379,7 +382,7 @@ module Bundler
     end
 
     def write_lock(file, preserve_unknown_sections)
-      return if Definition.no_lock || file.nil?
+      return if Definition.no_lock || !lockfile || file.nil?
 
       contents = to_lock
 
@@ -536,6 +539,8 @@ module Bundler
     end
 
     def add_checksums
+      require "rubygems/package"
+
       @locked_checksums = true
 
       setup_domain!(add_checksums: true)
@@ -1100,7 +1105,23 @@ module Bundler
       @source_requirements ||= find_source_requirements
     end
 
+    def preload_git_source_worker
+      @preload_git_source_worker ||= Bundler::Worker.new(5, "Git source preloading", ->(source, _) { source.specs })
+    end
+
+    def preload_git_sources
+      sources.git_sources.each {|source| preload_git_source_worker.enq(source) }
+    ensure
+      preload_git_source_worker.stop
+    end
+
     def find_source_requirements
+      if Gem.ruby_version >= Gem::Version.new("3.3")
+        # Ruby 3.2 has a bug that incorrectly triggers a circular dependency warning. This version will continue to
+        # fetch git repositories one by one.
+        preload_git_sources
+      end
+
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)

data/bundler/lib/bundler/dsl.rb

@@ -9,8 +9,9 @@ module Bundler
 
     def self.evaluate(gemfile, lockfile, unlock)
       builder = new
+      builder.lockfile(lockfile)
       builder.eval_gemfile(gemfile)
-      builder.to_definition(lockfile, unlock)
+      builder.to_definition(builder.lockfile_path, unlock)
     end
 
     VALID_PLATFORMS = Bundler::CurrentRuby::PLATFORM_MAP.keys.freeze
@@ -38,6 +39,7 @@ module Bundler
       @gemspecs             = []
       @gemfile              = nil
       @gemfiles             = []
+      @lockfile             = nil
       add_git_sources
     end
 
@@ -101,6 +103,15 @@ module Bundler
       add_dependency(name, version, options)
     end
 
+    # For usage in Dsl.evaluate, since lockfile is used as part of the Gemfile.
+    def lockfile_path
+      @lockfile
+    end
+
+    def lockfile(file)
+      @lockfile = file
+    end
+
     def source(source, *args, &blk)
       options = args.last.is_a?(Hash) ? args.pop.dup : {}
       options = normalize_hash(options)
@@ -175,6 +186,7 @@ module Bundler
 
     def to_definition(lockfile, unlock)
       check_primary_source_safety
+      lockfile = @lockfile unless @lockfile.nil?
       Definition.new(lockfile, @dependencies, @sources, unlock, @ruby_version, @optional_groups, @gemfiles)
     end
 
@@ -415,8 +427,8 @@ module Bundler
       windows_platforms = platforms.select {|pl| pl.to_s.match?(/mingw|mswin/) }
       if windows_platforms.any?
         windows_platforms = windows_platforms.map! {|pl| ":#{pl}" }.join(", ")
-        removed_message = "Platform #{windows_platforms} has been removed. Please use platform :windows instead."
-        Bundler::SharedHelpers.feature_removed! removed_message
+        deprecated_message = "Platform #{windows_platforms} will be removed in the future. Please use platform :windows instead."
+        Bundler::SharedHelpers.feature_deprecated! deprecated_message
       end
 
       # Save sources passed in a key

data/bundler/lib/bundler/environment_preserver.rb

@@ -6,6 +6,7 @@ module Bundler
     BUNDLER_KEYS = %w[
       BUNDLE_BIN_PATH
       BUNDLE_GEMFILE
+      BUNDLE_LOCKFILE
       BUNDLER_VERSION
       BUNDLER_SETUP
       GEM_HOME

data/bundler/lib/bundler/inline.rb

@@ -44,12 +44,14 @@ def gemfile(force_latest_compatible = false, options = {}, &gemfile)
   raise ArgumentError, "Unknown options: #{opts.keys.join(", ")}" unless opts.empty?
 
   old_gemfile = ENV["BUNDLE_GEMFILE"]
+  old_lockfile = ENV["BUNDLE_LOCKFILE"]
 
   Bundler.unbundle_env!
 
   begin
     Bundler.instance_variable_set(:@bundle_path, Pathname.new(Gem.dir))
     Bundler::SharedHelpers.set_env "BUNDLE_GEMFILE", "Gemfile"
+    Bundler::SharedHelpers.set_env "BUNDLE_LOCKFILE", "Gemfile.lock"
 
     Bundler::Plugin.gemfile_install(&gemfile) if Bundler.settings[:plugins]
     builder = Bundler::Dsl.new
@@ -94,5 +96,11 @@ def gemfile(force_latest_compatible = false, options = {}, &gemfile)
     else
       ENV["BUNDLE_GEMFILE"] = ""
     end
+
+    if old_lockfile
+      ENV["BUNDLE_LOCKFILE"] = old_lockfile
+    else
+      ENV["BUNDLE_LOCKFILE"] = ""
+    end
   end
 end

data/bundler/lib/bundler/man/bundle-config.1

@@ -145,6 +145,9 @@ Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init
 \fBjobs\fR (\fBBUNDLE_JOBS\fR)
 The number of gems Bundler can install in parallel\. Defaults to the number of available processors\.
 .TP
+\fBlockfile\fR (\fBBUNDLE_LOCKFILE\fR)
+The path to the lockfile that bundler should use\. By default, Bundler adds \fB\.lock\fR to the end of the \fBgemfile\fR entry\. Can be set to \fBfalse\fR in the Gemfile to disable lockfile creation entirely (see gemfile(5))\.
+.TP
 \fBlockfile_checksums\fR (\fBBUNDLE_LOCKFILE_CHECKSUMS\fR)
 Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources\. Defaults to true\.
 .TP

data/bundler/lib/bundler/man/bundle-config.1.ronn

@@ -189,6 +189,10 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html).
 * `jobs` (`BUNDLE_JOBS`):
    The number of gems Bundler can install in parallel. Defaults to the number of
    available processors.
+* `lockfile` (`BUNDLE_LOCKFILE`):
+   The path to the lockfile that bundler should use. By default, Bundler adds
+   `.lock` to the end of the `gemfile` entry. Can be set to `false` in the
+   Gemfile to disable lockfile creation entirely (see gemfile(5)).
 * `lockfile_checksums` (`BUNDLE_LOCKFILE_CHECKSUMS`):
    Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources. Defaults to true.
 * `no_install` (`BUNDLE_NO_INSTALL`):

data/bundler/lib/bundler/man/bundle-install.1

@@ -4,7 +4,7 @@
 .SH "NAME"
 \fBbundle\-install\fR \- Install the dependencies specified in your Gemfile
 .SH "SYNOPSIS"
-\fBbundle install\fR [\-\-force] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-jobs=NUMBER] [\-\-local] [\-\-no\-cache] [\-\-prefer\-local] [\-\-quiet] [\-\-retry=NUMBER] [\-\-standalone[=GROUP[ GROUP\|\.\|\.\|\.]]] [\-\-trust\-policy=TRUST\-POLICY] [\-\-target\-rbconfig=TARGET\-RBCONFIG]
+\fBbundle install\fR [\-\-force] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-jobs=NUMBER] [\-\-local] [\-\-lockfile=LOCKFILE] [\-\-no\-cache] [\-\-no\-lock] [\-\-prefer\-local] [\-\-quiet] [\-\-retry=NUMBER] [\-\-standalone[=GROUP[ GROUP\|\.\|\.\|\.]]] [\-\-trust\-policy=TRUST\-POLICY] [\-\-target\-rbconfig=TARGET\-RBCONFIG]
 .SH "DESCRIPTION"
 Install the gems specified in your Gemfile(5)\. If this is the first time you run bundle install (and a \fBGemfile\.lock\fR does not exist), Bundler will fetch all remote sources, resolve dependencies and install all needed gems\.
 .P
@@ -28,12 +28,20 @@ The maximum number of parallel download and install jobs\. The default is the nu
 \fB\-\-local\fR
 Do not attempt to connect to \fBrubygems\.org\fR\. Instead, Bundler will use the gems already present in Rubygems' cache or in \fBvendor/cache\fR\. Note that if an appropriate platform\-specific gem exists on \fBrubygems\.org\fR it will not be found\.
 .TP
+\fB\-\-lockfile=LOCKFILE\fR
+The location of the lockfile which Bundler should use\. This defaults to the Gemfile location with \fB\.lock\fR appended\.
+.TP
 \fB\-\-prefer\-local\fR
 Force using locally installed gems, or gems already present in Rubygems' cache or in \fBvendor/cache\fR, when resolving, even if newer versions are available remotely\. Only attempt to connect to \fBrubygems\.org\fR for gems that are not present locally\.
 .TP
 \fB\-\-no\-cache\fR
 Do not update the cache in \fBvendor/cache\fR with the newly bundled gems\. This does not remove any gems in the cache but keeps the newly bundled gems from being cached during the install\.
 .TP
+\fB\-\-no\-lock\fR
+Do not create a lockfile\. Useful if you want to install dependencies but not lock versions of gems\. Recommended for library development, and other situations where the code is expected to work with a range of dependency versions\.
+.IP
+This has the same effect as using \fBlockfile false\fR in the Gemfile\. See gemfile(5) for more information\.
+.TP
 \fB\-\-quiet\fR
 Do not print progress information to the standard output\.
 .TP