What's New in each Release
What's New in v1.7
Bundler has always supported fetching gems from multiple gem servers, but it isn't always clear what gems come from what source. Complicating this, Bundler has not been consistent about source priority ordering from one version to another.
Because of this, a
Gemfile with multiple top-level
source lines cannot reliably control the gem server that
a particular gem is fetched from. This might result in installation of
gem code from an unexpected source.
Applications that only have a single
source in their
Gemfile are not affected.
:sourceoption or a
sourceblock. Using multiple top-level gem sources is now deprecated.
Ambiguous Source Detection
Gemfiledoes have multiple top-level gem sources,
bundle installnow warns when a gem is found in more than one source. This is designed to prevent a situation where a gem that is expected to be found on one gem server is "hijacked" by another server. For backwards compatibility, the gem is still installed, but Bundler prints a warning detailing the gem server URL that was used, and listing others where a gem with the same name was found. Using explicit source selection suppresses this warning.
Global Source Ordering
Gemfilethat worked with earlier versions. If you have an application that uses multiple gem servers in its
Gemfile, you may see warnings about ambiguous gem sources after upgrading. Whether or not you see these warnings, the Bundler team highly recommends that users of multiple gem servers update your
Gemfileto use the new syntax.
sourcesyntax will cause your
Gemfileto become incompatible with Bundler versions earlier than 1.7.0. You should only perform this change after updating Bundler in all of your environments.
Choose your primary gem source (usually
https://rubygems.org) and keep that at the top of the
For each additional gem source, add a block to the
sourceline and move the relevant gem declarations inside it.
For example, this
source 'https://rubygems.org' source 'https://gems.example.com' gem 'rails', '4.1.4' gem 'sqlite3' gem 'my_gem', '1.0' gem 'another_gem', '1.2.1'
might change to this:
source 'https://rubygems.org' gem 'rails', '4.1.4' gem 'sqlite3' source 'https://gems.example.com' do gem 'my_gem', '1.0' gem 'another_gem', '1.2.1' end
Gemfileto remove the additional sources:
First, re-evaluate whether the extra gem sources are even needed. If
your application is using a legacy public gem server such as
gems.rubyforge.org, all of your required gems should now be synced to
rubygems.org. Try removing these sources.
If you do use gems that aren't available on
rubygems.org, but are available from a git source, you can use the
:gitoption in the gem declaration and it will be guaranteed to come from that git repository rather than a gem server.
If neither of these situations apply, you can unpack the gem into your
vendordirectory and use the
:pathoption when declaring the gem in your
Gemfileto point it to the unpacked gem directory. In this case, you should commit the vendored gem to your source control system.