Default bundler to 2.5.23 (heroku#1708)

schneems · web-flow · commit a88fe8156c5a · 2026-02-02T12:39:23.000-06:00
If your `Gemfile.lock` doesn’t include the `BUNDLED WITH` key, Heroku installs a [default bundler version](https://devcenter.heroku.com/articles/ruby-support-reference#default-bundler-version): - Apps using [Classic Buildpacks](https://devcenter.heroku.com/articles/buildpacks#classic-buildpacks) was `2.3.25` now `2.5.23` - Apps using [Cloud Native Buildpacks](https://devcenter.heroku.com/articles/buildpacks#heroku-cloud-native-buildpacks) stays `2.5.23` >note >Ruby's [standard version of bundler](https://stdgems.org/bundler/) takes precedence if it's greater than Heroku's installed version. When there is no `BUNDLED WITH` in the `Gemfile.lock`, then `bundle install` uses the highest version of Bundler available. It is strongly recommended that you have both a `RUBY VERSION` and `BUNDLED WITH` version listed in your `Gemfile.lock`. If you do not have those values, you can generate them and commit them to git: ``` $ bundle update --ruby $ git add Gemfile.lock $ git commit -m "Update Gemfile.lock" ``` Applications without these values specified in the `Gemfile.lock` may break unexpectedly when the defaults change. This is an alternative to downgrading the CNB version heroku#1706 (comment).
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## [Unreleased]
 
 - Add metric: Track apps with and without `BUNDLED WITH` in the `Gemfile.lock`
+- Default bundler version changed from `2.3.25` to `2.5.23`. Ruby's [standard version of bundler](https://stdgems.org/bundler/) will take precedence if it is greater than Heroku's installed version. When there is no `BUNDLED WITH` in the `Gemfile.lock`, then `bundle install` will use the highest version of Bundler available.
 
 ## [v345] - 2026-01-26
 
diff --git a/changelogs/unreleased/bundler_default.md b/changelogs/unreleased/bundler_default.md
@@ -0,0 +1,19 @@
+## Ruby applications with no specified bundler versions now receive Bundler 2.5.23
+
+If your `Gemfile.lock` doesn’t include the `BUNDLED WITH` key, Heroku installs a [default bundler version](https://devcenter.heroku.com/articles/ruby-support-reference#default-bundler-version):
+
+- Apps using [Classic Buildpacks](https://devcenter.heroku.com/articles/buildpacks#classic-buildpacks) was `2.3.25` now `2.5.23`
+- Apps using [Cloud Native Buildpacks](https://devcenter.heroku.com/articles/buildpacks#heroku-cloud-native-buildpacks) stays `2.5.23`
+
+>note
+>Ruby's [standard version of bundler](https://stdgems.org/bundler/) takes precedence if it's greater than Heroku's installed version. When there is no `BUNDLED WITH` in the `Gemfile.lock`, then `bundle install` uses the highest version of Bundler available.
+
+It is strongly recommended that you have both a `RUBY VERSION` and `BUNDLED WITH` version listed in your `Gemfile.lock`. If you do not have those values, you can generate them and commit them to git:
+
+```
+$ bundle update --ruby
+$ git add Gemfile.lock
+$ git commit -m "Update Gemfile.lock"
+```
+
+Applications without these values specified in the `Gemfile.lock` may break unexpectedly when the defaults change.
diff --git a/lib/language_pack/helpers/bundler_wrapper.rb b/lib/language_pack/helpers/bundler_wrapper.rb
@@ -29,8 +29,7 @@
 class LanguagePack::Helpers::BundlerWrapper
   include LanguagePack::ShellHelpers
 
-  # Heroku-22's oldest Ruby version is 3.1
-  DEFAULT_VERSION = "2.3.25"
+  DEFAULT_VERSION = "2.5.23"
 
   attr_reader :bundler_path
 
