Upstream bundler change removes credentials from Gemfile.lock, breaking Heroku build process

[nertzy]

See rubygems/rubygems#7560 (comment)

This buildpack currently uses Bundler 2.5.6.

If you have a gem with credentials in its URL (e.g. via the instructions at Getting Started with Karafka Pro), then Bundler 2.5.10 or later no longer writes the credentials to Gemfile.lock.

When you try to deploy to Heroku, this buildpack fails because Bundler 2.5.6 does not properly support this use case.

Relevant build output:

-----> Installing dependencies using bundler 2.5.6
       Running: BUNDLE_WITHOUT='development:test' BUNDLE_PATH=vendor/bundle BUNDLE_BIN=vendor/bundle/bin BUNDLE_DEPLOYMENT=1 bundle install -j4
       Fetching gem metadata from https://rubygems.org/........
       Authentication is required for gems.karafka.io.
       Please supply credentials for this source. You can do this by running:
       `bundle config set --global gems.karafka.io username:password`
       or by storing the credentials in the `BUNDLE_GEMS__KARAFKA__IO` environment
       variable

The workaround is to downgrade back to Bundler 2.5.6 or earlier when generating Gemfile.lock.

[granth]

This is fixed in Bundler 2.5.12 and up (rubygems/rubygems#7720)

[bf4]

But we can't seem to get Heroku to install the gems using 2.5.12, for example. Installing bundelr 2.5.6 and locking the Gemfile to that worked

heroku-buildpack-ruby/lib/language_pack/helpers/bundler_wrapper.rb

Lines 41 to 43 in 5fc5709

	BLESSED_BUNDLER_VERSIONS["2.3"] = "2.3.25"
	BLESSED_BUNDLER_VERSIONS["2.4"] = "2.4.22"
	BLESSED_BUNDLER_VERSIONS["2.5"] = "2.5.6"

[bf4]

related to #1432 , #1430