You can find more about it in the bundler website(emphasis added below for your convenience):

您可以在bundler 网站上找到有关它的更多信息（为方便起见，在下面添加了重点）：

After developing your application for a while, check in the application together with the Gemfile and Gemfile.locksnapshot. Now, your repository has a record of the exact versions of all of the gems that you used the last time you know for sure that the application worked...

This is important: the Gemfile.lockmakes your application a single package of both your own code and the third-party code it ran the last time you know for sure that everything worked. Specifying exact versions of the third-party code you depend on in your Gemfile would not provide the same guarantee, because gems usually declare a range of versions for their dependencies.

在开发应用程序一段时间后，将应用程序与 Gemfile 和Gemfile.lock快照一起检入。现在，您的存储库记录了您上次确定应用程序运行时使用的所有 gem 的确切版本...

这很重要：Gemfile.lock使您的应用程序成为您自己的代码和上次您确定一切正常运行时运行的第三方代码的单个包。在 Gemfile 中指定您依赖的第三方代码的确切版本不会提供相同的保证，因为 gem 通常为其依赖项声明一系列版本。

in regards to the exclamation mark I just found out it's on gems fetched via :git, e.g.

关于感叹号，我刚刚发现它是通过 获取的宝石:git，例如

gem "foo", :git => "[email protected]:company/foo.git"

I've spent the last few months messing around with Gemfiles and Gemfile.locks a lot whilst building an automated dependency update tool¹. The below is far from definitive, but it's a good starting point for understanding the Gemfile.lock format. You might also want to check out the source code for Bundler's lockfile parser.

在过去的几个月里，我在构建一个自动依赖更新工具^{1 的}同时，花了很多时间来处理 Gemfiles 和 Gemfile.locks 。下面的内容远非确定，但它是理解 Gemfile.lock 格式的一个很好的起点。您可能还想查看 Bundler 的lockfile parser的源代码。

You'll find the following headings in a lockfile generated by Bundler 1.x:

您将在 Bundler 1.x 生成的锁定文件中找到以下标题：

GEM(optional but very common)

GEM（可选但很常见）

These are dependencies sourced from a Rubygems server. That may be the main Rubygems index, at Rubygems.org, or it may be a custom index, such as those available from Gemfury and others. Within this section you'll see:

这些是来自 Rubygems 服务器的依赖项。这可能是 Rubygems.org 上的主要 Rubygems 索引，也可能是自定义索引，例如 Gemfury 和其他公司提供的索引。在本节中，您将看到：

• remote:one or more lines specifying the location of the Rubygems index(es)
• specs:a list of dependencies, with their version number, and the constraints on any subdependencies

• remote:一行或多行指定 Rubygems 索引的位置
• specs:依赖项列表及其版本号，以及对任何子依赖项的约束

GIT(optional)

GIT（可选）

These are dependencies sourced from a given git remote. You'll see a different one of these sections for each git remote, and within each section you'll see:

这些是来自给定 git remote 的依赖项。您将看到每个 git remote 的这些部分中的一个不同，并且在每个部分中您将看到：

• remote:the git remote. E.g., [email protected]:rails/rails
• revision:the commit reference the Gemfile.lock is locked to
• tag:(optional) the tag specified in the Gemfile
• specs:the git dependency found at this remote, with its version number, and the constraints on any subdependencies

• remote:git 遥控器。例如，[email protected]:rails/rails
• revision:Gemfile.lock 锁定的提交引用
• tag:（可选）在 Gemfile 中指定的标签
• specs:在此远程找到的 git 依赖项及其版本号，以及对任何子依赖项的约束

PATH(optional)

路径（可选）

These are dependencies sourced from a given path, provided in the Gemfile. You'll see a different one of these sections for each path dependency, and within each section you'll see:

这些是来自pathGemfile 中提供的给定 的依赖项。您将看到每个路径依赖项的不同部分，并且在每个部分中，您将看到：

• remote:the path. E.g., plugins/vendored-dependency
• specs:the git dependency found at this remote, with its version number, and the constraints on any subdependencies

• remote:路径。例如，plugins/vendored-dependency
• specs:在此远程找到的 git 依赖项及其版本号，以及对任何子依赖项的约束

PLATFORMS

平台

The Ruby platform the Gemfile.lock was generated against. If any dependencies in the Gemfile specify a platform then they will only be included in the Gemfile.lock when the lockfile is generated on that platform (e.g., through an install).

生成 Gemfile.lock 所针对的 Ruby 平台。如果 Gemfile 中的任何依赖项指定了平台，那么只有在该平台上生成锁定文件（例如，通过安装）时，它们才会包含在 Gemfile.lock 中。

DEPENDENCIES

依赖

A list of the dependencies which are specified in the Gemfile, along with the version constraint specified there.

在 中指定的依赖项列表Gemfile，以及在那里指定的版本约束。

Dependencies specified with a source other than the main Rubygems index (e.g., git dependencies, path-based, dependencies) have a !which means they are "pinned" to that source²(although one must sometimes look in the Gemfile to determine in).

使用主 Rubygems 索引以外的源指定的依赖项（例如，git 依赖项、基于路径的依赖项）具有一个!，这意味着它们被“固定”到该源²（尽管有时必须查看 Gemfile 以确定）。

RUBY VERSION(optional)

红宝石版（可选）

The Ruby version specified in the Gemfile, when this Gemfile.lock was created. If a Ruby version is specified in a .ruby_versionfile instead this section will not be present (as Bundler will consider the Gemfile / Gemfile.lock agnostic to the installer's Ruby version).

Gemfile 中指定的 Ruby 版本，当这个 Gemfile.lock 被创建时。如果在.ruby_version文件中指定了 Ruby 版本，则此部分将不存在（因为 Bundler 会认为 Gemfile / Gemfile.lock 与安装程序的 Ruby 版本无关）。

BUNDLED WITH(Bundler >= v1.10.x)

捆绑（捆扎机> = v1.10.x）

The version of Bundler used to create the Gemfile.lock. Used to remind installers to update their version of Bundler, if it is older than the version that created the file.

用于创建 Gemfile.lock 的 Bundler 版本。用于提醒安装者更新他们的 Bundler 版本，如果它比创建文件的版本旧。

PLUGIN SOURCE(optional and very rare)

插件源（可选且非常罕见）

In theory, a Gemfile can specify Bundler plugins, as well as gems³, which would then be listed here. In practice, I'm not aware of any available plugins, as of July 2017. This part of Bundler is still under active development!

理论上，Gemfile 可以指定 Bundler 插件以及 gems ³，然后将在此处列出。在实践中，截至 2017 年 7 月，我不知道有任何可用的插件。 Bundler 的这一部分仍在积极开发中！

1. https://dependabot.com
2. https://github.com/bundler/bundler/issues/4631
3. http://andre.arko.net/2012/07/23/towards-a-bundler-plugin-system/

1. https://dependabot.com
2. https://github.com/bundler/bundler/issues/4631
3. http://andre.arko.net/2012/07/23/towards-a-bundler-plugin-system/

Bundler is a Gem manager which provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed.

Bundler 是一个 Gem 管理器，它通过跟踪和安装所需的确切 gem 和版本为 Ruby 项目提供一致的环境。

Gemfile and Gemfile.lock are primary products given by Bundler gem (Bundler itself is a gem).

Gemfile 和 Gemfile.lock 是 Bundler gem 提供的主要产品（Bundler 本身就是一个 gem）。

Gemfile contains your project dependency on gem(s), that you manually mention with version(s) specified, but those gem(s) inturn depends on other gem(s) which is resolved by bundler automatically.

Gemfile 包含您对 gem(s) 的项目依赖，您手动提及指定的版本，但这些 gem(s) 反过来依赖于其他 gem(s)，这些 gem(s) 由捆绑程序自动解析。

Gemfile.lock contain complete snapshot of all the gem(s) in Gemfile along with there associated dependency.

Gemfile.lock 包含 Gemfile 中所有 gem 的完整快照以及相关的依赖项。

When you first call bundle install, it will create this Gemfile.lock and uses this file in all subsequent calls to bundle install, which ensures that you have all the dependencies installed and will skip dependency installation.

当你第一次调用bundle install 时，它会创建这个 Gemfile.lock 并在所有后续调用 bundle install 中使用这个文件，这确保你安装了所有的依赖项，并且会跳过依赖项的安装。

Same happens when you share your code with different machines

当您与不同的机器共享代码时也会发生同样的情况

You share your Gemfile.lock along with Gemfile, when you run bundle install on other machine it will refer to your Gemfile.lock and skip dependency resolution step, instead it will install all of the same dependent gem(s) that you used on the original machine, which maintains consistency across multiple machines

您将 Gemfile.lock 与 Gemfile 共享，当您在其他机器上运行 bundle install 时，它将引用您的 Gemfile.lock 并跳过依赖项解析步骤，而是安装您在其他机器上使用的所有相同的依赖 gem(s)原始机器，在多台机器上保持一致性

Why do we need to maintain consistency along multiple machines ?

为什么我们需要在多台机器上保持一致性？

• Running different versions on different machines could lead to broken code

• Suppose, your app used the version 1.5.3 and it works 14 months ago
  without any problems, and you try to install on different machine
  without Gemfile.lock now you get the version 1.5.8. Maybe it's broken with the latest version of some gem(s) and your application will
  fail. Maintaining consistency is of utmost importance (preferred
  practice).

• 在不同的机器上运行不同的版本可能会导致代码损坏

• 假设，您的应用程序使用 1.5.3 版本并且它在 14 个月前运行
  没有任何问题，并且您尝试在
  没有 Gemfile.lock 的不同机器上安装，现在您获得了 1.5.8 版本。也许它被某些 gem(s) 的最新版本破坏了，你的应用程序将
  失败。保持一致性至关重要（首选
  做法）。

It is also possible to update gem(s) in Gemfile.lock by using bundle update.

也可以使用bundle update来更新Gemfile.lock 中的 gem(s) 。

This is based on the concept of conservative updating

这是基于保守更新的概念

It looks to me like PATH lists the first-generation dependencies directly from your gemspec, whereas GEM lists second-generation dependencies (i.e. what your dependencies depend on) and those from your Gemfile. PATH::remote is .because it relied on a local gemspec in the current directory to find out what belongs in PATH::spec, whereas GEM::remote is rubygems.org, since that's where it had to go to find out what belongs in GEM::spec.

在我看来，PATH 直接从您的 gemspec 中列出了第一代依赖项，而 GEM 列出了第二代依赖项（即您的依赖项所依赖的内容）和您的 Gemfile 中的那些。PATH::remote 是.因为它依赖当前目录中的本地 gemspec 来找出属于 PATH::spec 的内容，而 GEM::remote 是rubygems.org，因为它必须去那里找出属于 GEM:: 的内容：规格

In a Rails plugin, you'll see a PATH section, but not in a Rails app. Since the app doesn't have a gemspec file, there would be nothing to put in PATH.

在 Rails 插件中，您会看到 PATH 部分，但在 Rails 应用程序中看不到。由于该应用程序没有 gemspec 文件，因此不会在 PATH 中放置任何内容。

As for DEPENDENCIES, gembundler.comstates:

至于依赖关系，gembundler.com指出：

Runtime dependencies in your gemspec are treated like base dependencies, 
and development dependencies are added by default to the group, :development

The Gemfile generated by rails plugin new my_pluginsays something similar:

生成的 Gemfilerails plugin new my_plugin说类似的话：

# Bundler will treat runtime dependencies like base dependencies, and
# development dependencies will be added by default to the :development group.

What this means is that the difference between

这意味着两者之间的区别

s.add_development_dependency "july" # (1)

and

和

s.add_dependency "july" # (2)

is that (1) will only include "july" in Gemfile.lock (and therefore in the application) in a development environment. So when you run bundle install, you'll see "july" not only under PATH but also under DEPENDENCIES, but only in development. In production, it won't be there at all. However, when you use (2), you'll see "july" only in PATH, not in DEPENDENCIES, but it will show up when you bundle installfrom a production environment (i.e. in some other gem that includes yours as a dependency), not only development.

是 (1) 在开发环境中只会在 Gemfile.lock 中（因此在应用程序中）包含“july”。因此，当您运行时bundle install，您不仅会在 PATH 下看到“july”，还会在 DEPENDENCIES 下看到“july”，但仅在开发中。在生产中，它根本不会存在。但是，当您使用 (2) 时，您只会在 PATH 中看到“july”，而不会在 DEPENDENCIES 中看到，但是当您bundle install在生产环境中（即在其他一些包含您的依赖项的 gem 中）时，它会出现，而不是只有发展。

These are just my observations and I can't fully explain why any of this is the way it is but I welcome further comments.

这些只是我的观察，我无法完全解释为什么会这样，但我欢迎进一步的评论。

It seems no clear document talking on the Gemfile.lockformat. Maybe it's because Gemfile.lockis just used by bundle internally.

好像没有说清楚文件的Gemfile.lock格式。也许是因为Gemfile.lock它只是在内部被 bundle 使用。

However, since Gemfile.lockis a snapshot of Gemfile, which means all its information should come from Gemfile(or from default value if not specified in Gemfile).

然而，因为Gemfile.lock是 的快照Gemfile，这意味着它的所有信息都应该来自Gemfile（或者如果没有在 中指定，则来自默认值Gemfile）。

For GEM, it lists all the dependencies you introduce directly or indirectly in the Gemfile. remoteunder GEMtells where to get the gems, which is specified by sourcein Gemfile.

对于GEM，它列出了您在Gemfile. remote下GEM告诉哪里获得的宝石，它是由指定源在Gemfile。

If a gem is not fetch from remote, PATHtells the location to find it. PATH's info comes from pathin Gemfilewhen you declare a dependency.

如果未从 fetch 中获取 gem remote，则PATH告知要找到它的位置。PATH的信息来自于路中Gemfile，当你声明的依赖性。

And PLATFORMis from here.

并且PLATFORM是从这里来的。

For DEPENDENCIES, it's the snapshot of dependencies resolved by bundle.

对于DEPENDENCIES，它是 bundle 解析的依赖项的快照。

What does the exclamation mark after the gem name in the 'DEPENDECIES' group mean?

'DEPENDECIES' 组中 gem 名称后面的感叹号是什么意思？

The exclamation mark appears when the gem was installed using a source other than "https://rubygems.org".

使用“ https://rubygems.org”以外的源安装 gem 时，会出现感叹号。