Stale dependencies

[baburdick]

When running bundle update on an app that uses brakeman I get the following messages, unless I remove brakeman from my Gemfile:

Bundler could not find compatible versions for gem "ruby_parser":
  In Gemfile:
    brakeman (>= 0) ruby depends on
      ruby_parser (= 2.3.1) ruby

    metric_fu (>= 0) ruby depends on
      roodi (~> 3.1) ruby depends on
        ruby_parser (3.7.0)

Bundler could not find compatible versions for gem "haml":
  In Gemfile:
    brakeman (>= 0) ruby depends on
      haml (~> 3.0.12) ruby

    my_dependent_app (>= 0) ruby depends on
      haml (>= 4.0.6)

[presidentbeef]

Looks like Bundler is being weird, as usual.

First of all, the current version of Brakeman depends on the 3.6.x versions of ruby_parser and can use any version of haml from 3.0 to the latest. ruby_parser 3.7.0 just came out yesterday. roodi doesn't need the latest ruby_parser, especially since the last release of roodi was in January.

In other words, these dependencies could be resolved to every library's satisfaction, but Bundler can't figure it out. Perhaps the Gemfile in the app needs to be adjusted? Or you could try bundle update --source brakeman first?

[presidentbeef]

Closing because this is a Bundler problem.